Changelog
openvpn (2.6.9-1ubuntu1) noble; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
openvpn (2.6.9-1) unstable; urgency=medium
* New upstream version 2.6.9
* Switch to systemd-dev (Closes: #1060500)
* Install systemd generator and units into /usr. (Closes: #1064399)
openvpn (2.6.7-1ubuntu1) noble; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
openvpn (2.6.7-1) unstable; urgency=medium
[ Aquila Macedo ]
* d/control: bump debhelper-compat level to 13.
* d/patches: Remove outdated patches
* d/patches: fix typo in openvpn binary
* d/patches: fix typo in manpages
* d/copyright: Update license to BSD-2
* d/openvpn.service: add documentation
[ Bernhard Schmidt ]
* New upstream version 2.6.7, fixing two CVEs (Closes: #1055805)
- CVE-2023-46849: Use of --fragment option can lead to a division by zero
error which can be fatal
- CVE-2023-46850: Incorrect use of send buffer can cause memory to be sent
to peer
* Pick patch recommended by upstream in GH#449 to fix segfault
introduced in 2.6.7
[ Remus-Gabriel Chelu ]
* Add Romanian templates translation (Closes: #1033179)
openvpn (2.6.5-0ubuntu1) mantic; urgency=medium
* New Upstream release 2.6.5 (LP: #2018095)
* d/p/fix-dangling-pointer-in-pkcs11.patch:
Remove - fixed upstream in 2.6.4
* d/p/fix-memleak-in-dco_get_peer_stats_multi.patch:
Remove - fixed upstream in 2.6.5
openvpn (2.6.3-2.1) unstable; urgency=medium
* Non-maintainer upload.
[ Helmut Grohne ]
* Do not install systemd units twice (Closes: #1054083)
openvpn (2.6.3-2ubuntu1) mantic; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
openvpn (2.6.3-2) unstable; urgency=medium
* Cherry-pick two bugfix commits from upstream
- Memory leak in dco_get_peer_stats_multi for Linux
- dangling pointer passed to pkcs11-helper
openvpn (2.6.3-1ubuntu1) mantic; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
openvpn (2.6.3-1) unstable; urgency=medium
* New upstream version 2.6.2
- drop patches applied upstream
- needs new openvpn-dco-dkms version. Not adding a versioned dependency
to untangle testing migration, because it will just not use the
"wrong" version and run unaccelerated.
* New upstream version 2.6.3
openvpn (2.6.1-1ubuntu1) lunar; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
openvpn (2.6.1-1) unstable; urgency=medium
* Upload to unstable targetting bookworm
* Cherry-Pick upstream commits from 2.6.2
- fix rare ASSERT in tls-crypt
- fix memory leaks in HMAC initial packet generation
- set netlink socket to be non-blocking
openvpn (2.6.1-1~exp1) experimental; urgency=medium
* New upstream version 2.6.1
- target experimental due to the freeze
openvpn (2.6.0-1ubuntu1) lunar; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
openvpn (2.6.0-1) unstable; urgency=medium
* New upstream version 2.6.0
* Drop dco netlink buffer overflow patch applied upstream
* Drop obsolete lsb-base dependency
openvpn (2.6.0~rc2-1ubuntu1) lunar; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
openvpn (2.6.0~rc2-1) unstable; urgency=medium
* New upstream version 2.6.0~rc2
* Add upstream pending patch to work around dco netlink buffer overflow
openvpn (2.6.0~rc1-1ubuntu1) lunar; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
openvpn (2.6.0~rc1-1) unstable; urgency=medium
* New upstream version 2.6.0~rc1 (Closes: #1014376)
* Drop DCO workaround applied upstream
openvpn (2.6.0~git20221222-1ubuntu1) lunar; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
openvpn (2.6.0~git20221222-1) unstable; urgency=medium
* New upstream version 2.6.0~git20221222
* Import pending upstream fix for race conditions in DCO servers
* d/openvpn@.service: Replace LimitNPROC=100 with TasksMax=10
(see Bug#861923 for discussion)
openvpn (2.6.0~git20221215+beta2-1) unstable; urgency=medium
* New upstream version 2.6.0~git20221215+beta2
openvpn (2.6.0~git20221201-1ubuntu1) lunar; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
openvpn (2.6.0~git20221201-1) unstable; urgency=medium
* New upstream version 2.6.0~git20221201, also known as 2.6_beta1
* Update d/NEWS to list known backwards compatibility issues
* Fix national encoding on d/po/{es,sv}.po
* Drop obsolete patches
openvpn (2.6.0~git20221116-1ubuntu1) lunar; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
openvpn (2.6.0~git20221116-1) unstable; urgency=medium
* New upstream version 2.6.0~git20221116
* Various improvements regarding MTU calculation
openvpn (2.6.0~git20220818-1ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
openvpn (2.6.0~git20220818-1) unstable; urgency=medium
* New upstream version 2.6.0~git20220818
* Only depend on libcap-ng-dev on Linux
* Drop d/p/disable-dco-without-necessary-capabilities applied upstream
openvpn (2.6.0~git20220811-2) unstable; urgency=medium
* Cherry-Pick proposed upstream fix to disable DCO if unable to retain
capabilities, fixes network-manager-openvpn together with DCO
(Closes: #1017379)
openvpn (2.6.0~git20220811-1) unstable; urgency=medium
* New upstream version 2.6.0~git20220811
* Retain CAP_NET_ADMIN when dropping privileges (Closes: #976070)
* Add build-dependency on libcap-ng-dev
* Explicitly disable unit tests (Closes: #1016057)
* Drop obsolete entries from d/copyright
openvpn (2.6.0~git20220808-1) unstable; urgency=medium
[ Gianfranco Costamagna ]
* d/t/server-setup-with-ca:
- cherry-pick change in easy-rsa autopkgtests to remove conflicting
"vars" file.
[ Bernhard Schmidt ]
* New upstream version 2.6.0~git20220808
- switch to master branch now that DCO support has been merged
* Drop OpenSSL 3.0 digest name patch applied upstream
openvpn (2.6.0~git20220518+dco-3ubuntu2) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
- d/t/server-setup-with-ca:
- cherry-pick change in easy-rsa autopkgtests to remove conflicting
"vars" file.
openvpn (2.6.0~git20220518+dco-3) unstable; urgency=medium
[ Lucas Kanashiro ]
* d/t/server-setup-with-static-key: set cipher to be DES-EDE3-CBC
* d/t/server-setup-with-static-key: use 'secret' to generate key
* d/t/server-setup-with-*: use 'set -x' in the test scripts
* d/t/control: add allow-stderr restriction
[ Bernhard Schmidt ]
* Import Ubuntu patch cherry-picked from upstream to translate OpenSSL 3.0
digest names into OpenSSL 1.1 digest names (Closes: #1012129)
openvpn (2.6.0~git20220518+dco-2ubuntu3) kinetic; urgency=medium
* d/t/control: add allow-stderr restriction. With 'set -x' in place some
messages are printed out in stderr.
openvpn (2.6.0~git20220518+dco-2ubuntu2) kinetic; urgency=medium
* d/t/server-setup-with-static-key: set cipher to be DES-EDE3-CBC. The
default BF-CBC is deprecated, also CAST and RC2. For more information
check the upstream documentation.
* d/t/server-setup-with-static-key: use 'secret' instead of '--secret' when
generating a key to fix a deprecation warning.
* d/t/server-setup-with-*: use 'set -x' in the test scripts. This will
facilitate future debugging.
* d/p/openssl-3-support.patch: Translate OpenSSL 3.0 digest names to OpenSSL
1.1 digest names (LP: #1975574).
openvpn (2.6.0~git20220518+dco-2ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
* Drop changes fixed in new upstream release:
- d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
- d/p/OpenSSL3.patch: work around the deprecated algorithm mismatch between
the OpenSSL3 branch and the OpenVPN 2.5 branch (LP #1945980)
- debian/patches/CVE-2022-0547.patch: disallow multiple deferred
authentication plug-ins in doc/man-sections/plugin-options.rst,
src/openvpn/plugin.c.
openvpn (2.6.0~git20220518+dco-2) unstable; urgency=medium
* Add d/NEWS entry about the release notes and DCO (Closes: #1011372)
openvpn (2.6.0~git20220518+dco-1) unstable; urgency=medium
* New upstream version 2.6.0~git20220518+dco
* Release to unstable
* Revert "Build against OpenSSL 3.0", OpenSSL 3.0 has landed in unstable
openvpn (2.6.0~git20220510+dco-1) experimental; urgency=medium
* New upstream version 2.6.0~git20220510+dco
* Suggest openvpn-dco-dkms
* Drop iproute2, linux builds use netlink
* Limit libnl-genl-3-dev build-dep (for dco) to linux-any
* Build against OpenSSL 3.0
openvpn (2.6.0~git20220317+dco-1) experimental; urgency=medium
* New upstream version 2.6.0~git20220317+dco
This is a snapshot of the upstream dco branch (data-channel offloading)
openvpn (2.5.6-1) unstable; urgency=high
* New upstream version 2.5.6
CVE-2022-0547 - Potential authentication by-pass with multiple deferred
authentication plug-ins plug-ins (Closes: #1008015)
openvpn (2.5.5-1ubuntu3) jammy; urgency=medium
* debian/patches/CVE-2022-0547.patch: updated to properly patch actual
manpage file in doc/openvpn.8.
openvpn (2.5.5-1ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: authentication bypass via multiple deferred
authentication plug-ins
- debian/patches/CVE-2022-0547.patch: disallow multiple deferred
authentication plug-ins in doc/man-sections/plugin-options.rst,
src/openvpn/plugin.c.
- CVE-2022-0547
openvpn (2.5.5-1ubuntu1) jammy; urgency=medium
* Merge with Debian unstable (LP: #1946884). Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
- d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
- d/p/OpenSSL3.patch: work around the deprecated algorithm mismatch between
the OpenSSL3 branch and the OpenVPN 2.5 branch (LP #1945980)
openvpn (2.5.5-1) unstable; urgency=medium
[ Jörg Frings-Fürst ]
* New upstream version 2.5.5
* Declare compliance with Debian Policy 4.6.0.1
* d/copyright:
- Remove duplicate entries;
- Refresh for new upstream release
- Add 2021 to myself
[ Bernhard Schmidt ]
* Refresh patches for new upstream version
openvpn (2.5.1-3ubuntu5) jammy; urgency=medium
* No-change rebuild to update maintainer scripts, see LP: 1959054
openvpn (2.5.1-3ubuntu4) jammy; urgency=medium
* d/p/OpenSSL3.patch: work around the deprecated algorithm mismatch between
the OpenSSL3 branch and the OpenVPN 2.5 branch (LP: #1945980)
openvpn (2.5.1-3ubuntu3) jammy; urgency=medium
* No-change rebuild against openssl3
openvpn (2.5.1-3ubuntu2) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
openvpn (2.5.1-3ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
- d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
* Dropped changes:
- d/t/server-setup-*: adapt tests to output of v2.5.0
[Included in 2.5.1-3]
openvpn (2.5.1-3) unstable; urgency=medium
* Fix autopkgtest (Closes: #983662)
- adapt autopkgtest output to 2.5 (from Ubuntu)
- Fix easyrsa batch mode invocation
* Cherry-Pick "Fix condition to generate session keys" (Closes: #988478)
openvpn (2.5.1-2ubuntu1) impish; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
- d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
- d/t/server-setup-*: adapt tests to output of v2.5.0
openvpn (2.5.1-2) unstable; urgency=high
* Cherry-Pick 3 (+ 1 predependency) patches from upstream to fix
authentication bypass with deferred authentication
(CVE-2020-15078) (Closes: #987380)
openvpn (2.5.1-1ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable (LP: #1917438). Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
- d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
+ d/t/server-setup-*: adapt tests to output of v2.5.0
openvpn (2.5.1-1) unstable; urgency=medium
* New upstream version 2.5.1 (bugfix release)
openvpn (2.5.0-1ubuntu1) hirsute; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
- d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
[updated to match 2.5.0]
* Dropped changes [in Debian since 2.5~beta3-1]
- d/tests: add two DEP-8 test cases
+ d/t/server-setup-with-static-key: test the OpenVPN server side setup
using a static key.
+ d/t/server-setup-with-ca: test the OpenVPN server side setup using a
CA built with easy-rsa.
- d/openvpn*.service: Drop reload support from systemd unit files
(LP #1868127). The current reload implementation (sending a SIGHUP
signal to the process) fails, and the difference between reload and
restart is not clear. Systemd does not require an implementation for
reload.
* Added Changes:
- d/t/server-setup-*: adapt tests to output of v2.5.0
openvpn (2.5.0-1) unstable; urgency=medium
* New upstream version 2.5.0 - final release
openvpn (2.5~rc3-1) unstable; urgency=medium
* New upstream version 2.5~rc3
openvpn (2.5~rc2-1) unstable; urgency=medium
* Downgrade debhelper-compat to 12 for easier backports
* New upstream version 2.5~rc2
openvpn (2.5~beta3-1) unstable; urgency=medium
* Release to unstable.
[ Lucas Kanashiro ]
* Add two DEP-8 test cases for the server side
* Drop reload support from systemd unit files (LP: #1868127)
[ Bernhard Schmidt ]
* Revert "d/gbp.conf for experimental 2.5 branch"
* New upstream version 2.5~beta3
openvpn (2.5~beta1-3) experimental; urgency=medium
* Disable iproute2 support in favour of the new netlink based default.
Thanks to Fabio Pedretti
openvpn (2.5~beta1-2) experimental; urgency=medium
* Set Build-Conflicts: systemctl, see Bug#959828
openvpn (2.5~beta1-1) experimental; urgency=medium
* d/gbp.conf for experimental 2.5 branch
* New upstream version 2.5~beta1
* Adjust patches for new major upstream version
* Add python3-docutils to build-depends for manpage generation
openvpn (2.4.9-3ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
- d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
- d/tests: add two DEP-8 test cases
+ d/t/server-setup-with-static-key: test the OpenVPN server side setup
using a static key.
+ d/t/server-setup-with-ca: test the OpenVPN server side setup using a
CA built with easy-rsa.
- d/openvpn*.service: Drop reload support from systemd unit files
(LP #1868127). The current reload implementation (sending a SIGHUP
signal to the process) fails, and the difference between reload and
restart is not clear. Systemd does not require an implementation for
reload.
openvpn (2.4.9-3) unstable; urgency=medium
[ Jörg Frings-Fürst ]
* Fix the bug that occurs during the update (Closes: #959464):
"ERROR: Cannot ioctl TUNSETIFF tunX: Device or resource busy (errno=16)"
- debian/rules: Change dh_installsystemd from "--restart-after-upgrade" to
"--no-restart-after-upgrade -r".
- Remove restart from debian/postinst.
- Add hint to reboot if openvpn is running.
- Add new chapter into debian/NEWS.
* Migrate to debhelper 13.
* debian/postinst:
- Remove now useless code for version less than 2.3.2-6.
* debina/copyright:
- Add year 2020 to Bernhard Schmidt.
openvpn (2.4.9-2ubuntu2) groovy; urgency=medium
* Drop reload support from systemd unit files (LP: #1868127)
openvpn (2.4.9-2ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP 1454725)
- Allow MD5 for PRF in FIPS mode openssl.
* Added changes:
- d/tests: add two DEP-8 test cases
+ d/t/server-setup-with-static-key: test the OpenVPN server side setup
using a static key.
+ d/t/server-setup-with-ca: test the OpenVPN server side setup using a
CA built with easy-rsa.
openvpn (2.4.9-2) unstable; urgency=medium
* Cherry-Pick upstream patch to fix ssl_do_config error with
invalid OpenSSL system configuration (Closes: #958296)
Thanks to Jonas Andradas for reporting and Arne Schwabe for debugging.
* Use DEB_HOST_MULTIARCH for libraries (Closes: #958315)
* Enable Salsa CI
openvpn (2.4.9-1) unstable; urgency=medium
[ Jörg Frings-Fürst ]
* New upstream release (Closes: #950610).
* Refresh debian/patches/openvpn-pkcs11warn.patch.
* Remove upstream applied fix-pkcs11-helper-hang.patch.
* Add libp11-kit-dev to Build - Depends (Closes: #940727).
* Add symlinks for plugins into /usr/lib/openvpn/ (Closes: #946348).
* Declare compliance with Debian Policy 4.5.0 (No changes needed).
* Switch to debhelper-compat:
- debian/control: change to debhelper-compat (=12).
- remove debian/compat.
* debian/copyright:
- Add year 2020 to debian/*.
- Add year 2019 to *.
* debian/control:
- Add Rules-Requires-Root: No.
[ Bernhard Schmidt ]
* New upstream version 2.4.9
- CVE-2020-11810
illegal client float can break VPN session for other users
openvpn (2.4.7-1ubuntu2) eoan; urgency=medium
* No-change upload with strops.h and sys/strops.h removed in glibc.
openvpn (2.4.7-1ubuntu1) eoan; urgency=medium
* Merge with Debian unstable (LP: #1828771). Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what got
added to debian/openvpn.init.d ages ago (LP 1454725)
- d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF.
(LP 1807439)
* Dropped changes:
- d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout
scripts breaking due to sudo/pam being unable to audit the action.
Fixed in upstream issue #918, suggested to Debian in #868806 (LP 1787208)
[in Debian now]
openvpn (2.4.7-1) unstable; urgency=medium
[ Bernhard Schmidt ]
* New upstream version 2.4.7
- improvements regarding TLSv1.3
- Add CAP_AUDIT_WRITE for auth_pam for upstream units (Closes: #868806)
* adjust kfreebsd_support.patch for new upstream version
* Also Add CAP_AUDIT_WRITE for auth_pam for openvpn@.service (Closes: #868806)
* openvpn@.service: Bump LimitNPROC to 100, see #861923
[ Simon Deziel ]
* d/control: suggests openvpn-systemd-resolved (Closes: #913265)
[ Hilko Bengen ]
* Avoid hangs when spawning child processes by not setting pkcs11-helper
"safe fork mode" (Closes: #772812, #900805, #907452)
openvpn (2.4.6-1ubuntu3) disco; urgency=medium
* d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF.
(LP: #1807439)
openvpn (2.4.6-1ubuntu2) cosmic; urgency=medium
* d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout
scripts breaking due to sudo/pam being unable to audit the action.
Fixed in upstream issue #918, suggested to Debian in #868806 (LP: #1787208)
openvpn (2.4.6-1ubuntu1) cosmic; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what got
added to debian/openvpn.init.d ages ago (LP 1454725)
openvpn (2.4.6-1) unstable; urgency=medium
[ Jörg Frings-Fürst ]
* New upstream release.
- Refresh patches.
- Fix "does not start if link-mtu is too low" (Closes: #867113).
- Fix "auth-tokens are purged if auth-nocache is set" (Closes: #883601).
* Migrate to debhelper 11:
- Change debian/compat to 11.
- Bump minimum debhelper version in debian/control to >= 11.
* Declare compliance with Debian Policy 4.1.5 (No changes needed).
* New debian/patches/spelling_errors.patch to correct spelling errors.
* New debian/patches/systemd.patch to remove obsolete syslog.target.
* debian/changelog:
- Rewrite to DEP5 copyright format.
* debian/control:
- Change to my new email address.
- Remove trailing whitespaces.
* debian/rules:
- Remove trailing whitespaces.
- Replace outdated dh_installsystemd with dh_systemd_start.
- Remove usr/share/doc/openvpn/COPYING.
- Replace rm -f with $(RM).
* debian/update-resolv-conf:
- Fix "preserve order of pushed parameters" (Closes: #807808).
Thanks to Thibaut Chèze.
- Add syslog message if used without binary resolvconf (Closes: #895135).
Thanks to Roger Price <email address hidden>.
* debian/watch:
- Use secure URI.
* Remove obsolete debian/openvpn.lintian-overrides.
* New README.source to explain the branching model used.
openvpn (2.4.5-1) unstable; urgency=medium
* New upstream version 2.4.5 (Closes: #873302)
* Fix wrong Bug# in previous changelog
* Change Vcs-* to salsa (gitlab)
openvpn (2.4.4-2ubuntu1) bionic; urgency=low
* Sync with Debian. Remaining changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
openvpn (2.4.4-2) unstable; urgency=medium
* Build against OpenSSL 1.1.0 (Closes: #828477)
* Bump Standards-Version to 4.1.2, no changes necessary
openvpn (2.4.4-1ubuntu1) bionic; urgency=medium
* Sync with Debian. Remaining changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
openvpn (2.4.4-1) unstable; urgency=medium
[ Jörg Frings-Fürst ]
* New Upstream release:
- Fix bounds check in read_key() (CVE-2017-12166) (Closes: #877089).
* Declare compliance with Debian Policy 4.1.1. (No changes needed).
* Drop dh-systemd from both Build-Depends and dh command line as
it is enabled by default for dh compat level 10.
* New debian/openvpn.lintian-overrides:
- Override duplicate upstream changelog warning.
* Remote obsolete directory /usr/lib/openvpn (The plugins directory are now
/usr/lib/*/openvpn/plugins):
- Remove /usr/lib/openvpn from debian/dirs.
- Add debian/postrm to remove /usr/lib/openvpn on purge and remove.
- Rewrite plugin section at README.Debian
* Use pathfind() instead hard coded path for invoke-rc.d at debian/prerm
and debian/postinst.
* Remove outdated debian/README.source.
* Remove obsolete syslog.target from debian/openvpn@.service.
* Update Catalan translation (Closes: #870351).
- Thanks to Alytidae <email address hidden>.
* New directory /var/log/openvpn for log and status files
(Closes: #444431, #553303):
- Add var/log/openvpn into debian/dirs.
- New debian/patches/move_log_dir.patch to change the conf files
to the new log directory.
[ Bernhard Schmidt ]
* Further changes to debian/openvpn@.service copied from upstream
- Enable Restart=on-failure
- Use KillMode=process
openvpn (2.4.3-4) unstable; urgency=medium
* fix FTBFS on kfreebsd
* Adjust debian openvpn@.service to be closer to the upstream
ones (Closes: #858558, #864031):
- adjust Documentation URL to OpenVPN 2.4
- use systemd READY signalling (Type=notify)
- add ProtectHome=true
- add After/Wants network-online.target
- adjust CapabililtyBoundingSet
openvpn (2.4.3-3) unstable; urgency=medium
[ Jörg Frings-Fürst ]
* debian/control:
- Set Bernhard Schmidt <email address hidden> as maintainer and myself as
Uploader (Closes: #865555)
- Many thanks to Alberto Gonzalez Iniesta.
- Change Vcs-Browser to cgit.
* Migrate to debhelper 10:
- Change debian/compat to 10.
- Bump minimum debhelper version in debian/control to >= 10.
* Declare compliance with Debian Policy 4.0.0. (No changes needed).
[ Bernhard Schmidt ]
* properly remove obsolete /etc/tmpfiles.d/openvpn.conf using
dpkg-maintscript-helper (Closes: #865717)
* Change Vcs-Git and Homepage to https
openvpn (2.4.3-2) unstable; urgency=medium
* The "Bye bye OpenVPN" revenge release
* Put upstream tmpfiles conf in the right place and merge with Debian's.
(Closes: #865589)
openvpn (2.4.3-1) unstable; urgency=high
* The "Bye bye OpenVPN" release.
* New upstream release fixing: (Closes: #865480)
- CVE-2017-7508
- CVE-2017-7520
- CVE-2017-7521
- CVE-2017-7522
* Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins
* debian/rules:
- Remove obsolete options to configure script (enable-password-save,
with-plugindir (now in ENV_VARS))
- No need to install upstream's systemd unit files from debian/rules
openvpn (2.4.0-6) unstable; urgency=medium
* Apply upstream patch to fix shrinking MTU sizes on reconnects causing not
usable VPN tunnels.
openvpn (2.4.0-5) unstable; urgency=high
* Change typo fix in command line help.
* SECURITY UPDATE: pre-authentication denial-of-service vulnerability
(both client and server) from a too-large control packet.
- debian/patches/CVE-2017-7478.patch: Do not assert on too-large
control packet
- CVE-2017-7478
* SECURITY UPDATE: authenticated remote DoS vulnerability due to
packet ID rollover
- debian/patches/CVE-2017-7479-prereq.patch: merge
packet_id_alloc_outgoing() into packet_id_write()
- debian/patches/CVE-2017-7479.patch: do not assert when packet ID
rollover occurs
- CVE-2017-7479
* SECURITY UPDATE: auth tokens left in memory after de-auth
- debian/patches/wipe_tokens_on_de-auth.patch: always wipe token
as soon as a TLS session is considered broken.
* Kudos to Steve Beattie <email address hidden> for doing all the
backporting work for this upload.
openvpn (2.4.0-4ubuntu1.3) zesty-security; urgency=medium
* SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet
- debian/patches/CVE-2017-7508.patch: remove assert in
src/openvpn/mss.c.
- CVE-2017-7508
* SECURITY UPDATE: Remote-triggerable memory leaks
- debian/patches/CVE-2017-7512.patch: fix leaks in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7512
* SECURITY UPDATE: Pre-authentication remote crash/information disclosure
for clients
- debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer
OOB reads and a crash for invalid input data in src/openvpn/ntlm.c.
- CVE-2017-7520
* SECURITY UPDATE: Potential double-free in --x509-alt-username and
memory leaks
- debian/patches/CVE-2017-7521.patch: fix double-free in
src/openvpn/ssl_verify_openssl.c.
- CVE-2017-7521
* SECURITY UPDATE: DoS in establish_http_proxy_passthru()
- debian/patches/establish_http_proxy_passthru_dos.patch: fix
null-pointer dereference in src/openvpn/proxy.c.
- No CVE number
openvpn (2.4.0-4ubuntu1.2) zesty-security; urgency=medium
* SECURITY UPDATE: pre-authentication denial-of-service vulnerability
(both client and server) from a too-large control packet.
- debian/patches/CVE-2017-7478.patch: Do not assert on too-large
control packet
- CVE-2017-7478
* SECURITY UPDATE: authenticated remote DoS vulnerability due to
packet ID rollover
- debian/patches/CVE-2017-7479-prereq.patch: merge
packet_id_alloc_outgoing() into packet_id_write()
- debian/patches/CVE-2017-7478.patch: do not assert when packet ID
rollover occurs
- CVE-2017-7478
* SECURITY UPDATE: auth tokens left in memory after de-auth
- debian/patches/wipe_tokens_on_de-auth.patch: always wipe token
as soon as a TLS session is considered broken.
openvpn (2.4.0-4ubuntu1) zesty; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (LP: #1454725)
- Demote easy-rsa to Suggests (universe package).
* Drop:
- debian/control: Actually drop the initscripts dependency.
(Closes: #804968). Already in Debian
openvpn (2.4.0-4) unstable; urgency=medium
* Add NEWS entries on possible 2.4 migration issues.
(Closes: #852381, #849909)
openvpn (2.4.0-3) unstable; urgency=medium
* You shall run debdiff even when the change is only a word, or you may find
out the word was not there...
* Add liblz4-dev to Build-Depends. (Closing: #849563 for real)
openvpn (2.4.0-2) unstable; urgency=medium
* Enable lz4 compression (Closes: #849563).
Thanks Laurent Bigonville for noticing.
openvpn (2.4.0-1) unstable; urgency=medium
* New upstream release.
* Refresh debian/patches to new upstream coding style.
* debian/NEWS.Debian. Add note on removed tls-remote option
(Closes: #848062)
openvpn (2.4~rc1-2) unstable; urgency=medium
* Make lintian happy:
- Update debian/watch
- Remove .gitignore file from samples
- Add Depends on lsb-base
- Move bash completion file to /usr/share
- Remove unneeded dot in manpage
- Bump Standards-Version
* debian/patches/kfreebsd_support: Update patch for 2.4 series.
openvpn (2.4~rc1-1) unstable; urgency=medium
* New upstream release
* Update close_socket_before_scripts.patch to upstream's version
* Add /etc/openvpn/client & /etc/openvpn/server directories for
upstream's systemd units.
openvpn (2.4~beta1-1) experimental; urgency=medium
* New upstream release
* Change Build-Dep on libssl-dev to libssl1.0-dev since upstream is not
transitioning to libssl1.1 yet.
* Moved to debhelper compat 9.
openvpn (2.3.11-2) unstable; urgency=medium
* Remove dependency on initscripts. (Closes: #804968)
* README.Debian. Fix CapabilityBoundingSet reference.
openvpn (2.3.11-1ubuntu2) yakkety; urgency=medium
* debian/control: Actually drop the initscripts dependency.
(Closes: #804968)
openvpn (2.3.11-1ubuntu1) yakkety; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn@.service: Add "--script-security 2" similar to what got
added to debian/openvpn.init.d ages ago (see LP: #260291).
- Demote easy-rsa to Suggests (universe package).
* Drop intrusive changes (showing per-VPN result messages) from
debian/openvpn.init.d. This isn't being used under systemd.
openvpn (2.3.11-1) unstable; urgency=medium
* New upstream release.
* tun.c: patch to fix FTBFS in kfreebsd. (Closes: #815283)
Thanks Steven Chamberlain for the patch.
* README.Debian: Document limits in the service file.
(Closes: #819919, #823621)
* Removed versioned dependency on initscripts. (Closes: #804968)
openvpn (2.3.10-1ubuntu2) xenial; urgency=medium
* debian/openvpn@.service: Add --script-security similar to what got added
to debian/openvpn.init.d ages ago (see LP #260291). (LP: #1454725)
openvpn (2.3.10-1ubuntu1) xenial; urgency=medium
* Merge with Debian unstable (LP: #1536568). Remaining Ubuntu changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
(LP #260291)
- Demote easy-rsa to Suggests
openvpn (2.3.10-1) unstable; urgency=medium
* New upstream release. (Closes: #804368)
Drop password_prompt_in_systemd.patch. Applied upstream.
* Unify pidfile path on systemd and sysV. (Closes: #811010)
Thanks Guillem Jover for noticing.
* Increase start-stop-daemon timeout on stop to let openvpn
tear down the connection properly in some cases.
(Closes: #799592, #796914)
* Add CAP_AUDIT_WRITE to openvpn@.service CapabilityBoundingSet
to fix auth-pam plugin. (Closes: #795313)
* Patch from Martin Pitt to start OpenVPN before user sessions
to avoid hidding possible password prompts. (Closes: #803032)
* Make another copy of t_client.sh to help keeping the build
environment clean. (Closes: #765447)
openvpn (2.3.8-1ubuntu1) xenial; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
- Run openvpn@.service before systemd-user-sessions.service to avoid
gettys and lightdm starting on top of possible password prompts. This
provides the equivalent of the init.d script's X-Start-Before:.
(Closes: #803032)
openvpn (2.3.8-1) unstable; urgency=medium
* New upstream release. Drop patch from 2.3.7-2.
Hopefully (Closes: #791829)
* Apply upstream fix for systemd password prompt that
delayed this upload. Sorry SysV users.
* debian/rules: remove obsolete options (*-path) to configure
* openvpn@.service: Use KillMode=mixed to fix signaling of some plugins.
(Closes: #792907). Also add PrivateTmp & LimitNPROC options.
Thanks Daniel Hahler for the patch.
openvpn (2.3.7-2ubuntu1) xenial; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
- Run openvpn@.service before systemd-user-sessions.service to avoid
gettys and lightdm starting on top of possible password prompts. This
provides the equivalent of the init.d script's X-Start-Before:.
(Closes: #803032)
openvpn (2.3.7-2) unstable; urgency=medium
* Move libsystemd-daemon-dev Build-Dep to libsystemd-dev.
Add Build-Dep on systemd. (Closes: #791904)
* Bumped Standards-Version to 3.9.6
* Apply upstream patch to fix stdin password prompt.
(Closes: #791829)
openvpn (2.3.7-1ubuntu1) wily; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
- Run openvpn@.service before systemd-user-sessions.service to avoid
gettys and lightdm starting on top of possible password prompts. This
provides the equivalent of the init.d script's X-Start-Before:.
openvpn (2.3.7-1) unstable; urgency=medium
* New upstream version
* Add --no-block to if-up.d script to avoid hanging boot on
interfaces with openvpn instances. (Closes: #787090, #785200)
* Add ProtectSystem=yes to systemd's service file. (Closes: #771626)
* Removed upstream applied patches:
- 0001-Drop-too-short-control-channel-packets-instead-of-as.patch
- update_sample_certs.patch
openvpn (2.3.5-1) unstable; urgency=medium
* New upstream release. Removed patches applied upstream:
client_connect_tmp_files.patch
better_systemd_detection.patch
* Add Build-Depends on libsystemd-daemon-dev.
openvpn (2.3.4-5ubuntu1) wily; urgency=medium
* Merge with Debian unstable. Remaining Ubuntu changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
- Run openvpn@.service before systemd-user-sessions.service to avoid
gettys and lightdm starting on top of possible password prompts. This
provides the equivalent of the init.d script's X-Start-Before:.
openvpn (2.3.4-5) unstable; urgency=high
* Apply upstream patch that fixes possible DoS by authenticated
clients. CVE-2014-8104
* Patch sample certs since they were expired and made the package
build fail. (Closes: #770835)
openvpn (2.3.4-4) unstable; urgency=medium
* Use dh-systemd in order to enable the service unit.
(Closes: #768411)
* Add comment on /etc/default/openvpn file about options
not supported on systemd. (Closes: #768384)
openvpn (2.3.4-3) unstable; urgency=medium
* Apply patch by Samuel Thibault to clean up temporary files.
(Closes: #764651). Thanks Samuel!
openvpn (2.3.4-2) unstable; urgency=medium
* openvpn.service. Remove ExecStop, add ExecReload.
Fixes reload of openvpn service. (Closes: #763411)
openvpn (2.3.4-1) unstable; urgency=medium
* Upload to unstable.
* New upstream release. (Closes: #752568)
* Add Turkish debconf translation. (Closes: #759879)
* Replace openvpn-systemd-helper with a systemd generator.
Thanks Ondřej Surý, Ansgar Burchardt and postgresql-common for
the ideas, help and inspiration.
* Bumped Standards-Version to 3.9.5
* debian/control: Add Vcs-*
openvpn (2.3.3-1) experimental; urgency=medium
* Install tmpfiles.d configuration to create /run/openvpn in
systemd. Properly fixing #741938.
* Add reload to openvpn@.service. (Closes: #747840)
* New upstream release
* New openvpn.service to override LSB script when running systemd.
(Closes: #700888)
* Apply patch from upstream's BTS to improve systemd detection.
(Closes: #747265)
openvpn (2.3.2-9ubuntu4) vivid; urgency=medium
* Run openvpn@.service before systemd-user-sessions.service to avoid gettys
and lightdm starting on top of possible password prompts. This provides
the equivalent of the init.d script's X-Start-Before:.
openvpn (2.3.2-9ubuntu3) vivid; urgency=medium
* Add better_systemd_detection.patch to avoid calling systemd-ask-password
under upstart. Backported from upstream. (Closes: #747265)
* Add systemd unit and generator from current Debian package. This avoids
using the init.d script, which unnecessarily blocks lightdm startup on the
network becoming online even if there are no auto-start connections
(LP: #1443489).
openvpn (2.3.2-9ubuntu2) vivid; urgency=medium
* SECURITY UPDATE: server denial of service via too-short control channel
packets
- debian/patches/CVE-2014-8104.patch: drop too-short control channel
packets instead of asserting out in src/openvpn/ssl.c.
- CVE-2014-8104
* debian/patches/update_certs.patch: update test certs to fix FTBFS.
openvpn (2.3.2-9ubuntu1) utopic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
- Patch libtool.m4 and configure to support ppc64el.
- Refresh delta with debian/openvpn.init.d:
+ Make stop action reliable by killing if needed
(LP: #1274254, LP: #1200519)
+ Use new path for status file (LP: #1261088)
openvpn (2.3.2-9) unstable; urgency=medium
* Create /run/openvpn in init script even if no VPN is
autostarted by it. (Closes: #741938)
* Fix systemd detection based on /run/systemd/system.
openvpn (2.3.2-8) unstable; urgency=medium
* Add support for systemd. (Closes: #700888)
Add openvpn@.service and --enable-systemd to ./configure.
openvpn (2.3.2-7ubuntu3) trusty; urgency=medium
[ Simon Deziel ]
* Refresh delta with debian/openvpn.init.d:
- Make stop action reliable by killing if needed
(LP: #1274254, LP: #1200519)
- Use new path for status file (LP: #1261088)
openvpn (2.3.2-7ubuntu2) trusty; urgency=medium
* Patch libtool.m4 and configure to support ppc64el.
openvpn (2.3.2-7ubuntu1) trusty; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
openvpn (2.3.2-7) unstable; urgency=low
* Fix postinst when no *.pid files exist in /run/sendsigs.omit.d/.
(Closes: #730679)
openvpn (2.3.2-6) unstable; urgency=low
* Move PID and status files to openvpn subdir in /run.
(Closes: #614036). Thanks Stephen Gildea for the patch and Simon Deziel
for the upgrade path.
* Add --enable-x509-alt-username option to ./configure
openvpn (2.3.2-5ubuntu1) trusty; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
- Demote easy-rsa to Suggests
openvpn (2.3.2-5) unstable; urgency=low
* Patch init script to fix race conditions on restarts.
(Closes: #716794). Thanks Simon Deziel for the patch.
* Improve update-resolv-conf script. Thanks Thomas Hood
for the patch. (Closes: #721082)
openvpn (2.3.2-4ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
openvpn (2.3.2-4) unstable; urgency=low
* Fix depends on iproute to iproute2.
openvpn (2.3.2-3) unstable; urgency=low
* Add iproute2 support on linux archs.
* Add versioned Build-Depends on dpkg-dev since --export=configure
is used. (Closes: #697560)
openvpn (2.3.2-2) unstable; urgency=low
* Add pkg-config to Build-Depends while waiting for libpkcs11-helper1-dev's
maintainter to decide if he includes pkg-config as a Depends.
Thanks Roland Stigge for finding out. (Closes: #711076)
openvpn (2.3.2-1) unstable; urgency=low
* New upstream version.
Less messages about script security (Closes: #573129)
* Add --enable-pkcs11 to configure to avoid losing PKCS11.
Thanks Jaak Pruulmann-Vengerfeldt for noticing before the
upload! (Closes: #710085)
openvpn (2.3.1-2ubuntu2) saucy; urgency=low
* Move easy-rsa from Recommends to Suggests as it's not in main and isn't
actually required to operate an openvpn server.
openvpn (2.3.1-2ubuntu1) saucy; urgency=low
* Merge from Debian unstable. Remaining changes:
- debian/openvpn.init.d:
+ Do not use start-stop-daemon and </dev/null to avoid blocking boot.
+ Show per-VPN result messages.
+ Add "--script-security 2" by default for backwards compatabliity.
openvpn (2.3.1-2) unstable; urgency=low
* Add net-tools to Build-Depends. (Closes: #709108)
openvpn (2.3.1-1) unstable; urgency=low
* New upstream version. Fixes use of non-constant-time memcmp in HMAC
comparison. CVE-2013-2061 (Closes: #707329)
openvpn (2.3.0-1) experimental; urgency=low
* New upstream release
* Add easy-rsa to Recommends
openvpn (2.3~rc1-1) experimental; urgency=low
* Upload to experimental
* New upstream release with reworked build system
openvpn (2.2.1-8ubuntu3) raring; urgency=low
[ Marc Gariépy ]
* Add --script-security to the init.d script (was generated but not passed
to openvpn). (LP: #1124398)
openvpn (2.2.1-8ubuntu2) quantal; urgency=low
* Rebuild for new armel compiler default of ARMv5t.
openvpn (2.2.1-8ubuntu1) precise; urgency=low
* Merge at Simon Deziel's request to build with PIE.
* Merge from Debian unstable. Remaining changes:
+ debian/openvpn.init.d:
- Do not use start-stop-daemon and </dev/null to avoid blocking boot.
- Show per-VPN result messages.
- Add "--script-security 2" by default for backwards compatabliity.
+ debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
openvpn (2.2.1-8) unstable; urgency=low
* Enable "PIE" and "BINDOW" hardening flags.
openvpn (2.2.1-7) unstable; urgency=low
* Add dpkg-buildflags call on plugins built too.
Thanks Simon Ruderich for finding out, the nice patch and
clarification. (Closes: #655130)
openvpn (2.2.1-6) unstable; urgency=low
* /run transition: Replaced usage of /dev/.udev with /run/udev,
when checking for the usage of udev. Depend on initscripts
(>= 2.88dsf-13.3) to guarantee the existence of /run/udev
in case udev is being used. (Closes: #644321)
Patch by Pieter du Preez.
openvpn (2.2.1-5ubuntu1) precise; urgency=low
* Merge from Debian unstable. Remaining changes: (LP: #907828)
+ debian/openvpn.init.d:
- Do not use start-stop-daemon and </dev/null to avoid blocking boot.
- Show per-VPN result messages.
- Add "--script-security 2" by default for backwards compatabliity.
+ debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
openvpn (2.2.1-5) unstable; urgency=low
* Avoid sending ICMP redirects when using tun devices and "subnet"
topology. Thanks Simon Deziel for testing and the patch.
(Closes: #656241)
The init.d script will set all.send_redirects=0 when using "dev tun"
and "topology subnet". More info in README.Debian.
* Several manpage fixes
openvpn (2.2.1-4) unstable; urgency=low
* Use dpkg-buildflags to fill CFLAGS in ./configure. (Closes: #655130)
* debian/rules: Moved to dh.
* debian/rules: Changed DEB_BUILD_ARCH_OS with DEB_HOST_ARCH_OS.
* Removed quilt Build-Depends.
* debian/openvpn.default: Clarify what "vpn name" refers to.
(Closes: #657610)
openvpn (2.2.1-3ubuntu1) precise; urgency=low
* Merge from Debian testing. Remaining changes:
+ debian/openvpn.init.d:
- Do not use start-stop-daemon and </dev/null to avoid blocking boot.
- Show per-VPN result messages.
- Add "--script-security 2" by default for backwards compatabliity.
+ debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
+ debian/update-resolv-conf: Support multiple domains.
+ fix bug where '--script-security 2' would be passed for all
daemons after the first. (LP: #794916)
openvpn (2.2.1-3) unstable; urgency=low
* The iproute fiasco release.
* Remove --enable-iproute2 dependency since it's only available in Linux.
Write that in the changelog so I don't forget _again_ why iproute is not
set... (Closes: #652702)
openvpn (2.2.1-2) unstable; urgency=low
* debian/rules: Force path to 'ip' command so that it's set correctly even
if not present (in the buildd). (Closes: #652702)
* Fix OMIT_SENDSIGS logic on init.d script. (Closes: #652703)
openvpn (2.2.1-1) unstable; urgency=low
* New upstream release
* Added OMIT_SENDSIGS option in init.d script to let openvpn run after
sendsigs on system reboot or shutdown. (Closes: #636864)
* Configure with --enable-iproute2.
* Change path to route on kFreeBSD. (Closes: #646221) Thanks Robert Millan.
openvpn (2.2.0-2ubuntu1) oneiric; urgency=low
* Merge from debian unstable. Remaining changes:
+ debian/openvpn.init.d:
- Do not use start-stop-daemon and </dev/null to avoid blocking boot.
- Show per-VPN result messages.
- Add "--script-security 2" by default for backwards compatabliity.
+ debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
+ debian/update-resolv-conf: Support multiple domains.
+ fix bug where '--script-security 2' would be passed for all
daemons after the first. (LP: #794916
openvpn (2.2.0-2) unstable; urgency=low
* Upload to unstable
* debian/control: added Homepage field
* Added debian/watch file
* debian/patches: Added descriptions/authors/etc. to patches
openvpn (2.2.0-1) experimental; urgency=low
* New upstream release (Closes: #625281)
* Removed Depends on open(ssl|vpn)-blacklist, since
debian_openssl_vulnkeys.patch is no longer used.
Removed templates referring it too.
* Removed manpage_dash_escaping.patch, applied upstream
* Removed attemping_typo, applied upstream
* Removed counter_type_for_bytes.patch, applied upstream
* Removed eurephia.patch, applied upstream
* Updated JuanJo's & Gert's IPv6 patches
* Removed versioned Depends on libssl (Closes: #623503)
* Improved kFreeBSD support. Thanks Gonéri Le Bouder for the patch
(Closes: #626062)
* Updated Dutch debconf templates. (Closes: #625526)
openvpn (2.1.3-5) experimental; urgency=low
* Upload to experimental.
* Add ipv6 payload patch by Gert Doering. (Closes: #604071)
openvpn (2.1.3-4.1ubuntu2) oneiric; urgency=low
[Alexander Zielke]
* fix bug where '--script-security 2' would be passed for all
daemons after the first. (LP: #794916)
openvpn (2.1.3-4.1ubuntu1) oneiric; urgency=low
* Merge from debian unstable. Remaining changes:
+ debian/openvpn.init.d:
- Do not use start-stop-daemon and </dev/null to avoid blocking boot.
- Show per-VPN result messages.
- Add "--script-security 2" by default for backwards compatabliity.
+ debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
+ debian/update-resolv-conf: Support multiple domains.
openvpn (2.1.3-4.1) unstable; urgency=low
* Non-maintainer upload.
* Drop hard-coded dependency on libssl0.9.8. (Closes: #623503)
openvpn (2.1.3-4ubuntu1) oneiric; urgency=low
* Merge from debian unstable. Remaining changes:
+ debian/openvpn.init.d:
- Do not use start-stop-daemon and </dev/null to avoid blocking boot.
- Show per-VPN result messages.
- Add "--script-security 2" by default for backwards compatabliity.
+ debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
+ debian/update-resolv-conf: Support multiple domains.
openvpn (2.1.3-4) unstable; urgency=low
* Updated JuanJo's IPv6 patch. Now really fixes use from xinetd.
Thanks JuanJo & Christian Weinberger for testing it (Closes: #574164)
* Removed debian_openssl_vulnkeys.patch since we're Etch + 2 now.
(Closes: #484105, #487994)
openvpn (2.1.3-3) unstable; urgency=low
* Updated JuanJo's IPv6 patch.
Fixes use from xinetd (Closes: #574164)
* Patched update-resolv-conf to support multiple DNS search domains.
Thanks Jeremy Zawodny and Dave Walker for the patch.
(Closes: #617740)
* Added a note about bridge-utils helpers in README.Debian.
Thanks Sven Hoexter. (Closes: #599192)
* Updated Danish debconf templates. (Closes: #608425)
openvpn (2.1.3-2ubuntu3) natty; urgency=low
* update-resolv-conf: Correctly handle multiple dns search domains,
using the same logic as nameservers. Patch courtesy of Jeremy
Zawodny. (LP: #662847)
openvpn (2.1.3-2ubuntu2) natty; urgency=low
* update-resolv-conf: Support mulitple domains (LP: #714358)
openvpn (2.1.3-2ubuntu1) natty; urgency=low
* Merge from debian unstable. Remaining changes:
+ debian/openvpn.init.d:
- Do not use start-stop-daemon and </dev/null to avoid blocking boot.
- Show per-VPN result messages.
- Add "--script-security 2" by default for backwards compatabliity.
+ debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
openvpn (2.1.3-2) unstable; urgency=low
* Applied upstream patch to solve random routes added when using
'remote_host'. (Closes: #600166)
openvpn (2.1.3-1ubuntu2) natty; urgency=low
* Fix jjo-ipv6-support.patch to avoid assertion failure at socket.c:629 in
corner cases where ! host && addr (LP: #627973)
openvpn (2.1.3-1ubuntu1) natty; urgency=low
* Merge from debian unstable. Remaining changes:
+ debian/openvpn.init.d:
- Do not use start-stop-daemon and </dev/null to avoid blocking boot.
- Show per-VPN result messages.
- Add "--script-security 2" by default for backwards compatablitiy
+ debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
openvpn (2.1.3-1) unstable; urgency=low
* New upstream release (Closes: #595684)
* Fixed multiple building in a row (Closes: #592086)
* Added handling of newer DEB_BUILD_OPTIONS.
Thanks Lionel Elie Mamane for the patch. (Closes: #592098)
* Updated IPv6 patch from JuanJo Ciarlante.
Fixes --multihome option. (Closes: #562099)
openvpn (2.1.0-3ubuntu1) maverick; urgency=low
* Merge from debian unstable. Remaining changes:
+ debian/openvpn.init.d:
- Do not use start-stop-daemon and use </dev/null to avoid blocking boot
- Show per-VPN result messages
- Add "--script-security 2" by default for backwards compatablitiy
+ debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
openvpn (2.1.0-3) unstable; urgency=low
* The 'happy birthday to me' release
* Fixed client hang when server does not push anything. (Closes: #587414)
Thanks Thierry Carrez for the heads up.
* Document possible problems when using 'chroot' option
openvpn (2.1.0-2ubuntu2) maverick; urgency=low
* debian/patches/client_hang_when_server_dont_push.patch: Fix client hanging
on PUSH_REQUEST when server does not push any option (LP: #579737)
openvpn (2.1.0-2ubuntu1) maverick; urgency=low
* Merge from debian unstable. Remaining changes:
+ debian/openvpn.init.d:
- Do not use start-stop-daemon and use </dev/null to avoid blocking boot
- Show per-VPN result messages
- Add "--script-security 2" by default for backwards compatablitiy
+ debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
openvpn (2.1.0-2) unstable; urgency=low
* Patched ssl.[ch] to fix integer overflow. (Closes: #576827)
Thanks David Sommerseth for the patch.
* Fixed manpage typo. (Closes: #576823)
* Bloat the init.d script with more dependencies required by the
new init systems. Sucky. (Closes: #568647, #553338)
* Reworded README.Debian (Closes: #550164)
* Switch to dpkg-source 3.0 (quilt) format
openvpn (2.1.0-1ubuntu1) lucid; urgency=low
* Merge from debian testing (LP: #509078), remaining changes:
+ debian/openvpn.init.d:
- Do not use start-stop-daemon and use < /dev/null to avoid blocking boot
- Show per-VPN result messages
- Add "--script-security 2" by default for backwards compatibility
+ debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc()
openvpn (2.1.0-1) unstable; urgency=low
* New upstream release
* init.d script: added soft-restart to the options output. (Closes: #558174)
* debian/control: Promoted net-tools from Recommends to Depends.
(Closes: #557906)
openvpn (2.1~rc22-1) unstable; urgency=low
* New upstream release
* Added a note on LDAP+TLS problems in README.Debian
openvpn (2.1~rc21-2) unstable; urgency=low
* debian/patches: Added eurephia.patch to support eurephia plug-in.
* debian/patches: updated openvpn over ipv6 support to v0.4.10
openvpn (2.1~rc21-1) unstable; urgency=low
* New upstream release
openvpn (2.1~rc20-3) unstable; urgency=low
* Updated debian_openssl_vulnkeys.patch to fix false vulnerable
key detection. (Closes: #483139).
Thanks a lot Kees Cook and Jamie Strandboge for working on this!
openvpn (2.1~rc20-2ubuntu1) lucid; urgency=low
* Merge from debian testing, remaining changes:
+ debian/openvpn.init.d:
- Do not use start-stop-daemon and use < /dev/null to avoid blocking
boot.
- show per-VPN result messages
- add "--script-security 2" by default for backwards compatibility
- Add lab-base >= 3.2-14 to allow status_of_proc()
+ Dropped debian/patches/redirect-gateway.patch: Already applied
upstream.
openvpn (2.1~rc20-2) unstable; urgency=low
* init.d script: Added X-Interactive header. (Closes: #549424)
* patches/jjo-ipv6-support.patch: Added ipv6 support. (Closes: #307846)
Patch from JuanJo Ciarlante.
openvpn (2.1~rc20-1) unstable; urgency=low
* New upstream version.
- Fixes redirect-gateway option parsing. (Closes: #541450)
* Changed init.d Provides from 'vpn' to 'openvpn'. (Closes: #497563)
openvpn (2.1~rc19-2) unstable; urgency=low
* Fixed init.d script to depend on $remote_fs and $syslog (Closes: #539764)
* Added debian/README.source
* Bumped Standards-Version to 3.8.3
openvpn (2.1~rc19-1ubuntu2) karmic; urgency=low
* debian/patches/redirect-gateway.patch: Fix regression introduced in
2.1rc17 that makes redirect-gateway (without options) to be ignored.
Patch cherrypicked from upstream 2.1rc20 (SVN r5011), LP: #445695
openvpn (2.1~rc19-1ubuntu1) karmic; urgency=low
* Merge from debian unstable (LP: #404099), remaining changes:
- debian/openvpn.init.d:
- Do not use start-stop-daemon and use < /dev/null to avoid blocking boot
- show per-VPN result messages
- add "--script-security 2" by default for backwards compatibility
- Added lsb-base>=3.2-14 depend to allow status_of_proc()
openvpn (2.1~rc19-1) unstable; urgency=low
* New upstream version
- Removed remote_env.patch, applied upstream
- trusted_ip is exported again. (Closes: #524979)
* Bumped Standards-Version to 3.8.2
openvpn (2.1~rc15-1ubuntu1) karmic; urgency=low
* Merge from debian unstable (LP: #372358), remaining changes:
- debian/openvpn.init.d:
- Do not use start-stop-daemon and use < /dev/null to avoid blocking boot
- show per-VPN result messages
- add "--script-security 2" by default for backwards compatibility
- Added lsb-base>=3.2-14 depend to allow status_of_proc()
openvpn (2.1~rc15-1) unstable; urgency=low
* New upstream version (Closes: #515575)
* remote_env.patch: patched options.c to fix remote* enviroment vars.
* openvpn-pkcs11warn.patch: warn on deprecated pkcs11 options.
Thanks A LOT to Florian Kulzer for the README.Debian text & patch!
(Closes: #475353)
* Removed lladdr-is-not-ip.patch, since it was included upstream.
* init.d script: Use start-stop-daemon to avoid failure on start when
a PID file is not deleted. (Closes: #445061)
* init.d script: Added 'status' action. Thanks Thierry Carrez for
the patch. (Closes: #498493)
* Updated debian/copyright: Point to GPL-2
* Updated debian/control: Added ${misc:Depends}
* Bumped Standards-Version to 3.8.1
* Moved to debhelper compat 7.
openvpn (2.1~rc11-1ubuntu3) jaunty; urgency=low
* debian/openvpn.init.d:
- Fix unexpected operator on startup (LP: #340120)
openvpn (2.1~rc11-1ubuntu2) intrepid; urgency=low
* debian/openvpn.init.d:
- Revert fix from #454371 that was merged at 2.1~rc7-4 to prevent
openvpn prompts from blocking the boot (LP: #280428)
- Fix VPNs always reported started [ OK ]
openvpn (2.1~rc11-1ubuntu1) intrepid; urgency=low
* Merge with Debian (LP: #279655), remaining diffs:
- debian/openvpn.init.d: Added 'status' action to init script, show
per-VPN result messages and add "--script-security 2" by default for
backwards compatibility
- debian/control: Added lsb-base>=3.2-14 depend to allow status_of_proc()
* Fixes regression when calling commands with arguments (LP: #277447)
openvpn (2.1~rc11-1) unstable; urgency=low
* New upstream version
- Fixes TLS negotiation problems (Closes: #496649)
* Patched options.c, socket.c and socket.h to correctly check
for MAC addresses on lladdr parm. (Closes: #496141)
Thanks <email address hidden> for the patch.
* init.d script: exit with 0 status when trying to start
an already running VPN. (Closes: #499247)
openvpn (2.1~rc10-1) unstable; urgency=low
* New upstream version.
- Fixed calls to external commands with arguments.
(Closes: #495964, #496314, #497411)
openvpn (2.1~rc9-3ubuntu2) intrepid; urgency=low
* debian/openvpn.init.d:
- Added 'status' action to init script (LP: #251641)
- Restored per-VPN result messages by using log_action_begin_msg and
one log_daemon_msg per VPN instead of log_progress_msg (LP: #264966)
* debian/control: Added lsb-base>=3.2-14 depend to allow status_of_proc()
openvpn (2.1~rc9-3ubuntu1) intrepid; urgency=low
* debian/openvpn.init.d: Add "--script-security 2" by default for backwards compatibility
(LP: #260291)
openvpn (2.1~rc9-3) unstable; urgency=low
* debian/rules: run ./configure with path to 'route', for
those build daemons without 'route'. (Closes: #495082)
* Created NEWS.Debian with info on new option script-security.
(Closes: #494998)
openvpn (2.1~rc9-2) unstable; urgency=low
* debian/rules: run ./configure with path to ifconfig, for
those build daemons without ifconfig. (Closes: #494918)
openvpn (2.1~rc9-1) unstable; urgency=high
* New upstream version.
* Urgency high since it fixes a security bug in versions
2.1-beta14 to 2.1-rc8. CVE-2008-3459. (Closes: #493488)
* Added sample-scripts/ to examples directory.
* Thanks Tristan Hill for rewritten debian_openssl_vulnkeys.patch
openvpn (2.1~rc8-1) unstable; urgency=low
* New upstream version
* Added Build-dep on libpkcs11-helper1 to re-enable PKCS#11
support. Sorry for the delay Florian :) (Closes: #475353)
openvpn (2.1~rc7-6) unstable; urgency=low
* debian/control: Add Recommends on net-tools. (Closes: #469522)
* init.d script: clean up. (Closes: #486678)
* init.d script: Added soft-restart option to send SIGUSR1 to running
VPNs. (Closes: #414252)
* Added bash_completion for init.d script. (Closes: #394289)
* Removed obsolete templates and its associated code. (Closes: #459531)
* Removed stop before upgrade question, always restar after the upgrade
not in between. (Closes: #371148)
* New patch to correct spelling error in socket.c. (Closes: #487957)
* Added OPTARGS to init.d script and /etc/default/openvpn so that
Stanislav Maslovski does not have to edit this on every upgrade :)
(Closes: #488675)
openvpn (2.1~rc7-5) unstable; urgency=low
* init.d script: Set default exit code to 0 when undefined.
(Closes: #486441)
openvpn (2.1~rc7-4) unstable; urgency=low
* The 'Miriam helped me move to quilt' release
* Moved all the patches to debian/patches
* debian/control: Added Build-Dep on quilt
* Applied patch by Jamie Strandboge to fix openssl-vulnkey
extra passphrase prompts. Thanks Jamie.
(Closes: #483020, #483500, #486129)
* Updated Portuguese debconf templates. (Closes: #484007)
[ Martin Pitt ]
* Added note on Out Of Memory issues. (Closes: #484113)
* Avoid asking about the tun device creation if using udev.
(Closes: #484111)
* Reworked init.d script to use LSB functions. (Closes: #484110)
openvpn (2.1~rc7-3) unstable; urgency=low
* The 'Thanks the transtalors' release
* Updated Japanese debconf templates. (Closes: #483848)
* Updated Russian debconf templates. (Closes: #483693)
* Updated Brazilian Portuguese debconf templates. (Closes: #483686)
* Updated German debconf templates. (Closes: #483610)
* Updated French debconf templates. (Closes: #483104)
* Updated Spanish debconf templates. (Closes: #482939)
* Updated Italian debconf templates. (Closes: #482809)
* Updated Finnish debconf templates. (Closes: #482763)
* Updated Swedish debconf templates. (Closes: #482677)
* Updated Vietnamese debconf templates. (Closes: #482640)
* Updated Galician debconf templates. (Closes: #482461)
* Updated Czech debconf templates. (Closes: #482430)
* Updated Basque debconf templates. (Closes: #482398)
* Updated path to openssl-vulnkey. (Closes: #483723)
openvpn (2.1~rc7-2) unstable; urgency=high
* init.c: Warn of use of known vulnerable weak SSL/TLS
and shared secret keys caused by Debian openssl bug.
Patch taken from Ubuntu. CVE-2008-0166
* debian/(templates|postinst): Add warning on vulnerable
secrect/key files.
* debian/control: Add dependencies on openssl-blacklist and
openvpn-blacklist. Bumped dependency on libssl version.
openvpn (2.1~rc7-1) unstable; urgency=low
* New upstream release (Closes: #464181)
- Slashes in X509 common name allowed (Closes: #452274)
* init.d script: Removed /dev/null stdin redirection, so passphrases
can be typed in. (Closes: #454371)
* Set FD_CLOEXEC in socket initialization BEFORE running the 'up script'
Thanks a lot Julien Cristau for finding this out and sending the
patch (Closes: #367716)
* Added multiple VPN configuration in /e/n/interfaces.
Thanks Sam Couter for the patch (Closes: #472924)
* Bumped Standards-Version to 3.7.3
* Debconf templates and debian/control reviewed by the debian-l10n-
english team as part of the Smith review project. (Closes: #462048)
* Updated Vietnamese debconf templates. (Closes: #465535)
* Updated German debconf templates. (Closes: #465317)
* Updated Brazilian Portuguese debconf templates. (Closes: #465440)
* Updated Japanese debconf templates. (Closes: #462736)
* Updated Portuguese debconf templates. (Closes: #462795)
* Updated Swedish debconf templates. (Closes: #462979)
* Updated Galician debconf templates. (Closes: #462990)
* Updated Spanish debconf templates. (Closes: #463047)
* Updated French debconf templates. (Closes: #463636)
* Updated Italian debconf templates. (Closes: #463703)
* Updated Finnish debconf templates. (Closes: #463952)
* Updated Czech debconf templates. (Closes: #464221)
* Updated Russian debconf templates. (Closes: #464666)
* Updated Norwegian Bokmål debconf templates. (Closes: #462811)
openvpn (2.1~rc4-2) unstable; urgency=low
* Upload to unstable. New upstream fixes:
- Bug with: Assertion failed at multi.c. (Closes: #411633)
- Hangs with tcp clients goin down with new option:
--connect-timeout. (Closes: #296834)
* Use rm -f to remove PIDFILE, in case rm wants to ask.
(Closes: #429932)
* Updated Vietnamese debconf templates. (Closes: #427048)
Thanks Clytie Siddall.
* Added note on resolvconf use with openvpn. (Closes: #451319)
openvpn (2.1~rc4-1) experimental; urgency=low
* New upstream release
openvpn (2.1~rc2-1) experimental; urgency=low
* Just forward-push the Debian patches to the new version,
and upload to experimental (with permission of the maintainer).
openvpn (2.0.9-8) unstable; urgency=low
* Install /etc/openvpn/update-resolv-conf with correct permissions
openvpn (2.0.9-7) unstable; urgency=low
* Added script to update resolv.conf with server's settings.
The script is located in the /etc/openvpn/ directory.
Thanks a lot Christof Lauber for the script.
Added resolvconf to Suggests.
* Added LSB section to the init.d script.
openvpn (2.0.9-6) unstable; urgency=low
* Fixed init.d script to avoid running multiple instances of the
same VPN. Thanks Keith Kyzivat for pushing me into looking
again into this issue. (Closes: #326080)
* Included patch to README.Debian from Peter Rabbitson describing
/etc/network/interfaces integration. (Closes: #413732)
* Also included joeyh's suggestion on the previous subject.
(Closes: 419797)
* Avoid restarting a vpn instead of reloading it due to wrong
detection of 'user' option in init.d script. Thanks Josip Rodin.
(Closes: 403503)
* Added Russian debconf translation. (Closes: #414088)
Thanks Yuriy Talakan.
* Built against liblzo2 instead of liblzo. (Closes: #423366)
openvpn (2.0.9-5) unstable; urgency=low
* Added Galician debconf translation. (Closes: #412492)
Thanks Jacobo Tarrio
openvpn (2.0.9-4) unstable; urgency=low
* Updated Swedish debconf translation. (Closes: #407851)
Thanks Andreas Henriksson
openvpn (2.0.9-3) unstable; urgency=low
* Fixed type in Portuguese debconf translation.
* debian/templates. Changed default value for init.d change
question to false. (Closes: #403317)
openvpn (2.0.9-2) unstable; urgency=low
* Updated Spanish debconf translation. (Closes: #393796)
* Updated German debconf translation. (Closes: #397019)
* Updated Japanese debconf translation. (Closes: #392627)
* Added Italian debconf translation. (Closes: #398050)
* Added Portuguese debconf translation. (Closes: #400685)
openvpn (2.0.9-1) unstable; urgency=low
* New upstream release. No changes in *NIX source code.
Updating to avoid 'New upstream, blah, blah'.
* debian/control: Fixed spelling error in description
(Closes: #390242)
* debian/copyright: Updated project's homepage and author's
email address. (Closes: #388466)
* debian/copyright: Updated the FSF address.
* Updated Dutch debconf translation. (Closes: #389982, 379802)
Thanks Kurt De Bree
* Updated Czech debconf translation. (Closes: #384755)
Thanks Miroslav Kure
openvpn (2.0.7-1) unstable; urgency=low
* The 'Translators, translators, translators' release.
* New upstream version.
* Added Dutch debconf translation. (Closes: #370073)
Thanks Kurt De Bree
* Updated Danish debconf translation. (Closes: #369772, #376704)
Thanks Claus Hindsgaul
* Updated French debconf translation. (Closes: #373191)
Thanks Michel Grentzinger
openvpn (2.0.6-2) unstable; urgency=low
* The "Mañana" Release.
* debian/control: Added Suggests: openssl (Closes: #368256)
* debian/postinst: Run the init.d script with 'start' when doing
a fresh install or stop2upgrade=true. (Closes: #366085, #338956)
* Updated Czech debconf translation (Closes: #333989)
Thanks Miroslav Kure.
* Bumped Standards-Version to 3.7.2.0, no change.
* debian/rules: Avoid compressing 'pkitool' (Closes: #354478)
* debian/templates: Corrected typo on init scripts order change.
(Closes: #351664)
* Updated German debconf translation (Closes: #345853)
Thanks Erik Schanze.
openvpn (2.0.6-1) unstable; urgency=high
* New upstream release. Urgency high due to security fix.
- Disallow "setenv" to be pushed to clients from the server.
(Closes: #360559)
openvpn (2.0.5-1) unstable; urgency=high
* New upstream release. Urgency high due to security issues.
- DoS vulnerability on the server in TCP mode.
(CVE-2005-3409) (Closes: #337334)
- Format string vulnerability in the foreign_option
function in options.c could potentially allow a malicious
or compromised server to execute arbitrary code on the
client. (CVE-2005-3393) (Closes: #336751)
openvpn (2.0.2-2) unstable; urgency=low
* debian/control: fix Depends on debconf. (Closes: #332056)
* Bumped Standards-Version to 3.6.2.0, no change.
* Updated Danish debconf translation. (Closes: #326907)
* Updated French debconf translation. (Closes: #328076)
* Added Swedish debconf translation. (Closes: #332785)
openvpn (2.0.2-1) unstable; urgency=low
* The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :)
* New upstream release (Closes: #323594)
* Fixed use of backslash in username authentication. (Closes: #309787)
* Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532
CAN-2005-2533 CAN-2005-2534. (Closes: #324167)
* Changed group option from 'nobody' to 'nogroup' in all the
*example* files... (Closes: #317987)
* Included openvpn-plugin.h to allow building third party plugins.
(Closes: #316139)
* Stop openvpn's daemon later to allow some services stopping later to use
it. Added debconf template to ask permission to make the change
on older installations. (Closes: #312371)
* Workaround to fix proper daemonize when 'log' option is used.
(Closes: #309944) Thanks Jason Lunz for the patch.
* Modified output of init.d script to make it more friendly when
passphrase for a tunnel certificate is asked.
Thanks Pavel Vávra for the patch.
openvpn (2.0-4) unstable; urgency=low
* The 'It was about time I could make a new upload' release
* Rewrote some debconf templates (Closes: #316694).
Thanks Clytie Siddall for the corrections.
* Included Vietnamese debconf translation. (Closes: #316695)
* debian/rules: exclude openssl.cnf from being compress.
(Closes: #315764)
openvpn (2.0-3) unstable; urgency=low
* postinst: call 'restart' when 'cond-restart' fails due to user
not upgrading the init.d script. (Closes: #308926)
openvpn (2.0-2) unstable; urgency=low
* Added '-f' to rm when deleting the status file. This eliminates
the need to test if it exists and saves the init.d script from
failing. (Closes: #306588)
* Modified pam plugin to load libpam.so.0 instead of libpam.so.
(Closes: #306335)
openvpn (2.0-1) unstable; urgency=low
* The 'This-is-the-real-2.0' release
* New upstream version.
* openvpn.8: s/--/\\-\\-/g a.k.a escaped dashes to make it possible
to search for options with UTF charsets. (Closes: #296133)
* Improved init.d script output. (Closes: #297997)
Thanks Thomas Hood for the patch.
* debian/control. Rewrote Description: field.
Now it's more useful and complete. (Closes: #304895)
* init.d script:
- Fixed restarting of multiple VPNs
- Fixed TAB converted to spaces.
- Remove status file on VPN stop
- Respect 'status' option if given in the config file
- New /etc/default/openvpn configuration file that allows
control on which VPNs are automatically started and also
controls status file refresh interval
Thanks Philipp A. Hartmann for the nice patch. (Closes: #294332)
* init.d script: Added cond-restart to only restart VPNs in use.
postint: Call init.d script with cond-restart instead of restart.
(Closes: #280464)
* init.d script: change order of --config and --cd to permit
nested 'configs'. (Closes: #299082)
openvpn (1.99+2.rc20-1) unstable; urgency=low
* New upstream release
openvpn (1.99+2.rc18-1) unstable; urgency=low
* New upstream release (Closes: #301949)
openvpn (1.99+2.rc16-1) unstable; urgency=low
* New upstream release
openvpn (1.99+2.rc12-1) unstable; urgency=low
* New upstream release
openvpn (1.99+2.rc11-2) unstable; urgency=low
* Added --enable-password-save to configure call to allow
--askpass and --auth-user-pass passwords to be read from a file.
openvpn (1.99+2.rc11-1) unstable; urgency=low
* New upstream release
* Added --status line to init.d script (Closes: #293144)
openvpn (1.99+2.rc10-1) unstable; urgency=low
* New upstream release
* Updated pt_BR debconf translation (Closes: #292079)
openvpn (1.99+2.rc6-1) unstable; urgency=low
* The 'Three Wise Men' release.
* New upstream release.
* Update README.Debian with comments on changed string remapping.
Thanks <email address hidden> for noting this first. (Closes: #288669)
openvpn (1.99+2.beta19-1) unstable; urgency=low
* New upstream release.
* Updated README.Debian with info on plugins.
openvpn (1.99+2.beta18-2) unstable; urgency=low
* Built and installed plugins. Thanks Michael Renner for noticing.
(Closes: #284224)
* Added Build-Depends on libpam0g-dev, required by auth-pam plugin.
openvpn (1.99+2.beta18-1) unstable; urgency=low
* New upstream release. Corrects --mssfix behaviour (Closes: #280893)
* Included Czech debconf translation. (Closes: #282995)
openvpn (1.99+2.beta17-2) unstable; urgency=low
* Updated (German|Danish|French|Japanese) debconf translations.
(Closes: #281235, #282095, #282216, #282881)
openvpn (1.99+2.beta17-1) unstable; urgency=low
* New upstream version. Includes fix for the --key-method 1 bug.
* WARNING: This version changes the default port (5000 previously)
to 1194 (assigned by INANA). This will affect you if you don't
have a 'port' option specified in your configuration files.
Added a debconf note about it.
* Updated es.po.
openvpn (1.99+2.beta16-2) unstable; urgency=low
* Patched ssl.c to fix bug in --key-method 1, that prevented
OpenVPN 2.x from working with 1.x using that method.
Thanks James for the prompt answer & patch.
Thanks weasel for finding it out.
openvpn (1.99+2.beta16-1) unstable; urgency=low
* New upstream releases. Fixes the "Assertion failed at crypto.c"
(Closes: #265632, #270005)
openvpn (1.99+2.beta15-5) unstable; urgency=low
* Updated README.Debian with clearer 2.x vs 1.x interoperability
instructions.
openvpn (1.99+2.beta15-4) unstable; urgency=low
* Put if-{up,down}.d scripts back in place, this time they work.
Just remember to quote shell vars when checking if they are empty.
[ -n "$VAR" ] -> Good [ -n $VAR ] -> BAD
Note to self, don't trust people's patches even if they are DD.
openvpn (1.99+2.beta15-3) unstable; urgency=low
* Removed if-{up,down}.d scripts until I get to know how they work.
openvpn (1.99+2.beta15-2) unstable; urgency=low
* Corrected names of if-{up,down}.d scripts. Duh!
openvpn (1.99+2.beta15-1) unstable; urgency=low
* New upstream release.
* Renamed package to 1.99 to make it clearer that we're using
version 2.0 and not 1.6. Some people rather talk about this on IRC
and not tell the maintainer directly.
* Added Brazilian Portuguese debconf templates. (Closes: #279351)
* Modified init.d script so that specifying a daemon option in a
VPN configuration won't make it fail.
Thanks Christoph Biedl for the patch. (Closes: #278302)
* Added scripts to allow specifying 'openvpn name' in
/etc/network/interfaces to have the tunnel created and destroyed with
the device it runs over. Thanks Joachim Breitner for the patch.
(Closes: #273481)
* Modified init.d script so that multiple VPNs can be started or stopped
with a single command. (See README.Debian)
openvpn (1.6.0+2.beta14-1) unstable; urgency=low
* New upstream release.
openvpn (1.6.0+2.beta12-1) unstable; urgency=low
* New upstream release.
* Added comments about compatibility issues between openvpn 2.x and 1.x
to README.Debian (Closes: #276799)
* Changed maintainer email address.
openvpn (1.6.0+2.beta11-1) unstable; urgency=low
* New upstream release. (Closes: #269631)
* I decided to get OpenVPN 2 into sid, and hopefully into Sarge since
the current beta works pretty well and adds important features I don't
want missing in Sarge.
* Updated README.Debian
openvpn (1.6.0-5) unstable; urgency=low
* Added German and Japanese debconf templates.
(Closes: #266927, #270477)
openvpn (1.6.0-4) unstable; urgency=low
* Updated French and Danish debconf templates
(Closes: #254064, #256053)
openvpn (1.6.0-3) unstable; urgency=low
* Included Catalan debconf templates. (Closes: #248750)
Thanks Aleix Badia i Bosch.
* Added debconf question on whether the daemon should be stopped at
the begining of and upgrade or not. Thus being more reliable on
remote upgrades. (Closes: #250558)
openvpn (1.6.0-2) unstable; urgency=low
* Recover init.d modification suggested by Kai Henningsen to get
different syslog names for each VPN. How the fuck did that get lost?
openvpn (1.6.0-1) unstable; urgency=low
* New upstream release
openvpn (1.5.0-3) unstable; urgency=low
* Included Danish debconf template. Thanks Claus Hindsgau.
(Closes: #234944)
openvpn (1.5.0-2) unstable; urgency=low
* Modified init.d script to permit different syslog names for each
VPN. Thanks Kai Henningsen for the tip. (Closes: #227376)
* Moved 'verify-cn' script to /usr to make weasel happier ;)
(Closes: #221995)
* Moved to gettext-based debconf templated. Added French translation.
Thanks Michel Grentzinger for the patches.
(Closes: #219015, #219016)
* Fixed spanish translation that was a complete mess.
(Closes: Fri-Sun)
openvpn (1.5.0-1) unstable; urgency=low
* New upstream release
* Moved to debhelper compatibility 4. Created debian/compat.
openvpn (1.4.3-3) unstable; urgency=low
* Added quotes around $2 in dpkg --compare-versions (config and postinst)
and check if $2 actually has a value.
This way it won't fail if $2 is not set. Duh! (Closes: #214848)
openvpn (1.4.3-2) unstable; urgency=low
* Moved initscripts sequence number to S16 from S20. This will make
openvpn start earlier and be ready for other services. (Closes: #209225)
* Added Depends: on debconf, it's used in the maintainer's scripts now.
* Added debconf template to ask for the creation of the TUN/TAP device
node. (Closes: #211198)
openvpn (1.4.3-1) unstable; urgency=low
* New upstream release
* Bumped Standards-Version to 3.6.1.0, no change.
* Patched init.d script to support single vpn stop/start/restart.
Thanks to Richard Mueller and Norbert Tretkowski (Closes: #204100)
openvpn (1.4.1.4-1) unstable; urgency=low
* New upstream release. Backed out --dev-name patch,
modified --dev to offer equivalent functionality
(Closes: #194910)
* Updated README.Debian. Thanks to John R. Shearer
openvpn (1.4.1-1) unstable; urgency=low
* New upstream release
openvpn (1.4.0-2) unstable; urgency=low
* Patch from James Yonan to use 2.2.x TUN interface if 2.4.x fails.
(Closes: #182020)
openvpn (1.4.0-1) unstable; urgency=low
* New upstream release (Closes: #179551)
* Re-enabled liblzo support. LZO's author made an exception in LZO's
license that permits OpenVPN to use LZO and OpenSSL. See copyright
file.
openvpn (1.3.2-3) unstable; urgency=low
* Removed executable permissions from generated secret files.
(Closes: #178849)
openvpn (1.3.2-2) unstable; urgency=low
* Disabled liblzo1 support to fix license issues with Openssl.
(Closes: #177497)
* Bumped Standards-Version to 3.5.8, no change.
openvpn (1.3.2-1) unstable; urgency=low
* New upstream release
openvpn (1.3.0-2) unstable; urgency=low
* Modified init.d script so it's not dependent on bash. (Closes: #161525)
openvpn (1.3.0-1) unstable; urgency=low
* New upstream release
openvpn (1.2.1-1) unstable; urgency=low
* New upstream release
* Added init.d script
openvpn (1.2.0-2) unstable; urgency=low
* Modified configure(.ac) pthread library handling to work with GCC 3.0.
Thanks to Lamont Jones for the patch. (Closes: #148120)
openvpn (1.2.0-1) unstable; urgency=low
* Initial Release. (Closes: #140463)
-- Gianfranco Costamagna <email address hidden> Thu, 29 Feb 2024 17:22:31 +0100
