openvpn (2.6.12-1) unstable; urgency=medium * New upstream version 2.6.12 - Fix regression in CVE-2024-5594 patch breaking user configurations with AUTH_FAIL messages having trailing CR/NL characters. This often happens if the AUTH_FAIL reason is set by a script -- Bernhard Schmidt Thu, 18 Jul 2024 23:30:00 +0200 openvpn (2.6.11-1) unstable; urgency=medium * New upstream version 2.6.11 (Closes: #1074488) - CVE-2024-28882 client can circumvent management client-kill - CVE-2024-5594 malicious peer can DoS or send garbage to logs * d/openvpn@.service: Add CAP_SETPCAP required for openvpn-dco-dkms (Closes: #1074504) * drop d/patches/systemd.patch, applied upstream -- Bernhard Schmidt Mon, 08 Jul 2024 00:06:59 +0200 openvpn (2.6.9-1) unstable; urgency=medium * New upstream version 2.6.9 * Switch to systemd-dev (Closes: #1060500) * Install systemd generator and units into /usr. (Closes: #1064399) -- Bernhard Schmidt Wed, 28 Feb 2024 08:43:25 +0100 openvpn (2.6.7-1) unstable; urgency=medium [ Aquila Macedo ] * d/control: bump debhelper-compat level to 13. * d/patches: Remove outdated patches * d/patches: fix typo in openvpn binary * d/patches: fix typo in manpages * d/copyright: Update license to BSD-2 * d/openvpn.service: add documentation [ Bernhard Schmidt ] * New upstream version 2.6.7, fixing two CVEs (Closes: #1055805) - CVE-2023-46849: Use of --fragment option can lead to a division by zero error which can be fatal - CVE-2023-46850: Incorrect use of send buffer can cause memory to be sent to peer * Pick patch recommended by upstream in GH#449 to fix segfault introduced in 2.6.7 [ Remus-Gabriel Chelu ] * Add Romanian templates translation (Closes: #1033179) -- Bernhard Schmidt Sat, 11 Nov 2023 22:01:15 +0100 openvpn (2.6.3-2.1) unstable; urgency=medium * Non-maintainer upload. [ Helmut Grohne ] * Do not install systemd units twice (Closes: #1054083) -- Jochen Sprickerhof Fri, 27 Oct 2023 16:26:34 +0200 openvpn (2.6.3-2) unstable; urgency=medium * Cherry-pick two bugfix commits from upstream - Memory leak in dco_get_peer_stats_multi for Linux - dangling pointer passed to pkcs11-helper -- Bernhard Schmidt Sat, 20 May 2023 17:43:32 +0200 openvpn (2.6.3-1) unstable; urgency=medium * New upstream version 2.6.2 - drop patches applied upstream - needs new openvpn-dco-dkms version. Not adding a versioned dependency to untangle testing migration, because it will just not use the "wrong" version and run unaccelerated. * New upstream version 2.6.3 -- Bernhard Schmidt Thu, 13 Apr 2023 09:19:40 +0200 openvpn (2.6.1-1) unstable; urgency=medium * Upload to unstable targetting bookworm * Cherry-Pick upstream commits from 2.6.2 - fix rare ASSERT in tls-crypt - fix memory leaks in HMAC initial packet generation - set netlink socket to be non-blocking -- Bernhard Schmidt Sun, 26 Mar 2023 11:14:26 +0200 openvpn (2.6.1-1~exp1) experimental; urgency=medium * New upstream version 2.6.1 - target experimental due to the freeze -- Bernhard Schmidt Fri, 10 Mar 2023 09:02:22 +0100 openvpn (2.6.0-1) unstable; urgency=medium * New upstream version 2.6.0 * Drop dco netlink buffer overflow patch applied upstream * Drop obsolete lsb-base dependency -- Bernhard Schmidt Wed, 25 Jan 2023 22:27:04 +0100 openvpn (2.6.0~rc2-1) unstable; urgency=medium * New upstream version 2.6.0~rc2 * Add upstream pending patch to work around dco netlink buffer overflow -- Bernhard Schmidt Fri, 13 Jan 2023 19:02:01 +0100 openvpn (2.6.0~rc1-1) unstable; urgency=medium * New upstream version 2.6.0~rc1 (Closes: #1014376) * Drop DCO workaround applied upstream -- Bernhard Schmidt Wed, 28 Dec 2022 22:51:31 +0100 openvpn (2.6.0~git20221222-1) unstable; urgency=medium * New upstream version 2.6.0~git20221222 * Import pending upstream fix for race conditions in DCO servers * d/openvpn@.service: Replace LimitNPROC=100 with TasksMax=10 (see Bug#861923 for discussion) -- Bernhard Schmidt Fri, 23 Dec 2022 22:43:39 +0100 openvpn (2.6.0~git20221215+beta2-1) unstable; urgency=medium * New upstream version 2.6.0~git20221215+beta2 -- Bernhard Schmidt Fri, 16 Dec 2022 11:54:27 +0100 openvpn (2.6.0~git20221201-1) unstable; urgency=medium * New upstream version 2.6.0~git20221201, also known as 2.6_beta1 * Update d/NEWS to list known backwards compatibility issues * Fix national encoding on d/po/{es,sv}.po * Drop obsolete patches -- Bernhard Schmidt Sun, 04 Dec 2022 21:32:37 +0100 openvpn (2.6.0~git20221116-1) unstable; urgency=medium * New upstream version 2.6.0~git20221116 * Various improvements regarding MTU calculation -- Bernhard Schmidt Tue, 22 Nov 2022 11:50:13 +0100 openvpn (2.6.0~git20220818-1) unstable; urgency=medium * New upstream version 2.6.0~git20220818 * Only depend on libcap-ng-dev on Linux * Drop d/p/disable-dco-without-necessary-capabilities applied upstream -- Bernhard Schmidt Thu, 18 Aug 2022 10:48:47 +0200 openvpn (2.6.0~git20220811-2) unstable; urgency=medium * Cherry-Pick proposed upstream fix to disable DCO if unable to retain capabilities, fixes network-manager-openvpn together with DCO (Closes: #1017379) -- Bernhard Schmidt Wed, 17 Aug 2022 15:30:31 +0200 openvpn (2.6.0~git20220811-1) unstable; urgency=medium * New upstream version 2.6.0~git20220811 * Retain CAP_NET_ADMIN when dropping privileges (Closes: #976070) * Add build-dependency on libcap-ng-dev * Explicitly disable unit tests (Closes: #1016057) * Drop obsolete entries from d/copyright -- Bernhard Schmidt Thu, 11 Aug 2022 16:05:36 +0200 openvpn (2.6.0~git20220808-1) unstable; urgency=medium [ Gianfranco Costamagna ] * d/t/server-setup-with-ca: - cherry-pick change in easy-rsa autopkgtests to remove conflicting "vars" file. [ Bernhard Schmidt ] * New upstream version 2.6.0~git20220808 - switch to master branch now that DCO support has been merged * Drop OpenSSL 3.0 digest name patch applied upstream -- Bernhard Schmidt Tue, 09 Aug 2022 11:31:12 +0200 openvpn (2.6.0~git20220518+dco-3) unstable; urgency=medium [ Lucas Kanashiro ] * d/t/server-setup-with-static-key: set cipher to be DES-EDE3-CBC * d/t/server-setup-with-static-key: use 'secret' to generate key * d/t/server-setup-with-*: use 'set -x' in the test scripts * d/t/control: add allow-stderr restriction [ Bernhard Schmidt ] * Import Ubuntu patch cherry-picked from upstream to translate OpenSSL 3.0 digest names into OpenSSL 1.1 digest names (Closes: #1012129) -- Bernhard Schmidt Sun, 24 Jul 2022 17:13:47 +0200 openvpn (2.6.0~git20220518+dco-2) unstable; urgency=medium * Add d/NEWS entry about the release notes and DCO (Closes: #1011372) -- Bernhard Schmidt Mon, 30 May 2022 15:44:41 +0200 openvpn (2.6.0~git20220518+dco-1) unstable; urgency=medium * New upstream version 2.6.0~git20220518+dco * Release to unstable * Revert "Build against OpenSSL 3.0", OpenSSL 3.0 has landed in unstable -- Bernhard Schmidt Fri, 20 May 2022 08:35:29 +0200 openvpn (2.6.0~git20220510+dco-1) experimental; urgency=medium * New upstream version 2.6.0~git20220510+dco * Suggest openvpn-dco-dkms * Drop iproute2, linux builds use netlink * Limit libnl-genl-3-dev build-dep (for dco) to linux-any * Build against OpenSSL 3.0 -- Bernhard Schmidt Fri, 13 May 2022 00:01:35 +0200 openvpn (2.6.0~git20220317+dco-1) experimental; urgency=medium * New upstream version 2.6.0~git20220317+dco This is a snapshot of the upstream dco branch (data-channel offloading) -- Bernhard Schmidt Mon, 21 Mar 2022 11:54:29 +0100 openvpn (2.5.6-1) unstable; urgency=high * New upstream version 2.5.6 CVE-2022-0547 - Potential authentication by-pass with multiple deferred authentication plug-ins plug-ins (Closes: #1008015) -- Bernhard Schmidt Sun, 20 Mar 2022 21:42:05 +0100 openvpn (2.5.5-1) unstable; urgency=medium [ Jörg Frings-Fürst ] * New upstream version 2.5.5 * Declare compliance with Debian Policy 4.6.0.1 * d/copyright: - Remove duplicate entries; - Refresh for new upstream release - Add 2021 to myself [ Bernhard Schmidt ] * Refresh patches for new upstream version -- Bernhard Schmidt Mon, 21 Feb 2022 12:05:55 +0100 openvpn (2.5.1-3) unstable; urgency=medium * Fix autopkgtest (Closes: #983662) - adapt autopkgtest output to 2.5 (from Ubuntu) - Fix easyrsa batch mode invocation * Cherry-Pick "Fix condition to generate session keys" (Closes: #988478) -- Bernhard Schmidt Fri, 14 May 2021 09:40:04 +0200 openvpn (2.5.1-2) unstable; urgency=high * Cherry-Pick 3 (+ 1 predependency) patches from upstream to fix authentication bypass with deferred authentication (CVE-2020-15078) (Closes: #987380) -- Bernhard Schmidt Wed, 28 Apr 2021 14:41:58 +0200 openvpn (2.5.1-1) unstable; urgency=medium * New upstream version 2.5.1 (bugfix release) -- Bernhard Schmidt Wed, 24 Feb 2021 19:54:34 +0100 openvpn (2.5.0-1) unstable; urgency=medium * New upstream version 2.5.0 - final release -- Bernhard Schmidt Wed, 28 Oct 2020 19:37:34 +0100 openvpn (2.5~rc3-1) unstable; urgency=medium * New upstream version 2.5~rc3 -- Bernhard Schmidt Tue, 20 Oct 2020 19:17:43 +0200 openvpn (2.5~rc2-1) unstable; urgency=medium * Downgrade debhelper-compat to 12 for easier backports * New upstream version 2.5~rc2 -- Bernhard Schmidt Wed, 30 Sep 2020 21:12:11 +0200 openvpn (2.5~beta3-1) unstable; urgency=medium * Release to unstable. [ Lucas Kanashiro ] * Add two DEP-8 test cases for the server side * Drop reload support from systemd unit files (LP: #1868127) [ Bernhard Schmidt ] * Revert "d/gbp.conf for experimental 2.5 branch" * New upstream version 2.5~beta3 -- Bernhard Schmidt Tue, 01 Sep 2020 16:53:43 +0200 openvpn (2.5~beta1-3) experimental; urgency=medium * Disable iproute2 support in favour of the new netlink based default. Thanks to Fabio Pedretti -- Bernhard Schmidt Sun, 16 Aug 2020 14:04:11 +0200 openvpn (2.5~beta1-2) experimental; urgency=medium * Set Build-Conflicts: systemctl, see Bug#959828 -- Bernhard Schmidt Sun, 16 Aug 2020 10:33:47 +0200 openvpn (2.5~beta1-1) experimental; urgency=medium * d/gbp.conf for experimental 2.5 branch * New upstream version 2.5~beta1 * Adjust patches for new major upstream version * Add python3-docutils to build-depends for manpage generation -- Bernhard Schmidt Sat, 15 Aug 2020 21:32:49 +0200 openvpn (2.4.9-3) unstable; urgency=medium [ Jörg Frings-Fürst ] * Fix the bug that occurs during the update (Closes: #959464): "ERROR: Cannot ioctl TUNSETIFF tunX: Device or resource busy (errno=16)" - debian/rules: Change dh_installsystemd from "--restart-after-upgrade" to "--no-restart-after-upgrade -r". - Remove restart from debian/postinst. - Add hint to reboot if openvpn is running. - Add new chapter into debian/NEWS. * Migrate to debhelper 13. * debian/postinst: - Remove now useless code for version less than 2.3.2-6. * debina/copyright: - Add year 2020 to Bernhard Schmidt. -- Jörg Frings-Fürst Sat, 02 May 2020 18:14:36 +0200 openvpn (2.4.9-2) unstable; urgency=medium * Cherry-Pick upstream patch to fix ssl_do_config error with invalid OpenSSL system configuration (Closes: #958296) Thanks to Jonas Andradas for reporting and Arne Schwabe for debugging. * Use DEB_HOST_MULTIARCH for libraries (Closes: #958315) * Enable Salsa CI -- Bernhard Schmidt Tue, 21 Apr 2020 21:58:53 +0200 openvpn (2.4.9-1) unstable; urgency=medium [ Jörg Frings-Fürst ] * New upstream release (Closes: #950610). * Refresh debian/patches/openvpn-pkcs11warn.patch. * Remove upstream applied fix-pkcs11-helper-hang.patch. * Add libp11-kit-dev to Build - Depends (Closes: #940727). * Add symlinks for plugins into /usr/lib/openvpn/ (Closes: #946348). * Declare compliance with Debian Policy 4.5.0 (No changes needed). * Switch to debhelper-compat: - debian/control: change to debhelper-compat (=12). - remove debian/compat. * debian/copyright: - Add year 2020 to debian/*. - Add year 2019 to *. * debian/control: - Add Rules-Requires-Root: No. [ Bernhard Schmidt ] * New upstream version 2.4.9 - CVE-2020-11810 illegal client float can break VPN session for other users -- Bernhard Schmidt Sun, 19 Apr 2020 15:52:57 +0200 openvpn (2.4.7-1) unstable; urgency=medium [ Bernhard Schmidt ] * New upstream version 2.4.7 - improvements regarding TLSv1.3 - Add CAP_AUDIT_WRITE for auth_pam for upstream units (Closes: #868806) * adjust kfreebsd_support.patch for new upstream version * Also Add CAP_AUDIT_WRITE for auth_pam for openvpn@.service (Closes: #868806) * openvpn@.service: Bump LimitNPROC to 100, see #861923 [ Simon Deziel ] * d/control: suggests openvpn-systemd-resolved (Closes: #913265) [ Hilko Bengen ] * Avoid hangs when spawning child processes by not setting pkcs11-helper "safe fork mode" (Closes: #772812, #900805, #907452) -- Bernhard Schmidt Wed, 20 Feb 2019 14:50:03 +0100 openvpn (2.4.6-1) unstable; urgency=medium [ Jörg Frings-Fürst ] * New upstream release. - Refresh patches. - Fix "does not start if link-mtu is too low" (Closes: #867113). - Fix "auth-tokens are purged if auth-nocache is set" (Closes: #883601). * Migrate to debhelper 11: - Change debian/compat to 11. - Bump minimum debhelper version in debian/control to >= 11. * Declare compliance with Debian Policy 4.1.5 (No changes needed). * New debian/patches/spelling_errors.patch to correct spelling errors. * New debian/patches/systemd.patch to remove obsolete syslog.target. * debian/changelog: - Rewrite to DEP5 copyright format. * debian/control: - Change to my new email address. - Remove trailing whitespaces. * debian/rules: - Remove trailing whitespaces. - Replace outdated dh_installsystemd with dh_systemd_start. - Remove usr/share/doc/openvpn/COPYING. - Replace rm -f with $(RM). * debian/update-resolv-conf: - Fix "preserve order of pushed parameters" (Closes: #807808). Thanks to Thibaut Chèze. - Add syslog message if used without binary resolvconf (Closes: #895135). Thanks to Roger Price . * debian/watch: - Use secure URI. * Remove obsolete debian/openvpn.lintian-overrides. * New README.source to explain the branching model used. -- Jörg Frings-Fürst Mon, 30 Jul 2018 14:08:13 +0200 openvpn (2.4.5-1) unstable; urgency=medium * New upstream version 2.4.5 (Closes: #873302) * Fix wrong Bug# in previous changelog * Change Vcs-* to salsa (gitlab) -- Bernhard Schmidt Sun, 04 Mar 2018 22:23:47 +0100 openvpn (2.4.4-2) unstable; urgency=medium * Build against OpenSSL 1.1.0 (Closes: #828477) * Bump Standards-Version to 4.1.2, no changes necessary -- Bernhard Schmidt Mon, 11 Dec 2017 00:22:11 +0100 openvpn (2.4.4-1) unstable; urgency=medium [ Jörg Frings-Fürst ] * New Upstream release: - Fix bounds check in read_key() (CVE-2017-12166) (Closes: #877089). * Declare compliance with Debian Policy 4.1.1. (No changes needed). * Drop dh-systemd from both Build-Depends and dh command line as it is enabled by default for dh compat level 10. * New debian/openvpn.lintian-overrides: - Override duplicate upstream changelog warning. * Remote obsolete directory /usr/lib/openvpn (The plugins directory are now /usr/lib/*/openvpn/plugins): - Remove /usr/lib/openvpn from debian/dirs. - Add debian/postrm to remove /usr/lib/openvpn on purge and remove. - Rewrite plugin section at README.Debian * Use pathfind() instead hard coded path for invoke-rc.d at debian/prerm and debian/postinst. * Remove outdated debian/README.source. * Remove obsolete syslog.target from debian/openvpn@.service. * Update Catalan translation (Closes: #870351). - Thanks to Alytidae . * New directory /var/log/openvpn for log and status files (Closes: #444431, #553303): - Add var/log/openvpn into debian/dirs. - New debian/patches/move_log_dir.patch to change the conf files to the new log directory. [ Bernhard Schmidt ] * Further changes to debian/openvpn@.service copied from upstream - Enable Restart=on-failure - Use KillMode=process -- Bernhard Schmidt Wed, 25 Oct 2017 08:14:12 +0200 openvpn (2.4.3-4) unstable; urgency=medium * fix FTBFS on kfreebsd * Adjust debian openvpn@.service to be closer to the upstream ones (Closes: #858558, #864031): - adjust Documentation URL to OpenVPN 2.4 - use systemd READY signalling (Type=notify) - add ProtectHome=true - add After/Wants network-online.target - adjust CapabililtyBoundingSet -- Bernhard Schmidt Fri, 30 Jun 2017 15:39:56 +0200 openvpn (2.4.3-3) unstable; urgency=medium [ Jörg Frings-Fürst ] * debian/control: - Set Bernhard Schmidt as maintainer and myself as Uploader (Closes: #865555) - Many thanks to Alberto Gonzalez Iniesta. - Change Vcs-Browser to cgit. * Migrate to debhelper 10: - Change debian/compat to 10. - Bump minimum debhelper version in debian/control to >= 10. * Declare compliance with Debian Policy 4.0.0. (No changes needed). [ Bernhard Schmidt ] * properly remove obsolete /etc/tmpfiles.d/openvpn.conf using dpkg-maintscript-helper (Closes: #865717) * Change Vcs-Git and Homepage to https -- Bernhard Schmidt Thu, 29 Jun 2017 12:41:31 +0200 openvpn (2.4.3-2) unstable; urgency=medium * The "Bye bye OpenVPN" revenge release * Put upstream tmpfiles conf in the right place and merge with Debian's. (Closes: #865589) -- Alberto Gonzalez Iniesta Fri, 23 Jun 2017 11:43:50 +0200 openvpn (2.4.3-1) unstable; urgency=high * The "Bye bye OpenVPN" release. * New upstream release fixing: (Closes: #865480) - CVE-2017-7508 - CVE-2017-7520 - CVE-2017-7521 - CVE-2017-7522 * Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins * debian/rules: - Remove obsolete options to configure script (enable-password-save, with-plugindir (now in ENV_VARS)) - No need to install upstream's systemd unit files from debian/rules -- Alberto Gonzalez Iniesta Thu, 22 Jun 2017 13:25:45 +0200 openvpn (2.4.0-6) unstable; urgency=medium * Apply upstream patch to fix shrinking MTU sizes on reconnects causing not usable VPN tunnels. -- Alberto Gonzalez Iniesta Mon, 22 May 2017 14:59:49 +0200 openvpn (2.4.0-5) unstable; urgency=high * Change typo fix in command line help. * SECURITY UPDATE: pre-authentication denial-of-service vulnerability (both client and server) from a too-large control packet. - debian/patches/CVE-2017-7478.patch: Do not assert on too-large control packet - CVE-2017-7478 * SECURITY UPDATE: authenticated remote DoS vulnerability due to packet ID rollover - debian/patches/CVE-2017-7479-prereq.patch: merge packet_id_alloc_outgoing() into packet_id_write() - debian/patches/CVE-2017-7479.patch: do not assert when packet ID rollover occurs - CVE-2017-7479 * SECURITY UPDATE: auth tokens left in memory after de-auth - debian/patches/wipe_tokens_on_de-auth.patch: always wipe token as soon as a TLS session is considered broken. * Kudos to Steve Beattie for doing all the backporting work for this upload. -- Alberto Gonzalez Iniesta Thu, 11 May 2017 14:15:21 +0200 openvpn (2.4.0-4) unstable; urgency=medium * Add NEWS entries on possible 2.4 migration issues. (Closes: #852381, #849909) -- Alberto Gonzalez Iniesta Thu, 02 Feb 2017 14:15:42 +0100 openvpn (2.4.0-3) unstable; urgency=medium * You shall run debdiff even when the change is only a word, or you may find out the word was not there... * Add liblz4-dev to Build-Depends. (Closing: #849563 for real) -- Alberto Gonzalez Iniesta Thu, 29 Dec 2016 09:41:17 +0100 openvpn (2.4.0-2) unstable; urgency=medium * Enable lz4 compression (Closes: #849563). Thanks Laurent Bigonville for noticing. -- Alberto Gonzalez Iniesta Wed, 28 Dec 2016 18:43:12 +0100 openvpn (2.4.0-1) unstable; urgency=medium * New upstream release. * Refresh debian/patches to new upstream coding style. * debian/NEWS.Debian. Add note on removed tls-remote option (Closes: #848062) -- Alberto Gonzalez Iniesta Tue, 27 Dec 2016 18:29:43 +0100 openvpn (2.4~rc1-2) unstable; urgency=medium * Make lintian happy: - Update debian/watch - Remove .gitignore file from samples - Add Depends on lsb-base - Move bash completion file to /usr/share - Remove unneeded dot in manpage - Bump Standards-Version * debian/patches/kfreebsd_support: Update patch for 2.4 series. -- Alberto Gonzalez Iniesta Mon, 12 Dec 2016 20:20:09 +0100 openvpn (2.4~rc1-1) unstable; urgency=medium * New upstream release * Update close_socket_before_scripts.patch to upstream's version * Add /etc/openvpn/client & /etc/openvpn/server directories for upstream's systemd units. -- Alberto Gonzalez Iniesta Sat, 10 Dec 2016 19:06:15 +0100 openvpn (2.4~beta1-1) experimental; urgency=medium * New upstream release * Change Build-Dep on libssl-dev to libssl1.0-dev since upstream is not transitioning to libssl1.1 yet. * Moved to debhelper compat 9. -- Alberto Gonzalez Iniesta Mon, 21 Nov 2016 10:15:40 +0100 openvpn (2.3.11-2) unstable; urgency=medium * Remove dependency on initscripts. (Closes: #804968) * README.Debian. Fix CapabilityBoundingSet reference. -- Alberto Gonzalez Iniesta Mon, 23 May 2016 09:55:30 +0200 openvpn (2.3.11-1) unstable; urgency=medium * New upstream release. * tun.c: patch to fix FTBFS in kfreebsd. (Closes: #815283) Thanks Steven Chamberlain for the patch. * README.Debian: Document limits in the service file. (Closes: #819919, #823621) * Removed versioned dependency on initscripts. (Closes: #804968) -- Alberto Gonzalez Iniesta Tue, 10 May 2016 17:41:53 +0200 openvpn (2.3.10-1) unstable; urgency=medium * New upstream release. (Closes: #804368) Drop password_prompt_in_systemd.patch. Applied upstream. * Unify pidfile path on systemd and sysV. (Closes: #811010) Thanks Guillem Jover for noticing. * Increase start-stop-daemon timeout on stop to let openvpn tear down the connection properly in some cases. (Closes: #799592, #796914) * Add CAP_AUDIT_WRITE to openvpn@.service CapabilityBoundingSet to fix auth-pam plugin. (Closes: #795313) * Patch from Martin Pitt to start OpenVPN before user sessions to avoid hidding possible password prompts. (Closes: #803032) * Make another copy of t_client.sh to help keeping the build environment clean. (Closes: #765447) -- Alberto Gonzalez Iniesta Wed, 20 Jan 2016 12:01:36 +0100 openvpn (2.3.8-1) unstable; urgency=medium * New upstream release. Drop patch from 2.3.7-2. Hopefully (Closes: #791829) * Apply upstream fix for systemd password prompt that delayed this upload. Sorry SysV users. * debian/rules: remove obsolete options (*-path) to configure * openvpn@.service: Use KillMode=mixed to fix signaling of some plugins. (Closes: #792907). Also add PrivateTmp & LimitNPROC options. Thanks Daniel Hahler for the patch. -- Alberto Gonzalez Iniesta Wed, 28 Oct 2015 17:34:26 +0100 openvpn (2.3.7-2) unstable; urgency=medium * Move libsystemd-daemon-dev Build-Dep to libsystemd-dev. Add Build-Dep on systemd. (Closes: #791904) * Bumped Standards-Version to 3.9.6 * Apply upstream patch to fix stdin password prompt. (Closes: #791829) -- Alberto Gonzalez Iniesta Tue, 08 Sep 2015 08:23:19 +0000 openvpn (2.3.7-1) unstable; urgency=medium * New upstream version * Add --no-block to if-up.d script to avoid hanging boot on interfaces with openvpn instances. (Closes: #787090, #785200) * Add ProtectSystem=yes to systemd's service file. (Closes: #771626) * Removed upstream applied patches: - 0001-Drop-too-short-control-channel-packets-instead-of-as.patch - update_sample_certs.patch -- Alberto Gonzalez Iniesta Wed, 01 Jul 2015 13:19:26 +0200 openvpn (2.3.5-1) unstable; urgency=medium * New upstream release. Removed patches applied upstream: client_connect_tmp_files.patch better_systemd_detection.patch * Add Build-Depends on libsystemd-daemon-dev. -- Alberto Gonzalez Iniesta Wed, 29 Oct 2014 17:44:06 +0100 openvpn (2.3.4-5) unstable; urgency=high * Apply upstream patch that fixes possible DoS by authenticated clients. CVE-2014-8104 * Patch sample certs since they were expired and made the package build fail. (Closes: #770835) -- Alberto Gonzalez Iniesta Mon, 01 Dec 2014 16:10:37 +0100 openvpn (2.3.4-4) unstable; urgency=medium * Use dh-systemd in order to enable the service unit. (Closes: #768411) * Add comment on /etc/default/openvpn file about options not supported on systemd. (Closes: #768384) -- Alberto Gonzalez Iniesta Fri, 07 Nov 2014 13:59:54 +0100 openvpn (2.3.4-3) unstable; urgency=medium * Apply patch by Samuel Thibault to clean up temporary files. (Closes: #764651). Thanks Samuel! -- Alberto Gonzalez Iniesta Mon, 13 Oct 2014 18:24:03 +0200 openvpn (2.3.4-2) unstable; urgency=medium * openvpn.service. Remove ExecStop, add ExecReload. Fixes reload of openvpn service. (Closes: #763411) -- Alberto Gonzalez Iniesta Tue, 30 Sep 2014 13:05:45 +0200 openvpn (2.3.4-1) unstable; urgency=medium * Upload to unstable. * New upstream release. (Closes: #752568) * Add Turkish debconf translation. (Closes: #759879) * Replace openvpn-systemd-helper with a systemd generator. Thanks Ondřej Surý, Ansgar Burchardt and postgresql-common for the ideas, help and inspiration. * Bumped Standards-Version to 3.9.5 * debian/control: Add Vcs-* -- Alberto Gonzalez Iniesta Tue, 02 Sep 2014 12:06:06 +0200 openvpn (2.3.3-1) experimental; urgency=medium * Install tmpfiles.d configuration to create /run/openvpn in systemd. Properly fixing #741938. * Add reload to openvpn@.service. (Closes: #747840) * New upstream release * New openvpn.service to override LSB script when running systemd. (Closes: #700888) * Apply patch from upstream's BTS to improve systemd detection. (Closes: #747265) -- Alberto Gonzalez Iniesta Mon, 17 Mar 2014 19:40:12 +0100 openvpn (2.3.2-9) unstable; urgency=medium * Create /run/openvpn in init script even if no VPN is autostarted by it. (Closes: #741938) * Fix systemd detection based on /run/systemd/system. -- Alberto Gonzalez Iniesta Mon, 17 Mar 2014 15:40:02 +0100 openvpn (2.3.2-8) unstable; urgency=medium * Add support for systemd. (Closes: #700888) Add openvpn@.service and --enable-systemd to ./configure. -- Alberto Gonzalez Iniesta Fri, 14 Mar 2014 12:59:57 +0100 openvpn (2.3.2-7) unstable; urgency=low * Fix postinst when no *.pid files exist in /run/sendsigs.omit.d/. (Closes: #730679) -- Alberto Gonzalez Iniesta Thu, 28 Nov 2013 13:05:31 +0100 openvpn (2.3.2-6) unstable; urgency=low * Move PID and status files to openvpn subdir in /run. (Closes: #614036). Thanks Stephen Gildea for the patch and Simon Deziel for the upgrade path. * Add --enable-x509-alt-username option to ./configure -- Alberto Gonzalez Iniesta Wed, 27 Nov 2013 13:58:33 +0100 openvpn (2.3.2-5) unstable; urgency=low * Patch init script to fix race conditions on restarts. (Closes: #716794). Thanks Simon Deziel for the patch. * Improve update-resolv-conf script. Thanks Thomas Hood for the patch. (Closes: #721082) -- Alberto Gonzalez Iniesta Mon, 15 Jul 2013 16:10:59 +0200 openvpn (2.3.2-4) unstable; urgency=low * Fix depends on iproute to iproute2. -- Alberto Gonzalez Iniesta Fri, 21 Jun 2013 11:17:52 +0200 openvpn (2.3.2-3) unstable; urgency=low * Add iproute2 support on linux archs. * Add versioned Build-Depends on dpkg-dev since --export=configure is used. (Closes: #697560) -- Alberto Gonzalez Iniesta Thu, 20 Jun 2013 13:23:24 +0200 openvpn (2.3.2-2) unstable; urgency=low * Add pkg-config to Build-Depends while waiting for libpkcs11-helper1-dev's maintainter to decide if he includes pkg-config as a Depends. Thanks Roland Stigge for finding out. (Closes: #711076) -- Alberto Gonzalez Iniesta Wed, 05 Jun 2013 16:39:27 +0200 openvpn (2.3.2-1) unstable; urgency=low * New upstream version. Less messages about script security (Closes: #573129) * Add --enable-pkcs11 to configure to avoid losing PKCS11. Thanks Jaak Pruulmann-Vengerfeldt for noticing before the upload! (Closes: #710085) -- Alberto Gonzalez Iniesta Mon, 03 Jun 2013 18:48:44 +0200 openvpn (2.3.1-2) unstable; urgency=low * Add net-tools to Build-Depends. (Closes: #709108) -- Alberto Gonzalez Iniesta Tue, 21 May 2013 12:31:39 +0200 openvpn (2.3.1-1) unstable; urgency=low * New upstream version. Fixes use of non-constant-time memcmp in HMAC comparison. CVE-2013-2061 (Closes: #707329) -- Alberto Gonzalez Iniesta Fri, 17 May 2013 11:54:31 +0200 openvpn (2.3.0-1) experimental; urgency=low * New upstream release * Add easy-rsa to Recommends -- Alberto Gonzalez Iniesta Mon, 12 Nov 2012 16:56:47 +0100 openvpn (2.3~rc1-1) experimental; urgency=low * Upload to experimental * New upstream release with reworked build system -- Alberto Gonzalez Iniesta Mon, 05 Nov 2012 16:31:15 +0100 openvpn (2.2.1-8) unstable; urgency=low * Enable "PIE" and "BINDOW" hardening flags. -- Alberto Gonzalez Iniesta Fri, 23 Mar 2012 10:40:39 +0100 openvpn (2.2.1-7) unstable; urgency=low * Add dpkg-buildflags call on plugins built too. Thanks Simon Ruderich for finding out, the nice patch and clarification. (Closes: #655130) -- Alberto Gonzalez Iniesta Fri, 16 Mar 2012 10:49:28 +0100 openvpn (2.2.1-6) unstable; urgency=low * /run transition: Replaced usage of /dev/.udev with /run/udev, when checking for the usage of udev. Depend on initscripts (>= 2.88dsf-13.3) to guarantee the existence of /run/udev in case udev is being used. (Closes: #644321) Patch by Pieter du Preez. -- Alberto Gonzalez Iniesta Fri, 09 Mar 2012 13:44:50 +0100 openvpn (2.2.1-5) unstable; urgency=low * Avoid sending ICMP redirects when using tun devices and "subnet" topology. Thanks Simon Deziel for testing and the patch. (Closes: #656241) The init.d script will set all.send_redirects=0 when using "dev tun" and "topology subnet". More info in README.Debian. * Several manpage fixes -- Alberto Gonzalez Iniesta Thu, 23 Feb 2012 17:25:54 +0100 openvpn (2.2.1-4) unstable; urgency=low * Use dpkg-buildflags to fill CFLAGS in ./configure. (Closes: #655130) * debian/rules: Moved to dh. * debian/rules: Changed DEB_BUILD_ARCH_OS with DEB_HOST_ARCH_OS. * Removed quilt Build-Depends. * debian/openvpn.default: Clarify what "vpn name" refers to. (Closes: #657610) -- Alberto Gonzalez Iniesta Wed, 08 Feb 2012 16:31:32 +0100 openvpn (2.2.1-3) unstable; urgency=low * The iproute fiasco release. * Remove --enable-iproute2 dependency since it's only available in Linux. Write that in the changelog so I don't forget _again_ why iproute is not set... (Closes: #652702) -- Alberto Gonzalez Iniesta Tue, 20 Dec 2011 13:06:05 +0100 openvpn (2.2.1-2) unstable; urgency=low * debian/rules: Force path to 'ip' command so that it's set correctly even if not present (in the buildd). (Closes: #652702) * Fix OMIT_SENDSIGS logic on init.d script. (Closes: #652703) -- Alberto Gonzalez Iniesta Tue, 20 Dec 2011 07:21:07 +0100 openvpn (2.2.1-1) unstable; urgency=low * New upstream release * Added OMIT_SENDSIGS option in init.d script to let openvpn run after sendsigs on system reboot or shutdown. (Closes: #636864) * Configure with --enable-iproute2. * Change path to route on kFreeBSD. (Closes: #646221) Thanks Robert Millan. -- Alberto Gonzalez Iniesta Tue, 13 Dec 2011 11:04:22 +0100 openvpn (2.2.0-2) unstable; urgency=low * Upload to unstable * debian/control: added Homepage field * Added debian/watch file * debian/patches: Added descriptions/authors/etc. to patches -- Alberto Gonzalez Iniesta Wed, 15 Jun 2011 12:28:15 +0200 openvpn (2.2.0-1) experimental; urgency=low * New upstream release (Closes: #625281) * Removed Depends on open(ssl|vpn)-blacklist, since debian_openssl_vulnkeys.patch is no longer used. Removed templates referring it too. * Removed manpage_dash_escaping.patch, applied upstream * Removed attemping_typo, applied upstream * Removed counter_type_for_bytes.patch, applied upstream * Removed eurephia.patch, applied upstream * Updated JuanJo's & Gert's IPv6 patches * Removed versioned Depends on libssl (Closes: #623503) * Improved kFreeBSD support. Thanks Gonéri Le Bouder for the patch (Closes: #626062) * Updated Dutch debconf templates. (Closes: #625526) -- Alberto Gonzalez Iniesta Tue, 10 May 2011 16:17:00 +0200 openvpn (2.1.3-5) experimental; urgency=low * Upload to experimental. * Add ipv6 payload patch by Gert Doering. (Closes: #604071) -- Alberto Gonzalez Iniesta Tue, 22 Mar 2011 10:57:18 +0100 openvpn (2.1.3-4) unstable; urgency=low * Updated JuanJo's IPv6 patch. Now really fixes use from xinetd. Thanks JuanJo & Christian Weinberger for testing it (Closes: #574164) * Removed debian_openssl_vulnkeys.patch since we're Etch + 2 now. (Closes: #484105, #487994) -- Alberto Gonzalez Iniesta Tue, 22 Mar 2011 10:04:21 +0100 openvpn (2.1.3-3) unstable; urgency=low * Updated JuanJo's IPv6 patch. Fixes use from xinetd (Closes: #574164) * Patched update-resolv-conf to support multiple DNS search domains. Thanks Jeremy Zawodny and Dave Walker for the patch. (Closes: #617740) * Added a note about bridge-utils helpers in README.Debian. Thanks Sven Hoexter. (Closes: #599192) * Updated Danish debconf templates. (Closes: #608425) -- Alberto Gonzalez Iniesta Fri, 11 Mar 2011 13:08:12 +0100 openvpn (2.1.3-2) unstable; urgency=low * Applied upstream patch to solve random routes added when using 'remote_host'. (Closes: #600166) -- Alberto Gonzalez Iniesta Thu, 21 Oct 2010 12:21:33 +0200 openvpn (2.1.3-1) unstable; urgency=low * New upstream release (Closes: #595684) * Fixed multiple building in a row (Closes: #592086) * Added handling of newer DEB_BUILD_OPTIONS. Thanks Lionel Elie Mamane for the patch. (Closes: #592098) * Updated IPv6 patch from JuanJo Ciarlante. Fixes --multihome option. (Closes: #562099) -- Alberto Gonzalez Iniesta Wed, 29 Sep 2010 13:07:37 +0200 openvpn (2.1.0-3) unstable; urgency=low * The 'happy birthday to me' release * Fixed client hang when server does not push anything. (Closes: #587414) Thanks Thierry Carrez for the heads up. * Document possible problems when using 'chroot' option -- Alberto Gonzalez Iniesta Fri, 09 Jul 2010 12:22:09 +0200 openvpn (2.1.0-2) unstable; urgency=low * Patched ssl.[ch] to fix integer overflow. (Closes: #576827) Thanks David Sommerseth for the patch. * Fixed manpage typo. (Closes: #576823) * Bloat the init.d script with more dependencies required by the new init systems. Sucky. (Closes: #568647, #553338) * Reworded README.Debian (Closes: #550164) * Switch to dpkg-source 3.0 (quilt) format -- Alberto Gonzalez Iniesta Sat, 10 Apr 2010 17:26:42 +0200 openvpn (2.1.0-1) unstable; urgency=low * New upstream release * init.d script: added soft-restart to the options output. (Closes: #558174) * debian/control: Promoted net-tools from Recommends to Depends. (Closes: #557906) -- Alberto Gonzalez Iniesta Fri, 11 Dec 2009 12:08:50 +0100 openvpn (2.1~rc22-1) unstable; urgency=low * New upstream release * Added a note on LDAP+TLS problems in README.Debian -- Alberto Gonzalez Iniesta Fri, 04 Dec 2009 16:33:02 +0100 openvpn (2.1~rc21-2) unstable; urgency=low * debian/patches: Added eurephia.patch to support eurephia plug-in. * debian/patches: updated openvpn over ipv6 support to v0.4.10 -- Alberto Gonzalez Iniesta Thu, 19 Nov 2009 18:00:27 +0100 openvpn (2.1~rc21-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Thu, 12 Nov 2009 12:19:26 +0100 openvpn (2.1~rc20-3) unstable; urgency=low * Updated debian_openssl_vulnkeys.patch to fix false vulnerable key detection. (Closes: #483139). Thanks a lot Kees Cook and Jamie Strandboge for working on this! -- Alberto Gonzalez Iniesta Wed, 04 Nov 2009 17:18:03 +0100 openvpn (2.1~rc20-2) unstable; urgency=low * init.d script: Added X-Interactive header. (Closes: #549424) * patches/jjo-ipv6-support.patch: Added ipv6 support. (Closes: #307846) Patch from JuanJo Ciarlante. -- Alberto Gonzalez Iniesta Tue, 06 Oct 2009 13:04:07 +0200 openvpn (2.1~rc20-1) unstable; urgency=low * New upstream version. - Fixes redirect-gateway option parsing. (Closes: #541450) * Changed init.d Provides from 'vpn' to 'openvpn'. (Closes: #497563) -- Alberto Gonzalez Iniesta Fri, 02 Oct 2009 17:24:38 +0200 openvpn (2.1~rc19-2) unstable; urgency=low * Fixed init.d script to depend on $remote_fs and $syslog (Closes: #539764) * Added debian/README.source * Bumped Standards-Version to 3.8.3 -- Alberto Gonzalez Iniesta Sun, 30 Aug 2009 20:20:11 +0200 openvpn (2.1~rc19-1) unstable; urgency=low * New upstream version - Removed remote_env.patch, applied upstream - trusted_ip is exported again. (Closes: #524979) * Bumped Standards-Version to 3.8.2 -- Alberto Gonzalez Iniesta Tue, 21 Jul 2009 17:00:56 +0200 openvpn (2.1~rc15-1) unstable; urgency=low * New upstream version (Closes: #515575) * remote_env.patch: patched options.c to fix remote* enviroment vars. * openvpn-pkcs11warn.patch: warn on deprecated pkcs11 options. Thanks A LOT to Florian Kulzer for the README.Debian text & patch! (Closes: #475353) * Removed lladdr-is-not-ip.patch, since it was included upstream. * init.d script: Use start-stop-daemon to avoid failure on start when a PID file is not deleted. (Closes: #445061) * init.d script: Added 'status' action. Thanks Thierry Carrez for the patch. (Closes: #498493) * Updated debian/copyright: Point to GPL-2 * Updated debian/control: Added ${misc:Depends} * Bumped Standards-Version to 3.8.1 * Moved to debhelper compat 7. -- Alberto Gonzalez Iniesta Thu, 30 Apr 2009 12:35:05 +0200 openvpn (2.1~rc11-1) unstable; urgency=low * New upstream version - Fixes TLS negotiation problems (Closes: #496649) * Patched options.c, socket.c and socket.h to correctly check for MAC addresses on lladdr parm. (Closes: #496141) Thanks hoverhell@gmail.com for the patch. * init.d script: exit with 0 status when trying to start an already running VPN. (Closes: #499247) -- Alberto Gonzalez Iniesta Wed, 17 Sep 2008 13:43:22 +0200 openvpn (2.1~rc10-1) unstable; urgency=low * New upstream version. - Fixed calls to external commands with arguments. (Closes: #495964, #496314, #497411) -- Alberto Gonzalez Iniesta Thu, 11 Sep 2008 16:58:37 +0200 openvpn (2.1~rc9-3) unstable; urgency=low * debian/rules: run ./configure with path to 'route', for those build daemons without 'route'. (Closes: #495082) * Created NEWS.Debian with info on new option script-security. (Closes: #494998) -- Alberto Gonzalez Iniesta Sat, 16 Aug 2008 13:34:24 +0200 openvpn (2.1~rc9-2) unstable; urgency=low * debian/rules: run ./configure with path to ifconfig, for those build daemons without ifconfig. (Closes: #494918) -- Alberto Gonzalez Iniesta Wed, 13 Aug 2008 13:37:01 +0200 openvpn (2.1~rc9-1) unstable; urgency=high * New upstream version. * Urgency high since it fixes a security bug in versions 2.1-beta14 to 2.1-rc8. CVE-2008-3459. (Closes: #493488) * Added sample-scripts/ to examples directory. * Thanks Tristan Hill for rewritten debian_openssl_vulnkeys.patch -- Alberto Gonzalez Iniesta Mon, 11 Aug 2008 19:40:11 +0200 openvpn (2.1~rc8-1) unstable; urgency=low * New upstream version * Added Build-dep on libpkcs11-helper1 to re-enable PKCS#11 support. Sorry for the delay Florian :) (Closes: #475353) -- Alberto Gonzalez Iniesta Wed, 23 Jul 2008 10:38:13 +0200 openvpn (2.1~rc7-6) unstable; urgency=low * debian/control: Add Recommends on net-tools. (Closes: #469522) * init.d script: clean up. (Closes: #486678) * init.d script: Added soft-restart option to send SIGUSR1 to running VPNs. (Closes: #414252) * Added bash_completion for init.d script. (Closes: #394289) * Removed obsolete templates and its associated code. (Closes: #459531) * Removed stop before upgrade question, always restar after the upgrade not in between. (Closes: #371148) * New patch to correct spelling error in socket.c. (Closes: #487957) * Added OPTARGS to init.d script and /etc/default/openvpn so that Stanislav Maslovski does not have to edit this on every upgrade :) (Closes: #488675) -- Alberto Gonzalez Iniesta Tue, 24 Jun 2008 15:46:15 +0200 openvpn (2.1~rc7-5) unstable; urgency=low * init.d script: Set default exit code to 0 when undefined. (Closes: #486441) -- Alberto Gonzalez Iniesta Mon, 16 Jun 2008 16:59:02 +0200 openvpn (2.1~rc7-4) unstable; urgency=low * The 'Miriam helped me move to quilt' release * Moved all the patches to debian/patches * debian/control: Added Build-Dep on quilt * Applied patch by Jamie Strandboge to fix openssl-vulnkey extra passphrase prompts. Thanks Jamie. (Closes: #483020, #483500, #486129) * Updated Portuguese debconf templates. (Closes: #484007) [ Martin Pitt ] * Added note on Out Of Memory issues. (Closes: #484113) * Avoid asking about the tun device creation if using udev. (Closes: #484111) * Reworked init.d script to use LSB functions. (Closes: #484110) -- Alberto Gonzalez Iniesta Sat, 14 Jun 2008 19:00:40 +0200 openvpn (2.1~rc7-3) unstable; urgency=low * The 'Thanks the transtalors' release * Updated Japanese debconf templates. (Closes: #483848) * Updated Russian debconf templates. (Closes: #483693) * Updated Brazilian Portuguese debconf templates. (Closes: #483686) * Updated German debconf templates. (Closes: #483610) * Updated French debconf templates. (Closes: #483104) * Updated Spanish debconf templates. (Closes: #482939) * Updated Italian debconf templates. (Closes: #482809) * Updated Finnish debconf templates. (Closes: #482763) * Updated Swedish debconf templates. (Closes: #482677) * Updated Vietnamese debconf templates. (Closes: #482640) * Updated Galician debconf templates. (Closes: #482461) * Updated Czech debconf templates. (Closes: #482430) * Updated Basque debconf templates. (Closes: #482398) * Updated path to openssl-vulnkey. (Closes: #483723) -- Alberto Gonzalez Iniesta Sun, 01 Jun 2008 21:11:17 +0200 openvpn (2.1~rc7-2) unstable; urgency=high * init.c: Warn of use of known vulnerable weak SSL/TLS and shared secret keys caused by Debian openssl bug. Patch taken from Ubuntu. CVE-2008-0166 * debian/(templates|postinst): Add warning on vulnerable secrect/key files. * debian/control: Add dependencies on openssl-blacklist and openvpn-blacklist. Bumped dependency on libssl version. -- Alberto Gonzalez Iniesta Fri, 16 May 2008 00:45:23 +0200 openvpn (2.1~rc7-1) unstable; urgency=low * New upstream release (Closes: #464181) - Slashes in X509 common name allowed (Closes: #452274) * init.d script: Removed /dev/null stdin redirection, so passphrases can be typed in. (Closes: #454371) * Set FD_CLOEXEC in socket initialization BEFORE running the 'up script' Thanks a lot Julien Cristau for finding this out and sending the patch (Closes: #367716) * Added multiple VPN configuration in /e/n/interfaces. Thanks Sam Couter for the patch (Closes: #472924) * Bumped Standards-Version to 3.7.3 * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. (Closes: #462048) * Updated Vietnamese debconf templates. (Closes: #465535) * Updated German debconf templates. (Closes: #465317) * Updated Brazilian Portuguese debconf templates. (Closes: #465440) * Updated Japanese debconf templates. (Closes: #462736) * Updated Portuguese debconf templates. (Closes: #462795) * Updated Swedish debconf templates. (Closes: #462979) * Updated Galician debconf templates. (Closes: #462990) * Updated Spanish debconf templates. (Closes: #463047) * Updated French debconf templates. (Closes: #463636) * Updated Italian debconf templates. (Closes: #463703) * Updated Finnish debconf templates. (Closes: #463952) * Updated Czech debconf templates. (Closes: #464221) * Updated Russian debconf templates. (Closes: #464666) * Updated Norwegian Bokmål debconf templates. (Closes: #462811) -- Alberto Gonzalez Iniesta Sat, 02 Feb 2008 22:41:31 +0100 openvpn (2.1~rc4-2) unstable; urgency=low * Upload to unstable. New upstream fixes: - Bug with: Assertion failed at multi.c. (Closes: #411633) - Hangs with tcp clients goin down with new option: --connect-timeout. (Closes: #296834) * Use rm -f to remove PIDFILE, in case rm wants to ask. (Closes: #429932) * Updated Vietnamese debconf templates. (Closes: #427048) Thanks Clytie Siddall. * Added note on resolvconf use with openvpn. (Closes: #451319) -- Alberto Gonzalez Iniesta Sat, 08 Dec 2007 21:58:05 +0100 openvpn (2.1~rc4-1) experimental; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Mon, 22 Oct 2007 20:59:46 +0200 openvpn (2.1~rc2-1) experimental; urgency=low * Just forward-push the Debian patches to the new version, and upload to experimental (with permission of the maintainer). -- Andreas Barth Thu, 19 Apr 2007 18:23:59 +0200 openvpn (2.0.9-8) unstable; urgency=low * Install /etc/openvpn/update-resolv-conf with correct permissions -- Alberto Gonzalez Iniesta Sat, 19 May 2007 18:12:12 +0200 openvpn (2.0.9-7) unstable; urgency=low * Added script to update resolv.conf with server's settings. The script is located in the /etc/openvpn/ directory. Thanks a lot Christof Lauber for the script. Added resolvconf to Suggests. * Added LSB section to the init.d script. -- Alberto Gonzalez Iniesta Sat, 19 May 2007 17:48:23 +0200 openvpn (2.0.9-6) unstable; urgency=low * Fixed init.d script to avoid running multiple instances of the same VPN. Thanks Keith Kyzivat for pushing me into looking again into this issue. (Closes: #326080) * Included patch to README.Debian from Peter Rabbitson describing /etc/network/interfaces integration. (Closes: #413732) * Also included joeyh's suggestion on the previous subject. (Closes: 419797) * Avoid restarting a vpn instead of reloading it due to wrong detection of 'user' option in init.d script. Thanks Josip Rodin. (Closes: 403503) * Added Russian debconf translation. (Closes: #414088) Thanks Yuriy Talakan. * Built against liblzo2 instead of liblzo. (Closes: #423366) -- Alberto Gonzalez Iniesta Tue, 15 May 2007 23:53:26 +0200 openvpn (2.0.9-5) unstable; urgency=low * Added Galician debconf translation. (Closes: #412492) Thanks Jacobo Tarrio -- Alberto Gonzalez Iniesta Wed, 28 Feb 2007 00:36:14 +0100 openvpn (2.0.9-4) unstable; urgency=low * Updated Swedish debconf translation. (Closes: #407851) Thanks Andreas Henriksson -- Alberto Gonzalez Iniesta Sun, 21 Jan 2007 22:24:58 +0100 openvpn (2.0.9-3) unstable; urgency=low * Fixed type in Portuguese debconf translation. * debian/templates. Changed default value for init.d change question to false. (Closes: #403317) -- Alberto Gonzalez Iniesta Fri, 22 Dec 2006 19:36:05 +0100 openvpn (2.0.9-2) unstable; urgency=low * Updated Spanish debconf translation. (Closes: #393796) * Updated German debconf translation. (Closes: #397019) * Updated Japanese debconf translation. (Closes: #392627) * Added Italian debconf translation. (Closes: #398050) * Added Portuguese debconf translation. (Closes: #400685) -- Alberto Gonzalez Iniesta Fri, 8 Dec 2006 12:28:34 +0100 openvpn (2.0.9-1) unstable; urgency=low * New upstream release. No changes in *NIX source code. Updating to avoid 'New upstream, blah, blah'. * debian/control: Fixed spelling error in description (Closes: #390242) * debian/copyright: Updated project's homepage and author's email address. (Closes: #388466) * debian/copyright: Updated the FSF address. * Updated Dutch debconf translation. (Closes: #389982, 379802) Thanks Kurt De Bree * Updated Czech debconf translation. (Closes: #384755) Thanks Miroslav Kure -- Alberto Gonzalez Iniesta Tue, 10 Oct 2006 12:17:57 +0200 openvpn (2.0.7-1) unstable; urgency=low * The 'Translators, translators, translators' release. * New upstream version. * Added Dutch debconf translation. (Closes: #370073) Thanks Kurt De Bree * Updated Danish debconf translation. (Closes: #369772, #376704) Thanks Claus Hindsgaul * Updated French debconf translation. (Closes: #373191) Thanks Michel Grentzinger -- Alberto Gonzalez Iniesta Sat, 22 Jul 2006 20:44:52 +0200 openvpn (2.0.6-2) unstable; urgency=low * The "Mañana" Release. * debian/control: Added Suggests: openssl (Closes: #368256) * debian/postinst: Run the init.d script with 'start' when doing a fresh install or stop2upgrade=true. (Closes: #366085, #338956) * Updated Czech debconf translation (Closes: #333989) Thanks Miroslav Kure. * Bumped Standards-Version to 3.7.2.0, no change. * debian/rules: Avoid compressing 'pkitool' (Closes: #354478) * debian/templates: Corrected typo on init scripts order change. (Closes: #351664) * Updated German debconf translation (Closes: #345853) Thanks Erik Schanze. -- Alberto Gonzalez Iniesta Mon, 22 May 2006 03:08:10 +0200 openvpn (2.0.6-1) unstable; urgency=high * New upstream release. Urgency high due to security fix. - Disallow "setenv" to be pushed to clients from the server. (Closes: #360559) -- Alberto Gonzalez Iniesta Wed, 5 Apr 2006 12:17:26 +0200 openvpn (2.0.5-1) unstable; urgency=high * New upstream release. Urgency high due to security issues. - DoS vulnerability on the server in TCP mode. (CVE-2005-3409) (Closes: #337334) - Format string vulnerability in the foreign_option function in options.c could potentially allow a malicious or compromised server to execute arbitrary code on the client. (CVE-2005-3393) (Closes: #336751) -- Alberto Gonzalez Iniesta Mon, 7 Nov 2005 10:13:55 +0100 openvpn (2.0.2-2) unstable; urgency=low * debian/control: fix Depends on debconf. (Closes: #332056) * Bumped Standards-Version to 3.6.2.0, no change. * Updated Danish debconf translation. (Closes: #326907) * Updated French debconf translation. (Closes: #328076) * Added Swedish debconf translation. (Closes: #332785) -- Alberto Gonzalez Iniesta Sun, 9 Oct 2005 18:42:34 +0200 openvpn (2.0.2-1) unstable; urgency=low * The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :) * New upstream release (Closes: #323594) * Fixed use of backslash in username authentication. (Closes: #309787) * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532 CAN-2005-2533 CAN-2005-2534. (Closes: #324167) * Changed group option from 'nobody' to 'nogroup' in all the *example* files... (Closes: #317987) * Included openvpn-plugin.h to allow building third party plugins. (Closes: #316139) * Stop openvpn's daemon later to allow some services stopping later to use it. Added debconf template to ask permission to make the change on older installations. (Closes: #312371) * Workaround to fix proper daemonize when 'log' option is used. (Closes: #309944) Thanks Jason Lunz for the patch. * Modified output of init.d script to make it more friendly when passphrase for a tunnel certificate is asked. Thanks Pavel Vávra for the patch. -- Alberto Gonzalez Iniesta Sun, 28 Aug 2005 13:05:49 +0200 openvpn (2.0-4) unstable; urgency=low * The 'It was about time I could make a new upload' release * Rewrote some debconf templates (Closes: #316694). Thanks Clytie Siddall for the corrections. * Included Vietnamese debconf translation. (Closes: #316695) * debian/rules: exclude openssl.cnf from being compress. (Closes: #315764) -- Alberto Gonzalez Iniesta Wed, 6 Jul 2005 09:22:16 +0200 openvpn (2.0-3) unstable; urgency=low * postinst: call 'restart' when 'cond-restart' fails due to user not upgrading the init.d script. (Closes: #308926) -- Alberto Gonzalez Iniesta Sat, 28 May 2005 12:52:16 +0200 openvpn (2.0-2) unstable; urgency=low * Added '-f' to rm when deleting the status file. This eliminates the need to test if it exists and saves the init.d script from failing. (Closes: #306588) * Modified pam plugin to load libpam.so.0 instead of libpam.so. (Closes: #306335) -- Alberto Gonzalez Iniesta Wed, 4 May 2005 15:02:45 +0200 openvpn (2.0-1) unstable; urgency=low * The 'This-is-the-real-2.0' release * New upstream version. * openvpn.8: s/--/\\-\\-/g a.k.a escaped dashes to make it possible to search for options with UTF charsets. (Closes: #296133) * Improved init.d script output. (Closes: #297997) Thanks Thomas Hood for the patch. * debian/control. Rewrote Description: field. Now it's more useful and complete. (Closes: #304895) * init.d script: - Fixed restarting of multiple VPNs - Fixed TAB converted to spaces. - Remove status file on VPN stop - Respect 'status' option if given in the config file - New /etc/default/openvpn configuration file that allows control on which VPNs are automatically started and also controls status file refresh interval Thanks Philipp A. Hartmann for the nice patch. (Closes: #294332) * init.d script: Added cond-restart to only restart VPNs in use. postint: Call init.d script with cond-restart instead of restart. (Closes: #280464) * init.d script: change order of --config and --cd to permit nested 'configs'. (Closes: #299082) -- Alberto Gonzalez Iniesta Mon, 18 Apr 2005 09:07:05 +0200 openvpn (1.99+2.rc20-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Mon, 4 Apr 2005 23:05:23 +0200 openvpn (1.99+2.rc18-1) unstable; urgency=low * New upstream release (Closes: #301949) -- Alberto Gonzalez Iniesta Tue, 29 Mar 2005 12:56:42 +0200 openvpn (1.99+2.rc16-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Sun, 20 Feb 2005 20:24:25 +0100 openvpn (1.99+2.rc12-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Sun, 6 Feb 2005 11:49:44 +0100 openvpn (1.99+2.rc11-2) unstable; urgency=low * Added --enable-password-save to configure call to allow --askpass and --auth-user-pass passwords to be read from a file. -- Alberto Gonzalez Iniesta Thu, 3 Feb 2005 18:19:28 +0100 openvpn (1.99+2.rc11-1) unstable; urgency=low * New upstream release * Added --status line to init.d script (Closes: #293144) -- Alberto Gonzalez Iniesta Thu, 3 Feb 2005 09:28:06 +0100 openvpn (1.99+2.rc10-1) unstable; urgency=low * New upstream release * Updated pt_BR debconf translation (Closes: #292079) -- Alberto Gonzalez Iniesta Fri, 28 Jan 2005 14:44:42 +0100 openvpn (1.99+2.rc6-1) unstable; urgency=low * The 'Three Wise Men' release. * New upstream release. * Update README.Debian with comments on changed string remapping. Thanks ron@debian.org for noting this first. (Closes: #288669) -- Alberto Gonzalez Iniesta Wed, 5 Jan 2005 19:03:11 +0100 openvpn (1.99+2.beta19-1) unstable; urgency=low * New upstream release. * Updated README.Debian with info on plugins. -- Alberto Gonzalez Iniesta Sun, 5 Dec 2004 11:57:03 +0100 openvpn (1.99+2.beta18-2) unstable; urgency=low * Built and installed plugins. Thanks Michael Renner for noticing. (Closes: #284224) * Added Build-Depends on libpam0g-dev, required by auth-pam plugin. -- Alberto Gonzalez Iniesta Sun, 5 Dec 2004 10:19:45 +0100 openvpn (1.99+2.beta18-1) unstable; urgency=low * New upstream release. Corrects --mssfix behaviour (Closes: #280893) * Included Czech debconf translation. (Closes: #282995) -- Alberto Gonzalez Iniesta Mon, 29 Nov 2004 10:56:07 +0100 openvpn (1.99+2.beta17-2) unstable; urgency=low * Updated (German|Danish|French|Japanese) debconf translations. (Closes: #281235, #282095, #282216, #282881) -- Alberto Gonzalez Iniesta Wed, 24 Nov 2004 08:15:29 +0100 openvpn (1.99+2.beta17-1) unstable; urgency=low * New upstream version. Includes fix for the --key-method 1 bug. * WARNING: This version changes the default port (5000 previously) to 1194 (assigned by INANA). This will affect you if you don't have a 'port' option specified in your configuration files. Added a debconf note about it. * Updated es.po. -- Alberto Gonzalez Iniesta Fri, 12 Nov 2004 15:32:56 +0100 openvpn (1.99+2.beta16-2) unstable; urgency=low * Patched ssl.c to fix bug in --key-method 1, that prevented OpenVPN 2.x from working with 1.x using that method. Thanks James for the prompt answer & patch. Thanks weasel for finding it out. -- Alberto Gonzalez Iniesta Mon, 8 Nov 2004 11:59:12 +0100 openvpn (1.99+2.beta16-1) unstable; urgency=low * New upstream releases. Fixes the "Assertion failed at crypto.c" (Closes: #265632, #270005) -- Alberto Gonzalez Iniesta Sun, 7 Nov 2004 17:46:09 +0100 openvpn (1.99+2.beta15-5) unstable; urgency=low * Updated README.Debian with clearer 2.x vs 1.x interoperability instructions. -- Alberto Gonzalez Iniesta Sun, 7 Nov 2004 10:26:03 +0100 openvpn (1.99+2.beta15-4) unstable; urgency=low * Put if-{up,down}.d scripts back in place, this time they work. Just remember to quote shell vars when checking if they are empty. [ -n "$VAR" ] -> Good [ -n $VAR ] -> BAD Note to self, don't trust people's patches even if they are DD. -- Alberto Gonzalez Iniesta Thu, 4 Nov 2004 08:33:45 +0100 openvpn (1.99+2.beta15-3) unstable; urgency=low * Removed if-{up,down}.d scripts until I get to know how they work. -- Alberto Gonzalez Iniesta Wed, 3 Nov 2004 20:58:41 +0100 openvpn (1.99+2.beta15-2) unstable; urgency=low * Corrected names of if-{up,down}.d scripts. Duh! -- Alberto Gonzalez Iniesta Wed, 3 Nov 2004 10:21:52 +0100 openvpn (1.99+2.beta15-1) unstable; urgency=low * New upstream release. * Renamed package to 1.99 to make it clearer that we're using version 2.0 and not 1.6. Some people rather talk about this on IRC and not tell the maintainer directly. * Added Brazilian Portuguese debconf templates. (Closes: #279351) * Modified init.d script so that specifying a daemon option in a VPN configuration won't make it fail. Thanks Christoph Biedl for the patch. (Closes: #278302) * Added scripts to allow specifying 'openvpn name' in /etc/network/interfaces to have the tunnel created and destroyed with the device it runs over. Thanks Joachim Breitner for the patch. (Closes: #273481) * Modified init.d script so that multiple VPNs can be started or stopped with a single command. (See README.Debian) -- Alberto Gonzalez Iniesta Tue, 2 Nov 2004 12:49:41 +0100 openvpn (1.6.0+2.beta14-1) unstable; urgency=low * New upstream release. -- Alberto Gonzalez Iniesta Wed, 20 Oct 2004 09:13:09 +0200 openvpn (1.6.0+2.beta12-1) unstable; urgency=low * New upstream release. * Added comments about compatibility issues between openvpn 2.x and 1.x to README.Debian (Closes: #276799) * Changed maintainer email address. -- Alberto Gonzalez Iniesta Mon, 18 Oct 2004 09:01:23 +0200 openvpn (1.6.0+2.beta11-1) unstable; urgency=low * New upstream release. (Closes: #269631) * I decided to get OpenVPN 2 into sid, and hopefully into Sarge since the current beta works pretty well and adds important features I don't want missing in Sarge. * Updated README.Debian -- Alberto Gonzalez Iniesta Fri, 15 Oct 2004 11:52:58 +0200 openvpn (1.6.0-5) unstable; urgency=low * Added German and Japanese debconf templates. (Closes: #266927, #270477) -- Alberto Gonzalez Iniesta Fri, 10 Sep 2004 08:31:54 +0200 openvpn (1.6.0-4) unstable; urgency=low * Updated French and Danish debconf templates (Closes: #254064, #256053) -- Alberto Gonzalez Iniesta Mon, 28 Jun 2004 09:51:44 +0200 openvpn (1.6.0-3) unstable; urgency=low * Included Catalan debconf templates. (Closes: #248750) Thanks Aleix Badia i Bosch. * Added debconf question on whether the daemon should be stopped at the begining of and upgrade or not. Thus being more reliable on remote upgrades. (Closes: #250558) -- Alberto Gonzalez Iniesta Thu, 10 Jun 2004 15:59:39 +0200 openvpn (1.6.0-2) unstable; urgency=low * Recover init.d modification suggested by Kai Henningsen to get different syslog names for each VPN. How the fuck did that get lost? -- Alberto Gonzalez Iniesta Fri, 28 May 2004 16:51:04 +0200 openvpn (1.6.0-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Mon, 10 May 2004 08:59:37 +0200 openvpn (1.5.0-3) unstable; urgency=low * Included Danish debconf template. Thanks Claus Hindsgau. (Closes: #234944) -- Alberto Gonzalez Iniesta Tue, 9 Mar 2004 16:36:33 +0100 openvpn (1.5.0-2) unstable; urgency=low * Modified init.d script to permit different syslog names for each VPN. Thanks Kai Henningsen for the tip. (Closes: #227376) * Moved 'verify-cn' script to /usr to make weasel happier ;) (Closes: #221995) * Moved to gettext-based debconf templated. Added French translation. Thanks Michel Grentzinger for the patches. (Closes: #219015, #219016) * Fixed spanish translation that was a complete mess. (Closes: Fri-Sun) -- Alberto Gonzalez Iniesta Thu, 15 Jan 2004 18:08:24 +0100 openvpn (1.5.0-1) unstable; urgency=low * New upstream release * Moved to debhelper compatibility 4. Created debian/compat. -- Alberto Gonzalez Iniesta Sat, 22 Nov 2003 18:18:50 +0100 openvpn (1.4.3-3) unstable; urgency=low * Added quotes around $2 in dpkg --compare-versions (config and postinst) and check if $2 actually has a value. This way it won't fail if $2 is not set. Duh! (Closes: #214848) -- Alberto Gonzalez Iniesta Thu, 9 Oct 2003 11:01:31 +0200 openvpn (1.4.3-2) unstable; urgency=low * Moved initscripts sequence number to S16 from S20. This will make openvpn start earlier and be ready for other services. (Closes: #209225) * Added Depends: on debconf, it's used in the maintainer's scripts now. * Added debconf template to ask for the creation of the TUN/TAP device node. (Closes: #211198) -- Alberto Gonzalez Iniesta Thu, 2 Oct 2003 21:39:46 +0200 openvpn (1.4.3-1) unstable; urgency=low * New upstream release * Bumped Standards-Version to 3.6.1.0, no change. * Patched init.d script to support single vpn stop/start/restart. Thanks to Richard Mueller and Norbert Tretkowski (Closes: #204100) -- Alberto Gonzalez Iniesta Tue, 30 Sep 2003 20:04:37 +0200 openvpn (1.4.1.4-1) unstable; urgency=low * New upstream release. Backed out --dev-name patch, modified --dev to offer equivalent functionality (Closes: #194910) * Updated README.Debian. Thanks to John R. Shearer -- Alberto Gonzalez Iniesta Tue, 17 Jun 2003 11:08:17 +0200 openvpn (1.4.1-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Fri, 16 May 2003 17:14:41 +0200 openvpn (1.4.0-2) unstable; urgency=low * Patch from James Yonan to use 2.2.x TUN interface if 2.4.x fails. (Closes: #182020) -- Alberto Gonzalez Iniesta Sun, 11 May 2003 10:24:51 +0200 openvpn (1.4.0-1) unstable; urgency=low * New upstream release (Closes: #179551) * Re-enabled liblzo support. LZO's author made an exception in LZO's license that permits OpenVPN to use LZO and OpenSSL. See copyright file. -- Alberto Gonzalez Iniesta Thu, 8 May 2003 09:21:53 +0200 openvpn (1.3.2-3) unstable; urgency=low * Removed executable permissions from generated secret files. (Closes: #178849) -- Alberto Gonzalez Iniesta Thu, 6 Feb 2003 10:04:11 +0100 openvpn (1.3.2-2) unstable; urgency=low * Disabled liblzo1 support to fix license issues with Openssl. (Closes: #177497) * Bumped Standards-Version to 3.5.8, no change. -- Alberto Gonzalez Iniesta Mon, 20 Jan 2003 16:09:16 +0100 openvpn (1.3.2-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Mon, 28 Oct 2002 14:22:10 +0100 openvpn (1.3.0-2) unstable; urgency=low * Modified init.d script so it's not dependent on bash. (Closes: #161525) -- Alberto Gonzalez Iniesta Sat, 21 Sep 2002 12:23:46 +0200 openvpn (1.3.0-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Wed, 10 Jul 2002 12:50:50 +0200 openvpn (1.2.1-1) unstable; urgency=low * New upstream release * Added init.d script -- Alberto Gonzalez Iniesta Fri, 21 Jun 2002 14:05:42 +0200 openvpn (1.2.0-2) unstable; urgency=low * Modified configure(.ac) pthread library handling to work with GCC 3.0. Thanks to Lamont Jones for the patch. (Closes: #148120) -- Alberto Gonzalez Iniesta Sat, 25 May 2002 11:41:59 +0200 openvpn (1.2.0-1) unstable; urgency=low * Initial Release. (Closes: #140463) -- Alberto Gonzalez Iniesta Thu, 23 May 2002 11:00:37 +0200