openvpn (2.5.5-1ubuntu3) jammy; urgency=medium * debian/patches/CVE-2022-0547.patch: updated to properly patch actual manpage file in doc/openvpn.8. -- Marc Deslauriers Tue, 22 Mar 2022 13:22:27 -0400 openvpn (2.5.5-1ubuntu2) jammy; urgency=medium * SECURITY UPDATE: authentication bypass via multiple deferred authentication plug-ins - debian/patches/CVE-2022-0547.patch: disallow multiple deferred authentication plug-ins in doc/man-sections/plugin-options.rst, src/openvpn/plugin.c. - CVE-2022-0547 -- Marc Deslauriers Tue, 22 Mar 2022 10:37:55 -0400 openvpn (2.5.5-1ubuntu1) jammy; urgency=medium * Merge with Debian unstable (LP: #1946884). Remaining changes: - d/control: Demote easy-rsa to Suggests (universe package). - debian/openvpn@.service: Add '--script-security 2' similar to what got added to debian/openvpn.init.d ages ago (LP #1454725) - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. - d/p/OpenSSL3.patch: work around the deprecated algorithm mismatch between the OpenSSL3 branch and the OpenVPN 2.5 branch (LP #1945980) -- Sergio Durigan Junior Wed, 23 Feb 2022 10:14:27 -0500 openvpn (2.5.5-1) unstable; urgency=medium [ Jörg Frings-Fürst ] * New upstream version 2.5.5 * Declare compliance with Debian Policy 4.6.0.1 * d/copyright: - Remove duplicate entries; - Refresh for new upstream release - Add 2021 to myself [ Bernhard Schmidt ] * Refresh patches for new upstream version -- Bernhard Schmidt Mon, 21 Feb 2022 12:05:55 +0100 openvpn (2.5.1-3ubuntu5) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones Wed, 16 Feb 2022 17:16:30 +0000 openvpn (2.5.1-3ubuntu4) jammy; urgency=medium * d/p/OpenSSL3.patch: work around the deprecated algorithm mismatch between the OpenSSL3 branch and the OpenVPN 2.5 branch (LP: #1945980) -- Simon Chopin Thu, 18 Nov 2021 15:05:21 +0100 openvpn (2.5.1-3ubuntu3) jammy; urgency=medium * No-change rebuild against openssl3 -- Simon Chopin Wed, 01 Dec 2021 16:09:52 +0000 openvpn (2.5.1-3ubuntu2) impish; urgency=medium * No-change rebuild to build packages with zstd compression. -- Matthias Klose Thu, 07 Oct 2021 12:21:59 +0200 openvpn (2.5.1-3ubuntu1) impish; urgency=medium * Merge with Debian unstable. Remaining changes: - d/control: Demote easy-rsa to Suggests (universe package). - debian/openvpn@.service: Add '--script-security 2' similar to what got added to debian/openvpn.init.d ages ago (LP #1454725) - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. * Dropped changes: - d/t/server-setup-*: adapt tests to output of v2.5.0 [Included in 2.5.1-3] -- Utkarsh Gupta Mon, 17 May 2021 14:38:17 +0530 openvpn (2.5.1-3) unstable; urgency=medium * Fix autopkgtest (Closes: #983662) - adapt autopkgtest output to 2.5 (from Ubuntu) - Fix easyrsa batch mode invocation * Cherry-Pick "Fix condition to generate session keys" (Closes: #988478) -- Bernhard Schmidt Fri, 14 May 2021 09:40:04 +0200 openvpn (2.5.1-2ubuntu1) impish; urgency=medium * Merge with Debian unstable. Remaining changes: - d/control: Demote easy-rsa to Suggests (universe package). - debian/openvpn@.service: Add '--script-security 2' similar to what got added to debian/openvpn.init.d ages ago (LP #1454725) - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. - d/t/server-setup-*: adapt tests to output of v2.5.0 -- Athos Ribeiro Mon, 03 May 2021 17:56:39 -0300 openvpn (2.5.1-2) unstable; urgency=high * Cherry-Pick 3 (+ 1 predependency) patches from upstream to fix authentication bypass with deferred authentication (CVE-2020-15078) (Closes: #987380) -- Bernhard Schmidt Wed, 28 Apr 2021 14:41:58 +0200 openvpn (2.5.1-1ubuntu1) hirsute; urgency=medium * Merge with Debian unstable (LP: #1917438). Remaining changes: - d/control: Demote easy-rsa to Suggests (universe package). - debian/openvpn@.service: Add '--script-security 2' similar to what got added to debian/openvpn.init.d ages ago (LP #1454725) - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. + d/t/server-setup-*: adapt tests to output of v2.5.0 -- Utkarsh Gupta Tue, 02 Mar 2021 16:35:37 +0530 openvpn (2.5.1-1) unstable; urgency=medium * New upstream version 2.5.1 (bugfix release) -- Bernhard Schmidt Wed, 24 Feb 2021 19:54:34 +0100 openvpn (2.5.0-1ubuntu1) hirsute; urgency=medium * Merge with Debian unstable. Remaining changes: - d/control: Demote easy-rsa to Suggests (universe package). - debian/openvpn@.service: Add '--script-security 2' similar to what got added to debian/openvpn.init.d ages ago (LP #1454725) - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. [updated to match 2.5.0] * Dropped changes [in Debian since 2.5~beta3-1] - d/tests: add two DEP-8 test cases + d/t/server-setup-with-static-key: test the OpenVPN server side setup using a static key. + d/t/server-setup-with-ca: test the OpenVPN server side setup using a CA built with easy-rsa. - d/openvpn*.service: Drop reload support from systemd unit files (LP #1868127). The current reload implementation (sending a SIGHUP signal to the process) fails, and the difference between reload and restart is not clear. Systemd does not require an implementation for reload. * Added Changes: - d/t/server-setup-*: adapt tests to output of v2.5.0 -- Christian Ehrhardt Tue, 01 Dec 2020 16:15:12 +0100 openvpn (2.5.0-1) unstable; urgency=medium * New upstream version 2.5.0 - final release -- Bernhard Schmidt Wed, 28 Oct 2020 19:37:34 +0100 openvpn (2.5~rc3-1) unstable; urgency=medium * New upstream version 2.5~rc3 -- Bernhard Schmidt Tue, 20 Oct 2020 19:17:43 +0200 openvpn (2.5~rc2-1) unstable; urgency=medium * Downgrade debhelper-compat to 12 for easier backports * New upstream version 2.5~rc2 -- Bernhard Schmidt Wed, 30 Sep 2020 21:12:11 +0200 openvpn (2.5~beta3-1) unstable; urgency=medium * Release to unstable. [ Lucas Kanashiro ] * Add two DEP-8 test cases for the server side * Drop reload support from systemd unit files (LP 1868127) [ Bernhard Schmidt ] * Revert "d/gbp.conf for experimental 2.5 branch" * New upstream version 2.5~beta3 -- Bernhard Schmidt Tue, 01 Sep 2020 16:53:43 +0200 openvpn (2.5~beta1-3) experimental; urgency=medium * Disable iproute2 support in favour of the new netlink based default. Thanks to Fabio Pedretti -- Bernhard Schmidt Sun, 16 Aug 2020 14:04:11 +0200 openvpn (2.5~beta1-2) experimental; urgency=medium * Set Build-Conflicts: systemctl, see Bug#959828 -- Bernhard Schmidt Sun, 16 Aug 2020 10:33:47 +0200 openvpn (2.5~beta1-1) experimental; urgency=medium * d/gbp.conf for experimental 2.5 branch * New upstream version 2.5~beta1 * Adjust patches for new major upstream version * Add python3-docutils to build-depends for manpage generation -- Bernhard Schmidt Sat, 15 Aug 2020 21:32:49 +0200 openvpn (2.4.9-3ubuntu1) groovy; urgency=medium * Merge with Debian unstable. Remaining changes: - d/control: Demote easy-rsa to Suggests (universe package). - debian/openvpn@.service: Add '--script-security 2' similar to what got added to debian/openvpn.init.d ages ago (LP #1454725) - d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl. - d/tests: add two DEP-8 test cases + d/t/server-setup-with-static-key: test the OpenVPN server side setup using a static key. + d/t/server-setup-with-ca: test the OpenVPN server side setup using a CA built with easy-rsa. - d/openvpn*.service: Drop reload support from systemd unit files (LP #1868127). The current reload implementation (sending a SIGHUP signal to the process) fails, and the difference between reload and restart is not clear. Systemd does not require an implementation for reload. -- Lucas Kanashiro Tue, 18 Aug 2020 08:42:11 -0300 openvpn (2.4.9-3) unstable; urgency=medium [ Jörg Frings-Fürst ] * Fix the bug that occurs during the update (Closes: #959464): "ERROR: Cannot ioctl TUNSETIFF tunX: Device or resource busy (errno=16)" - debian/rules: Change dh_installsystemd from "--restart-after-upgrade" to "--no-restart-after-upgrade -r". - Remove restart from debian/postinst. - Add hint to reboot if openvpn is running. - Add new chapter into debian/NEWS. * Migrate to debhelper 13. * debian/postinst: - Remove now useless code for version less than 2.3.2-6. * debina/copyright: - Add year 2020 to Bernhard Schmidt. -- Jörg Frings-Fürst Sat, 02 May 2020 18:14:36 +0200 openvpn (2.4.9-2ubuntu2) groovy; urgency=medium * Drop reload support from systemd unit files (LP: #1868127) -- Lucas Kanashiro Tue, 26 May 2020 19:04:33 -0300 openvpn (2.4.9-2ubuntu1) groovy; urgency=medium * Merge with Debian unstable. Remaining changes: - d/control: Demote easy-rsa to Suggests (universe package). - debian/openvpn@.service: Add '--script-security 2' similar to what got added to debian/openvpn.init.d ages ago (LP 1454725) - Allow MD5 for PRF in FIPS mode openssl. * Added changes: - d/tests: add two DEP-8 test cases + d/t/server-setup-with-static-key: test the OpenVPN server side setup using a static key. + d/t/server-setup-with-ca: test the OpenVPN server side setup using a CA built with easy-rsa. -- Lucas Kanashiro Wed, 29 Apr 2020 15:35:56 -0300 openvpn (2.4.9-2) unstable; urgency=medium * Cherry-Pick upstream patch to fix ssl_do_config error with invalid OpenSSL system configuration (Closes: #958296) Thanks to Jonas Andradas for reporting and Arne Schwabe for debugging. * Use DEB_HOST_MULTIARCH for libraries (Closes: #958315) * Enable Salsa CI -- Bernhard Schmidt Tue, 21 Apr 2020 21:58:53 +0200 openvpn (2.4.9-1) unstable; urgency=medium [ Jörg Frings-Fürst ] * New upstream release (Closes: #950610). * Refresh debian/patches/openvpn-pkcs11warn.patch. * Remove upstream applied fix-pkcs11-helper-hang.patch. * Add libp11-kit-dev to Build - Depends (Closes: #940727). * Add symlinks for plugins into /usr/lib/openvpn/ (Closes: #946348). * Declare compliance with Debian Policy 4.5.0 (No changes needed). * Switch to debhelper-compat: - debian/control: change to debhelper-compat (=12). - remove debian/compat. * debian/copyright: - Add year 2020 to debian/*. - Add year 2019 to *. * debian/control: - Add Rules-Requires-Root: No. [ Bernhard Schmidt ] * New upstream version 2.4.9 - CVE-2020-11810 illegal client float can break VPN session for other users -- Bernhard Schmidt Sun, 19 Apr 2020 15:52:57 +0200 openvpn (2.4.7-1ubuntu2) eoan; urgency=medium * No-change upload with strops.h and sys/strops.h removed in glibc. -- Matthias Klose Thu, 05 Sep 2019 11:05:25 +0000 openvpn (2.4.7-1ubuntu1) eoan; urgency=medium * Merge with Debian unstable (LP: #1828771). Remaining changes: - d/control: Demote easy-rsa to Suggests (universe package). - debian/openvpn@.service: Add '--script-security 2' similar to what got added to debian/openvpn.init.d ages ago (LP 1454725) - d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF. (LP 1807439) * Dropped changes: - d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout scripts breaking due to sudo/pam being unable to audit the action. Fixed in upstream issue #918, suggested to Debian in #868806 (LP 1787208) [in Debian now] -- Christian Ehrhardt Mon, 13 May 2019 15:55:22 +0200 openvpn (2.4.7-1) unstable; urgency=medium [ Bernhard Schmidt ] * New upstream version 2.4.7 - improvements regarding TLSv1.3 - Add CAP_AUDIT_WRITE for auth_pam for upstream units (Closes: #868806) * adjust kfreebsd_support.patch for new upstream version * Also Add CAP_AUDIT_WRITE for auth_pam for openvpn@.service (Closes: #868806) * openvpn@.service: Bump LimitNPROC to 100, see #861923 [ Simon Deziel ] * d/control: suggests openvpn-systemd-resolved (Closes: #913265) [ Hilko Bengen ] * Avoid hangs when spawning child processes by not setting pkcs11-helper "safe fork mode" (Closes: #772812, #900805, #907452) -- Bernhard Schmidt Wed, 20 Feb 2019 14:50:03 +0100 openvpn (2.4.6-1ubuntu3) disco; urgency=medium * d/p/openvpn-fips-2.4.patch: Allow MD5 in FIPS mode (openssl) for PRF. (LP: #1807439) -- Joy Latten Wed, 09 Jan 2019 12:25:59 -0600 openvpn (2.4.6-1ubuntu2) cosmic; urgency=medium * d/openvpn@.service: Add CAP_AUDIT_WRITE to avoid issues with callout scripts breaking due to sudo/pam being unable to audit the action. Fixed in upstream issue #918, suggested to Debian in #868806 (LP: #1787208) -- Christian Ehrhardt Mon, 03 Sep 2018 10:57:35 +0200 openvpn (2.4.6-1ubuntu1) cosmic; urgency=medium * Merge with Debian unstable. Remaining changes: - d/control: Demote easy-rsa to Suggests (universe package). - debian/openvpn@.service: Add '--script-security 2' similar to what got added to debian/openvpn.init.d ages ago (LP 1454725) -- Christian Ehrhardt Mon, 20 Aug 2018 13:30:20 +0200 openvpn (2.4.6-1) unstable; urgency=medium [ Jörg Frings-Fürst ] * New upstream release. - Refresh patches. - Fix "does not start if link-mtu is too low" (Closes: #867113). - Fix "auth-tokens are purged if auth-nocache is set" (Closes: #883601). * Migrate to debhelper 11: - Change debian/compat to 11. - Bump minimum debhelper version in debian/control to >= 11. * Declare compliance with Debian Policy 4.1.5 (No changes needed). * New debian/patches/spelling_errors.patch to correct spelling errors. * New debian/patches/systemd.patch to remove obsolete syslog.target. * debian/changelog: - Rewrite to DEP5 copyright format. * debian/control: - Change to my new email address. - Remove trailing whitespaces. * debian/rules: - Remove trailing whitespaces. - Replace outdated dh_installsystemd with dh_systemd_start. - Remove usr/share/doc/openvpn/COPYING. - Replace rm -f with $(RM). * debian/update-resolv-conf: - Fix "preserve order of pushed parameters" (Closes: #807808). Thanks to Thibaut Chèze. - Add syslog message if used without binary resolvconf (Closes: #895135). Thanks to Roger Price . * debian/watch: - Use secure URI. * Remove obsolete debian/openvpn.lintian-overrides. * New README.source to explain the branching model used. -- Jörg Frings-Fürst Mon, 30 Jul 2018 14:08:13 +0200 openvpn (2.4.5-1) unstable; urgency=medium * New upstream version 2.4.5 (Closes: #873302) * Fix wrong Bug# in previous changelog * Change Vcs-* to salsa (gitlab) -- Bernhard Schmidt Sun, 04 Mar 2018 22:23:47 +0100 openvpn (2.4.4-2ubuntu1) bionic; urgency=low * Sync with Debian. Remaining changes: - debian/openvpn@.service: Add "--script-security 2" similar to what got added to debian/openvpn.init.d ages ago (LP: #1454725) - Demote easy-rsa to Suggests (universe package). -- Dimitri John Ledkov Sat, 10 Feb 2018 20:27:56 +0000 openvpn (2.4.4-2) unstable; urgency=medium * Build against OpenSSL 1.1.0 (Closes: #828477) * Bump Standards-Version to 4.1.2, no changes necessary -- Bernhard Schmidt Mon, 11 Dec 2017 00:22:11 +0100 openvpn (2.4.4-1ubuntu1) bionic; urgency=medium * Sync with Debian. Remaining changes: - debian/openvpn@.service: Add "--script-security 2" similar to what got added to debian/openvpn.init.d ages ago (LP: #1454725) - Demote easy-rsa to Suggests (universe package). -- Jeremy Bicha Sat, 28 Oct 2017 15:13:58 -0400 openvpn (2.4.4-1) unstable; urgency=medium [ Jörg Frings-Fürst ] * New Upstream release: - Fix bounds check in read_key() (CVE-2017-12166) (Closes: #877089). * Declare compliance with Debian Policy 4.1.1. (No changes needed). * Drop dh-systemd from both Build-Depends and dh command line as it is enabled by default for dh compat level 10. * New debian/openvpn.lintian-overrides: - Override duplicate upstream changelog warning. * Remote obsolete directory /usr/lib/openvpn (The plugins directory are now /usr/lib/*/openvpn/plugins): - Remove /usr/lib/openvpn from debian/dirs. - Add debian/postrm to remove /usr/lib/openvpn on purge and remove. - Rewrite plugin section at README.Debian * Use pathfind() instead hard coded path for invoke-rc.d at debian/prerm and debian/postinst. * Remove outdated debian/README.source. * Remove obsolete syslog.target from debian/openvpn@.service. * Update Catalan translation (Closes: #870351). - Thanks to Alytidae . * New directory /var/log/openvpn for log and status files (Closes: #444431, #553303): - Add var/log/openvpn into debian/dirs. - New debian/patches/move_log_dir.patch to change the conf files to the new log directory. [ Bernhard Schmidt ] * Further changes to debian/openvpn@.service copied from upstream - Enable Restart=on-failure - Use KillMode=process -- Bernhard Schmidt Wed, 25 Oct 2017 08:14:12 +0200 openvpn (2.4.3-4) unstable; urgency=medium * fix FTBFS on kfreebsd * Adjust debian openvpn@.service to be closer to the upstream ones (Closes: #858558, #864031): - adjust Documentation URL to OpenVPN 2.4 - use systemd READY signalling (Type=notify) - add ProtectHome=true - add After/Wants network-online.target - adjust CapabililtyBoundingSet -- Bernhard Schmidt Fri, 30 Jun 2017 15:39:56 +0200 openvpn (2.4.3-3) unstable; urgency=medium [ Jörg Frings-Fürst ] * debian/control: - Set Bernhard Schmidt as maintainer and myself as Uploader (Closes: #865555) - Many thanks to Alberto Gonzalez Iniesta. - Change Vcs-Browser to cgit. * Migrate to debhelper 10: - Change debian/compat to 10. - Bump minimum debhelper version in debian/control to >= 10. * Declare compliance with Debian Policy 4.0.0. (No changes needed). [ Bernhard Schmidt ] * properly remove obsolete /etc/tmpfiles.d/openvpn.conf using dpkg-maintscript-helper (Closes: #865717) * Change Vcs-Git and Homepage to https -- Bernhard Schmidt Thu, 29 Jun 2017 12:41:31 +0200 openvpn (2.4.3-2) unstable; urgency=medium * The "Bye bye OpenVPN" revenge release * Put upstream tmpfiles conf in the right place and merge with Debian's. (Closes: #865589) -- Alberto Gonzalez Iniesta Fri, 23 Jun 2017 11:43:50 +0200 openvpn (2.4.3-1) unstable; urgency=high * The "Bye bye OpenVPN" release. * New upstream release fixing: (Closes: #865480) - CVE-2017-7508 - CVE-2017-7520 - CVE-2017-7521 - CVE-2017-7522 * Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins * debian/rules: - Remove obsolete options to configure script (enable-password-save, with-plugindir (now in ENV_VARS)) - No need to install upstream's systemd unit files from debian/rules -- Alberto Gonzalez Iniesta Thu, 22 Jun 2017 13:25:45 +0200 openvpn (2.4.0-6) unstable; urgency=medium * Apply upstream patch to fix shrinking MTU sizes on reconnects causing not usable VPN tunnels. -- Alberto Gonzalez Iniesta Mon, 22 May 2017 14:59:49 +0200 openvpn (2.4.0-5) unstable; urgency=high * Change typo fix in command line help. * SECURITY UPDATE: pre-authentication denial-of-service vulnerability (both client and server) from a too-large control packet. - debian/patches/CVE-2017-7478.patch: Do not assert on too-large control packet - CVE-2017-7478 * SECURITY UPDATE: authenticated remote DoS vulnerability due to packet ID rollover - debian/patches/CVE-2017-7479-prereq.patch: merge packet_id_alloc_outgoing() into packet_id_write() - debian/patches/CVE-2017-7479.patch: do not assert when packet ID rollover occurs - CVE-2017-7479 * SECURITY UPDATE: auth tokens left in memory after de-auth - debian/patches/wipe_tokens_on_de-auth.patch: always wipe token as soon as a TLS session is considered broken. * Kudos to Steve Beattie for doing all the backporting work for this upload. -- Alberto Gonzalez Iniesta Thu, 11 May 2017 14:15:21 +0200 openvpn (2.4.0-4ubuntu1.3) zesty-security; urgency=medium * SECURITY UPDATE: Remotely-triggerable ASSERT() on malformed IPv6 packet - debian/patches/CVE-2017-7508.patch: remove assert in src/openvpn/mss.c. - CVE-2017-7508 * SECURITY UPDATE: Remote-triggerable memory leaks - debian/patches/CVE-2017-7512.patch: fix leaks in src/openvpn/ssl_verify_openssl.c. - CVE-2017-7512 * SECURITY UPDATE: Pre-authentication remote crash/information disclosure for clients - debian/patches/CVE-2017-7520.patch: prevent two kinds of stack buffer OOB reads and a crash for invalid input data in src/openvpn/ntlm.c. - CVE-2017-7520 * SECURITY UPDATE: Potential double-free in --x509-alt-username and memory leaks - debian/patches/CVE-2017-7521.patch: fix double-free in src/openvpn/ssl_verify_openssl.c. - CVE-2017-7521 * SECURITY UPDATE: DoS in establish_http_proxy_passthru() - debian/patches/establish_http_proxy_passthru_dos.patch: fix null-pointer dereference in src/openvpn/proxy.c. - No CVE number -- Marc Deslauriers Thu, 22 Jun 2017 08:37:49 -0400 openvpn (2.4.0-4ubuntu1.2) zesty-security; urgency=medium * SECURITY UPDATE: pre-authentication denial-of-service vulnerability (both client and server) from a too-large control packet. - debian/patches/CVE-2017-7478.patch: Do not assert on too-large control packet - CVE-2017-7478 * SECURITY UPDATE: authenticated remote DoS vulnerability due to packet ID rollover - debian/patches/CVE-2017-7479-prereq.patch: merge packet_id_alloc_outgoing() into packet_id_write() - debian/patches/CVE-2017-7478.patch: do not assert when packet ID rollover occurs - CVE-2017-7478 * SECURITY UPDATE: auth tokens left in memory after de-auth - debian/patches/wipe_tokens_on_de-auth.patch: always wipe token as soon as a TLS session is considered broken. -- Steve Beattie Wed, 10 May 2017 15:21:05 -0700 openvpn (2.4.0-4ubuntu1) zesty; urgency=medium * Merge with Debian unstable. Remaining Ubuntu changes: - debian/openvpn@.service: Add "--script-security 2" similar to what got added to debian/openvpn.init.d ages ago (LP: #1454725) - Demote easy-rsa to Suggests (universe package). * Drop: - debian/control: Actually drop the initscripts dependency. (Closes: #804968). Already in Debian -- Jon Grimm Fri, 10 Feb 2017 12:16:57 -0600 openvpn (2.4.0-4) unstable; urgency=medium * Add NEWS entries on possible 2.4 migration issues. (Closes: #852381, #849909) -- Alberto Gonzalez Iniesta Thu, 02 Feb 2017 14:15:42 +0100 openvpn (2.4.0-3) unstable; urgency=medium * You shall run debdiff even when the change is only a word, or you may find out the word was not there... * Add liblz4-dev to Build-Depends. (Closing: #849563 for real) -- Alberto Gonzalez Iniesta Thu, 29 Dec 2016 09:41:17 +0100 openvpn (2.4.0-2) unstable; urgency=medium * Enable lz4 compression (Closes: #849563). Thanks Laurent Bigonville for noticing. -- Alberto Gonzalez Iniesta Wed, 28 Dec 2016 18:43:12 +0100 openvpn (2.4.0-1) unstable; urgency=medium * New upstream release. * Refresh debian/patches to new upstream coding style. * debian/NEWS.Debian. Add note on removed tls-remote option (Closes: #848062) -- Alberto Gonzalez Iniesta Tue, 27 Dec 2016 18:29:43 +0100 openvpn (2.4~rc1-2) unstable; urgency=medium * Make lintian happy: - Update debian/watch - Remove .gitignore file from samples - Add Depends on lsb-base - Move bash completion file to /usr/share - Remove unneeded dot in manpage - Bump Standards-Version * debian/patches/kfreebsd_support: Update patch for 2.4 series. -- Alberto Gonzalez Iniesta Mon, 12 Dec 2016 20:20:09 +0100 openvpn (2.4~rc1-1) unstable; urgency=medium * New upstream release * Update close_socket_before_scripts.patch to upstream's version * Add /etc/openvpn/client & /etc/openvpn/server directories for upstream's systemd units. -- Alberto Gonzalez Iniesta Sat, 10 Dec 2016 19:06:15 +0100 openvpn (2.4~beta1-1) experimental; urgency=medium * New upstream release * Change Build-Dep on libssl-dev to libssl1.0-dev since upstream is not transitioning to libssl1.1 yet. * Moved to debhelper compat 9. -- Alberto Gonzalez Iniesta Mon, 21 Nov 2016 10:15:40 +0100 openvpn (2.3.11-2) unstable; urgency=medium * Remove dependency on initscripts. (Closes: #804968) * README.Debian. Fix CapabilityBoundingSet reference. -- Alberto Gonzalez Iniesta Mon, 23 May 2016 09:55:30 +0200 openvpn (2.3.11-1ubuntu2) yakkety; urgency=medium * debian/control: Actually drop the initscripts dependency. (Closes: #804968) -- Martin Pitt Wed, 22 Jun 2016 16:54:51 +0200 openvpn (2.3.11-1ubuntu1) yakkety; urgency=medium * Merge with Debian unstable. Remaining Ubuntu changes: - debian/openvpn@.service: Add "--script-security 2" similar to what got added to debian/openvpn.init.d ages ago (see LP: #260291). - Demote easy-rsa to Suggests (universe package). * Drop intrusive changes (showing per-VPN result messages) from debian/openvpn.init.d. This isn't being used under systemd. -- Martin Pitt Fri, 20 May 2016 17:30:27 +0200 openvpn (2.3.11-1) unstable; urgency=medium * New upstream release. * tun.c: patch to fix FTBFS in kfreebsd. (Closes: #815283) Thanks Steven Chamberlain for the patch. * README.Debian: Document limits in the service file. (Closes: #819919, #823621) * Removed versioned dependency on initscripts. (Closes: #804968) -- Alberto Gonzalez Iniesta Tue, 10 May 2016 17:41:53 +0200 openvpn (2.3.10-1ubuntu2) xenial; urgency=medium * debian/openvpn@.service: Add --script-security similar to what got added to debian/openvpn.init.d ages ago (see LP #260291). (LP: #1454725) -- Martin Pitt Tue, 02 Feb 2016 13:33:39 +0100 openvpn (2.3.10-1ubuntu1) xenial; urgency=medium * Merge with Debian unstable (LP: #1536568). Remaining Ubuntu changes: - debian/openvpn.init.d: + Do not use start-stop-daemon and Thu, 21 Jan 2016 11:37:08 +0100 openvpn (2.3.10-1) unstable; urgency=medium * New upstream release. (Closes: #804368) Drop password_prompt_in_systemd.patch. Applied upstream. * Unify pidfile path on systemd and sysV. (Closes: #811010) Thanks Guillem Jover for noticing. * Increase start-stop-daemon timeout on stop to let openvpn tear down the connection properly in some cases. (Closes: #799592, #796914) * Add CAP_AUDIT_WRITE to openvpn@.service CapabilityBoundingSet to fix auth-pam plugin. (Closes: #795313) * Patch from Martin Pitt to start OpenVPN before user sessions to avoid hidding possible password prompts. (Closes: #803032) * Make another copy of t_client.sh to help keeping the build environment clean. (Closes: #765447) -- Alberto Gonzalez Iniesta Wed, 20 Jan 2016 12:01:36 +0100 openvpn (2.3.8-1ubuntu1) xenial; urgency=medium * Merge with Debian unstable. Remaining Ubuntu changes: - debian/openvpn.init.d: + Do not use start-stop-daemon and Mon, 04 Jan 2016 11:48:31 +0100 openvpn (2.3.8-1) unstable; urgency=medium * New upstream release. Drop patch from 2.3.7-2. Hopefully (Closes: #791829) * Apply upstream fix for systemd password prompt that delayed this upload. Sorry SysV users. * debian/rules: remove obsolete options (*-path) to configure * openvpn@.service: Use KillMode=mixed to fix signaling of some plugins. (Closes: #792907). Also add PrivateTmp & LimitNPROC options. Thanks Daniel Hahler for the patch. -- Alberto Gonzalez Iniesta Wed, 28 Oct 2015 17:34:26 +0100 openvpn (2.3.7-2ubuntu1) xenial; urgency=medium * Merge with Debian unstable. Remaining Ubuntu changes: - debian/openvpn.init.d: + Do not use start-stop-daemon and Mon, 26 Oct 2015 09:32:31 +0100 openvpn (2.3.7-2) unstable; urgency=medium * Move libsystemd-daemon-dev Build-Dep to libsystemd-dev. Add Build-Dep on systemd. (Closes: #791904) * Bumped Standards-Version to 3.9.6 * Apply upstream patch to fix stdin password prompt. (Closes: #791829) -- Alberto Gonzalez Iniesta Tue, 08 Sep 2015 08:23:19 +0000 openvpn (2.3.7-1ubuntu1) wily; urgency=medium * Merge with Debian unstable. Remaining Ubuntu changes: - debian/openvpn.init.d: + Do not use start-stop-daemon and Wed, 08 Jul 2015 12:28:54 +0200 openvpn (2.3.7-1) unstable; urgency=medium * New upstream version * Add --no-block to if-up.d script to avoid hanging boot on interfaces with openvpn instances. (Closes: #787090, #785200) * Add ProtectSystem=yes to systemd's service file. (Closes: #771626) * Removed upstream applied patches: - 0001-Drop-too-short-control-channel-packets-instead-of-as.patch - update_sample_certs.patch -- Alberto Gonzalez Iniesta Wed, 01 Jul 2015 13:19:26 +0200 openvpn (2.3.5-1) unstable; urgency=medium * New upstream release. Removed patches applied upstream: client_connect_tmp_files.patch better_systemd_detection.patch * Add Build-Depends on libsystemd-daemon-dev. -- Alberto Gonzalez Iniesta Wed, 29 Oct 2014 17:44:06 +0100 openvpn (2.3.4-5ubuntu1) wily; urgency=medium * Merge with Debian unstable. Remaining Ubuntu changes: - debian/openvpn.init.d: + Do not use start-stop-daemon and Thu, 07 May 2015 15:35:52 +0200 openvpn (2.3.4-5) unstable; urgency=high * Apply upstream patch that fixes possible DoS by authenticated clients. CVE-2014-8104 * Patch sample certs since they were expired and made the package build fail. (Closes: #770835) -- Alberto Gonzalez Iniesta Mon, 01 Dec 2014 16:10:37 +0100 openvpn (2.3.4-4) unstable; urgency=medium * Use dh-systemd in order to enable the service unit. (Closes: #768411) * Add comment on /etc/default/openvpn file about options not supported on systemd. (Closes: #768384) -- Alberto Gonzalez Iniesta Fri, 07 Nov 2014 13:59:54 +0100 openvpn (2.3.4-3) unstable; urgency=medium * Apply patch by Samuel Thibault to clean up temporary files. (Closes: #764651). Thanks Samuel! -- Alberto Gonzalez Iniesta Mon, 13 Oct 2014 18:24:03 +0200 openvpn (2.3.4-2) unstable; urgency=medium * openvpn.service. Remove ExecStop, add ExecReload. Fixes reload of openvpn service. (Closes: #763411) -- Alberto Gonzalez Iniesta Tue, 30 Sep 2014 13:05:45 +0200 openvpn (2.3.4-1) unstable; urgency=medium * Upload to unstable. * New upstream release. (Closes: #752568) * Add Turkish debconf translation. (Closes: #759879) * Replace openvpn-systemd-helper with a systemd generator. Thanks Ondřej Surý, Ansgar Burchardt and postgresql-common for the ideas, help and inspiration. * Bumped Standards-Version to 3.9.5 * debian/control: Add Vcs-* -- Alberto Gonzalez Iniesta Tue, 02 Sep 2014 12:06:06 +0200 openvpn (2.3.3-1) experimental; urgency=medium * Install tmpfiles.d configuration to create /run/openvpn in systemd. Properly fixing #741938. * Add reload to openvpn@.service. (Closes: #747840) * New upstream release * New openvpn.service to override LSB script when running systemd. (Closes: #700888) * Apply patch from upstream's BTS to improve systemd detection. (Closes: #747265) -- Alberto Gonzalez Iniesta Mon, 17 Mar 2014 19:40:12 +0100 openvpn (2.3.2-9ubuntu4) vivid; urgency=medium * Run openvpn@.service before systemd-user-sessions.service to avoid gettys and lightdm starting on top of possible password prompts. This provides the equivalent of the init.d script's X-Start-Before:. -- Martin Pitt Mon, 13 Apr 2015 16:09:01 -0500 openvpn (2.3.2-9ubuntu3) vivid; urgency=medium * Add better_systemd_detection.patch to avoid calling systemd-ask-password under upstart. Backported from upstream. (Closes: #747265) * Add systemd unit and generator from current Debian package. This avoids using the init.d script, which unnecessarily blocks lightdm startup on the network becoming online even if there are no auto-start connections (LP: #1443489). -- Martin Pitt Mon, 13 Apr 2015 11:22:56 -0500 openvpn (2.3.2-9ubuntu2) vivid; urgency=medium * SECURITY UPDATE: server denial of service via too-short control channel packets - debian/patches/CVE-2014-8104.patch: drop too-short control channel packets instead of asserting out in src/openvpn/ssl.c. - CVE-2014-8104 * debian/patches/update_certs.patch: update test certs to fix FTBFS. -- Marc Deslauriers Mon, 01 Dec 2014 15:26:58 -0500 openvpn (2.3.2-9ubuntu1) utopic; urgency=medium * Merge from Debian unstable. Remaining changes: - debian/openvpn.init.d: + Do not use start-stop-daemon and Fri, 02 May 2014 16:00:55 -0400 openvpn (2.3.2-9) unstable; urgency=medium * Create /run/openvpn in init script even if no VPN is autostarted by it. (Closes: #741938) * Fix systemd detection based on /run/systemd/system. -- Alberto Gonzalez Iniesta Mon, 17 Mar 2014 15:40:02 +0100 openvpn (2.3.2-8) unstable; urgency=medium * Add support for systemd. (Closes: #700888) Add openvpn@.service and --enable-systemd to ./configure. -- Alberto Gonzalez Iniesta Fri, 14 Mar 2014 12:59:57 +0100 openvpn (2.3.2-7ubuntu3) trusty; urgency=medium [ Simon Deziel ] * Refresh delta with debian/openvpn.init.d: - Make stop action reliable by killing if needed (LP: #1274254, LP: #1200519) - Use new path for status file (LP: #1261088) -- Stéphane Graber Tue, 04 Feb 2014 09:31:39 -0500 openvpn (2.3.2-7ubuntu2) trusty; urgency=medium * Patch libtool.m4 and configure to support ppc64el. -- Matthias Klose Mon, 30 Dec 2013 12:32:35 +0100 openvpn (2.3.2-7ubuntu1) trusty; urgency=low * Merge from Debian unstable. Remaining changes: - debian/openvpn.init.d: + Do not use start-stop-daemon and Mon, 02 Dec 2013 18:14:42 -0500 openvpn (2.3.2-7) unstable; urgency=low * Fix postinst when no *.pid files exist in /run/sendsigs.omit.d/. (Closes: #730679) -- Alberto Gonzalez Iniesta Thu, 28 Nov 2013 13:05:31 +0100 openvpn (2.3.2-6) unstable; urgency=low * Move PID and status files to openvpn subdir in /run. (Closes: #614036). Thanks Stephen Gildea for the patch and Simon Deziel for the upgrade path. * Add --enable-x509-alt-username option to ./configure -- Alberto Gonzalez Iniesta Wed, 27 Nov 2013 13:58:33 +0100 openvpn (2.3.2-5ubuntu1) trusty; urgency=low * Merge from Debian unstable. Remaining changes: - debian/openvpn.init.d: + Do not use start-stop-daemon and Mon, 21 Oct 2013 13:07:37 -0400 openvpn (2.3.2-5) unstable; urgency=low * Patch init script to fix race conditions on restarts. (Closes: #716794). Thanks Simon Deziel for the patch. * Improve update-resolv-conf script. Thanks Thomas Hood for the patch. (Closes: #721082) -- Alberto Gonzalez Iniesta Mon, 15 Jul 2013 16:10:59 +0200 openvpn (2.3.2-4ubuntu1) saucy; urgency=low * Merge from Debian unstable. Remaining changes: - debian/openvpn.init.d: + Do not use start-stop-daemon and Tue, 09 Jul 2013 17:20:31 -0400 openvpn (2.3.2-4) unstable; urgency=low * Fix depends on iproute to iproute2. -- Alberto Gonzalez Iniesta Fri, 21 Jun 2013 11:17:52 +0200 openvpn (2.3.2-3) unstable; urgency=low * Add iproute2 support on linux archs. * Add versioned Build-Depends on dpkg-dev since --export=configure is used. (Closes: #697560) -- Alberto Gonzalez Iniesta Thu, 20 Jun 2013 13:23:24 +0200 openvpn (2.3.2-2) unstable; urgency=low * Add pkg-config to Build-Depends while waiting for libpkcs11-helper1-dev's maintainter to decide if he includes pkg-config as a Depends. Thanks Roland Stigge for finding out. (Closes: #711076) -- Alberto Gonzalez Iniesta Wed, 05 Jun 2013 16:39:27 +0200 openvpn (2.3.2-1) unstable; urgency=low * New upstream version. Less messages about script security (Closes: #573129) * Add --enable-pkcs11 to configure to avoid losing PKCS11. Thanks Jaak Pruulmann-Vengerfeldt for noticing before the upload! (Closes: #710085) -- Alberto Gonzalez Iniesta Mon, 03 Jun 2013 18:48:44 +0200 openvpn (2.3.1-2ubuntu2) saucy; urgency=low * Move easy-rsa from Recommends to Suggests as it's not in main and isn't actually required to operate an openvpn server. -- Stéphane Graber Wed, 19 Jun 2013 14:37:54 -0400 openvpn (2.3.1-2ubuntu1) saucy; urgency=low * Merge from Debian unstable. Remaining changes: - debian/openvpn.init.d: + Do not use start-stop-daemon and Fri, 24 May 2013 17:42:45 -0400 openvpn (2.3.1-2) unstable; urgency=low * Add net-tools to Build-Depends. (Closes: #709108) -- Alberto Gonzalez Iniesta Tue, 21 May 2013 12:31:39 +0200 openvpn (2.3.1-1) unstable; urgency=low * New upstream version. Fixes use of non-constant-time memcmp in HMAC comparison. CVE-2013-2061 (Closes: #707329) -- Alberto Gonzalez Iniesta Fri, 17 May 2013 11:54:31 +0200 openvpn (2.3.0-1) experimental; urgency=low * New upstream release * Add easy-rsa to Recommends -- Alberto Gonzalez Iniesta Mon, 12 Nov 2012 16:56:47 +0100 openvpn (2.3~rc1-1) experimental; urgency=low * Upload to experimental * New upstream release with reworked build system -- Alberto Gonzalez Iniesta Mon, 05 Nov 2012 16:31:15 +0100 openvpn (2.2.1-8ubuntu3) raring; urgency=low [ Marc Gariépy ] * Add --script-security to the init.d script (was generated but not passed to openvpn). (LP: #1124398) -- Stéphane Graber Wed, 13 Feb 2013 16:10:48 -0500 openvpn (2.2.1-8ubuntu2) quantal; urgency=low * Rebuild for new armel compiler default of ARMv5t. -- Colin Watson Mon, 08 Oct 2012 08:36:47 +0100 openvpn (2.2.1-8ubuntu1) precise; urgency=low * Merge at Simon Deziel's request to build with PIE. * Merge from Debian unstable. Remaining changes: + debian/openvpn.init.d: - Do not use start-stop-daemon and = 3.2-14 to allow status_of_proc() -- Stéphane Graber Fri, 30 Mar 2012 13:19:09 -0400 openvpn (2.2.1-8) unstable; urgency=low * Enable "PIE" and "BINDOW" hardening flags. -- Alberto Gonzalez Iniesta Fri, 23 Mar 2012 10:40:39 +0100 openvpn (2.2.1-7) unstable; urgency=low * Add dpkg-buildflags call on plugins built too. Thanks Simon Ruderich for finding out, the nice patch and clarification. (Closes: #655130) -- Alberto Gonzalez Iniesta Fri, 16 Mar 2012 10:49:28 +0100 openvpn (2.2.1-6) unstable; urgency=low * /run transition: Replaced usage of /dev/.udev with /run/udev, when checking for the usage of udev. Depend on initscripts (>= 2.88dsf-13.3) to guarantee the existence of /run/udev in case udev is being used. (Closes: #644321) Patch by Pieter du Preez. -- Alberto Gonzalez Iniesta Fri, 09 Mar 2012 13:44:50 +0100 openvpn (2.2.1-5ubuntu1) precise; urgency=low * Merge from Debian unstable. Remaining changes: (LP: #907828) + debian/openvpn.init.d: - Do not use start-stop-daemon and = 3.2-14 to allow status_of_proc() -- Stéphane Graber Sat, 25 Feb 2012 21:08:48 -0500 openvpn (2.2.1-5) unstable; urgency=low * Avoid sending ICMP redirects when using tun devices and "subnet" topology. Thanks Simon Deziel for testing and the patch. (Closes: #656241) The init.d script will set all.send_redirects=0 when using "dev tun" and "topology subnet". More info in README.Debian. * Several manpage fixes -- Alberto Gonzalez Iniesta Thu, 23 Feb 2012 17:25:54 +0100 openvpn (2.2.1-4) unstable; urgency=low * Use dpkg-buildflags to fill CFLAGS in ./configure. (Closes: #655130) * debian/rules: Moved to dh. * debian/rules: Changed DEB_BUILD_ARCH_OS with DEB_HOST_ARCH_OS. * Removed quilt Build-Depends. * debian/openvpn.default: Clarify what "vpn name" refers to. (Closes: #657610) -- Alberto Gonzalez Iniesta Wed, 08 Feb 2012 16:31:32 +0100 openvpn (2.2.1-3ubuntu1) precise; urgency=low * Merge from Debian testing. Remaining changes: + debian/openvpn.init.d: - Do not use start-stop-daemon and = 3.2-14 to allow status_of_proc() + debian/update-resolv-conf: Support multiple domains. + fix bug where '--script-security 2' would be passed for all daemons after the first. (LP: #794916) -- Chuck Short Sat, 31 Dec 2011 04:55:56 +0000 openvpn (2.2.1-3) unstable; urgency=low * The iproute fiasco release. * Remove --enable-iproute2 dependency since it's only available in Linux. Write that in the changelog so I don't forget _again_ why iproute is not set... (Closes: #652702) -- Alberto Gonzalez Iniesta Tue, 20 Dec 2011 13:06:05 +0100 openvpn (2.2.1-2) unstable; urgency=low * debian/rules: Force path to 'ip' command so that it's set correctly even if not present (in the buildd). (Closes: #652702) * Fix OMIT_SENDSIGS logic on init.d script. (Closes: #652703) -- Alberto Gonzalez Iniesta Tue, 20 Dec 2011 07:21:07 +0100 openvpn (2.2.1-1) unstable; urgency=low * New upstream release * Added OMIT_SENDSIGS option in init.d script to let openvpn run after sendsigs on system reboot or shutdown. (Closes: #636864) * Configure with --enable-iproute2. * Change path to route on kFreeBSD. (Closes: #646221) Thanks Robert Millan. -- Alberto Gonzalez Iniesta Tue, 13 Dec 2011 11:04:22 +0100 openvpn (2.2.0-2ubuntu1) oneiric; urgency=low * Merge from debian unstable. Remaining changes: + debian/openvpn.init.d: - Do not use start-stop-daemon and = 3.2-14 to allow status_of_proc() + debian/update-resolv-conf: Support multiple domains. + fix bug where '--script-security 2' would be passed for all daemons after the first. (LP: #794916 -- Chuck Short Thu, 16 Jun 2011 18:33:37 +0100 openvpn (2.2.0-2) unstable; urgency=low * Upload to unstable * debian/control: added Homepage field * Added debian/watch file * debian/patches: Added descriptions/authors/etc. to patches -- Alberto Gonzalez Iniesta Wed, 15 Jun 2011 12:28:15 +0200 openvpn (2.2.0-1) experimental; urgency=low * New upstream release (Closes: #625281) * Removed Depends on open(ssl|vpn)-blacklist, since debian_openssl_vulnkeys.patch is no longer used. Removed templates referring it too. * Removed manpage_dash_escaping.patch, applied upstream * Removed attemping_typo, applied upstream * Removed counter_type_for_bytes.patch, applied upstream * Removed eurephia.patch, applied upstream * Updated JuanJo's & Gert's IPv6 patches * Removed versioned Depends on libssl (Closes: #623503) * Improved kFreeBSD support. Thanks Gonéri Le Bouder for the patch (Closes: #626062) * Updated Dutch debconf templates. (Closes: #625526) -- Alberto Gonzalez Iniesta Tue, 10 May 2011 16:17:00 +0200 openvpn (2.1.3-5) experimental; urgency=low * Upload to experimental. * Add ipv6 payload patch by Gert Doering. (Closes: #604071) -- Alberto Gonzalez Iniesta Tue, 22 Mar 2011 10:57:18 +0100 openvpn (2.1.3-4.1ubuntu2) oneiric; urgency=low [Alexander Zielke] * fix bug where '--script-security 2' would be passed for all daemons after the first. (LP: #794916) -- Scott Moser Thu, 09 Jun 2011 13:59:08 -0400 openvpn (2.1.3-4.1ubuntu1) oneiric; urgency=low * Merge from debian unstable. Remaining changes: + debian/openvpn.init.d: - Do not use start-stop-daemon and = 3.2-14 to allow status_of_proc() + debian/update-resolv-conf: Support multiple domains. -- Chuck Short Tue, 17 May 2011 02:14:39 +0100 openvpn (2.1.3-4.1) unstable; urgency=low * Non-maintainer upload. * Drop hard-coded dependency on libssl0.9.8. (Closes: #623503) -- Philipp Kern Mon, 09 May 2011 23:20:03 +0200 openvpn (2.1.3-4ubuntu1) oneiric; urgency=low * Merge from debian unstable. Remaining changes: + debian/openvpn.init.d: - Do not use start-stop-daemon and = 3.2-14 to allow status_of_proc() + debian/update-resolv-conf: Support multiple domains. -- Chuck Short Tue, 22 Mar 2011 23:28:26 +0000 openvpn (2.1.3-4) unstable; urgency=low * Updated JuanJo's IPv6 patch. Now really fixes use from xinetd. Thanks JuanJo & Christian Weinberger for testing it (Closes: #574164) * Removed debian_openssl_vulnkeys.patch since we're Etch + 2 now. (Closes: #484105, #487994) -- Alberto Gonzalez Iniesta Tue, 22 Mar 2011 10:04:21 +0100 openvpn (2.1.3-3) unstable; urgency=low * Updated JuanJo's IPv6 patch. Fixes use from xinetd (Closes: #574164) * Patched update-resolv-conf to support multiple DNS search domains. Thanks Jeremy Zawodny and Dave Walker for the patch. (Closes: #617740) * Added a note about bridge-utils helpers in README.Debian. Thanks Sven Hoexter. (Closes: #599192) * Updated Danish debconf templates. (Closes: #608425) -- Alberto Gonzalez Iniesta Fri, 11 Mar 2011 13:08:12 +0100 openvpn (2.1.3-2ubuntu3) natty; urgency=low * update-resolv-conf: Correctly handle multiple dns search domains, using the same logic as nameservers. Patch courtesy of Jeremy Zawodny. (LP: #662847) -- Dave Walker (Daviey) Fri, 11 Mar 2011 00:23:59 +0000 openvpn (2.1.3-2ubuntu2) natty; urgency=low * update-resolv-conf: Support mulitple domains (LP: #714358) -- Chuck Short Mon, 14 Feb 2011 15:21:46 -0500 openvpn (2.1.3-2ubuntu1) natty; urgency=low * Merge from debian unstable. Remaining changes: + debian/openvpn.init.d: - Do not use start-stop-daemon and = 3.2-14 to allow status_of_proc() -- Chuck Short Sat, 23 Oct 2010 01:59:28 +0100 openvpn (2.1.3-2) unstable; urgency=low * Applied upstream patch to solve random routes added when using 'remote_host'. (Closes: #600166) -- Alberto Gonzalez Iniesta Thu, 21 Oct 2010 12:21:33 +0200 openvpn (2.1.3-1ubuntu2) natty; urgency=low * Fix jjo-ipv6-support.patch to avoid assertion failure at socket.c:629 in corner cases where ! host && addr (LP: #627973) -- Thierry Carrez (ttx) Wed, 20 Oct 2010 16:22:25 +0200 openvpn (2.1.3-1ubuntu1) natty; urgency=low * Merge from debian unstable. Remaining changes: + debian/openvpn.init.d: - Do not use start-stop-daemon and = 3.2-14 to allow status_of_proc() -- Chuck Short Tue, 05 Oct 2010 06:21:14 +0100 openvpn (2.1.3-1) unstable; urgency=low * New upstream release (Closes: #595684) * Fixed multiple building in a row (Closes: #592086) * Added handling of newer DEB_BUILD_OPTIONS. Thanks Lionel Elie Mamane for the patch. (Closes: #592098) * Updated IPv6 patch from JuanJo Ciarlante. Fixes --multihome option. (Closes: #562099) -- Alberto Gonzalez Iniesta Wed, 29 Sep 2010 13:07:37 +0200 openvpn (2.1.0-3ubuntu1) maverick; urgency=low * Merge from debian unstable. Remaining changes: + debian/openvpn.init.d: - Do not use start-stop-daemon and use = 3.2-14 to allow status_of_proc() -- Chuck Short Mon, 12 Jul 2010 09:39:43 -0400 openvpn (2.1.0-3) unstable; urgency=low * The 'happy birthday to me' release * Fixed client hang when server does not push anything. (Closes: #587414) Thanks Thierry Carrez for the heads up. * Document possible problems when using 'chroot' option -- Alberto Gonzalez Iniesta Fri, 09 Jul 2010 12:22:09 +0200 openvpn (2.1.0-2ubuntu2) maverick; urgency=low * debian/patches/client_hang_when_server_dont_push.patch: Fix client hanging on PUSH_REQUEST when server does not push any option (LP: #579737) -- Thierry Carrez Mon, 28 Jun 2010 10:45:23 +0200 openvpn (2.1.0-2ubuntu1) maverick; urgency=low * Merge from debian unstable. Remaining changes: + debian/openvpn.init.d: - Do not use start-stop-daemon and use = 3.2-14 to allow status_of_proc() -- Chuck Short Wed, 05 May 2010 03:06:19 +0100 openvpn (2.1.0-2) unstable; urgency=low * Patched ssl.[ch] to fix integer overflow. (Closes: #576827) Thanks David Sommerseth for the patch. * Fixed manpage typo. (Closes: #576823) * Bloat the init.d script with more dependencies required by the new init systems. Sucky. (Closes: #568647, #553338) * Reworded README.Debian (Closes: #550164) * Switch to dpkg-source 3.0 (quilt) format -- Alberto Gonzalez Iniesta Sat, 10 Apr 2010 17:26:42 +0200 openvpn (2.1.0-1ubuntu1) lucid; urgency=low * Merge from debian testing (LP: #509078), remaining changes: + debian/openvpn.init.d: - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot - Show per-VPN result messages - Add "--script-security 2" by default for backwards compatibility + debian/control: Add lsb-base >= 3.2-14 to allow status_of_proc() -- Jan Brinkmann Fri, 22 Jan 2010 00:47:33 +0100 openvpn (2.1.0-1) unstable; urgency=low * New upstream release * init.d script: added soft-restart to the options output. (Closes: #558174) * debian/control: Promoted net-tools from Recommends to Depends. (Closes: #557906) -- Alberto Gonzalez Iniesta Fri, 11 Dec 2009 12:08:50 +0100 openvpn (2.1~rc22-1) unstable; urgency=low * New upstream release * Added a note on LDAP+TLS problems in README.Debian -- Alberto Gonzalez Iniesta Fri, 04 Dec 2009 16:33:02 +0100 openvpn (2.1~rc21-2) unstable; urgency=low * debian/patches: Added eurephia.patch to support eurephia plug-in. * debian/patches: updated openvpn over ipv6 support to v0.4.10 -- Alberto Gonzalez Iniesta Thu, 19 Nov 2009 18:00:27 +0100 openvpn (2.1~rc21-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Thu, 12 Nov 2009 12:19:26 +0100 openvpn (2.1~rc20-3) unstable; urgency=low * Updated debian_openssl_vulnkeys.patch to fix false vulnerable key detection. (Closes: #483139). Thanks a lot Kees Cook and Jamie Strandboge for working on this! -- Alberto Gonzalez Iniesta Wed, 04 Nov 2009 17:18:03 +0100 openvpn (2.1~rc20-2ubuntu1) lucid; urgency=low * Merge from debian testing, remaining changes: + debian/openvpn.init.d: - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot. - show per-VPN result messages - add "--script-security 2" by default for backwards compatibility - Add lab-base >= 3.2-14 to allow status_of_proc() + Dropped debian/patches/redirect-gateway.patch: Already applied upstream. -- Chuck Short Fri, 06 Nov 2009 01:36:35 +0000 openvpn (2.1~rc20-2) unstable; urgency=low * init.d script: Added X-Interactive header. (Closes: #549424) * patches/jjo-ipv6-support.patch: Added ipv6 support. (Closes: #307846) Patch from JuanJo Ciarlante. -- Alberto Gonzalez Iniesta Tue, 06 Oct 2009 13:04:07 +0200 openvpn (2.1~rc20-1) unstable; urgency=low * New upstream version. - Fixes redirect-gateway option parsing. (Closes: #541450) * Changed init.d Provides from 'vpn' to 'openvpn'. (Closes: #497563) -- Alberto Gonzalez Iniesta Fri, 02 Oct 2009 17:24:38 +0200 openvpn (2.1~rc19-2) unstable; urgency=low * Fixed init.d script to depend on $remote_fs and $syslog (Closes: #539764) * Added debian/README.source * Bumped Standards-Version to 3.8.3 -- Alberto Gonzalez Iniesta Sun, 30 Aug 2009 20:20:11 +0200 openvpn (2.1~rc19-1ubuntu2) karmic; urgency=low * debian/patches/redirect-gateway.patch: Fix regression introduced in 2.1rc17 that makes redirect-gateway (without options) to be ignored. Patch cherrypicked from upstream 2.1rc20 (SVN r5011), LP: #445695 -- Thierry Carrez Tue, 13 Oct 2009 09:31:20 +0200 openvpn (2.1~rc19-1ubuntu1) karmic; urgency=low * Merge from debian unstable (LP: #404099), remaining changes: - debian/openvpn.init.d: - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot - show per-VPN result messages - add "--script-security 2" by default for backwards compatibility - Added lsb-base>=3.2-14 depend to allow status_of_proc() -- Bhavani Shankar Fri, 24 Jul 2009 19:22:13 +0530 openvpn (2.1~rc19-1) unstable; urgency=low * New upstream version - Removed remote_env.patch, applied upstream - trusted_ip is exported again. (Closes: #524979) * Bumped Standards-Version to 3.8.2 -- Alberto Gonzalez Iniesta Tue, 21 Jul 2009 17:00:56 +0200 openvpn (2.1~rc15-1ubuntu1) karmic; urgency=low * Merge from debian unstable (LP: #372358), remaining changes: - debian/openvpn.init.d: - Do not use start-stop-daemon and use < /dev/null to avoid blocking boot - show per-VPN result messages - add "--script-security 2" by default for backwards compatibility - Added lsb-base>=3.2-14 depend to allow status_of_proc() -- Andres Rodriguez Tue, 05 May 2009 14:25:37 -0500 openvpn (2.1~rc15-1) unstable; urgency=low * New upstream version (Closes: #515575) * remote_env.patch: patched options.c to fix remote* enviroment vars. * openvpn-pkcs11warn.patch: warn on deprecated pkcs11 options. Thanks A LOT to Florian Kulzer for the README.Debian text & patch! (Closes: #475353) * Removed lladdr-is-not-ip.patch, since it was included upstream. * init.d script: Use start-stop-daemon to avoid failure on start when a PID file is not deleted. (Closes: #445061) * init.d script: Added 'status' action. Thanks Thierry Carrez for the patch. (Closes: #498493) * Updated debian/copyright: Point to GPL-2 * Updated debian/control: Added ${misc:Depends} * Bumped Standards-Version to 3.8.1 * Moved to debhelper compat 7. -- Alberto Gonzalez Iniesta Thu, 30 Apr 2009 12:35:05 +0200 openvpn (2.1~rc11-1ubuntu3) jaunty; urgency=low * debian/openvpn.init.d: - Fix unexpected operator on startup (LP: #340120) -- Michael Jeanson Mon, 09 Mar 2009 16:02:50 -0400 openvpn (2.1~rc11-1ubuntu2) intrepid; urgency=low * debian/openvpn.init.d: - Revert fix from #454371 that was merged at 2.1~rc7-4 to prevent openvpn prompts from blocking the boot (LP: #280428) - Fix VPNs always reported started [ OK ] -- Thierry Carrez Wed, 15 Oct 2008 17:12:54 +0200 openvpn (2.1~rc11-1ubuntu1) intrepid; urgency=low * Merge with Debian (LP: #279655), remaining diffs: - debian/openvpn.init.d: Added 'status' action to init script, show per-VPN result messages and add "--script-security 2" by default for backwards compatibility - debian/control: Added lsb-base>=3.2-14 depend to allow status_of_proc() * Fixes regression when calling commands with arguments (LP: #277447) -- Thierry Carrez Tue, 07 Oct 2008 16:30:44 +0200 openvpn (2.1~rc11-1) unstable; urgency=low * New upstream version - Fixes TLS negotiation problems (Closes: #496649) * Patched options.c, socket.c and socket.h to correctly check for MAC addresses on lladdr parm. (Closes: #496141) Thanks hoverhell@gmail.com for the patch. * init.d script: exit with 0 status when trying to start an already running VPN. (Closes: #499247) -- Alberto Gonzalez Iniesta Wed, 17 Sep 2008 13:43:22 +0200 openvpn (2.1~rc10-1) unstable; urgency=low * New upstream version. - Fixed calls to external commands with arguments. (Closes: #495964, #496314, #497411) -- Alberto Gonzalez Iniesta Thu, 11 Sep 2008 16:58:37 +0200 openvpn (2.1~rc9-3ubuntu2) intrepid; urgency=low * debian/openvpn.init.d: - Added 'status' action to init script (LP: #251641) - Restored per-VPN result messages by using log_action_begin_msg and one log_daemon_msg per VPN instead of log_progress_msg (LP: #264966) * debian/control: Added lsb-base>=3.2-14 depend to allow status_of_proc() -- Thierry Carrez Tue, 09 Sep 2008 10:45:45 +0200 openvpn (2.1~rc9-3ubuntu1) intrepid; urgency=low * debian/openvpn.init.d: Add "--script-security 2" by default for backwards compatibility (LP: #260291) -- Chuck Short Mon, 25 Aug 2008 10:20:31 -0400 openvpn (2.1~rc9-3) unstable; urgency=low * debian/rules: run ./configure with path to 'route', for those build daemons without 'route'. (Closes: #495082) * Created NEWS.Debian with info on new option script-security. (Closes: #494998) -- Alberto Gonzalez Iniesta Sat, 16 Aug 2008 13:34:24 +0200 openvpn (2.1~rc9-2) unstable; urgency=low * debian/rules: run ./configure with path to ifconfig, for those build daemons without ifconfig. (Closes: #494918) -- Alberto Gonzalez Iniesta Wed, 13 Aug 2008 13:37:01 +0200 openvpn (2.1~rc9-1) unstable; urgency=high * New upstream version. * Urgency high since it fixes a security bug in versions 2.1-beta14 to 2.1-rc8. CVE-2008-3459. (Closes: #493488) * Added sample-scripts/ to examples directory. * Thanks Tristan Hill for rewritten debian_openssl_vulnkeys.patch -- Alberto Gonzalez Iniesta Mon, 11 Aug 2008 19:40:11 +0200 openvpn (2.1~rc8-1) unstable; urgency=low * New upstream version * Added Build-dep on libpkcs11-helper1 to re-enable PKCS#11 support. Sorry for the delay Florian :) (Closes: #475353) -- Alberto Gonzalez Iniesta Wed, 23 Jul 2008 10:38:13 +0200 openvpn (2.1~rc7-6) unstable; urgency=low * debian/control: Add Recommends on net-tools. (Closes: #469522) * init.d script: clean up. (Closes: #486678) * init.d script: Added soft-restart option to send SIGUSR1 to running VPNs. (Closes: #414252) * Added bash_completion for init.d script. (Closes: #394289) * Removed obsolete templates and its associated code. (Closes: #459531) * Removed stop before upgrade question, always restar after the upgrade not in between. (Closes: #371148) * New patch to correct spelling error in socket.c. (Closes: #487957) * Added OPTARGS to init.d script and /etc/default/openvpn so that Stanislav Maslovski does not have to edit this on every upgrade :) (Closes: #488675) -- Alberto Gonzalez Iniesta Tue, 24 Jun 2008 15:46:15 +0200 openvpn (2.1~rc7-5) unstable; urgency=low * init.d script: Set default exit code to 0 when undefined. (Closes: #486441) -- Alberto Gonzalez Iniesta Mon, 16 Jun 2008 16:59:02 +0200 openvpn (2.1~rc7-4) unstable; urgency=low * The 'Miriam helped me move to quilt' release * Moved all the patches to debian/patches * debian/control: Added Build-Dep on quilt * Applied patch by Jamie Strandboge to fix openssl-vulnkey extra passphrase prompts. Thanks Jamie. (Closes: #483020, #483500, #486129) * Updated Portuguese debconf templates. (Closes: #484007) [ Martin Pitt ] * Added note on Out Of Memory issues. (Closes: #484113) * Avoid asking about the tun device creation if using udev. (Closes: #484111) * Reworked init.d script to use LSB functions. (Closes: #484110) -- Alberto Gonzalez Iniesta Sat, 14 Jun 2008 19:00:40 +0200 openvpn (2.1~rc7-3) unstable; urgency=low * The 'Thanks the transtalors' release * Updated Japanese debconf templates. (Closes: #483848) * Updated Russian debconf templates. (Closes: #483693) * Updated Brazilian Portuguese debconf templates. (Closes: #483686) * Updated German debconf templates. (Closes: #483610) * Updated French debconf templates. (Closes: #483104) * Updated Spanish debconf templates. (Closes: #482939) * Updated Italian debconf templates. (Closes: #482809) * Updated Finnish debconf templates. (Closes: #482763) * Updated Swedish debconf templates. (Closes: #482677) * Updated Vietnamese debconf templates. (Closes: #482640) * Updated Galician debconf templates. (Closes: #482461) * Updated Czech debconf templates. (Closes: #482430) * Updated Basque debconf templates. (Closes: #482398) * Updated path to openssl-vulnkey. (Closes: #483723) -- Alberto Gonzalez Iniesta Sun, 01 Jun 2008 21:11:17 +0200 openvpn (2.1~rc7-2) unstable; urgency=high * init.c: Warn of use of known vulnerable weak SSL/TLS and shared secret keys caused by Debian openssl bug. Patch taken from Ubuntu. CVE-2008-0166 * debian/(templates|postinst): Add warning on vulnerable secrect/key files. * debian/control: Add dependencies on openssl-blacklist and openvpn-blacklist. Bumped dependency on libssl version. -- Alberto Gonzalez Iniesta Fri, 16 May 2008 00:45:23 +0200 openvpn (2.1~rc7-1) unstable; urgency=low * New upstream release (Closes: #464181) - Slashes in X509 common name allowed (Closes: #452274) * init.d script: Removed /dev/null stdin redirection, so passphrases can be typed in. (Closes: #454371) * Set FD_CLOEXEC in socket initialization BEFORE running the 'up script' Thanks a lot Julien Cristau for finding this out and sending the patch (Closes: #367716) * Added multiple VPN configuration in /e/n/interfaces. Thanks Sam Couter for the patch (Closes: #472924) * Bumped Standards-Version to 3.7.3 * Debconf templates and debian/control reviewed by the debian-l10n- english team as part of the Smith review project. (Closes: #462048) * Updated Vietnamese debconf templates. (Closes: #465535) * Updated German debconf templates. (Closes: #465317) * Updated Brazilian Portuguese debconf templates. (Closes: #465440) * Updated Japanese debconf templates. (Closes: #462736) * Updated Portuguese debconf templates. (Closes: #462795) * Updated Swedish debconf templates. (Closes: #462979) * Updated Galician debconf templates. (Closes: #462990) * Updated Spanish debconf templates. (Closes: #463047) * Updated French debconf templates. (Closes: #463636) * Updated Italian debconf templates. (Closes: #463703) * Updated Finnish debconf templates. (Closes: #463952) * Updated Czech debconf templates. (Closes: #464221) * Updated Russian debconf templates. (Closes: #464666) * Updated Norwegian Bokmål debconf templates. (Closes: #462811) -- Alberto Gonzalez Iniesta Sat, 02 Feb 2008 22:41:31 +0100 openvpn (2.1~rc4-2) unstable; urgency=low * Upload to unstable. New upstream fixes: - Bug with: Assertion failed at multi.c. (Closes: #411633) - Hangs with tcp clients goin down with new option: --connect-timeout. (Closes: #296834) * Use rm -f to remove PIDFILE, in case rm wants to ask. (Closes: #429932) * Updated Vietnamese debconf templates. (Closes: #427048) Thanks Clytie Siddall. * Added note on resolvconf use with openvpn. (Closes: #451319) -- Alberto Gonzalez Iniesta Sat, 08 Dec 2007 21:58:05 +0100 openvpn (2.1~rc4-1) experimental; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Mon, 22 Oct 2007 20:59:46 +0200 openvpn (2.1~rc2-1) experimental; urgency=low * Just forward-push the Debian patches to the new version, and upload to experimental (with permission of the maintainer). -- Andreas Barth Thu, 19 Apr 2007 18:23:59 +0200 openvpn (2.0.9-8) unstable; urgency=low * Install /etc/openvpn/update-resolv-conf with correct permissions -- Alberto Gonzalez Iniesta Sat, 19 May 2007 18:12:12 +0200 openvpn (2.0.9-7) unstable; urgency=low * Added script to update resolv.conf with server's settings. The script is located in the /etc/openvpn/ directory. Thanks a lot Christof Lauber for the script. Added resolvconf to Suggests. * Added LSB section to the init.d script. -- Alberto Gonzalez Iniesta Sat, 19 May 2007 17:48:23 +0200 openvpn (2.0.9-6) unstable; urgency=low * Fixed init.d script to avoid running multiple instances of the same VPN. Thanks Keith Kyzivat for pushing me into looking again into this issue. (Closes: #326080) * Included patch to README.Debian from Peter Rabbitson describing /etc/network/interfaces integration. (Closes: #413732) * Also included joeyh's suggestion on the previous subject. (Closes: 419797) * Avoid restarting a vpn instead of reloading it due to wrong detection of 'user' option in init.d script. Thanks Josip Rodin. (Closes: 403503) * Added Russian debconf translation. (Closes: #414088) Thanks Yuriy Talakan. * Built against liblzo2 instead of liblzo. (Closes: #423366) -- Alberto Gonzalez Iniesta Tue, 15 May 2007 23:53:26 +0200 openvpn (2.0.9-5) unstable; urgency=low * Added Galician debconf translation. (Closes: #412492) Thanks Jacobo Tarrio -- Alberto Gonzalez Iniesta Wed, 28 Feb 2007 00:36:14 +0100 openvpn (2.0.9-4) unstable; urgency=low * Updated Swedish debconf translation. (Closes: #407851) Thanks Andreas Henriksson -- Alberto Gonzalez Iniesta Sun, 21 Jan 2007 22:24:58 +0100 openvpn (2.0.9-3) unstable; urgency=low * Fixed type in Portuguese debconf translation. * debian/templates. Changed default value for init.d change question to false. (Closes: #403317) -- Alberto Gonzalez Iniesta Fri, 22 Dec 2006 19:36:05 +0100 openvpn (2.0.9-2) unstable; urgency=low * Updated Spanish debconf translation. (Closes: #393796) * Updated German debconf translation. (Closes: #397019) * Updated Japanese debconf translation. (Closes: #392627) * Added Italian debconf translation. (Closes: #398050) * Added Portuguese debconf translation. (Closes: #400685) -- Alberto Gonzalez Iniesta Fri, 8 Dec 2006 12:28:34 +0100 openvpn (2.0.9-1) unstable; urgency=low * New upstream release. No changes in *NIX source code. Updating to avoid 'New upstream, blah, blah'. * debian/control: Fixed spelling error in description (Closes: #390242) * debian/copyright: Updated project's homepage and author's email address. (Closes: #388466) * debian/copyright: Updated the FSF address. * Updated Dutch debconf translation. (Closes: #389982, 379802) Thanks Kurt De Bree * Updated Czech debconf translation. (Closes: #384755) Thanks Miroslav Kure -- Alberto Gonzalez Iniesta Tue, 10 Oct 2006 12:17:57 +0200 openvpn (2.0.7-1) unstable; urgency=low * The 'Translators, translators, translators' release. * New upstream version. * Added Dutch debconf translation. (Closes: #370073) Thanks Kurt De Bree * Updated Danish debconf translation. (Closes: #369772, #376704) Thanks Claus Hindsgaul * Updated French debconf translation. (Closes: #373191) Thanks Michel Grentzinger -- Alberto Gonzalez Iniesta Sat, 22 Jul 2006 20:44:52 +0200 openvpn (2.0.6-2) unstable; urgency=low * The "Mañana" Release. * debian/control: Added Suggests: openssl (Closes: #368256) * debian/postinst: Run the init.d script with 'start' when doing a fresh install or stop2upgrade=true. (Closes: #366085, #338956) * Updated Czech debconf translation (Closes: #333989) Thanks Miroslav Kure. * Bumped Standards-Version to 3.7.2.0, no change. * debian/rules: Avoid compressing 'pkitool' (Closes: #354478) * debian/templates: Corrected typo on init scripts order change. (Closes: #351664) * Updated German debconf translation (Closes: #345853) Thanks Erik Schanze. -- Alberto Gonzalez Iniesta Mon, 22 May 2006 03:08:10 +0200 openvpn (2.0.6-1) unstable; urgency=high * New upstream release. Urgency high due to security fix. - Disallow "setenv" to be pushed to clients from the server. (Closes: #360559) -- Alberto Gonzalez Iniesta Wed, 5 Apr 2006 12:17:26 +0200 openvpn (2.0.5-1) unstable; urgency=high * New upstream release. Urgency high due to security issues. - DoS vulnerability on the server in TCP mode. (CVE-2005-3409) (Closes: #337334) - Format string vulnerability in the foreign_option function in options.c could potentially allow a malicious or compromised server to execute arbitrary code on the client. (CVE-2005-3393) (Closes: #336751) -- Alberto Gonzalez Iniesta Mon, 7 Nov 2005 10:13:55 +0100 openvpn (2.0.2-2) unstable; urgency=low * debian/control: fix Depends on debconf. (Closes: #332056) * Bumped Standards-Version to 3.6.2.0, no change. * Updated Danish debconf translation. (Closes: #326907) * Updated French debconf translation. (Closes: #328076) * Added Swedish debconf translation. (Closes: #332785) -- Alberto Gonzalez Iniesta Sun, 9 Oct 2005 18:42:34 +0200 openvpn (2.0.2-1) unstable; urgency=low * The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :) * New upstream release (Closes: #323594) * Fixed use of backslash in username authentication. (Closes: #309787) * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532 CAN-2005-2533 CAN-2005-2534. (Closes: #324167) * Changed group option from 'nobody' to 'nogroup' in all the *example* files... (Closes: #317987) * Included openvpn-plugin.h to allow building third party plugins. (Closes: #316139) * Stop openvpn's daemon later to allow some services stopping later to use it. Added debconf template to ask permission to make the change on older installations. (Closes: #312371) * Workaround to fix proper daemonize when 'log' option is used. (Closes: #309944) Thanks Jason Lunz for the patch. * Modified output of init.d script to make it more friendly when passphrase for a tunnel certificate is asked. Thanks Pavel Vávra for the patch. -- Alberto Gonzalez Iniesta Sun, 28 Aug 2005 13:05:49 +0200 openvpn (2.0-4) unstable; urgency=low * The 'It was about time I could make a new upload' release * Rewrote some debconf templates (Closes: #316694). Thanks Clytie Siddall for the corrections. * Included Vietnamese debconf translation. (Closes: #316695) * debian/rules: exclude openssl.cnf from being compress. (Closes: #315764) -- Alberto Gonzalez Iniesta Wed, 6 Jul 2005 09:22:16 +0200 openvpn (2.0-3) unstable; urgency=low * postinst: call 'restart' when 'cond-restart' fails due to user not upgrading the init.d script. (Closes: #308926) -- Alberto Gonzalez Iniesta Sat, 28 May 2005 12:52:16 +0200 openvpn (2.0-2) unstable; urgency=low * Added '-f' to rm when deleting the status file. This eliminates the need to test if it exists and saves the init.d script from failing. (Closes: #306588) * Modified pam plugin to load libpam.so.0 instead of libpam.so. (Closes: #306335) -- Alberto Gonzalez Iniesta Wed, 4 May 2005 15:02:45 +0200 openvpn (2.0-1) unstable; urgency=low * The 'This-is-the-real-2.0' release * New upstream version. * openvpn.8: s/--/\\-\\-/g a.k.a escaped dashes to make it possible to search for options with UTF charsets. (Closes: #296133) * Improved init.d script output. (Closes: #297997) Thanks Thomas Hood for the patch. * debian/control. Rewrote Description: field. Now it's more useful and complete. (Closes: #304895) * init.d script: - Fixed restarting of multiple VPNs - Fixed TAB converted to spaces. - Remove status file on VPN stop - Respect 'status' option if given in the config file - New /etc/default/openvpn configuration file that allows control on which VPNs are automatically started and also controls status file refresh interval Thanks Philipp A. Hartmann for the nice patch. (Closes: #294332) * init.d script: Added cond-restart to only restart VPNs in use. postint: Call init.d script with cond-restart instead of restart. (Closes: #280464) * init.d script: change order of --config and --cd to permit nested 'configs'. (Closes: #299082) -- Alberto Gonzalez Iniesta Mon, 18 Apr 2005 09:07:05 +0200 openvpn (1.99+2.rc20-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Mon, 4 Apr 2005 23:05:23 +0200 openvpn (1.99+2.rc18-1) unstable; urgency=low * New upstream release (Closes: #301949) -- Alberto Gonzalez Iniesta Tue, 29 Mar 2005 12:56:42 +0200 openvpn (1.99+2.rc16-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Sun, 20 Feb 2005 20:24:25 +0100 openvpn (1.99+2.rc12-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Sun, 6 Feb 2005 11:49:44 +0100 openvpn (1.99+2.rc11-2) unstable; urgency=low * Added --enable-password-save to configure call to allow --askpass and --auth-user-pass passwords to be read from a file. -- Alberto Gonzalez Iniesta Thu, 3 Feb 2005 18:19:28 +0100 openvpn (1.99+2.rc11-1) unstable; urgency=low * New upstream release * Added --status line to init.d script (Closes: #293144) -- Alberto Gonzalez Iniesta Thu, 3 Feb 2005 09:28:06 +0100 openvpn (1.99+2.rc10-1) unstable; urgency=low * New upstream release * Updated pt_BR debconf translation (Closes: #292079) -- Alberto Gonzalez Iniesta Fri, 28 Jan 2005 14:44:42 +0100 openvpn (1.99+2.rc6-1) unstable; urgency=low * The 'Three Wise Men' release. * New upstream release. * Update README.Debian with comments on changed string remapping. Thanks ron@debian.org for noting this first. (Closes: #288669) -- Alberto Gonzalez Iniesta Wed, 5 Jan 2005 19:03:11 +0100 openvpn (1.99+2.beta19-1) unstable; urgency=low * New upstream release. * Updated README.Debian with info on plugins. -- Alberto Gonzalez Iniesta Sun, 5 Dec 2004 11:57:03 +0100 openvpn (1.99+2.beta18-2) unstable; urgency=low * Built and installed plugins. Thanks Michael Renner for noticing. (Closes: #284224) * Added Build-Depends on libpam0g-dev, required by auth-pam plugin. -- Alberto Gonzalez Iniesta Sun, 5 Dec 2004 10:19:45 +0100 openvpn (1.99+2.beta18-1) unstable; urgency=low * New upstream release. Corrects --mssfix behaviour (Closes: #280893) * Included Czech debconf translation. (Closes: #282995) -- Alberto Gonzalez Iniesta Mon, 29 Nov 2004 10:56:07 +0100 openvpn (1.99+2.beta17-2) unstable; urgency=low * Updated (German|Danish|French|Japanese) debconf translations. (Closes: #281235, #282095, #282216, #282881) -- Alberto Gonzalez Iniesta Wed, 24 Nov 2004 08:15:29 +0100 openvpn (1.99+2.beta17-1) unstable; urgency=low * New upstream version. Includes fix for the --key-method 1 bug. * WARNING: This version changes the default port (5000 previously) to 1194 (assigned by INANA). This will affect you if you don't have a 'port' option specified in your configuration files. Added a debconf note about it. * Updated es.po. -- Alberto Gonzalez Iniesta Fri, 12 Nov 2004 15:32:56 +0100 openvpn (1.99+2.beta16-2) unstable; urgency=low * Patched ssl.c to fix bug in --key-method 1, that prevented OpenVPN 2.x from working with 1.x using that method. Thanks James for the prompt answer & patch. Thanks weasel for finding it out. -- Alberto Gonzalez Iniesta Mon, 8 Nov 2004 11:59:12 +0100 openvpn (1.99+2.beta16-1) unstable; urgency=low * New upstream releases. Fixes the "Assertion failed at crypto.c" (Closes: #265632, #270005) -- Alberto Gonzalez Iniesta Sun, 7 Nov 2004 17:46:09 +0100 openvpn (1.99+2.beta15-5) unstable; urgency=low * Updated README.Debian with clearer 2.x vs 1.x interoperability instructions. -- Alberto Gonzalez Iniesta Sun, 7 Nov 2004 10:26:03 +0100 openvpn (1.99+2.beta15-4) unstable; urgency=low * Put if-{up,down}.d scripts back in place, this time they work. Just remember to quote shell vars when checking if they are empty. [ -n "$VAR" ] -> Good [ -n $VAR ] -> BAD Note to self, don't trust people's patches even if they are DD. -- Alberto Gonzalez Iniesta Thu, 4 Nov 2004 08:33:45 +0100 openvpn (1.99+2.beta15-3) unstable; urgency=low * Removed if-{up,down}.d scripts until I get to know how they work. -- Alberto Gonzalez Iniesta Wed, 3 Nov 2004 20:58:41 +0100 openvpn (1.99+2.beta15-2) unstable; urgency=low * Corrected names of if-{up,down}.d scripts. Duh! -- Alberto Gonzalez Iniesta Wed, 3 Nov 2004 10:21:52 +0100 openvpn (1.99+2.beta15-1) unstable; urgency=low * New upstream release. * Renamed package to 1.99 to make it clearer that we're using version 2.0 and not 1.6. Some people rather talk about this on IRC and not tell the maintainer directly. * Added Brazilian Portuguese debconf templates. (Closes: #279351) * Modified init.d script so that specifying a daemon option in a VPN configuration won't make it fail. Thanks Christoph Biedl for the patch. (Closes: #278302) * Added scripts to allow specifying 'openvpn name' in /etc/network/interfaces to have the tunnel created and destroyed with the device it runs over. Thanks Joachim Breitner for the patch. (Closes: #273481) * Modified init.d script so that multiple VPNs can be started or stopped with a single command. (See README.Debian) -- Alberto Gonzalez Iniesta Tue, 2 Nov 2004 12:49:41 +0100 openvpn (1.6.0+2.beta14-1) unstable; urgency=low * New upstream release. -- Alberto Gonzalez Iniesta Wed, 20 Oct 2004 09:13:09 +0200 openvpn (1.6.0+2.beta12-1) unstable; urgency=low * New upstream release. * Added comments about compatibility issues between openvpn 2.x and 1.x to README.Debian (Closes: #276799) * Changed maintainer email address. -- Alberto Gonzalez Iniesta Mon, 18 Oct 2004 09:01:23 +0200 openvpn (1.6.0+2.beta11-1) unstable; urgency=low * New upstream release. (Closes: #269631) * I decided to get OpenVPN 2 into sid, and hopefully into Sarge since the current beta works pretty well and adds important features I don't want missing in Sarge. * Updated README.Debian -- Alberto Gonzalez Iniesta Fri, 15 Oct 2004 11:52:58 +0200 openvpn (1.6.0-5) unstable; urgency=low * Added German and Japanese debconf templates. (Closes: #266927, #270477) -- Alberto Gonzalez Iniesta Fri, 10 Sep 2004 08:31:54 +0200 openvpn (1.6.0-4) unstable; urgency=low * Updated French and Danish debconf templates (Closes: #254064, #256053) -- Alberto Gonzalez Iniesta Mon, 28 Jun 2004 09:51:44 +0200 openvpn (1.6.0-3) unstable; urgency=low * Included Catalan debconf templates. (Closes: #248750) Thanks Aleix Badia i Bosch. * Added debconf question on whether the daemon should be stopped at the begining of and upgrade or not. Thus being more reliable on remote upgrades. (Closes: #250558) -- Alberto Gonzalez Iniesta Thu, 10 Jun 2004 15:59:39 +0200 openvpn (1.6.0-2) unstable; urgency=low * Recover init.d modification suggested by Kai Henningsen to get different syslog names for each VPN. How the fuck did that get lost? -- Alberto Gonzalez Iniesta Fri, 28 May 2004 16:51:04 +0200 openvpn (1.6.0-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Mon, 10 May 2004 08:59:37 +0200 openvpn (1.5.0-3) unstable; urgency=low * Included Danish debconf template. Thanks Claus Hindsgau. (Closes: #234944) -- Alberto Gonzalez Iniesta Tue, 9 Mar 2004 16:36:33 +0100 openvpn (1.5.0-2) unstable; urgency=low * Modified init.d script to permit different syslog names for each VPN. Thanks Kai Henningsen for the tip. (Closes: #227376) * Moved 'verify-cn' script to /usr to make weasel happier ;) (Closes: #221995) * Moved to gettext-based debconf templated. Added French translation. Thanks Michel Grentzinger for the patches. (Closes: #219015, #219016) * Fixed spanish translation that was a complete mess. (Closes: Fri-Sun) -- Alberto Gonzalez Iniesta Thu, 15 Jan 2004 18:08:24 +0100 openvpn (1.5.0-1) unstable; urgency=low * New upstream release * Moved to debhelper compatibility 4. Created debian/compat. -- Alberto Gonzalez Iniesta Sat, 22 Nov 2003 18:18:50 +0100 openvpn (1.4.3-3) unstable; urgency=low * Added quotes around $2 in dpkg --compare-versions (config and postinst) and check if $2 actually has a value. This way it won't fail if $2 is not set. Duh! (Closes: #214848) -- Alberto Gonzalez Iniesta Thu, 9 Oct 2003 11:01:31 +0200 openvpn (1.4.3-2) unstable; urgency=low * Moved initscripts sequence number to S16 from S20. This will make openvpn start earlier and be ready for other services. (Closes: #209225) * Added Depends: on debconf, it's used in the maintainer's scripts now. * Added debconf template to ask for the creation of the TUN/TAP device node. (Closes: #211198) -- Alberto Gonzalez Iniesta Thu, 2 Oct 2003 21:39:46 +0200 openvpn (1.4.3-1) unstable; urgency=low * New upstream release * Bumped Standards-Version to 3.6.1.0, no change. * Patched init.d script to support single vpn stop/start/restart. Thanks to Richard Mueller and Norbert Tretkowski (Closes: #204100) -- Alberto Gonzalez Iniesta Tue, 30 Sep 2003 20:04:37 +0200 openvpn (1.4.1.4-1) unstable; urgency=low * New upstream release. Backed out --dev-name patch, modified --dev to offer equivalent functionality (Closes: #194910) * Updated README.Debian. Thanks to John R. Shearer -- Alberto Gonzalez Iniesta Tue, 17 Jun 2003 11:08:17 +0200 openvpn (1.4.1-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Fri, 16 May 2003 17:14:41 +0200 openvpn (1.4.0-2) unstable; urgency=low * Patch from James Yonan to use 2.2.x TUN interface if 2.4.x fails. (Closes: #182020) -- Alberto Gonzalez Iniesta Sun, 11 May 2003 10:24:51 +0200 openvpn (1.4.0-1) unstable; urgency=low * New upstream release (Closes: #179551) * Re-enabled liblzo support. LZO's author made an exception in LZO's license that permits OpenVPN to use LZO and OpenSSL. See copyright file. -- Alberto Gonzalez Iniesta Thu, 8 May 2003 09:21:53 +0200 openvpn (1.3.2-3) unstable; urgency=low * Removed executable permissions from generated secret files. (Closes: #178849) -- Alberto Gonzalez Iniesta Thu, 6 Feb 2003 10:04:11 +0100 openvpn (1.3.2-2) unstable; urgency=low * Disabled liblzo1 support to fix license issues with Openssl. (Closes: #177497) * Bumped Standards-Version to 3.5.8, no change. -- Alberto Gonzalez Iniesta Mon, 20 Jan 2003 16:09:16 +0100 openvpn (1.3.2-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Mon, 28 Oct 2002 14:22:10 +0100 openvpn (1.3.0-2) unstable; urgency=low * Modified init.d script so it's not dependent on bash. (Closes: #161525) -- Alberto Gonzalez Iniesta Sat, 21 Sep 2002 12:23:46 +0200 openvpn (1.3.0-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Wed, 10 Jul 2002 12:50:50 +0200 openvpn (1.2.1-1) unstable; urgency=low * New upstream release * Added init.d script -- Alberto Gonzalez Iniesta Fri, 21 Jun 2002 14:05:42 +0200 openvpn (1.2.0-2) unstable; urgency=low * Modified configure(.ac) pthread library handling to work with GCC 3.0. Thanks to Lamont Jones for the patch. (Closes: #148120) -- Alberto Gonzalez Iniesta Sat, 25 May 2002 11:41:59 +0200 openvpn (1.2.0-1) unstable; urgency=low * Initial Release. (Closes: #140463) -- Alberto Gonzalez Iniesta Thu, 23 May 2002 11:00:37 +0200