From bd79a9836a36e6879533e21e4f7569ce1418129c Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Sat, 30 Dec 2017 21:27:51 +0100 Subject: Fix wrong Bug# in previous changelog --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index bdf5384..0a19ae3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,6 @@ openvpn (2.4.4-2) unstable; urgency=medium - * Build against OpenSSL 1.1.0 (Closes: #828447) + * Build against OpenSSL 1.1.0 (Closes: #828477) * Bump Standards-Version to 4.1.2, no changes necessary -- Bernhard Schmidt Mon, 11 Dec 2017 00:22:11 +0100 -- cgit v1.2.3 From bd24a09dcb08e98bba26e316fd46e1b5d0590afb Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Sat, 30 Dec 2017 21:31:18 +0100 Subject: Change Vcs-* to salsa (gitlab) --- debian/control | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'debian') diff --git a/debian/control b/debian/control index b3770a9..f3eddbf 100644 --- a/debian/control +++ b/debian/control @@ -18,8 +18,8 @@ Build-Depends: systemd [linux-any] Standards-Version: 4.1.2 Homepage: https://openvpn.net/ -Vcs-Git: https://anonscm.debian.org/git/collab-maint/openvpn.git -Vcs-Browser: https://anonscm.debian.org/git/collab-maint/openvpn.git +Vcs-Git: https://salsa.debian.org/debian/openvpn.git +Vcs-Browser: https://salsa.debian.org/debian/openvpn Package: openvpn Architecture: any -- cgit v1.2.3 From 8450502c7466133fed4e7d2f100727cf46f9cd07 Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Sun, 4 Mar 2018 22:57:09 +0100 Subject: Changelog for 2.4.5-1 --- debian/changelog | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 0a19ae3..0c522b2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +openvpn (2.4.5-1) unstable; urgency=medium + + * New upstream version 2.4.5 (Closes: #873302) + * Fix wrong Bug# in previous changelog + * Change Vcs-* to salsa (gitlab) + + -- Bernhard Schmidt Sun, 04 Mar 2018 22:23:47 +0100 + openvpn (2.4.4-2) unstable; urgency=medium * Build against OpenSSL 1.1.0 (Closes: #828477) -- cgit v1.2.3 From 3408a277eb3293c0c29d50c66b42727ad31181aa Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Sun, 4 Mar 2018 23:03:12 +0100 Subject: Add d/gbp.conf with pristine-tar --- debian/gbp.conf | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 debian/gbp.conf (limited to 'debian') diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..cec628c --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,2 @@ +[DEFAULT] +pristine-tar = True -- cgit v1.2.3 From 53de4f8356a1c5d5b2f0903499087adcc8854c57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 29 Jul 2018 14:10:19 +0200 Subject: Change to my new email address --- debian/changelog | 8 ++++++++ debian/control | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 0c522b2..88712b2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +openvpn (2.4.6-1) UNRELEASED; urgency=medium + + * New upstream release. + * debian/control: + - Change to my new email address. + + -- Jörg Frings-Fürst Sun, 29 Jul 2018 13:59:15 +0200 + openvpn (2.4.5-1) unstable; urgency=medium * New upstream version 2.4.5 (Closes: #873302) diff --git a/debian/control b/debian/control index f3eddbf..3d26edd 100644 --- a/debian/control +++ b/debian/control @@ -2,7 +2,7 @@ Source: openvpn Section: net Priority: optional Maintainer: Bernhard Schmidt -Uploaders: Jörg Frings-Fürst +Uploaders: Jörg Frings-Fürst Build-Depends: debhelper (>= 10), dpkg-dev (>= 1.16.1), -- cgit v1.2.3 From 916f38dbe64be1ddd1ed4daf2bf1ca83211efa76 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 29 Jul 2018 14:29:43 +0200 Subject: Migrate to debhelper 11 --- debian/changelog | 3 +++ debian/compat | 2 +- debian/control | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 88712b2..4c5d08f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,6 +1,9 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium * New upstream release. + * Migrate to debhelper 11: + - Change debian/compat to 11. + - Bump minimum debhelper version in debian/control to >= 11. * debian/control: - Change to my new email address. diff --git a/debian/compat b/debian/compat index f599e28..b4de394 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -10 +11 diff --git a/debian/control b/debian/control index 3d26edd..fd6da4a 100644 --- a/debian/control +++ b/debian/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: Bernhard Schmidt Uploaders: Jörg Frings-Fürst Build-Depends: - debhelper (>= 10), + debhelper (>= 11), dpkg-dev (>= 1.16.1), iproute2 [linux-any], liblz4-dev, -- cgit v1.2.3 From 767facc2c225b46d36bf7473fe095e8e21f41a0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 29 Jul 2018 14:35:11 +0200 Subject: Declare compliance with Debian Policy 4.1.5 --- debian/changelog | 1 + debian/control | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 4c5d08f..de437d2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,7 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium * Migrate to debhelper 11: - Change debian/compat to 11. - Bump minimum debhelper version in debian/control to >= 11. + * Declare compliance with Debian Policy 4.1.5 (No changes needed). * debian/control: - Change to my new email address. diff --git a/debian/control b/debian/control index fd6da4a..b07bd42 100644 --- a/debian/control +++ b/debian/control @@ -16,7 +16,7 @@ Build-Depends: net-tools [!linux-any], pkg-config, systemd [linux-any] -Standards-Version: 4.1.2 +Standards-Version: 4.1.5 Homepage: https://openvpn.net/ Vcs-Git: https://salsa.debian.org/debian/openvpn.git Vcs-Browser: https://salsa.debian.org/debian/openvpn -- cgit v1.2.3 From f3fa5c538581b301f4db79a53cb707da6d2a07c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 29 Jul 2018 14:41:48 +0200 Subject: d/changelog, d/contol, d/rules: Remove trailing whitespaces --- debian/changelog | 39 ++++++++++++++++++++++----------------- debian/control | 2 +- debian/rules | 2 +- 3 files changed, 24 insertions(+), 19 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index de437d2..bd25307 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,8 +5,13 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium - Change debian/compat to 11. - Bump minimum debhelper version in debian/control to >= 11. * Declare compliance with Debian Policy 4.1.5 (No changes needed). + * debian/changelog: + - Remove trailing whitespaces. * debian/control: - Change to my new email address. + - Remove trailing whitespaces. + * debian/rules: + - Remove trailing whitespaces. -- Jörg Frings-Fürst Sun, 29 Jul 2018 13:59:15 +0200 @@ -109,7 +114,7 @@ openvpn (2.4.3-1) unstable; urgency=high - CVE-2017-7521 - CVE-2017-7522 * Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins - * debian/rules: + * debian/rules: - Remove obsolete options to configure script (enable-password-save, with-plugindir (now in ENV_VARS)) - No need to install upstream's systemd unit files from debian/rules @@ -282,7 +287,7 @@ openvpn (2.3.7-1) unstable; urgency=medium openvpn (2.3.5-1) unstable; urgency=medium * New upstream release. Removed patches applied upstream: - client_connect_tmp_files.patch + client_connect_tmp_files.patch better_systemd_detection.patch * Add Build-Depends on libsystemd-daemon-dev. @@ -531,7 +536,7 @@ openvpn (2.2.0-2) unstable; urgency=low openvpn (2.2.0-1) experimental; urgency=low * New upstream release (Closes: #625281) - * Removed Depends on open(ssl|vpn)-blacklist, since + * Removed Depends on open(ssl|vpn)-blacklist, since debian_openssl_vulnkeys.patch is no longer used. Removed templates referring it too. * Removed manpage_dash_escaping.patch, applied upstream @@ -824,7 +829,7 @@ openvpn (2.1~rc7-2) unstable; urgency=high * init.c: Warn of use of known vulnerable weak SSL/TLS and shared secret keys caused by Debian openssl bug. Patch taken from Ubuntu. CVE-2008-0166 - * debian/(templates|postinst): Add warning on vulnerable + * debian/(templates|postinst): Add warning on vulnerable secrect/key files. * debian/control: Add dependencies on openssl-blacklist and openvpn-blacklist. Bumped dependency on libssl version. @@ -914,7 +919,7 @@ openvpn (2.0.9-6) unstable; urgency=low /etc/network/interfaces integration. (Closes: #413732) * Also included joeyh's suggestion on the previous subject. (Closes: 419797) - * Avoid restarting a vpn instead of reloading it due to wrong + * Avoid restarting a vpn instead of reloading it due to wrong detection of 'user' option in init.d script. Thanks Josip Rodin. (Closes: 403503) * Added Russian debconf translation. (Closes: #414088) @@ -992,7 +997,7 @@ openvpn (2.0.6-2) unstable; urgency=low a fresh install or stop2upgrade=true. (Closes: #366085, #338956) * Updated Czech debconf translation (Closes: #333989) Thanks Miroslav Kure. - * Bumped Standards-Version to 3.7.2.0, no change. + * Bumped Standards-Version to 3.7.2.0, no change. * debian/rules: Avoid compressing 'pkitool' (Closes: #354478) * debian/templates: Corrected typo on init scripts order change. (Closes: #351664) @@ -1036,9 +1041,9 @@ openvpn (2.0.2-1) unstable; urgency=low * The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :) * New upstream release (Closes: #323594) * Fixed use of backslash in username authentication. (Closes: #309787) - * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532 + * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532 CAN-2005-2533 CAN-2005-2534. (Closes: #324167) - * Changed group option from 'nobody' to 'nogroup' in all the + * Changed group option from 'nobody' to 'nogroup' in all the *example* files... (Closes: #317987) * Included openvpn-plugin.h to allow building third party plugins. (Closes: #316139) @@ -1091,7 +1096,7 @@ openvpn (2.0-1) unstable; urgency=low Thanks Thomas Hood for the patch. * debian/control. Rewrote Description: field. Now it's more useful and complete. (Closes: #304895) - * init.d script: + * init.d script: - Fixed restarting of multiple VPNs - Fixed TAB converted to spaces. - Remove status file on VPN stop @@ -1134,7 +1139,7 @@ openvpn (1.99+2.rc12-1) unstable; urgency=low openvpn (1.99+2.rc11-2) unstable; urgency=low - * Added --enable-password-save to configure call to allow + * Added --enable-password-save to configure call to allow --askpass and --auth-user-pass passwords to be read from a file. -- Alberto Gonzalez Iniesta Thu, 3 Feb 2005 18:19:28 +0100 @@ -1204,7 +1209,7 @@ openvpn (1.99+2.beta17-1) unstable; urgency=low openvpn (1.99+2.beta16-2) unstable; urgency=low - * Patched ssl.c to fix bug in --key-method 1, that prevented + * Patched ssl.c to fix bug in --key-method 1, that prevented OpenVPN 2.x from working with 1.x using that method. Thanks James for the prompt answer & patch. Thanks weasel for finding it out. @@ -1254,7 +1259,7 @@ openvpn (1.99+2.beta15-1) unstable; urgency=low and not tell the maintainer directly. * Added Brazilian Portuguese debconf templates. (Closes: #279351) * Modified init.d script so that specifying a daemon option in a - VPN configuration won't make it fail. + VPN configuration won't make it fail. Thanks Christoph Biedl for the patch. (Closes: #278302) * Added scripts to allow specifying 'openvpn name' in /etc/network/interfaces to have the tunnel created and destroyed with @@ -1368,7 +1373,7 @@ openvpn (1.4.3-2) unstable; urgency=low * Moved initscripts sequence number to S16 from S20. This will make openvpn start earlier and be ready for other services. (Closes: #209225) * Added Depends: on debconf, it's used in the maintainer's scripts now. - * Added debconf template to ask for the creation of the TUN/TAP device + * Added debconf template to ask for the creation of the TUN/TAP device node. (Closes: #211198) -- Alberto Gonzalez Iniesta Thu, 2 Oct 2003 21:39:46 +0200 @@ -1376,7 +1381,7 @@ openvpn (1.4.3-2) unstable; urgency=low openvpn (1.4.3-1) unstable; urgency=low * New upstream release - * Bumped Standards-Version to 3.6.1.0, no change. + * Bumped Standards-Version to 3.6.1.0, no change. * Patched init.d script to support single vpn stop/start/restart. Thanks to Richard Mueller and Norbert Tretkowski (Closes: #204100) @@ -1407,7 +1412,7 @@ openvpn (1.4.0-2) unstable; urgency=low openvpn (1.4.0-1) unstable; urgency=low * New upstream release (Closes: #179551) - * Re-enabled liblzo support. LZO's author made an exception in LZO's + * Re-enabled liblzo support. LZO's author made an exception in LZO's license that permits OpenVPN to use LZO and OpenSSL. See copyright file. @@ -1422,9 +1427,9 @@ openvpn (1.3.2-3) unstable; urgency=low openvpn (1.3.2-2) unstable; urgency=low - * Disabled liblzo1 support to fix license issues with Openssl. + * Disabled liblzo1 support to fix license issues with Openssl. (Closes: #177497) - * Bumped Standards-Version to 3.5.8, no change. + * Bumped Standards-Version to 3.5.8, no change. -- Alberto Gonzalez Iniesta Mon, 20 Jan 2003 16:09:16 +0100 diff --git a/debian/control b/debian/control index b07bd42..69a4324 100644 --- a/debian/control +++ b/debian/control @@ -23,7 +23,7 @@ Vcs-Browser: https://salsa.debian.org/debian/openvpn Package: openvpn Architecture: any -Depends: +Depends: debconf | debconf-2.0, ${shlibs:Depends}, ${misc:Depends}, diff --git a/debian/rules b/debian/rules index 603d9a0..28c13e4 100755 --- a/debian/rules +++ b/debian/rules @@ -3,7 +3,7 @@ ifeq ($(DEB_HOST_ARCH_OS), kfreebsd) # Avoid the /sbin/route wrapper which doesn't provide FreeBSD CLI as expected ENV_VARS := IFCONFIG=/sbin/ifconfig ROUTE=/lib/freebsd/route -EXTRA_ARGS := +EXTRA_ARGS := else ENV_VARS := SYSTEMD_ASK_PASSWORD=/bin/systemd-ask-password IFCONFIG=/sbin/ifconfig ROUTE=/sbin/route IPROUTE=/sbin/ip SYSTEMD_UNIT_DIR=/lib/systemd/system TMPFILES_DIR=/usr/lib/tmpfiles.d EXTRA_ARGS := --enable-systemd --enable-iproute2 -- cgit v1.2.3 From b0bd4c813a92c6c430ab87028a53edf5c5b378b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 29 Jul 2018 14:52:15 +0200 Subject: d/changelog, d/contol, d/rules: Remove trailing whitespaces --- debian/changelog | 1 - debian/control | 1 - debian/rules | 1 - 3 files changed, 3 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index bd25307..8e43221 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1470,4 +1470,3 @@ openvpn (1.2.0-1) unstable; urgency=low * Initial Release. (Closes: #140463) -- Alberto Gonzalez Iniesta Thu, 23 May 2002 11:00:37 +0200 - diff --git a/debian/control b/debian/control index 69a4324..41a7788 100644 --- a/debian/control +++ b/debian/control @@ -46,4 +46,3 @@ Description: virtual private network daemon OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It also supports VPNs with dynamic endpoints (DHCP or dial-up clients), tunnels over NAT or connection-oriented stateful firewalls (such as Linux's iptables). - diff --git a/debian/rules b/debian/rules index 28c13e4..bb5c118 100755 --- a/debian/rules +++ b/debian/rules @@ -78,4 +78,3 @@ override_dh_compress: override_dh_systemd_start: dh_systemd_start --restart-after-upgrade - -- cgit v1.2.3 From 189300bebad43d737e63d245a4e8e2dad0a6e977 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 29 Jul 2018 15:04:35 +0200 Subject: d/rules: Replace outdated dh_installsystemd with dh_systemd_start --- debian/changelog | 1 + debian/rules | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 8e43221..a2e9651 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,6 +12,7 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium - Remove trailing whitespaces. * debian/rules: - Remove trailing whitespaces. + - Replace outdated dh_installsystemd with dh_systemd_start. -- Jörg Frings-Fürst Sun, 29 Jul 2018 13:59:15 +0200 diff --git a/debian/rules b/debian/rules index bb5c118..a2e2395 100755 --- a/debian/rules +++ b/debian/rules @@ -76,5 +76,5 @@ override_dh_installinit: override_dh_compress: dh_compress --exclude=.cnf --exclude=pkitool -override_dh_systemd_start: - dh_systemd_start --restart-after-upgrade +override_dh_installsystemd: + dh_installsystemd --restart-after-upgrade -- cgit v1.2.3 From b6452a67b11028479cdb5179c8cbb1a0f33e97e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 29 Jul 2018 15:45:10 +0200 Subject: Refresh patches; New d/p/spelling_errors.patch --- debian/changelog | 2 + debian/patches/auth-pam_libpam_so_filename.patch | 8 ++-- debian/patches/kfreebsd_support.patch | 54 ++++++++++++------------ debian/patches/openvpn-pkcs11warn.patch | 8 ++-- debian/patches/series | 1 + debian/patches/spelling_errors.patch | 53 +++++++++++++++++++++++ 6 files changed, 91 insertions(+), 35 deletions(-) create mode 100644 debian/patches/spelling_errors.patch (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index a2e9651..331c1e7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,12 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium * New upstream release. + - Refresh patches. * Migrate to debhelper 11: - Change debian/compat to 11. - Bump minimum debhelper version in debian/control to >= 11. * Declare compliance with Debian Policy 4.1.5 (No changes needed). + * New debian/patches/spelling_errors.patch to correct spelling errors. * debian/changelog: - Remove trailing whitespaces. * debian/control: diff --git a/debian/patches/auth-pam_libpam_so_filename.patch b/debian/patches/auth-pam_libpam_so_filename.patch index cfa9047..2e7e5c4 100644 --- a/debian/patches/auth-pam_libpam_so_filename.patch +++ b/debian/patches/auth-pam_libpam_so_filename.patch @@ -1,11 +1,11 @@ Description: Fix libpam.so filename to /lib/libpam.so.0 in pam plugin Author: Alberto Gonzalez Iniesta Bug-Debian: http://bugs.debian.org/306335 -Index: openvpn/src/plugins/auth-pam/auth-pam.c +Index: trunk/src/plugins/auth-pam/auth-pam.c =================================================================== ---- openvpn.orig/src/plugins/auth-pam/auth-pam.c 2016-12-27 18:45:37.638198402 +0100 -+++ openvpn/src/plugins/auth-pam/auth-pam.c 2016-12-27 18:45:37.638198402 +0100 -@@ -698,7 +698,7 @@ +--- trunk.orig/src/plugins/auth-pam/auth-pam.c ++++ trunk/src/plugins/auth-pam/auth-pam.c +@@ -716,7 +716,7 @@ pam_server(int fd, const char *service, struct user_pass up; int command; #ifdef USE_PAM_DLOPEN diff --git a/debian/patches/kfreebsd_support.patch b/debian/patches/kfreebsd_support.patch index 4445e0d..7780e0d 100644 --- a/debian/patches/kfreebsd_support.patch +++ b/debian/patches/kfreebsd_support.patch @@ -1,11 +1,11 @@ Description: Improve kFreeBSD support Author: Gonéri Le Bouder Bug-Debian: http://bugs.debian.org/626062 -Index: openvpn/src/openvpn/route.c +Index: trunk/src/openvpn/route.c =================================================================== ---- openvpn.orig/src/openvpn/route.c 2017-06-22 13:17:05.754630908 +0200 -+++ openvpn/src/openvpn/route.c 2017-06-22 13:17:05.750630880 +0200 -@@ -1689,7 +1689,7 @@ +--- trunk.orig/src/openvpn/route.c ++++ trunk/src/openvpn/route.c +@@ -1693,7 +1693,7 @@ add_route(struct route_ipv4 *r, argv_msg(D_ROUTE, &argv); status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed"); @@ -14,7 +14,7 @@ Index: openvpn/src/openvpn/route.c argv_printf(&argv, "%s add", ROUTE_PATH); -@@ -1875,7 +1875,7 @@ +@@ -1879,7 +1879,7 @@ add_route_ipv6(struct route_ipv6 *r6, co network = print_in6_addr( r6->network, 0, &gc); gateway = print_in6_addr( r6->gateway, 0, &gc); @@ -23,7 +23,7 @@ Index: openvpn/src/openvpn/route.c || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) -@@ -2043,7 +2043,7 @@ +@@ -2047,7 +2047,7 @@ add_route_ipv6(struct route_ipv6 *r6, co argv_msg(D_ROUTE, &argv); status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed"); @@ -32,7 +32,7 @@ Index: openvpn/src/openvpn/route.c argv_printf(&argv, "%s add -inet6 %s/%d", ROUTE_PATH, -@@ -2227,7 +2227,7 @@ +@@ -2239,7 +2239,7 @@ delete_route(struct route_ipv4 *r, argv_msg(D_ROUTE, &argv); openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed"); @@ -41,7 +41,7 @@ Index: openvpn/src/openvpn/route.c argv_printf(&argv, "%s delete -net %s %s %s", ROUTE_PATH, -@@ -2334,7 +2334,7 @@ +@@ -2346,7 +2346,7 @@ delete_route_ipv6(const struct route_ipv network = print_in6_addr( r6->network, 0, &gc); gateway = print_in6_addr( r6->gateway, 0, &gc); @@ -50,7 +50,7 @@ Index: openvpn/src/openvpn/route.c || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) -@@ -2469,7 +2469,7 @@ +@@ -2481,7 +2481,7 @@ delete_route_ipv6(const struct route_ipv argv_msg(D_ROUTE, &argv); openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed"); @@ -59,7 +59,7 @@ Index: openvpn/src/openvpn/route.c argv_printf(&argv, "%s delete -inet6 %s/%d", ROUTE_PATH, -@@ -3514,7 +3514,8 @@ +@@ -3532,7 +3532,8 @@ done: #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \ || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ @@ -69,11 +69,11 @@ Index: openvpn/src/openvpn/route.c #include #include -Index: openvpn/src/openvpn/tun.c +Index: trunk/src/openvpn/tun.c =================================================================== ---- openvpn.orig/src/openvpn/tun.c 2017-06-22 13:17:05.754630908 +0200 -+++ openvpn/src/openvpn/tun.c 2017-06-22 13:17:05.750630880 +0200 -@@ -843,7 +843,7 @@ +--- trunk.orig/src/openvpn/tun.c ++++ trunk/src/openvpn/tun.c +@@ -845,7 +845,7 @@ delete_route_connected_v6_net(struct tun #endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */ #if defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ @@ -82,7 +82,7 @@ Index: openvpn/src/openvpn/tun.c /* we can't use true subnet mode on tun on all platforms, as that * conflicts with IPv6 (wants to use ND then, which we don't do), * but the OSes want "a remote address that is different from ours" -@@ -1412,7 +1412,7 @@ +@@ -1414,7 +1414,7 @@ do_ifconfig(struct tuntap *tt, add_route_connected_v6_net(tt, es); } @@ -91,7 +91,7 @@ Index: openvpn/src/openvpn/tun.c in_addr_t remote_end; /* for "virtual" subnet topology */ -@@ -2770,7 +2770,7 @@ +@@ -2770,7 +2770,7 @@ read_tun(struct tuntap *tt, uint8_t *buf } } @@ -100,11 +100,11 @@ Index: openvpn/src/openvpn/tun.c static inline int freebsd_modify_read_write_return(int len) -Index: openvpn/src/openvpn/lladdr.c +Index: trunk/src/openvpn/lladdr.c =================================================================== ---- openvpn.orig/src/openvpn/lladdr.c 2017-06-22 13:17:05.754630908 +0200 -+++ openvpn/src/openvpn/lladdr.c 2017-06-22 13:17:05.750630880 +0200 -@@ -50,7 +50,7 @@ +--- trunk.orig/src/openvpn/lladdr.c ++++ trunk/src/openvpn/lladdr.c +@@ -50,7 +50,7 @@ set_lladdr(const char *ifname, const cha "%s %s lladdr %s", IFCONFIG_PATH, ifname, lladdr); @@ -113,10 +113,10 @@ Index: openvpn/src/openvpn/lladdr.c argv_printf(&argv, "%s %s ether %s", IFCONFIG_PATH, -Index: openvpn/src/openvpn/syshead.h +Index: trunk/src/openvpn/syshead.h =================================================================== ---- openvpn.orig/src/openvpn/syshead.h 2017-06-22 13:17:05.754630908 +0200 -+++ openvpn/src/openvpn/syshead.h 2017-06-22 13:17:05.750630880 +0200 +--- trunk.orig/src/openvpn/syshead.h ++++ trunk/src/openvpn/syshead.h @@ -297,7 +297,7 @@ #endif /* TARGET_OPENBSD */ @@ -126,11 +126,11 @@ Index: openvpn/src/openvpn/syshead.h #ifdef HAVE_SYS_UIO_H #include -Index: openvpn/src/openvpn/ssl.c +Index: trunk/src/openvpn/ssl.c =================================================================== ---- openvpn.orig/src/openvpn/ssl.c 2017-06-22 13:17:05.754630908 +0200 -+++ openvpn/src/openvpn/ssl.c 2017-06-22 13:17:05.750630880 +0200 -@@ -2269,7 +2269,7 @@ +--- trunk.orig/src/openvpn/ssl.c ++++ trunk/src/openvpn/ssl.c +@@ -2265,7 +2265,7 @@ push_peer_info(struct buffer *buf, struc buf_printf(&out, "IV_PLAT=mac\n"); #elif defined(TARGET_NETBSD) buf_printf(&out, "IV_PLAT=netbsd\n"); diff --git a/debian/patches/openvpn-pkcs11warn.patch b/debian/patches/openvpn-pkcs11warn.patch index 1fabddd..71b2ac8 100644 --- a/debian/patches/openvpn-pkcs11warn.patch +++ b/debian/patches/openvpn-pkcs11warn.patch @@ -1,11 +1,11 @@ Description: Warn users about deprecated pkcs11 options Author: Florian Kulzer Bug-Debian: http://bugs.debian.org/475353 -Index: openvpn/src/openvpn/options.c +Index: trunk/src/openvpn/options.c =================================================================== ---- openvpn.orig/src/openvpn/options.c 2017-06-22 13:16:58.862582114 +0200 -+++ openvpn/src/openvpn/options.c 2017-06-22 13:16:58.862582114 +0200 -@@ -6818,6 +6818,20 @@ +--- trunk.orig/src/openvpn/options.c ++++ trunk/src/openvpn/options.c +@@ -6861,6 +6861,20 @@ add_option(struct options *options, options->port_share_port = p[2]; options->port_share_journal_dir = p[3]; } diff --git a/debian/patches/series b/debian/patches/series index 156ff6f..e925012 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -4,3 +4,4 @@ debian_nogroup_for_sample_files.patch openvpn-pkcs11warn.patch kfreebsd_support.patch match-manpage-and-command-help.patch +spelling_errors.patch diff --git a/debian/patches/spelling_errors.patch b/debian/patches/spelling_errors.patch new file mode 100644 index 0000000..cac36d3 --- /dev/null +++ b/debian/patches/spelling_errors.patch @@ -0,0 +1,53 @@ +Description: correct tspelling errors +Author: Jörg Frings-Fürst +Last-Update: 2018-07-29 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/src/openvpn/buffer.c +=================================================================== +--- trunk.orig/src/openvpn/buffer.c ++++ trunk/src/openvpn/buffer.c +@@ -44,7 +44,7 @@ array_mult_safe(const size_t m1, const s + unsigned long long res = (unsigned long long)m1 * (unsigned long long)m2 + (unsigned long long)extra; + if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(extra > limit) || unlikely(res > (unsigned long long)limit)) + { +- msg(M_FATAL, "attemped allocation of excessively large array"); ++ msg(M_FATAL, "attempted allocation of excessively large array"); + } + return (size_t) res; + } +Index: trunk/src/openvpn/options.c +=================================================================== +--- trunk.orig/src/openvpn/options.c ++++ trunk/src/openvpn/options.c +@@ -448,7 +448,7 @@ static const char usage_message[] = + " user/pass via environment, if method='via-file', pass\n" + " user/pass via temporary file.\n" + "--auth-gen-token [lifetime] Generate a random authentication token which is pushed\n" +- " to each client, replacing the password. Usefull when\n" ++ " to each client, replacing the password. Useful when\n" + " OTP based two-factor auth mechanisms are in use and\n" + " --reneg-* options are enabled. Optionally a lifetime in seconds\n" + " for generated tokens can be set.\n" +Index: trunk/doc/openvpn.8 +=================================================================== +--- trunk.orig/doc/openvpn.8 ++++ trunk/doc/openvpn.8 +@@ -2181,7 +2181,7 @@ that + is parsed on the command line even though + the daemonization point occurs later. If one of the + .B \-\-log +-options is present, it will supercede syslog ++options is present, it will supersede syslog + redirection. + + The optional +@@ -2292,7 +2292,7 @@ If + already exists it will be truncated. + This option takes effect + immediately when it is parsed in the command line +-and will supercede syslog output if ++and will supersede syslog output if + .B \-\-daemon + or + .B \-\-inetd -- cgit v1.2.3 From 855f8076693803a3c8d275d7d748863f21a372af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 29 Jul 2018 21:41:44 +0200 Subject: d/copyright: Rewrite to DEP5 copyright format --- debian/changelog | 2 +- debian/copyright | 342 +++++++++++++++++++++++++++++++++++++++++++++++++------ 2 files changed, 309 insertions(+), 35 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 331c1e7..7ea2dde 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,7 +8,7 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium * Declare compliance with Debian Policy 4.1.5 (No changes needed). * New debian/patches/spelling_errors.patch to correct spelling errors. * debian/changelog: - - Remove trailing whitespaces. + - Rewrite to DEP5 copyright format. * debian/control: - Change to my new email address. - Remove trailing whitespaces. diff --git a/debian/copyright b/debian/copyright index bb0313c..a87a863 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,47 +1,321 @@ -This package was debianized by Alberto Gonzalez Iniesta on -Tue, 2 Apr 2002 12:24:50 +0200. +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: OpenVPN +Upstream-Contact: OpenVPN Solutions LLC +Source: https://openvpn.net/ -It was downloaded from http://www.openvpn.net +Files: * +Copyright: 2002-2018 OpenVPN Inc +License: GPL-2 with OpenSSL exception -Upstream Author: James Yonan +Files: aclocal.m4 + compile + config.guess + config.sub + configure + depcomp + ltmain.sh + missing + m4/libtool.m4 + m4/ltversion.m4 +Copyright: 1994-2015 Free Software Foundation, Inc. +License: GPL-2+ -Copyright: (C) 2002-2005 OpenVPN Solutions LLC +Files: */Makefile.* +Copyright: 1994-2015 Free Software Foundation, Inc. + 2002-2018 OpenVPN Inc + 2006-2012 Alon Bar-Lev +License: GPL-2 - This package is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 dated June, 1991. +Files: src/openvpn/crypto.* + src/openvpn/crypto_*.* + src/openvpn/pkcs11_*.* + src/openvpn/ssl* + src/openvpn/tls_* + src/openvpn/openssl_compat.h + tests/unit_tests/openvpn/* +Copyright: 2010-2018 Fox Crypto B.V. +License: GPL-2 - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. +Files: build/ltrc.inc + build/msvc/msvc-generate/Makefile.mak +Copyright: 2008-2012 Alon Bar-Lev +License: GPL-2 - You should have received a copy of the GNU General Public License - along with this package; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301, USA. +Files: build/msvc/msvc-generate/msvc-generate.js +Copyright: 2008-2012 Alon Bar-Lev +License: BSD-3 -On Debian GNU/Linux systems, the complete text of the GNU General -Public License can be found in `/usr/share/common-licenses/GPL-2'. +Files: sample/sample-plugins/log/log_v3.c + src/compat/compat-basename.c + src/compat/compat-daemon.c + src/compat/compat-dirname.c + src/compat/compat-inet_ntop.c + src/compat/compat-inet_pton.c + src/compat/compat.h + src/openvpn/console.c + src/openvpn/console.h + src/openvpn/console_builtin.c + src/openvpn/console_systemd.c + src/openvpn/console_systemd.c + src/openvpn/misc.c + src/openvpn/options.c + src/openvpn/ssl.c + src/plugins/down-root/down-root.c +Copyright: 2010-2016 David Sommerseth +License: GPL-2 - In addition, as a special exception, James Yonan gives - permission to link the code of this program with the OpenSSL - library (or with modified versions of OpenSSL that use the same - license as OpenSSL), and distribute linked combinations including - the two. You must obey the GNU General Public License in all - respects for all of the code used other than OpenSSL. If you modify - this file, you may extend this exception to your version of the - file, but you are not obligated to do so. If you do not wish to - do so, delete this exception statement from your version. +Files: src/compat/compat-lz4.c + src/compat/compat-lz4.h +Copyright: 2011-2016 Yann Collet +License: BSD-2 -Markus F.X.J. Oberhumer made the following -exception in LZO's license to make possible the use of LZO with OpenSSL -in OpenVPN: +Files: src/openvpn/base64.c + src/openvpn/base64.h +Copyright: 1995 -2001 Kungliga Tekniska Högskolan +License: BSD-3 - Hereby I grant a special exception to the OpenVPN project - (http://openvpn.sourceforge.net) to link the LZO library with - the OpenSSL library (http://www.openssl.org). +Files: include/openvpn-msg.h + src/openvpnserv/common.c + src/openvpnserv/service.h + src/openvpnserv/interactive.c +Copyright: 2011-2018 Heiko Hund +License: GPL-2 - Markus F.X.J. Oberhumer +Files: src/openvpn/block_dns.c +Copyright: 2002-2018 OpenVPN Inc + 2015-2016 + 2016 Selva Nair +License: GPL-2 +Files: src/openvpn/block_dns.h + src/openvpnserv/validate.h + src/openvpnserv/validate.c +Copyright: 2016 Selva Nair +License: GPL-2 +Files: src/openvpn/comp-lz4.c + src/openvpn/comp-lz4.h +Copyright: 2002-2018 OpenVPN Inc + 2013-2018 Gert Doering +License: GPL-2 + +Files: src/openvpn/cryptoapi.c +Copyright: 2004 Peter 'Luna' Runestig +License: BSD-3 + +Files: src/openvpn/ntlm.c +Copyright: 2004 William Preston +License: GPL-2 + +Files: src/openvpn/ssl_mbedtls.c +Copyright: 2002-2018 OpenVPN Inc + 2010-2018 Fox Crypto B.V. + 2006-2010 Brainspark B.V. +License: GPL-2 + +Files: src/openvpn/ssl_mbedtls.h +Copyright: 2002-2018 OpenVPN Inc + 2010-2018 Fox Crypto B.V. +License: GPL-2 + +Files: src/openvpnserv/service.c +Copyright: 1993-2000 Microsoft Corporation + 2013 Heiko Hund +License: other + +Files: sample/sample-keys/gen-sample-keys.sh +Copyright: 2014 Steffan Karger +License: GPL-2 + +Files: m4/pkg.m4 +Copyright: 2004 Scott James Remnant . +License: GPL-2+ + +Files: install-sh +Copyright: 1994 X Consortium +License: MIT + +Files: tests/t_cltsrv.sh +Copyright: 2005-2008 Matthias Andree +License: GPL-2+ + +Files: tests/t_lpback.sh +Copyright: 2005 Matthias Andree + 2014 Steffan Karger +License: GPL-2+ + +Files: debian/* +Copyright: 2002-2017 Alberto Gonzalez Iniesta + 2017-2018 Bernhard Schmidt + 2017-2018 Jörg Frings-Fürst +License: GPL-3+ + +License: BSD-2 + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-3 + All rights reserved. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + 3. Neither the name of the copyright holder nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +License: GPL-2 + This program is free software; you can redistribute it + and/or modify it under the terms of the GNU General Public + License as published by the Free Software Foundation version + 2 of the License. + . + This program is distributed in the hope that it will be + useful, but WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. See the GNU General Public License for more + details. + . + You should have received a copy of the GNU General Public + License along with this package; if not, write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. + +License: GPL-2 with OpenSSL exception + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License. + . + This program is distributed in the hope that it will be useful, but + is provided AS IS, WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, and + NON-INFRINGEMENT. See the GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + The complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. + . + In addition, as a special exception, the copyright holders give + permission to link the code of portions of this program with the + OpenSSL library under certain conditions as described in each + individual source file, and distribute linked combinations + including the two. + You must obey the GNU General Public License in all respects + for all of the code used other than OpenSSL. If you modify + file(s) with this exception, you may extend this exception to your + version of the file(s), but you are not obligated to do so. If you + do not wish to do so, delete this exception statement from your + version. If you delete this exception statement from all source + files in the program, then also delete it here. + +License: GPL-2+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + The complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. + +License: GPL-3+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see + . + On Debian systems, the complete text of the GNU General + Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". + +License: MIT + All rights reserved. No part of this source code may be reproduced, + stored in a retrieval system, or transmitted, in any form or by any + means, electronic, mechanical, photocopying, recording or otherwise, + except as stated in the end-user licence agreement, without the prior + permission of the copyright owners. + . + Permission to use, copy, modify, and distribute this software and its + documentation for any purpose and without fee is hereby granted, provided + that the above copyright notice appear in all copies and that both that + copyright notice and this permission notice appear in supporting + documentation, and that the name of OSF, UI or X/Open not be used in + advertising or publicity pertaining to distribution of the software + without specific, written prior permission. OSF, UI and X/Open make + no representations about the suitability of this software for any purpose. + It is provided "as is" without express or implied warranty. + . + OSF, UI and X/Open DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + EVENT SHALL OSF, UI or X/Open BE LIABLE FOR ANY SPECIAL, INDIRECT OR + CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + PERFORMANCE OF THIS SOFTWARE. + +License: other + THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF + ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED + TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A + PARTICULAR PURPOSE. -- cgit v1.2.3 From 10292fcccfdbdbfdf75529872faeb502ceef0c89 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 29 Jul 2018 21:45:32 +0200 Subject: d/watch: Use secure URI --- debian/changelog | 2 ++ debian/watch | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 7ea2dde..0b4e2c8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -15,6 +15,8 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium * debian/rules: - Remove trailing whitespaces. - Replace outdated dh_installsystemd with dh_systemd_start. + * debian/watch: + - Use secure URI. -- Jörg Frings-Fürst Sun, 29 Jul 2018 13:59:15 +0200 diff --git a/debian/watch b/debian/watch index bffdf20..cda3cd9 100644 --- a/debian/watch +++ b/debian/watch @@ -1,3 +1,3 @@ -version=3 -http://openvpn.net/index.php/open-source/downloads.html \ +version=4 +https://openvpn.net/index.php/open-source/downloads.html \ (?:|.*/)openvpn(?:[_\-]v?|)(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) -- cgit v1.2.3 From 880051903016a9118576e933bf99c33a4acb6c5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 29 Jul 2018 22:21:33 +0200 Subject: New d/p/systemd.patch to remove obsolete syslog.target --- debian/changelog | 1 + debian/patches/series | 1 + debian/patches/systemd.patch | 29 +++++++++++++++++++++++++++++ debian/rules | 1 + 4 files changed, 32 insertions(+) create mode 100644 debian/patches/systemd.patch (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 0b4e2c8..fe7a601 100644 --- a/debian/changelog +++ b/debian/changelog @@ -7,6 +7,7 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium - Bump minimum debhelper version in debian/control to >= 11. * Declare compliance with Debian Policy 4.1.5 (No changes needed). * New debian/patches/spelling_errors.patch to correct spelling errors. + * New debian/patches/systemd.patch to remove obsolete syslog.target. * debian/changelog: - Rewrite to DEP5 copyright format. * debian/control: diff --git a/debian/patches/series b/debian/patches/series index e925012..a903d3d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -5,3 +5,4 @@ openvpn-pkcs11warn.patch kfreebsd_support.patch match-manpage-and-command-help.patch spelling_errors.patch +systemd.patch diff --git a/debian/patches/systemd.patch b/debian/patches/systemd.patch new file mode 100644 index 0000000..ccbecfd --- /dev/null +++ b/debian/patches/systemd.patch @@ -0,0 +1,29 @@ +Description: remove syslog.target +Author: Jörg Frings-Fürst +Last-Update: 2018-07-29 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/distro/systemd/openvpn-client@.service.in +=================================================================== +--- trunk.orig/distro/systemd/openvpn-client@.service.in ++++ trunk/distro/systemd/openvpn-client@.service.in +@@ -1,6 +1,6 @@ + [Unit] + Description=OpenVPN tunnel for %I +-After=syslog.target network-online.target ++After=network-online.target + Wants=network-online.target + Documentation=man:openvpn(8) + Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage +Index: trunk/distro/systemd/openvpn-server@.service.in +=================================================================== +--- trunk.orig/distro/systemd/openvpn-server@.service.in ++++ trunk/distro/systemd/openvpn-server@.service.in +@@ -1,6 +1,6 @@ + [Unit] + Description=OpenVPN service for %I +-After=syslog.target network-online.target ++After=network-online.target + Wants=network-online.target + Documentation=man:openvpn(8) + Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage diff --git a/debian/rules b/debian/rules index a2e2395..034bd7c 100755 --- a/debian/rules +++ b/debian/rules @@ -61,6 +61,7 @@ override_dh_auto_install: ifeq ($(DEB_HOST_ARCH_OS), linux) cat debian/openvpn.conf >> $(CURDIR)/debian/openvpn/usr/lib/tmpfiles.d/openvpn.conf endif + $(RM) $(CURDIR)/debian/openvpn/usr/share/doc/COPYING override_dh_installexamples: dh_installexamples -- cgit v1.2.3 From 1e99d905950ff0d23522d57349f6da5b5a8b3927 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 29 Jul 2018 22:33:51 +0200 Subject: Remove usr/share/doc/openvpn/COPYING --- debian/changelog | 1 + debian/rules | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index fe7a601..eeedea7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -16,6 +16,7 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium * debian/rules: - Remove trailing whitespaces. - Replace outdated dh_installsystemd with dh_systemd_start. + - Remove usr/share/doc/openvpn/COPYING. * debian/watch: - Use secure URI. diff --git a/debian/rules b/debian/rules index 034bd7c..ffb411f 100755 --- a/debian/rules +++ b/debian/rules @@ -61,7 +61,7 @@ override_dh_auto_install: ifeq ($(DEB_HOST_ARCH_OS), linux) cat debian/openvpn.conf >> $(CURDIR)/debian/openvpn/usr/lib/tmpfiles.d/openvpn.conf endif - $(RM) $(CURDIR)/debian/openvpn/usr/share/doc/COPYING + $(RM) $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/COPYING override_dh_installexamples: dh_installexamples -- cgit v1.2.3 From eebdf9ccc5be2000041f000ea453d1389fc3c078 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 29 Jul 2018 22:49:25 +0200 Subject: d/rules: Replace rm -f with --- debian/changelog | 1 + debian/rules | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index eeedea7..7e08ace 100644 --- a/debian/changelog +++ b/debian/changelog @@ -17,6 +17,7 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium - Remove trailing whitespaces. - Replace outdated dh_installsystemd with dh_systemd_start. - Remove usr/share/doc/openvpn/COPYING. + - Replace rm -f with $(RM). * debian/watch: - Use secure URI. diff --git a/debian/rules b/debian/rules index ffb411f..7bec9d2 100755 --- a/debian/rules +++ b/debian/rules @@ -52,7 +52,7 @@ override_dh_auto_install: install -m 755 debian/openvpn.if-up.d $(CURDIR)/debian/openvpn/etc/network/if-up.d/openvpn install -m 755 debian/openvpn.if-down.d $(CURDIR)/debian/openvpn/etc/network/if-down.d/openvpn # remove unwanted plugin files - rm -f $(CURDIR)/debian/openvpn/usr/lib/$(DEB_HOST_GNU_TYPE)/openvpn/plugins/*.la + $(RM) $(CURDIR)/debian/openvpn/usr/lib/$(DEB_HOST_GNU_TYPE)/openvpn/plugins/*.la # resolvconf script install -m 755 debian/update-resolv-conf $(CURDIR)/debian/openvpn/etc/openvpn/update-resolv-conf # bash completion @@ -66,10 +66,10 @@ endif override_dh_installexamples: dh_installexamples ## remove windoze stuff - rm -rf $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/easy-rsa/Windows - rm -rf $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/sample + $(RM) -r $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/easy-rsa/Windows + $(RM) -r $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/sample # remove gitignore file from samples - rm -f $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/sample-keys/.gitignore + $(RM) $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/sample-keys/.gitignore override_dh_installinit: dh_installinit --no-start -- defaults 16 80 -- cgit v1.2.3 From e7c052fd23133624157f80bb978245470daca639 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sun, 29 Jul 2018 22:51:18 +0200 Subject: Remove obsolete debian/openvpn.lintian-overrides --- debian/changelog | 1 + debian/openvpn.lintian-overrides | 4 ---- 2 files changed, 1 insertion(+), 4 deletions(-) delete mode 100644 debian/openvpn.lintian-overrides (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 7e08ace..241365a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -20,6 +20,7 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium - Replace rm -f with $(RM). * debian/watch: - Use secure URI. + * Remove obsolete debian/openvpn.lintian-overrides. -- Jörg Frings-Fürst Sun, 29 Jul 2018 13:59:15 +0200 diff --git a/debian/openvpn.lintian-overrides b/debian/openvpn.lintian-overrides deleted file mode 100644 index 91ae65a..0000000 --- a/debian/openvpn.lintian-overrides +++ /dev/null @@ -1,4 +0,0 @@ -# ChangeLog and Changes.rst are not the same. -# ChangeLog contains the source changes and Changes.rst describes -# the program development. -duplicate-changelog-files -- cgit v1.2.3 From 1c54daf5d79ed0df33b66a5e91d919fefe11b77a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Mon, 30 Jul 2018 07:14:53 +0200 Subject: Close upstream fixed bugs --- debian/changelog | 2 ++ 1 file changed, 2 insertions(+) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 241365a..9bf7738 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,8 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium * New upstream release. - Refresh patches. + - Fix "does not start if link-mtu is too low" (Closes: #867113). + - Fix "auth-tokens are purged if auth-nocache is set" (Closes: #883601). * Migrate to debhelper 11: - Change debian/compat to 11. - Bump minimum debhelper version in debian/control to >= 11. -- cgit v1.2.3 From e94cf198efec5862a3979bdc47157bd3f33e8244 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Mon, 30 Jul 2018 07:30:53 +0200 Subject: preserve order of pushed parameters in update-resolv-conf --- debian/changelog | 2 ++ debian/control | 3 ++- debian/update-resolv-conf | 3 ++- 3 files changed, 6 insertions(+), 2 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 9bf7738..a55e74e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -23,6 +23,8 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium * debian/watch: - Use secure URI. * Remove obsolete debian/openvpn.lintian-overrides. + * Fix "preserve order of pushed parameters in update-resolv-conf" + (Closes: #807808). Thanks to Thibaut Chèze. -- Jörg Frings-Fürst Sun, 29 Jul 2018 13:59:15 +0200 diff --git a/debian/control b/debian/control index 41a7788..7fa8fcd 100644 --- a/debian/control +++ b/debian/control @@ -32,7 +32,8 @@ Depends: lsb-base (>= 3.0-6) Suggests: openssl, - resolvconf + resolvconf, + coreutils Recommends: easy-rsa Description: virtual private network daemon OpenVPN is an application to securely tunnel IP networks over a diff --git a/debian/update-resolv-conf b/debian/update-resolv-conf index fc2f031..5bebaa4 100644 --- a/debian/update-resolv-conf +++ b/debian/update-resolv-conf @@ -30,7 +30,8 @@ case "$script_type" in up) NMSRVRS="" SRCHS="" - for optionvarname in ${!foreign_option_*} ; do + foreign_options=$(printf '%s\n' ${!foreign_option_*} | sort -t _ -k 3 -g) + for optionvarname in ${foreign_options} ; do option="${!optionvarname}" echo "$option" split_into_parts $option -- cgit v1.2.3 From a46f14d0910a892004a90bb0e246d30daa7d7003 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Mon, 30 Jul 2018 07:46:26 +0200 Subject: New README.source to explain the branching model used --- debian/README.source | 18 ++++++++++++++++++ debian/changelog | 1 + 2 files changed, 19 insertions(+) create mode 100644 debian/README.source (limited to 'debian') diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..b286c8f --- /dev/null +++ b/debian/README.source @@ -0,0 +1,18 @@ +Hello, + +now I use the branching model from Vincent Driessen[1]. + +I use the gitflow-avh[2]. with the Documentation[3]. +The Debian package can be found here[4]. + +Please upload unattended uploads use a branch feature/. + + +Many thanks. + + -- Jörg Frings-Fürst Sun, 29 Jul 2018 13:59:15 +0200 + +[1] http://nvie.com/posts/a-successful-git-branching-model/ +[2] https://github.com/petervanderdoes/gitflow-avh +[3] https://github.com/petervanderdoes/gitflow-avh/wiki +[4] https://tracker.debian.org/pkg/git-flow diff --git a/debian/changelog b/debian/changelog index a55e74e..eda4a49 100644 --- a/debian/changelog +++ b/debian/changelog @@ -25,6 +25,7 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium * Remove obsolete debian/openvpn.lintian-overrides. * Fix "preserve order of pushed parameters in update-resolv-conf" (Closes: #807808). Thanks to Thibaut Chèze. + * New README.source to explain the branching model used. -- Jörg Frings-Fürst Sun, 29 Jul 2018 13:59:15 +0200 -- cgit v1.2.3 From a8169a774bb7cc60bd2aa3efde295114933a51b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Mon, 30 Jul 2018 13:03:57 +0200 Subject: d/update-resolv-conf: Add syslog message if used without binary resolvconf --- debian/changelog | 7 +++++-- debian/update-resolv-conf | 6 +++++- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index eda4a49..4825d1d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -20,11 +20,14 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium - Replace outdated dh_installsystemd with dh_systemd_start. - Remove usr/share/doc/openvpn/COPYING. - Replace rm -f with $(RM). + * debian/update-resolv-conf: + - Fix "preserve order of pushed parameters" (Closes: #807808). + Thanks to Thibaut Chèze. + - Add syslog message if used without binary resolvconf (Closes: #895135). + Thanks to Roger Price . * debian/watch: - Use secure URI. * Remove obsolete debian/openvpn.lintian-overrides. - * Fix "preserve order of pushed parameters in update-resolv-conf" - (Closes: #807808). Thanks to Thibaut Chèze. * New README.source to explain the branching model used. -- Jörg Frings-Fürst Sun, 29 Jul 2018 13:59:15 +0200 diff --git a/debian/update-resolv-conf b/debian/update-resolv-conf index 5bebaa4..61b15d9 100644 --- a/debian/update-resolv-conf +++ b/debian/update-resolv-conf @@ -15,7 +15,11 @@ # foreign_option_3='dhcp-option DOMAIN be.bnc.ch' # -[ -x /sbin/resolvconf ] || exit 0 +if [ ! -x /sbin/resolvconf ] ; then + logger "[OpenVPN:update-resolve-conf] missing binary /sbin/resolvconf"; + exit 0; +fi + [ "$script_type" ] || exit 0 [ "$dev" ] || exit 0 -- cgit v1.2.3 From e0a1489c27a63a85fdd4a7665baab21e42efca99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Mon, 30 Jul 2018 13:18:40 +0200 Subject: Remove essential package coreutils from Suggests --- debian/control | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'debian') diff --git a/debian/control b/debian/control index 7fa8fcd..41a7788 100644 --- a/debian/control +++ b/debian/control @@ -32,8 +32,7 @@ Depends: lsb-base (>= 3.0-6) Suggests: openssl, - resolvconf, - coreutils + resolvconf Recommends: easy-rsa Description: virtual private network daemon OpenVPN is an application to securely tunnel IP networks over a -- cgit v1.2.3 From e1243d3c551076d879f38a27c648fd9b8d76b354 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Mon, 30 Jul 2018 14:17:36 +0200 Subject: d/changelog: Change date/time --- debian/changelog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 4825d1d..7f4b2a4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,6 @@ -openvpn (2.4.6-1) UNRELEASED; urgency=medium +openvpn (2.4.6-1) unstable; urgency=medium + [ Jörg Frings-Fürst ] * New upstream release. - Refresh patches. - Fix "does not start if link-mtu is too low" (Closes: #867113). @@ -30,7 +31,7 @@ openvpn (2.4.6-1) UNRELEASED; urgency=medium * Remove obsolete debian/openvpn.lintian-overrides. * New README.source to explain the branching model used. - -- Jörg Frings-Fürst Sun, 29 Jul 2018 13:59:15 +0200 + -- Jörg Frings-Fürst Mon, 30 Jul 2018 14:08:13 +0200 openvpn (2.4.5-1) unstable; urgency=medium -- cgit v1.2.3 From f888fc8a5dc53491830353c83315a8fffd202d29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sat, 4 Aug 2018 16:44:36 +0200 Subject: d/openvpn-generator: Use service file from /etc/systemd/system if exists --- debian/changelog | 7 +++++++ debian/openvpn-generator | 11 +++++++++++ 2 files changed, 18 insertions(+) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 7f4b2a4..989a4b4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +openvpn (2.4.6-2) UNRELEASED; urgency=medium + + * debian/openvpn-generator: + - Use service file from /etc/systemd/system if exists (Closes: #905392). + + -- Jörg Frings-Fürst Sat, 04 Aug 2018 15:14:58 +0200 + openvpn (2.4.6-1) unstable; urgency=medium [ Jörg Frings-Fürst ] diff --git a/debian/openvpn-generator b/debian/openvpn-generator index d6ac1aa..b51344f 100755 --- a/debian/openvpn-generator +++ b/debian/openvpn-generator @@ -4,16 +4,27 @@ # tunnels listed in /etc/default/openvpn's AUTOSTART be started/stopped/reloaded # when openvpn.service is started/stopped/reloaded. +# +# Changelog: +# +# 2018-08-04 jff use service file from /etc/systemd/system if exists. +# + set -eu GENDIR="$1" WANTDIR="$1/openvpn.service.wants" SERVICEFILE="/lib/systemd/system/openvpn@.service" +SERVICEFILEMAN="/etc/systemd/system/openvpn@.service" AUTOSTART="all" CONFIG_DIR=/etc/openvpn mkdir -p "$WANTDIR" +if test -e ${SERVICEFILEMAN} ; then + SERVICEFILE=${SERVICEFILEMAN} +fi + if test -e /etc/default/openvpn ; then . /etc/default/openvpn fi -- cgit v1.2.3 From d5078cc44b8919a25cb7507e9e6da1d66f25bb5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Frings-F=C3=BCrst?= Date: Sat, 4 Aug 2018 17:03:05 +0200 Subject: Reverted to justified commit --- debian/changelog | 7 ------- debian/openvpn-generator | 11 ----------- 2 files changed, 18 deletions(-) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 989a4b4..7f4b2a4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,3 @@ -openvpn (2.4.6-2) UNRELEASED; urgency=medium - - * debian/openvpn-generator: - - Use service file from /etc/systemd/system if exists (Closes: #905392). - - -- Jörg Frings-Fürst Sat, 04 Aug 2018 15:14:58 +0200 - openvpn (2.4.6-1) unstable; urgency=medium [ Jörg Frings-Fürst ] diff --git a/debian/openvpn-generator b/debian/openvpn-generator index b51344f..d6ac1aa 100755 --- a/debian/openvpn-generator +++ b/debian/openvpn-generator @@ -4,27 +4,16 @@ # tunnels listed in /etc/default/openvpn's AUTOSTART be started/stopped/reloaded # when openvpn.service is started/stopped/reloaded. -# -# Changelog: -# -# 2018-08-04 jff use service file from /etc/systemd/system if exists. -# - set -eu GENDIR="$1" WANTDIR="$1/openvpn.service.wants" SERVICEFILE="/lib/systemd/system/openvpn@.service" -SERVICEFILEMAN="/etc/systemd/system/openvpn@.service" AUTOSTART="all" CONFIG_DIR=/etc/openvpn mkdir -p "$WANTDIR" -if test -e ${SERVICEFILEMAN} ; then - SERVICEFILE=${SERVICEFILEMAN} -fi - if test -e /etc/default/openvpn ; then . /etc/default/openvpn fi -- cgit v1.2.3 From cfed1750c0b48781fdaad2c97d076d5f9df90a6d Mon Sep 17 00:00:00 2001 From: Simon Deziel Date: Mon, 26 Nov 2018 11:34:49 -0500 Subject: d/control: suggests openvpn-systemd-resolved --- debian/control | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'debian') diff --git a/debian/control b/debian/control index 41a7788..f546f4f 100644 --- a/debian/control +++ b/debian/control @@ -32,7 +32,8 @@ Depends: lsb-base (>= 3.0-6) Suggests: openssl, - resolvconf + resolvconf, + openvpn-systemd-resolved Recommends: easy-rsa Description: virtual private network daemon OpenVPN is an application to securely tunnel IP networks over a -- cgit v1.2.3 From 5fd18a24d4e47f0baba4a9b74a6308ca75f9d820 Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Wed, 20 Feb 2019 14:17:05 +0100 Subject: adjust kfreebsd_support.patch for new upstream version --- debian/patches/kfreebsd_support.patch | 58 +++++++++++++++-------------------- 1 file changed, 24 insertions(+), 34 deletions(-) (limited to 'debian') diff --git a/debian/patches/kfreebsd_support.patch b/debian/patches/kfreebsd_support.patch index 7780e0d..4e89f32 100644 --- a/debian/patches/kfreebsd_support.patch +++ b/debian/patches/kfreebsd_support.patch @@ -1,11 +1,9 @@ Description: Improve kFreeBSD support Author: Gonéri Le Bouder Bug-Debian: http://bugs.debian.org/626062 -Index: trunk/src/openvpn/route.c -=================================================================== ---- trunk.orig/src/openvpn/route.c -+++ trunk/src/openvpn/route.c -@@ -1693,7 +1693,7 @@ add_route(struct route_ipv4 *r, +--- a/src/openvpn/route.c ++++ b/src/openvpn/route.c +@@ -1693,7 +1693,7 @@ argv_msg(D_ROUTE, &argv); status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed"); @@ -14,7 +12,7 @@ Index: trunk/src/openvpn/route.c argv_printf(&argv, "%s add", ROUTE_PATH); -@@ -1879,7 +1879,7 @@ add_route_ipv6(struct route_ipv6 *r6, co +@@ -1879,7 +1879,7 @@ network = print_in6_addr( r6->network, 0, &gc); gateway = print_in6_addr( r6->gateway, 0, &gc); @@ -23,7 +21,7 @@ Index: trunk/src/openvpn/route.c || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) -@@ -2047,7 +2047,7 @@ add_route_ipv6(struct route_ipv6 *r6, co +@@ -2047,7 +2047,7 @@ argv_msg(D_ROUTE, &argv); status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed"); @@ -32,7 +30,7 @@ Index: trunk/src/openvpn/route.c argv_printf(&argv, "%s add -inet6 %s/%d", ROUTE_PATH, -@@ -2239,7 +2239,7 @@ delete_route(struct route_ipv4 *r, +@@ -2239,7 +2239,7 @@ argv_msg(D_ROUTE, &argv); openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed"); @@ -41,7 +39,7 @@ Index: trunk/src/openvpn/route.c argv_printf(&argv, "%s delete -net %s %s %s", ROUTE_PATH, -@@ -2346,7 +2346,7 @@ delete_route_ipv6(const struct route_ipv +@@ -2346,7 +2346,7 @@ network = print_in6_addr( r6->network, 0, &gc); gateway = print_in6_addr( r6->gateway, 0, &gc); @@ -50,7 +48,7 @@ Index: trunk/src/openvpn/route.c || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) -@@ -2481,7 +2481,7 @@ delete_route_ipv6(const struct route_ipv +@@ -2481,7 +2481,7 @@ argv_msg(D_ROUTE, &argv); openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed"); @@ -59,7 +57,7 @@ Index: trunk/src/openvpn/route.c argv_printf(&argv, "%s delete -inet6 %s/%d", ROUTE_PATH, -@@ -3532,7 +3532,8 @@ done: +@@ -3532,7 +3532,8 @@ #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \ || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ @@ -69,20 +67,18 @@ Index: trunk/src/openvpn/route.c #include #include -Index: trunk/src/openvpn/tun.c -=================================================================== ---- trunk.orig/src/openvpn/tun.c -+++ trunk/src/openvpn/tun.c -@@ -845,7 +845,7 @@ delete_route_connected_v6_net(struct tun +--- a/src/openvpn/tun.c ++++ b/src/openvpn/tun.c +@@ -845,7 +845,7 @@ #endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */ #if defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ -- || defined(TARGET_OPENBSD) -+ || defined(TARGET_OPENBSD) || defined(__FreeBSD_kernel__) +- || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) ++ || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) || defined(__FreeBSD_kernel__) /* we can't use true subnet mode on tun on all platforms, as that * conflicts with IPv6 (wants to use ND then, which we don't do), * but the OSes want "a remote address that is different from ours" -@@ -1414,7 +1414,7 @@ do_ifconfig(struct tuntap *tt, +@@ -1429,7 +1429,7 @@ add_route_connected_v6_net(tt, es); } @@ -91,7 +87,7 @@ Index: trunk/src/openvpn/tun.c in_addr_t remote_end; /* for "virtual" subnet topology */ -@@ -2770,7 +2770,7 @@ read_tun(struct tuntap *tt, uint8_t *buf +@@ -2785,7 +2785,7 @@ } } @@ -100,11 +96,9 @@ Index: trunk/src/openvpn/tun.c static inline int freebsd_modify_read_write_return(int len) -Index: trunk/src/openvpn/lladdr.c -=================================================================== ---- trunk.orig/src/openvpn/lladdr.c -+++ trunk/src/openvpn/lladdr.c -@@ -50,7 +50,7 @@ set_lladdr(const char *ifname, const cha +--- a/src/openvpn/lladdr.c ++++ b/src/openvpn/lladdr.c +@@ -50,7 +50,7 @@ "%s %s lladdr %s", IFCONFIG_PATH, ifname, lladdr); @@ -113,10 +107,8 @@ Index: trunk/src/openvpn/lladdr.c argv_printf(&argv, "%s %s ether %s", IFCONFIG_PATH, -Index: trunk/src/openvpn/syshead.h -=================================================================== ---- trunk.orig/src/openvpn/syshead.h -+++ trunk/src/openvpn/syshead.h +--- a/src/openvpn/syshead.h ++++ b/src/openvpn/syshead.h @@ -297,7 +297,7 @@ #endif /* TARGET_OPENBSD */ @@ -126,11 +118,9 @@ Index: trunk/src/openvpn/syshead.h #ifdef HAVE_SYS_UIO_H #include -Index: trunk/src/openvpn/ssl.c -=================================================================== ---- trunk.orig/src/openvpn/ssl.c -+++ trunk/src/openvpn/ssl.c -@@ -2265,7 +2265,7 @@ push_peer_info(struct buffer *buf, struc +--- a/src/openvpn/ssl.c ++++ b/src/openvpn/ssl.c +@@ -2270,7 +2270,7 @@ buf_printf(&out, "IV_PLAT=mac\n"); #elif defined(TARGET_NETBSD) buf_printf(&out, "IV_PLAT=netbsd\n"); -- cgit v1.2.3 From d391b6992cfe5223aa58e714ec6710bd63013db4 Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Wed, 20 Feb 2019 14:27:32 +0100 Subject: Add CAP_AUDIT_WRITE for auth_pam Same change has been done upstream in 2.4.7 Closes: #868806 --- debian/openvpn@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'debian') diff --git a/debian/openvpn@.service b/debian/openvpn@.service index 7f0134b..70153e1 100644 --- a/debian/openvpn@.service +++ b/debian/openvpn@.service @@ -17,7 +17,7 @@ ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 PIDFile=/run/openvpn/%i.pid KillMode=process ExecReload=/bin/kill -HUP $MAINPID -CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE LimitNPROC=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw -- cgit v1.2.3 From 89368d36202104dd4bc3827ab0611b229de05b27 Mon Sep 17 00:00:00 2001 From: Hilko Bengen Date: Tue, 19 Feb 2019 10:37:53 +0100 Subject: Avoid hangs when spawhning child processes by not setting pkcs11-helper "safe fork mode" (Closes: #772812, #900805, #907452) --- debian/patches/fix-pkcs11-helper-hang.patch | 13 +++++++++++++ debian/patches/series | 1 + 2 files changed, 14 insertions(+) create mode 100644 debian/patches/fix-pkcs11-helper-hang.patch (limited to 'debian') diff --git a/debian/patches/fix-pkcs11-helper-hang.patch b/debian/patches/fix-pkcs11-helper-hang.patch new file mode 100644 index 0000000..41d9be1 --- /dev/null +++ b/debian/patches/fix-pkcs11-helper-hang.patch @@ -0,0 +1,13 @@ +Index: openvpn/src/openvpn/pkcs11.c +=================================================================== +--- openvpn.orig/src/openvpn/pkcs11.c ++++ openvpn/src/openvpn/pkcs11.c +@@ -312,7 +312,7 @@ pkcs11_initialize( + + pkcs11h_setLogLevel(_pkcs11_msg_openvpn2pkcs11(get_debug_level())); + +- if ((rv = pkcs11h_setForkMode(TRUE)) != CKR_OK) ++ if ((rv = pkcs11h_setForkMode(FALSE)) != CKR_OK) + { + msg(M_FATAL, "PKCS#11: Cannot set fork mode %ld-'%s'", rv, pkcs11h_getMessage(rv)); + goto cleanup; diff --git a/debian/patches/series b/debian/patches/series index a903d3d..8b19c3d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,3 +6,4 @@ kfreebsd_support.patch match-manpage-and-command-help.patch spelling_errors.patch systemd.patch +fix-pkcs11-helper-hang.patch -- cgit v1.2.3 From 99c03fd1819e604fada367d984322c464041478b Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Wed, 20 Feb 2019 14:32:33 +0100 Subject: openvpn@.service: Bump LimitNPROC to 100 This generally seems to be the wrong knob to protect against runaway forks (as it does not limit per instance, but per user systemwide), but a general mediation is still under discussion. Meanwhile bump the limit for the Debian unit to 100. Upstream openvpn-client@.service and openvpn-server@.service still use 10 See Bug#861923 for discussion. --- debian/openvpn@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'debian') diff --git a/debian/openvpn@.service b/debian/openvpn@.service index 70153e1..da7adc7 100644 --- a/debian/openvpn@.service +++ b/debian/openvpn@.service @@ -18,7 +18,7 @@ PIDFile=/run/openvpn/%i.pid KillMode=process ExecReload=/bin/kill -HUP $MAINPID CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE -LimitNPROC=10 +LimitNPROC=100 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true -- cgit v1.2.3 From a351f71e82badcc71a2ce881bbb97eccfcebc06b Mon Sep 17 00:00:00 2001 From: Bernhard Schmidt Date: Wed, 20 Feb 2019 22:31:39 +0100 Subject: Changelog for 2.4.7-1 --- debian/changelog | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 7f4b2a4..f676f8d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,22 @@ +openvpn (2.4.7-1) unstable; urgency=medium + + [ Bernhard Schmidt ] + * New upstream version 2.4.7 + - improvements regarding TLSv1.3 + - Add CAP_AUDIT_WRITE for auth_pam for upstream units (Closes: #868806) + * adjust kfreebsd_support.patch for new upstream version + * Also Add CAP_AUDIT_WRITE for auth_pam for openvpn@.service (Closes: #868806) + * openvpn@.service: Bump LimitNPROC to 100, see #861923 + + [ Simon Deziel ] + * d/control: suggests openvpn-systemd-resolved (Closes: #913265) + + [ Hilko Bengen ] + * Avoid hangs when spawning child processes by not setting pkcs11-helper + "safe fork mode" (Closes: #772812, #900805, #907452) + + -- Bernhard Schmidt Wed, 20 Feb 2019 14:50:03 +0100 + openvpn (2.4.6-1) unstable; urgency=medium [ Jörg Frings-Fürst ] -- cgit v1.2.3