openvpn (2.1~rc7-1ubuntu3.3) hardy-security; urgency=low * init.c: send modulus to openssl-vulnkey rather than calling openssl-vulnkey on the file. This allows for password protected ssl keys (LP: #230197) * debian/control: Depends on openssl-blacklist > 0.3.2 -- Jamie Strandboge Wed, 11 Jun 2008 13:39:12 -0400 openvpn (2.1~rc7-1ubuntu3.2) hardy-security; urgency=low * init.c: Do not attempt to verify the key file with openvpn-vulnkey if it is not accessible (any more). This happens when using the 'user', 'group', or 'chroot' options in multi-client mode, and the SSL key file thus becomes unreadable from the second time on. If the key file is not accessible at the very start, this is already handled anyway, so we can safely ignore this condition. (LP: #230208) Note that this is not an issue when using pre-shared keys (do_init_crypto_static(), since multi-client mode only works with TLS. However, we also check it here just to be on the safe side. -- Martin Pitt Wed, 14 May 2008 12:57:19 +0200 openvpn (2.1~rc7-1ubuntu3.1) hardy-security; urgency=low * SECURITY UPDATE: don't allow use of known vulnerable weak SSL/TLS and shared secret keys caused by Debian openssl bug * init.c: patch do_init_crypto_static() to use openvpn-vulnkey and do_init_crypto_tls() to use openssl-vulnkey * debian/control: Depends on libssl0.9.8 (>= 0.9.8g-4ubuntu3.1), openssl-blacklist and openvpn-blacklist * add critical debconf note * References CVE-2008-0166 http://www.ubuntu.com/usn/usn-612-1 -- Jamie Strandboge Mon, 12 May 2008 23:13:27 -0400 openvpn (2.1~rc7-1ubuntu3) hardy; urgency=low * More init script LSB compliance. (LP: #134210) * Added warning about max-locked-memory-limit to Readme.Debian. (LP: #154696) -- Chuck Short Wed, 20 Feb 2008 13:43:29 -0500 openvpn (2.1~rc7-1ubuntu2) hardy; urgency=low * Made init script more lsb compliant. -- Chuck Short Fri, 15 Feb 2008 09:33:14 -0500 openvpn (2.1~rc7-1ubuntu1) hardy; urgency=low * New upstream version (LP: #157144). * Disable creation of tun, let udev handle it. -- Chuck Short Tue, 12 Feb 2008 07:48:51 -0500 openvpn (2.1~rc4-2) unstable; urgency=low * Upload to unstable. New upstream fixes: - Bug with: Assertion failed at multi.c. (Closes: #411633) - Hangs with tcp clients goin down with new option: --connect-timeout. (Closes: #296834) * Use rm -f to remove PIDFILE, in case rm wants to ask. (Closes: #429932) * Updated Vietnamese debconf templates. (Closes: #427048) Thanks Clytie Siddall. * Added note on resolvconf use with openvpn. (Closes: #451319) -- Alberto Gonzalez Iniesta Sat, 08 Dec 2007 21:58:05 +0100 openvpn (2.1~rc4-1) experimental; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Mon, 22 Oct 2007 20:59:46 +0200 openvpn (2.1~rc2-1) experimental; urgency=low * Just forward-push the Debian patches to the new version, and upload to experimental (with permission of the maintainer). -- Andreas Barth Thu, 19 Apr 2007 18:23:59 +0200 openvpn (2.0.9-8) unstable; urgency=low * Install /etc/openvpn/update-resolv-conf with correct permissions -- Alberto Gonzalez Iniesta Sat, 19 May 2007 18:12:12 +0200 openvpn (2.0.9-7) unstable; urgency=low * Added script to update resolv.conf with server's settings. The script is located in the /etc/openvpn/ directory. Thanks a lot Christof Lauber for the script. Added resolvconf to Suggests. * Added LSB section to the init.d script. -- Alberto Gonzalez Iniesta Sat, 19 May 2007 17:48:23 +0200 openvpn (2.0.9-6) unstable; urgency=low * Fixed init.d script to avoid running multiple instances of the same VPN. Thanks Keith Kyzivat for pushing me into looking again into this issue. (Closes: #326080) * Included patch to README.Debian from Peter Rabbitson describing /etc/network/interfaces integration. (Closes: #413732) * Also included joeyh's suggestion on the previous subject. (Closes: 419797) * Avoid restarting a vpn instead of reloading it due to wrong detection of 'user' option in init.d script. Thanks Josip Rodin. (Closes: 403503) * Added Russian debconf translation. (Closes: #414088) Thanks Yuriy Talakan. * Built against liblzo2 instead of liblzo. (Closes: #423366) -- Alberto Gonzalez Iniesta Tue, 15 May 2007 23:53:26 +0200 openvpn (2.0.9-5) unstable; urgency=low * Added Galician debconf translation. (Closes: #412492) Thanks Jacobo Tarrio -- Alberto Gonzalez Iniesta Wed, 28 Feb 2007 00:36:14 +0100 openvpn (2.0.9-4) unstable; urgency=low * Updated Swedish debconf translation. (Closes: #407851) Thanks Andreas Henriksson -- Alberto Gonzalez Iniesta Sun, 21 Jan 2007 22:24:58 +0100 openvpn (2.0.9-3) unstable; urgency=low * Fixed type in Portuguese debconf translation. * debian/templates. Changed default value for init.d change question to false. (Closes: #403317) -- Alberto Gonzalez Iniesta Fri, 22 Dec 2006 19:36:05 +0100 openvpn (2.0.9-2) unstable; urgency=low * Updated Spanish debconf translation. (Closes: #393796) * Updated German debconf translation. (Closes: #397019) * Updated Japanese debconf translation. (Closes: #392627) * Added Italian debconf translation. (Closes: #398050) * Added Portuguese debconf translation. (Closes: #400685) -- Alberto Gonzalez Iniesta Fri, 8 Dec 2006 12:28:34 +0100 openvpn (2.0.9-1) unstable; urgency=low * New upstream release. No changes in *NIX source code. Updating to avoid 'New upstream, blah, blah'. * debian/control: Fixed spelling error in description (Closes: #390242) * debian/copyright: Updated project's homepage and author's email address. (Closes: #388466) * debian/copyright: Updated the FSF address. * Updated Dutch debconf translation. (Closes: #389982, 379802) Thanks Kurt De Bree * Updated Czech debconf translation. (Closes: #384755) Thanks Miroslav Kure -- Alberto Gonzalez Iniesta Tue, 10 Oct 2006 12:17:57 +0200 openvpn (2.0.7-1) unstable; urgency=low * The 'Translators, translators, translators' release. * New upstream version. * Added Dutch debconf translation. (Closes: #370073) Thanks Kurt De Bree * Updated Danish debconf translation. (Closes: #369772, #376704) Thanks Claus Hindsgaul * Updated French debconf translation. (Closes: #373191) Thanks Michel Grentzinger -- Alberto Gonzalez Iniesta Sat, 22 Jul 2006 20:44:52 +0200 openvpn (2.0.6-2) unstable; urgency=low * The "Mañana" Release. * debian/control: Added Suggests: openssl (Closes: #368256) * debian/postinst: Run the init.d script with 'start' when doing a fresh install or stop2upgrade=true. (Closes: #366085, #338956) * Updated Czech debconf translation (Closes: #333989) Thanks Miroslav Kure. * Bumped Standards-Version to 3.7.2.0, no change. * debian/rules: Avoid compressing 'pkitool' (Closes: #354478) * debian/templates: Corrected typo on init scripts order change. (Closes: #351664) * Updated German debconf translation (Closes: #345853) Thanks Erik Schanze. -- Alberto Gonzalez Iniesta Mon, 22 May 2006 03:08:10 +0200 openvpn (2.0.6-1) unstable; urgency=high * New upstream release. Urgency high due to security fix. - Disallow "setenv" to be pushed to clients from the server. (Closes: #360559) -- Alberto Gonzalez Iniesta Wed, 5 Apr 2006 12:17:26 +0200 openvpn (2.0.5-1) unstable; urgency=high * New upstream release. Urgency high due to security issues. - DoS vulnerability on the server in TCP mode. (CVE-2005-3409) (Closes: #337334) - Format string vulnerability in the foreign_option function in options.c could potentially allow a malicious or compromised server to execute arbitrary code on the client. (CVE-2005-3393) (Closes: #336751) -- Alberto Gonzalez Iniesta Mon, 7 Nov 2005 10:13:55 +0100 openvpn (2.0.2-2) unstable; urgency=low * debian/control: fix Depends on debconf. (Closes: #332056) * Bumped Standards-Version to 3.6.2.0, no change. * Updated Danish debconf translation. (Closes: #326907) * Updated French debconf translation. (Closes: #328076) * Added Swedish debconf translation. (Closes: #332785) -- Alberto Gonzalez Iniesta Sun, 9 Oct 2005 18:42:34 +0200 openvpn (2.0.2-1) unstable; urgency=low * The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :) * New upstream release (Closes: #323594) * Fixed use of backslash in username authentication. (Closes: #309787) * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532 CAN-2005-2533 CAN-2005-2534. (Closes: #324167) * Changed group option from 'nobody' to 'nogroup' in all the *example* files... (Closes: #317987) * Included openvpn-plugin.h to allow building third party plugins. (Closes: #316139) * Stop openvpn's daemon later to allow some services stopping later to use it. Added debconf template to ask permission to make the change on older installations. (Closes: #312371) * Workaround to fix proper daemonize when 'log' option is used. (Closes: #309944) Thanks Jason Lunz for the patch. * Modified output of init.d script to make it more friendly when passphrase for a tunnel certificate is asked. Thanks Pavel Vávra for the patch. -- Alberto Gonzalez Iniesta Sun, 28 Aug 2005 13:05:49 +0200 openvpn (2.0-4) unstable; urgency=low * The 'It was about time I could make a new upload' release * Rewrote some debconf templates (Closes: #316694). Thanks Clytie Siddall for the corrections. * Included Vietnamese debconf translation. (Closes: #316695) * debian/rules: exclude openssl.cnf from being compress. (Closes: #315764) -- Alberto Gonzalez Iniesta Wed, 6 Jul 2005 09:22:16 +0200 openvpn (2.0-3) unstable; urgency=low * postinst: call 'restart' when 'cond-restart' fails due to user not upgrading the init.d script. (Closes: #308926) -- Alberto Gonzalez Iniesta Sat, 28 May 2005 12:52:16 +0200 openvpn (2.0-2) unstable; urgency=low * Added '-f' to rm when deleting the status file. This eliminates the need to test if it exists and saves the init.d script from failing. (Closes: #306588) * Modified pam plugin to load libpam.so.0 instead of libpam.so. (Closes: #306335) -- Alberto Gonzalez Iniesta Wed, 4 May 2005 15:02:45 +0200 openvpn (2.0-1) unstable; urgency=low * The 'This-is-the-real-2.0' release * New upstream version. * openvpn.8: s/--/\\-\\-/g a.k.a escaped dashes to make it possible to search for options with UTF charsets. (Closes: #296133) * Improved init.d script output. (Closes: #297997) Thanks Thomas Hood for the patch. * debian/control. Rewrote Description: field. Now it's more useful and complete. (Closes: #304895) * init.d script: - Fixed restarting of multiple VPNs - Fixed TAB converted to spaces. - Remove status file on VPN stop - Respect 'status' option if given in the config file - New /etc/default/openvpn configuration file that allows control on which VPNs are automatically started and also controls status file refresh interval Thanks Philipp A. Hartmann for the nice patch. (Closes: #294332) * init.d script: Added cond-restart to only restart VPNs in use. postint: Call init.d script with cond-restart instead of restart. (Closes: #280464) * init.d script: change order of --config and --cd to permit nested 'configs'. (Closes: #299082) -- Alberto Gonzalez Iniesta Mon, 18 Apr 2005 09:07:05 +0200 openvpn (1.99+2.rc20-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Mon, 4 Apr 2005 23:05:23 +0200 openvpn (1.99+2.rc18-1) unstable; urgency=low * New upstream release (Closes: #301949) -- Alberto Gonzalez Iniesta Tue, 29 Mar 2005 12:56:42 +0200 openvpn (1.99+2.rc16-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Sun, 20 Feb 2005 20:24:25 +0100 openvpn (1.99+2.rc12-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Sun, 6 Feb 2005 11:49:44 +0100 openvpn (1.99+2.rc11-2) unstable; urgency=low * Added --enable-password-save to configure call to allow --askpass and --auth-user-pass passwords to be read from a file. -- Alberto Gonzalez Iniesta Thu, 3 Feb 2005 18:19:28 +0100 openvpn (1.99+2.rc11-1) unstable; urgency=low * New upstream release * Added --status line to init.d script (Closes: #293144) -- Alberto Gonzalez Iniesta Thu, 3 Feb 2005 09:28:06 +0100 openvpn (1.99+2.rc10-1) unstable; urgency=low * New upstream release * Updated pt_BR debconf translation (Closes: #292079) -- Alberto Gonzalez Iniesta Fri, 28 Jan 2005 14:44:42 +0100 openvpn (1.99+2.rc6-1) unstable; urgency=low * The 'Three Wise Men' release. * New upstream release. * Update README.Debian with comments on changed string remapping. Thanks ron@debian.org for noting this first. (Closes: #288669) -- Alberto Gonzalez Iniesta Wed, 5 Jan 2005 19:03:11 +0100 openvpn (1.99+2.beta19-1) unstable; urgency=low * New upstream release. * Updated README.Debian with info on plugins. -- Alberto Gonzalez Iniesta Sun, 5 Dec 2004 11:57:03 +0100 openvpn (1.99+2.beta18-2) unstable; urgency=low * Built and installed plugins. Thanks Michael Renner for noticing. (Closes: #284224) * Added Build-Depends on libpam0g-dev, required by auth-pam plugin. -- Alberto Gonzalez Iniesta Sun, 5 Dec 2004 10:19:45 +0100 openvpn (1.99+2.beta18-1) unstable; urgency=low * New upstream release. Corrects --mssfix behaviour (Closes: #280893) * Included Czech debconf translation. (Closes: #282995) -- Alberto Gonzalez Iniesta Mon, 29 Nov 2004 10:56:07 +0100 openvpn (1.99+2.beta17-2) unstable; urgency=low * Updated (German|Danish|French|Japanese) debconf translations. (Closes: #281235, #282095, #282216, #282881) -- Alberto Gonzalez Iniesta Wed, 24 Nov 2004 08:15:29 +0100 openvpn (1.99+2.beta17-1) unstable; urgency=low * New upstream version. Includes fix for the --key-method 1 bug. * WARNING: This version changes the default port (5000 previously) to 1194 (assigned by INANA). This will affect you if you don't have a 'port' option specified in your configuration files. Added a debconf note about it. * Updated es.po. -- Alberto Gonzalez Iniesta Fri, 12 Nov 2004 15:32:56 +0100 openvpn (1.99+2.beta16-2) unstable; urgency=low * Patched ssl.c to fix bug in --key-method 1, that prevented OpenVPN 2.x from working with 1.x using that method. Thanks James for the prompt answer & patch. Thanks weasel for finding it out. -- Alberto Gonzalez Iniesta Mon, 8 Nov 2004 11:59:12 +0100 openvpn (1.99+2.beta16-1) unstable; urgency=low * New upstream releases. Fixes the "Assertion failed at crypto.c" (Closes: #265632, #270005) -- Alberto Gonzalez Iniesta Sun, 7 Nov 2004 17:46:09 +0100 openvpn (1.99+2.beta15-5) unstable; urgency=low * Updated README.Debian with clearer 2.x vs 1.x interoperability instructions. -- Alberto Gonzalez Iniesta Sun, 7 Nov 2004 10:26:03 +0100 openvpn (1.99+2.beta15-4) unstable; urgency=low * Put if-{up,down}.d scripts back in place, this time they work. Just remember to quote shell vars when checking if they are empty. [ -n "$VAR" ] -> Good [ -n $VAR ] -> BAD Note to self, don't trust people's patches even if they are DD. -- Alberto Gonzalez Iniesta Thu, 4 Nov 2004 08:33:45 +0100 openvpn (1.99+2.beta15-3) unstable; urgency=low * Removed if-{up,down}.d scripts until I get to know how they work. -- Alberto Gonzalez Iniesta Wed, 3 Nov 2004 20:58:41 +0100 openvpn (1.99+2.beta15-2) unstable; urgency=low * Corrected names of if-{up,down}.d scripts. Duh! -- Alberto Gonzalez Iniesta Wed, 3 Nov 2004 10:21:52 +0100 openvpn (1.99+2.beta15-1) unstable; urgency=low * New upstream release. * Renamed package to 1.99 to make it clearer that we're using version 2.0 and not 1.6. Some people rather talk about this on IRC and not tell the maintainer directly. * Added Brazilian Portuguese debconf templates. (Closes: #279351) * Modified init.d script so that specifying a daemon option in a VPN configuration won't make it fail. Thanks Christoph Biedl for the patch. (Closes: #278302) * Added scripts to allow specifying 'openvpn name' in /etc/network/interfaces to have the tunnel created and destroyed with the device it runs over. Thanks Joachim Breitner for the patch. (Closes: #273481) * Modified init.d script so that multiple VPNs can be started or stopped with a single command. (See README.Debian) -- Alberto Gonzalez Iniesta Tue, 2 Nov 2004 12:49:41 +0100 openvpn (1.6.0+2.beta14-1) unstable; urgency=low * New upstream release. -- Alberto Gonzalez Iniesta Wed, 20 Oct 2004 09:13:09 +0200 openvpn (1.6.0+2.beta12-1) unstable; urgency=low * New upstream release. * Added comments about compatibility issues between openvpn 2.x and 1.x to README.Debian (Closes: #276799) * Changed maintainer email address. -- Alberto Gonzalez Iniesta Mon, 18 Oct 2004 09:01:23 +0200 openvpn (1.6.0+2.beta11-1) unstable; urgency=low * New upstream release. (Closes: #269631) * I decided to get OpenVPN 2 into sid, and hopefully into Sarge since the current beta works pretty well and adds important features I don't want missing in Sarge. * Updated README.Debian -- Alberto Gonzalez Iniesta Fri, 15 Oct 2004 11:52:58 +0200 openvpn (1.6.0-5) unstable; urgency=low * Added German and Japanese debconf templates. (Closes: #266927, #270477) -- Alberto Gonzalez Iniesta Fri, 10 Sep 2004 08:31:54 +0200 openvpn (1.6.0-4) unstable; urgency=low * Updated French and Danish debconf templates (Closes: #254064, #256053) -- Alberto Gonzalez Iniesta Mon, 28 Jun 2004 09:51:44 +0200 openvpn (1.6.0-3) unstable; urgency=low * Included Catalan debconf templates. (Closes: #248750) Thanks Aleix Badia i Bosch. * Added debconf question on whether the daemon should be stopped at the begining of and upgrade or not. Thus being more reliable on remote upgrades. (Closes: #250558) -- Alberto Gonzalez Iniesta Thu, 10 Jun 2004 15:59:39 +0200 openvpn (1.6.0-2) unstable; urgency=low * Recover init.d modification suggested by Kai Henningsen to get different syslog names for each VPN. How the fuck did that get lost? -- Alberto Gonzalez Iniesta Fri, 28 May 2004 16:51:04 +0200 openvpn (1.6.0-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Mon, 10 May 2004 08:59:37 +0200 openvpn (1.5.0-3) unstable; urgency=low * Included Danish debconf template. Thanks Claus Hindsgau. (Closes: #234944) -- Alberto Gonzalez Iniesta Tue, 9 Mar 2004 16:36:33 +0100 openvpn (1.5.0-2) unstable; urgency=low * Modified init.d script to permit different syslog names for each VPN. Thanks Kai Henningsen for the tip. (Closes: #227376) * Moved 'verify-cn' script to /usr to make weasel happier ;) (Closes: #221995) * Moved to gettext-based debconf templated. Added French translation. Thanks Michel Grentzinger for the patches. (Closes: #219015, #219016) * Fixed spanish translation that was a complete mess. (Closes: Fri-Sun) -- Alberto Gonzalez Iniesta Thu, 15 Jan 2004 18:08:24 +0100 openvpn (1.5.0-1) unstable; urgency=low * New upstream release * Moved to debhelper compatibility 4. Created debian/compat. -- Alberto Gonzalez Iniesta Sat, 22 Nov 2003 18:18:50 +0100 openvpn (1.4.3-3) unstable; urgency=low * Added quotes around $2 in dpkg --compare-versions (config and postinst) and check if $2 actually has a value. This way it won't fail if $2 is not set. Duh! (Closes: #214848) -- Alberto Gonzalez Iniesta Thu, 9 Oct 2003 11:01:31 +0200 openvpn (1.4.3-2) unstable; urgency=low * Moved initscripts sequence number to S16 from S20. This will make openvpn start earlier and be ready for other services. (Closes: #209225) * Added Depends: on debconf, it's used in the maintainer's scripts now. * Added debconf template to ask for the creation of the TUN/TAP device node. (Closes: #211198) -- Alberto Gonzalez Iniesta Thu, 2 Oct 2003 21:39:46 +0200 openvpn (1.4.3-1) unstable; urgency=low * New upstream release * Bumped Standards-Version to 3.6.1.0, no change. * Patched init.d script to support single vpn stop/start/restart. Thanks to Richard Mueller and Norbert Tretkowski (Closes: #204100) -- Alberto Gonzalez Iniesta Tue, 30 Sep 2003 20:04:37 +0200 openvpn (1.4.1.4-1) unstable; urgency=low * New upstream release. Backed out --dev-name patch, modified --dev to offer equivalent functionality (Closes: #194910) * Updated README.Debian. Thanks to John R. Shearer -- Alberto Gonzalez Iniesta Tue, 17 Jun 2003 11:08:17 +0200 openvpn (1.4.1-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Fri, 16 May 2003 17:14:41 +0200 openvpn (1.4.0-2) unstable; urgency=low * Patch from James Yonan to use 2.2.x TUN interface if 2.4.x fails. (Closes: #182020) -- Alberto Gonzalez Iniesta Sun, 11 May 2003 10:24:51 +0200 openvpn (1.4.0-1) unstable; urgency=low * New upstream release (Closes: #179551) * Re-enabled liblzo support. LZO's author made an exception in LZO's license that permits OpenVPN to use LZO and OpenSSL. See copyright file. -- Alberto Gonzalez Iniesta Thu, 8 May 2003 09:21:53 +0200 openvpn (1.3.2-3) unstable; urgency=low * Removed executable permissions from generated secret files. (Closes: #178849) -- Alberto Gonzalez Iniesta Thu, 6 Feb 2003 10:04:11 +0100 openvpn (1.3.2-2) unstable; urgency=low * Disabled liblzo1 support to fix license issues with Openssl. (Closes: #177497) * Bumped Standards-Version to 3.5.8, no change. -- Alberto Gonzalez Iniesta Mon, 20 Jan 2003 16:09:16 +0100 openvpn (1.3.2-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Mon, 28 Oct 2002 14:22:10 +0100 openvpn (1.3.0-2) unstable; urgency=low * Modified init.d script so it's not dependent on bash. (Closes: #161525) -- Alberto Gonzalez Iniesta Sat, 21 Sep 2002 12:23:46 +0200 openvpn (1.3.0-1) unstable; urgency=low * New upstream release -- Alberto Gonzalez Iniesta Wed, 10 Jul 2002 12:50:50 +0200 openvpn (1.2.1-1) unstable; urgency=low * New upstream release * Added init.d script -- Alberto Gonzalez Iniesta Fri, 21 Jun 2002 14:05:42 +0200 openvpn (1.2.0-2) unstable; urgency=low * Modified configure(.ac) pthread library handling to work with GCC 3.0. Thanks to Lamont Jones for the patch. (Closes: #148120) -- Alberto Gonzalez Iniesta Sat, 25 May 2002 11:41:59 +0200 openvpn (1.2.0-1) unstable; urgency=low * Initial Release. (Closes: #140463) -- Alberto Gonzalez Iniesta Thu, 23 May 2002 11:00:37 +0200