Merge tag 'debian/2.4.7-1' into stretch-backports

openvpn Debian release 2.4.7-1

1 files changed, 77 insertions, 24 deletions

diff --git a/debian/changelog b/debian/changelog
index 91bcf9e..f676f8d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,14 +1,68 @@
-openvpn (2.4.4-2~bpo9+1) stretch-backports; urgency=medium
+openvpn (2.4.7-1) unstable; urgency=medium
 
-  * Rebuild for stretch-backports.
-    - Revert to OpenSSL 1.0.2, libpkcs11-helper1-dev is not compatible
-      with OpenSSL 1.1.0 in stretch
+  [ Bernhard Schmidt ]
+  * New upstream version 2.4.7
+    - improvements regarding TLSv1.3
+    - Add CAP_AUDIT_WRITE for auth_pam for upstream units (Closes: #868806)
+  * adjust kfreebsd_support.patch for new upstream version
+  * Also Add CAP_AUDIT_WRITE for auth_pam for openvpn@.service (Closes: #868806)
+  * openvpn@.service: Bump LimitNPROC to 100, see #861923
+
+  [ Simon Deziel ]
+  * d/control: suggests openvpn-systemd-resolved (Closes: #913265)
+
+  [ Hilko Bengen ]
+  * Avoid hangs when spawning child processes by not setting pkcs11-helper
+    "safe fork mode" (Closes: #772812, #900805, #907452)
 
- -- Bernhard Schmidt <berni@debian.org>  Sat, 30 Dec 2017 22:21:24 +0100
+ -- Bernhard Schmidt <berni@debian.org>  Wed, 20 Feb 2019 14:50:03 +0100
+
+openvpn (2.4.6-1) unstable; urgency=medium
+
+  [ Jörg Frings-Fürst ]
+  * New upstream release.
+    - Refresh patches.
+    - Fix "does not start if link-mtu is too low" (Closes: #867113).
+    - Fix "auth-tokens are purged if auth-nocache is set" (Closes: #883601).
+  * Migrate to debhelper 11:
+    - Change debian/compat to 11.
+    - Bump minimum debhelper version in debian/control to >= 11.
+  * Declare compliance with Debian Policy 4.1.5 (No changes needed).
+  * New debian/patches/spelling_errors.patch to correct spelling errors.
+  * New debian/patches/systemd.patch to remove obsolete syslog.target.
+  * debian/changelog:
+    - Rewrite to DEP5 copyright format.
+  * debian/control:
+    - Change to my new email address.
+    - Remove trailing whitespaces.
+  * debian/rules:
+    - Remove trailing whitespaces.
+    - Replace outdated dh_installsystemd with dh_systemd_start.
+    - Remove usr/share/doc/openvpn/COPYING.
+    - Replace rm -f with $(RM).
+  * debian/update-resolv-conf:
+    - Fix "preserve order of pushed parameters" (Closes: #807808).
+      Thanks to Thibaut Chèze.
+    - Add syslog message if used without binary resolvconf (Closes: #895135).
+      Thanks to Roger Price <debian@rogerprice.org>.
+  * debian/watch:
+    - Use secure URI.
+  * Remove obsolete debian/openvpn.lintian-overrides.
+  * New README.source to explain the branching model used.
+
+ -- Jörg Frings-Fürst <debian@jff.email>  Mon, 30 Jul 2018 14:08:13 +0200
+
+openvpn (2.4.5-1) unstable; urgency=medium
+
+  * New upstream version 2.4.5 (Closes: #873302)
+  * Fix wrong Bug# in previous changelog
+  * Change Vcs-* to salsa (gitlab)
+
+ -- Bernhard Schmidt <berni@debian.org>  Sun, 04 Mar 2018 22:23:47 +0100
 
 openvpn (2.4.4-2) unstable; urgency=medium
 
-  * Build against OpenSSL 1.1.0 (Closes: #828447)
+  * Build against OpenSSL 1.1.0 (Closes: #828477)
   * Bump Standards-Version to 4.1.2, no changes necessary
 
  -- Bernhard Schmidt <berni@debian.org>  Mon, 11 Dec 2017 00:22:11 +0100
@@ -97,7 +151,7 @@ openvpn (2.4.3-1) unstable; urgency=high
     - CVE-2017-7521
     - CVE-2017-7522
   * Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins
-  * debian/rules: 
+  * debian/rules:
     - Remove obsolete options to configure script (enable-password-save,
       with-plugindir (now in ENV_VARS))
     - No need to install upstream's systemd unit files from debian/rules
@@ -270,7 +324,7 @@ openvpn (2.3.7-1) unstable; urgency=medium
 openvpn (2.3.5-1) unstable; urgency=medium
 
   * New upstream release. Removed patches applied upstream:
-    client_connect_tmp_files.patch 
+    client_connect_tmp_files.patch
     better_systemd_detection.patch
   * Add Build-Depends on libsystemd-daemon-dev.
 
@@ -519,7 +573,7 @@ openvpn (2.2.0-2) unstable; urgency=low
 openvpn (2.2.0-1) experimental; urgency=low
 
   * New upstream release (Closes: #625281)
-  * Removed Depends on open(ssl|vpn)-blacklist, since 
+  * Removed Depends on open(ssl|vpn)-blacklist, since
     debian_openssl_vulnkeys.patch is no longer used.
     Removed templates referring it too.
   * Removed manpage_dash_escaping.patch, applied upstream
@@ -812,7 +866,7 @@ openvpn (2.1~rc7-2) unstable; urgency=high
   * init.c: Warn of use of known vulnerable weak SSL/TLS
     and shared secret keys caused by Debian openssl bug.
     Patch taken from Ubuntu. CVE-2008-0166
-  * debian/(templates|postinst): Add warning on vulnerable 
+  * debian/(templates|postinst): Add warning on vulnerable
     secrect/key files.
   * debian/control: Add dependencies on openssl-blacklist and
     openvpn-blacklist. Bumped dependency on libssl version.
@@ -902,7 +956,7 @@ openvpn (2.0.9-6) unstable; urgency=low
     /etc/network/interfaces integration. (Closes: #413732)
   * Also included joeyh's suggestion on the previous subject.
     (Closes: 419797)
-  * Avoid restarting a vpn instead of reloading it due to wrong 
+  * Avoid restarting a vpn instead of reloading it due to wrong
     detection of 'user' option in init.d script. Thanks Josip Rodin.
     (Closes: 403503)
   * Added Russian debconf translation. (Closes: #414088)
@@ -980,7 +1034,7 @@ openvpn (2.0.6-2) unstable; urgency=low
     a fresh install or stop2upgrade=true. (Closes: #366085, #338956)
   * Updated Czech debconf translation (Closes: #333989)
     Thanks Miroslav Kure.
-  * Bumped Standards-Version to 3.7.2.0, no change. 
+  * Bumped Standards-Version to 3.7.2.0, no change.
   * debian/rules: Avoid compressing 'pkitool' (Closes: #354478)
   * debian/templates: Corrected typo on init scripts order change.
     (Closes: #351664)
@@ -1024,9 +1078,9 @@ openvpn (2.0.2-1) unstable; urgency=low
   * The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :)
   * New upstream release (Closes: #323594)
   * Fixed use of backslash in username authentication. (Closes: #309787)
-  * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532 
+  * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532
     CAN-2005-2533 CAN-2005-2534. (Closes: #324167)
-  * Changed group option from 'nobody' to 'nogroup' in all the 
+  * Changed group option from 'nobody' to 'nogroup' in all the
     *example* files... (Closes: #317987)
   * Included openvpn-plugin.h to allow building third party plugins.
     (Closes: #316139)
@@ -1079,7 +1133,7 @@ openvpn (2.0-1) unstable; urgency=low
     Thanks Thomas Hood for the patch.
   * debian/control. Rewrote Description: field.
     Now it's more useful and complete. (Closes: #304895)
-  * init.d script: 
+  * init.d script:
      - Fixed restarting of multiple VPNs
      - Fixed TAB converted to spaces.
      - Remove status file on VPN stop
@@ -1122,7 +1176,7 @@ openvpn (1.99+2.rc12-1) unstable; urgency=low
 
 openvpn (1.99+2.rc11-2) unstable; urgency=low
 
-  * Added --enable-password-save to configure call to allow 
+  * Added --enable-password-save to configure call to allow
     --askpass and --auth-user-pass passwords to be read from a file.
 
  -- Alberto Gonzalez Iniesta <agi@inittab.org>  Thu,  3 Feb 2005 18:19:28 +0100
@@ -1192,7 +1246,7 @@ openvpn (1.99+2.beta17-1) unstable; urgency=low
 
 openvpn (1.99+2.beta16-2) unstable; urgency=low
 
-  * Patched ssl.c to fix bug in --key-method 1, that prevented 
+  * Patched ssl.c to fix bug in --key-method 1, that prevented
     OpenVPN 2.x from working with 1.x using that method.
     Thanks James for the prompt answer & patch.
     Thanks weasel for finding it out.
@@ -1242,7 +1296,7 @@ openvpn (1.99+2.beta15-1) unstable; urgency=low
     and not tell the maintainer directly.
   * Added Brazilian Portuguese debconf templates. (Closes: #279351)
   * Modified init.d script so that specifying a daemon option in a
-    VPN configuration won't make it fail. 
+    VPN configuration won't make it fail.
     Thanks Christoph Biedl for the patch. (Closes: #278302)
   * Added scripts to allow specifying 'openvpn name' in
     /etc/network/interfaces to have the tunnel created and destroyed with
@@ -1356,7 +1410,7 @@ openvpn (1.4.3-2) unstable; urgency=low
   * Moved initscripts sequence number to S16 from S20. This will make
     openvpn start earlier and be ready for other services. (Closes: #209225)
   * Added Depends: on debconf, it's used in the maintainer's scripts now.
-  * Added debconf template to ask for the creation of the TUN/TAP device 
+  * Added debconf template to ask for the creation of the TUN/TAP device
     node. (Closes: #211198)
 
  -- Alberto Gonzalez Iniesta <agi@agi.as>  Thu,  2 Oct 2003 21:39:46 +0200
@@ -1364,7 +1418,7 @@ openvpn (1.4.3-2) unstable; urgency=low
 openvpn (1.4.3-1) unstable; urgency=low
 
   * New upstream release
-  * Bumped Standards-Version to 3.6.1.0, no change. 
+  * Bumped Standards-Version to 3.6.1.0, no change.
   * Patched init.d script to support single vpn stop/start/restart.
     Thanks to Richard Mueller and Norbert Tretkowski (Closes: #204100)
 
@@ -1395,7 +1449,7 @@ openvpn (1.4.0-2) unstable; urgency=low
 openvpn (1.4.0-1) unstable; urgency=low
 
   * New upstream release (Closes: #179551)
-  * Re-enabled liblzo support. LZO's author made an exception in LZO's 
+  * Re-enabled liblzo support. LZO's author made an exception in LZO's
     license that permits OpenVPN to use LZO and OpenSSL. See copyright
     file.
 
@@ -1410,9 +1464,9 @@ openvpn (1.3.2-3) unstable; urgency=low
 
 openvpn (1.3.2-2) unstable; urgency=low
 
-  * Disabled liblzo1 support to fix license issues with Openssl. 
+  * Disabled liblzo1 support to fix license issues with Openssl.
     (Closes: #177497)
-  * Bumped Standards-Version to 3.5.8, no change. 
+  * Bumped Standards-Version to 3.5.8, no change.
 
  -- Alberto Gonzalez Iniesta <agi@agi.as>  Mon, 20 Jan 2003 16:09:16 +0100
 
@@ -1453,4 +1507,3 @@ openvpn (1.2.0-1) unstable; urgency=low
   * Initial Release. (Closes: #140463)
 
  -- Alberto Gonzalez Iniesta <agi@agi.as>  Thu, 23 May 2002 11:00:37 +0200
-