diff options
author | Bernhard Schmidt <berni@debian.org> | 2019-03-07 21:38:56 +0100 |
---|---|---|
committer | Bernhard Schmidt <berni@debian.org> | 2019-03-07 21:38:56 +0100 |
commit | cfcec33bd88faeb354a33bd5f8052486ac848f9a (patch) | |
tree | 8e1ace9a34f5ee12b34416b02d514da67d54c907 /debian | |
parent | 7486cf05cdeb6996fdf249e5a2f15d93a47dbac1 (diff) | |
parent | a351f71e82badcc71a2ce881bbb97eccfcebc06b (diff) |
Merge tag 'debian/2.4.7-1' into stretch-backports
openvpn Debian release 2.4.7-1
Diffstat (limited to 'debian')
-rw-r--r-- | debian/README.source | 18 | ||||
-rw-r--r-- | debian/changelog | 101 | ||||
-rw-r--r-- | debian/compat | 2 | ||||
-rw-r--r-- | debian/control | 16 | ||||
-rw-r--r-- | debian/copyright | 342 | ||||
-rw-r--r-- | debian/gbp.conf | 2 | ||||
-rw-r--r-- | debian/openvpn.lintian-overrides | 4 | ||||
-rw-r--r-- | debian/openvpn@.service | 4 | ||||
-rw-r--r-- | debian/patches/auth-pam_libpam_so_filename.patch | 8 | ||||
-rw-r--r-- | debian/patches/fix-pkcs11-helper-hang.patch | 13 | ||||
-rw-r--r-- | debian/patches/kfreebsd_support.patch | 56 | ||||
-rw-r--r-- | debian/patches/openvpn-pkcs11warn.patch | 8 | ||||
-rw-r--r-- | debian/patches/series | 3 | ||||
-rw-r--r-- | debian/patches/spelling_errors.patch | 53 | ||||
-rw-r--r-- | debian/patches/systemd.patch | 29 | ||||
-rwxr-xr-x | debian/rules | 16 | ||||
-rw-r--r-- | debian/update-resolv-conf | 9 | ||||
-rw-r--r-- | debian/watch | 4 |
18 files changed, 562 insertions, 126 deletions
diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..b286c8f --- /dev/null +++ b/debian/README.source @@ -0,0 +1,18 @@ +Hello, + +now I use the branching model from Vincent Driessen[1]. + +I use the gitflow-avh[2]. with the Documentation[3]. +The Debian package can be found here[4]. + +Please upload unattended uploads use a branch feature/<your title>. + + +Many thanks. + + -- Jörg Frings-Fürst <debian@jff.email> Sun, 29 Jul 2018 13:59:15 +0200 + +[1] http://nvie.com/posts/a-successful-git-branching-model/ +[2] https://github.com/petervanderdoes/gitflow-avh +[3] https://github.com/petervanderdoes/gitflow-avh/wiki +[4] https://tracker.debian.org/pkg/git-flow diff --git a/debian/changelog b/debian/changelog index 91bcf9e..f676f8d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,14 +1,68 @@ -openvpn (2.4.4-2~bpo9+1) stretch-backports; urgency=medium +openvpn (2.4.7-1) unstable; urgency=medium - * Rebuild for stretch-backports. - - Revert to OpenSSL 1.0.2, libpkcs11-helper1-dev is not compatible - with OpenSSL 1.1.0 in stretch + [ Bernhard Schmidt ] + * New upstream version 2.4.7 + - improvements regarding TLSv1.3 + - Add CAP_AUDIT_WRITE for auth_pam for upstream units (Closes: #868806) + * adjust kfreebsd_support.patch for new upstream version + * Also Add CAP_AUDIT_WRITE for auth_pam for openvpn@.service (Closes: #868806) + * openvpn@.service: Bump LimitNPROC to 100, see #861923 + + [ Simon Deziel ] + * d/control: suggests openvpn-systemd-resolved (Closes: #913265) + + [ Hilko Bengen ] + * Avoid hangs when spawning child processes by not setting pkcs11-helper + "safe fork mode" (Closes: #772812, #900805, #907452) - -- Bernhard Schmidt <berni@debian.org> Sat, 30 Dec 2017 22:21:24 +0100 + -- Bernhard Schmidt <berni@debian.org> Wed, 20 Feb 2019 14:50:03 +0100 + +openvpn (2.4.6-1) unstable; urgency=medium + + [ Jörg Frings-Fürst ] + * New upstream release. + - Refresh patches. + - Fix "does not start if link-mtu is too low" (Closes: #867113). + - Fix "auth-tokens are purged if auth-nocache is set" (Closes: #883601). + * Migrate to debhelper 11: + - Change debian/compat to 11. + - Bump minimum debhelper version in debian/control to >= 11. + * Declare compliance with Debian Policy 4.1.5 (No changes needed). + * New debian/patches/spelling_errors.patch to correct spelling errors. + * New debian/patches/systemd.patch to remove obsolete syslog.target. + * debian/changelog: + - Rewrite to DEP5 copyright format. + * debian/control: + - Change to my new email address. + - Remove trailing whitespaces. + * debian/rules: + - Remove trailing whitespaces. + - Replace outdated dh_installsystemd with dh_systemd_start. + - Remove usr/share/doc/openvpn/COPYING. + - Replace rm -f with $(RM). + * debian/update-resolv-conf: + - Fix "preserve order of pushed parameters" (Closes: #807808). + Thanks to Thibaut Chèze. + - Add syslog message if used without binary resolvconf (Closes: #895135). + Thanks to Roger Price <debian@rogerprice.org>. + * debian/watch: + - Use secure URI. + * Remove obsolete debian/openvpn.lintian-overrides. + * New README.source to explain the branching model used. + + -- Jörg Frings-Fürst <debian@jff.email> Mon, 30 Jul 2018 14:08:13 +0200 + +openvpn (2.4.5-1) unstable; urgency=medium + + * New upstream version 2.4.5 (Closes: #873302) + * Fix wrong Bug# in previous changelog + * Change Vcs-* to salsa (gitlab) + + -- Bernhard Schmidt <berni@debian.org> Sun, 04 Mar 2018 22:23:47 +0100 openvpn (2.4.4-2) unstable; urgency=medium - * Build against OpenSSL 1.1.0 (Closes: #828447) + * Build against OpenSSL 1.1.0 (Closes: #828477) * Bump Standards-Version to 4.1.2, no changes necessary -- Bernhard Schmidt <berni@debian.org> Mon, 11 Dec 2017 00:22:11 +0100 @@ -97,7 +151,7 @@ openvpn (2.4.3-1) unstable; urgency=high - CVE-2017-7521 - CVE-2017-7522 * Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins - * debian/rules: + * debian/rules: - Remove obsolete options to configure script (enable-password-save, with-plugindir (now in ENV_VARS)) - No need to install upstream's systemd unit files from debian/rules @@ -270,7 +324,7 @@ openvpn (2.3.7-1) unstable; urgency=medium openvpn (2.3.5-1) unstable; urgency=medium * New upstream release. Removed patches applied upstream: - client_connect_tmp_files.patch + client_connect_tmp_files.patch better_systemd_detection.patch * Add Build-Depends on libsystemd-daemon-dev. @@ -519,7 +573,7 @@ openvpn (2.2.0-2) unstable; urgency=low openvpn (2.2.0-1) experimental; urgency=low * New upstream release (Closes: #625281) - * Removed Depends on open(ssl|vpn)-blacklist, since + * Removed Depends on open(ssl|vpn)-blacklist, since debian_openssl_vulnkeys.patch is no longer used. Removed templates referring it too. * Removed manpage_dash_escaping.patch, applied upstream @@ -812,7 +866,7 @@ openvpn (2.1~rc7-2) unstable; urgency=high * init.c: Warn of use of known vulnerable weak SSL/TLS and shared secret keys caused by Debian openssl bug. Patch taken from Ubuntu. CVE-2008-0166 - * debian/(templates|postinst): Add warning on vulnerable + * debian/(templates|postinst): Add warning on vulnerable secrect/key files. * debian/control: Add dependencies on openssl-blacklist and openvpn-blacklist. Bumped dependency on libssl version. @@ -902,7 +956,7 @@ openvpn (2.0.9-6) unstable; urgency=low /etc/network/interfaces integration. (Closes: #413732) * Also included joeyh's suggestion on the previous subject. (Closes: 419797) - * Avoid restarting a vpn instead of reloading it due to wrong + * Avoid restarting a vpn instead of reloading it due to wrong detection of 'user' option in init.d script. Thanks Josip Rodin. (Closes: 403503) * Added Russian debconf translation. (Closes: #414088) @@ -980,7 +1034,7 @@ openvpn (2.0.6-2) unstable; urgency=low a fresh install or stop2upgrade=true. (Closes: #366085, #338956) * Updated Czech debconf translation (Closes: #333989) Thanks Miroslav Kure. - * Bumped Standards-Version to 3.7.2.0, no change. + * Bumped Standards-Version to 3.7.2.0, no change. * debian/rules: Avoid compressing 'pkitool' (Closes: #354478) * debian/templates: Corrected typo on init scripts order change. (Closes: #351664) @@ -1024,9 +1078,9 @@ openvpn (2.0.2-1) unstable; urgency=low * The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :) * New upstream release (Closes: #323594) * Fixed use of backslash in username authentication. (Closes: #309787) - * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532 + * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532 CAN-2005-2533 CAN-2005-2534. (Closes: #324167) - * Changed group option from 'nobody' to 'nogroup' in all the + * Changed group option from 'nobody' to 'nogroup' in all the *example* files... (Closes: #317987) * Included openvpn-plugin.h to allow building third party plugins. (Closes: #316139) @@ -1079,7 +1133,7 @@ openvpn (2.0-1) unstable; urgency=low Thanks Thomas Hood for the patch. * debian/control. Rewrote Description: field. Now it's more useful and complete. (Closes: #304895) - * init.d script: + * init.d script: - Fixed restarting of multiple VPNs - Fixed TAB converted to spaces. - Remove status file on VPN stop @@ -1122,7 +1176,7 @@ openvpn (1.99+2.rc12-1) unstable; urgency=low openvpn (1.99+2.rc11-2) unstable; urgency=low - * Added --enable-password-save to configure call to allow + * Added --enable-password-save to configure call to allow --askpass and --auth-user-pass passwords to be read from a file. -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 3 Feb 2005 18:19:28 +0100 @@ -1192,7 +1246,7 @@ openvpn (1.99+2.beta17-1) unstable; urgency=low openvpn (1.99+2.beta16-2) unstable; urgency=low - * Patched ssl.c to fix bug in --key-method 1, that prevented + * Patched ssl.c to fix bug in --key-method 1, that prevented OpenVPN 2.x from working with 1.x using that method. Thanks James for the prompt answer & patch. Thanks weasel for finding it out. @@ -1242,7 +1296,7 @@ openvpn (1.99+2.beta15-1) unstable; urgency=low and not tell the maintainer directly. * Added Brazilian Portuguese debconf templates. (Closes: #279351) * Modified init.d script so that specifying a daemon option in a - VPN configuration won't make it fail. + VPN configuration won't make it fail. Thanks Christoph Biedl for the patch. (Closes: #278302) * Added scripts to allow specifying 'openvpn name' in /etc/network/interfaces to have the tunnel created and destroyed with @@ -1356,7 +1410,7 @@ openvpn (1.4.3-2) unstable; urgency=low * Moved initscripts sequence number to S16 from S20. This will make openvpn start earlier and be ready for other services. (Closes: #209225) * Added Depends: on debconf, it's used in the maintainer's scripts now. - * Added debconf template to ask for the creation of the TUN/TAP device + * Added debconf template to ask for the creation of the TUN/TAP device node. (Closes: #211198) -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 2 Oct 2003 21:39:46 +0200 @@ -1364,7 +1418,7 @@ openvpn (1.4.3-2) unstable; urgency=low openvpn (1.4.3-1) unstable; urgency=low * New upstream release - * Bumped Standards-Version to 3.6.1.0, no change. + * Bumped Standards-Version to 3.6.1.0, no change. * Patched init.d script to support single vpn stop/start/restart. Thanks to Richard Mueller and Norbert Tretkowski (Closes: #204100) @@ -1395,7 +1449,7 @@ openvpn (1.4.0-2) unstable; urgency=low openvpn (1.4.0-1) unstable; urgency=low * New upstream release (Closes: #179551) - * Re-enabled liblzo support. LZO's author made an exception in LZO's + * Re-enabled liblzo support. LZO's author made an exception in LZO's license that permits OpenVPN to use LZO and OpenSSL. See copyright file. @@ -1410,9 +1464,9 @@ openvpn (1.3.2-3) unstable; urgency=low openvpn (1.3.2-2) unstable; urgency=low - * Disabled liblzo1 support to fix license issues with Openssl. + * Disabled liblzo1 support to fix license issues with Openssl. (Closes: #177497) - * Bumped Standards-Version to 3.5.8, no change. + * Bumped Standards-Version to 3.5.8, no change. -- Alberto Gonzalez Iniesta <agi@agi.as> Mon, 20 Jan 2003 16:09:16 +0100 @@ -1453,4 +1507,3 @@ openvpn (1.2.0-1) unstable; urgency=low * Initial Release. (Closes: #140463) -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 23 May 2002 11:00:37 +0200 - diff --git a/debian/compat b/debian/compat index f599e28..b4de394 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -10 +11 diff --git a/debian/control b/debian/control index 223ddc8..8f48a74 100644 --- a/debian/control +++ b/debian/control @@ -2,9 +2,9 @@ Source: openvpn Section: net Priority: optional Maintainer: Bernhard Schmidt <berni@debian.org> -Uploaders: Jörg Frings-Fürst <debian@jff-webhosting.net> +Uploaders: Jörg Frings-Fürst <debian@jff.email> Build-Depends: - debhelper (>= 10), + debhelper (>= 11), dpkg-dev (>= 1.16.1), iproute2 [linux-any], liblz4-dev, @@ -16,14 +16,14 @@ Build-Depends: net-tools [!linux-any], pkg-config, systemd [linux-any] -Standards-Version: 4.1.2 +Standards-Version: 4.1.5 Homepage: https://openvpn.net/ -Vcs-Git: https://anonscm.debian.org/git/collab-maint/openvpn.git -Vcs-Browser: https://anonscm.debian.org/git/collab-maint/openvpn.git +Vcs-Git: https://salsa.debian.org/debian/openvpn.git +Vcs-Browser: https://salsa.debian.org/debian/openvpn Package: openvpn Architecture: any -Depends: +Depends: debconf | debconf-2.0, ${shlibs:Depends}, ${misc:Depends}, @@ -32,7 +32,8 @@ Depends: lsb-base (>= 3.0-6) Suggests: openssl, - resolvconf + resolvconf, + openvpn-systemd-resolved Recommends: easy-rsa Description: virtual private network daemon OpenVPN is an application to securely tunnel IP networks over a @@ -46,4 +47,3 @@ Description: virtual private network daemon OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It also supports VPNs with dynamic endpoints (DHCP or dial-up clients), tunnels over NAT or connection-oriented stateful firewalls (such as Linux's iptables). - diff --git a/debian/copyright b/debian/copyright index bb0313c..a87a863 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,47 +1,321 @@ -This package was debianized by Alberto Gonzalez Iniesta <agi@agi.as> on -Tue, 2 Apr 2002 12:24:50 +0200. +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: OpenVPN +Upstream-Contact: OpenVPN Solutions LLC <info@openvpn.net> +Source: https://openvpn.net/ -It was downloaded from http://www.openvpn.net +Files: * +Copyright: 2002-2018 OpenVPN Inc <sales@openvpn.net> +License: GPL-2 with OpenSSL exception -Upstream Author: James Yonan <jim@yonan.net> +Files: aclocal.m4 + compile + config.guess + config.sub + configure + depcomp + ltmain.sh + missing + m4/libtool.m4 + m4/ltversion.m4 +Copyright: 1994-2015 Free Software Foundation, Inc. +License: GPL-2+ -Copyright: (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net> +Files: */Makefile.* +Copyright: 1994-2015 Free Software Foundation, Inc. + 2002-2018 OpenVPN Inc <sales@openvpn.net> + 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com> +License: GPL-2 - This package is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 dated June, 1991. +Files: src/openvpn/crypto.* + src/openvpn/crypto_*.* + src/openvpn/pkcs11_*.* + src/openvpn/ssl* + src/openvpn/tls_* + src/openvpn/openssl_compat.h + tests/unit_tests/openvpn/* +Copyright: 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com> +License: GPL-2 - This package is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. +Files: build/ltrc.inc + build/msvc/msvc-generate/Makefile.mak +Copyright: 2008-2012 Alon Bar-Lev <alon.barlev@gmail.com> +License: GPL-2 - You should have received a copy of the GNU General Public License - along with this package; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, - MA 02110-1301, USA. +Files: build/msvc/msvc-generate/msvc-generate.js +Copyright: 2008-2012 Alon Bar-Lev <alon.barlev@gmail.com> +License: BSD-3 -On Debian GNU/Linux systems, the complete text of the GNU General -Public License can be found in `/usr/share/common-licenses/GPL-2'. +Files: sample/sample-plugins/log/log_v3.c + src/compat/compat-basename.c + src/compat/compat-daemon.c + src/compat/compat-dirname.c + src/compat/compat-inet_ntop.c + src/compat/compat-inet_pton.c + src/compat/compat.h + src/openvpn/console.c + src/openvpn/console.h + src/openvpn/console_builtin.c + src/openvpn/console_systemd.c + src/openvpn/console_systemd.c + src/openvpn/misc.c + src/openvpn/options.c + src/openvpn/ssl.c + src/plugins/down-root/down-root.c +Copyright: 2010-2016 David Sommerseth <davids@redhat.com> +License: GPL-2 - In addition, as a special exception, James Yonan gives - permission to link the code of this program with the OpenSSL - library (or with modified versions of OpenSSL that use the same - license as OpenSSL), and distribute linked combinations including - the two. You must obey the GNU General Public License in all - respects for all of the code used other than OpenSSL. If you modify - this file, you may extend this exception to your version of the - file, but you are not obligated to do so. If you do not wish to - do so, delete this exception statement from your version. +Files: src/compat/compat-lz4.c + src/compat/compat-lz4.h +Copyright: 2011-2016 Yann Collet +License: BSD-2 -Markus F.X.J. Oberhumer <markus@oberhumer.com> made the following -exception in LZO's license to make possible the use of LZO with OpenSSL -in OpenVPN: +Files: src/openvpn/base64.c + src/openvpn/base64.h +Copyright: 1995 -2001 Kungliga Tekniska Högskolan +License: BSD-3 - Hereby I grant a special exception to the OpenVPN project - (http://openvpn.sourceforge.net) to link the LZO library with - the OpenSSL library (http://www.openssl.org). +Files: include/openvpn-msg.h + src/openvpnserv/common.c + src/openvpnserv/service.h + src/openvpnserv/interactive.c +Copyright: 2011-2018 Heiko Hund <heiko.hund@sophos.com> +License: GPL-2 - Markus F.X.J. Oberhumer +Files: src/openvpn/block_dns.c +Copyright: 2002-2018 OpenVPN Inc <sales@openvpn.net> + 2015-2016 <iam@valdikss.org.ru> + 2016 Selva Nair <selva.nair@gmail.com> +License: GPL-2 +Files: src/openvpn/block_dns.h + src/openvpnserv/validate.h + src/openvpnserv/validate.c +Copyright: 2016 Selva Nair <selva.nair@gmail.com> +License: GPL-2 +Files: src/openvpn/comp-lz4.c + src/openvpn/comp-lz4.h +Copyright: 2002-2018 OpenVPN Inc <sales@openvpn.net> + 2013-2018 Gert Doering <gert@greenie.muc.de> +License: GPL-2 + +Files: src/openvpn/cryptoapi.c +Copyright: 2004 Peter 'Luna' Runestig <peter@runestig.com> +License: BSD-3 + +Files: src/openvpn/ntlm.c +Copyright: 2004 William Preston +License: GPL-2 + +Files: src/openvpn/ssl_mbedtls.c +Copyright: 2002-2018 OpenVPN Inc <sales@openvpn.net> + 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com> + 2006-2010 Brainspark B.V. +License: GPL-2 + +Files: src/openvpn/ssl_mbedtls.h +Copyright: 2002-2018 OpenVPN Inc <sales@openvpn.net> + 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com> +License: GPL-2 + +Files: src/openvpnserv/service.c +Copyright: 1993-2000 Microsoft Corporation + 2013 Heiko Hund <heiko.hund@sophos.com> +License: other + +Files: sample/sample-keys/gen-sample-keys.sh +Copyright: 2014 Steffan Karger <steffan@karger.me> +License: GPL-2 + +Files: m4/pkg.m4 +Copyright: 2004 Scott James Remnant <scott@netsplit.com>. +License: GPL-2+ + +Files: install-sh +Copyright: 1994 X Consortium +License: MIT + +Files: tests/t_cltsrv.sh +Copyright: 2005-2008 Matthias Andree +License: GPL-2+ + +Files: tests/t_lpback.sh +Copyright: 2005 Matthias Andree + 2014 Steffan Karger +License: GPL-2+ + +Files: debian/* +Copyright: 2002-2017 Alberto Gonzalez Iniesta <agi@inittab.org> + 2017-2018 Bernhard Schmidt <berni@debian.org> + 2017-2018 Jörg Frings-Fürst <debian@jff.email> +License: GPL-3+ + +License: BSD-2 + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-3 + All rights reserved. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + . + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + . + 3. Neither the name of the copyright holder nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE + LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + +License: GPL-2 + This program is free software; you can redistribute it + and/or modify it under the terms of the GNU General Public + License as published by the Free Software Foundation version + 2 of the License. + . + This program is distributed in the hope that it will be + useful, but WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR + PURPOSE. See the GNU General Public License for more + details. + . + You should have received a copy of the GNU General Public + License along with this package; if not, write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, + Boston, MA 02110-1301 USA + . + On Debian systems, the full text of the GNU General Public + License version 2 can be found in the file + `/usr/share/common-licenses/GPL-2'. + +License: GPL-2 with OpenSSL exception + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License. + . + This program is distributed in the hope that it will be useful, but + is provided AS IS, WITHOUT ANY WARRANTY; without even the implied + warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, and + NON-INFRINGEMENT. See the GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + . + The complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. + . + In addition, as a special exception, the copyright holders give + permission to link the code of portions of this program with the + OpenSSL library under certain conditions as described in each + individual source file, and distribute linked combinations + including the two. + You must obey the GNU General Public License in all respects + for all of the code used other than OpenSSL. If you modify + file(s) with this exception, you may extend this exception to your + version of the file(s), but you are not obligated to do so. If you + do not wish to do so, delete this exception statement from your + version. If you delete this exception statement from all source + files in the program, then also delete it here. + +License: GPL-2+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. + . + The complete text of the GNU General Public License + can be found in /usr/share/common-licenses/GPL-2 file. + +License: GPL-3+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/> + . + On Debian systems, the complete text of the GNU General + Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". + +License: MIT + All rights reserved. No part of this source code may be reproduced, + stored in a retrieval system, or transmitted, in any form or by any + means, electronic, mechanical, photocopying, recording or otherwise, + except as stated in the end-user licence agreement, without the prior + permission of the copyright owners. + . + Permission to use, copy, modify, and distribute this software and its + documentation for any purpose and without fee is hereby granted, provided + that the above copyright notice appear in all copies and that both that + copyright notice and this permission notice appear in supporting + documentation, and that the name of OSF, UI or X/Open not be used in + advertising or publicity pertaining to distribution of the software + without specific, written prior permission. OSF, UI and X/Open make + no representations about the suitability of this software for any purpose. + It is provided "as is" without express or implied warranty. + . + OSF, UI and X/Open DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, + INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO + EVENT SHALL OSF, UI or X/Open BE LIABLE FOR ANY SPECIAL, INDIRECT OR + CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF + USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR + OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + PERFORMANCE OF THIS SOFTWARE. + +License: other + THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF + ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED + TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A + PARTICULAR PURPOSE. diff --git a/debian/gbp.conf b/debian/gbp.conf new file mode 100644 index 0000000..cec628c --- /dev/null +++ b/debian/gbp.conf @@ -0,0 +1,2 @@ +[DEFAULT] +pristine-tar = True diff --git a/debian/openvpn.lintian-overrides b/debian/openvpn.lintian-overrides deleted file mode 100644 index 91ae65a..0000000 --- a/debian/openvpn.lintian-overrides +++ /dev/null @@ -1,4 +0,0 @@ -# ChangeLog and Changes.rst are not the same. -# ChangeLog contains the source changes and Changes.rst describes -# the program development. -duplicate-changelog-files diff --git a/debian/openvpn@.service b/debian/openvpn@.service index 7f0134b..da7adc7 100644 --- a/debian/openvpn@.service +++ b/debian/openvpn@.service @@ -17,8 +17,8 @@ ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 PIDFile=/run/openvpn/%i.pid KillMode=process ExecReload=/bin/kill -HUP $MAINPID -CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE -LimitNPROC=10 +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE +LimitNPROC=100 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw ProtectSystem=true diff --git a/debian/patches/auth-pam_libpam_so_filename.patch b/debian/patches/auth-pam_libpam_so_filename.patch index cfa9047..2e7e5c4 100644 --- a/debian/patches/auth-pam_libpam_so_filename.patch +++ b/debian/patches/auth-pam_libpam_so_filename.patch @@ -1,11 +1,11 @@ Description: Fix libpam.so filename to /lib/libpam.so.0 in pam plugin Author: Alberto Gonzalez Iniesta <agi@inittab.org> Bug-Debian: http://bugs.debian.org/306335 -Index: openvpn/src/plugins/auth-pam/auth-pam.c +Index: trunk/src/plugins/auth-pam/auth-pam.c =================================================================== ---- openvpn.orig/src/plugins/auth-pam/auth-pam.c 2016-12-27 18:45:37.638198402 +0100 -+++ openvpn/src/plugins/auth-pam/auth-pam.c 2016-12-27 18:45:37.638198402 +0100 -@@ -698,7 +698,7 @@ +--- trunk.orig/src/plugins/auth-pam/auth-pam.c ++++ trunk/src/plugins/auth-pam/auth-pam.c +@@ -716,7 +716,7 @@ pam_server(int fd, const char *service, struct user_pass up; int command; #ifdef USE_PAM_DLOPEN diff --git a/debian/patches/fix-pkcs11-helper-hang.patch b/debian/patches/fix-pkcs11-helper-hang.patch new file mode 100644 index 0000000..41d9be1 --- /dev/null +++ b/debian/patches/fix-pkcs11-helper-hang.patch @@ -0,0 +1,13 @@ +Index: openvpn/src/openvpn/pkcs11.c +=================================================================== +--- openvpn.orig/src/openvpn/pkcs11.c ++++ openvpn/src/openvpn/pkcs11.c +@@ -312,7 +312,7 @@ pkcs11_initialize( + + pkcs11h_setLogLevel(_pkcs11_msg_openvpn2pkcs11(get_debug_level())); + +- if ((rv = pkcs11h_setForkMode(TRUE)) != CKR_OK) ++ if ((rv = pkcs11h_setForkMode(FALSE)) != CKR_OK) + { + msg(M_FATAL, "PKCS#11: Cannot set fork mode %ld-'%s'", rv, pkcs11h_getMessage(rv)); + goto cleanup; diff --git a/debian/patches/kfreebsd_support.patch b/debian/patches/kfreebsd_support.patch index 4445e0d..4e89f32 100644 --- a/debian/patches/kfreebsd_support.patch +++ b/debian/patches/kfreebsd_support.patch @@ -1,11 +1,9 @@ Description: Improve kFreeBSD support Author: Gonéri Le Bouder <goneri@rulezlan.org> Bug-Debian: http://bugs.debian.org/626062 -Index: openvpn/src/openvpn/route.c -=================================================================== ---- openvpn.orig/src/openvpn/route.c 2017-06-22 13:17:05.754630908 +0200 -+++ openvpn/src/openvpn/route.c 2017-06-22 13:17:05.750630880 +0200 -@@ -1689,7 +1689,7 @@ +--- a/src/openvpn/route.c ++++ b/src/openvpn/route.c +@@ -1693,7 +1693,7 @@ argv_msg(D_ROUTE, &argv); status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed"); @@ -14,7 +12,7 @@ Index: openvpn/src/openvpn/route.c argv_printf(&argv, "%s add", ROUTE_PATH); -@@ -1875,7 +1875,7 @@ +@@ -1879,7 +1879,7 @@ network = print_in6_addr( r6->network, 0, &gc); gateway = print_in6_addr( r6->gateway, 0, &gc); @@ -23,7 +21,7 @@ Index: openvpn/src/openvpn/route.c || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) -@@ -2043,7 +2043,7 @@ +@@ -2047,7 +2047,7 @@ argv_msg(D_ROUTE, &argv); status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed"); @@ -32,7 +30,7 @@ Index: openvpn/src/openvpn/route.c argv_printf(&argv, "%s add -inet6 %s/%d", ROUTE_PATH, -@@ -2227,7 +2227,7 @@ +@@ -2239,7 +2239,7 @@ argv_msg(D_ROUTE, &argv); openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed"); @@ -41,7 +39,7 @@ Index: openvpn/src/openvpn/route.c argv_printf(&argv, "%s delete -net %s %s %s", ROUTE_PATH, -@@ -2334,7 +2334,7 @@ +@@ -2346,7 +2346,7 @@ network = print_in6_addr( r6->network, 0, &gc); gateway = print_in6_addr( r6->gateway, 0, &gc); @@ -50,7 +48,7 @@ Index: openvpn/src/openvpn/route.c || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) -@@ -2469,7 +2469,7 @@ +@@ -2481,7 +2481,7 @@ argv_msg(D_ROUTE, &argv); openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed"); @@ -59,7 +57,7 @@ Index: openvpn/src/openvpn/route.c argv_printf(&argv, "%s delete -inet6 %s/%d", ROUTE_PATH, -@@ -3514,7 +3514,8 @@ +@@ -3532,7 +3532,8 @@ #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \ || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ @@ -69,20 +67,18 @@ Index: openvpn/src/openvpn/route.c #include <sys/types.h> #include <sys/socket.h> -Index: openvpn/src/openvpn/tun.c -=================================================================== ---- openvpn.orig/src/openvpn/tun.c 2017-06-22 13:17:05.754630908 +0200 -+++ openvpn/src/openvpn/tun.c 2017-06-22 13:17:05.750630880 +0200 -@@ -843,7 +843,7 @@ +--- a/src/openvpn/tun.c ++++ b/src/openvpn/tun.c +@@ -845,7 +845,7 @@ #endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */ #if defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ -- || defined(TARGET_OPENBSD) -+ || defined(TARGET_OPENBSD) || defined(__FreeBSD_kernel__) +- || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) ++ || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) || defined(__FreeBSD_kernel__) /* we can't use true subnet mode on tun on all platforms, as that * conflicts with IPv6 (wants to use ND then, which we don't do), * but the OSes want "a remote address that is different from ours" -@@ -1412,7 +1412,7 @@ +@@ -1429,7 +1429,7 @@ add_route_connected_v6_net(tt, es); } @@ -91,7 +87,7 @@ Index: openvpn/src/openvpn/tun.c in_addr_t remote_end; /* for "virtual" subnet topology */ -@@ -2770,7 +2770,7 @@ +@@ -2785,7 +2785,7 @@ } } @@ -100,10 +96,8 @@ Index: openvpn/src/openvpn/tun.c static inline int freebsd_modify_read_write_return(int len) -Index: openvpn/src/openvpn/lladdr.c -=================================================================== ---- openvpn.orig/src/openvpn/lladdr.c 2017-06-22 13:17:05.754630908 +0200 -+++ openvpn/src/openvpn/lladdr.c 2017-06-22 13:17:05.750630880 +0200 +--- a/src/openvpn/lladdr.c ++++ b/src/openvpn/lladdr.c @@ -50,7 +50,7 @@ "%s %s lladdr %s", IFCONFIG_PATH, @@ -113,10 +107,8 @@ Index: openvpn/src/openvpn/lladdr.c argv_printf(&argv, "%s %s ether %s", IFCONFIG_PATH, -Index: openvpn/src/openvpn/syshead.h -=================================================================== ---- openvpn.orig/src/openvpn/syshead.h 2017-06-22 13:17:05.754630908 +0200 -+++ openvpn/src/openvpn/syshead.h 2017-06-22 13:17:05.750630880 +0200 +--- a/src/openvpn/syshead.h ++++ b/src/openvpn/syshead.h @@ -297,7 +297,7 @@ #endif /* TARGET_OPENBSD */ @@ -126,11 +118,9 @@ Index: openvpn/src/openvpn/syshead.h #ifdef HAVE_SYS_UIO_H #include <sys/uio.h> -Index: openvpn/src/openvpn/ssl.c -=================================================================== ---- openvpn.orig/src/openvpn/ssl.c 2017-06-22 13:17:05.754630908 +0200 -+++ openvpn/src/openvpn/ssl.c 2017-06-22 13:17:05.750630880 +0200 -@@ -2269,7 +2269,7 @@ +--- a/src/openvpn/ssl.c ++++ b/src/openvpn/ssl.c +@@ -2270,7 +2270,7 @@ buf_printf(&out, "IV_PLAT=mac\n"); #elif defined(TARGET_NETBSD) buf_printf(&out, "IV_PLAT=netbsd\n"); diff --git a/debian/patches/openvpn-pkcs11warn.patch b/debian/patches/openvpn-pkcs11warn.patch index 1fabddd..71b2ac8 100644 --- a/debian/patches/openvpn-pkcs11warn.patch +++ b/debian/patches/openvpn-pkcs11warn.patch @@ -1,11 +1,11 @@ Description: Warn users about deprecated pkcs11 options Author: Florian Kulzer <florian.kulzer+debian@icfo.es> Bug-Debian: http://bugs.debian.org/475353 -Index: openvpn/src/openvpn/options.c +Index: trunk/src/openvpn/options.c =================================================================== ---- openvpn.orig/src/openvpn/options.c 2017-06-22 13:16:58.862582114 +0200 -+++ openvpn/src/openvpn/options.c 2017-06-22 13:16:58.862582114 +0200 -@@ -6818,6 +6818,20 @@ +--- trunk.orig/src/openvpn/options.c ++++ trunk/src/openvpn/options.c +@@ -6861,6 +6861,20 @@ add_option(struct options *options, options->port_share_port = p[2]; options->port_share_journal_dir = p[3]; } diff --git a/debian/patches/series b/debian/patches/series index 156ff6f..8b19c3d 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -4,3 +4,6 @@ debian_nogroup_for_sample_files.patch openvpn-pkcs11warn.patch kfreebsd_support.patch match-manpage-and-command-help.patch +spelling_errors.patch +systemd.patch +fix-pkcs11-helper-hang.patch diff --git a/debian/patches/spelling_errors.patch b/debian/patches/spelling_errors.patch new file mode 100644 index 0000000..cac36d3 --- /dev/null +++ b/debian/patches/spelling_errors.patch @@ -0,0 +1,53 @@ +Description: correct tspelling errors +Author: Jörg Frings-Fürst <debian@jff.email> +Last-Update: 2018-07-29 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/src/openvpn/buffer.c +=================================================================== +--- trunk.orig/src/openvpn/buffer.c ++++ trunk/src/openvpn/buffer.c +@@ -44,7 +44,7 @@ array_mult_safe(const size_t m1, const s + unsigned long long res = (unsigned long long)m1 * (unsigned long long)m2 + (unsigned long long)extra; + if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(extra > limit) || unlikely(res > (unsigned long long)limit)) + { +- msg(M_FATAL, "attemped allocation of excessively large array"); ++ msg(M_FATAL, "attempted allocation of excessively large array"); + } + return (size_t) res; + } +Index: trunk/src/openvpn/options.c +=================================================================== +--- trunk.orig/src/openvpn/options.c ++++ trunk/src/openvpn/options.c +@@ -448,7 +448,7 @@ static const char usage_message[] = + " user/pass via environment, if method='via-file', pass\n" + " user/pass via temporary file.\n" + "--auth-gen-token [lifetime] Generate a random authentication token which is pushed\n" +- " to each client, replacing the password. Usefull when\n" ++ " to each client, replacing the password. Useful when\n" + " OTP based two-factor auth mechanisms are in use and\n" + " --reneg-* options are enabled. Optionally a lifetime in seconds\n" + " for generated tokens can be set.\n" +Index: trunk/doc/openvpn.8 +=================================================================== +--- trunk.orig/doc/openvpn.8 ++++ trunk/doc/openvpn.8 +@@ -2181,7 +2181,7 @@ that + is parsed on the command line even though + the daemonization point occurs later. If one of the + .B \-\-log +-options is present, it will supercede syslog ++options is present, it will supersede syslog + redirection. + + The optional +@@ -2292,7 +2292,7 @@ If + already exists it will be truncated. + This option takes effect + immediately when it is parsed in the command line +-and will supercede syslog output if ++and will supersede syslog output if + .B \-\-daemon + or + .B \-\-inetd diff --git a/debian/patches/systemd.patch b/debian/patches/systemd.patch new file mode 100644 index 0000000..ccbecfd --- /dev/null +++ b/debian/patches/systemd.patch @@ -0,0 +1,29 @@ +Description: remove syslog.target +Author: Jörg Frings-Fürst <debian@jff.email> +Last-Update: 2018-07-29 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: trunk/distro/systemd/openvpn-client@.service.in +=================================================================== +--- trunk.orig/distro/systemd/openvpn-client@.service.in ++++ trunk/distro/systemd/openvpn-client@.service.in +@@ -1,6 +1,6 @@ + [Unit] + Description=OpenVPN tunnel for %I +-After=syslog.target network-online.target ++After=network-online.target + Wants=network-online.target + Documentation=man:openvpn(8) + Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage +Index: trunk/distro/systemd/openvpn-server@.service.in +=================================================================== +--- trunk.orig/distro/systemd/openvpn-server@.service.in ++++ trunk/distro/systemd/openvpn-server@.service.in +@@ -1,6 +1,6 @@ + [Unit] + Description=OpenVPN service for %I +-After=syslog.target network-online.target ++After=network-online.target + Wants=network-online.target + Documentation=man:openvpn(8) + Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage diff --git a/debian/rules b/debian/rules index 603d9a0..7bec9d2 100755 --- a/debian/rules +++ b/debian/rules @@ -3,7 +3,7 @@ ifeq ($(DEB_HOST_ARCH_OS), kfreebsd) # Avoid the /sbin/route wrapper which doesn't provide FreeBSD CLI as expected ENV_VARS := IFCONFIG=/sbin/ifconfig ROUTE=/lib/freebsd/route -EXTRA_ARGS := +EXTRA_ARGS := else ENV_VARS := SYSTEMD_ASK_PASSWORD=/bin/systemd-ask-password IFCONFIG=/sbin/ifconfig ROUTE=/sbin/route IPROUTE=/sbin/ip SYSTEMD_UNIT_DIR=/lib/systemd/system TMPFILES_DIR=/usr/lib/tmpfiles.d EXTRA_ARGS := --enable-systemd --enable-iproute2 @@ -52,7 +52,7 @@ override_dh_auto_install: install -m 755 debian/openvpn.if-up.d $(CURDIR)/debian/openvpn/etc/network/if-up.d/openvpn install -m 755 debian/openvpn.if-down.d $(CURDIR)/debian/openvpn/etc/network/if-down.d/openvpn # remove unwanted plugin files - rm -f $(CURDIR)/debian/openvpn/usr/lib/$(DEB_HOST_GNU_TYPE)/openvpn/plugins/*.la + $(RM) $(CURDIR)/debian/openvpn/usr/lib/$(DEB_HOST_GNU_TYPE)/openvpn/plugins/*.la # resolvconf script install -m 755 debian/update-resolv-conf $(CURDIR)/debian/openvpn/etc/openvpn/update-resolv-conf # bash completion @@ -61,14 +61,15 @@ override_dh_auto_install: ifeq ($(DEB_HOST_ARCH_OS), linux) cat debian/openvpn.conf >> $(CURDIR)/debian/openvpn/usr/lib/tmpfiles.d/openvpn.conf endif + $(RM) $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/COPYING override_dh_installexamples: dh_installexamples ## remove windoze stuff - rm -rf $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/easy-rsa/Windows - rm -rf $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/sample + $(RM) -r $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/easy-rsa/Windows + $(RM) -r $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/sample # remove gitignore file from samples - rm -f $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/sample-keys/.gitignore + $(RM) $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/sample-keys/.gitignore override_dh_installinit: dh_installinit --no-start -- defaults 16 80 @@ -76,6 +77,5 @@ override_dh_installinit: override_dh_compress: dh_compress --exclude=.cnf --exclude=pkitool -override_dh_systemd_start: - dh_systemd_start --restart-after-upgrade - +override_dh_installsystemd: + dh_installsystemd --restart-after-upgrade diff --git a/debian/update-resolv-conf b/debian/update-resolv-conf index fc2f031..61b15d9 100644 --- a/debian/update-resolv-conf +++ b/debian/update-resolv-conf @@ -15,7 +15,11 @@ # foreign_option_3='dhcp-option DOMAIN be.bnc.ch' # -[ -x /sbin/resolvconf ] || exit 0 +if [ ! -x /sbin/resolvconf ] ; then + logger "[OpenVPN:update-resolve-conf] missing binary /sbin/resolvconf"; + exit 0; +fi + [ "$script_type" ] || exit 0 [ "$dev" ] || exit 0 @@ -30,7 +34,8 @@ case "$script_type" in up) NMSRVRS="" SRCHS="" - for optionvarname in ${!foreign_option_*} ; do + foreign_options=$(printf '%s\n' ${!foreign_option_*} | sort -t _ -k 3 -g) + for optionvarname in ${foreign_options} ; do option="${!optionvarname}" echo "$option" split_into_parts $option diff --git a/debian/watch b/debian/watch index bffdf20..cda3cd9 100644 --- a/debian/watch +++ b/debian/watch @@ -1,3 +1,3 @@ -version=3 -http://openvpn.net/index.php/open-source/downloads.html \ +version=4 +https://openvpn.net/index.php/open-source/downloads.html \ (?:|.*/)openvpn(?:[_\-]v?|)(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) |