summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2019-03-07 21:38:56 +0100
committerBernhard Schmidt <berni@debian.org>2019-03-07 21:38:56 +0100
commitcfcec33bd88faeb354a33bd5f8052486ac848f9a (patch)
tree8e1ace9a34f5ee12b34416b02d514da67d54c907 /debian
parent7486cf05cdeb6996fdf249e5a2f15d93a47dbac1 (diff)
parenta351f71e82badcc71a2ce881bbb97eccfcebc06b (diff)
Merge tag 'debian/2.4.7-1' into stretch-backports
openvpn Debian release 2.4.7-1
Diffstat (limited to 'debian')
-rw-r--r--debian/README.source18
-rw-r--r--debian/changelog101
-rw-r--r--debian/compat2
-rw-r--r--debian/control16
-rw-r--r--debian/copyright342
-rw-r--r--debian/gbp.conf2
-rw-r--r--debian/openvpn.lintian-overrides4
-rw-r--r--debian/openvpn@.service4
-rw-r--r--debian/patches/auth-pam_libpam_so_filename.patch8
-rw-r--r--debian/patches/fix-pkcs11-helper-hang.patch13
-rw-r--r--debian/patches/kfreebsd_support.patch56
-rw-r--r--debian/patches/openvpn-pkcs11warn.patch8
-rw-r--r--debian/patches/series3
-rw-r--r--debian/patches/spelling_errors.patch53
-rw-r--r--debian/patches/systemd.patch29
-rwxr-xr-xdebian/rules16
-rw-r--r--debian/update-resolv-conf9
-rw-r--r--debian/watch4
18 files changed, 562 insertions, 126 deletions
diff --git a/debian/README.source b/debian/README.source
new file mode 100644
index 0000000..b286c8f
--- /dev/null
+++ b/debian/README.source
@@ -0,0 +1,18 @@
+Hello,
+
+now I use the branching model from Vincent Driessen[1].
+
+I use the gitflow-avh[2]. with the Documentation[3].
+The Debian package can be found here[4].
+
+Please upload unattended uploads use a branch feature/<your title>.
+
+
+Many thanks.
+
+ -- Jörg Frings-Fürst <debian@jff.email> Sun, 29 Jul 2018 13:59:15 +0200
+
+[1] http://nvie.com/posts/a-successful-git-branching-model/
+[2] https://github.com/petervanderdoes/gitflow-avh
+[3] https://github.com/petervanderdoes/gitflow-avh/wiki
+[4] https://tracker.debian.org/pkg/git-flow
diff --git a/debian/changelog b/debian/changelog
index 91bcf9e..f676f8d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,14 +1,68 @@
-openvpn (2.4.4-2~bpo9+1) stretch-backports; urgency=medium
+openvpn (2.4.7-1) unstable; urgency=medium
- * Rebuild for stretch-backports.
- - Revert to OpenSSL 1.0.2, libpkcs11-helper1-dev is not compatible
- with OpenSSL 1.1.0 in stretch
+ [ Bernhard Schmidt ]
+ * New upstream version 2.4.7
+ - improvements regarding TLSv1.3
+ - Add CAP_AUDIT_WRITE for auth_pam for upstream units (Closes: #868806)
+ * adjust kfreebsd_support.patch for new upstream version
+ * Also Add CAP_AUDIT_WRITE for auth_pam for openvpn@.service (Closes: #868806)
+ * openvpn@.service: Bump LimitNPROC to 100, see #861923
+
+ [ Simon Deziel ]
+ * d/control: suggests openvpn-systemd-resolved (Closes: #913265)
+
+ [ Hilko Bengen ]
+ * Avoid hangs when spawning child processes by not setting pkcs11-helper
+ "safe fork mode" (Closes: #772812, #900805, #907452)
- -- Bernhard Schmidt <berni@debian.org> Sat, 30 Dec 2017 22:21:24 +0100
+ -- Bernhard Schmidt <berni@debian.org> Wed, 20 Feb 2019 14:50:03 +0100
+
+openvpn (2.4.6-1) unstable; urgency=medium
+
+ [ Jörg Frings-Fürst ]
+ * New upstream release.
+ - Refresh patches.
+ - Fix "does not start if link-mtu is too low" (Closes: #867113).
+ - Fix "auth-tokens are purged if auth-nocache is set" (Closes: #883601).
+ * Migrate to debhelper 11:
+ - Change debian/compat to 11.
+ - Bump minimum debhelper version in debian/control to >= 11.
+ * Declare compliance with Debian Policy 4.1.5 (No changes needed).
+ * New debian/patches/spelling_errors.patch to correct spelling errors.
+ * New debian/patches/systemd.patch to remove obsolete syslog.target.
+ * debian/changelog:
+ - Rewrite to DEP5 copyright format.
+ * debian/control:
+ - Change to my new email address.
+ - Remove trailing whitespaces.
+ * debian/rules:
+ - Remove trailing whitespaces.
+ - Replace outdated dh_installsystemd with dh_systemd_start.
+ - Remove usr/share/doc/openvpn/COPYING.
+ - Replace rm -f with $(RM).
+ * debian/update-resolv-conf:
+ - Fix "preserve order of pushed parameters" (Closes: #807808).
+ Thanks to Thibaut Chèze.
+ - Add syslog message if used without binary resolvconf (Closes: #895135).
+ Thanks to Roger Price <debian@rogerprice.org>.
+ * debian/watch:
+ - Use secure URI.
+ * Remove obsolete debian/openvpn.lintian-overrides.
+ * New README.source to explain the branching model used.
+
+ -- Jörg Frings-Fürst <debian@jff.email> Mon, 30 Jul 2018 14:08:13 +0200
+
+openvpn (2.4.5-1) unstable; urgency=medium
+
+ * New upstream version 2.4.5 (Closes: #873302)
+ * Fix wrong Bug# in previous changelog
+ * Change Vcs-* to salsa (gitlab)
+
+ -- Bernhard Schmidt <berni@debian.org> Sun, 04 Mar 2018 22:23:47 +0100
openvpn (2.4.4-2) unstable; urgency=medium
- * Build against OpenSSL 1.1.0 (Closes: #828447)
+ * Build against OpenSSL 1.1.0 (Closes: #828477)
* Bump Standards-Version to 4.1.2, no changes necessary
-- Bernhard Schmidt <berni@debian.org> Mon, 11 Dec 2017 00:22:11 +0100
@@ -97,7 +151,7 @@ openvpn (2.4.3-1) unstable; urgency=high
- CVE-2017-7521
- CVE-2017-7522
* Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins
- * debian/rules:
+ * debian/rules:
- Remove obsolete options to configure script (enable-password-save,
with-plugindir (now in ENV_VARS))
- No need to install upstream's systemd unit files from debian/rules
@@ -270,7 +324,7 @@ openvpn (2.3.7-1) unstable; urgency=medium
openvpn (2.3.5-1) unstable; urgency=medium
* New upstream release. Removed patches applied upstream:
- client_connect_tmp_files.patch
+ client_connect_tmp_files.patch
better_systemd_detection.patch
* Add Build-Depends on libsystemd-daemon-dev.
@@ -519,7 +573,7 @@ openvpn (2.2.0-2) unstable; urgency=low
openvpn (2.2.0-1) experimental; urgency=low
* New upstream release (Closes: #625281)
- * Removed Depends on open(ssl|vpn)-blacklist, since
+ * Removed Depends on open(ssl|vpn)-blacklist, since
debian_openssl_vulnkeys.patch is no longer used.
Removed templates referring it too.
* Removed manpage_dash_escaping.patch, applied upstream
@@ -812,7 +866,7 @@ openvpn (2.1~rc7-2) unstable; urgency=high
* init.c: Warn of use of known vulnerable weak SSL/TLS
and shared secret keys caused by Debian openssl bug.
Patch taken from Ubuntu. CVE-2008-0166
- * debian/(templates|postinst): Add warning on vulnerable
+ * debian/(templates|postinst): Add warning on vulnerable
secrect/key files.
* debian/control: Add dependencies on openssl-blacklist and
openvpn-blacklist. Bumped dependency on libssl version.
@@ -902,7 +956,7 @@ openvpn (2.0.9-6) unstable; urgency=low
/etc/network/interfaces integration. (Closes: #413732)
* Also included joeyh's suggestion on the previous subject.
(Closes: 419797)
- * Avoid restarting a vpn instead of reloading it due to wrong
+ * Avoid restarting a vpn instead of reloading it due to wrong
detection of 'user' option in init.d script. Thanks Josip Rodin.
(Closes: 403503)
* Added Russian debconf translation. (Closes: #414088)
@@ -980,7 +1034,7 @@ openvpn (2.0.6-2) unstable; urgency=low
a fresh install or stop2upgrade=true. (Closes: #366085, #338956)
* Updated Czech debconf translation (Closes: #333989)
Thanks Miroslav Kure.
- * Bumped Standards-Version to 3.7.2.0, no change.
+ * Bumped Standards-Version to 3.7.2.0, no change.
* debian/rules: Avoid compressing 'pkitool' (Closes: #354478)
* debian/templates: Corrected typo on init scripts order change.
(Closes: #351664)
@@ -1024,9 +1078,9 @@ openvpn (2.0.2-1) unstable; urgency=low
* The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :)
* New upstream release (Closes: #323594)
* Fixed use of backslash in username authentication. (Closes: #309787)
- * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532
+ * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532
CAN-2005-2533 CAN-2005-2534. (Closes: #324167)
- * Changed group option from 'nobody' to 'nogroup' in all the
+ * Changed group option from 'nobody' to 'nogroup' in all the
*example* files... (Closes: #317987)
* Included openvpn-plugin.h to allow building third party plugins.
(Closes: #316139)
@@ -1079,7 +1133,7 @@ openvpn (2.0-1) unstable; urgency=low
Thanks Thomas Hood for the patch.
* debian/control. Rewrote Description: field.
Now it's more useful and complete. (Closes: #304895)
- * init.d script:
+ * init.d script:
- Fixed restarting of multiple VPNs
- Fixed TAB converted to spaces.
- Remove status file on VPN stop
@@ -1122,7 +1176,7 @@ openvpn (1.99+2.rc12-1) unstable; urgency=low
openvpn (1.99+2.rc11-2) unstable; urgency=low
- * Added --enable-password-save to configure call to allow
+ * Added --enable-password-save to configure call to allow
--askpass and --auth-user-pass passwords to be read from a file.
-- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 3 Feb 2005 18:19:28 +0100
@@ -1192,7 +1246,7 @@ openvpn (1.99+2.beta17-1) unstable; urgency=low
openvpn (1.99+2.beta16-2) unstable; urgency=low
- * Patched ssl.c to fix bug in --key-method 1, that prevented
+ * Patched ssl.c to fix bug in --key-method 1, that prevented
OpenVPN 2.x from working with 1.x using that method.
Thanks James for the prompt answer & patch.
Thanks weasel for finding it out.
@@ -1242,7 +1296,7 @@ openvpn (1.99+2.beta15-1) unstable; urgency=low
and not tell the maintainer directly.
* Added Brazilian Portuguese debconf templates. (Closes: #279351)
* Modified init.d script so that specifying a daemon option in a
- VPN configuration won't make it fail.
+ VPN configuration won't make it fail.
Thanks Christoph Biedl for the patch. (Closes: #278302)
* Added scripts to allow specifying 'openvpn name' in
/etc/network/interfaces to have the tunnel created and destroyed with
@@ -1356,7 +1410,7 @@ openvpn (1.4.3-2) unstable; urgency=low
* Moved initscripts sequence number to S16 from S20. This will make
openvpn start earlier and be ready for other services. (Closes: #209225)
* Added Depends: on debconf, it's used in the maintainer's scripts now.
- * Added debconf template to ask for the creation of the TUN/TAP device
+ * Added debconf template to ask for the creation of the TUN/TAP device
node. (Closes: #211198)
-- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 2 Oct 2003 21:39:46 +0200
@@ -1364,7 +1418,7 @@ openvpn (1.4.3-2) unstable; urgency=low
openvpn (1.4.3-1) unstable; urgency=low
* New upstream release
- * Bumped Standards-Version to 3.6.1.0, no change.
+ * Bumped Standards-Version to 3.6.1.0, no change.
* Patched init.d script to support single vpn stop/start/restart.
Thanks to Richard Mueller and Norbert Tretkowski (Closes: #204100)
@@ -1395,7 +1449,7 @@ openvpn (1.4.0-2) unstable; urgency=low
openvpn (1.4.0-1) unstable; urgency=low
* New upstream release (Closes: #179551)
- * Re-enabled liblzo support. LZO's author made an exception in LZO's
+ * Re-enabled liblzo support. LZO's author made an exception in LZO's
license that permits OpenVPN to use LZO and OpenSSL. See copyright
file.
@@ -1410,9 +1464,9 @@ openvpn (1.3.2-3) unstable; urgency=low
openvpn (1.3.2-2) unstable; urgency=low
- * Disabled liblzo1 support to fix license issues with Openssl.
+ * Disabled liblzo1 support to fix license issues with Openssl.
(Closes: #177497)
- * Bumped Standards-Version to 3.5.8, no change.
+ * Bumped Standards-Version to 3.5.8, no change.
-- Alberto Gonzalez Iniesta <agi@agi.as> Mon, 20 Jan 2003 16:09:16 +0100
@@ -1453,4 +1507,3 @@ openvpn (1.2.0-1) unstable; urgency=low
* Initial Release. (Closes: #140463)
-- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 23 May 2002 11:00:37 +0200
-
diff --git a/debian/compat b/debian/compat
index f599e28..b4de394 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-10
+11
diff --git a/debian/control b/debian/control
index 223ddc8..8f48a74 100644
--- a/debian/control
+++ b/debian/control
@@ -2,9 +2,9 @@ Source: openvpn
Section: net
Priority: optional
Maintainer: Bernhard Schmidt <berni@debian.org>
-Uploaders: Jörg Frings-Fürst <debian@jff-webhosting.net>
+Uploaders: Jörg Frings-Fürst <debian@jff.email>
Build-Depends:
- debhelper (>= 10),
+ debhelper (>= 11),
dpkg-dev (>= 1.16.1),
iproute2 [linux-any],
liblz4-dev,
@@ -16,14 +16,14 @@ Build-Depends:
net-tools [!linux-any],
pkg-config,
systemd [linux-any]
-Standards-Version: 4.1.2
+Standards-Version: 4.1.5
Homepage: https://openvpn.net/
-Vcs-Git: https://anonscm.debian.org/git/collab-maint/openvpn.git
-Vcs-Browser: https://anonscm.debian.org/git/collab-maint/openvpn.git
+Vcs-Git: https://salsa.debian.org/debian/openvpn.git
+Vcs-Browser: https://salsa.debian.org/debian/openvpn
Package: openvpn
Architecture: any
-Depends:
+Depends:
debconf | debconf-2.0,
${shlibs:Depends},
${misc:Depends},
@@ -32,7 +32,8 @@ Depends:
lsb-base (>= 3.0-6)
Suggests:
openssl,
- resolvconf
+ resolvconf,
+ openvpn-systemd-resolved
Recommends: easy-rsa
Description: virtual private network daemon
OpenVPN is an application to securely tunnel IP networks over a
@@ -46,4 +47,3 @@ Description: virtual private network daemon
OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It
also supports VPNs with dynamic endpoints (DHCP or dial-up clients), tunnels
over NAT or connection-oriented stateful firewalls (such as Linux's iptables).
-
diff --git a/debian/copyright b/debian/copyright
index bb0313c..a87a863 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -1,47 +1,321 @@
-This package was debianized by Alberto Gonzalez Iniesta <agi@agi.as> on
-Tue, 2 Apr 2002 12:24:50 +0200.
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: OpenVPN
+Upstream-Contact: OpenVPN Solutions LLC <info@openvpn.net>
+Source: https://openvpn.net/
-It was downloaded from http://www.openvpn.net
+Files: *
+Copyright: 2002-2018 OpenVPN Inc <sales@openvpn.net>
+License: GPL-2 with OpenSSL exception
-Upstream Author: James Yonan <jim@yonan.net>
+Files: aclocal.m4
+ compile
+ config.guess
+ config.sub
+ configure
+ depcomp
+ ltmain.sh
+ missing
+ m4/libtool.m4
+ m4/ltversion.m4
+Copyright: 1994-2015 Free Software Foundation, Inc.
+License: GPL-2+
-Copyright: (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
+Files: */Makefile.*
+Copyright: 1994-2015 Free Software Foundation, Inc.
+ 2002-2018 OpenVPN Inc <sales@openvpn.net>
+ 2006-2012 Alon Bar-Lev <alon.barlev@gmail.com>
+License: GPL-2
- This package is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; version 2 dated June, 1991.
+Files: src/openvpn/crypto.*
+ src/openvpn/crypto_*.*
+ src/openvpn/pkcs11_*.*
+ src/openvpn/ssl*
+ src/openvpn/tls_*
+ src/openvpn/openssl_compat.h
+ tests/unit_tests/openvpn/*
+Copyright: 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
+License: GPL-2
- This package is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
+Files: build/ltrc.inc
+ build/msvc/msvc-generate/Makefile.mak
+Copyright: 2008-2012 Alon Bar-Lev <alon.barlev@gmail.com>
+License: GPL-2
- You should have received a copy of the GNU General Public License
- along with this package; if not, write to the Free Software
- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
- MA 02110-1301, USA.
+Files: build/msvc/msvc-generate/msvc-generate.js
+Copyright: 2008-2012 Alon Bar-Lev <alon.barlev@gmail.com>
+License: BSD-3
-On Debian GNU/Linux systems, the complete text of the GNU General
-Public License can be found in `/usr/share/common-licenses/GPL-2'.
+Files: sample/sample-plugins/log/log_v3.c
+ src/compat/compat-basename.c
+ src/compat/compat-daemon.c
+ src/compat/compat-dirname.c
+ src/compat/compat-inet_ntop.c
+ src/compat/compat-inet_pton.c
+ src/compat/compat.h
+ src/openvpn/console.c
+ src/openvpn/console.h
+ src/openvpn/console_builtin.c
+ src/openvpn/console_systemd.c
+ src/openvpn/console_systemd.c
+ src/openvpn/misc.c
+ src/openvpn/options.c
+ src/openvpn/ssl.c
+ src/plugins/down-root/down-root.c
+Copyright: 2010-2016 David Sommerseth <davids@redhat.com>
+License: GPL-2
- In addition, as a special exception, James Yonan gives
- permission to link the code of this program with the OpenSSL
- library (or with modified versions of OpenSSL that use the same
- license as OpenSSL), and distribute linked combinations including
- the two. You must obey the GNU General Public License in all
- respects for all of the code used other than OpenSSL. If you modify
- this file, you may extend this exception to your version of the
- file, but you are not obligated to do so. If you do not wish to
- do so, delete this exception statement from your version.
+Files: src/compat/compat-lz4.c
+ src/compat/compat-lz4.h
+Copyright: 2011-2016 Yann Collet
+License: BSD-2
-Markus F.X.J. Oberhumer <markus@oberhumer.com> made the following
-exception in LZO's license to make possible the use of LZO with OpenSSL
-in OpenVPN:
+Files: src/openvpn/base64.c
+ src/openvpn/base64.h
+Copyright: 1995 -2001 Kungliga Tekniska Högskolan
+License: BSD-3
- Hereby I grant a special exception to the OpenVPN project
- (http://openvpn.sourceforge.net) to link the LZO library with
- the OpenSSL library (http://www.openssl.org).
+Files: include/openvpn-msg.h
+ src/openvpnserv/common.c
+ src/openvpnserv/service.h
+ src/openvpnserv/interactive.c
+Copyright: 2011-2018 Heiko Hund <heiko.hund@sophos.com>
+License: GPL-2
- Markus F.X.J. Oberhumer
+Files: src/openvpn/block_dns.c
+Copyright: 2002-2018 OpenVPN Inc <sales@openvpn.net>
+ 2015-2016 <iam@valdikss.org.ru>
+ 2016 Selva Nair <selva.nair@gmail.com>
+License: GPL-2
+Files: src/openvpn/block_dns.h
+ src/openvpnserv/validate.h
+ src/openvpnserv/validate.c
+Copyright: 2016 Selva Nair <selva.nair@gmail.com>
+License: GPL-2
+Files: src/openvpn/comp-lz4.c
+ src/openvpn/comp-lz4.h
+Copyright: 2002-2018 OpenVPN Inc <sales@openvpn.net>
+ 2013-2018 Gert Doering <gert@greenie.muc.de>
+License: GPL-2
+
+Files: src/openvpn/cryptoapi.c
+Copyright: 2004 Peter 'Luna' Runestig <peter@runestig.com>
+License: BSD-3
+
+Files: src/openvpn/ntlm.c
+Copyright: 2004 William Preston
+License: GPL-2
+
+Files: src/openvpn/ssl_mbedtls.c
+Copyright: 2002-2018 OpenVPN Inc <sales@openvpn.net>
+ 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
+ 2006-2010 Brainspark B.V.
+License: GPL-2
+
+Files: src/openvpn/ssl_mbedtls.h
+Copyright: 2002-2018 OpenVPN Inc <sales@openvpn.net>
+ 2010-2018 Fox Crypto B.V. <openvpn@fox-it.com>
+License: GPL-2
+
+Files: src/openvpnserv/service.c
+Copyright: 1993-2000 Microsoft Corporation
+ 2013 Heiko Hund <heiko.hund@sophos.com>
+License: other
+
+Files: sample/sample-keys/gen-sample-keys.sh
+Copyright: 2014 Steffan Karger <steffan@karger.me>
+License: GPL-2
+
+Files: m4/pkg.m4
+Copyright: 2004 Scott James Remnant <scott@netsplit.com>.
+License: GPL-2+
+
+Files: install-sh
+Copyright: 1994 X Consortium
+License: MIT
+
+Files: tests/t_cltsrv.sh
+Copyright: 2005-2008 Matthias Andree
+License: GPL-2+
+
+Files: tests/t_lpback.sh
+Copyright: 2005 Matthias Andree
+ 2014 Steffan Karger
+License: GPL-2+
+
+Files: debian/*
+Copyright: 2002-2017 Alberto Gonzalez Iniesta <agi@inittab.org>
+ 2017-2018 Bernhard Schmidt <berni@debian.org>
+ 2017-2018 Jörg Frings-Fürst <debian@jff.email>
+License: GPL-3+
+
+License: BSD-2
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+ .
+ * Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ .
+ * Redistributions in binary form must reproduce the above
+ copyright notice, this list of conditions and the following disclaimer
+ in the documentation and/or other materials provided with the
+ distribution.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+License: BSD-3
+ All rights reserved.
+ .
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+ .
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright notice,
+ this list of conditions and the following disclaimer in the documentation
+ and/or other materials provided with the distribution.
+ .
+ 3. Neither the name of the copyright holder nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+
+License: GPL-2
+ This program is free software; you can redistribute it
+ and/or modify it under the terms of the GNU General Public
+ License as published by the Free Software Foundation version
+ 2 of the License.
+ .
+ This program is distributed in the hope that it will be
+ useful, but WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ PURPOSE. See the GNU General Public License for more
+ details.
+ .
+ You should have received a copy of the GNU General Public
+ License along with this package; if not, write to the Free
+ Software Foundation, Inc., 51 Franklin St, Fifth Floor,
+ Boston, MA 02110-1301 USA
+ .
+ On Debian systems, the full text of the GNU General Public
+ License version 2 can be found in the file
+ `/usr/share/common-licenses/GPL-2'.
+
+License: GPL-2 with OpenSSL exception
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 2 of the
+ License.
+ .
+ This program is distributed in the hope that it will be useful, but
+ is provided AS IS, WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, and
+ NON-INFRINGEMENT. See the GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ The complete text of the GNU General Public License
+ can be found in /usr/share/common-licenses/GPL-2 file.
+ .
+ In addition, as a special exception, the copyright holders give
+ permission to link the code of portions of this program with the
+ OpenSSL library under certain conditions as described in each
+ individual source file, and distribute linked combinations
+ including the two.
+ You must obey the GNU General Public License in all respects
+ for all of the code used other than OpenSSL. If you modify
+ file(s) with this exception, you may extend this exception to your
+ version of the file(s), but you are not obligated to do so. If you
+ do not wish to do so, delete this exception statement from your
+ version. If you delete this exception statement from all source
+ files in the program, then also delete it here.
+
+License: GPL-2+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 2 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ .
+ The complete text of the GNU General Public License
+ can be found in /usr/share/common-licenses/GPL-2 file.
+
+License: GPL-3+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
+
+License: MIT
+ All rights reserved. No part of this source code may be reproduced,
+ stored in a retrieval system, or transmitted, in any form or by any
+ means, electronic, mechanical, photocopying, recording or otherwise,
+ except as stated in the end-user licence agreement, without the prior
+ permission of the copyright owners.
+ .
+ Permission to use, copy, modify, and distribute this software and its
+ documentation for any purpose and without fee is hereby granted, provided
+ that the above copyright notice appear in all copies and that both that
+ copyright notice and this permission notice appear in supporting
+ documentation, and that the name of OSF, UI or X/Open not be used in
+ advertising or publicity pertaining to distribution of the software
+ without specific, written prior permission. OSF, UI and X/Open make
+ no representations about the suitability of this software for any purpose.
+ It is provided "as is" without express or implied warranty.
+ .
+ OSF, UI and X/Open DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ EVENT SHALL OSF, UI or X/Open BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ PERFORMANCE OF THIS SOFTWARE.
+
+License: other
+ THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
+ ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED
+ TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
+ PARTICULAR PURPOSE.
diff --git a/debian/gbp.conf b/debian/gbp.conf
new file mode 100644
index 0000000..cec628c
--- /dev/null
+++ b/debian/gbp.conf
@@ -0,0 +1,2 @@
+[DEFAULT]
+pristine-tar = True
diff --git a/debian/openvpn.lintian-overrides b/debian/openvpn.lintian-overrides
deleted file mode 100644
index 91ae65a..0000000
--- a/debian/openvpn.lintian-overrides
+++ /dev/null
@@ -1,4 +0,0 @@
-# ChangeLog and Changes.rst are not the same.
-# ChangeLog contains the source changes and Changes.rst describes
-# the program development.
-duplicate-changelog-files
diff --git a/debian/openvpn@.service b/debian/openvpn@.service
index 7f0134b..da7adc7 100644
--- a/debian/openvpn@.service
+++ b/debian/openvpn@.service
@@ -17,8 +17,8 @@ ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10
PIDFile=/run/openvpn/%i.pid
KillMode=process
ExecReload=/bin/kill -HUP $MAINPID
-CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE
-LimitNPROC=10
+CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
+LimitNPROC=100
DeviceAllow=/dev/null rw
DeviceAllow=/dev/net/tun rw
ProtectSystem=true
diff --git a/debian/patches/auth-pam_libpam_so_filename.patch b/debian/patches/auth-pam_libpam_so_filename.patch
index cfa9047..2e7e5c4 100644
--- a/debian/patches/auth-pam_libpam_so_filename.patch
+++ b/debian/patches/auth-pam_libpam_so_filename.patch
@@ -1,11 +1,11 @@
Description: Fix libpam.so filename to /lib/libpam.so.0 in pam plugin
Author: Alberto Gonzalez Iniesta <agi@inittab.org>
Bug-Debian: http://bugs.debian.org/306335
-Index: openvpn/src/plugins/auth-pam/auth-pam.c
+Index: trunk/src/plugins/auth-pam/auth-pam.c
===================================================================
---- openvpn.orig/src/plugins/auth-pam/auth-pam.c 2016-12-27 18:45:37.638198402 +0100
-+++ openvpn/src/plugins/auth-pam/auth-pam.c 2016-12-27 18:45:37.638198402 +0100
-@@ -698,7 +698,7 @@
+--- trunk.orig/src/plugins/auth-pam/auth-pam.c
++++ trunk/src/plugins/auth-pam/auth-pam.c
+@@ -716,7 +716,7 @@ pam_server(int fd, const char *service,
struct user_pass up;
int command;
#ifdef USE_PAM_DLOPEN
diff --git a/debian/patches/fix-pkcs11-helper-hang.patch b/debian/patches/fix-pkcs11-helper-hang.patch
new file mode 100644
index 0000000..41d9be1
--- /dev/null
+++ b/debian/patches/fix-pkcs11-helper-hang.patch
@@ -0,0 +1,13 @@
+Index: openvpn/src/openvpn/pkcs11.c
+===================================================================
+--- openvpn.orig/src/openvpn/pkcs11.c
++++ openvpn/src/openvpn/pkcs11.c
+@@ -312,7 +312,7 @@ pkcs11_initialize(
+
+ pkcs11h_setLogLevel(_pkcs11_msg_openvpn2pkcs11(get_debug_level()));
+
+- if ((rv = pkcs11h_setForkMode(TRUE)) != CKR_OK)
++ if ((rv = pkcs11h_setForkMode(FALSE)) != CKR_OK)
+ {
+ msg(M_FATAL, "PKCS#11: Cannot set fork mode %ld-'%s'", rv, pkcs11h_getMessage(rv));
+ goto cleanup;
diff --git a/debian/patches/kfreebsd_support.patch b/debian/patches/kfreebsd_support.patch
index 4445e0d..4e89f32 100644
--- a/debian/patches/kfreebsd_support.patch
+++ b/debian/patches/kfreebsd_support.patch
@@ -1,11 +1,9 @@
Description: Improve kFreeBSD support
Author: Gonéri Le Bouder <goneri@rulezlan.org>
Bug-Debian: http://bugs.debian.org/626062
-Index: openvpn/src/openvpn/route.c
-===================================================================
---- openvpn.orig/src/openvpn/route.c 2017-06-22 13:17:05.754630908 +0200
-+++ openvpn/src/openvpn/route.c 2017-06-22 13:17:05.750630880 +0200
-@@ -1689,7 +1689,7 @@
+--- a/src/openvpn/route.c
++++ b/src/openvpn/route.c
+@@ -1693,7 +1693,7 @@
argv_msg(D_ROUTE, &argv);
status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed");
@@ -14,7 +12,7 @@ Index: openvpn/src/openvpn/route.c
argv_printf(&argv, "%s add",
ROUTE_PATH);
-@@ -1875,7 +1875,7 @@
+@@ -1879,7 +1879,7 @@
network = print_in6_addr( r6->network, 0, &gc);
gateway = print_in6_addr( r6->gateway, 0, &gc);
@@ -23,7 +21,7 @@ Index: openvpn/src/openvpn/route.c
|| defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
|| defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
-@@ -2043,7 +2043,7 @@
+@@ -2047,7 +2047,7 @@
argv_msg(D_ROUTE, &argv);
status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed");
@@ -32,7 +30,7 @@ Index: openvpn/src/openvpn/route.c
argv_printf(&argv, "%s add -inet6 %s/%d",
ROUTE_PATH,
-@@ -2227,7 +2227,7 @@
+@@ -2239,7 +2239,7 @@
argv_msg(D_ROUTE, &argv);
openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed");
@@ -41,7 +39,7 @@ Index: openvpn/src/openvpn/route.c
argv_printf(&argv, "%s delete -net %s %s %s",
ROUTE_PATH,
-@@ -2334,7 +2334,7 @@
+@@ -2346,7 +2346,7 @@
network = print_in6_addr( r6->network, 0, &gc);
gateway = print_in6_addr( r6->gateway, 0, &gc);
@@ -50,7 +48,7 @@ Index: openvpn/src/openvpn/route.c
|| defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
|| defined(TARGET_OPENBSD) || defined(TARGET_NETBSD)
-@@ -2469,7 +2469,7 @@
+@@ -2481,7 +2481,7 @@
argv_msg(D_ROUTE, &argv);
openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed");
@@ -59,7 +57,7 @@ Index: openvpn/src/openvpn/route.c
argv_printf(&argv, "%s delete -inet6 %s/%d",
ROUTE_PATH,
-@@ -3514,7 +3514,8 @@
+@@ -3532,7 +3532,8 @@
#elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \
|| defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
@@ -69,20 +67,18 @@ Index: openvpn/src/openvpn/route.c
#include <sys/types.h>
#include <sys/socket.h>
-Index: openvpn/src/openvpn/tun.c
-===================================================================
---- openvpn.orig/src/openvpn/tun.c 2017-06-22 13:17:05.754630908 +0200
-+++ openvpn/src/openvpn/tun.c 2017-06-22 13:17:05.750630880 +0200
-@@ -843,7 +843,7 @@
+--- a/src/openvpn/tun.c
++++ b/src/openvpn/tun.c
+@@ -845,7 +845,7 @@
#endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */
#if defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \
-- || defined(TARGET_OPENBSD)
-+ || defined(TARGET_OPENBSD) || defined(__FreeBSD_kernel__)
+- || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD)
++ || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) || defined(__FreeBSD_kernel__)
/* we can't use true subnet mode on tun on all platforms, as that
* conflicts with IPv6 (wants to use ND then, which we don't do),
* but the OSes want "a remote address that is different from ours"
-@@ -1412,7 +1412,7 @@
+@@ -1429,7 +1429,7 @@
add_route_connected_v6_net(tt, es);
}
@@ -91,7 +87,7 @@ Index: openvpn/src/openvpn/tun.c
in_addr_t remote_end; /* for "virtual" subnet topology */
-@@ -2770,7 +2770,7 @@
+@@ -2785,7 +2785,7 @@
}
}
@@ -100,10 +96,8 @@ Index: openvpn/src/openvpn/tun.c
static inline int
freebsd_modify_read_write_return(int len)
-Index: openvpn/src/openvpn/lladdr.c
-===================================================================
---- openvpn.orig/src/openvpn/lladdr.c 2017-06-22 13:17:05.754630908 +0200
-+++ openvpn/src/openvpn/lladdr.c 2017-06-22 13:17:05.750630880 +0200
+--- a/src/openvpn/lladdr.c
++++ b/src/openvpn/lladdr.c
@@ -50,7 +50,7 @@
"%s %s lladdr %s",
IFCONFIG_PATH,
@@ -113,10 +107,8 @@ Index: openvpn/src/openvpn/lladdr.c
argv_printf(&argv,
"%s %s ether %s",
IFCONFIG_PATH,
-Index: openvpn/src/openvpn/syshead.h
-===================================================================
---- openvpn.orig/src/openvpn/syshead.h 2017-06-22 13:17:05.754630908 +0200
-+++ openvpn/src/openvpn/syshead.h 2017-06-22 13:17:05.750630880 +0200
+--- a/src/openvpn/syshead.h
++++ b/src/openvpn/syshead.h
@@ -297,7 +297,7 @@
#endif /* TARGET_OPENBSD */
@@ -126,11 +118,9 @@ Index: openvpn/src/openvpn/syshead.h
#ifdef HAVE_SYS_UIO_H
#include <sys/uio.h>
-Index: openvpn/src/openvpn/ssl.c
-===================================================================
---- openvpn.orig/src/openvpn/ssl.c 2017-06-22 13:17:05.754630908 +0200
-+++ openvpn/src/openvpn/ssl.c 2017-06-22 13:17:05.750630880 +0200
-@@ -2269,7 +2269,7 @@
+--- a/src/openvpn/ssl.c
++++ b/src/openvpn/ssl.c
+@@ -2270,7 +2270,7 @@
buf_printf(&out, "IV_PLAT=mac\n");
#elif defined(TARGET_NETBSD)
buf_printf(&out, "IV_PLAT=netbsd\n");
diff --git a/debian/patches/openvpn-pkcs11warn.patch b/debian/patches/openvpn-pkcs11warn.patch
index 1fabddd..71b2ac8 100644
--- a/debian/patches/openvpn-pkcs11warn.patch
+++ b/debian/patches/openvpn-pkcs11warn.patch
@@ -1,11 +1,11 @@
Description: Warn users about deprecated pkcs11 options
Author: Florian Kulzer <florian.kulzer+debian@icfo.es>
Bug-Debian: http://bugs.debian.org/475353
-Index: openvpn/src/openvpn/options.c
+Index: trunk/src/openvpn/options.c
===================================================================
---- openvpn.orig/src/openvpn/options.c 2017-06-22 13:16:58.862582114 +0200
-+++ openvpn/src/openvpn/options.c 2017-06-22 13:16:58.862582114 +0200
-@@ -6818,6 +6818,20 @@
+--- trunk.orig/src/openvpn/options.c
++++ trunk/src/openvpn/options.c
+@@ -6861,6 +6861,20 @@ add_option(struct options *options,
options->port_share_port = p[2];
options->port_share_journal_dir = p[3];
}
diff --git a/debian/patches/series b/debian/patches/series
index 156ff6f..8b19c3d 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,6 @@ debian_nogroup_for_sample_files.patch
openvpn-pkcs11warn.patch
kfreebsd_support.patch
match-manpage-and-command-help.patch
+spelling_errors.patch
+systemd.patch
+fix-pkcs11-helper-hang.patch
diff --git a/debian/patches/spelling_errors.patch b/debian/patches/spelling_errors.patch
new file mode 100644
index 0000000..cac36d3
--- /dev/null
+++ b/debian/patches/spelling_errors.patch
@@ -0,0 +1,53 @@
+Description: correct tspelling errors
+Author: Jörg Frings-Fürst <debian@jff.email>
+Last-Update: 2018-07-29
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/src/openvpn/buffer.c
+===================================================================
+--- trunk.orig/src/openvpn/buffer.c
++++ trunk/src/openvpn/buffer.c
+@@ -44,7 +44,7 @@ array_mult_safe(const size_t m1, const s
+ unsigned long long res = (unsigned long long)m1 * (unsigned long long)m2 + (unsigned long long)extra;
+ if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(extra > limit) || unlikely(res > (unsigned long long)limit))
+ {
+- msg(M_FATAL, "attemped allocation of excessively large array");
++ msg(M_FATAL, "attempted allocation of excessively large array");
+ }
+ return (size_t) res;
+ }
+Index: trunk/src/openvpn/options.c
+===================================================================
+--- trunk.orig/src/openvpn/options.c
++++ trunk/src/openvpn/options.c
+@@ -448,7 +448,7 @@ static const char usage_message[] =
+ " user/pass via environment, if method='via-file', pass\n"
+ " user/pass via temporary file.\n"
+ "--auth-gen-token [lifetime] Generate a random authentication token which is pushed\n"
+- " to each client, replacing the password. Usefull when\n"
++ " to each client, replacing the password. Useful when\n"
+ " OTP based two-factor auth mechanisms are in use and\n"
+ " --reneg-* options are enabled. Optionally a lifetime in seconds\n"
+ " for generated tokens can be set.\n"
+Index: trunk/doc/openvpn.8
+===================================================================
+--- trunk.orig/doc/openvpn.8
++++ trunk/doc/openvpn.8
+@@ -2181,7 +2181,7 @@ that
+ is parsed on the command line even though
+ the daemonization point occurs later. If one of the
+ .B \-\-log
+-options is present, it will supercede syslog
++options is present, it will supersede syslog
+ redirection.
+
+ The optional
+@@ -2292,7 +2292,7 @@ If
+ already exists it will be truncated.
+ This option takes effect
+ immediately when it is parsed in the command line
+-and will supercede syslog output if
++and will supersede syslog output if
+ .B \-\-daemon
+ or
+ .B \-\-inetd
diff --git a/debian/patches/systemd.patch b/debian/patches/systemd.patch
new file mode 100644
index 0000000..ccbecfd
--- /dev/null
+++ b/debian/patches/systemd.patch
@@ -0,0 +1,29 @@
+Description: remove syslog.target
+Author: Jörg Frings-Fürst <debian@jff.email>
+Last-Update: 2018-07-29
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: trunk/distro/systemd/openvpn-client@.service.in
+===================================================================
+--- trunk.orig/distro/systemd/openvpn-client@.service.in
++++ trunk/distro/systemd/openvpn-client@.service.in
+@@ -1,6 +1,6 @@
+ [Unit]
+ Description=OpenVPN tunnel for %I
+-After=syslog.target network-online.target
++After=network-online.target
+ Wants=network-online.target
+ Documentation=man:openvpn(8)
+ Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
+Index: trunk/distro/systemd/openvpn-server@.service.in
+===================================================================
+--- trunk.orig/distro/systemd/openvpn-server@.service.in
++++ trunk/distro/systemd/openvpn-server@.service.in
+@@ -1,6 +1,6 @@
+ [Unit]
+ Description=OpenVPN service for %I
+-After=syslog.target network-online.target
++After=network-online.target
+ Wants=network-online.target
+ Documentation=man:openvpn(8)
+ Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
diff --git a/debian/rules b/debian/rules
index 603d9a0..7bec9d2 100755
--- a/debian/rules
+++ b/debian/rules
@@ -3,7 +3,7 @@
ifeq ($(DEB_HOST_ARCH_OS), kfreebsd)
# Avoid the /sbin/route wrapper which doesn't provide FreeBSD CLI as expected
ENV_VARS := IFCONFIG=/sbin/ifconfig ROUTE=/lib/freebsd/route
-EXTRA_ARGS :=
+EXTRA_ARGS :=
else
ENV_VARS := SYSTEMD_ASK_PASSWORD=/bin/systemd-ask-password IFCONFIG=/sbin/ifconfig ROUTE=/sbin/route IPROUTE=/sbin/ip SYSTEMD_UNIT_DIR=/lib/systemd/system TMPFILES_DIR=/usr/lib/tmpfiles.d
EXTRA_ARGS := --enable-systemd --enable-iproute2
@@ -52,7 +52,7 @@ override_dh_auto_install:
install -m 755 debian/openvpn.if-up.d $(CURDIR)/debian/openvpn/etc/network/if-up.d/openvpn
install -m 755 debian/openvpn.if-down.d $(CURDIR)/debian/openvpn/etc/network/if-down.d/openvpn
# remove unwanted plugin files
- rm -f $(CURDIR)/debian/openvpn/usr/lib/$(DEB_HOST_GNU_TYPE)/openvpn/plugins/*.la
+ $(RM) $(CURDIR)/debian/openvpn/usr/lib/$(DEB_HOST_GNU_TYPE)/openvpn/plugins/*.la
# resolvconf script
install -m 755 debian/update-resolv-conf $(CURDIR)/debian/openvpn/etc/openvpn/update-resolv-conf
# bash completion
@@ -61,14 +61,15 @@ override_dh_auto_install:
ifeq ($(DEB_HOST_ARCH_OS), linux)
cat debian/openvpn.conf >> $(CURDIR)/debian/openvpn/usr/lib/tmpfiles.d/openvpn.conf
endif
+ $(RM) $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/COPYING
override_dh_installexamples:
dh_installexamples
## remove windoze stuff
- rm -rf $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/easy-rsa/Windows
- rm -rf $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/sample
+ $(RM) -r $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/easy-rsa/Windows
+ $(RM) -r $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/sample
# remove gitignore file from samples
- rm -f $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/sample-keys/.gitignore
+ $(RM) $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/sample-keys/.gitignore
override_dh_installinit:
dh_installinit --no-start -- defaults 16 80
@@ -76,6 +77,5 @@ override_dh_installinit:
override_dh_compress:
dh_compress --exclude=.cnf --exclude=pkitool
-override_dh_systemd_start:
- dh_systemd_start --restart-after-upgrade
-
+override_dh_installsystemd:
+ dh_installsystemd --restart-after-upgrade
diff --git a/debian/update-resolv-conf b/debian/update-resolv-conf
index fc2f031..61b15d9 100644
--- a/debian/update-resolv-conf
+++ b/debian/update-resolv-conf
@@ -15,7 +15,11 @@
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
#
-[ -x /sbin/resolvconf ] || exit 0
+if [ ! -x /sbin/resolvconf ] ; then
+ logger "[OpenVPN:update-resolve-conf] missing binary /sbin/resolvconf";
+ exit 0;
+fi
+
[ "$script_type" ] || exit 0
[ "$dev" ] || exit 0
@@ -30,7 +34,8 @@ case "$script_type" in
up)
NMSRVRS=""
SRCHS=""
- for optionvarname in ${!foreign_option_*} ; do
+ foreign_options=$(printf '%s\n' ${!foreign_option_*} | sort -t _ -k 3 -g)
+ for optionvarname in ${foreign_options} ; do
option="${!optionvarname}"
echo "$option"
split_into_parts $option
diff --git a/debian/watch b/debian/watch
index bffdf20..cda3cd9 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,3 +1,3 @@
-version=3
-http://openvpn.net/index.php/open-source/downloads.html \
+version=4
+https://openvpn.net/index.php/open-source/downloads.html \
(?:|.*/)openvpn(?:[_\-]v?|)(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz)