summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorBernhard Schmidt <berni@debian.org>2020-09-01 16:52:17 +0200
committerBernhard Schmidt <berni@debian.org>2020-09-01 16:52:17 +0200
commit9fc3b98112217f2d92a67977dbde0987cc7a1803 (patch)
tree29fcc8654ee65d9dd89ade797bea2f3d9dfd9cfd /debian
parenta8758c0e03eed188dcb9da0e4fd781a67c25bf1e (diff)
parent69b02b1f7fd609d84ace13ab04697158de2418a9 (diff)
Merge branch 'debian/experimental-2.5'
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog22
-rw-r--r--debian/control7
-rw-r--r--debian/gbp.conf3
-rw-r--r--debian/patches/auth-pam_libpam_so_filename.patch2
-rw-r--r--debian/patches/debian_nogroup_for_sample_files.patch26
-rw-r--r--debian/patches/fix-openssl-error.patch51
-rw-r--r--debian/patches/series4
-rw-r--r--debian/patches/spelling_errors.patch53
-rwxr-xr-xdebian/rules2
9 files changed, 34 insertions, 136 deletions
diff --git a/debian/changelog b/debian/changelog
index ca70c2b..2f7724f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,25 @@
+openvpn (2.5~beta1-3) experimental; urgency=medium
+
+ * Disable iproute2 support in favour of the new netlink based default.
+ Thanks to Fabio Pedretti
+
+ -- Bernhard Schmidt <berni@debian.org> Sun, 16 Aug 2020 14:04:11 +0200
+
+openvpn (2.5~beta1-2) experimental; urgency=medium
+
+ * Set Build-Conflicts: systemctl, see Bug#959828
+
+ -- Bernhard Schmidt <berni@debian.org> Sun, 16 Aug 2020 10:33:47 +0200
+
+openvpn (2.5~beta1-1) experimental; urgency=medium
+
+ * d/gbp.conf for experimental 2.5 branch
+ * New upstream version 2.5~beta1
+ * Adjust patches for new major upstream version
+ * Add python3-docutils to build-depends for manpage generation
+
+ -- Bernhard Schmidt <berni@debian.org> Sat, 15 Aug 2020 21:32:49 +0200
+
openvpn (2.4.9-3) unstable; urgency=medium
[ Jörg Frings-Fürst ]
diff --git a/debian/control b/debian/control
index 43f6a50..3526094 100644
--- a/debian/control
+++ b/debian/control
@@ -6,7 +6,7 @@ Uploaders: Jörg Frings-Fürst <debian@jff.email>
Build-Depends:
debhelper-compat (= 13),
dpkg-dev (>= 1.16.1),
- iproute2 [linux-any],
+# iproute2 [linux-any],
liblz4-dev,
liblzo2-dev,
libp11-kit-dev,
@@ -16,7 +16,12 @@ Build-Depends:
libsystemd-dev [linux-any],
net-tools [!linux-any],
pkg-config,
+ python3-docutils,
systemd [linux-any]
+# systemctl from src:docker-systemctl-replacement declaring Provides: systemd
+# only necessary for experimental with the apscud resolver
+# See Bug#959828
+Build-Conflicts: systemctl
Standards-Version: 4.5.0
Rules-Requires-Root: no
Homepage: https://openvpn.net/
diff --git a/debian/gbp.conf b/debian/gbp.conf
index cec628c..1526270 100644
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@@ -1,2 +1,5 @@
[DEFAULT]
pristine-tar = True
+
+debian-branch = debian/experimental-2.5
+upstream-branch = upstream-2.5
diff --git a/debian/patches/auth-pam_libpam_so_filename.patch b/debian/patches/auth-pam_libpam_so_filename.patch
index 2e7e5c4..336ccd4 100644
--- a/debian/patches/auth-pam_libpam_so_filename.patch
+++ b/debian/patches/auth-pam_libpam_so_filename.patch
@@ -6,7 +6,7 @@ Index: trunk/src/plugins/auth-pam/auth-pam.c
--- trunk.orig/src/plugins/auth-pam/auth-pam.c
+++ trunk/src/plugins/auth-pam/auth-pam.c
@@ -716,7 +716,7 @@ pam_server(int fd, const char *service,
- struct user_pass up;
+ char ac_file_name[PATH_MAX];
int command;
#ifdef USE_PAM_DLOPEN
- static const char pam_so[] = "libpam.so";
diff --git a/debian/patches/debian_nogroup_for_sample_files.patch b/debian/patches/debian_nogroup_for_sample_files.patch
index f7dcaaa..3660453 100644
--- a/debian/patches/debian_nogroup_for_sample_files.patch
+++ b/debian/patches/debian_nogroup_for_sample_files.patch
@@ -27,32 +27,6 @@ Index: openvpn/sample/sample-config-files/tls-home.conf
# If you built OpenVPN with
# LZO compression, uncomment
-Index: openvpn/sample/sample-config-files/static-home.conf
-===================================================================
---- openvpn.orig/sample/sample-config-files/static-home.conf 2016-11-21 09:53:43.608863207 +0100
-+++ openvpn/sample/sample-config-files/static-home.conf 2016-11-21 09:53:43.608863207 +0100
-@@ -43,7 +43,7 @@
- # "nobody" after initialization
- # for extra security.
- ; user nobody
--; group nobody
-+; group nogroup
-
- # If you built OpenVPN with
- # LZO compression, uncomment
-Index: openvpn/sample/sample-config-files/static-office.conf
-===================================================================
---- openvpn.orig/sample/sample-config-files/static-office.conf 2016-11-21 09:53:43.608863207 +0100
-+++ openvpn/sample/sample-config-files/static-office.conf 2016-11-21 09:53:43.608863207 +0100
-@@ -40,7 +40,7 @@
- # "nobody" after initialization
- # for extra security.
- ; user nobody
--; group nobody
-+; group nogroup
-
- # If you built OpenVPN with
- # LZO compression, uncomment
Index: openvpn/sample/sample-config-files/client.conf
===================================================================
--- openvpn.orig/sample/sample-config-files/client.conf 2016-11-21 09:53:43.608863207 +0100
diff --git a/debian/patches/fix-openssl-error.patch b/debian/patches/fix-openssl-error.patch
deleted file mode 100644
index 566d7e6..0000000
--- a/debian/patches/fix-openssl-error.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-In the corner case that the global OpenSSL has an invalid command like
-
- MinProtocol = TLSv1.0
-
-(Due to OpenSSL's idiosyncrasies MinProtocol = TLSv1 would be correct)
-
-the SSL_ctx_new function leaves the errors for parsing the config file
-on the stack.
-
-OpenSSL: error:14187180:SSL routines:ssl_do_config:bad value
-
-Since the later functions, especially the one of loading the
-certificates expected a clean error this error got reported at the
-wrong place.
-
-Print the warnings with crypto_msg when we detect that we are in this
-situation (this also clears the stack).
----
- src/openvpn/ssl_openssl.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
-index 5955c6bd..555cbbdf 100644
---- a/src/openvpn/ssl_openssl.c
-+++ b/src/openvpn/ssl_openssl.c
-@@ -115,6 +115,11 @@ tls_ctx_server_new(struct tls_root_ctx *ctx)
- {
- crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
- }
-+ if (ERR_peek_error() != 0)
-+ {
-+ crypto_msg(M_WARN, "Warning: TLS server context initialisation "
-+ "has warnings.");
-+ }
- }
-
- void
-@@ -128,6 +133,11 @@ tls_ctx_client_new(struct tls_root_ctx *ctx)
- {
- crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
- }
-+ if (ERR_peek_error() != 0)
-+ {
-+ crypto_msg(M_WARN, "Warning: TLS client context initialisation "
-+ "has warnings.");
-+ }
- }
-
- void
---
-2.26.0
diff --git a/debian/patches/series b/debian/patches/series
index 6ef394c..55bae8e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,8 +2,6 @@ move_log_dir.patch
auth-pam_libpam_so_filename.patch
debian_nogroup_for_sample_files.patch
openvpn-pkcs11warn.patch
-kfreebsd_support.patch
+#kfreebsd_support.patch
match-manpage-and-command-help.patch
-spelling_errors.patch
systemd.patch
-fix-openssl-error.patch
diff --git a/debian/patches/spelling_errors.patch b/debian/patches/spelling_errors.patch
deleted file mode 100644
index cac36d3..0000000
--- a/debian/patches/spelling_errors.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Description: correct tspelling errors
-Author: Jörg Frings-Fürst <debian@jff.email>
-Last-Update: 2018-07-29
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: trunk/src/openvpn/buffer.c
-===================================================================
---- trunk.orig/src/openvpn/buffer.c
-+++ trunk/src/openvpn/buffer.c
-@@ -44,7 +44,7 @@ array_mult_safe(const size_t m1, const s
- unsigned long long res = (unsigned long long)m1 * (unsigned long long)m2 + (unsigned long long)extra;
- if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(extra > limit) || unlikely(res > (unsigned long long)limit))
- {
-- msg(M_FATAL, "attemped allocation of excessively large array");
-+ msg(M_FATAL, "attempted allocation of excessively large array");
- }
- return (size_t) res;
- }
-Index: trunk/src/openvpn/options.c
-===================================================================
---- trunk.orig/src/openvpn/options.c
-+++ trunk/src/openvpn/options.c
-@@ -448,7 +448,7 @@ static const char usage_message[] =
- " user/pass via environment, if method='via-file', pass\n"
- " user/pass via temporary file.\n"
- "--auth-gen-token [lifetime] Generate a random authentication token which is pushed\n"
-- " to each client, replacing the password. Usefull when\n"
-+ " to each client, replacing the password. Useful when\n"
- " OTP based two-factor auth mechanisms are in use and\n"
- " --reneg-* options are enabled. Optionally a lifetime in seconds\n"
- " for generated tokens can be set.\n"
-Index: trunk/doc/openvpn.8
-===================================================================
---- trunk.orig/doc/openvpn.8
-+++ trunk/doc/openvpn.8
-@@ -2181,7 +2181,7 @@ that
- is parsed on the command line even though
- the daemonization point occurs later. If one of the
- .B \-\-log
--options is present, it will supercede syslog
-+options is present, it will supersede syslog
- redirection.
-
- The optional
-@@ -2292,7 +2292,7 @@ If
- already exists it will be truncated.
- This option takes effect
- immediately when it is parsed in the command line
--and will supercede syslog output if
-+and will supersede syslog output if
- .B \-\-daemon
- or
- .B \-\-inetd
diff --git a/debian/rules b/debian/rules
index f7c3377..a49ff29 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,7 +6,7 @@ ENV_VARS := IFCONFIG=/sbin/ifconfig ROUTE=/lib/freebsd/route
EXTRA_ARGS :=
else
ENV_VARS := SYSTEMD_ASK_PASSWORD=/bin/systemd-ask-password IFCONFIG=/sbin/ifconfig ROUTE=/sbin/route IPROUTE=/sbin/ip SYSTEMD_UNIT_DIR=/lib/systemd/system TMPFILES_DIR=/usr/lib/tmpfiles.d
-EXTRA_ARGS := --enable-systemd --enable-iproute2
+EXTRA_ARGS := --enable-systemd
endif
#export DH_VERBOSE=1