diff options
-rw-r--r-- | debian/changelog | 3 | ||||
-rw-r--r-- | debian/patches/close_socket_before_scripts.patch | 8 | ||||
-rw-r--r-- | debian/patches/debian_nogroup_for_sample_files.patch | 26 | ||||
-rw-r--r-- | debian/patches/kfreebsd_support.patch | 10 | ||||
-rw-r--r-- | debian/patches/manpage_fixes.patch | 98 | ||||
-rw-r--r-- | debian/patches/openvpn-pkcs11warn.patch | 6 | ||||
-rw-r--r-- | debian/patches/route_default_nil.patch | 6 | ||||
-rw-r--r-- | debian/patches/series | 2 |
8 files changed, 35 insertions, 124 deletions
diff --git a/debian/changelog b/debian/changelog index 2b8cac8..b6afdf2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,9 @@ openvpn (2.3.7-1) unstable; urgency=medium * Add --no-block to if-up.d script to avoid hanging boot on interfaces with openvpn instances. (Closes: #787090, #785200) * Add ProtectSystem=yes to systemd's service file. (Closes: #771626) + * Removed upstream applied patches: + - 0001-Drop-too-short-control-channel-packets-instead-of-as.patch + - update_sample_certs.patch -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 01 Jul 2015 13:19:26 +0200 diff --git a/debian/patches/close_socket_before_scripts.patch b/debian/patches/close_socket_before_scripts.patch index 8d84462..fa51dce 100644 --- a/debian/patches/close_socket_before_scripts.patch +++ b/debian/patches/close_socket_before_scripts.patch @@ -6,9 +6,9 @@ Bug-Debian: http://bugs.debian.org/367716 Index: openvpn/src/openvpn/socket.c =================================================================== ---- openvpn.orig/src/openvpn/socket.c 2014-10-30 11:30:47.118658137 +0100 -+++ openvpn/src/openvpn/socket.c 2014-10-30 11:30:47.114658136 +0100 -@@ -1492,6 +1492,10 @@ +--- openvpn.orig/src/openvpn/socket.c 2015-07-01 14:10:06.116131868 +0200 ++++ openvpn/src/openvpn/socket.c 2015-07-01 14:10:06.112131911 +0200 +@@ -1494,6 +1494,10 @@ resolve_bind_local (sock); resolve_remote (sock, 1, NULL, NULL); } @@ -19,7 +19,7 @@ Index: openvpn/src/openvpn/socket.c } /* finalize socket initialization */ -@@ -1722,10 +1726,6 @@ +@@ -1724,10 +1728,6 @@ /* set socket to non-blocking mode */ set_nonblock (sock->sd); diff --git a/debian/patches/debian_nogroup_for_sample_files.patch b/debian/patches/debian_nogroup_for_sample_files.patch index 920c77d..2f1fe3d 100644 --- a/debian/patches/debian_nogroup_for_sample_files.patch +++ b/debian/patches/debian_nogroup_for_sample_files.patch @@ -3,9 +3,9 @@ Author: Alberto Gonzalez Iniesta <agi@inittab.org> Bug-Debian: http://bugs.debian.org/317987 Index: openvpn/sample/sample-config-files/server.conf =================================================================== ---- openvpn.orig/sample/sample-config-files/server.conf 2014-10-30 11:30:56.118658434 +0100 -+++ openvpn/sample/sample-config-files/server.conf 2014-10-30 11:30:56.114658434 +0100 -@@ -267,7 +267,7 @@ +--- openvpn.orig/sample/sample-config-files/server.conf 2015-07-01 14:10:18.547999233 +0200 ++++ openvpn/sample/sample-config-files/server.conf 2015-07-01 14:10:18.543999276 +0200 +@@ -265,7 +265,7 @@ # You can uncomment this out on # non-Windows systems. ;user nobody @@ -16,8 +16,8 @@ Index: openvpn/sample/sample-config-files/server.conf # accessing certain resources on restart Index: openvpn/sample/sample-config-files/tls-home.conf =================================================================== ---- openvpn.orig/sample/sample-config-files/tls-home.conf 2014-10-30 11:30:56.118658434 +0100 -+++ openvpn/sample/sample-config-files/tls-home.conf 2014-10-30 11:30:56.114658434 +0100 +--- openvpn.orig/sample/sample-config-files/tls-home.conf 2015-07-01 14:10:18.547999233 +0200 ++++ openvpn/sample/sample-config-files/tls-home.conf 2015-07-01 14:10:18.543999276 +0200 @@ -51,7 +51,7 @@ # "nobody" after initialization # for extra security. @@ -29,8 +29,8 @@ Index: openvpn/sample/sample-config-files/tls-home.conf # LZO compression, uncomment Index: openvpn/sample/sample-config-files/static-home.conf =================================================================== ---- openvpn.orig/sample/sample-config-files/static-home.conf 2014-10-30 11:30:56.118658434 +0100 -+++ openvpn/sample/sample-config-files/static-home.conf 2014-10-30 11:30:56.114658434 +0100 +--- openvpn.orig/sample/sample-config-files/static-home.conf 2015-07-01 14:10:18.547999233 +0200 ++++ openvpn/sample/sample-config-files/static-home.conf 2015-07-01 14:10:18.543999276 +0200 @@ -40,7 +40,7 @@ # "nobody" after initialization # for extra security. @@ -42,8 +42,8 @@ Index: openvpn/sample/sample-config-files/static-home.conf # LZO compression, uncomment Index: openvpn/sample/sample-config-files/static-office.conf =================================================================== ---- openvpn.orig/sample/sample-config-files/static-office.conf 2014-10-30 11:30:56.118658434 +0100 -+++ openvpn/sample/sample-config-files/static-office.conf 2014-10-30 11:30:56.114658434 +0100 +--- openvpn.orig/sample/sample-config-files/static-office.conf 2015-07-01 14:10:18.547999233 +0200 ++++ openvpn/sample/sample-config-files/static-office.conf 2015-07-01 14:10:18.543999276 +0200 @@ -37,7 +37,7 @@ # "nobody" after initialization # for extra security. @@ -55,8 +55,8 @@ Index: openvpn/sample/sample-config-files/static-office.conf # LZO compression, uncomment Index: openvpn/sample/sample-config-files/client.conf =================================================================== ---- openvpn.orig/sample/sample-config-files/client.conf 2014-10-30 11:30:56.118658434 +0100 -+++ openvpn/sample/sample-config-files/client.conf 2014-10-30 11:30:56.114658434 +0100 +--- openvpn.orig/sample/sample-config-files/client.conf 2015-07-01 14:10:18.547999233 +0200 ++++ openvpn/sample/sample-config-files/client.conf 2015-07-01 14:10:18.543999276 +0200 @@ -59,7 +59,7 @@ # Downgrade privileges after initialization (non-Windows only) @@ -68,8 +68,8 @@ Index: openvpn/sample/sample-config-files/client.conf persist-key Index: openvpn/sample/sample-config-files/tls-office.conf =================================================================== ---- openvpn.orig/sample/sample-config-files/tls-office.conf 2014-10-30 11:30:56.118658434 +0100 -+++ openvpn/sample/sample-config-files/tls-office.conf 2014-10-30 11:30:56.114658434 +0100 +--- openvpn.orig/sample/sample-config-files/tls-office.conf 2015-07-01 14:10:18.547999233 +0200 ++++ openvpn/sample/sample-config-files/tls-office.conf 2015-07-01 14:10:18.543999276 +0200 @@ -51,7 +51,7 @@ # "nobody" after initialization # for extra security. diff --git a/debian/patches/kfreebsd_support.patch b/debian/patches/kfreebsd_support.patch index 94c6727..523eb43 100644 --- a/debian/patches/kfreebsd_support.patch +++ b/debian/patches/kfreebsd_support.patch @@ -3,8 +3,8 @@ Author: Gonéri Le Bouder <goneri@rulezlan.org> Bug-Debian: http://bugs.debian.org/626062 Index: openvpn/src/openvpn/route.c =================================================================== ---- openvpn.orig/src/openvpn/route.c 2014-10-30 11:31:13.226659001 +0100 -+++ openvpn/src/openvpn/route.c 2014-10-30 11:31:13.222659000 +0100 +--- openvpn.orig/src/openvpn/route.c 2015-07-01 14:10:36.563807017 +0200 ++++ openvpn/src/openvpn/route.c 2015-07-01 14:10:36.559807060 +0200 @@ -1419,7 +1419,7 @@ argv_msg (D_ROUTE, &argv); status = openvpn_execve_check (&argv, es, 0, "ERROR: Solaris route add command failed"); @@ -16,9 +16,9 @@ Index: openvpn/src/openvpn/route.c ROUTE_PATH); Index: openvpn/src/openvpn/tun.c =================================================================== ---- openvpn.orig/src/openvpn/tun.c 2014-10-30 11:31:13.226659001 +0100 -+++ openvpn/src/openvpn/tun.c 2014-10-30 11:31:13.226659001 +0100 -@@ -1095,7 +1095,7 @@ +--- openvpn.orig/src/openvpn/tun.c 2015-07-01 14:10:36.563807017 +0200 ++++ openvpn/src/openvpn/tun.c 2015-07-01 14:10:36.559807060 +0200 +@@ -1122,7 +1122,7 @@ add_route_connected_v6_net(tt, es); } diff --git a/debian/patches/manpage_fixes.patch b/debian/patches/manpage_fixes.patch index d3d2393..eb10655 100644 --- a/debian/patches/manpage_fixes.patch +++ b/debian/patches/manpage_fixes.patch @@ -2,8 +2,8 @@ Description: Man page fixes Author: Alberto Gonzalez Iniesta <agi@inittab.org> Index: openvpn/doc/openvpn.8 =================================================================== ---- openvpn.orig/doc/openvpn.8 2014-10-30 11:31:18.398659172 +0100 -+++ openvpn/doc/openvpn.8 2014-10-30 11:31:18.394659172 +0100 +--- openvpn.orig/doc/openvpn.8 2015-07-01 14:11:08.987461064 +0200 ++++ openvpn/doc/openvpn.8 2015-07-01 14:11:08.983461107 +0200 @@ -21,13 +21,13 @@ .\" 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA .\" @@ -20,16 +20,7 @@ Index: openvpn/doc/openvpn.8 .\" .nf -- no formatting .\" .fi -- resume formatting .\" .ft 3 -- boldface -@@ -2573,7 +2573,7 @@ - .B \-\-management-signal - Send SIGUSR1 signal to OpenVPN if management session disconnects. - This is useful when you wish to disconnect an OpenVPN session on --user logoff. For --management-client this option is not needed since -+user logoff. For \-\-management-client this option is not needed since - a disconnect will always generate a SIGTERM. - .\"********************************************************* - .TP -@@ -3952,7 +3952,7 @@ +@@ -3991,7 +3991,7 @@ This option is only relevant in UDP mode, i.e. when either .B \-\-proto udp @@ -38,16 +29,7 @@ Index: openvpn/doc/openvpn.8 .B \-\-proto option is specified. -@@ -5122,7 +5122,7 @@ - - This option have changed behaviour in OpenVPN 2.3. Earlier you had to - define --.B --win-sys env -+.B \-\-win-sys env - to use the SystemRoot environment variable, otherwise it defaulted to C:\\WINDOWS. - It is not needed to use the - .B env -@@ -5165,7 +5165,7 @@ +@@ -5266,7 +5266,7 @@ .B \-\-dev tun mode, OpenVPN will cause the DHCP server to masquerade as if it were coming from the remote endpoint. The optional offset parameter is @@ -56,75 +38,3 @@ Index: openvpn/doc/openvpn.8 If offset is positive, the DHCP server will masquerade as the IP address at network address + offset. If offset is negative, the DHCP server will masquerade as the IP -@@ -5461,26 +5461,26 @@ - .B \-\-topology - , which has no effect on IPv6). - .TP --.B --ifconfig-ipv6 ipv6addr/bits ipv6remote -+.B \-\-ifconfig-ipv6 ipv6addr/bits ipv6remote - configure IPv6 address - .B ipv6addr/bits - on the ``tun'' device. The second parameter is used as route target for --.B --route-ipv6 -+.B \-\-route-ipv6 - if no gateway is specified. - .TP --.B --route-ipv6 ipv6addr/bits [gateway] [metric] -+.B \-\-route-ipv6 ipv6addr/bits [gateway] [metric] - setup IPv6 routing in the system to send the specified IPv6 network - into OpenVPN's ``tun'' device - .TP --.B --server-ipv6 ipv6addr/bits -+.B \-\-server-ipv6 ipv6addr/bits - convenience-function to enable a number of IPv6 related options at - once, namely --.B --ifconfig-ipv6, --ifconfig-ipv6-pool, --tun-ipv6 -+.B \-\-ifconfig-ipv6, \-\-ifconfig-ipv6-pool, \-\-tun-ipv6 - and --.B --push tun-ipv6 --Is only accepted if ``--mode server'' or ``--server'' is set. -+.B \-\-push tun-ipv6 -+Is only accepted if ``\-\-mode server'' or ``\-\-server'' is set. - .TP --.B --ifconfig-ipv6-pool ipv6addr/bits -+.B \-\-ifconfig-ipv6-pool ipv6addr/bits - Specify an IPv6 address pool for dynamic assignment to clients. The - pool starts at - .B ipv6addr -@@ -5489,20 +5489,20 @@ - setting controls the size of the pool. Due to implementation details, - the pool size must be between /64 and /112. - .TP --.B --ifconfig-ipv6-push ipv6addr/bits ipv6remote -+.B \-\-ifconfig-ipv6-push ipv6addr/bits ipv6remote - for ccd/ per-client static IPv6 interface configuration, see --.B --client-config-dir -+.B \-\-client-config-dir - and --.B --ifconfig-push -+.B \-\-ifconfig-push - for more details. - .TP --.B --iroute-ipv6 ipv6addr/bits -+.B \-\-iroute-ipv6 ipv6addr/bits - for ccd/ per-client static IPv6 route configuration, see --.B --iroute -+.B \-\-iroute - for more details how to setup and use this, and how --.B --iroute -+.B \-\-iroute - and --.B --route -+.B \-\-route - interact. - - .\"********************************************************* -@@ -5988,7 +5988,7 @@ - .TP - .B peer_cert - Temporary file name containing the client certificate upon --connection. Useful in conjunction with --tls-verify -+connection. Useful in conjunction with \-\-tls-verify - .\"********************************************************* - .TP - .B script_context diff --git a/debian/patches/openvpn-pkcs11warn.patch b/debian/patches/openvpn-pkcs11warn.patch index 3d238cb..5b61f99 100644 --- a/debian/patches/openvpn-pkcs11warn.patch +++ b/debian/patches/openvpn-pkcs11warn.patch @@ -3,9 +3,9 @@ Author: Florian Kulzer <florian.kulzer+debian@icfo.es> Bug-Debian: http://bugs.debian.org/475353 Index: openvpn/src/openvpn/options.c =================================================================== ---- openvpn.orig/src/openvpn/options.c 2014-10-30 11:31:06.334658772 +0100 -+++ openvpn/src/openvpn/options.c 2014-10-30 11:31:06.330658772 +0100 -@@ -6247,6 +6247,20 @@ +--- openvpn.orig/src/openvpn/options.c 2015-07-01 14:10:25.083929500 +0200 ++++ openvpn/src/openvpn/options.c 2015-07-01 14:10:25.083929500 +0200 +@@ -6293,6 +6293,20 @@ { VERIFY_PERMISSION (OPT_P_ROUTE_EXTRAS); } diff --git a/debian/patches/route_default_nil.patch b/debian/patches/route_default_nil.patch index e8572b5..cf17dec 100644 --- a/debian/patches/route_default_nil.patch +++ b/debian/patches/route_default_nil.patch @@ -2,9 +2,9 @@ Description: Fix small wording in man page. Author: Alberto Gonzalez Iniesta <agi@inittab.org> Index: openvpn/doc/openvpn.8 =================================================================== ---- openvpn.orig/doc/openvpn.8 2014-05-14 12:58:55.637184441 +0200 -+++ openvpn/doc/openvpn.8 2014-05-14 12:58:55.633184441 +0200 -@@ -966,7 +966,7 @@ +--- openvpn.orig/doc/openvpn.8 2015-07-01 14:10:31.563860364 +0200 ++++ openvpn/doc/openvpn.8 2015-07-01 14:10:31.559860407 +0200 +@@ -989,7 +989,7 @@ otherwise 0. The default can be specified by leaving an option blank or setting diff --git a/debian/patches/series b/debian/patches/series index bbf753a..f37465a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -6,5 +6,3 @@ route_default_nil.patch kfreebsd_support.patch accommodate_typo.patch manpage_fixes.patch -0001-Drop-too-short-control-channel-packets-instead-of-as.patch -update_sample_certs.patch |