diff options
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 101 |
1 files changed, 77 insertions, 24 deletions
diff --git a/debian/changelog b/debian/changelog index 91bcf9e..f676f8d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,14 +1,68 @@ -openvpn (2.4.4-2~bpo9+1) stretch-backports; urgency=medium +openvpn (2.4.7-1) unstable; urgency=medium - * Rebuild for stretch-backports. - - Revert to OpenSSL 1.0.2, libpkcs11-helper1-dev is not compatible - with OpenSSL 1.1.0 in stretch + [ Bernhard Schmidt ] + * New upstream version 2.4.7 + - improvements regarding TLSv1.3 + - Add CAP_AUDIT_WRITE for auth_pam for upstream units (Closes: #868806) + * adjust kfreebsd_support.patch for new upstream version + * Also Add CAP_AUDIT_WRITE for auth_pam for openvpn@.service (Closes: #868806) + * openvpn@.service: Bump LimitNPROC to 100, see #861923 + + [ Simon Deziel ] + * d/control: suggests openvpn-systemd-resolved (Closes: #913265) + + [ Hilko Bengen ] + * Avoid hangs when spawning child processes by not setting pkcs11-helper + "safe fork mode" (Closes: #772812, #900805, #907452) - -- Bernhard Schmidt <berni@debian.org> Sat, 30 Dec 2017 22:21:24 +0100 + -- Bernhard Schmidt <berni@debian.org> Wed, 20 Feb 2019 14:50:03 +0100 + +openvpn (2.4.6-1) unstable; urgency=medium + + [ Jörg Frings-Fürst ] + * New upstream release. + - Refresh patches. + - Fix "does not start if link-mtu is too low" (Closes: #867113). + - Fix "auth-tokens are purged if auth-nocache is set" (Closes: #883601). + * Migrate to debhelper 11: + - Change debian/compat to 11. + - Bump minimum debhelper version in debian/control to >= 11. + * Declare compliance with Debian Policy 4.1.5 (No changes needed). + * New debian/patches/spelling_errors.patch to correct spelling errors. + * New debian/patches/systemd.patch to remove obsolete syslog.target. + * debian/changelog: + - Rewrite to DEP5 copyright format. + * debian/control: + - Change to my new email address. + - Remove trailing whitespaces. + * debian/rules: + - Remove trailing whitespaces. + - Replace outdated dh_installsystemd with dh_systemd_start. + - Remove usr/share/doc/openvpn/COPYING. + - Replace rm -f with $(RM). + * debian/update-resolv-conf: + - Fix "preserve order of pushed parameters" (Closes: #807808). + Thanks to Thibaut Chèze. + - Add syslog message if used without binary resolvconf (Closes: #895135). + Thanks to Roger Price <debian@rogerprice.org>. + * debian/watch: + - Use secure URI. + * Remove obsolete debian/openvpn.lintian-overrides. + * New README.source to explain the branching model used. + + -- Jörg Frings-Fürst <debian@jff.email> Mon, 30 Jul 2018 14:08:13 +0200 + +openvpn (2.4.5-1) unstable; urgency=medium + + * New upstream version 2.4.5 (Closes: #873302) + * Fix wrong Bug# in previous changelog + * Change Vcs-* to salsa (gitlab) + + -- Bernhard Schmidt <berni@debian.org> Sun, 04 Mar 2018 22:23:47 +0100 openvpn (2.4.4-2) unstable; urgency=medium - * Build against OpenSSL 1.1.0 (Closes: #828447) + * Build against OpenSSL 1.1.0 (Closes: #828477) * Bump Standards-Version to 4.1.2, no changes necessary -- Bernhard Schmidt <berni@debian.org> Mon, 11 Dec 2017 00:22:11 +0100 @@ -97,7 +151,7 @@ openvpn (2.4.3-1) unstable; urgency=high - CVE-2017-7521 - CVE-2017-7522 * Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins - * debian/rules: + * debian/rules: - Remove obsolete options to configure script (enable-password-save, with-plugindir (now in ENV_VARS)) - No need to install upstream's systemd unit files from debian/rules @@ -270,7 +324,7 @@ openvpn (2.3.7-1) unstable; urgency=medium openvpn (2.3.5-1) unstable; urgency=medium * New upstream release. Removed patches applied upstream: - client_connect_tmp_files.patch + client_connect_tmp_files.patch better_systemd_detection.patch * Add Build-Depends on libsystemd-daemon-dev. @@ -519,7 +573,7 @@ openvpn (2.2.0-2) unstable; urgency=low openvpn (2.2.0-1) experimental; urgency=low * New upstream release (Closes: #625281) - * Removed Depends on open(ssl|vpn)-blacklist, since + * Removed Depends on open(ssl|vpn)-blacklist, since debian_openssl_vulnkeys.patch is no longer used. Removed templates referring it too. * Removed manpage_dash_escaping.patch, applied upstream @@ -812,7 +866,7 @@ openvpn (2.1~rc7-2) unstable; urgency=high * init.c: Warn of use of known vulnerable weak SSL/TLS and shared secret keys caused by Debian openssl bug. Patch taken from Ubuntu. CVE-2008-0166 - * debian/(templates|postinst): Add warning on vulnerable + * debian/(templates|postinst): Add warning on vulnerable secrect/key files. * debian/control: Add dependencies on openssl-blacklist and openvpn-blacklist. Bumped dependency on libssl version. @@ -902,7 +956,7 @@ openvpn (2.0.9-6) unstable; urgency=low /etc/network/interfaces integration. (Closes: #413732) * Also included joeyh's suggestion on the previous subject. (Closes: 419797) - * Avoid restarting a vpn instead of reloading it due to wrong + * Avoid restarting a vpn instead of reloading it due to wrong detection of 'user' option in init.d script. Thanks Josip Rodin. (Closes: 403503) * Added Russian debconf translation. (Closes: #414088) @@ -980,7 +1034,7 @@ openvpn (2.0.6-2) unstable; urgency=low a fresh install or stop2upgrade=true. (Closes: #366085, #338956) * Updated Czech debconf translation (Closes: #333989) Thanks Miroslav Kure. - * Bumped Standards-Version to 3.7.2.0, no change. + * Bumped Standards-Version to 3.7.2.0, no change. * debian/rules: Avoid compressing 'pkitool' (Closes: #354478) * debian/templates: Corrected typo on init scripts order change. (Closes: #351664) @@ -1024,9 +1078,9 @@ openvpn (2.0.2-1) unstable; urgency=low * The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :) * New upstream release (Closes: #323594) * Fixed use of backslash in username authentication. (Closes: #309787) - * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532 + * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532 CAN-2005-2533 CAN-2005-2534. (Closes: #324167) - * Changed group option from 'nobody' to 'nogroup' in all the + * Changed group option from 'nobody' to 'nogroup' in all the *example* files... (Closes: #317987) * Included openvpn-plugin.h to allow building third party plugins. (Closes: #316139) @@ -1079,7 +1133,7 @@ openvpn (2.0-1) unstable; urgency=low Thanks Thomas Hood for the patch. * debian/control. Rewrote Description: field. Now it's more useful and complete. (Closes: #304895) - * init.d script: + * init.d script: - Fixed restarting of multiple VPNs - Fixed TAB converted to spaces. - Remove status file on VPN stop @@ -1122,7 +1176,7 @@ openvpn (1.99+2.rc12-1) unstable; urgency=low openvpn (1.99+2.rc11-2) unstable; urgency=low - * Added --enable-password-save to configure call to allow + * Added --enable-password-save to configure call to allow --askpass and --auth-user-pass passwords to be read from a file. -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 3 Feb 2005 18:19:28 +0100 @@ -1192,7 +1246,7 @@ openvpn (1.99+2.beta17-1) unstable; urgency=low openvpn (1.99+2.beta16-2) unstable; urgency=low - * Patched ssl.c to fix bug in --key-method 1, that prevented + * Patched ssl.c to fix bug in --key-method 1, that prevented OpenVPN 2.x from working with 1.x using that method. Thanks James for the prompt answer & patch. Thanks weasel for finding it out. @@ -1242,7 +1296,7 @@ openvpn (1.99+2.beta15-1) unstable; urgency=low and not tell the maintainer directly. * Added Brazilian Portuguese debconf templates. (Closes: #279351) * Modified init.d script so that specifying a daemon option in a - VPN configuration won't make it fail. + VPN configuration won't make it fail. Thanks Christoph Biedl for the patch. (Closes: #278302) * Added scripts to allow specifying 'openvpn name' in /etc/network/interfaces to have the tunnel created and destroyed with @@ -1356,7 +1410,7 @@ openvpn (1.4.3-2) unstable; urgency=low * Moved initscripts sequence number to S16 from S20. This will make openvpn start earlier and be ready for other services. (Closes: #209225) * Added Depends: on debconf, it's used in the maintainer's scripts now. - * Added debconf template to ask for the creation of the TUN/TAP device + * Added debconf template to ask for the creation of the TUN/TAP device node. (Closes: #211198) -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 2 Oct 2003 21:39:46 +0200 @@ -1364,7 +1418,7 @@ openvpn (1.4.3-2) unstable; urgency=low openvpn (1.4.3-1) unstable; urgency=low * New upstream release - * Bumped Standards-Version to 3.6.1.0, no change. + * Bumped Standards-Version to 3.6.1.0, no change. * Patched init.d script to support single vpn stop/start/restart. Thanks to Richard Mueller and Norbert Tretkowski (Closes: #204100) @@ -1395,7 +1449,7 @@ openvpn (1.4.0-2) unstable; urgency=low openvpn (1.4.0-1) unstable; urgency=low * New upstream release (Closes: #179551) - * Re-enabled liblzo support. LZO's author made an exception in LZO's + * Re-enabled liblzo support. LZO's author made an exception in LZO's license that permits OpenVPN to use LZO and OpenSSL. See copyright file. @@ -1410,9 +1464,9 @@ openvpn (1.3.2-3) unstable; urgency=low openvpn (1.3.2-2) unstable; urgency=low - * Disabled liblzo1 support to fix license issues with Openssl. + * Disabled liblzo1 support to fix license issues with Openssl. (Closes: #177497) - * Bumped Standards-Version to 3.5.8, no change. + * Bumped Standards-Version to 3.5.8, no change. -- Alberto Gonzalez Iniesta <agi@agi.as> Mon, 20 Jan 2003 16:09:16 +0100 @@ -1453,4 +1507,3 @@ openvpn (1.2.0-1) unstable; urgency=low * Initial Release. (Closes: #140463) -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 23 May 2002 11:00:37 +0200 - |