summaryrefslogtreecommitdiff
path: root/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog1562
1 files changed, 1562 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..ca70c2b
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,1562 @@
+openvpn (2.4.9-3) unstable; urgency=medium
+
+ [ Jörg Frings-Fürst ]
+ * Fix the bug that occurs during the update (Closes: #959464):
+ "ERROR: Cannot ioctl TUNSETIFF tunX: Device or resource busy (errno=16)"
+ - debian/rules: Change dh_installsystemd from "--restart-after-upgrade" to
+ "--no-restart-after-upgrade -r".
+ - Remove restart from debian/postinst.
+ - Add hint to reboot if openvpn is running.
+ - Add new chapter into debian/NEWS.
+ * Migrate to debhelper 13.
+ * debian/postinst:
+ - Remove now useless code for version less than 2.3.2-6.
+ * debina/copyright:
+ - Add year 2020 to Bernhard Schmidt.
+
+ -- Jörg Frings-Fürst <debian@jff.email> Sat, 02 May 2020 18:14:36 +0200
+
+openvpn (2.4.9-2) unstable; urgency=medium
+
+ * Cherry-Pick upstream patch to fix ssl_do_config error with
+ invalid OpenSSL system configuration (Closes: #958296)
+ Thanks to Jonas Andradas for reporting and Arne Schwabe for debugging.
+ * Use DEB_HOST_MULTIARCH for libraries (Closes: #958315)
+ * Enable Salsa CI
+
+ -- Bernhard Schmidt <berni@debian.org> Tue, 21 Apr 2020 21:58:53 +0200
+
+openvpn (2.4.9-1) unstable; urgency=medium
+
+ [ Jörg Frings-Fürst ]
+ * New upstream release (Closes: #950610).
+ * Refresh debian/patches/openvpn-pkcs11warn.patch.
+ * Remove upstream applied fix-pkcs11-helper-hang.patch.
+ * Add libp11-kit-dev to Build - Depends (Closes: #940727).
+ * Add symlinks for plugins into /usr/lib/openvpn/ (Closes: #946348).
+ * Declare compliance with Debian Policy 4.5.0 (No changes needed).
+ * Switch to debhelper-compat:
+ - debian/control: change to debhelper-compat (=12).
+ - remove debian/compat.
+ * debian/copyright:
+ - Add year 2020 to debian/*.
+ - Add year 2019 to *.
+ * debian/control:
+ - Add Rules-Requires-Root: No.
+
+ [ Bernhard Schmidt ]
+ * New upstream version 2.4.9
+ - CVE-2020-11810
+ illegal client float can break VPN session for other users
+
+ -- Bernhard Schmidt <berni@debian.org> Sun, 19 Apr 2020 15:52:57 +0200
+
+openvpn (2.4.7-1) unstable; urgency=medium
+
+ [ Bernhard Schmidt ]
+ * New upstream version 2.4.7
+ - improvements regarding TLSv1.3
+ - Add CAP_AUDIT_WRITE for auth_pam for upstream units (Closes: #868806)
+ * adjust kfreebsd_support.patch for new upstream version
+ * Also Add CAP_AUDIT_WRITE for auth_pam for openvpn@.service (Closes: #868806)
+ * openvpn@.service: Bump LimitNPROC to 100, see #861923
+
+ [ Simon Deziel ]
+ * d/control: suggests openvpn-systemd-resolved (Closes: #913265)
+
+ [ Hilko Bengen ]
+ * Avoid hangs when spawning child processes by not setting pkcs11-helper
+ "safe fork mode" (Closes: #772812, #900805, #907452)
+
+ -- Bernhard Schmidt <berni@debian.org> Wed, 20 Feb 2019 14:50:03 +0100
+
+openvpn (2.4.6-1) unstable; urgency=medium
+
+ [ Jörg Frings-Fürst ]
+ * New upstream release.
+ - Refresh patches.
+ - Fix "does not start if link-mtu is too low" (Closes: #867113).
+ - Fix "auth-tokens are purged if auth-nocache is set" (Closes: #883601).
+ * Migrate to debhelper 11:
+ - Change debian/compat to 11.
+ - Bump minimum debhelper version in debian/control to >= 11.
+ * Declare compliance with Debian Policy 4.1.5 (No changes needed).
+ * New debian/patches/spelling_errors.patch to correct spelling errors.
+ * New debian/patches/systemd.patch to remove obsolete syslog.target.
+ * debian/changelog:
+ - Rewrite to DEP5 copyright format.
+ * debian/control:
+ - Change to my new email address.
+ - Remove trailing whitespaces.
+ * debian/rules:
+ - Remove trailing whitespaces.
+ - Replace outdated dh_installsystemd with dh_systemd_start.
+ - Remove usr/share/doc/openvpn/COPYING.
+ - Replace rm -f with $(RM).
+ * debian/update-resolv-conf:
+ - Fix "preserve order of pushed parameters" (Closes: #807808).
+ Thanks to Thibaut Chèze.
+ - Add syslog message if used without binary resolvconf (Closes: #895135).
+ Thanks to Roger Price <debian@rogerprice.org>.
+ * debian/watch:
+ - Use secure URI.
+ * Remove obsolete debian/openvpn.lintian-overrides.
+ * New README.source to explain the branching model used.
+
+ -- Jörg Frings-Fürst <debian@jff.email> Mon, 30 Jul 2018 14:08:13 +0200
+
+openvpn (2.4.5-1) unstable; urgency=medium
+
+ * New upstream version 2.4.5 (Closes: #873302)
+ * Fix wrong Bug# in previous changelog
+ * Change Vcs-* to salsa (gitlab)
+
+ -- Bernhard Schmidt <berni@debian.org> Sun, 04 Mar 2018 22:23:47 +0100
+
+openvpn (2.4.4-2) unstable; urgency=medium
+
+ * Build against OpenSSL 1.1.0 (Closes: #828477)
+ * Bump Standards-Version to 4.1.2, no changes necessary
+
+ -- Bernhard Schmidt <berni@debian.org> Mon, 11 Dec 2017 00:22:11 +0100
+
+openvpn (2.4.4-1) unstable; urgency=medium
+
+ [ Jörg Frings-Fürst ]
+ * New Upstream release:
+ - Fix bounds check in read_key() (CVE-2017-12166) (Closes: #877089).
+ * Declare compliance with Debian Policy 4.1.1. (No changes needed).
+ * Drop dh-systemd from both Build-Depends and dh command line as
+ it is enabled by default for dh compat level 10.
+ * New debian/openvpn.lintian-overrides:
+ - Override duplicate upstream changelog warning.
+ * Remote obsolete directory /usr/lib/openvpn (The plugins directory are now
+ /usr/lib/*/openvpn/plugins):
+ - Remove /usr/lib/openvpn from debian/dirs.
+ - Add debian/postrm to remove /usr/lib/openvpn on purge and remove.
+ - Rewrite plugin section at README.Debian
+ * Use pathfind() instead hard coded path for invoke-rc.d at debian/prerm
+ and debian/postinst.
+ * Remove outdated debian/README.source.
+ * Remove obsolete syslog.target from debian/openvpn@.service.
+ * Update Catalan translation (Closes: #870351).
+ - Thanks to Alytidae <alytidae@riseup.net>.
+ * New directory /var/log/openvpn for log and status files
+ (Closes: #444431, #553303):
+ - Add var/log/openvpn into debian/dirs.
+ - New debian/patches/move_log_dir.patch to change the conf files
+ to the new log directory.
+
+ [ Bernhard Schmidt ]
+ * Further changes to debian/openvpn@.service copied from upstream
+ - Enable Restart=on-failure
+ - Use KillMode=process
+
+ -- Bernhard Schmidt <berni@debian.org> Wed, 25 Oct 2017 08:14:12 +0200
+
+openvpn (2.4.3-4) unstable; urgency=medium
+
+ * fix FTBFS on kfreebsd
+ * Adjust debian openvpn@.service to be closer to the upstream
+ ones (Closes: #858558, #864031):
+ - adjust Documentation URL to OpenVPN 2.4
+ - use systemd READY signalling (Type=notify)
+ - add ProtectHome=true
+ - add After/Wants network-online.target
+ - adjust CapabililtyBoundingSet
+
+ -- Bernhard Schmidt <berni@debian.org> Fri, 30 Jun 2017 15:39:56 +0200
+
+openvpn (2.4.3-3) unstable; urgency=medium
+
+ [ Jörg Frings-Fürst ]
+ * debian/control:
+ - Set Bernhard Schmidt <berni@debian.org> as maintainer and myself as
+ Uploader (Closes: #865555)
+ - Many thanks to Alberto Gonzalez Iniesta.
+ - Change Vcs-Browser to cgit.
+ * Migrate to debhelper 10:
+ - Change debian/compat to 10.
+ - Bump minimum debhelper version in debian/control to >= 10.
+ * Declare compliance with Debian Policy 4.0.0. (No changes needed).
+
+ [ Bernhard Schmidt ]
+ * properly remove obsolete /etc/tmpfiles.d/openvpn.conf using
+ dpkg-maintscript-helper (Closes: #865717)
+ * Change Vcs-Git and Homepage to https
+
+ -- Bernhard Schmidt <berni@debian.org> Thu, 29 Jun 2017 12:41:31 +0200
+
+openvpn (2.4.3-2) unstable; urgency=medium
+
+ * The "Bye bye OpenVPN" revenge release
+ * Put upstream tmpfiles conf in the right place and merge with Debian's.
+ (Closes: #865589)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 23 Jun 2017 11:43:50 +0200
+
+openvpn (2.4.3-1) unstable; urgency=high
+
+ * The "Bye bye OpenVPN" release.
+ * New upstream release fixing: (Closes: #865480)
+ - CVE-2017-7508
+ - CVE-2017-7520
+ - CVE-2017-7521
+ - CVE-2017-7522
+ * Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins
+ * debian/rules:
+ - Remove obsolete options to configure script (enable-password-save,
+ with-plugindir (now in ENV_VARS))
+ - No need to install upstream's systemd unit files from debian/rules
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 22 Jun 2017 13:25:45 +0200
+
+openvpn (2.4.0-6) unstable; urgency=medium
+
+ * Apply upstream patch to fix shrinking MTU sizes on reconnects causing not
+ usable VPN tunnels.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 22 May 2017 14:59:49 +0200
+
+openvpn (2.4.0-5) unstable; urgency=high
+
+ * Change typo fix in command line help.
+ * SECURITY UPDATE: pre-authentication denial-of-service vulnerability
+ (both client and server) from a too-large control packet.
+ - debian/patches/CVE-2017-7478.patch: Do not assert on too-large
+ control packet
+ - CVE-2017-7478
+ * SECURITY UPDATE: authenticated remote DoS vulnerability due to
+ packet ID rollover
+ - debian/patches/CVE-2017-7479-prereq.patch: merge
+ packet_id_alloc_outgoing() into packet_id_write()
+ - debian/patches/CVE-2017-7479.patch: do not assert when packet ID
+ rollover occurs
+ - CVE-2017-7479
+ * SECURITY UPDATE: auth tokens left in memory after de-auth
+ - debian/patches/wipe_tokens_on_de-auth.patch: always wipe token
+ as soon as a TLS session is considered broken.
+ * Kudos to Steve Beattie <sbeattie@ubuntu.com> for doing all the
+ backporting work for this upload.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 May 2017 14:15:21 +0200
+
+openvpn (2.4.0-4) unstable; urgency=medium
+
+ * Add NEWS entries on possible 2.4 migration issues.
+ (Closes: #852381, #849909)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 02 Feb 2017 14:15:42 +0100
+
+openvpn (2.4.0-3) unstable; urgency=medium
+
+ * You shall run debdiff even when the change is only a word, or you may find
+ out the word was not there...
+ * Add liblz4-dev to Build-Depends. (Closing: #849563 for real)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 29 Dec 2016 09:41:17 +0100
+
+openvpn (2.4.0-2) unstable; urgency=medium
+
+ * Enable lz4 compression (Closes: #849563).
+ Thanks Laurent Bigonville for noticing.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 28 Dec 2016 18:43:12 +0100
+
+openvpn (2.4.0-1) unstable; urgency=medium
+
+ * New upstream release.
+ * Refresh debian/patches to new upstream coding style.
+ * debian/NEWS.Debian. Add note on removed tls-remote option
+ (Closes: #848062)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 27 Dec 2016 18:29:43 +0100
+
+openvpn (2.4~rc1-2) unstable; urgency=medium
+
+ * Make lintian happy:
+ - Update debian/watch
+ - Remove .gitignore file from samples
+ - Add Depends on lsb-base
+ - Move bash completion file to /usr/share
+ - Remove unneeded dot in manpage
+ - Bump Standards-Version
+ * debian/patches/kfreebsd_support: Update patch for 2.4 series.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 12 Dec 2016 20:20:09 +0100
+
+openvpn (2.4~rc1-1) unstable; urgency=medium
+
+ * New upstream release
+ * Update close_socket_before_scripts.patch to upstream's version
+ * Add /etc/openvpn/client & /etc/openvpn/server directories for
+ upstream's systemd units.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 10 Dec 2016 19:06:15 +0100
+
+openvpn (2.4~beta1-1) experimental; urgency=medium
+
+ * New upstream release
+ * Change Build-Dep on libssl-dev to libssl1.0-dev since upstream is not
+ transitioning to libssl1.1 yet.
+ * Moved to debhelper compat 9.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 21 Nov 2016 10:15:40 +0100
+
+openvpn (2.3.11-2) unstable; urgency=medium
+
+ * Remove dependency on initscripts. (Closes: #804968)
+ * README.Debian. Fix CapabilityBoundingSet reference.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 23 May 2016 09:55:30 +0200
+
+openvpn (2.3.11-1) unstable; urgency=medium
+
+ * New upstream release.
+ * tun.c: patch to fix FTBFS in kfreebsd. (Closes: #815283)
+ Thanks Steven Chamberlain for the patch.
+ * README.Debian: Document limits in the service file.
+ (Closes: #819919, #823621)
+ * Removed versioned dependency on initscripts. (Closes: #804968)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 10 May 2016 17:41:53 +0200
+
+openvpn (2.3.10-1) unstable; urgency=medium
+
+ * New upstream release. (Closes: #804368)
+ Drop password_prompt_in_systemd.patch. Applied upstream.
+ * Unify pidfile path on systemd and sysV. (Closes: #811010)
+ Thanks Guillem Jover for noticing.
+ * Increase start-stop-daemon timeout on stop to let openvpn
+ tear down the connection properly in some cases.
+ (Closes: #799592, #796914)
+ * Add CAP_AUDIT_WRITE to openvpn@.service CapabilityBoundingSet
+ to fix auth-pam plugin. (Closes: #795313)
+ * Patch from Martin Pitt to start OpenVPN before user sessions
+ to avoid hidding possible password prompts. (Closes: #803032)
+ * Make another copy of t_client.sh to help keeping the build
+ environment clean. (Closes: #765447)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 20 Jan 2016 12:01:36 +0100
+
+openvpn (2.3.8-1) unstable; urgency=medium
+
+ * New upstream release. Drop patch from 2.3.7-2.
+ Hopefully (Closes: #791829)
+ * Apply upstream fix for systemd password prompt that
+ delayed this upload. Sorry SysV users.
+ * debian/rules: remove obsolete options (*-path) to configure
+ * openvpn@.service: Use KillMode=mixed to fix signaling of some plugins.
+ (Closes: #792907). Also add PrivateTmp & LimitNPROC options.
+ Thanks Daniel Hahler for the patch.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 28 Oct 2015 17:34:26 +0100
+
+openvpn (2.3.7-2) unstable; urgency=medium
+
+ * Move libsystemd-daemon-dev Build-Dep to libsystemd-dev.
+ Add Build-Dep on systemd. (Closes: #791904)
+ * Bumped Standards-Version to 3.9.6
+ * Apply upstream patch to fix stdin password prompt.
+ (Closes: #791829)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 08 Sep 2015 08:23:19 +0000
+
+openvpn (2.3.7-1) unstable; urgency=medium
+
+ * New upstream version
+ * Add --no-block to if-up.d script to avoid hanging boot on
+ interfaces with openvpn instances. (Closes: #787090, #785200)
+ * Add ProtectSystem=yes to systemd's service file. (Closes: #771626)
+ * Removed upstream applied patches:
+ - 0001-Drop-too-short-control-channel-packets-instead-of-as.patch
+ - update_sample_certs.patch
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 01 Jul 2015 13:19:26 +0200
+
+openvpn (2.3.5-1) unstable; urgency=medium
+
+ * New upstream release. Removed patches applied upstream:
+ client_connect_tmp_files.patch
+ better_systemd_detection.patch
+ * Add Build-Depends on libsystemd-daemon-dev.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Oct 2014 17:44:06 +0100
+
+openvpn (2.3.4-5) unstable; urgency=high
+
+ * Apply upstream patch that fixes possible DoS by authenticated
+ clients. CVE-2014-8104
+ * Patch sample certs since they were expired and made the package
+ build fail. (Closes: #770835)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 01 Dec 2014 16:10:37 +0100
+
+openvpn (2.3.4-4) unstable; urgency=medium
+
+ * Use dh-systemd in order to enable the service unit.
+ (Closes: #768411)
+ * Add comment on /etc/default/openvpn file about options
+ not supported on systemd. (Closes: #768384)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 07 Nov 2014 13:59:54 +0100
+
+openvpn (2.3.4-3) unstable; urgency=medium
+
+ * Apply patch by Samuel Thibault to clean up temporary files.
+ (Closes: #764651). Thanks Samuel!
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 13 Oct 2014 18:24:03 +0200
+
+openvpn (2.3.4-2) unstable; urgency=medium
+
+ * openvpn.service. Remove ExecStop, add ExecReload.
+ Fixes reload of openvpn service. (Closes: #763411)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 30 Sep 2014 13:05:45 +0200
+
+openvpn (2.3.4-1) unstable; urgency=medium
+
+ * Upload to unstable.
+ * New upstream release. (Closes: #752568)
+ * Add Turkish debconf translation. (Closes: #759879)
+ * Replace openvpn-systemd-helper with a systemd generator.
+ Thanks Ondřej Surý, Ansgar Burchardt and postgresql-common for
+ the ideas, help and inspiration.
+ * Bumped Standards-Version to 3.9.5
+ * debian/control: Add Vcs-*
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 02 Sep 2014 12:06:06 +0200
+
+openvpn (2.3.3-1) experimental; urgency=medium
+
+ * Install tmpfiles.d configuration to create /run/openvpn in
+ systemd. Properly fixing #741938.
+ * Add reload to openvpn@.service. (Closes: #747840)
+ * New upstream release
+ * New openvpn.service to override LSB script when running systemd.
+ (Closes: #700888)
+ * Apply patch from upstream's BTS to improve systemd detection.
+ (Closes: #747265)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 17 Mar 2014 19:40:12 +0100
+
+openvpn (2.3.2-9) unstable; urgency=medium
+
+ * Create /run/openvpn in init script even if no VPN is
+ autostarted by it. (Closes: #741938)
+ * Fix systemd detection based on /run/systemd/system.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 17 Mar 2014 15:40:02 +0100
+
+openvpn (2.3.2-8) unstable; urgency=medium
+
+ * Add support for systemd. (Closes: #700888)
+ Add openvpn@.service and --enable-systemd to ./configure.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 14 Mar 2014 12:59:57 +0100
+
+openvpn (2.3.2-7) unstable; urgency=low
+
+ * Fix postinst when no *.pid files exist in /run/sendsigs.omit.d/.
+ (Closes: #730679)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 28 Nov 2013 13:05:31 +0100
+
+openvpn (2.3.2-6) unstable; urgency=low
+
+ * Move PID and status files to openvpn subdir in /run.
+ (Closes: #614036). Thanks Stephen Gildea for the patch and Simon Deziel
+ for the upgrade path.
+ * Add --enable-x509-alt-username option to ./configure
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 27 Nov 2013 13:58:33 +0100
+
+openvpn (2.3.2-5) unstable; urgency=low
+
+ * Patch init script to fix race conditions on restarts.
+ (Closes: #716794). Thanks Simon Deziel for the patch.
+ * Improve update-resolv-conf script. Thanks Thomas Hood
+ for the patch. (Closes: #721082)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 15 Jul 2013 16:10:59 +0200
+
+openvpn (2.3.2-4) unstable; urgency=low
+
+ * Fix depends on iproute to iproute2.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 21 Jun 2013 11:17:52 +0200
+
+openvpn (2.3.2-3) unstable; urgency=low
+
+ * Add iproute2 support on linux archs.
+ * Add versioned Build-Depends on dpkg-dev since --export=configure
+ is used. (Closes: #697560)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 20 Jun 2013 13:23:24 +0200
+
+openvpn (2.3.2-2) unstable; urgency=low
+
+ * Add pkg-config to Build-Depends while waiting for libpkcs11-helper1-dev's
+ maintainter to decide if he includes pkg-config as a Depends.
+ Thanks Roland Stigge for finding out. (Closes: #711076)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 05 Jun 2013 16:39:27 +0200
+
+openvpn (2.3.2-1) unstable; urgency=low
+
+ * New upstream version.
+ Less messages about script security (Closes: #573129)
+ * Add --enable-pkcs11 to configure to avoid losing PKCS11.
+ Thanks Jaak Pruulmann-Vengerfeldt for noticing before the
+ upload! (Closes: #710085)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 03 Jun 2013 18:48:44 +0200
+
+openvpn (2.3.1-2) unstable; urgency=low
+
+ * Add net-tools to Build-Depends. (Closes: #709108)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 21 May 2013 12:31:39 +0200
+
+openvpn (2.3.1-1) unstable; urgency=low
+
+ * New upstream version. Fixes use of non-constant-time memcmp in HMAC
+ comparison. CVE-2013-2061 (Closes: #707329)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 17 May 2013 11:54:31 +0200
+
+openvpn (2.3.0-1) experimental; urgency=low
+
+ * New upstream release
+ * Add easy-rsa to Recommends
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 12 Nov 2012 16:56:47 +0100
+
+openvpn (2.3~rc1-1) experimental; urgency=low
+
+ * Upload to experimental
+ * New upstream release with reworked build system
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 05 Nov 2012 16:31:15 +0100
+
+openvpn (2.2.1-8) unstable; urgency=low
+
+ * Enable "PIE" and "BINDOW" hardening flags.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 23 Mar 2012 10:40:39 +0100
+
+openvpn (2.2.1-7) unstable; urgency=low
+
+ * Add dpkg-buildflags call on plugins built too.
+ Thanks Simon Ruderich for finding out, the nice patch and
+ clarification. (Closes: #655130)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 16 Mar 2012 10:49:28 +0100
+
+openvpn (2.2.1-6) unstable; urgency=low
+
+ * /run transition: Replaced usage of /dev/.udev with /run/udev,
+ when checking for the usage of udev. Depend on initscripts
+ (>= 2.88dsf-13.3) to guarantee the existence of /run/udev
+ in case udev is being used. (Closes: #644321)
+ Patch by Pieter du Preez.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Mar 2012 13:44:50 +0100
+
+openvpn (2.2.1-5) unstable; urgency=low
+
+ * Avoid sending ICMP redirects when using tun devices and "subnet"
+ topology. Thanks Simon Deziel for testing and the patch.
+ (Closes: #656241)
+ The init.d script will set all.send_redirects=0 when using "dev tun"
+ and "topology subnet". More info in README.Debian.
+ * Several manpage fixes
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 23 Feb 2012 17:25:54 +0100
+
+openvpn (2.2.1-4) unstable; urgency=low
+
+ * Use dpkg-buildflags to fill CFLAGS in ./configure. (Closes: #655130)
+ * debian/rules: Moved to dh.
+ * debian/rules: Changed DEB_BUILD_ARCH_OS with DEB_HOST_ARCH_OS.
+ * Removed quilt Build-Depends.
+ * debian/openvpn.default: Clarify what "vpn name" refers to.
+ (Closes: #657610)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 08 Feb 2012 16:31:32 +0100
+
+openvpn (2.2.1-3) unstable; urgency=low
+
+ * The iproute fiasco release.
+ * Remove --enable-iproute2 dependency since it's only available in Linux.
+ Write that in the changelog so I don't forget _again_ why iproute is not
+ set... (Closes: #652702)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 20 Dec 2011 13:06:05 +0100
+
+openvpn (2.2.1-2) unstable; urgency=low
+
+ * debian/rules: Force path to 'ip' command so that it's set correctly even
+ if not present (in the buildd). (Closes: #652702)
+ * Fix OMIT_SENDSIGS logic on init.d script. (Closes: #652703)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 20 Dec 2011 07:21:07 +0100
+
+openvpn (2.2.1-1) unstable; urgency=low
+
+ * New upstream release
+ * Added OMIT_SENDSIGS option in init.d script to let openvpn run after
+ sendsigs on system reboot or shutdown. (Closes: #636864)
+ * Configure with --enable-iproute2.
+ * Change path to route on kFreeBSD. (Closes: #646221) Thanks Robert Millan.
+
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 13 Dec 2011 11:04:22 +0100
+
+openvpn (2.2.0-2) unstable; urgency=low
+
+ * Upload to unstable
+ * debian/control: added Homepage field
+ * Added debian/watch file
+ * debian/patches: Added descriptions/authors/etc. to patches
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 15 Jun 2011 12:28:15 +0200
+
+openvpn (2.2.0-1) experimental; urgency=low
+
+ * New upstream release (Closes: #625281)
+ * Removed Depends on open(ssl|vpn)-blacklist, since
+ debian_openssl_vulnkeys.patch is no longer used.
+ Removed templates referring it too.
+ * Removed manpage_dash_escaping.patch, applied upstream
+ * Removed attemping_typo, applied upstream
+ * Removed counter_type_for_bytes.patch, applied upstream
+ * Removed eurephia.patch, applied upstream
+ * Updated JuanJo's & Gert's IPv6 patches
+ * Removed versioned Depends on libssl (Closes: #623503)
+ * Improved kFreeBSD support. Thanks Gonéri Le Bouder for the patch
+ (Closes: #626062)
+ * Updated Dutch debconf templates. (Closes: #625526)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 10 May 2011 16:17:00 +0200
+
+openvpn (2.1.3-5) experimental; urgency=low
+
+ * Upload to experimental.
+ * Add ipv6 payload patch by Gert Doering. (Closes: #604071)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 22 Mar 2011 10:57:18 +0100
+
+openvpn (2.1.3-4) unstable; urgency=low
+
+ * Updated JuanJo's IPv6 patch. Now really fixes use from xinetd.
+ Thanks JuanJo & Christian Weinberger for testing it (Closes: #574164)
+ * Removed debian_openssl_vulnkeys.patch since we're Etch + 2 now.
+ (Closes: #484105, #487994)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 22 Mar 2011 10:04:21 +0100
+
+openvpn (2.1.3-3) unstable; urgency=low
+
+ * Updated JuanJo's IPv6 patch.
+ Fixes use from xinetd (Closes: #574164)
+ * Patched update-resolv-conf to support multiple DNS search domains.
+ Thanks Jeremy Zawodny and Dave Walker for the patch.
+ (Closes: #617740)
+ * Added a note about bridge-utils helpers in README.Debian.
+ Thanks Sven Hoexter. (Closes: #599192)
+ * Updated Danish debconf templates. (Closes: #608425)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 11 Mar 2011 13:08:12 +0100
+
+openvpn (2.1.3-2) unstable; urgency=low
+
+ * Applied upstream patch to solve random routes added when using
+ 'remote_host'. (Closes: #600166)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 21 Oct 2010 12:21:33 +0200
+
+openvpn (2.1.3-1) unstable; urgency=low
+
+ * New upstream release (Closes: #595684)
+ * Fixed multiple building in a row (Closes: #592086)
+ * Added handling of newer DEB_BUILD_OPTIONS.
+ Thanks Lionel Elie Mamane for the patch. (Closes: #592098)
+ * Updated IPv6 patch from JuanJo Ciarlante.
+ Fixes --multihome option. (Closes: #562099)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Sep 2010 13:07:37 +0200
+
+openvpn (2.1.0-3) unstable; urgency=low
+
+ * The 'happy birthday to me' release
+ * Fixed client hang when server does not push anything. (Closes: #587414)
+ Thanks Thierry Carrez for the heads up.
+ * Document possible problems when using 'chroot' option
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Jul 2010 12:22:09 +0200
+
+openvpn (2.1.0-2) unstable; urgency=low
+
+ * Patched ssl.[ch] to fix integer overflow. (Closes: #576827)
+ Thanks David Sommerseth for the patch.
+ * Fixed manpage typo. (Closes: #576823)
+ * Bloat the init.d script with more dependencies required by the
+ new init systems. Sucky. (Closes: #568647, #553338)
+ * Reworded README.Debian (Closes: #550164)
+ * Switch to dpkg-source 3.0 (quilt) format
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 10 Apr 2010 17:26:42 +0200
+
+openvpn (2.1.0-1) unstable; urgency=low
+
+ * New upstream release
+ * init.d script: added soft-restart to the options output. (Closes: #558174)
+ * debian/control: Promoted net-tools from Recommends to Depends.
+ (Closes: #557906)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 11 Dec 2009 12:08:50 +0100
+
+openvpn (2.1~rc22-1) unstable; urgency=low
+
+ * New upstream release
+ * Added a note on LDAP+TLS problems in README.Debian
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 04 Dec 2009 16:33:02 +0100
+
+openvpn (2.1~rc21-2) unstable; urgency=low
+
+ * debian/patches: Added eurephia.patch to support eurephia plug-in.
+ * debian/patches: updated openvpn over ipv6 support to v0.4.10
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 19 Nov 2009 18:00:27 +0100
+
+openvpn (2.1~rc21-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 12 Nov 2009 12:19:26 +0100
+
+openvpn (2.1~rc20-3) unstable; urgency=low
+
+ * Updated debian_openssl_vulnkeys.patch to fix false vulnerable
+ key detection. (Closes: #483139).
+ Thanks a lot Kees Cook and Jamie Strandboge for working on this!
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 04 Nov 2009 17:18:03 +0100
+
+openvpn (2.1~rc20-2) unstable; urgency=low
+
+ * init.d script: Added X-Interactive header. (Closes: #549424)
+ * patches/jjo-ipv6-support.patch: Added ipv6 support. (Closes: #307846)
+ Patch from JuanJo Ciarlante.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 06 Oct 2009 13:04:07 +0200
+
+openvpn (2.1~rc20-1) unstable; urgency=low
+
+ * New upstream version.
+ - Fixes redirect-gateway option parsing. (Closes: #541450)
+ * Changed init.d Provides from 'vpn' to 'openvpn'. (Closes: #497563)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 02 Oct 2009 17:24:38 +0200
+
+openvpn (2.1~rc19-2) unstable; urgency=low
+
+ * Fixed init.d script to depend on $remote_fs and $syslog (Closes: #539764)
+ * Added debian/README.source
+ * Bumped Standards-Version to 3.8.3
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 30 Aug 2009 20:20:11 +0200
+
+openvpn (2.1~rc19-1) unstable; urgency=low
+
+ * New upstream version
+ - Removed remote_env.patch, applied upstream
+ - trusted_ip is exported again. (Closes: #524979)
+ * Bumped Standards-Version to 3.8.2
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 21 Jul 2009 17:00:56 +0200
+
+openvpn (2.1~rc15-1) unstable; urgency=low
+
+ * New upstream version (Closes: #515575)
+ * remote_env.patch: patched options.c to fix remote* enviroment vars.
+ * openvpn-pkcs11warn.patch: warn on deprecated pkcs11 options.
+ Thanks A LOT to Florian Kulzer for the README.Debian text & patch!
+ (Closes: #475353)
+ * Removed lladdr-is-not-ip.patch, since it was included upstream.
+ * init.d script: Use start-stop-daemon to avoid failure on start when
+ a PID file is not deleted. (Closes: #445061)
+ * init.d script: Added 'status' action. Thanks Thierry Carrez for
+ the patch. (Closes: #498493)
+ * Updated debian/copyright: Point to GPL-2
+ * Updated debian/control: Added ${misc:Depends}
+ * Bumped Standards-Version to 3.8.1
+ * Moved to debhelper compat 7.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 30 Apr 2009 12:35:05 +0200
+
+openvpn (2.1~rc11-1) unstable; urgency=low
+
+ * New upstream version
+ - Fixes TLS negotiation problems (Closes: #496649)
+ * Patched options.c, socket.c and socket.h to correctly check
+ for MAC addresses on lladdr parm. (Closes: #496141)
+ Thanks hoverhell@gmail.com for the patch.
+ * init.d script: exit with 0 status when trying to start
+ an already running VPN. (Closes: #499247)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 17 Sep 2008 13:43:22 +0200
+
+openvpn (2.1~rc10-1) unstable; urgency=low
+
+ * New upstream version.
+ - Fixed calls to external commands with arguments.
+ (Closes: #495964, #496314, #497411)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 Sep 2008 16:58:37 +0200
+
+openvpn (2.1~rc9-3) unstable; urgency=low
+
+ * debian/rules: run ./configure with path to 'route', for
+ those build daemons without 'route'. (Closes: #495082)
+ * Created NEWS.Debian with info on new option script-security.
+ (Closes: #494998)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 16 Aug 2008 13:34:24 +0200
+
+openvpn (2.1~rc9-2) unstable; urgency=low
+
+ * debian/rules: run ./configure with path to ifconfig, for
+ those build daemons without ifconfig. (Closes: #494918)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 13 Aug 2008 13:37:01 +0200
+
+openvpn (2.1~rc9-1) unstable; urgency=high
+
+ * New upstream version.
+ * Urgency high since it fixes a security bug in versions
+ 2.1-beta14 to 2.1-rc8. CVE-2008-3459. (Closes: #493488)
+ * Added sample-scripts/ to examples directory.
+ * Thanks Tristan Hill for rewritten debian_openssl_vulnkeys.patch
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 11 Aug 2008 19:40:11 +0200
+
+openvpn (2.1~rc8-1) unstable; urgency=low
+
+ * New upstream version
+ * Added Build-dep on libpkcs11-helper1 to re-enable PKCS#11
+ support. Sorry for the delay Florian :) (Closes: #475353)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 23 Jul 2008 10:38:13 +0200
+
+openvpn (2.1~rc7-6) unstable; urgency=low
+
+ * debian/control: Add Recommends on net-tools. (Closes: #469522)
+ * init.d script: clean up. (Closes: #486678)
+ * init.d script: Added soft-restart option to send SIGUSR1 to running
+ VPNs. (Closes: #414252)
+ * Added bash_completion for init.d script. (Closes: #394289)
+ * Removed obsolete templates and its associated code. (Closes: #459531)
+ * Removed stop before upgrade question, always restar after the upgrade
+ not in between. (Closes: #371148)
+ * New patch to correct spelling error in socket.c. (Closes: #487957)
+ * Added OPTARGS to init.d script and /etc/default/openvpn so that
+ Stanislav Maslovski does not have to edit this on every upgrade :)
+ (Closes: #488675)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 24 Jun 2008 15:46:15 +0200
+
+openvpn (2.1~rc7-5) unstable; urgency=low
+
+ * init.d script: Set default exit code to 0 when undefined.
+ (Closes: #486441)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 16 Jun 2008 16:59:02 +0200
+
+openvpn (2.1~rc7-4) unstable; urgency=low
+
+ * The 'Miriam helped me move to quilt' release
+ * Moved all the patches to debian/patches
+ * debian/control: Added Build-Dep on quilt
+ * Applied patch by Jamie Strandboge to fix openssl-vulnkey
+ extra passphrase prompts. Thanks Jamie.
+ (Closes: #483020, #483500, #486129)
+ * Updated Portuguese debconf templates. (Closes: #484007)
+
+ [ Martin Pitt ]
+ * Added note on Out Of Memory issues. (Closes: #484113)
+ * Avoid asking about the tun device creation if using udev.
+ (Closes: #484111)
+ * Reworked init.d script to use LSB functions. (Closes: #484110)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 14 Jun 2008 19:00:40 +0200
+
+openvpn (2.1~rc7-3) unstable; urgency=low
+
+ * The 'Thanks the transtalors' release
+ * Updated Japanese debconf templates. (Closes: #483848)
+ * Updated Russian debconf templates. (Closes: #483693)
+ * Updated Brazilian Portuguese debconf templates. (Closes: #483686)
+ * Updated German debconf templates. (Closes: #483610)
+ * Updated French debconf templates. (Closes: #483104)
+ * Updated Spanish debconf templates. (Closes: #482939)
+ * Updated Italian debconf templates. (Closes: #482809)
+ * Updated Finnish debconf templates. (Closes: #482763)
+ * Updated Swedish debconf templates. (Closes: #482677)
+ * Updated Vietnamese debconf templates. (Closes: #482640)
+ * Updated Galician debconf templates. (Closes: #482461)
+ * Updated Czech debconf templates. (Closes: #482430)
+ * Updated Basque debconf templates. (Closes: #482398)
+ * Updated path to openssl-vulnkey. (Closes: #483723)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 01 Jun 2008 21:11:17 +0200
+
+openvpn (2.1~rc7-2) unstable; urgency=high
+
+ * init.c: Warn of use of known vulnerable weak SSL/TLS
+ and shared secret keys caused by Debian openssl bug.
+ Patch taken from Ubuntu. CVE-2008-0166
+ * debian/(templates|postinst): Add warning on vulnerable
+ secrect/key files.
+ * debian/control: Add dependencies on openssl-blacklist and
+ openvpn-blacklist. Bumped dependency on libssl version.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 16 May 2008 00:45:23 +0200
+
+openvpn (2.1~rc7-1) unstable; urgency=low
+
+ * New upstream release (Closes: #464181)
+ - Slashes in X509 common name allowed (Closes: #452274)
+ * init.d script: Removed /dev/null stdin redirection, so passphrases
+ can be typed in. (Closes: #454371)
+ * Set FD_CLOEXEC in socket initialization BEFORE running the 'up script'
+ Thanks a lot Julien Cristau for finding this out and sending the
+ patch (Closes: #367716)
+ * Added multiple VPN configuration in /e/n/interfaces.
+ Thanks Sam Couter for the patch (Closes: #472924)
+ * Bumped Standards-Version to 3.7.3
+ * Debconf templates and debian/control reviewed by the debian-l10n-
+ english team as part of the Smith review project. (Closes: #462048)
+ * Updated Vietnamese debconf templates. (Closes: #465535)
+ * Updated German debconf templates. (Closes: #465317)
+ * Updated Brazilian Portuguese debconf templates. (Closes: #465440)
+ * Updated Japanese debconf templates. (Closes: #462736)
+ * Updated Portuguese debconf templates. (Closes: #462795)
+ * Updated Swedish debconf templates. (Closes: #462979)
+ * Updated Galician debconf templates. (Closes: #462990)
+ * Updated Spanish debconf templates. (Closes: #463047)
+ * Updated French debconf templates. (Closes: #463636)
+ * Updated Italian debconf templates. (Closes: #463703)
+ * Updated Finnish debconf templates. (Closes: #463952)
+ * Updated Czech debconf templates. (Closes: #464221)
+ * Updated Russian debconf templates. (Closes: #464666)
+ * Updated Norwegian Bokmål debconf templates. (Closes: #462811)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 02 Feb 2008 22:41:31 +0100
+
+openvpn (2.1~rc4-2) unstable; urgency=low
+
+ * Upload to unstable. New upstream fixes:
+ - Bug with: Assertion failed at multi.c. (Closes: #411633)
+ - Hangs with tcp clients goin down with new option:
+ --connect-timeout. (Closes: #296834)
+ * Use rm -f to remove PIDFILE, in case rm wants to ask.
+ (Closes: #429932)
+ * Updated Vietnamese debconf templates. (Closes: #427048)
+ Thanks Clytie Siddall.
+ * Added note on resolvconf use with openvpn. (Closes: #451319)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 08 Dec 2007 21:58:05 +0100
+
+openvpn (2.1~rc4-1) experimental; urgency=low
+
+ * New upstream release
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 22 Oct 2007 20:59:46 +0200
+
+openvpn (2.1~rc2-1) experimental; urgency=low
+
+ * Just forward-push the Debian patches to the new version,
+ and upload to experimental (with permission of the maintainer).
+
+ -- Andreas Barth <aba@not.so.argh.org> Thu, 19 Apr 2007 18:23:59 +0200
+
+openvpn (2.0.9-8) unstable; urgency=low
+
+ * Install /etc/openvpn/update-resolv-conf with correct permissions
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 19 May 2007 18:12:12 +0200
+
+openvpn (2.0.9-7) unstable; urgency=low
+
+ * Added script to update resolv.conf with server's settings.
+ The script is located in the /etc/openvpn/ directory.
+ Thanks a lot Christof Lauber for the script.
+ Added resolvconf to Suggests.
+ * Added LSB section to the init.d script.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 19 May 2007 17:48:23 +0200
+
+openvpn (2.0.9-6) unstable; urgency=low
+
+ * Fixed init.d script to avoid running multiple instances of the
+ same VPN. Thanks Keith Kyzivat for pushing me into looking
+ again into this issue. (Closes: #326080)
+ * Included patch to README.Debian from Peter Rabbitson describing
+ /etc/network/interfaces integration. (Closes: #413732)
+ * Also included joeyh's suggestion on the previous subject.
+ (Closes: 419797)
+ * Avoid restarting a vpn instead of reloading it due to wrong
+ detection of 'user' option in init.d script. Thanks Josip Rodin.
+ (Closes: 403503)
+ * Added Russian debconf translation. (Closes: #414088)
+ Thanks Yuriy Talakan.
+ * Built against liblzo2 instead of liblzo. (Closes: #423366)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 15 May 2007 23:53:26 +0200
+
+openvpn (2.0.9-5) unstable; urgency=low
+
+ * Added Galician debconf translation. (Closes: #412492)
+ Thanks Jacobo Tarrio
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 28 Feb 2007 00:36:14 +0100
+
+openvpn (2.0.9-4) unstable; urgency=low
+
+ * Updated Swedish debconf translation. (Closes: #407851)
+ Thanks Andreas Henriksson
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 21 Jan 2007 22:24:58 +0100
+
+openvpn (2.0.9-3) unstable; urgency=low
+
+ * Fixed type in Portuguese debconf translation.
+ * debian/templates. Changed default value for init.d change
+ question to false. (Closes: #403317)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 22 Dec 2006 19:36:05 +0100
+
+openvpn (2.0.9-2) unstable; urgency=low
+
+ * Updated Spanish debconf translation. (Closes: #393796)
+ * Updated German debconf translation. (Closes: #397019)
+ * Updated Japanese debconf translation. (Closes: #392627)
+ * Added Italian debconf translation. (Closes: #398050)
+ * Added Portuguese debconf translation. (Closes: #400685)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 8 Dec 2006 12:28:34 +0100
+
+openvpn (2.0.9-1) unstable; urgency=low
+
+ * New upstream release. No changes in *NIX source code.
+ Updating to avoid 'New upstream, blah, blah'.
+ * debian/control: Fixed spelling error in description
+ (Closes: #390242)
+ * debian/copyright: Updated project's homepage and author's
+ email address. (Closes: #388466)
+ * debian/copyright: Updated the FSF address.
+ * Updated Dutch debconf translation. (Closes: #389982, 379802)
+ Thanks Kurt De Bree
+ * Updated Czech debconf translation. (Closes: #384755)
+ Thanks Miroslav Kure
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 10 Oct 2006 12:17:57 +0200
+
+openvpn (2.0.7-1) unstable; urgency=low
+
+ * The 'Translators, translators, translators' release.
+ * New upstream version.
+ * Added Dutch debconf translation. (Closes: #370073)
+ Thanks Kurt De Bree
+ * Updated Danish debconf translation. (Closes: #369772, #376704)
+ Thanks Claus Hindsgaul
+ * Updated French debconf translation. (Closes: #373191)
+ Thanks Michel Grentzinger
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 22 Jul 2006 20:44:52 +0200
+
+openvpn (2.0.6-2) unstable; urgency=low
+
+ * The "Mañana" Release.
+ * debian/control: Added Suggests: openssl (Closes: #368256)
+ * debian/postinst: Run the init.d script with 'start' when doing
+ a fresh install or stop2upgrade=true. (Closes: #366085, #338956)
+ * Updated Czech debconf translation (Closes: #333989)
+ Thanks Miroslav Kure.
+ * Bumped Standards-Version to 3.7.2.0, no change.
+ * debian/rules: Avoid compressing 'pkitool' (Closes: #354478)
+ * debian/templates: Corrected typo on init scripts order change.
+ (Closes: #351664)
+ * Updated German debconf translation (Closes: #345853)
+ Thanks Erik Schanze.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 22 May 2006 03:08:10 +0200
+
+openvpn (2.0.6-1) unstable; urgency=high
+
+ * New upstream release. Urgency high due to security fix.
+ - Disallow "setenv" to be pushed to clients from the server.
+ (Closes: #360559)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 5 Apr 2006 12:17:26 +0200
+
+openvpn (2.0.5-1) unstable; urgency=high
+
+ * New upstream release. Urgency high due to security issues.
+ - DoS vulnerability on the server in TCP mode.
+ (CVE-2005-3409) (Closes: #337334)
+ - Format string vulnerability in the foreign_option
+ function in options.c could potentially allow a malicious
+ or compromised server to execute arbitrary code on the
+ client. (CVE-2005-3393) (Closes: #336751)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 7 Nov 2005 10:13:55 +0100
+
+openvpn (2.0.2-2) unstable; urgency=low
+
+ * debian/control: fix Depends on debconf. (Closes: #332056)
+ * Bumped Standards-Version to 3.6.2.0, no change.
+ * Updated Danish debconf translation. (Closes: #326907)
+ * Updated French debconf translation. (Closes: #328076)
+ * Added Swedish debconf translation. (Closes: #332785)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 9 Oct 2005 18:42:34 +0200
+
+openvpn (2.0.2-1) unstable; urgency=low
+
+ * The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :)
+ * New upstream release (Closes: #323594)
+ * Fixed use of backslash in username authentication. (Closes: #309787)
+ * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532
+ CAN-2005-2533 CAN-2005-2534. (Closes: #324167)
+ * Changed group option from 'nobody' to 'nogroup' in all the
+ *example* files... (Closes: #317987)
+ * Included openvpn-plugin.h to allow building third party plugins.
+ (Closes: #316139)
+ * Stop openvpn's daemon later to allow some services stopping later to use
+ it. Added debconf template to ask permission to make the change
+ on older installations. (Closes: #312371)
+ * Workaround to fix proper daemonize when 'log' option is used.
+ (Closes: #309944) Thanks Jason Lunz for the patch.
+ * Modified output of init.d script to make it more friendly when
+ passphrase for a tunnel certificate is asked.
+ Thanks Pavel Vávra for the patch.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 28 Aug 2005 13:05:49 +0200
+
+openvpn (2.0-4) unstable; urgency=low
+
+ * The 'It was about time I could make a new upload' release
+ * Rewrote some debconf templates (Closes: #316694).
+ Thanks Clytie Siddall for the corrections.
+ * Included Vietnamese debconf translation. (Closes: #316695)
+ * debian/rules: exclude openssl.cnf from being compress.
+ (Closes: #315764)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 6 Jul 2005 09:22:16 +0200
+
+openvpn (2.0-3) unstable; urgency=low
+
+ * postinst: call 'restart' when 'cond-restart' fails due to user
+ not upgrading the init.d script. (Closes: #308926)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 28 May 2005 12:52:16 +0200
+
+openvpn (2.0-2) unstable; urgency=low
+
+ * Added '-f' to rm when deleting the status file. This eliminates
+ the need to test if it exists and saves the init.d script from
+ failing. (Closes: #306588)
+ * Modified pam plugin to load libpam.so.0 instead of libpam.so.
+ (Closes: #306335)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 4 May 2005 15:02:45 +0200
+
+openvpn (2.0-1) unstable; urgency=low
+
+ * The 'This-is-the-real-2.0' release
+ * New upstream version.
+ * openvpn.8: s/--/\\-\\-/g a.k.a escaped dashes to make it possible
+ to search for options with UTF charsets. (Closes: #296133)
+ * Improved init.d script output. (Closes: #297997)
+ Thanks Thomas Hood for the patch.
+ * debian/control. Rewrote Description: field.
+ Now it's more useful and complete. (Closes: #304895)
+ * init.d script:
+ - Fixed restarting of multiple VPNs
+ - Fixed TAB converted to spaces.
+ - Remove status file on VPN stop
+ - Respect 'status' option if given in the config file
+ - New /etc/default/openvpn configuration file that allows
+ control on which VPNs are automatically started and also
+ controls status file refresh interval
+ Thanks Philipp A. Hartmann for the nice patch. (Closes: #294332)
+ * init.d script: Added cond-restart to only restart VPNs in use.
+ postint: Call init.d script with cond-restart instead of restart.
+ (Closes: #280464)
+ * init.d script: change order of --config and --cd to permit
+ nested 'configs'. (Closes: #299082)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 18 Apr 2005 09:07:05 +0200
+
+openvpn (1.99+2.rc20-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 4 Apr 2005 23:05:23 +0200
+
+openvpn (1.99+2.rc18-1) unstable; urgency=low
+
+ * New upstream release (Closes: #301949)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 29 Mar 2005 12:56:42 +0200
+
+openvpn (1.99+2.rc16-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 20 Feb 2005 20:24:25 +0100
+
+openvpn (1.99+2.rc12-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 6 Feb 2005 11:49:44 +0100
+
+openvpn (1.99+2.rc11-2) unstable; urgency=low
+
+ * Added --enable-password-save to configure call to allow
+ --askpass and --auth-user-pass passwords to be read from a file.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 3 Feb 2005 18:19:28 +0100
+
+openvpn (1.99+2.rc11-1) unstable; urgency=low
+
+ * New upstream release
+ * Added --status line to init.d script (Closes: #293144)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 3 Feb 2005 09:28:06 +0100
+
+openvpn (1.99+2.rc10-1) unstable; urgency=low
+
+ * New upstream release
+ * Updated pt_BR debconf translation (Closes: #292079)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 28 Jan 2005 14:44:42 +0100
+
+openvpn (1.99+2.rc6-1) unstable; urgency=low
+
+ * The 'Three Wise Men' release.
+ * New upstream release.
+ * Update README.Debian with comments on changed string remapping.
+ Thanks ron@debian.org for noting this first. (Closes: #288669)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 5 Jan 2005 19:03:11 +0100
+
+openvpn (1.99+2.beta19-1) unstable; urgency=low
+
+ * New upstream release.
+ * Updated README.Debian with info on plugins.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 5 Dec 2004 11:57:03 +0100
+
+openvpn (1.99+2.beta18-2) unstable; urgency=low
+
+ * Built and installed plugins. Thanks Michael Renner for noticing.
+ (Closes: #284224)
+ * Added Build-Depends on libpam0g-dev, required by auth-pam plugin.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 5 Dec 2004 10:19:45 +0100
+
+openvpn (1.99+2.beta18-1) unstable; urgency=low
+
+ * New upstream release. Corrects --mssfix behaviour (Closes: #280893)
+ * Included Czech debconf translation. (Closes: #282995)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 29 Nov 2004 10:56:07 +0100
+
+openvpn (1.99+2.beta17-2) unstable; urgency=low
+
+ * Updated (German|Danish|French|Japanese) debconf translations.
+ (Closes: #281235, #282095, #282216, #282881)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 24 Nov 2004 08:15:29 +0100
+
+openvpn (1.99+2.beta17-1) unstable; urgency=low
+
+ * New upstream version. Includes fix for the --key-method 1 bug.
+ * WARNING: This version changes the default port (5000 previously)
+ to 1194 (assigned by INANA). This will affect you if you don't
+ have a 'port' option specified in your configuration files.
+ Added a debconf note about it.
+ * Updated es.po.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 12 Nov 2004 15:32:56 +0100
+
+openvpn (1.99+2.beta16-2) unstable; urgency=low
+
+ * Patched ssl.c to fix bug in --key-method 1, that prevented
+ OpenVPN 2.x from working with 1.x using that method.
+ Thanks James for the prompt answer & patch.
+ Thanks weasel for finding it out.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 8 Nov 2004 11:59:12 +0100
+
+openvpn (1.99+2.beta16-1) unstable; urgency=low
+
+ * New upstream releases. Fixes the "Assertion failed at crypto.c"
+ (Closes: #265632, #270005)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 7 Nov 2004 17:46:09 +0100
+
+openvpn (1.99+2.beta15-5) unstable; urgency=low
+
+ * Updated README.Debian with clearer 2.x vs 1.x interoperability
+ instructions.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 7 Nov 2004 10:26:03 +0100
+
+openvpn (1.99+2.beta15-4) unstable; urgency=low
+
+ * Put if-{up,down}.d scripts back in place, this time they work.
+ Just remember to quote shell vars when checking if they are empty.
+ [ -n "$VAR" ] -> Good [ -n $VAR ] -> BAD
+ Note to self, don't trust people's patches even if they are DD.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 4 Nov 2004 08:33:45 +0100
+
+openvpn (1.99+2.beta15-3) unstable; urgency=low
+
+ * Removed if-{up,down}.d scripts until I get to know how they work.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 3 Nov 2004 20:58:41 +0100
+
+openvpn (1.99+2.beta15-2) unstable; urgency=low
+
+ * Corrected names of if-{up,down}.d scripts. Duh!
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 3 Nov 2004 10:21:52 +0100
+
+openvpn (1.99+2.beta15-1) unstable; urgency=low
+
+ * New upstream release.
+ * Renamed package to 1.99 to make it clearer that we're using
+ version 2.0 and not 1.6. Some people rather talk about this on IRC
+ and not tell the maintainer directly.
+ * Added Brazilian Portuguese debconf templates. (Closes: #279351)
+ * Modified init.d script so that specifying a daemon option in a
+ VPN configuration won't make it fail.
+ Thanks Christoph Biedl for the patch. (Closes: #278302)
+ * Added scripts to allow specifying 'openvpn name' in
+ /etc/network/interfaces to have the tunnel created and destroyed with
+ the device it runs over. Thanks Joachim Breitner for the patch.
+ (Closes: #273481)
+ * Modified init.d script so that multiple VPNs can be started or stopped
+ with a single command. (See README.Debian)
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 2 Nov 2004 12:49:41 +0100
+
+openvpn (1.6.0+2.beta14-1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 20 Oct 2004 09:13:09 +0200
+
+openvpn (1.6.0+2.beta12-1) unstable; urgency=low
+
+ * New upstream release.
+ * Added comments about compatibility issues between openvpn 2.x and 1.x
+ to README.Debian (Closes: #276799)
+ * Changed maintainer email address.
+
+ -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 18 Oct 2004 09:01:23 +0200
+
+openvpn (1.6.0+2.beta11-1) unstable; urgency=low
+
+ * New upstream release. (Closes: #269631)
+ * I decided to get OpenVPN 2 into sid, and hopefully into Sarge since
+ the current beta works pretty well and adds important features I don't
+ want missing in Sarge.
+ * Updated README.Debian
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Fri, 15 Oct 2004 11:52:58 +0200
+
+openvpn (1.6.0-5) unstable; urgency=low
+
+ * Added German and Japanese debconf templates.
+ (Closes: #266927, #270477)
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Fri, 10 Sep 2004 08:31:54 +0200
+
+openvpn (1.6.0-4) unstable; urgency=low
+
+ * Updated French and Danish debconf templates
+ (Closes: #254064, #256053)
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Mon, 28 Jun 2004 09:51:44 +0200
+
+openvpn (1.6.0-3) unstable; urgency=low
+
+ * Included Catalan debconf templates. (Closes: #248750)
+ Thanks Aleix Badia i Bosch.
+ * Added debconf question on whether the daemon should be stopped at
+ the begining of and upgrade or not. Thus being more reliable on
+ remote upgrades. (Closes: #250558)
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 10 Jun 2004 15:59:39 +0200
+
+openvpn (1.6.0-2) unstable; urgency=low
+
+ * Recover init.d modification suggested by Kai Henningsen to get
+ different syslog names for each VPN. How the fuck did that get lost?
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Fri, 28 May 2004 16:51:04 +0200
+
+openvpn (1.6.0-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Mon, 10 May 2004 08:59:37 +0200
+
+openvpn (1.5.0-3) unstable; urgency=low
+
+ * Included Danish debconf template. Thanks Claus Hindsgau.
+ (Closes: #234944)
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Tue, 9 Mar 2004 16:36:33 +0100
+
+openvpn (1.5.0-2) unstable; urgency=low
+
+ * Modified init.d script to permit different syslog names for each
+ VPN. Thanks Kai Henningsen for the tip. (Closes: #227376)
+ * Moved 'verify-cn' script to /usr to make weasel happier ;)
+ (Closes: #221995)
+ * Moved to gettext-based debconf templated. Added French translation.
+ Thanks Michel Grentzinger for the patches.
+ (Closes: #219015, #219016)
+ * Fixed spanish translation that was a complete mess.
+ (Closes: Fri-Sun)
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 15 Jan 2004 18:08:24 +0100
+
+openvpn (1.5.0-1) unstable; urgency=low
+
+ * New upstream release
+ * Moved to debhelper compatibility 4. Created debian/compat.
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Sat, 22 Nov 2003 18:18:50 +0100
+
+openvpn (1.4.3-3) unstable; urgency=low
+
+ * Added quotes around $2 in dpkg --compare-versions (config and postinst)
+ and check if $2 actually has a value.
+ This way it won't fail if $2 is not set. Duh! (Closes: #214848)
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 9 Oct 2003 11:01:31 +0200
+
+openvpn (1.4.3-2) unstable; urgency=low
+
+ * Moved initscripts sequence number to S16 from S20. This will make
+ openvpn start earlier and be ready for other services. (Closes: #209225)
+ * Added Depends: on debconf, it's used in the maintainer's scripts now.
+ * Added debconf template to ask for the creation of the TUN/TAP device
+ node. (Closes: #211198)
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 2 Oct 2003 21:39:46 +0200
+
+openvpn (1.4.3-1) unstable; urgency=low
+
+ * New upstream release
+ * Bumped Standards-Version to 3.6.1.0, no change.
+ * Patched init.d script to support single vpn stop/start/restart.
+ Thanks to Richard Mueller and Norbert Tretkowski (Closes: #204100)
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Tue, 30 Sep 2003 20:04:37 +0200
+
+openvpn (1.4.1.4-1) unstable; urgency=low
+
+ * New upstream release. Backed out --dev-name patch,
+ modified --dev to offer equivalent functionality
+ (Closes: #194910)
+ * Updated README.Debian. Thanks to John R. Shearer
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Tue, 17 Jun 2003 11:08:17 +0200
+
+openvpn (1.4.1-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Fri, 16 May 2003 17:14:41 +0200
+
+openvpn (1.4.0-2) unstable; urgency=low
+
+ * Patch from James Yonan to use 2.2.x TUN interface if 2.4.x fails.
+ (Closes: #182020)
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Sun, 11 May 2003 10:24:51 +0200
+
+openvpn (1.4.0-1) unstable; urgency=low
+
+ * New upstream release (Closes: #179551)
+ * Re-enabled liblzo support. LZO's author made an exception in LZO's
+ license that permits OpenVPN to use LZO and OpenSSL. See copyright
+ file.
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 8 May 2003 09:21:53 +0200
+
+openvpn (1.3.2-3) unstable; urgency=low
+
+ * Removed executable permissions from generated secret files.
+ (Closes: #178849)
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 6 Feb 2003 10:04:11 +0100
+
+openvpn (1.3.2-2) unstable; urgency=low
+
+ * Disabled liblzo1 support to fix license issues with Openssl.
+ (Closes: #177497)
+ * Bumped Standards-Version to 3.5.8, no change.
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Mon, 20 Jan 2003 16:09:16 +0100
+
+openvpn (1.3.2-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Mon, 28 Oct 2002 14:22:10 +0100
+
+openvpn (1.3.0-2) unstable; urgency=low
+
+ * Modified init.d script so it's not dependent on bash. (Closes: #161525)
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Sat, 21 Sep 2002 12:23:46 +0200
+
+openvpn (1.3.0-1) unstable; urgency=low
+
+ * New upstream release
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Wed, 10 Jul 2002 12:50:50 +0200
+
+openvpn (1.2.1-1) unstable; urgency=low
+
+ * New upstream release
+ * Added init.d script
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Fri, 21 Jun 2002 14:05:42 +0200
+
+openvpn (1.2.0-2) unstable; urgency=low
+
+ * Modified configure(.ac) pthread library handling to work with GCC 3.0.
+ Thanks to Lamont Jones for the patch. (Closes: #148120)
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Sat, 25 May 2002 11:41:59 +0200
+
+openvpn (1.2.0-1) unstable; urgency=low
+
+ * Initial Release. (Closes: #140463)
+
+ -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 23 May 2002 11:00:37 +0200