diff options
Diffstat (limited to 'debian')
60 files changed, 6551 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..e53005c --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,97 @@ +openvpn (2.4.0-4) unstable; urgency=medium + + If you're upgrading a previous OpenVPN installation, you should check your + current CRL file expiraton date. "crl-verify" option now also checks that. + Regenerate your CRL file if the expiration date is in the past or your + clients won't be able to connect. + + OpenVPN 2.4 will try to connect using IPv6 first if you're using a hostname + with both A and AAAA entries, if your VPN server is still running a + previous (<2.4) version a long wait may occur until your 2.4 client tries + with the IPv4 address. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 02 Feb 2017 14:15:42 +0100 + +openvpn (2.4.0-1) unstable; urgency=medium + + OpenVPN 2.4 removed tls-remote option. Current setups using that option + will fail to work. Update your configuration to use verify-x509-name + instead. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 27 Dec 2016 22:50:20 +0100 + +openvpn (2.3~rc1-1) experimental; urgency=low + + auth-pam and down-root plugins renamed to: + openvpn-plugin-auth-pam.so + openvpn-plugin-down-root.so + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 06 Nov 2012 13:22:13 +0100 + +openvpn (2.1~rc15-1) unstable; urgency=low + + The openvpn utility changed its handling of pkcs11 certificates when it + switched from built-in code to the pkcs11-helper library (package + libpkcs11-helper1 on Debian). This means that you will have to update your + openvpn configuration files if you are using such certificates. For + example, a stanza in a configuration file might previously have referred to + a given pkcs11 certificate like this: + + pkcs11-providers /usr/lib/opensc-pkcs11.so + pkcs11-slot-type id + pkcs11-slot 0 + pkcs11-id-type label + pkcs11-id "YOUR_LABEL" + + This stanza has to be rewritten now in the following way: + + pkcs11-providers /usr/lib/opensc-pkcs11.so + pkcs11-id 'YOUR_PKCS11_SERIALIZED_ID' + + The pkcs11-slot, pkcs11-slot-type, pkcs11-id-type options are obsolete; + a long ID string that is unique for each certificate is now used as the + only identifier. Note that YOUR_PKCS11_SERIALIZED_ID will almost + certainly be different from YOUR_LABEL that you used previously with the + pkcs11-id option. To find out the correct serialized ID(s) for your + certificate(s), you have to query the pkcs11-provider library: + + $ openvpn --show-pkcs11-ids /usr/lib/opensc-pkcs11.so + + The following objects are available for use. + Each object shown below may be used as parameter to --pkcs11-id option + please remember to use single quote mark. + + Certificate + DN: /CN=YOUR_USER + Serial: SERIAL_NUMBER + Serialized id: YOUR_PKCS11_SERIALIZED_ID + + You have to paste YOUR_PKCS11_SERIALIZED_ID as seen in this output into + your openvpn configuration file and make sure that the string is enclosed + in single quotation marks. + + The example above assumes that your cryptographic token can be accessed + via the opensc-pkcs11.so library from libopensc2. If you have to use + another library, for example a proprietary driver from the vendor of your + token, then you have to adapt both the stanza in the configuration file + and the path given on the command line accordingly. + + Florian Kulzer + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 30 Apr 2009 12:35:05 +0200 + +openvpn (2.1~rc9-3) unstable; urgency=low + + Calling of external commands/scripts + + Starting with version 2.1~rc9, openvpn has a new option to control the + ability to execute external commands (--script-security). + + By default (script-security 1) it will only allow the execution of + built-in commands (ip, ifconfig, route,...). If you require the execution + of external commands, such as /etc/openvpn/update-resolv-conf, you'll have + to include the following option in your configuration file: + script-security 2 + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 16 Aug 2008 13:34:24 +0200 + diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 0000000..517cf02 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,255 @@ +In this file: + +- systemd service file and limits/capabilities +- 'writepid' option warning +- Multiple tunnels +- Starting or stopping multiple tunnels with a single command +- Compatibility notes on 2.x vs 1.x # +- Changes in string remapping (affects tls-remote certificate names) +- plugin support +- Using resolvconf +- Out of memory issues +- LDAP+TLS authentication runs into file exhaustion +- Possible consequences of the 'chroot' option +- Disabling all.send_redirects on tun + topology subnet setups + + +openvpn for Debian +------------------ + +Documentation to get OpenVPN to work is mostly on the openvpn(8) man page. +You'll find example configuration files and additional docs in the +/usr/share/doc/openvpn/examples directory. + +OpenVPN requires TUN/TAP driver support in the kernel. You'll also need a +tun device file. If it's not present on your system, you may create one +with these commands (as root): +# mkdir /dev/net +# mknod /dev/net/tun c 10 200 + +systemd service file and limits/capabilities +-------------------------------------------- + +If you encounter problems [1] (or errors related to permissions) starting +OpenVPN, you may want to check the limits imposed to the OpenVPN service in +/lib/systemd/system/openvpn@.service, notably CapabilityBoundingSet and +LimitNPROC. You may override those executing: +# systemctl edit openvpn@.service + +And setting CapabilityBoundingSet (or LimitNPROC) to be empty: +[Service] +CapabilityBoundingSet=~ + +[1] daemon() failed or unsupported: Resource temporarily unavailable (errno=11) +[2] Failed running command (--route-up): external program exited with error status: 1 + +'writepid' option warning +------------------------- + +Don't specify a 'writepid' option in the .conf files, or the init.d +script won't be able to stop/reload the tunnels. + +Multiple tunnels +---------------- + +When OpenVPN is started by /etc/init.d/openvpn the default is to start +a separate openvpn daemon for each .conf configuration file in the +/etc/openvpn directory. The /etc/default/openvpn file may be used to +alter this behavior. + +[UPDATE: with OpenVPN 2.0 one openvpn daemon can serve multiple clients. That +way multiple instances of openvpn are no longer required to achieve this, and +one configuration file should be enough for these cases. Take a look at the +'Multi-Client Server options' on the man page] + +Be sure that each .conf file defines a different local port +number with the "port" or "lport" options; see the openvpn +man page for more information. + +Starting or stopping multiple tunnels with a single command +----------------------------------------------------------- + +It is now possible to specify multiple tunnel names to the init.d script. +Just put the names after the action (start|stop), like this: + +/etc/init.d/openvpn start vpn1 vpn4 vpn5 + +This only works with sysvinit(-core), if you're running systemd, you cannot +pass arguments to init.d scripts. + +In order to start/stop a particular VPN you may use: +# service openvpn@VPN_NAME start +or +# systemctl start openvpn@VPN_NAME + +/etc/network/interfaces +----------------------- + +/etc/network/interfaces can be configured to start and stop openvpn when the +underlying network interface is brought up and down. To do so add a line such +as "openvpn vpn1" to the stanza for the underlying network interface, where +"vpn1" is the name of the vpn to start and stop. + +It is possible to control vpn interfaces using the standard ifup/ifdown +commands. This is helpful in case you want tunnels to be started right +after physical networks, so any network filesystems listed in fstab can be +mounted during the standard boot sequence. In order to do this several +steps need to be taken: + +- Select a specific tun/tap device name using the 'dev' option in your + config file (e.g. dev tun_work). This will ensure that the name you + use in /etc/network/interfaces will always match the one this vpn + will utilize. + +- Create a 'manual' type interface entry in /etc/network/interfaces. + There should be only one option - openvpn, which takes a config file + name as the argument (without the .conf suffix) For example: + + auto tun_work + iface tun_work inet manual + openvpn work_vpn + +- You should prevent openvpn from trying to start this tunnel when its + own init script runs, since the interface is already up. This is done + in /etc/default/openvpn by changing the AUTOSTART option as described + in the same file + + +If you'd like to use a bridged setup (utilizing a tap device) Debian provides +some helper tools in the bridge-utils package to help you setting up your +bridge via /etc/network/interfaces. + +An easy example, creating a bridge interface 'br0' from 'eth0' and 'tap0', +can look like this: + + auto lo br0 eth1 + allow-hotplug eth0 + + iface br0 inet static + address 192.168.1.1 + network 192.168.1.0 + netmask 255.255.255.0 + broadcast 192.168.1.255 + bridge_ports eth0 tap0 + pre-up openvpn --mktun --dev tap0 + +It's recommended to read the manpage - man 5 bridge-utils-interfaces - as well. + + +##################################### +# Compatibility notes on 2.x vs 1.x # +##################################### + +In version 2.0, --tun-mtu 1500 --mssfix 1450 is now the default. In 1.x the +default is --link-mtu 1300 for tun interfaces and --tun-mtu 1500 for tap +interfaces, with --mssfix disabled). + +Also in version 2.0, when using TLS, --key-method 2 is now the default, +it was 1 in versions 1.x. + +To sum up, to make 2.0 work with 1.x put the following in the 1.x configuration +files: + + tun-mtu 1500 + tun-mtu-extra 32 + mssfix 1450 + key-method 2 ## (if you're using TLS) + + +Or, in case you'd rather not modify the 1.x configuration, set the 2.x side +configuration like this: + +If using TLS: + key-method 1 +If "dev tun": + link-mtu 1300 +If "dev tap": + tun-mtu 1500 + tun-mtu-extra 32 + +OpenVPN 1.x won't be able to act as a client against a OpenVPN 2.x +acting as multiple client server. OpenVPN 1.x can only work with 2.x +in point-to-point tunnels. + +Changes in string remapping +--------------------------- + +Quoting James Yonan: +"Prior to 2.0-beta12, the string remapping code was a bit ad-hoc. Since then +I've tried to unify all string remapping towards a consistent model which +remaps illegal chars to '_'. The choice of underbar is arbitrary -- any inert +character will do." + +So, you must use '_' instead of '.' to represent spaces in certificates names +from now on. + +plugin support +-------------- + +Plugins are now included in the package. They get installed in /usr/lib/openvpn. +Info on what they are and what they do in README.auth-pam and README.down-root. +Append /usr/lib/openvpn/ to the plugin name in the plugin option. +i.e. + plugin /usr/lib/openvpn/openvpn-auth-pam.so [service-type] + +Using resolvconf +---------------- + +Have a look at the shell script /etc/openvpn/update-resolv-conf +It parses DHCP options from openvpn to update /etc/resolv.conf +To use set as 'up' and 'down' script in your openvpn *.conf: + +up /etc/openvpn/update-resolv-conf +down /etc/openvpn/update-resolv-conf + +You will need to install resolvconf package. + +Out of Memory issues +------------------- + +You might run into issues with openvpn complaining about out of memory. The +reason for this behavior is that openvpn uses mlockall to pin all of its +pages into memory. To correct this issue you can put a "ulimit -l +<reasonable number>" in the openvpn init script. + +LDAP+TLS authentication runs into file exhaustion +------------------------------------------------- + +When LDAP is used with TLS support a file handle to /dev/urandom is created but +never released on every authentication. This is due to a bug in libgcrypt. + +Lars Ellenberg provided the following worked around: +Append LD_PRELOAD=/lib/security/pam_ldap.so before the call to openvpn (in the +init.d script). ie: + +..... (around line 58 of the init.d script).... +LD_PRELOAD=/lib/security/pam_ldap.so start-stop-daemon --start --quiet --oknodo + +Thanks Andreas Metzler, Lars Ellenberg, Simon Josefsson & chantra for folling +this issue. + + +Possible consequences of the 'chroot' option +-------------------------------------------- + +When running OpenVPN on a chroot environment you have to take into account that +things as /dev/log may change (i.e. when syslog is reloaded by logrotate) and +that may result in OpenVPN not logging anymore. + +Christian Schneider suggested this solution: +Create an additional "dev/log" socket in the jail by "-a" option to sysklogd or +"$AddUnixListenSocket" parameter in /etc/rsyslog.conf, respectively + +Kudos to him, for finding out and proposing a solution. + + +Disabling all.send_redirects on tun + topology subnet setups +------------------------------------------------------------ + +If any of your VPNs uses "dev tun" and "topology subnet" but does not use +"client-to-client", OpenVPN's init.d script will disable all.send_redirects +(set it to 0) to avoid sending ICMP redirects trough the tun interfaces (and +confusing clients). + + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 24 Feb 2012 11:03:50 +0100 diff --git a/debian/README.source b/debian/README.source new file mode 100644 index 0000000..44b33ce --- /dev/null +++ b/debian/README.source @@ -0,0 +1,2 @@ +Please refer to /usr/share/doc/quilt/README.source before making changes to +the source package. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..3de80ab --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1350 @@ +openvpn (2.4.0-6) unstable; urgency=medium + + * Apply upstream patch to fix shrinking MTU sizes on reconnects causing not + usable VPN tunnels. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 22 May 2017 14:59:49 +0200 + +openvpn (2.4.0-5) unstable; urgency=high + + * Change typo fix in command line help. + * SECURITY UPDATE: pre-authentication denial-of-service vulnerability + (both client and server) from a too-large control packet. + - debian/patches/CVE-2017-7478.patch: Do not assert on too-large + control packet + - CVE-2017-7478 + * SECURITY UPDATE: authenticated remote DoS vulnerability due to + packet ID rollover + - debian/patches/CVE-2017-7479-prereq.patch: merge + packet_id_alloc_outgoing() into packet_id_write() + - debian/patches/CVE-2017-7479.patch: do not assert when packet ID + rollover occurs + - CVE-2017-7479 + * SECURITY UPDATE: auth tokens left in memory after de-auth + - debian/patches/wipe_tokens_on_de-auth.patch: always wipe token + as soon as a TLS session is considered broken. + * Kudos to Steve Beattie <sbeattie@ubuntu.com> for doing all the + backporting work for this upload. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 May 2017 14:15:21 +0200 + +openvpn (2.4.0-4) unstable; urgency=medium + + * Add NEWS entries on possible 2.4 migration issues. + (Closes: #852381, #849909) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 02 Feb 2017 14:15:42 +0100 + +openvpn (2.4.0-3) unstable; urgency=medium + + * You shall run debdiff even when the change is only a word, or you may find + out the word was not there... + * Add liblz4-dev to Build-Depends. (Closing: #849563 for real) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 29 Dec 2016 09:41:17 +0100 + +openvpn (2.4.0-2) unstable; urgency=medium + + * Enable lz4 compression (Closes: #849563). + Thanks Laurent Bigonville for noticing. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 28 Dec 2016 18:43:12 +0100 + +openvpn (2.4.0-1) unstable; urgency=medium + + * New upstream release. + * Refresh debian/patches to new upstream coding style. + * debian/NEWS.Debian. Add note on removed tls-remote option + (Closes: #848062) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 27 Dec 2016 18:29:43 +0100 + +openvpn (2.4~rc1-2) unstable; urgency=medium + + * Make lintian happy: + - Update debian/watch + - Remove .gitignore file from samples + - Add Depends on lsb-base + - Move bash completion file to /usr/share + - Remove unneeded dot in manpage + - Bump Standards-Version + * debian/patches/kfreebsd_support: Update patch for 2.4 series. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 12 Dec 2016 20:20:09 +0100 + +openvpn (2.4~rc1-1) unstable; urgency=medium + + * New upstream release + * Update close_socket_before_scripts.patch to upstream's version + * Add /etc/openvpn/client & /etc/openvpn/server directories for + upstream's systemd units. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 10 Dec 2016 19:06:15 +0100 + +openvpn (2.4~beta1-1) experimental; urgency=medium + + * New upstream release + * Change Build-Dep on libssl-dev to libssl1.0-dev since upstream is not + transitioning to libssl1.1 yet. + * Moved to debhelper compat 9. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 21 Nov 2016 10:15:40 +0100 + +openvpn (2.3.11-2) unstable; urgency=medium + + * Remove dependency on initscripts. (Closes: #804968) + * README.Debian. Fix CapabilityBoundingSet reference. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 23 May 2016 09:55:30 +0200 + +openvpn (2.3.11-1) unstable; urgency=medium + + * New upstream release. + * tun.c: patch to fix FTBFS in kfreebsd. (Closes: #815283) + Thanks Steven Chamberlain for the patch. + * README.Debian: Document limits in the service file. + (Closes: #819919, #823621) + * Removed versioned dependency on initscripts. (Closes: #804968) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 10 May 2016 17:41:53 +0200 + +openvpn (2.3.10-1) unstable; urgency=medium + + * New upstream release. (Closes: #804368) + Drop password_prompt_in_systemd.patch. Applied upstream. + * Unify pidfile path on systemd and sysV. (Closes: #811010) + Thanks Guillem Jover for noticing. + * Increase start-stop-daemon timeout on stop to let openvpn + tear down the connection properly in some cases. + (Closes: #799592, #796914) + * Add CAP_AUDIT_WRITE to openvpn@.service CapabilityBoundingSet + to fix auth-pam plugin. (Closes: #795313) + * Patch from Martin Pitt to start OpenVPN before user sessions + to avoid hidding possible password prompts. (Closes: #803032) + * Make another copy of t_client.sh to help keeping the build + environment clean. (Closes: #765447) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 20 Jan 2016 12:01:36 +0100 + +openvpn (2.3.8-1) unstable; urgency=medium + + * New upstream release. Drop patch from 2.3.7-2. + Hopefully (Closes: #791829) + * Apply upstream fix for systemd password prompt that + delayed this upload. Sorry SysV users. + * debian/rules: remove obsolete options (*-path) to configure + * openvpn@.service: Use KillMode=mixed to fix signaling of some plugins. + (Closes: #792907). Also add PrivateTmp & LimitNPROC options. + Thanks Daniel Hahler for the patch. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 28 Oct 2015 17:34:26 +0100 + +openvpn (2.3.7-2) unstable; urgency=medium + + * Move libsystemd-daemon-dev Build-Dep to libsystemd-dev. + Add Build-Dep on systemd. (Closes: #791904) + * Bumped Standards-Version to 3.9.6 + * Apply upstream patch to fix stdin password prompt. + (Closes: #791829) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 08 Sep 2015 08:23:19 +0000 + +openvpn (2.3.7-1) unstable; urgency=medium + + * New upstream version + * Add --no-block to if-up.d script to avoid hanging boot on + interfaces with openvpn instances. (Closes: #787090, #785200) + * Add ProtectSystem=yes to systemd's service file. (Closes: #771626) + * Removed upstream applied patches: + - 0001-Drop-too-short-control-channel-packets-instead-of-as.patch + - update_sample_certs.patch + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 01 Jul 2015 13:19:26 +0200 + +openvpn (2.3.5-1) unstable; urgency=medium + + * New upstream release. Removed patches applied upstream: + client_connect_tmp_files.patch + better_systemd_detection.patch + * Add Build-Depends on libsystemd-daemon-dev. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Oct 2014 17:44:06 +0100 + +openvpn (2.3.4-5) unstable; urgency=high + + * Apply upstream patch that fixes possible DoS by authenticated + clients. CVE-2014-8104 + * Patch sample certs since they were expired and made the package + build fail. (Closes: #770835) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 01 Dec 2014 16:10:37 +0100 + +openvpn (2.3.4-4) unstable; urgency=medium + + * Use dh-systemd in order to enable the service unit. + (Closes: #768411) + * Add comment on /etc/default/openvpn file about options + not supported on systemd. (Closes: #768384) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 07 Nov 2014 13:59:54 +0100 + +openvpn (2.3.4-3) unstable; urgency=medium + + * Apply patch by Samuel Thibault to clean up temporary files. + (Closes: #764651). Thanks Samuel! + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 13 Oct 2014 18:24:03 +0200 + +openvpn (2.3.4-2) unstable; urgency=medium + + * openvpn.service. Remove ExecStop, add ExecReload. + Fixes reload of openvpn service. (Closes: #763411) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 30 Sep 2014 13:05:45 +0200 + +openvpn (2.3.4-1) unstable; urgency=medium + + * Upload to unstable. + * New upstream release. (Closes: #752568) + * Add Turkish debconf translation. (Closes: #759879) + * Replace openvpn-systemd-helper with a systemd generator. + Thanks Ondřej Surý, Ansgar Burchardt and postgresql-common for + the ideas, help and inspiration. + * Bumped Standards-Version to 3.9.5 + * debian/control: Add Vcs-* + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 02 Sep 2014 12:06:06 +0200 + +openvpn (2.3.3-1) experimental; urgency=medium + + * Install tmpfiles.d configuration to create /run/openvpn in + systemd. Properly fixing #741938. + * Add reload to openvpn@.service. (Closes: #747840) + * New upstream release + * New openvpn.service to override LSB script when running systemd. + (Closes: #700888) + * Apply patch from upstream's BTS to improve systemd detection. + (Closes: #747265) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 17 Mar 2014 19:40:12 +0100 + +openvpn (2.3.2-9) unstable; urgency=medium + + * Create /run/openvpn in init script even if no VPN is + autostarted by it. (Closes: #741938) + * Fix systemd detection based on /run/systemd/system. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 17 Mar 2014 15:40:02 +0100 + +openvpn (2.3.2-8) unstable; urgency=medium + + * Add support for systemd. (Closes: #700888) + Add openvpn@.service and --enable-systemd to ./configure. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 14 Mar 2014 12:59:57 +0100 + +openvpn (2.3.2-7) unstable; urgency=low + + * Fix postinst when no *.pid files exist in /run/sendsigs.omit.d/. + (Closes: #730679) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 28 Nov 2013 13:05:31 +0100 + +openvpn (2.3.2-6) unstable; urgency=low + + * Move PID and status files to openvpn subdir in /run. + (Closes: #614036). Thanks Stephen Gildea for the patch and Simon Deziel + for the upgrade path. + * Add --enable-x509-alt-username option to ./configure + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 27 Nov 2013 13:58:33 +0100 + +openvpn (2.3.2-5) unstable; urgency=low + + * Patch init script to fix race conditions on restarts. + (Closes: #716794). Thanks Simon Deziel for the patch. + * Improve update-resolv-conf script. Thanks Thomas Hood + for the patch. (Closes: #721082) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 15 Jul 2013 16:10:59 +0200 + +openvpn (2.3.2-4) unstable; urgency=low + + * Fix depends on iproute to iproute2. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 21 Jun 2013 11:17:52 +0200 + +openvpn (2.3.2-3) unstable; urgency=low + + * Add iproute2 support on linux archs. + * Add versioned Build-Depends on dpkg-dev since --export=configure + is used. (Closes: #697560) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 20 Jun 2013 13:23:24 +0200 + +openvpn (2.3.2-2) unstable; urgency=low + + * Add pkg-config to Build-Depends while waiting for libpkcs11-helper1-dev's + maintainter to decide if he includes pkg-config as a Depends. + Thanks Roland Stigge for finding out. (Closes: #711076) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 05 Jun 2013 16:39:27 +0200 + +openvpn (2.3.2-1) unstable; urgency=low + + * New upstream version. + Less messages about script security (Closes: #573129) + * Add --enable-pkcs11 to configure to avoid losing PKCS11. + Thanks Jaak Pruulmann-Vengerfeldt for noticing before the + upload! (Closes: #710085) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 03 Jun 2013 18:48:44 +0200 + +openvpn (2.3.1-2) unstable; urgency=low + + * Add net-tools to Build-Depends. (Closes: #709108) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 21 May 2013 12:31:39 +0200 + +openvpn (2.3.1-1) unstable; urgency=low + + * New upstream version. Fixes use of non-constant-time memcmp in HMAC + comparison. CVE-2013-2061 (Closes: #707329) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 17 May 2013 11:54:31 +0200 + +openvpn (2.3.0-1) experimental; urgency=low + + * New upstream release + * Add easy-rsa to Recommends + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 12 Nov 2012 16:56:47 +0100 + +openvpn (2.3~rc1-1) experimental; urgency=low + + * Upload to experimental + * New upstream release with reworked build system + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 05 Nov 2012 16:31:15 +0100 + +openvpn (2.2.1-8) unstable; urgency=low + + * Enable "PIE" and "BINDOW" hardening flags. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 23 Mar 2012 10:40:39 +0100 + +openvpn (2.2.1-7) unstable; urgency=low + + * Add dpkg-buildflags call on plugins built too. + Thanks Simon Ruderich for finding out, the nice patch and + clarification. (Closes: #655130) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 16 Mar 2012 10:49:28 +0100 + +openvpn (2.2.1-6) unstable; urgency=low + + * /run transition: Replaced usage of /dev/.udev with /run/udev, + when checking for the usage of udev. Depend on initscripts + (>= 2.88dsf-13.3) to guarantee the existence of /run/udev + in case udev is being used. (Closes: #644321) + Patch by Pieter du Preez. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Mar 2012 13:44:50 +0100 + +openvpn (2.2.1-5) unstable; urgency=low + + * Avoid sending ICMP redirects when using tun devices and "subnet" + topology. Thanks Simon Deziel for testing and the patch. + (Closes: #656241) + The init.d script will set all.send_redirects=0 when using "dev tun" + and "topology subnet". More info in README.Debian. + * Several manpage fixes + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 23 Feb 2012 17:25:54 +0100 + +openvpn (2.2.1-4) unstable; urgency=low + + * Use dpkg-buildflags to fill CFLAGS in ./configure. (Closes: #655130) + * debian/rules: Moved to dh. + * debian/rules: Changed DEB_BUILD_ARCH_OS with DEB_HOST_ARCH_OS. + * Removed quilt Build-Depends. + * debian/openvpn.default: Clarify what "vpn name" refers to. + (Closes: #657610) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 08 Feb 2012 16:31:32 +0100 + +openvpn (2.2.1-3) unstable; urgency=low + + * The iproute fiasco release. + * Remove --enable-iproute2 dependency since it's only available in Linux. + Write that in the changelog so I don't forget _again_ why iproute is not + set... (Closes: #652702) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 20 Dec 2011 13:06:05 +0100 + +openvpn (2.2.1-2) unstable; urgency=low + + * debian/rules: Force path to 'ip' command so that it's set correctly even + if not present (in the buildd). (Closes: #652702) + * Fix OMIT_SENDSIGS logic on init.d script. (Closes: #652703) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 20 Dec 2011 07:21:07 +0100 + +openvpn (2.2.1-1) unstable; urgency=low + + * New upstream release + * Added OMIT_SENDSIGS option in init.d script to let openvpn run after + sendsigs on system reboot or shutdown. (Closes: #636864) + * Configure with --enable-iproute2. + * Change path to route on kFreeBSD. (Closes: #646221) Thanks Robert Millan. + + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 13 Dec 2011 11:04:22 +0100 + +openvpn (2.2.0-2) unstable; urgency=low + + * Upload to unstable + * debian/control: added Homepage field + * Added debian/watch file + * debian/patches: Added descriptions/authors/etc. to patches + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 15 Jun 2011 12:28:15 +0200 + +openvpn (2.2.0-1) experimental; urgency=low + + * New upstream release (Closes: #625281) + * Removed Depends on open(ssl|vpn)-blacklist, since + debian_openssl_vulnkeys.patch is no longer used. + Removed templates referring it too. + * Removed manpage_dash_escaping.patch, applied upstream + * Removed attemping_typo, applied upstream + * Removed counter_type_for_bytes.patch, applied upstream + * Removed eurephia.patch, applied upstream + * Updated JuanJo's & Gert's IPv6 patches + * Removed versioned Depends on libssl (Closes: #623503) + * Improved kFreeBSD support. Thanks Gonéri Le Bouder for the patch + (Closes: #626062) + * Updated Dutch debconf templates. (Closes: #625526) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 10 May 2011 16:17:00 +0200 + +openvpn (2.1.3-5) experimental; urgency=low + + * Upload to experimental. + * Add ipv6 payload patch by Gert Doering. (Closes: #604071) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 22 Mar 2011 10:57:18 +0100 + +openvpn (2.1.3-4) unstable; urgency=low + + * Updated JuanJo's IPv6 patch. Now really fixes use from xinetd. + Thanks JuanJo & Christian Weinberger for testing it (Closes: #574164) + * Removed debian_openssl_vulnkeys.patch since we're Etch + 2 now. + (Closes: #484105, #487994) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 22 Mar 2011 10:04:21 +0100 + +openvpn (2.1.3-3) unstable; urgency=low + + * Updated JuanJo's IPv6 patch. + Fixes use from xinetd (Closes: #574164) + * Patched update-resolv-conf to support multiple DNS search domains. + Thanks Jeremy Zawodny and Dave Walker for the patch. + (Closes: #617740) + * Added a note about bridge-utils helpers in README.Debian. + Thanks Sven Hoexter. (Closes: #599192) + * Updated Danish debconf templates. (Closes: #608425) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 11 Mar 2011 13:08:12 +0100 + +openvpn (2.1.3-2) unstable; urgency=low + + * Applied upstream patch to solve random routes added when using + 'remote_host'. (Closes: #600166) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 21 Oct 2010 12:21:33 +0200 + +openvpn (2.1.3-1) unstable; urgency=low + + * New upstream release (Closes: #595684) + * Fixed multiple building in a row (Closes: #592086) + * Added handling of newer DEB_BUILD_OPTIONS. + Thanks Lionel Elie Mamane for the patch. (Closes: #592098) + * Updated IPv6 patch from JuanJo Ciarlante. + Fixes --multihome option. (Closes: #562099) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 29 Sep 2010 13:07:37 +0200 + +openvpn (2.1.0-3) unstable; urgency=low + + * The 'happy birthday to me' release + * Fixed client hang when server does not push anything. (Closes: #587414) + Thanks Thierry Carrez for the heads up. + * Document possible problems when using 'chroot' option + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 09 Jul 2010 12:22:09 +0200 + +openvpn (2.1.0-2) unstable; urgency=low + + * Patched ssl.[ch] to fix integer overflow. (Closes: #576827) + Thanks David Sommerseth for the patch. + * Fixed manpage typo. (Closes: #576823) + * Bloat the init.d script with more dependencies required by the + new init systems. Sucky. (Closes: #568647, #553338) + * Reworded README.Debian (Closes: #550164) + * Switch to dpkg-source 3.0 (quilt) format + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 10 Apr 2010 17:26:42 +0200 + +openvpn (2.1.0-1) unstable; urgency=low + + * New upstream release + * init.d script: added soft-restart to the options output. (Closes: #558174) + * debian/control: Promoted net-tools from Recommends to Depends. + (Closes: #557906) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 11 Dec 2009 12:08:50 +0100 + +openvpn (2.1~rc22-1) unstable; urgency=low + + * New upstream release + * Added a note on LDAP+TLS problems in README.Debian + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 04 Dec 2009 16:33:02 +0100 + +openvpn (2.1~rc21-2) unstable; urgency=low + + * debian/patches: Added eurephia.patch to support eurephia plug-in. + * debian/patches: updated openvpn over ipv6 support to v0.4.10 + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 19 Nov 2009 18:00:27 +0100 + +openvpn (2.1~rc21-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 12 Nov 2009 12:19:26 +0100 + +openvpn (2.1~rc20-3) unstable; urgency=low + + * Updated debian_openssl_vulnkeys.patch to fix false vulnerable + key detection. (Closes: #483139). + Thanks a lot Kees Cook and Jamie Strandboge for working on this! + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 04 Nov 2009 17:18:03 +0100 + +openvpn (2.1~rc20-2) unstable; urgency=low + + * init.d script: Added X-Interactive header. (Closes: #549424) + * patches/jjo-ipv6-support.patch: Added ipv6 support. (Closes: #307846) + Patch from JuanJo Ciarlante. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 06 Oct 2009 13:04:07 +0200 + +openvpn (2.1~rc20-1) unstable; urgency=low + + * New upstream version. + - Fixes redirect-gateway option parsing. (Closes: #541450) + * Changed init.d Provides from 'vpn' to 'openvpn'. (Closes: #497563) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 02 Oct 2009 17:24:38 +0200 + +openvpn (2.1~rc19-2) unstable; urgency=low + + * Fixed init.d script to depend on $remote_fs and $syslog (Closes: #539764) + * Added debian/README.source + * Bumped Standards-Version to 3.8.3 + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 30 Aug 2009 20:20:11 +0200 + +openvpn (2.1~rc19-1) unstable; urgency=low + + * New upstream version + - Removed remote_env.patch, applied upstream + - trusted_ip is exported again. (Closes: #524979) + * Bumped Standards-Version to 3.8.2 + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 21 Jul 2009 17:00:56 +0200 + +openvpn (2.1~rc15-1) unstable; urgency=low + + * New upstream version (Closes: #515575) + * remote_env.patch: patched options.c to fix remote* enviroment vars. + * openvpn-pkcs11warn.patch: warn on deprecated pkcs11 options. + Thanks A LOT to Florian Kulzer for the README.Debian text & patch! + (Closes: #475353) + * Removed lladdr-is-not-ip.patch, since it was included upstream. + * init.d script: Use start-stop-daemon to avoid failure on start when + a PID file is not deleted. (Closes: #445061) + * init.d script: Added 'status' action. Thanks Thierry Carrez for + the patch. (Closes: #498493) + * Updated debian/copyright: Point to GPL-2 + * Updated debian/control: Added ${misc:Depends} + * Bumped Standards-Version to 3.8.1 + * Moved to debhelper compat 7. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 30 Apr 2009 12:35:05 +0200 + +openvpn (2.1~rc11-1) unstable; urgency=low + + * New upstream version + - Fixes TLS negotiation problems (Closes: #496649) + * Patched options.c, socket.c and socket.h to correctly check + for MAC addresses on lladdr parm. (Closes: #496141) + Thanks hoverhell@gmail.com for the patch. + * init.d script: exit with 0 status when trying to start + an already running VPN. (Closes: #499247) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 17 Sep 2008 13:43:22 +0200 + +openvpn (2.1~rc10-1) unstable; urgency=low + + * New upstream version. + - Fixed calls to external commands with arguments. + (Closes: #495964, #496314, #497411) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 11 Sep 2008 16:58:37 +0200 + +openvpn (2.1~rc9-3) unstable; urgency=low + + * debian/rules: run ./configure with path to 'route', for + those build daemons without 'route'. (Closes: #495082) + * Created NEWS.Debian with info on new option script-security. + (Closes: #494998) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 16 Aug 2008 13:34:24 +0200 + +openvpn (2.1~rc9-2) unstable; urgency=low + + * debian/rules: run ./configure with path to ifconfig, for + those build daemons without ifconfig. (Closes: #494918) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 13 Aug 2008 13:37:01 +0200 + +openvpn (2.1~rc9-1) unstable; urgency=high + + * New upstream version. + * Urgency high since it fixes a security bug in versions + 2.1-beta14 to 2.1-rc8. CVE-2008-3459. (Closes: #493488) + * Added sample-scripts/ to examples directory. + * Thanks Tristan Hill for rewritten debian_openssl_vulnkeys.patch + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 11 Aug 2008 19:40:11 +0200 + +openvpn (2.1~rc8-1) unstable; urgency=low + + * New upstream version + * Added Build-dep on libpkcs11-helper1 to re-enable PKCS#11 + support. Sorry for the delay Florian :) (Closes: #475353) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 23 Jul 2008 10:38:13 +0200 + +openvpn (2.1~rc7-6) unstable; urgency=low + + * debian/control: Add Recommends on net-tools. (Closes: #469522) + * init.d script: clean up. (Closes: #486678) + * init.d script: Added soft-restart option to send SIGUSR1 to running + VPNs. (Closes: #414252) + * Added bash_completion for init.d script. (Closes: #394289) + * Removed obsolete templates and its associated code. (Closes: #459531) + * Removed stop before upgrade question, always restar after the upgrade + not in between. (Closes: #371148) + * New patch to correct spelling error in socket.c. (Closes: #487957) + * Added OPTARGS to init.d script and /etc/default/openvpn so that + Stanislav Maslovski does not have to edit this on every upgrade :) + (Closes: #488675) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 24 Jun 2008 15:46:15 +0200 + +openvpn (2.1~rc7-5) unstable; urgency=low + + * init.d script: Set default exit code to 0 when undefined. + (Closes: #486441) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 16 Jun 2008 16:59:02 +0200 + +openvpn (2.1~rc7-4) unstable; urgency=low + + * The 'Miriam helped me move to quilt' release + * Moved all the patches to debian/patches + * debian/control: Added Build-Dep on quilt + * Applied patch by Jamie Strandboge to fix openssl-vulnkey + extra passphrase prompts. Thanks Jamie. + (Closes: #483020, #483500, #486129) + * Updated Portuguese debconf templates. (Closes: #484007) + + [ Martin Pitt ] + * Added note on Out Of Memory issues. (Closes: #484113) + * Avoid asking about the tun device creation if using udev. + (Closes: #484111) + * Reworked init.d script to use LSB functions. (Closes: #484110) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 14 Jun 2008 19:00:40 +0200 + +openvpn (2.1~rc7-3) unstable; urgency=low + + * The 'Thanks the transtalors' release + * Updated Japanese debconf templates. (Closes: #483848) + * Updated Russian debconf templates. (Closes: #483693) + * Updated Brazilian Portuguese debconf templates. (Closes: #483686) + * Updated German debconf templates. (Closes: #483610) + * Updated French debconf templates. (Closes: #483104) + * Updated Spanish debconf templates. (Closes: #482939) + * Updated Italian debconf templates. (Closes: #482809) + * Updated Finnish debconf templates. (Closes: #482763) + * Updated Swedish debconf templates. (Closes: #482677) + * Updated Vietnamese debconf templates. (Closes: #482640) + * Updated Galician debconf templates. (Closes: #482461) + * Updated Czech debconf templates. (Closes: #482430) + * Updated Basque debconf templates. (Closes: #482398) + * Updated path to openssl-vulnkey. (Closes: #483723) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 01 Jun 2008 21:11:17 +0200 + +openvpn (2.1~rc7-2) unstable; urgency=high + + * init.c: Warn of use of known vulnerable weak SSL/TLS + and shared secret keys caused by Debian openssl bug. + Patch taken from Ubuntu. CVE-2008-0166 + * debian/(templates|postinst): Add warning on vulnerable + secrect/key files. + * debian/control: Add dependencies on openssl-blacklist and + openvpn-blacklist. Bumped dependency on libssl version. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 16 May 2008 00:45:23 +0200 + +openvpn (2.1~rc7-1) unstable; urgency=low + + * New upstream release (Closes: #464181) + - Slashes in X509 common name allowed (Closes: #452274) + * init.d script: Removed /dev/null stdin redirection, so passphrases + can be typed in. (Closes: #454371) + * Set FD_CLOEXEC in socket initialization BEFORE running the 'up script' + Thanks a lot Julien Cristau for finding this out and sending the + patch (Closes: #367716) + * Added multiple VPN configuration in /e/n/interfaces. + Thanks Sam Couter for the patch (Closes: #472924) + * Bumped Standards-Version to 3.7.3 + * Debconf templates and debian/control reviewed by the debian-l10n- + english team as part of the Smith review project. (Closes: #462048) + * Updated Vietnamese debconf templates. (Closes: #465535) + * Updated German debconf templates. (Closes: #465317) + * Updated Brazilian Portuguese debconf templates. (Closes: #465440) + * Updated Japanese debconf templates. (Closes: #462736) + * Updated Portuguese debconf templates. (Closes: #462795) + * Updated Swedish debconf templates. (Closes: #462979) + * Updated Galician debconf templates. (Closes: #462990) + * Updated Spanish debconf templates. (Closes: #463047) + * Updated French debconf templates. (Closes: #463636) + * Updated Italian debconf templates. (Closes: #463703) + * Updated Finnish debconf templates. (Closes: #463952) + * Updated Czech debconf templates. (Closes: #464221) + * Updated Russian debconf templates. (Closes: #464666) + * Updated Norwegian Bokmål debconf templates. (Closes: #462811) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 02 Feb 2008 22:41:31 +0100 + +openvpn (2.1~rc4-2) unstable; urgency=low + + * Upload to unstable. New upstream fixes: + - Bug with: Assertion failed at multi.c. (Closes: #411633) + - Hangs with tcp clients goin down with new option: + --connect-timeout. (Closes: #296834) + * Use rm -f to remove PIDFILE, in case rm wants to ask. + (Closes: #429932) + * Updated Vietnamese debconf templates. (Closes: #427048) + Thanks Clytie Siddall. + * Added note on resolvconf use with openvpn. (Closes: #451319) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 08 Dec 2007 21:58:05 +0100 + +openvpn (2.1~rc4-1) experimental; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 22 Oct 2007 20:59:46 +0200 + +openvpn (2.1~rc2-1) experimental; urgency=low + + * Just forward-push the Debian patches to the new version, + and upload to experimental (with permission of the maintainer). + + -- Andreas Barth <aba@not.so.argh.org> Thu, 19 Apr 2007 18:23:59 +0200 + +openvpn (2.0.9-8) unstable; urgency=low + + * Install /etc/openvpn/update-resolv-conf with correct permissions + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 19 May 2007 18:12:12 +0200 + +openvpn (2.0.9-7) unstable; urgency=low + + * Added script to update resolv.conf with server's settings. + The script is located in the /etc/openvpn/ directory. + Thanks a lot Christof Lauber for the script. + Added resolvconf to Suggests. + * Added LSB section to the init.d script. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 19 May 2007 17:48:23 +0200 + +openvpn (2.0.9-6) unstable; urgency=low + + * Fixed init.d script to avoid running multiple instances of the + same VPN. Thanks Keith Kyzivat for pushing me into looking + again into this issue. (Closes: #326080) + * Included patch to README.Debian from Peter Rabbitson describing + /etc/network/interfaces integration. (Closes: #413732) + * Also included joeyh's suggestion on the previous subject. + (Closes: 419797) + * Avoid restarting a vpn instead of reloading it due to wrong + detection of 'user' option in init.d script. Thanks Josip Rodin. + (Closes: 403503) + * Added Russian debconf translation. (Closes: #414088) + Thanks Yuriy Talakan. + * Built against liblzo2 instead of liblzo. (Closes: #423366) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 15 May 2007 23:53:26 +0200 + +openvpn (2.0.9-5) unstable; urgency=low + + * Added Galician debconf translation. (Closes: #412492) + Thanks Jacobo Tarrio + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 28 Feb 2007 00:36:14 +0100 + +openvpn (2.0.9-4) unstable; urgency=low + + * Updated Swedish debconf translation. (Closes: #407851) + Thanks Andreas Henriksson + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 21 Jan 2007 22:24:58 +0100 + +openvpn (2.0.9-3) unstable; urgency=low + + * Fixed type in Portuguese debconf translation. + * debian/templates. Changed default value for init.d change + question to false. (Closes: #403317) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 22 Dec 2006 19:36:05 +0100 + +openvpn (2.0.9-2) unstable; urgency=low + + * Updated Spanish debconf translation. (Closes: #393796) + * Updated German debconf translation. (Closes: #397019) + * Updated Japanese debconf translation. (Closes: #392627) + * Added Italian debconf translation. (Closes: #398050) + * Added Portuguese debconf translation. (Closes: #400685) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 8 Dec 2006 12:28:34 +0100 + +openvpn (2.0.9-1) unstable; urgency=low + + * New upstream release. No changes in *NIX source code. + Updating to avoid 'New upstream, blah, blah'. + * debian/control: Fixed spelling error in description + (Closes: #390242) + * debian/copyright: Updated project's homepage and author's + email address. (Closes: #388466) + * debian/copyright: Updated the FSF address. + * Updated Dutch debconf translation. (Closes: #389982, 379802) + Thanks Kurt De Bree + * Updated Czech debconf translation. (Closes: #384755) + Thanks Miroslav Kure + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 10 Oct 2006 12:17:57 +0200 + +openvpn (2.0.7-1) unstable; urgency=low + + * The 'Translators, translators, translators' release. + * New upstream version. + * Added Dutch debconf translation. (Closes: #370073) + Thanks Kurt De Bree + * Updated Danish debconf translation. (Closes: #369772, #376704) + Thanks Claus Hindsgaul + * Updated French debconf translation. (Closes: #373191) + Thanks Michel Grentzinger + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 22 Jul 2006 20:44:52 +0200 + +openvpn (2.0.6-2) unstable; urgency=low + + * The "Mañana" Release. + * debian/control: Added Suggests: openssl (Closes: #368256) + * debian/postinst: Run the init.d script with 'start' when doing + a fresh install or stop2upgrade=true. (Closes: #366085, #338956) + * Updated Czech debconf translation (Closes: #333989) + Thanks Miroslav Kure. + * Bumped Standards-Version to 3.7.2.0, no change. + * debian/rules: Avoid compressing 'pkitool' (Closes: #354478) + * debian/templates: Corrected typo on init scripts order change. + (Closes: #351664) + * Updated German debconf translation (Closes: #345853) + Thanks Erik Schanze. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 22 May 2006 03:08:10 +0200 + +openvpn (2.0.6-1) unstable; urgency=high + + * New upstream release. Urgency high due to security fix. + - Disallow "setenv" to be pushed to clients from the server. + (Closes: #360559) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 5 Apr 2006 12:17:26 +0200 + +openvpn (2.0.5-1) unstable; urgency=high + + * New upstream release. Urgency high due to security issues. + - DoS vulnerability on the server in TCP mode. + (CVE-2005-3409) (Closes: #337334) + - Format string vulnerability in the foreign_option + function in options.c could potentially allow a malicious + or compromised server to execute arbitrary code on the + client. (CVE-2005-3393) (Closes: #336751) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 7 Nov 2005 10:13:55 +0100 + +openvpn (2.0.2-2) unstable; urgency=low + + * debian/control: fix Depends on debconf. (Closes: #332056) + * Bumped Standards-Version to 3.6.2.0, no change. + * Updated Danish debconf translation. (Closes: #326907) + * Updated French debconf translation. (Closes: #328076) + * Added Swedish debconf translation. (Closes: #332785) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 9 Oct 2005 18:42:34 +0200 + +openvpn (2.0.2-1) unstable; urgency=low + + * The [VAC] upload. Thanks Vorbis Gdynia for the free internet access :) + * New upstream release (Closes: #323594) + * Fixed use of backslash in username authentication. (Closes: #309787) + * Fixes several DoS vulnerabilities: CAN-2005-2531 CAN-2005-2532 + CAN-2005-2533 CAN-2005-2534. (Closes: #324167) + * Changed group option from 'nobody' to 'nogroup' in all the + *example* files... (Closes: #317987) + * Included openvpn-plugin.h to allow building third party plugins. + (Closes: #316139) + * Stop openvpn's daemon later to allow some services stopping later to use + it. Added debconf template to ask permission to make the change + on older installations. (Closes: #312371) + * Workaround to fix proper daemonize when 'log' option is used. + (Closes: #309944) Thanks Jason Lunz for the patch. + * Modified output of init.d script to make it more friendly when + passphrase for a tunnel certificate is asked. + Thanks Pavel Vávra for the patch. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 28 Aug 2005 13:05:49 +0200 + +openvpn (2.0-4) unstable; urgency=low + + * The 'It was about time I could make a new upload' release + * Rewrote some debconf templates (Closes: #316694). + Thanks Clytie Siddall for the corrections. + * Included Vietnamese debconf translation. (Closes: #316695) + * debian/rules: exclude openssl.cnf from being compress. + (Closes: #315764) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 6 Jul 2005 09:22:16 +0200 + +openvpn (2.0-3) unstable; urgency=low + + * postinst: call 'restart' when 'cond-restart' fails due to user + not upgrading the init.d script. (Closes: #308926) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sat, 28 May 2005 12:52:16 +0200 + +openvpn (2.0-2) unstable; urgency=low + + * Added '-f' to rm when deleting the status file. This eliminates + the need to test if it exists and saves the init.d script from + failing. (Closes: #306588) + * Modified pam plugin to load libpam.so.0 instead of libpam.so. + (Closes: #306335) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 4 May 2005 15:02:45 +0200 + +openvpn (2.0-1) unstable; urgency=low + + * The 'This-is-the-real-2.0' release + * New upstream version. + * openvpn.8: s/--/\\-\\-/g a.k.a escaped dashes to make it possible + to search for options with UTF charsets. (Closes: #296133) + * Improved init.d script output. (Closes: #297997) + Thanks Thomas Hood for the patch. + * debian/control. Rewrote Description: field. + Now it's more useful and complete. (Closes: #304895) + * init.d script: + - Fixed restarting of multiple VPNs + - Fixed TAB converted to spaces. + - Remove status file on VPN stop + - Respect 'status' option if given in the config file + - New /etc/default/openvpn configuration file that allows + control on which VPNs are automatically started and also + controls status file refresh interval + Thanks Philipp A. Hartmann for the nice patch. (Closes: #294332) + * init.d script: Added cond-restart to only restart VPNs in use. + postint: Call init.d script with cond-restart instead of restart. + (Closes: #280464) + * init.d script: change order of --config and --cd to permit + nested 'configs'. (Closes: #299082) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 18 Apr 2005 09:07:05 +0200 + +openvpn (1.99+2.rc20-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 4 Apr 2005 23:05:23 +0200 + +openvpn (1.99+2.rc18-1) unstable; urgency=low + + * New upstream release (Closes: #301949) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 29 Mar 2005 12:56:42 +0200 + +openvpn (1.99+2.rc16-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 20 Feb 2005 20:24:25 +0100 + +openvpn (1.99+2.rc12-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 6 Feb 2005 11:49:44 +0100 + +openvpn (1.99+2.rc11-2) unstable; urgency=low + + * Added --enable-password-save to configure call to allow + --askpass and --auth-user-pass passwords to be read from a file. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 3 Feb 2005 18:19:28 +0100 + +openvpn (1.99+2.rc11-1) unstable; urgency=low + + * New upstream release + * Added --status line to init.d script (Closes: #293144) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 3 Feb 2005 09:28:06 +0100 + +openvpn (1.99+2.rc10-1) unstable; urgency=low + + * New upstream release + * Updated pt_BR debconf translation (Closes: #292079) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 28 Jan 2005 14:44:42 +0100 + +openvpn (1.99+2.rc6-1) unstable; urgency=low + + * The 'Three Wise Men' release. + * New upstream release. + * Update README.Debian with comments on changed string remapping. + Thanks ron@debian.org for noting this first. (Closes: #288669) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 5 Jan 2005 19:03:11 +0100 + +openvpn (1.99+2.beta19-1) unstable; urgency=low + + * New upstream release. + * Updated README.Debian with info on plugins. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 5 Dec 2004 11:57:03 +0100 + +openvpn (1.99+2.beta18-2) unstable; urgency=low + + * Built and installed plugins. Thanks Michael Renner for noticing. + (Closes: #284224) + * Added Build-Depends on libpam0g-dev, required by auth-pam plugin. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 5 Dec 2004 10:19:45 +0100 + +openvpn (1.99+2.beta18-1) unstable; urgency=low + + * New upstream release. Corrects --mssfix behaviour (Closes: #280893) + * Included Czech debconf translation. (Closes: #282995) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 29 Nov 2004 10:56:07 +0100 + +openvpn (1.99+2.beta17-2) unstable; urgency=low + + * Updated (German|Danish|French|Japanese) debconf translations. + (Closes: #281235, #282095, #282216, #282881) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 24 Nov 2004 08:15:29 +0100 + +openvpn (1.99+2.beta17-1) unstable; urgency=low + + * New upstream version. Includes fix for the --key-method 1 bug. + * WARNING: This version changes the default port (5000 previously) + to 1194 (assigned by INANA). This will affect you if you don't + have a 'port' option specified in your configuration files. + Added a debconf note about it. + * Updated es.po. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Fri, 12 Nov 2004 15:32:56 +0100 + +openvpn (1.99+2.beta16-2) unstable; urgency=low + + * Patched ssl.c to fix bug in --key-method 1, that prevented + OpenVPN 2.x from working with 1.x using that method. + Thanks James for the prompt answer & patch. + Thanks weasel for finding it out. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 8 Nov 2004 11:59:12 +0100 + +openvpn (1.99+2.beta16-1) unstable; urgency=low + + * New upstream releases. Fixes the "Assertion failed at crypto.c" + (Closes: #265632, #270005) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 7 Nov 2004 17:46:09 +0100 + +openvpn (1.99+2.beta15-5) unstable; urgency=low + + * Updated README.Debian with clearer 2.x vs 1.x interoperability + instructions. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Sun, 7 Nov 2004 10:26:03 +0100 + +openvpn (1.99+2.beta15-4) unstable; urgency=low + + * Put if-{up,down}.d scripts back in place, this time they work. + Just remember to quote shell vars when checking if they are empty. + [ -n "$VAR" ] -> Good [ -n $VAR ] -> BAD + Note to self, don't trust people's patches even if they are DD. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Thu, 4 Nov 2004 08:33:45 +0100 + +openvpn (1.99+2.beta15-3) unstable; urgency=low + + * Removed if-{up,down}.d scripts until I get to know how they work. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 3 Nov 2004 20:58:41 +0100 + +openvpn (1.99+2.beta15-2) unstable; urgency=low + + * Corrected names of if-{up,down}.d scripts. Duh! + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 3 Nov 2004 10:21:52 +0100 + +openvpn (1.99+2.beta15-1) unstable; urgency=low + + * New upstream release. + * Renamed package to 1.99 to make it clearer that we're using + version 2.0 and not 1.6. Some people rather talk about this on IRC + and not tell the maintainer directly. + * Added Brazilian Portuguese debconf templates. (Closes: #279351) + * Modified init.d script so that specifying a daemon option in a + VPN configuration won't make it fail. + Thanks Christoph Biedl for the patch. (Closes: #278302) + * Added scripts to allow specifying 'openvpn name' in + /etc/network/interfaces to have the tunnel created and destroyed with + the device it runs over. Thanks Joachim Breitner for the patch. + (Closes: #273481) + * Modified init.d script so that multiple VPNs can be started or stopped + with a single command. (See README.Debian) + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Tue, 2 Nov 2004 12:49:41 +0100 + +openvpn (1.6.0+2.beta14-1) unstable; urgency=low + + * New upstream release. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Wed, 20 Oct 2004 09:13:09 +0200 + +openvpn (1.6.0+2.beta12-1) unstable; urgency=low + + * New upstream release. + * Added comments about compatibility issues between openvpn 2.x and 1.x + to README.Debian (Closes: #276799) + * Changed maintainer email address. + + -- Alberto Gonzalez Iniesta <agi@inittab.org> Mon, 18 Oct 2004 09:01:23 +0200 + +openvpn (1.6.0+2.beta11-1) unstable; urgency=low + + * New upstream release. (Closes: #269631) + * I decided to get OpenVPN 2 into sid, and hopefully into Sarge since + the current beta works pretty well and adds important features I don't + want missing in Sarge. + * Updated README.Debian + + -- Alberto Gonzalez Iniesta <agi@agi.as> Fri, 15 Oct 2004 11:52:58 +0200 + +openvpn (1.6.0-5) unstable; urgency=low + + * Added German and Japanese debconf templates. + (Closes: #266927, #270477) + + -- Alberto Gonzalez Iniesta <agi@agi.as> Fri, 10 Sep 2004 08:31:54 +0200 + +openvpn (1.6.0-4) unstable; urgency=low + + * Updated French and Danish debconf templates + (Closes: #254064, #256053) + + -- Alberto Gonzalez Iniesta <agi@agi.as> Mon, 28 Jun 2004 09:51:44 +0200 + +openvpn (1.6.0-3) unstable; urgency=low + + * Included Catalan debconf templates. (Closes: #248750) + Thanks Aleix Badia i Bosch. + * Added debconf question on whether the daemon should be stopped at + the begining of and upgrade or not. Thus being more reliable on + remote upgrades. (Closes: #250558) + + -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 10 Jun 2004 15:59:39 +0200 + +openvpn (1.6.0-2) unstable; urgency=low + + * Recover init.d modification suggested by Kai Henningsen to get + different syslog names for each VPN. How the fuck did that get lost? + + -- Alberto Gonzalez Iniesta <agi@agi.as> Fri, 28 May 2004 16:51:04 +0200 + +openvpn (1.6.0-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta <agi@agi.as> Mon, 10 May 2004 08:59:37 +0200 + +openvpn (1.5.0-3) unstable; urgency=low + + * Included Danish debconf template. Thanks Claus Hindsgau. + (Closes: #234944) + + -- Alberto Gonzalez Iniesta <agi@agi.as> Tue, 9 Mar 2004 16:36:33 +0100 + +openvpn (1.5.0-2) unstable; urgency=low + + * Modified init.d script to permit different syslog names for each + VPN. Thanks Kai Henningsen for the tip. (Closes: #227376) + * Moved 'verify-cn' script to /usr to make weasel happier ;) + (Closes: #221995) + * Moved to gettext-based debconf templated. Added French translation. + Thanks Michel Grentzinger for the patches. + (Closes: #219015, #219016) + * Fixed spanish translation that was a complete mess. + (Closes: Fri-Sun) + + -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 15 Jan 2004 18:08:24 +0100 + +openvpn (1.5.0-1) unstable; urgency=low + + * New upstream release + * Moved to debhelper compatibility 4. Created debian/compat. + + -- Alberto Gonzalez Iniesta <agi@agi.as> Sat, 22 Nov 2003 18:18:50 +0100 + +openvpn (1.4.3-3) unstable; urgency=low + + * Added quotes around $2 in dpkg --compare-versions (config and postinst) + and check if $2 actually has a value. + This way it won't fail if $2 is not set. Duh! (Closes: #214848) + + -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 9 Oct 2003 11:01:31 +0200 + +openvpn (1.4.3-2) unstable; urgency=low + + * Moved initscripts sequence number to S16 from S20. This will make + openvpn start earlier and be ready for other services. (Closes: #209225) + * Added Depends: on debconf, it's used in the maintainer's scripts now. + * Added debconf template to ask for the creation of the TUN/TAP device + node. (Closes: #211198) + + -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 2 Oct 2003 21:39:46 +0200 + +openvpn (1.4.3-1) unstable; urgency=low + + * New upstream release + * Bumped Standards-Version to 3.6.1.0, no change. + * Patched init.d script to support single vpn stop/start/restart. + Thanks to Richard Mueller and Norbert Tretkowski (Closes: #204100) + + -- Alberto Gonzalez Iniesta <agi@agi.as> Tue, 30 Sep 2003 20:04:37 +0200 + +openvpn (1.4.1.4-1) unstable; urgency=low + + * New upstream release. Backed out --dev-name patch, + modified --dev to offer equivalent functionality + (Closes: #194910) + * Updated README.Debian. Thanks to John R. Shearer + + -- Alberto Gonzalez Iniesta <agi@agi.as> Tue, 17 Jun 2003 11:08:17 +0200 + +openvpn (1.4.1-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta <agi@agi.as> Fri, 16 May 2003 17:14:41 +0200 + +openvpn (1.4.0-2) unstable; urgency=low + + * Patch from James Yonan to use 2.2.x TUN interface if 2.4.x fails. + (Closes: #182020) + + -- Alberto Gonzalez Iniesta <agi@agi.as> Sun, 11 May 2003 10:24:51 +0200 + +openvpn (1.4.0-1) unstable; urgency=low + + * New upstream release (Closes: #179551) + * Re-enabled liblzo support. LZO's author made an exception in LZO's + license that permits OpenVPN to use LZO and OpenSSL. See copyright + file. + + -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 8 May 2003 09:21:53 +0200 + +openvpn (1.3.2-3) unstable; urgency=low + + * Removed executable permissions from generated secret files. + (Closes: #178849) + + -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 6 Feb 2003 10:04:11 +0100 + +openvpn (1.3.2-2) unstable; urgency=low + + * Disabled liblzo1 support to fix license issues with Openssl. + (Closes: #177497) + * Bumped Standards-Version to 3.5.8, no change. + + -- Alberto Gonzalez Iniesta <agi@agi.as> Mon, 20 Jan 2003 16:09:16 +0100 + +openvpn (1.3.2-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta <agi@agi.as> Mon, 28 Oct 2002 14:22:10 +0100 + +openvpn (1.3.0-2) unstable; urgency=low + + * Modified init.d script so it's not dependent on bash. (Closes: #161525) + + -- Alberto Gonzalez Iniesta <agi@agi.as> Sat, 21 Sep 2002 12:23:46 +0200 + +openvpn (1.3.0-1) unstable; urgency=low + + * New upstream release + + -- Alberto Gonzalez Iniesta <agi@agi.as> Wed, 10 Jul 2002 12:50:50 +0200 + +openvpn (1.2.1-1) unstable; urgency=low + + * New upstream release + * Added init.d script + + -- Alberto Gonzalez Iniesta <agi@agi.as> Fri, 21 Jun 2002 14:05:42 +0200 + +openvpn (1.2.0-2) unstable; urgency=low + + * Modified configure(.ac) pthread library handling to work with GCC 3.0. + Thanks to Lamont Jones for the patch. (Closes: #148120) + + -- Alberto Gonzalez Iniesta <agi@agi.as> Sat, 25 May 2002 11:41:59 +0200 + +openvpn (1.2.0-1) unstable; urgency=low + + * Initial Release. (Closes: #140463) + + -- Alberto Gonzalez Iniesta <agi@agi.as> Thu, 23 May 2002 11:00:37 +0200 + diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/config b/debian/config new file mode 100644 index 0000000..04883da --- /dev/null +++ b/debian/config @@ -0,0 +1,21 @@ +#!/bin/sh +# Copyright 2003 Alberto Gonzalez Iniesta <agi@agi.as> +# Licensed under the GNU General Public License, version 2. See the file +# /usr/share/common-licenses/GPL or <http://www.gnu.org/copyleft/gpl.txt>. +# +set -e +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +# Use debconf +. /usr/share/debconf/confmodule + +# Do we want to create /dev/net/tun? +if [ ! -e /run/udev ] && [ ! -e /dev/net/tun ]; then + db_input medium openvpn/create_tun || true + db_go +fi + +db_stop + +exit 0 +# vim: set ai et sts=2 sw=2 tw=0: diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..dd2aa76 --- /dev/null +++ b/debian/control @@ -0,0 +1,28 @@ +Source: openvpn +Section: net +Priority: optional +Maintainer: Alberto Gonzalez Iniesta <agi@inittab.org> +Build-Depends: debhelper (>= 7.0.50~), libssl1.0-dev, liblzo2-dev, libpam0g-dev, libpkcs11-helper1-dev, pkg-config, dpkg-dev (>= 1.16.1), iproute2 [linux-any], net-tools [!linux-any], dh-systemd (>= 1.5), libsystemd-dev [linux-any], systemd [linux-any], liblz4-dev +Standards-Version: 3.9.8 +Homepage: http://www.openvpn.net/ +Vcs-Git: git://anonscm.debian.org/collab-maint/openvpn.git +Vcs-Browser: https://anonscm.debian.org/gitweb/?p=collab-maint/openvpn.git + +Package: openvpn +Architecture: any +Depends: debconf | debconf-2.0, ${shlibs:Depends}, ${misc:Depends}, iproute2 [linux-any], net-tools [!linux-any], lsb-base (>= 3.0-6) +Suggests: openssl, resolvconf +Recommends: easy-rsa +Description: virtual private network daemon + OpenVPN is an application to securely tunnel IP networks over a + single UDP or TCP port. It can be used to access remote sites, make + secure point-to-point connections, enhance wireless security, etc. + . + OpenVPN uses all of the encryption, authentication, and certification + features provided by the OpenSSL library (any cipher, key size, or + HMAC digest). + . + OpenVPN may use static, pre-shared keys or TLS-based dynamic key exchange. It + also supports VPNs with dynamic endpoints (DHCP or dial-up clients), tunnels + over NAT or connection-oriented stateful firewalls (such as Linux's iptables). + diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..bb0313c --- /dev/null +++ b/debian/copyright @@ -0,0 +1,47 @@ +This package was debianized by Alberto Gonzalez Iniesta <agi@agi.as> on +Tue, 2 Apr 2002 12:24:50 +0200. + +It was downloaded from http://www.openvpn.net + +Upstream Author: James Yonan <jim@yonan.net> + +Copyright: (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net> + + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, + MA 02110-1301, USA. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL-2'. + + In addition, as a special exception, James Yonan gives + permission to link the code of this program with the OpenSSL + library (or with modified versions of OpenSSL that use the same + license as OpenSSL), and distribute linked combinations including + the two. You must obey the GNU General Public License in all + respects for all of the code used other than OpenSSL. If you modify + this file, you may extend this exception to your version of the + file, but you are not obligated to do so. If you do not wish to + do so, delete this exception statement from your version. + +Markus F.X.J. Oberhumer <markus@oberhumer.com> made the following +exception in LZO's license to make possible the use of LZO with OpenSSL +in OpenVPN: + + Hereby I grant a special exception to the OpenVPN project + (http://openvpn.sourceforge.net) to link the LZO library with + the OpenSSL library (http://www.openssl.org). + + Markus F.X.J. Oberhumer + + diff --git a/debian/default b/debian/default new file mode 100644 index 0000000..e18e59d --- /dev/null +++ b/debian/default @@ -0,0 +1,36 @@ +# This is the configuration file for /etc/init.d/openvpn + +# +# Start only these VPNs automatically via init script. +# Allowed values are "all", "none" or space separated list of +# names of the VPNs. If empty, "all" is assumed. +# The VPN name refers to the VPN configutation file name. +# i.e. "home" would be /etc/openvpn/home.conf +# +# If you're running systemd, changing this variable will +# require running "systemctl daemon-reload" followed by +# a restart of the openvpn service (if you removed entries +# you may have to stop those manually) +# +#AUTOSTART="all" +#AUTOSTART="none" +#AUTOSTART="home office" +# +# WARNING: If you're running systemd the rest of the +# options in this file are ignored. +# +# Refresh interval (in seconds) of default status files +# located in /var/run/openvpn.$NAME.status +# Defaults to 10, 0 disables status file generation +# +#STATUSREFRESH=10 +#STATUSREFRESH=0 +# Optional arguments to openvpn's command line +OPTARGS="" +# +# If you need openvpn running after sendsigs, i.e. +# to let umountnfs work over the vpn, set OMIT_SENDSIGS +# to 1 and include umountnfs as Required-Stop: in openvpn's +# init.d script (remember to run insserv after that) +# +OMIT_SENDSIGS=0 diff --git a/debian/dirs b/debian/dirs new file mode 100644 index 0000000..c715297 --- /dev/null +++ b/debian/dirs @@ -0,0 +1,12 @@ +etc/openvpn +etc/openvpn/client +etc/openvpn/server +etc/network/if-up.d +etc/network/if-down.d +usr/share/bash-completion/completions +usr/sbin +usr/share/man/man8 +usr/share/doc/openvpn +usr/share/openvpn +usr/lib/openvpn +usr/include/openvpn diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..efe1658 --- /dev/null +++ b/debian/docs @@ -0,0 +1,3 @@ +AUTHORS +PORTS +README diff --git a/debian/examples b/debian/examples new file mode 100644 index 0000000..8d638f7 --- /dev/null +++ b/debian/examples @@ -0,0 +1,3 @@ +sample/sample-config-files/ +sample/sample-keys/ +sample/sample-scripts/ diff --git a/debian/openvpn-generator b/debian/openvpn-generator new file mode 100755 index 0000000..d6ac1aa --- /dev/null +++ b/debian/openvpn-generator @@ -0,0 +1,40 @@ +#!/bin/sh + +# This systemd generator creates dependency symlinks that make all OpenVPN +# tunnels listed in /etc/default/openvpn's AUTOSTART be started/stopped/reloaded +# when openvpn.service is started/stopped/reloaded. + +set -eu + +GENDIR="$1" +WANTDIR="$1/openvpn.service.wants" +SERVICEFILE="/lib/systemd/system/openvpn@.service" +AUTOSTART="all" +CONFIG_DIR=/etc/openvpn + +mkdir -p "$WANTDIR" + +if test -e /etc/default/openvpn ; then + . /etc/default/openvpn +fi + +# No VPNs automatically started +if test "x$AUTOSTART" = "xnone" ; then + exit 0 +fi + +if test "x$AUTOSTART" = "xall" -o -z "$AUTOSTART" ; then + for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do + NAME=${CONFIG%%.conf} + ln -s "$SERVICEFILE" "$WANTDIR/openvpn@$NAME.service" + done +else + for NAME in $AUTOSTART ; do + if test -e $CONFIG_DIR/$NAME.conf ; then + ln -s "$SERVICEFILE" "$WANTDIR/openvpn@$NAME.service" + fi + done +fi + +exit 0 + diff --git a/debian/openvpn.bash_completion b/debian/openvpn.bash_completion new file mode 100644 index 0000000..282a3b5 --- /dev/null +++ b/debian/openvpn.bash_completion @@ -0,0 +1,23 @@ +# bash completion for openvpn init.d script +# Written by Alberto Gonzalez Iniesta <agi@inittab.org> + +_openvpn() +{ + + local cur + + COMPREPLY=() + cur=${COMP_WORDS[COMP_CWORD]} + + if [ $COMP_CWORD -eq 1 ] ; then + COMPREPLY=( $( compgen -W '$( /etc/init.d/openvpn 2>&1 \ + | cut -d"{" -f2 | tr -d "}" | tr "|" " " )' -- $cur ) ) + else + COMPREPLY=( $( compgen -W '$( command ls /etc/openvpn/*.conf 2>/dev/null \ + | sed -e 's%/etc/openvpn/%%' -e 's/\.conf//' )' -- $cur ) ) + fi + +} + + +complete -F _openvpn /etc/init.d/openvpn diff --git a/debian/openvpn.conf b/debian/openvpn.conf new file mode 100644 index 0000000..3d7d3d7 --- /dev/null +++ b/debian/openvpn.conf @@ -0,0 +1 @@ +d /run/openvpn 0755 root root - - diff --git a/debian/openvpn.if-down.d b/debian/openvpn.if-down.d new file mode 100644 index 0000000..61b8476 --- /dev/null +++ b/debian/openvpn.if-down.d @@ -0,0 +1,21 @@ +#!/bin/sh + +OPENVPN=/usr/sbin/openvpn +OPENVPN_INIT=/etc/init.d/openvpn +SYSTEMCTL=/bin/systemctl +SYSTEMD=/run/systemd/system + +if [ ! -x $OPENVPN ]; then + exit 0 +fi + +if [ -n "$IF_OPENVPN" ]; then + for vpn in $IF_OPENVPN; do + ## check systemd present + if [ -d $SYSTEMD ]; then + $SYSTEMCTL stop openvpn@$vpn + else + $OPENVPN_INIT stop $vpn + fi + done +fi diff --git a/debian/openvpn.if-up.d b/debian/openvpn.if-up.d new file mode 100644 index 0000000..3e88f18 --- /dev/null +++ b/debian/openvpn.if-up.d @@ -0,0 +1,21 @@ +#!/bin/sh + +OPENVPN=/usr/sbin/openvpn +OPENVPN_INIT=/etc/init.d/openvpn +SYSTEMCTL=/bin/systemctl +SYSTEMD=/run/systemd/system + +if [ ! -x $OPENVPN ]; then + exit 0 +fi + +if [ -n "$IF_OPENVPN" ]; then + for vpn in $IF_OPENVPN; do + ## check systemd present + if [ -d $SYSTEMD ]; then + $SYSTEMCTL --no-block start openvpn@$vpn + else + $OPENVPN_INIT start $vpn + fi + done +fi diff --git a/debian/openvpn.init.d b/debian/openvpn.init.d new file mode 100644 index 0000000..ae88417 --- /dev/null +++ b/debian/openvpn.init.d @@ -0,0 +1,298 @@ +#!/bin/sh -e + +### BEGIN INIT INFO +# Provides: openvpn +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $network $remote_fs $syslog +# Should-Start: network-manager +# Should-Stop: network-manager +# X-Start-Before: $x-display-manager gdm kdm xdm wdm ldm sdm nodm +# X-Interactive: true +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Openvpn VPN service +# Description: This script will start OpenVPN tunnels as specified +# in /etc/default/openvpn and /etc/openvpn/*.conf +### END INIT INFO + +# Original version by Robert Leslie +# <rob@mars.org>, edited by iwj and cs +# Modified for openvpn by Alberto Gonzalez Iniesta <agi@inittab.org> +# Modified for restarting / starting / stopping single tunnels by Richard Mueller <mueller@teamix.net> + +. /lib/lsb/init-functions + +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +DAEMON=/usr/sbin/openvpn +DESC="virtual private network daemon" +CONFIG_DIR=/etc/openvpn +test -x $DAEMON || exit 0 +test -d $CONFIG_DIR || exit 0 + +# Source defaults file; edit that file to configure this script. +AUTOSTART="all" +STATUSREFRESH=10 +OMIT_SENDSIGS=0 +if test -e /etc/default/openvpn ; then + . /etc/default/openvpn +fi + +start_vpn () { + if grep -q '^[ ]*daemon' $CONFIG_DIR/$NAME.conf ; then + # daemon already given in config file + DAEMONARG= + else + # need to daemonize + DAEMONARG="--daemon ovpn-$NAME" + fi + + if grep -q '^[ ]*status ' $CONFIG_DIR/$NAME.conf ; then + # status file already given in config file + STATUSARG="" + elif test $STATUSREFRESH -eq 0 ; then + # default status file disabled in /etc/default/openvpn + STATUSARG="" + else + # prepare default status file + STATUSARG="--status /run/openvpn/$NAME.status $STATUSREFRESH" + fi + + # tun using the "subnet" topology confuses the routing code that wrongly + # emits ICMP redirects for client to client communications + SAVED_DEFAULT_SEND_REDIRECTS=0 + if grep -q '^[[:space:]]*dev[[:space:]]*tun' $CONFIG_DIR/$NAME.conf && \ + grep -q '^[[:space:]]*topology[[:space:]]*subnet' $CONFIG_DIR/$NAME.conf ; then + # When using "client-to-client", OpenVPN routes the traffic itself without + # involving the TUN/TAP interface so no ICMP redirects are sent + if ! grep -q '^[[:space:]]*client-to-client' $CONFIG_DIR/$NAME.conf ; then + sysctl -w net.ipv4.conf.all.send_redirects=0 > /dev/null + + # Save the default value for send_redirects before disabling it + # to make sure the tun device is created with send_redirects disabled + SAVED_DEFAULT_SEND_REDIRECTS=$(sysctl -n net.ipv4.conf.default.send_redirects) + + if [ "$SAVED_DEFAULT_SEND_REDIRECTS" -ne 0 ]; then + sysctl -w net.ipv4.conf.default.send_redirects=0 > /dev/null + fi + fi + fi + + log_progress_msg "$NAME" + STATUS=0 + + start-stop-daemon --start --quiet --oknodo \ + --pidfile /run/openvpn/$NAME.pid \ + --exec $DAEMON -- $OPTARGS --writepid /run/openvpn/$NAME.pid \ + $DAEMONARG $STATUSARG --cd $CONFIG_DIR \ + --config $CONFIG_DIR/$NAME.conf || STATUS=1 + + [ "$OMIT_SENDSIGS" -ne 1 ] || ln -s /run/openvpn/$NAME.pid /run/sendsigs.omit.d/openvpn.$NAME.pid + + # Set the back the original default value of send_redirects if it was changed + if [ "$SAVED_DEFAULT_SEND_REDIRECTS" -ne 0 ]; then + sysctl -w net.ipv4.conf.default.send_redirects=$SAVED_DEFAULT_SEND_REDIRECTS > /dev/null + fi +} +stop_vpn () { + start-stop-daemon --stop --quiet --oknodo \ + --pidfile $PIDFILE --exec $DAEMON --retry 10 + if [ "$?" -eq 0 ]; then + rm -f $PIDFILE + [ "$OMIT_SENDSIGS" -ne 1 ] || rm -f /run/sendsigs.omit.d/openvpn.$NAME.pid + rm -f /run/openvpn/$NAME.status 2> /dev/null + fi +} + +case "$1" in +start) + log_daemon_msg "Starting $DESC" + + # first create /run directory so it's present even + # when no VPN are autostarted by this script, but later + # by systemd openvpn@.service + mkdir -p /run/openvpn + + # autostart VPNs + if test -z "$2" ; then + # check if automatic startup is disabled by AUTOSTART=none + if test "x$AUTOSTART" = "xnone" -o -z "$AUTOSTART" ; then + log_warning_msg " Autostart disabled." + exit 0 + fi + if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then + # all VPNs shall be started automatically + for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do + NAME=${CONFIG%%.conf} + start_vpn + done + else + # start only specified VPNs + for NAME in $AUTOSTART ; do + if test -e $CONFIG_DIR/$NAME.conf ; then + start_vpn + else + log_failure_msg "No such VPN: $NAME" + STATUS=1 + fi + done + fi + #start VPNs from command line + else + while shift ; do + [ -z "$1" ] && break + if test -e $CONFIG_DIR/$1.conf ; then + NAME=$1 + start_vpn + else + log_failure_msg " No such VPN: $1" + STATUS=1 + fi + done + fi + log_end_msg ${STATUS:-0} + + ;; +stop) + log_daemon_msg "Stopping $DESC" + + if test -z "$2" ; then + for PIDFILE in `ls /run/openvpn/*.pid 2> /dev/null`; do + NAME=`echo $PIDFILE | cut -c14-` + NAME=${NAME%%.pid} + stop_vpn + log_progress_msg "$NAME" + done + else + while shift ; do + [ -z "$1" ] && break + if test -e /run/openvpn/$1.pid ; then + PIDFILE=`ls /run/openvpn/$1.pid 2> /dev/null` + NAME=`echo $PIDFILE | cut -c14-` + NAME=${NAME%%.pid} + stop_vpn + log_progress_msg "$NAME" + else + log_failure_msg " (failure: No such VPN is running: $1)" + fi + done + fi + log_end_msg 0 + ;; +# Only 'reload' running VPNs. New ones will only start with 'start' or 'restart'. +reload|force-reload) + log_daemon_msg "Reloading $DESC" + for PIDFILE in `ls /run/openvpn/*.pid 2> /dev/null`; do + NAME=`echo $PIDFILE | cut -c14-` + NAME=${NAME%%.pid} +# If openvpn if running under a different user than root we'll need to restart + if egrep '^[[:blank:]]*user[[:blank:]]' $CONFIG_DIR/$NAME.conf > /dev/null 2>&1 ; then + stop_vpn + start_vpn + log_progress_msg "(restarted)" + else + kill -HUP `cat $PIDFILE` || true + log_progress_msg "$NAME" + fi + done + log_end_msg 0 + ;; + +# Only 'soft-restart' running VPNs. New ones will only start with 'start' or 'restart'. +soft-restart) + log_daemon_msg "$DESC sending SIGUSR1" + for PIDFILE in `ls /run/openvpn/*.pid 2> /dev/null`; do + NAME=`echo $PIDFILE | cut -c14-` + NAME=${NAME%%.pid} + kill -USR1 `cat $PIDFILE` || true + log_progress_msg "$NAME" + done + log_end_msg 0 + ;; + +restart) + shift + $0 stop ${@} + $0 start ${@} + ;; +cond-restart) + log_daemon_msg "Restarting $DESC." + for PIDFILE in `ls /run/openvpn/*.pid 2> /dev/null`; do + NAME=`echo $PIDFILE | cut -c14-` + NAME=${NAME%%.pid} + stop_vpn + start_vpn + done + log_end_msg 0 + ;; +status) + GLOBAL_STATUS=0 + if test -z "$2" ; then + # We want status for all defined VPNs. + # Returns success if all autostarted VPNs are defined and running + if test "x$AUTOSTART" = "xnone" ; then + # Consider it a failure if AUTOSTART=none + log_warning_msg "No VPN autostarted" + GLOBAL_STATUS=1 + else + if ! test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then + # Consider it a failure if one of the autostarted VPN is not defined + for VPN in $AUTOSTART ; do + if ! test -f $CONFIG_DIR/$VPN.conf ; then + log_warning_msg "VPN '$VPN' is in AUTOSTART but is not defined" + GLOBAL_STATUS=1 + fi + done + fi + fi + for CONFIG in `cd $CONFIG_DIR; ls *.conf 2> /dev/null`; do + NAME=${CONFIG%%.conf} + # Is it an autostarted VPN ? + if test -z "$AUTOSTART" -o "x$AUTOSTART" = "xall" ; then + AUTOVPN=1 + else + if test "x$AUTOSTART" = "xnone" ; then + AUTOVPN=0 + else + AUTOVPN=0 + for VPN in $AUTOSTART; do + if test "x$VPN" = "x$NAME" ; then + AUTOVPN=1 + fi + done + fi + fi + if test "x$AUTOVPN" = "x1" ; then + # If it is autostarted, then it contributes to global status + status_of_proc -p /run/openvpn/${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1 + else + status_of_proc -p /run/openvpn/${NAME}.pid openvpn "VPN '${NAME}' (non autostarted)" || true + fi + done + else + # We just want status for specified VPNs. + # Returns success if all specified VPNs are defined and running + while shift ; do + [ -z "$1" ] && break + NAME=$1 + if test -e $CONFIG_DIR/$NAME.conf ; then + # Config exists + status_of_proc -p /run/openvpn/${NAME}.pid openvpn "VPN '${NAME}'" || GLOBAL_STATUS=1 + else + # Config does not exist + log_warning_msg "VPN '$NAME': missing $CONFIG_DIR/$NAME.conf file !" + GLOBAL_STATUS=1 + fi + done + fi + exit $GLOBAL_STATUS + ;; +*) + echo "Usage: $0 {start|stop|reload|restart|force-reload|cond-restart|soft-restart|status}" >&2 + exit 1 + ;; +esac + +exit 0 + +# vim:set ai sts=2 sw=2 tw=0: diff --git a/debian/openvpn.install b/debian/openvpn.install new file mode 100644 index 0000000..b03fbb7 --- /dev/null +++ b/debian/openvpn.install @@ -0,0 +1,4 @@ +debian/openvpn@.service /lib/systemd/system +debian/openvpn.conf /usr/lib/tmpfiles.d +debian/openvpn.service /lib/systemd/system +debian/openvpn-generator /lib/systemd/system-generators diff --git a/debian/openvpn.service b/debian/openvpn.service new file mode 100644 index 0000000..0075cc4 --- /dev/null +++ b/debian/openvpn.service @@ -0,0 +1,18 @@ +# This service is actually a systemd target, +# but we are using a service since targets cannot be reloaded. + +[Unit] +Description=OpenVPN service +After=network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart=/bin/true +ExecReload=/bin/true +WorkingDirectory=/etc/openvpn + +[Install] +WantedBy=multi-user.target + + diff --git a/debian/openvpn@.service b/debian/openvpn@.service new file mode 100644 index 0000000..a5e645f --- /dev/null +++ b/debian/openvpn@.service @@ -0,0 +1,27 @@ +[Unit] +Description=OpenVPN connection to %i +PartOf=openvpn.service +ReloadPropagatedFrom=openvpn.service +Before=systemd-user-sessions.service +Documentation=man:openvpn(8) +Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage +Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO + +[Service] +PrivateTmp=true +KillMode=mixed +Type=forking +ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid +PIDFile=/run/openvpn/%i.pid +ExecReload=/bin/kill -HUP $MAINPID +WorkingDirectory=/etc/openvpn +ProtectSystem=yes +CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_AUDIT_WRITE +LimitNPROC=10 +DeviceAllow=/dev/null rw +DeviceAllow=/dev/net/tun rw + +[Install] +WantedBy=multi-user.target + + diff --git a/debian/patches/CVE-2017-7478.patch b/debian/patches/CVE-2017-7478.patch new file mode 100644 index 0000000..e301cf1 --- /dev/null +++ b/debian/patches/CVE-2017-7478.patch @@ -0,0 +1,55 @@ +From be66408610a52f81c9c895a8973958ead55a4e57 Mon Sep 17 00:00:00 2001 +From: Steffan Karger <steffan.karger@fox-it.com> +Date: Tue, 9 May 2017 15:40:25 +0300 +Subject: [PATCH] Don't assert out on receiving too-large control packets + (CVE-2017-xxx) +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Commit 3c1b19e0 changed the maximum size of accepted control channel +packets. This was needed for crypto negotiation (which is needed for a +nice transition to a new default cipher), but exposed a DoS +vulnerability. The vulnerability was found during the OpenVPN 2.4 code +audit by Quarkslab (commisioned by OSTIF). + +To fix the issue, we should not ASSERT() on external input (in this case +the received packet size), but instead gracefully error out and drop the +invalid packet. + +Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> +Signed-off-by: Samuli Seppnen <samuli@openvpn.net> + +CVE-2017-7478 + + Security + -------- + - This release fixes a pre-authentication denial-of-service attack on both + clients and servers. By sending a too-large control packet, OpenVPN 2.4.0 or + 2.4.1 can be forced to hit an ASSERT() and stop the process. If + ``--tls-auth`` or ``--tls-crypt`` is used, only attackers that have the + ``--tls-auth`` or ``--tls-crypt`` key can mount an attack. (CVE-2017-xxx) + +--- + Changes.rst | 8 ++++++++ + src/openvpn/ssl.c | 7 ++++++- + 2 files changed, 14 insertions(+), 1 deletion(-) + +Index: openvpn-2.4.0/src/openvpn/ssl.c +=================================================================== +--- openvpn-2.4.0.orig/src/openvpn/ssl.c ++++ openvpn-2.4.0/src/openvpn/ssl.c +@@ -3708,7 +3708,12 @@ tls_pre_decrypt(struct tls_multi *multi, + /* Save incoming ciphertext packet to reliable buffer */ + struct buffer *in = reliable_get_buf(ks->rec_reliable); + ASSERT(in); +- ASSERT(buf_copy(in, buf)); ++ if(!buf_copy(in, buf)) ++ { ++ msg(D_MULTI_DROPPED, ++ "Incoming control channel packet too big, dropping."); ++ goto error; ++ } + reliable_mark_active_incoming(ks->rec_reliable, in, id, op); + } + diff --git a/debian/patches/CVE-2017-7479-prereq.patch b/debian/patches/CVE-2017-7479-prereq.patch new file mode 100644 index 0000000..e3c94d7 --- /dev/null +++ b/debian/patches/CVE-2017-7479-prereq.patch @@ -0,0 +1,443 @@ +From a87e1431baccd49a9344cfc63ab7446c4317fa2f Mon Sep 17 00:00:00 2001 +From: Steffan Karger <steffan.karger@fox-it.com> +Date: Fri, 5 May 2017 19:44:51 +0200 +Subject: [PATCH] cleanup: merge packet_id_alloc_outgoing() into + packet_id_write() + +The functions packet_id_alloc_outgoing() and packet_id_write() were +always called in tandem. Instead of forcing the caller to allocate a +packet_id_net to do so, merge the two functions. This simplifies the API +and reduces the chance on mistakes in the future. + +This patch adds unit tests to verify the behaviour of packet_id_write(). +Verifying that we assert out correctly required the change to mock_msg.c. + +Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> +Acked-by: Gert Doering <gert@greenie.muc.de> +Acked-by: David Sommerseth <davids@openvpn.net> +Message-Id: <1494006291-3522-1-git-send-email-steffan.karger@fox-it.com> +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14541.html +Signed-off-by: Gert Doering <gert@greenie.muc.de> + +[prerequisite for CVE-2017-7479. Adjusted to apply to 2.4.0 release -- sbeattie] + +--- + src/openvpn/crypto.c | 20 ++-- + src/openvpn/packet_id.c | 24 ++++- + src/openvpn/packet_id.h | 35 +++---- + src/openvpn/tls_crypt.c | 6 +- + tests/unit_tests/openvpn/Makefile.am | 13 ++- + tests/unit_tests/openvpn/mock_msg.c | 15 ++- + tests/unit_tests/openvpn/test_packet_id.c | 168 ++++++++++++++++++++++++++++++ + 7 files changed, 228 insertions(+), 53 deletions(-) + create mode 100644 tests/unit_tests/openvpn/test_packet_id.c + +Index: openvpn-2.4.0/src/openvpn/crypto.c +=================================================================== +--- openvpn-2.4.0.orig/src/openvpn/crypto.c ++++ openvpn-2.4.0/src/openvpn/crypto.c +@@ -85,7 +85,6 @@ openvpn_encrypt_aead(struct buffer *buf, + /* Prepare IV */ + { + struct buffer iv_buffer; +- struct packet_id_net pin; + uint8_t iv[OPENVPN_MAX_IV_LENGTH] = {0}; + const int iv_len = cipher_ctx_iv_length(ctx->cipher); + +@@ -94,8 +93,7 @@ openvpn_encrypt_aead(struct buffer *buf, + buf_set_write(&iv_buffer, iv, iv_len); + + /* IV starts with packet id to make the IV unique for packet */ +- packet_id_alloc_outgoing(&opt->packet_id.send, &pin, false); +- ASSERT(packet_id_write(&pin, &iv_buffer, false, false)); ++ ASSERT(packet_id_write(&opt->packet_id.send, &iv_buffer, false, false)); + + /* Remainder of IV consists of implicit part (unique per session) */ + ASSERT(buf_write(&iv_buffer, ctx->implicit_iv, ctx->implicit_iv_len)); +@@ -198,23 +196,21 @@ openvpn_encrypt_v1(struct buffer *buf, s + /* Put packet ID in plaintext buffer */ + if (packet_id_initialized(&opt->packet_id)) + { +- struct packet_id_net pin; +- packet_id_alloc_outgoing(&opt->packet_id.send, &pin, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM)); +- ASSERT(packet_id_write(&pin, buf, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM), true)); ++ ASSERT(packet_id_write(&opt->packet_id.send, buf, ++ opt->flags & CO_PACKET_ID_LONG_FORM, ++ true)); + } + } + else if (cipher_kt_mode_ofb_cfb(cipher_kt)) + { +- struct packet_id_net pin; + struct buffer b; + + /* IV and packet-ID required for this mode. */ + ASSERT(opt->flags & CO_USE_IV); + ASSERT(packet_id_initialized(&opt->packet_id)); + +- packet_id_alloc_outgoing(&opt->packet_id.send, &pin, true); + buf_set_write(&b, iv_buf, iv_size); +- ASSERT(packet_id_write(&pin, &b, true, false)); ++ ASSERT(packet_id_write(&opt->packet_id.send, &b, true, false)); + } + else /* We only support CBC, CFB, or OFB modes right now */ + { +@@ -264,9 +260,9 @@ openvpn_encrypt_v1(struct buffer *buf, s + { + if (packet_id_initialized(&opt->packet_id)) + { +- struct packet_id_net pin; +- packet_id_alloc_outgoing(&opt->packet_id.send, &pin, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM)); +- ASSERT(packet_id_write(&pin, buf, BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM), true)); ++ ASSERT(packet_id_write(&opt->packet_id.send, buf, ++ BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM), ++ true)); + } + if (ctx->hmac) + { +Index: openvpn-2.4.0/src/openvpn/packet_id.c +=================================================================== +--- openvpn-2.4.0.orig/src/openvpn/packet_id.c ++++ openvpn-2.4.0/src/openvpn/packet_id.c +@@ -325,12 +325,30 @@ packet_id_read(struct packet_id_net *pin + return true; + } + ++static void ++packet_id_send_update(struct packet_id_send *p, bool long_form) ++{ ++ if (!p->time) ++ { ++ p->time = now; ++ } ++ p->id++; ++ if (!p->id) ++ { ++ ASSERT(long_form); ++ p->time = now; ++ p->id = 1; ++ } ++} ++ + bool +-packet_id_write(const struct packet_id_net *pin, struct buffer *buf, bool long_form, bool prepend) ++packet_id_write(struct packet_id_send *p, struct buffer *buf, bool long_form, ++ bool prepend) + { +- packet_id_type net_id = htonpid(pin->id); +- net_time_t net_time = htontime(pin->time); ++ packet_id_send_update(p, long_form); + ++ const packet_id_type net_id = htonpid(p->id); ++ const net_time_t net_time = htontime(p->time); + if (prepend) + { + if (long_form) +Index: openvpn-2.4.0/src/openvpn/packet_id.h +=================================================================== +--- openvpn-2.4.0.orig/src/openvpn/packet_id.h ++++ openvpn-2.4.0/src/openvpn/packet_id.h +@@ -254,7 +254,18 @@ const char *packet_id_persist_print(cons + + bool packet_id_read(struct packet_id_net *pin, struct buffer *buf, bool long_form); + +-bool packet_id_write(const struct packet_id_net *pin, struct buffer *buf, bool long_form, bool prepend); ++/** ++ * Write a packet ID to buf, and update the packet ID state. ++ * ++ * @param p Packet ID state. ++ * @param buf Buffer to write the packet ID too ++ * @param long_form If true, also update and write time_t to buf ++ * @param prepend If true, prepend to buffer, otherwise apppend. ++ * ++ * @return true if successful, false otherwise. ++ */ ++bool packet_id_write(struct packet_id_send *p, struct buffer *buf, ++ bool long_form, bool prepend); + + /* + * Inline functions. +@@ -304,28 +315,6 @@ packet_id_close_to_wrapping(const struct + return p->id >= PACKET_ID_WRAP_TRIGGER; + } + +-/* +- * Allocate an outgoing packet id. +- * Sequence number ranges from 1 to 2^32-1. +- * In long_form, a time_t is added as well. +- */ +-static inline void +-packet_id_alloc_outgoing(struct packet_id_send *p, struct packet_id_net *pin, bool long_form) +-{ +- if (!p->time) +- { +- p->time = now; +- } +- pin->id = ++p->id; +- if (!pin->id) +- { +- ASSERT(long_form); +- p->time = now; +- pin->id = p->id = 1; +- } +- pin->time = p->time; +-} +- + static inline bool + check_timestamp_delta(time_t remote, unsigned int max_delta) + { +Index: openvpn-2.4.0/src/openvpn/tls_crypt.c +=================================================================== +--- openvpn-2.4.0.orig/src/openvpn/tls_crypt.c ++++ openvpn-2.4.0/src/openvpn/tls_crypt.c +@@ -95,11 +95,7 @@ tls_crypt_wrap(const struct buffer *src, + format_hex(BPTR(src), BLEN(src), 80, &gc)); + + /* Get packet ID */ +- { +- struct packet_id_net pin; +- packet_id_alloc_outgoing(&opt->packet_id.send, &pin, true); +- packet_id_write(&pin, dst, true, false); +- } ++ ASSERT(packet_id_write(&opt->packet_id.send, dst, true, false)); + + dmsg(D_PACKET_CONTENT, "TLS-CRYPT WRAP AD: %s", + format_hex(BPTR(dst), BLEN(dst), 0, &gc)); +Index: openvpn-2.4.0/tests/unit_tests/openvpn/Makefile.am +=================================================================== +--- openvpn-2.4.0.orig/tests/unit_tests/openvpn/Makefile.am ++++ openvpn-2.4.0/tests/unit_tests/openvpn/Makefile.am +@@ -1,6 +1,6 @@ + AUTOMAKE_OPTIONS = foreign + +-check_PROGRAMS = argv_testdriver buffer_testdriver ++check_PROGRAMS = argv_testdriver buffer_testdriver packet_id_testdriver + + if ENABLE_CRYPTO + check_PROGRAMS += tls_crypt_testdriver +@@ -27,6 +27,17 @@ buffer_testdriver_SOURCES = test_buffer. + $(openvpn_srcdir)/buffer.c \ + $(openvpn_srcdir)/platform.c + ++packet_id_testdriver_CFLAGS = @TEST_CFLAGS@ \ ++ -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ ++ $(OPTIONAL_CRYPTO_CFLAGS) ++packet_id_testdriver_LDFLAGS = @TEST_LDFLAGS@ \ ++ $(OPTIONAL_CRYPTO_LIBS) ++packet_id_testdriver_SOURCES = test_packet_id.c mock_msg.c \ ++ $(openvpn_srcdir)/buffer.c \ ++ $(openvpn_srcdir)/otime.c \ ++ $(openvpn_srcdir)/packet_id.c \ ++ $(openvpn_srcdir)/platform.c ++ + tls_crypt_testdriver_CFLAGS = @TEST_CFLAGS@ \ + -I$(openvpn_includedir) -I$(compat_srcdir) -I$(openvpn_srcdir) \ + $(OPTIONAL_CRYPTO_CFLAGS) +Index: openvpn-2.4.0/tests/unit_tests/openvpn/mock_msg.c +=================================================================== +--- openvpn-2.4.0.orig/tests/unit_tests/openvpn/mock_msg.c ++++ openvpn-2.4.0/tests/unit_tests/openvpn/mock_msg.c +@@ -29,9 +29,12 @@ + #endif + + #include <stdarg.h> +-#include <stdbool.h> ++#include <stddef.h> + #include <stdio.h> + #include <stdlib.h> ++#include <setjmp.h> ++#include <cmocka.h> ++ + + #include "errlevel.h" + #include "error.h" +@@ -70,14 +73,8 @@ x_msg(const unsigned int flags, const ch + void + assert_failed(const char *filename, int line, const char *condition) + { +- if (condition) +- { +- printf("Assertion failed at %s:%d (%s)", filename, line, condition); +- } +- else +- { +- printf("Assertion failed at %s:%d", filename, line); +- } ++ mock_assert(false, condition ? condition : "", filename, line); ++ /* Keep compiler happy. Should not happen, mock_assert() does not return */ + exit(1); + } + +Index: openvpn-2.4.0/tests/unit_tests/openvpn/test_packet_id.c +=================================================================== +--- /dev/null ++++ openvpn-2.4.0/tests/unit_tests/openvpn/test_packet_id.c +@@ -0,0 +1,168 @@ ++/* ++ * OpenVPN -- An application to securely tunnel IP networks ++ * over a single UDP port, with support for SSL/TLS-based ++ * session authentication and key exchange, ++ * packet encryption, packet authentication, and ++ * packet compression. ++ * ++ * Copyright (C) 2016 Fox Crypto B.V. <openvpn@fox-it.com> ++ * ++ * This program is free software; you can redistribute it and/or modify ++ * it under the terms of the GNU General Public License version 2 ++ * as published by the Free Software Foundation. ++ * ++ * This program is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ * GNU General Public License for more details. ++ * ++ * You should have received a copy of the GNU General Public License ++ * along with this program (see the file COPYING included with this ++ * distribution); if not, write to the Free Software Foundation, Inc., ++ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA ++ */ ++ ++#ifdef HAVE_CONFIG_H ++#include "config.h" ++#elif defined(_MSC_VER) ++#include "config-msvc.h" ++#endif ++ ++#include "syshead.h" ++ ++#include <stdarg.h> ++#include <stddef.h> ++#include <setjmp.h> ++#include <cmocka.h> ++ ++#include "packet_id.h" ++ ++#include "mock_msg.h" ++ ++struct test_packet_id_write_data { ++ struct { ++ uint32_t buf_id; ++ uint32_t buf_time; ++ } test_buf_data; ++ struct buffer test_buf; ++ struct packet_id_send pis; ++}; ++ ++static int ++test_packet_id_write_setup(void **state) { ++ struct test_packet_id_write_data *data = ++ calloc(1, sizeof(struct test_packet_id_write_data)); ++ ++ if (!data) ++ { ++ return -1; ++ } ++ ++ data->test_buf.data = (void *) &data->test_buf_data; ++ data->test_buf.capacity = sizeof(data->test_buf_data); ++ ++ *state = data; ++ return 0; ++} ++ ++static int ++test_packet_id_write_teardown(void **state) { ++ free(*state); ++ return 0; ++} ++ ++static void ++test_packet_id_write_short(void **state) ++{ ++ struct test_packet_id_write_data *data = *state; ++ ++ now = 5010; ++ assert_true(packet_id_write(&data->pis, &data->test_buf, false, false)); ++ assert_true(data->pis.id == 1); ++ assert_true(data->test_buf_data.buf_id == htonl(1)); ++ assert_true(data->test_buf_data.buf_time == 0); ++} ++ ++static void ++test_packet_id_write_long(void **state) ++{ ++ struct test_packet_id_write_data *data = *state; ++ ++ now = 5010; ++ assert_true(packet_id_write(&data->pis, &data->test_buf, true, false)); ++ assert(data->pis.id == 1); ++ assert(data->pis.time == now); ++ assert_true(data->test_buf_data.buf_id == htonl(1)); ++ assert_true(data->test_buf_data.buf_time == htonl(now)); ++} ++ ++static void ++test_packet_id_write_short_prepend(void **state) ++{ ++ struct test_packet_id_write_data *data = *state; ++ ++ data->test_buf.offset = sizeof(packet_id_type); ++ now = 5010; ++ assert_true(packet_id_write(&data->pis, &data->test_buf, false, true)); ++ assert_true(data->pis.id == 1); ++ assert_true(data->test_buf_data.buf_id == htonl(1)); ++ assert_true(data->test_buf_data.buf_time == 0); ++} ++ ++static void ++test_packet_id_write_long_prepend(void **state) ++{ ++ struct test_packet_id_write_data *data = *state; ++ ++ data->test_buf.offset = sizeof(data->test_buf_data); ++ now = 5010; ++ assert_true(packet_id_write(&data->pis, &data->test_buf, true, true)); ++ assert(data->pis.id == 1); ++ assert(data->pis.time == now); ++ assert_true(data->test_buf_data.buf_id == htonl(1)); ++ assert_true(data->test_buf_data.buf_time == htonl(now)); ++} ++ ++static void ++test_packet_id_write_short_wrap(void **state) ++{ ++ struct test_packet_id_write_data *data = *state; ++ ++ data->pis.id = ~0; ++ expect_assert_failure( ++ packet_id_write(&data->pis, &data->test_buf, false, false)); ++} ++ ++static void ++test_packet_id_write_long_wrap(void **state) ++{ ++ struct test_packet_id_write_data *data = *state; ++ ++ data->pis.id = ~0; ++ now = 5010; ++ assert_true(packet_id_write(&data->pis, &data->test_buf, true, false)); ++ assert(data->pis.id == 1); ++ assert(data->pis.time == now); ++ assert_true(data->test_buf_data.buf_id == htonl(1)); ++ assert_true(data->test_buf_data.buf_time == htonl(now)); ++} ++ ++int ++main(void) { ++ const struct CMUnitTest tests[] = { ++ cmocka_unit_test_setup_teardown(test_packet_id_write_short, ++ test_packet_id_write_setup, test_packet_id_write_teardown), ++ cmocka_unit_test_setup_teardown(test_packet_id_write_long, ++ test_packet_id_write_setup, test_packet_id_write_teardown), ++ cmocka_unit_test_setup_teardown(test_packet_id_write_short_prepend, ++ test_packet_id_write_setup, test_packet_id_write_teardown), ++ cmocka_unit_test_setup_teardown(test_packet_id_write_long_prepend, ++ test_packet_id_write_setup, test_packet_id_write_teardown), ++ cmocka_unit_test_setup_teardown(test_packet_id_write_short_wrap, ++ test_packet_id_write_setup, test_packet_id_write_teardown), ++ cmocka_unit_test_setup_teardown(test_packet_id_write_long_wrap, ++ test_packet_id_write_setup, test_packet_id_write_teardown), ++ }; ++ ++ return cmocka_run_group_tests_name("packet_id tests", tests, NULL, NULL); ++} diff --git a/debian/patches/CVE-2017-7479.patch b/debian/patches/CVE-2017-7479.patch new file mode 100644 index 0000000..9f75d31 --- /dev/null +++ b/debian/patches/CVE-2017-7479.patch @@ -0,0 +1,193 @@ +From ac08b27cfa693d9be592bb2597c260635aee9e68 Mon Sep 17 00:00:00 2001 +From: Steffan Karger <steffan.karger@fox-it.com> +Date: Tue, 25 Apr 2017 10:00:44 +0200 +Subject: [PATCH 2/2] Drop packets instead of asserting out if packet id rolls + over +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Previously, if a mode was selected where packet ids are not allowed to roll +over, but renegotiation does not succeed for some reason (e.g. no password +entered in time, certificate expired or a malicious peer that refuses the +renegotiaion on purpose) we would continue to use the old keys. Until the +packet ID would roll over and we would ASSERT() out. + +Given that this can be triggered on purpose by an authenticated peer, this +is a fix for an authenticated remote DoS vulnerability. An attack is +rather inefficient though; a peer would need to get us to send 2^32 +packets (min-size packet is IP+UDP+OPCODE+PID+TAG (no payload), results in +(20+8+1+4+16)2^32 bytes, or approx. 196 GB). + +Signed-off-by: Steffan Karger <steffan.karger@fox-it.com> + +CVE-2017-7479 + +--- + src/openvpn/crypto.c | 25 ++++++++++++++++--------- + src/openvpn/packet_id.c | 22 ++++++++++++++++------ + src/openvpn/packet_id.h | 1 + + src/openvpn/tls_crypt.c | 6 +++++- + tests/unit_tests/openvpn/test_packet_id.c | 11 +++++++++-- + 5 files changed, 47 insertions(+), 18 deletions(-) + +Index: openvpn-2.4.0/src/openvpn/crypto.c +=================================================================== +--- openvpn-2.4.0.orig/src/openvpn/crypto.c ++++ openvpn-2.4.0/src/openvpn/crypto.c +@@ -93,7 +93,11 @@ openvpn_encrypt_aead(struct buffer *buf, + buf_set_write(&iv_buffer, iv, iv_len); + + /* IV starts with packet id to make the IV unique for packet */ +- ASSERT(packet_id_write(&opt->packet_id.send, &iv_buffer, false, false)); ++ if (!packet_id_write(&opt->packet_id.send, &iv_buffer, false, false)) ++ { ++ msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over"); ++ goto err; ++ } + + /* Remainder of IV consists of implicit part (unique per session) */ + ASSERT(buf_write(&iv_buffer, ctx->implicit_iv, ctx->implicit_iv_len)); +@@ -194,11 +198,13 @@ openvpn_encrypt_v1(struct buffer *buf, s + } + + /* Put packet ID in plaintext buffer */ +- if (packet_id_initialized(&opt->packet_id)) ++ if (packet_id_initialized(&opt->packet_id) ++ && !packet_id_write(&opt->packet_id.send, buf, ++ opt->flags & CO_PACKET_ID_LONG_FORM, ++ true)) + { +- ASSERT(packet_id_write(&opt->packet_id.send, buf, +- opt->flags & CO_PACKET_ID_LONG_FORM, +- true)); ++ msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over"); ++ goto err; + } + } + else if (cipher_kt_mode_ofb_cfb(cipher_kt)) +@@ -258,11 +264,12 @@ openvpn_encrypt_v1(struct buffer *buf, s + } + else /* No Encryption */ + { +- if (packet_id_initialized(&opt->packet_id)) ++ if (packet_id_initialized(&opt->packet_id) ++ && !packet_id_write(&opt->packet_id.send, buf, ++ opt->flags & CO_PACKET_ID_LONG_FORM, true)) + { +- ASSERT(packet_id_write(&opt->packet_id.send, buf, +- BOOL_CAST(opt->flags & CO_PACKET_ID_LONG_FORM), +- true)); ++ msg(D_CRYPT_ERRORS, "ENCRYPT ERROR: packet ID roll over"); ++ goto err; + } + if (ctx->hmac) + { +Index: openvpn-2.4.0/src/openvpn/packet_id.c +=================================================================== +--- openvpn-2.4.0.orig/src/openvpn/packet_id.c ++++ openvpn-2.4.0/src/openvpn/packet_id.c +@@ -325,27 +325,37 @@ packet_id_read(struct packet_id_net *pin + return true; + } + +-static void ++static bool + packet_id_send_update(struct packet_id_send *p, bool long_form) + { + if (!p->time) + { + p->time = now; + } +- p->id++; +- if (!p->id) ++ if (p->id == PACKET_ID_MAX) + { +- ASSERT(long_form); ++ /* Packet ID only allowed to roll over if using long form and time has ++ * moved forward since last roll over. ++ */ ++ if (!long_form || now <= p->time) ++ { ++ return false; ++ } + p->time = now; +- p->id = 1; ++ p->id = 0; + } ++ p->id++; ++ return true; + } + + bool + packet_id_write(struct packet_id_send *p, struct buffer *buf, bool long_form, + bool prepend) + { +- packet_id_send_update(p, long_form); ++ if (!packet_id_send_update(p, long_form)) ++ { ++ return false; ++ } + + const packet_id_type net_id = htonpid(p->id); + const net_time_t net_time = htontime(p->time); +Index: openvpn-2.4.0/src/openvpn/packet_id.h +=================================================================== +--- openvpn-2.4.0.orig/src/openvpn/packet_id.h ++++ openvpn-2.4.0/src/openvpn/packet_id.h +@@ -50,6 +50,7 @@ + * to for network transmission. + */ + typedef uint32_t packet_id_type; ++#define PACKET_ID_MAX UINT32_MAX + typedef uint32_t net_time_t; + + /* +Index: openvpn-2.4.0/src/openvpn/tls_crypt.c +=================================================================== +--- openvpn-2.4.0.orig/src/openvpn/tls_crypt.c ++++ openvpn-2.4.0/src/openvpn/tls_crypt.c +@@ -95,7 +95,11 @@ tls_crypt_wrap(const struct buffer *src, + format_hex(BPTR(src), BLEN(src), 80, &gc)); + + /* Get packet ID */ +- ASSERT(packet_id_write(&opt->packet_id.send, dst, true, false)); ++ if (!packet_id_write(&opt->packet_id.send, dst, true, false)) ++ { ++ msg(D_CRYPT_ERRORS, "TLS-CRYPT ERROR: packet ID roll over."); ++ goto err; ++ } + + dmsg(D_PACKET_CONTENT, "TLS-CRYPT WRAP AD: %s", + format_hex(BPTR(dst), BLEN(dst), 0, &gc)); +Index: openvpn-2.4.0/tests/unit_tests/openvpn/test_packet_id.c +=================================================================== +--- openvpn-2.4.0.orig/tests/unit_tests/openvpn/test_packet_id.c ++++ openvpn-2.4.0/tests/unit_tests/openvpn/test_packet_id.c +@@ -129,8 +129,7 @@ test_packet_id_write_short_wrap(void **s + struct test_packet_id_write_data *data = *state; + + data->pis.id = ~0; +- expect_assert_failure( +- packet_id_write(&data->pis, &data->test_buf, false, false)); ++ assert_false(packet_id_write(&data->pis, &data->test_buf, false, false)); + } + + static void +@@ -139,8 +138,16 @@ test_packet_id_write_long_wrap(void **st + struct test_packet_id_write_data *data = *state; + + data->pis.id = ~0; ++ data->pis.time = 5006; ++ ++ /* Write fails if time did not change */ ++ now = 5006; ++ assert_false(packet_id_write(&data->pis, &data->test_buf, true, false)); ++ ++ /* Write succeeds if time moved forward */ + now = 5010; + assert_true(packet_id_write(&data->pis, &data->test_buf, true, false)); ++ + assert(data->pis.id == 1); + assert(data->pis.time == now); + assert_true(data->test_buf_data.buf_id == htonl(1)); diff --git a/debian/patches/auth-pam_libpam_so_filename.patch b/debian/patches/auth-pam_libpam_so_filename.patch new file mode 100644 index 0000000..cfa9047 --- /dev/null +++ b/debian/patches/auth-pam_libpam_so_filename.patch @@ -0,0 +1,16 @@ +Description: Fix libpam.so filename to /lib/libpam.so.0 in pam plugin +Author: Alberto Gonzalez Iniesta <agi@inittab.org> +Bug-Debian: http://bugs.debian.org/306335 +Index: openvpn/src/plugins/auth-pam/auth-pam.c +=================================================================== +--- openvpn.orig/src/plugins/auth-pam/auth-pam.c 2016-12-27 18:45:37.638198402 +0100 ++++ openvpn/src/plugins/auth-pam/auth-pam.c 2016-12-27 18:45:37.638198402 +0100 +@@ -698,7 +698,7 @@ + struct user_pass up; + int command; + #ifdef USE_PAM_DLOPEN +- static const char pam_so[] = "libpam.so"; ++ static const char pam_so[] = "libpam.so.0"; + #endif + + /* diff --git a/debian/patches/debian_nogroup_for_sample_files.patch b/debian/patches/debian_nogroup_for_sample_files.patch new file mode 100644 index 0000000..f7dcaaa --- /dev/null +++ b/debian/patches/debian_nogroup_for_sample_files.patch @@ -0,0 +1,81 @@ +Description: Unpriviledged group in Debian is called nogroup instead of nobody +Author: Alberto Gonzalez Iniesta <agi@inittab.org> +Bug-Debian: http://bugs.debian.org/317987 +Index: openvpn/sample/sample-config-files/server.conf +=================================================================== +--- openvpn.orig/sample/sample-config-files/server.conf 2016-11-21 09:53:43.608863207 +0100 ++++ openvpn/sample/sample-config-files/server.conf 2016-11-21 09:53:43.604863188 +0100 +@@ -272,7 +272,7 @@ + # You can uncomment this out on + # non-Windows systems. + ;user nobody +-;group nobody ++;group nogroup + + # The persist options will try to avoid + # accessing certain resources on restart +Index: openvpn/sample/sample-config-files/tls-home.conf +=================================================================== +--- openvpn.orig/sample/sample-config-files/tls-home.conf 2016-11-21 09:53:43.608863207 +0100 ++++ openvpn/sample/sample-config-files/tls-home.conf 2016-11-21 09:53:43.608863207 +0100 +@@ -51,7 +51,7 @@ + # "nobody" after initialization + # for extra security. + ; user nobody +-; group nobody ++; group nogroup + + # If you built OpenVPN with + # LZO compression, uncomment +Index: openvpn/sample/sample-config-files/static-home.conf +=================================================================== +--- openvpn.orig/sample/sample-config-files/static-home.conf 2016-11-21 09:53:43.608863207 +0100 ++++ openvpn/sample/sample-config-files/static-home.conf 2016-11-21 09:53:43.608863207 +0100 +@@ -43,7 +43,7 @@ + # "nobody" after initialization + # for extra security. + ; user nobody +-; group nobody ++; group nogroup + + # If you built OpenVPN with + # LZO compression, uncomment +Index: openvpn/sample/sample-config-files/static-office.conf +=================================================================== +--- openvpn.orig/sample/sample-config-files/static-office.conf 2016-11-21 09:53:43.608863207 +0100 ++++ openvpn/sample/sample-config-files/static-office.conf 2016-11-21 09:53:43.608863207 +0100 +@@ -40,7 +40,7 @@ + # "nobody" after initialization + # for extra security. + ; user nobody +-; group nobody ++; group nogroup + + # If you built OpenVPN with + # LZO compression, uncomment +Index: openvpn/sample/sample-config-files/client.conf +=================================================================== +--- openvpn.orig/sample/sample-config-files/client.conf 2016-11-21 09:53:43.608863207 +0100 ++++ openvpn/sample/sample-config-files/client.conf 2016-11-21 09:53:43.608863207 +0100 +@@ -59,7 +59,7 @@ + + # Downgrade privileges after initialization (non-Windows only) + ;user nobody +-;group nobody ++;group nogroup + + # Try to preserve some state across restarts. + persist-key +Index: openvpn/sample/sample-config-files/tls-office.conf +=================================================================== +--- openvpn.orig/sample/sample-config-files/tls-office.conf 2016-11-21 09:53:43.608863207 +0100 ++++ openvpn/sample/sample-config-files/tls-office.conf 2016-11-21 09:53:43.608863207 +0100 +@@ -51,7 +51,7 @@ + # "nobody" after initialization + # for extra security. + ; user nobody +-; group nobody ++; group nogroup + + # If you built OpenVPN with + # LZO compression, uncomment diff --git a/debian/patches/kfreebsd_support.patch b/debian/patches/kfreebsd_support.patch new file mode 100644 index 0000000..0c8165b --- /dev/null +++ b/debian/patches/kfreebsd_support.patch @@ -0,0 +1,141 @@ +Description: Improve kFreeBSD support +Author: Gonéri Le Bouder <goneri@rulezlan.org> +Bug-Debian: http://bugs.debian.org/626062 +Index: openvpn/src/openvpn/route.c +=================================================================== +--- openvpn.orig/src/openvpn/route.c 2016-12-27 19:01:52.704942715 +0100 ++++ openvpn/src/openvpn/route.c 2016-12-27 19:08:24.717996310 +0100 +@@ -1670,7 +1670,7 @@ + argv_msg(D_ROUTE, &argv); + status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add command failed"); + +-#elif defined(TARGET_FREEBSD) ++#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__) + + argv_printf(&argv, "%s add", + ROUTE_PATH); +@@ -1856,7 +1856,7 @@ + network = print_in6_addr( r6->network, 0, &gc); + gateway = print_in6_addr( r6->gateway, 0, &gc); + +-#if defined(TARGET_DARWIN) \ ++#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) \ + || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ + || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) + +@@ -2032,7 +2032,7 @@ + argv_msg(D_ROUTE, &argv); + status = openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route add -inet6 command failed"); + +-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) ++#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__) + + argv_printf(&argv, "%s add -inet6 %s/%d", + ROUTE_PATH, +@@ -2216,7 +2216,7 @@ + argv_msg(D_ROUTE, &argv); + openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete command failed"); + +-#elif defined(TARGET_FREEBSD) ++#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__) + + argv_printf(&argv, "%s delete -net %s %s %s", + ROUTE_PATH, +@@ -2323,7 +2323,7 @@ + network = print_in6_addr( r6->network, 0, &gc); + gateway = print_in6_addr( r6->gateway, 0, &gc); + +-#if defined(TARGET_DARWIN) \ ++#if defined(TARGET_DARWIN) || defined(__FreeBSD_kernel__) \ + || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ + || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) + +@@ -2458,7 +2458,7 @@ + argv_msg(D_ROUTE, &argv); + openvpn_execve_check(&argv, es, 0, "ERROR: Solaris route delete -inet6 command failed"); + +-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) ++#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__) + + argv_printf(&argv, "%s delete -inet6 %s/%d", + ROUTE_PATH, +@@ -3499,7 +3499,8 @@ + + #elif defined(TARGET_DARWIN) || defined(TARGET_SOLARIS) \ + || defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ +- || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) ++ || defined(TARGET_OPENBSD) || defined(TARGET_NETBSD) \ ++ || defined(__FreeBSD_kernel__) + + #include <sys/types.h> + #include <sys/socket.h> +Index: openvpn/src/openvpn/tun.c +=================================================================== +--- openvpn.orig/src/openvpn/tun.c 2016-12-27 19:01:52.704942715 +0100 ++++ openvpn/src/openvpn/tun.c 2016-12-27 19:05:14.585486719 +0100 +@@ -840,7 +840,7 @@ + #endif /* if defined(_WIN32) || defined(TARGET_DARWIN) || defined(TARGET_NETBSD) || defined(TARGET_OPENBSD) */ + + #if defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) \ +- || defined(TARGET_OPENBSD) ++ || defined(TARGET_OPENBSD) || defined(__FreeBSD_kernel__) + /* we can't use true subnet mode on tun on all platforms, as that + * conflicts with IPv6 (wants to use ND then, which we don't do), + * but the OSes want "a remote address that is different from ours" +@@ -1408,7 +1408,7 @@ + add_route_connected_v6_net(tt, es); + } + +-#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) ++#elif defined(TARGET_FREEBSD) || defined(TARGET_DRAGONFLY) || defined(__FreeBSD_kernel__) + + in_addr_t remote_end; /* for "virtual" subnet topology */ + +@@ -2762,7 +2762,7 @@ + } + } + +-#elif defined(TARGET_FREEBSD) ++#elif defined(TARGET_FREEBSD)||defined(__FreeBSD_kernel__) + + static inline int + freebsd_modify_read_write_return(int len) +Index: openvpn/src/openvpn/lladdr.c +=================================================================== +--- openvpn.orig/src/openvpn/lladdr.c 2016-12-27 19:01:52.704942715 +0100 ++++ openvpn/src/openvpn/lladdr.c 2016-12-27 19:09:07.286110127 +0100 +@@ -50,7 +50,7 @@ + "%s %s lladdr %s", + IFCONFIG_PATH, + ifname, lladdr); +-#elif defined(TARGET_FREEBSD) ++#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__) + argv_printf(&argv, + "%s %s ether %s", + IFCONFIG_PATH, +Index: openvpn/src/openvpn/syshead.h +=================================================================== +--- openvpn.orig/src/openvpn/syshead.h 2016-12-27 19:01:52.704942715 +0100 ++++ openvpn/src/openvpn/syshead.h 2016-12-27 19:01:52.700942705 +0100 +@@ -294,7 +294,7 @@ + + #endif /* TARGET_OPENBSD */ + +-#ifdef TARGET_FREEBSD ++#if defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__) + + #ifdef HAVE_SYS_UIO_H + #include <sys/uio.h> +Index: openvpn/src/openvpn/ssl.c +=================================================================== +--- openvpn.orig/src/openvpn/ssl.c 2016-12-27 19:01:52.704942715 +0100 ++++ openvpn/src/openvpn/ssl.c 2016-12-27 19:03:13.433160691 +0100 +@@ -2247,7 +2247,7 @@ + buf_printf(&out, "IV_PLAT=mac\n"); + #elif defined(TARGET_NETBSD) + buf_printf(&out, "IV_PLAT=netbsd\n"); +-#elif defined(TARGET_FREEBSD) ++#elif defined(TARGET_FREEBSD) || defined(__FreeBSD_kernel__) + buf_printf(&out, "IV_PLAT=freebsd\n"); + #elif defined(TARGET_ANDROID) + buf_printf(&out, "IV_PLAT=android\n"); diff --git a/debian/patches/match-manpage-and-command-help.patch b/debian/patches/match-manpage-and-command-help.patch new file mode 100644 index 0000000..34ed3cd --- /dev/null +++ b/debian/patches/match-manpage-and-command-help.patch @@ -0,0 +1,25 @@ +From a88d8ba3e81ca34fc2675805a273cd85875c8973 Mon Sep 17 00:00:00 2001 +From: Arne Schwabe <arne@rfc2549.org> +Date: Wed, 4 Jan 2017 19:18:46 +0100 +Subject: [PATCH] Change command help to match man page and implementation + +--- + src/openvpn/options.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/openvpn/options.c b/src/openvpn/options.c +index bfedb6a..80143e6 100644 +--- a/src/openvpn/options.c ++++ b/src/openvpn/options.c +@@ -198,7 +198,7 @@ static const char usage_message[] = + " is established. Multiple routes can be specified.\n" + " netmask default: 255.255.255.255\n" + " gateway default: taken from --route-gateway or --ifconfig\n" +- " Specify default by leaving blank or setting to \"nil\".\n" ++ " Specify default by leaving blank or setting to \"default\".\n" + "--route-ipv6 network/bits [gateway] [metric] :\n" + " Add IPv6 route to routing table after connection\n" + " is established. Multiple routes can be specified.\n" +-- +2.10.1 (Apple Git-78) + diff --git a/debian/patches/openvpn-pkcs11warn.patch b/debian/patches/openvpn-pkcs11warn.patch new file mode 100644 index 0000000..0ec934f --- /dev/null +++ b/debian/patches/openvpn-pkcs11warn.patch @@ -0,0 +1,28 @@ +Description: Warn users about deprecated pkcs11 options +Author: Florian Kulzer <florian.kulzer+debian@icfo.es> +Bug-Debian: http://bugs.debian.org/475353 +Index: openvpn/src/openvpn/options.c +=================================================================== +--- openvpn.orig/src/openvpn/options.c 2016-12-27 18:46:18.362320774 +0100 ++++ openvpn/src/openvpn/options.c 2016-12-27 18:46:18.362320774 +0100 +@@ -6789,6 +6789,20 @@ + options->port_share_port = p[2]; + options->port_share_journal_dir = p[3]; + } ++ else if (streq (p[0], "pkcs11-id-type") || ++ streq (p[0], "pkcs11-sign-mode") || ++ streq (p[0], "pkcs11-slot") || ++ streq (p[0], "pkcs11-slot-type") || ++ streq (p[0], "show-pkcs11-objects") || ++ streq (p[0], "show-pkcs11-slots")) ++ { ++ if (file) ++ msg (msglevel, "You are using an obsolete parameter in %s:%d: %s (%s).\nPlease see /usr/share/doc/openvpn/NEWS.Debian.gz for details.", ++ file, line, p[0], PACKAGE_VERSION); ++ else ++ msg (msglevel, "You are using an obsolete parameter: --%s (%s).\nPlease see /usr/share/doc/openvpn/NEWS.Debian.gz for details.", ++ p[0], PACKAGE_VERSION); ++ } + #endif + else if (streq(p[0], "client-to-client") && !p[1]) + { diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..907dc15 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,10 @@ +auth-pam_libpam_so_filename.patch +debian_nogroup_for_sample_files.patch +openvpn-pkcs11warn.patch +kfreebsd_support.patch +match-manpage-and-command-help.patch +CVE-2017-7478.patch +CVE-2017-7479-prereq.patch +CVE-2017-7479.patch +wipe_tokens_on_de-auth.patch +upstream-issue-879.patch diff --git a/debian/patches/upstream-issue-879.patch b/debian/patches/upstream-issue-879.patch new file mode 100644 index 0000000..2139afc --- /dev/null +++ b/debian/patches/upstream-issue-879.patch @@ -0,0 +1,87 @@ +Index: openvpn/src/openvpn/forward.c +=================================================================== +--- openvpn.orig/src/openvpn/forward.c 2017-05-22 14:59:09.634938195 +0200 ++++ openvpn/src/openvpn/forward.c 2017-05-22 14:59:09.630937170 +0200 +@@ -866,9 +866,16 @@ + * will load crypto_options with the correct encryption key + * and return false. + */ ++ uint8_t opcode = *BPTR(&c->c2.buf) >> P_OPCODE_SHIFT; + if (tls_pre_decrypt(c->c2.tls_multi, &c->c2.from, &c->c2.buf, &co, + floated, &ad_start)) + { ++ /* Restore pre-NCP frame parameters */ ++ if (is_hard_reset(opcode, c->options.key_method)) ++ { ++ c->c2.frame = c->c2.frame_initial; ++ } ++ + interval_action(&c->c2.tmp_int); + + /* reset packet received timer if TLS packet */ +Index: openvpn/src/openvpn/init.c +=================================================================== +--- openvpn.orig/src/openvpn/init.c 2017-05-22 14:59:09.634938195 +0200 ++++ openvpn/src/openvpn/init.c 2017-05-22 14:59:09.634938195 +0200 +@@ -4055,6 +4055,8 @@ + c->c2.did_open_tun = do_open_tun(c); + } + ++ c->c2.frame_initial = c->c2.frame; ++ + /* print MTU info */ + do_print_data_channel_mtu_parms(c); + +Index: openvpn/src/openvpn/openvpn.h +=================================================================== +--- openvpn.orig/src/openvpn/openvpn.h 2017-05-22 14:59:09.634938195 +0200 ++++ openvpn/src/openvpn/openvpn.h 2017-05-22 14:59:09.634938195 +0200 +@@ -263,7 +263,8 @@ + struct link_socket_actual from; /* address of incoming datagram */ + + /* MTU frame parameters */ +- struct frame frame; ++ struct frame frame; /* Active frame parameters */ ++ struct frame frame_initial; /* Restored on new session */ + + #ifdef ENABLE_FRAGMENT + /* Object to handle advanced MTU negotiation and datagram fragmentation */ +Index: openvpn/src/openvpn/ssl.c +=================================================================== +--- openvpn.orig/src/openvpn/ssl.c 2017-05-22 14:59:09.634938195 +0200 ++++ openvpn/src/openvpn/ssl.c 2017-05-22 14:59:09.634938195 +0200 +@@ -830,14 +830,7 @@ + return BSTR(&out); + } + +-/* +- * Given a key_method, return true if op +- * represents the required form of hard_reset. +- * +- * If key_method = 0, return true if any +- * form of hard reset is used. +- */ +-static bool ++bool + is_hard_reset(int op, int key_method) + { + if (!key_method || key_method == 1) +Index: openvpn/src/openvpn/ssl.h +=================================================================== +--- openvpn.orig/src/openvpn/ssl.h 2017-05-22 14:59:09.634938195 +0200 ++++ openvpn/src/openvpn/ssl.h 2017-05-22 14:59:09.634938195 +0200 +@@ -591,6 +591,14 @@ + /*#define EXTRACT_X509_FIELD_TEST*/ + void extract_x509_field_test(void); + ++/** ++ * Given a key_method, return true if opcode represents the required form of ++ * hard_reset. ++ * ++ * If key_method == 0, return true if any form of hard reset is used. ++ */ ++bool is_hard_reset(int op, int key_method); ++ + #endif /* ENABLE_CRYPTO */ + + #endif /* ifndef OPENVPN_SSL_H */ diff --git a/debian/patches/wipe_tokens_on_de-auth.patch b/debian/patches/wipe_tokens_on_de-auth.patch new file mode 100644 index 0000000..8db560f --- /dev/null +++ b/debian/patches/wipe_tokens_on_de-auth.patch @@ -0,0 +1,118 @@ +From daab0a9fa8ff4f40e8a34707db0ac156d49fbfcb Mon Sep 17 00:00:00 2001 +From: David Sommerseth <davids@openvpn.net> +Date: Tue, 28 Mar 2017 22:53:46 +0200 +Subject: [PATCH] auth-token: Ensure tokens are always wiped on de-auth + +If tls_deauthenticate() was called, it could in some scenarios leave the +authentication token for a session in memory. This change just ensures +auth-tokens are always wiped as soon as a TLS session is considered +broken. + +Signed-off-by: David Sommerseth <davids@openvpn.net> + +Acked-by: Steffan Karger <steffan@karger.me> +Message-Id: <20170328205346.18844-1-davids@openvpn.net> +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14344.html +Signed-off-by: David Sommerseth <davids@openvpn.net> +--- + src/openvpn/ssl_verify.c | 47 +++++++++++++++++++++++++++-------------------- + 1 file changed, 27 insertions(+), 20 deletions(-) + +Index: openvpn-2.4.0/src/openvpn/ssl_verify.c +=================================================================== +--- openvpn-2.4.0.orig/src/openvpn/ssl_verify.c ++++ openvpn-2.4.0/src/openvpn/ssl_verify.c +@@ -80,6 +80,28 @@ setenv_untrusted(struct tls_session *ses + setenv_link_socket_actual(session->opt->es, "untrusted", &session->untrusted_addr, SA_IP_PORT); + } + ++ ++/** ++ * Wipes the authentication token out of the memory, frees and cleans up related buffers and flags ++ * ++ * @param multi Pointer to a multi object holding the auth_token variables ++ */ ++static void ++wipe_auth_token(struct tls_multi *multi) ++{ ++ if(multi) ++ { ++ if (multi->auth_token) ++ { ++ secure_memzero(multi->auth_token, AUTH_TOKEN_SIZE); ++ free(multi->auth_token); ++ } ++ multi->auth_token = NULL; ++ multi->auth_token_sent = false; ++ } ++} ++ ++ + /* + * Remove authenticated state from all sessions in the given tunnel + */ +@@ -88,10 +110,14 @@ tls_deauthenticate(struct tls_multi *mul + { + if (multi) + { +- int i, j; +- for (i = 0; i < TM_SIZE; ++i) +- for (j = 0; j < KS_SIZE; ++j) ++ wipe_auth_token(multi); ++ for (int i = 0; i < TM_SIZE; ++i) ++ { ++ for (int j = 0; j < KS_SIZE; ++j) ++ { + multi->session[i].key[j].authenticated = false; ++ } ++ } + } + } + +@@ -1213,21 +1239,6 @@ verify_user_pass_management(struct tls_s + } + #endif /* ifdef MANAGEMENT_DEF_AUTH */ + +-/** +- * Wipes the authentication token out of the memory, frees and cleans up related buffers and flags +- * +- * @param multi Pointer to a multi object holding the auth_token variables +- */ +-static void +-wipe_auth_token(struct tls_multi *multi) +-{ +- secure_memzero(multi->auth_token, AUTH_TOKEN_SIZE); +- free(multi->auth_token); +- multi->auth_token = NULL; +- multi->auth_token_sent = false; +-} +- +- + /* + * Main username/password verification entry point + */ +@@ -1279,7 +1290,7 @@ verify_user_pass(struct user_pass *up, s + /* Ensure that the username has not changed */ + if (!tls_lock_username(multi, up->username)) + { +- wipe_auth_token(multi); ++ /* auth-token cleared in tls_lock_username() on failure */ + ks->authenticated = false; + goto done; + } +@@ -1300,7 +1311,6 @@ verify_user_pass(struct user_pass *up, s + if (memcmp_constant_time(multi->auth_token, up->password, + strlen(multi->auth_token)) != 0) + { +- wipe_auth_token(multi); + ks->authenticated = false; + tls_deauthenticate(multi); + +@@ -1472,6 +1482,7 @@ verify_final_auth_checks(struct tls_mult + if (!cn || !strcmp(cn, CCD_DEFAULT) || !test_file(path)) + { + ks->authenticated = false; ++ wipe_auth_token(multi); + msg(D_TLS_ERRORS, "TLS Auth Error: --client-config-dir authentication failed for common name '%s' file='%s'", + session->common_name, + path ? path : "UNDEF"); diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in new file mode 100644 index 0000000..cef83a3 --- /dev/null +++ b/debian/po/POTFILES.in @@ -0,0 +1 @@ +[type: gettext/rfc822deb] templates diff --git a/debian/po/ca.po b/debian/po/ca.po new file mode 100644 index 0000000..10ea58b --- /dev/null +++ b/debian/po/ca.po @@ -0,0 +1,99 @@ +# openvpn (debconf) translation to Catalan. +# Copyright (C) 2004 Free Software Foundation, Inc. +# Aleix Badia i Bosch <abadia@ica.es>, 2004 +# Josep Lladonosa i Capell <jep@veinat.net>, 2004 +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn_1.5.0-2_templates\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2004-04-08 20:24+0200\n" +"Last-Translator: Aleix Badia i Bosch <abadia@ica.es>\n" +"Language-Team: Catalan <debian-l10n-catalan@lists.debian.org>\n" +"Language: ca\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "" + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Voldríeu iniciar l'openvpn abans?" + +#, fuzzy +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Les versions anteriors de l'openvpn s'iniciaven al mateix temps que la " +#~ "majoria de serveis. Aquesta característica implica que la majoria de " +#~ "serveis no poguessin utilitzar l'openvpn al no estar disponible. Les " +#~ "noves versions de l'openvpn s'iniciaran abans (ex. un enllaç S18openvpn a " +#~ "rc[235].d en comptes d'un S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Si ho accepteu, l'actualització del paquet ho modificarà per vosaltres. " +#~ "Si no ho accepteu, no canviarà res i l'openvpn s'executarà tal i com ho " +#~ "feia anteriorment." + +#, fuzzy +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Voldríeu iniciar l'openvpn abans?" + +#, fuzzy +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Les versions anteriors de l'openvpn s'iniciaven al mateix temps que la " +#~ "majoria de serveis. Aquesta característica implica que la majoria de " +#~ "serveis no poguessin utilitzar l'openvpn al no estar disponible. Les " +#~ "noves versions de l'openvpn s'iniciaran abans (ex. un enllaç S18openvpn a " +#~ "rc[235].d en comptes d'un S20openvpn)" + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "Voleu que es creï un dispositiu TUN/TAP?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Si ho accepteu, el paquet crearà un dispositiu especial anomenat /dev/net/" +#~ "tun per a l'openvpn. Si no ho accepteu, no es crearà el dispositiu. Per a " +#~ "més a informació sobre el procés llegiu el fitxer README.Debian. Si esteu " +#~ "utilitzant devfs, refuseu l'opció." + +#, fuzzy +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "Voldríeu iniciar l'openvpn abans?" diff --git a/debian/po/cs.po b/debian/po/cs.po new file mode 100644 index 0000000..aafb5e1 --- /dev/null +++ b/debian/po/cs.po @@ -0,0 +1,189 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-05-22 19:43+0200\n" +"Last-Translator: Miroslav Kure <kurem@debian.cz>\n" +"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n" +"Language: cs\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Vytvořit zařízení TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Povolíte-li tuto možnost, vytvoří se zařízení /dev/net/tun, které je nutné " +"pro činnost OpenVPN." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Používáte-li devfs, tuto volbu nepovolujte." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Zranitelný generátor náhodných čísel" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "V OpenSSL používaném na systémech Ubuntu a Debian byla objevena slabina v " +#~ "generátoru náhodných čísel. Důsledkem slabiny je fakt, že se některé " +#~ "šifrovací klíče generují častěji než by měly. Útočník tak může s jistou " +#~ "minimální znalostí systému odhalit klíč pomocí útoku hrubou silou." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Jakékoliv klíče vytvořené na postiženém systému mohou být tímto problémem " +#~ "zasaženy. Jako částečný test RSA klíčů s určitými délkami můžete použít " +#~ "příkaz „openssl-vulnkey“, případně pro sdílené tajné klíče OpenVPN příkaz " +#~ "„openvpn-vulnkey“. Uživatelé by měli okamžitě zkontrolovat své klíče, " +#~ "případně rovnou přegenerovat všechny serverové a klientské certifikáty a " +#~ "klíče, které se na systému používají." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Chcete spouštět openvpn dříve?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Dřívější verze openvpn se spouštěly zhruba ve stejném čase jako ostatní " +#~ "služby. To znamená, že většina těchto služeb nemohla openvpn využít, " +#~ "protože tou dobou ještě nemuselo být k dispozici. Novější verze balíku " +#~ "openvpn mohou startovat o něco dříve (v rc[235].d se vytvoří místo " +#~ "S20openvpn odkaz S16openvpn)." + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Budete-li souhlasit, balík se o změnu postará. Pokud možnost odmítnete, " +#~ "nic se nestane a openvpn bude pracovat jako doposud." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Zastavit OpenVPN při aktualizaci?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Před instalací nové verze bude běžící daemon zastaven. Jestliže " +#~ "aktualizujete systém vzdáleně, může to vést k narušení procesu " +#~ "aktualizace." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Jestliže nebudete provádět aktualizace lokálně, doporučujeme openvpn před " +#~ "aktualizací nezastavovat. Instalační proces jej po instalaci restartuje." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Tato volba nabude účinnosti při příští aktualizaci." + +#~ msgid "Default port has changed" +#~ msgstr "Implicitní port se změnil" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "Implicitní port OpenVPN se změnil z 5000 na 1194 (přidělen organizací " +#~ "IANA). Pokud nezadáte port, který se má používat na vašich VPN, touto " +#~ "aktualizací je můžete rozbít." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Pokud chcete zachovat staré nastavení portu, použijte volbu 'port 5000'. " +#~ "V opačném případě nezapomeňte upravit pravidla firewallu, aby umožnila " +#~ "komunikaci na novém portu." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Chcete ukončovat openvpn později?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Dřívější verze openvpn se ukončovaly zhruba ve stejném čase jako ostatní " +#~ "služby. To znamená, že většina těchto služeb nemohla openvpn využít, " +#~ "protože tou dobou již nemuselo být k dispozici. Novější verze balíku " +#~ "openvpn mohou službu zastavit později (v rc[06].d se místo K20openvpn " +#~ "vytvoří odkaz K80openvpn)." + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "Chcete vytvořit zařízení TUN/TAP?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Odpovíte-li kladně, balík vytvoří speciální zařízení nazvané /dev/net/" +#~ "tun. Odmítnete-li, zařízení se nyní nevytvoří. Používáte-li devfs, " +#~ "odmítněte. Návod na ruční vytvoření zařízení naleznete v souboru README." +#~ "Debian." + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "Chcete openvpn při aktualizaci zastavit?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "V některých případech se může stát, že budete aktualizovat openvpn na " +#~ "vzdáleném serveru právě přes VPN tunel. Před instalací nové verze bude " +#~ "běžící daemon zastaven a vy tak ztratíte své připojení, aktualizace se " +#~ "přeruší a už se možná ke vzdálenému počítači nebudete moci přihlásit." diff --git a/debian/po/da.po b/debian/po/da.po new file mode 100644 index 0000000..91ad9d0 --- /dev/null +++ b/debian/po/da.po @@ -0,0 +1,70 @@ +# Danish translation for openvpn. +# Copyright (C) 2010 topenvpn og nedenstående oversættere. +# This file is distributed under the same license as the openvpn package. +# Claus Hindsgaul <claus.hindsgaul@gmail.com>, 2004, 2005, 2006. +# Joe Hansen (joedalton2@yahoo.dk), 2010. +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2010-12-30 19:25+0200\n" +"Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n" +"Language-Team: Danish <debian-l10n-danish@lists.debian.org>\n" +"Language: da\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Opret TUN/TAP-enheden?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Hvis du vælger denne indstilling, vil enheden /dev/net/tun krævet af OpenVPN " +"blive oprettet." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Du bør ikke vælge denne indstilling, hvis du bruger devfs." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Sårbar tilfældighedsgenerator" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "En svaghed er blevet opdaget i tilfældighedsgeneratoren brugt af OpenSSL " +#~ "på Ubuntu- og Debiansystemer. Som en følge af denne svaghed, bliver " +#~ "bestemte krypteringsnøgler oprettet oftere end de burde, hvormed en " +#~ "angriber kan gætte nøglen via et brute force-angreb og minimal viden om " +#~ "systemet." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Alle nøgler oprettet på et sårbart system kan være påvirket af dette " +#~ "problem. Kommandoen »openssl-vulnkey« kan bruges som en delvis test for " +#~ "RSA-nøgler med bestemte bitstørrelser, og »openvpn-vulnkey« for delte og " +#~ "hemmelige OpenVPN-nøgler. Det anbefales stærkt, at brugere verificerer " +#~ "deres nøgler eller simpelthen gendanner alle server- eller " +#~ "klientcertifikater og -nøgler, som er i brug på deres system." diff --git a/debian/po/de.po b/debian/po/de.po new file mode 100644 index 0000000..3a49894 --- /dev/null +++ b/debian/po/de.po @@ -0,0 +1,166 @@ +# translation of openvpn_2.1~rc7-2_de.po to German +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans# +# Developers do not need to manually edit POT or PO files. +# +# Erik Schanze <eriks@debian.org>, 2004-2008. +msgid "" +msgstr "" +"Project-Id-Version: openvpn_2.1~rc7-2_de\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-05-29 22:46+0200\n" +"Last-Translator: Erik Schanze <eriks@debian.org>\n" +"Language-Team: German <debian-l10n-german@lists.debian.org>\n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "TUN/TAP-Gerät anlegen?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Wenn Sie hier zustimmen, wird das von OpenVPN benötigte Gerät /dev/net/tun " +"erzeugt." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Sie sollten nicht zustimmen, wenn Sie Devfs benutzen." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Unsicherer Zufallszahlen-Generator" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "Im Zufallszahlen-Generator von OpenSSL auf Ubuntu- und Debian-Systemen " +#~ "ist eine Schwachstelle gefunden worden. Diese Schwachstelle sorgt dafür, " +#~ "dass bestimmte Verschlüsselungsschlüssel öfter erzeugt werden, als sie " +#~ "sollten. Dadurch kann ein Angreifer den Schlüssel mittels eines »Brute-" +#~ "Force«-Angriffs erraten, auch wenn er nur wenig über das System weiß." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Alle Schlüssel, die auf einem System mit dieser Schwachstelle erzeugt " +#~ "wurden, können von diesem Problem betroffen sein. Das Kommando 'openssl-" +#~ "vulnkey' kann als ein Teil eines Tests benutzt werden, um RSA-Schlüssel " +#~ "mit bestimmten Bit-Größen zu überprüfen. Das Kommando 'openvpn-vulnkey' " +#~ "testet OpenVPNs verteilte geheime Schlüssel (shared secret keys)." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Wollen Sie OpenVPN eher starten?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Frühere Versionen von OpenVPN starteten zur selben Zeit wie die meisten " +#~ "anderen Dienste. Das bedeutete, viele dieser Dienste konnten OpenVPN " +#~ "nicht benutzen, weil es noch nicht verfügbar war, als sie starteten. " +#~ "Neuere Versionen des Pakets OpenVPN starten eher. (z. B. ein Verweis " +#~ "S16openvpn in den Verzeichnissen /etc/rc[235].d anstelle von S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Wenn Sie hier zustimmen, führt das Installationsprogramm die Änderungen " +#~ "für Sie aus. Wenn Sie ablehnen, wird nichts geändert und OpenVPN " +#~ "funktioniert wie vorher." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "OpenVPN nach der Aktualisierung stoppen?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Während der Aktualisierung wird der laufende Dienst angehalten, bevor die " +#~ "neue Version installiert wird. Wenn Sie das System von einem entfernten " +#~ "Rechner aus installieren oder aktualisieren, könnte das die " +#~ "Aktualisierung unterbrechen." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Sie sollten OpenVPN NICHT anhalten, bevor es aktualisiert wird, außer Sie " +#~ "sind direkt vor Ort. Der Dienst wird dann am Ende der Installation neu " +#~ "gestartet." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Diese Auswahl betrifft die nächste Aktualisierung." + +#~ msgid "Default port has changed" +#~ msgstr "Standard-Port hat sich geändert" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "OpenVPNs Standard-Port wurde von 5000 nach 1194 (IANA registriert) " +#~ "geändert. Wenn Sie den Port, den Ihre VPNs nutzen, nicht angeben, werden " +#~ "sie evtl. durch diese Aktualisierung unterbrochen." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Verwenden Sie die Option 'port 5000', wenn Sie die alte Port-Einstellung " +#~ "behalten wollen oder kontrollieren Sie Ihre Firewallregeln und verwenden " +#~ "Sie die Einstellung für den neuen Standard-Port." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Wollen Sie OpenVPN später stoppen?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Frühere Versionen von OpenVPN stoppten zur selben Zeit wie die meisten " +#~ "anderen Dienste. Das bedeutete, einige Dienste, die später stoppten, " +#~ "konnten OpenVPN nicht benutzen, weil es schon beendet war. Neuere " +#~ "Versionen des Pakets OpenVPN stoppen später. (z. B. ein Verweis " +#~ "K80openvpn im Verzeichnis //dev/net/tunetc/rc[06].d anstelle von " +#~ "K20openvpn)" diff --git a/debian/po/es.po b/debian/po/es.po new file mode 100644 index 0000000..78db597 --- /dev/null +++ b/debian/po/es.po @@ -0,0 +1,211 @@ +# openvpn po-debconf translation to spanish +# Copyright (C) 2004 Software in the Public Interest +# This file is distributed under the same license as the postfix package. +# +# Changes: +# - Initial translation +# Rudy Godoy <rudy@kernel-panik.org>, 2006 +# +# +# Traductores, si no conoce el formato PO, merece la pena leer la +# documentacin de gettext, especialmente las secciones dedicadas a este +# formato, por ejemplo ejecutando: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Equipo de traduccin al espaol, por favor lean antes de traducir +# los siguientes documentos: +# +# - El proyecto de traduccin de Debian al espaol +# http://www.debian.org/intl/spanish/coordinacion +# especialmente las notas de traduccin en +# http://www.debian.org/intl/spanish/notas +# +# - La gua de traduccin de po's de debconf: +# /usr/share/doc/po-debconf/README-trans +# o http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.0.9\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-05-25 18:19-0500\n" +"Last-Translator: Rudy Godoy <rudy@debian.org>\n" +"Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=ISO-8859-15\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Crear dispositivo TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Si elije esta opcin, se crear el dispositivo /dev/net/tun requerido por " +"OpenVPN." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "No elija esta opcin si est utilizando devfs." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Vulnerabilidad de generador de nmero aleatorio" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "Se ha descubierto un problema en el generador de nmero aleatorio " +#~ "utilizado por OpenSSL en los sistemas Debian y Ubuntu. Como resultado de " +#~ "esto, ciertas claves de cifrado se generan de forma mucho ms frecuente " +#~ "de las que deberan, esto posibilita que un atacante pueda adivinar la " +#~ "clave mediante un ataque de fuerza bruta si posee informacin bsica " +#~ "sobre el sistema objetivo." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Todas las claves creadas en un sistema vulnerable estn afectas por este " +#~ "problema. Puede utilizar la orden openssl-vulnkey para realizar una " +#~ "prueba parcial para claves RSA con cierto tamao y la orden openvpn-" +#~ "vulnkey para claves secretas compartidas de OpenVPN. Se insta a los " +#~ "usuarios a verificar sus claves o simplemente volver a generar cualquier " +#~ "clave y certificado de cliente y servidor que se usa en el sistema." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Desea iniciar openvpn ms pronto?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Las versiones antiguas de openvpn arrancaban al mismo tiempo que otros\n" +#~ "servicios. Esto significa que muchos de estos servicios no podan usar\n" +#~ "openvpn puesto que ste poda no estar disponible cuando arrancaban. Las\n" +#~ "versiones recientes de openvpn arrancarn mucho antes. (es decir, un\n" +#~ "enlace S18openvpn en rc[2345].d en vez de S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Si acepta ahora, la actualizacin del paquete activar este cambio. Si\n" +#~ "no acepta, no se cambiar nada, y openvpn funcionar como lo hacia\n" +#~ "hasta ahora." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Parar OpenVPN cuando se actualice?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "El proceso de actualizacin para el demonio antes de instalar la nueva " +#~ "versin. Si est instalado o actualizando el sistema remotamente, esto " +#~ "podra interrumpir el proceso de actualizacin." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "A menos de que haga las actualizaciones de forma local, se aconseja no\n" +#~ "parar openvpn antes de que se actualice. El proceso de instalacin lo\n" +#~ "reiniciara una vez que haya finalizado la actualizacin." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Esta opcin tomar efecto a partir de la siguiente actualizacin." + +#~ msgid "Default port has changed" +#~ msgstr "El puerto predeterminado ha cambiado" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "El puerto predeterminado de OpenVPN ha cambiado del 5000 al 1194 (por\n" +#~ "asignacin de IANA). Si no especifica el puerto a usar en sus VPNs,\n" +#~ "esto podra podra inutilizarlas." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Use la opcin port 5000 si quiere continuar usando el antiguo\n" +#~ "puerto, o compruebe las reglas de su cortafuegos para permitir el\n" +#~ "funcionamiento con el nuevo puerto predeterminado." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Deseara parar openvpn despus?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Las versiones antiguas de openvpn paraban al mismo tiempo que la\n" +#~ "mayora de otros servicios. Esto significa que algunos de estos\n" +#~ "servicios que se paraban despus no podan usar openvpn ya que ste\n" +#~ "poda haber sido parado antes. Las versiones recientes del paquete\n" +#~ "openvpn pararn el servicio despus. (es decir, un enlace K80openvpn\n" +#~ "en rc[06].d en lugar de K20openvpn)" + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "Desea que la instalacin cree un dispositivo TUN/TAP?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Si acepta, el paquete crear un dispositivo especial llamado\n" +#~ "/dev/net/tun necesario para el funcionamiento de openvpn. Si rechaza\n" +#~ "esta opcin, el dispositivo no se crear ahora. Lea el fichero\n" +#~ "README.Debian para saber como crearlo. Si est usando devfs no elija\n" +#~ "esta opcin" + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "Desea parar openvpn antes de actualizar?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "En algunos casos, puede estar actualizando openvpn en un servidor\n" +#~ "remoto utilizando la propia VPN. El proceso de actualizacin para el\n" +#~ "demonio openvpn antes de instalar la nueva versin, en ese caso podra\n" +#~ "perder la conexin y la actualizacin quedar interrumpida. Esto podra\n" +#~ "impedirle que pueda volver a conectar a la mquina remota." diff --git a/debian/po/eu.po b/debian/po/eu.po new file mode 100644 index 0000000..79ad41c --- /dev/null +++ b/debian/po/eu.po @@ -0,0 +1,156 @@ +# translation of openvpn-eu.po to Euskara +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Piarres Beobide <pi@beobide.net>, 2008. +msgid "" +msgstr "" +"Project-Id-Version: openvpn-eu\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-05-22 15:07+0200\n" +"Last-Translator: Piarres Beobide <pi@beobide.net>\n" +"Language-Team: Euskara <debian-l10n-basque@lists.debian.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "TUN/TAP gailua sortu?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Aukera hau hautatzen baduzu OpenVPN-ek behar duen /dev/net/tun gailua " +"sortuko da." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Ez zenuke aukera hau onartu beharko devfs erabiltzen ari bazara." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Ausazko zenbaki sortzaile ahula" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "Debian eta Ubuntu sistemek erabiltzen duten OpenSSL bertsioan ahulgune " +#~ "bat aurkitua izan da ausazko zenbaki sortzailean. Ahulgune honen " +#~ "eraginagatik zenbait enkriptazio gako beharko luketenetan baino " +#~ "gehiagotan sortzen dira, horregatik sistemaren ezagutza minimo duen " +#~ "erasotzaile batek indarrezko eraso batez eskuratu ditzake." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Ahuldutako sistema batetan sortutako gako guztietan du honek eragina. " +#~ "'openssl-vulnkey' komandoa erabili daiteke bit tamaina batzuetako RSA " +#~ "gakoak probatzeko, eta 'openvpn-vulnkey' OpenVPN partekatutako gako " +#~ "sekretuentzat. Erabiltzaileei bakoitzaren gakoak egiaztatu edo zuzenean " +#~ "sistemako zerbitzari edo bezero ziurtagiriak eta erabiltzen diren gakoak " +#~ "birsortzea eskatzen zaie." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Openvpn lehenago abiaraztea nahi al duzu?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Openvpn aurreko bertsioak beste zerbitzu gehienekin batera abiarazten " +#~ "ziren. Hau dela eta zerbitzu gehienen ezin zuten openvpn erabili " +#~ "abiaraztean zirenean ez bait zegoen erabilgarri. Openvpn paketearen " +#~ "bertsio berriak azkarrago abiarazten dira (adibidez: rc[235].d-en " +#~ "S16openvpn lotura sortuko da S20openvpn ordez)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Hemen onartuaz gero pakete eguneraketak egingo du aldaketa hau zuretzako. " +#~ "Baztertuaz gero ez da ezer aldatuko, eta openvpn-ek orain arte bezala " +#~ "funtzionatzen jarraituko du." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Bertsio-berritzean OpenVPN gelditu?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Bertsio-berritzeak martxan dagoen deabrua gelditu egiten du bertsio " +#~ "berria instalatu aurretik. Sistema urrunetik instalatzen edo bertsio-" +#~ "berritzen ari bazara honek bertsio-berritze prozesua hondatu dezake." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Ez bazaude bertsio-berritzeak lokalki egiten OpenVPN zerbitzaria ez " +#~ "gelditzea hautatu beharko zenuke. Instalazio prozesuak bertsio-berritzea " +#~ "osatu ondoren berrabiaraziko du." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Aukera honek hurrengo bertsio-berritzean eragingo du." + +#~ msgid "Default port has changed" +#~ msgstr "Lehenetsiriko ataka aldatua izan da" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "OpenVPN-ren lehenetsiriko ataka 5000-tik 1194-ra aldatu da (IANA-k " +#~ "ezarria). Zure VPN-etan erabiliko den ataka zehatzen ez baduzu bertsio-" +#~ "berritze honek hondatu ditzake." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "'5000 ataka' erabili ataka zaharraren konfigurazioa mantentzeko edo " +#~ "egiaztatu zure suebaki arauak lehenetsiriko ataka berriak funtzionatzeko " +#~ "onartzen duela." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Openvpn beranduago gelditu nahi al duzu?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Openvpn aurreko bertsioak beste zerbitzuekin batera gelditzen ziren. Hau " +#~ "dela eta beranduago itzaltzen ziren zerbitzuak ezin zuten vpn erabili hau " +#~ "lehenago gelditzen zen eta. Openvpn paketearen bertsio berriek zerbitzua " +#~ "beranduago gelditzen dute. (adib. rc[06].d-en K80openvpn lotura dago " +#~ "K20openvpn ordez)" diff --git a/debian/po/fi.po b/debian/po/fi.po new file mode 100644 index 0000000..4bd4a61 --- /dev/null +++ b/debian/po/fi.po @@ -0,0 +1,90 @@ +msgid "" +msgstr "" +"Project-Id-Version: openvpn\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-05-24 23:40+0200\n" +"Last-Translator: Esko Arajärvi <edu@iki.fi>\n" +"Language-Team: Finnish <debian-l10n-finnish@lists.debian.org>\n" +"Language: fi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Finnish\n" +"X-Poedit-Country: FINLAND\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Luodaanko TUN/TAP-laite?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Jos valitset tämän vaihtoehdon, OpenVPN:n tarvitsema laite /dev/net/tun " +"luodaan." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Tätä vaihtoehtoa ei tulisi valita, jos käytössä on devfs." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Haavoittuva satunnaislukugeneraattori" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "Debianissa ja Ubuntussa käytössä olleesta ohjelman OpenSSL " +#~ "satunnaislukugeneraattorista on löydetty heikkous. Siitä johtuen tietyt " +#~ "salausavaimet luodaan huomattavasti useammin kuin olisi tarkoitus ja " +#~ "hyökkääjä voi arvata avaimen järjestelmällisellä kokeilulla vähäisillä " +#~ "tiedoilla järjestelmästä." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Tämä saattaa vaikuttaa mihin tahansa haavoittuvaisessa järjestelmässä " +#~ "luotuun avaimeen. Komennolla ”openssl-vulnkey” voidaan osittain testata " +#~ "tietyt kokoiset RSA-avaimet ja komennolla ”openvpn-vulnkey” OpenVPN:n " +#~ "jaetut salaiset avaimet. Käyttäjiä kehoitetaan tarkistamaan avaimensa tai " +#~ "yksinkertaisesti luomaan uudet palvelin- ja asiakasvarmenteet ja -avaimet " +#~ "järjestelmään." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Pysäytetäänkö OpenVPN päivitettäessä?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Päivitysprosessi pysäyttää taustaohjelman ennen uuden version " +#~ "asentamista. Jos asennat tai päivität järjestelmää etäyhteyden kautta, " +#~ "tämä saattaa rikkoa päivitysprosessin." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Älä pysäytä OpenVPN:ää ennen kuin se on päivitetty, ellet päivitä sitä " +#~ "paikallisesti. Asennusprosessi käynnistää sen uudelleen, kun päivitys on " +#~ "valmis." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Tämä valinta otetaan huomioon seuraavasta päivityksestä alkaen." diff --git a/debian/po/fr.po b/debian/po/fr.po new file mode 100644 index 0000000..f0f516f --- /dev/null +++ b/debian/po/fr.po @@ -0,0 +1,161 @@ +# Translation of openvpn debconf templates to French +# Copyright (C) 2008 Michel Grentzinger <mic.grentz@online.fr> +# This file is distributed under the same license as the openvpn package. +# +# +# Michel Grentzinger <mic.grentz@online.fr>, 2008. +# Christian Perrier, <bubulle@debian.org>, 2008. +msgid "" +msgstr "" +"Project-Id-Version: openvpn\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-05-27 21:15+0200\n" +"Last-Translator: Michel Grentzinger <mic.grentz@online.fr>\n" +"Language-Team: <fr@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Faut-il créer le périphérique TUN/TAP ?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Si vous choississez cette option, le périphérique TUN/TAP /dev/net/tun " +"nécessaire pour OpenVPN sera créé." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Vous ne devriez pas choisir cette option si vous utilisez devfs." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Générateur de nombres aléatoires vulnérable" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "Une faille a été découverte dans le générateur de nombres aléatoires " +#~ "d'OpenSSL dans Debian et les distributions dérivées. Cela implique que " +#~ "certaines clés sont générées plus souvent que d'autres, permettant à une " +#~ "attaque par force brute de réussir à trouver une clé de chiffrement même " +#~ "avec une connaissance minimale du système." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Toutes les clés créées sur un système vulnérable sont potentiellement " +#~ "touchées par ce problème. La commande « openssl-vulnkey » peut être " +#~ "utilisée pour trouver certaines des clés RSA vulnérables d'une certaine " +#~ "taille. De même la commande « openvpn-vulnkey » peut rechercher de telles " +#~ "clés secrètes partagées d'OpenVPN. Il est très fortement conseillé de " +#~ "vérifier les clés de chiffrement ou de simplement recréer les certificats " +#~ "des serveurs et des clients, ainsi que les clés utilisées sur le système." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Faut-il démarrer openvpn dès que possible ?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Les précédentes versions d'openvpn démarraient en même temps que la " +#~ "plupart des autres services. Cela signifie que la majorité de ces " +#~ "services ne peuvent pas utiliser openvpn puisqu'il n'est pas encore " +#~ "disponible lorsqu'ils démarrent. Les versions récentes du paquet openvpn " +#~ "démarrent plus tôt (c.-à-d. que le lien dans rc[235].d est S16openvpn au " +#~ "lieu de S20openvpn)." + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Si vous choisissez cette option, cette modification sera effectuée lors " +#~ "de la mise à jour du paquet. Sinon, rien ne sera modifié, et openvpn " +#~ "fonctionnera comme auparavant." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Faut-il arrêter OpenVPN lors des mises à jour ?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "La mise à jour arrête le démon en cours d'exécution avant d'installer la " +#~ "nouvelle version. Si vous installez ou mettez à jour le système à " +#~ "distance, cela peut causer l'interruption de la mise à jour." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Sauf pour les mises à jour effectuées localement, vous ne devriez pas " +#~ "arrêter OpenVPN avant sa mise à jour. Le processus d'installation le " +#~ "redémarrera une fois cette opération terminée." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Cette option prendra effet à la prochaine mise à jour." + +#~ msgid "Default port has changed" +#~ msgstr "Changement du port par défaut" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "Le port par défaut d'OpenVPN est passé de 5000 à 1194 (valeur choisie par " +#~ "l'IANA). Si vous n'indiquez pas le port à utiliser sur vos réseaux privés " +#~ "virtuels, cette mise à niveau peut les rendre inutilisables." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Vous devriez utiliser l'option « port 5000 » si vous souhaitez continuer " +#~ "à utiliser l'ancien port, ou vérifier les réglages du pare-feu pour vous " +#~ "assurer que la configuration avec le nouveau port pourra fonctionner." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Faut-il arrêter openvpn dès que possible ?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Les précédentes versions d'openvpn se terminaient en même temps que la " +#~ "plupart des autres services. Cela signifie que la majorité de ces " +#~ "services ne peuvent pas utiliser openvpn puisque ce dernier est déjà " +#~ "arrêté avant qu'ils ne s'arrêtent à leur tour. Les versions récentes du " +#~ "paquet openvpn s'arrêtent plus tard (c.-à-d. que le lien dans rc[06].d " +#~ "est K80openvpn au lieu de K20openvpn)." diff --git a/debian/po/gl.po b/debian/po/gl.po new file mode 100644 index 0000000..87e9a6d --- /dev/null +++ b/debian/po/gl.po @@ -0,0 +1,187 @@ +# Galician translation of openvpn's debconf templates +# This file is distributed under the same license as the openvpn package. +# Jacobo Tarrio <jtarrio@debian.org>, 2007, 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-05-22 22:54+0100\n" +"Last-Translator: Jacobo Tarrio <jtarrio@debian.org>\n" +"Language-Team: Galician <proxecto@trasno.net>\n" +"Language: gl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "¿Crear o dispositivo TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Se escolle esta opción, hase crear o dispositivo /dev/net/tun necesario para " +"OpenVPN." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Non debería escoller esta opción se emprega devfs." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Xerador de números aleatorios vulnerable" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "Descubriuse unha debilidade no xerador de números aleatorios empregado " +#~ "por OpenSSL nos sistemas Ubuntu e Debian. Coma resultado desta " +#~ "debilidade, algunhas claves de cifrado xéranse con moita máis frecuencia " +#~ "da que lles corresponde, de xeito que un atacante podería adiviñar a " +#~ "clave mediante un ataque por forza bruta tendo coñecementos mínimos do " +#~ "sistema." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "As claves xeradas nun sistema vulnerable poden estar afectadas por este " +#~ "problema. Pódese empregar a orde \"openssl-vulnkey\" coma unha proba " +#~ "parcial para claves RSA con determinados tamaños, e a orde \"openvpn-" +#~ "vulnkey\" para claves secretas compartidas de OpenVPN. Anímase aos " +#~ "usuarios a que verifiquen as súas claves ou, simplemente, rexeneren os " +#~ "certificados de cliente e servidor e as claves que empregue no sistema." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "¿Quere iniciar openvpn máis pronto?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "As versións anteriores de openvpn iniciábanse ao mesmo tempo que a " +#~ "maioría dos servizos. Isto significa que a maior parte deses servizos non " +#~ "podían empregar openvpn xa que podía non estar dispoñible cando se " +#~ "iniciaron. As versións máis recentes do paquete openvpn hanse iniciar " +#~ "máis pronto (é dicir, unha ligazón S16openvpn en rc[235].d no canto de " +#~ "S20openvpn)." + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Se acepta isto, a actualización do paquete ha facelo por vostede. Se o " +#~ "rexeita, nada ha cambiar e openvpn ha funcionar tan ben como viña " +#~ "facéndoo ata agora." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "¿Deter OpenVPN ao actualizalo?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "O proceso de actualización detén o servizo en execución antes de instalar " +#~ "a nova versión. Se está a instalar ou actualizar o sistema remotamente, " +#~ "isto pode deter o proceso de actualización." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "A menos que se fagan as actualizacións localmente, non se debería deter " +#~ "openvpn antes de actualizalo. O proceso de instalación ha reinicialo " +#~ "despois de que se complete a actualización." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Esta opción ha tomar efecto na próxima actualización." + +#~ msgid "Default port has changed" +#~ msgstr "O porto por defecto cambiou" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "O porto por defecto de OpenVPN cambiou de 5000 a 1194 (porto asignado " +#~ "pola IANA). Se non indica o porto a empregar nas súas VPN, esta " +#~ "actualización pode rompelas." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Empregue a opción \"port 5000\" se quere conservar a configuración antiga " +#~ "do porto, ou consulte as regras da devasa para permitir que a nova " +#~ "configuración de portos funcione." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "¿Quere deter openvpn máis tarde?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "As versións anteriores de openvpn detíñanse ao mesmo tempo que a maioría " +#~ "dos servizos. Isto significa que algúns deses servizos que se detiñan " +#~ "despois non podían empregar openvpn xa que podía terse detido antes " +#~ "deles. As versións máis recentes do paquete openvpn han deter o servizo " +#~ "máis tarde (é dicir, unha ligazón K80openvpn en rc[06].d no canto de " +#~ "K20openvpn)." + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "¿Quere que se cree un dispositivo TUN/TAP?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Se acepta isto, o paquete ha crear un dispositivo especial chamado /dev/" +#~ "net/tun para o uso de openvpn. Se o rexeita, non se ha crear agora o " +#~ "dispositivo. Consulte README.Debian para máis detalles sobre como o " +#~ "facer. Se emprega devfs rexeite isto." + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "¿Quere deter openvpn antes de o actualizar?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "Nalgúns casos pode estar a actualizar openvpn nun servidor remoto " +#~ "empregando unha VPN para o facer. O proceso de actualización detén o " +#~ "servizo en execución antes de instalar a nova versión; nese caso pode " +#~ "perder a conexión, a actualización hase interromper e non ha poder " +#~ "conectarse ao servidor remoto." diff --git a/debian/po/it.po b/debian/po/it.po new file mode 100644 index 0000000..fb016d1 --- /dev/null +++ b/debian/po/it.po @@ -0,0 +1,155 @@ +# Italian (it) translation of debconf templates for openvpn
+# Copyright (C) 2006 Software in the Public Interest
+# This file is distributed under the same license as the openvpn package.
+# Luca Monducci <luca.mo@tiscali.it>, 2006-2008.
+#
+msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.1 italian debconf templates\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-05-24 20:14+0200\n" +"Last-Translator: Luca Monducci <luca.mo@tiscali.it>\n" +"Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n" +"Language: it\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Creare il device TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Se si accetta verrà creato il device /dev/net/tun necessario a OpenVPN." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Se si usa devfs, rifiutare la creazione del device." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Vulnerabilità nel generatore di numeri casuali" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "È stata scoperta una vulnerabilità nel generatore di numeri casuali usato " +#~ "da OpenSSL su sistemi Debian e Ubuntu. L'effetto di questa vulnerabilità " +#~ "è che alcune chiavi di cifratura sono state generate più frequentemente, " +#~ "quindi un attaccante con una minima conoscenza del sistema potrebbe " +#~ "indovinare la chiave usando un attacco di tipo forza bruta." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Qualsiasi chiave creata su un sistema vulnerabile potrebbe essere " +#~ "afflitta da questo problema. È possibile usare il comando \"openssl-" +#~ "vulnkey\" per fare un test parziale delle chiavi RSA con un certo numero " +#~ "di bit e il comando \"openvpn-vulnkey\" per le chive segrete condivise di " +#~ "OpenVPN. Gli utenti devono verificare le proprie chiavi oppure rigenerare " +#~ "qualsiasi certificato o chiave per client o server usati su questo " +#~ "sistema." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Avviare openvpn in anticipo?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Le precedenti versioni di openvpn partono insieme alla maggior parte " +#~ "degli altri servizi. Questo implica che gli altri servizi non possono " +#~ "usare openvpn dato che al loro avvio può non essere disponibile. Le " +#~ "versioni più recenti di openvpn partono in anticipo (cioè in rc[235].d è " +#~ "presente il collegamento S16openvpn al posto di S20openvpn)." + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Se si accetta, l'aggiornamento del pacchetto esegue la sostituzione di " +#~ "questo collegamento automaticamente. Se si rifiuta non vengono fatte " +#~ "modifche e openvpn continua a funzionare come in precedenza." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Fermare OpenVPN all'aggiornamento?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Il processo d'aggiornamento ferma il demone prima di installare la nuova " +#~ "versione. Se l'installazione o l'aggiornamento avviene da remoto, è " +#~ "possibile che questo provochi il blocco del processo di aggiornamento." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Eccetto nei casi in cui l'aggiornamento è locale, si deve scegliere di " +#~ "NON fermare OpenVPN prima del suo aggiornamento. Al termine del processo " +#~ "d'installazione verrà riavviato automaticamente." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Questa opzione avrà effetto dal prossimo aggiornamento." + +#~ msgid "Default port has changed" +#~ msgstr "La porta predefinita è cambiata" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "La porta predefinita di OpenVPN passa da 5000 a 1194 (assegnata dallo " +#~ "IANA). Se non si specifica la porta da usare per le proprie VPN, questo " +#~ "aggiornamento potrebbe renderle inutilizzabili." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Per mantenere la configurazione con la vecchia porta, usare l'opzione " +#~ "\"port 5000\" oppure controllare le regole del firewall in modo da " +#~ "consentire il funzionamento con la nuova porta predefinita." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Fermare openvpn in ritardo?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Le precedenti versioni di openvpn sono fermate insieme alla maggior parte " +#~ "degli altri servizi. Questo implica che i servizi che si fermano dopo non " +#~ "possono usare openvpn dato che potrebbe già essere fermo. Le versioni più " +#~ "recenti di openvpn sono fermate dopo gli altri servizi (cioè in rc[06].d " +#~ "è presente il collegamento K80openvpn al posto di K20openvpn)." diff --git a/debian/po/ja.po b/debian/po/ja.po new file mode 100644 index 0000000..7eab5d1 --- /dev/null +++ b/debian/po/ja.po @@ -0,0 +1,161 @@ +# +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# +# Developers do not need to manually edit POT or PO files. +# +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.1~rc7-2\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-05-30 23:52+0900\n" +"Last-Translator: Hideki Yamane (Debian-JP) <henrich@debian.or.jp>\n" +"Language-Team: Japanese <debian-japanese@lists.debian.org>\n" +"Language: ja\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "TUN/TAP デバイスを作成しますか?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"ここで「はい」と答えると、openvpn が必要とする /dev/net/tun デバイスを作成し" +"ます。" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "devfs を使っている場合は「いいえ」と答えてください。" + +#~ msgid "Vulnerable random number generator" +#~ msgstr "脆弱な乱数生成器について" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "Ubuntu および Debian のシステムの OpenSSL で利用されている乱数生成器に弱点" +#~ "が見つかりました。この弱点によって、本来あるべきより頻繁に特定の暗号鍵が生" +#~ "成されてしまうことになり、システムについてほんの少しだけ知識を得るだけで、" +#~ "攻撃者が総当たり攻撃によって鍵を推測できてしまいます。" + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "脆弱性があるシステムで生成された全ての鍵がこの問題の影響を受けます。特定の" +#~ "ビット数の RSA 鍵については 'openssl-vulnkey' コマンドが、OpenVPN の共有秘" +#~ "密鍵には 'openvpn-vulnkey' コマンドが部分的なテストとして利用できます。" +#~ "ユーザには鍵の確認を行うか、システムで利用しているサーバ/クライアント証明" +#~ "書及び鍵を単に再生成することをお勧めします。" + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "openvpn をすぐに起動しますか?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "openvpn の以前のバージョンでは他の大半のサービスと同時に起動していました。" +#~ "これは、これらのサービスの大半が起動時に openvpn が利用できない状態のた" +#~ "め、openvpn を利用できないのを意味します。新しいバージョンの openvpn パッ" +#~ "ケージはすぐに起動するようになっています。(つまり、rc[235].d では " +#~ "S20openvpn ではなく S16openvpn にリンクしています)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "ここで「はい」と答えると、パッケージのアップグレードでこの変更を行います。" +#~ "「いいえ」と答えた場合、何も変更されず、openvpn は以前同様に動作します。" + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "アップグレードの際に openvpn を停止しますか?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "アップグレード作業では、新バージョンをインストールする前に動作しているデー" +#~ "モンを停止します。リモートからシステムをインストール/アップグレードしてい" +#~ "る場合は、アップグレードは途中で中断される可能性があります。" + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "アップグレードをローカルで実行してないのであれば、アップグレードの前に " +#~ "openvpn は停止「しない」ようにしてください。インストール作業が一旦完了する" +#~ "と再起動を行います。" + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "このオプションは次回のアップグレード時に使われます。" + +#~ msgid "Default port has changed" +#~ msgstr "標準ポートが変更されました" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "OpenVPN の標準ポートが 5000 から (IANA によって割り当てられた) 1194 に変更" +#~ "されました。VPN 接続で利用するポートを明示的に指定していない場合は、この" +#~ "アップグレードによって接続ができなくなります。" + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "以前のポート設定をそのまま使い続けたい場合は 'port 5000' オプションを利用" +#~ "してっください。それ以外の場合はファイアウォールのルールを見直し、新しい標" +#~ "準ポート設定で動作するようにしてください。" + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "openvpn が遅れて停止するようにしますか?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "openvpn の以前のバージョンでは、他の大半のサービスと同時に終了していまし" +#~ "た。これは、遅れて終了するサービスの幾つかは、openvpn がサービスより前に停" +#~ "止されてしまうので、openvpn を利用できなかったということを意味しています。" +#~ "新しいバージョンの openvpn パッケージは遅れて停止するようになっています。" +#~ "(つまり、rc[06].d で K20openvpn ではなく K80openvpn にリンクしています)" diff --git a/debian/po/nb.po b/debian/po/nb.po new file mode 100644 index 0000000..1fc7210 --- /dev/null +++ b/debian/po/nb.po @@ -0,0 +1,124 @@ +# translation of nb.po_[u4VNua].po to Norwegian Bokmål +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# +# Bjørn Steensrud <bjornst@skogkatt.homelinux.org>, 2008. +msgid "" +msgstr "" +"Project-Id-Version: nb.po_[u4VNua]\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-01-27 20:45+0100\n" +"Last-Translator: Bjørn Steensrud <bjornst@skogkatt.homelinux.org>\n" +"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.11.4\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Skal TUN/TAP-enheten opprettes?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Hvis du velger dette, så opprettes enheten /dev/net/tun/ som OpenVPN trenger." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Ikke velg dette derson du bruker devfs." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Vil du starte openvpn tidligere?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Tidligere versjoner av openvpn startet på samme tid som de fleste andre " +#~ "tjenester. Det betyr at de fleste av disse tjenestene ikke kunne bruke " +#~ "openvpn, siden den kanskje ikke var tilgjengelig da de startet. Nyere " +#~ "versjoner av openvpn-pakka starter tidligere. (dvs. en lenke i rc[235].d " +#~ "som heter S16openvpn i stedet for S20.openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Hvis du godtar her, så vil pakkeoppgraderingen gjøre denne endringen for " +#~ "deg. Hvis du avviser, så blir ingenting endret og openvpn fortsetter å " +#~ "virke akkurat som den gjorde før." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Skal OpenVPN stoppes når den er oppgradert?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Oppgraderingsprosessen stopper den kjørende daemonen før den nye " +#~ "versjonen installeres. Hvis du installerer eller oppdaterer systemet over " +#~ "nettverket, så kan det ødelegge oppgraderingsprosessen." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Hvis oppgraderinger ikke gjøres lokalt, så bør du velge å ikke stoppe " +#~ "OpenVPN før den oppgraderes. Installasjonsprosessen starter OpenVPN på " +#~ "nytt når oppgraderingen er fullført." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Dette valget får virkning for neste oppgradering." + +#~ msgid "Default port has changed" +#~ msgstr "Standardporten er endret" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "OpenVPNs standartport er endret fra 5000 til 1194 (tilordnet av IANA). " +#~ "Hvis du ikke oppgir porten som skal brukes på dine VPN-tilkoblinger, så " +#~ "kan denne oppgraderingen ødelegge dem." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Bruk valget «port 5000» hvis du vil beholde det gamle port-oppsettet, " +#~ "eller juster brannmur-reglene slik at den nye standardporten kan virke." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Vil du stoppe openvpn senere?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Tidligere versjoner av openvpn stoppet på samme tid som de fleste andre " +#~ "tjenester. Det betydde at noen tjenester som stoppet senere ikke kunne " +#~ "bruke openvpn siden den kan ha stoppet før dem. Nyere versjoner av " +#~ "openvpn-pakka vil stoppe tjenesten senere. (dvs. en lenke i rc[06].d som " +#~ "hete K80openvpn i stedet for K20openvpn)" diff --git a/debian/po/nl.po b/debian/po/nl.po new file mode 100644 index 0000000..e046f90 --- /dev/null +++ b/debian/po/nl.po @@ -0,0 +1,70 @@ +# Dutch translation of openvpn debconf templates. +# Copyright (C) 2006-2011 THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the openvpn package. +# Kurt De Bree <kdebree@telenet.be>, 2006. +# Jeroen Schot <schot@a-eskwadraat.nl>, 2011. +msgid "" +msgstr "" +"Project-Id-Version: openvpn_2.1.3-4\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2011-05-04 08:24+0200\n" +"Last-Translator: Jeroen Schot <schot@a-eskwadraat.nl>\n" +"Language-Team: Debian l10n Dutch <debian-l10n-dutch@lists.debian.org>\n" +"Language: nl\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "TUN/TAP-apparaat aanmaken?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Als u voor deze optie kiest wordt het door OpenVPN benodigde /dev/net/tun-" +"apparaat aangemaakt." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Kies niet voor deze optie als u gebruik maakt van devfs." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Kwetsbare toevalsgenerator (RNG)" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "Er is een zwakke plek ontdekt in de toevalsgenerator die door OpenSSL op " +#~ "Ubuntu- en Debiansystemen wordt gebruikt. Als een gevolg hiervan worden " +#~ "sommige sleutels veel vaker gegenereerd dan zou moeten, waardoor een " +#~ "aanvaller de sleutel met een brute force-aanval kan raden met minimale " +#~ "kennis van het systeem." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Elke sleutel die op een kwetsbaar systeem is aangemaakt kan hierdoor " +#~ "getroffen zijn. U kunt het commando 'openssl-vulnkey' gebruiken als een " +#~ "gedeeltelijke test voor RSA-sleutels met een bepaalde lengte en het " +#~ "commando 'openvpn-vulnkey' voor gedeelde geheime sleutels van OpenVPN. " +#~ "Gebruikers wordt dringend verzocht om hun sleutels te controleren of alle " +#~ "server/client-certificaten en sleutels op dit systeem opnieuw te " +#~ "genereren." diff --git a/debian/po/pt.po b/debian/po/pt.po new file mode 100644 index 0000000..82f0a92 --- /dev/null +++ b/debian/po/pt.po @@ -0,0 +1,186 @@ +# Portuguese translation for openvpn debconf messages. +# Copyright (C) Tiago Fernandes <tjg.fernandes@gmail.com>, 2006 +# This file is distributed under the same license as the Openvpn package. +# Tiago Fernandes <tjg.fernandes@gmail.com>, 2006-2008 +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.0.9-1\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-06-01 21:39+0100\n" +"Last-Translator: Tiago Fernandes <tjg.fernandes@gmail.com>\n" +"Language-Team: Portuguese <traduz@debianpt.org>\n" +"Language: pt\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Criar o dispositivo TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Se escolher esta opção, será criado o dispositivo /dev/net/tun preciso pelo " +"OpvnVPN." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Não deverá escolher esta opção se estiver a usar devfs." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Gerador de numeros aleatórios vulnerável" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "Foi descoberta uma fraqueza no gerador de números aleatórios utilizado " +#~ "pelo OpenSSL nos sistemas Ubuntu e Debian. Como resultado desta fraqueza, " +#~ "certaschaves de criptação são geradas com maior frequência do que devem " +#~ "ser, de talforma que um atacante pode adivinhar a chave através de um " +#~ "ataque de força bruta, dado um conhecimento minimo do sistema." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Quaisquer chaves criadas num sistema vulnerável podem estar afectadas por " +#~ "este problema. O comando 'openssl-vulnkey' pode ser usado como um teste " +#~ "parcialpara chaves RSA com certo tamanho de bits, e o 'openvpn-vulnkey' " +#~ "para chaves secretas partilhadas do OpenVPN. É aconselhado aos " +#~ "utilizadores, verificar com alguma urgênciaas suas chaves ou simplesmente " +#~ "gerar de novo quaisquer certificados ou chavesde cliente e/ou servidor em " +#~ "utilização no sistema." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Quer iniciar o openvpn mais cedo ?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "As versões anteriores do openvpn iniciavam ao mesmo tempo que a maioria " +#~ "dos outros serviços. Isto significa que a maior parte dos serviços não " +#~ "podiam usar o openvpn, uma vez que podia não estar disponível quando " +#~ "estes iniciavam. Nas novas versões do pacote openvpn, será inicado mais " +#~ "cedo. (p.exp: um link S16openvpn no rc[235].d em vez de S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Se aceitar, a actualização deste pacote irá fazer esta alteração por si. " +#~ "Se recusar, nada será alterado e o openvpn funcionará exactamente como " +#~ "antes." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Parar o OpenVPN quando actualizado?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "O processo de actualização pára o daemon em execução antes de instalar a " +#~ "nova versão. Se está a instalar ou a actualizar o sistema remotamente, " +#~ "isto poderá interromper o processo de actualização." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "A não ser que faça as suas actualizações localmente, deverá escolher NÃO " +#~ "parar o openvpn antes de ser actualizado. O processo de instalação irá " +#~ "reiniciá-lo assim que tenha completado a actualização." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Esta opção terá efeito para a próxima actualização." + +#~ msgid "Default port has changed" +#~ msgstr "O porto pré-definido foi alterado." + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "O porto pré-definido do OpenVPN foi alterado de 5000 para 1194 (atribuído " +#~ "pelo IANA). Se não especificar a porta nas suas VPN's, esta actualização " +#~ "pode interrompe-las." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Use a opção 'port 5000' se deseja manter configuração com o porto antigo, " +#~ "ou veja as regras da sua firewall para que a configuração com o novo " +#~ "porto pré-definido funcione." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Deseja parar o openvpn mais tarde?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "As versões anteriores do openvpn paravam ao mesmo tempo que a maioria dos " +#~ "outros serviços. Isto significa que alguns dos serviços que param mais " +#~ "tarde não conseguem usar o openvpn, pois pode parar antes deles. Novas " +#~ "versões do pacote openvpn irão parar o serviço mais tarde. (p.exp: um " +#~ "link K80openvpn em rc[06].d em vez de K20openvpn)" + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "Quer criar um dispositivo TUN/TAP ?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Se aceitar, o pacote irá criar um dispositivo especial chamado /dev/net/" +#~ "tun para ser usado pelos openvpn's. Se recusar, o dispositivo não será " +#~ "criado agora. Leia o README.Debian para ver os detalhes de como o criar. " +#~ "Se está a usar devfs, recuse agora." + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "Deseja parar o openvpn antes de ser actualizado?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "Em alguns casos pode actualizar o openvpn num servidor remoto, através de " +#~ "uma VPN. O processo de actualização pára o daemon em execução antes de " +#~ "instalar a nova versão, nesse caso pode perder a sua ligação, a " +#~ "actualização pode ser interrompida, e pode não conseguir re-estabelecer " +#~ "ligação ao computador remoto." diff --git a/debian/po/pt_BR.po b/debian/po/pt_BR.po new file mode 100644 index 0000000..f9116ab --- /dev/null +++ b/debian/po/pt_BR.po @@ -0,0 +1,160 @@ +# openvpn Brazilian Portuguese translation +# Copyright (C) 2007 THE openvpn'S COPYRIGHT HOLDER +# This file is distributed under the same license as the openvpn package. +# André Luís Lopes <andrelop@debian.org>, 2007 +# Eder L. Marques (frolic) <frolic@debian-ce.org>, 2008. +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.1~rc7-2\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-05-26 10:26-0300\n" +"Last-Translator: Eder L. Marques (frolic) <frolic@debian-ce.org>\n" +"Language-Team: Brazilian Portuguese <debian-l10n-portuguese@lists.debian." +"org>\n" +"Language: pt_BR\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"pt_BR utf-8\n" +"X-Generator: KBabel 1.11.4\n" +"Plural-Forms: nplurals=2; plural=(n > 1);\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Criar o dispositivo TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Se você escolher esta opção, o dispositivo /dev/net/tun necessário ao " +"openvpn será criado." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Você não deve escolher esta opção se você está usando devfs." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Gerador de números aleatórios vulnerável" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "Uma falha foi descoberta no gerador de números aleatórios usado pelo " +#~ "OpenSSL em sistemas Ubuntu e Debian. Como resultado desta falha, certas " +#~ "chaves de encriptação são geradas muito mais frequentemente do que " +#~ "deveriam ser, por isso um atacante pode adivinhar a chave através de um " +#~ "ataque de força bruta com um conhecimento mínimo do sistema. " + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Qualquer chave criada em um sistema vulnerável pode ser afetada por este " +#~ "problema. O comando 'openssl-vulnkey' pode ser usado como um teste " +#~ "parcial para chaves RSA com certos bits de tamanho, e o 'openvpn-vulnkey' " +#~ "para as chaves secretas compartilhadas do OpenVPN. Usuários são instados " +#~ "a verificar suas chaves ou simplesmente regerar qualquer certificado de " +#~ "servidor ou cliente e chaves em uso no sistema." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Você gostaria de iniciar o openvpn antes?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Versões anteriores do openvpn iniciavam ao mesmo tempo que a maioria dos " +#~ "outros serviços. Isso significa que a maioria desses serviços não podiam " +#~ "utilizar o openvpn, uma vez que o mesmo poderia não estar disponível " +#~ "quando eles iniciavam. Novas versões do pacote openvpn iniciarão antes. " +#~ "(i.e. um link s16openvpn em rc[235].d ao invés de um S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Caso você aceite aqui, a atualização do pacote irá fazer essa mudança " +#~ "para você. Caso você não aceite, nada irá mudar e o openvpn continuará a " +#~ "funcionar exatamente da maneira que funcionava anteriormente." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Parar o OpenVPN quando atualizar?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "O processo de atualização pára os \"daemons\" em uso antes de instalar a " +#~ "nova versão. Se você está instalando ou atualizando o sistema " +#~ "remotamente, isso pode quebrar o processo de atualização." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "A menos que as atualizações estejam sendo feitas localmente, você não " +#~ "deve escolher parar o OpenVPN antes que ele seja atualizado. O processo " +#~ "de instalação irá reiniciá-lo assim que a atualização estiver completa." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Essa opção terá efeito na próxima atualização." + +#~ msgid "Default port has changed" +#~ msgstr "A porta padrão mudou" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "A porta padrão do OpenVPN mudou de 5000 para 1194 (atribuída pelo IANA). " +#~ "Caso você não especifique a porta a ser utilizada em suas VPNs, esta " +#~ "atualização pode quebrá-las." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Utilize a opção 'port 5000' se você quer manter a configuração antiga de " +#~ "porta. Opcionalmente, verifique suas regras de firewall e permita que a " +#~ "configuração da nova porta padrão funcione." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Você gostaria de parar o OpenVPN depois?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Versões anteriores do openvpn paravam ao mesmo tempo que a maioria dos " +#~ "outros serviços. Isto significa que alguns serviços que paravam depois " +#~ "não podiam utilizar o openvpn uma vez que ele poderia ter parado antes " +#~ "deles. Novas versões do pacote openvpn irão parar o serviço depois (i.e " +#~ "um link K80openvpn no rc[06].d em vez de um K20openvpn)" diff --git a/debian/po/ru.po b/debian/po/ru.po new file mode 100644 index 0000000..17ff59f --- /dev/null +++ b/debian/po/ru.po @@ -0,0 +1,190 @@ +# Translation of OpenVPN debconf PO-file to Russian +# This file is distributed under the same license as the PACKAGE package. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER. +# Yuriy Talakan' <yt@drsk.ru>, 2007. +# Sergey Alyoshin <alyoshin.s@gmail.com>, 2008. +msgid "" +msgstr "" +"Project-Id-Version: openvpn_2.1~rc7-2_ru\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-05-30 17:43+0400\n" +"Last-Translator: Sergey Alyoshin <alyoshin.s@gmail.com>\n" +"Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n" +"Language: ru\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: KBabel 1.9.1\n" +"Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n" +"%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Создать устройство TUN/TAP?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"При выборе этой опции, будет создано устройство /dev/net/tun, необходимое " +"для OpenVPN." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Вам не следует выбирать эту опцию при использовании devfs." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Уязвимый генератор случайных чисел" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "В генераторе случайных чисел систем Debian и Ubuntu использующем OpenSSL " +#~ "была обнаружена уязвимость. В результате чего, определённые ключи " +#~ "шифрования генерируются намного чаще, чем это следует, так что атакующий " +#~ "может подобрать ключ атакой перебором, обладая минимальными знаниями о " +#~ "системе." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Любые ключи созданные на уязвимой системе могут быть подвержены этой " +#~ "проблеме. Команда 'openssl-vulnkey' может использоваться как частичный " +#~ "тест для ключей RSA с определёнными битовыми размерами, а команда " +#~ "'openvpn-vulnkey' -- для разделяемых секретных ключей OpenVPN. " +#~ "Пользователям настоятельно рекомендуется проверить их ключи или " +#~ "пересоздать любые серверные и клиентские сертификаты и ключи " +#~ "использующиеся в системе." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Запускать OpenVPN раньше?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Предыдущие версии OpenVPN запускались в то же время, что и большинство " +#~ "остальных сервисов. Это означает, что большинство из этих сервисов не " +#~ "могут использовать OpenVPN, поскольку он мог быть недоступен, когда они " +#~ "запустились. Новые версии пакета OpenVPN запускаются раньше. (т.е. ссылка " +#~ "S16openvpn в rc[235].d вместо S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Если согласиться, то обновление пакета сделает для вас это изменение. " +#~ "Если отклонить, то ничего не изменится, и OpenVPN будет работать по-" +#~ "прежнему." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Остановить OpenVPN при обновлении?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Процесс обновления остановит выполняющийся сервис-демон перед установкой " +#~ "новой версии. Если вы устанавливаете или обновляете систему удалённо, это " +#~ "может нарушить процесс обновления." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Если вы не выполняете обновление локально, то не следует останавливать " +#~ "OpenVPN до завершения обновления. Процесс установки перезапустит его по " +#~ "завершению обновления." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Эта опция начнёт действовать при следующем обновлении." + +#~ msgid "Default port has changed" +#~ msgstr "Порт по умолчанию изменился" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "Порт по умолчанию для OpenVPN изменился с 5000 на 1194 (назначено IANA). " +#~ "Если вы не указали используемый порт в ваших VPN, то это обновление может " +#~ "сломать их." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Используйте опцию 'port 5000', если хотите оставить старую настройку " +#~ "порта, или пересмотрите ваши правила межсетевого экрана чтобы разрешить " +#~ "работу новой настройки порта по умолчанию." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Останавливать OpenVPN позже?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Предыдущие версии OpenVPN останавливались в то же время, что и " +#~ "большинство остальных сервисов. Это значит, что некоторые из " +#~ "останавливаемых позже сервисов не могут использовать OpenVPN, поскольку " +#~ "он мог быть остановлен перед ними. Новые версии пакета OpenVPN " +#~ "останавливают сервис позже. (т.е. ссылка K80openvpn в rc[06].d вместо " +#~ "K20openvpn)" + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "Создать устройство TUN/TAP?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Если Вы согласитесь, то пакет создаст для нужд openvpn специальное " +#~ "устройство по имени /dev/net/tun. Если Вы откажетесь, то устройство не " +#~ "будет сейчас создано. Прочитайте детали его создания в README.Debian. " +#~ "Если Вы используете devfs, откажитесь здесь." + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "Остановить openvpn перед обновлением?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "В некоторых случаях Вы можете обновлять openvpn на удаленном сервере, " +#~ "используя для этого VPN. Процесс обновления остановит работающий демон " +#~ "перед установкой новой версии, в этом случае Вы можете потерять Ваше " +#~ "подключение, обновление может быть прервано, и Вы не сможете подключиться " +#~ "заново к удаленной машине." diff --git a/debian/po/sv.po b/debian/po/sv.po new file mode 100644 index 0000000..dcd8ca5 --- /dev/null +++ b/debian/po/sv.po @@ -0,0 +1,196 @@ +# Translators, if you are not familiar with the PO format, gettext +# documentation is worth reading, especially sections dedicated to +# this format, e.g. by running: +# info -n '(gettext)PO Files' +# info -n '(gettext)Header Entry' +# Some information specific to po-debconf are available at +# /usr/share/doc/po-debconf/README-trans +# or http://www.debian.org/intl/l10n/po-debconf/README-trans +# Developers do not need to manually edit POT or PO files. +# , fuzzy +# +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.0.2-1\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-05-24 13:50+0100\n" +"Last-Translator: Andreas Henriksson <andreas@fatal.se>\n" +"Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n" +"Language: sv\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=iso-8859-1\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Poedit-Language: Swedish\n" +"X-Poedit-Country: SWEDEN\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Skapa TUN/TAP-grnssnittet?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Om du vljer detta alternativ kommer specialfilen /dev/net/tun som behvs av " +"OpenVPN att skapas." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Du skall ej vlja detta alternativ om du anvnder devfs." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Srbar slumptalsgenerator" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "En srbarhet har hittats i slumptalsgeneratorn som anvnds av OpenSSL p " +#~ "Ubuntu- och Debian-system. Som en fljd av denna srbarhet genereras " +#~ "vissa krypteringsnycklar mycket oftare n de borde, s att en attack kan " +#~ "utfras genom att med minimal kunskap om systemet nd kunna gissa sig " +#~ "fram till rtt nyckel genom att anvnda \"r kraft\" (automatiskt testa " +#~ "alla kombinationer)." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Alla nycklar som skapats p ett srbart system kan ha detta problem. " +#~ "Kommandot 'openssl-vulnkey' kan anvndas som ett del-test fr RSA-nycklar " +#~ "med vissa bit-storlekar, och 'openvpn-vulnkey' fr OpenVPNs delade " +#~ "hemliga nycklar. Anvndare uppmanas att verifiera deras nycklar eller " +#~ "helt enkelt generera om alla server- eller klient-certifikat och " +#~ "tillhrande nycklar som anvnds p systemet." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Vill du starta openvpn tidigare?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Tidigare versioner av OpenVPN startade samtidigt som mnga andra " +#~ "tjnster. Detta betyder att mnga av dessa tjnster inte kunde anvnda " +#~ "sig av OpenVPN eftersom den inte var tillgnglig nr de startade. Senare " +#~ "versioner av OpenVPN startar tidigare. (Dvs, en S18openvpn lnk i rc[235]." +#~ "d istllet fr en S20openvpn)" + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Om du accepterar hr kommer paketuppgraderingen att skapa denna t dig. " +#~ "Om du vgrar kommer ingenting att gras och OpenVPN kommer att fungerar " +#~ "precis som den gjorde tidigare." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Stoppa OpenVPN vid uppgradering?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Uppgraderingsprocessen avslutar tjnsten fre installationen av den nya " +#~ "versionen. Om du intallerar eller uppgraderar systemet via " +#~ "fjrranslutning kan detta eventuellt skapa problem under " +#~ "uppgraderingsprocessen." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Bortsett frn nr dina uppgraderingar utfrst lokalt, s br du vlja att " +#~ "inte stoppa OpenVPN fre uppgraderingen. Installationsprocessen kommer " +#~ "starta om tjnsten nr uppgraderingen r frdig." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Detta val blir aktivt vid nsta uppgradering." + +#~ msgid "Default port has changed" +#~ msgstr "Standardporten har ndrats" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "OpenVPN's standardport har ndrats frn 5000 till 1194 (IANA tilldelad). " +#~ "Om du inte anger porten som ska anvndas i dina VPN kan denna " +#~ "uppgradering f dom att sluta fungera." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Anvnd instllningen 'port 5000' om du vill behlla den gamla " +#~ "portkonfigurationen eller ta en titt p dina brandvggsregler fr att " +#~ "tillta den nya konfigurationen fr standardporten att fungera." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Vill du stoppa openvpn senare?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Tidigare versioner av OpenVPN stoppade samtidigt som mnga andra " +#~ "tjnster. Detta betyder att ngra av dessa tjnster som stoppades senare " +#~ "inte kunde anvnda sig av OpenVPN eftersom de hade stoppats fre dom. " +#~ "Senare versioner av OpenVPN stoppar tjnsten senare (exempel, en " +#~ "K80openvpn lnk i rc[06].d istllet fr en K20openvpn)" + +#~ msgid "Would you like a TUN/TAP device to be created?" +#~ msgstr "Vill du att en TUN/TAP-enhet skapas?" + +#~ msgid "" +#~ "If you accept here, the package will make a special device called /dev/" +#~ "net/tun for openvpn's use. If you refuse, the device won't be made now. " +#~ "Read README.Debian for details on how to make it. If you are using devfs " +#~ "refuse here." +#~ msgstr "" +#~ "Om du accepterar hr kommer paketet att skapa en speciell enhet kallad /" +#~ "dev/net/tun som OpenVPN anvnder. Om du vgrar kommer inte enheten att " +#~ "skapas. Ls README.Debian fr detaljer hur du skapar den. Om du anvnder " +#~ "devfs s ska du vgra hr." + +#~ msgid "Would you like to stop openvpn before it gets upgraded?" +#~ msgstr "Vill du stoppa openvpn fre den uppgraderas?" + +#~ msgid "" +#~ "In some cases you may be upgrading openvpn in a remote server using a VPN " +#~ "to do so. The upgrade process stops the running daemon before installing " +#~ "the new version, in that case you may lose your connection, the upgrade " +#~ "may be interrupted, and you may not be able to reconnect to the remote " +#~ "host." +#~ msgstr "" +#~ "I vissa fall kan du uppgradera OpenVPN i en fjrrserver via ett VPN. " +#~ "Uppgraderingsprocessen stoppar den krande daemonen fre installation av " +#~ "den nya versionen och du kommer att tappa frbindelsen, uppgraderingen " +#~ "kommer att avbrytas och du kanske inte kan teruppta frbindelsen till " +#~ "fjrrservern." diff --git a/debian/po/templates.pot b/debian/po/templates.pot new file mode 100644 index 0000000..1d2cff7 --- /dev/null +++ b/debian/po/templates.pot @@ -0,0 +1,38 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=CHARSET\n" +"Content-Transfer-Encoding: 8bit\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "" diff --git a/debian/po/tr.po b/debian/po/tr.po new file mode 100644 index 0000000..815dcf7 --- /dev/null +++ b/debian/po/tr.po @@ -0,0 +1,40 @@ +# Turkish translation of openvpn package +# Copyright (C) 2014 Mert Dirik +# This file is distributed under the same license as the openvpn package. +# Mert Dirik <mertdirik@gmail.com>, 2014. +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.3.2-9\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2014-08-30 22:55+0200\n" +"Last-Translator: Mert Dirik <mertdirik@gmail.com>\n" +"Language-Team: Debian L10n Turkish <debian-l10n-turkish@lists.debian.org>\n" +"Language: tr\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"X-Generator: Poedit 1.5.4\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "TUN/TAP aygıtı oluşturulsun mu?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "" +"Bu seçeneği seçtiğiniz takdirde OpenVPN'in gereksinim duyduğu /dev/net/tun " +"aygıtı oluşturulacak." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "devfs kullanıyorsanız bu seçeneği seçmeyin." diff --git a/debian/po/vi.po b/debian/po/vi.po new file mode 100644 index 0000000..1770c5f --- /dev/null +++ b/debian/po/vi.po @@ -0,0 +1,152 @@ +# Vietnamese translation for openvpn. +# Copyright © 2008 Free Software Foundation, Inc. +# Clytie Siddall <clytie@riverland.net.au>, 2005-2008. +# +msgid "" +msgstr "" +"Project-Id-Version: openvpn 2.1~rc7-2\n" +"Report-Msgid-Bugs-To: openvpn@packages.debian.org\n" +"POT-Creation-Date: 2011-05-10 17:48+0200\n" +"PO-Revision-Date: 2008-05-24 15:54+0930\n" +"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n" +"Language-Team: Vietnamese <vi-VN@googlegroups.com>\n" +"Language: vi\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=utf-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=1; plural=0;\n" +"X-Generator: LocFactoryEditor 1.7b3\n" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "Create the TUN/TAP device?" +msgstr "Tạo thiết bị TUN/TAP không?" + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "" +"If you choose this option, the /dev/net/tun device needed by OpenVPN will be " +"created." +msgstr "Bật tùy chọn này thì tạo thiết bị « /dev/net/tun » được OpenVPN cần." + +#. Type: boolean +#. Description +#: ../templates:2001 +msgid "You should not choose this option if you're using devfs." +msgstr "Không nên bật tùy chọn này nếu bạn đang dùng devfs." + +#~ msgid "Vulnerable random number generator" +#~ msgstr "Cơ chế tạo ra số ngẫu nhiên còn có thể lạm dụng" + +#~ msgid "" +#~ "A weakness has been discovered in the random number generator used by " +#~ "OpenSSL on Ubuntu and Debian systems. As a result of this weakness, " +#~ "certain encryption keys are generated much more frequently than they " +#~ "should be, such that an attacker could guess the key through a brute-" +#~ "force attack given minimal knowledge of the system." +#~ msgstr "" +#~ "Một sở đoản đã được phát hiện trong cơ chế tạo ra số ngẫu nhiên được " +#~ "OpenSSL dùng trên hệ thống Ubuntu và Debian. Kết quả của sở đoản này là " +#~ "một số khoá mật mã được tạo rất nhiều lần hơn số nên tạo, thì cho phép " +#~ "người tấn công đoán khoá thông qua một sự tấn công sức mạnh vũ phu, không " +#~ "cần biết nhiều về hệ thống đó." + +#~ msgid "" +#~ "Any keys created on a vulnerable system may be affected by this problem. " +#~ "The 'openssl-vulnkey' command may be used as a partial test for RSA keys " +#~ "with certain bit sizes, and the 'openvpn-vulnkey' for OpenVPN shared " +#~ "secret keys. Users are urged to verify their keys or simply regenerate " +#~ "any server or client certificates and keys in use on the system." +#~ msgstr "" +#~ "Bất cứ khoá nào được tạo trên hệ thống sử dụng gói OpenSSL của Debian thì " +#~ "bị vấn đề này ảnh hưởng. Có thể sử dụng câu lệnh « openssl-vulnkey » làm " +#~ "phép thử bộ phận phát hiện khoá RSA có một số kích cỡ cụ thể, và câu lệnh " +#~ "« openvpn-vulnkey » phát hiện khoá mật chia sẻ OpenVPN. Khuyên mọi người " +#~ "dùng thẩm tra các khoá hoặc đơn giản tạo ra bất cứ khoá hay chứng nhận " +#~ "nào kiểu máy phục vụ hay trình khách được dùng trên hệ thống đó." + +#~ msgid "Would you like to start openvpn sooner?" +#~ msgstr "Bạn có muốn khởi chạy trình openvpn sớm hơn không?" + +#~ msgid "" +#~ "Previous versions of openvpn started at the same time as most of other " +#~ "services. This means that most of these services couldn't use openvpn " +#~ "since it may have been unavailable when they started. Newer versions of " +#~ "the openvpn package will start earlier. (i.e. a S16openvpn link in rc" +#~ "[235].d instead of a S20openvpn)" +#~ msgstr "" +#~ "Phiên bản trước của trình openvpn đã khởi chạy cùng lúc với phần lớn dịch " +#~ "vụ khác. Có nghĩa là phần lớn dịch vụ này không thể dùng openvpn, vì nó " +#~ "có lẽ không sẵn sàng khi mỗi dịch vụ khởi chạy. Phiên bản mới hơn của gói " +#~ "openvn sẽ khởi chạy sớm hơn trong những cấp khởi chạy Debian (tức là một " +#~ "liên kết « S16openvpn » trong « rc[235].d » thay vào « S20openvpn »)." + +#~ msgid "" +#~ "If you accept here, the package upgrade will make this change for you. If " +#~ "you refuse, nothing will change, and openvpn will be working just like it " +#~ "did before." +#~ msgstr "" +#~ "Chấp nhận ở đây thì tiến trình nâng cấp gói sẽ làm thay đổi này cho bạn. " +#~ "Từ chối thì không thay đổi gì: openvpn sẽ hoạt động đúng như trước." + +#~ msgid "Stop OpenVPN when upgraded?" +#~ msgstr "Nâng cấp thì dừng OpenVPN không?" + +#~ msgid "" +#~ "The upgrade process stops the running daemon before installing the new " +#~ "version. If you are installing or upgrading the system remotely, that " +#~ "could break the upgrade process." +#~ msgstr "" +#~ "Tiến trình nâng cấp sẽ dừng chạy trình nền trước khi cài đặt phiên bản " +#~ "mới. Nếu bạn đang cài đặt hoặc nâng cấp hệ thống từ xa, tiến trình nâng " +#~ "cấp có thể bị phá vỡ." + +#~ msgid "" +#~ "Unless upgrades are performed locally, you should choose to not stop " +#~ "OpenVPN before it is upgraded. The installation process will restart it " +#~ "once the upgrade is completed." +#~ msgstr "" +#~ "Nếu không nâng cấp cục bộ, bạn nên chọn không dừng OpenVPN trước khi nâng " +#~ "cấp nó. Tiến trình cài đặt sẽ khởi chạy lại một khi nâng cấp xong." + +#~ msgid "This option will take effect for the next upgrade." +#~ msgstr "Tùy chọn này sẽ có tác động việc nâng cấp kế tiếp." + +#~ msgid "Default port has changed" +#~ msgstr "Cổng mặc định đã thay đổi" + +#~ msgid "" +#~ "OpenVPN's default port has changed from 5000 to 1194 (IANA assigned). If " +#~ "you don't specify the port to be used on your VPNs, this upgrade may " +#~ "break them." +#~ msgstr "" +#~ "Cổng mặc định của trình Openvpn đã thay đổi từ số 5000 thành số 1194 (do " +#~ "IANA gán). Nếu bạn không ghi rõ cổng cần dùng trên VPN, tiến trình nâng " +#~ "cấp này có thể phá vỡ nó." + +#~ msgid "" +#~ "Use the option 'port 5000' if you want to keep the old port " +#~ "configuration, or take a look at your firewall rules to allow the new " +#~ "default port configuration to work." +#~ msgstr "" +#~ "Hãy dùng tùy chọn « port 5000 » (cổng số 5000) nếu bạn muốn giữ cấu hình " +#~ "cổng cũ, hoặc hãy kiểm tra xem những quy tắc bức tường lửa là đúng, để " +#~ "cho phép cấu hình cổng mặc định hoạt động được." + +#~ msgid "Would you like to stop openvpn later?" +#~ msgstr "Bạn có muốn ngừng chạy trình openvpn trễ hơn không?" + +#~ msgid "" +#~ "Previous versions of openvpn stopped at the same time as most of other " +#~ "services. This meant that some of services stopping later couldn't use " +#~ "openvpn since it may have been stopped before them. Newer versions of the " +#~ "openvpn package will stop the service later. (i.e. a K80openvpn link in " +#~ "rc[06].d instead of a K20openvpn)" +#~ msgstr "" +#~ "Phiên bản trước của trình openvpn đã ngừng chạy cùng lúc với phần lớn " +#~ "dịch vụ khác. Có nghĩa là phần lớn dịch vụ này không thể dùng openvpn, vì " +#~ "nó có lẽ đã ngừng trước chúng. Phiên bản mới hơn của gói openvn sẽ ngừng " +#~ "chạy dịch vụ trễ hơn trong những cấp ngừng chạy Debian (tức là một liên " +#~ "kết « K80openvpn » trong « rc[235].d » thay vào « K20openvpn »)." diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..3776449 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,49 @@ +#!/bin/sh +# Copyright 2001 Alberto Gonzalez Iniesta <agi@agi.as> +# Licensed under the GNU General Public License, version 2. See the file +# /usr/share/common-licenses/GPL or <http://www.gnu.org/copyleft/gpl.txt>. +# +set -e +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +# use debconf +. /usr/share/debconf/confmodule + +case "$1" in + configure) + db_get openvpn/create_tun || RET="false" + if [ "$RET" = "true" ]; then + [ -e /dev/net ] || mkdir -m 755 /dev/net + [ -d /dev/net -a ! -e /dev/net/tun ] && mknod /dev/net/tun c 10 200 + fi + # move /run/openvpn.foo.pid to (subdir) /run/openvpn/foo.pid + if [ -n "$2" ] && dpkg --compare-versions "$2" lt 2.3.2-6 ; then + mkdir -p /run/openvpn + for f in $(ls /var/run/openvpn.*.pid /var/run/openvpn.*.status 2>/dev/null); do + mv "$f" "/run/openvpn/$(basename $f | sed 's/^openvpn\.//')" + done + fi + for f in /run/sendsigs.omit.d/openvpn.*.pid; do + [ -e "$f" ] && continue + b="$(basename $f|sed 's/openvpn\.//')" + # make sure is a vpn name, not *.pid (#730679) + echo "$b" | grep -q '\*' && continue + ln -sf "/run/openvpn/$b" "/run/sendsigs.omit.d/openvpn.$b" + done + ;; +esac + +if [ -x "/etc/init.d/openvpn" ]; then + if [ -x /usr/sbin/invoke-rc.d ]; then + invoke-rc.d openvpn cond-restart || invoke-rc.d openvpn restart + else + /etc/init.d/openvpn cond-restart || /etc/init.d/openvpn restart + fi +fi + +db_stop + +#DEBHELPER# + +exit 0 +# vim:set ai et sts=2 sw=2 tw=0: diff --git a/debian/prerm b/debian/prerm new file mode 100644 index 0000000..b888ef8 --- /dev/null +++ b/debian/prerm @@ -0,0 +1,34 @@ +#!/bin/sh +# Copyright 2004 Alberto Gonzalez Iniesta <agi@agi.as> +# Licensed under the GNU General Public License, version 2. See the file +# /usr/share/common-licenses/GPL or <http://www.gnu.org/copyleft/gpl.txt>. +# + +set -e +test $DEBIAN_SCRIPT_DEBUG && set -v -x + +stop_vpn () { + if [ -x "/etc/init.d/openvpn" ]; then + if [ -x /usr/sbin/invoke-rc.d ] ; then + invoke-rc.d openvpn stop + else + /etc/init.d/openvpn stop + fi + fi +} + + +case "$1" in + upgrade) + # don't stop the vpn, it will be restarted after the upgrade + true + ;; + *) + stop_vpn + ;; +esac + +#DEBHELPER# + +exit 0 +# vim:set ai et sts=2 sw=2 tw=0: diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..ad78a94 --- /dev/null +++ b/debian/rules @@ -0,0 +1,82 @@ +#!/usr/bin/make -f + +ifeq ($(DEB_HOST_ARCH_OS), kfreebsd) +# Avoid the /sbin/route wrapper which doesn't provide FreeBSD CLI as expected +ENV_VARS := IFCONFIG=/sbin/ifconfig ROUTE=/lib/freebsd/route +EXTRA_ARGS := +else +ENV_VARS := SYSTEMD_ASK_PASSWORD=/bin/systemd-ask-password IFCONFIG=/sbin/ifconfig ROUTE=/sbin/route IPROUTE=/sbin/ip +EXTRA_ARGS := --enable-systemd --enable-iproute2 +endif + +#export DH_VERBOSE=1 +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +%: + dh $@ --with systemd + +override_dh_auto_configure: + -test -f tests/t_client.sh.not || mv tests/t_client.sh tests/t_client.sh.not + $(ENV_VARS) dh_auto_configure -- $(shell dpkg-buildflags --export=configure) --enable-password-save --host=$(DEB_HOST_GNU_TYPE) --build=$(DEB_BUILD_GNU_TYPE) --prefix=/usr --mandir=\$${prefix}/share/man --with-plugindir=\$${prefix}/lib/openvpn --includedir=\$${prefix}/include/openvpn --enable-pkcs11 --enable-x509-alt-username $(EXTRA_ARGS) + + +override_dh_auto_build: + dh_auto_build + # The one shipped in the tarball gets rebuild (chaging /bin/sh in some cases) + #sed -i -e '1s%.*%#!/bin/sh%' tests/t_client.sh + # make plugins + # $(MAKE) -C plugin/auth-pam/ $(shell dpkg-buildflags --export=configure) + # $(MAKE) -C plugin/down-root/ $(shell dpkg-buildflags --export=configure) + +# we may not want to run dh_auto_test +#override_dh_auto_test: + +override_dh_auto_clean: + # These two get deleted on "make clean", but come in the tarball + # hack to keep them around after "make clean" + -test -f distro/rpm/openvpn.spec.not || mv distro/rpm/openvpn.spec distro/rpm/openvpn.spec.not + -test -f tests/t_client.sh.not || mv tests/t_client.sh tests/t_client.sh.not + dh_auto_clean + -test -f distro/rpm/openvpn.spec.not && mv distro/rpm/openvpn.spec.not distro/rpm/openvpn.spec + -test -f tests/t_client.sh.not && mv tests/t_client.sh.not tests/t_client.sh + # clean plugins + # $(MAKE) -C plugin/auth-pam/ clean + # $(MAKE) -C plugin/down-root/ clean + +override_dh_clean: + dh_clean -X win/openvpn.nsi.orig + +override_dh_auto_install: + dh_auto_install + install -m 755 sample/sample-scripts/verify-cn $(CURDIR)/debian/openvpn/usr/share/openvpn + install -m 755 debian/openvpn.if-up.d $(CURDIR)/debian/openvpn/etc/network/if-up.d/openvpn + install -m 755 debian/openvpn.if-down.d $(CURDIR)/debian/openvpn/etc/network/if-down.d/openvpn + # remove unwanted plugin files + rm -f $(CURDIR)/debian/openvpn/usr/lib/openvpn/*.la + # resolvconf script + install -m 755 debian/update-resolv-conf $(CURDIR)/debian/openvpn/etc/openvpn/update-resolv-conf + # bash completion + install -m 644 debian/openvpn.bash_completion $(CURDIR)/debian/openvpn/usr/share/bash-completion/completions/openvpn + +override_dh_installexamples: + dh_installexamples + ## remove windoze stuff + rm -rf $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/easy-rsa/Windows + rm -rf $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/sample + # remove gitignore file from samples + rm -f $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/sample-keys/.gitignore + # clean permissions to make lintian happy + # chmod a-x $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/easy-rsa/2.0/vars + # chmod a-x $(CURDIR)/debian/openvpn/usr/share/doc/openvpn/examples/easy-rsa/2.0/openssl-*.cnf + +override_dh_installinit: + dh_installinit --no-start -- defaults 16 80 + install -m 644 distro/systemd/openvpn-server@.service $(CURDIR)/debian/openvpn/lib/systemd/system + install -m 644 distro/systemd/openvpn-client@.service $(CURDIR)/debian/openvpn/lib/systemd/system + +override_dh_compress: + dh_compress --exclude=.cnf --exclude=pkitool + +override_dh_systemd_start: + dh_systemd_start --restart-after-upgrade + diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/templates b/debian/templates new file mode 100644 index 0000000..e39169c --- /dev/null +++ b/debian/templates @@ -0,0 +1,17 @@ +# These templates have been reviewed by the debian-l10n-english +# team +# +# If modifications/additions/rewording are needed, please ask +# debian-l10n-english@lists.debian.org for advice. +# +# Even minor modifications require translation updates and such +# changes should be coordinated with translators and reviewers. + +Template: openvpn/create_tun +Type: boolean +Default: false +_Description: Create the TUN/TAP device? + If you choose this option, the /dev/net/tun device + needed by OpenVPN will be created. + . + You should not choose this option if you're using devfs. diff --git a/debian/update-resolv-conf b/debian/update-resolv-conf new file mode 100644 index 0000000..fc2f031 --- /dev/null +++ b/debian/update-resolv-conf @@ -0,0 +1,58 @@ +#!/bin/bash +# +# Parses DHCP options from openvpn to update resolv.conf +# To use set as 'up' and 'down' script in your openvpn *.conf: +# up /etc/openvpn/update-resolv-conf +# down /etc/openvpn/update-resolv-conf +# +# Used snippets of resolvconf script by Thomas Hood and Chris Hanson. +# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL. +# +# Example envs set from openvpn: +# +# foreign_option_1='dhcp-option DNS 193.43.27.132' +# foreign_option_2='dhcp-option DNS 193.43.27.133' +# foreign_option_3='dhcp-option DOMAIN be.bnc.ch' +# + +[ -x /sbin/resolvconf ] || exit 0 +[ "$script_type" ] || exit 0 +[ "$dev" ] || exit 0 + +split_into_parts() +{ + part1="$1" + part2="$2" + part3="$3" +} + +case "$script_type" in + up) + NMSRVRS="" + SRCHS="" + for optionvarname in ${!foreign_option_*} ; do + option="${!optionvarname}" + echo "$option" + split_into_parts $option + if [ "$part1" = "dhcp-option" ] ; then + if [ "$part2" = "DNS" ] ; then + NMSRVRS="${NMSRVRS:+$NMSRVRS }$part3" + elif [ "$part2" = "DOMAIN" ] ; then + SRCHS="${SRCHS:+$SRCHS }$part3" + fi + fi + done + R="" + [ "$SRCHS" ] && R="search $SRCHS +" + for NS in $NMSRVRS ; do + R="${R}nameserver $NS +" + done + echo -n "$R" | /sbin/resolvconf -a "${dev}.openvpn" + ;; + down) + /sbin/resolvconf -d "${dev}.openvpn" + ;; +esac + diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..bffdf20 --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=3 +http://openvpn.net/index.php/open-source/downloads.html \ +(?:|.*/)openvpn(?:[_\-]v?|)(\d[^\s/]*)\.(?:tar\.xz|txz|tar\.bz2|tbz2|tar\.gz|tgz) |