diff options
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 22 | ||||
| -rw-r--r-- | debian/control | 7 | ||||
| -rw-r--r-- | debian/gbp.conf | 3 | ||||
| -rw-r--r-- | debian/patches/auth-pam_libpam_so_filename.patch | 2 | ||||
| -rw-r--r-- | debian/patches/debian_nogroup_for_sample_files.patch | 26 | ||||
| -rw-r--r-- | debian/patches/fix-openssl-error.patch | 51 | ||||
| -rw-r--r-- | debian/patches/series | 4 | ||||
| -rw-r--r-- | debian/patches/spelling_errors.patch | 53 | ||||
| -rwxr-xr-x | debian/rules | 2 |
9 files changed, 34 insertions, 136 deletions
diff --git a/debian/changelog b/debian/changelog index ca70c2b..2f7724f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,25 @@ +openvpn (2.5~beta1-3) experimental; urgency=medium + + * Disable iproute2 support in favour of the new netlink based default. + Thanks to Fabio Pedretti + + -- Bernhard Schmidt <berni@debian.org> Sun, 16 Aug 2020 14:04:11 +0200 + +openvpn (2.5~beta1-2) experimental; urgency=medium + + * Set Build-Conflicts: systemctl, see Bug#959828 + + -- Bernhard Schmidt <berni@debian.org> Sun, 16 Aug 2020 10:33:47 +0200 + +openvpn (2.5~beta1-1) experimental; urgency=medium + + * d/gbp.conf for experimental 2.5 branch + * New upstream version 2.5~beta1 + * Adjust patches for new major upstream version + * Add python3-docutils to build-depends for manpage generation + + -- Bernhard Schmidt <berni@debian.org> Sat, 15 Aug 2020 21:32:49 +0200 + openvpn (2.4.9-3) unstable; urgency=medium [ Jörg Frings-Fürst ] diff --git a/debian/control b/debian/control index 43f6a50..3526094 100644 --- a/debian/control +++ b/debian/control @@ -6,7 +6,7 @@ Uploaders: Jörg Frings-Fürst <debian@jff.email> Build-Depends: debhelper-compat (= 13), dpkg-dev (>= 1.16.1), - iproute2 [linux-any], +# iproute2 [linux-any], liblz4-dev, liblzo2-dev, libp11-kit-dev, @@ -16,7 +16,12 @@ Build-Depends: libsystemd-dev [linux-any], net-tools [!linux-any], pkg-config, + python3-docutils, systemd [linux-any] +# systemctl from src:docker-systemctl-replacement declaring Provides: systemd +# only necessary for experimental with the apscud resolver +# See Bug#959828 +Build-Conflicts: systemctl Standards-Version: 4.5.0 Rules-Requires-Root: no Homepage: https://openvpn.net/ diff --git a/debian/gbp.conf b/debian/gbp.conf index cec628c..1526270 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -1,2 +1,5 @@ [DEFAULT] pristine-tar = True + +debian-branch = debian/experimental-2.5 +upstream-branch = upstream-2.5 diff --git a/debian/patches/auth-pam_libpam_so_filename.patch b/debian/patches/auth-pam_libpam_so_filename.patch index 2e7e5c4..336ccd4 100644 --- a/debian/patches/auth-pam_libpam_so_filename.patch +++ b/debian/patches/auth-pam_libpam_so_filename.patch @@ -6,7 +6,7 @@ Index: trunk/src/plugins/auth-pam/auth-pam.c --- trunk.orig/src/plugins/auth-pam/auth-pam.c +++ trunk/src/plugins/auth-pam/auth-pam.c @@ -716,7 +716,7 @@ pam_server(int fd, const char *service, - struct user_pass up; + char ac_file_name[PATH_MAX]; int command; #ifdef USE_PAM_DLOPEN - static const char pam_so[] = "libpam.so"; diff --git a/debian/patches/debian_nogroup_for_sample_files.patch b/debian/patches/debian_nogroup_for_sample_files.patch index f7dcaaa..3660453 100644 --- a/debian/patches/debian_nogroup_for_sample_files.patch +++ b/debian/patches/debian_nogroup_for_sample_files.patch @@ -27,32 +27,6 @@ Index: openvpn/sample/sample-config-files/tls-home.conf # If you built OpenVPN with # LZO compression, uncomment -Index: openvpn/sample/sample-config-files/static-home.conf -=================================================================== ---- openvpn.orig/sample/sample-config-files/static-home.conf 2016-11-21 09:53:43.608863207 +0100 -+++ openvpn/sample/sample-config-files/static-home.conf 2016-11-21 09:53:43.608863207 +0100 -@@ -43,7 +43,7 @@ - # "nobody" after initialization - # for extra security. - ; user nobody --; group nobody -+; group nogroup - - # If you built OpenVPN with - # LZO compression, uncomment -Index: openvpn/sample/sample-config-files/static-office.conf -=================================================================== ---- openvpn.orig/sample/sample-config-files/static-office.conf 2016-11-21 09:53:43.608863207 +0100 -+++ openvpn/sample/sample-config-files/static-office.conf 2016-11-21 09:53:43.608863207 +0100 -@@ -40,7 +40,7 @@ - # "nobody" after initialization - # for extra security. - ; user nobody --; group nobody -+; group nogroup - - # If you built OpenVPN with - # LZO compression, uncomment Index: openvpn/sample/sample-config-files/client.conf =================================================================== --- openvpn.orig/sample/sample-config-files/client.conf 2016-11-21 09:53:43.608863207 +0100 diff --git a/debian/patches/fix-openssl-error.patch b/debian/patches/fix-openssl-error.patch deleted file mode 100644 index 566d7e6..0000000 --- a/debian/patches/fix-openssl-error.patch +++ /dev/null @@ -1,51 +0,0 @@ -In the corner case that the global OpenSSL has an invalid command like - - MinProtocol = TLSv1.0 - -(Due to OpenSSL's idiosyncrasies MinProtocol = TLSv1 would be correct) - -the SSL_ctx_new function leaves the errors for parsing the config file -on the stack. - -OpenSSL: error:14187180:SSL routines:ssl_do_config:bad value - -Since the later functions, especially the one of loading the -certificates expected a clean error this error got reported at the -wrong place. - -Print the warnings with crypto_msg when we detect that we are in this -situation (this also clears the stack). ---- - src/openvpn/ssl_openssl.c | 10 ++++++++++ - 1 file changed, 10 insertions(+) - -diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c -index 5955c6bd..555cbbdf 100644 ---- a/src/openvpn/ssl_openssl.c -+++ b/src/openvpn/ssl_openssl.c -@@ -115,6 +115,11 @@ tls_ctx_server_new(struct tls_root_ctx *ctx) - { - crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method"); - } -+ if (ERR_peek_error() != 0) -+ { -+ crypto_msg(M_WARN, "Warning: TLS server context initialisation " -+ "has warnings."); -+ } - } - - void -@@ -128,6 +133,11 @@ tls_ctx_client_new(struct tls_root_ctx *ctx) - { - crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method"); - } -+ if (ERR_peek_error() != 0) -+ { -+ crypto_msg(M_WARN, "Warning: TLS client context initialisation " -+ "has warnings."); -+ } - } - - void --- -2.26.0 diff --git a/debian/patches/series b/debian/patches/series index 6ef394c..55bae8e 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,8 +2,6 @@ move_log_dir.patch auth-pam_libpam_so_filename.patch debian_nogroup_for_sample_files.patch openvpn-pkcs11warn.patch -kfreebsd_support.patch +#kfreebsd_support.patch match-manpage-and-command-help.patch -spelling_errors.patch systemd.patch -fix-openssl-error.patch diff --git a/debian/patches/spelling_errors.patch b/debian/patches/spelling_errors.patch deleted file mode 100644 index cac36d3..0000000 --- a/debian/patches/spelling_errors.patch +++ /dev/null @@ -1,53 +0,0 @@ -Description: correct tspelling errors -Author: Jörg Frings-Fürst <debian@jff.email> -Last-Update: 2018-07-29 ---- -This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ -Index: trunk/src/openvpn/buffer.c -=================================================================== ---- trunk.orig/src/openvpn/buffer.c -+++ trunk/src/openvpn/buffer.c -@@ -44,7 +44,7 @@ array_mult_safe(const size_t m1, const s - unsigned long long res = (unsigned long long)m1 * (unsigned long long)m2 + (unsigned long long)extra; - if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(extra > limit) || unlikely(res > (unsigned long long)limit)) - { -- msg(M_FATAL, "attemped allocation of excessively large array"); -+ msg(M_FATAL, "attempted allocation of excessively large array"); - } - return (size_t) res; - } -Index: trunk/src/openvpn/options.c -=================================================================== ---- trunk.orig/src/openvpn/options.c -+++ trunk/src/openvpn/options.c -@@ -448,7 +448,7 @@ static const char usage_message[] = - " user/pass via environment, if method='via-file', pass\n" - " user/pass via temporary file.\n" - "--auth-gen-token [lifetime] Generate a random authentication token which is pushed\n" -- " to each client, replacing the password. Usefull when\n" -+ " to each client, replacing the password. Useful when\n" - " OTP based two-factor auth mechanisms are in use and\n" - " --reneg-* options are enabled. Optionally a lifetime in seconds\n" - " for generated tokens can be set.\n" -Index: trunk/doc/openvpn.8 -=================================================================== ---- trunk.orig/doc/openvpn.8 -+++ trunk/doc/openvpn.8 -@@ -2181,7 +2181,7 @@ that - is parsed on the command line even though - the daemonization point occurs later. If one of the - .B \-\-log --options is present, it will supercede syslog -+options is present, it will supersede syslog - redirection. - - The optional -@@ -2292,7 +2292,7 @@ If - already exists it will be truncated. - This option takes effect - immediately when it is parsed in the command line --and will supercede syslog output if -+and will supersede syslog output if - .B \-\-daemon - or - .B \-\-inetd diff --git a/debian/rules b/debian/rules index f7c3377..a49ff29 100755 --- a/debian/rules +++ b/debian/rules @@ -6,7 +6,7 @@ ENV_VARS := IFCONFIG=/sbin/ifconfig ROUTE=/lib/freebsd/route EXTRA_ARGS := else ENV_VARS := SYSTEMD_ASK_PASSWORD=/bin/systemd-ask-password IFCONFIG=/sbin/ifconfig ROUTE=/sbin/route IPROUTE=/sbin/ip SYSTEMD_UNIT_DIR=/lib/systemd/system TMPFILES_DIR=/usr/lib/tmpfiles.d -EXTRA_ARGS := --enable-systemd --enable-iproute2 +EXTRA_ARGS := --enable-systemd endif #export DH_VERBOSE=1 |