-
openvpn (2.6.0~git20220818-1ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
openvpn (2.6.0~git20220818-1) unstable; urgency=medium
* New upstream version 2.6.0~git20220818
* Only depend on libcap-ng-dev on Linux
* Drop d/p/disable-dco-without-necessary-capabilities applied upstream
openvpn (2.6.0~git20220811-2) unstable; urgency=medium
* Cherry-Pick proposed upstream fix to disable DCO if unable to retain
capabilities, fixes network-manager-openvpn together with DCO
(Closes: #1017379)
openvpn (2.6.0~git20220811-1) unstable; urgency=medium
* New upstream version 2.6.0~git20220811
* Retain CAP_NET_ADMIN when dropping privileges (Closes: #976070)
* Add build-dependency on libcap-ng-dev
* Explicitly disable unit tests (Closes: #1016057)
* Drop obsolete entries from d/copyright
openvpn (2.6.0~git20220808-1) unstable; urgency=medium
[ Gianfranco Costamagna ]
* d/t/server-setup-with-ca:
- cherry-pick change in easy-rsa autopkgtests to remove conflicting
"vars" file.
[ Bernhard Schmidt ]
* New upstream version 2.6.0~git20220808
- switch to master branch now that DCO support has been merged
* Drop OpenSSL 3.0 digest name patch applied upstream
-- Gianfranco Costamagna <email address hidden> Mon, 22 Aug 2022 09:44:45 +0200
-
openvpn (2.6.0~git20220518+dco-3ubuntu2) kinetic; urgency=medium
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
- d/t/server-setup-with-ca:
- cherry-pick change in easy-rsa autopkgtests to remove conflicting
"vars" file.
-- Gianfranco Costamagna <email address hidden> Thu, 28 Jul 2022 08:58:35 +0200
-
openvpn (2.6.0~git20220518+dco-3ubuntu1) kinetic; urgency=medium
* d/t/server-setup-with-ca:
- cherry-pick change in easy-rsa autopkgtests to remove conflicting
"vars" file.
-- Gianfranco Costamagna <email address hidden> Thu, 28 Jul 2022 09:08:04 +0200
-
openvpn (2.6.0~git20220518+dco-3) unstable; urgency=medium
[ Lucas Kanashiro ]
* d/t/server-setup-with-static-key: set cipher to be DES-EDE3-CBC
* d/t/server-setup-with-static-key: use 'secret' to generate key
* d/t/server-setup-with-*: use 'set -x' in the test scripts
* d/t/control: add allow-stderr restriction
[ Bernhard Schmidt ]
* Import Ubuntu patch cherry-picked from upstream to translate OpenSSL 3.0
digest names into OpenSSL 1.1 digest names (Closes: #1012129)
-- Bernhard Schmidt <email address hidden> Sun, 24 Jul 2022 17:13:47 +0200
-
openvpn (2.6.0~git20220518+dco-2ubuntu4) kinetic; urgency=medium
* d/t/server-setup-with-ca:
- cherry-pick change in easy-rsa autopkgtests to remove conflicting
"vars" file.
-- Gianfranco Costamagna <email address hidden> Thu, 28 Jul 2022 08:58:35 +0200
-
openvpn (2.6.0~git20220518+dco-2ubuntu3) kinetic; urgency=medium
* d/t/control: add allow-stderr restriction. With 'set -x' in place some
messages are printed out in stderr.
-- Lucas Kanashiro <email address hidden> Thu, 14 Jul 2022 11:47:23 -0300
-
openvpn (2.6.0~git20220518+dco-2ubuntu2) kinetic; urgency=medium
* d/t/server-setup-with-static-key: set cipher to be DES-EDE3-CBC. The
default BF-CBC is deprecated, also CAST and RC2. For more information
check the upstream documentation.
* d/t/server-setup-with-static-key: use 'secret' instead of '--secret' when
generating a key to fix a deprecation warning.
* d/t/server-setup-with-*: use 'set -x' in the test scripts. This will
facilitate future debugging.
* d/p/openssl-3-support.patch: Translate OpenSSL 3.0 digest names to OpenSSL
1.1 digest names (LP: #1975574).
-- Lucas Kanashiro <email address hidden> Mon, 11 Jul 2022 17:56:18 -0300
-
openvpn (2.6.0~git20220518+dco-2ubuntu1) kinetic; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: Demote easy-rsa to Suggests (universe package).
- debian/openvpn@.service: Add '--script-security 2' similar to what
got added to debian/openvpn.init.d ages ago (LP #1454725)
* Drop changes fixed in new upstream release:
- d/p/openvpn-fips-2.4.patch: Allow MD5 for PRF in FIPS mode openssl.
- d/p/OpenSSL3.patch: work around the deprecated algorithm mismatch between
the OpenSSL3 branch and the OpenVPN 2.5 branch (LP #1945980)
- debian/patches/CVE-2022-0547.patch: disallow multiple deferred
authentication plug-ins in doc/man-sections/plugin-options.rst,
src/openvpn/plugin.c.
openvpn (2.6.0~git20220518+dco-2) unstable; urgency=medium
* Add d/NEWS entry about the release notes and DCO (Closes: #1011372)
openvpn (2.6.0~git20220518+dco-1) unstable; urgency=medium
* New upstream version 2.6.0~git20220518+dco
* Release to unstable
* Revert "Build against OpenSSL 3.0", OpenSSL 3.0 has landed in unstable
openvpn (2.6.0~git20220510+dco-1) experimental; urgency=medium
* New upstream version 2.6.0~git20220510+dco
* Suggest openvpn-dco-dkms
* Drop iproute2, linux builds use netlink
* Limit libnl-genl-3-dev build-dep (for dco) to linux-any
* Build against OpenSSL 3.0
openvpn (2.6.0~git20220317+dco-1) experimental; urgency=medium
* New upstream version 2.6.0~git20220317+dco
This is a snapshot of the upstream dco branch (data-channel offloading)
openvpn (2.5.6-1) unstable; urgency=high
* New upstream version 2.5.6
CVE-2022-0547 - Potential authentication by-pass with multiple deferred
authentication plug-ins plug-ins (Closes: #1008015)
-- Gianfranco Costamagna <email address hidden> Tue, 07 Jun 2022 11:51:28 +0200
-
openvpn (2.5.5-1ubuntu3) jammy; urgency=medium
* debian/patches/CVE-2022-0547.patch: updated to properly patch actual
manpage file in doc/openvpn.8.
-- Marc Deslauriers <email address hidden> Tue, 22 Mar 2022 13:22:27 -0400