Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at Fri Mar 12 01:52:26 CET 2010. -------- --- openvpn/openvpn.changes 2009-12-18 14:41:33.000000000 +0100 +++ /mounts/work_src_done/STABLE/openvpn/openvpn.changes 2010-03-11 10:12:29.000000000 +0100 @@ -1,0 +2,25 @@ +Thu Mar 11 08:51:39 UTC 2010 - mt@suse.de + +- Updated to openvpn 2.1.1; linux related changes since 2.1_rc20: + * Fixed a couple issues in sample plugins auth-pam.c and + down-root.c. + (1) Fail gracefully rather than segfault if calloc returns NULL. + (2) The openvpn_plugin_abort_v1 function can potentially be + called with handle == NULL. Add code to detect this case, + and if so, avoid dereferencing pointers derived from handle + (Thanks to David Sommerseth for finding this bug). + * Documented "multihome" option in the man page. + * Added a hard failure when peer provides a certificate chain + with depth > 16. Previously, a warning was issued. + * Added additional session renegotiation hardening. OpenVPN has + always required that mid-session renegotiations build up a new + SSL/TLS session from scratch. While the client certificate + common name is already locked against changes in mid-session + TLS renegotiations, we now extend this locking to the + auth-user-pass username as well as all certificate content in + the full client certificate chain. +- Improved openvpn init script adding messages giving a hint about + pid write failure and to look into the log messages (bnc#559041). +- Added -fno-strict-aliasing to compile flags in the spec file. + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- openvpn-2.1_rc20.tar.gz openvpn-2.1_rc20.tar.gz.asc New: ---- openvpn-2.1.1.tar.gz openvpn-2.1.1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openvpn.spec ++++++ --- /var/tmp/diff_new_pack.gBq1Sr/_old 2010-03-12 01:52:11.000000000 +0100 +++ /var/tmp/diff_new_pack.gBq1Sr/_new 2010-03-12 01:52:11.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package openvpn (Version 2.1.0.20) +# spec file for package openvpn (Version 2.1.1) # -# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ # norootforbuild -%define upstream_version 2.1_rc20 +%define upstream_version 2.1.1 Name: openvpn Url: http://openvpn.net/ @@ -27,7 +27,7 @@ %if 0%{?suse_version} PreReq: %insserv_prereq %fillup_prereq %endif -Version: 2.1.0.20 +Version: 2.1.1 Release: 1 Summary: Full-featured SSL VPN solution using a TUN/TAP Interface Source: http://openvpn.net/release/openvpn-%{upstream_version}.tar.gz @@ -47,7 +47,7 @@ %define plugin_libdir %{plugin_dir}/lib %description -OpenVPN is a full-featured SSL VPN solution which can accomodate a wide +OpenVPN is a full-featured SSL VPN solution which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. @@ -134,7 +134,7 @@ %build autoreconf -fi -export CFLAGS="$RPM_OPT_FLAGS -W -Wall" +export CFLAGS="$RPM_OPT_FLAGS -W -Wall -fno-strict-aliasing" export LDFLAGS %configure \ --enable-pthread --enable-iproute2 \ ++++++ openvpn-2.1_rc20.tar.gz -> openvpn-2.1.1.tar.gz ++++++ ++++ 7207 lines of diff (skipped) ++++++ openvpn.init ++++++ --- /var/tmp/diff_new_pack.gBq1Sr/_old 2010-03-12 01:52:11.000000000 +0100 +++ /var/tmp/diff_new_pack.gBq1Sr/_new 2010-03-12 01:52:11.000000000 +0100 @@ -104,9 +104,19 @@ $openvpn --daemon \ --writepid "$pidfile" \ --config "$conf" \ - --cd $confdir \ - || rc_failed 1 - + --cd $confdir || \ + { + rc_status -v1 + if [ ! -w "$piddir" ]; then + # this is one possible reason, but common to + # all instances and better than nothing ... + echo " Can not write $pidfile" + rc_exit + fi + echo " See /var/log/messages for the failure reason" + rc_failed 1 + continue + } # write the status one line up rc_status -v1 done ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@Hilbert.suse.de