Hello community, here is the log from the commit of package govpn for openSUSE:Factory checked in at 2017-06-01 16:31:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/govpn (Old) and /work/SRC/openSUSE:Factory/.govpn.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "govpn" Thu Jun 1 16:31:36 2017 rev:4 rq:494556 version:7.3 Changes: -------- --- /work/SRC/openSUSE:Factory/govpn/govpn.changes 2016-07-27 16:12:57.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.govpn.new/govpn.changes 2017-06-01 16:31:37.884455979 +0200 @@ -1,0 +2,29 @@ +Thu May 11 09:48:42 UTC 2017 - jengelh@inai.de + +- Do not suppress errors from user/group creation +- Fix grammar problems in description, and drop filler wording. + +------------------------------------------------------------------- +Tue May 9 16:45:47 UTC 2017 - sor.alexei@meowr.ru + +- Update to version 7.3 (changes since 5.10): + * Argon2d is replaced with Balloon hashing. Found Argon2 + libraries written on pure Go have various problems. Moreover + Argon2i should be used instead, but it has some possible + cryptographic defects (http://eprint.iacr.org/2016/027). + So it is replaced with much more simpler (and seems even + cryptographically better) Balloon hashing + (https://crypto.stanford.edu/balloon/). + * (X)Salsa20 is replaced with ChaCha20. Theoretically it should + be faster and more secure. Previous versions are not compatible + with it! + * Ability to use TUN-interfaces under GNU/Linux. + * Fix a bug in client’s identity generation and detection code: + simultaneous clients may be incorrectly identified, preventing + their connection establishing and allowing DPI to detect GoVPN + packets. + * Fix seldom possible segmentation fault on the server during + rehandshake. + * Dependant cryptographic libraries are updated. + +------------------------------------------------------------------- Old: ---- govpn-5.10.tar.xz govpn-5.10.tar.xz.sig New: ---- govpn-7.3.tar.xz govpn-7.3.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ govpn.spec ++++++ --- /var/tmp/diff_new_pack.lw6lan/_old 2017-06-01 16:31:38.880315563 +0200 +++ /var/tmp/diff_new_pack.lw6lan/_new 2017-06-01 16:31:38.884314999 +0200 @@ -1,7 +1,7 @@ # # spec file for package govpn # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,14 +17,14 @@ Name: govpn -Version: 5.10 +Version: 7.3 Release: 0 -Summary: Simple Virtual Private Network Implementation +Summary: Virtual Private Network Implementation License: GPL-3.0+ Group: Productivity/Networking/Web/Proxy Url: http://govpn.info/ -Source: http://www.cypherpunks.ru/%{name}/download/%{name}-%{version}.tar.xz -Source1: http://www.cypherpunks.ru/%{name}/download/%{name}-%{version}.tar.xz.sig +Source: http://www.govpn.info/download/%{name}-%{version}.tar.xz +Source1: http://www.govpn.info/download/%{name}-%{version}.tar.xz.sig Source2: %{name}.keyring Source3: %{name}.conf Source4: %{name}@.service @@ -37,38 +37,37 @@ Suggests: %{name}-server = %{version} %description -GoVPN is simple free software virtual private network daemon, -aimed to be reviewable, secure, DPI/censorship-resistant, written -in Go. - -It uses fast strong passphrase authenticated key agreement protocol -with augmented zero-knowledge mutual peers authentication -(PAKE DH A-EKE). Encrypted, authenticated data transport that hides -message's length and timestamps. Perfect forward secrecy property. -Resistance to: offline dictionary attacks, replay attacks, client's -passphrases compromising and dictionary attacks on the server side. -Built-in heartbeating, rehandshaking, real-time statistics. Ability -to work through UDP, TCP and HTTP proxies. IPv4/IPv6-compatibility. +GoVPN is a virtual private network daemon, written in Go. + +It uses strong passphrase authenticated key agreement protocol with +augmented zero-knowledge mutual peers authentication (PAKE DH A-EKE). +It features encrypted authenticated data transport that hides +message's length and timestamps, has the Perfect Forward Secrecy +property, is resistant to offline dictionary attacks, replay attacks, +client's passphrases compromising and dictionary attacks on the +server side, has built-in heartbeating, rehandshaking, real-time +statistics, the ability to work through UDP, TCP and HTTP proxies, +and IPv4/IPv6-compatibility. %package server Summary: Simple Virtual Private Network Server Group: Productivity/Networking/Web/Servers Requires: %{name} = %{version} +Requires(pre): shadow %systemd_requires %description server -GoVPN is simple free software virtual private network daemon, -aimed to be reviewable, secure, DPI/censorship-resistant, written -in Go. - -It uses fast strong passphrase authenticated key agreement protocol -with augmented zero-knowledge mutual peers authentication -(PAKE DH A-EKE). Encrypted, authenticated data transport that hides -message's length and timestamps. Perfect forward secrecy property. -Resistance to: offline dictionary attacks, replay attacks, client's -passphrases compromising and dictionary attacks on the server side. -Built-in heartbeating, rehandshaking, real-time statistics. Ability -to work through UDP, TCP and HTTP proxies. IPv4/IPv6-compatibility. +GoVPN is a virtual private network daemon, written in Go. + +It uses strong passphrase authenticated key agreement protocol with +augmented zero-knowledge mutual peers authentication (PAKE DH A-EKE). +It features encrypted authenticated data transport that hides +message's length and timestamps, has the Perfect Forward Secrecy +property, is resistant to offline dictionary attacks, replay attacks, +client's passphrases compromising and dictionary attacks on the +server side, has built-in heartbeating, rehandshaking, real-time +statistics, the ability to work through UDP, TCP and HTTP proxies, +and IPv4/IPv6-compatibility. %prep %setup -q @@ -78,7 +77,7 @@ cp -f %{SOURCE6} %{name}.firewall %build -make %{?_smp_mflags} +make %{?_smp_mflags} V=1 %install make install-strip \ @@ -88,12 +87,12 @@ DOCDIR=%{buildroot}%{_docdir}/%{name}/ rm -f %{buildroot}%{_docdir}/%{name}/INSTALL -install -Dm 0644 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf +install -Dpm 0644 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf mkdir -p %{buildroot}%{_sysconfdir}/%{name}.d/ -install -Dm 0644 %{name}.firewall %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} +install -Dpm 0644 %{name}.firewall %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/%{name} -install -Dm 0644 %{name}@.service %{buildroot}%{_unitdir}/%{name}@.service -install -Dm 0644 %{name}.target %{buildroot}%{_unitdir}/%{name}.target +install -Dpm 0644 %{name}@.service %{buildroot}%{_unitdir}/%{name}@.service +install -Dpm 0644 %{name}.target %{buildroot}%{_unitdir}/%{name}.target %post %install_info --info-dir=%{_infodir} %{_infodir}/%{name}.info%{?ext_info} @@ -102,8 +101,10 @@ %install_info_delete --info-dir=%{_infodir} %{_infodir}/%{name}.info%{?ext_info} %pre server -%{_sbindir}/groupadd -r %{name} &> /dev/null || : -%{_sbindir}/useradd -g %{name} -s /bin/false -r -c "%{name} daemon" -f "%{_localstatedir}/lib/empty" %{name} &>/dev/null ||: +getent group %{name} >/dev/null || %{_sbindir}/groupadd -r %{name} +getent passwd %{name} >/dev/null || \ + %{_sbindir}/useradd -g %{name} -s /bin/false -r -c "%{name} daemon" \ + -d "%{_localstatedir}/lib/empty" %{name} %post server %service_add_post %{name}.target ++++++ govpn-5.10.tar.xz -> govpn-7.3.tar.xz ++++++ ++++ 54338 lines of diff (skipped)