Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openvpn-down-root-plugin-2.2.2-9.5.1 RPM for armv7hl

From OpenSuSE 12.3 updates for armv7hl

Name: openvpn-down-root-plugin Distribution: openSUSE 12.3
Version: 2.2.2 Vendor: openSUSE
Release: 9.5.1 Build date: Fri Nov 1 11:36:33 2013
Group: Productivity/Networking/Security Build host: armbuild08
Size: 9804 Source RPM: openvpn-2.2.2-9.5.1.src.rpm
Summary: OpenVPN down-root plugin
The OpenVPN down-root plugin allows an OpenVPN configuration to call a
down script with root privileges, even when privileges have been
dropped using --user/--group/--chroot.

This module uses a split privilege execution model which will fork()
before OpenVPN drops root privileges, at the point where the --up
script is usually called.  The plugin will then remain in a wait state
until it receives a message from OpenVPN via pipe to execute the down
script.  Thus, the down script will be run in the same execution
environment as the up script.

    James Yonan <>




SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1


* Thu Oct 31 2013
  - Applied upstream patch changing to use a constant time memcmp
    when comparing HMACs in openvpn_decrypt to address ciphertext
    injection in UDP mode (CVE-2013-2061, bnc#843509).
* Mon Jan 28 2013
  - Join openvpn.service systemd cgroup in start when needed, e.g.
    when starting with further parameters. (bnc#781106)
* Thu Nov 29 2012
  - Verify GPG signature.
* Fri Sep 21 2012
  - fix ciaran's previous license entry. the license has a SUSE prefix
* Thu Sep 20 2012
  - Fixed openvpn init script to not map reopen to reload so the
    reopen code is without any effect (bnc#781106).
  - Added requested OPENVPN_AUTOSTART variable allowing to provide
    an optional list of config names started by default (bnc#692440).
* Wed Aug 22 2012
  - license update: GPL-2.0-with-openssl-exception and LGPL-2.1
    openssl has an openssl exception (also, it is GPL-2.0 only)
* Thu Mar 29 2012
  - Fixed SLES build readding Group tags to sub-packages in spec,
    not require libselinux-devel on SLE-10 and datadir/doc cleanup.
* Wed Feb 15 2012
  - Updated to openvpn-2.2.2:
    - Warn once, that IPv6 in tun mode is not supported in OpenVPN 2.2
    - Pkcs11 support built into the Windows version
    - Fixed a bug in the Windows TAP-driver
* Thu Dec 08 2011
  - Fix source URLs.
* Fri Dec 02 2011
  - add automake as buildrequire to avoid implicit dependency
* Mon Aug 29 2011
  - Marked /var/run/openvpn as ghost (bnc#710270), man page and
    other rpmlint warning fixes
* Tue Aug 23 2011
  - BuildRequires libselinux-devel
  - Use SSL_MODE_RELEASE_BUFFERS to keep memory usage low, sent
    upstream as
* Mon Aug 22 2011
  - Add openvpn-2.1-systemd-passwd.patch / modify openvpn.init to
    support systemd password query (bnc#675406)
* Mon Jul 11 2011
  - Updated to openvpn-2.2.1, a new version series providing several
    new features. This version fixes build issues and provides
    updated easy-rsa for OpenSSL 1.0.0 (fixes Trac ticket #125),
  - Adopted spec file, enabled saving password in a file and to
    specify an alternative username in x509 cert.
  - Removed X-Interactive from init script again, as systemd isn't
    able to use it correctly [any more?] (bnc#675406). We will
    address it later and probably use /bin/systemd-ask-password.
* Tue Mar 15 2011
  - KVPNC is unable to parse openvpn version [bnc#679153]
* Thu Feb 17 2011
  - Added X-Interactive: true LSB tag to the init script.
* Tue Nov 16 2010
  - Updated to openvpn 2.1.4, providing several bug fixes and
    improvements, such as:
    * Fix of a problem with special case route targets
    * Try to ensure, that the tun/tap interface gets closed on
      non-graceful aborts.
    * Several AUTH_FAILED reporting fixes causing the connection
      to fail without any error indication.
    * Enable exponential backoff in reliability layer retransmits.
    * Proxy improvements
    Please review the ChangeLog file for a complete and exact list.
* Wed Sep 08 2010
  - Do not include build date in binaries
* Tue Jun 15 2010
  - Improved netconfig based client up and down sample scripts.
* Fri Jun 11 2010
  - Added netconfig based client up and down scripts to samples.
* Thu Mar 11 2010
  - Updated to openvpn 2.1.1; linux related changes since 2.1_rc20:
    * Fixed a couple issues in sample plugins auth-pam.c and
      (1) Fail gracefully rather than segfault if calloc returns NULL.
      (2) The openvpn_plugin_abort_v1 function can potentially be
      called with handle == NULL.  Add code to detect this case,
    and if so, avoid dereferencing pointers derived from handle
    (Thanks to David Sommerseth for finding this bug).
    * Documented "multihome" option in the man page.
    * Added a hard failure when peer provides a certificate chain
      with depth > 16.  Previously, a warning was issued.
    * Added additional session renegotiation hardening. OpenVPN has
      always required that mid-session renegotiations build up a new
      SSL/TLS session from scratch. While the client certificate
      common name is already locked against changes in mid-session
      TLS renegotiations, we now extend this locking to the
      auth-user-pass username as well as all certificate content in
      the full client certificate chain.
  - Improved openvpn init script adding messages giving a hint about
    pid write failure and to look into the log messages (bnc#559041).
  - Added -fno-strict-aliasing to compile flags in the spec file.
* Thu Dec 17 2009
  - Updated to openvpn 2.1 2.1_rc20, fixing problems in route and
    option handling provided by the from server (bnc#552440).
    For complete list of changes, see ChangeLog file, here just
    the IMO most important:
    * Fixed a bug introduced in 2.1_rc17 (svn r4436) where using
      the redirect-gateway option by itself, without any extra
      parameters, would cause the option to be ignored.
    * Optimized PUSH_REQUEST handshake sequence to shave several
      seconds off of a typical client connection initiation.
    * The maximum number of "route" directives (specified in the
      config file or pulled from a server) can now be configured
      via the new "max-routes" directive.
    * Eliminated the limitation on the number of options that can
      be pushed to clients, including routes. Previously, all
      pushed options needed to fit within a 1024 byte options
    * Added --server-poll-timeout option : when polling possible
      remote servers to connect to in a round-robin fashion,
      spend no more than n seconds waiting for a response before
      trying the next server.
    * Added the ability for the server to provide a custom reason
      string when an AUTH_FAILED message is returned to the client.
      This string can be set by the server-side managment interface
      and read by the client-side management interface.
    * client-kill management interface command, when issued on server,
      will now send a RESTART message to client. This feature is
      intended to make UDP clients respond the same as TCP clients
      in the case where the server issues a RESTART message in order
      to force the client to reconnect and pull a new options/route
* Fri Oct 02 2009
  - Added network-remotefs to init script dependencies (bnc#522279).
* Wed Jun 10 2009
  - Updated to openvpn 2.1 [2.1_rc18] series (fate#305289).
  - Enabled pkcs11-helper for openSUSE > 10.3 (bnc#487558).
  - Adopted spec file and patches, improved init script.
  - Disabled installation of easy-rsa for Windows.



Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Feb 10 05:08:15 2016