Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is compatible with Debian Stretch
On 19/06/2017 14:43, Javier Santos wrote: >> Sent: Monday, June 19, 2017 at 4:48 PM >> From: "Samuli Seppänen" >> To: "Gert Doering" , "Javier Santos" >> >> Cc: openvpn-users@lists.sourceforge.net >> Subject: Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is >> compatible with Debian Stretch >> On 18/06/2017 21:56, Gert Doering wrote: >> >> I will try to get Stretch support for the next OpenVPN releases. If >> there are no surprised then that should be doable. What I'll do is >> replace the "libssl1.0.0" dependency with "libssl1.0.2" and remove the >> "initscripts" dependency altogether. > > Thanks, Samuli, for your offer of help. > > When is the next OpenVPN release coming out? Any dates? > > Regards > > Javier > Yes, we will make a release on Wednesday. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock 0x40864578.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is compatible with Debian Stretch
Hi, On Mon, Jun 19, 2017 at 04:37:29PM +0200, Javier Santos wrote: > By the way, the one that Samuli created, 2.4.2-jessie0.deb for Debian Jessie, > includes new functionality, is that correct? From a quick glance, mostly bugfixes or featurettes ("make things work more like they were originally intended to"). But the list is surprisingly long... $ git shortlog v2.4.0..v2.4.2 Antonio Quartulli (4): attempt to add IPv6 route even when no IPv6 address was configured fix redirect-gateway behaviour when an IPv4 default route does not exist CRL: use time_t instead of struct timespec to store last mtime ignore remote-random-hostname if a numeric host is provided Christian Hesse (7): man: fix formatting for alternative option systemd: Use automake tools to install unit files systemd: Do not race on RuntimeDirectory systemd: Add more security feature for systemd units Clean up plugin path handling plugin: Remove GNUism in openvpn-plugin.h generation fix typo in notification message David Sommerseth (12): management: >REMOTE operation would overwrite ce change indicator management: Remove a redundant #ifdef block git: Merge .gitignore files into a single file systemd: Move the READY=1 signalling to an earlier point plugin: Improve the handling of default plug-in directory cleanup: Remove faulty env processing functions auth-token: Ensure tokens are always wiped on de-auth docs: Fixed man-page warnings discoverd by rpmlint Make --cipher/--auth none more explicit on the risks plugin: Fix documentation typo for type_mask plugin: Export secure_memzero() to plug-ins Preparing v2.4.2 release Emmanuel Deloget (8): OpenSSL: check for the SSL reason, not the full error OpenSSL: don't use direct access to the internal of X509_STORE_CTX OpenSSL: don't use direct access to the internal of SSL_CTX OpenSSL: don't use direct access to the internal of X509_STORE OpenSSL: don't use direct access to the internal of X509_OBJECT OpenSSL: don't use direct access to the internal of RSA_METHOD OpenSSL: SSLeay symbols are no longer available in OpenSSL 1.1 OpenSSL: use EVP_CipherInit_ex() instead of EVP_CipherInit() Eric Thorpe (1): Fix Building Using MSVC Gert Doering (5): Add openssl_compat.h to openvpn_SOURCES Fix '--dev null' Fix installation of IPv6 host route to VPN server when using iservice. Make ENABLE_OCC no longer depend on !ENABLE_SMALL Preparing for release v2.4.1 (ChangeLog, version.m4) Gisle Vanem (1): Crash in options.c Hristo Venev (1): Fix extract_x509_field_ssl for external objects, v2 Ilya Shipitsin (2): Resolve several travis-ci issues travis-ci: remove unused files Olivier Wahrenberger (1): Fix building with LibreSSL 2.5.1 by cleaning a hack. Selva Nair (5): Fix push options digest update Always release dhcp address in close_tun() on Windows. Add a check for -Wl, --wrap support in linker Fix user's group membership check in interactive service to work with domains In auth-pam plugin clear the password after use Simon Matter (1): Fix segfault when using crypto lib without AES-256-CTR or SHA256 Steffan Karger (18): More broadly enforce Allman style and braces-around-conditionals Use SHA256 for the internal digest, instead of MD5 OpenSSL: 1.1 fallout - fix configure on old autoconf Fix types in WIN32 socket_listen_accept() Remove duplicate X509 env variables Fix non-C99-compliant builds: don't use const size_t as array length Deprecate --ns-cert-type Be less picky about keyUsage extensions cleanup: merge packet_id_alloc_outgoing() into packet_id_write() Don't run packet_id unit tests for --disable-crypto builds Fix Changes.rst layout Fix memory leak in x509_verify_cert_ku() mbedtls: correctly check return value in pkcs11_certificate_dn() Restore pre-NCP frame parameters for new sessions Always clear username/password from memory on error Document tls-crypt security considerations in man page Don't assert out on receiving too-large control packets (CVE-2017-7478) Drop packets instead of assert out if packet id rolls over (CVE-2017-7479) ValdikSS (1): Set a low interface metric for tap adapter when block-outside-dns is in use -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech si
Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is compatible with Debian Stretch
Hi, On Mon, Jun 19, 2017 at 01:39:55PM +0200, Javier Santos wrote: > I did write to the maintainer, Alberto Gonzalez Iniesta, a few weeks ago > asking him to create a backport of version 2.4.2 for Debian Jessie. He felt > there was no need to do it. Well. I think he actually backported the relevant security fixes of 2.4.2, so you should be good - unless you need new functionality. gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is compatible with Debian Stretch
>Sent: Monday, June 19, 2017 at 4:48 PM >From: "Samuli Seppänen" >To: "Gert Doering" , "Javier Santos" > >Cc: openvpn-users@lists.sourceforge.net >Subject: Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is >compatible with Debian Stretch >On 18/06/2017 21:56, Gert Doering wrote: > >I will try to get Stretch support for the next OpenVPN releases. If >there are no surprised then that should be doable. What I'll do is >replace the "libssl1.0.0" dependency with "libssl1.0.2" and remove the >"initscripts" dependency altogether. Thanks, Samuli, for your offer of help. When is the next OpenVPN release coming out? Any dates? Regards Javier -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is compatible with Debian Stretch
>Sent: Monday, June 19, 2017 at 2:56 AM >From: "Gert Doering" >To: "Javier Santos" >Cc: openvpn-users@lists.sourceforge.net >Subject: Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is >compatible with Debian Stretch >Hi, > >What does Stretch ship with? It *should* come with openvpn 2.4... OpenVPN version 2.4.0-6 Package details: https://packages.debian.org/stretch/openvpn Changelog: http://metadata.ftp-master.debian.org/changelogs/main/o/openvpn/openvpn_2.4.0-6_changelog I did write to the maintainer, Alberto Gonzalez Iniesta, a few weeks ago asking him to create a backport of version 2.4.2 for Debian Jessie. He felt there was no need to do it. Well. -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is compatible with Debian Stretch
On 18/06/2017 21:56, Gert Doering wrote: > Hi, > > On Sun, Jun 18, 2017 at 04:46:58PM +0200, Javier Santos wrote: >> Debian Stretch has just been released and we would appreciate it if you >> could create compatible .deb packages for the OS. > > What does Stretch ship with? It *should* come with openvpn 2.4... > > (Of course it makes sense to have Strech-compatible .deb for future > relases which are not going to be available out of the box right away) > > gert > Hi, We've actually had this problem with the latest Ubuntu non-LTS releases, where initscripts have been completely replaced with systemd. However, we only want to support LTS releases, as the non-LTS releases generally have a fairly up-to-date OpenVPN anyways. I will try to get Stretch support for the next OpenVPN releases. If there are no surprised then that should be doable. What I'll do is replace the "libssl1.0.0" dependency with "libssl1.0.2" and remove the "initscripts" dependency altogether. -- Samuli Seppänen Community Manager OpenVPN Technologies, Inc irc freenode net: mattock 0x40864578.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users