Publishing details

Published on 2018-02-02
Changelog

openvpn (2.4.4-1ubuntu1~ubuntu16.04.1~c42.ppa1) xenial; urgency=medium

  * No-change backport to xenial

openvpn (2.4.4-1ubuntu1) bionic; urgency=medium

  * Sync with Debian. Remaining changes:
    - debian/openvpn@.service: Add "--script-security 2" similar to what got
      added to debian/openvpn.init.d ages ago (LP: #1454725)
    - Demote easy-rsa to Suggests (universe package).

openvpn (2.4.4-1) unstable; urgency=medium

  [ Jörg Frings-Fürst ]
  * New Upstream release:
    - Fix bounds check in read_key() (CVE-2017-12166) (Closes: #877089).
  * Declare compliance with Debian Policy 4.1.1. (No changes needed).
  * Drop dh-systemd from both Build-Depends and dh command line as
    it is enabled by default for dh compat level 10.
  * New debian/openvpn.lintian-overrides:
    - Override duplicate upstream changelog warning.
  * Remote obsolete directory /usr/lib/openvpn (The plugins directory are now
      /usr/lib/*/openvpn/plugins):
    - Remove /usr/lib/openvpn from debian/dirs.
    - Add debian/postrm to remove /usr/lib/openvpn on purge and remove.
    - Rewrite plugin section at README.Debian
  * Use pathfind() instead hard coded path for invoke-rc.d at debian/prerm
    and debian/postinst.
  * Remove outdated debian/README.source.
  * Remove obsolete syslog.target from debian/openvpn@.service.
  * Update Catalan translation (Closes: #870351).
    - Thanks to Alytidae <email address hidden>.
  * New directory /var/log/openvpn for log and status files
      (Closes: #444431, #553303):
    - Add var/log/openvpn into debian/dirs.
    - New debian/patches/move_log_dir.patch to change the conf files
      to the new log directory.

  [ Bernhard Schmidt ]
  * Further changes to debian/openvpn@.service copied from upstream
    - Enable Restart=on-failure
    - Use KillMode=process

openvpn (2.4.3-4) unstable; urgency=medium

  * fix FTBFS on kfreebsd
  * Adjust debian openvpn@.service to be closer to the upstream
    ones (Closes: #858558, #864031):
    - adjust Documentation URL to OpenVPN 2.4
    - use systemd READY signalling (Type=notify)
    - add ProtectHome=true
    - add After/Wants network-online.target
    - adjust CapabililtyBoundingSet

openvpn (2.4.3-3) unstable; urgency=medium

  [ Jörg Frings-Fürst ]
  * debian/control:
    - Set Bernhard Schmidt <email address hidden> as maintainer and myself as
      Uploader (Closes: #865555)
    - Many thanks to Alberto Gonzalez Iniesta.
    - Change Vcs-Browser to cgit.
  * Migrate to debhelper 10:
    - Change debian/compat to 10.
    - Bump minimum debhelper version in debian/control to >= 10.
  * Declare compliance with Debian Policy 4.0.0. (No changes needed).

  [ Bernhard Schmidt ]
  * properly remove obsolete /etc/tmpfiles.d/openvpn.conf using
    dpkg-maintscript-helper (Closes: #865717)
  * Change Vcs-Git and Homepage to https

openvpn (2.4.3-2) unstable; urgency=medium

  * The "Bye bye OpenVPN" revenge release
  * Put upstream tmpfiles conf in the right place and merge with Debian's.
    (Closes: #865589)

openvpn (2.4.3-1) unstable; urgency=high

  * The "Bye bye OpenVPN" release.
  * New upstream release fixing: (Closes: #865480)
    - CVE-2017-7508
    - CVE-2017-7520
    - CVE-2017-7521
    - CVE-2017-7522
  * Plugin libs have been moved to /usr/lib/ARCH/openvpn/plugins
  * debian/rules:
    - Remove obsolete options to configure script (enable-password-save,
      with-plugindir (now in ENV_VARS))
    - No need to install upstream's systemd unit files from debian/rules

openvpn (2.4.0-6) unstable; urgency=medium

  * Apply upstream patch to fix shrinking MTU sizes on reconnects causing not
    usable VPN tunnels.

openvpn (2.4.0-5) unstable; urgency=high

  * Change typo fix in command line help.
  * SECURITY UPDATE: pre-authentication denial-of-service vulnerability
    (both client and server) from a too-large control packet.
    - debian/patches/CVE-2017-7478.patch: Do not assert on too-large
      control packet
    - CVE-2017-7478
  * SECURITY UPDATE: authenticated remote DoS vulnerability due to
    packet ID rollover
    - debian/patches/CVE-2017-7479-prereq.patch: merge
      packet_id_alloc_outgoing() into packet_id_write()
    - debian/patches/CVE-2017-7479.patch: do not assert when packet ID
      rollover occurs
    - CVE-2017-7479
  * SECURITY UPDATE: auth tokens left in memory after de-auth
    - debian/patches/wipe_tokens_on_de-auth.patch: always wipe token
      as soon as a TLS session is considered broken.
   * Kudos to Steve Beattie <email address hidden> for doing all the
     backporting work for this upload.

openvpn (2.4.0-4) unstable; urgency=medium

  * Add NEWS entries on possible 2.4 migration issues.
    (Closes: #852381, #849909)

openvpn (2.4.0-3) unstable; urgency=medium

  * You shall run debdiff even when the change is only a word, or you may find
    out the word was not there...
  * Add liblz4-dev to Build-Depends. (Closing: #849563 for real)

openvpn (2.4.0-2) unstable; urgency=medium

  * Enable lz4 compression (Closes: #849563).
    Thanks Laurent Bigonville for noticing.

openvpn (2.4.0-1) unstable; urgency=medium

  * New upstream release.
  * Refresh debian/patches to new upstream coding style.
  * debian/NEWS.Debian. Add note on removed tls-remote option
    (Closes: #848062)

openvpn (2.4~rc1-2) unstable; urgency=medium

  * Make lintian happy:
    - Update debian/watch
    - Remove .gitignore file from samples
    - Add Depends on lsb-base
    - Move bash completion file to /usr/share
    - Remove unneeded dot in manpage
    - Bump Standards-Version
  * debian/patches/kfreebsd_support: Update patch for 2.4 series.

openvpn (2.4~rc1-1) unstable; urgency=medium

  * New upstream release
  * Update close_socket_before_scripts.patch to upstream's version
  * Add /etc/openvpn/client & /etc/openvpn/server directories for
    upstream's systemd units.

openvpn (2.4~beta1-1) experimental; urgency=medium

  * New upstream release
  * Change Build-Dep on libssl-dev to libssl1.0-dev since upstream is not
    transitioning to libssl1.1 yet.
  * Moved to debhelper compat 9.

openvpn (2.3.11-2) unstable; urgency=medium

  * Remove dependency on initscripts. (Closes: #804968)
  * README.Debian. Fix CapabilityBoundingSet reference.

openvpn (2.3.11-1) unstable; urgency=medium

  * New upstream release.
  * tun.c: patch to fix FTBFS in kfreebsd. (Closes: #815283)
    Thanks Steven Chamberlain for the patch.
  * README.Debian: Document limits in the service file.
    (Closes: #819919, #823621)
  * Removed versioned dependency on initscripts. (Closes: #804968)

 -- <email address hidden> (H.-Dirk Schmitt)  Sat, 03 Feb 2018 00:27:58 +0100
Available diffs

diff from 2.4.3-4ubuntu1~ubuntu16.04.1~c42.ppa1 to 2.4.4-1ubuntu1~ubuntu16.04.1~c42.ppa1 (272.3 KiB)
Builds

amd64
i386
Built packages

openvpn virtual private network daemon
Package files

openvpn_2.4.4-1ubuntu1~ubuntu16.04.1~c42.ppa1.debian.tar.xz (51.5 KiB)
openvpn_2.4.4-1ubuntu1~ubuntu16.04.1~c42.ppa1.dsc (1.6 KiB)
openvpn_2.4.4-1ubuntu1~ubuntu16.04.1~c42.ppa1_amd64.deb (463.2 KiB)
openvpn_2.4.4-1ubuntu1~ubuntu16.04.1~c42.ppa1_i386.deb (487.0 KiB)
openvpn_2.4.4.orig.tar.gz (1.3 MiB)