| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: openvpn-down-root-plugin | Distribution: openSUSE 11.4 |
| Version: 2.1.4 | Vendor: openSUSE |
| Release: 11.30.1 | Build date: Wed Oct 17 14:20:23 2012 |
| Group: Productivity/Networking/Security | Build host: build18 |
| Size: 9704 | Source RPM: openvpn-2.1.4-11.30.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: http://openvpn.net/ | |
| Summary: OpenVPN down-root plugin | |
The OpenVPN down-root plugin allows an OpenVPN configuration to call a
down script with root privileges, even when privileges have been
dropped using --user/--group/--chroot.
This module uses a split privilege execution model which will fork()
before OpenVPN drops root privileges, at the point where the --up
script is usually called. The plugin will then remain in a wait state
until it receives a message from OpenVPN via pipe to execute the down
script. Thus, the down script will be run in the same execution
environment as the up script.
Authors:
--------
James Yonan <jim@yonan.net>
GPL-2.0+ ; LGPL-2.1+
* Wed Oct 17 2012 mt@suse.com
- Fixed openvpn init script to not map reopen to reload so the
reopen code is without any effect (bnc#781106).
- Added requested OPENVPN_AUTOSTART variable allowing to provide
an optional list of config names started by default (bnc#692440).
* Tue Mar 15 2011 crrodriguez@opensuse.org
- KVPNC is unable to parse openvpn version [bnc#679153]
* Thu Feb 17 2011 mt@suse.de
- Added X-Interactive: true LSB tag to the init script.
* Tue Nov 16 2010 mt@suse.de
- Updated to openvpn 2.1.4, providing several bug fixes and
improvements, such as:
* Fix of a problem with special case route targets
* Try to ensure, that the tun/tap interface gets closed on
non-graceful aborts.
* Several AUTH_FAILED reporting fixes causing the connection
to fail without any error indication.
* Enable exponential backoff in reliability layer retransmits.
* Proxy improvements
Please review the ChangeLog file for a complete and exact list.
* Wed Sep 08 2010 cristian.rodriguez@opensuse.org
- Do not include build date in binaries
* Tue Jun 15 2010 mt@suse.de
- Improved netconfig based client up and down sample scripts.
* Fri Jun 11 2010 anschneider@exsuse.de
- Added netconfig based client up and down scripts to samples.
* Thu Mar 11 2010 mt@suse.de
- Updated to openvpn 2.1.1; linux related changes since 2.1_rc20:
* Fixed a couple issues in sample plugins auth-pam.c and
down-root.c.
(1) Fail gracefully rather than segfault if calloc returns NULL.
(2) The openvpn_plugin_abort_v1 function can potentially be
called with handle == NULL. Add code to detect this case,
and if so, avoid dereferencing pointers derived from handle
(Thanks to David Sommerseth for finding this bug).
* Documented "multihome" option in the man page.
* Added a hard failure when peer provides a certificate chain
with depth > 16. Previously, a warning was issued.
* Added additional session renegotiation hardening. OpenVPN has
always required that mid-session renegotiations build up a new
SSL/TLS session from scratch. While the client certificate
common name is already locked against changes in mid-session
TLS renegotiations, we now extend this locking to the
auth-user-pass username as well as all certificate content in
the full client certificate chain.
- Improved openvpn init script adding messages giving a hint about
pid write failure and to look into the log messages (bnc#559041).
- Added -fno-strict-aliasing to compile flags in the spec file.
* Thu Dec 17 2009 mt@suse.de
- Updated to openvpn 2.1 2.1_rc20, fixing problems in route and
option handling provided by the from server (bnc#552440).
For complete list of changes, see ChangeLog file, here just
the IMO most important:
* Fixed a bug introduced in 2.1_rc17 (svn r4436) where using
the redirect-gateway option by itself, without any extra
parameters, would cause the option to be ignored.
* Optimized PUSH_REQUEST handshake sequence to shave several
seconds off of a typical client connection initiation.
* The maximum number of "route" directives (specified in the
config file or pulled from a server) can now be configured
via the new "max-routes" directive.
* Eliminated the limitation on the number of options that can
be pushed to clients, including routes. Previously, all
pushed options needed to fit within a 1024 byte options
string.
* Added --server-poll-timeout option : when polling possible
remote servers to connect to in a round-robin fashion,
spend no more than n seconds waiting for a response before
trying the next server.
* Added the ability for the server to provide a custom reason
string when an AUTH_FAILED message is returned to the client.
This string can be set by the server-side managment interface
and read by the client-side management interface.
* client-kill management interface command, when issued on server,
will now send a RESTART message to client. This feature is
intended to make UDP clients respond the same as TCP clients
in the case where the server issues a RESTART message in order
to force the client to reconnect and pull a new options/route
list.
* Fri Oct 02 2009 mt@suse.de
- Added network-remotefs to init script dependencies (bnc#522279).
* Wed Jun 10 2009 mt@suse.de
- Updated to openvpn 2.1 [2.1_rc18] series (fate#305289).
- Enabled pkcs11-helper for openSUSE > 10.3 (bnc#487558).
- Adopted spec file and patches, improved init script.
- Disabled installation of easy-rsa for Windows.
/usr/lib/openvpn/plugin/lib/openvpn-down-root.so
Generated by rpm2html 1.8.1
Fabrice Bellet, Mon May 20 05:28:07 2013