Discussion:
Request 2.4.2-openvpn .deb package that is compatible with Debian Stretch
(too old to reply)
Javier Santos
2017-06-18 14:46:58 UTC
Permalink
Raw Message
Hi Samuli

Debian Stretch has just been released and we would appreciate it if you could create compatible .deb packages for the OS.

I tried to install 2.4.2-jessie0.deb (amd64) on Debian Stretch a few minutes ago and below is the error message:

----------------quote--------------------

Reading state information... Done
Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
openvpn : Depends: libssl1.0.0 (>= 1.0.1) but it is not installable
Depends: initscripts (>= 2.88dsf-13.3) but it is not installable
E: Unable to correct problems, you have held broken packages.

----------------end quote---------------

Thanks for your help.

Javier
Gert Doering
2017-06-18 18:56:42 UTC
Permalink
Raw Message
Hi,
Post by Javier Santos
Debian Stretch has just been released and we would appreciate it if you could create compatible .deb packages for the OS.
What does Stretch ship with? It *should* come with openvpn 2.4...

(Of course it makes sense to have Strech-compatible .deb for future
relases which are not going to be available out of the box right away)

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany ***@greenie.muc.de
fax: +49-89-35655025 ***@net.informatik.tu-muenchen.de
Samuli Seppänen
2017-06-19 08:48:24 UTC
Permalink
Raw Message
Post by Gert Doering
Hi,
Post by Javier Santos
Debian Stretch has just been released and we would appreciate it if you could create compatible .deb packages for the OS.
What does Stretch ship with? It *should* come with openvpn 2.4...
(Of course it makes sense to have Strech-compatible .deb for future
relases which are not going to be available out of the box right away)
gert
Hi,

We've actually had this problem with the latest Ubuntu non-LTS releases,
where initscripts have been completely replaced with systemd. However,
we only want to support LTS releases, as the non-LTS releases generally
have a fairly up-to-date OpenVPN anyways.

I will try to get Stretch support for the next OpenVPN releases. If
there are no surprised then that should be doable. What I'll do is
replace the "libssl1.0.0" dependency with "libssl1.0.2" and remove the
"initscripts" dependency altogether.
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
Javier Santos
2017-06-19 11:43:24 UTC
Permalink
Raw Message
Sent: Monday, June 19, 2017 at 4:48 PM
Subject: Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is compatible with Debian Stretch
I will try to get Stretch support for the next OpenVPN releases. If
there are no surprised then that should be doable. What I'll do is
replace the "libssl1.0.0" dependency with "libssl1.0.2" and remove the
"initscripts" dependency altogether.
Thanks, Samuli, for your offer of help.

When is the next OpenVPN release coming out? Any dates?

Regards

Javier
Samuli Seppänen
2017-06-19 18:52:43 UTC
Permalink
Raw Message
Post by Javier Santos
Sent: Monday, June 19, 2017 at 4:48 PM
Subject: Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is compatible with Debian Stretch
I will try to get Stretch support for the next OpenVPN releases. If
there are no surprised then that should be doable. What I'll do is
replace the "libssl1.0.0" dependency with "libssl1.0.2" and remove the
"initscripts" dependency altogether.
Thanks, Samuli, for your offer of help.
When is the next OpenVPN release coming out? Any dates?
Regards
Javier
Yes, we will make a release on Wednesday.
--
Samuli SeppÀnen
Community Manager
OpenVPN Technologies, Inc

irc freenode net: mattock
Javier Santos
2017-06-19 11:39:55 UTC
Permalink
Raw Message
Sent: Monday, June 19, 2017 at 2:56 AM
Subject: Re: [Openvpn-users] Request 2.4.2-openvpn .deb package that is compatible with Debian Stretch
Hi,
What does Stretch ship with? It *should* come with openvpn 2.4...
OpenVPN version 2.4.0-6

Package details: https://packages.debian.org/stretch/openvpn
Changelog: http://metadata.ftp-master.debian.org/changelogs/main/o/openvpn/openvpn_2.4.0-6_changelog

I did write to the maintainer, Alberto Gonzalez Iniesta, a few weeks ago asking him to create a backport of version 2.4.2 for Debian Jessie. He felt there was no need to do it. Well.....
Gert Doering
2017-06-19 12:59:37 UTC
Permalink
Raw Message
Hi,
Post by Javier Santos
I did write to the maintainer, Alberto Gonzalez Iniesta, a few weeks ago asking him to create a backport of version 2.4.2 for Debian Jessie. He felt there was no need to do it. Well.....
I think he actually backported the relevant security fixes of 2.4.2, so
you should be good - unless you need new functionality.

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany ***@greenie.muc.de
fax: +49-89-35655025 ***@net.informatik.tu-muenchen.de
Gert Doering
2017-06-19 15:00:01 UTC
Permalink
Raw Message
Hi,
By the way, the one that Samuli created, 2.4.2-jessie0.deb for Debian Jessie, includes new functionality, is that correct?
From a quick glance, mostly bugfixes or featurettes ("make things work
more like they were originally intended to").

But the list is surprisingly long...


$ git shortlog v2.4.0..v2.4.2
Antonio Quartulli (4):
attempt to add IPv6 route even when no IPv6 address was configured
fix redirect-gateway behaviour when an IPv4 default route does not exist
CRL: use time_t instead of struct timespec to store last mtime
ignore remote-random-hostname if a numeric host is provided

Christian Hesse (7):
man: fix formatting for alternative option
systemd: Use automake tools to install unit files
systemd: Do not race on RuntimeDirectory
systemd: Add more security feature for systemd units
Clean up plugin path handling
plugin: Remove GNUism in openvpn-plugin.h generation
fix typo in notification message

David Sommerseth (12):
management: >REMOTE operation would overwrite ce change indicator
management: Remove a redundant #ifdef block
git: Merge .gitignore files into a single file
systemd: Move the READY=1 signalling to an earlier point
plugin: Improve the handling of default plug-in directory
cleanup: Remove faulty env processing functions
auth-token: Ensure tokens are always wiped on de-auth
docs: Fixed man-page warnings discoverd by rpmlint
Make --cipher/--auth none more explicit on the risks
plugin: Fix documentation typo for type_mask
plugin: Export secure_memzero() to plug-ins
Preparing v2.4.2 release

Emmanuel Deloget (8):
OpenSSL: check for the SSL reason, not the full error
OpenSSL: don't use direct access to the internal of X509_STORE_CTX
OpenSSL: don't use direct access to the internal of SSL_CTX
OpenSSL: don't use direct access to the internal of X509_STORE
OpenSSL: don't use direct access to the internal of X509_OBJECT
OpenSSL: don't use direct access to the internal of RSA_METHOD
OpenSSL: SSLeay symbols are no longer available in OpenSSL 1.1
OpenSSL: use EVP_CipherInit_ex() instead of EVP_CipherInit()

Eric Thorpe (1):
Fix Building Using MSVC

Gert Doering (5):
Add openssl_compat.h to openvpn_SOURCES
Fix '--dev null'
Fix installation of IPv6 host route to VPN server when using iservice.
Make ENABLE_OCC no longer depend on !ENABLE_SMALL
Preparing for release v2.4.1 (ChangeLog, version.m4)

Gisle Vanem (1):
Crash in options.c

Hristo Venev (1):
Fix extract_x509_field_ssl for external objects, v2

Ilya Shipitsin (2):
Resolve several travis-ci issues
travis-ci: remove unused files

Olivier Wahrenberger (1):
Fix building with LibreSSL 2.5.1 by cleaning a hack.

Selva Nair (5):
Fix push options digest update
Always release dhcp address in close_tun() on Windows.
Add a check for -Wl, --wrap support in linker
Fix user's group membership check in interactive service to work with domains
In auth-pam plugin clear the password after use

Simon Matter (1):
Fix segfault when using crypto lib without AES-256-CTR or SHA256

Steffan Karger (18):
More broadly enforce Allman style and braces-around-conditionals
Use SHA256 for the internal digest, instead of MD5
OpenSSL: 1.1 fallout - fix configure on old autoconf
Fix types in WIN32 socket_listen_accept()
Remove duplicate X509 env variables
Fix non-C99-compliant builds: don't use const size_t as array length
Deprecate --ns-cert-type
Be less picky about keyUsage extensions
cleanup: merge packet_id_alloc_outgoing() into packet_id_write()
Don't run packet_id unit tests for --disable-crypto builds
Fix Changes.rst layout
Fix memory leak in x509_verify_cert_ku()
mbedtls: correctly check return value in pkcs11_certificate_dn()
Restore pre-NCP frame parameters for new sessions
Always clear username/password from memory on error
Document tls-crypt security considerations in man page
Don't assert out on receiving too-large control packets (CVE-2017-7478)
Drop packets instead of assert out if packet id rolls over (CVE-2017-7479)

ValdikSS (1):
Set a low interface metric for tap adapter when block-outside-dns is in use
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany ***@greenie.muc.de
fax: +49-89-35655025 ***@net.informatik.tu-muenchen.de
Loading...