openvpn-auth-pam-plugin-2.3.8-12.1>t  DH`pYP璸/=„)){3'rc#ڕ‰so~}l"ɤ"A67;gs&j Ӥqjma3)+҂ b &22"ߤǒ6u,rH.EkSL&u羫?>yPAxf@j)5I1|c}I)%YdP 4b+Өܗ?v@*ƚ)kR ǜ`CZ:ƻ*h1ڽ.׼33c3492a0d4069ef035e04a42245e1228e93532dj:YP璸/=„NݵX|5Ve]R`o-}5荤=2# Iad~'`%1%UBVL.޾3([q="Nk*ְ^O9HM`A?_:pًq3_[@](LћuqVemM+'%q-="fa #O^p,rNDfDh%G&*Q |Dķ0X=_)";|>:P?Pd  % =TX`dw    $ 0 S Xds 4 H (k8t+9 +:+FMGMHNINXNYN \N8]ND^NobNcO4dOeOfOlOuOvOwPTxP`yPlzPCopenvpn-auth-pam-plugin2.3.812.1OpenVPN auth-pam pluginThe OpenVPN auth-pam plugin implements username/password authentication via PAM, and essentially allows any authentication method supported by PAM (such as LDAP, RADIUS, or Linux Shadow passwords) to be used with OpenVPN. While PAM supports username/password authentication, this can be combined with X509 certificates to provide two indepedent levels of authentication. This plugin uses a split privilege execution model which will function even if you drop openvpn daemon privileges using the user, group, or chroot directives.YPlamb699HopenSUSE Leap 42.3openSUSESUSE-GPL-2.0-with-openssl-exception and LGPL-2.1http://bugs.opensuse.orgProductivity/Networking/Securityhttp://openvpn.net/linuxx86_649HAAYPYPYP7df1da56edd8644212fc80710cabbd87rootrootrootrootrootrootopenvpn-2.3.8-12.1.src.rpmopenvpn-auth-pam-pluginopenvpn-auth-pam-plugin(x86-64)openvpn-plugin-auth-pam.so()(64bit)@@@@@@@   libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)openvpnrpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)2.3.83.0.4-14.0-14.4.6-14.11.2YI@Y@X@XV&@U@ŬUU'T|X@R&RΏ@R fallout. - Permit pool size of /64.../112 for ifconfig-ipv6-pool - Add MIN() compatibility macro - Fix directly connected routes for "topology subnet" on Solaris. - close more file descriptors on exec - Ignore UTF-8 byte order mark - reintroduce --no-name-remapping option - make --tls-remote compatible with pre 2.3 configs - add new option for X.509 name verification - add man page patch for missing options - Fix parameter listing in non-debug builds at verb 4 - (updated) [PATCH] Warn when using verb levels >=7 without debug - Enable TCP_NODELAY configuration on FreeBSD. - Updated README - Cleaned up and updated INSTALL - PolarSSL-1.2 support - Improve PolarSSL key_state_read_{cipher, plain}text messages - Improve verify_callback messages - Config compatibility patch. Added translate_cipher_name. - Switch to IANA names for TLS ciphers. - Fixed autoconf script to properly detect missing pkcs11 with polarssl. - Use constant time memcmp when comparing HMACs in openvpn_decrypt.- Try to migrate openvpn.service autostart to openvpn@.service instance enablement.- Fixed to enable systemd support in configure - Fixed openvpn-tmpfile.conf to use GID root, there is no openvpn group. - Added openvpn.target file allowing to handle all instances at once. - Fixed to install the service template correctly as openvpn@.service. Use "systemctl enable openvpn@foo.service" to enable instance using /etc/openvpn/foo.conf. - Disabled systemd variant of restart on update rpm macro, adopted other macros to use openvpn.target to e.g. stop all instances on uninstall.- Remove _unitdir definition, it is provided by systemd. - Install service file without x permissionsUpdate to version 2.3.0: * Full IPv6 support * SSL layer modularised, enabling easier implementation for other SSL libraries * PolarSSL support as a drop-in replacement for OpenSSL * New plug-in API providing direct certificate access, improved logging API and easier to extend in the future * Added 'dev_type' environment variable to scripts and plug-ins - which is set to 'TUN' or 'TAP' * New feature: --management-external-key - to provide access to the encryption keys via the management interface * New feature: --x509-track option, more fine grained access to X.509 fields in scripts and plug-ins * New feature: --client-nat support * New feature: --mark which can mark encrypted packets from the tunnel, suitable for more advanced routing and firewalling * New feature: --management-query-proxy - manage proxy settings via the management interface (supercedes --http-proxy-fallback) * New feature: --stale-routes-check, which cleans up the internal routing table * New feature: --x509-username-field, where other X.509v3 fields can be used for the authentication instead of Common Name * Improved client-kill management interface command * Improved UTF-8 support - and added --compat-names to provide backwards compatibility with older scripts/plug-ins * Improved auth-pam with COMMONNAME support, passing the certificate's common name in the PAM conversation * More options can now be used inside blocks * Completely new build system, enabling easier cross-compilation and Windows builds * Much of the code has been better documented * Many documentation updates * Plenty of bug fixes and other code clean-ups - Add systemd native support for OpenSUSE > 12.1 - Adapt patchs to upstream release: * openvpn-2.1-plugin-man.dif > openvpn-2.3-plugin-man.dif * openvpn-2.1.0-man-dot.diff > openvpn-2.3.0-man-dot.diff - Remove obsolete patchs; fixed or merged on upstream release: * 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch * openvpn-2.1-plugin-build.dif * openvpn-2.1-systemd-passwd.patch - Rebase specfile to upstream changes: * easy-rsa is not provided anymore with main package * remove %clean section * autoreconf -fi is no needed - Update openvpn.keyring file for upstream release asc key- Join openvpn.service systemd cgroup in start when needed, e.g. when starting with further parameters. (bnc#781106)- Verify GPG signature.- fix ciaran's previous license entry. the license has a SUSE prefix- Fixed openvpn init script to not map reopen to reload so the reopen code is without any effect (bnc#781106). - Added requested OPENVPN_AUTOSTART variable allowing to provide an optional list of config names started by default (bnc#692440).- license update: GPL-2.0-with-openssl-exception and LGPL-2.1 openssl has an openssl exception (also, it is GPL-2.0 only)- Fixed SLES build readding Group tags to sub-packages in spec, not require libselinux-devel on SLE-10 and datadir/doc cleanup.- Updated to openvpn-2.2.2: - Warn once, that IPv6 in tun mode is not supported in OpenVPN 2.2 - Pkcs11 support built into the Windows version - Fixed a bug in the Windows TAP-driver- Fix source URLs.- add automake as buildrequire to avoid implicit dependency- Marked /var/run/openvpn as ghost (bnc#710270), man page and other rpmlint warning fixes- BuildRequires libselinux-devel - Use SSL_MODE_RELEASE_BUFFERS to keep memory usage low, sent upstream as https://community.openvpn.net/openvpn/ticket/157- Add openvpn-2.1-systemd-passwd.patch / modify openvpn.init to support systemd password query (bnc#675406)- Updated to openvpn-2.2.1, a new version series providing several new features. This version fixes build issues and provides updated easy-rsa for OpenSSL 1.0.0 (fixes Trac ticket #125), - Adopted spec file, enabled saving password in a file and to specify an alternative username in x509 cert. - Removed X-Interactive from init script again, as systemd isn't able to use it correctly [any more?] (bnc#675406). We will address it later and probably use /bin/systemd-ask-password.- KVPNC is unable to parse openvpn version [bnc#679153]- Added X-Interactive: true LSB tag to the init script.- Updated to openvpn 2.1.4, providing several bug fixes and improvements, such as: * Fix of a problem with special case route targets * Try to ensure, that the tun/tap interface gets closed on non-graceful aborts. * Several AUTH_FAILED reporting fixes causing the connection to fail without any error indication. * Enable exponential backoff in reliability layer retransmits. * Proxy improvements Please review the ChangeLog file for a complete and exact list.- Do not include build date in binaries- Improved netconfig based client up and down sample scripts.- Added netconfig based client up and down scripts to samples.- Updated to openvpn 2.1.1; linux related changes since 2.1_rc20: * Fixed a couple issues in sample plugins auth-pam.c and down-root.c. (1) Fail gracefully rather than segfault if calloc returns NULL. (2) The openvpn_plugin_abort_v1 function can potentially be called with handle == NULL. Add code to detect this case, and if so, avoid dereferencing pointers derived from handle (Thanks to David Sommerseth for finding this bug). * Documented "multihome" option in the man page. * Added a hard failure when peer provides a certificate chain with depth > 16. Previously, a warning was issued. * Added additional session renegotiation hardening. OpenVPN has always required that mid-session renegotiations build up a new SSL/TLS session from scratch. While the client certificate common name is already locked against changes in mid-session TLS renegotiations, we now extend this locking to the auth-user-pass username as well as all certificate content in the full client certificate chain. - Improved openvpn init script adding messages giving a hint about pid write failure and to look into the log messages (bnc#559041). - Added -fno-strict-aliasing to compile flags in the spec file.- Updated to openvpn 2.1 2.1_rc20, fixing problems in route and option handling provided by the from server (bnc#552440). For complete list of changes, see ChangeLog file, here just the IMO most important: * Fixed a bug introduced in 2.1_rc17 (svn r4436) where using the redirect-gateway option by itself, without any extra parameters, would cause the option to be ignored. * Optimized PUSH_REQUEST handshake sequence to shave several seconds off of a typical client connection initiation. * The maximum number of "route" directives (specified in the config file or pulled from a server) can now be configured via the new "max-routes" directive. * Eliminated the limitation on the number of options that can be pushed to clients, including routes. Previously, all pushed options needed to fit within a 1024 byte options string. * Added --server-poll-timeout option : when polling possible remote servers to connect to in a round-robin fashion, spend no more than n seconds waiting for a response before trying the next server. * Added the ability for the server to provide a custom reason string when an AUTH_FAILED message is returned to the client. This string can be set by the server-side managment interface and read by the client-side management interface. * client-kill management interface command, when issued on server, will now send a RESTART message to client. This feature is intended to make UDP clients respond the same as TCP clients in the case where the server issues a RESTART message in order to force the client to reconnect and pull a new options/route list.- Added network-remotefs to init script dependencies (bnc#522279).- Updated to openvpn 2.1 [2.1_rc18] series (fate#305289). - Enabled pkcs11-helper for openSUSE > 10.3 (bnc#487558). - Adopted spec file and patches, improved init script. - Disabled installation of easy-rsa for Windows.lamb69 14984743752.3.8-12.12.3.8-12.1openvpnpluginsopenvpn-plugin-auth-pam.so/usr/lib64//usr/lib64/openvpn//usr/lib64/openvpn/plugins/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Leap:42.3/standard/7d2cdf85493178b9cca9510646b4df0e-openvpncpiolzma5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=749e72e46d76410ac105ec166cfd46f4408e48a5, strippedPRRRRRRRǠEML^؍9H"?`] crt:bLLDmy ~ hQ tI]֔ ס5. |Sj#FlrZʕj-I4AoE}]KL `a.1 !mI:Lf%RQcz-aqa=0!D9U*cd@CBT޾m7Rh;PV4t )汲>u,Q穏q`.|uNOR{4pno-&=)&X#\lF AcOV0^=9,kV;3#E2({SKAHEiw1,OXW9ƞpr%}C"x(BLվpQVXJf{uӭ>Cg#lB!MA 5Zh٥R\CMT'ټkR ;#9{eVEdS;J]#Ⱅ =쇆Cl" &g+ :p,1佨^?Nc9DB]mANH:G!Jl<ƔI7̏*#Q+Y>܈?'(@>sl{kXޣ_s3g0K$x ^7&|UD~yH 2rW<Uŧ(?3*hWf0HCGh((+YY Jl-ji$_;:I?5`wdDNX=KM@Z錄INgϥō;ARZt[~Z=e8Q>,aʫ6嶎: -x`e>IG o)$6N&6hψ/)ϙ%G"6^?!ֽf|UxM/ls'nӚ$U-1(03o'{ M~Gl7bgyM -$ZjW~Z.P4Goyp %'iw&U(ڶgeS0Vw8\r!Ze0I{~IMN {qw JNHr77(y o/&t'-#z6bMN'{"Q[ U\<9j?"7вx[Z ?K-eG07̦4;_ZOعƆ)_+'f[a1yBKDVDmU/7"q ]Co=OWQK*dv2jyq`J`?5Cg<}iqLЋń{MFfNSW@AuUqISqLw C6)0(VΙx%9,<9'u*0#f$;3~DIUə[UvlPԉxTꤏOp=VBFAgOzcӥ.l5يyLogaҜLFr&rU nb 0⏉: `dL۫7Ԉ~m hX1KGzgXsϋ+c O5WYpeR7D}nǕ#UO/Kgu h965KI>)8iﬕRipf+\=&aC::Lo)mT.R4xr#JLGjۥkWl2W%I }˙-/ |5w.8Esi˯eYEt|jNʦk]Po1q@񹱟 j-$H}=}wy ̑!WUlPb GfV%p.O-m0ZNH`@! OP kR7jFR4XuLO]4P1 ֲȱU] <| w lLQkܝnfͤLS `3ʞ?Ws[b9 ;l$| O HJFeO:EGTY8#GQdDuĄSS2$)wvRA'ggsh {ڤAS)!JzIDxWQ2 _'lVq*)iv;FWÿ}L-&Ύ3}w)XQQoF+G~C KP_H?lؐ۩;5vѺFt5)>`}D'\A-;"hY?q% bƓ ׀pU9*MRޝ%7qr9N4Xs)6 E*~I^|/MW$tÄxR Tg\aDS_>.D_3wL4q'\fH9F5o+1_[{w`ir(Rھ8ߨ[ t3܅lX_t#L%Gȣ]Æ*!oA$: ?aar1/B:)`·>Ti( ($ɵ81Uc~*8G»2FCpˁ2_H1 -4Z-)=<;l$#!63zI ljQ"VQZEŵm }huC=dԬҪP'DԹ.:CP%w#qFK΀ i =^5LDk%&ݯ3uߛeSw>ΓE^F bSx j7nE &D0Xfge0L,\Irl}g~טL~^۽܎5R$Av] @Ҭgu!K}Jgo@o\% Znd w}%pH  ˿.8YRyZ:,p0>$I)$-.~W Nq$34Yɜn>T0FRPhh{^o3e@"7a0 ep:ϠJ#~`y~-{=V E,x.XdW}~J~%LͨhU2, QږIOT1S`Wɼў,|/'|Sezi-4i`3k+b'[)1ypƤ`Zʧ1= k#/|w_Ѥz=DJq`:8g4ۮ-ΧHZYv-EG0S^8Q oLrJNuJ!`r`KZcE1&N@Ahن2j~#@ N?nj2 GD`N{/a ٳ顺ϳHT3L6~,N8~n3oGg=̘AZ?v3"9ÁM,)1CnGjMaZB!>3zE;ҲC.urFXOa!A^ԃ-6+XTF!EDW",$3fH~[6?ĺ i{A&; c=(0\-,s*@gGsLDZu]gdT=??!`Qgs1GHF#^lzq 0Y`V-I6=!n_lvQtZ?U307'@oqn1wЩV !3 Y3EX?nuhg:q)OY\ /-VZK> \=ǧ mD gvHы_ h`| o;|:>}!IY?wC`l Š.WK;ZۉWXXo-{]!E-[nj2?͟ߎȤ9W9