openvpn-auth-pam-plugin-2.3.8-14.1>t  DH`pY/=„ EYx(_F6  ꑍ#^bTA=&rdOgjA}y5t)h%}pl!r/unka~|CU=v37+߽8C$Tٻ]R~f"'!gXzyYyehMYP7wƃ-TMw_`uJuR_8F:2"+0WCW:ޡzK:jABM֏;X/#"m rR2o^uv駟۵wB0@a4a363e9eb53cfdba21749ae3348dcec47a2bf45kY/=„62 *y]V dι&ʃ0jUHGIQj} %Ad,Ɨ>uSrUT;x[U/@; 6@PE_L۷GJ'4XZaxXGsmqWs41LC e}Wºتޤn"ҟ5y=Ci WW/eA0b! X*b. |a9])BމD + r9`ϡ 8;|>:Qp?Q`d  % =TXdh{   " ( 4 W \hw 8 L (o8x,9(,:,FNtGNHNINXNYN\N]N^NbO;cOdPTePYfP^lP`uPtvPwQxQ$yQ0zQPCopenvpn-auth-pam-plugin2.3.814.1OpenVPN auth-pam pluginThe OpenVPN auth-pam plugin implements username/password authentication via PAM, and essentially allows any authentication method supported by PAM (such as LDAP, RADIUS, or Linux Shadow passwords) to be used with OpenVPN. While PAM supports username/password authentication, this can be combined with X509 certificates to provide two indepedent levels of authentication. This plugin uses a split privilege execution model which will function even if you drop openvpn daemon privileges using the user, group, or chroot directives.Ycloud1279HopenSUSE Leap 42.3openSUSESUSE-GPL-2.0-with-openssl-exception and LGPL-2.1http://bugs.opensuse.orgProductivity/Networking/Securityhttp://openvpn.net/linuxx86_649HAAYYY7df1da56edd8644212fc80710cabbd87rootrootrootrootrootrootopenvpn-2.3.8-14.1.src.rpmopenvpn-auth-pam-pluginopenvpn-auth-pam-plugin(x86-64)openvpn-plugin-auth-pam.so()(64bit)@@@@@@@   libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)openvpnrpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)2.3.83.0.4-14.0-14.4.6-14.11.2Yܶ@YI@Y@X@XV&@U@ŬUU'T|X@R&RΏ@R fallout. - Permit pool size of /64.../112 for ifconfig-ipv6-pool - Add MIN() compatibility macro - Fix directly connected routes for "topology subnet" on Solaris. - close more file descriptors on exec - Ignore UTF-8 byte order mark - reintroduce --no-name-remapping option - make --tls-remote compatible with pre 2.3 configs - add new option for X.509 name verification - add man page patch for missing options - Fix parameter listing in non-debug builds at verb 4 - (updated) [PATCH] Warn when using verb levels >=7 without debug - Enable TCP_NODELAY configuration on FreeBSD. - Updated README - Cleaned up and updated INSTALL - PolarSSL-1.2 support - Improve PolarSSL key_state_read_{cipher, plain}text messages - Improve verify_callback messages - Config compatibility patch. Added translate_cipher_name. - Switch to IANA names for TLS ciphers. - Fixed autoconf script to properly detect missing pkcs11 with polarssl. - Use constant time memcmp when comparing HMACs in openvpn_decrypt.- Try to migrate openvpn.service autostart to openvpn@.service instance enablement.- Fixed to enable systemd support in configure - Fixed openvpn-tmpfile.conf to use GID root, there is no openvpn group. - Added openvpn.target file allowing to handle all instances at once. - Fixed to install the service template correctly as openvpn@.service. Use "systemctl enable openvpn@foo.service" to enable instance using /etc/openvpn/foo.conf. - Disabled systemd variant of restart on update rpm macro, adopted other macros to use openvpn.target to e.g. stop all instances on uninstall.- Remove _unitdir definition, it is provided by systemd. - Install service file without x permissionsUpdate to version 2.3.0: * Full IPv6 support * SSL layer modularised, enabling easier implementation for other SSL libraries * PolarSSL support as a drop-in replacement for OpenSSL * New plug-in API providing direct certificate access, improved logging API and easier to extend in the future * Added 'dev_type' environment variable to scripts and plug-ins - which is set to 'TUN' or 'TAP' * New feature: --management-external-key - to provide access to the encryption keys via the management interface * New feature: --x509-track option, more fine grained access to X.509 fields in scripts and plug-ins * New feature: --client-nat support * New feature: --mark which can mark encrypted packets from the tunnel, suitable for more advanced routing and firewalling * New feature: --management-query-proxy - manage proxy settings via the management interface (supercedes --http-proxy-fallback) * New feature: --stale-routes-check, which cleans up the internal routing table * New feature: --x509-username-field, where other X.509v3 fields can be used for the authentication instead of Common Name * Improved client-kill management interface command * Improved UTF-8 support - and added --compat-names to provide backwards compatibility with older scripts/plug-ins * Improved auth-pam with COMMONNAME support, passing the certificate's common name in the PAM conversation * More options can now be used inside blocks * Completely new build system, enabling easier cross-compilation and Windows builds * Much of the code has been better documented * Many documentation updates * Plenty of bug fixes and other code clean-ups - Add systemd native support for OpenSUSE > 12.1 - Adapt patchs to upstream release: * openvpn-2.1-plugin-man.dif > openvpn-2.3-plugin-man.dif * openvpn-2.1.0-man-dot.diff > openvpn-2.3.0-man-dot.diff - Remove obsolete patchs; fixed or merged on upstream release: * 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch * openvpn-2.1-plugin-build.dif * openvpn-2.1-systemd-passwd.patch - Rebase specfile to upstream changes: * easy-rsa is not provided anymore with main package * remove %clean section * autoreconf -fi is no needed - Update openvpn.keyring file for upstream release asc key- Join openvpn.service systemd cgroup in start when needed, e.g. when starting with further parameters. (bnc#781106)- Verify GPG signature.- fix ciaran's previous license entry. the license has a SUSE prefix- Fixed openvpn init script to not map reopen to reload so the reopen code is without any effect (bnc#781106). - Added requested OPENVPN_AUTOSTART variable allowing to provide an optional list of config names started by default (bnc#692440).- license update: GPL-2.0-with-openssl-exception and LGPL-2.1 openssl has an openssl exception (also, it is GPL-2.0 only)- Fixed SLES build readding Group tags to sub-packages in spec, not require libselinux-devel on SLE-10 and datadir/doc cleanup.- Updated to openvpn-2.2.2: - Warn once, that IPv6 in tun mode is not supported in OpenVPN 2.2 - Pkcs11 support built into the Windows version - Fixed a bug in the Windows TAP-driver- Fix source URLs.- add automake as buildrequire to avoid implicit dependency- Marked /var/run/openvpn as ghost (bnc#710270), man page and other rpmlint warning fixes- BuildRequires libselinux-devel - Use SSL_MODE_RELEASE_BUFFERS to keep memory usage low, sent upstream as https://community.openvpn.net/openvpn/ticket/157- Add openvpn-2.1-systemd-passwd.patch / modify openvpn.init to support systemd password query (bnc#675406)- Updated to openvpn-2.2.1, a new version series providing several new features. This version fixes build issues and provides updated easy-rsa for OpenSSL 1.0.0 (fixes Trac ticket #125), - Adopted spec file, enabled saving password in a file and to specify an alternative username in x509 cert. - Removed X-Interactive from init script again, as systemd isn't able to use it correctly [any more?] (bnc#675406). We will address it later and probably use /bin/systemd-ask-password.- KVPNC is unable to parse openvpn version [bnc#679153]- Added X-Interactive: true LSB tag to the init script.- Updated to openvpn 2.1.4, providing several bug fixes and improvements, such as: * Fix of a problem with special case route targets * Try to ensure, that the tun/tap interface gets closed on non-graceful aborts. * Several AUTH_FAILED reporting fixes causing the connection to fail without any error indication. * Enable exponential backoff in reliability layer retransmits. * Proxy improvements Please review the ChangeLog file for a complete and exact list.- Do not include build date in binaries- Improved netconfig based client up and down sample scripts.- Added netconfig based client up and down scripts to samples.- Updated to openvpn 2.1.1; linux related changes since 2.1_rc20: * Fixed a couple issues in sample plugins auth-pam.c and down-root.c. (1) Fail gracefully rather than segfault if calloc returns NULL. (2) The openvpn_plugin_abort_v1 function can potentially be called with handle == NULL. Add code to detect this case, and if so, avoid dereferencing pointers derived from handle (Thanks to David Sommerseth for finding this bug). * Documented "multihome" option in the man page. * Added a hard failure when peer provides a certificate chain with depth > 16. Previously, a warning was issued. * Added additional session renegotiation hardening. OpenVPN has always required that mid-session renegotiations build up a new SSL/TLS session from scratch. While the client certificate common name is already locked against changes in mid-session TLS renegotiations, we now extend this locking to the auth-user-pass username as well as all certificate content in the full client certificate chain. - Improved openvpn init script adding messages giving a hint about pid write failure and to look into the log messages (bnc#559041). - Added -fno-strict-aliasing to compile flags in the spec file.- Updated to openvpn 2.1 2.1_rc20, fixing problems in route and option handling provided by the from server (bnc#552440). For complete list of changes, see ChangeLog file, here just the IMO most important: * Fixed a bug introduced in 2.1_rc17 (svn r4436) where using the redirect-gateway option by itself, without any extra parameters, would cause the option to be ignored. * Optimized PUSH_REQUEST handshake sequence to shave several seconds off of a typical client connection initiation. * The maximum number of "route" directives (specified in the config file or pulled from a server) can now be configured via the new "max-routes" directive. * Eliminated the limitation on the number of options that can be pushed to clients, including routes. Previously, all pushed options needed to fit within a 1024 byte options string. * Added --server-poll-timeout option : when polling possible remote servers to connect to in a round-robin fashion, spend no more than n seconds waiting for a response before trying the next server. * Added the ability for the server to provide a custom reason string when an AUTH_FAILED message is returned to the client. This string can be set by the server-side managment interface and read by the client-side management interface. * client-kill management interface command, when issued on server, will now send a RESTART message to client. This feature is intended to make UDP clients respond the same as TCP clients in the case where the server issues a RESTART message in order to force the client to reconnect and pull a new options/route list.- Added network-remotefs to init script dependencies (bnc#522279).- Updated to openvpn 2.1 [2.1_rc18] series (fate#305289). - Enabled pkcs11-helper for openSUSE > 10.3 (bnc#487558). - Adopted spec file and patches, improved init script. - Disabled installation of easy-rsa for Windows.cloud127 15088400782.3.8-14.12.3.8-14.1openvpnpluginsopenvpn-plugin-auth-pam.so/usr/lib64//usr/lib64/openvpn//usr/lib64/openvpn/plugins/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Maintenance:7411/openSUSE_Leap_42.3_Update/607938a45a07ccb3299536d8e3148f6b-openvpn.openSUSE_Leap_42.3_Updatecpiolzma5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=749e72e46d76410ac105ec166cfd46f4408e48a5, strippedPRRRRRRRz 8m/4 H;==J4 *ͽnaT1x8 |Y/0~BA,WJ~p6nY4q˴ J7@}5:|č: 5`\j|م(qe씺ްƹlއ ĚV1`iU54stw]+Ȕ c >'x /_ A=*e%b$Kf l_@8\N`ʐ.C| GG(ؐZi@+$rAѻ6eT4r' jf'(FawGbgT~IU~I/L24K1mŦ":)Oj (_9*^.;uW|}w}tM0\E5 Ĺ@R>p#E[62u|E-&.f ;xΚ1ktbGa3eBbzkaDm2a,7 '{Ps۴OnNC}naVrDٍ'1!pWlʜ$v>|G?Hߔ%UuS#իGUh rF_s YJ})|\UM9RLTTcM<[V*͋eU/,z$2F0[&^|Q&L??R-\:]dd9LMSI K*00p +13YiS ̨ynW 7a KY]K`mT%*WP21z=zC2V`'jAO9VL1s2߁?{eĠؤ`QT tUs\cTvl6CWx<RF"68|PTdq >xb5%еn Rhr<ϑ }B𛧁y=aHeސU*;^a)CN̉shr3žd#qzL:(}\{L@lw=PϰJ (xS?VQUP|u-r"x9M1#w?LT^}Me",UtY5Q$C[in g?/!#J~qv.JP!W BVx'QvCe\~ 6f?nZ@LU)uÍ4^|?=W›u"u[vQ 8j[HSgЭ!8"ARt,Nt]_ϓt4  >>[H|gZ;Z2Kn~Q:Kko/SSi(#D~d [G'_^7cX^FjETVYO5,Q@T6vQgP ~_MUGvgc@{|t)uQ2)YMJ ^VF?a[d ' ' UBUQ]QPcCЇ\Rc\w.??0DC#~δ[B{*FяZQkXnm>s'ydېM ~]31!=H b|KTmsIZR;OX1QkSQcCKD$WNSI*#LF?xq`=scuЄӃB;YoWL ,4đOh22'~Dkrj[aP"&7%6߾Rq"(8_fa4\WMX6LTz`Fjl0M-_6.e; pm~4ՅbGĖf n :U<)Yvɵiq[g/I-Prr ޚ2 ,Ncvސu=ظYj}-.'T̍oUOq1_twd2R?`6ꔥqpAays8[K& qWCu?ATB͝a^da8>smGmeaߥ^Υ.1"žFt f% _"s!n ^tu~9Q3!aae4C6?N<[ =N}zǡ )_G &)[ i βul y$N+n*z7z C2ki0 +; V&E=GEYFAr{9fqoDK!ASu;OӏnDIfN|dž]ZѡPg]S T{P'ׁ?d ¢_M^aԕ)`9r~dp 9vH y PkF\}IlUK{Yb5N+H*%Ag}SR?u!^&'rv*-nǰbQzbtI¤e|.j9 Ko]GOG7}J)QG^SY,nwQ>Q;5{^N w0.T[)NbyrJ,%-0ZXlE~lxxwۤU~&x 2_ښo?ؑBDgy)O .׌/P2oJi ".z4KTRRMՎEJ}'i\I@al`F6ź0VjI]6)CX 1uqdj^D~%FKB5Dk쓡:OST^(ΦV/BT9QM)S<\0 dYU<ngy%KbnAEOVYB7 и7ihgJ@MEճM&4Si,G,O -Ϸtx (;;CC>܆#XdD2=TE^z)r~8D|;`5}ï `0sЫ܌`e981 7D*Hʀek~Akd-ao=e$_<-?\6/*7 ԴX@xufN 8̕8E\eEƽ 4ʖ+]k k{b-8R~JSUQyE yqEK XHT1Xh|ţ֝ -ơki9 튜-4o~&R锐>1"" :h3NʬDgrHL/4I󘝗.Yߊ(CEkLh٩͞"Pu5Rȃ{, >C'"lTrHɢ6Q/Rv !QWXyu" &,Lj-E>3`>+ 3~Xg2874fZN @9Ne5%蔿ȪO!$rى͠齀q.Ӣmj;e9Х~0;ire!*c43L#M`BEG07)Lŷ 6u*#[ǰiH$g9_ Cy Fn^X_8 今6*,O.Lb_SݭYj~oJK{rniZ>)adiFyFc|85sUmBZ* r(f }ʱմ7T hyL N)he7тqô')O;ȇ{ï >C(U㰧\O'o1kK)& &~B63('Hjʦ?vע՘8~.jG!<PYa9k:Y'TE{`< %@:Sgd1T^mR3b_ƾ{g uu55\>'K&),1ZfNt)tjӴ< mq2;_V_mowAa%ՠT)nCVŊ>Vfԙ/bK1MAEG%ASuhH1B!0]TsCh]A <[;qd-pe5ʥ n:iԘ%٬~ÎET׀t(J]Q0{x]' 6{C Vf =K\2n Ijfb^ѡ2hZу5N0kFKzntQD;ÙZ܂gK`Z9OmlXuJ: q oE y$a_>6j8kE4 M,o_Q땍YF}.D=*OFz+"eD*:x.Ic14RoE#?l"9سXf8gXԜ٫4 4jveǧ?s$