openvpn-down-root-plugin-2.3.8-14.1>t  DH`pY/=„{'12 {Zl=a,¨z:?1rv\pG.fqz2s[oȸ<YJ#pN5[hO%ȹy7m[D楋}m}uü01VcpD8w8`^ntL; |$O'Y2[5hA HAl'{d VNט SlA{|Yvo휪GvhG'NMiKde6a1d80a6b61166e06535b0f9262f39dfcf4409cY/=„K_(}":;|M.@ZmFӦd ` ~䆨"rul&`-(Cr@7M܆`3@U 8xYC4 5}=X]fo~Vb?܄9rrg1fN*_p]vs ?T=C4`Xǹ]U &_a4H`Rl1?K >XG\g\?t oTs=ʝI~˸:V-+$>:P?Pd! & ?dhtx  , 2 8 D g lx <(8 ,9,::,FNGNHN(IN4XN8YND\N\]Nh^NbNcOYdOeOfOlOuPvPwPxPyPzPCopenvpn-down-root-plugin2.3.814.1OpenVPN down-root pluginThe OpenVPN down-root plugin allows an OpenVPN configuration to call a down script with root privileges, even when privileges have been dropped using --user/--group/--chroot. This module uses a split privilege execution model which will fork() before OpenVPN drops root privileges, at the point where the --up script is usually called. The plugin will then remain in a wait state until it receives a message from OpenVPN via pipe to execute the down script. Thus, the down script will be run in the same execution environment as the up script.Ycloud127(openSUSE Leap 42.3openSUSESUSE-GPL-2.0-with-openssl-exception and LGPL-2.1http://bugs.opensuse.orgProductivity/Networking/Securityhttp://openvpn.net/linuxx86_64(AAYYYfead0b9cb6ec07e21a03f20169b6d781rootrootrootrootrootrootopenvpn-2.3.8-14.1.src.rpmopenvpn-down-root-pluginopenvpn-down-root-plugin(x86-64)openvpn-plugin-down-root.so()(64bit)@@@   libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)openvpnrpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)2.3.83.0.4-14.0-14.4.6-14.11.2Yܶ@YI@Y@X@XV&@U@ŬUU'T|X@R&RΏ@R fallout. - Permit pool size of /64.../112 for ifconfig-ipv6-pool - Add MIN() compatibility macro - Fix directly connected routes for "topology subnet" on Solaris. - close more file descriptors on exec - Ignore UTF-8 byte order mark - reintroduce --no-name-remapping option - make --tls-remote compatible with pre 2.3 configs - add new option for X.509 name verification - add man page patch for missing options - Fix parameter listing in non-debug builds at verb 4 - (updated) [PATCH] Warn when using verb levels >=7 without debug - Enable TCP_NODELAY configuration on FreeBSD. - Updated README - Cleaned up and updated INSTALL - PolarSSL-1.2 support - Improve PolarSSL key_state_read_{cipher, plain}text messages - Improve verify_callback messages - Config compatibility patch. Added translate_cipher_name. - Switch to IANA names for TLS ciphers. - Fixed autoconf script to properly detect missing pkcs11 with polarssl. - Use constant time memcmp when comparing HMACs in openvpn_decrypt.- Try to migrate openvpn.service autostart to openvpn@.service instance enablement.- Fixed to enable systemd support in configure - Fixed openvpn-tmpfile.conf to use GID root, there is no openvpn group. - Added openvpn.target file allowing to handle all instances at once. - Fixed to install the service template correctly as openvpn@.service. Use "systemctl enable openvpn@foo.service" to enable instance using /etc/openvpn/foo.conf. - Disabled systemd variant of restart on update rpm macro, adopted other macros to use openvpn.target to e.g. stop all instances on uninstall.- Remove _unitdir definition, it is provided by systemd. - Install service file without x permissionsUpdate to version 2.3.0: * Full IPv6 support * SSL layer modularised, enabling easier implementation for other SSL libraries * PolarSSL support as a drop-in replacement for OpenSSL * New plug-in API providing direct certificate access, improved logging API and easier to extend in the future * Added 'dev_type' environment variable to scripts and plug-ins - which is set to 'TUN' or 'TAP' * New feature: --management-external-key - to provide access to the encryption keys via the management interface * New feature: --x509-track option, more fine grained access to X.509 fields in scripts and plug-ins * New feature: --client-nat support * New feature: --mark which can mark encrypted packets from the tunnel, suitable for more advanced routing and firewalling * New feature: --management-query-proxy - manage proxy settings via the management interface (supercedes --http-proxy-fallback) * New feature: --stale-routes-check, which cleans up the internal routing table * New feature: --x509-username-field, where other X.509v3 fields can be used for the authentication instead of Common Name * Improved client-kill management interface command * Improved UTF-8 support - and added --compat-names to provide backwards compatibility with older scripts/plug-ins * Improved auth-pam with COMMONNAME support, passing the certificate's common name in the PAM conversation * More options can now be used inside blocks * Completely new build system, enabling easier cross-compilation and Windows builds * Much of the code has been better documented * Many documentation updates * Plenty of bug fixes and other code clean-ups - Add systemd native support for OpenSUSE > 12.1 - Adapt patchs to upstream release: * openvpn-2.1-plugin-man.dif > openvpn-2.3-plugin-man.dif * openvpn-2.1.0-man-dot.diff > openvpn-2.3.0-man-dot.diff - Remove obsolete patchs; fixed or merged on upstream release: * 0001-Use-SSL_MODE_RELEASE_BUFFERS-if-available.patch * openvpn-2.1-plugin-build.dif * openvpn-2.1-systemd-passwd.patch - Rebase specfile to upstream changes: * easy-rsa is not provided anymore with main package * remove %clean section * autoreconf -fi is no needed - Update openvpn.keyring file for upstream release asc key- Join openvpn.service systemd cgroup in start when needed, e.g. when starting with further parameters. (bnc#781106)- Verify GPG signature.- fix ciaran's previous license entry. the license has a SUSE prefix- Fixed openvpn init script to not map reopen to reload so the reopen code is without any effect (bnc#781106). - Added requested OPENVPN_AUTOSTART variable allowing to provide an optional list of config names started by default (bnc#692440).- license update: GPL-2.0-with-openssl-exception and LGPL-2.1 openssl has an openssl exception (also, it is GPL-2.0 only)- Fixed SLES build readding Group tags to sub-packages in spec, not require libselinux-devel on SLE-10 and datadir/doc cleanup.- Updated to openvpn-2.2.2: - Warn once, that IPv6 in tun mode is not supported in OpenVPN 2.2 - Pkcs11 support built into the Windows version - Fixed a bug in the Windows TAP-driver- Fix source URLs.- add automake as buildrequire to avoid implicit dependency- Marked /var/run/openvpn as ghost (bnc#710270), man page and other rpmlint warning fixes- BuildRequires libselinux-devel - Use SSL_MODE_RELEASE_BUFFERS to keep memory usage low, sent upstream as https://community.openvpn.net/openvpn/ticket/157- Add openvpn-2.1-systemd-passwd.patch / modify openvpn.init to support systemd password query (bnc#675406)- Updated to openvpn-2.2.1, a new version series providing several new features. This version fixes build issues and provides updated easy-rsa for OpenSSL 1.0.0 (fixes Trac ticket #125), - Adopted spec file, enabled saving password in a file and to specify an alternative username in x509 cert. - Removed X-Interactive from init script again, as systemd isn't able to use it correctly [any more?] (bnc#675406). We will address it later and probably use /bin/systemd-ask-password.- KVPNC is unable to parse openvpn version [bnc#679153]- Added X-Interactive: true LSB tag to the init script.- Updated to openvpn 2.1.4, providing several bug fixes and improvements, such as: * Fix of a problem with special case route targets * Try to ensure, that the tun/tap interface gets closed on non-graceful aborts. * Several AUTH_FAILED reporting fixes causing the connection to fail without any error indication. * Enable exponential backoff in reliability layer retransmits. * Proxy improvements Please review the ChangeLog file for a complete and exact list.- Do not include build date in binaries- Improved netconfig based client up and down sample scripts.- Added netconfig based client up and down scripts to samples.- Updated to openvpn 2.1.1; linux related changes since 2.1_rc20: * Fixed a couple issues in sample plugins auth-pam.c and down-root.c. (1) Fail gracefully rather than segfault if calloc returns NULL. (2) The openvpn_plugin_abort_v1 function can potentially be called with handle == NULL. Add code to detect this case, and if so, avoid dereferencing pointers derived from handle (Thanks to David Sommerseth for finding this bug). * Documented "multihome" option in the man page. * Added a hard failure when peer provides a certificate chain with depth > 16. Previously, a warning was issued. * Added additional session renegotiation hardening. OpenVPN has always required that mid-session renegotiations build up a new SSL/TLS session from scratch. While the client certificate common name is already locked against changes in mid-session TLS renegotiations, we now extend this locking to the auth-user-pass username as well as all certificate content in the full client certificate chain. - Improved openvpn init script adding messages giving a hint about pid write failure and to look into the log messages (bnc#559041). - Added -fno-strict-aliasing to compile flags in the spec file.- Updated to openvpn 2.1 2.1_rc20, fixing problems in route and option handling provided by the from server (bnc#552440). For complete list of changes, see ChangeLog file, here just the IMO most important: * Fixed a bug introduced in 2.1_rc17 (svn r4436) where using the redirect-gateway option by itself, without any extra parameters, would cause the option to be ignored. * Optimized PUSH_REQUEST handshake sequence to shave several seconds off of a typical client connection initiation. * The maximum number of "route" directives (specified in the config file or pulled from a server) can now be configured via the new "max-routes" directive. * Eliminated the limitation on the number of options that can be pushed to clients, including routes. Previously, all pushed options needed to fit within a 1024 byte options string. * Added --server-poll-timeout option : when polling possible remote servers to connect to in a round-robin fashion, spend no more than n seconds waiting for a response before trying the next server. * Added the ability for the server to provide a custom reason string when an AUTH_FAILED message is returned to the client. This string can be set by the server-side managment interface and read by the client-side management interface. * client-kill management interface command, when issued on server, will now send a RESTART message to client. This feature is intended to make UDP clients respond the same as TCP clients in the case where the server issues a RESTART message in order to force the client to reconnect and pull a new options/route list.- Added network-remotefs to init script dependencies (bnc#522279).- Updated to openvpn 2.1 [2.1_rc18] series (fate#305289). - Enabled pkcs11-helper for openSUSE > 10.3 (bnc#487558). - Adopted spec file and patches, improved init script. - Disabled installation of easy-rsa for Windows.cloud127 15088400782.3.8-14.12.3.8-14.1openvpnpluginsopenvpn-plugin-down-root.so/usr/lib64//usr/lib64/openvpn//usr/lib64/openvpn/plugins/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Maintenance:7411/openSUSE_Leap_42.3_Update/607938a45a07ccb3299536d8e3148f6b-openvpn.openSUSE_Leap_42.3_Updatecpiolzma5x86_64-suse-linuxdirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5bed2f67f99e77c48c97024e4fe88ed2d00b052f, strippedPRRRzhh؟ C{&'cBz++U\go+|DlWs[ .F ˲l}@J>s $5>>Ild)(ΊT<8f&)?$3rkqNxaB1 8ORhTDrZ*pd/F[A6SJ(!C"X P[M|=ug o^-?)*yMxHAa{䕄NQLQpdǍD4.0'5<3A:=bZXkhu$ 2k{"s6 BNxӯ ;&Hz(X=ȗS]z5)$)]:`>gV0f ZCF1 ؔ[+eXwsYj/.j s;>kyā9U&R: }PO${] Y {tD&bs=ܟ 1S,Q5#-?l}>U#HlP w$:e%. 5@?ABY HD"A90UyddTt̻q@3؈+};% dadF~v(ho"D(%:gU)0=8 SxXΫI\;,a=✃inmpJKނKU=dr2;V+[] 0D:ܜS| C9 ~c]Q, u] D)&GDqj8daZyGlfl`zM_8TyvÎ?dW* h՞ak&vtZ8|m+n2L[C<`DR$fg6Eq̃KU(s|Hj#SHZ58h˻d-wjWrY" wF=6a7KLcPڢ2 >$N"aP [4->+bUJ~t(Z]Iyԩ%cm>E"n#p.T8\nLtAC7`[ ~@k vA5bީh(\ )lPm:E̗?"xY#UNs!Cg9&)! @E$6|]!s䓋YW@ 6|amCUdU:o^FGGڽwKm GdѾp'ۅY߱!A2+Q S!;YӋ =V g3' 8i`GRwg P]dʡ_k%A*M~ A`/'oEax`(bB=ໃheH[7r:#!L|cD8x +TfK93ǎar,/zKTFO+;ߑ;ͲAѓWWR 8=]S t+D(<,}Bw? } Q:^V%A8j-!A,C5h}ngds2Ć(B-Q@{ pb1 s>g _})M5WuŢ2` Oͳ z)'y=;1Ւ&LIԖ͊jUwg svBJ<ЫyQ-FLٛDmwJX~M\)g}"{C;Hh+K GG;SJP1%rze'$8Rw +UL}sKm;"%,wRϐN\<`GCY\;-ǝWxqw `7-xQ텙Qa:? ѫnnr|DhM,vBy\SO&{ފĻ]8*#xL^Bvn9w͟u v~Ԕ% /RdURvHZsT8#'mHEl*|[Ӳbs€jq3welΦE VY~PsAi84zakhW<̐s0E<5. '%'&?r07hVݱnr14qŧ`>PPWCӜmf1DWHu w's lbB@Vu?o غ@cWAEd6 u:z!mǥd|鴖zmhFMhin+s%`-Ae'ohCI_ij| Xe%Nbu+`ǽ?"œ} $)eDòĢef޵l&s%N,0k E3F9NSrOR'kj.2sȇvGdiQc1$烈*ЗsO^kD=+g/kXD$L:>'RS2 H߲vwABFpk@y^2]2Kd