main inclusion report

> Yes, some scripts will require review. For example "db_input medium openvpn/create_tun" does not apply to Ubuntu as we use udev."

could this be checked/changed before we promote the package (unsure how we did handle these things in the past)?

> Several bugs that need to be addressed.

please file these and target them for a milestone.

Upstream currently is at 2.1rc7; please consider updating the package and following upstream until the final release.

OpenVPN
Copyright (C) 2002-2005 OpenVPN Solutions LLC <email address hidden>

$Id: ChangeLog 2702 2008-01-30 00:37:54Z james $

2008.01.29 -- Version 2.1_rc7

* Added a few extra files that exist in the svn repo but were
  not being copied into the tarball by make dist.

* Fixup null interface on close, don't use ip addr flush (Alon Bar-Lev).

2008.01.24 -- Version 2.1_rc6

* Fixed options checking bug introduced in rc5 where legitimate configuration
  files might elicit the error: "Options error: Parameter pkcs11_private_mode
  can only be specified in TLS-mode, i.e. where --tls-server or --tls-client
  is also specified."

2008.01.23 -- Version 2.1_rc5

* Fixed Win2K TAP driver bug that was introduced by Vista fixes,
  incremented driver version to 9.4.

* Windows build system changes:

  Incremented included OpenSSL version to openssl-0.9.7m.

  Updated openssl.patch for openssl-0.9.7m and added some
  brief usage comments to the head of the patch.

  Added build-pkcs11-helper.sh for building the pkcs11-helper
  library.

  Integrated inclusion of pkcs11-helper into Windows build
  system.

  Upgraded TAP build scripts to use WDK 6001.17121
  (Windows 2008 Server pre-RTM).

* Windows installer changes:

  Clean up the start menu folder.

  Allow for a site-specific sample configuration file and keys
  to be included in a custom installer (see SAMPCONF macros
  in settings.in).

  New icon (temporary).

* Added "forget-passwords" command to the management interface
  (Alon Bar-Lev).

* Added --management-signal option to signal SIGUSR1 when the
  management interface disconnects (Alon Bar-Lev).

* Modified command line and config file parser to allow
  quoted strings using single quotes ('') (Alon Bar-Lev).

* Use pkcs11-helper as external library, can be downloaded from
  https://www.opensc-project.org/pkcs11-helper (Alon Bar-Lev).

* Fixed interim memory growth issue in TCP connect loop where
  "TCP: connect to %s failed, will try again in %d seconds: %s"
  is output.

* Fixed bug in epoll driver in event.c, where the lack of a
  handler for EPOLLHUP could cause 99% CPU usage.

* Defined ALLOW_NON_CBC_CIPHERS for people who don't
  want to use a CBC cipher for OpenVPN's data channel.

* Added PLUGIN_LIBDIR preprocessor string to prepend a default
  plugin directory to the dlopen search list when the user
  specifies the basename of the plugin only (Marius Tomaschewski).

* Rewrote extract_x509_field and modified COMMON_NAME_CHAR_CLASS
  to allow forward slash characters ("/") in the X509 common name
  (Pavel Shramov).

* Allow OpenVPN to run completely unprivileged under Linux
  by allowing openvpn ...

I have updated openvpn to rc7 and have removed the tun creation. It should be ok now for main.

chuck

Please LSBify the init script. Package looks ok otherwise. It already has some bug reports in Ubuntu, and quite some in Debian, so we need an actual maintainer in Ubuntu. Does the server team commit to this?

Once init script is fixed, it can be promoted to main (post FF, too, since this is just a bug).

I have updated the init script.

Yes as far as I know the server team will be maintaining openvpn since its apart of the ServerPackageReview spec.

chuck

2.1~rc7-1ubuntu2 still primarily uses echo in the init script. Please fix it harder. :-)

Meh...should be ok now

Approved and promoted. Please seed it to somewhere.