diff --git a/0001-reneg-sec.patch b/0001-reneg-sec.patch new file mode 100644 index 0000000..13c8e2b --- /dev/null +++ b/0001-reneg-sec.patch @@ -0,0 +1,49 @@ +From 5124acb300405946602b4ff048bf7499e6d82347 Mon Sep 17 00:00:00 2001 +From: Thomas Haller +Date: Wed, 27 May 2015 10:47:49 +0200 +Subject: [PATCH 1/1] service: only set reneg-sec option in TLS mode + +Fixes: bfc4464c9b6d7a00be013eee9a4132a1f9c6fbb9 + +https://bugzilla.gnome.org/show_bug.cgi?id=749050 +https://bugzilla.redhat.com/show_bug.cgi?id=1225218 + +(cherry picked from commit 0fd197dc4221708dd37ee256952e8d080356676e) +--- + src/nm-openvpn-service.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c +index 7cb9438..0a4d5bf 100644 +--- a/src/nm-openvpn-service.c ++++ b/src/nm-openvpn-service.c +@@ -733,6 +733,14 @@ validate_connection_type (const char *ctype) + return NULL; + } + ++static gboolean ++connection_type_is_tls_mode (const char *connection_type) ++{ ++ return strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS) == 0 ++ || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD) == 0 ++ || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS) == 0; ++} ++ + static const char * + nm_find_openvpn (void) + { +@@ -1108,7 +1116,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, + + /* Reneg seconds */ + tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS); +- if (tmp && strlen (tmp)) { ++ if (!connection_type_is_tls_mode (connection_type)) { ++ /* Ignore --reneg-sec option if we are not in TLS mode (as enabled ++ * by --client below). openvpn will error out otherwise, see bgo#749050. */ ++ } else if (tmp && strlen (tmp)) { + add_openvpn_arg (args, "--reneg-sec"); + if (!add_openvpn_arg_int (args, tmp)) { + g_set_error (error, +-- +2.1.0 + diff --git a/NetworkManager-openvpn.spec b/NetworkManager-openvpn.spec index a22fc73..0dcb3df 100644 --- a/NetworkManager-openvpn.spec +++ b/NetworkManager-openvpn.spec @@ -5,7 +5,7 @@ Summary: NetworkManager VPN plugin for OpenVPN Name: NetworkManager-openvpn Epoch: 1 Version: 1.0.2 -Release: 1%{?snapshot}%{?dist} +Release: 2%{?snapshot}%{?dist} License: GPLv2+ URL: http://www.gnome.org/projects/NetworkManager/ Group: System Environment/Base @@ -16,6 +16,8 @@ Group: System Environment/Base # mv NetworkManager-openvpn-0.9.9.0.tar.bz2 NetworkManager-openvpn-0.9.9.0-5afb8eb.tar.bz2 Source0: http://ftp.gnome.org/pub/GNOME/sources/%{name}/1.0/%{name}-%{version}%{?commit:-%{commit}}.tar.xz +Patch0: 0001-reneg-sec.patch + BuildRequires: gtk3-devel BuildRequires: dbus-devel BuildRequires: NetworkManager-devel @@ -58,6 +60,7 @@ the OpenVPN server with NetworkManager (GNOME files). %prep %setup -q -n %{name}-%{version} +%patch0 -p1 -b .0001-reneg-sec.orig %build if [ ! -f configure ]; then @@ -95,6 +98,9 @@ rm -f %{buildroot}%{_libdir}/NetworkManager/lib*.la %{_datadir}/gnome-vpn-properties/openvpn/nm-openvpn-dialog.ui %changelog +* Thu May 28 2015 Thomas Haller - 1:1.0.2-2 +- core: fix static-key connections failure due to reneg-sec (rh #1225218) + * Tue May 5 2015 Lubomir Rintel - 1:1.0.2-1 - Update to 1.0.2 release