Updating to upstream openvpn-2.4.3

- Fix remotely-triggerable ASSERT() on malformed IPv6 packet {CVE-2017-7508} - Prevent two kinds of stack buffer OOB reads and a crash for invalid input data {CVE-2017-752 - Fix potential double-free in --x509-alt-username {CVE-2017-7521} - Fix remote-triggerable memory leaks {CVE-2017-7521} - Ensure OpenVPN systemd services are restarted upon upgrades - Verify PGP signature of source tarball as part of package building - Build against system lz4 library
8 years ago · 31847e11e7
parent 28587b814b
commit 31847e11e7
3 changed files with 26 additions and 8 deletions
--- a/.gitignore
+++ b/.gitignore
@ -48,3 +48,5 @@ openvpn-2.1.2.tar.gz.asc
 /openvpn-2.4.1.tar.xz.asc
 /openvpn-2.4.2.tar.xz
 /openvpn-2.4.2.tar.xz.asc
+/openvpn-2.4.3.tar.xz.asc
+/openvpn-2.4.3.tar.xz
--- a/openvpn.spec
+++ b/openvpn.spec
@ -6,8 +6,8 @@
 %bcond_without tests_long

 Name:              openvpn
-Version:           2.4.2
-Release:           2%{?prerelease:.%{prerelease}}%{?dist}
+Version:           2.4.3
+Release:           1%{?prerelease:.%{prerelease}}%{?dist}
 Summary:           A full-featured SSL VPN solution
 URL:               https://community.openvpn.net/
 Source0:           https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz
@ -15,16 +15,20 @@ Source1:           https://swupdate.openvpn.org/community/releases/%{name}-%{ver
 Source2:           roadwarrior-server.conf
 Source3:           roadwarrior-client.conf
 Source4:           README.systemd
+# Upstream signing key
+Source6:           gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg
 License:           GPLv2
 Group:             Applications/Internet
 BuildRequires:     systemd-devel
 BuildRequires:     lzo-devel
 BuildRequires:     lz4-devel
-BuildRequires:     compat-openssl10-devel
-BuildRequires:     compat-openssl10-pkcs11-helper-devel >= 1.11
+BuildRequires:     openssl-devel
+BuildRequires:     pkcs11-helper-devel >= 1.11
 BuildRequires:     pam-devel
 # For the perl_default_filter macro
 BuildRequires:     perl-macros
+%{?systemd_requires}
+BuildRequires:     systemd
 BuildRequires:     systemd-units
 BuildRequires:     libselinux-devel
 # For /sbin/ip.
@ -61,6 +65,7 @@ to similar features as the various script-hooks.


 %prep
+gpgv2 --quiet --keyring %{SOURCE6} %{SOURCE1} %{SOURCE0}
 %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}}

 sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' doc/openvpn.8
@ -149,8 +154,9 @@ getent passwd openvpn &>/dev/null || \
 %systemd_preun openvpn-server@\*.service

 %postun
-%systemd_postun openvpn-client@\*.service
-%systemd_postun openvpn-server@\*.service
+%systemd_postun_with_restart openvpn-client@\*.service
+%systemd_postun_with_restart openvpn-server@\*.service
+%systemd_postun_with_restart openvpn@\*.service


 %files
@ -178,6 +184,16 @@ getent passwd openvpn &>/dev/null || \


 %changelog
+* Wed Jun 21 2017 David Sommerseth <dazo@eurephia.org> - 2.4.3-1
+- Updating to upstream openvpn-2.4.3
+- Fix remotely-triggerable ASSERT() on malformed IPv6 packet {CVE-2017-7508}
+- Prevent two kinds of stack buffer OOB reads and a crash for invalid input data {CVE-2017-752
+- Fix potential double-free in --x509-alt-username {CVE-2017-7521}
+- Fix remote-triggerable memory leaks {CVE-2017-7521}
+- Ensure OpenVPN systemd services are restarted upon upgrades
+- Verify PGP signature of source tarball as part of package building
+- Build against system lz4 library
+
 * Fri May 12 2017 David Sommerseth <dazo@eurephia.org> - 2.4.2-2
 - Install and take ownership of /run/openvpn-{client,server} (rhbz#1444601)
 - Install and take ownership of /var/lib/openvpn (rhbz#922786)
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (openvpn-2.4.2.tar.xz) = 438f16ac2d12dfd9f11ebcddebf709102046c71b4c4608a294da552587ea346d6ebb8c916f717bce992057754d6bc35ca1df5653fc907cc0003d9e34c92da963
-SHA512 (openvpn-2.4.2.tar.xz.asc) = 2deed80ef3b7017b2eb60931810c1902b855e9ba734caa012842227963c1ffe1ecb90b5912123ce0e4001e2dee52b9a735df91137562ed39e0a0bb24ac3f6ba5
+SHA512 (openvpn-2.4.3.tar.xz.asc) = 75fdf046e407cf02e30a3f3bd4dbd7e65c34a30e67670f2359b4b0442ee30831e80238539a6e784c28795ba1505ad57dffc8042f1cb472d82754535d50ccfe40
+SHA512 (openvpn-2.4.3.tar.xz) = 26d25bb71c5ecfa398924b3ee3dec16b2776b3d67cf0b532c2b8a4368f1307bbd04b80ed38f0344c313aab38ec6e4e4f9bf2b3bc90bc197b2f257288e72eb5d8