Update to upstream OpenVPN 2.5.2

- Update to upstream OpenVPN 2.5.2
- Fixes CVE-2020-15078
- Replaces --ncp-ciphers with --data-ciphers in the server systemd service unit

Signed-off-by: David Sommerseth <dazo@eurephia.org>
epel9
David Sommerseth 4 years ago
parent 81b76b938b
commit 4214b7e799
No known key found for this signature in database
GPG Key ID: 8876DD803369EF14

2
.gitignore vendored

@ -66,3 +66,5 @@ openvpn-2.1.2.tar.gz.asc
/openvpn-2.5.0.tar.xz.asc /openvpn-2.5.0.tar.xz.asc
/openvpn-2.5.1.tar.xz /openvpn-2.5.1.tar.xz
/openvpn-2.5.1.tar.xz.asc /openvpn-2.5.1.tar.xz.asc
/openvpn-2.5.2.tar.xz
/openvpn-2.5.2.tar.xz.asc

@ -23,7 +23,7 @@ index 9a8a2c7..0ecda08 100644
PrivateTmp=true PrivateTmp=true
WorkingDirectory=/etc/openvpn/server WorkingDirectory=/etc/openvpn/server
-ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
+ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
LimitNPROC=10 LimitNPROC=10
DeviceAllow=/dev/null rw DeviceAllow=/dev/null rw

@ -5,8 +5,8 @@
%bcond_without tests_long %bcond_without tests_long
Name: openvpn Name: openvpn
Version: 2.5.1 Version: 2.5.2
Release: 2%{?dist} Release: 1%{?dist}
Summary: A full-featured TLS VPN solution Summary: A full-featured TLS VPN solution
URL: https://community.openvpn.net/ URL: https://community.openvpn.net/
Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
@ -193,6 +193,11 @@ getent passwd openvpn &>/dev/null || \
%changelog %changelog
* Wed Apr 21 2021 David Sommerseth <davids@openvpn.net> - 2.5.2-1
- Update to upstream OpenVPN 2.5.2
- Fixes CVE-2020-15078
- Replaces --ncp-ciphers with --data-ciphers in the server systemd service unit
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.5.1-2 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.5.1-2
- Rebuilt for updated systemd-rpm-macros - Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583. See https://pagure.io/fesco/issue/2583.

@ -1,2 +1,2 @@
SHA512 (openvpn-2.5.1.tar.xz) = 7c0adad384f908bd7dbd839a2b90cbe3a4222cac92ef484df89709ca5dd6cb22b3caf19b696c2bb74d7eda148904a8b25f1fe4640c91f0e68d6e65bcf922e0f4 SHA512 (openvpn-2.5.2.tar.xz) = ae2cac00ae4b9e06e7e70b268ed47d36bbb45409650175e507d5bfa12b0a4f24bccc64f2494d1563f9269c8076d0f753a492f01ea33ce376ba00b7cdcb5c7bd0
SHA512 (openvpn-2.5.1.tar.xz.asc) = 44075753973aaec67a2f01f8efa3a7998bfbac77fd333267ed918a56ef884d8264004296bfb3b3ffee3e724a1614dffccdc93a4abe5fe128d8ee668c03df73ed SHA512 (openvpn-2.5.2.tar.xz.asc) = 49a5f1828d8621e8d71665435efbc5fb55baee9db44c4d8768159667fdddf2ce30c964a11aa6fb28fee37adc34ff5ca8c9eb4c0669b4d847a9ffd0f8aab871b4

Loading…
Cancel
Save