Update to upstream OpenVPN 2.5.2

- Update to upstream OpenVPN 2.5.2 - Fixes CVE-2020-15078 - Replaces --ncp-ciphers with --data-ciphers in the server systemd service unit Signed-off-by: David Sommerseth <dazo@eurephia.org>
4 years ago · 4214b7e799
parent 81b76b938b
commit 4214b7e799
5 changed files with 12 additions and 5 deletions
--- a/.gitignore
+++ b/.gitignore
@ -66,3 +66,5 @@ openvpn-2.1.2.tar.gz.asc
 /openvpn-2.5.0.tar.xz.asc
 /openvpn-2.5.1.tar.xz
 /openvpn-2.5.1.tar.xz.asc
+/openvpn-2.5.2.tar.xz
+/openvpn-2.5.2.tar.xz.asc
--- a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch
+++ b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch
@ -23,7 +23,7 @@ index 9a8a2c7..0ecda08 100644
 PrivateTmp=true
 WorkingDirectory=/etc/openvpn/server
 -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
-+ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
+ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf
 CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
 LimitNPROC=10
 DeviceAllow=/dev/null rw
--- a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg
+++ b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg
--- a/openvpn.spec
+++ b/openvpn.spec
@ -5,8 +5,8 @@
 %bcond_without tests_long

 Name:              openvpn
-Version:           2.5.1
-Release:           2%{?dist}
+Version:           2.5.2
+Release:           1%{?dist}
 Summary:           A full-featured TLS VPN solution
 URL:               https://community.openvpn.net/
 Source0:           https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
@ -193,6 +193,11 @@ getent passwd openvpn &>/dev/null || \


 %changelog
+* Wed Apr 21 2021 David Sommerseth <davids@openvpn.net> - 2.5.2-1
+- Update to upstream OpenVPN 2.5.2
+- Fixes CVE-2020-15078
+- Replaces --ncp-ciphers with --data-ciphers in the server systemd service unit
+
 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.5.1-2
 - Rebuilt for updated systemd-rpm-macros
  See https://pagure.io/fesco/issue/2583.
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (openvpn-2.5.1.tar.xz) = 7c0adad384f908bd7dbd839a2b90cbe3a4222cac92ef484df89709ca5dd6cb22b3caf19b696c2bb74d7eda148904a8b25f1fe4640c91f0e68d6e65bcf922e0f4
-SHA512 (openvpn-2.5.1.tar.xz.asc) = 44075753973aaec67a2f01f8efa3a7998bfbac77fd333267ed918a56ef884d8264004296bfb3b3ffee3e724a1614dffccdc93a4abe5fe128d8ee668c03df73ed
+SHA512 (openvpn-2.5.2.tar.xz) = ae2cac00ae4b9e06e7e70b268ed47d36bbb45409650175e507d5bfa12b0a4f24bccc64f2494d1563f9269c8076d0f753a492f01ea33ce376ba00b7cdcb5c7bd0
+SHA512 (openvpn-2.5.2.tar.xz.asc) = 49a5f1828d8621e8d71665435efbc5fb55baee9db44c4d8768159667fdddf2ce30c964a11aa6fb28fee37adc34ff5ca8c9eb4c0669b4d847a9ffd0f8aab871b4