From b97c97bd07b7caf7e89e25398c7d4be6b355d4e6 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 1 Mar 2018 14:08:30 +0100 Subject: [PATCH] Updating to upstream, openvpn-2.4.5 +++ - Package upstream ChangeLog, which contains a bit more details than Changes.rst - Cleaned up spec file further, removed Group: tag, trimmed changelog section, added gcc to BuildRequires. - Excluded not relevant file, README.mbedtls - Package upstream version of README.systemd - Fix wrong group owner of /etc/openvpn/{client,server} (rhbz#1526743) - Changed crypto self-test to test AES-{128,256}-{CBC,GCM} instead of only BF-CBC (deprecated) - Change /run/openvpn-{client,server} permissions to be 0750 instead of 0710, with group set to openvpn Signed-off-by: David Sommerseth --- .rpmlint | 11 +- ...in-ChangeLog-should-be-2.4.5-was-mis.patch | 27 ++ README.systemd | 71 --- openvpn-2.4-change-tmpfiles-permissions.patch | 9 + openvpn.spec | 433 ++---------------- 5 files changed, 79 insertions(+), 472 deletions(-) create mode 100644 0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch delete mode 100644 README.systemd create mode 100644 openvpn-2.4-change-tmpfiles-permissions.patch diff --git a/.rpmlint b/.rpmlint index 5232fc9..04c5cff 100644 --- a/.rpmlint +++ b/.rpmlint @@ -1,2 +1,11 @@ -addFilter("E: non-standard-dir-perm /etc/openvpn/server 0750L") addFilter("E: non-standard-dir-perm /etc/openvpn/client 0750L") +addFilter("E: non-standard-dir-perm /etc/openvpn/server 0750L") +addFilter("E: non-standard-dir-perm /run/openvpn-client 0750L") +addFilter("E: non-standard-dir-perm /run/openvpn-server 0750L") +addFilter("E: non-standard-dir-perm /var/lib/openvpn 0770L") +addFilter("W: non-standard-gid /etc/openvpn/client openvpn") +addFilter("W: non-standard-gid /etc/openvpn/server openvpn") +addFilter("W: non-standard-gid /run/openvpn-client openvpn") +addFilter("W: non-standard-gid /run/openvpn-server openvpn") +addFilter("W: non-standard-gid /var/lib/openvpn openvpn") +addFilter("W: non-standard-uid /var/lib/openvpn openvpn") diff --git a/0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch b/0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch new file mode 100644 index 0000000..d8c4616 --- /dev/null +++ b/0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch @@ -0,0 +1,27 @@ +From 161afbebdc2b7e244a136182a676ad55347c9cf5 Mon Sep 17 00:00:00 2001 +From: Gert Doering +Date: Thu, 1 Mar 2018 10:11:08 +0100 +Subject: [PATCH] Correct version in ChangeLog - should be 2.4.5, was mistyped + as 2.4.4 + +Signed-off-by: Gert Doering +--- + ChangeLog | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ChangeLog b/ChangeLog +index 99772a33..0db3e5b8 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,7 +1,7 @@ + OpenVPN Change Log + Copyright (C) 2002-2018 OpenVPN Inc + +-2018.02.28 -- Version 2.4.4 ++2018.02.28 -- Version 2.4.5 + Antonio Quartulli (4): + reload HTTP proxy credentials when moving to the next connection profile + Allow learning iroutes with network made up of all 0s (only if netbits < 8) +-- +2.13.5 + diff --git a/README.systemd b/README.systemd deleted file mode 100644 index cf0003e..0000000 --- a/README.systemd +++ /dev/null @@ -1,71 +0,0 @@ -OpenVPN and systemd -=================== - -As of OpenVPN v2.4, upstream is shipping systemd unit files to provide a -fine grained control of each OpenVPN configuration as well as trying to -restrict the capabilities the OpenVPN process have on a system. - - -Configuration profile types ---------------------------- -These new unit files separates between client and server profiles. The -configuration files are kept in separate directories, to provide clarity -of the profile they run under. - -Typically the client profile cannot bind to any ports below port 1024 -and the client configuration is always started with --nobind. - -The server profile is allowed to bind to any ports. In addition it enables -a client status file, usually found in the /run/openvpn-server directory. -The status format is set to version 2 by default. These settings may be -overridden by adding --status and/or --status-version in the OpenVPN -configuration file. - -Neither of these profiles makes use of PID files, but OpenVPN reports back to -systemd its PID once it has initialized. - -For configuration using a peer-to-peer mode (not using --mode server on one -of the sides) it is recommended to use the client profile. - - -Configuration files -------------------- -These new unit files expects client configuration files to be made available -in /etc/openvpn/client. Similar for the server configurations, it is expected -to be found in /etc/openvpn/server. The configuration files must have a .conf -file extension. - - -Managing VPN tunnels --------------------- -Use the normal systemctl tool to start, stop VPN tunnels, as well as enable -and disable tunnels at boot time. The syntax is: - - - client configurations: - # systemctl $OPER openvpn-client@$CONFIGNAME - - - server configurations: - # systemctl $OPER openvpn-server@$CONFIGNAME - -Similarly, to view the OpenVPN journal log use a similar syntax: - - # journalctl -u openvpn-client@$CONFIGNAME - or - # journalctl -u openvpn-server@$CONFIGNAME - -* Examples - Say your server configuration is /etc/openvpn/server/tun0.conf, you - start this VPN service like this: - - # systemctl start openvpn-server@tun0 - - A client configuration file in /etc/openvpn/client/corpvpn.conf is - started like this: - - # systemctl start openvpn-client@corpvpn - - To view the server configuration's journal only listing entries from - yesterday and until today: - - # journalctl --since yesterday -u openvpn-server@tun0 - diff --git a/openvpn-2.4-change-tmpfiles-permissions.patch b/openvpn-2.4-change-tmpfiles-permissions.patch new file mode 100644 index 0000000..8adb700 --- /dev/null +++ b/openvpn-2.4-change-tmpfiles-permissions.patch @@ -0,0 +1,9 @@ +diff --git a/distro/systemd/tmpfiles-openvpn.conf b/distro/systemd/tmpfiles-openvpn.conf +index bb79671e..9258f5c6 100644 +--- a/distro/systemd/tmpfiles-openvpn.conf ++++ b/distro/systemd/tmpfiles-openvpn.conf +@@ -1,2 +1,2 @@ +-d /run/openvpn-client 0710 root root - +-d /run/openvpn-server 0710 root root - ++d /run/openvpn-client 0750 root openvpn - ++d /run/openvpn-server 0750 root openvpn - diff --git a/openvpn.spec b/openvpn.spec index 6bee21b..aba5a8e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,34 +6,34 @@ %bcond_without tests_long Name: openvpn -Version: 2.4.4 -Release: 3%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.4.5 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz Source1: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz.asc Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf -Source4: README.systemd # Upstream signing key Source6: gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg Patch1: 0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch +Patch2: 0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch +Patch50: openvpn-2.4-change-tmpfiles-permissions.patch License: GPLv2 -Group: Applications/Internet +BuildRequires: gcc BuildRequires: systemd-devel BuildRequires: lzo-devel BuildRequires: lz4-devel BuildRequires: openssl-devel BuildRequires: pkcs11-helper-devel >= 1.11 BuildRequires: pam-devel +BuildRequires: libselinux-devel # For the perl_default_filter macro BuildRequires: perl-macros BuildRequires: systemd %{?systemd_requires} -BuildRequires: libselinux-devel # For /sbin/ip. BuildRequires: iproute -# For /sbin/ip. Requires: iproute Requires(pre): /usr/sbin/useradd @@ -64,6 +64,8 @@ to similar features as the various script-hooks. gpgv2 --quiet --keyring %{SOURCE6} %{SOURCE1} %{SOURCE0} %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} %patch1 -p1 -b .ch_default_cipher +%patch2 -p1 +%patch50 -p1 sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' doc/openvpn.8 @@ -88,7 +90,10 @@ find contrib sample -type f -perm /100 \ %check # Test Crypto: ./src/openvpn/openvpn --genkey --secret key -./src/openvpn/openvpn --test-crypto --secret key +./src/openvpn/openvpn --cipher aes-128-cbc --test-crypto --secret key +./src/openvpn/openvpn --cipher aes-256-cbc --test-crypto --secret key +./src/openvpn/openvpn --cipher aes-128-gcm --test-crypto --secret key +./src/openvpn/openvpn --cipher aes-256-gcm --test-crypto --secret key %if %{with tests_long} # Randomize ports for tests to avoid conflicts on the build servers. @@ -123,18 +128,17 @@ mkdir -p -m 0750 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/client $RPM_BUILD_ROOT%{_ cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/ # Create some directories the OpenVPN package should own -mkdir -m 0710 -p $RPM_BUILD_ROOT%{_rundir}/%{name}-{client,server} +mkdir -m 0750 -p $RPM_BUILD_ROOT%{_rundir}/%{name}-{client,server} mkdir -m 0770 -p $RPM_BUILD_ROOT%{_sharedstatedir}/%{name} # Package installs into %%{_pkgdocdir} directly -# Add further files -cp -a AUTHORS contrib sample %{SOURCE4} $RPM_BUILD_ROOT%{_pkgdocdir} +# Add various additional files +cp -a AUTHORS ChangeLog contrib sample distro/systemd/README.systemd $RPM_BUILD_ROOT%{_pkgdocdir} # Remove some files which does not really belong here rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/sample/Makefile{,.in,.am} rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/multilevel-init.patch rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/sample/sample-keys -rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/keychain-mcd %pre getent group openvpn &>/dev/null || groupadd -r openvpn @@ -158,7 +162,7 @@ getent passwd openvpn &>/dev/null || \ %files %{_pkgdocdir} %exclude %{_pkgdocdir}/README.IPv6 -%exclude %{_pkgdocdir}/README.polarssl +%exclude %{_pkgdocdir}/README.mbedtls %exclude %{_pkgdocdir}/sample/sample-plugins %{_mandir}/man8/%{name}.8* %{_sbindir}/%{name} @@ -167,10 +171,10 @@ getent passwd openvpn &>/dev/null || \ %{_unitdir}/%{name}-server@.service %{_tmpfilesdir}/%{name}.conf %config %dir %{_sysconfdir}/%{name}/ -%config %dir %{_sysconfdir}/%{name}/client -%config %dir %{_sysconfdir}/%{name}/server -%attr(0710,-,-) %{_rundir}/%{name}-client -%attr(0710,-,-) %{_rundir}/%{name}-server +%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/client +%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/server +%attr(0750,-,openvpn) %{_rundir}/%{name}-client +%attr(0750,-,openvpn) %{_rundir}/%{name}-server %attr(0770,openvpn,openvpn) %{_sharedstatedir}/%{name} %files devel @@ -180,6 +184,17 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Fri Feb 16 2018 David Sommerseth - 2.4.5-1 +- Updating to upstream, openvpn-2.4.5 +- Package upstream ChangeLog, which contains a bit more details than Changes.rst +- Cleaned up spec file further, removed Group: tag, trimmed changelog section, + added gcc to BuildRequires. +- Excluded not relevant file, README.mbedtls +- Package upstream version of README.systemd +- Fix wrong group owner of /etc/openvpn/{client,server} (rhbz#1526743) +- Changed crypto self-test to test AES-{128,256}-{CBC,GCM} instead of only BF-CBC (deprecated) +- Change /run/openvpn-{client,server} permissions to be 0750 instead of 0710, with group set to openvpn + * Thu Feb 08 2018 Fedora Release Engineering - 2.4.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild @@ -187,7 +202,7 @@ getent passwd openvpn &>/dev/null || \ - Fix systemd executions/requirements * Tue Sep 26 2017 David Sommerseth - 2.4.4-1 -- Update to latest upstream release +- Update to upstream openvpn-2.4.4 - Includes fix for possible stack overflow if --key-method 1 is used {CVE-2017-12166} * Fri Aug 4 2017 David Sommerseth - 2.4.3-4 @@ -214,6 +229,7 @@ getent passwd openvpn &>/dev/null || \ - Install and take ownership of /var/lib/openvpn (rhbz#922786) * Thu May 11 2017 David Sommerseth - 2.4.2-1 +- Updating to upstream openvpn-2.4.2 - Switching back to OpenSSL, using compat-openssl10 (rhbz#1443749, rhbz#1432125, rhbz#1440468) - Re-enabling --enable-x509-alt-username (rhbz#1443942) - Add --enable-selinux @@ -250,386 +266,3 @@ getent passwd openvpn &>/dev/null || \ * Tue Dec 27 2016 Jon Ciesla 2.4.0-1 - 2.4.0. -* Wed Dec 07 2016 Jon Ciesla 2.3.14-1 -- 2.3.14. - -* Thu Nov 03 2016 Jon Ciesla 2.3.13-1 -- 2.3.13. - -* Tue Aug 23 2016 Jon Ciesla 2.3.12-1 -- 2.3.12. - -* Tue May 10 2016 Jon Ciesla 2.3.11-1 -- 2.3.11. - -* Thu Feb 04 2016 Fedora Release Engineering - 2.3.10-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Mon Jan 04 2016 Jon Ciesla 2.3.10-1 -- 2.3.10. - -* Wed Dec 16 2015 Jon Ciesla 2.3.9-1 -- 2.3.9. - -* Tue Aug 04 2015 Jon Ciesla 2.3.8-1 -- 2.3.8. - -* Thu Jun 18 2015 Fedora Release Engineering - 2.3.7-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Tue Jun 09 2015 Jon Ciesla 2.3.7-1 -- 2.3.7, BZ 1229504. - -* Fri Nov 21 2014 Ralf Corsépius - 2.3.5-2 -- Rework package doc handling (RHBZ #1165004). - -* Tue Oct 28 2014 Jon Ciesla 2.3.5-1 -- 2.3.5. - -* Tue Aug 26 2014 Jan Vcelak 2.3.4-4 -- Enable systemd support. - -* Sun Aug 17 2014 Fedora Release Engineering - 2.3.4-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Sat Jun 07 2014 Fedora Release Engineering - 2.3.4-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Fri May 02 2014 Jon Ciesla 2.3.4-1 -- 2.3.4. -- Disable make check until upstream provides non-md5 sample keys. -- Filed upstream https://community.openvpn.net/openvpn/ticket/400#ticket - -* Fri Apr 11 2014 Jon Ciesla 2.3.3-1 -- Latest uptream, needs pkcs11-helper >= 1.11 - -* Sun Jan 19 2014 Ville Skyttä - 2.3.2-5 -- Don't order service after syslog.target. - -* Thu Sep 12 2013 Jon Ciesla 2.3.2-4 -- Enable --enable-x509-alt-username, BZ 1007184. - -* Wed Aug 07 2013 Jon Ciesla 2.3.2-3 -- Fix find syntax to fix FTBFS, BZ 992411. - -* Sat Aug 03 2013 Fedora Release Engineering - 2.3.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Mon Jun 03 2013 Jon Ciesla 2.3.2-1 -- 2.3.2, BZ 970089. - -* Thu May 16 2013 Jon Ciesla 2.3.1-4 -- chmod -x .service, BZ 963914. - -* Thu May 16 2013 Jon Ciesla 2.3.1-3 -- Enable --enable-pkcs11, BZ 963868. - -* Mon Apr 08 2013 Kalev Lember 2.3.1-2 -- Update perl requires filtering - -* Tue Apr 02 2013 Jon Ciesla 2.3.1-1 -- 2.3.1, BZ 929402. - -* Thu Feb 14 2013 Fedora Release Engineering - 2.3.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Tue Jan 15 2013 Jon Ciesla 2.3.0-1 -- 2.3.0, BZ 893700. - -* Wed Sep 26 2012 Jon Ciesla 2.2.2-9 -- Dropped net-tools, BZ 785794. - -* Wed Sep 05 2012 Jon Ciesla 2.2.2-8 -- Dropped config from tmpfiles conf. - -* Wed Sep 05 2012 Jon Ciesla 2.2.2-7 -- Fix tmpfiles location, BZ 840188. -- Fix run ownership, BZ 854440. - -* Fri Jul 20 2012 Fedora Release Engineering - 2.2.2-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Thu Apr 12 2012 Jon Ciesla 2.2.2-5 -- Add hardened build. - -* Mon Feb 13 2012 Jon Ciesla 2.2.2-4 -- Use PrivateTmp=true, BZ 782522. - -* Wed Feb 8 2012 Kay Sievers - 2.2.2-3 -- Drop dependency on 'dev' package; it is gone since many years - -* Fri Jan 13 2012 Fedora Release Engineering - 2.2.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Fri Dec 23 2011 Jon Ciesla 2.2.2-1 -- Update to 2.2.2. - -* Fri Sep 9 2011 Tom Callaway 2.2.1-2 -- convert to systemd - -* Fri Jul 08 2011 Jon Ciesla 2.2.1-1 -- Update to 2.2.1. - -* Fri Jun 17 2011 Jon Ciesla 2.2.0-2 -- Bump and rebuild for BZ 712251. - -* Thu May 19 2011 Jon Ciesla 2.2.0-1 -- Update to 2.2.0. - -* Thu Mar 17 2011 Jon Ciesla 2.1.4-1 -- Update to 2.1.4. - -* Tue Feb 08 2011 Fedora Release Engineering - 2.1.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Thu Oct 07 2010 Jon Ciesla 2.1.3-1 -- Update to 2.1.3. - -* Thu Aug 19 2010 Steven Pritchard 2.1.2-1 -- Update to 2.1.2. - -* Mon Jan 04 2010 Jon Ciesla 2.1.1-2 -- Fix init script *.sh sourcing, BZ 498348. -- Added init script info block, BZ 392991, BZ 541219. - -* Fri Dec 11 2009 Steven Pritchard 2.1.1-1 -- Update to 2.1.1. - -* Sat Nov 21 2009 Steven Pritchard 2.1-0.39.rc22 -- Update to 2.1_rc22. - -* Thu Nov 12 2009 Steven Pritchard 2.1-0.38.rc21 -- Update to 2.1_rc21. - -* Sun Oct 25 2009 Robert Scheck 2.1-0.37.rc20 -- Added script_security initialisation in initscript (#458594 #c20) - -* Fri Oct 02 2009 Steven Pritchard 2.1-0.36.rc20 -- Update to 2.1_rc20. - -* Sun Sep 06 2009 Kalev Lember - 2.1-0.35.rc19 -- Update to 2.1_rc19 -- Build with pkcs11-helper - -* Fri Aug 21 2009 Tomas Mraz - 2.1-0.34.rc15 -- rebuilt with new openssl - -* Sat Jul 25 2009 Fedora Release Engineering - 2.1-0.33.rc15 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Thu Feb 26 2009 Fedora Release Engineering - 2.1-0.32.rc15 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Sat Jan 17 2009 Tomas Mraz 2.1-0.31.rc15 -- rebuild with new openssl - -* Thu Dec 11 2008 Steven Pritchard 2.1-0.30.rc15 -- Attempt to fix BZ#476129. - -* Sat Nov 29 2008 Robert Scheck 2.1-0.29.rc15 -- Update to 2.1_rc15 - -* Wed Aug 13 2008 Steven Pritchard 2.1-0.28.rc9 -- Add "--script-security 2" by default for backwards compatibility - (see bug #458594). - -* Fri Aug 01 2008 Steven Pritchard 2.1-0.27.rc9 -- Update to 2.1_rc9. - -* Sat Jun 14 2008 Steven Pritchard 2.1-0.26.rc8 -- Update to 2.1_rc8. -- Update License tag. - -* Tue Feb 19 2008 Fedora Release Engineering - 2.1-0.25.rc7 -- Autorebuild for GCC 4.3 - -* Tue Jan 29 2008 Steven Pritchard 2.1-0.24.rc7 -- Update to 2.1_rc7 -- Drop BETA21-userpriv-fixups.patch (upstream) - -* Fri Jan 25 2008 Steven Pritchard 2.1-0.23.rc6 -- Apply update to BETA21-userpriv-fixups.patch from Alon Bar-Lev - -* Thu Jan 24 2008 Steven Pritchard 2.1-0.22.rc6 -- Update to 2.1_rc6 -- Pass paths to ifconfig, ip, and route to configure -- BR iproute and Require iproute and net-tools -- Add BETA21-userpriv-fixups.patch from Alon Bar-Lev - -* Wed Jan 23 2008 Steven Pritchard 2.1-0.21.rc5 -- Update to 2.1_rc5 - -* Wed Dec 05 2007 Steven Pritchard 2.1-0.20.rc4 -- Remove check macro cruft. - -* Thu Apr 26 2007 Steven Pritchard 2.1-0.19.rc4 -- Update to 2.1_rc4 - -* Mon Apr 23 2007 Steven Pritchard 2.1-0.18.rc3 -- Update to 2.1_rc3 - -* Fri Mar 02 2007 Steven Pritchard 2.1-0.17.rc2 -- Update to 2.1_rc2 - -* Tue Feb 27 2007 Steven Pritchard 2.1-0.16.rc1 -- Randomize ports for tests to avoid conflicts on the build servers - -* Tue Feb 27 2007 Steven Pritchard 2.1-0.15.rc1 -- Update to 2.1_rc1 - -* Mon Oct 02 2006 Steven Pritchard 2.1-0.14.beta16 -- Update to 2.1_beta16 -- Drop Paul's patch (in upstream) - -* Tue Sep 12 2006 Steven Pritchard 2.1-0.13.beta15 -- Update to 2.1_beta15 -- Add openvpn-2.1_beta15-test-timeout.patch to avoid test hang - (from Paul Howarth) - -* Mon Aug 28 2006 Steven Pritchard 2.1-0.12.beta14 -- Rebuild - -* Mon Jul 31 2006 Steven Pritchard 2.1-0.11.beta14 -- Rebuild - -* Fri Apr 14 2006 Steven Pritchard 2.1-0.10.beta14 -- Update to 2.1_beta14 - -* Wed Apr 12 2006 Steven Pritchard 2.1-0.9.beta13 -- Update to 2.1_beta13 - -* Wed Apr 05 2006 Steven Pritchard 2.1-0.8.beta12 -- Update to 2.1_beta12 (BZ#188050/CVE-2006-1629) - -* Tue Feb 21 2006 Steven Pritchard 2.1-0.7.beta11 -- Update to 2.1_beta11 - -* Tue Feb 14 2006 Steven Pritchard 2.1-0.6.beta8 -- Update to 2.1_beta8 - -* Wed Jan 04 2006 Steven Pritchard 2.1-0.5.beta7 -- Man page shouldn't be executable (BZ#176953) - -* Tue Dec 06 2005 Steven Pritchard 2.1-0.4.beta7 -- Rebuild - -* Fri Nov 18 2005 Steven Pritchard 2.1-0.3.beta7 -- Update to 2.1_beta7 - -* Tue Nov 08 2005 Steven Pritchard 2.1-0.2.beta6 -- Make sample-scripts (etc.) non-executable to avoid some dependencies - -* Wed Nov 02 2005 Steven Pritchard 2.1-0.1.beta6 -- Update to 2.1_beta6 - -* Mon Oct 17 2005 Steven Pritchard 2.1-0.1.beta4 -- Update to 2.1_beta4 - -* Thu Aug 25 2005 Steven Pritchard 2.0.2-1 -- Update to 2.0.2 -- Refine roadwarrior-server.conf a bit - -* Mon Aug 22 2005 Steven Pritchard 2.0.1-1 -- Update to 2.0.1 - -* Mon Jun 27 2005 Steven Pritchard 2.0-2 -- Move the plugin directory to _libdir -- Drop the easy-rsa/Windows directory -- Comment cleanups -- Add "processname" header to init script -- The init script isn't a config file -- Tag contrib, sample-config-files, sample-keys, and sample-scripts as doc -- Create/own pid dir - -* Sat Jun 25 2005 Steven Pritchard 2.0-1 -- Update to 2.0 final -- Drop Epoch: 0 and rebuild for Fedora Extras - -* Wed Feb 16 2005 Steven Pritchard 0:2.0-0.fdr.0.14.rc13 -- Fix/add paths to useradd - -* Mon Feb 14 2005 Steven Pritchard 0:2.0-0.fdr.0.13.rc13 -- Update to 2.0_rc13 -- More spec cleanup (suggestions from Matthias Saou) - -* Tue Feb 08 2005 Steven Pritchard 0:2.0-0.fdr.0.12.rc12 -- Update to 2.0_rc12 -- Small spec cleanups -- Drop perl auto-requirements entirely - -* Mon Dec 20 2004 Steven Pritchard 0:2.0-0.fdr.0.11.rc6 -- Add down-root and auth-pam plugins -- Add --enable-password-save and --enable-iproute2 -- Add crypto and loopback tests (somewhat time-consuming) - -* Thu Dec 16 2004 Steven Pritchard 0:2.0-0.fdr.0.10.rc5 -- Update to 2.0_rc5 -- Change the port to 1194 in the roadwarrior-*.conf samples -- Change openvpn-init.patch to reformat the description in the init script -- Modify the Summary and description (OpenVPN isn't UDP-only) - -* Tue Dec 14 2004 Steven Pritchard 0:2.0-0.fdr.0.9.rc1 -- Remove the perl(Authen::PAM) dependency - -* Thu Dec 09 2004 Steven Pritchard 0:2.0-0.fdr.0.8.rc1 -- Update to 2.0_rc1 - -* Tue Nov 16 2004 Steven Pritchard 0:2.0-0.fdr.0.7.beta17 -- Update to 2.0_beta17 -- Require dev instead of /dev/net/tun (for udev compatibility) -- Change openvpn-init.patch to match upstream (starts even earlier now) - -* Wed Aug 04 2004 Steven Pritchard 0:2.0-0.fdr.0.6.beta10 -- Remove unnecessary BuildRequires: kernel-headers - -* Tue Aug 03 2004 Steven Pritchard 0:2.0-0.fdr.0.5.beta10 -- Update to 2.0_beta10 -- Minor fix to configuration example -- Change the init script to start a little earlier and stop much later - (after netfs) by default -- Remove a lot of unnecessary macro use (install/mkdir/cp) -- Don't create /dev/net/tun, use Requires instead - -* Sat Jul 17 2004 Steven Pritchard 0:2.0-0.fdr.0.4.beta7 -- Update to 2.0_beta7 -- Include gpg signature in source rpm -- Include 2.0-style configuration examples -- Minor spec cleanup - -* Wed Apr 28 2004 Steven Pritchard 0:2.0-0.fdr.0.3.test23 -- Add openvpn-init.patch to leave the init script disabled by default - -* Wed Apr 28 2004 Steven Pritchard 0:2.0-0.fdr.0.2.test23 -- Fix URL and Source0 -- Add an openvpn user - -* Wed Apr 28 2004 Steven Pritchard 0:2.0-0.fdr.0.1.test23 -- Update to 2.0_test23 -- BuildRequires lzo-devel, kernel-headers, openssl-devel -- Lots of spec cleanup - -* Sun Feb 23 2003 Matthias Andree 1.3.2.14-1 -- Have the version number filled in by autoconf. - -* Wed Jul 10 2002 James Yonan 1.3.1-1 -- Fixed %%preun to only remove service on final uninstall - -* Mon Jun 17 2002 bishop clark (LC957) 1.2.2-1 -- Added condrestart to openvpn.spec & openvpn.init. - -* Wed May 22 2002 James Yonan 1.2.0-1 -- Added mknod for Linux 2.4. - -* Wed May 15 2002 Doug Keller 1.1.1.16-2 -- Added init scripts -- Added conf file support - -* Mon May 13 2002 bishop clark (LC957) 1.1.1.14-1 -- Added new directories for config examples and such - -* Sun May 12 2002 bishop clark (LC957) 1.1.1.13-1 -- Updated buildroot directive and cleanup command -- added easy-rsa utilities - -* Mon Mar 25 2002 bishop clark (LC957) 1.0-1 -- Initial build.