From e87651968801ff50ae2cdf70c15da97a5942fc12 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Mon, 27 Jun 2005 21:18:15 +0000 Subject: [PATCH 001/168] Setup of module openvpn --- .cvsignore | 0 Makefile | 21 +++++++++++++++++++++ sources | 0 3 files changed, 21 insertions(+) create mode 100644 .cvsignore create mode 100644 Makefile create mode 100644 sources diff --git a/.cvsignore b/.cvsignore new file mode 100644 index 0000000..e69de29 diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..3fc8bc7 --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ +# Makefile for source rpm: openvpn +# $Id$ +NAME := openvpn +SPECFILE = $(firstword $(wildcard *.spec)) + +define find-makefile-common +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +endef + +MAKEFILE_COMMON := $(shell $(find-makefile-common)) + +ifeq ($(MAKEFILE_COMMON),) +# attept a checkout +define checkout-makefile-common +test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 +endef + +MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) +endif + +include $(MAKEFILE_COMMON) diff --git a/sources b/sources new file mode 100644 index 0000000..e69de29 From 59949292b768722bb61aa8001975b74c392251f6 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Mon, 27 Jun 2005 21:19:35 +0000 Subject: [PATCH 002/168] auto-import openvpn-2.0-1 on branch devel from openvpn-2.0-1.src.rpm --- .cvsignore | 1 + openvpn-2.0.tar.gz.asc | 7 ++ openvpn-init.patch | 21 ++++ openvpn.spec | 215 ++++++++++++++++++++++++++++++++++++++++ roadwarrior-client.conf | 38 +++++++ roadwarrior-server.conf | 61 ++++++++++++ sources | 1 + 7 files changed, 344 insertions(+) create mode 100644 openvpn-2.0.tar.gz.asc create mode 100644 openvpn-init.patch create mode 100644 openvpn.spec create mode 100644 roadwarrior-client.conf create mode 100644 roadwarrior-server.conf diff --git a/.cvsignore b/.cvsignore index e69de29..675f0cb 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1 @@ +openvpn-2.0.tar.gz diff --git a/openvpn-2.0.tar.gz.asc b/openvpn-2.0.tar.gz.asc new file mode 100644 index 0000000..8bf241e --- /dev/null +++ b/openvpn-2.0.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (GNU/Linux) + +iD8DBQBCYzC5HQtJlh+/UfMRAhLVAKD01W0j/4q2p/RbJrwsZUKyae5lEQCfd1DI +vYwmuiZEgjmXj6ARaBV7JY8= +=zC1M +-----END PGP SIGNATURE----- diff --git a/openvpn-init.patch b/openvpn-init.patch new file mode 100644 index 0000000..c9f9299 --- /dev/null +++ b/openvpn-init.patch @@ -0,0 +1,21 @@ +--- sample-scripts/openvpn.init.orig 2004-12-16 11:52:16.351973000 -0600 ++++ sample-scripts/openvpn.init 2004-12-16 12:26:42.782827808 -0600 +@@ -3,12 +3,13 @@ + # openvpn This shell script takes care of starting and stopping + # openvpn on RedHat or other chkconfig-based system. + # +-# chkconfig: 345 24 76 ++# chkconfig: - 24 76 + # +-# description: OpenVPN is a robust and highly flexible tunneling application that +-# uses all of the encryption, authentication, and certification features +-# of the OpenSSL library to securely tunnel IP networks over a single +-# UDP port. ++# description: OpenVPN is a robust and highly flexible tunneling \ ++# application that uses all of the encryption, \ ++# authentication, and certification features of the OpenSSL \ ++# library to securely tunnel IP networks over a single UDP \ ++# port. + # + + # Contributed to the OpenVPN project by diff --git a/openvpn.spec b/openvpn.spec new file mode 100644 index 0000000..bebc46f --- /dev/null +++ b/openvpn.spec @@ -0,0 +1,215 @@ +%define plugins down-root auth-pam + +Name: openvpn +Version: 2.0 +Release: 1%{?dist} +Summary: A full-featured SSL VPN solution +URL: http://openvpn.net/ +#Source0: http://dl.sourceforge.net/sourceforge/openvpn/%{name}-%{version}.tar.gz +Source0: http://openvpn.net/release/%{name}-%{version}.tar.gz +Source1: http://openvpn.net/signatures/%{name}-%{version}.tar.gz.asc +# Sample 2.0 config files +Source2: roadwarrior-server.conf +Source3: roadwarrior-client.conf +# Don't start openvpn by default. +Patch0: openvpn-init.patch +License: GPL +Group: Applications/Internet +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) +BuildRequires: lzo-devel +BuildRequires: openssl-devel +BuildRequires: pam-devel +# This won't work with udev +#Requires: /dev/net/tun +# This will work with RH9+ dev or udev +Requires: dev >= 0:3.3.2-5 +Requires(pre): /usr/sbin/useradd +Requires(post): /sbin/chkconfig +Requires(preun): /sbin/chkconfig, /sbin/service +Requires(postun): /sbin/service + +# Filter out the perl(Authen::PAM) dependency. +# No perl dependency is really needed at all. +%define __perl_requires sh -c 'cat > /dev/null' + +%description +OpenVPN is a robust and highly flexible tunneling application that uses all +of the encryption, authentication, and certification features of the +OpenSSL library to securely tunnel IP networks over a single UDP or TCP +port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library +for compression. + +%prep +%setup -q -n %{name}-%{version}%{?prever:_%{prever}} +%patch0 -p0 + +%build +# --enable-pthread Enable pthread support (Experimental for OpenVPN 2.0) +# --enable-password-save Allow --askpass and --auth-user-pass passwords to be +# read from a file +# --enable-iproute2 Enable support for iproute2 +%configure --enable-pthread --enable-password-save --enable-iproute2 +%{__make} + +# Build plugins +for plugin in %{plugins} ; do + %{__make} -C plugin/$plugin +done + +%check || : +# Test Crypto: +./openvpn --genkey --secret key +./openvpn --test-crypto --secret key + +# Test SSL/TLS negotiations (runs for 2 minutes): +./openvpn --config sample-config-files/loopback-client & +./openvpn --config sample-config-files/loopback-server +wait + +%install +rm -rf $RPM_BUILD_ROOT + +install -D -m 0755 %{name}.8 $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 +install -D -m 0755 %{name} $RPM_BUILD_ROOT%{_sbindir}/%{name} +install -D -m 0755 sample-scripts/%{name}.init \ + $RPM_BUILD_ROOT%{_initrddir}/%{name} +install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name} + +mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name} +cp -pR contrib easy-rsa sample-{config-file,key,script}s \ + $RPM_BUILD_ROOT%{_datadir}/%{name} +cp %{SOURCE2} %{SOURCE3} $RPM_BUILD_ROOT%{_datadir}/%{name}/sample-config-files/ + +mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name}/plugin/lib +for plugin in %{plugins} ; do + install -m 0755 plugin/$plugin/openvpn-$plugin.so \ + $RPM_BUILD_ROOT%{_datadir}/%{name}/plugin/lib/openvpn-$plugin.so + cp plugin/$plugin/README plugin/$plugin.txt +done + +%clean +rm -rf $RPM_BUILD_ROOT + +%pre +if ! id openvpn > /dev/null 2>&1 ; then + /usr/sbin/useradd -r -s /sbin/nologin -c OpenVPN -d /etc/openvpn openvpn +fi + +%post +/sbin/chkconfig --add %{name} + +%preun +if [ "$1" = 0 ]; then + /sbin/service %{name} stop + /sbin/chkconfig --del %{name} +fi + +%postun +if [ "$1" -ge 1 ]; then + /sbin/service %{name} condrestart >/dev/null 2>&1 +fi + +%files +%defattr(-,root,root,0755) +%doc AUTHORS COPYING COPYRIGHT.GPL INSTALL PORTS README +# Add NEWS when it isn't zero-length. +%doc plugin/*.txt +%{_mandir}/man8/%{name}.8* +%{_sbindir}/%{name} +%{_datadir}/%{name}/ +%config %{_initrddir}/%{name} +%config %dir %{_sysconfdir}/%{name}/ + +%changelog +* Sat Jun 25 2005 Steven Pritchard 2.0-1 +- Update to 2.0 final +- Drop Epoch: 0 and rebuild for Fedora Extras + +* Wed Feb 16 2005 Steven Pritchard 0:2.0-0.fdr.0.14.rc13 +- Fix/add paths to useradd + +* Mon Feb 14 2005 Steven Pritchard 0:2.0-0.fdr.0.13.rc13 +- Update to 2.0_rc13 +- More spec cleanup (suggestions from Matthias Saou) + +* Tue Feb 08 2005 Steven Pritchard 0:2.0-0.fdr.0.12.rc12 +- Update to 2.0_rc12 +- Small spec cleanups +- Drop perl auto-requirements entirely + +* Mon Dec 20 2004 Steven Pritchard 0:2.0-0.fdr.0.11.rc6 +- Add down-root and auth-pam plugins +- Add --enable-password-save and --enable-iproute2 +- Add crypto and loopback tests (somewhat time-consuming) + +* Thu Dec 16 2004 Steven Pritchard 0:2.0-0.fdr.0.10.rc5 +- Update to 2.0_rc5 +- Change the port to 1194 in the roadwarrior-*.conf samples +- Change openvpn-init.patch to reformat the description in the init script +- Modify the Summary and description (OpenVPN isn't UDP-only) + +* Tue Dec 14 2004 Steven Pritchard 0:2.0-0.fdr.0.9.rc1 +- Remove the perl(Authen::PAM) dependency + +* Thu Dec 09 2004 Steven Pritchard 0:2.0-0.fdr.0.8.rc1 +- Update to 2.0_rc1 + +* Tue Nov 16 2004 Steven Pritchard 0:2.0-0.fdr.0.7.beta17 +- Update to 2.0_beta17 +- Require dev instead of /dev/net/tun (for udev compatibility) +- Change openvpn-init.patch to match upstream (starts even earlier now) + +* Wed Aug 04 2004 Steven Pritchard 0:2.0-0.fdr.0.6.beta10 +- Remove unnecessary BuildRequires: kernel-headers + +* Tue Aug 03 2004 Steven Pritchard 0:2.0-0.fdr.0.5.beta10 +- Update to 2.0_beta10 +- Minor fix to configuration example +- Change the init script to start a little earlier and stop much later + (after netfs) by default +- Remove a lot of unnecessary macro use (install/mkdir/cp) +- Don't create /dev/net/tun, use Requires instead + +* Sat Jul 17 2004 Steven Pritchard 0:2.0-0.fdr.0.4.beta7 +- Update to 2.0_beta7 +- Include gpg signature in source rpm +- Include 2.0-style configuration examples +- Minor spec cleanup + +* Wed Apr 28 2004 Steven Pritchard 0:2.0-0.fdr.0.3.test23 +- Add openvpn-init.patch to leave the init script disabled by default + +* Wed Apr 28 2004 Steven Pritchard 0:2.0-0.fdr.0.2.test23 +- Fix URL and Source0 +- Add an openvpn user + +* Wed Apr 28 2004 Steven Pritchard 0:2.0-0.fdr.0.1.test23 +- Update to 2.0_test23 +- BuildRequires lzo-devel, kernel-headers, openssl-devel +- Lots of spec cleanup + +* Sun Feb 23 2003 Matthias Andree 1.3.2.14-1 +- Have the version number filled in by autoconf. + +* Wed Jul 10 2002 James Yonan 1.3.1-1 +- Fixed %preun to only remove service on final uninstall + +* Mon Jun 17 2002 bishop clark (LC957) 1.2.2-1 +- Added condrestart to openvpn.spec & openvpn.init. + +* Wed May 22 2002 James Yonan 1.2.0-1 +- Added mknod for Linux 2.4. + +* Wed May 15 2002 Doug Keller 1.1.1.16-2 +- Added init scripts +- Added conf file support + +* Mon May 13 2002 bishop clark (LC957) 1.1.1.14-1 +- Added new directories for config examples and such + +* Sun May 12 2002 bishop clark (LC957) 1.1.1.13-1 +- Updated buildroot directive and cleanup command +- added easy-rsa utilities + +* Mon Mar 25 2002 bishop clark (LC957) 1.0-1 +- Initial build. diff --git a/roadwarrior-client.conf b/roadwarrior-client.conf new file mode 100644 index 0000000..dd12fdb --- /dev/null +++ b/roadwarrior-client.conf @@ -0,0 +1,38 @@ +######################################### +# Sample client-side OpenVPN config file +# for connecting to multi-client server. +# +# Adapted from http://openvpn.sourceforge.net/20notes.html +# +# The server can be pinged at 10.8.0.1. +# +# This configuration can be used by multiple +# clients, however each client should have +# its own cert and key files. +# +# tun-style tunnel + +port 1194 +dev tun +remote [my server hostname or IP address] + +# TLS parms + +tls-client +ca sample-keys/tmp-ca.crt +cert sample-keys/client.crt +key sample-keys/client.key + +# This parm is required for connecting +# to a multi-client server. It tells +# the client to accept options which +# the server pushes to us. +pull + +# Scripts can be used to do various +# things (change nameservers, for +# example. +#up scripts/ifup-post +#down scripts/ifdown-post + +verb 4 diff --git a/roadwarrior-server.conf b/roadwarrior-server.conf new file mode 100644 index 0000000..0cbaea6 --- /dev/null +++ b/roadwarrior-server.conf @@ -0,0 +1,61 @@ +######################################## +# Sample OpenVPN config file for +# 2.0-style multi-client udp server +# +# Adapted from http://openvpn.sourceforge.net/20notes.html +# +# tun-style tunnel + +port 1194 +dev tun + +# Use "local" to set the source address on multi-homed hosts +#local [IP address] + +# TLS parms +tls-server +ca sample-keys/tmp-ca.crt +cert sample-keys/server.crt +key sample-keys/server.key +dh sample-keys/dh1024.pem + +# Tell OpenVPN to be a multi-client udp server +mode server + +# The server's virtual endpoints +ifconfig 10.8.0.1 10.8.0.2 + +# Pool of /30 subnets to be allocated to clients. +# When a client connects, an --ifconfig command +# will be automatically generated and pushed back to +# the client. +ifconfig-pool 10.8.0.4 10.8.0.255 + +# Push route to client to bind it to our local +# virtual endpoint. +push "route 10.8.0.1 255.255.255.255" + +# Push any routes the client needs to get in +# to the local network. +push "route 192.168.0.0 255.255.255.0" + +# Client should attempt reconnection on link +# failure. +ping 10 +ping-restart 120 +push "ping 10" +push "ping-restart 60" + +# Delete client instances after some period +# of inactivity. +inactive 600 + +# Route the --ifconfig pool range into the +# OpenVPN server. +route 10.8.0.0 255.255.255.0 + +# The server doesn't need privileges +user openvpn +group openvpn + +verb 4 diff --git a/sources b/sources index e69de29..1e0b22f 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +7401faebc6baee9add32608709c54eec openvpn-2.0.tar.gz From 170f728c18fc9e392cc578f82eaa4ba9177a6fdd Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Tue, 28 Jun 2005 00:57:06 +0000 Subject: [PATCH 003/168] - Move the plugin directory to _libdir - Drop the easy-rsa/Windows directory - Comment cleanups - Add "processname" header to init script --- openvpn-init.patch | 7 ++++--- openvpn.spec | 21 ++++++++++++++------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/openvpn-init.patch b/openvpn-init.patch index c9f9299..bcf00a0 100644 --- a/openvpn-init.patch +++ b/openvpn-init.patch @@ -1,6 +1,6 @@ ---- sample-scripts/openvpn.init.orig 2004-12-16 11:52:16.351973000 -0600 -+++ sample-scripts/openvpn.init 2004-12-16 12:26:42.782827808 -0600 -@@ -3,12 +3,13 @@ +--- sample-scripts/openvpn.init.orig 2005-06-27 19:50:53.000000000 -0500 ++++ sample-scripts/openvpn.init 2005-06-27 19:53:54.000000000 -0500 +@@ -3,12 +3,14 @@ # openvpn This shell script takes care of starting and stopping # openvpn on RedHat or other chkconfig-based system. # @@ -11,6 +11,7 @@ -# uses all of the encryption, authentication, and certification features -# of the OpenSSL library to securely tunnel IP networks over a single -# UDP port. ++# processname: openvpn +# description: OpenVPN is a robust and highly flexible tunneling \ +# application that uses all of the encryption, \ +# authentication, and certification features of the OpenSSL \ diff --git a/openvpn.spec b/openvpn.spec index bebc46f..452e863 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -2,10 +2,9 @@ Name: openvpn Version: 2.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ -#Source0: http://dl.sourceforge.net/sourceforge/openvpn/%{name}-%{version}.tar.gz Source0: http://openvpn.net/release/%{name}-%{version}.tar.gz Source1: http://openvpn.net/signatures/%{name}-%{version}.tar.gz.asc # Sample 2.0 config files @@ -19,9 +18,8 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) BuildRequires: lzo-devel BuildRequires: openssl-devel BuildRequires: pam-devel -# This won't work with udev -#Requires: /dev/net/tun -# This will work with RH9+ dev or udev +# We need /dev/net/tun. +# This will work with RH9+ dev or udev. Requires: dev >= 0:3.3.2-5 Requires(pre): /usr/sbin/useradd Requires(post): /sbin/chkconfig @@ -42,6 +40,7 @@ for compression. %prep %setup -q -n %{name}-%{version}%{?prever:_%{prever}} %patch0 -p0 +sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8 %build # --enable-pthread Enable pthread support (Experimental for OpenVPN 2.0) @@ -78,12 +77,13 @@ install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name} mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name} cp -pR contrib easy-rsa sample-{config-file,key,script}s \ $RPM_BUILD_ROOT%{_datadir}/%{name} +rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/easy-rsa/Windows cp %{SOURCE2} %{SOURCE3} $RPM_BUILD_ROOT%{_datadir}/%{name}/sample-config-files/ -mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name}/plugin/lib +mkdir -p $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib for plugin in %{plugins} ; do install -m 0755 plugin/$plugin/openvpn-$plugin.so \ - $RPM_BUILD_ROOT%{_datadir}/%{name}/plugin/lib/openvpn-$plugin.so + $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib/openvpn-$plugin.so cp plugin/$plugin/README plugin/$plugin.txt done @@ -117,10 +117,17 @@ fi %{_mandir}/man8/%{name}.8* %{_sbindir}/%{name} %{_datadir}/%{name}/ +%{_libdir}/%{name}/ %config %{_initrddir}/%{name} %config %dir %{_sysconfdir}/%{name}/ %changelog +* Mon Jun 27 2005 Steven Pritchard 2.0-2 +- Move the plugin directory to _libdir +- Drop the easy-rsa/Windows directory +- Comment cleanups +- Add "processname" header to init script + * Sat Jun 25 2005 Steven Pritchard 2.0-1 - Update to 2.0 final - Drop Epoch: 0 and rebuild for Fedora Extras From fdf2e0f13a4b87c6a226ef8aec26f31ad43e55b8 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Tue, 28 Jun 2005 16:12:33 +0000 Subject: [PATCH 004/168] The init script isn't a config file. --- openvpn.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 452e863..0d9c461 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -118,7 +118,7 @@ fi %{_sbindir}/%{name} %{_datadir}/%{name}/ %{_libdir}/%{name}/ -%config %{_initrddir}/%{name} +%{_initrddir}/%{name} %config %dir %{_sysconfdir}/%{name}/ %changelog @@ -127,6 +127,7 @@ fi - Drop the easy-rsa/Windows directory - Comment cleanups - Add "processname" header to init script +- The init script isn't a config file * Sat Jun 25 2005 Steven Pritchard 2.0-1 - Update to 2.0 final From 58a61c5d58e88b1b493d74646518fc6f10a2e835 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Thu, 30 Jun 2005 17:38:21 +0000 Subject: [PATCH 005/168] Tag contrib, sample-config-files, sample-keys, and sample-scripts as %doc. --- openvpn.spec | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index 0d9c461..8bd20d9 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -75,10 +75,9 @@ install -D -m 0755 sample-scripts/%{name}.init \ install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name} mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name} -cp -pR contrib easy-rsa sample-{config-file,key,script}s \ - $RPM_BUILD_ROOT%{_datadir}/%{name} +cp -pR easy-rsa $RPM_BUILD_ROOT%{_datadir}/%{name}/ rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/easy-rsa/Windows -cp %{SOURCE2} %{SOURCE3} $RPM_BUILD_ROOT%{_datadir}/%{name}/sample-config-files/ +cp %{SOURCE2} %{SOURCE3} sample-config-files/ mkdir -p $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib for plugin in %{plugins} ; do @@ -114,6 +113,7 @@ fi %doc AUTHORS COPYING COPYRIGHT.GPL INSTALL PORTS README # Add NEWS when it isn't zero-length. %doc plugin/*.txt +%doc contrib sample-config-files sample-keys sample-scripts %{_mandir}/man8/%{name}.8* %{_sbindir}/%{name} %{_datadir}/%{name}/ @@ -128,6 +128,7 @@ fi - Comment cleanups - Add "processname" header to init script - The init script isn't a config file +- Tag contrib, sample-config-files, sample-keys, and sample-scripts as doc * Sat Jun 25 2005 Steven Pritchard 2.0-1 - Update to 2.0 final From a1419ca6237d74e2606ea0b171271181620dbf1e Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Sat, 30 Jul 2005 23:21:39 +0000 Subject: [PATCH 006/168] Create/own pid dir. --- openvpn.spec | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/openvpn.spec b/openvpn.spec index 8bd20d9..a1de9be 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -86,6 +86,8 @@ for plugin in %{plugins} ; do cp plugin/$plugin/README plugin/$plugin.txt done +mkdir -m 755 -p $RPM_BUILD_ROOT%{_var}/run/%{name} + %clean rm -rf $RPM_BUILD_ROOT @@ -119,6 +121,7 @@ fi %{_datadir}/%{name}/ %{_libdir}/%{name}/ %{_initrddir}/%{name} +%{_var}/run/%{name}/ %config %dir %{_sysconfdir}/%{name}/ %changelog @@ -129,6 +132,7 @@ fi - Add "processname" header to init script - The init script isn't a config file - Tag contrib, sample-config-files, sample-keys, and sample-scripts as doc +- Create/own pid dir * Sat Jun 25 2005 Steven Pritchard 2.0-1 - Update to 2.0 final From 6f80732ebe27565866da36191a94ff1fa1dd034c Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Tue, 23 Aug 2005 16:58:54 +0000 Subject: [PATCH 007/168] Update to 2.0.1. --- .cvsignore | 2 +- openvpn-2.0.1.tar.gz.asc | 7 +++++++ openvpn-2.0.tar.gz.asc | 7 ------- openvpn.spec | 7 +++++-- sources | 2 +- 5 files changed, 14 insertions(+), 11 deletions(-) create mode 100644 openvpn-2.0.1.tar.gz.asc delete mode 100644 openvpn-2.0.tar.gz.asc diff --git a/.cvsignore b/.cvsignore index 675f0cb..43906c5 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openvpn-2.0.tar.gz +openvpn-2.0.1.tar.gz diff --git a/openvpn-2.0.1.tar.gz.asc b/openvpn-2.0.1.tar.gz.asc new file mode 100644 index 0000000..420074c --- /dev/null +++ b/openvpn-2.0.1.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (GNU/Linux) + +iD8DBQBDAkOWHQtJlh+/UfMRAlV1AJ0fALHZW8e3dtWtMe5psNRHsYdMgQCgnhl/ +LXHbj2c8LcfkeaL8E8U9eYc= +=BscN +-----END PGP SIGNATURE----- diff --git a/openvpn-2.0.tar.gz.asc b/openvpn-2.0.tar.gz.asc deleted file mode 100644 index 8bf241e..0000000 --- a/openvpn-2.0.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.2.4 (GNU/Linux) - -iD8DBQBCYzC5HQtJlh+/UfMRAhLVAKD01W0j/4q2p/RbJrwsZUKyae5lEQCfd1DI -vYwmuiZEgjmXj6ARaBV7JY8= -=zC1M ------END PGP SIGNATURE----- diff --git a/openvpn.spec b/openvpn.spec index a1de9be..f658c88 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,8 +1,8 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.0 -Release: 2%{?dist} +Version: 2.0.1 +Release: 1%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}.tar.gz @@ -125,6 +125,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Mon Aug 22 2005 Steven Pritchard 2.0.1-1 +- Update to 2.0.1 + * Mon Jun 27 2005 Steven Pritchard 2.0-2 - Move the plugin directory to _libdir - Drop the easy-rsa/Windows directory diff --git a/sources b/sources index 1e0b22f..117b96f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7401faebc6baee9add32608709c54eec openvpn-2.0.tar.gz +fad7a08c0d68371c2c0e6428bcb98fa5 openvpn-2.0.1.tar.gz From 347a6089f998a98fe439949f86b54f59f9879918 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Thu, 25 Aug 2005 21:24:38 +0000 Subject: [PATCH 008/168] Update to 2.0.2. --- .cvsignore | 2 +- openvpn-2.0.1.tar.gz.asc | 7 ------- openvpn-2.0.2.tar.gz.asc | 7 +++++++ openvpn.spec | 6 +++++- roadwarrior-server.conf | 14 ++++++++++---- sources | 2 +- 6 files changed, 24 insertions(+), 14 deletions(-) delete mode 100644 openvpn-2.0.1.tar.gz.asc create mode 100644 openvpn-2.0.2.tar.gz.asc diff --git a/.cvsignore b/.cvsignore index 43906c5..aba0103 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openvpn-2.0.1.tar.gz +openvpn-2.0.2.tar.gz diff --git a/openvpn-2.0.1.tar.gz.asc b/openvpn-2.0.1.tar.gz.asc deleted file mode 100644 index 420074c..0000000 --- a/openvpn-2.0.1.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.2.4 (GNU/Linux) - -iD8DBQBDAkOWHQtJlh+/UfMRAlV1AJ0fALHZW8e3dtWtMe5psNRHsYdMgQCgnhl/ -LXHbj2c8LcfkeaL8E8U9eYc= -=BscN ------END PGP SIGNATURE----- diff --git a/openvpn-2.0.2.tar.gz.asc b/openvpn-2.0.2.tar.gz.asc new file mode 100644 index 0000000..c2da92d --- /dev/null +++ b/openvpn-2.0.2.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (GNU/Linux) + +iD8DBQBDDfRYHQtJlh+/UfMRAsWsAJ9p43cPLKwsPTJDLXaUE5yiTStt5QCfedKh +VZhPLkjDDBY+PoFG590wW9k= +=oESp +-----END PGP SIGNATURE----- diff --git a/openvpn.spec b/openvpn.spec index f658c88..d8e6a9e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,7 +1,7 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.0.1 +Version: 2.0.2 Release: 1%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ @@ -125,6 +125,10 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Aug 25 2005 Steven Pritchard 2.0.2-1 +- Update to 2.0.2 +- Refine roadwarrior-server.conf a bit + * Mon Aug 22 2005 Steven Pritchard 2.0.1-1 - Update to 2.0.1 diff --git a/roadwarrior-server.conf b/roadwarrior-server.conf index 0cbaea6..be3db15 100644 --- a/roadwarrior-server.conf +++ b/roadwarrior-server.conf @@ -39,12 +39,14 @@ push "route 10.8.0.1 255.255.255.255" # to the local network. push "route 192.168.0.0 255.255.255.0" +# Push DHCP options to Windows clients. +push "dhcp-option DOMAIN example.com" +push "dhcp-option DNS 192.168.0.1" +push "dhcp-option WINS 192.168.0.1" + # Client should attempt reconnection on link # failure. -ping 10 -ping-restart 120 -push "ping 10" -push "ping-restart 60" +keepalive 10 60 # Delete client instances after some period # of inactivity. @@ -58,4 +60,8 @@ route 10.8.0.0 255.255.255.0 user openvpn group openvpn +# Keep TUN devices and keys open across restarts. +persist-tun +persist-key + verb 4 diff --git a/sources b/sources index 117b96f..117f71c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -fad7a08c0d68371c2c0e6428bcb98fa5 openvpn-2.0.1.tar.gz +862f8788f080f669b1ae00a74ef68001 openvpn-2.0.2.tar.gz From 38a33b7203ac7d0055de0a57f4560ce76ccd821c Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Mon, 17 Oct 2005 20:43:50 +0000 Subject: [PATCH 009/168] Update to 2.1_beta4. --- .cvsignore | 2 +- openvpn-2.0.2.tar.gz.asc | 7 ------- openvpn-2.1_beta4.tar.gz.asc | 7 +++++++ openvpn.spec | 16 +++++++++++----- sources | 2 +- 5 files changed, 20 insertions(+), 14 deletions(-) delete mode 100644 openvpn-2.0.2.tar.gz.asc create mode 100644 openvpn-2.1_beta4.tar.gz.asc diff --git a/.cvsignore b/.cvsignore index aba0103..da94da4 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openvpn-2.0.2.tar.gz +openvpn-2.1_beta4.tar.gz diff --git a/openvpn-2.0.2.tar.gz.asc b/openvpn-2.0.2.tar.gz.asc deleted file mode 100644 index c2da92d..0000000 --- a/openvpn-2.0.2.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.2.4 (GNU/Linux) - -iD8DBQBDDfRYHQtJlh+/UfMRAsWsAJ9p43cPLKwsPTJDLXaUE5yiTStt5QCfedKh -VZhPLkjDDBY+PoFG590wW9k= -=oESp ------END PGP SIGNATURE----- diff --git a/openvpn-2.1_beta4.tar.gz.asc b/openvpn-2.1_beta4.tar.gz.asc new file mode 100644 index 0000000..5830f7d --- /dev/null +++ b/openvpn-2.1_beta4.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (GNU/Linux) + +iD8DBQBDU6T5HQtJlh+/UfMRAqfHAJ9w3MnUySUEqYHaIw70XUqouUCMmACgtbpk +F+WVZ7GlZ0+3jpb+aZl2juk= +=Cc7t +-----END PGP SIGNATURE----- diff --git a/openvpn.spec b/openvpn.spec index d8e6a9e..527cadb 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,12 +1,15 @@ +%define prerelease beta4 + %define plugins down-root auth-pam Name: openvpn -Version: 2.0.2 -Release: 1%{?dist} +Version: 2.1 +Release: 0.1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ -Source0: http://openvpn.net/release/%{name}-%{version}.tar.gz -Source1: http://openvpn.net/signatures/%{name}-%{version}.tar.gz.asc +#Source0: http://openvpn.net/release/%{name}-%{version}.tar.gz +Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz +Source1: http://openvpn.net/signatures/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz.asc # Sample 2.0 config files Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf @@ -38,7 +41,7 @@ port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library for compression. %prep -%setup -q -n %{name}-%{version}%{?prever:_%{prever}} +%setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} %patch0 -p0 sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8 @@ -125,6 +128,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Mon Oct 17 2005 Steven Pritchard 2.1-0.1.beta4 +- Update to 2.1_beta4 + * Thu Aug 25 2005 Steven Pritchard 2.0.2-1 - Update to 2.0.2 - Refine roadwarrior-server.conf a bit diff --git a/sources b/sources index 117f71c..846f2b6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -862f8788f080f669b1ae00a74ef68001 openvpn-2.0.2.tar.gz +2cec7330e1eb67e14624eda07f40e6fe openvpn-2.1_beta4.tar.gz From b70558415e7ccf8bb0beb032c08dd2e42e091418 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Fri, 4 Nov 2005 02:01:35 +0000 Subject: [PATCH 010/168] Update to 2.1_beta6. --- .cvsignore | 2 +- openvpn-2.1_beta4.tar.gz.asc | 7 ------- openvpn-2.1_beta6.tar.gz.asc | 7 +++++++ openvpn.spec | 5 ++++- sources | 2 +- 5 files changed, 13 insertions(+), 10 deletions(-) delete mode 100644 openvpn-2.1_beta4.tar.gz.asc create mode 100644 openvpn-2.1_beta6.tar.gz.asc diff --git a/.cvsignore b/.cvsignore index da94da4..d1989be 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openvpn-2.1_beta4.tar.gz +openvpn-2.1_beta6.tar.gz diff --git a/openvpn-2.1_beta4.tar.gz.asc b/openvpn-2.1_beta4.tar.gz.asc deleted file mode 100644 index 5830f7d..0000000 --- a/openvpn-2.1_beta4.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.2.4 (GNU/Linux) - -iD8DBQBDU6T5HQtJlh+/UfMRAqfHAJ9w3MnUySUEqYHaIw70XUqouUCMmACgtbpk -F+WVZ7GlZ0+3jpb+aZl2juk= -=Cc7t ------END PGP SIGNATURE----- diff --git a/openvpn-2.1_beta6.tar.gz.asc b/openvpn-2.1_beta6.tar.gz.asc new file mode 100644 index 0000000..da82139 --- /dev/null +++ b/openvpn-2.1_beta6.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (GNU/Linux) + +iD8DBQBDaDubHQtJlh+/UfMRAo6oAKDdWAbSkCUbg+8XNd3FMs10vUieHwCgydeD +EdEZYErFa3eFX+gF6H5MVns= +=q02m +-----END PGP SIGNATURE----- diff --git a/openvpn.spec b/openvpn.spec index 527cadb..01d0879 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,4 +1,4 @@ -%define prerelease beta4 +%define prerelease beta6 %define plugins down-root auth-pam @@ -128,6 +128,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Wed Nov 02 2005 Steven Pritchard 2.1-0.1.beta6 +- Update to 2.1_beta6 + * Mon Oct 17 2005 Steven Pritchard 2.1-0.1.beta4 - Update to 2.1_beta4 diff --git a/sources b/sources index 846f2b6..a74783d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2cec7330e1eb67e14624eda07f40e6fe openvpn-2.1_beta4.tar.gz +5bf7260daf453d68eb9bda50f75e9018 openvpn-2.1_beta6.tar.gz From 2fc8e30548ef24b3b44824fc8baa13066cdfaf7f Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Tue, 8 Nov 2005 15:26:21 +0000 Subject: [PATCH 011/168] Make sample-scripts (etc.) non-executable to avoid some dependencies. --- openvpn.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 01d0879..d5c1f98 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.1%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/release/%{name}-%{version}.tar.gz @@ -45,6 +45,10 @@ for compression. %patch0 -p0 sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8 +# %%doc items shouldn't be executable. +find contrib sample-config-files sample-keys sample-scripts -type f -perm +100 \ + -exec chmod a-x {} \; + %build # --enable-pthread Enable pthread support (Experimental for OpenVPN 2.0) # --enable-password-save Allow --askpass and --auth-user-pass passwords to be @@ -128,6 +132,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Tue Nov 08 2005 Steven Pritchard 2.1-0.2.beta6 +- Make sample-scripts (etc.) non-executable to avoid some dependencies + * Wed Nov 02 2005 Steven Pritchard 2.1-0.1.beta6 - Update to 2.1_beta6 From 3816f8f8fc5ad245f6b6ccc725811986336f42b0 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Fri, 18 Nov 2005 23:33:28 +0000 Subject: [PATCH 012/168] Update to 2.1_beta7. --- .cvsignore | 2 +- openvpn-2.1_beta6.tar.gz.asc | 7 ------- openvpn-2.1_beta7.tar.gz.asc | 7 +++++++ openvpn.spec | 7 +++++-- sources | 2 +- 5 files changed, 14 insertions(+), 11 deletions(-) delete mode 100644 openvpn-2.1_beta6.tar.gz.asc create mode 100644 openvpn-2.1_beta7.tar.gz.asc diff --git a/.cvsignore b/.cvsignore index d1989be..cf549eb 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openvpn-2.1_beta6.tar.gz +openvpn-2.1_beta7.tar.gz diff --git a/openvpn-2.1_beta6.tar.gz.asc b/openvpn-2.1_beta6.tar.gz.asc deleted file mode 100644 index da82139..0000000 --- a/openvpn-2.1_beta6.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.2.4 (GNU/Linux) - -iD8DBQBDaDubHQtJlh+/UfMRAo6oAKDdWAbSkCUbg+8XNd3FMs10vUieHwCgydeD -EdEZYErFa3eFX+gF6H5MVns= -=q02m ------END PGP SIGNATURE----- diff --git a/openvpn-2.1_beta7.tar.gz.asc b/openvpn-2.1_beta7.tar.gz.asc new file mode 100644 index 0000000..e49daad --- /dev/null +++ b/openvpn-2.1_beta7.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (GNU/Linux) + +iD8DBQBDdpf8HQtJlh+/UfMRAuA7AKCbw6lZaAUXI6idWufXQBibSjiz0wCfa9a8 +cBHijgI6GXkisk19CQSl/kw= +=mlEj +-----END PGP SIGNATURE----- diff --git a/openvpn.spec b/openvpn.spec index d5c1f98..a4a21a8 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease beta6 +%define prerelease beta7 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.2%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.3%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/release/%{name}-%{version}.tar.gz @@ -132,6 +132,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Nov 18 2005 Steven Pritchard 2.1-0.3.beta7 +- Update to 2.1_beta7 + * Tue Nov 08 2005 Steven Pritchard 2.1-0.2.beta6 - Make sample-scripts (etc.) non-executable to avoid some dependencies diff --git a/sources b/sources index a74783d..5a86574 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5bf7260daf453d68eb9bda50f75e9018 openvpn-2.1_beta6.tar.gz +fe7d2b8ae5645fc9332c3763b350dc06 openvpn-2.1_beta7.tar.gz From c93cfccb203e0bf9464772ae0107418e22b7b953 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Tue, 6 Dec 2005 15:52:51 +0000 Subject: [PATCH 013/168] Rebuild. --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index a4a21a8..1195ff4 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.3%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.4%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/release/%{name}-%{version}.tar.gz @@ -132,6 +132,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Tue Dec 06 2005 Steven Pritchard 2.1-0.4.beta7 +- Rebuild + * Fri Nov 18 2005 Steven Pritchard 2.1-0.3.beta7 - Update to 2.1_beta7 From 89ad96929d268f269e7edb0feab9ee7d84712ecc Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Thu, 5 Jan 2006 00:54:49 +0000 Subject: [PATCH 014/168] Man page shouldn't be executable (BZ#176953) --- openvpn.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index 1195ff4..a3220a0 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.4%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.5%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/release/%{name}-%{version}.tar.gz @@ -75,7 +75,7 @@ wait %install rm -rf $RPM_BUILD_ROOT -install -D -m 0755 %{name}.8 $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 +install -D -m 0644 %{name}.8 $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 install -D -m 0755 %{name} $RPM_BUILD_ROOT%{_sbindir}/%{name} install -D -m 0755 sample-scripts/%{name}.init \ $RPM_BUILD_ROOT%{_initrddir}/%{name} @@ -132,6 +132,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Wed Jan 04 2006 Steven Pritchard 2.1-0.5.beta7 +- Man page shouldn't be executable (BZ#176953) + * Tue Dec 06 2005 Steven Pritchard 2.1-0.4.beta7 - Rebuild From f7be73408294d65dfaa488cfc542d4299a313315 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Tue, 14 Feb 2006 21:53:54 +0000 Subject: [PATCH 015/168] Update to 2.1_beta8. --- .cvsignore | 3 ++- openvpn-2.1_beta7.tar.gz.asc | 7 ------- openvpn.spec | 11 +++++++---- sources | 3 ++- 4 files changed, 11 insertions(+), 13 deletions(-) delete mode 100644 openvpn-2.1_beta7.tar.gz.asc diff --git a/.cvsignore b/.cvsignore index cf549eb..a80f9e6 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1,2 @@ -openvpn-2.1_beta7.tar.gz +openvpn-2.1_beta8.tar.gz +openvpn-2.1_beta8.tar.gz.asc diff --git a/openvpn-2.1_beta7.tar.gz.asc b/openvpn-2.1_beta7.tar.gz.asc deleted file mode 100644 index e49daad..0000000 --- a/openvpn-2.1_beta7.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.2.4 (GNU/Linux) - -iD8DBQBDdpf8HQtJlh+/UfMRAuA7AKCbw6lZaAUXI6idWufXQBibSjiz0wCfa9a8 -cBHijgI6GXkisk19CQSl/kw= -=mlEj ------END PGP SIGNATURE----- diff --git a/openvpn.spec b/openvpn.spec index a3220a0..ab3429f 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,14 +1,14 @@ -%define prerelease beta7 +%define prerelease beta8 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.5%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.6%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ -#Source0: http://openvpn.net/release/%{name}-%{version}.tar.gz -Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz +Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz +#Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz Source1: http://openvpn.net/signatures/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz.asc # Sample 2.0 config files Source2: roadwarrior-server.conf @@ -132,6 +132,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Tue Feb 14 2006 Steven Pritchard 2.1-0.6.beta8 +- Update to 2.1_beta8 + * Wed Jan 04 2006 Steven Pritchard 2.1-0.5.beta7 - Man page shouldn't be executable (BZ#176953) diff --git a/sources b/sources index 5a86574..ca9cba7 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -fe7d2b8ae5645fc9332c3763b350dc06 openvpn-2.1_beta7.tar.gz +4e749071060048fc21b2d6f5bf4da617 openvpn-2.1_beta8.tar.gz +62aa2e86a197e28e1707159f95e3858b openvpn-2.1_beta8.tar.gz.asc From 273c1bc3c705789dbf0f320d7f9e0930e228a5fd Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Tue, 21 Feb 2006 21:33:09 +0000 Subject: [PATCH 016/168] Update to 2.1_beta11. --- .cvsignore | 4 ++-- openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index a80f9e6..3dec623 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_beta8.tar.gz -openvpn-2.1_beta8.tar.gz.asc +openvpn-2.1_beta11.tar.gz +openvpn-2.1_beta11.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index ab3429f..27419c4 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease beta8 +%define prerelease beta11 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.6%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.7%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -132,6 +132,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Tue Feb 21 2006 Steven Pritchard 2.1-0.7.beta11 +- Update to 2.1_beta11 + * Tue Feb 14 2006 Steven Pritchard 2.1-0.6.beta8 - Update to 2.1_beta8 diff --git a/sources b/sources index ca9cba7..62e5f76 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -4e749071060048fc21b2d6f5bf4da617 openvpn-2.1_beta8.tar.gz -62aa2e86a197e28e1707159f95e3858b openvpn-2.1_beta8.tar.gz.asc +44e82c518ab7a6cba42042f9777cad07 openvpn-2.1_beta11.tar.gz +43777c1f9857108f4361936da7d9b29d openvpn-2.1_beta11.tar.gz.asc From 6b33c0ddf80916f994a899dd585a1bf482baa726 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Wed, 5 Apr 2006 20:22:55 +0000 Subject: [PATCH 017/168] Update to 2.1_beta12 (BZ#188050/CVE-2006-1629). --- .cvsignore | 4 ++-- openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index 3dec623..d8e32ba 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_beta11.tar.gz -openvpn-2.1_beta11.tar.gz.asc +openvpn-2.1_beta12.tar.gz +openvpn-2.1_beta12.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 27419c4..ba49f1f 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease beta11 +%define prerelease beta12 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.7%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.8%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -132,6 +132,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Wed Apr 05 2006 Steven Pritchard 2.1-0.8.beta12 +- Update to 2.1_beta12 (BZ#188050/CVE-2006-1629) + * Tue Feb 21 2006 Steven Pritchard 2.1-0.7.beta11 - Update to 2.1_beta11 diff --git a/sources b/sources index 62e5f76..f13b51e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -44e82c518ab7a6cba42042f9777cad07 openvpn-2.1_beta11.tar.gz -43777c1f9857108f4361936da7d9b29d openvpn-2.1_beta11.tar.gz.asc +16c92fd8bdc13d29e99006589ab87dc8 openvpn-2.1_beta12.tar.gz +6568f5e32367cc9c88a0eae78bfb2e1f openvpn-2.1_beta12.tar.gz.asc From 7a1d925511a034779544bbd004d14553f0611633 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Wed, 12 Apr 2006 17:44:10 +0000 Subject: [PATCH 018/168] Update to 2.1_beta13. --- .cvsignore | 4 ++-- openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index d8e32ba..7aa5b19 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_beta12.tar.gz -openvpn-2.1_beta12.tar.gz.asc +openvpn-2.1_beta13.tar.gz +openvpn-2.1_beta13.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index ba49f1f..a00f894 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease beta12 +%define prerelease beta13 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.8%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.9%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -132,6 +132,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Wed Apr 12 2006 Steven Pritchard 2.1-0.9.beta13 +- Update to 2.1_beta13 + * Wed Apr 05 2006 Steven Pritchard 2.1-0.8.beta12 - Update to 2.1_beta12 (BZ#188050/CVE-2006-1629) diff --git a/sources b/sources index f13b51e..55cc9bf 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -16c92fd8bdc13d29e99006589ab87dc8 openvpn-2.1_beta12.tar.gz -6568f5e32367cc9c88a0eae78bfb2e1f openvpn-2.1_beta12.tar.gz.asc +94281c836f443aa10ef56eafb9346e98 openvpn-2.1_beta13.tar.gz +e5bc47f1e441b2d89db90052ad0f8b12 openvpn-2.1_beta13.tar.gz.asc From 33ffaefa9b34028e3acf4931dab526c245de4cf2 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Fri, 14 Apr 2006 13:26:39 +0000 Subject: [PATCH 019/168] Update to 2.1_beta14. --- .cvsignore | 4 ++-- openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index 7aa5b19..fa07dc5 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_beta13.tar.gz -openvpn-2.1_beta13.tar.gz.asc +openvpn-2.1_beta14.tar.gz +openvpn-2.1_beta14.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index a00f894..121fa69 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease beta13 +%define prerelease beta14 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.9%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.10%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -132,6 +132,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Apr 14 2006 Steven Pritchard 2.1-0.10.beta14 +- Update to 2.1_beta14 + * Wed Apr 12 2006 Steven Pritchard 2.1-0.9.beta13 - Update to 2.1_beta13 diff --git a/sources b/sources index 55cc9bf..bed2f30 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -94281c836f443aa10ef56eafb9346e98 openvpn-2.1_beta13.tar.gz -e5bc47f1e441b2d89db90052ad0f8b12 openvpn-2.1_beta13.tar.gz.asc +7bd96eaa834a1779755d68c9b2591583 openvpn-2.1_beta14.tar.gz +835dab606f9f72c610b4f52e541ae5fd openvpn-2.1_beta14.tar.gz.asc From 285a65463ee77db3dde3991a124e37823c2ad212 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Mon, 31 Jul 2006 15:54:56 +0000 Subject: [PATCH 020/168] Rebuild. --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 121fa69..a4cc7f1 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.10%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.11%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -132,6 +132,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Mon Jul 31 2006 Steven Pritchard 2.1-0.11.beta14 +- Rebuild + * Fri Apr 14 2006 Steven Pritchard 2.1-0.10.beta14 - Update to 2.1_beta14 From e28701d07a26e6ac0534a310fe8186e07a4a7b8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Sun, 27 Aug 2006 20:44:10 +0000 Subject: [PATCH 021/168] http://fedoraproject.org/wiki/Extras/Schedule/FC6MassRebuild --- needs.rebuild | 1 + 1 file changed, 1 insertion(+) create mode 100644 needs.rebuild diff --git a/needs.rebuild b/needs.rebuild new file mode 100644 index 0000000..815fd29 --- /dev/null +++ b/needs.rebuild @@ -0,0 +1 @@ +http://fedoraproject.org/wiki/Extras/Schedule/FC6MassRebuild From cb24e8835afe4a927b5e9e6bd10c400d69e6be3e Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Mon, 28 Aug 2006 23:33:54 +0000 Subject: [PATCH 022/168] Rebuild. --- needs.rebuild | 1 - openvpn.spec | 5 ++++- 2 files changed, 4 insertions(+), 2 deletions(-) delete mode 100644 needs.rebuild diff --git a/needs.rebuild b/needs.rebuild deleted file mode 100644 index 815fd29..0000000 --- a/needs.rebuild +++ /dev/null @@ -1 +0,0 @@ -http://fedoraproject.org/wiki/Extras/Schedule/FC6MassRebuild diff --git a/openvpn.spec b/openvpn.spec index a4cc7f1..4e5770b 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.11%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.12%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -132,6 +132,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Mon Jul 31 2006 Steven Pritchard 2.1-0.12.beta14 +- Rebuild + * Mon Jul 31 2006 Steven Pritchard 2.1-0.11.beta14 - Rebuild From 6e184948215c9df94c1cc80858e1ded61780f1f1 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Tue, 12 Sep 2006 18:55:50 +0000 Subject: [PATCH 023/168] Update to 2.1_beta15. Fix date on last %changelog entry. --- .cvsignore | 4 ++-- openvpn.spec | 9 ++++++--- sources | 4 ++-- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/.cvsignore b/.cvsignore index fa07dc5..c02dcab 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_beta14.tar.gz -openvpn-2.1_beta14.tar.gz.asc +openvpn-2.1_beta15.tar.gz +openvpn-2.1_beta15.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 4e5770b..317e2cb 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease beta14 +%define prerelease beta15 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.12%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.13%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -132,7 +132,10 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog -* Mon Jul 31 2006 Steven Pritchard 2.1-0.12.beta14 +* Tue Sep 12 2006 Steven Pritchard 2.1-0.13.beta15 +- Update to 2.1_beta15 + +* Mon Aug 28 2006 Steven Pritchard 2.1-0.12.beta14 - Rebuild * Mon Jul 31 2006 Steven Pritchard 2.1-0.11.beta14 diff --git a/sources b/sources index bed2f30..93e8b2a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -7bd96eaa834a1779755d68c9b2591583 openvpn-2.1_beta14.tar.gz -835dab606f9f72c610b4f52e541ae5fd openvpn-2.1_beta14.tar.gz.asc +2ddc1878c99ea3a9b348275338f7d502 openvpn-2.1_beta15.tar.gz +7e62c63fb8205613ac8b99a4c788d576 openvpn-2.1_beta15.tar.gz.asc From 594712d6007f01171dbb4a436fd5d992aff1e8d5 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Tue, 12 Sep 2006 22:53:18 +0000 Subject: [PATCH 024/168] Add openvpn-2.1_beta15-test-timeout.patch to avoid test hang (from Paul Howarth). --- openvpn-2.1_beta15-test-timeout.patch | 16 ++++++++++++++++ openvpn.spec | 5 +++++ 2 files changed, 21 insertions(+) create mode 100644 openvpn-2.1_beta15-test-timeout.patch diff --git a/openvpn-2.1_beta15-test-timeout.patch b/openvpn-2.1_beta15-test-timeout.patch new file mode 100644 index 0000000..52a7eaa --- /dev/null +++ b/openvpn-2.1_beta15-test-timeout.patch @@ -0,0 +1,16 @@ +--- openvpn-2.1_beta15/sample-config-files/loopback-client 2006-09-12 18:21:43.000000000 +0100 ++++ openvpn-2.1_beta15/sample-config-files/loopback-client 2006-09-12 18:22:40.000000000 +0100 +@@ -22,4 +22,4 @@ + cert sample-keys/client.crt + cipher DES-EDE3-CBC + ping 1 +-inactive 120 ++inactive 120 10000000 +--- openvpn-2.1_beta15/sample-config-files/loopback-server 2006-09-12 18:21:50.000000000 +0100 ++++ openvpn-2.1_beta15/sample-config-files/loopback-server 2006-09-12 18:22:51.000000000 +0100 +@@ -23,4 +23,4 @@ + cert sample-keys/server.crt + cipher DES-EDE3-CBC + ping 1 +-inactive 120 ++inactive 120 10000000 diff --git a/openvpn.spec b/openvpn.spec index 317e2cb..d721310 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -15,6 +15,8 @@ Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf # Don't start openvpn by default. Patch0: openvpn-init.patch +# Avoid test hang (from Paul Howarth). +Patch1: openvpn-2.1_beta15-test-timeout.patch License: GPL Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) @@ -43,6 +45,7 @@ for compression. %prep %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} %patch0 -p0 +%patch1 -p1 sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8 # %%doc items shouldn't be executable. @@ -134,6 +137,8 @@ fi %changelog * Tue Sep 12 2006 Steven Pritchard 2.1-0.13.beta15 - Update to 2.1_beta15 +- Add openvpn-2.1_beta15-test-timeout.patch to avoid test hang + (from Paul Howarth) * Mon Aug 28 2006 Steven Pritchard 2.1-0.12.beta14 - Rebuild From 88dd5c5b719c3d6c4d5e840a2e87f97ee7842a1a Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Tue, 3 Oct 2006 14:49:18 +0000 Subject: [PATCH 025/168] Update to 2.1_beta16. Drop Paul's patch (in upstream). --- .cvsignore | 4 ++-- openvpn.spec | 11 ++++++----- sources | 4 ++-- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.cvsignore b/.cvsignore index c02dcab..b1bf94f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_beta15.tar.gz -openvpn-2.1_beta15.tar.gz.asc +openvpn-2.1_beta16.tar.gz +openvpn-2.1_beta16.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index d721310..d763104 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease beta15 +%define prerelease beta16 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.13%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.14%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -15,8 +15,6 @@ Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf # Don't start openvpn by default. Patch0: openvpn-init.patch -# Avoid test hang (from Paul Howarth). -Patch1: openvpn-2.1_beta15-test-timeout.patch License: GPL Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) @@ -45,7 +43,6 @@ for compression. %prep %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} %patch0 -p0 -%patch1 -p1 sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8 # %%doc items shouldn't be executable. @@ -135,6 +132,10 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Mon Oct 02 2006 Steven Pritchard 2.1-0.14.beta16 +- Update to 2.1_beta16 +- Drop Paul's patch (in upstream) + * Tue Sep 12 2006 Steven Pritchard 2.1-0.13.beta15 - Update to 2.1_beta15 - Add openvpn-2.1_beta15-test-timeout.patch to avoid test hang diff --git a/sources b/sources index 93e8b2a..249f633 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -2ddc1878c99ea3a9b348275338f7d502 openvpn-2.1_beta15.tar.gz -7e62c63fb8205613ac8b99a4c788d576 openvpn-2.1_beta15.tar.gz.asc +3a53f55dafcfa4aab9e408e36326e236 openvpn-2.1_beta16.tar.gz +4529dc8c27ea67783b333dc586a909ef openvpn-2.1_beta16.tar.gz.asc From a8c7ba40a614552dfbea4049edc2426def951679 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Tue, 27 Feb 2007 20:08:35 +0000 Subject: [PATCH 026/168] Update to 2.1_rc1. --- .cvsignore | 4 ++-- openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index b1bf94f..36b8d6d 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_beta16.tar.gz -openvpn-2.1_beta16.tar.gz.asc +openvpn-2.1_rc1.tar.gz +openvpn-2.1_rc1.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index d763104..48bf31c 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease beta16 +%define prerelease rc1 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.14%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.15%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -132,6 +132,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Tue Feb 27 2007 Steven Pritchard 2.1-0.15.rc1 +- Update to 2.1_rc1 + * Mon Oct 02 2006 Steven Pritchard 2.1-0.14.beta16 - Update to 2.1_beta16 - Drop Paul's patch (in upstream) diff --git a/sources b/sources index 249f633..9fec078 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -3a53f55dafcfa4aab9e408e36326e236 openvpn-2.1_beta16.tar.gz -4529dc8c27ea67783b333dc586a909ef openvpn-2.1_beta16.tar.gz.asc +b0773149ef9d93a0075dfa42b87042a0 openvpn-2.1_rc1.tar.gz +873491d97ec4af0d7f9dac1f25c66d8c openvpn-2.1_rc1.tar.gz.asc From 7995a20d31c4e0f555ec4a34eac9bcf110671d1c Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Wed, 28 Feb 2007 01:42:40 +0000 Subject: [PATCH 027/168] Randomize ports for tests to avoid conflicts on the build servers. --- openvpn.spec | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index 48bf31c..8cb8f34 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.15%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.16%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -67,11 +67,28 @@ done ./openvpn --genkey --secret key ./openvpn --test-crypto --secret key +# Randomize ports for tests to avoid conflicts on the build servers. +cport=$[ 50000 + ($RANDOM % 15534) ] +sport=$[ $cport + 1 ] +sed -e 's/^\(rport\) .*$/\1 '$sport'/' \ + -e 's/^\(lport\) .*$/\1 '$cport'/' \ + < sample-config-files/loopback-client \ + > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client +sed -e 's/^\(rport\) .*$/\1 '$cport'/' \ + -e 's/^\(lport\) .*$/\1 '$sport'/' \ + < sample-config-files/loopback-server \ + > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server + # Test SSL/TLS negotiations (runs for 2 minutes): -./openvpn --config sample-config-files/loopback-client & -./openvpn --config sample-config-files/loopback-server +./openvpn --config \ + %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client & +./openvpn --config \ + %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server wait +rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \ + %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server + %install rm -rf $RPM_BUILD_ROOT @@ -132,6 +149,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Tue Feb 27 2007 Steven Pritchard 2.1-0.16.rc1 +- Randomize ports for tests to avoid conflicts on the build servers + * Tue Feb 27 2007 Steven Pritchard 2.1-0.15.rc1 - Update to 2.1_rc1 From bd4d7030a38542ae6b4bf9c8ca600ff8d3e789b1 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Sat, 3 Mar 2007 02:41:03 +0000 Subject: [PATCH 028/168] Update to 2.1_rc2. --- .cvsignore | 4 ++-- openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index 36b8d6d..9b979c5 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc1.tar.gz -openvpn-2.1_rc1.tar.gz.asc +openvpn-2.1_rc2.tar.gz +openvpn-2.1_rc2.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 8cb8f34..2e92216 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease rc1 +%define prerelease rc2 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.16%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.17%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -149,6 +149,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Mar 02 2007 Steven Pritchard 2.1-0.17.rc2 +- Update to 2.1_rc2 + * Tue Feb 27 2007 Steven Pritchard 2.1-0.16.rc1 - Randomize ports for tests to avoid conflicts on the build servers diff --git a/sources b/sources index 9fec078..95828a0 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -b0773149ef9d93a0075dfa42b87042a0 openvpn-2.1_rc1.tar.gz -873491d97ec4af0d7f9dac1f25c66d8c openvpn-2.1_rc1.tar.gz.asc +853c81d2de51d85b5381d4c7f7f074e3 openvpn-2.1_rc2.tar.gz +4b4319498804b4365fd5c1d3a02e4f3f openvpn-2.1_rc2.tar.gz.asc From 7ae94eb2e893ef7e0c66c22bf34c4795fd14871f Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Mon, 23 Apr 2007 15:55:39 +0000 Subject: [PATCH 029/168] Update to 2.1_rc3. --- .cvsignore | 4 ++-- openvpn-2.1_beta15-test-timeout.patch | 16 ---------------- openvpn.spec | 7 +++++-- sources | 4 ++-- 4 files changed, 9 insertions(+), 22 deletions(-) delete mode 100644 openvpn-2.1_beta15-test-timeout.patch diff --git a/.cvsignore b/.cvsignore index 9b979c5..25441e7 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc2.tar.gz -openvpn-2.1_rc2.tar.gz.asc +openvpn-2.1_rc3.tar.gz +openvpn-2.1_rc3.tar.gz.asc diff --git a/openvpn-2.1_beta15-test-timeout.patch b/openvpn-2.1_beta15-test-timeout.patch deleted file mode 100644 index 52a7eaa..0000000 --- a/openvpn-2.1_beta15-test-timeout.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- openvpn-2.1_beta15/sample-config-files/loopback-client 2006-09-12 18:21:43.000000000 +0100 -+++ openvpn-2.1_beta15/sample-config-files/loopback-client 2006-09-12 18:22:40.000000000 +0100 -@@ -22,4 +22,4 @@ - cert sample-keys/client.crt - cipher DES-EDE3-CBC - ping 1 --inactive 120 -+inactive 120 10000000 ---- openvpn-2.1_beta15/sample-config-files/loopback-server 2006-09-12 18:21:50.000000000 +0100 -+++ openvpn-2.1_beta15/sample-config-files/loopback-server 2006-09-12 18:22:51.000000000 +0100 -@@ -23,4 +23,4 @@ - cert sample-keys/server.crt - cipher DES-EDE3-CBC - ping 1 --inactive 120 -+inactive 120 10000000 diff --git a/openvpn.spec b/openvpn.spec index 2e92216..651951e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease rc2 +%define prerelease rc3 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.17%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.18%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -149,6 +149,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Mon Apr 23 2007 Steven Pritchard 2.1-0.18.rc3 +- Update to 2.1_rc3 + * Fri Mar 02 2007 Steven Pritchard 2.1-0.17.rc2 - Update to 2.1_rc2 diff --git a/sources b/sources index 95828a0..9be9e3f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -853c81d2de51d85b5381d4c7f7f074e3 openvpn-2.1_rc2.tar.gz -4b4319498804b4365fd5c1d3a02e4f3f openvpn-2.1_rc2.tar.gz.asc +4bff1e30b560717dff79ff6ed4f97ab1 openvpn-2.1_rc3.tar.gz +902131bae2e1522e4d2d950175788472 openvpn-2.1_rc3.tar.gz.asc From 786ab96655de756934ae2b3fa7675ae9b760fb4d Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Thu, 26 Apr 2007 14:43:48 +0000 Subject: [PATCH 030/168] Update to 2.1_rc4. --- .cvsignore | 4 ++-- openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index 25441e7..640e993 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc3.tar.gz -openvpn-2.1_rc3.tar.gz.asc +openvpn-2.1_rc4.tar.gz +openvpn-2.1_rc4.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 651951e..e518d1e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease rc3 +%define prerelease rc4 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.18%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.19%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -149,6 +149,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Apr 26 2007 Steven Pritchard 2.1-0.19.rc4 +- Update to 2.1_rc4 + * Mon Apr 23 2007 Steven Pritchard 2.1-0.18.rc3 - Update to 2.1_rc3 diff --git a/sources b/sources index 9be9e3f..a51b8a1 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -4bff1e30b560717dff79ff6ed4f97ab1 openvpn-2.1_rc3.tar.gz -902131bae2e1522e4d2d950175788472 openvpn-2.1_rc3.tar.gz.asc +9fffc0aa0f797b612fa4f52b1e92197b openvpn-2.1_rc4.tar.gz +3aad29b84ed3ea12ec4645d48b0e571f openvpn-2.1_rc4.tar.gz.asc From 707ab0bc91a7ea696fffba5156c2823812c02726 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Wed, 5 Dec 2007 15:55:24 +0000 Subject: [PATCH 031/168] Remove check macro cruft. --- openvpn.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index e518d1e..4f681a5 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.19%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.20%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -62,7 +62,7 @@ for plugin in %{plugins} ; do %{__make} -C plugin/$plugin done -%check || : +%check # Test Crypto: ./openvpn --genkey --secret key ./openvpn --test-crypto --secret key @@ -149,6 +149,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Wed Dec 05 2007 Steven Pritchard 2.1-0.20.rc4 +- Remove check macro cruft. + * Thu Apr 26 2007 Steven Pritchard 2.1-0.19.rc4 - Update to 2.1_rc4 From 93824026c4b9f89efca13fa3e7deda514fa72aa9 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Wed, 23 Jan 2008 22:15:57 +0000 Subject: [PATCH 032/168] Update to 2.1_rc5. --- .cvsignore | 4 ++-- openvpn.spec | 11 +++++++---- sources | 4 ++-- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/.cvsignore b/.cvsignore index 640e993..29dff4e 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc4.tar.gz -openvpn-2.1_rc4.tar.gz.asc +openvpn-2.1_rc5.tar.gz +openvpn-2.1_rc5.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 4f681a5..23c4e8f 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,14 +1,14 @@ -%define prerelease rc4 +%define prerelease rc5 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.20%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.21%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ -Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz -#Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz +#Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz +Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz Source1: http://openvpn.net/signatures/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz.asc # Sample 2.0 config files Source2: roadwarrior-server.conf @@ -149,6 +149,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Wed Jan 23 2008 Steven Pritchard 2.1-0.21.rc5 +- Update to 2.1_rc5 + * Wed Dec 05 2007 Steven Pritchard 2.1-0.20.rc4 - Remove check macro cruft. diff --git a/sources b/sources index a51b8a1..768bdf0 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -9fffc0aa0f797b612fa4f52b1e92197b openvpn-2.1_rc4.tar.gz -3aad29b84ed3ea12ec4645d48b0e571f openvpn-2.1_rc4.tar.gz.asc +e49eaad57a72a24901aafd971ea20ffa openvpn-2.1_rc5.tar.gz +230c5db35eb4131fec50dd4abd803047 openvpn-2.1_rc5.tar.gz.asc From fe724ad7e1e1f2869c63d2d33905fd2db2722eca Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Thu, 24 Jan 2008 17:20:34 +0000 Subject: [PATCH 033/168] Pass paths to ifconfig, ip, and route to configure. --- openvpn.spec | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 23c4e8f..7a555d0 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -54,7 +54,16 @@ find contrib sample-config-files sample-keys sample-scripts -type f -perm +100 \ # --enable-password-save Allow --askpass and --auth-user-pass passwords to be # read from a file # --enable-iproute2 Enable support for iproute2 -%configure --enable-pthread --enable-password-save --enable-iproute2 +# --with-ifconfig-path=PATH Path to ifconfig tool +# --with-iproute-path=PATH Path to iproute tool +# --with-route-path=PATH Path to route tool +%configure \ + --enable-pthread \ + --enable-password-save \ + --enable-iproute2 \ + --with-ifconfig-path=/sbin/ifconfig \ + --with-iproute-path=/sbin/ip \ + --with-route-path=/sbin/route %{__make} # Build plugins @@ -151,6 +160,7 @@ fi %changelog * Wed Jan 23 2008 Steven Pritchard 2.1-0.21.rc5 - Update to 2.1_rc5 +- Pass paths to ifconfig, ip, and route to configure. * Wed Dec 05 2007 Steven Pritchard 2.1-0.20.rc4 - Remove check macro cruft. From 1a06dfe5030192c3115d9a49477a967485899d83 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Thu, 24 Jan 2008 17:25:56 +0000 Subject: [PATCH 034/168] Update to 2.1_rc6. --- .cvsignore | 4 ++-- openvpn.spec | 9 ++++++--- sources | 4 ++-- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/.cvsignore b/.cvsignore index 29dff4e..e4b3df4 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc5.tar.gz -openvpn-2.1_rc5.tar.gz.asc +openvpn-2.1_rc6.tar.gz +openvpn-2.1_rc6.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 7a555d0..641ebf1 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease rc5 +%define prerelease rc6 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.21%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.22%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -158,9 +158,12 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Jan 24 2008 Steven Pritchard 2.1-0.22.rc6 +- Update to 2.1_rc6 +- Pass paths to ifconfig, ip, and route to configure + * Wed Jan 23 2008 Steven Pritchard 2.1-0.21.rc5 - Update to 2.1_rc5 -- Pass paths to ifconfig, ip, and route to configure. * Wed Dec 05 2007 Steven Pritchard 2.1-0.20.rc4 - Remove check macro cruft. diff --git a/sources b/sources index 768bdf0..5571d98 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -e49eaad57a72a24901aafd971ea20ffa openvpn-2.1_rc5.tar.gz -230c5db35eb4131fec50dd4abd803047 openvpn-2.1_rc5.tar.gz.asc +4c4965555242d138754765bfbc10990d openvpn-2.1_rc6.tar.gz +eaf5e55c7d6c1fab16f1e43df9b1d1bb openvpn-2.1_rc6.tar.gz.asc From 69624a3f038cdca93c4efda282ae3ac6e9f3a42a Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Thu, 24 Jan 2008 18:44:27 +0000 Subject: [PATCH 035/168] BR iproute and Require iproute and net-tools. --- openvpn.spec | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/openvpn.spec b/openvpn.spec index 641ebf1..8b007e5 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -21,9 +21,15 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) BuildRequires: lzo-devel BuildRequires: openssl-devel BuildRequires: pam-devel +# For /sbin/ip. +BuildRequires: iproute # We need /dev/net/tun. # This will work with RH9+ dev or udev. Requires: dev >= 0:3.3.2-5 +# For /sbin/ip. +Requires: iproute +# For ifconfig and route. +Requires: net-tools Requires(pre): /usr/sbin/useradd Requires(post): /sbin/chkconfig Requires(preun): /sbin/chkconfig, /sbin/service @@ -161,6 +167,7 @@ fi * Thu Jan 24 2008 Steven Pritchard 2.1-0.22.rc6 - Update to 2.1_rc6 - Pass paths to ifconfig, ip, and route to configure +- BR iproute and Require iproute and net-tools * Wed Jan 23 2008 Steven Pritchard 2.1-0.21.rc5 - Update to 2.1_rc5 From 7ebae03905e5732c8a037ac7c58f6926f1575c62 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Fri, 25 Jan 2008 19:37:28 +0000 Subject: [PATCH 036/168] Add BETA21-userpriv-fixups.patch from Alon Bar-Lev. --- BETA21-userpriv-fixups.patch | 32 ++++++++++++++++++++++++++++++++ openvpn.spec | 3 +++ 2 files changed, 35 insertions(+) create mode 100644 BETA21-userpriv-fixups.patch diff --git a/BETA21-userpriv-fixups.patch b/BETA21-userpriv-fixups.patch new file mode 100644 index 0000000..2936544 --- /dev/null +++ b/BETA21-userpriv-fixups.patch @@ -0,0 +1,32 @@ +Index: openvpn/tun.c +=================================================================== +--- openvpn/tun.c (revision 2677) ++++ openvpn/tun.c (revision 2679) +@@ -1221,17 +1221,20 @@ + if (tt) + { + #ifdef CONFIG_FEATURE_IPROUTE +- char command_line[256]; +- /* +- * Flush IP configuration for the device +- */ +- openvpn_snprintf (command_line, sizeof (command_line), ++ if (tt->type != DEV_TYPE_NULL) ++ { ++ char command_line[256]; ++ /* ++ * Flush IP configuration for the device ++ */ ++ openvpn_snprintf (command_line, sizeof (command_line), + "%s addr flush dev %s", + iproute_path, + tt->actual_name + ); +- msg (M_INFO, "%s", command_line); +- system_check (command_line, NULL, S_FATAL, "Linux ip flush failed"); ++ msg (M_INFO, "%s", command_line); ++ system_check (command_line, NULL, S_FATAL, "Linux ip flush failed"); ++ } + #endif + close_tun_generic (tt); + free (tt); diff --git a/openvpn.spec b/openvpn.spec index 8b007e5..e2902e9 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -15,6 +15,7 @@ Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf # Don't start openvpn by default. Patch0: openvpn-init.patch +Patch1: BETA21-userpriv-fixups.patch License: GPL Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) @@ -49,6 +50,7 @@ for compression. %prep %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} %patch0 -p0 +%patch1 -p1 sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8 # %%doc items shouldn't be executable. @@ -168,6 +170,7 @@ fi - Update to 2.1_rc6 - Pass paths to ifconfig, ip, and route to configure - BR iproute and Require iproute and net-tools +- Add BETA21-userpriv-fixups.patch from Alon Bar-Lev * Wed Jan 23 2008 Steven Pritchard 2.1-0.21.rc5 - Update to 2.1_rc5 From 9f1c9a40eff05c3e4f3ea2bb076265e053f9e1ae Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Sat, 26 Jan 2008 01:46:41 +0000 Subject: [PATCH 037/168] Apply update to BETA21-userpriv-fixups.patch from Alon Bar-Lev. --- BETA21-userpriv-fixups.patch | 24 +++++++++++++++--------- openvpn.spec | 5 ++++- 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/BETA21-userpriv-fixups.patch b/BETA21-userpriv-fixups.patch index 2936544..64cdab4 100644 --- a/BETA21-userpriv-fixups.patch +++ b/BETA21-userpriv-fixups.patch @@ -1,8 +1,8 @@ Index: openvpn/tun.c =================================================================== --- openvpn/tun.c (revision 2677) -+++ openvpn/tun.c (revision 2679) -@@ -1221,17 +1221,20 @@ ++++ openvpn/tun.c (revision 2682) +@@ -1221,17 +1221,24 @@ if (tt) { #ifdef CONFIG_FEATURE_IPROUTE @@ -11,21 +11,27 @@ Index: openvpn/tun.c - * Flush IP configuration for the device - */ - openvpn_snprintf (command_line, sizeof (command_line), -+ if (tt->type != DEV_TYPE_NULL) +- "%s addr flush dev %s", ++ if (tt->type != DEV_TYPE_NULL && tt->did_ifconfig) + { + char command_line[256]; -+ /* -+ * Flush IP configuration for the device -+ */ ++ struct gc_arena gc = gc_new (); ++ + openvpn_snprintf (command_line, sizeof (command_line), - "%s addr flush dev %s", ++ "%s addr del dev %s local %s peer %s", iproute_path, - tt->actual_name +- tt->actual_name ++ tt->actual_name, ++ print_in_addr_t (tt->local, 0, &gc), ++ print_in_addr_t (tt->remote_netmask, 0, &gc) ); - msg (M_INFO, "%s", command_line); - system_check (command_line, NULL, S_FATAL, "Linux ip flush failed"); ++ + msg (M_INFO, "%s", command_line); -+ system_check (command_line, NULL, S_FATAL, "Linux ip flush failed"); ++ system_check (command_line, NULL, S_FATAL, "Linux ip addr del failed"); ++ ++ gc_free (&gc); + } #endif close_tun_generic (tt); diff --git a/openvpn.spec b/openvpn.spec index e2902e9..a714209 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.22%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.23%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -166,6 +166,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Jan 25 2008 Steven Pritchard 2.1-0.23.rc6 +- Apply update to BETA21-userpriv-fixups.patch from Alon Bar-Lev + * Thu Jan 24 2008 Steven Pritchard 2.1-0.22.rc6 - Update to 2.1_rc6 - Pass paths to ifconfig, ip, and route to configure From b0115e9779d4b96cf2643800013b08ec7a7262a1 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Wed, 30 Jan 2008 02:53:19 +0000 Subject: [PATCH 038/168] Update to 2.1_rc7 Drop BETA21-userpriv-fixups.patch (upstream) --- .cvsignore | 4 ++-- BETA21-userpriv-fixups.patch | 38 ------------------------------------ openvpn.spec | 14 +++++++------ sources | 4 ++-- 4 files changed, 12 insertions(+), 48 deletions(-) delete mode 100644 BETA21-userpriv-fixups.patch diff --git a/.cvsignore b/.cvsignore index e4b3df4..a6b8b16 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc6.tar.gz -openvpn-2.1_rc6.tar.gz.asc +openvpn-2.1_rc7.tar.gz +openvpn-2.1_rc7.tar.gz.asc diff --git a/BETA21-userpriv-fixups.patch b/BETA21-userpriv-fixups.patch deleted file mode 100644 index 64cdab4..0000000 --- a/BETA21-userpriv-fixups.patch +++ /dev/null @@ -1,38 +0,0 @@ -Index: openvpn/tun.c -=================================================================== ---- openvpn/tun.c (revision 2677) -+++ openvpn/tun.c (revision 2682) -@@ -1221,17 +1221,24 @@ - if (tt) - { - #ifdef CONFIG_FEATURE_IPROUTE -- char command_line[256]; -- /* -- * Flush IP configuration for the device -- */ -- openvpn_snprintf (command_line, sizeof (command_line), -- "%s addr flush dev %s", -+ if (tt->type != DEV_TYPE_NULL && tt->did_ifconfig) -+ { -+ char command_line[256]; -+ struct gc_arena gc = gc_new (); -+ -+ openvpn_snprintf (command_line, sizeof (command_line), -+ "%s addr del dev %s local %s peer %s", - iproute_path, -- tt->actual_name -+ tt->actual_name, -+ print_in_addr_t (tt->local, 0, &gc), -+ print_in_addr_t (tt->remote_netmask, 0, &gc) - ); -- msg (M_INFO, "%s", command_line); -- system_check (command_line, NULL, S_FATAL, "Linux ip flush failed"); -+ -+ msg (M_INFO, "%s", command_line); -+ system_check (command_line, NULL, S_FATAL, "Linux ip addr del failed"); -+ -+ gc_free (&gc); -+ } - #endif - close_tun_generic (tt); - free (tt); diff --git a/openvpn.spec b/openvpn.spec index a714209..3d3e8eb 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,21 +1,20 @@ -%define prerelease rc6 +%define prerelease rc7 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.23%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.24%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ -#Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz -Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz +Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz +#Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz Source1: http://openvpn.net/signatures/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz.asc # Sample 2.0 config files Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf # Don't start openvpn by default. Patch0: openvpn-init.patch -Patch1: BETA21-userpriv-fixups.patch License: GPL Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) @@ -50,7 +49,6 @@ for compression. %prep %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} %patch0 -p0 -%patch1 -p1 sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8 # %%doc items shouldn't be executable. @@ -166,6 +164,10 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Tue Jan 29 2008 Steven Pritchard 2.1-0.24.rc7 +- Update to 2.1_rc7 +- Drop BETA21-userpriv-fixups.patch (upstream) + * Fri Jan 25 2008 Steven Pritchard 2.1-0.23.rc6 - Apply update to BETA21-userpriv-fixups.patch from Alon Bar-Lev diff --git a/sources b/sources index 5571d98..144bfcd 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -4c4965555242d138754765bfbc10990d openvpn-2.1_rc6.tar.gz -eaf5e55c7d6c1fab16f1e43df9b1d1bb openvpn-2.1_rc6.tar.gz.asc +38c8fdfaa3465d740049468bc7b66fcf openvpn-2.1_rc7.tar.gz +9ec429fee30701261a4a14c237d1fa7a openvpn-2.1_rc7.tar.gz.asc From 4eb43a8ece8bb855d4e61bea34e60780e7c22960 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Wed, 20 Feb 2008 02:48:03 +0000 Subject: [PATCH 039/168] - Autorebuild for GCC 4.3 --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 3d3e8eb..45a00a9 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.24%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.25%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -164,6 +164,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Tue Feb 19 2008 Fedora Release Engineering - 2.1-0.25.rc7 +- Autorebuild for GCC 4.3 + * Tue Jan 29 2008 Steven Pritchard 2.1-0.24.rc7 - Update to 2.1_rc7 - Drop BETA21-userpriv-fixups.patch (upstream) From 6fa9826bc478036283d3c4393bdd619f14b87388 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Sun, 15 Jun 2008 01:31:43 +0000 Subject: [PATCH 040/168] Update to 2.1_rc8. Update License tag. --- .cvsignore | 4 ++-- openvpn.spec | 16 +++++++++++----- sources | 4 ++-- 3 files changed, 15 insertions(+), 9 deletions(-) diff --git a/.cvsignore b/.cvsignore index a6b8b16..ef4412e 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc7.tar.gz -openvpn-2.1_rc7.tar.gz.asc +openvpn-2.1_rc8.tar.gz +openvpn-2.1_rc8.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 45a00a9..88923ea 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,21 +1,23 @@ -%define prerelease rc7 +%define prerelease rc8 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.25%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.26%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ -Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz -Source1: http://openvpn.net/signatures/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz.asc +Source0: https://secure.openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz +#Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz +Source1: https://secure.openvpn.net/beta/signatures/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz.asc +#Source1: http://openvpn.net/signatures/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz.asc # Sample 2.0 config files Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf # Don't start openvpn by default. Patch0: openvpn-init.patch -License: GPL +License: GPLv2 Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) BuildRequires: lzo-devel @@ -164,6 +166,10 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Sat Jun 14 2008 Steven Pritchard 2.1-0.26.rc8 +- Update to 2.1_rc8. +- Update License tag. + * Tue Feb 19 2008 Fedora Release Engineering - 2.1-0.25.rc7 - Autorebuild for GCC 4.3 diff --git a/sources b/sources index 144bfcd..a699188 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -38c8fdfaa3465d740049468bc7b66fcf openvpn-2.1_rc7.tar.gz -9ec429fee30701261a4a14c237d1fa7a openvpn-2.1_rc7.tar.gz.asc +059dfb6e21b503687c6b4a8a1b0034ac openvpn-2.1_rc8.tar.gz +25a7396a08e983fae44b08261af070cc openvpn-2.1_rc8.tar.gz.asc From 479939eb3716fa1246159ed467d0ff310bb129d5 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Fri, 1 Aug 2008 15:51:01 +0000 Subject: [PATCH 041/168] Update to 2.1_rc9. --- .cvsignore | 4 ++-- openvpn.spec | 17 ++++++++++------- sources | 4 ++-- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/.cvsignore b/.cvsignore index ef4412e..2b2cd29 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc8.tar.gz -openvpn-2.1_rc8.tar.gz.asc +openvpn-2.1_rc9.tar.gz +openvpn-2.1_rc9.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 88923ea..2fa0dac 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,17 +1,17 @@ -%define prerelease rc8 +%define prerelease rc9 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.26%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.27%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz -Source0: https://secure.openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz -#Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz -Source1: https://secure.openvpn.net/beta/signatures/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz.asc -#Source1: http://openvpn.net/signatures/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz.asc +#Source0: https://secure.openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz +Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz +#Source1: https://secure.openvpn.net/beta/signatures/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz.asc +Source1: http://openvpn.net/signatures/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz.asc # Sample 2.0 config files Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf @@ -166,6 +166,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Aug 01 2008 Steven Pritchard 2.1-0.27.rc9 +- Update to 2.1_rc9. + * Sat Jun 14 2008 Steven Pritchard 2.1-0.26.rc8 - Update to 2.1_rc8. - Update License tag. @@ -342,7 +345,7 @@ fi - Have the version number filled in by autoconf. * Wed Jul 10 2002 James Yonan 1.3.1-1 -- Fixed %preun to only remove service on final uninstall +- Fixed %%preun to only remove service on final uninstall * Mon Jun 17 2002 bishop clark (LC957) 1.2.2-1 - Added condrestart to openvpn.spec & openvpn.init. diff --git a/sources b/sources index a699188..d60ef07 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -059dfb6e21b503687c6b4a8a1b0034ac openvpn-2.1_rc8.tar.gz -25a7396a08e983fae44b08261af070cc openvpn-2.1_rc8.tar.gz.asc +f435e4ad43cf4323e942da570bae4951 openvpn-2.1_rc9.tar.gz +8354d0c77fc5bfe12aa286a87efb6f71 openvpn-2.1_rc9.tar.gz.asc From 8bfe67302486d599ae90be6be21356b9fcf7b1ea Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Wed, 13 Aug 2008 19:06:32 +0000 Subject: [PATCH 042/168] Add "--script-security 2" by default for backwards compatibility (see bug #458594). --- openvpn-script-security.patch | 15 +++++++++++++++ openvpn.spec | 8 +++++++- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 openvpn-script-security.patch diff --git a/openvpn-script-security.patch b/openvpn-script-security.patch new file mode 100644 index 0000000..693f0cf --- /dev/null +++ b/openvpn-script-security.patch @@ -0,0 +1,15 @@ +--- openvpn-2.1_rc9/sample-scripts/openvpn.init.orig 2008-06-13 02:54:58.000000000 -0500 ++++ openvpn-2.1_rc9/sample-scripts/openvpn.init 2008-08-13 13:51:46.000000000 -0500 +@@ -151,7 +151,11 @@ + . $bn.sh + fi + rm -f $piddir/$bn.pid +- $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work ++ # Handle backward compatibility, see Red Hat Bugzilla ID #458594 ++ if [ -z "$( grep '^[[:space:]]*script-security[[:space:]]' $c )" ]; then ++ script_security="--script-security 2" ++ fi ++ $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work $script_security + if [ $? = 0 ]; then + successes=1 + else diff --git a/openvpn.spec b/openvpn.spec index 2fa0dac..a96a810 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.27%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.28%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -17,6 +17,7 @@ Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf # Don't start openvpn by default. Patch0: openvpn-init.patch +Patch1: openvpn-script-security.patch License: GPLv2 Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) @@ -51,6 +52,7 @@ for compression. %prep %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} %patch0 -p0 +%patch1 -p1 sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8 # %%doc items shouldn't be executable. @@ -166,6 +168,10 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Wed Aug 13 2008 Steven Pritchard 2.1-0.28 +- Add "--script-security 2" by default for backwards compatibility + (see bug #458594). + * Fri Aug 01 2008 Steven Pritchard 2.1-0.27.rc9 - Update to 2.1_rc9. From d291b71c8cf656c14d5677db8c7aaa00736408c8 Mon Sep 17 00:00:00 2001 From: Robert Scheck Date: Sun, 30 Nov 2008 14:27:28 +0000 Subject: [PATCH 043/168] Update to 2.1_rc15 --- .cvsignore | 4 ++-- openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index 2b2cd29..d3464f9 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc9.tar.gz -openvpn-2.1_rc9.tar.gz.asc +openvpn-2.1_rc15.tar.gz +openvpn-2.1_rc15.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index a96a810..8b68d90 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease rc9 +%define prerelease rc15 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.28%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.29%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -168,6 +168,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Sat Nov 29 2008 Robert Scheck 2.1-0.29 +- Update to 2.1_rc15 + * Wed Aug 13 2008 Steven Pritchard 2.1-0.28 - Add "--script-security 2" by default for backwards compatibility (see bug #458594). diff --git a/sources b/sources index d60ef07..3d38615 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -f435e4ad43cf4323e942da570bae4951 openvpn-2.1_rc9.tar.gz -8354d0c77fc5bfe12aa286a87efb6f71 openvpn-2.1_rc9.tar.gz.asc +14a35b05c5a16292d149592d1dad0302 openvpn-2.1_rc15.tar.gz +148c13b3c0f6d5eef99755df7bf84526 openvpn-2.1_rc15.tar.gz.asc From 03e60efcc1b58ee8c1b47b7dd529970cb82d0277 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Fri, 12 Dec 2008 02:52:09 +0000 Subject: [PATCH 044/168] Attempt to fix BZ#476129. --- openvpn.spec | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index 8b68d90..04a784b 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.29%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.30%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -135,9 +135,10 @@ mkdir -m 755 -p $RPM_BUILD_ROOT%{_var}/run/%{name} rm -rf $RPM_BUILD_ROOT %pre -if ! id openvpn > /dev/null 2>&1 ; then - /usr/sbin/useradd -r -s /sbin/nologin -c OpenVPN -d /etc/openvpn openvpn -fi +getent group openvpn &>/dev/null || groupadd -r openvpn +getent passwd openvpn &>/dev/null || \ + /usr/sbin/useradd -r -g openvpn -s /sbin/nologin -c OpenVPN \ + -d /etc/openvpn openvpn %post /sbin/chkconfig --add %{name} @@ -168,10 +169,13 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog -* Sat Nov 29 2008 Robert Scheck 2.1-0.29 +* Thu Dec 11 2008 Steven Pritchard 2.1-0.30.rc15 +- Attempt to fix BZ#476129. + +* Sat Nov 29 2008 Robert Scheck 2.1-0.29.rc15 - Update to 2.1_rc15 -* Wed Aug 13 2008 Steven Pritchard 2.1-0.28 +* Wed Aug 13 2008 Steven Pritchard 2.1-0.28.rc9 - Add "--script-security 2" by default for backwards compatibility (see bug #458594). From 85b7f8217ad16f08f3eb1d39833e86223b96c462 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Sat, 17 Jan 2009 16:26:54 +0000 Subject: [PATCH 045/168] - rebuild with new openssl --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 04a784b..dd4c3c0 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.30%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.31%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -169,6 +169,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Sat Jan 17 2009 Tomas Mraz 2.1-0.31.rc15 +- rebuild with new openssl + * Thu Dec 11 2008 Steven Pritchard 2.1-0.30.rc15 - Attempt to fix BZ#476129. From 6197d9c4033656e6130063bec12cf1d3eb84ad67 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Thu, 26 Feb 2009 08:54:10 +0000 Subject: [PATCH 046/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index dd4c3c0..3a2a0fe 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.31%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.32%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -169,6 +169,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Feb 26 2009 Fedora Release Engineering - 2.1-0.32.rc15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + * Sat Jan 17 2009 Tomas Mraz 2.1-0.31.rc15 - rebuild with new openssl From f45c916a7805f22407bfb6814bbf9af89f4d0801 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Sat, 25 Jul 2009 20:55:54 +0000 Subject: [PATCH 047/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 3a2a0fe..9f88e1c 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.32%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.33%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -169,6 +169,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Sat Jul 25 2009 Fedora Release Engineering - 2.1-0.33.rc15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + * Thu Feb 26 2009 Fedora Release Engineering - 2.1-0.32.rc15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild From ea30305017bd1f79a79d7415b9fcba568ebf240d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Fri, 21 Aug 2009 15:08:58 +0000 Subject: [PATCH 048/168] - rebuilt with new openssl --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 9f88e1c..18a9db9 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.33%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.34%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -169,6 +169,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Aug 21 2009 Tomas Mraz - 2.1-0.34.rc15 +- rebuilt with new openssl + * Sat Jul 25 2009 Fedora Release Engineering - 2.1-0.33.rc15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild From 0582bf13d7184f0da672f351c39d378dc04897b4 Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Mon, 7 Sep 2009 06:28:04 +0000 Subject: [PATCH 049/168] - Update to 2.1_rc19 - Build with pkcs11-helper --- .cvsignore | 4 ++-- openvpn.spec | 9 +++++++-- sources | 4 ++-- 3 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index d3464f9..239c6f6 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc15.tar.gz -openvpn-2.1_rc15.tar.gz.asc +openvpn-2.1_rc19.tar.gz +openvpn-2.1_rc19.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 18a9db9..690d2ec 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease rc15 +%define prerelease rc19 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.34%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.35%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -24,6 +24,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) BuildRequires: lzo-devel BuildRequires: openssl-devel BuildRequires: pam-devel +BuildRequires: pkcs11-helper-devel # For /sbin/ip. BuildRequires: iproute # We need /dev/net/tun. @@ -169,6 +170,10 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Sun Sep 06 2009 Kalev Lember - 2.1-0.35.rc19 +- Update to 2.1_rc19 +- Build with pkcs11-helper + * Fri Aug 21 2009 Tomas Mraz - 2.1-0.34.rc15 - rebuilt with new openssl diff --git a/sources b/sources index 3d38615..c99f224 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -14a35b05c5a16292d149592d1dad0302 openvpn-2.1_rc15.tar.gz -148c13b3c0f6d5eef99755df7bf84526 openvpn-2.1_rc15.tar.gz.asc +ba2ee667a8b7606b125b7d32f47ca578 openvpn-2.1_rc19.tar.gz +60dd63b0b37cabb5f467e1ededd013ce openvpn-2.1_rc19.tar.gz.asc From 50efe3fd858872c702cb8bbefc6604f94d48cc62 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Fri, 2 Oct 2009 11:39:25 +0000 Subject: [PATCH 050/168] Update to 2.1_rc20. --- .cvsignore | 4 ++-- openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index 239c6f6..e3fed5d 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc19.tar.gz -openvpn-2.1_rc19.tar.gz.asc +openvpn-2.1_rc20.tar.gz +openvpn-2.1_rc20.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 690d2ec..c3c6b16 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease rc19 +%define prerelease rc20 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.35%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.36%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -170,6 +170,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Oct 02 2009 Steven Pritchard 2.1-0.36.rc20 +- Update to 2.1_rc20. + * Sun Sep 06 2009 Kalev Lember - 2.1-0.35.rc19 - Update to 2.1_rc19 - Build with pkcs11-helper diff --git a/sources b/sources index c99f224..faa41e8 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -ba2ee667a8b7606b125b7d32f47ca578 openvpn-2.1_rc19.tar.gz -60dd63b0b37cabb5f467e1ededd013ce openvpn-2.1_rc19.tar.gz.asc +552038d36980470448bf1d701c9effc3 openvpn-2.1_rc20.tar.gz +b04b1d058cb5dc3f65ca696bc5021278 openvpn-2.1_rc20.tar.gz.asc From 3a32e51ddc2f51fe3b983f1edafbb19fe04a5409 Mon Sep 17 00:00:00 2001 From: Robert Scheck Date: Sun, 25 Oct 2009 11:13:29 +0000 Subject: [PATCH 051/168] Added script_security initialisation in initscript (#458594 #c20) --- openvpn-script-security.patch | 3 ++- openvpn.spec | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/openvpn-script-security.patch b/openvpn-script-security.patch index 693f0cf..6d5e15b 100644 --- a/openvpn-script-security.patch +++ b/openvpn-script-security.patch @@ -1,11 +1,12 @@ --- openvpn-2.1_rc9/sample-scripts/openvpn.init.orig 2008-06-13 02:54:58.000000000 -0500 +++ openvpn-2.1_rc9/sample-scripts/openvpn.init 2008-08-13 13:51:46.000000000 -0500 -@@ -151,7 +151,11 @@ +@@ -151,7 +151,12 @@ . $bn.sh fi rm -f $piddir/$bn.pid - $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work + # Handle backward compatibility, see Red Hat Bugzilla ID #458594 ++ script_security='' + if [ -z "$( grep '^[[:space:]]*script-security[[:space:]]' $c )" ]; then + script_security="--script-security 2" + fi diff --git a/openvpn.spec b/openvpn.spec index c3c6b16..9b24650 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1 -Release: 0.36%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.37%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -170,6 +170,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Sun Oct 25 2009 Robert Scheck 2.1-0.37.rc20 +- Added script_security initialisation in initscript (#458594 #c20) + * Fri Oct 02 2009 Steven Pritchard 2.1-0.36.rc20 - Update to 2.1_rc20. From ebf0c109f6e4394d6aedd4e1834efbec86426019 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Thu, 12 Nov 2009 23:49:38 +0000 Subject: [PATCH 052/168] Update to 2.1_rc21. --- .cvsignore | 4 ++-- openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index e3fed5d..6b695af 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc20.tar.gz -openvpn-2.1_rc20.tar.gz.asc +openvpn-2.1_rc21.tar.gz +openvpn-2.1_rc21.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 9b24650..50d0459 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease rc20 +%define prerelease rc21 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.37%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.38%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -170,6 +170,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Nov 12 2009 Steven Pritchard 2.1-0.38.rc21 +- Update to 2.1_rc21. + * Sun Oct 25 2009 Robert Scheck 2.1-0.37.rc20 - Added script_security initialisation in initscript (#458594 #c20) diff --git a/sources b/sources index faa41e8..7911343 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -552038d36980470448bf1d701c9effc3 openvpn-2.1_rc20.tar.gz -b04b1d058cb5dc3f65ca696bc5021278 openvpn-2.1_rc20.tar.gz.asc +c9124abda3aa140172eefc7b31f1a100 openvpn-2.1_rc21.tar.gz +5a01e4afa5d16279b4cebeb1ac620082 openvpn-2.1_rc21.tar.gz.asc From 7856b8775bf85b381c2279f661d559417db9021a Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Sat, 21 Nov 2009 20:03:45 +0000 Subject: [PATCH 053/168] Update to 2.1_rc22. --- .cvsignore | 4 ++-- openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.cvsignore b/.cvsignore index 6b695af..d7fba4f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc21.tar.gz -openvpn-2.1_rc21.tar.gz.asc +openvpn-2.1_rc22.tar.gz +openvpn-2.1_rc22.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 50d0459..2ff6c2e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease rc21 +%define prerelease rc22 %define plugins down-root auth-pam Name: openvpn Version: 2.1 -Release: 0.38%{?prerelease:.%{prerelease}}%{?dist} +Release: 0.39%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -170,6 +170,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Sat Nov 21 2009 Steven Pritchard 2.1-0.39.rc22 +- Update to 2.1_rc22. + * Thu Nov 12 2009 Steven Pritchard 2.1-0.38.rc21 - Update to 2.1_rc21. diff --git a/sources b/sources index 7911343..1500b03 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -c9124abda3aa140172eefc7b31f1a100 openvpn-2.1_rc21.tar.gz -5a01e4afa5d16279b4cebeb1ac620082 openvpn-2.1_rc21.tar.gz.asc +a4ca5d79f7467fc537b216bff1c744f2 openvpn-2.1_rc22.tar.gz +2c40603579fa7a71701abbefd5799f65 openvpn-2.1_rc22.tar.gz.asc From 430e1eb35d31d92bd0d11a00a1f397c9970953da Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Wed, 25 Nov 2009 22:56:35 +0000 Subject: [PATCH 054/168] Fix typo that causes a failure to update the common directory. (releng #2781) --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 3fc8bc7..e851c02 100644 --- a/Makefile +++ b/Makefile @@ -1,10 +1,10 @@ # Makefile for source rpm: openvpn -# $Id$ +# $Id: Makefile,v 1.1 2005/06/27 21:18:15 steve Exp $ NAME := openvpn SPECFILE = $(firstword $(wildcard *.spec)) define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done endef MAKEFILE_COMMON := $(shell $(find-makefile-common)) From b466ea788bec52258f12b27a73ad727a4070165e Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Sat, 12 Dec 2009 02:11:39 +0000 Subject: [PATCH 055/168] Update to 2.1.1. --- .cvsignore | 4 ++-- openvpn.spec | 9 ++++++--- sources | 4 ++-- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/.cvsignore b/.cvsignore index d7fba4f..374e301 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1,2 @@ -openvpn-2.1_rc22.tar.gz -openvpn-2.1_rc22.tar.gz.asc +openvpn-2.1.1.tar.gz +openvpn-2.1.1.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 2ff6c2e..9185e14 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,10 @@ -%define prerelease rc22 +#define prerelease rc22 %define plugins down-root auth-pam Name: openvpn -Version: 2.1 -Release: 0.39%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.1.1 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -170,6 +170,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Dec 11 2009 Steven Pritchard 2.1.1-1 +- Update to 2.1.1. + * Sat Nov 21 2009 Steven Pritchard 2.1-0.39.rc22 - Update to 2.1_rc22. diff --git a/sources b/sources index 1500b03..e6c2cca 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -a4ca5d79f7467fc537b216bff1c744f2 openvpn-2.1_rc22.tar.gz -2c40603579fa7a71701abbefd5799f65 openvpn-2.1_rc22.tar.gz.asc +b273ed2b5ec8616fb9834cde8634bce7 openvpn-2.1.1.tar.gz +83ab0bca3f051fc0b26673008c34aa20 openvpn-2.1.1.tar.gz.asc From a0543ccb1409aeb50da6eaa7bca4ef3354ac9453 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Tue, 5 Jan 2010 14:37:17 +0000 Subject: [PATCH 056/168] - Fix init script *.sh sourcing, BZ 498348. - Added init script info block, BZ 392991, BZ 541219. --- openvpn-2.1.1-init.patch | 5 +++++ openvpn-2.1.1-initinfo.patch | 16 ++++++++++++++++ openvpn.spec | 11 ++++++++++- 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 openvpn-2.1.1-init.patch create mode 100644 openvpn-2.1.1-initinfo.patch diff --git a/openvpn-2.1.1-init.patch b/openvpn-2.1.1-init.patch new file mode 100644 index 0000000..598a009 --- /dev/null +++ b/openvpn-2.1.1-init.patch @@ -0,0 +1,5 @@ +--- sample-scripts/openvpn.init~ 2010-01-04 08:30:35.000000000 -0600 ++++ sample-scripts/openvpn.init 2010-01-04 15:53:29.503900367 -0600 +@@ -153 +153 @@ +- . $bn.sh ++ . ./$bn.sh diff --git a/openvpn-2.1.1-initinfo.patch b/openvpn-2.1.1-initinfo.patch new file mode 100644 index 0000000..19a382d --- /dev/null +++ b/openvpn-2.1.1-initinfo.patch @@ -0,0 +1,16 @@ +--- sample-scripts/openvpn.init~ 2010-01-04 16:52:25.000000000 -0600 ++++ sample-scripts/openvpn.init 2010-01-05 05:48:24.043085950 -0600 +@@ -15,0 +16,13 @@ ++### BEGIN INIT INFO ++# Provides: openvpn ++# Required-Start: $network ++# Required-Stop: $network ++# Short-Description: start and stop openvpn ++# Description: OpenVPN is a robust and highly flexible tunneling \ ++# application that uses all of the encryption, \ ++# authentication, and certification features of the OpenSSL \ ++# library to securely tunnel IP networks over a single UDP \ ++# port. ++### END INIT INFO ++ ++ diff --git a/openvpn.spec b/openvpn.spec index 9185e14..3bfc63b 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1.1 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -18,6 +18,8 @@ Source3: roadwarrior-client.conf # Don't start openvpn by default. Patch0: openvpn-init.patch Patch1: openvpn-script-security.patch +Patch2: openvpn-2.1.1-init.patch +Patch3: openvpn-2.1.1-initinfo.patch License: GPLv2 Group: Applications/Internet BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) @@ -54,6 +56,9 @@ for compression. %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} %patch0 -p0 %patch1 -p1 +%patch2 -p0 +%patch3 -p0 + sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8 # %%doc items shouldn't be executable. @@ -170,6 +175,10 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Mon Jan 04 2010 Jon Ciesla 2.1.1-2 +- Fix init script *.sh sourcing, BZ 498348. +- Added init script info block, BZ 392991, BZ 541219. + * Fri Dec 11 2009 Steven Pritchard 2.1.1-1 - Update to 2.1.1. From 25d5406f14759eb82c1d8cf928c7c85bd55d05ff Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 29 Jul 2010 05:19:40 +0000 Subject: [PATCH 057/168] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- 2 files changed, 21 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index e851c02..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: openvpn -# $Id: Makefile,v 1.1 2005/06/27 21:18:15 steve Exp $ -NAME := openvpn -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) From 212dca3eec4dbba429cc0a21c20a8983737b5b11 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Thu, 19 Aug 2010 15:11:07 -0500 Subject: [PATCH 058/168] Update to 2.1.2. --- .gitignore | 2 ++ openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 374e301..108a7d7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ openvpn-2.1.1.tar.gz openvpn-2.1.1.tar.gz.asc +openvpn-2.1.2.tar.gz +openvpn-2.1.2.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 3bfc63b..b1b1e83 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -3,8 +3,8 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.1.1 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.1.2 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -175,6 +175,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Aug 19 2010 Steven Pritchard 2.1.2-1 +- Update to 2.1.2. + * Mon Jan 04 2010 Jon Ciesla 2.1.1-2 - Fix init script *.sh sourcing, BZ 498348. - Added init script info block, BZ 392991, BZ 541219. diff --git a/sources b/sources index e6c2cca..c8aa545 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -b273ed2b5ec8616fb9834cde8634bce7 openvpn-2.1.1.tar.gz -83ab0bca3f051fc0b26673008c34aa20 openvpn-2.1.1.tar.gz.asc +543a30dafcdefe1d67c0e47b80741755 openvpn-2.1.2.tar.gz +218c93632a676379efdab17452b2ffe4 openvpn-2.1.2.tar.gz.asc From e415da3a413ed047c575f2124e080195f24988b2 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Fri, 8 Oct 2010 08:56:28 -0500 Subject: [PATCH 059/168] 2.1.3. --- .gitignore | 2 ++ openvpn.spec | 5 ++++- sources | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 108a7d7..7c06a3f 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,5 @@ openvpn-2.1.1.tar.gz openvpn-2.1.1.tar.gz.asc openvpn-2.1.2.tar.gz openvpn-2.1.2.tar.gz.asc +/openvpn-2.1.3.tar.gz +/openvpn-2.1.3.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index b1b1e83..723d018 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -3,7 +3,7 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.1.2 +Version: 2.1.3 Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ @@ -175,6 +175,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Oct 07 2010 Jon Ciesla 2.1.3-1 +- Update to 2.1.3. + * Thu Aug 19 2010 Steven Pritchard 2.1.2-1 - Update to 2.1.2. diff --git a/sources b/sources index c8aa545..1b63bf5 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -543a30dafcdefe1d67c0e47b80741755 openvpn-2.1.2.tar.gz -218c93632a676379efdab17452b2ffe4 openvpn-2.1.2.tar.gz.asc +7486d3e270ba4b033e311d3e022a0ad7 openvpn-2.1.3.tar.gz +c9d69a95eedea26a90622c67b441614b openvpn-2.1.3.tar.gz.asc From c0f3785f49e00fdd2c645b5cc534e3bf161a4609 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Tue, 8 Feb 2011 21:41:52 -0600 Subject: [PATCH 060/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 723d018..080e20c 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.1.3 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -175,6 +175,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Tue Feb 08 2011 Fedora Release Engineering - 2.1.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + * Thu Oct 07 2010 Jon Ciesla 2.1.3-1 - Update to 2.1.3. From f49c6db949273394505e7b82fc98cda6dd99f0fc Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Thu, 17 Mar 2011 08:09:14 -0500 Subject: [PATCH 061/168] 2.1.4. --- .gitignore | 2 ++ openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 7c06a3f..de3afe0 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,5 @@ openvpn-2.1.2.tar.gz openvpn-2.1.2.tar.gz.asc /openvpn-2.1.3.tar.gz /openvpn-2.1.3.tar.gz.asc +/openvpn-2.1.4.tar.gz +/openvpn-2.1.4.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 080e20c..0ea52ca 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -3,8 +3,8 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.1.3 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.1.4 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -175,6 +175,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Mar 17 2011 Jon Ciesla 2.1.4-1 +- Update to 2.1.4. + * Tue Feb 08 2011 Fedora Release Engineering - 2.1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild diff --git a/sources b/sources index 1b63bf5..d4679ac 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -7486d3e270ba4b033e311d3e022a0ad7 openvpn-2.1.3.tar.gz -c9d69a95eedea26a90622c67b441614b openvpn-2.1.3.tar.gz.asc +96a11868082685802489254f03ff3bde openvpn-2.1.4.tar.gz +484ac1f631cf50bf36fb5d5f011d6f81 openvpn-2.1.4.tar.gz.asc From 9a96fb3df1f461f284132c6295f7506cf41ce6c2 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Thu, 19 May 2011 13:13:43 -0500 Subject: [PATCH 062/168] New upstream. --- .gitignore | 2 ++ openvpn-init.patch | 17 +++++++++-------- openvpn.spec | 5 ++++- sources | 4 ++-- 4 files changed, 17 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index de3afe0..ea124a7 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.1.3.tar.gz.asc /openvpn-2.1.4.tar.gz /openvpn-2.1.4.tar.gz.asc +/openvpn-2.2.0.tar.gz +/openvpn-2.2.0.tar.gz.asc diff --git a/openvpn-init.patch b/openvpn-init.patch index bcf00a0..fc751c6 100644 --- a/openvpn-init.patch +++ b/openvpn-init.patch @@ -1,22 +1,23 @@ ---- sample-scripts/openvpn.init.orig 2005-06-27 19:50:53.000000000 -0500 -+++ sample-scripts/openvpn.init 2005-06-27 19:53:54.000000000 -0500 -@@ -3,12 +3,14 @@ +--- sample-scripts/openvpn.init~ 2011-04-06 11:05:52.000000000 -0500 ++++ sample-scripts/openvpn.init 2011-05-19 13:06:51.049143974 -0500 +@@ -3,13 +3,14 @@ # openvpn This shell script takes care of starting and stopping # openvpn on RedHat or other chkconfig-based system. # -# chkconfig: 345 24 76 +-# +-# description: OpenVPN is a robust and highly flexible tunneling application \ +-# that uses all of the encryption, authentication, and \ +-# certification features of the OpenSSL library to securely \ +-# tunnel IP networks over a single UDP port. +# chkconfig: - 24 76 # --# description: OpenVPN is a robust and highly flexible tunneling application that --# uses all of the encryption, authentication, and certification features --# of the OpenSSL library to securely tunnel IP networks over a single --# UDP port. +# processname: openvpn +# description: OpenVPN is a robust and highly flexible tunneling \ +# application that uses all of the encryption, \ +# authentication, and certification features of the OpenSSL \ +# library to securely tunnel IP networks over a single UDP \ +# port. - # # Contributed to the OpenVPN project by + # Douglas Keller diff --git a/openvpn.spec b/openvpn.spec index 0ea52ca..917276d 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -3,7 +3,7 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.1.4 +Version: 2.2.0 Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ @@ -175,6 +175,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu May 19 2011 Jon Ciesla 2.2.0-1 +- Update to 2.2.0. + * Thu Mar 17 2011 Jon Ciesla 2.1.4-1 - Update to 2.1.4. diff --git a/sources b/sources index d4679ac..6f5e8e6 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -96a11868082685802489254f03ff3bde openvpn-2.1.4.tar.gz -484ac1f631cf50bf36fb5d5f011d6f81 openvpn-2.1.4.tar.gz.asc +4f440603eac45fec7be218b87d570834 openvpn-2.2.0.tar.gz +f57de391d0a5f29b5dc04f0197fb5c95 openvpn-2.2.0.tar.gz.asc From 83327cf344299c86cee14924dd7a29c69ee3c7f5 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Fri, 17 Jun 2011 08:18:25 -0500 Subject: [PATCH 063/168] 712251 --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 917276d..7290fe0 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.2.0 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -175,6 +175,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Jun 17 2011 Jon Ciesla 2.2.0-2 +- Bump and rebuild for BZ 712251. + * Thu May 19 2011 Jon Ciesla 2.2.0-1 - Update to 2.2.0. From 51272933078de0291dcc90fcd42e222241526009 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Fri, 8 Jul 2011 14:52:12 -0500 Subject: [PATCH 064/168] 2.2.1. --- .gitignore | 2 ++ openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index ea124a7..2a9cbf7 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.1.4.tar.gz.asc /openvpn-2.2.0.tar.gz /openvpn-2.2.0.tar.gz.asc +/openvpn-2.2.1.tar.gz +/openvpn-2.2.1.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 7290fe0..a77fe1b 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -3,8 +3,8 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.2.0 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.2.1 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -175,6 +175,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Jul 08 2011 Jon Ciesla 2.2.1-1 +- Update to 2.2.1. + * Fri Jun 17 2011 Jon Ciesla 2.2.0-2 - Bump and rebuild for BZ 712251. diff --git a/sources b/sources index 6f5e8e6..1c916b0 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -4f440603eac45fec7be218b87d570834 openvpn-2.2.0.tar.gz -f57de391d0a5f29b5dc04f0197fb5c95 openvpn-2.2.0.tar.gz.asc +500bee5449b29906150569aaf2eb2730 openvpn-2.2.1.tar.gz +6cd5fd958dad35d99c16175df0d821a6 openvpn-2.2.1.tar.gz.asc From 8b3e151715db7b76d29411b028f0018cb4a73ea2 Mon Sep 17 00:00:00 2001 From: "Tom \"spot\" Callaway" Date: Fri, 9 Sep 2011 14:23:52 -0400 Subject: [PATCH 065/168] convert to systemd --- openvpn-tmpfile.conf | 1 + openvpn.spec | 70 +++++++++++++++++++++++++++++--------------- openvpn@.service | 11 +++++++ 3 files changed, 59 insertions(+), 23 deletions(-) create mode 100644 openvpn-tmpfile.conf create mode 100644 openvpn@.service diff --git a/openvpn-tmpfile.conf b/openvpn-tmpfile.conf new file mode 100644 index 0000000..d5fca71 --- /dev/null +++ b/openvpn-tmpfile.conf @@ -0,0 +1 @@ +D /var/run/openvpn 0710 root openvpn - diff --git a/openvpn.spec b/openvpn.spec index a77fe1b..2d079d0 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.2.1 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -15,6 +15,11 @@ Source1: http://openvpn.net/signatures/%{name}-%{version}%{?prerelease # Sample 2.0 config files Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf +# Systemd service +Source4: openvpn@.service +# Tmpfile.d config +Source5: %{name}-tmpfile.conf + # Don't start openvpn by default. Patch0: openvpn-init.patch Patch1: openvpn-script-security.patch @@ -22,11 +27,11 @@ Patch2: openvpn-2.1.1-init.patch Patch3: openvpn-2.1.1-initinfo.patch License: GPLv2 Group: Applications/Internet -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-%(id -un) BuildRequires: lzo-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pkcs11-helper-devel +BuildRequires: systemd-units # For /sbin/ip. BuildRequires: iproute # We need /dev/net/tun. @@ -37,9 +42,10 @@ Requires: iproute # For ifconfig and route. Requires: net-tools Requires(pre): /usr/sbin/useradd -Requires(post): /sbin/chkconfig -Requires(preun): /sbin/chkconfig, /sbin/service -Requires(postun): /sbin/service +Requires(post): systemd-sysv +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units # Filter out the perl(Authen::PAM) dependency. # No perl dependency is really needed at all. @@ -115,12 +121,12 @@ rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \ %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server %install -rm -rf $RPM_BUILD_ROOT - install -D -m 0644 %{name}.8 $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 install -D -m 0755 %{name} $RPM_BUILD_ROOT%{_sbindir}/%{name} -install -D -m 0755 sample-scripts/%{name}.init \ - $RPM_BUILD_ROOT%{_initrddir}/%{name} + +mkdir -p %{buildroot}%{_unitdir} +install -D -m 0755 %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}/ +rm -rf %{buildroot}%{_initrddir} install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name} mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name} @@ -135,10 +141,11 @@ for plugin in %{plugins} ; do cp plugin/$plugin/README plugin/$plugin.txt done -mkdir -m 755 -p $RPM_BUILD_ROOT%{_var}/run/%{name} - -%clean -rm -rf $RPM_BUILD_ROOT +# tmpfiles.d +mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d +install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf +mkdir -p %{buildroot}%{_localstatedir}/run/ +install -d -m 0710 %{buildroot}%{_localstatedir}/run/%{name}/ %pre getent group openvpn &>/dev/null || groupadd -r openvpn @@ -147,21 +154,34 @@ getent passwd openvpn &>/dev/null || \ -d /etc/openvpn openvpn %post -/sbin/chkconfig --add %{name} +if [ $1 -eq 1 ] ; then + # Initial installation + /bin/systemctl daemon-reload >/dev/null 2>&1 || : +fi %preun -if [ "$1" = 0 ]; then - /sbin/service %{name} stop - /sbin/chkconfig --del %{name} +if [ $1 -eq 0 ] ; then + # Package removal, not upgrade + /bin/systemctl --no-reload disable openvpn.service > /dev/null 2>&1 || : + /bin/systemctl stop openvpn.service > /dev/null 2>&1 || : fi %postun -if [ "$1" -ge 1 ]; then - /sbin/service %{name} condrestart >/dev/null 2>&1 -fi +/bin/systemctl daemon-reload >/dev/null 2>&1 || : +# Normally, we'd try a restart here, but in this case, it could be troublesome. + +%triggerun -- openvpn < 2.2.1-2 +# Save the current service runlevel info +# User must manually run systemd-sysv-convert --apply openvpn +# to migrate them to systemd targets +/usr/bin/systemd-sysv-convert --save openvpn >/dev/null 2>&1 ||: + +# Run these because the SysV package being removed won't do them +/sbin/chkconfig --del openvpn >/dev/null 2>&1 || : +/bin/systemctl try-restart openvpn.service >/dev/null 2>&1 || : + %files -%defattr(-,root,root,0755) %doc AUTHORS COPYING COPYRIGHT.GPL INSTALL PORTS README # Add NEWS when it isn't zero-length. %doc plugin/*.txt @@ -170,11 +190,15 @@ fi %{_sbindir}/%{name} %{_datadir}/%{name}/ %{_libdir}/%{name}/ -%{_initrddir}/%{name} -%{_var}/run/%{name}/ +%{_unitdir}/%{name}@.service +%dir %{_localstatedir}/run/%{name}/ +%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Sep 9 2011 Tom Callaway 2.2.1-2 +- convert to systemd + * Fri Jul 08 2011 Jon Ciesla 2.2.1-1 - Update to 2.2.1. diff --git a/openvpn@.service b/openvpn@.service new file mode 100644 index 0000000..210e749 --- /dev/null +++ b/openvpn@.service @@ -0,0 +1,11 @@ +[Unit] +Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I +After=syslog.target network.target + +[Service] +Type=forking +PIDFile=/var/run/openvpn/%i.pid +ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf + +[Install] +WantedBy=multi-user.target From 834c613fedc6f899231da58232cb85af8d58f72e Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Fri, 23 Dec 2011 07:11:56 -0600 Subject: [PATCH 066/168] 2.2.2. --- .gitignore | 2 ++ openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 2a9cbf7..d833f8a 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.2.0.tar.gz.asc /openvpn-2.2.1.tar.gz /openvpn-2.2.1.tar.gz.asc +/openvpn-2.2.2.tar.gz +/openvpn-2.2.2.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 2d079d0..1537de2 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -3,8 +3,8 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.2.1 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.2.2 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -196,6 +196,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Dec 23 2011 Jon Ciesla 2.2.2-1 +- Update to 2.2.2. + * Fri Sep 9 2011 Tom Callaway 2.2.1-2 - convert to systemd diff --git a/sources b/sources index 1c916b0..15f5e88 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -500bee5449b29906150569aaf2eb2730 openvpn-2.2.1.tar.gz -6cd5fd958dad35d99c16175df0d821a6 openvpn-2.2.1.tar.gz.asc +c5181e27b7945fa6276d21873329c5c7 openvpn-2.2.2.tar.gz +81ff11ec8cd9fc3c8bc646aae24c4298 openvpn-2.2.2.tar.gz.asc From 99d35971b48c050c9b73ee5b420cf4b4be72effc Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 13 Jan 2012 05:46:33 -0600 Subject: [PATCH 067/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 1537de2..853d9c8 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.2.2 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -196,6 +196,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Jan 13 2012 Fedora Release Engineering - 2.2.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + * Fri Dec 23 2011 Jon Ciesla 2.2.2-1 - Update to 2.2.2. From 28f3551b7ca06986126ba5d68f502769e9e911cc Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Wed, 8 Feb 2012 19:41:43 +0100 Subject: [PATCH 068/168] Drop dependency on 'dev' package; it is gone since many years --- openvpn.spec | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index 853d9c8..a43ded8 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.2.2 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Release: 3%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -34,9 +34,6 @@ BuildRequires: pkcs11-helper-devel BuildRequires: systemd-units # For /sbin/ip. BuildRequires: iproute -# We need /dev/net/tun. -# This will work with RH9+ dev or udev. -Requires: dev >= 0:3.3.2-5 # For /sbin/ip. Requires: iproute # For ifconfig and route. @@ -196,6 +193,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Wed Feb 8 2012 Kay Sievers - 2.2.2-3 +- Drop dependency on 'dev' package; it is gone since many years + * Fri Jan 13 2012 Fedora Release Engineering - 2.2.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild From cc89caefd1178c8b44b8cf10b32463f03020433b Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Mon, 13 Feb 2012 12:44:12 -0600 Subject: [PATCH 069/168] Set PrivateTmp=true --- openvpn.spec | 5 ++++- openvpn@.service | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index a43ded8..2e9fd12 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ Name: openvpn Version: 2.2.2 -Release: 3%{?prerelease:.%{prerelease}}%{?dist} +Release: 4%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -193,6 +193,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Mon Feb 13 2012 Jon Ciesla 2.2.2-4 +- Use PrivateTmp=true, BZ 782522. + * Wed Feb 8 2012 Kay Sievers - 2.2.2-3 - Drop dependency on 'dev' package; it is gone since many years diff --git a/openvpn@.service b/openvpn@.service index 210e749..358dcb7 100644 --- a/openvpn@.service +++ b/openvpn@.service @@ -3,6 +3,7 @@ Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I After=syslog.target network.target [Service] +PrivateTmp=true Type=forking PIDFile=/var/run/openvpn/%i.pid ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf From b871210497773619c97e7306efc0f41dde405963 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Thu, 12 Apr 2012 14:52:10 -0500 Subject: [PATCH 070/168] Add hardened build. --- openvpn.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 2e9fd12..342562a 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,10 +1,11 @@ +%define _hardened_build 1 #define prerelease rc22 %define plugins down-root auth-pam Name: openvpn Version: 2.2.2 -Release: 4%{?prerelease:.%{prerelease}}%{?dist} +Release: 5%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -193,6 +194,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Apr 12 2012 Jon Ciesla 2.2.2-5 +- Add hardened build. + * Mon Feb 13 2012 Jon Ciesla 2.2.2-4 - Use PrivateTmp=true, BZ 782522. From 2428a8de866c26950880227bc2f268cb52dc8c44 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 20 Jul 2012 02:20:34 -0500 Subject: [PATCH 071/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 342562a..ceb0325 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.2.2 -Release: 5%{?prerelease:.%{prerelease}}%{?dist} +Release: 6%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -194,6 +194,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Fri Jul 20 2012 Fedora Release Engineering - 2.2.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + * Thu Apr 12 2012 Jon Ciesla 2.2.2-5 - Add hardened build. From 9696838bd2e14107eabb677cb28ea50e6b3c7822 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Wed, 5 Sep 2012 08:13:24 -0500 Subject: [PATCH 072/168] Fix tmpfiles and run dir. --- openvpn.spec | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index ceb0325..77b12ce 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -140,8 +140,8 @@ for plugin in %{plugins} ; do done # tmpfiles.d -mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d -install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/tmpfiles.d/%{name}.conf +mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d +install -m 0644 %{SOURCE5} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf mkdir -p %{buildroot}%{_localstatedir}/run/ install -d -m 0710 %{buildroot}%{_localstatedir}/run/%{name}/ @@ -189,11 +189,15 @@ fi %{_datadir}/%{name}/ %{_libdir}/%{name}/ %{_unitdir}/%{name}@.service -%dir %{_localstatedir}/run/%{name}/ -%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf +%attr(0710,root,openvpn) %dir %{_localstatedir}/run/%{name}/ +%config(noreplace) %{_prefix}/lib/tmpfiles.d/%{name}.conf %config %dir %{_sysconfdir}/%{name}/ %changelog +* Wed Sep 05 2012 Jon Ciesla 2.2.2-7 +- Fix tmpfiles location, BZ 840188. +- Fix run ownership, BZ 854440. + * Fri Jul 20 2012 Fedora Release Engineering - 2.2.2-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild From 8a61d18c77a58983f04f6f76db653135e67ce3db Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Wed, 5 Sep 2012 08:32:16 -0500 Subject: [PATCH 073/168] Bump EVR. . . --- openvpn.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 77b12ce..f8cf0c2 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.2.2 -Release: 6%{?prerelease:.%{prerelease}}%{?dist} +Release: 7%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz From cc15ebff0097ba94605de4dbfd1b54db972509d0 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Thu, 6 Sep 2012 05:45:37 -0500 Subject: [PATCH 074/168] Dropped config from tmpfiles conf. --- openvpn.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index f8cf0c2..4e25048 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.2.2 -Release: 7%{?prerelease:.%{prerelease}}%{?dist} +Release: 8%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -190,10 +190,13 @@ fi %{_libdir}/%{name}/ %{_unitdir}/%{name}@.service %attr(0710,root,openvpn) %dir %{_localstatedir}/run/%{name}/ -%config(noreplace) %{_prefix}/lib/tmpfiles.d/%{name}.conf +%{_prefix}/lib/tmpfiles.d/%{name}.conf %config %dir %{_sysconfdir}/%{name}/ %changelog +* Wed Sep 05 2012 Jon Ciesla 2.2.2-8 +- Dropped config from tmpfiles conf. + * Wed Sep 05 2012 Jon Ciesla 2.2.2-7 - Fix tmpfiles location, BZ 840188. - Fix run ownership, BZ 854440. From cb64f5603efb8931c7daf6b48cbfd5f2394b84d1 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Wed, 26 Sep 2012 10:35:31 -0500 Subject: [PATCH 075/168] Drop net-tools. --- openvpn.spec | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index 4e25048..20d7a46 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.2.2 -Release: 8%{?prerelease:.%{prerelease}}%{?dist} +Release: 9%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -37,8 +37,6 @@ BuildRequires: systemd-units BuildRequires: iproute # For /sbin/ip. Requires: iproute -# For ifconfig and route. -Requires: net-tools Requires(pre): /usr/sbin/useradd Requires(post): systemd-sysv Requires(post): systemd-units @@ -81,9 +79,7 @@ find contrib sample-config-files sample-keys sample-scripts -type f -perm +100 \ --enable-pthread \ --enable-password-save \ --enable-iproute2 \ - --with-ifconfig-path=/sbin/ifconfig \ - --with-iproute-path=/sbin/ip \ - --with-route-path=/sbin/route + --with-iproute-path=/sbin/ip %{__make} # Build plugins @@ -194,6 +190,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Wed Sep 26 2012 Jon Ciesla 2.2.2-9 +- Dropped net-tools, BZ 785794. + * Wed Sep 05 2012 Jon Ciesla 2.2.2-8 - Dropped config from tmpfiles conf. From f3eed524ae0a0b3b04efc98f09d5873dc0c1d6e2 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Tue, 15 Jan 2013 10:23:33 -0600 Subject: [PATCH 076/168] 2.3.0. --- .gitignore | 2 ++ openvpn.spec | 89 ++++++++++++++++++++++++++++++---------------------- sources | 4 +-- 3 files changed, 55 insertions(+), 40 deletions(-) diff --git a/.gitignore b/.gitignore index d833f8a..085484b 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.2.1.tar.gz.asc /openvpn-2.2.2.tar.gz /openvpn-2.2.2.tar.gz.asc +/openvpn-2.3.0.tar.gz +/openvpn-2.3.0.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 20d7a46..8c140ab 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,8 +4,8 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.2.2 -Release: 9%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.3.0 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -22,10 +22,10 @@ Source4: openvpn@.service Source5: %{name}-tmpfile.conf # Don't start openvpn by default. -Patch0: openvpn-init.patch -Patch1: openvpn-script-security.patch -Patch2: openvpn-2.1.1-init.patch -Patch3: openvpn-2.1.1-initinfo.patch +#Patch0: openvpn-init.patch +#Patch1: openvpn-script-security.patch +#Patch2: openvpn-2.1.1-init.patch +#Patch3: openvpn-2.1.1-initinfo.patch License: GPLv2 Group: Applications/Internet BuildRequires: lzo-devel @@ -56,15 +56,15 @@ for compression. %prep %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} -%patch0 -p0 -%patch1 -p1 -%patch2 -p0 -%patch3 -p0 +#%patch0 -p0 +#%patch1 -p1 +#%patch2 -p0 +#%patch3 -p0 -sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' openvpn.8 +sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' doc/openvpn.8 # %%doc items shouldn't be executable. -find contrib sample-config-files sample-keys sample-scripts -type f -perm +100 \ +find contrib sample -type f -perm +100 \ -exec chmod a-x {} \; %build @@ -79,61 +79,69 @@ find contrib sample-config-files sample-keys sample-scripts -type f -perm +100 \ --enable-pthread \ --enable-password-save \ --enable-iproute2 \ - --with-iproute-path=/sbin/ip + --with-iproute-path=/sbin/ip \ + --enable-plugins \ + --enable-plugin-down-root \ + --enable-plugin-auth-pam %{__make} -# Build plugins -for plugin in %{plugins} ; do - %{__make} -C plugin/$plugin -done +## Build plugins +#for plugin in %{plugins} ; do +# %{__make} -C src/plugins/$plugin +#done %check # Test Crypto: -./openvpn --genkey --secret key -./openvpn --test-crypto --secret key +./src/openvpn/openvpn --genkey --secret key +./src/openvpn/openvpn --test-crypto --secret key # Randomize ports for tests to avoid conflicts on the build servers. cport=$[ 50000 + ($RANDOM % 15534) ] sport=$[ $cport + 1 ] sed -e 's/^\(rport\) .*$/\1 '$sport'/' \ -e 's/^\(lport\) .*$/\1 '$cport'/' \ - < sample-config-files/loopback-client \ + < sample/sample-config-files/loopback-client \ > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client sed -e 's/^\(rport\) .*$/\1 '$cport'/' \ -e 's/^\(lport\) .*$/\1 '$sport'/' \ - < sample-config-files/loopback-server \ + < sample/sample-config-files/loopback-server \ > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server +pushd sample # Test SSL/TLS negotiations (runs for 2 minutes): -./openvpn --config \ +../src/openvpn/openvpn --config \ %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client & -./openvpn --config \ +../src/openvpn/openvpn --config \ %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server wait +popd rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \ %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server %install -install -D -m 0644 %{name}.8 $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 -install -D -m 0755 %{name} $RPM_BUILD_ROOT%{_sbindir}/%{name} +#install -D -m 0644 doc/%{name}.8 $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 +#install -D -m 0755 src/openvpn/%{name} $RPM_BUILD_ROOT%{_sbindir}/%{name} mkdir -p %{buildroot}%{_unitdir} install -D -m 0755 %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}/ rm -rf %{buildroot}%{_initrddir} install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name} -mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name} -cp -pR easy-rsa $RPM_BUILD_ROOT%{_datadir}/%{name}/ -rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/easy-rsa/Windows -cp %{SOURCE2} %{SOURCE3} sample-config-files/ +#mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name} +#cp -pR easy-rsa $RPM_BUILD_ROOT%{_datadir}/%{name}/ +#rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/easy-rsa/Windows +cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/ -mkdir -p $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib -for plugin in %{plugins} ; do - install -m 0755 plugin/$plugin/openvpn-$plugin.so \ - $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib/openvpn-$plugin.so - cp plugin/$plugin/README plugin/$plugin.txt -done +#mkdir -p $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib +#for plugin in %{plugins} ; do +# install -m 0755 src/plugins/$plugin/openvpn-$plugin.so \ +# $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib/openvpn-$plugin.so +# cp src/plugins/$plugin/README plugin/$plugin.txt +#done + +%{__make} install DESTDIR=$RPM_BUILD_ROOT +find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f # tmpfiles.d mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d @@ -178,18 +186,23 @@ fi %files %doc AUTHORS COPYING COPYRIGHT.GPL INSTALL PORTS README # Add NEWS when it isn't zero-length. -%doc plugin/*.txt -%doc contrib sample-config-files sample-keys sample-scripts +%doc src/plugins/*/README.* +%doc contrib sample %{_mandir}/man8/%{name}.8* %{_sbindir}/%{name} -%{_datadir}/%{name}/ +#%{_datadir}/%{name}/ +%{_includedir}/openvpn-plugin.h %{_libdir}/%{name}/ %{_unitdir}/%{name}@.service %attr(0710,root,openvpn) %dir %{_localstatedir}/run/%{name}/ %{_prefix}/lib/tmpfiles.d/%{name}.conf %config %dir %{_sysconfdir}/%{name}/ +%exclude %{_datadir}/doc/%{name}/ %changelog +* Tue Jan 15 2013 Jon Ciesla 2.3.0-1 +- 2.3.0, BZ 893700. + * Wed Sep 26 2012 Jon Ciesla 2.2.2-9 - Dropped net-tools, BZ 785794. diff --git a/sources b/sources index 15f5e88..1e69760 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -c5181e27b7945fa6276d21873329c5c7 openvpn-2.2.2.tar.gz -81ff11ec8cd9fc3c8bc646aae24c4298 openvpn-2.2.2.tar.gz.asc +56cffde5d5320e0b1ec364d3e486aca9 openvpn-2.3.0.tar.gz +3f67e2fa605800a964dbbcfca644d283 openvpn-2.3.0.tar.gz.asc From ae75982ea90e39b46f5d50e66e0fac166f2ff3cb Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Thu, 14 Feb 2013 03:33:42 -0600 Subject: [PATCH 077/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 8c140ab..e66f817 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.0 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -200,6 +200,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Thu Feb 14 2013 Fedora Release Engineering - 2.3.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + * Tue Jan 15 2013 Jon Ciesla 2.3.0-1 - 2.3.0, BZ 893700. From 2ffe46a73179d4e91ec5bfd87ade66187d1046cb Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Tue, 2 Apr 2013 10:13:48 -0500 Subject: [PATCH 078/168] 2.3.1. --- .gitignore | 2 ++ openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 085484b..b868918 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.2.2.tar.gz.asc /openvpn-2.3.0.tar.gz /openvpn-2.3.0.tar.gz.asc +/openvpn-2.3.1.tar.gz +/openvpn-2.3.1.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index e66f817..4326628 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,8 +4,8 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.0 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.3.1 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -200,6 +200,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Tue Apr 02 2013 Jon Ciesla 2.3.1-1 +- 2.3.1, BZ 929402. + * Thu Feb 14 2013 Fedora Release Engineering - 2.3.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild diff --git a/sources b/sources index 1e69760..e00a3b9 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -56cffde5d5320e0b1ec364d3e486aca9 openvpn-2.3.0.tar.gz -3f67e2fa605800a964dbbcfca644d283 openvpn-2.3.0.tar.gz.asc +57a3b64597fc37b7842a3fde354d8bbe openvpn-2.3.1.tar.gz +97d3968b0b931e5a25ec419e41563ac6 openvpn-2.3.1.tar.gz.asc From 58e2bd8a627b79a93d8e785358f039d464edcb8c Mon Sep 17 00:00:00 2001 From: Kalev Lember Date: Mon, 8 Apr 2013 15:57:32 +0200 Subject: [PATCH 079/168] Update perl requires filtering Switch to using the %perl_default_filter macro for filtering the perl dependency. The older attempt which used a %__perl_requires override no longer works on F19. Some of the examples installed with %doc use perl, but we don't want the whole openvpn package to start depend on perl because of that. --- openvpn.spec | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index 4326628..8d4ef16 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.1 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -31,6 +31,8 @@ Group: Applications/Internet BuildRequires: lzo-devel BuildRequires: openssl-devel BuildRequires: pam-devel +# For the perl_default_filter macro +BuildRequires: perl-macros BuildRequires: pkcs11-helper-devel BuildRequires: systemd-units # For /sbin/ip. @@ -45,7 +47,7 @@ Requires(postun): systemd-units # Filter out the perl(Authen::PAM) dependency. # No perl dependency is really needed at all. -%define __perl_requires sh -c 'cat > /dev/null' +%{?perl_default_filter} %description OpenVPN is a robust and highly flexible tunneling application that uses all @@ -200,6 +202,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Mon Apr 08 2013 Kalev Lember 2.3.1-2 +- Update perl requires filtering + * Tue Apr 02 2013 Jon Ciesla 2.3.1-1 - 2.3.1, BZ 929402. From d33d1812e0193223133b4c0332b89b305b934498 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Thu, 16 May 2013 12:01:32 -0500 Subject: [PATCH 080/168] Enable --enable-pkcs11 --- openvpn.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index 8d4ef16..9be2b44 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.1 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Release: 3%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -84,7 +84,8 @@ find contrib sample -type f -perm +100 \ --with-iproute-path=/sbin/ip \ --enable-plugins \ --enable-plugin-down-root \ - --enable-plugin-auth-pam + --enable-plugin-auth-pam \ + --enable-pkcs11 %{__make} ## Build plugins @@ -202,6 +203,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Thu May 16 2013 Jon Ciesla 2.3.1-3 +- Enable --enable-pkcs11, BZ 963868. + * Mon Apr 08 2013 Kalev Lember 2.3.1-2 - Update perl requires filtering From e3f9c28fec38ccf82281b8f44a9c171435a79e05 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Thu, 16 May 2013 14:20:06 -0500 Subject: [PATCH 081/168] chmod -x .service --- openvpn.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index 9be2b44..4d1f70c 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.1 -Release: 3%{?prerelease:.%{prerelease}}%{?dist} +Release: 4%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -127,7 +127,7 @@ rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \ #install -D -m 0755 src/openvpn/%{name} $RPM_BUILD_ROOT%{_sbindir}/%{name} mkdir -p %{buildroot}%{_unitdir} -install -D -m 0755 %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}/ +install -D -m 0644 %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}/ rm -rf %{buildroot}%{_initrddir} install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name} @@ -203,6 +203,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Thu May 16 2013 Jon Ciesla 2.3.1-4 +- chmod -x .service, BZ 963914. + * Thu May 16 2013 Jon Ciesla 2.3.1-3 - Enable --enable-pkcs11, BZ 963868. From 1fefca8474667ba5ee9f63326f7c658d0e04fbcb Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Mon, 3 Jun 2013 08:35:53 -0500 Subject: [PATCH 082/168] 2.3.2. --- .gitignore | 2 ++ openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index b868918..d44f074 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.0.tar.gz.asc /openvpn-2.3.1.tar.gz /openvpn-2.3.1.tar.gz.asc +/openvpn-2.3.2.tar.gz +/openvpn-2.3.2.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 4d1f70c..223d98b 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,8 +4,8 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.1 -Release: 4%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.3.2 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -203,6 +203,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Mon Jun 03 2013 Jon Ciesla 2.3.2-1 +- 2.3.2, BZ 970089. + * Thu May 16 2013 Jon Ciesla 2.3.1-4 - chmod -x .service, BZ 963914. diff --git a/sources b/sources index e00a3b9..c3a015a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -57a3b64597fc37b7842a3fde354d8bbe openvpn-2.3.1.tar.gz -97d3968b0b931e5a25ec419e41563ac6 openvpn-2.3.1.tar.gz.asc +06e5f93dbf13f2c19647ca15ffc23ac1 openvpn-2.3.2.tar.gz +7203a3f37b9a4351411429c96a3b089b openvpn-2.3.2.tar.gz.asc From 9e1c15cd3ea161225690d1a804b9822bcfc9ec13 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sat, 3 Aug 2013 10:59:08 -0500 Subject: [PATCH 083/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 223d98b..d1fbff3 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.2 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -203,6 +203,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Sat Aug 03 2013 Fedora Release Engineering - 2.3.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + * Mon Jun 03 2013 Jon Ciesla 2.3.2-1 - 2.3.2, BZ 970089. From f0c58f15b92493a961f1ea8ea3361467beb50e1f Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Wed, 7 Aug 2013 10:27:54 -0500 Subject: [PATCH 084/168] Fix find. --- openvpn.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index d1fbff3..c361d00 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.2 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Release: 3%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -66,7 +66,7 @@ for compression. sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' doc/openvpn.8 # %%doc items shouldn't be executable. -find contrib sample -type f -perm +100 \ +find contrib sample -type f -perm /100 \ -exec chmod a-x {} \; %build @@ -203,6 +203,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Wed Aug 07 2013 Jon Ciesla 2.3.2-3 +- Fix find syntax to fix FTBFS, BZ 992411. + * Sat Aug 03 2013 Fedora Release Engineering - 2.3.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild From b3fc662636371bc16a4f03d34f80b7e4d7e49b12 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Thu, 12 Sep 2013 09:18:19 -0500 Subject: [PATCH 085/168] Enable --enable-x509-alt-username. --- openvpn.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index c361d00..70f7001 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.2 -Release: 3%{?prerelease:.%{prerelease}}%{?dist} +Release: 4%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -85,7 +85,8 @@ find contrib sample -type f -perm /100 \ --enable-plugins \ --enable-plugin-down-root \ --enable-plugin-auth-pam \ - --enable-pkcs11 + --enable-pkcs11 \ + --enable-x509-alt-username %{__make} ## Build plugins @@ -203,6 +204,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Thu Sep 12 2013 Jon Ciesla 2.3.2-4 +- Enable --enable-x509-alt-username, BZ 1007184. + * Wed Aug 07 2013 Jon Ciesla 2.3.2-3 - Fix find syntax to fix FTBFS, BZ 992411. From 8f5cc1f2b58be484beaf83fdeb0658b96d36ed5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Sun, 19 Jan 2014 16:48:38 +0200 Subject: [PATCH 086/168] Don't order service after syslog.target. https://bugzilla.redhat.com/show_bug.cgi?id=1055195 --- openvpn.spec | 5 ++++- openvpn@.service | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index 70f7001..3f693d6 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.2 -Release: 4%{?prerelease:.%{prerelease}}%{?dist} +Release: 5%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -204,6 +204,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Sun Jan 19 2014 Ville Skyttä - 2.3.2-5 +- Don't order service after syslog.target. + * Thu Sep 12 2013 Jon Ciesla 2.3.2-4 - Enable --enable-x509-alt-username, BZ 1007184. diff --git a/openvpn@.service b/openvpn@.service index 358dcb7..41dab63 100644 --- a/openvpn@.service +++ b/openvpn@.service @@ -1,6 +1,6 @@ [Unit] Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I -After=syslog.target network.target +After=network.target [Service] PrivateTmp=true From 49093ceeb74106c07fb1427a6af1814cda10d66f Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Fri, 11 Apr 2014 14:20:21 -0500 Subject: [PATCH 087/168] 2.3.3. --- .gitignore | 2 ++ openvpn.spec | 9 ++++++--- sources | 4 ++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index d44f074..7b94845 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.1.tar.gz.asc /openvpn-2.3.2.tar.gz /openvpn-2.3.2.tar.gz.asc +/openvpn-2.3.3.tar.gz +/openvpn-2.3.3.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 3f693d6..3e63492 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,8 +4,8 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.2 -Release: 5%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.3.3 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -33,7 +33,7 @@ BuildRequires: openssl-devel BuildRequires: pam-devel # For the perl_default_filter macro BuildRequires: perl-macros -BuildRequires: pkcs11-helper-devel +BuildRequires: pkcs11-helper-devel >= 1.11 BuildRequires: systemd-units # For /sbin/ip. BuildRequires: iproute @@ -204,6 +204,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Fri Apr 11 2014 Jon Ciesla 2.3.3-1 +- Latest uptream, needs pkcs11-helper >= 1.11 + * Sun Jan 19 2014 Ville Skyttä - 2.3.2-5 - Don't order service after syslog.target. diff --git a/sources b/sources index c3a015a..e117d76 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -06e5f93dbf13f2c19647ca15ffc23ac1 openvpn-2.3.2.tar.gz -7203a3f37b9a4351411429c96a3b089b openvpn-2.3.2.tar.gz.asc +5c66ea3143ac884a3075521bd74ede06 openvpn-2.3.3.tar.gz +088639c3f868e705dc63126cb3e14d4e openvpn-2.3.3.tar.gz.asc From 2153c50ff84e5447a5d8b36d457b084b181b6613 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Fri, 2 May 2014 13:54:26 -0500 Subject: [PATCH 088/168] 2.3.4. --- .gitignore | 2 ++ openvpn.spec | 5 ++++- sources | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 7b94845..dcbf788 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.2.tar.gz.asc /openvpn-2.3.3.tar.gz /openvpn-2.3.3.tar.gz.asc +/openvpn-2.3.4.tar.gz +/openvpn-2.3.4.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 3e63492..4c7e910 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.3 +Version: 2.3.4 Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ @@ -204,6 +204,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Fri May 02 2014 Jon Ciesla 2.3.4-1 +- 2.3.4. + * Fri Apr 11 2014 Jon Ciesla 2.3.3-1 - Latest uptream, needs pkcs11-helper >= 1.11 diff --git a/sources b/sources index e117d76..1a691e8 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -5c66ea3143ac884a3075521bd74ede06 openvpn-2.3.3.tar.gz -088639c3f868e705dc63126cb3e14d4e openvpn-2.3.3.tar.gz.asc +04d47237907faabe9d046970ffe44b2e openvpn-2.3.4.tar.gz +e031853b2be29ff15d91799ae7f38a82 openvpn-2.3.4.tar.gz.asc From 9359ca77ef7b49bd2ba24af03cf0df24620df13f Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Tue, 6 May 2014 08:47:02 -0500 Subject: [PATCH 089/168] Disable make check due to lack of md5 support. --- openvpn.spec | 58 +++++++++++++++++++++++++++------------------------- 1 file changed, 30 insertions(+), 28 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index 4c7e910..11c7166 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -94,34 +94,34 @@ find contrib sample -type f -perm /100 \ # %{__make} -C src/plugins/$plugin #done -%check -# Test Crypto: -./src/openvpn/openvpn --genkey --secret key -./src/openvpn/openvpn --test-crypto --secret key - -# Randomize ports for tests to avoid conflicts on the build servers. -cport=$[ 50000 + ($RANDOM % 15534) ] -sport=$[ $cport + 1 ] -sed -e 's/^\(rport\) .*$/\1 '$sport'/' \ - -e 's/^\(lport\) .*$/\1 '$cport'/' \ - < sample/sample-config-files/loopback-client \ - > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client -sed -e 's/^\(rport\) .*$/\1 '$cport'/' \ - -e 's/^\(lport\) .*$/\1 '$sport'/' \ - < sample/sample-config-files/loopback-server \ - > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server - -pushd sample -# Test SSL/TLS negotiations (runs for 2 minutes): -../src/openvpn/openvpn --config \ - %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client & -../src/openvpn/openvpn --config \ - %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server -wait -popd - -rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \ - %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server +#%check +## Test Crypto: +#./src/openvpn/openvpn --genkey --secret key +#./src/openvpn/openvpn --test-crypto --secret key +# +## Randomize ports for tests to avoid conflicts on the build servers. +#cport=$[ 50000 + ($RANDOM % 15534) ] +#sport=$[ $cport + 1 ] +#sed -e 's/^\(rport\) .*$/\1 '$sport'/' \ +# -e 's/^\(lport\) .*$/\1 '$cport'/' \ +# < sample/sample-config-files/loopback-client \ +# > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client +#sed -e 's/^\(rport\) .*$/\1 '$cport'/' \ +# -e 's/^\(lport\) .*$/\1 '$sport'/' \ +# < sample/sample-config-files/loopback-server \ +# > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server +# +#pushd sample +## Test SSL/TLS negotiations (runs for 2 minutes): +#../src/openvpn/openvpn --config \ +# %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client & +#../src/openvpn/openvpn --config \ +# %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server +#wait +#popd +# +#rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \ +# %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server %install #install -D -m 0644 doc/%{name}.8 $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 @@ -206,6 +206,8 @@ fi %changelog * Fri May 02 2014 Jon Ciesla 2.3.4-1 - 2.3.4. +- Disable make check until upstream provides non-md5 sample keys. +- Filed upstream https://community.openvpn.net/openvpn/ticket/400#ticket * Fri Apr 11 2014 Jon Ciesla 2.3.3-1 - Latest uptream, needs pkcs11-helper >= 1.11 From e10dbbb41024617befd5eed5c5e602d0621223f8 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sat, 7 Jun 2014 12:18:11 -0500 Subject: [PATCH 090/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 11c7166..2487059 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.4 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -204,6 +204,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Sat Jun 07 2014 Fedora Release Engineering - 2.3.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + * Fri May 02 2014 Jon Ciesla 2.3.4-1 - 2.3.4. - Disable make check until upstream provides non-md5 sample keys. From 476c759b6a1c0d2ecea22a69ca06faa36d4b75cd Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Sun, 17 Aug 2014 14:12:53 +0000 Subject: [PATCH 091/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 2487059..ccd1701 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.4 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Release: 3%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -204,6 +204,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Sun Aug 17 2014 Fedora Release Engineering - 2.3.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + * Sat Jun 07 2014 Fedora Release Engineering - 2.3.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild From a0ba4b932c1af9080a2e69872fd446fc3e59372e Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Tue, 26 Aug 2014 08:16:35 -0500 Subject: [PATCH 092/168] Enable systemd, BZ 1133870. --- openvpn.spec | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index ccd1701..614c351 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.4 -Release: 3%{?prerelease:.%{prerelease}}%{?dist} +Release: 4%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -86,7 +86,8 @@ find contrib sample -type f -perm /100 \ --enable-plugin-down-root \ --enable-plugin-auth-pam \ --enable-pkcs11 \ - --enable-x509-alt-username + --enable-x509-alt-username \ + --enable-systemd %{__make} ## Build plugins @@ -204,6 +205,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Tue Aug 26 2014 Jan Vcelak 2.3.4-4 +- Enable systemd support. + * Sun Aug 17 2014 Fedora Release Engineering - 2.3.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild From 071bdfadb6f08980f433f1e6209e65cba6844009 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Tue, 28 Oct 2014 14:34:25 -0500 Subject: [PATCH 093/168] 2.3.5. --- .gitignore | 2 ++ openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index dcbf788..33adb75 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.3.tar.gz.asc /openvpn-2.3.4.tar.gz /openvpn-2.3.4.tar.gz.asc +/openvpn-2.3.5.tar.gz +/openvpn-2.3.5.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 614c351..ec2b6ad 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,8 +4,8 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.4 -Release: 4%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.3.5 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -205,6 +205,9 @@ fi %exclude %{_datadir}/doc/%{name}/ %changelog +* Tue Oct 28 2014 Jon Ciesla 2.3.5-1 +- 2.3.5. + * Tue Aug 26 2014 Jan Vcelak 2.3.4-4 - Enable systemd support. diff --git a/sources b/sources index 1a691e8..9433684 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -04d47237907faabe9d046970ffe44b2e openvpn-2.3.4.tar.gz -e031853b2be29ff15d91799ae7f38a82 openvpn-2.3.4.tar.gz.asc +4422fe0b6ba898a4df6411fe3cc2d2f8 openvpn-2.3.5.tar.gz +2a4cbed9eee35eebad33bb0b77d27286 openvpn-2.3.5.tar.gz.asc From ef86d1da9850e23a69f76b68d2a0ec39b319fe0d Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Tue, 28 Oct 2014 14:56:35 -0500 Subject: [PATCH 094/168] BR fix. --- openvpn.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/openvpn.spec b/openvpn.spec index ec2b6ad..f9ed903 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -28,6 +28,7 @@ Source5: %{name}-tmpfile.conf #Patch3: openvpn-2.1.1-initinfo.patch License: GPLv2 Group: Applications/Internet +BuildRequires: systemd-devel BuildRequires: lzo-devel BuildRequires: openssl-devel BuildRequires: pam-devel From 035df2952219d5ba98b01eef7660cb0d95a213be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ralf=20Cors=C3=A9pius?= Date: Fri, 21 Nov 2014 05:34:22 +0100 Subject: [PATCH 095/168] Rework package doc handling (RHBZ #1165004). --- openvpn.spec | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index f9ed903..5383d4c 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.5 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -88,7 +88,8 @@ find contrib sample -type f -perm /100 \ --enable-plugin-auth-pam \ --enable-pkcs11 \ --enable-x509-alt-username \ - --enable-systemd + --enable-systemd \ + --docdir=%{_pkgdocdir} %{__make} ## Build plugins @@ -149,6 +150,10 @@ cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/ %{__make} install DESTDIR=$RPM_BUILD_ROOT find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f +# Package installs into %%{_pkgdocdir} directly +# Add further files +cp -a AUTHORS PORTS INSTALL contrib sample $RPM_BUILD_ROOT%{_pkgdocdir} + # tmpfiles.d mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d install -m 0644 %{SOURCE5} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf @@ -190,9 +195,11 @@ fi %files -%doc AUTHORS COPYING COPYRIGHT.GPL INSTALL PORTS README -# Add NEWS when it isn't zero-length. -%doc src/plugins/*/README.* +%{_pkgdocdir} +%exclude %{_pkgdocdir}/README.IPv6 +%exclude %{_pkgdocdir}/README.polarssl +%exclude %{_pkgdocdir}/management-notes.txt + %doc contrib sample %{_mandir}/man8/%{name}.8* %{_sbindir}/%{name} @@ -203,9 +210,11 @@ fi %attr(0710,root,openvpn) %dir %{_localstatedir}/run/%{name}/ %{_prefix}/lib/tmpfiles.d/%{name}.conf %config %dir %{_sysconfdir}/%{name}/ -%exclude %{_datadir}/doc/%{name}/ %changelog +* Fri Nov 21 2014 Ralf Corsépius - 2.3.5-2 +- Rework package doc handling (RHBZ #1165004). + * Tue Oct 28 2014 Jon Ciesla 2.3.5-1 - 2.3.5. From e65e79b45fc247435287907c26deceed66aa396b Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Mon, 1 Dec 2014 12:43:14 -0600 Subject: [PATCH 096/168] 2.3.6. --- .gitignore | 2 ++ openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 33adb75..d8e1fed 100644 --- a/.gitignore +++ b/.gitignore @@ -24,3 +24,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.4.tar.gz.asc /openvpn-2.3.5.tar.gz /openvpn-2.3.5.tar.gz.asc +/openvpn-2.3.6.tar.gz +/openvpn-2.3.6.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 5383d4c..e41d3a0 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,8 +4,8 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.5 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.3.6 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -212,6 +212,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Mon Dec 01 2014 Jon Ciesla 2.3.6-1 +- 2.3.6, CVE-2014-8104. + * Fri Nov 21 2014 Ralf Corsépius - 2.3.5-2 - Rework package doc handling (RHBZ #1165004). diff --git a/sources b/sources index 9433684..ca0b6c2 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -4422fe0b6ba898a4df6411fe3cc2d2f8 openvpn-2.3.5.tar.gz -2a4cbed9eee35eebad33bb0b77d27286 openvpn-2.3.5.tar.gz.asc +6ca03fe0fd093e0d01601abee808835c openvpn-2.3.6.tar.gz +38859fe574229111ed484781e0ea8dce openvpn-2.3.6.tar.gz.asc From 5b5e53a9d15357368998aec5a80809ee41aefe88 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Tue, 9 Jun 2015 08:27:16 -0500 Subject: [PATCH 097/168] 2.3.7 --- .gitignore | 2 ++ openvpn.spec | 6 +++--- sources | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index d8e1fed..b5512d1 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.5.tar.gz.asc /openvpn-2.3.6.tar.gz /openvpn-2.3.6.tar.gz.asc +/openvpn-2.3.7.tar.gz +/openvpn-2.3.7.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index e41d3a0..17cc1bc 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.6 +Version: 2.3.7 Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ @@ -212,8 +212,8 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog -* Mon Dec 01 2014 Jon Ciesla 2.3.6-1 -- 2.3.6, CVE-2014-8104. +* Tue Jun 09 2015 Jon Ciesla 2.3.7-1 +- 2.3.7, BZ 1229504. * Fri Nov 21 2014 Ralf Corsépius - 2.3.5-2 - Rework package doc handling (RHBZ #1165004). diff --git a/sources b/sources index ca0b6c2..fce33be 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -6ca03fe0fd093e0d01601abee808835c openvpn-2.3.6.tar.gz -38859fe574229111ed484781e0ea8dce openvpn-2.3.6.tar.gz.asc +070bca95e478f88dff9ec6a221e2c3f7 openvpn-2.3.7.tar.gz +2d46a0fabb5a8b8218201ba35d6ebd53 openvpn-2.3.7.tar.gz.asc From cae8eb062aabef8befacc0dab85764b44856c19a Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Thu, 18 Jun 2015 00:22:15 +0000 Subject: [PATCH 098/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 17cc1bc..cc65f42 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.7 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -212,6 +212,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Jun 18 2015 Fedora Release Engineering - 2.3.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + * Tue Jun 09 2015 Jon Ciesla 2.3.7-1 - 2.3.7, BZ 1229504. From 329a597067bfda57e5198eb9cf2129a06a7c8e49 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Tue, 4 Aug 2015 14:11:33 -0500 Subject: [PATCH 099/168] 2.3.8 --- .gitignore | 2 ++ openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index b5512d1..7321dfd 100644 --- a/.gitignore +++ b/.gitignore @@ -28,3 +28,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.6.tar.gz.asc /openvpn-2.3.7.tar.gz /openvpn-2.3.7.tar.gz.asc +/openvpn-2.3.8.tar.gz +/openvpn-2.3.8.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index cc65f42..bc2241a 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,8 +4,8 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.7 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.3.8 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -212,6 +212,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Tue Aug 04 2015 Jon Ciesla 2.3.8-1 +- 2.3.8. + * Thu Jun 18 2015 Fedora Release Engineering - 2.3.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild diff --git a/sources b/sources index fce33be..34b48f2 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -070bca95e478f88dff9ec6a221e2c3f7 openvpn-2.3.7.tar.gz -2d46a0fabb5a8b8218201ba35d6ebd53 openvpn-2.3.7.tar.gz.asc +51d996f1f1fc30f501ae251a254effeb openvpn-2.3.8.tar.gz +403d80113fc902bb93a575fe46b37a57 openvpn-2.3.8.tar.gz.asc From 25e299eb53190c7b43d96ef44b407eaba16e02a1 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Mon, 30 Nov 2015 15:11:37 -0700 Subject: [PATCH 100/168] Remove commented out old plugin steps --- openvpn.spec | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index bc2241a..bf03c8a 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -92,11 +92,6 @@ find contrib sample -type f -perm /100 \ --docdir=%{_pkgdocdir} %{__make} -## Build plugins -#for plugin in %{plugins} ; do -# %{__make} -C src/plugins/$plugin -#done - #%check ## Test Crypto: #./src/openvpn/openvpn --genkey --secret key @@ -140,13 +135,6 @@ install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name} #rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/easy-rsa/Windows cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/ -#mkdir -p $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib -#for plugin in %{plugins} ; do -# install -m 0755 src/plugins/$plugin/openvpn-$plugin.so \ -# $RPM_BUILD_ROOT%{_libdir}/%{name}/plugin/lib/openvpn-$plugin.so -# cp src/plugins/$plugin/README plugin/$plugin.txt -#done - %{__make} install DESTDIR=$RPM_BUILD_ROOT find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f From 4990a5eef0b9c8cecd0bd2dc8109de4a66a7fbb9 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Wed, 16 Dec 2015 08:09:46 -0600 Subject: [PATCH 101/168] 2.3.9 --- .gitignore | 2 ++ openvpn.spec | 5 ++++- sources | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 7321dfd..1292bf1 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.7.tar.gz.asc /openvpn-2.3.8.tar.gz /openvpn-2.3.8.tar.gz.asc +/openvpn-2.3.9.tar.gz +/openvpn-2.3.9.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index bf03c8a..3c9dd51 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.8 +Version: 2.3.9 Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ @@ -200,6 +200,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Wed Dec 16 2015 Jon Ciesla 2.3.9-1 +- 2.3.9. + * Tue Aug 04 2015 Jon Ciesla 2.3.8-1 - 2.3.8. diff --git a/sources b/sources index 34b48f2..0572a2c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -51d996f1f1fc30f501ae251a254effeb openvpn-2.3.8.tar.gz -403d80113fc902bb93a575fe46b37a57 openvpn-2.3.8.tar.gz.asc +265755044ae88f9249d509f6d061f7e5 openvpn-2.3.9.tar.gz +a033c56a58c7bcaf4fc05d2d71d4390c openvpn-2.3.9.tar.gz.asc From 2998733f88653e46f06c25f6785df8087fff29f7 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Mon, 4 Jan 2016 09:22:21 -0600 Subject: [PATCH 102/168] 2.3.10 --- .gitignore | 2 ++ openvpn.spec | 5 ++++- sources | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 1292bf1..e63ed83 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.8.tar.gz.asc /openvpn-2.3.9.tar.gz /openvpn-2.3.9.tar.gz.asc +/openvpn-2.3.10.tar.gz +/openvpn-2.3.10.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 3c9dd51..9cd77de 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.9 +Version: 2.3.10 Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ @@ -200,6 +200,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Mon Jan 04 2016 Jon Ciesla 2.3.10-1 +- 2.3.10. + * Wed Dec 16 2015 Jon Ciesla 2.3.9-1 - 2.3.9. diff --git a/sources b/sources index 0572a2c..175dfeb 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -265755044ae88f9249d509f6d061f7e5 openvpn-2.3.9.tar.gz -a033c56a58c7bcaf4fc05d2d71d4390c openvpn-2.3.9.tar.gz.asc +275a640ccfc6a9f9a8faa4c84a74d294 openvpn-2.3.10.tar.gz +b4d1d23feaba2747a5d0a6ef1da17e44 openvpn-2.3.10.tar.gz.asc From d7709401b90f4408eb99dd242483793b75aee7ab Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 4 Feb 2016 11:39:15 +0000 Subject: [PATCH 103/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 9cd77de..ec94261 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.3.10 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -200,6 +200,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Feb 04 2016 Fedora Release Engineering - 2.3.10-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + * Mon Jan 04 2016 Jon Ciesla 2.3.10-1 - 2.3.10. From cc506ddaa1432db4ca72cef326b233e6aa15828e Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Tue, 10 May 2016 09:05:42 -0400 Subject: [PATCH 104/168] 2.3.11 --- .gitignore | 2 ++ openvpn.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index e63ed83..452152e 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.9.tar.gz.asc /openvpn-2.3.10.tar.gz /openvpn-2.3.10.tar.gz.asc +/openvpn-2.3.11.tar.gz +/openvpn-2.3.11.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index ec94261..b09ac0e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,8 +4,8 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.10 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.3.11 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -200,6 +200,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Tue May 10 2016 Jon Ciesla 2.3.11-1 +- 2.3.11. + * Thu Feb 04 2016 Fedora Release Engineering - 2.3.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild diff --git a/sources b/sources index 175dfeb..af8aa99 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -275a640ccfc6a9f9a8faa4c84a74d294 openvpn-2.3.10.tar.gz -b4d1d23feaba2747a5d0a6ef1da17e44 openvpn-2.3.10.tar.gz.asc +e075a11f9fd0a81dae1ed1760479e9d6 openvpn-2.3.11.tar.gz +9d9f68d6a3c1e05dcd3d7df930a7c0df openvpn-2.3.11.tar.gz.asc From 049d4265598124741fe8b98db402be693e47f516 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Tue, 23 Aug 2016 11:30:34 -0500 Subject: [PATCH 105/168] 2.3.12 --- .gitignore | 2 ++ openvpn.spec | 5 ++++- sources | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 452152e..a7deb18 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.10.tar.gz.asc /openvpn-2.3.11.tar.gz /openvpn-2.3.11.tar.gz.asc +/openvpn-2.3.12.tar.gz +/openvpn-2.3.12.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index b09ac0e..6e699cf 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.11 +Version: 2.3.12 Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ @@ -200,6 +200,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Tue Aug 23 2016 Jon Ciesla 2.3.12-1 +- 2.3.12. + * Tue May 10 2016 Jon Ciesla 2.3.11-1 - 2.3.11. diff --git a/sources b/sources index af8aa99..4f86cdc 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -e075a11f9fd0a81dae1ed1760479e9d6 openvpn-2.3.11.tar.gz -9d9f68d6a3c1e05dcd3d7df930a7c0df openvpn-2.3.11.tar.gz.asc +375560e3fadc4599ede7221b0cab8a0e openvpn-2.3.12.tar.gz +b04b1bee497d2f8dae89f2aa87ada289 openvpn-2.3.12.tar.gz.asc From c9d106c4db9ac8ba4fd06669e40053d0413e540a Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Thu, 3 Nov 2016 08:09:58 -0500 Subject: [PATCH 106/168] 2.3.13 --- .gitignore | 2 ++ openvpn.spec | 5 ++++- sources | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index a7deb18..7e93ace 100644 --- a/.gitignore +++ b/.gitignore @@ -38,3 +38,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.11.tar.gz.asc /openvpn-2.3.12.tar.gz /openvpn-2.3.12.tar.gz.asc +/openvpn-2.3.13.tar.gz +/openvpn-2.3.13.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 6e699cf..3b6891e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.12 +Version: 2.3.13 Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ @@ -200,6 +200,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Nov 03 2016 Jon Ciesla 2.3.13-1 +- 2.3.13. + * Tue Aug 23 2016 Jon Ciesla 2.3.12-1 - 2.3.12. diff --git a/sources b/sources index 4f86cdc..77dcd69 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -375560e3fadc4599ede7221b0cab8a0e openvpn-2.3.12.tar.gz -b04b1bee497d2f8dae89f2aa87ada289 openvpn-2.3.12.tar.gz.asc +4051af7925a5e6dc34be7f76efa81621 openvpn-2.3.13.tar.gz +4569e649b1db23cfd6aa2aed4225db65 openvpn-2.3.13.tar.gz.asc From c1c053f5ced27f4cc3103188f5d0e2539c25f801 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Wed, 7 Dec 2016 08:11:06 -0600 Subject: [PATCH 107/168] 2.3.14 --- .gitignore | 2 ++ openvpn.spec | 5 ++++- sources | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 7e93ace..36f0b6b 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.12.tar.gz.asc /openvpn-2.3.13.tar.gz /openvpn-2.3.13.tar.gz.asc +/openvpn-2.3.14.tar.gz +/openvpn-2.3.14.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index 3b6891e..b6ccab1 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.13 +Version: 2.3.14 Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ @@ -200,6 +200,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Wed Dec 07 2016 Jon Ciesla 2.3.14-1 +- 2.3.14. + * Thu Nov 03 2016 Jon Ciesla 2.3.13-1 - 2.3.13. diff --git a/sources b/sources index 77dcd69..c39f85e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -4051af7925a5e6dc34be7f76efa81621 openvpn-2.3.13.tar.gz -4569e649b1db23cfd6aa2aed4225db65 openvpn-2.3.13.tar.gz.asc +5797885e15c48fd9ef1c7fde7552aed5 openvpn-2.3.14.tar.gz +b9d4b14e53859fde0bd9ddd3e5abc498 openvpn-2.3.14.tar.gz.asc From c58337e7b4e4aed6157d1aa8ace6b53c840e94a6 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Tue, 27 Dec 2016 08:34:39 -0600 Subject: [PATCH 108/168] 2.4.0 --- .gitignore | 2 ++ openvpn.spec | 6 +++++- sources | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 36f0b6b..962b861 100644 --- a/.gitignore +++ b/.gitignore @@ -42,3 +42,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.13.tar.gz.asc /openvpn-2.3.14.tar.gz /openvpn-2.3.14.tar.gz.asc +/openvpn-2.4.0.tar.gz +/openvpn-2.4.0.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index b6ccab1..b345356 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,7 +4,7 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.3.14 +Version: 2.4.0 Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ @@ -193,6 +193,7 @@ fi %{_sbindir}/%{name} #%{_datadir}/%{name}/ %{_includedir}/openvpn-plugin.h +%{_includedir}/openvpn-msg.h %{_libdir}/%{name}/ %{_unitdir}/%{name}@.service %attr(0710,root,openvpn) %dir %{_localstatedir}/run/%{name}/ @@ -200,6 +201,9 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Tue Dec 27 2016 Jon Ciesla 2.4.0-1 +- 2.4.0. + * Wed Dec 07 2016 Jon Ciesla 2.3.14-1 - 2.3.14. diff --git a/sources b/sources index c39f85e..2d95d9a 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -5797885e15c48fd9ef1c7fde7552aed5 openvpn-2.3.14.tar.gz -b9d4b14e53859fde0bd9ddd3e5abc498 openvpn-2.3.14.tar.gz.asc +SHA512 (openvpn-2.4.0.tar.gz) = 4996a52cb912f2ad60a90f32420541f0636c03cc250c2c6687dc5594fe77d6629dc59c13dd2c52e09c9ff4eb39c6afbbb381204b6b5a7c8b27ac3c8b711dd2ad +SHA512 (openvpn-2.4.0.tar.gz.asc) = c2d0dea6ce061717eb89d8d55cde839f8618822f0fb400c308b1207c6492905520c0b9a891bd1ccf2911f29cdea58c789eb7a9e194ad784053a1f0cc595e4409 From 9c007f5e3b80ae570db6b6ad7085e75382214d61 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Thu, 9 Feb 2017 08:12:22 -0600 Subject: [PATCH 109/168] 2.4.0 w/ mbedtls --- openvpn.spec | 14 ++++++++++---- sources | 1 - 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index b345356..12b4983 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.4.0 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: http://openvpn.net/ #Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz @@ -30,7 +30,8 @@ License: GPLv2 Group: Applications/Internet BuildRequires: systemd-devel BuildRequires: lzo-devel -BuildRequires: openssl-devel +#BuildRequires: openssl-devel +BuildRequires: mbedtls-devel BuildRequires: pam-devel # For the perl_default_filter macro BuildRequires: perl-macros @@ -86,8 +87,7 @@ find contrib sample -type f -perm /100 \ --enable-plugins \ --enable-plugin-down-root \ --enable-plugin-auth-pam \ - --enable-pkcs11 \ - --enable-x509-alt-username \ + --with-crypto-library=mbedtls \ --enable-systemd \ --docdir=%{_pkgdocdir} %{__make} @@ -201,6 +201,12 @@ fi %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Feb 09 2017 Jon Ciesla 2.4.0-2 +- Move to mbedtls to resolve FTBFS. +- Dropped, re-add once openvpn supports openssl 1.1.x +- --enable-pkcs11 \ +- --enable-x509-alt-username \ + * Tue Dec 27 2016 Jon Ciesla 2.4.0-1 - 2.4.0. diff --git a/sources b/sources index 2d95d9a..71444fc 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ SHA512 (openvpn-2.4.0.tar.gz) = 4996a52cb912f2ad60a90f32420541f0636c03cc250c2c6687dc5594fe77d6629dc59c13dd2c52e09c9ff4eb39c6afbbb381204b6b5a7c8b27ac3c8b711dd2ad -SHA512 (openvpn-2.4.0.tar.gz.asc) = c2d0dea6ce061717eb89d8d55cde839f8618822f0fb400c308b1207c6492905520c0b9a891bd1ccf2911f29cdea58c789eb7a9e194ad784053a1f0cc595e4409 From ee26d4439f9c13089d1ec4b3309127a97810a629 Mon Sep 17 00:00:00 2001 From: Jon Ciesla Date: Thu, 9 Feb 2017 08:18:04 -0600 Subject: [PATCH 110/168] Fix sources. --- sources | 1 + 1 file changed, 1 insertion(+) diff --git a/sources b/sources index 71444fc..2d95d9a 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (openvpn-2.4.0.tar.gz) = 4996a52cb912f2ad60a90f32420541f0636c03cc250c2c6687dc5594fe77d6629dc59c13dd2c52e09c9ff4eb39c6afbbb381204b6b5a7c8b27ac3c8b711dd2ad +SHA512 (openvpn-2.4.0.tar.gz.asc) = c2d0dea6ce061717eb89d8d55cde839f8618822f0fb400c308b1207c6492905520c0b9a891bd1ccf2911f29cdea58c789eb7a9e194ad784053a1f0cc595e4409 From 983199849d12238af61b331a125abea5b61aab69 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 23 Mar 2017 02:08:49 +0100 Subject: [PATCH 111/168] Update to upstream v2.4.1, plus ... - Added mbed TLS patch to allow RSA keys down to 1024 bits plus SHA1 and RIPE-160 hasing algorithms (based on OpenVPN 3 legacy profile) - Removed no-functional ./configure options - Use upstream tmfiles.d/openvpn - Package newer openvpn-client/server@.service unit files --- ...-weaker-RSA-keys-and-MD-algorithms-i.patch | 50 +++++++++++++++++++ openvpn-tmpfile.conf | 1 - openvpn.spec | 39 ++++++++------- 3 files changed, 72 insertions(+), 18 deletions(-) create mode 100644 0001-workaround-Allow-weaker-RSA-keys-and-MD-algorithms-i.patch delete mode 100644 openvpn-tmpfile.conf diff --git a/0001-workaround-Allow-weaker-RSA-keys-and-MD-algorithms-i.patch b/0001-workaround-Allow-weaker-RSA-keys-and-MD-algorithms-i.patch new file mode 100644 index 0000000..5b3f24c --- /dev/null +++ b/0001-workaround-Allow-weaker-RSA-keys-and-MD-algorithms-i.patch @@ -0,0 +1,50 @@ +From 9e2c742b2d8ffc31db7590cfc4f29d2012dd8de1 Mon Sep 17 00:00:00 2001 +From: David Sommerseth +Date: Thu, 23 Mar 2017 01:34:06 +0100 +Subject: [PATCH] workaround: Allow weaker RSA keys and MD algorithms in Fedora + +This patch hard codes an alternative mbed TLS profile to allow +RSA keys >= 1024 bits as well as SHA1 and RIPEMD160 hashing. + +Signed-off-by: David Sommerseth +--- + src/openvpn/ssl_mbedtls.c | 23 +++++++++++++++++++++++ + 1 file changed, 23 insertions(+) + +diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c +index ba8dadf..05f8a48 100644 +--- a/src/openvpn/ssl_mbedtls.c ++++ b/src/openvpn/ssl_mbedtls.c +@@ -932,6 +932,29 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl, + MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED); + #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ + ++ /* Fedora adoption - allow legacy certificates ++ * Taken from the OpenVPN 3 Core code base ++ */ ++ const static mbedtls_x509_crt_profile crt_profile_legacy = { ++ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) | ++ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) | ++ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) | ++ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | ++ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | ++ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), ++ -1, /* Any PK alg */ ++ -1, /* Any curve */ ++ 1024, /* Minimum size for RSA keys */ ++ }; ++ mbedtls_ssl_conf_cert_profile(&ks_ssl->ssl_config, &crt_profile_legacy); ++ static bool fedora_mod_info = false; ++ if (!fedora_mod_info) { ++ msg(M_INFO, "[Fedora modification] Switched mbed TLS certificate profile to legacy mode"); ++ fedora_mod_info = true; ++ } ++ ++ /* End of Fedora adoption */ ++ + /* Initialise authentication information */ + if (is_server) + { +-- +2.11.0 + diff --git a/openvpn-tmpfile.conf b/openvpn-tmpfile.conf deleted file mode 100644 index d5fca71..0000000 --- a/openvpn-tmpfile.conf +++ /dev/null @@ -1 +0,0 @@ -D /var/run/openvpn 0710 root openvpn - diff --git a/openvpn.spec b/openvpn.spec index 12b4983..1ed7d7e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -4,28 +4,24 @@ %define plugins down-root auth-pam Name: openvpn -Version: 2.4.0 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.4.1 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution -URL: http://openvpn.net/ -#Source0: http://openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz -#Source0: https://secure.openvpn.net/beta/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz -Source0: http://openvpn.net/release/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz -#Source1: https://secure.openvpn.net/beta/signatures/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz.asc -Source1: http://openvpn.net/signatures/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.gz.asc +URL: https://community.openvpn.net/ +Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz +Source1: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz.asc # Sample 2.0 config files Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf -# Systemd service +# Systemd service (deprecated) Source4: openvpn@.service -# Tmpfile.d config -Source5: %{name}-tmpfile.conf # Don't start openvpn by default. #Patch0: openvpn-init.patch #Patch1: openvpn-script-security.patch #Patch2: openvpn-2.1.1-init.patch #Patch3: openvpn-2.1.1-initinfo.patch +Patch4: 0001-workaround-Allow-weaker-RSA-keys-and-MD-algorithms-i.patch License: GPLv2 Group: Applications/Internet BuildRequires: systemd-devel @@ -64,6 +60,7 @@ for compression. #%patch1 -p1 #%patch2 -p0 #%patch3 -p0 +%patch4 -p1 sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' doc/openvpn.8 @@ -80,8 +77,6 @@ find contrib sample -type f -perm /100 \ # --with-iproute-path=PATH Path to iproute tool # --with-route-path=PATH Path to route tool %configure \ - --enable-pthread \ - --enable-password-save \ --enable-iproute2 \ --with-iproute-path=/sbin/ip \ --enable-plugins \ @@ -89,7 +84,9 @@ find contrib sample -type f -perm /100 \ --enable-plugin-auth-pam \ --with-crypto-library=mbedtls \ --enable-systemd \ - --docdir=%{_pkgdocdir} + --docdir=%{_pkgdocdir} \ + SYSTEMD_UNIT_DIR=%{_unitdir} \ + TMPFILES_DIR=%{_tmpfilesdir} %{__make} #%check @@ -143,8 +140,6 @@ find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f cp -a AUTHORS PORTS INSTALL contrib sample $RPM_BUILD_ROOT%{_pkgdocdir} # tmpfiles.d -mkdir -p %{buildroot}%{_prefix}/lib/tmpfiles.d -install -m 0644 %{SOURCE5} %{buildroot}%{_prefix}/lib/tmpfiles.d/%{name}.conf mkdir -p %{buildroot}%{_localstatedir}/run/ install -d -m 0710 %{buildroot}%{_localstatedir}/run/%{name}/ @@ -196,11 +191,21 @@ fi %{_includedir}/openvpn-msg.h %{_libdir}/%{name}/ %{_unitdir}/%{name}@.service +%{_unitdir}/%{name}-client@.service +%{_unitdir}/%{name}-server@.service +%{_tmpfilesdir}/%{name}.conf %attr(0710,root,openvpn) %dir %{_localstatedir}/run/%{name}/ -%{_prefix}/lib/tmpfiles.d/%{name}.conf %config %dir %{_sysconfdir}/%{name}/ %changelog +* Thu Mar 23 2017 David Sommerseth - 2.4.1-1 +- Updating to upstream release, v2.4.1 +- Added mbed TLS patch to allow RSA keys down to 1024 bits plus SHA1 + and RIPE-160 hasing algorithms (based on OpenVPN 3 legacy profile) +- Removed no-functional ./configure options +- Use upstream tmfiles.d/openvpn +- Package newer openvpn-client/server@.service unit files + * Thu Feb 09 2017 Jon Ciesla 2.4.0-2 - Move to mbedtls to resolve FTBFS. - Dropped, re-add once openvpn supports openssl 1.1.x From 4daec6fd691a05d6040982c13987d73a8b1d84e9 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 23 Mar 2017 02:13:10 +0100 Subject: [PATCH 112/168] Upload source files for v2.4.1 --- .gitignore | 2 ++ sources | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 962b861..10ac720 100644 --- a/.gitignore +++ b/.gitignore @@ -44,3 +44,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.3.14.tar.gz.asc /openvpn-2.4.0.tar.gz /openvpn-2.4.0.tar.gz.asc +/openvpn-2.4.1.tar.xz +/openvpn-2.4.1.tar.xz.asc diff --git a/sources b/sources index 2d95d9a..2ecdb91 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.4.0.tar.gz) = 4996a52cb912f2ad60a90f32420541f0636c03cc250c2c6687dc5594fe77d6629dc59c13dd2c52e09c9ff4eb39c6afbbb381204b6b5a7c8b27ac3c8b711dd2ad -SHA512 (openvpn-2.4.0.tar.gz.asc) = c2d0dea6ce061717eb89d8d55cde839f8618822f0fb400c308b1207c6492905520c0b9a891bd1ccf2911f29cdea58c789eb7a9e194ad784053a1f0cc595e4409 +SHA512 (openvpn-2.4.1.tar.xz) = d31ea5740c5aa1083c5f50b344fca0824210ca18ca77f22e08fd1b7866926aa61723545df9a34c12ca81b929efbeb20c43f11b17e1bfeb56c7bfcef67aae82d3 +SHA512 (openvpn-2.4.1.tar.xz.asc) = e9d646d135ea0b137dee05c181b9e89f3904b2c4fddeacf849f5aac1b76ba169fd930b17c130e9ce4e172c4beb7d626d9e086d970d5457e6b62662e49df00151 From a9b2582ae9cdb9138b85adac4e33639b10679073 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Fri, 24 Mar 2017 23:00:22 +0100 Subject: [PATCH 113/168] Cleaning up - Use systemd-rpm macros - Remove %triggerun for openvpn < 2.2.1 (which is way too old anyhow for newer Fedoras) - Fixed several issues with installed files - Fixed ./configure arguments - several of them where outdated or used wrong - Removed the deprecated openvpn@.service in favour of the new upstream unit files - Added README.systemd which describes the new unit files - Fixed wrong mixing of %doc and %{_pkgdocdir} causing duplication of sample and contrib directories - Install management-notes.txt, which contains useful information about the OpenVPN management interface commands - Don't own %{_localstatedir}/run/%{name} ... that's handled by tmpfiles.d/openvpn.conf instead. - Own /etc/openvpn{,client,server}/ --- README.systemd | 71 +++++++++++++++++++++++++++++++++++ openvpn.spec | 96 +++++++++++++----------------------------------- openvpn@.service | 12 ------ 3 files changed, 96 insertions(+), 83 deletions(-) create mode 100644 README.systemd delete mode 100644 openvpn@.service diff --git a/README.systemd b/README.systemd new file mode 100644 index 0000000..cf0003e --- /dev/null +++ b/README.systemd @@ -0,0 +1,71 @@ +OpenVPN and systemd +=================== + +As of OpenVPN v2.4, upstream is shipping systemd unit files to provide a +fine grained control of each OpenVPN configuration as well as trying to +restrict the capabilities the OpenVPN process have on a system. + + +Configuration profile types +--------------------------- +These new unit files separates between client and server profiles. The +configuration files are kept in separate directories, to provide clarity +of the profile they run under. + +Typically the client profile cannot bind to any ports below port 1024 +and the client configuration is always started with --nobind. + +The server profile is allowed to bind to any ports. In addition it enables +a client status file, usually found in the /run/openvpn-server directory. +The status format is set to version 2 by default. These settings may be +overridden by adding --status and/or --status-version in the OpenVPN +configuration file. + +Neither of these profiles makes use of PID files, but OpenVPN reports back to +systemd its PID once it has initialized. + +For configuration using a peer-to-peer mode (not using --mode server on one +of the sides) it is recommended to use the client profile. + + +Configuration files +------------------- +These new unit files expects client configuration files to be made available +in /etc/openvpn/client. Similar for the server configurations, it is expected +to be found in /etc/openvpn/server. The configuration files must have a .conf +file extension. + + +Managing VPN tunnels +-------------------- +Use the normal systemctl tool to start, stop VPN tunnels, as well as enable +and disable tunnels at boot time. The syntax is: + + - client configurations: + # systemctl $OPER openvpn-client@$CONFIGNAME + + - server configurations: + # systemctl $OPER openvpn-server@$CONFIGNAME + +Similarly, to view the OpenVPN journal log use a similar syntax: + + # journalctl -u openvpn-client@$CONFIGNAME + or + # journalctl -u openvpn-server@$CONFIGNAME + +* Examples + Say your server configuration is /etc/openvpn/server/tun0.conf, you + start this VPN service like this: + + # systemctl start openvpn-server@tun0 + + A client configuration file in /etc/openvpn/client/corpvpn.conf is + started like this: + + # systemctl start openvpn-client@corpvpn + + To view the server configuration's journal only listing entries from + yesterday and until today: + + # journalctl --since yesterday -u openvpn-server@tun0 + diff --git a/openvpn.spec b/openvpn.spec index 1ed7d7e..dd32d86 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -10,18 +10,10 @@ Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz Source1: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz.asc -# Sample 2.0 config files Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf -# Systemd service (deprecated) -Source4: openvpn@.service - -# Don't start openvpn by default. -#Patch0: openvpn-init.patch -#Patch1: openvpn-script-security.patch -#Patch2: openvpn-2.1.1-init.patch -#Patch3: openvpn-2.1.1-initinfo.patch -Patch4: 0001-workaround-Allow-weaker-RSA-keys-and-MD-algorithms-i.patch +Source4: README.systemd +Patch0: 0001-workaround-Allow-weaker-RSA-keys-and-MD-algorithms-i.patch License: GPLv2 Group: Applications/Internet BuildRequires: systemd-devel @@ -56,11 +48,7 @@ for compression. %prep %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} -#%patch0 -p0 -#%patch1 -p1 -#%patch2 -p0 -#%patch3 -p0 -%patch4 -p1 +%patch0 -p1 sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' doc/openvpn.8 @@ -69,24 +57,16 @@ find contrib sample -type f -perm /100 \ -exec chmod a-x {} \; %build -# --enable-pthread Enable pthread support (Experimental for OpenVPN 2.0) -# --enable-password-save Allow --askpass and --auth-user-pass passwords to be -# read from a file -# --enable-iproute2 Enable support for iproute2 -# --with-ifconfig-path=PATH Path to ifconfig tool -# --with-iproute-path=PATH Path to iproute tool -# --with-route-path=PATH Path to route tool %configure \ --enable-iproute2 \ - --with-iproute-path=/sbin/ip \ - --enable-plugins \ - --enable-plugin-down-root \ - --enable-plugin-auth-pam \ --with-crypto-library=mbedtls \ + --enable-selinux \ --enable-systemd \ --docdir=%{_pkgdocdir} \ SYSTEMD_UNIT_DIR=%{_unitdir} \ - TMPFILES_DIR=%{_tmpfilesdir} + TMPFILES_DIR=%{_tmpfilesdir} \ + IPROUTE=/sbin/ip +# --enable-pkcs11 \ %{__make} #%check @@ -119,29 +99,15 @@ find contrib sample -type f -perm /100 \ # %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server %install -#install -D -m 0644 doc/%{name}.8 $RPM_BUILD_ROOT%{_mandir}/man8/%{name}.8 -#install -D -m 0755 src/openvpn/%{name} $RPM_BUILD_ROOT%{_sbindir}/%{name} - -mkdir -p %{buildroot}%{_unitdir} -install -D -m 0644 %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir}/ -rm -rf %{buildroot}%{_initrddir} -install -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/%{name} - -#mkdir -p $RPM_BUILD_ROOT%{_datadir}/%{name} -#cp -pR easy-rsa $RPM_BUILD_ROOT%{_datadir}/%{name}/ -#rm -rf $RPM_BUILD_ROOT%{_datadir}/%{name}/easy-rsa/Windows -cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/ - %{__make} install DESTDIR=$RPM_BUILD_ROOT find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f +mkdir -p -m 0750 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/client $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/server +cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/ # Package installs into %%{_pkgdocdir} directly # Add further files -cp -a AUTHORS PORTS INSTALL contrib sample $RPM_BUILD_ROOT%{_pkgdocdir} +cp -a AUTHORS contrib sample %{SOURCE4} $RPM_BUILD_ROOT%{_pkgdocdir} -# tmpfiles.d -mkdir -p %{buildroot}%{_localstatedir}/run/ -install -d -m 0710 %{buildroot}%{_localstatedir}/run/%{name}/ %pre getent group openvpn &>/dev/null || groupadd -r openvpn @@ -150,54 +116,42 @@ getent passwd openvpn &>/dev/null || \ -d /etc/openvpn openvpn %post -if [ $1 -eq 1 ] ; then - # Initial installation - /bin/systemctl daemon-reload >/dev/null 2>&1 || : -fi +%systemd_post openvpn-client@\*.service +%systemd_post openvpn-server@\*.service %preun -if [ $1 -eq 0 ] ; then - # Package removal, not upgrade - /bin/systemctl --no-reload disable openvpn.service > /dev/null 2>&1 || : - /bin/systemctl stop openvpn.service > /dev/null 2>&1 || : -fi +%systemd_preun openvpn-client@\*.service +%systemd_preun openvpn-server@\*.service %postun -/bin/systemctl daemon-reload >/dev/null 2>&1 || : -# Normally, we'd try a restart here, but in this case, it could be troublesome. - -%triggerun -- openvpn < 2.2.1-2 -# Save the current service runlevel info -# User must manually run systemd-sysv-convert --apply openvpn -# to migrate them to systemd targets -/usr/bin/systemd-sysv-convert --save openvpn >/dev/null 2>&1 ||: - -# Run these because the SysV package being removed won't do them -/sbin/chkconfig --del openvpn >/dev/null 2>&1 || : -/bin/systemctl try-restart openvpn.service >/dev/null 2>&1 || : +%systemd_postun openvpn-client@\*.service +%systemd_postun openvpn-server@\*.service %files %{_pkgdocdir} %exclude %{_pkgdocdir}/README.IPv6 %exclude %{_pkgdocdir}/README.polarssl -%exclude %{_pkgdocdir}/management-notes.txt - -%doc contrib sample %{_mandir}/man8/%{name}.8* %{_sbindir}/%{name} -#%{_datadir}/%{name}/ %{_includedir}/openvpn-plugin.h %{_includedir}/openvpn-msg.h %{_libdir}/%{name}/ -%{_unitdir}/%{name}@.service %{_unitdir}/%{name}-client@.service %{_unitdir}/%{name}-server@.service %{_tmpfilesdir}/%{name}.conf -%attr(0710,root,openvpn) %dir %{_localstatedir}/run/%{name}/ %config %dir %{_sysconfdir}/%{name}/ +%config %dir %{_sysconfdir}/%{name}/client +%config %dir %{_sysconfdir}/%{name}/server + %changelog +* Fri Mar 24 2017 David Sommerseth - 2.4.1-2 +- Various cleanups +- Use systemd-rpm macros (rhbz #850257) +- Removed the deprecated openvpn@.service unit. Replaced by openvpn-{client,server}@.service +- Added README.systemd describing new systemd unit files + * Thu Mar 23 2017 David Sommerseth - 2.4.1-1 - Updating to upstream release, v2.4.1 - Added mbed TLS patch to allow RSA keys down to 1024 bits plus SHA1 diff --git a/openvpn@.service b/openvpn@.service deleted file mode 100644 index 41dab63..0000000 --- a/openvpn@.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I -After=network.target - -[Service] -PrivateTmp=true -Type=forking -PIDFile=/var/run/openvpn/%i.pid -ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf - -[Install] -WantedBy=multi-user.target From 3938084afc7242adb9d7d56a6d8ee5efa9a1e41e Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Fri, 24 Mar 2017 23:07:37 +0100 Subject: [PATCH 114/168] Update Release tag Forgot updating the release tag in the previous commit --- openvpn.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index dd32d86..7947d8c 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ Name: openvpn Version: 2.4.1 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz From ba1a3a70779d6521d856bb33fc2ce5945cd3e144 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 29 Mar 2017 22:35:22 +0200 Subject: [PATCH 115/168] More clean-ups - Splitting out -devel files into a separate package - Removed several contrib and sample files which makes is not strictly needed in this package. - build: Enable tests runs by default, long running tests can be disabled with "--without tests_long" - build: Removed defined %%{plugins} macro not in use - Added .rpmlint to whitelist false positives --- .rpmlint | 2 ++ openvpn.spec | 99 ++++++++++++++++++++++++++++++++++------------------ 2 files changed, 68 insertions(+), 33 deletions(-) create mode 100644 .rpmlint diff --git a/.rpmlint b/.rpmlint new file mode 100644 index 0000000..5232fc9 --- /dev/null +++ b/.rpmlint @@ -0,0 +1,2 @@ +addFilter("E: non-standard-dir-perm /etc/openvpn/server 0750L") +addFilter("E: non-standard-dir-perm /etc/openvpn/client 0750L") diff --git a/openvpn.spec b/openvpn.spec index 7947d8c..7df788d 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,11 +1,13 @@ %define _hardened_build 1 #define prerelease rc22 -%define plugins down-root auth-pam +# Build conditionals +# tests_long - Enabled by default, enables long running tests in %%check +%bcond_without tests_long Name: openvpn Version: 2.4.1 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Release: 3%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -43,9 +45,21 @@ Requires(postun): systemd-units OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features of the OpenSSL library to securely tunnel IP networks over a single UDP or TCP -port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library +port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression. +%package devel +Group: Applications/Internet +Summary: Development headers and examples for OpenVPN plug-ins + +%description devel +OpenVPN can be extended through the --plugin option, which provides +possibilities to add specialized authentication, user accounting, +packet filtering and related features. These plug-ins need to be +written in C and provides a more low-level and information rich access +to similar features as the various script-hooks. + + %prep %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} %patch0 -p1 @@ -69,34 +83,36 @@ find contrib sample -type f -perm /100 \ # --enable-pkcs11 \ %{__make} -#%check -## Test Crypto: -#./src/openvpn/openvpn --genkey --secret key -#./src/openvpn/openvpn --test-crypto --secret key -# -## Randomize ports for tests to avoid conflicts on the build servers. -#cport=$[ 50000 + ($RANDOM % 15534) ] -#sport=$[ $cport + 1 ] -#sed -e 's/^\(rport\) .*$/\1 '$sport'/' \ -# -e 's/^\(lport\) .*$/\1 '$cport'/' \ -# < sample/sample-config-files/loopback-client \ -# > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client -#sed -e 's/^\(rport\) .*$/\1 '$cport'/' \ -# -e 's/^\(lport\) .*$/\1 '$sport'/' \ -# < sample/sample-config-files/loopback-server \ -# > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server -# -#pushd sample -## Test SSL/TLS negotiations (runs for 2 minutes): -#../src/openvpn/openvpn --config \ -# %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client & -#../src/openvpn/openvpn --config \ -# %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server -#wait -#popd -# -#rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \ -# %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server +%check +# Test Crypto: +./src/openvpn/openvpn --genkey --secret key +./src/openvpn/openvpn --test-crypto --secret key + +%if %{with tests_long} +# Randomize ports for tests to avoid conflicts on the build servers. +cport=$[ 50000 + ($RANDOM % 15534) ] +sport=$[ $cport + 1 ] +sed -e 's/^\(rport\) .*$/\1 '$sport'/' \ + -e 's/^\(lport\) .*$/\1 '$cport'/' \ + < sample/sample-config-files/loopback-client \ + > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client +sed -e 's/^\(rport\) .*$/\1 '$cport'/' \ + -e 's/^\(lport\) .*$/\1 '$sport'/' \ + < sample/sample-config-files/loopback-server \ + > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server + +pushd sample +# Test SSL/TLS negotiations (runs for 2 minutes): +../src/openvpn/openvpn --config \ + %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client & +../src/openvpn/openvpn --config \ + %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server +wait +popd + +rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \ + %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server +%endif %install %{__make} install DESTDIR=$RPM_BUILD_ROOT @@ -108,6 +124,11 @@ cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/ # Add further files cp -a AUTHORS contrib sample %{SOURCE4} $RPM_BUILD_ROOT%{_pkgdocdir} +# Remove some files which does not really belong here +rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/sample/Makefile{,.in,.am} +rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/multilevel-init.patch +rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/sample/sample-keys +rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/keychain-mcd %pre getent group openvpn &>/dev/null || groupadd -r openvpn @@ -132,10 +153,9 @@ getent passwd openvpn &>/dev/null || \ %{_pkgdocdir} %exclude %{_pkgdocdir}/README.IPv6 %exclude %{_pkgdocdir}/README.polarssl +%exclude %{_pkgdocdir}/sample/sample-plugins %{_mandir}/man8/%{name}.8* %{_sbindir}/%{name} -%{_includedir}/openvpn-plugin.h -%{_includedir}/openvpn-msg.h %{_libdir}/%{name}/ %{_unitdir}/%{name}-client@.service %{_unitdir}/%{name}-server@.service @@ -144,8 +164,21 @@ getent passwd openvpn &>/dev/null || \ %config %dir %{_sysconfdir}/%{name}/client %config %dir %{_sysconfdir}/%{name}/server +%files devel +%{_pkgdocdir}/sample/sample-plugins +%{_includedir}/openvpn-plugin.h +%{_includedir}/openvpn-msg.h + %changelog +* Wed Mar 29 2017 David Sommerseth - 2.4.1-3 +- Splitting out -devel files into a separate package +- Removed several contrib and sample files which makes is not + strictly needed in this package. +- build: Enable tests runs by default, long running tests can + be disabled with "--without tests_long" +- build: Removed defined %%{plugins} macro not in use + * Fri Mar 24 2017 David Sommerseth - 2.4.1-2 - Various cleanups - Use systemd-rpm macros (rhbz #850257) From 6d9dbb81c620be284f21e37dae9653abb9ce229d Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 11 May 2017 21:57:30 +0200 Subject: [PATCH 116/168] Update to upstream openvpn-2.4.2 Also: - Switching back to OpenSSL 1.0, via compat-openssl10 and compat-openssl10-pkcs11-helper (rhbz#1443749, rhbz#1432125, rhbz#1440468) - Re-enable --enable-x509-alt-username which got removed during the clean-up patches (rhbz#1443942) - Build with lz4 library from Fedora --- .gitignore | 2 + ...-weaker-RSA-keys-and-MD-algorithms-i.patch | 50 ------------------- openvpn.spec | 24 +++++---- sources | 4 +- 4 files changed, 19 insertions(+), 61 deletions(-) delete mode 100644 0001-workaround-Allow-weaker-RSA-keys-and-MD-algorithms-i.patch diff --git a/.gitignore b/.gitignore index 10ac720..0d3f26f 100644 --- a/.gitignore +++ b/.gitignore @@ -46,3 +46,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.4.0.tar.gz.asc /openvpn-2.4.1.tar.xz /openvpn-2.4.1.tar.xz.asc +/openvpn-2.4.2.tar.xz +/openvpn-2.4.2.tar.xz.asc diff --git a/0001-workaround-Allow-weaker-RSA-keys-and-MD-algorithms-i.patch b/0001-workaround-Allow-weaker-RSA-keys-and-MD-algorithms-i.patch deleted file mode 100644 index 5b3f24c..0000000 --- a/0001-workaround-Allow-weaker-RSA-keys-and-MD-algorithms-i.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 9e2c742b2d8ffc31db7590cfc4f29d2012dd8de1 Mon Sep 17 00:00:00 2001 -From: David Sommerseth -Date: Thu, 23 Mar 2017 01:34:06 +0100 -Subject: [PATCH] workaround: Allow weaker RSA keys and MD algorithms in Fedora - -This patch hard codes an alternative mbed TLS profile to allow -RSA keys >= 1024 bits as well as SHA1 and RIPEMD160 hashing. - -Signed-off-by: David Sommerseth ---- - src/openvpn/ssl_mbedtls.c | 23 +++++++++++++++++++++++ - 1 file changed, 23 insertions(+) - -diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c -index ba8dadf..05f8a48 100644 ---- a/src/openvpn/ssl_mbedtls.c -+++ b/src/openvpn/ssl_mbedtls.c -@@ -932,6 +932,29 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl, - MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED); - #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ - -+ /* Fedora adoption - allow legacy certificates -+ * Taken from the OpenVPN 3 Core code base -+ */ -+ const static mbedtls_x509_crt_profile crt_profile_legacy = { -+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) | -+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) | -+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) | -+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) | -+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) | -+ MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ), -+ -1, /* Any PK alg */ -+ -1, /* Any curve */ -+ 1024, /* Minimum size for RSA keys */ -+ }; -+ mbedtls_ssl_conf_cert_profile(&ks_ssl->ssl_config, &crt_profile_legacy); -+ static bool fedora_mod_info = false; -+ if (!fedora_mod_info) { -+ msg(M_INFO, "[Fedora modification] Switched mbed TLS certificate profile to legacy mode"); -+ fedora_mod_info = true; -+ } -+ -+ /* End of Fedora adoption */ -+ - /* Initialise authentication information */ - if (is_server) - { --- -2.11.0 - diff --git a/openvpn.spec b/openvpn.spec index 7df788d..93bd138 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,8 +6,8 @@ %bcond_without tests_long Name: openvpn -Version: 2.4.1 -Release: 3%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.4.2 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -15,18 +15,18 @@ Source1: https://swupdate.openvpn.org/community/releases/%{name}-%{ver Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf Source4: README.systemd -Patch0: 0001-workaround-Allow-weaker-RSA-keys-and-MD-algorithms-i.patch License: GPLv2 Group: Applications/Internet BuildRequires: systemd-devel BuildRequires: lzo-devel -#BuildRequires: openssl-devel -BuildRequires: mbedtls-devel +BuildRequires: lz4-devel +BuildRequires: compat-openssl10-devel +BuildRequires: compat-openssl10-pkcs11-helper-devel >= 1.11 BuildRequires: pam-devel # For the perl_default_filter macro BuildRequires: perl-macros -BuildRequires: pkcs11-helper-devel >= 1.11 BuildRequires: systemd-units +BuildRequires: libselinux-devel # For /sbin/ip. BuildRequires: iproute # For /sbin/ip. @@ -62,7 +62,6 @@ to similar features as the various script-hooks. %prep %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} -%patch0 -p1 sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' doc/openvpn.8 @@ -73,14 +72,15 @@ find contrib sample -type f -perm /100 \ %build %configure \ --enable-iproute2 \ - --with-crypto-library=mbedtls \ + --with-crypto-library=openssl \ + --enable-pkcs11 \ --enable-selinux \ --enable-systemd \ + --enable-x509-alt-username \ --docdir=%{_pkgdocdir} \ SYSTEMD_UNIT_DIR=%{_unitdir} \ TMPFILES_DIR=%{_tmpfilesdir} \ IPROUTE=/sbin/ip -# --enable-pkcs11 \ %{__make} %check @@ -171,6 +171,12 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Thu May 11 2017 David Sommerseth - 2.4.2-1 +- Switching back to OpenSSL, using compat-openssl10 (rhbz#1443749, rhbz#1432125, rhbz#1440468) +- Re-enabling --enable-x509-alt-username (rhbz#1443942) +- Add --enable-selinux +- Build with lz4 library from Fedora + * Wed Mar 29 2017 David Sommerseth - 2.4.1-3 - Splitting out -devel files into a separate package - Removed several contrib and sample files which makes is not diff --git a/sources b/sources index 2ecdb91..9b1a161 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.4.1.tar.xz) = d31ea5740c5aa1083c5f50b344fca0824210ca18ca77f22e08fd1b7866926aa61723545df9a34c12ca81b929efbeb20c43f11b17e1bfeb56c7bfcef67aae82d3 -SHA512 (openvpn-2.4.1.tar.xz.asc) = e9d646d135ea0b137dee05c181b9e89f3904b2c4fddeacf849f5aac1b76ba169fd930b17c130e9ce4e172c4beb7d626d9e086d970d5457e6b62662e49df00151 +SHA512 (openvpn-2.4.2.tar.xz) = 438f16ac2d12dfd9f11ebcddebf709102046c71b4c4608a294da552587ea346d6ebb8c916f717bce992057754d6bc35ca1df5653fc907cc0003d9e34c92da963 +SHA512 (openvpn-2.4.2.tar.xz.asc) = 2deed80ef3b7017b2eb60931810c1902b855e9ba734caa012842227963c1ffe1ecb90b5912123ce0e4001e2dee52b9a735df91137562ed39e0a0bb24ac3f6ba5 From 28587b814b10d30b11143cca3d86e83fc37d1e45 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Fri, 12 May 2017 01:17:29 +0200 Subject: [PATCH 117/168] Install and take ownership of a few more directories - rhbz#1444601 /run/openvpn-client using %{_rundir} /run/openvpn-server - rhbz#922786 /var/lib/openvpn using %{_sharedstatedir} --- openvpn.spec | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 93bd138..576346f 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,7 +7,7 @@ Name: openvpn Version: 2.4.2 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -120,6 +120,10 @@ find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f mkdir -p -m 0750 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/client $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/server cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/ +# Create some directories the OpenVPN package should own +mkdir -m 0710 -p $RPM_BUILD_ROOT%{_rundir}/%{name}-{client,server} +mkdir -m 0770 -p $RPM_BUILD_ROOT%{_sharedstatedir}/%{name} + # Package installs into %%{_pkgdocdir} directly # Add further files cp -a AUTHORS contrib sample %{SOURCE4} $RPM_BUILD_ROOT%{_pkgdocdir} @@ -163,6 +167,9 @@ getent passwd openvpn &>/dev/null || \ %config %dir %{_sysconfdir}/%{name}/ %config %dir %{_sysconfdir}/%{name}/client %config %dir %{_sysconfdir}/%{name}/server +%attr(0710,-,-) %{_rundir}/%{name}-client +%attr(0710,-,-) %{_rundir}/%{name}-server +%attr(0770,openvpn,openvpn) %{_sharedstatedir}/%{name} %files devel %{_pkgdocdir}/sample/sample-plugins @@ -171,6 +178,10 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Fri May 12 2017 David Sommerseth - 2.4.2-2 +- Install and take ownership of /run/openvpn-{client,server} (rhbz#1444601) +- Install and take ownership of /var/lib/openvpn (rhbz#922786) + * Thu May 11 2017 David Sommerseth - 2.4.2-1 - Switching back to OpenSSL, using compat-openssl10 (rhbz#1443749, rhbz#1432125, rhbz#1440468) - Re-enabling --enable-x509-alt-username (rhbz#1443942) From 31847e11e7f9bf2d1363b154bf06a88668d811f2 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 21 Jun 2017 12:57:07 +0200 Subject: [PATCH 118/168] Updating to upstream openvpn-2.4.3 - Fix remotely-triggerable ASSERT() on malformed IPv6 packet {CVE-2017-7508} - Prevent two kinds of stack buffer OOB reads and a crash for invalid input data {CVE-2017-752 - Fix potential double-free in --x509-alt-username {CVE-2017-7521} - Fix remote-triggerable memory leaks {CVE-2017-7521} - Ensure OpenVPN systemd services are restarted upon upgrades - Verify PGP signature of source tarball as part of package building - Build against system lz4 library --- .gitignore | 2 ++ openvpn.spec | 28 ++++++++++++++++++++++------ sources | 4 ++-- 3 files changed, 26 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 0d3f26f..6f170a0 100644 --- a/.gitignore +++ b/.gitignore @@ -48,3 +48,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.4.1.tar.xz.asc /openvpn-2.4.2.tar.xz /openvpn-2.4.2.tar.xz.asc +/openvpn-2.4.3.tar.xz.asc +/openvpn-2.4.3.tar.xz diff --git a/openvpn.spec b/openvpn.spec index 576346f..c004eb4 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,8 +6,8 @@ %bcond_without tests_long Name: openvpn -Version: 2.4.2 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.4.3 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -15,16 +15,20 @@ Source1: https://swupdate.openvpn.org/community/releases/%{name}-%{ver Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf Source4: README.systemd +# Upstream signing key +Source6: gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg License: GPLv2 Group: Applications/Internet BuildRequires: systemd-devel BuildRequires: lzo-devel BuildRequires: lz4-devel -BuildRequires: compat-openssl10-devel -BuildRequires: compat-openssl10-pkcs11-helper-devel >= 1.11 +BuildRequires: openssl-devel +BuildRequires: pkcs11-helper-devel >= 1.11 BuildRequires: pam-devel # For the perl_default_filter macro BuildRequires: perl-macros +%{?systemd_requires} +BuildRequires: systemd BuildRequires: systemd-units BuildRequires: libselinux-devel # For /sbin/ip. @@ -61,6 +65,7 @@ to similar features as the various script-hooks. %prep +gpgv2 --quiet --keyring %{SOURCE6} %{SOURCE1} %{SOURCE0} %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' doc/openvpn.8 @@ -149,8 +154,9 @@ getent passwd openvpn &>/dev/null || \ %systemd_preun openvpn-server@\*.service %postun -%systemd_postun openvpn-client@\*.service -%systemd_postun openvpn-server@\*.service +%systemd_postun_with_restart openvpn-client@\*.service +%systemd_postun_with_restart openvpn-server@\*.service +%systemd_postun_with_restart openvpn@\*.service %files @@ -178,6 +184,16 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Wed Jun 21 2017 David Sommerseth - 2.4.3-1 +- Updating to upstream openvpn-2.4.3 +- Fix remotely-triggerable ASSERT() on malformed IPv6 packet {CVE-2017-7508} +- Prevent two kinds of stack buffer OOB reads and a crash for invalid input data {CVE-2017-752 +- Fix potential double-free in --x509-alt-username {CVE-2017-7521} +- Fix remote-triggerable memory leaks {CVE-2017-7521} +- Ensure OpenVPN systemd services are restarted upon upgrades +- Verify PGP signature of source tarball as part of package building +- Build against system lz4 library + * Fri May 12 2017 David Sommerseth - 2.4.2-2 - Install and take ownership of /run/openvpn-{client,server} (rhbz#1444601) - Install and take ownership of /var/lib/openvpn (rhbz#922786) diff --git a/sources b/sources index 9b1a161..bce4172 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.4.2.tar.xz) = 438f16ac2d12dfd9f11ebcddebf709102046c71b4c4608a294da552587ea346d6ebb8c916f717bce992057754d6bc35ca1df5653fc907cc0003d9e34c92da963 -SHA512 (openvpn-2.4.2.tar.xz.asc) = 2deed80ef3b7017b2eb60931810c1902b855e9ba734caa012842227963c1ffe1ecb90b5912123ce0e4001e2dee52b9a735df91137562ed39e0a0bb24ac3f6ba5 +SHA512 (openvpn-2.4.3.tar.xz.asc) = 75fdf046e407cf02e30a3f3bd4dbd7e65c34a30e67670f2359b4b0442ee30831e80238539a6e784c28795ba1505ad57dffc8042f1cb472d82754535d50ccfe40 +SHA512 (openvpn-2.4.3.tar.xz) = 26d25bb71c5ecfa398924b3ee3dec16b2776b3d67cf0b532c2b8a4368f1307bbd04b80ed38f0344c313aab38ec6e4e4f9bf2b3bc90bc197b2f257288e72eb5d8 From 0bea6ec4e8d592a40771b123832572c75881e11a Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 21 Jun 2017 13:01:38 +0200 Subject: [PATCH 119/168] Add missing gpg key used to verify the source signature --- ...-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg | Bin 0 -> 3861 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg diff --git a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg new file mode 100644 index 0000000000000000000000000000000000000000..1492b6d0fe9e3dce805ac2c33cfe134fbe1461e3 GIT binary patch literal 3861 zcmV+w59;ul0u2OMoLxx)5CFZ8V*ZevYI@b*vQ$g`L#ky%X?)R?j+6GuzoYd=9c8q) zcCNdNN*Ey8ibU=oWJokrx>oC5Urj>ysuF+>WTmc4Sn{2^Prpe0HULuWC5kk~DMfJI z5velA?v>f((@yS(9>$}Ttm`h{KRg!38}PXpO?Dp$`ui}hz)Yu49YcPsB02Bn1T`_~ z0f>l>oXijg1r$hb>#?z|tch0AX;N_Q-#7v`3e@%|i#NDwO6nf7dZtBM%5mcI zfI>v}aCg04$%H4+Ss!~GA*(qTD(X;ki-$teUreWOC#4VOa7$nZY6=5^tn#d(h80T- zsX-TiGxi7QEn0y2-(6!_cipQ~$k*=!t1yTUVU9^a%)QUeN}6tDb1A7|R|riidz#&x zHq`22ElE1RHcw}zLH&1Knd$D(z>CMpu57CQALk?4gkYc3Y1q_zC#v2_VEqw|XeaICaWI@rYO<`$lX>MmAOlfm;AUtzr zV|8+Aba_B;aAj_GaBePcWpqA?0y_i~0RjLe0viJb2@=c$00JHX0vCV<0$7~Ot^^AS z2nPfe3JC}W76JnS000UJ5EAwGv@a_G=LFmj{wyf4P<`})wyt1VWa`z6@Mpv-VXBWN z6(Eo%nnz_Fct4^e{pon?gQkugxxYZtFEoQTXUo3QFVx19+?{%Ls~oyuNp`LV;%`ag z2rY}-eBu#QCy4NCWF@bsoDg)(w*+ssa`qMYe>h@Qw;`FoKdGvKqg2&RV`GfzAy>Mf zUzUW<;*F7z6y`H%P)goLaOE>#xpOgg-XOkf8;YD0EE3<8CA#ccV`K)jtC8W5F+bdBs*) zD`BY7bSue4u3LXJBDD3}Kz^mGNTuA8IXuCXH<$03&2-J4rH>{CX;J8$bww}$V^Sty zJ!Z=NzLADlb2rn5lXT#1i`cc>oZ@};Nr1#+FKM&bYX&QbMhMov{#oP~9)Z&FELnRV z?MpkAk%k1`Y*W#Oj}OsCjkhlUzeZqR4yucaQOLziGqW#zfnMmAKB9c(@>^0@*H1X!G1NdXW5qqYRw2IVe6~mZ0b3w5)An~ zspUp!Y}O)2q05lH8GyX;TPz4| zH)JhQKI@nr88;yrPkCD!lk|20%;ZdUdR*PB)^2t50G>mAuttx0&$Ap8P3)lXYpwF0 zK^aB~gKO_+Wyy^6D-}wqH@!tId?l-h`h5%r^16Bau$MysH7N3EHg1;iboN)xc4fks zne}vRuRN%aZj$&+>F@SBV}gbGw(bOU_zmJ3PK3wOp#wqTePhAMjd(u6M+>QvgIUQ2 zGk6!W80FVb-MBUog7fG+baN+R{9NZ`b3ci3$9V;=*7+1taM{?penCsTVWHzuv1ort z1jcnbPx1i8NYQ-IU;AJAJBHq)cmwU%moEhnpIf)>G>+-RaTiy3Xt370o@KLkzZ|`I_3%q)Z0i6qU&7)SfmB*2F5h(1* zbUgOYL49VHGiiKUT1E=$mwHrZ{VE7D&8}`ypD7daBPb&*PlYbiGiib7uTp)TR zT0dJZ9_ESZmheC(`Xe)z4iIyt*t+w301*KI0f_=71Q-DV01pBi3Y(u>=tg5&Wl;kCn71jn_Hg?D>FQ zs=SjyR&j(Tqbl%xuE}zu@$-y?j;P?HC@ zp~}w?b>WL}J^YE~5dT$Jnyc_2a!*DHpdJow9jTe+LH=^bqibG9_uDDQubkFP*NRKt|;tT!YNUt}K3+6VcHceg}p~Vkv7co7d zqIg~h@|O!YSkFEiB3I3#%Lk>zT7}AtI18QUupkO!zhB61u}9qB%E?g4YjXP&5W#3# zgIAIgq@(y(dntn8mQw zS4lWHdVgzv*1yIrMFro%lwiJxk1lwzF??1w!YBL@VW`Eh$lwub8I^_=9K#JZQ{TeJU_vFjM8G8k#oD% zG=@r~CjBrR{s5=*0t{w%=o1nEPbfifY)&!qbzGkPg7)#qHyIZsFMzcZ$r#ib_J(1= z^#mI$c!D+Ch)5ZY@ut{c)I%mZs|rf&r5B$fM#1G}DAE3*Tkif*SWr+P_S|4OsQlXL zN46d`gj;4jMD^Qn5v0ufiH(ETZ+4^5zb zjx=jNhDGnNqW-1M+^$Q7W~4++2go$*&<^zl{p)Dj_rR>xxQ7=gva}HQO%1$JC~{?yjgj(E5y0Xi=)PHNAw;u@_O(J^x5c^M^h*=h1oBjK-UJ-zA-hA zx(21jV-^9Siv3+o*_GBE)G5FR%I(^pxC8x8$F)j?30A_zjGoKic}D{%3L9=SCK@n6 zBt{+0P2=56y|^q9(1MAg5CqsXl%66HCrK<+Tf%c3lFSmrK5n@qp)G*^-E zi-!wrm3O7I@aY^Ho$exs1Kw0IU(313dXSpNQOPw);gk6c;vNrU4 zwr>k79S^o{0FTPL`)f7LMOfD+Tgl%qE~bA&1AC>IK!zciUccV>`rMShL26VH*je3T zv6%0%z;fo+r8zTPFQOVO&q=Lko-TUYya#m!mstCEN0Nb=$4M$G&3)l^S|QKxxCNge zpze=X&h@OSc)MLWz8qlc_)pO=RvmdP*e6U2{zaO;meP^Xjo?sF;BXw?9I3G(#@$<@ zYJMcjLUfCpgSH1=FA`?91U){JSxLmJFfC;m7ewEu5eo1T-wYq_e8bdTZ=pBd!@@K{`5yeS2(X4sX&MSPgvn|LLh7v9dLouh7Q( zW1$3^{aY5U&BMfsFhJmwlh>B@gQTYjYe^~Ovgw#hMSfKdO{NAOu^#9jex2mT@^zAM3 z>?LmZ6P0z#jFv1-fokU|kAIdI1OZgd_1E?Gm}3(cp-%38REQBd+1ax1$r2MM={E;c zCxct2CR%wBZn0rKCw$dE;0j(`fHpX#{9f^r2I?z)f~-D{E#JV8DiT5Jfw);TD1jE9 zKLv3a(qts^(OzP!AK Date: Thu, 27 Jul 2017 01:55:16 +0000 Subject: [PATCH 120/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index c004eb4..fa42fda 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,7 +7,7 @@ Name: openvpn Version: 2.4.3 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -184,6 +184,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Thu Jul 27 2017 Fedora Release Engineering - 2.4.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + * Wed Jun 21 2017 David Sommerseth - 2.4.3-1 - Updating to upstream openvpn-2.4.3 - Fix remotely-triggerable ASSERT() on malformed IPv6 packet {CVE-2017-7508} From ab274d2f4fc220e099a37d3679ab9e9d416df535 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 3 Aug 2017 04:38:21 +0000 Subject: [PATCH 121/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index fa42fda..ae3e6fc 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,7 +7,7 @@ Name: openvpn Version: 2.4.3 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Release: 3%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -184,6 +184,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Thu Aug 03 2017 Fedora Release Engineering - 2.4.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + * Thu Jul 27 2017 Fedora Release Engineering - 2.4.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild From b931012953451b2614b5fdfa5afe3c1d47c42fe8 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Tue, 4 Jul 2017 16:17:37 +0200 Subject: [PATCH 122/168] Change default cipher for server configurations to AES-GCM At the same time, utilize the Negotiable Crypto Parameters (NCP) feature in OpenVPN v2.4, which allows clients using the old BF-CBC default cipher to connect without any issues. F-27 Change request: https://fedoraproject.org/wiki/Changes/New_default_cipher_in_OpenVPN This change was approved in the FESCO meeting 2017-08-04. Also fix a truncated changelog entry for openvpn-2.4.3-1 --- ...lt-cipher-to-AES-256-GCM-for-server-.patch | 32 +++++++++++++++++++ openvpn.spec | 9 ++++-- 2 files changed, 39 insertions(+), 2 deletions(-) create mode 100644 0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch diff --git a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch new file mode 100644 index 0000000..14a16ac --- /dev/null +++ b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch @@ -0,0 +1,32 @@ +From b56d52fa409c62720791e189e501efb86df0aff4 Mon Sep 17 00:00:00 2001 +From: David Sommerseth +Date: Tue, 4 Jul 2017 16:06:24 +0200 +Subject: [PATCH] Change the default cipher to AES-256-GCM for server + configurations + +This change makes the server use AES-256-GCM instead of BF-CBC as the default +cipher for the VPN tunnel. To avoid breaking existing running configurations +defaulting to BF-CBC, the Negotiable Crypto Parameters (NCP) list contains +the BF-CBC in addition to AES-CBC. This makes it possible to migrate +existing older client configurations one-by-one to use at least AES-CBC unless +the client is updated to v2.4 (which defaults to upgrade to AES-GCM automatically) +--- + distro/systemd/openvpn-server@.service.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/distro/systemd/openvpn-server@.service.in b/distro/systemd/openvpn-server@.service.in +index 9a8a2c7..0ecda08 100644 +--- a/distro/systemd/openvpn-server@.service.in ++++ b/distro/systemd/openvpn-server@.service.in +@@ -10,7 +10,7 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO + Type=notify + PrivateTmp=true + WorkingDirectory=/etc/openvpn/server +-ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf ++ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf + CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE + LimitNPROC=10 + DeviceAllow=/dev/null rw +-- +2.11.0 + diff --git a/openvpn.spec b/openvpn.spec index ae3e6fc..1f2f116 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,7 +7,7 @@ Name: openvpn Version: 2.4.3 -Release: 3%{?prerelease:.%{prerelease}}%{?dist} +Release: 4%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -17,6 +17,7 @@ Source3: roadwarrior-client.conf Source4: README.systemd # Upstream signing key Source6: gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg +Patch1: 0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch License: GPLv2 Group: Applications/Internet BuildRequires: systemd-devel @@ -67,6 +68,7 @@ to similar features as the various script-hooks. %prep gpgv2 --quiet --keyring %{SOURCE6} %{SOURCE1} %{SOURCE0} %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} +%patch1 -p1 -b .ch_default_cipher sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' doc/openvpn.8 @@ -184,6 +186,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Fri Aug 4 2017 David Sommerseth - 2.4.3-4 +- Change to AES-GCM as the default cipher for server configurations + * Thu Aug 03 2017 Fedora Release Engineering - 2.4.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild @@ -193,7 +198,7 @@ getent passwd openvpn &>/dev/null || \ * Wed Jun 21 2017 David Sommerseth - 2.4.3-1 - Updating to upstream openvpn-2.4.3 - Fix remotely-triggerable ASSERT() on malformed IPv6 packet {CVE-2017-7508} -- Prevent two kinds of stack buffer OOB reads and a crash for invalid input data {CVE-2017-752 +- Prevent two kinds of stack buffer OOB reads and a crash for invalid input data {CVE-2017-7520} - Fix potential double-free in --x509-alt-username {CVE-2017-7521} - Fix remote-triggerable memory leaks {CVE-2017-7521} - Ensure OpenVPN systemd services are restarted upon upgrades From a8edf314d8fdec5bb6cba687160ed36b2041d05f Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Tue, 8 Aug 2017 12:12:43 +0200 Subject: [PATCH 123/168] Update 2.4.3-4 %changelog with proper rhbz reference --- openvpn.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 1f2f116..2a40f33 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -187,7 +187,7 @@ getent passwd openvpn &>/dev/null || \ %changelog * Fri Aug 4 2017 David Sommerseth - 2.4.3-4 -- Change to AES-GCM as the default cipher for server configurations +- Change to AES-GCM as the default cipher for server configurations (rhbz#1479270) * Thu Aug 03 2017 Fedora Release Engineering - 2.4.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild From 95cb196f27f750f01d2f0831267c7c965b6a8119 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Tue, 26 Sep 2017 17:57:03 +0200 Subject: [PATCH 124/168] Update to upstream openvpn-2.4.4 Includes fix for possible stack overflow if --key-method 1 is used {CVE-2017-12166} --- .gitignore | 2 ++ openvpn.spec | 8 ++++++-- sources | 4 ++-- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 6f170a0..2d25917 100644 --- a/.gitignore +++ b/.gitignore @@ -50,3 +50,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.4.2.tar.xz.asc /openvpn-2.4.3.tar.xz.asc /openvpn-2.4.3.tar.xz +/openvpn-2.4.4.tar.xz +/openvpn-2.4.4.tar.xz.asc diff --git a/openvpn.spec b/openvpn.spec index 2a40f33..fe205d8 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,8 +6,8 @@ %bcond_without tests_long Name: openvpn -Version: 2.4.3 -Release: 4%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.4.4 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -186,6 +186,10 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Tue Sep 26 2017 David Sommerseth - 2.4.4-1 +- Update to latest upstream release +- Includes fix for possible stack overflow if --key-method 1 is used {CVE-2017-12166} + * Fri Aug 4 2017 David Sommerseth - 2.4.3-4 - Change to AES-GCM as the default cipher for server configurations (rhbz#1479270) diff --git a/sources b/sources index bce4172..2b0384f 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.4.3.tar.xz.asc) = 75fdf046e407cf02e30a3f3bd4dbd7e65c34a30e67670f2359b4b0442ee30831e80238539a6e784c28795ba1505ad57dffc8042f1cb472d82754535d50ccfe40 -SHA512 (openvpn-2.4.3.tar.xz) = 26d25bb71c5ecfa398924b3ee3dec16b2776b3d67cf0b532c2b8a4368f1307bbd04b80ed38f0344c313aab38ec6e4e4f9bf2b3bc90bc197b2f257288e72eb5d8 +SHA512 (openvpn-2.4.4.tar.xz) = c171d1243ab739310247f076483592758e71f810f7b29b507d3a67b86b3b87e1e854d240d25a3428a7b31b7cf2958ad17987d32151da6ed7ec27d698837d3273 +SHA512 (openvpn-2.4.4.tar.xz.asc) = a6b462bd71e0e8b4d0b985bed4b0c231bff70ce1ba5bf6623625ea5254d6e73c0646731e67d0cb06edf0eac09a275279c3ce2fa8cde60be717659ed0af0279dd From 5fd6cc84e4bcda51196b6926c813b5e63b03e674 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Thu, 25 Jan 2018 15:47:33 +0100 Subject: [PATCH 125/168] Fix systemd executions/requirements Signed-off-by: Igor Gnatenko --- openvpn.spec | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index fe205d8..3cdeb6e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,7 +7,7 @@ Name: openvpn Version: 2.4.4 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -28,19 +28,14 @@ BuildRequires: pkcs11-helper-devel >= 1.11 BuildRequires: pam-devel # For the perl_default_filter macro BuildRequires: perl-macros -%{?systemd_requires} BuildRequires: systemd -BuildRequires: systemd-units +%{?systemd_requires} BuildRequires: libselinux-devel # For /sbin/ip. BuildRequires: iproute # For /sbin/ip. Requires: iproute Requires(pre): /usr/sbin/useradd -Requires(post): systemd-sysv -Requires(post): systemd-units -Requires(preun): systemd-units -Requires(postun): systemd-units # Filter out the perl(Authen::PAM) dependency. # No perl dependency is really needed at all. @@ -160,7 +155,6 @@ getent passwd openvpn &>/dev/null || \ %systemd_postun_with_restart openvpn-server@\*.service %systemd_postun_with_restart openvpn@\*.service - %files %{_pkgdocdir} %exclude %{_pkgdocdir}/README.IPv6 @@ -186,6 +180,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Thu Jan 25 2018 Igor Gnatenko - 2.4.4-2 +- Fix systemd executions/requirements + * Tue Sep 26 2017 David Sommerseth - 2.4.4-1 - Update to latest upstream release - Includes fix for possible stack overflow if --key-method 1 is used {CVE-2017-12166} From 2fbbe11e6ed92b4fd0b265bebd155b3a3e347724 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 8 Feb 2018 17:52:38 +0000 Subject: [PATCH 126/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 3cdeb6e..6bee21b 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,7 +7,7 @@ Name: openvpn Version: 2.4.4 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Release: 3%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -180,6 +180,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Thu Feb 08 2018 Fedora Release Engineering - 2.4.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + * Thu Jan 25 2018 Igor Gnatenko - 2.4.4-2 - Fix systemd executions/requirements From f852739d6d399efe822370ea494d8a2304a4d158 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 1 Mar 2018 13:03:41 +0100 Subject: [PATCH 127/168] Remove no long er needed patches These have not been in use for a long time. No need to carry them here any longer. And if needed, they're in the git history. Signed-off-by: David Sommerseth --- openvpn-2.1.1-init.patch | 5 ----- openvpn-2.1.1-initinfo.patch | 16 ---------------- openvpn-init.patch | 23 ----------------------- openvpn-script-security.patch | 16 ---------------- 4 files changed, 60 deletions(-) delete mode 100644 openvpn-2.1.1-init.patch delete mode 100644 openvpn-2.1.1-initinfo.patch delete mode 100644 openvpn-init.patch delete mode 100644 openvpn-script-security.patch diff --git a/openvpn-2.1.1-init.patch b/openvpn-2.1.1-init.patch deleted file mode 100644 index 598a009..0000000 --- a/openvpn-2.1.1-init.patch +++ /dev/null @@ -1,5 +0,0 @@ ---- sample-scripts/openvpn.init~ 2010-01-04 08:30:35.000000000 -0600 -+++ sample-scripts/openvpn.init 2010-01-04 15:53:29.503900367 -0600 -@@ -153 +153 @@ -- . $bn.sh -+ . ./$bn.sh diff --git a/openvpn-2.1.1-initinfo.patch b/openvpn-2.1.1-initinfo.patch deleted file mode 100644 index 19a382d..0000000 --- a/openvpn-2.1.1-initinfo.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- sample-scripts/openvpn.init~ 2010-01-04 16:52:25.000000000 -0600 -+++ sample-scripts/openvpn.init 2010-01-05 05:48:24.043085950 -0600 -@@ -15,0 +16,13 @@ -+### BEGIN INIT INFO -+# Provides: openvpn -+# Required-Start: $network -+# Required-Stop: $network -+# Short-Description: start and stop openvpn -+# Description: OpenVPN is a robust and highly flexible tunneling \ -+# application that uses all of the encryption, \ -+# authentication, and certification features of the OpenSSL \ -+# library to securely tunnel IP networks over a single UDP \ -+# port. -+### END INIT INFO -+ -+ diff --git a/openvpn-init.patch b/openvpn-init.patch deleted file mode 100644 index fc751c6..0000000 --- a/openvpn-init.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- sample-scripts/openvpn.init~ 2011-04-06 11:05:52.000000000 -0500 -+++ sample-scripts/openvpn.init 2011-05-19 13:06:51.049143974 -0500 -@@ -3,13 +3,14 @@ - # openvpn This shell script takes care of starting and stopping - # openvpn on RedHat or other chkconfig-based system. - # --# chkconfig: 345 24 76 --# --# description: OpenVPN is a robust and highly flexible tunneling application \ --# that uses all of the encryption, authentication, and \ --# certification features of the OpenSSL library to securely \ --# tunnel IP networks over a single UDP port. -+# chkconfig: - 24 76 - # -+# processname: openvpn -+# description: OpenVPN is a robust and highly flexible tunneling \ -+# application that uses all of the encryption, \ -+# authentication, and certification features of the OpenSSL \ -+# library to securely tunnel IP networks over a single UDP \ -+# port. - - # Contributed to the OpenVPN project by - # Douglas Keller diff --git a/openvpn-script-security.patch b/openvpn-script-security.patch deleted file mode 100644 index 6d5e15b..0000000 --- a/openvpn-script-security.patch +++ /dev/null @@ -1,16 +0,0 @@ ---- openvpn-2.1_rc9/sample-scripts/openvpn.init.orig 2008-06-13 02:54:58.000000000 -0500 -+++ openvpn-2.1_rc9/sample-scripts/openvpn.init 2008-08-13 13:51:46.000000000 -0500 -@@ -151,7 +151,12 @@ - . $bn.sh - fi - rm -f $piddir/$bn.pid -- $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work -+ # Handle backward compatibility, see Red Hat Bugzilla ID #458594 -+ script_security='' -+ if [ -z "$( grep '^[[:space:]]*script-security[[:space:]]' $c )" ]; then -+ script_security="--script-security 2" -+ fi -+ $openvpn --daemon --writepid $piddir/$bn.pid --config $c --cd $work $script_security - if [ $? = 0 ]; then - successes=1 - else From b97c97bd07b7caf7e89e25398c7d4be6b355d4e6 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 1 Mar 2018 14:08:30 +0100 Subject: [PATCH 128/168] Updating to upstream, openvpn-2.4.5 +++ - Package upstream ChangeLog, which contains a bit more details than Changes.rst - Cleaned up spec file further, removed Group: tag, trimmed changelog section, added gcc to BuildRequires. - Excluded not relevant file, README.mbedtls - Package upstream version of README.systemd - Fix wrong group owner of /etc/openvpn/{client,server} (rhbz#1526743) - Changed crypto self-test to test AES-{128,256}-{CBC,GCM} instead of only BF-CBC (deprecated) - Change /run/openvpn-{client,server} permissions to be 0750 instead of 0710, with group set to openvpn Signed-off-by: David Sommerseth --- .rpmlint | 11 +- ...in-ChangeLog-should-be-2.4.5-was-mis.patch | 27 ++ README.systemd | 71 --- openvpn-2.4-change-tmpfiles-permissions.patch | 9 + openvpn.spec | 433 ++---------------- 5 files changed, 79 insertions(+), 472 deletions(-) create mode 100644 0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch delete mode 100644 README.systemd create mode 100644 openvpn-2.4-change-tmpfiles-permissions.patch diff --git a/.rpmlint b/.rpmlint index 5232fc9..04c5cff 100644 --- a/.rpmlint +++ b/.rpmlint @@ -1,2 +1,11 @@ -addFilter("E: non-standard-dir-perm /etc/openvpn/server 0750L") addFilter("E: non-standard-dir-perm /etc/openvpn/client 0750L") +addFilter("E: non-standard-dir-perm /etc/openvpn/server 0750L") +addFilter("E: non-standard-dir-perm /run/openvpn-client 0750L") +addFilter("E: non-standard-dir-perm /run/openvpn-server 0750L") +addFilter("E: non-standard-dir-perm /var/lib/openvpn 0770L") +addFilter("W: non-standard-gid /etc/openvpn/client openvpn") +addFilter("W: non-standard-gid /etc/openvpn/server openvpn") +addFilter("W: non-standard-gid /run/openvpn-client openvpn") +addFilter("W: non-standard-gid /run/openvpn-server openvpn") +addFilter("W: non-standard-gid /var/lib/openvpn openvpn") +addFilter("W: non-standard-uid /var/lib/openvpn openvpn") diff --git a/0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch b/0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch new file mode 100644 index 0000000..d8c4616 --- /dev/null +++ b/0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch @@ -0,0 +1,27 @@ +From 161afbebdc2b7e244a136182a676ad55347c9cf5 Mon Sep 17 00:00:00 2001 +From: Gert Doering +Date: Thu, 1 Mar 2018 10:11:08 +0100 +Subject: [PATCH] Correct version in ChangeLog - should be 2.4.5, was mistyped + as 2.4.4 + +Signed-off-by: Gert Doering +--- + ChangeLog | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ChangeLog b/ChangeLog +index 99772a33..0db3e5b8 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,7 +1,7 @@ + OpenVPN Change Log + Copyright (C) 2002-2018 OpenVPN Inc + +-2018.02.28 -- Version 2.4.4 ++2018.02.28 -- Version 2.4.5 + Antonio Quartulli (4): + reload HTTP proxy credentials when moving to the next connection profile + Allow learning iroutes with network made up of all 0s (only if netbits < 8) +-- +2.13.5 + diff --git a/README.systemd b/README.systemd deleted file mode 100644 index cf0003e..0000000 --- a/README.systemd +++ /dev/null @@ -1,71 +0,0 @@ -OpenVPN and systemd -=================== - -As of OpenVPN v2.4, upstream is shipping systemd unit files to provide a -fine grained control of each OpenVPN configuration as well as trying to -restrict the capabilities the OpenVPN process have on a system. - - -Configuration profile types ---------------------------- -These new unit files separates between client and server profiles. The -configuration files are kept in separate directories, to provide clarity -of the profile they run under. - -Typically the client profile cannot bind to any ports below port 1024 -and the client configuration is always started with --nobind. - -The server profile is allowed to bind to any ports. In addition it enables -a client status file, usually found in the /run/openvpn-server directory. -The status format is set to version 2 by default. These settings may be -overridden by adding --status and/or --status-version in the OpenVPN -configuration file. - -Neither of these profiles makes use of PID files, but OpenVPN reports back to -systemd its PID once it has initialized. - -For configuration using a peer-to-peer mode (not using --mode server on one -of the sides) it is recommended to use the client profile. - - -Configuration files -------------------- -These new unit files expects client configuration files to be made available -in /etc/openvpn/client. Similar for the server configurations, it is expected -to be found in /etc/openvpn/server. The configuration files must have a .conf -file extension. - - -Managing VPN tunnels --------------------- -Use the normal systemctl tool to start, stop VPN tunnels, as well as enable -and disable tunnels at boot time. The syntax is: - - - client configurations: - # systemctl $OPER openvpn-client@$CONFIGNAME - - - server configurations: - # systemctl $OPER openvpn-server@$CONFIGNAME - -Similarly, to view the OpenVPN journal log use a similar syntax: - - # journalctl -u openvpn-client@$CONFIGNAME - or - # journalctl -u openvpn-server@$CONFIGNAME - -* Examples - Say your server configuration is /etc/openvpn/server/tun0.conf, you - start this VPN service like this: - - # systemctl start openvpn-server@tun0 - - A client configuration file in /etc/openvpn/client/corpvpn.conf is - started like this: - - # systemctl start openvpn-client@corpvpn - - To view the server configuration's journal only listing entries from - yesterday and until today: - - # journalctl --since yesterday -u openvpn-server@tun0 - diff --git a/openvpn-2.4-change-tmpfiles-permissions.patch b/openvpn-2.4-change-tmpfiles-permissions.patch new file mode 100644 index 0000000..8adb700 --- /dev/null +++ b/openvpn-2.4-change-tmpfiles-permissions.patch @@ -0,0 +1,9 @@ +diff --git a/distro/systemd/tmpfiles-openvpn.conf b/distro/systemd/tmpfiles-openvpn.conf +index bb79671e..9258f5c6 100644 +--- a/distro/systemd/tmpfiles-openvpn.conf ++++ b/distro/systemd/tmpfiles-openvpn.conf +@@ -1,2 +1,2 @@ +-d /run/openvpn-client 0710 root root - +-d /run/openvpn-server 0710 root root - ++d /run/openvpn-client 0750 root openvpn - ++d /run/openvpn-server 0750 root openvpn - diff --git a/openvpn.spec b/openvpn.spec index 6bee21b..aba5a8e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,34 +6,34 @@ %bcond_without tests_long Name: openvpn -Version: 2.4.4 -Release: 3%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.4.5 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz Source1: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz.asc Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf -Source4: README.systemd # Upstream signing key Source6: gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg Patch1: 0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch +Patch2: 0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch +Patch50: openvpn-2.4-change-tmpfiles-permissions.patch License: GPLv2 -Group: Applications/Internet +BuildRequires: gcc BuildRequires: systemd-devel BuildRequires: lzo-devel BuildRequires: lz4-devel BuildRequires: openssl-devel BuildRequires: pkcs11-helper-devel >= 1.11 BuildRequires: pam-devel +BuildRequires: libselinux-devel # For the perl_default_filter macro BuildRequires: perl-macros BuildRequires: systemd %{?systemd_requires} -BuildRequires: libselinux-devel # For /sbin/ip. BuildRequires: iproute -# For /sbin/ip. Requires: iproute Requires(pre): /usr/sbin/useradd @@ -64,6 +64,8 @@ to similar features as the various script-hooks. gpgv2 --quiet --keyring %{SOURCE6} %{SOURCE1} %{SOURCE0} %setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} %patch1 -p1 -b .ch_default_cipher +%patch2 -p1 +%patch50 -p1 sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' doc/openvpn.8 @@ -88,7 +90,10 @@ find contrib sample -type f -perm /100 \ %check # Test Crypto: ./src/openvpn/openvpn --genkey --secret key -./src/openvpn/openvpn --test-crypto --secret key +./src/openvpn/openvpn --cipher aes-128-cbc --test-crypto --secret key +./src/openvpn/openvpn --cipher aes-256-cbc --test-crypto --secret key +./src/openvpn/openvpn --cipher aes-128-gcm --test-crypto --secret key +./src/openvpn/openvpn --cipher aes-256-gcm --test-crypto --secret key %if %{with tests_long} # Randomize ports for tests to avoid conflicts on the build servers. @@ -123,18 +128,17 @@ mkdir -p -m 0750 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/client $RPM_BUILD_ROOT%{_ cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/ # Create some directories the OpenVPN package should own -mkdir -m 0710 -p $RPM_BUILD_ROOT%{_rundir}/%{name}-{client,server} +mkdir -m 0750 -p $RPM_BUILD_ROOT%{_rundir}/%{name}-{client,server} mkdir -m 0770 -p $RPM_BUILD_ROOT%{_sharedstatedir}/%{name} # Package installs into %%{_pkgdocdir} directly -# Add further files -cp -a AUTHORS contrib sample %{SOURCE4} $RPM_BUILD_ROOT%{_pkgdocdir} +# Add various additional files +cp -a AUTHORS ChangeLog contrib sample distro/systemd/README.systemd $RPM_BUILD_ROOT%{_pkgdocdir} # Remove some files which does not really belong here rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/sample/Makefile{,.in,.am} rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/multilevel-init.patch rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/sample/sample-keys -rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/keychain-mcd %pre getent group openvpn &>/dev/null || groupadd -r openvpn @@ -158,7 +162,7 @@ getent passwd openvpn &>/dev/null || \ %files %{_pkgdocdir} %exclude %{_pkgdocdir}/README.IPv6 -%exclude %{_pkgdocdir}/README.polarssl +%exclude %{_pkgdocdir}/README.mbedtls %exclude %{_pkgdocdir}/sample/sample-plugins %{_mandir}/man8/%{name}.8* %{_sbindir}/%{name} @@ -167,10 +171,10 @@ getent passwd openvpn &>/dev/null || \ %{_unitdir}/%{name}-server@.service %{_tmpfilesdir}/%{name}.conf %config %dir %{_sysconfdir}/%{name}/ -%config %dir %{_sysconfdir}/%{name}/client -%config %dir %{_sysconfdir}/%{name}/server -%attr(0710,-,-) %{_rundir}/%{name}-client -%attr(0710,-,-) %{_rundir}/%{name}-server +%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/client +%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/server +%attr(0750,-,openvpn) %{_rundir}/%{name}-client +%attr(0750,-,openvpn) %{_rundir}/%{name}-server %attr(0770,openvpn,openvpn) %{_sharedstatedir}/%{name} %files devel @@ -180,6 +184,17 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Fri Feb 16 2018 David Sommerseth - 2.4.5-1 +- Updating to upstream, openvpn-2.4.5 +- Package upstream ChangeLog, which contains a bit more details than Changes.rst +- Cleaned up spec file further, removed Group: tag, trimmed changelog section, + added gcc to BuildRequires. +- Excluded not relevant file, README.mbedtls +- Package upstream version of README.systemd +- Fix wrong group owner of /etc/openvpn/{client,server} (rhbz#1526743) +- Changed crypto self-test to test AES-{128,256}-{CBC,GCM} instead of only BF-CBC (deprecated) +- Change /run/openvpn-{client,server} permissions to be 0750 instead of 0710, with group set to openvpn + * Thu Feb 08 2018 Fedora Release Engineering - 2.4.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild @@ -187,7 +202,7 @@ getent passwd openvpn &>/dev/null || \ - Fix systemd executions/requirements * Tue Sep 26 2017 David Sommerseth - 2.4.4-1 -- Update to latest upstream release +- Update to upstream openvpn-2.4.4 - Includes fix for possible stack overflow if --key-method 1 is used {CVE-2017-12166} * Fri Aug 4 2017 David Sommerseth - 2.4.3-4 @@ -214,6 +229,7 @@ getent passwd openvpn &>/dev/null || \ - Install and take ownership of /var/lib/openvpn (rhbz#922786) * Thu May 11 2017 David Sommerseth - 2.4.2-1 +- Updating to upstream openvpn-2.4.2 - Switching back to OpenSSL, using compat-openssl10 (rhbz#1443749, rhbz#1432125, rhbz#1440468) - Re-enabling --enable-x509-alt-username (rhbz#1443942) - Add --enable-selinux @@ -250,386 +266,3 @@ getent passwd openvpn &>/dev/null || \ * Tue Dec 27 2016 Jon Ciesla 2.4.0-1 - 2.4.0. -* Wed Dec 07 2016 Jon Ciesla 2.3.14-1 -- 2.3.14. - -* Thu Nov 03 2016 Jon Ciesla 2.3.13-1 -- 2.3.13. - -* Tue Aug 23 2016 Jon Ciesla 2.3.12-1 -- 2.3.12. - -* Tue May 10 2016 Jon Ciesla 2.3.11-1 -- 2.3.11. - -* Thu Feb 04 2016 Fedora Release Engineering - 2.3.10-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - -* Mon Jan 04 2016 Jon Ciesla 2.3.10-1 -- 2.3.10. - -* Wed Dec 16 2015 Jon Ciesla 2.3.9-1 -- 2.3.9. - -* Tue Aug 04 2015 Jon Ciesla 2.3.8-1 -- 2.3.8. - -* Thu Jun 18 2015 Fedora Release Engineering - 2.3.7-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild - -* Tue Jun 09 2015 Jon Ciesla 2.3.7-1 -- 2.3.7, BZ 1229504. - -* Fri Nov 21 2014 Ralf Corsépius - 2.3.5-2 -- Rework package doc handling (RHBZ #1165004). - -* Tue Oct 28 2014 Jon Ciesla 2.3.5-1 -- 2.3.5. - -* Tue Aug 26 2014 Jan Vcelak 2.3.4-4 -- Enable systemd support. - -* Sun Aug 17 2014 Fedora Release Engineering - 2.3.4-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild - -* Sat Jun 07 2014 Fedora Release Engineering - 2.3.4-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild - -* Fri May 02 2014 Jon Ciesla 2.3.4-1 -- 2.3.4. -- Disable make check until upstream provides non-md5 sample keys. -- Filed upstream https://community.openvpn.net/openvpn/ticket/400#ticket - -* Fri Apr 11 2014 Jon Ciesla 2.3.3-1 -- Latest uptream, needs pkcs11-helper >= 1.11 - -* Sun Jan 19 2014 Ville Skyttä - 2.3.2-5 -- Don't order service after syslog.target. - -* Thu Sep 12 2013 Jon Ciesla 2.3.2-4 -- Enable --enable-x509-alt-username, BZ 1007184. - -* Wed Aug 07 2013 Jon Ciesla 2.3.2-3 -- Fix find syntax to fix FTBFS, BZ 992411. - -* Sat Aug 03 2013 Fedora Release Engineering - 2.3.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild - -* Mon Jun 03 2013 Jon Ciesla 2.3.2-1 -- 2.3.2, BZ 970089. - -* Thu May 16 2013 Jon Ciesla 2.3.1-4 -- chmod -x .service, BZ 963914. - -* Thu May 16 2013 Jon Ciesla 2.3.1-3 -- Enable --enable-pkcs11, BZ 963868. - -* Mon Apr 08 2013 Kalev Lember 2.3.1-2 -- Update perl requires filtering - -* Tue Apr 02 2013 Jon Ciesla 2.3.1-1 -- 2.3.1, BZ 929402. - -* Thu Feb 14 2013 Fedora Release Engineering - 2.3.0-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild - -* Tue Jan 15 2013 Jon Ciesla 2.3.0-1 -- 2.3.0, BZ 893700. - -* Wed Sep 26 2012 Jon Ciesla 2.2.2-9 -- Dropped net-tools, BZ 785794. - -* Wed Sep 05 2012 Jon Ciesla 2.2.2-8 -- Dropped config from tmpfiles conf. - -* Wed Sep 05 2012 Jon Ciesla 2.2.2-7 -- Fix tmpfiles location, BZ 840188. -- Fix run ownership, BZ 854440. - -* Fri Jul 20 2012 Fedora Release Engineering - 2.2.2-6 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild - -* Thu Apr 12 2012 Jon Ciesla 2.2.2-5 -- Add hardened build. - -* Mon Feb 13 2012 Jon Ciesla 2.2.2-4 -- Use PrivateTmp=true, BZ 782522. - -* Wed Feb 8 2012 Kay Sievers - 2.2.2-3 -- Drop dependency on 'dev' package; it is gone since many years - -* Fri Jan 13 2012 Fedora Release Engineering - 2.2.2-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild - -* Fri Dec 23 2011 Jon Ciesla 2.2.2-1 -- Update to 2.2.2. - -* Fri Sep 9 2011 Tom Callaway 2.2.1-2 -- convert to systemd - -* Fri Jul 08 2011 Jon Ciesla 2.2.1-1 -- Update to 2.2.1. - -* Fri Jun 17 2011 Jon Ciesla 2.2.0-2 -- Bump and rebuild for BZ 712251. - -* Thu May 19 2011 Jon Ciesla 2.2.0-1 -- Update to 2.2.0. - -* Thu Mar 17 2011 Jon Ciesla 2.1.4-1 -- Update to 2.1.4. - -* Tue Feb 08 2011 Fedora Release Engineering - 2.1.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Thu Oct 07 2010 Jon Ciesla 2.1.3-1 -- Update to 2.1.3. - -* Thu Aug 19 2010 Steven Pritchard 2.1.2-1 -- Update to 2.1.2. - -* Mon Jan 04 2010 Jon Ciesla 2.1.1-2 -- Fix init script *.sh sourcing, BZ 498348. -- Added init script info block, BZ 392991, BZ 541219. - -* Fri Dec 11 2009 Steven Pritchard 2.1.1-1 -- Update to 2.1.1. - -* Sat Nov 21 2009 Steven Pritchard 2.1-0.39.rc22 -- Update to 2.1_rc22. - -* Thu Nov 12 2009 Steven Pritchard 2.1-0.38.rc21 -- Update to 2.1_rc21. - -* Sun Oct 25 2009 Robert Scheck 2.1-0.37.rc20 -- Added script_security initialisation in initscript (#458594 #c20) - -* Fri Oct 02 2009 Steven Pritchard 2.1-0.36.rc20 -- Update to 2.1_rc20. - -* Sun Sep 06 2009 Kalev Lember - 2.1-0.35.rc19 -- Update to 2.1_rc19 -- Build with pkcs11-helper - -* Fri Aug 21 2009 Tomas Mraz - 2.1-0.34.rc15 -- rebuilt with new openssl - -* Sat Jul 25 2009 Fedora Release Engineering - 2.1-0.33.rc15 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild - -* Thu Feb 26 2009 Fedora Release Engineering - 2.1-0.32.rc15 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild - -* Sat Jan 17 2009 Tomas Mraz 2.1-0.31.rc15 -- rebuild with new openssl - -* Thu Dec 11 2008 Steven Pritchard 2.1-0.30.rc15 -- Attempt to fix BZ#476129. - -* Sat Nov 29 2008 Robert Scheck 2.1-0.29.rc15 -- Update to 2.1_rc15 - -* Wed Aug 13 2008 Steven Pritchard 2.1-0.28.rc9 -- Add "--script-security 2" by default for backwards compatibility - (see bug #458594). - -* Fri Aug 01 2008 Steven Pritchard 2.1-0.27.rc9 -- Update to 2.1_rc9. - -* Sat Jun 14 2008 Steven Pritchard 2.1-0.26.rc8 -- Update to 2.1_rc8. -- Update License tag. - -* Tue Feb 19 2008 Fedora Release Engineering - 2.1-0.25.rc7 -- Autorebuild for GCC 4.3 - -* Tue Jan 29 2008 Steven Pritchard 2.1-0.24.rc7 -- Update to 2.1_rc7 -- Drop BETA21-userpriv-fixups.patch (upstream) - -* Fri Jan 25 2008 Steven Pritchard 2.1-0.23.rc6 -- Apply update to BETA21-userpriv-fixups.patch from Alon Bar-Lev - -* Thu Jan 24 2008 Steven Pritchard 2.1-0.22.rc6 -- Update to 2.1_rc6 -- Pass paths to ifconfig, ip, and route to configure -- BR iproute and Require iproute and net-tools -- Add BETA21-userpriv-fixups.patch from Alon Bar-Lev - -* Wed Jan 23 2008 Steven Pritchard 2.1-0.21.rc5 -- Update to 2.1_rc5 - -* Wed Dec 05 2007 Steven Pritchard 2.1-0.20.rc4 -- Remove check macro cruft. - -* Thu Apr 26 2007 Steven Pritchard 2.1-0.19.rc4 -- Update to 2.1_rc4 - -* Mon Apr 23 2007 Steven Pritchard 2.1-0.18.rc3 -- Update to 2.1_rc3 - -* Fri Mar 02 2007 Steven Pritchard 2.1-0.17.rc2 -- Update to 2.1_rc2 - -* Tue Feb 27 2007 Steven Pritchard 2.1-0.16.rc1 -- Randomize ports for tests to avoid conflicts on the build servers - -* Tue Feb 27 2007 Steven Pritchard 2.1-0.15.rc1 -- Update to 2.1_rc1 - -* Mon Oct 02 2006 Steven Pritchard 2.1-0.14.beta16 -- Update to 2.1_beta16 -- Drop Paul's patch (in upstream) - -* Tue Sep 12 2006 Steven Pritchard 2.1-0.13.beta15 -- Update to 2.1_beta15 -- Add openvpn-2.1_beta15-test-timeout.patch to avoid test hang - (from Paul Howarth) - -* Mon Aug 28 2006 Steven Pritchard 2.1-0.12.beta14 -- Rebuild - -* Mon Jul 31 2006 Steven Pritchard 2.1-0.11.beta14 -- Rebuild - -* Fri Apr 14 2006 Steven Pritchard 2.1-0.10.beta14 -- Update to 2.1_beta14 - -* Wed Apr 12 2006 Steven Pritchard 2.1-0.9.beta13 -- Update to 2.1_beta13 - -* Wed Apr 05 2006 Steven Pritchard 2.1-0.8.beta12 -- Update to 2.1_beta12 (BZ#188050/CVE-2006-1629) - -* Tue Feb 21 2006 Steven Pritchard 2.1-0.7.beta11 -- Update to 2.1_beta11 - -* Tue Feb 14 2006 Steven Pritchard 2.1-0.6.beta8 -- Update to 2.1_beta8 - -* Wed Jan 04 2006 Steven Pritchard 2.1-0.5.beta7 -- Man page shouldn't be executable (BZ#176953) - -* Tue Dec 06 2005 Steven Pritchard 2.1-0.4.beta7 -- Rebuild - -* Fri Nov 18 2005 Steven Pritchard 2.1-0.3.beta7 -- Update to 2.1_beta7 - -* Tue Nov 08 2005 Steven Pritchard 2.1-0.2.beta6 -- Make sample-scripts (etc.) non-executable to avoid some dependencies - -* Wed Nov 02 2005 Steven Pritchard 2.1-0.1.beta6 -- Update to 2.1_beta6 - -* Mon Oct 17 2005 Steven Pritchard 2.1-0.1.beta4 -- Update to 2.1_beta4 - -* Thu Aug 25 2005 Steven Pritchard 2.0.2-1 -- Update to 2.0.2 -- Refine roadwarrior-server.conf a bit - -* Mon Aug 22 2005 Steven Pritchard 2.0.1-1 -- Update to 2.0.1 - -* Mon Jun 27 2005 Steven Pritchard 2.0-2 -- Move the plugin directory to _libdir -- Drop the easy-rsa/Windows directory -- Comment cleanups -- Add "processname" header to init script -- The init script isn't a config file -- Tag contrib, sample-config-files, sample-keys, and sample-scripts as doc -- Create/own pid dir - -* Sat Jun 25 2005 Steven Pritchard 2.0-1 -- Update to 2.0 final -- Drop Epoch: 0 and rebuild for Fedora Extras - -* Wed Feb 16 2005 Steven Pritchard 0:2.0-0.fdr.0.14.rc13 -- Fix/add paths to useradd - -* Mon Feb 14 2005 Steven Pritchard 0:2.0-0.fdr.0.13.rc13 -- Update to 2.0_rc13 -- More spec cleanup (suggestions from Matthias Saou) - -* Tue Feb 08 2005 Steven Pritchard 0:2.0-0.fdr.0.12.rc12 -- Update to 2.0_rc12 -- Small spec cleanups -- Drop perl auto-requirements entirely - -* Mon Dec 20 2004 Steven Pritchard 0:2.0-0.fdr.0.11.rc6 -- Add down-root and auth-pam plugins -- Add --enable-password-save and --enable-iproute2 -- Add crypto and loopback tests (somewhat time-consuming) - -* Thu Dec 16 2004 Steven Pritchard 0:2.0-0.fdr.0.10.rc5 -- Update to 2.0_rc5 -- Change the port to 1194 in the roadwarrior-*.conf samples -- Change openvpn-init.patch to reformat the description in the init script -- Modify the Summary and description (OpenVPN isn't UDP-only) - -* Tue Dec 14 2004 Steven Pritchard 0:2.0-0.fdr.0.9.rc1 -- Remove the perl(Authen::PAM) dependency - -* Thu Dec 09 2004 Steven Pritchard 0:2.0-0.fdr.0.8.rc1 -- Update to 2.0_rc1 - -* Tue Nov 16 2004 Steven Pritchard 0:2.0-0.fdr.0.7.beta17 -- Update to 2.0_beta17 -- Require dev instead of /dev/net/tun (for udev compatibility) -- Change openvpn-init.patch to match upstream (starts even earlier now) - -* Wed Aug 04 2004 Steven Pritchard 0:2.0-0.fdr.0.6.beta10 -- Remove unnecessary BuildRequires: kernel-headers - -* Tue Aug 03 2004 Steven Pritchard 0:2.0-0.fdr.0.5.beta10 -- Update to 2.0_beta10 -- Minor fix to configuration example -- Change the init script to start a little earlier and stop much later - (after netfs) by default -- Remove a lot of unnecessary macro use (install/mkdir/cp) -- Don't create /dev/net/tun, use Requires instead - -* Sat Jul 17 2004 Steven Pritchard 0:2.0-0.fdr.0.4.beta7 -- Update to 2.0_beta7 -- Include gpg signature in source rpm -- Include 2.0-style configuration examples -- Minor spec cleanup - -* Wed Apr 28 2004 Steven Pritchard 0:2.0-0.fdr.0.3.test23 -- Add openvpn-init.patch to leave the init script disabled by default - -* Wed Apr 28 2004 Steven Pritchard 0:2.0-0.fdr.0.2.test23 -- Fix URL and Source0 -- Add an openvpn user - -* Wed Apr 28 2004 Steven Pritchard 0:2.0-0.fdr.0.1.test23 -- Update to 2.0_test23 -- BuildRequires lzo-devel, kernel-headers, openssl-devel -- Lots of spec cleanup - -* Sun Feb 23 2003 Matthias Andree 1.3.2.14-1 -- Have the version number filled in by autoconf. - -* Wed Jul 10 2002 James Yonan 1.3.1-1 -- Fixed %%preun to only remove service on final uninstall - -* Mon Jun 17 2002 bishop clark (LC957) 1.2.2-1 -- Added condrestart to openvpn.spec & openvpn.init. - -* Wed May 22 2002 James Yonan 1.2.0-1 -- Added mknod for Linux 2.4. - -* Wed May 15 2002 Doug Keller 1.1.1.16-2 -- Added init scripts -- Added conf file support - -* Mon May 13 2002 bishop clark (LC957) 1.1.1.14-1 -- Added new directories for config examples and such - -* Sun May 12 2002 bishop clark (LC957) 1.1.1.13-1 -- Updated buildroot directive and cleanup command -- added easy-rsa utilities - -* Mon Mar 25 2002 bishop clark (LC957) 1.0-1 -- Initial build. From 5b9c26be7a9944df28007548ce607c67522e3605 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 1 Mar 2018 15:18:14 +0100 Subject: [PATCH 129/168] Upload new sources for openvpn-2.4.5 Signed-off-by: David Sommerseth --- .gitignore | 2 ++ sources | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 2d25917..62b786e 100644 --- a/.gitignore +++ b/.gitignore @@ -52,3 +52,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.4.3.tar.xz /openvpn-2.4.4.tar.xz /openvpn-2.4.4.tar.xz.asc +/openvpn-2.4.5.tar.xz +/openvpn-2.4.5.tar.xz.asc diff --git a/sources b/sources index 2b0384f..e030894 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.4.4.tar.xz) = c171d1243ab739310247f076483592758e71f810f7b29b507d3a67b86b3b87e1e854d240d25a3428a7b31b7cf2958ad17987d32151da6ed7ec27d698837d3273 -SHA512 (openvpn-2.4.4.tar.xz.asc) = a6b462bd71e0e8b4d0b985bed4b0c231bff70ce1ba5bf6623625ea5254d6e73c0646731e67d0cb06edf0eac09a275279c3ce2fa8cde60be717659ed0af0279dd +SHA512 (openvpn-2.4.5.tar.xz) = a1a169039142bd64e7fc6e8b79d73e0b180e7195e3d57b18700fb1930bdc50c6d18f5c28e2715f4de753ce7d5f09ca3387573355e6d1fbd17ca5fbfc9a6cb47e +SHA512 (openvpn-2.4.5.tar.xz.asc) = 1191c29fcf7609ae65004849fcda6aa7add721a14ff0d3c096a669661e42b92d2e69caff682cc92be2049fd770c6de147f8ee067ad26176e1787f4a3d6a64d2d From 2b76ccae3be3088a1f3512d61dfbfad50ae0f7c8 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 1 Mar 2018 15:51:08 +0100 Subject: [PATCH 130/168] Builds now require gnupg2 explicitily Signed-off-by: David Sommerseth --- openvpn.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index aba5a8e..05ca6c2 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -20,6 +20,7 @@ Patch1: 0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.pat Patch2: 0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch Patch50: openvpn-2.4-change-tmpfiles-permissions.patch License: GPLv2 +BuildRequires: gnupg2 BuildRequires: gcc BuildRequires: systemd-devel BuildRequires: lzo-devel @@ -184,7 +185,7 @@ getent passwd openvpn &>/dev/null || \ %changelog -* Fri Feb 16 2018 David Sommerseth - 2.4.5-1 +* Thu Mar 1 2018 David Sommerseth - 2.4.5-1 - Updating to upstream, openvpn-2.4.5 - Package upstream ChangeLog, which contains a bit more details than Changes.rst - Cleaned up spec file further, removed Group: tag, trimmed changelog section, From fb44c2931f2e4db9fb2cbfc3403751bb40f997af Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 26 Apr 2018 16:29:36 +0200 Subject: [PATCH 131/168] Updating to upstream, openvpn-2.4.6 --- .gitignore | 2 ++ ...in-ChangeLog-should-be-2.4.5-was-mis.patch | 27 ------------------ ...54A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg | Bin 3861 -> 6564 bytes openvpn.spec | 7 +++-- sources | 4 +-- 5 files changed, 8 insertions(+), 32 deletions(-) delete mode 100644 0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch diff --git a/.gitignore b/.gitignore index 62b786e..d06925e 100644 --- a/.gitignore +++ b/.gitignore @@ -54,3 +54,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.4.4.tar.xz.asc /openvpn-2.4.5.tar.xz /openvpn-2.4.5.tar.xz.asc +/openvpn-2.4.6.tar.xz +/openvpn-2.4.6.tar.xz.asc diff --git a/0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch b/0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch deleted file mode 100644 index d8c4616..0000000 --- a/0001-Correct-version-in-ChangeLog-should-be-2.4.5-was-mis.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 161afbebdc2b7e244a136182a676ad55347c9cf5 Mon Sep 17 00:00:00 2001 -From: Gert Doering -Date: Thu, 1 Mar 2018 10:11:08 +0100 -Subject: [PATCH] Correct version in ChangeLog - should be 2.4.5, was mistyped - as 2.4.4 - -Signed-off-by: Gert Doering ---- - ChangeLog | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ChangeLog b/ChangeLog -index 99772a33..0db3e5b8 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -1,7 +1,7 @@ - OpenVPN Change Log - Copyright (C) 2002-2018 OpenVPN Inc - --2018.02.28 -- Version 2.4.4 -+2018.02.28 -- Version 2.4.5 - Antonio Quartulli (4): - reload HTTP proxy credentials when moving to the next connection profile - Allow learning iroutes with network made up of all 0s (only if netbits < 8) --- -2.13.5 - diff --git a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg index 1492b6d0fe9e3dce805ac2c33cfe134fbe1461e3..4dff7eb34cc63d7efcc87a2f778c0bd6cb8585a4 100644 GIT binary patch delta 2732 zcmV;d3RCr!9;7p{6%T*80u2OOpg`CG5CG4r38UZ#OoVo%<%RKz&JQ zC8~Su$-L{R=Ys`YV=z_`#bJtrYD@|Q-v+QDeGF3e29ym0RA5SY!~{zR3OhN#5i>wcBEDzAU~ON{Htwoc+vByeB~ z()u;4wVf>O zs4S`;X_1{k4K-}zn7%+rOd6n@H^|F-Ha7{KY_x9n~Yt6;v z8e5Ww&dG*Y_4Jt2#buQQkwdSdz6@~yCf4muInz?%QD}caPv+t_DP@M*L8+Z%dWzC+ z;F$V8R53yOPxGu5A6XyI1HAK!f&!L9iTu1xbTXPBc#m4?bdhVm3!1#eZ4~JsWB0Ah zoL`XAUf)L)w@+6b)0n`G5qP5u41KbDf1VUhfN}>z?lc0HXv1G%yl2`WPMPH-l z2o3Q%(qey+kCr^6(9&Yp6|DFV$Y%f%0RRDs1VjWF0RjLI1p->2K-dBs0tE>H;WK~& zDG3k~_4l+dD*@-hT_6M*0RjL91p->2K-d5Z2@vrzvCFR$9IpFz5C2a?{dcTr7-v4s z@iIJ<95CXaGH~g4j_qucdTCM(!YnEl>qS=5H5-4MF*w1;_~lE5-#0{iN&_n|19Rrj z9G8fe(^h4PY=8WRx34G9QfOzFsg_+p(#OD0R}6+UeJ6@AVbCsj4fxd`7jyzyexkDG z8lL5%mY?LgS4tX1#tl_d0RxdDmc8K;fU5TwZU={H^ z-Z6i~I)Pw}(A&Z1k}JpQF0-$;`b&;riLW%5zxD|u?x5Tr^I7M!YI8m)0xHeg6dMdE z75UqQIoQ_FuLloN+0sC<659Y1L;#MnEcfr zY3hfY>{;Re%8g;cuMz>@qvloCC~mS6J!^k|HNNI5>!eMFfN*t^Ws3;NN2YaAWA=@B zU&sd(hZifz?A;jlrVDMO)I&)vb)7md zYc~1`#B=s#$=!2t2mMJ9Cpvj5b8q$sou~n;&RLp@A8tzF{XXd)r=P7bmq}@Qw7mB% zGsuN^FTINYC~_$Q3}-)@AnINXl@BUZ3nQus300&4s;?DSk>rh0$Cb^Y078EV!ujY| zfID*@8)SeBQ!M=2uIIpVJ9d$>#dWa@N5NixuVWc{0-K#tC!Q_Ly|8zd_KeXQqu0GkekrmdobP#D$mg6$ z_(|1`)+at`szp5T{mP(G@Vh&6#~=OowZ;)oFL6W?nJJ#G|E9SD4Fp=CK?ea40MAyd zo{#9}D*`)BQDAbzMvQ-vz1V~++rPE4fm6(j%Iv2e8?86^yvYKkBIW>~&)SW^C3g$W z;sEm@z?n%A2#rjdM;zkt)1x2{@HGUHFZh5UHxY>t{7iTmgf^`47?5t;xp)`6U&*t3 zjTA`BTLQ`Jj{1q(FV=X94Hz({Dln8Ma1D)(nKs-2LFDv|nMHpwCzfKG;>LuYsyRv- z8o>&*$u&|z{iNqB$p@HYt#eH;bjE`ERf6^GqoOhWFcBx9!9D|asjtjUD=I#%&){IL*i z;k96SXx?HKfyyyT25?yhhZ7zk<`lfPB=Acl=KlpBz7gH3`E}j>v3F8#tyxNea`X@6 zU=+|@&(4l@<%clb5xO%-^KgGGa}Yjue$htnhGHeQie-PjoFyv>mCSxB^^33VgAgy( z1u2+~MDJGAmM3gMs)?+nhX-c#s@O`%H0coRW zifIvy+eKp-;i!$Z!_%x#Fos9cS2K?edG3!|1-U>!E;z`?nL2B|O zu(MfnkFqMvS9-FUm>|dzKd=?;TRdA4G*|E_xWV`!gQ+@2;$1glQ}AaCAcdqngX39# zUMk5S4PJ{W8teN@xB;ffIw8!o@U=L*DP|OTl?d`uVRkK!MiFGpgv-E0IxG-RX3Hd* m/dev/null || \ %changelog +* Thu Apr 26 2018 David Sommerseth - 2.4.6-1 +- Updating to upstream, openvpn-2.4.6 + * Thu Mar 1 2018 David Sommerseth - 2.4.5-1 - Updating to upstream, openvpn-2.4.5 - Package upstream ChangeLog, which contains a bit more details than Changes.rst diff --git a/sources b/sources index e030894..b0dfe1b 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.4.5.tar.xz) = a1a169039142bd64e7fc6e8b79d73e0b180e7195e3d57b18700fb1930bdc50c6d18f5c28e2715f4de753ce7d5f09ca3387573355e6d1fbd17ca5fbfc9a6cb47e -SHA512 (openvpn-2.4.5.tar.xz.asc) = 1191c29fcf7609ae65004849fcda6aa7add721a14ff0d3c096a669661e42b92d2e69caff682cc92be2049fd770c6de147f8ee067ad26176e1787f4a3d6a64d2d +SHA512 (openvpn-2.4.6.tar.xz) = da4301a4655a5bc224de59ba74fe15005ea856cc43b404aa32caa7065f49adc69f4747ba646f228554d5b6629323f434ee0e04ee71d2103964b9bab23d185ebe +SHA512 (openvpn-2.4.6.tar.xz.asc) = cec75ebb17e5bf481135bf8f1bc2cf0bf841428d119d5f445136b67edfc7eaf23bd94ca781431194ddd961841d93c95bbbee77a2a1a81499605f2ce53e175a1f From a312456315e22b9fd2de9eb79b6ea5342621fabc Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 13 Jul 2018 15:14:00 +0000 Subject: [PATCH 132/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index b128eb2..56dfc2b 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,7 +7,7 @@ Name: openvpn Version: 2.4.6 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -183,6 +183,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Fri Jul 13 2018 Fedora Release Engineering - 2.4.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Thu Apr 26 2018 David Sommerseth - 2.4.6-1 - Updating to upstream, openvpn-2.4.6 From 2bb4f27d769de1e5c670963294b5ca871f4026a5 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Sat, 6 Oct 2018 17:00:45 +0300 Subject: [PATCH 133/168] Enable the asynchronous push feature, which can improve connect speeds with slow authentication backends --- openvpn.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 56dfc2b..4c0bd66 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,7 +7,7 @@ Name: openvpn Version: 2.4.6 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Release: 3%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -80,6 +80,7 @@ find contrib sample -type f -perm /100 \ --enable-selinux \ --enable-systemd \ --enable-x509-alt-username \ + --enable-async-push \ --docdir=%{_pkgdocdir} \ SYSTEMD_UNIT_DIR=%{_unitdir} \ TMPFILES_DIR=%{_tmpfilesdir} \ @@ -183,6 +184,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Sat Oct 6 2018 David Sommerseth - 2.4.6-3 +- Enable the asynchronous push feature, which can improve connect speeds with slow authentication backends + * Fri Jul 13 2018 Fedora Release Engineering - 2.4.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild From 3e200bf99cb47fd90126df4667da818cb9674e09 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Mon, 28 Jan 2019 20:18:00 +0100 Subject: [PATCH 134/168] Remove obsolete Group tag References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag --- openvpn.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 4c0bd66..285a084 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -49,7 +49,6 @@ port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression. %package devel -Group: Applications/Internet Summary: Development headers and examples for OpenVPN plug-ins %description devel From f9b0e3533c959109eab862e1dac1e85ed27c5cf3 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 1 Feb 2019 17:35:21 +0000 Subject: [PATCH 135/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 285a084..b49fa4e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,7 +7,7 @@ Name: openvpn Version: 2.4.6 -Release: 3%{?prerelease:.%{prerelease}}%{?dist} +Release: 4%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -183,6 +183,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Fri Feb 01 2019 Fedora Release Engineering - 2.4.6-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Sat Oct 6 2018 David Sommerseth - 2.4.6-3 - Enable the asynchronous push feature, which can improve connect speeds with slow authentication backends From ba79cfa93ad3f07688564d934b06fc3115a52ebc Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 20 Feb 2019 14:48:42 +0100 Subject: [PATCH 136/168] Updating to upstream OpenVPN 2.4.7 The unit file patch had to be slightly adopted to fit with upstream changes. And the signing key has been updated. Signed-off-by: David Sommerseth --- .gitignore | 2 ++ ...lt-cipher-to-AES-256-GCM-for-server-.patch | 2 +- ...54A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg | Bin 6564 -> 27725 bytes openvpn.spec | 11 +++++++---- 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index d06925e..e7a97cd 100644 --- a/.gitignore +++ b/.gitignore @@ -56,3 +56,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.4.5.tar.xz.asc /openvpn-2.4.6.tar.xz /openvpn-2.4.6.tar.xz.asc +/openvpn-2.4.7.tar.xz +/openvpn-2.4.7.tar.xz.asc diff --git a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch index 14a16ac..7e11fe8 100644 --- a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch +++ b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch @@ -24,7 +24,7 @@ index 9a8a2c7..0ecda08 100644 WorkingDirectory=/etc/openvpn/server -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf - CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE + CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE LimitNPROC=10 DeviceAllow=/dev/null rw -- diff --git a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg index 4dff7eb34cc63d7efcc87a2f778c0bd6cb8585a4..0bb85fbbbd2c356e6f21e4d2f08e7dde06591970 100644 GIT binary patch delta 21354 zcmYhCQ(#?9z-VLJw$a$O&BnH!1}C;{qp_{Vw#~-2bKC#Fz4v=v59eX+wP$9}nJHqK zTmh~P0Rx1C;DI3lLjgg6gJ>4UK?A`+BWbK>R~Yg{=j-nyez_mqtgW=A8m->#2zd-1Nb12O?-r4Gx!Kf;!2JLV$C15Ek5#VzMkQ>PsmJBew#{Lp?2MVq z2`A2BYzR~|EY{#9=*N5+{D!VQFgl+;p^j|8ya|An7z?Lj1B-8c70<}kM_CJw^akVe z6MCl-V6o9#dkiOFiBC`#raLj0iYTP;+Lxjx*%352E zN3MSDnXAA6pmFqp*R=IQsIHhNIrb|*x*SeGy!xdE&A(GMQf2w7)prS34?}mR)kJH6XlGs06X|{8QkG&mrklLK1&|UkC&mc zT;}*zk~C0Gs`YhNV6;>3y2#RkdHg{xUeFb$!U$Zuvi>-|?OkUtwZAXQECcW| z;!RbhJL$-bGM>RtWY<7ryfxrrW*vm%@U@c%LYBh~i4O_i2q^|Jn7yES0J8Em zk2Trt`?F+jV79aQ9XNVwR*cSyc3M00-_$XuUcDSTbKU5HGawJn-cB81Nd%yy} zkk;AE@jVz5_Po}*?HaBYTe3!Lnm1J1pmEBI;0Hw6THf~Ts(<(;ABQYQr~9bvg3WD~ zc$n8EIO#Y`ML|(xoaIjmnZ`z^&p2WjD7V~N?n)i+`*rWSB*1u@OHDk#7b)1{-Z~YP z%Jo2TmHt~i_gLJ-vfN8?WiK^UMtbU<3sA z1S|rj$zeOZI%b(BOF`=0%SHFe3N&OdZ%lU5D<50J0<%`>8@e1H?20c`zBd8e9^J^0 z!!3=!j5JO~hvtZ7uJqgnYtQVHmETwblf{dWh`3kFrtmA5Wy6Db3>2io^>w>!OP&GW z8JU{sxQ!qLm4P2?Ov?mDxpK9KSj99U`2-BP)1UQbvm$Dk!Q7#hk`LVky+QK7-%=P zmuGKBw0*8;SU^?VTI^+nL~TEOZ2trZ7Ok#IhVEH$3LNIYMaEupG2$QcwZVh&FsCP! z@8QNtXJ}e)nVKM&g>i|~TH6LH$^bN17r6(pM-+qcw!MKaFU05zTF4_wvz$w|Mcb!r z<^_~(UfQ|wr}wNht2BTRBshL)%kz(N*DbFV_=e;zQpDMH7(KvK^}lb)rPKo;C`WZ* zKD!cyHS)}Fm(%->1h-K2kl@F0liH7l>pu8k*vW>heXL$ z{T=KXhwkLcbLvN@f4(Z9GdfhrnhZ$m?EdnC{+HM(MK%tg%Sv4%8MhN|u()0RLyUgG zaH!u(9x7S;JE+&aoUG_@2VR+_X#$6RsO%g(=-Zj%Rh7CV4!)v)76EN3f}W5HDHh%= zEzoJnr)EY7mu zX8R4KV!K7FL%NSyYSNy=iM9+UpFv?b8-ek{Hu95k)j{q{m|rme;IqUhLP{4lQOtrO zr6d+>b+166ZAMK?IOcwQ_7R;jn6IaAurFy>W3qBBgH=(@hH!U)b&{nyca}~t3-n4d zP#}N$J~F?2Q^X9wy(|R!Qwy5i0B??uOTiQtwqr*AXoup5oFKcvJ+rKUeHkf#v`<487hISw7!oqb|GeAT%KZ|jbjpGx?z{Aa!wO~o-anMV zLB6ltu>E~*|41PtP_B*>g62R>IBr(VH5;HV3yMoMX|V$+uX zpRBMayDG-t!WQ;N0=Tfo&W)rf{;G1f0_mEMhMzo7^d!jcSO-T{lMIoY6@%PNM-9`- z=srayJNEEcw$}c;u~=iD_4jbwiSPA%)*;ti3ebJ(p%Z==9IFm zhG+*eTT&)G=rrkR1)o*{c<)1kzkxiB^ziA^p7M3K_ew+fy*2Sikj9AwK}vrNC=f!l~~B*d7QBOPM|}PQruwZ`i8@KXl4oQ=R=$E{~u` z4o7!dx)t|}5TH{iyBt2hvQu>_1&O=iao~hi2xji_2gD(^6dAPK&xVRMrlZZriYO!x zwsUWyfUm%8NWP6*o$3aSbJ1E208s*f?+Qm}nHS}^HH zk%ad^ZunAZ7s`$E2-lkf>{`5KRROWnaTobfPAn@8yds0kuO4j7U7(w zIhRUUJO5f1hH&1&H;Pgi5AfJ`*dsuus73ZU0jql*Zbcl~P!<$qVe-!uH;{~96{!$ta$$0amL5BX()>kM1!o!DLmy^)4# zB8gAot7g2&>!V14J8EUuL-26NZo-VKh3M0-`bBMj0CsMeObakrAbTNaAFi^iLIeL* zrbp5H+fr54x%4LpR_Mez;X+KjLb>_2hG99XC1BXvo?<>St;7T}`yvj0lS_ToQf|z` zRCCg{fLZmyBC%HC+bp9>cTuMqu~pW@vY*q1^N$XkJx?gX81Svp71HGNep-Kz;CNbf z#LkSQOl2mT=R994mV#;D@vh7>szFC=Q@8^9*~1SCH}_eV!!5_&NlzKSMf)~*Dh@B+ zUO=&dp0hHs3~uKM21$RzVUO_Cw$4faV9+Bs771GQqqo9WZ#eMZ6%5q>jBC8Y2PCd2=Gwmx zke#}=A$$RQYz$)E1d9TuZSK=jWvk6d$1d-ORCfE(0Ajodi4@7Ng(8+dqI2z)i)znU z&(cxUhU3Bl7#KYo!sXBAv~X)A=gL1^o?;bYO|lDV^`J-pUNw zLmPX32Fw$)>?cw%U0tBkI%)D2^al>X0R*$Y0x}Dno}q7)wp4%_V*I22I>S~2I^)ET zD%Vveu-x#(jsRoVv-y1*oHgmHlR2B2`B}R$H&F-U1W{cO+xHgfj{O))D=_!DEil2b zG(U8|I4mN59LUaG3ng{pwguc{OPF45eEa`;BWmoedj`r?Id&t z&i}!F9Usx`04D6!W2Bnxbm&3*nTL~XT|sko-+^EagRFE|?rA&%02QPdQ4T-OS-dx# zQK3NBR5ny3{9kdb$8e3JH3~dxpEM=`5T$ec z0bd*PVR&3WDvNRDb*=@q%*q~?r1BdLgFT~Wc{va#pky{Gnn~7Lbhd{C$PEF<6L(vW z{l9%!Exp&$rc|I3{bF8uqFP+TY;*DZ(#)NzGNUdg@P{wL<5kLko3JuiCNQ~rGRV9v?6KwjuGwdLrxa=mAYGC5mEs-H8JiecFlz7Btv4gd zGvya{0sOLg^JFQ`EKpzSfy@E$Ki~hB#{zte2G`+4~~8*N^Y< zPBFZ7N;S5p61RZIcpgG+D=s$^`9QU)4tyDpu~ZyB!GM&BfX|BCv)Xq5*P9ynfeJXG zeC%Xb7e}2Sh2sVM+vcC;$kNjIUvK}&Z@?7fCp%%J4EzfII|6vm#K-s&XbCf+Dqp>< z-?m}XRt&$z#$!2#-ax%jvK@$#ZAaEq_*EWx^5F7O7#5#_e?J} z1Yt?aN$Dz^+fziNHOBV=63-qPTm;aL`$Q`LSDXb}0U?9_4hGc4H(Os;kHWIYvE4s! z>PLF}UvdA4Wd#&a+s?9k!q~QE)H+)?c$TS(E^6g8nKsiF9$MiMggCVqQcpMs9h+lQ zDHA25Rhl7&ibD0sZ;we&{XTdV&_?8K_O53qKq3cLTeFpMtH12F=3Cv|QqHgH0224w zkDDa(r?-g67nP!=U+d*cy1));&$}r15Wk|3J!Ii@fo0>VYI0K*1tX$UvkhHfJ)H%2 z#5pk3jDPEW)BVt;RPJz7#3YH>O#F81_F2QcihFS)7Kihg1u?G00LEgkw$@c(Ob>4D z2#`ysaqxWryS0*C3p>7XJ6iyMz?( zibFei8m-5!Xx#X(H=AEd^S!G@H8~V;n)CZfl`it%I{tX``2POa+dtxX0R^=9J5Ny? zhN*N*W!3_4GRlM$x^^9`80*das#oy)hCY?iQ4>*P=Ar8An->;+58mSpj{dt>HI%HW zkq0F_na6W7d@vd5`qMG%WB_dyC9TEpUO|n^lNkYbGm9+=Pd#t-8HB3sE@6T9_2KLk z>1l3Kb{Q%GQ4~#(5X-YMoCJ$%D8Fm%1Q|{c&trDLs}GKowHknc?5ZU;;~-JmbY^=b_5ZyAh{3#= zS^~Huq1uh~p((atuY7be%^v=UlP#D0EAAih$%g#01(}-tA!~D zVoT{rfkHR34?6>JvxIu0N;@tIbL$0ZW*P=ceEqtzD@}s26v8Ne*;r`1x{_#RdrhVm z9lLw;pKNO5S~aH6Y|9a_Z`CghX?VU;D?GeKh8cXGrh6bh`grU3Q}kI^@)-BCE)}vCJxqE&W&)iNB_S#Vz2;A&CuMqko?9XjY8Y0^aN__ z#)3aHgQ$4=UvK}2bQ9zUeyo8-(3@zAJOyeXXM(LyqWqvI%az>kdXr}Wj8iOjP37sV z(jE^JokLQsL5=&Ovs{Dqj&9GAPG7~Ew)&H{c5kP1Cn&0<`|P5zCO>`(Nwvw(50u;8 zZ?hHlio3(U@x`>M@#JF;i!O6Taj@ICWHkunpeImt1+0bmnMvxbqd@){8Y5F-S%l7B z?-y6TvwCJZ2u<6tuUxGFP$>=W6CYe0Q)nsa=IYX4sPYLv8wC(nTa^>+zz}9!)Mvba z7b!M4ZZRVE+hYZ2ywLSp$8Xzq?b8J)ew205Jb6WV;<$icv9m-<8`$!z*|B;a(s6(( zHN;{n;+pmG>meZU24(%%TZ%<%Q}uR%b>03h!x^9hTi1>D-sz7xn~t-;;?Djrah-zv z(v7m7UHX`&?XK_YF#2gvY39C|aYc~nMd_tH0-6D-6lqmw5USiRYMgMGQVgofFRD!Q zg#;loKK~8iJk8wH5U8SHQq9Rlo1Tb#V_0=37e&bNpo(dct04C zwEW=86kK)|WqO!t#cIUL+09GS&D*us!W7J&`Wf0r@?UR{zCLz-h-3(XXCvlcR-+~2 za@SdZyuHK?0>J>Fk^Uin1ISNSB$Apd&L-4DM~aYEc1UnlY}We$o6ofsJ}aJHzcmmC z#$fCY-#Z{cxgB>;?4#ds;l|z_-E9Lc9)Wja2^FeKd>;!$w=be#3kK0y23ik!i-%-N z(-HSAX;?ypH0CL-u|D1=U&!u{&qLvB6cVo^08YnaAnXsZD#Iqba`YD)CVL11H%?_x zG8Yn@1Dw7b6`ZU*+g3l8^WP$cRww{3KM54t<0i~czdyyFdKU7{)P0L>B^^jngAPUe~o zKn^izc&*!qdIp;aP4oCw)&K7K!TjCx`~JHvT(# z9XZHh-7`jkt);I&miu|AIC4gsU0u?_eZVv>nRV9UL<8C3m%d_I3)etilqtbScp1>F#%e0=XYBvvd8=xc`nG+3)kxnVnKAekW0PupRO3R7HsB_J8Yd4q7q zQv2tkN>TrG?4-YTxsE{evY89$GB`gxu{<7482_b+vj~p#cAptgfv^!H(C5>uV#t6& zCDLT;una=NChjh?#i~gx;nKf_0l(M6y!QB5^>wN|g1GG*SM6h-dhYcB2)``U3tgI` zd2rA|!op8;K^3;oV{8R7XJJkrXqc(vC96ZA|HY^p{u)Rx#d~nM^1HP4sftyyNXY)R z92sqfnwS4KSjZyECZqEirgRb-vyaO63aTN^v>Fnq${*T!QuPm>@*{Vf0gtBoybIX( zbW!6gMBl#|o%)w^U`3Z=0LG??DEH?sk1xuluTqKCehAPlWYT0*4kv0b!E~}e=+4iM z(PmRAhskVSlp82s%$^N|12_D?&*73azS<;OdJtUK$F)@c5!aFfSgk*4FZ1vIeQ^Is z%{=UvEe$poA~)XZph??g?aH)IS|#5i3lTejOjvv`It94;!!oS|mn&x6ET$48`l$-* zjDABVECRYP6QV=+T7Kaj4Sql8kV;M;*y)Q{x@sY>&qq6(^2NFKEFjy{t2~X@`HFB>Or@Br z+C7xBrLYy8gD`0nltJ7XChP#_XZ91T)T?u8o2(r{&ucVTLHqB)?&{6r87-s(zTY#tb0{4$&_s|$revIAr^V%D`7BOwCs0YVcxH1L_6O9%L3-1}UW z{V8_=+WvSyusu+AzH@&jL!D98v-NmYuiXUxD&xo>R|&0dgP-H$`S z;LeCz0}=q!>U6`_$usW4AnBt~=U5qzKiWPz_2PGAQW3)BF9y5t?F2HB(i)74^b%HR zw3hM7i0FtCOzn+`Y{6M!oG9XPomNlM4(ysyX(B@xfUO54V_Yvo+aUhf&ad$MKaFUC zE1>*sWE`1`rD;LuO4QOH@u=aW3inhg?3{X3z%1DRe+e z{;yZ-Jt<93tt4%usuijwP9G2^WpKk~N>y*%fhiM^X5#u9@}60I+1>2d&D%>MC& zgto9*sk*{x7%5M4BZ1E95UAf8YfV+t)l!{fn5O=@i9Ta?|75WFFG*<$mbA~)lxLw#+_C#^@slKS=Zy2PY2h%=s!C-ER=}mnrULs=i`I8C89sLF2&S2;@y)JX zhUYLx*qooHtMpz41y*b-f5tx~_Uc4echZCV6M)F~5zwGu;|?S?Oio_A6HX!>(fQzo z1k7}q(%?*O*Zr$~CU#T{>}#VyFyw))u~gb{^R?EPaNU|8D%XJ|M0}m$yUANxp<>Z=x?3omdkW8(F;~2 zl^HPgp}^avVu?(|<^|Q`**tUD^~)yC(7H{A2uZr;SL`I1hnL`1a>;-z1Aj=X{y5b~ zI83vLpoDKX?sbh78Uz4Jh{uGcuwuWIo}E@LEy9)B9f#TDJ5|>YrDLQg;|@ji---gY z#h%KNP?YIEDie}^xBTxPy8pW!3SyI|SlX5LloR7v;h}Ywe3MB1>(BV#pSS$CoPVV8 z6!FW(OOy*<@!M-Q06q2Z&Z?sv02SCxo;Ne{cq2{3}(y&!|iPV`FK^e6!)K z6wR8mlJJR1wz`+cxT4NY{Md?hB$Q`*PKQ@#77*-;+Va+tQOq5dL)@z#q-h4@BWg%i`{)=$%F$mu+?57!JJa76B6SW*ep?sSAZ{d}GI~M7cAYt6uzditt z-gz%dsv$4WJ@qK})~1?jBei;Z7PSD8Ws#@8c`0o;5k$ z3_k^P(aC;G;P%Y~!|CtPSe#pRx6K0HND1j%iQz{zeTsYX^}}dpOzAbcP}XXLgCy9B z6+~Y)mIJo*gVy$uZKw5E^-NI)t7Jr&88VxTFJWXwL)XPMr3*`Vf8rBoo{WPnPFAV` z|E_1DO@2=?BDqiwzybz(A3i9&^(2CE@=iM1Kt83=v6JF6dy);9A_qO-u5$#0v#B$A z-`?roGK)`}z(%yO7^PJCdGA_54NN`PILx~pjd(MjOX>B0m>$X&u550ya&AM8jXrDJ5UC?*GuzU4!%KaikQ8eR9E;>P1-BHiAI`$`2*{;v#PFq7&wgheb zZ#gW>^C)eqEC2>ntP%0GhY?fg#gVi>=~M_v|4ru~Ns&MT>MpOJxF`23!d#XVFE?x% zicGVkLaTf@d4KoD;&US=|J+)@g*ggCL@g;@zheo5NzaMvU1{Fd^9V%s zvbLY~CD^F>4OZmn47d6CEZ2+3c0is{0mv~Kg8rd?J-z$QYHIH|dzDB%NXhYGDc?BK5@+ixi;6O#ycJBanHL=DYYzxG$xoBFW{8#ZTYH) z1DxQdSqxFX-)D4J=tJ=-+*(#jM%O;es6ftXAT0qsI?LbPe46v7K)-Va;=fUs76AgX zl@h29BFE%C%Jv+uVf~NCRZSFgfBsWj{qddmNjOSZU7ndlF=UVjl^OU-OOXr`36i~ZY zF11XlMPt%@8=*l1vu94ZyOXKm4Fh1wS&L8|LJ`NJRL-E@bn>)!uX@a@lW1?|49WRw zh%F#AG;55fb0i+nXA0bNCC3`qvYcV^GV_%Du5SeD3peC>nexOUkcP7tOwm*q0EL2c zfZZC>+tP@3QLa4;%~j-$qQELw=ias8*xCKFK_7e8sN2|axqV%9{+d3~XasP_@Ntyo z45G>o-70et?0{wwjsC{(et%YerQPzADEw1ElC0U`eEz@bNS2nkTyj;lZQr9=!Z5kD z+0?iC{n;>j*opmH&Oai_fcPaf=AtQ$&Ugw9Tz{)nm2ZF4B9Q?#<|#N0YGq*lwGTOu z1~A0_t%-l-<$|<60 zpgIk@ELkA#@yuYj8Y@Sple)+~mdVS+Cm`|Z-NRKOE={We8DmzBQcjDZt*zg8{S`dP zYVQp-{6~odc_4AmpFd`>ln3^^w#`~LST9f~6}THnb_eGg#3Z5>erSKwb?=}#T*E}s zk*1%v|1c=st%ta{7JyAs5pM}wfV|}1NvC@;q|3z^UM)eYF{@`aJ;E+DiELLdkOfp1 zPXe0HP4Qz?kr_2NbI=-4RVZg}QHO2hucmU3kyKCnr0+lh`mdyIeQb!aJjkG;R(Ob3 zlJ3pB&T3JiHpLc$Bl&Lfk&7lky@B++6qEz-;qLd3P9q!_pej*}n6KXwN&`z{B?Ko8 zLf*v3M>Dy)my{2a(OsVI2Cw<~N(A5 zuLj>O4;QUShKg;YZ?Ry-qrz`*VaO%Am18=@MNv>+ZnU&QB%GDV?liKx*J<}NJJUd@ z$f4*K#-T23!S{P6Orb;nTaGL*f6gX-qA8`F@+tg>&cS>FK;h%hpp%u%_&1&ZMG7B^ zS%~j2CHjzy$2U>@SP$8ihqp?6^tppxx{ZV7KR`bc=X$mQOFzYy>*IwkMai~{=IAop z(FM}ZALEoD*s;wS>dkb8&>v&z=L~|Y+kh-Ej#MP)@l5c*p8Cct$%?RIEzkP-U(0nmI0F$}je%x`90=ZYAfRf!OV@)c(EJ3OtFKb4b07p#h52qTeZ z^r=*i#3A~bzS|9ueN;fx#re`cKzSf5teC@-EqCFl6F!&}u=BWo6bbyqIWTq)g=%x{ zsz8sf#e9_81-7g%DswK0x1%`2A!}bO_*w@f2v5t&yLXlJ^95~rjO|B;N@XBfS>o}m zl~?Gu3pdlDA43W{Qt}`u;KWDcRB+*i-dJTia0NyFIDkE2M6`@3>j2)^QQMr>X);?~ z(tXSTI^a(a$*9Xb<4-+C;wF`G*b!*Td$S>JoD)pUvgJA4e!5)$SW*0JJcpz6AZ-Wu zoH$@Y;X4!Univ_JA4aZs zN5@5BUC(fyx@>UMje&iHL}`ZMY*EdM76`4|w&wTReEe{Ek=afXCN}a^LNe6M%D_)F z@qsIZ0uxlD-Hu7|p(hODwr3mia5x5(^wpqHxaQ_+Sg%^uy`OTfgaC7Gk&v0z+stPD zH=UddNz0#W#CHWauhdfnczKt#erJEmDW*63Th2ei@c!rInot)>U}E;~Fx|tEtw1{R zGH9~isE_+t>@6)(=$>AD!13asN=)hE4(FOlJ%HCey?ek8_*C~^{=H4fATw;ib zUjVwHlrQ*}j#pU5R%_6~#(Yd18I0ns^TtQI4=v`p;>pc0;RRln?&}DnC=(`EDs{6% zMuZG=+lJa^Y9=6^Lz4I36GH-9P}{WR2y;czF=$?uTJ^7|EO?3`ki^>c7Q2HD1Hfg) z0attM*!6AjD$Oh&J(<%p=qEMhBNV17%YZyzPo7c%+49AgdTs|>CmvMYOty~nd%4yP z;=9qswd808?ZumvScTgv|K`AgoMES+-;0VL!Z&=GPJ<&fguanY9xD7sO85xydK`YU zSDpMtm#>rEPBBnN%WRGARnlrW%D5o*i!40NvqZqIbzK)~AT$1mt)qHJYge%T0Kj0t zSuE0Hd)T8|ty_3XQ%6%A1Io9M*#WMdXyl8Jn2rm*y`|lIXyby~&#HCnw63ol(8Jy3 zwIv7=K@x{*eJ~twz4FO^KXy)_n0`K8QmmnM$?#Fx|CUn#$uU?zZz)$(C5l@^g7#SR z@YDQHId@aWf64(M{X=O=h;QKg-mz)A{p3lerh3l%Knesl!Q*9?-=ZHYEY%J1Zy+u< zC$z`*Qsg)a8qX zV#B9zk3-kiR?>X69;&wH_n5cGR=A$xlG%HC0*WOzNcSO~VPps@a7B9ygn-M-)d@`x z^3iHWdE*IB_#NFDk>2troO);*>*MI8>DJFB2zUnryv^9JeadFD5j{D@W9hY0H%U{)Ow5LmEnhE}fAi zV@RA91WU`mH!Zj1qkG5KBGwv4_z@U8ICl$hPAF&Jfl47!L}afcHF8F-CSc&iKOmy& zB_HeCm=q6&9_ct~Qiyu|7?{^X8cR|t0Fas*_N1I$uMZ7nftlPjU-=hbM z({fYs4=1DZ98=x|>c=fxrNAbJ;|6owT(-EuLMddd)?R1Yrrv}(%DNqwa#s07uU_Jg zCx*EwXYaDWxY%Z+E1#C|j3Y;WY^rh|(LK0^>IMAj%MZ4nD8mptYcNE1iJx-n0P^C_ zlRG_q9I%t&iATI(vVI5=eVqPCN<~ZLFXT#(fzY` z!|IQ)d}3|c>HPX@%A!I23g;yU5xc)JgeJ6;N~ZdF*!)d9AU>kc!BbD@xygbcIv{-I z{GpHvz`9#s%`GVw%bntS>(oeVx^QDqb$T=WW@~dqlv#Zf<&kMsv+TEid$HPmA#g&5 z6g=v)_&hD%PomldvlS2yBr>2YfdyqhEkFm)ufzeWNWo>Hv5%arTG$@8EdV6}qM(4d zV%_NqCCWodn)>2-lQFn=w0jNkmAihrgWc22;@RCKyh zZov&4$ap`OXuQd3R=@hWu{N9*2kvOuRUSfO*`QwHYr!a5>r7@TzpA zDSuVifCJWcw8ceV{3~L>*Ziu-oe&Rx_G(^-4W_AMPE{_;>IHy zu)=087xqkWgKM_IV@MimX8wL=Le-Pc)R(RIR?r0FvT39*PR5UCD;7&G8QyfF^ou8qgzoe8Xf4PvfP1{E3#X;aR zG?jCgx8H&`0HZ93+#a>Oj<8jnw);G3Z+g(cq$TFkG{~yq{q{G|q+z}($0&B?f6FNi zMVDu}nBc@yUumlpGenz@jSl-$&PV$HoKXKqtRw-5pA2j?RN^AQFc2qWKx4w&QB&4G zhDAVySp9&;-~7mEIBbqVg2mI~B6{u^MKF`lwO$+_uiSrwAJL6d91%km4c<}l5y%U5 zJHnT+N@cH0p&ogqlG?8WofAWziynYBlv~Yr03q0@jRdGKxi1Hpt zF^Zf_M3JYUCj<&L%W|!!!@%^JfbWXTzn(@rgzJbHy`_>XonUbM)gyMx%LsFiO8(7_rTipnNMZ$OH4KdJJZ zzE2wR(^FBgUWqWBZ3S7pW5mQ4j?6a0dPx2PKDzB@bzl&UVFXC=!ls&XhUV8?x7~6@ z2_|gJM3ZZbW6de(xB^6)Ji8o2m)w|7WiBqQUCn$yZ{K5If7etsjnuD(ueAVG5BCoM zqDFo_2=dXG_X!U6?7?iR818-NAky|Dx=mex`}xig^SJgS6LsFs43%gy9pCO-jEjL@#LWM1W#O$uC>4;w@sm35cF%KfHQFOzDlTqx2-68hO$MMVNp}<3Jo^jt9rbNVp89+u948pG4MA zwd>cG(5blbwO20@G9{pJip-rU@K{Zc7HaLAaW}_y^bx4%*BAbx6nIYK8e)27XwGk( z{2gq7*5Qb~8l8uei^cK-OQX;h;wTqM`z?s+%0R2+MUfhTqUMMtK0C3Ts$;%%Kb;7 zDmU;=SnBUc8%$j@lX}6Iw&1dl*Uo*jK*NAC?RXa`>1wL)DIrRF%CGyN{wrz@S&pIb za1`6Db@s}n#p{Sg@jM`+Q|;7xT3lVP7$-(`I==mS(9(&LyT%xnZrK^PfTqV7f#iG>J2`_1|JGgvz}NSGK!$wXVJ%A2vNpNpeNU8`76zFZx>-HB__ru&tg zgyo`VN*QfIbmAcHJx4+fiP6sDTkcO&&*BP<06`;7a?RG1mSd)KFhfNToI+b9&Tz`a zW2obLT&5=eP&8ZGNEQq3Q8lP5b15wp>H216X@olHmoWuLW~j$loBJL(s7et4Y* zKIUb(-OA+vvKnN3Dz1~%N?`aOvpwKHwZu!N|+7$wL>8L7Wy2!!wAqq$B zNW8~c!(?T#-l^k&5?K{X1Y2Njj)tY{=4gEkel4R;Hq@D&HXw6iX##qB)-*-YG$G>S zO~u-TM35L@04Q;Ty+$R0^~{ZB$~3)@bz#gVNnGa;Y#x}4DsXkG**F3QgIeM;Ts0*_ zIx+jmDXL@nnGeEr09!kwwf5xR?Nn0ML#G_JbKIN&lEUZMR-kcrkxn}LraT2YsJUb* zqE~QbU&(nYYAok*(9m!DLlicN94li?806H&bNSExHd((cvpUcD*&?LjK&m z`%@0!|E6;zSDf8s>SHfM5QR^AOMBPp)*k*homl0+>HH&07l@xU7qh0sRLC1fyU920 zuEI3xm&bW3bu>k~)fy6Z&i1jrF}bFZ-7WrvL25y>8}OQbl2AKr<^?GT!`aXyfGih-h0d;l0I6)-=OV7nba*Tn2@MI?yQM%^_Rag3Og;dv3?`jr};iGGp-}gR}C@G?&O!@Jvl%UruEtaxZ zK5OE?p84I)PLWm_(j~k~r~_trG367T?*RFkQdU=xoB)9pPwDT@o3l&@g0T=9z1~oR zrqoNILYtayEN)5lpnk;&R5*R~~*~&_CsDJFEQv8+re@|?8 zzSmXD7aYjgPa={mcm-{-QNgwx{OgIUOR}SR70)T;vD3pn#V1WCcxBf-C`ey`i0#9J zL4()q9!9t^v^d)aXgXP1N8Wx`O+j6H9*e6iz)|!9-!Fi(35`(^74NaLBuhac9?MU< zP6Q;rk|8qNMzkpA{p7?Ve}#_kLbr(bEp7XtOM1T~xu$ez%OCIrg+i2;@{p7-Mzvy@ zZX(hN?ZSf{;z|_(fAf5vu#;%IKX0@*GT91!ynL$GkQQmbRJK?}sQ0TqeLYZoQ730> zsuKt4bu5mE(Bo!b@$AhKMh)94VWV1-;G8x=ykkgRUTW1 z4Kh$fkj!OcpB&&u%KOG3I=4w!<4G0FLg@jL9ixW5N4piz{gwF5qe$L(D7H}cbKLm* z#OX38zIo{nF(aEzrW#}$tMZTKHCb3!x{5LvEVlwh7e1%3Ewb(hkzcy zCCZ9|oGbsHz63ZhhbneFXAZJe^IDlzIEcWXNecvs8XN$knWZZQf(r@`jWPiW1PKcb z1qliQ41o>>0u2KTh5-T!3_<`5g84toW|W7gMh05oqf#owPl0K*44$HPCVO#mp(8-VA)*0+}Ht^W8M5wuQJ$i)5Sd>94up6 z8j)yHwKcRZA#kN#UZVr~`lB&rl*j@Mm|;;oi+T*TDQk(Wu`be%wmQZj5tOqv~{@~$cW!1;k~b&S@% zKDvsL`ZpIwjBKF*MmdZX(}ffa)gR_8fb>1IDDMl5_|mvI@*IA?M-RwXk~&|+ngucx zaQU1p)kfx8Wj zf1oSw1_#kW`wsed0{cg39gu)B$$y33x)kPvlvQ_Y1Gqt}Y*i|7M)Q+!5b)0xkhL1k zRQixDyv3M1da5^nwlo&vxjVuVB7>l$6$Y^4n-Fj&d4ca;j|hXwlq)S)%QA&+`!9!g zk{PgP^gq8vRBu^>e=qGI{MFo!m8T3+fOUFdD{AIRsnRjnjihK za?eNN3aGi=$DRSQc3_XqOgy2t{n<=2u*PO~3!fx%Fti&#WnTH2vm|QrEO7Ue1Pc~T z*0Gf7>*&&TAg{qlosNY^PG>jvokwZHb&BvC=Z>EhwBfOr!zRuZj_*0sH^GhMKAm8B zD?J?oNqGr0*O5mm`!n#6_}^4=(6_Bik3L+lEA~j9v?{nPUZ2o$M34q4nX3gJ1{I@Y6MZyZbgzwzZwR?i=XBsB z7^fr;qJA4S>Z`NzRn_wwnVU}Bh=SQp@^LP4<{b@obP>IHsBErPGW`77L~RUy(mDm$ z&nY+N8!Ow_U@_JP@R3D$swa~~O`{rOvIBbuKoL3^@JII7+S=6^ZVjr<6N`6P7s~1t^96oe&ZN(MGjnt1 z6RXJO%6JlQG`TG_ZadE`k_4IQx(5;ko|~;t8HdHYX~}@I34E_X$_TW+oheEI@K9Sa zK2khN?5aSy;0R^Lk3*25z!kbS;Z~)gBAO0xCbFp-G8yr?RZf@~F<{_~;wY(70$oEb z^P5BCe7Re;A-$YR9#PL|0jSPT?2tIYYo0m&1@Z(}c&uz{}rISIe=uy+S9*r(UVZ9#ieVBWS@+iH3oBOxCF%Timw05Mf zZHXGJN=9Lf=(oH&zn~Ixbi3UuX7M%ESWy1ovkwJ!DSXIrjFb4XukaTudK4iW&>Ws- zUhY< zgmodipfW=NSwK z!|id_>g=i;y+mjA7OdXuYGJW@e+1F{vqXZZQKR<~H9UHBtC#3ObRp5bq7(K_?mKtx z-23@{JpYep&Ya(W&YAgtMBafeYS%~@kntgJj{x2%YR*eJ&NRL~CP+W^P1fehGot8Q z9C-6&$HIFH@{|!ZnhTZ`5k+!&Wxebf5&s73gIeZ(yILg{qttNO!rk}B>aIr<*0C@M zsS`rvCeqe^3G>6>p~dEaOYsWwGR=ZD*jz}(*ZyInTtZ+AXR$al6iv6c)~OhPJPy=) z!R~-c|Je^WBtOC8$INxkzZgeQeduy~Z1S0fK0-QZoASWroN~;S2E9p^e=kq*sNI>= zPZ5K?PPk&%XS?&sq99qSG<{>F&CJ8w!x;eq`1Q7H4wQ`?IjQ-5`HrLQ^S)XJnk}Z5 zf$ae|?Eq5XAJ$`&VU@H{Q5{%mgxelgH|7GL{s{pw19JcN1IoXfhbUHsF=A^w2C=x< z`moqJI(o49_`P)W_HlG@bYQUyVi5`yS5#J0RaBN>;Wpx75&SKP{w^h-sVK2XRn2oGnXTK%a5yjgm?o_)blgg5_h^gJJt5>NcYi7yzUH&3H!5{qTGgx zq}6tYUzpunfp`t1l;43(e`;H^Y)a6aYq?5NjGB3!3F7M~lL1AirBnqhjNzcaNsGdY=lVrK zW9a9HCw^hqf?C(2+{$t&!YWPMkZ5MZWnQDn559z@7+pF3>|9-T3L+vZRF50Qnt^xz2y|J0jPtqvrJWMhx9v>oOhlH=**(J<+J`tU=l zd94bMM2vi~+{rUxJGUMxTK&UAVnYgXjWnDj1RCRZT-$;(6ZIH2_tSR2P0ZoOVEtaxmVNRFQ z2t}+BEBWoL%35cCVj6+N#c{%cwP$q=nD8r|;E9PwM(!W%QK0W>VN>P`$yq2FN{yGG zgWaXi{K~;9Vv9Bzc9K$(4q4%^pk^4LQH%_Jlzh9NQmS&J+oy^)F;S#tRN*{6=d(|| zsPr)tEjdWq;rmbuaTEPZ<=ZGunzIg@xQN%bBI{ADSI?pQ-gQLmD~iMSorIa65n7iQ zVDL?2H-RbM|Cuti|F8Cr(V`~eDCq*?;pC&b$%e@@Y4bY5c&eL09SU~ z`fDvuu$Fsv{Ax7-%Bfng+P_R5Qh?Wm+?M!5jG=O>7J; zY6{}DoU9+W&>y0T*RocC0+KRdge@YKvZbgQpRViI4~;&V{KBzqyuoYcqz%`ITrt{& zLe-73vgDVwT^i|HNa7h=zt_H#xx5OH?H$1?fQu4RXyp7EjC6dcb zj*XZ^*N4pMMU>jpZxcjPM!my@e2(sAo&U$xvkJoJheE-!Om9OzOgYfn_4%*6Gi|f3B`CA3?wq@z&v@8o6%hL!L_y2%J=bLiosrv>SMukUKIZo$r-@EpFvb5O z9#fB|loIBcMM*@bj1l#mOZ%{TIL2r|JirVD% z0;9Q$Xy``)E1urM@L{Xz*7m`~7zQ41fhfxg4-r?VBJi#fg0ojY1uln)J z2&v+xcVzlC%}mK|bxbiV-3-g7&wobDec6QNP!g}`bt^1IJ`IiukDC(Ikk$cRd34={ z9*bvZFJ-P(z;4l3yr_Y}ig?)wE*qB(X+Gc3xDaYLnL0XgB1Un+21>-V`YMeTw>b9Y zD_ncSj zAv)6UJZfA2)(!SZn6DEHh}G-SPqN=hk?WlGVB#>2RbK{@I-{Nhf3r8X5`pHyZ%*u~{@?m)Ybwj#P+X9D>_RL(*w{*+ zTS>O;M}+F^+Cb+_Xy8wqNRS)yJP)VA8KEk+%grc08Rr>%Yi6N`IoIS{63mix@O4NX zfNw1?C{TOXaPu*#g9+aj%J7}c*WY(iS74E2V`0AqssL$z^9}rmZv`y?dH^mV0ECwc zBd0a7&)_8bdv|Ra0$-JhnZu}FHR*fR z`!`FsV%l~&R(v*h*~99hSY5DI0iD0Yb>gLj%2j-H?QQSi{hHgnUb{bb;mNf%z5RPk zofU^!F)#$?6tA61;;iFJGOY2DCKrXMXUf2o=~LB{ZF@Xy8O%4~l-kOyP2*9?e#`Zv z5SK0Aj(5|~RD~MCsu-(?mGO*EnfXod2srRMY20p6E<2Yee zupck!@bC+}#}1%AsKpr$kIQ)H#5sG-uCx>FP$kJ*Qsh&@B8%h`Iw|{|lEHuLlK+@b znOHw)x7kV79kD!#)?Bx1Y!A_kc3fRV?~!WO7XB->M?}P@t`#FZF~!Z6KuJeB{A(nq zf;Y66p%pRlIEJboLukuRN(rr}Lw>f7>|8`rR;~m*g-XbuxwyM!5W5dp zi@tEzkXqKTW`pkY3SzMQ7*~-`6l%RJ-=wfGQHHJ$26|C8U<*85tZgO8nRycZ;Aqst zqA=QimfS~m%XF$FV>2Bd8|n$PxE+R&Tu*J6GF;K7R+{>&YhInzgrU|O+HS@7OV-nS z@D^zju^AZJ2=$8&JoJAyfgf2$H_K(iAL)Iiu7B8>90k~ET(aJu-L7oZ`%vT5>9nLJJlgakp{mF{ipFU zNY24&dbp&aA4`#NaRl{hP5j6X;4Cc-&Xx{&S3g0{C+wR)Ds$(0KGKDXUWOmdKP8s@ zwMp`@#ZE-C&}%XBQR~p+`$S)kcF9ivR1SoWP&>f7D}K&88F%KM)QvFQBT|g!{T|LK zTR9|^NPCM50=OV!Au(CdV(6jTZuribw-$?`?O%GEWz)?@O?G@L>l0!!>E%9nz zujNI4g419^H{Wfq3Jw)Ahe*CTE4rIwYJ53wHZ2+d>;^ZYrkXn7_Rdq!#pwL&E@kjS z5$h?a$n!(eURh6s-w28Tfky#c%5mY|oTRKEU&<8$D}|ZpZdGupps0mC$qTA0(~?pE zZzyWU9%Q7i0VtP$*_L0|-Z59|OMdv0SXWE-V{ z(KcuPHkpGf2gFO_eSehnu3_j4fyb{XF;N=7YoUS&!5J--^SW2Z62@linp>E*!*I{K zgi#V{b6V7(DU+QQLaxI5AD$FS{N~9hn=6H(y+CTEehr3UXIB33gd_9DA|UekiT*^f z(tH$elxZ-xeJh)`Z;p<-a$3T@?|q^~Gp02%gO$lo-lxl#&%cze0wWfu z-e-&=hx8O3f3FK+M-<_k-{zAU8nBJdO8WQD1n0526qCIUEh9mo<3qnc>HHOKc|o7D zXk(*j4|8_2=3)`h9FAhUSv6=@+Ps-Gn}hchK+Nzm2OG^faPw=ph+rQ)(jf7T(Z{91yPKckSN_sX*|b~q z%09w-JtT!uUZ#zo)9phK9fd}P-AHDxdb@IYwQB-kTi9U2=QW@57DVVY`lR*jSu1M3 z)!Rz$9!Ox6m`tM(6I8DY!?vLu;R%L<05?oye5~&*e*dbFuUvUrE3#PgNE|Y~SH4!T zxtm!TRZe}OGUyS=J+F)%mP$ex9)=C6%&qV8;6k!~OcbToU{*H4HA)}qE!HNexRm9I zpHq#LLe#>DoL|_3Ib=n~(f{EIfa8C7QYZnSC;2a){I4S^^dtCzVj0VWe7mp4U1(g> zzK`>2BQlRf`D+A(gI?+uEpcFdtl)$y_94jOq;&VWE?7s?AsnnYYmwz6lj z)6uC{R;3{RpdO)fO^MeezU-bI+`uC?&f#V+*4g3jIc#QJExj~5U#8{fcUe*QXFA5B zNEnscNjLq3tIqg~qr{cf^@cYrTdl^1X{fivuCcZ50){QDLf;k61`H&LqPd zOvHuT#n5ZwwaT~SSD@RIQprU4z2Qj(teR)SxOc{DYR2^-n}YiK zSGQkm^1_UHo-8IXT$9g9$mglDM$%$fxC#Z2X=2r-cRWst2= zpPk+xtnsE}7ZlLUJSpZIr&j2;yUQWwZk+F1eH*v$wLiVb%(cWJXj%>JpjU)VBx9vt nXheRBZu3_6mY^!C;$_NkvH061e@X#+9!w{WQ)G4DJL~;#r}zCB delta 23 fcmX?mgK>%RhBlVXFWfCyHrM!tvu)N7@8<#le~}4- diff --git a/openvpn.spec b/openvpn.spec index b49fa4e..7132c70 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,12 +6,12 @@ %bcond_without tests_long Name: openvpn -Version: 2.4.6 -Release: 4%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.4.7 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ -Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz -Source1: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz.asc +Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz +Source1: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz.asc Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf # Upstream signing key @@ -183,6 +183,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Wed Feb 20 2019 David Sommerseth - 2.4.7-1 +- Updating to upstream OpenVPN 2.4.7 + * Fri Feb 01 2019 Fedora Release Engineering - 2.4.6-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild From a44be331d819d70411993eab0cbd02d42bd10236 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 20 Feb 2019 16:17:21 +0100 Subject: [PATCH 137/168] Updated sources Forgot to add this previous commit Signed-off-by: David Sommerseth --- sources | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sources b/sources index b0dfe1b..0459ec9 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.4.6.tar.xz) = da4301a4655a5bc224de59ba74fe15005ea856cc43b404aa32caa7065f49adc69f4747ba646f228554d5b6629323f434ee0e04ee71d2103964b9bab23d185ebe -SHA512 (openvpn-2.4.6.tar.xz.asc) = cec75ebb17e5bf481135bf8f1bc2cf0bf841428d119d5f445136b67edfc7eaf23bd94ca781431194ddd961841d93c95bbbee77a2a1a81499605f2ce53e175a1f +SHA512 (openvpn-2.4.7.tar.xz) = 5398084ad0002b3ed34871375888a1ec5d4d0f0dbc7c979ab12fc16b00559613c0654f1760e84bea77d4fe7284bce25e2e9d3d309fe85ffd1060ced10978ff95 +SHA512 (openvpn-2.4.7.tar.xz.asc) = 4d2097291b46bd521f8a8bfcd3bf94fb334cccb13ee1391b434004068a4754d7e55afff99562487b296c02a24d18c495b69854c9e7d4042e04ba0a079c34cc4c From a01f0fd1bb64d9b7a60a6de3b906b1df1b99441b Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 25 Jul 2019 23:39:07 +0000 Subject: [PATCH 138/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 7132c70..08b9b49 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,7 +7,7 @@ Name: openvpn Version: 2.4.7 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -183,6 +183,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Thu Jul 25 2019 Fedora Release Engineering - 2.4.7-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Wed Feb 20 2019 David Sommerseth - 2.4.7-1 - Updating to upstream OpenVPN 2.4.7 From 77fe21e2ae952cbbb8af7a974ae400587f7ff721 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20Bene=C5=A1?= Date: Mon, 9 Sep 2019 15:15:20 +0200 Subject: [PATCH 139/168] tests: add Fedora CI tests definition file Add very basic server based integration tests: * basic connect with 2 minutes stability check * ipv4/ipv6 * terminating openvpn service * mtu Using these tests from NM repo: * openvpn_ipv4 * openvpn_ipv6 * openvpn_set_mtu * openvpn_delete_active_connection * openvpn_persist NM repo: https://gitlab.freedesktop.org/NetworkManager/NetworkManager-ci/blob/master/nmcli/features/openvpn.feature --- tests/tests.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 tests/tests.yml diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..f36be1c --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,14 @@ +# Tests for openvpn using NM's tests +- hosts: localhost + roles: + - role: standard-test-basic + tags: + - classic + repositories: + - repo: "https://gitlab.freedesktop.org/NetworkManager/NetworkManager-ci" + dest: "NetworkManager-ci" + tests: + - sanity-tests: + dir: NetworkManager-ci + run: run/osci/run-tests openvpn + From 8899cb7ced0f2a0f6c97fd158c554dddf358b907 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Fri, 1 Nov 2019 12:55:02 +0100 Subject: [PATCH 140/168] Update to latest upstream OpenVPN 2.4.8 Signed-off-by: David Sommerseth --- .gitignore | 2 ++ openvpn.spec | 7 +++++-- sources | 2 ++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index e7a97cd..5f9ab14 100644 --- a/.gitignore +++ b/.gitignore @@ -58,3 +58,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.4.6.tar.xz.asc /openvpn-2.4.7.tar.xz /openvpn-2.4.7.tar.xz.asc +/openvpn-2.4.8.tar.xz +/openvpn-2.4.8.tar.xz.asc diff --git a/openvpn.spec b/openvpn.spec index 08b9b49..d158bdb 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,8 +6,8 @@ %bcond_without tests_long Name: openvpn -Version: 2.4.7 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.4.8 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -183,6 +183,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Fri Nov 1 2019 David Sommerseth - 2.4.8-1 +- Updating to upstream OpenVPN 2.4.8 + * Thu Jul 25 2019 Fedora Release Engineering - 2.4.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild diff --git a/sources b/sources index 0459ec9..2ae8be0 100644 --- a/sources +++ b/sources @@ -1,2 +1,4 @@ SHA512 (openvpn-2.4.7.tar.xz) = 5398084ad0002b3ed34871375888a1ec5d4d0f0dbc7c979ab12fc16b00559613c0654f1760e84bea77d4fe7284bce25e2e9d3d309fe85ffd1060ced10978ff95 SHA512 (openvpn-2.4.7.tar.xz.asc) = 4d2097291b46bd521f8a8bfcd3bf94fb334cccb13ee1391b434004068a4754d7e55afff99562487b296c02a24d18c495b69854c9e7d4042e04ba0a079c34cc4c +SHA512 (openvpn-2.4.8.tar.xz) = d37a768c7f8683c23ae0d73d7e9947b5a1dac26580b0d7fe72454319acfe40375fbe150e68daee865a78e0269740e4ac5c96cdb8a7f02a1287ea93752ee0be06 +SHA512 (openvpn-2.4.8.tar.xz.asc) = 06c44b699d778dd5891eca806f097c63cd8d1ec8215510ff9be138154fe19e0947fc165862848c67fb1ab62b2ca1f3e4e0b62e0e342c19d1ed1d33d6bbe5f0d1 From 3ac946d388d7f238210f6c311201128263df375b Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 29 Jan 2020 20:28:12 +0000 Subject: [PATCH 141/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index d158bdb..f690756 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,7 +7,7 @@ Name: openvpn Version: 2.4.8 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -183,6 +183,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Wed Jan 29 2020 Fedora Release Engineering - 2.4.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Fri Nov 1 2019 David Sommerseth - 2.4.8-1 - Updating to upstream OpenVPN 2.4.8 From 80a500f5283d9aa35562c77127f120d10c75ec2c Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 12 Feb 2020 21:40:36 +0100 Subject: [PATCH 142/168] Rebuilt to be linked against latest lzo (RHBZ#1802299) Signed-off-by: David Sommerseth --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index f690756..17c6b55 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,7 +7,7 @@ Name: openvpn Version: 2.4.8 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} +Release: 3%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -183,6 +183,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Wed Feb 12 2020 David Sommerseth - 2.4.8-3 +- Rebuilt to be linked against latest lzo (RHBZ#1802299) + * Wed Jan 29 2020 Fedora Release Engineering - 2.4.8-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild From bfb1ec1f130b895396c66cb354d57e58e6de5fbb Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Sun, 19 Apr 2020 00:34:02 +0200 Subject: [PATCH 143/168] Update to latest upstream OpenVPN 2.4.9 - Update to upstream OpenVPN 2.4.9 --- ...54A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg | Bin 27725 -> 43297 bytes openvpn.spec | 7 +++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg index 0bb85fbbbd2c356e6f21e4d2f08e7dde06591970..d5abc3e52f84fd43d3463ec1c3b9260f64d9356f 100644 GIT binary patch delta 15710 zcma)?Q*>Buw60^@c9S-??Z#&bT``=tCKK~?AQs@I%U)JCPkZAx(LLd zM;&_!X*ScS$GLicRc)(Y$v2qXcrVQHg!ZjIRENv?lwWM-p6Q@c2s@t`^IsJc2p8#= zZ|9)`03)PJf?no#Eqi&mo`?%cfeR4!Na!|UmyFgCP}zrLGZ0yYs@H**TedD<+2qdR zM*^%eD$hB}e{+-d`&nhkPHVSJaF?^yuW_2;FU0?cTLg6PUvB>-R^rg_%wBBgpZ&*B z!D-dv*M<25W`JTBw1&~HOa!JIpDzm;}A9{Da@U7jU!+Bq86077&is zaS6;E=23nwmq-7gSX87e109@OY}DW%+e6CH9?0n1oGZ=WqyE zrWIy?7DW*S%9rlC}f5$tGc$Jys;g zij?8zLn8bZE@2ZcTLc#iP2+u_sP3rW0MmTD+9oj8vz|p_Jo{EWq4_6}=w zLdeEE5v4u*d5Ioa5M-^&O^!TXBGgkUQk>unIIt{U_Hgc$Frr_2sZ1+FkfIx=g51r% z*$B(^*EFX!H~>&h@bj;KKxuxEe-2}5K`*#+FOWBaZv$z(4WG7skY~rfh=g3b$2vzk zPCdha@m>?YoZo%A%1TkH%)&GiBPz6?561Uq;NBLCt7Ha{teYj+tk$L(3S~n0L*(lM zt`S!9ctNd#Ry~DjB~FudWvroS(P)V3{|%1T6T4xk)qvoWV_O!8PGIDL49D#sZpDru zf4TjWs3X9D^dQ4;RQ~wHQHa`|I?Fg6X&Rp;RiwwrxevXIi1N1nle)*qUz#(C_fT3&O+a z*sxo;qQ2k7%!aP51E_D29mMBZr%fX3T|eDV#Rbc+M;m>G-6Q%G8phDH4TB2VhAA?2 zSEix7zD8nN!VA->!K>9l^myP4VFglQRmiD*R*z+)fflA>{M-|ot#?4eFsM~gVtfxS z+TK{@=_(!y_J0c;VJLAQwCahCswf>6!jc$2&pQB>`UhOQyV+lG{~1B05`IGdkhcDs zI5JE5g4_ZrAP251NGLmj?yGhGjI5mv0sb^Z@{#WHJAB>Soni=EAYs$+X_~|Y7mdqC zIcT|m|2cH+nw*1QdD#S2|wzuw*8$E6D>FoPiQ z!UwHXp81Ny&J#hvUk@@Ow;`jR`7>*3Bl|rjM6zUe^l*jRN$R$6m~D*$X4|x8h^}7b z8b9;NQfm|K4x(RxI+N_oRsM%g0Bu+^E^RCAy@X_2j(Y2dJt(xNu|Ubyhl!@UHsoB3-jEtGI6BeuQ$jS0vY;=4!iCad&bEusb84UAu8BY2c*oCemycQy(G{lq~C56 zFX3g>x(z94Olf7NGp`X{L_n@O<5SDbk@{PfgnHM?}=>6RnOw`nP*8v{02j4CO^V(kj+0b{6T(JnVrCUo4niD>0JQxfGCoaN;=a z`LYfoY+}3l@rMiDAVp&nK--P742jY?Qp-PnIm-}o|MY@a%1;(NJ?pq+=-*c^i3gXh zsZj)lo{#HQ4u4+))Y+E(k2$$^b$`wIC$Y4I0cpkSxDvNo9YLQD01f-*gh;H4@RRRMjL-CgL z1~Ou9g5Kq;Hip+woYC#5#*dBZ+;<=I>1;Ikz8_z)10#M?u*Z9 zX$Ys;A^vI!58|(@7-+W(j_pAW8fN3%MGx?oDRIg^knvT_TY{_N4uS|%u}!2L?OFQP zKu~ru3wLO$j4&ReqxI#6|Fj*^bgyzv{68@uVGX-kyks{A6I*C7UK%6YI2r$!3ZkU_Y&cCM$lOnvL^f%GCSR+jE|A1A zaDMldCS;jXE*Ml?@*bD(H6N1Yh|geMyDVc6%Wc`EiCo5JDiz8d9M?Roq5{W91cb5& zi+gSE@?B~lRftamA;d)*JssNu@J(}JyP%v`Ks)@tZOhb0X>RjfTXye=nVSwQgcIvR zYG>i2(^>~^1Z{)%enc(GAQgh*18R1Fx)6*C`Af)kz78s$nCY5u^aF7Lw8Eaxfl`hz zY~;2v>Q)dFFRZ2nT)ssjv2vLgjoF-P^l%iz5=R&h2>U9^8DRtzAMHDTCeMl6z0FoT zaOoUEX(y!3Kxe-0cqwS8fm*D6YDcBKTFI zi5CEh$?(P4g}C#coyP~k;g?Bp#1g2Y^qDcH9VV6{^)SvX@3VlXv_@6;vU*Spr1~Hy zOvlP7F6Pv*&}F$-;PEop&fs80GE}P@V8RdUZ3C}&ujI*$2=$h!ON<_O%RS0d(zHpv z{7y64U0My5Rda4?g8@Il)bZP>9hd{1;E0O!CVMhBRea*2PAFtNySYREw>hO^u9U=+ zjmf40r0zv@RN7YfiC2p!!QN#|Ib`4Eztb2Y9X`?1y+ zpDd^l_1qu9#RyY16Ag_((g(I}@-QlcETD&yg+xoNTAqH}L}U&L&fIxMl)4K)std1+ z(3a9x?{U1q%q6cqZWg6xl!BZw94`IrGVC+p=ts;XB_%idU1AnWFV%6zmy2BAfB?#@ zX9^HP5G)t54Nvg>5nB4uNRQxcsvYV<4OO9NH=UV5>3W&ue1J&kK$O&kOT*I+T2%>p|MalF)x(P zPB-y|z|}9BsYdV33d%!D{Z7^Ikg|~UX_)}2iy&A~U0UXtlkbNk_C8ik3iRyUY-`my zKCA%F_?qq5^xK8_{sRvz7+ybaliNAAGLJ?^1v-Y}D1q2k#TDdirwLc)QcGed5}%ksF$#ij}jDb33m*^SQx zEQB>3xzT^>Man}mu(Xnj0IF7eP*NyD(pF?I=pMhBTHa$>X8!_N z5|1S)fCxEWcI98h|9!^zL+;6G*H}xNkfm?P|6q8d>;nP?g0&UQ1cby+91N(&qq@ zG61zz%K59uIDtUtp5sJNp}=Inlbx7-j8pJbvh}tXD)tGEQALHvVoD&62$XgWD0%iG z!hs@co;~AKlxUQRb(F9_TThMGTKY5k*iRwS~o(u;aWN>(lsgnX@&kw zB8oDJ3uvYzcHofCyxReNYi)U$0W!n33{Vmv)t=UP8fSdpuKJ~P4SvI6TTd&E#A<#t zf-b8i_*Cpf&)X{kI+Z7$S7I9L_+(#$u-m-=0Z||EjPMJg#)519T@YyUBi(Np5Oduv z>5IAQ$B=aoQ!r$Mo2V>yxjqb-l!;$M2OrHAaL}#N3W(|Ps@gd9LO3`iNa)3vtH7*z zUfpkqDn`Ry?lLd-pP6-duloW%pkZfE-)Y1d(nII8%eWmL2yWmaz6TjGJ&l9+C&+e3nBXD*`rHRqp%I{^AaU21Xw*h*ve zgNbit0ZKbAd+V~o-l0L?KZ0uO5kaFqiOCb%z$t&;RK6#|Bbq@A_pG&Pd^3(*h{_Db zRx#6C{&E$3+EbEZ!Q7N&F|Kc*md2GYZsV+>X5sN8W zG437ZCSdT3EO@Jq3SN^L-XuF9jt<5(98~oB7KkuDnF zG?a2-`Ry79IyO$R_%*+m2rq9znB;ALked2Cdr4TL`g%tD8_S+c+FE@~m+6AWc>1@M zao#<)Bgjnn9uLR~7n-Nb5~tb{(y>h&(jr{i)Y#7{xUBOsH+~O!E|sC6mw$FHa3D~S zV1Tw|^T1z1t-{1!7UCw!)|^P$HV*@Ckb*P`@W5&;u2~BbYACwqs;iN{?a8@K?eyFu z#+w$b(Hu>6VQ(Hu(2w_eN8vzEu*v@B1*VVtK~>bPj>y8b6Hw+r)BD0CL;^ciZm!)} z>BS5dHSK9uJd1*N9CM>MUQ^n}9=l{9&cQNI8fV%KH@kJIE*8@5=iJbVbL8^U*MvA~ z)s98TtpYYPgdrO6LS<+$3+dBOjU#V4f!>Q+=`A3vH8iK(I{M{TNp}1L9ZITW`!CYD z*k7d~@)y7MztCRgNjF~ZWtj1HZ@Hs_CO~nL*A`CV_n0nv4+!!b=sNI2Y+{@N-7eLI z9rAEc-4Jr%G}U3Nfp8v7dAB&UI?cTs>d+YbyqnmS=~}nXv1>V483&s7eXJ{?H|7_d z4ny44mA(nB=p;6`KT>F&URCtQ#~uw;z0D)2YMrw}et!Y(HFj+(_VH{&90d%aT$ZvL zQ_#s2f(PH_-6BlPEOrIik-18=g^C#hRN{%}-kdNZve(C;+Y7+~gVoYDR&TcVuShkDzx1W}2tP;T{%wvtt1XfX=4 z*VFNaK;N-&+na@ocE`+y{F0y}O8Cp4H_1sDk9(g&W01K#1eaxwOm>Y*Ho1wybJa)6B-oHt;(zdMI#TmT4V3b|a&?XP_ z$zj=8+(^(R(D-_&QpG9=2fiR$`92GHRCX~vMYuc2qAQ}|8cW%YTuVJij<|f?VTqf0 z;+{7gO8vxUP-K)(GZMj3W0aTdKgr$9oB(eh6v-hy5>ju$2tsZ@?oiVCEckd2ITk-x zN!=?svm~w$dDQi)Ji_bu^|O|Q*G~E#w$5B?xWMm>;FXTVATn`YR=wkj1fn${9M&Fs zsf8V#JPB|A(@zL}&M2WWdfHrP|A}3X7LI^BHnZtBNPI*KF9*_A;h%seH54~X`{THv zx#8F2`j;-vp7E%9A&CC3NA!_^fc^4j3S~js-kUDY)%ai@S~E)`q}2P})EaM4j{zo= zPm))BuhhTQ5$_cz<=u}JeyhH_uT;8i@ z-Vn6tK@;Fk@ZULj{ur9M2o<8vM>Kxvun{3q&Nu>r$VXsX=duNrFRU>3z7Qu6KMG*D zYrzh7yRvx7*Iy`Vr-f{vII7C=(>T*G`}l<^)=Uw4o@?V7LJ+XSY~-c;Tf}65q#hWF zzSM*z1z-KHAo^K_4JM1Gjf{Q0v=Te_2ed6Nfu6envNU#`s&^PZb&iO^=J(~1MBKa+ z%B58OvIN`RNp8;pKc?in6VXtfqMf!tpPKKm3ZRT|Fs42gmf1EGX@OHM%cq*zhlo!CnqvXfZQ6yK3=ywqfq-;ti3mzA4n`XW}F=2jX zCORZoY|OBBae-5saJjLc+@y>pK&-gxr@ZIZixxKn7sYqaTK(@$Lii?yr#k*LzwhUv zsSFk|#nky<-(INq(F$_8xjaIIRZL6x6)yM&wn+~Z>bT$XEBoP7zF$-P;t&Sn`2uKi z29)(sBVd^XjpWIPmAjhs+m-Q5z;~)*(5y@{>NpGPLvFir6v+mZ2GN#1e9%V7G<_sx zVjGR$DdbjB7 zui|gH?Rao#+Xq8(Ww|XZh8~c9m0KpRI0aEK=6+1s z{*@AjS&!nl?u(j(0qKcZT5rU#YaK|T7@P(cjt`~euUDkVb7FO{+!khYYlzRpP6xpyyL)nuxhV6S*HS*$i?UBB_G8Dogld>3PxeDX+z?#E>kJ zQ;R?Jnf{gyr8w`~_qlhyF)MXC(X^X2w?oG~ISgy0K*|)py@2fo!qh_WOD>av?I^!N z0+G78%`t2~93w$yx)zNN1$5@jwWm zOJhe%Jfd$&Wt=l|NpU*{x%qSMJMZwvxkZnExaAhh z{N?sf;{OBsLpxl{0CExoS9GRa$KOx}(T}A)Nbs0gZSDo>M$Mgc(4x>?{AW-(1o>~<(2qMmd1STFO42E@ zP+Yu`2cW=$?1{3uxPN^tD|2zq@99LA@}zO(3nXG|2Dy@f16QmV`It9p9TK*ph47`w z5vTc#jy9(gw9q_n&iAr_%Y8{AK}7+AZJ%KybfAVs9czZ}2J^cun-f~+QI;Baw#)Dl zhYD5#6*s&USOJ14H(@yrA7K`UHw5_H))#}LddE{LM11kEV7?gX0x{nQwT9=%Yww!Fy9Fq?ewd%WzKwP2{2QEP7Mq1| zaMd{?FUwi=zE#jUy7AB-a3?Q2e}(%eQTKrU(CUSiWUk#1)trlgND`csfb9zbRdKgF z5sH%w%W9_W!GO*;#RkcH<)5=dsTb$`elVE59BID#06rs$W-7i9fZ#Wqrwh8{5f_b@3T#y+~$>JiLWOEOBrETMNMRWLp!)UA`a zG|Cl4PJNVGLP`g;oAuE+s1dIDC_eq-6=bWx74SwkV~(M}bUI&9MocIg(zfNTIdYs_ z&e^+0qk*Gv{P7Y4Y^T%sZ%MQXOo88Z>85aamu%R;jL}n#9MxOY$QN&*aFrS?qETK) zOhmuBRt1th_VaNx+I#DFSPt2Ix{wanick*)WB%_im=7y1>r&M!R#2H;BH~qi@HSzN zfq%Gd6*2$i_D}Lbjr`aVB!GARmJJN9o3EI*UU@??vkkB#$!672G=ig zR)9GWLO1#Mu38;tDg=Yq6x8F7QN4 zUtPctm#SN2;%-1}(0fK0i9>ti1kZE7YKejlX@%&$q#cJ2aXO)U+2 z*hs46DKZ^h)cYRK*KAsh3V^k?2|bU<$$$M|vmQG#dDnh9RW=&7%?7)yIoa5qiL1P^fbiY2w^Alt}z@{B?Xiw***wVDNO1j!AvGe0oAy6^69)QOndwBgeXH)A?^6?p z2H{5q6hNfyB$V4ymQI!FDUqGjDNz~$ej2qf2$88%sJJEK{OdIH=Fyd6t(faVqHNVT zy&cBPo*Mj9od(DlgNpCbfoSy=o62_5@G1}%z1DQ&-po>4+p8ux{Vh(DQ|N+alpv;s zmTb_^1`V%k7Rp2^fX$-i=Q#N;vGu+e`FC1+th8?i(<~==tR zXr&Mx_DGze$_>7TkHoFJ{o>>SkOo(#Pkc06x#H%3U4O+qW$lRLWi6-4DVczoFdxkJ zQTL^Jy2W^^?0aH+IM&sjOeghero63&qxHGUy3;K8i@RWtE@%8v@tay2ljsqn9-Dax7&PW0M(i4-j+!kC1fud7{a7Or7@@b zr2ENYek@Ea)xCL;4xF-cRjK&yx8!G(xeT5r&^}r}>mIiJyfx#q(H9t3#|_<3Fsc8j zIjn#Fni#1+b$U1E7vbU6=hJFtu=>n*hX)C!gV;uch2abG=RpJkaWJ+PG_`TIGo`n6 zF#RjkKL-Ij5)_bt)T4QgZ&bqJDpIH|zrq&Tmo)3LcV0P_ek)T67AqDjsx0O!2g; z)05vn;r;RnPcpHdx0U1*@5pqiS&#fgv>N)n8(ZVn8An~~%hYrC;zyG7CCJ8{+mSx$ z5V}sxrnR%6 zB-to|Z?W3q%t-)P8{SWP?0AH}ATlYp4niFdNaFA>5N`mc7oVV5m`CmnWn?^)tjPd< z5e>O#_`A&il~L^f3!~N}kw27ZanxVWMWaBuPbN{|s{5gI zB9H9pX;*a%0K<~(@95)RT!zG+==r0pc@fZo4hWN(?jWXB{2J25Z%iHJT-7o!i9K{_&JkD0i+y*&FzWW1bCUX+N$@`Y`4p@ z>(_e=xVwT8pbfx9u{!9&{VFa=K*#ojxc^!RU+eLGn5QvVLT?jJjtp&anF*iuF2w1x zD~%dhq+G*ubt;gVDd#vp-2?@6s8KhQNEKhvOuxjH1RpLCt0tfept-^ z6w3^2c|_@RNFJE*2jW}&3rAyz+j+hQu4n0|si||!e(U28Jq{8&qp zdc@ho%(-Jb!lOu?V)f4E32rNn(QYev)2YO1raRPRD`H_tYa&L~90#|Cr8~5xEsA2o zG#err$0}&Rox}8J3FH57q2|er!EDOSf`C0^Zq~$uNpCKPravW$8+`@%AB_6vWRDB- zhdF!KjcC=3w6Mu4VUcKgp_4#@DXP`U?6#L9TdWX$C*+FO_MOGX?zn{}atdx4l7_hg z$cG0Z=mBY3NkW{~jcW^PW!v6252Y2Iv_3vJu0QwIS^+9r5@?#F+N!Cn(fk^Vljnif zJu@c6#%*OJ=$*ztc$3`-JU*pl9XoY5_q;pQm+mVcBhAPcl9Qd+@h&n>We5}}Z>8-9 zC^-n?O^**Hc4~_=y?~Jzsc?2wH`7Uj*-}%H_n!}SYAvApd|d-m6wefhh)7^|8ip^< zLmLx4_^oJB0Gu;^!DN(6PuE*Ie!ab$jaeZ1z&;H$^?;xG4KH4gURobC6^~mvZtjPk zyFXvBSopXCu?p_x%jSTL6k)%P(qAUM+Wl>ylk&T#jhQCm0Idnovc10fLx;b`1C%7CtWZH#ye<;Nf=fu3+Rq*YF} z__igdghenu4w8j$kFsF#=ZMDQOe-3S<9PFoJrw~?N$ihU7mq4^gOUx?*_3mSSk4&s z)S>FCL!C)YZ?7C>vgO&~z;cYxIxV?bd{j+=ywIpD^&RZ#%y#r*l9|kXoy#8{^E#g` zdUdWGo`BB_Yj+S_alAEpls|wTv@2KYIQatP#wY2j*Rhtm`HaIB49GODW6w_(d;d1- z|2=5`X?hs{gHZp>-y$c-@BF{*{q+_20hb%UH+oo_Exq6v^o0Q4!@PEmaSb`e(|zSV zKj~RwqYH~mB=PEicCj?;#&X2m(jLF*4=)8lwUNLb$JyIhC3pg3n53Fq802Cdx9Vp56x}hK+*NE_3qYs3 zp9=f}m%&wm&~NCW^}+__Ygf@4mc5nnw8SxSl11VCf*PWF*(^8~8bb?0pJmn>hP^ zlErw($=kChW@HfzF|nOi4|Map0#GdH6MYPR-#<9sIn>z8rM<0k^(%~L&Dc@4*feJ- zGVnR)qo@p37!T%-3=4;!xa5&}6MsnZo0?$x#NCC*+>$j1;_3y;5@M2;6c?0UMosiC zf+wxVP9B>DP2}~S09GLnD-WVmrB5&Muz!+1y0?|_J#4GP)~_Il@l`{?Az*Kg{9>Kw z{II%>x%|q#!{_%L;ep;M1(I|8@;uIEI0z=xF8iOrp=0H`Z-}pZbz*H%6*>CZ!yGD_ z`O2(@=*6u5(;D{;%#nWvaNxgR-R$e2b2Ud%>OI$=CQr1FXrWMu4W*6l|0wygE#`0Wk6 zZjzKV`hk@z(GRkcW74}l24~H1BAJFaFH@<)z`&?Z=AfyutUuUzh|jM2jKqiG_PDEZa?T-?iRhE z3IK$4d#I9;7UhBa@YH8#f()r;)$ht^h&bnkrwT6d9UYNsODO5%MD-p($2TLf8f?!f zS==u2xEMi_lUFA}xAVJ|8LG)>%CzSL!BDW<1$M&NOP7PA?F_2!6iilhj1`DTf{u|& z4tjlZ-?fYJX3I8h(M7)*bF7P}8v{*KKn9Juc&de-k%9|WBR$#9*3NpMrD3Gn3|0RN zw~a=983s&9OpRZ2AEa<@p~V5KiUfN+!5vv|)rxfNh{VJ+=8TSh*2WM#N$jmBm-;0n z$+;Ar;J1EVwvPbp_j*iy^Cs~u#UGd?Qn{@Sk{mS_Y)y%iSb=99D4Go4A6||ufN8_1 zpe>(tcs1J1YUdm`4QlJVZ(YyxcY9&o;_vm!K@MMYpb(W0cT7M`HyvP-5h?nayXY30 z{#}cF46JH}Y+Fgr=%qfaZB~6NZNDG=>29oI4*x?f`mck)5vmaiNXxkL*RqdyvCWI? zrmKvEFOb=8m#(>05ara0i#b&7hT&hrcDH&V8bIW=HH{HYD*5)(+AkXAf;O&d|pD!QM`A_`_BHY`J@&*_axe2k|cwdxIHwrfJgEv3EzN!5z zB=n{7OSz=$xg^M)`*GmN)#d<6{O!l1@kY&l|AbJFD%s2U+DsI@+|@Pr>?-{Mw7cTP1m zS3uk!R+?g4h{R%mc43~fhhFk7@FS6eMYs@Wx)@vX_lHd{=;t8crd(z5CqcdFv`-`y zI>Ovi0H1)vl}WVGrSzRIGd8_p*=Od7R+)X&RdA2U4`zx|-MbUNkHIGu2xSVnGUBba zha*kWHBMv@T~OvT7)7eyS{I3?gV(8QWMX5ID3&G%Nm%SE!XvYq@0jb(e;SeGty1K~ z3Zf;xBA{^%^Wu6KPnAde-10$dS`ckDTUQBR0YcSb_DI2cua*BBqr~g~|3)3DRH1;h zC$1@3bIn`U^t%STt3EJytem=DPkgQ(QOlB^(P%x<_{F-<#{0#&M%+LvL%r3tc>SJ+}NQU3kj3A zJ%B8dbj_kjUO@2A0zq7xeaN{=Pz%NaaI3fl9PZz67@ngExzB`b$-O??Hh?SmYV{!6 zIt4*9vEg5Z*qiNw@kzoK^m#H6Zye{??8sBBS=Du7!xl_%+N6a~Qk@pvU{?Kpl>Hhq zSKLG;=3nZb?6Kr2f;I}{ruM-%@-8DV!j%&ds=M?+qwz);4LH+K^d>TlQoy5f%~#id z+s~kce+)2_^M7*7d|$ncINoQg5T?Pdc+{J;PgK5ayYA8WvJV6MnOZ?H{IKX_GU1HZ za%t(PH{3olue+qVMM)|n2TC@PV>2j9dvVQ@RRm58rUX&FWiMmG#L~BblTas-A~1(( z0*sY$4eO^{C;-^ni_hkkMK}gn**3#WMyR(+2E7p`(D?|Zd0*sfH&!a2b% zlfNVs_iU!?@lKPA!K>SKJ`|h;0N3K(Bpixp@M*^T&b77jiv1IhQ|7udSPmSK`*wYL zi6JXEP*7O*(N?W?l!e8Rw)GIj52p6dQ%&C(95PocPIE9x59y&dZliFkfx5DM_HTNOjjLn&K?8wc{%pl68s&_^@MXl^)E(Ij5$P45 zlk-L4w0SL2Dx2AMt@0hNPi)i{ayl5mcjGXoScc3m@dnjv4<(E#fMzg62p#!9OUFM| z`_~lCFv7Kod-wL3jp6;(Wa46gd*TWSTkpl`1P~j~T{lRw>{Kx^YQ3=nXvANzpMMEV6WkW0 zELz9pEEtB(IG*B)0K1?4QAFePVMnC0!;SYk&q(WpSo(Iy4K9a5#QNGpV6yM$&0}RS|>l?b^$0 z7et{_Df0xGXs~Xs0x^yFnB%Bo-RPG?OhWi<+QdLTuVpzHkc=BiU|q%ayoQSz(Rkx) z?Rsk5X#iR4*0F`ePY2h%7@iB~>>*-($PB{4C!e^v5y+gv81*!q9!ZY;Tx7X3k#{Beoo)>;7*US|1}v7HCGZe` zT-a*7=;vlB(A-*VpL6|l#jy;XwzgriR)R*e#@JEUNh$(4ugqIN6RUs+^P3iBtBH`+ zYC3Fflk1ik+vVuQirhWa;+nQ}4JfoLRYos(ew0>1Loc)epHHVXDk7BSSEL_-KhNx` zRW(g`8Ik1jsXuCf;e$cKf?lhFfPH~QLA!gXW1s;&_^nL>f&1sopMP%tp7}dd zCRO&rfM{FRWlW%eRR5gvbozl;!Xqj(fA}t8Tvv`-ZxpN(`0%E$HA_sxAq6=Ks5YTM z0q<6Wvoa_a-!Q-`9fmQKq5~ns7$y8F!3AGr+-5R-gr)InP9%*UJeNdm zk$7gi;_Mpr!rs?2g5@t5XuF`V#DdfVrg3YW386KzpNf(i@KT6#AzTo%Y&|p!rsFV- zZFX6UArzMinZ&oP5Zxim7(B@^ifxw!n zMo6oERZwyYfpS5qp#B2zq{Vn zXX(Do_%eR1pXC#|ciS?3$|vcw-ijuB*VZYF5d^6Vw;l^_iX?9|UPVsR4&(U!BjFH~ zud-6My=Xbr`Nlq8&9ZciplsO*PRDZNAWQ~)zjviwPJV&CKE$_Wk zeXEDyh=co1AkmmqkYs_fJmjVmeffSr74EIKt^eKWP9H%cBwm=dNXgWHr`A%b{-az| zs&zmiy694D7N@NS3QJ zv5~LEus7?#-3V6=0I8S`qW-JQDRyE-l{lpmkg>&79T$d@}{=!0a;1x zu2ES~+1pMNGHpKppF5^R~hu z8GPSbLc_(JL`_-M3-Gq>j6NGg#BbqUCih40I3@i`Rp}Rgw>GV>l<8~2{g9ViN&`x- zE3ii1qQH;c{a-Dn=ue9oqU)k3`;GP$LI2}-i?dMP8<2{Mqn|YxdSh^|;=wm#R+K6H z-e!It;pm$G^rfECV)e{rkf3S-a~b3#p~#zq-lo0)lae? zS5oeS;6gHdp7 zzf{ASTjf=ZDA@9*bGK;^3my^(&VHYeT^)whDf0p7!FazWOewp_xbW@xnC2ewer7vw zrQpB_;v3w>(i`8gBRXL{*4nT92A$Q{TfaR4pcAY|f zqH|LeI;P84-P|N;AUt*S$0mL#(e40~!R}&Op2X##5c_e#{0lX7TyzZuWATU*Nw7TA zy$#5bsc_hr+@f?%st;{3*NEc*;dq|fZb)`sr^8c?C^Cg%WW8>SQu7aCSoUyFo@~mO zys9Gr|3=_;(PC{+IlhD}tqpE;v5vxJ!tM5~tN30yijR(@a&^VMO9Tc7k~-wZ5XS7|DP=e?9+d=7~ns9Oc5A9!hiOdzm4Rd9upCR{Gs#FBEy}mQi3Ti z8|RhnQf(kRRlYH>MJP7B$}yo>o79t^=P*=OsPYs#=pvLA#wyo%N+0WLMV?3m5?TBm zX|2(3UoCJj5=1^phM?#n$dLCGp?Pfc3kI4x6I%TS10XS9yVLMeq})fid*KUhK!@(e zYQmzx>oX1skS%TgL`6Y~trbR@`35IHtl2`pL?RN`DzWE`^X{6HS^@AS#sg)md<x1DZ29oI->KawpTpY`IJ00m?tMkY*3BREZa!8lf_|k=tPT_oBXO%#w*I_%_oqZcBW<94x rYAJBKo<%ME;A5$FwWGVeXE5ig^ftsc@lk)FB6e|#AO?1;u=f8S&p|~V delta 14 WcmZ2@iRtVO#tkprH|tiVssI2u_Xgeo diff --git a/openvpn.spec b/openvpn.spec index 17c6b55..948ed02 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,8 +6,8 @@ %bcond_without tests_long Name: openvpn -Version: 2.4.8 -Release: 3%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.4.9 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -183,6 +183,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Sun Apr 19 2020 David Sommerseth - 2.4.9-1 +- Update to upstream OpenVPN 2.4.9 + * Wed Feb 12 2020 David Sommerseth - 2.4.8-3 - Rebuilt to be linked against latest lzo (RHBZ#1802299) From 60c2c0a77460b61c2c65589509ae9e80cf0975f9 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Fri, 24 Apr 2020 21:29:44 +0200 Subject: [PATCH 144/168] Upload the updated source files Signed-off-by: David Sommerseth --- .gitignore | 2 ++ sources | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index 5f9ab14..59dffb7 100644 --- a/.gitignore +++ b/.gitignore @@ -60,3 +60,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.4.7.tar.xz.asc /openvpn-2.4.8.tar.xz /openvpn-2.4.8.tar.xz.asc +/openvpn-2.4.9.tar.xz +/openvpn-2.4.9.tar.xz.asc diff --git a/sources b/sources index 2ae8be0..718daf0 100644 --- a/sources +++ b/sources @@ -2,3 +2,5 @@ SHA512 (openvpn-2.4.7.tar.xz) = 5398084ad0002b3ed34871375888a1ec5d4d0f0dbc7c979a SHA512 (openvpn-2.4.7.tar.xz.asc) = 4d2097291b46bd521f8a8bfcd3bf94fb334cccb13ee1391b434004068a4754d7e55afff99562487b296c02a24d18c495b69854c9e7d4042e04ba0a079c34cc4c SHA512 (openvpn-2.4.8.tar.xz) = d37a768c7f8683c23ae0d73d7e9947b5a1dac26580b0d7fe72454319acfe40375fbe150e68daee865a78e0269740e4ac5c96cdb8a7f02a1287ea93752ee0be06 SHA512 (openvpn-2.4.8.tar.xz.asc) = 06c44b699d778dd5891eca806f097c63cd8d1ec8215510ff9be138154fe19e0947fc165862848c67fb1ab62b2ca1f3e4e0b62e0e342c19d1ed1d33d6bbe5f0d1 +SHA512 (openvpn-2.4.9.tar.xz) = 88dec6bc5993de92e33ed1a829b710c7b4c491253396d5c705c89c0949a859bd24151fdcb278df4b43ca6c39aa033c21ce6f812565a1d75c2dfb8fa198876b13 +SHA512 (openvpn-2.4.9.tar.xz.asc) = bc9076cfe4d223340f2789bebb40a548b2506f8ed9b75ff30f978b2c25c39d2a7d3f39741a98a840e117b93a4a9dfd1f57810b0fb1aff370f8d45e7125962936 From 6321a99faf40ba883fa3d60aebd9649c9f1453de Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jul 2020 12:51:29 +0000 Subject: [PATCH 145/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 948ed02..7376df4 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,7 +7,7 @@ Name: openvpn Version: 2.4.9 -Release: 1%{?prerelease:.%{prerelease}}%{?dist} +Release: 2%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz @@ -183,6 +183,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Tue Jul 28 2020 Fedora Release Engineering - 2.4.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Sun Apr 19 2020 David Sommerseth - 2.4.9-1 - Update to upstream OpenVPN 2.4.9 From 533cc03efe012c73fd6d248b05954d2c59049915 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: Thu, 8 Oct 2020 09:14:33 -0600 Subject: [PATCH 146/168] Remove old sources --- sources | 4 ---- 1 file changed, 4 deletions(-) diff --git a/sources b/sources index 718daf0..eb5ab26 100644 --- a/sources +++ b/sources @@ -1,6 +1,2 @@ -SHA512 (openvpn-2.4.7.tar.xz) = 5398084ad0002b3ed34871375888a1ec5d4d0f0dbc7c979ab12fc16b00559613c0654f1760e84bea77d4fe7284bce25e2e9d3d309fe85ffd1060ced10978ff95 -SHA512 (openvpn-2.4.7.tar.xz.asc) = 4d2097291b46bd521f8a8bfcd3bf94fb334cccb13ee1391b434004068a4754d7e55afff99562487b296c02a24d18c495b69854c9e7d4042e04ba0a079c34cc4c -SHA512 (openvpn-2.4.8.tar.xz) = d37a768c7f8683c23ae0d73d7e9947b5a1dac26580b0d7fe72454319acfe40375fbe150e68daee865a78e0269740e4ac5c96cdb8a7f02a1287ea93752ee0be06 -SHA512 (openvpn-2.4.8.tar.xz.asc) = 06c44b699d778dd5891eca806f097c63cd8d1ec8215510ff9be138154fe19e0947fc165862848c67fb1ab62b2ca1f3e4e0b62e0e342c19d1ed1d33d6bbe5f0d1 SHA512 (openvpn-2.4.9.tar.xz) = 88dec6bc5993de92e33ed1a829b710c7b4c491253396d5c705c89c0949a859bd24151fdcb278df4b43ca6c39aa033c21ce6f812565a1d75c2dfb8fa198876b13 SHA512 (openvpn-2.4.9.tar.xz.asc) = bc9076cfe4d223340f2789bebb40a548b2506f8ed9b75ff30f978b2c25c39d2a7d3f39741a98a840e117b93a4a9dfd1f57810b0fb1aff370f8d45e7125962936 From fbbe52520711fc9fcf2669742c6f5826d1d55992 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 28 Oct 2020 12:57:24 +0100 Subject: [PATCH 147/168] Update to upstream OpenVPN 2.5.0 Signed-off-by: David Sommerseth --- openvpn.spec | 56 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 22 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index 7376df4..ffe16e0 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -1,42 +1,55 @@ %define _hardened_build 1 -#define prerelease rc22 # Build conditionals # tests_long - Enabled by default, enables long running tests in %%check %bcond_without tests_long Name: openvpn -Version: 2.4.9 -Release: 2%{?prerelease:.%{prerelease}}%{?dist} -Summary: A full-featured SSL VPN solution +Version: 2.5.0 +Release: 1%{?dist} +Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ -Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz -Source1: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz.asc +Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz +Source1: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz.asc Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf # Upstream signing key -Source6: gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg +Source10: gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg Patch1: 0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch Patch50: openvpn-2.4-change-tmpfiles-permissions.patch License: GPLv2 BuildRequires: gnupg2 BuildRequires: gcc -BuildRequires: systemd-devel +BuildRequires: automake +BuildRequires: autoconf +BuildRequires: autoconf-archive +BuildRequires: libtool +BuildRequires: gettext BuildRequires: lzo-devel BuildRequires: lz4-devel BuildRequires: openssl-devel BuildRequires: pkcs11-helper-devel >= 1.11 BuildRequires: pam-devel BuildRequires: libselinux-devel -# For the perl_default_filter macro -BuildRequires: perl-macros +BuildRequires: libcmocka-devel BuildRequires: systemd +BuildRequires: systemd-devel + %{?systemd_requires} -# For /sbin/ip. -BuildRequires: iproute -Requires: iproute Requires(pre): /usr/sbin/useradd +%if 0%{?rhel} > 7 || 0%{?fedora} > 29 +BuildRequires: python3-docutils +%else +# We cannot use python36-docutils on RHEL-7 as +# the ./configure script does not currently find +# the rst2man-3 executable, it only looks for rst2man +BuildRequires: python-docutils +%endif + +# For the perl_default_filter macro +BuildRequires: perl-macros + # Filter out the perl(Authen::PAM) dependency. # No perl dependency is really needed at all. %{?perl_default_filter} @@ -60,20 +73,18 @@ to similar features as the various script-hooks. %prep -gpgv2 --quiet --keyring %{SOURCE6} %{SOURCE1} %{SOURCE0} -%setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}} +gpgv2 --quiet --keyring %{SOURCE10} %{SOURCE1} %{SOURCE0} +%setup -q -n %{name}-%{version} %patch1 -p1 -b .ch_default_cipher %patch50 -p1 -sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' doc/openvpn.8 - # %%doc items shouldn't be executable. find contrib sample -type f -perm /100 \ -exec chmod a-x {} \; %build %configure \ - --enable-iproute2 \ + --enable-silent-rules \ --with-crypto-library=openssl \ --enable-pkcs11 \ --enable-selinux \ @@ -82,8 +93,7 @@ find contrib sample -type f -perm /100 \ --enable-async-push \ --docdir=%{_pkgdocdir} \ SYSTEMD_UNIT_DIR=%{_unitdir} \ - TMPFILES_DIR=%{_tmpfilesdir} \ - IPROUTE=/sbin/ip + TMPFILES_DIR=%{_tmpfilesdir} %{__make} %check @@ -135,7 +145,7 @@ mkdir -m 0770 -p $RPM_BUILD_ROOT%{_sharedstatedir}/%{name} cp -a AUTHORS ChangeLog contrib sample distro/systemd/README.systemd $RPM_BUILD_ROOT%{_pkgdocdir} # Remove some files which does not really belong here -rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/sample/Makefile{,.in,.am} +rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/sample/Makefile{,.in,.am} rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/multilevel-init.patch rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/sample/sample-keys @@ -156,7 +166,6 @@ getent passwd openvpn &>/dev/null || \ %postun %systemd_postun_with_restart openvpn-client@\*.service %systemd_postun_with_restart openvpn-server@\*.service -%systemd_postun_with_restart openvpn@\*.service %files %{_pkgdocdir} @@ -183,6 +192,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Wed Oct 28 2020 David Sommerseth - 2.5.0-1 +- Update to upstream OpenVPN 2.5.0 + * Tue Jul 28 2020 Fedora Release Engineering - 2.4.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 1abef035abc05ddecc15ec92b4961df94eaef974 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 28 Oct 2020 13:14:31 +0100 Subject: [PATCH 148/168] Added missing new source files Signed-off-by: David Sommerseth --- .gitignore | 2 ++ sources | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 59dffb7..43519ea 100644 --- a/.gitignore +++ b/.gitignore @@ -62,3 +62,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.4.8.tar.xz.asc /openvpn-2.4.9.tar.xz /openvpn-2.4.9.tar.xz.asc +/openvpn-2.5.0.tar.xz +/openvpn-2.5.0.tar.xz.asc diff --git a/sources b/sources index eb5ab26..6e88b9d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.4.9.tar.xz) = 88dec6bc5993de92e33ed1a829b710c7b4c491253396d5c705c89c0949a859bd24151fdcb278df4b43ca6c39aa033c21ce6f812565a1d75c2dfb8fa198876b13 -SHA512 (openvpn-2.4.9.tar.xz.asc) = bc9076cfe4d223340f2789bebb40a548b2506f8ed9b75ff30f978b2c25c39d2a7d3f39741a98a840e117b93a4a9dfd1f57810b0fb1aff370f8d45e7125962936 +SHA512 (openvpn-2.5.0.tar.xz) = 4d7175dc9b9cba84560fdb38ae9ff7f54c880c0927eee2874726e1558b8e553a6f4cf6cc26381c4bbc6541ec05419ac05a7554312140193903545b1da44f7771 +SHA512 (openvpn-2.5.0.tar.xz.asc) = b41b0fe6bea84f69428b82fed686d57ffd78a992acad4934ac608551c775f409d9c0b77e438914e419f50b4d0e88bcd360fb7ba4358c519ccb195eaa7d398951 From 6f1ad806d402079a770ccc2c823eee902415ff85 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Thu, 7 Jan 2021 06:42:48 +0000 Subject: [PATCH 149/168] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- openvpn.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/openvpn.spec b/openvpn.spec index ffe16e0..4e794eb 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -18,6 +18,7 @@ Source10: gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg Patch1: 0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch Patch50: openvpn-2.4-change-tmpfiles-permissions.patch License: GPLv2 +BuildRequires: make BuildRequires: gnupg2 BuildRequires: gcc BuildRequires: automake From 1210c40ec25f673958fc06db24e27535d96ce09e Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 26 Jan 2021 22:38:44 +0000 Subject: [PATCH 150/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 4e794eb..d923721 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,7 +6,7 @@ Name: openvpn Version: 2.5.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz @@ -193,6 +193,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Tue Jan 26 2021 Fedora Release Engineering - 2.5.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Wed Oct 28 2020 David Sommerseth - 2.5.0-1 - Update to upstream OpenVPN 2.5.0 From ddc4a6440ecdae5a62fad42ecff6da6aaa59298a Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 24 Feb 2021 11:29:44 +0100 Subject: [PATCH 151/168] Update to upstream OpenVPN 2.5.1 Signed-off-by: David Sommerseth --- .gitignore | 2 ++ openvpn.spec | 9 ++++++--- sources | 4 ++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 43519ea..849fe2f 100644 --- a/.gitignore +++ b/.gitignore @@ -64,3 +64,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.4.9.tar.xz.asc /openvpn-2.5.0.tar.xz /openvpn-2.5.0.tar.xz.asc +/openvpn-2.5.1.tar.xz +/openvpn-2.5.1.tar.xz.asc diff --git a/openvpn.spec b/openvpn.spec index d923721..6da5d18 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,8 +5,8 @@ %bcond_without tests_long Name: openvpn -Version: 2.5.0 -Release: 2%{?dist} +Version: 2.5.1 +Release: 1%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz @@ -18,7 +18,6 @@ Source10: gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg Patch1: 0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch Patch50: openvpn-2.4-change-tmpfiles-permissions.patch License: GPLv2 -BuildRequires: make BuildRequires: gnupg2 BuildRequires: gcc BuildRequires: automake @@ -28,6 +27,7 @@ BuildRequires: libtool BuildRequires: gettext BuildRequires: lzo-devel BuildRequires: lz4-devel +BuildRequires: make BuildRequires: openssl-devel BuildRequires: pkcs11-helper-devel >= 1.11 BuildRequires: pam-devel @@ -193,6 +193,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Wed Feb 24 2021 David Sommerseth - 2.5.1-1 +- Update to upstream OpenVPN 2.5.1 + * Tue Jan 26 2021 Fedora Release Engineering - 2.5.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild diff --git a/sources b/sources index 6e88b9d..c3c4ce1 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.5.0.tar.xz) = 4d7175dc9b9cba84560fdb38ae9ff7f54c880c0927eee2874726e1558b8e553a6f4cf6cc26381c4bbc6541ec05419ac05a7554312140193903545b1da44f7771 -SHA512 (openvpn-2.5.0.tar.xz.asc) = b41b0fe6bea84f69428b82fed686d57ffd78a992acad4934ac608551c775f409d9c0b77e438914e419f50b4d0e88bcd360fb7ba4358c519ccb195eaa7d398951 +SHA512 (openvpn-2.5.1.tar.xz) = 7c0adad384f908bd7dbd839a2b90cbe3a4222cac92ef484df89709ca5dd6cb22b3caf19b696c2bb74d7eda148904a8b25f1fe4640c91f0e68d6e65bcf922e0f4 +SHA512 (openvpn-2.5.1.tar.xz.asc) = 44075753973aaec67a2f01f8efa3a7998bfbac77fd333267ed918a56ef884d8264004296bfb3b3ffee3e724a1614dffccdc93a4abe5fe128d8ee668c03df73ed From 81b76b938b4f04acce664c2dbd8f7673527e3e25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= Date: Tue, 2 Mar 2021 16:13:08 +0100 Subject: [PATCH 152/168] Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. --- openvpn.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 6da5d18..2c22855 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,7 +6,7 @@ Name: openvpn Version: 2.5.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz @@ -193,6 +193,10 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 2.5.1-2 +- Rebuilt for updated systemd-rpm-macros + See https://pagure.io/fesco/issue/2583. + * Wed Feb 24 2021 David Sommerseth - 2.5.1-1 - Update to upstream OpenVPN 2.5.1 From 4214b7e7997683dcdd6953ae31db409d31ecc013 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 21 Apr 2021 15:11:13 +0200 Subject: [PATCH 153/168] Update to upstream OpenVPN 2.5.2 - Update to upstream OpenVPN 2.5.2 - Fixes CVE-2020-15078 - Replaces --ncp-ciphers with --data-ciphers in the server systemd service unit Signed-off-by: David Sommerseth --- .gitignore | 2 ++ ...lt-cipher-to-AES-256-GCM-for-server-.patch | 2 +- ...54A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg | Bin 43297 -> 43992 bytes openvpn.spec | 9 +++++++-- sources | 4 ++-- 5 files changed, 12 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 849fe2f..6907d80 100644 --- a/.gitignore +++ b/.gitignore @@ -66,3 +66,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.5.0.tar.xz.asc /openvpn-2.5.1.tar.xz /openvpn-2.5.1.tar.xz.asc +/openvpn-2.5.2.tar.xz +/openvpn-2.5.2.tar.xz.asc diff --git a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch index 7e11fe8..aca649e 100644 --- a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch +++ b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch @@ -23,7 +23,7 @@ index 9a8a2c7..0ecda08 100644 PrivateTmp=true WorkingDirectory=/etc/openvpn/server -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf -+ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf ++ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE LimitNPROC=10 DeviceAllow=/dev/null rw diff --git a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg index d5abc3e52f84fd43d3463ec1c3b9260f64d9356f..8272cee5dd0b5a6ab233c728d6ce11ac3d7b5d56 100644 GIT binary patch delta 3073 zcmai#X*AUR8^&jThQ<(PEMXF38`&nJ#!j|mOO`OQ4-&}|DjH;)D726@vMY+8B_7+9 zjBPC0ciESslAZd`b2`uK|C{@Kulu^MbKft%=X`QL10%!0yJ#3#&5{Fvf$Uf)sKF%- z1s4RepkNG45CD}h8ZeMaQwsns*o2@Ull3_$nC_qn1v5Fk05I85ir#b9f`ZJPbVJ{T zE(HyO0Pr^VC=6sURfK}Z{B+}&KD|6Z(+mDGeWcfso@msg%i5FlZG}uKP>>fvUl}1- z0|ixVenCNhR}BD+5IYBeT}Dy>C`+JU@E%K-KG*1S?sO0g9J8dq^e@nj3O8v0yevBl z2lLG7Be6Pk1AATx0Nu>+0JwBa4gjwy6*GZT9`ekf%v}@!y5F}2K(!DF0HlN=0gx|- z0DyfF`YvRV98exK9q4(KnHjj>G7^CE8nS zoH5lnTzf6$T-fcl!c0QpK7?whZ>C)23sa3L9DMMH=yt%_%_Tg$UuLe8SD(q?Fpaii z);zOKLcJmdr^W2Ls!qQD`TzyaFd8i8j+8THTHC$D%d&OMW@EfNPqU}#MBWZBvN%*w zVlq?rqH!@+q0KM)|BAR)(0=kI^+$&-7D6_XU~`wA?|Yt_FfJaX<~ZSAZ$kLSpRJ$v za5=H16!{e>_w(e^BFLh3^3b=qiJzjA+!dmDyK_m1XsB$z(oWcSt$^)FSCv`07c)28 zQr_G0oA+^Ze4)U58pM{wKGx407Aw(1%q5(@91{|$F=kd9t) zeLYEvZ6E$&IVT}uXYPLS=A{$}5($crgMn>Xc21?^;NnvdZYybpZ`henmTfPlc_8kFKbvPZzxFw}c-E zvqg#Gz!BUpwk2N!W#~G0oib&S1u^W5P#x%pw#&qHeW(_mC{`5N3idNw16Rzug++n3o1FKs<&i!IjjLj8r_l zB+J-XvRX2z6B|viQ+-)P?$PBtc4fN3i0KctIX#r2l2)c@pC8DfyhE`ICJWir&L{1*YDUrSG)0?g`^^HmF+$fpXd5H``SKGccp6E^ zI9$kjskGcu+2|De5qFJ%d&KJ7P_|Z&Vt6E_VffNw+xoLgRr}Jj2rE)vijJF2svMYL1lL_^G zkF4R(N4oEkyPJ8pw|X;l1FiIMDUV5NBO4FCxubW;A!g-Y^hyZZzw+i*QiSxG5V4kD z%qdegUoNRN83bMsI;;SuY19ztY_`yLvVDQ;eb>Gfg%UOw_@lE{7Pjiu3Ag2X-zTF3 zdo!@5Mdxk#tLMS|!u~ht&Bp_GdERRZd^4%a*H5~y^NP_hw%6QtBZK&Gp*V}=%-P4A zTEF*=;N7!2uBlz~O?1pOBGKXQEdp6sno*FfvLn}#T0npxS07zK3ROP4whw8h*c-H5 zrP&bPYdV^om5zPdBANDBR4jY8u7OK<)2TIZ!2_su5I7pa)OVeAq8~&4J zsa7a{;e!)a6RGmY<SybW%3QyI}#F<>%=T(ky z3QUg5(z`k@?a(>g=CaVHDnHpV3B4@H<~g%}=(l#snjP-@Z3IfeNrjcVwU60cI`OiZ z#Tn*S%VE0Gc_pr;atVigRP?ZVq+**xGAt97nR7?{YkdSjEa>wzJ9AARXCkUYriG%@yRao!cR8#_A)p%o6maWhi*BB{YW`k>a-ben|jY| zIA`?{!uGZoV?q4fXsxP!jbBSUQ`e9aR4vQK-y*ntbn#~pSLcp&gYyrnZadQnvX~FT zMbiHtQ4w)ZqSF9Lg?$7yw9-#}!1+Dl*k`Mvx1sJ2X^1PqUC)%#K$Om+%P8VAGz~d4 zG;Db_EpuAviJCN<75|)sv7kLnXUDMgL$isT-*~?7Ht*d)P+Z^9Na``D5sl(PSN4-z!3+xG zZxm)w!h9u+-u^?ua?90?zA5@B7ZOgtY}F+=w_;E0&SoKRPpVwEKqtExCr?4adf}fd zpHS?_bv?>12GOwBSve>6jzw}zzW70&5b@qud5_y5E``?C4Tla*4UeeDS;3=^%eTB8 zpbQKp`nJ2xkQ{ALnR|bxx)?)-`E*|BmiLovya#&BtTvkY^R~r{uGv}KFY`Sb?#)kN z7&)t!*2>OpRNFAw@8h}56qh|8OsTBGij|ubN=h6L_-W=$J*92i>XpRj_~}AAUqNPe zt0!iRdPbu`XJ1?Xt?a^6|wr+!xjvGDdUkpR{IOC(h|fM)$mq<{JHACaoa>__ODA9z8v#mS5c63x?_ zEMD8le$$c0bMHAH=_-=O=bSV(vlb$eybSa=pzK~#NohG)7~*5lVImyk)u}OwM01X^ z+xI?Bg1l+c(|_=+n6Ej>t|sa>UBCDW&fJ4TZ@U0G{m3UwfA<0;+26=$J-4u?200-VjMn1`Gf@f<+0!m zq4p6m+Eo5*{e@AQ{Fh zUH2ExdmLz0uUPxv3uqU@e1BKUqT9GM7||(7smJ37_v`<;J>;td*=u4R+;}x9idpl5 zQDSY@oe0qhl4+71B}XXT(Db493>;?qWx}2e@w!r0*hB2gQolU1*L2jt9Trn!uwava zSt(dnURc(y?u!g$Rikyb9RK}?-|W!O-eDS3t`sxzT3Y~{4^|#pA@?jD3v^%t075{k iXro+94F45VF|VgrIoK5rsh8ju-QE%Po;gvvt@}UqO{(z# delta 2305 zcma)+X*ARg8^+DwU>GzeOJ$of_BCe4(qt_pvOG_561O&z#Jb()_(U41kAMu;OkO;2UkBmwK)=n0tEi8`;XFeh84K157 z4E%L!8kt9J?T3yX!x019FKJLPja8EEOgz<6LDl0%%~bl9jpfU;b6uXxECI7ZuZ^Fy zkvpc(23!mKe7tSqfx*P+ImcI|Nr%7NqGe)qk>^as5cMki>ad0(#J2-q#HhpSf=_{-I#}~EH4{t-l?qHBOrwi zt&}g>g=Kbhq!K3)`GYcz*J&LNmrmD9M5fss?v(rMwlV6q6evE;6T=)7or0!Hb@bQhYIw-S%&ZQw0@_?oO~k$O6JPzYLGyI- zu|{fFjI?NIq4oJm`MJTA;J{}s%>FuG5f5d9AW~zcC@k@IeH^QY$F#WI{}bkd1uj$S z+p+H2sk0gV7DJ(#kCgnY;4@IU*Q&; za`nKUhnlr)9tn+vYB@RD=)xx$itS#>%D3?9yXy~v<>ODvMHmiBnisy2NAKW-y0pDe zQ8!)au5!4fChr25BeA%4sfC{g#P4@$27J35n!7L0ndy@gk;&~AEB zp-d|~y;>yo#_Mih*hL(^E2QVLe3*O|Ju4wnCzLDwWwnuKE0A5M0bz%~CCW~+^>VGb zjH~+zjC@-=#U>uKinDyniR1-|&BJwkk4KtW)zI$?H9ivlW*MT8PO&9i(i(o;Q1~d2 z5+++1<{e3hKUfZ`m)K zT-c*hE3kcF%h%rO>DnMN}*jFH*9f=K-r_`}z|N2=1JH&608`Qv2X zvjS^P*G=kfg$Unt->vz7qGR6pKhe2Ri{NU{o;e?=KNe8m8-6q5;+A&D)Kd7@A*H&0 zV$s=Gq}DG^_z4-kIx;maVlhHAo>{Cq^QcD6C~Qi|kKFh^VXRV`e}H-%gXGUz`Ma~C zs*yF@YcERAp|(9$7_f6rblE_cjuk zK3t|7;c!TECtccL*@PnZrxJz9Z5QL*B}BPO=R1y-Tu%(~odZr<@|X2QYRbM_WCYFH zqG!krk0toahG=?0caw(|mmX}0)jrv_Ig|LNqFM2D{G*86>ywdY$N?CYxPP*L&)TS8 zpOKQ}Ho2ur`lX(JO%>gptvP^(i|CKlH9E`}D8RQ9e9y)Ipcd{;uca)`W2;S7C91dG zheNUnYi(bnw_<+gD&)vx(skD-(4_PhetqK^tHrcvtdYa3` zOaR7Az!~;X$g$;P!O-P^m@++S*KG6+#_=HlqctObpPEFYgqXiBu1vX-K&G%@!zqrf zmI;|><4SI`nSwwVgntg$G4=6zcgtR^X-8QOGtV_2_-#V7Zq6XBy+jr`A%`ZPN>+6 zf1~posk!j&3KjIev1oOchQQ4)FCN`^)2(LewQuh;+F8yPGx7`AhiqF+9Em?ArsgIn zqm%@&J-hVA*BLe6yPZkc^^2X!dcaz)a#lqbJKr5YDt8+082osv>`TH|^QS0XdnEj> z_xv>ww6*UY+8*(9vlb84O`WF&_qb;#P95Uq6%R=#w+1VeSMX38p%q&`Av+_@4w_fk zR?b`yMS+jShq@1932qCS7<)>%sN@H>c-s;~?C639-@DDU!*#TV%2J$zyH?ZmOAq?9 z8$dj^;sU8k>n6NX_G!mG&6NCVrQFg}0xtLfL=6i&M=lNh`Xz`s&Jga</dev/null || \ %changelog +* Wed Apr 21 2021 David Sommerseth - 2.5.2-1 +- Update to upstream OpenVPN 2.5.2 +- Fixes CVE-2020-15078 +- Replaces --ncp-ciphers with --data-ciphers in the server systemd service unit + * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 2.5.1-2 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. diff --git a/sources b/sources index c3c4ce1..5a4d97e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.5.1.tar.xz) = 7c0adad384f908bd7dbd839a2b90cbe3a4222cac92ef484df89709ca5dd6cb22b3caf19b696c2bb74d7eda148904a8b25f1fe4640c91f0e68d6e65bcf922e0f4 -SHA512 (openvpn-2.5.1.tar.xz.asc) = 44075753973aaec67a2f01f8efa3a7998bfbac77fd333267ed918a56ef884d8264004296bfb3b3ffee3e724a1614dffccdc93a4abe5fe128d8ee668c03df73ed +SHA512 (openvpn-2.5.2.tar.xz) = ae2cac00ae4b9e06e7e70b268ed47d36bbb45409650175e507d5bfa12b0a4f24bccc64f2494d1563f9269c8076d0f753a492f01ea33ce376ba00b7cdcb5c7bd0 +SHA512 (openvpn-2.5.2.tar.xz.asc) = 49a5f1828d8621e8d71665435efbc5fb55baee9db44c4d8768159667fdddf2ce30c964a11aa6fb28fee37adc34ff5ca8c9eb4c0669b4d847a9ffd0f8aab871b4 From 7da2216c08a7adaebbe7efcbee72690806884ddc Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Fri, 18 Jun 2021 13:43:11 +0200 Subject: [PATCH 154/168] Update to upstream OpenVPN 2.5.3 {CVE-2021-3606} Signed-off-by: David Sommerseth --- .gitignore | 2 ++ openvpn.spec | 6 +++++- sources | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 6907d80..fec7e61 100644 --- a/.gitignore +++ b/.gitignore @@ -68,3 +68,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.5.1.tar.xz.asc /openvpn-2.5.2.tar.xz /openvpn-2.5.2.tar.xz.asc +/openvpn-2.5.3.tar.xz +/openvpn-2.5.3.tar.xz.asc diff --git a/openvpn.spec b/openvpn.spec index 8432d48..e773a1e 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ %bcond_without tests_long Name: openvpn -Version: 2.5.2 +Version: 2.5.3 Release: 1%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ @@ -193,6 +193,10 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Fri Jun 18 2021 David Sommerseth - 2.5.3-1 +- Update to upstream OpenVPN 2.5.3 +- Fixes CVE-2021-3606 + * Wed Apr 21 2021 David Sommerseth - 2.5.2-1 - Update to upstream OpenVPN 2.5.2 - Fixes CVE-2020-15078 diff --git a/sources b/sources index 5a4d97e..f511a71 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.5.2.tar.xz) = ae2cac00ae4b9e06e7e70b268ed47d36bbb45409650175e507d5bfa12b0a4f24bccc64f2494d1563f9269c8076d0f753a492f01ea33ce376ba00b7cdcb5c7bd0 -SHA512 (openvpn-2.5.2.tar.xz.asc) = 49a5f1828d8621e8d71665435efbc5fb55baee9db44c4d8768159667fdddf2ce30c964a11aa6fb28fee37adc34ff5ca8c9eb4c0669b4d847a9ffd0f8aab871b4 +SHA512 (openvpn-2.5.3.tar.xz) = bde61a12cef76c54a8d120e2bf3dfd04b9b76f28180bb8b9a496f27ad9cb545cf1137aa2751df5944e81356899b3824f06b8cfd777496212768e2b9aecf7bf6d +SHA512 (openvpn-2.5.3.tar.xz.asc) = c204fb06443e5962dec730e6c73686e74df498470a86603e3d727434e38c3bfa243f0ec3c417ad7056c0092f8b80d567ca388058b8f542c5aaa3f33d399e9658 From 41c090a5f621149c4b4bad5a9401e02fa7133d0d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 22 Jul 2021 17:23:13 +0000 Subject: [PATCH 155/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index e773a1e..b31b6de 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,7 +6,7 @@ Name: openvpn Version: 2.5.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz @@ -193,6 +193,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Thu Jul 22 2021 Fedora Release Engineering - 2.5.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Fri Jun 18 2021 David Sommerseth - 2.5.3-1 - Update to upstream OpenVPN 2.5.3 - Fixes CVE-2021-3606 From f277725e6b4b74d1777c9e33f76435832d443aaa Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Tue, 14 Sep 2021 19:10:12 +0200 Subject: [PATCH 156/168] Rebuilt with OpenSSL 3.0.0 --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index b31b6de..db078ed 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,7 +6,7 @@ Name: openvpn Version: 2.5.3 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz @@ -193,6 +193,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Tue Sep 14 2021 Sahana Prasad - 2.5.3-3 +- Rebuilt with OpenSSL 3.0.0 + * Thu Jul 22 2021 Fedora Release Engineering - 2.5.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From b0362d81416d15ac1f4f21ecdc8ba29fde85ad75 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Tue, 5 Oct 2021 11:43:36 +0200 Subject: [PATCH 157/168] Update to upstream OpenVPN 2.5.4 Added new man page: openvpn-examples(5) Signed-off-by: David Sommerseth --- .gitignore | 2 ++ openvpn.spec | 9 +++++++-- sources | 4 ++-- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index fec7e61..ba5b6fe 100644 --- a/.gitignore +++ b/.gitignore @@ -70,3 +70,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.5.2.tar.xz.asc /openvpn-2.5.3.tar.xz /openvpn-2.5.3.tar.xz.asc +/openvpn-2.5.4.tar.xz +/openvpn-2.5.4.tar.xz.asc diff --git a/openvpn.spec b/openvpn.spec index db078ed..1446275 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,8 +5,8 @@ %bcond_without tests_long Name: openvpn -Version: 2.5.3 -Release: 3%{?dist} +Version: 2.5.4 +Release: 1%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz @@ -174,6 +174,7 @@ getent passwd openvpn &>/dev/null || \ %exclude %{_pkgdocdir}/README.mbedtls %exclude %{_pkgdocdir}/sample/sample-plugins %{_mandir}/man8/%{name}.8* +%{_mandir}/man5/%{name}-*.5* %{_sbindir}/%{name} %{_libdir}/%{name}/ %{_unitdir}/%{name}-client@.service @@ -193,6 +194,10 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Tue Oct 5 2021 David Sommerseth - 2.5.4-1 +- Update to upstream OpenVPN 2.5.4 +- Added new man page: openvpn-examples(5) + * Tue Sep 14 2021 Sahana Prasad - 2.5.3-3 - Rebuilt with OpenSSL 3.0.0 diff --git a/sources b/sources index f511a71..1f1e302 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.5.3.tar.xz) = bde61a12cef76c54a8d120e2bf3dfd04b9b76f28180bb8b9a496f27ad9cb545cf1137aa2751df5944e81356899b3824f06b8cfd777496212768e2b9aecf7bf6d -SHA512 (openvpn-2.5.3.tar.xz.asc) = c204fb06443e5962dec730e6c73686e74df498470a86603e3d727434e38c3bfa243f0ec3c417ad7056c0092f8b80d567ca388058b8f542c5aaa3f33d399e9658 +SHA512 (openvpn-2.5.4.tar.xz) = 747876f56f0983520d8bce04cf76b05df8fbb9ff7f2091cbbaf22f230397721b929fb6b7d7060f1f898ebc0142fdb82c4ccc19405aa0622db8cc9351997d858f +SHA512 (openvpn-2.5.4.tar.xz.asc) = 06a232cd71ef3ff0e9f65c4dee2e36e13822917c2c9f2463a7c28b92e98b9c7925fe5116fd441a331dfe44d80d201755335b4552eb5c24335ea1bf80772af52e From 0babf7defa885ceb60f15888e00468ee7d930e5d Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 15 Dec 2021 19:34:11 +0100 Subject: [PATCH 158/168] Update to upstream OpenVPN 2.5.5 (#2032844) Signed-off-by: David Sommerseth --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index 1446275..f6ed384 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ %bcond_without tests_long Name: openvpn -Version: 2.5.4 +Version: 2.5.5 Release: 1%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ @@ -194,6 +194,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Tue Oct 5 2021 David Sommerseth - 2.5.5-1 +- Update to upstream OpenVPN 2.5.5 (#2032844) + * Tue Oct 5 2021 David Sommerseth - 2.5.4-1 - Update to upstream OpenVPN 2.5.4 - Added new man page: openvpn-examples(5) From 115523d4dac79530ec70eeaa333b49cebd575394 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 15 Dec 2021 20:08:23 +0100 Subject: [PATCH 159/168] Rebuild of 2.5.5 Forgot to upload new sources. And %changelog dates were wrong. Signed-off-by: David Sommerseth --- .gitignore | 2 ++ openvpn.spec | 7 +++++-- sources | 2 ++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index ba5b6fe..f9fed41 100644 --- a/.gitignore +++ b/.gitignore @@ -72,3 +72,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.5.3.tar.xz.asc /openvpn-2.5.4.tar.xz /openvpn-2.5.4.tar.xz.asc +/openvpn-2.5.5.tar.xz +/openvpn-2.5.5.tar.xz.asc diff --git a/openvpn.spec b/openvpn.spec index f6ed384..ad5e8e7 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,7 +6,7 @@ Name: openvpn Version: 2.5.5 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz @@ -194,7 +194,10 @@ getent passwd openvpn &>/dev/null || \ %changelog -* Tue Oct 5 2021 David Sommerseth - 2.5.5-1 +* Wed Dec 15 2021 David Sommerseth - 2.5.5-2 +- Rebuild of 2.5.5 + +* Wed Dec 15 2021 David Sommerseth - 2.5.5-1 - Update to upstream OpenVPN 2.5.5 (#2032844) * Tue Oct 5 2021 David Sommerseth - 2.5.4-1 diff --git a/sources b/sources index 1f1e302..448c9a9 100644 --- a/sources +++ b/sources @@ -1,2 +1,4 @@ SHA512 (openvpn-2.5.4.tar.xz) = 747876f56f0983520d8bce04cf76b05df8fbb9ff7f2091cbbaf22f230397721b929fb6b7d7060f1f898ebc0142fdb82c4ccc19405aa0622db8cc9351997d858f SHA512 (openvpn-2.5.4.tar.xz.asc) = 06a232cd71ef3ff0e9f65c4dee2e36e13822917c2c9f2463a7c28b92e98b9c7925fe5116fd441a331dfe44d80d201755335b4552eb5c24335ea1bf80772af52e +SHA512 (openvpn-2.5.5.tar.xz) = 22040f61cfd885290e178fbbfa0035fafe252d64f573bf291722e685033739240392ed694d5f295cd2c52697818a39c2a9c2592f3356ebf30fecf07feb445795 +SHA512 (openvpn-2.5.5.tar.xz.asc) = 6fc31952a042ea695c3c44f0538692094b69c927fb345fac5de82d61e1b000b53f4937de2790bc9341b1755dfb44a69e52eee62b10f28a14cfa08c11d4746649 From 17755bc9692783ba23e7273203a582e99d47aef5 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 20 Jan 2022 22:32:03 +0000 Subject: [PATCH 160/168] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openvpn.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index ad5e8e7..a1e2722 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,7 +6,7 @@ Name: openvpn Version: 2.5.5 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz @@ -194,6 +194,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Thu Jan 20 2022 Fedora Release Engineering - 2.5.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Wed Dec 15 2021 David Sommerseth - 2.5.5-2 - Rebuild of 2.5.5 From 319722d474044abe29fe1c0a3c7431bf78276827 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 27 Jan 2022 21:08:54 +0100 Subject: [PATCH 161/168] Fix systemd related scriptlet error (#1887984) Signed-off-by: David Sommerseth --- openvpn.spec | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/openvpn.spec b/openvpn.spec index a1e2722..b87d5a7 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -157,16 +157,23 @@ getent passwd openvpn &>/dev/null || \ -d /etc/openvpn openvpn %post -%systemd_post openvpn-client@\*.service -%systemd_post openvpn-server@\*.service +for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`; +do + %systemd_post $srv +done %preun -%systemd_preun openvpn-client@\*.service -%systemd_preun openvpn-server@\*.service +for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`; +do + %systemd_preun $srv +done %postun -%systemd_postun_with_restart openvpn-client@\*.service -%systemd_postun_with_restart openvpn-server@\*.service +for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`; +do + %systemd_postun_with_restart $srv +done + %files %{_pkgdocdir} @@ -194,6 +201,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Thu Jan 27 2022 David Sommerseth - 2.5.5-4 +- Fix systemd related scriptlet error (#1887984) + * Thu Jan 20 2022 Fedora Release Engineering - 2.5.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From c66021082faaea600fe9eaa17becfa186575b11e Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 27 Jan 2022 21:14:39 +0100 Subject: [PATCH 162/168] Fix incorrect Release tag Signed-off-by: David Sommerseth --- openvpn.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openvpn.spec b/openvpn.spec index b87d5a7..06507f5 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,7 +6,7 @@ Name: openvpn Version: 2.5.5 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz From 9c2a62d8fb7430969e280b87f0399df9e74a8255 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Wed, 16 Mar 2022 14:14:45 +0100 Subject: [PATCH 163/168] Update to upstream OpenVPN 2.5.6 Fixes CVE-2022-0547 Signed-off-by: David Sommerseth --- .gitignore | 2 ++ openvpn.spec | 8 ++++++-- sources | 6 ++---- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index f9fed41..0c629bd 100644 --- a/.gitignore +++ b/.gitignore @@ -74,3 +74,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.5.4.tar.xz.asc /openvpn-2.5.5.tar.xz /openvpn-2.5.5.tar.xz.asc +/openvpn-2.5.6.tar.xz +/openvpn-2.5.6.tar.xz.asc diff --git a/openvpn.spec b/openvpn.spec index 06507f5..362f4b4 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,8 +5,8 @@ %bcond_without tests_long Name: openvpn -Version: 2.5.5 -Release: 4%{?dist} +Version: 2.5.6 +Release: 1%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz @@ -201,6 +201,10 @@ done %changelog +* Wed Mar 16 2022 David Sommerseth - 2.5.6-1 +- Update to upstream OpenVPN 2.5.6 +- Fixes CVE-2022-0547 + * Thu Jan 27 2022 David Sommerseth - 2.5.5-4 - Fix systemd related scriptlet error (#1887984) diff --git a/sources b/sources index 448c9a9..d451633 100644 --- a/sources +++ b/sources @@ -1,4 +1,2 @@ -SHA512 (openvpn-2.5.4.tar.xz) = 747876f56f0983520d8bce04cf76b05df8fbb9ff7f2091cbbaf22f230397721b929fb6b7d7060f1f898ebc0142fdb82c4ccc19405aa0622db8cc9351997d858f -SHA512 (openvpn-2.5.4.tar.xz.asc) = 06a232cd71ef3ff0e9f65c4dee2e36e13822917c2c9f2463a7c28b92e98b9c7925fe5116fd441a331dfe44d80d201755335b4552eb5c24335ea1bf80772af52e -SHA512 (openvpn-2.5.5.tar.xz) = 22040f61cfd885290e178fbbfa0035fafe252d64f573bf291722e685033739240392ed694d5f295cd2c52697818a39c2a9c2592f3356ebf30fecf07feb445795 -SHA512 (openvpn-2.5.5.tar.xz.asc) = 6fc31952a042ea695c3c44f0538692094b69c927fb345fac5de82d61e1b000b53f4937de2790bc9341b1755dfb44a69e52eee62b10f28a14cfa08c11d4746649 +SHA512 (openvpn-2.5.6.tar.xz) = f0f0600df013431af804ace70ea86ac064917acdeaad3759b5d5eaa4a8dc3738d6da6df4c16bbb23443e3493487541cb8b10b89f9f0b40a17caa6e6fc46e0adb +SHA512 (openvpn-2.5.6.tar.xz.asc) = 5e565385f97f18a08961424c33a8df0b01f9f2e4ff10c5862b2d0502e74711d0b37481565229a4235e3b0b3578e152bd68633068b7e5c33f1a390c5db995b595 From 3751b7ae1f8d9286b12f9e2883e14ad3e5c30826 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Tue, 31 May 2022 17:09:01 +0200 Subject: [PATCH 164/168] Update to upstream OpenVPN 2.5.7 release Signed-off-by: David Sommerseth --- .gitignore | 2 ++ ...54A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg | Bin 43992 -> 46764 bytes openvpn.spec | 5 ++++- sources | 4 ++-- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 0c629bd..03f0cd2 100644 --- a/.gitignore +++ b/.gitignore @@ -76,3 +76,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.5.5.tar.xz.asc /openvpn-2.5.6.tar.xz /openvpn-2.5.6.tar.xz.asc +/openvpn-2.5.7.tar.xz +/openvpn-2.5.7.tar.xz.asc diff --git a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg index 8272cee5dd0b5a6ab233c728d6ce11ac3d7b5d56..81144625839c48a57583eeda737830872e4d6693 100644 GIT binary patch delta 2755 zcmV;!3Ox1L*8;5V0BdvN8#Tw01Rl41qE$KjT4;Xj@qU+IoFN`+KG1ts7Ob~-9NK$dPeUrPce_kmw(I^uPEjMEL3#87F zbZUx1DUuY_%PMa1Q0-CEBL{ZcTQ}zma6X z@rZ>fn+SDazg*PV7C3IC7RXIy)G>|owr<6!q_zKPzdU7PCsKW>X6D+swmK7vYehWr zX54E1kUolR58VffqA%$^ku6$;cgk)plMkaOe`0*gvH}|d1qlJ+Gk^j>2@n$X_p~o7 z0q4PVAOsl!2ml=xAp}-o|7q4#6$9^7 zEm9Bwnv8g1;_YvuDMo|*#2#`R@@~6V3;lZPn~s7uxBK42Xb)Ho-;I;z0sw$US%2jB zfBVKN(*mjueHWcue8sklH{VFFo^PPw5rXzLX59D=w6!KJXYr;h*m8p6igncBjo<9)W7%f-l z^h$A&Ft4(M<|~0fm^lKSPxHW%mDE-AfBAiNrlQtSr^}n|16z0g?nAM_OAe6^|D=ct zNQ%cZI1n15!@1xf{n1kE{9zZKRqoxcJu)SK|J!2{pLK8=kh!P}rXHR7n~0w&e??%y z#~&@bgWQy9aQxnHG^VlY6Lb zVu%CC;3Jtjk{a7LCRhk&`rEHDho?<)SZB2^a^^nc{qZuw4lq%m9MSQO)b3~{W+a*t zvEs!f;K-%Udf0M#;GteZ(psmZe_o)bruaI*vK~3>@E7A^PM9f9fN-5&$Kw z^`c&?OE?O={{a>bl|8jsLv$9e*`cdI4y;@F*K}Z*EL2|nV|m;BE$Aw8-2Iu{cf23& zS$!cL&rc&QCcW=OJw(;9S)M2u zO#$55M@l3=-9us3glm;}VmDI#C0fa!%dN;3d(sVv7^T`Ozu;?(9Y463oja#CsnE_P z6t@g(BmJB@@sIRiNKf48aoLa5p!7^#XEXZ--9s-HkWU$~O; z>6(5l#{s$|R3v?EkQ!pEc{ZNjA8CFjUB#9%SZj3*Co4uc&APB(<(}6gG)a+N8Kiq# z?jX_yUF+%;l&Zj8e~S8f`$nQ1l^@{C9V|Hbu=R3M;049(AC^Zy+yyC!CbOR`GUHf1A|ki40U4xDvXq5yk1# zoRwN4RXs+q%LG3E?*R!Ng7fM0vB{}VG%uWZRPK`!qI6b4i60}&}&9CT56@;ON}oG$@I%CcUwf5%NgBn z#eOdlo3gpbNKSZz&1k}s8!`wD2mWMVU)s6fL7XlvsvQkZa1E6$AY~Ym8H>%-AtleB zbCBU@=ZROZ=iQb7bVnJWAcv*#ewW=k7Fn5yw;qf(ro;U^vJGUKU z`{ZGazTz2g!Vth$`SIvbE1_4|H8V4;RY)ZK+JOPd7)j`H8q3`<)@OreNrFIwSRsHg zjb^M4f8R13FskW!WFrzH5*LwA0TI-staV3W23ywlu6|P($M&wSR~H!`?K}x)y|PH| zFfG1?Y|Qz(jaW*cOpYixK~{9K%d=U#6R-<23Q0-$bOWckWmd`1#tL;5$=gi=Dva8J1G7JC! delta 9 RcmZ4Umg&ZIrVTe%0{|OA1%Lnm diff --git a/openvpn.spec b/openvpn.spec index 362f4b4..34ba93f 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,7 +5,7 @@ %bcond_without tests_long Name: openvpn -Version: 2.5.6 +Version: 2.5.7 Release: 1%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ @@ -201,6 +201,9 @@ done %changelog +* Tue May 31 2022 David Sommerseth - 2.5.7-1 +- Update to upstream OpenVPN 2.5.7 + * Wed Mar 16 2022 David Sommerseth - 2.5.6-1 - Update to upstream OpenVPN 2.5.6 - Fixes CVE-2022-0547 diff --git a/sources b/sources index d451633..5236f69 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.5.6.tar.xz) = f0f0600df013431af804ace70ea86ac064917acdeaad3759b5d5eaa4a8dc3738d6da6df4c16bbb23443e3493487541cb8b10b89f9f0b40a17caa6e6fc46e0adb -SHA512 (openvpn-2.5.6.tar.xz.asc) = 5e565385f97f18a08961424c33a8df0b01f9f2e4ff10c5862b2d0502e74711d0b37481565229a4235e3b0b3578e152bd68633068b7e5c33f1a390c5db995b595 +SHA512 (openvpn-2.5.7.tar.xz) = 9a3234b479f5bab12b8c3af7691f175f8cd32f2929dd27efc16e96e14dbb8e07421e623869ad5ffc2d7e65f2266817d1583723033f3646b9913b10ec6d014b44 +SHA512 (openvpn-2.5.7.tar.xz.asc) = 4a1e65acf9fa4a65a310743869515f6c75fbc483c01bfde85027106e64da5fe737c135a88977e8bb1b2b9ccab6790194f06c0de7f4c2c6783be823879ebd140b From eae8a6524897defa593ffef9ce74bd9f73b0ea6b Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Fri, 10 Jun 2022 15:30:34 +0200 Subject: [PATCH 165/168] OpenVPN 2.5.7-2 fixing BF-CBC related issues - Added additional upstream patch resolving BF-CBC issues (to be removed with 2.5.8) https://patchwork.openvpn.net/patch/2504/ - Removed BF-CBC from the --data-ciphers list. This is no longer available by default in OpenSSL 3.0 Signed-off-by: David Sommerseth --- ...default-configuration-with-TLS-libra.patch | 225 ++++++++++++++++++ ...lt-cipher-to-AES-256-GCM-for-server-.patch | 12 +- openvpn.spec | 10 +- 3 files changed, 243 insertions(+), 4 deletions(-) create mode 100644 0001-Allow-running-a-default-configuration-with-TLS-libra.patch diff --git a/0001-Allow-running-a-default-configuration-with-TLS-libra.patch b/0001-Allow-running-a-default-configuration-with-TLS-libra.patch new file mode 100644 index 0000000..b9218e6 --- /dev/null +++ b/0001-Allow-running-a-default-configuration-with-TLS-libra.patch @@ -0,0 +1,225 @@ +From cf5864f5922e4f40357d9f75a35cd448e671dddf Mon Sep 17 00:00:00 2001 +From: Arne Schwabe +Date: Fri, 3 Jun 2022 11:52:19 +0200 +Subject: [PATCH] Allow running a default configuration with TLS libraries + without BF-CBC + +Modern TLS libraries might drop Blowfish by default or distributions +might disable Blowfish in OpenSSL/mbed TLS. We still signal OCC +options with BF-CBC compatible strings. To avoid requiring BF-CBC +for this, special this one usage of BF-CBC enough to avoid a hard +requirement on Blowfish in the default configuration. + +This patch is cherry-picked from 79ff3f79 and the missing +ciphername = "none"; has been added in the OCC code. + +Due to uncrustify complains, a few extra whitespace fixes had to be +done to options.c. + +Signed-off-by: Arne Schwabe +Acked-by: Gert Doering +Message-Id: <20220603095219.637361-1-arne@rfc2549.org> +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24456.html +Signed-off-by: Gert Doering +--- + src/openvpn/crypto_backend.h | 2 ++ + src/openvpn/init.c | 37 ++++++++++++++++----- + src/openvpn/options.c | 62 ++++++++++++++++++++++++++++-------- + 3 files changed, 80 insertions(+), 21 deletions(-) + +diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h +index a9bb38ed..aebda3d6 100644 +--- a/src/openvpn/crypto_backend.h ++++ b/src/openvpn/crypto_backend.h +@@ -256,6 +256,8 @@ const cipher_kt_t *cipher_kt_get(const char *ciphername); + * The returned name is normalised to the OpenVPN config name in case the + * name differs from the name used by the crypto library. + * ++ * Returns [null-cipher] in case the cipher_kt is NULL. ++ * + * @param cipher_kt Static cipher parameters + * + * @return a statically allocated string describing the cipher. +diff --git a/src/openvpn/init.c b/src/openvpn/init.c +index da4d60af..b1b7b350 100644 +--- a/src/openvpn/init.c ++++ b/src/openvpn/init.c +@@ -2764,14 +2764,35 @@ do_init_crypto_tls_c1(struct context *c) + #endif /* if P2MP */ + } + +- /* Do not warn if we only have BF-CBC in options->ciphername +- * because it is still the default cipher */ +- bool warn = !streq(options->ciphername, "BF-CBC") +- || options->enable_ncp_fallback; +- /* Get cipher & hash algorithms */ +- init_key_type(&c->c1.ks.key_type, options->ciphername, options->authname, +- options->keysize, true, warn); +- ++ /* ++ * BF-CBC is allowed to be used only when explicitly configured ++ * as NCP-fallback or when NCP has been disabled or explicitly ++ * allowed in the in ncp_ciphers list. ++ * In all other cases do not attempt to initialize BF-CBC as it ++ * may not even be supported by the underlying SSL library. ++ * ++ * Therefore, the key structure has to be initialized when: ++ * - any non-BF-CBC cipher was selected; or ++ * - BF-CBC is selected and NCP is disabled (explicit request to ++ * use the BF-CBC cipher); or ++ * - BF-CBC is selected, NCP is enabled and fallback is enabled ++ * (BF-CBC will be the fallback). ++ * - BF-CBC is in data-ciphers and we negotiate to use BF-CBC: ++ * If the negotiated cipher and options->ciphername are the ++ * same we do not reinit the cipher ++ * ++ * Note that BF-CBC will still be part of the OCC string to retain ++ * backwards compatibility with older clients. ++ */ ++ if (!streq(options->ciphername, "BF-CBC") || !options->ncp_enabled ++ || (options->ncp_enabled && tls_item_in_cipher_list("BF-CBC", options->ncp_ciphers)) ++ || options->enable_ncp_fallback) ++ { ++ /* Do not warn if the if the cipher is used only in OCC */ ++ bool warn = !options->ncp_enabled || options->enable_ncp_fallback; ++ init_key_type(&c->c1.ks.key_type, options->ciphername, options->authname, ++ options->keysize, true, warn); ++ } + /* Initialize PRNG with config-specified digest */ + prng_init(options->prng_hash, options->prng_nonce_secret_len); + +diff --git a/src/openvpn/options.c b/src/openvpn/options.c +index f6ef02ae..2206d9f4 100644 +--- a/src/openvpn/options.c ++++ b/src/openvpn/options.c +@@ -1135,7 +1135,7 @@ parse_hash_fingerprint(const char *str, int nbytes, int msglevel, struct gc_aren + #ifndef ENABLE_SMALL + + static void +-show_dhcp_option_list(const char *name, const char * const*array, int len) ++show_dhcp_option_list(const char *name, const char *const *array, int len) + { + int i; + for (i = 0; i < len; ++i) +@@ -2288,7 +2288,7 @@ options_postprocess_verify_ce(const struct options *options, + if (options->mode == MODE_SERVER) + { + #define USAGE_VALID_SERVER_PROTOS "--mode server currently only supports " \ +- "--proto values of udp, tcp-server, tcp4-server, or tcp6-server" ++ "--proto values of udp, tcp-server, tcp4-server, or tcp6-server" + #ifdef TARGET_ANDROID + msg(M_FATAL, "--mode server not supported on Android"); + #endif +@@ -3103,7 +3103,7 @@ options_postprocess_cipher(struct options *o) + if (!o->ncp_enabled) + { + msg(M_USAGE, "--ncp-disable needs an explicit --cipher or " +- "--data-ciphers-fallback config option"); ++ "--data-ciphers-fallback config option"); + } + + msg(M_WARN, "--cipher is not set. Previous OpenVPN version defaulted to " +@@ -3681,9 +3681,30 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame) + { + struct frame fake_frame = *frame; + struct key_type fake_kt; +- init_key_type(&fake_kt, o->ciphername, o->authname, o->keysize, true, +- false); ++ + frame_remove_from_extra_frame(&fake_frame, crypto_max_overhead()); ++ ++ ++ /* o->ciphername might be BF-CBC even though the underlying SSL library ++ * does not support it. For this reason we workaround this corner case ++ * by pretending to have no encryption enabled and by manually adding ++ * the required packet overhead to the MTU computation. ++ */ ++ const char *ciphername = o->ciphername; ++ ++ if (strcmp(o->ciphername, "BF-CBC") == 0) ++ { ++ /* none has no overhead, so use this to later add only --auth ++ * overhead */ ++ ++ /* overhead of BF-CBC: 64 bit block size, 64 bit IV size */ ++ frame_add_to_extra_frame(&fake_frame, 64/8 + 64/8); ++ ciphername = "none"; ++ } ++ ++ init_key_type(&fake_kt, ciphername, o->authname, o->keysize, true, ++ false); ++ + crypto_adjust_frame_parameters(&fake_frame, &fake_kt, o->replay, + cipher_kt_mode_ofb_cfb(fake_kt.cipher)); + frame_finalize(&fake_frame, o->ce.link_mtu_defined, o->ce.link_mtu, +@@ -3853,18 +3874,33 @@ options_string(const struct options *o, + + (TLS_SERVER == true) + <= 1); + +- init_key_type(&kt, o->ciphername, o->authname, o->keysize, true, +- false); ++ /* Skip resolving BF-CBC to allow SSL libraries without BF-CBC ++ * to work here in the default configuration */ ++ const char *ciphername = o->ciphername; ++ int keysize; ++ ++ if (strcmp(o->ciphername, "BF-CBC") == 0) ++ { ++ init_key_type(&kt, "none", o->authname, o->keysize, true, ++ false); ++ keysize = 128; ++ } ++ else ++ { ++ init_key_type(&kt, o->ciphername, o->authname, o->keysize, true, ++ false); ++ ciphername = cipher_kt_name(kt.cipher); ++ keysize = kt.cipher_length * 8; ++ } + /* Only announce the cipher to our peer if we are willing to + * support it */ +- const char *ciphername = cipher_kt_name(kt.cipher); + if (p2p_nopull || !o->ncp_enabled + || tls_item_in_cipher_list(ciphername, o->ncp_ciphers)) + { + buf_printf(&out, ",cipher %s", ciphername); + } + buf_printf(&out, ",auth %s", md_kt_name(kt.digest)); +- buf_printf(&out, ",keysize %d", kt.cipher_length * 8); ++ buf_printf(&out, ",keysize %d", keysize); + if (o->shared_secret_file) + { + buf_printf(&out, ",secret"); +@@ -6168,9 +6204,9 @@ add_option(struct options *options, + } + } + #ifdef TARGET_LINUX +- else if (streq (p[0], "bind-dev") && p[1]) ++ else if (streq(p[0], "bind-dev") && p[1]) + { +- VERIFY_PERMISSION (OPT_P_SOCKFLAGS); ++ VERIFY_PERMISSION(OPT_P_SOCKFLAGS); + options->bind_dev = p[1]; + } + #endif +@@ -6248,7 +6284,7 @@ add_option(struct options *options, + { + int64_t val = atoll(p[2]); + options->inactivity_minimum_bytes = (val < 0) ? 0 : val; +- if ( options->inactivity_minimum_bytes > INT_MAX ) ++ if (options->inactivity_minimum_bytes > INT_MAX) + { + msg(M_WARN, "WARNING: '--inactive' with a 'bytes' value" + " >2 Gbyte was silently ignored in older versions. If " +@@ -8132,7 +8168,7 @@ add_option(struct options *options, + #endif + else if (streq(p[0], "providers") && p[1]) + { +- for (size_t j = 1; j < MAX_PARMS && p[j] != NULL;j++) ++ for (size_t j = 1; j < MAX_PARMS && p[j] != NULL; j++) + { + options->providers.names[j] = p[j]; + } +-- +2.31.1 + diff --git a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch index aca649e..0af7115 100644 --- a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch +++ b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch @@ -1,6 +1,4 @@ -From b56d52fa409c62720791e189e501efb86df0aff4 Mon Sep 17 00:00:00 2001 From: David Sommerseth -Date: Tue, 4 Jul 2017 16:06:24 +0200 Subject: [PATCH] Change the default cipher to AES-256-GCM for server configurations @@ -10,6 +8,14 @@ defaulting to BF-CBC, the Negotiable Crypto Parameters (NCP) list contains the BF-CBC in addition to AES-CBC. This makes it possible to migrate existing older client configurations one-by-one to use at least AES-CBC unless the client is updated to v2.4 (which defaults to upgrade to AES-GCM automatically) + +[Update 2022-06-10] +The BF-CBC reference is now removed as of Fedora 36 and newer. The Blowfish +cipher is no longer available by default in OpenSSL 3.0. It can be enabled +via the legacy provider in OpenSSL 3.0, but BF-CBC is deprecated and should +not be used any more. OpenVPN 2.4 and newer will always negotiate a stronger +cipher by default and older OpenVPN releases are no longer supported upstream. + --- distro/systemd/openvpn-server@.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -23,7 +29,7 @@ index 9a8a2c7..0ecda08 100644 PrivateTmp=true WorkingDirectory=/etc/openvpn/server -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf -+ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf ++ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC --config %i.conf CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE LimitNPROC=10 DeviceAllow=/dev/null rw diff --git a/openvpn.spec b/openvpn.spec index 34ba93f..0f3130d 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,7 +6,7 @@ Name: openvpn Version: 2.5.7 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz @@ -16,6 +16,7 @@ Source3: roadwarrior-client.conf # Upstream signing key Source10: gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg Patch1: 0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch +Patch2: 0001-Allow-running-a-default-configuration-with-TLS-libra.patch Patch50: openvpn-2.4-change-tmpfiles-permissions.patch License: GPLv2 BuildRequires: gnupg2 @@ -77,6 +78,7 @@ to similar features as the various script-hooks. gpgv2 --quiet --keyring %{SOURCE10} %{SOURCE1} %{SOURCE0} %setup -q -n %{name}-%{version} %patch1 -p1 -b .ch_default_cipher +%patch2 -p1 %patch50 -p1 # %%doc items shouldn't be executable. @@ -201,6 +203,12 @@ done %changelog +* Tue May 31 2022 David Sommerseth - 2.5.7-2 +- Added additional upstream patch resolving BF-CBC issues (to be removed with 2.5.8) + https://patchwork.openvpn.net/patch/2504/ +- Removed BF-CBC from the --data-ciphers list. This is no longer available by default + in OpenSSL 3.0 + * Tue May 31 2022 David Sommerseth - 2.5.7-1 - Update to upstream OpenVPN 2.5.7 From 7a351506fd76c80ff563d2b027a4e6641d527ed3 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Tue, 1 Nov 2022 16:35:21 +0100 Subject: [PATCH 166/168] Update to upstream OpenVPN 2.5.8 Signed-off-by: David Sommerseth --- .gitignore | 2 ++ openvpn.spec | 9 +++++---- sources | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 03f0cd2..6888c73 100644 --- a/.gitignore +++ b/.gitignore @@ -78,3 +78,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.5.6.tar.xz.asc /openvpn-2.5.7.tar.xz /openvpn-2.5.7.tar.xz.asc +/openvpn-2.5.8.tar.xz +/openvpn-2.5.8.tar.xz.asc diff --git a/openvpn.spec b/openvpn.spec index 0f3130d..f96807c 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,8 +5,8 @@ %bcond_without tests_long Name: openvpn -Version: 2.5.7 -Release: 2%{?dist} +Version: 2.5.8 +Release: 1%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz @@ -16,7 +16,6 @@ Source3: roadwarrior-client.conf # Upstream signing key Source10: gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg Patch1: 0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch -Patch2: 0001-Allow-running-a-default-configuration-with-TLS-libra.patch Patch50: openvpn-2.4-change-tmpfiles-permissions.patch License: GPLv2 BuildRequires: gnupg2 @@ -78,7 +77,6 @@ to similar features as the various script-hooks. gpgv2 --quiet --keyring %{SOURCE10} %{SOURCE1} %{SOURCE0} %setup -q -n %{name}-%{version} %patch1 -p1 -b .ch_default_cipher -%patch2 -p1 %patch50 -p1 # %%doc items shouldn't be executable. @@ -203,6 +201,9 @@ done %changelog +* Tue Nov 1 2022 David Sommerseth - 2.5.8-1 +- Update to upstream OpenVPN 2.5.8 + * Tue May 31 2022 David Sommerseth - 2.5.7-2 - Added additional upstream patch resolving BF-CBC issues (to be removed with 2.5.8) https://patchwork.openvpn.net/patch/2504/ diff --git a/sources b/sources index 5236f69..1656a9d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.5.7.tar.xz) = 9a3234b479f5bab12b8c3af7691f175f8cd32f2929dd27efc16e96e14dbb8e07421e623869ad5ffc2d7e65f2266817d1583723033f3646b9913b10ec6d014b44 -SHA512 (openvpn-2.5.7.tar.xz.asc) = 4a1e65acf9fa4a65a310743869515f6c75fbc483c01bfde85027106e64da5fe737c135a88977e8bb1b2b9ccab6790194f06c0de7f4c2c6783be823879ebd140b +SHA512 (openvpn-2.5.8.tar.xz) = 6588e9525ae4cee04ad9099df3f5e4a1d51a2fceb4609d7352089f7c611ae4792ec056bc84a24ee0d6b91a067b1c88b028aa8f282a7f0e1587f80b7603d8d068 +SHA512 (openvpn-2.5.8.tar.xz.asc) = 931f5ba1f40c51175d9a0ae08ed072569b625b26bb58d2ff41d1d069eddb465515766e6e7437c005c40ad1de5baa619fac16c8335bb0499a535931a20a306bc2 From 5bfc18d0595a8b1b77d52c8cb91b0f28440acb2b Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Thu, 16 Feb 2023 15:29:16 +0100 Subject: [PATCH 167/168] Update to upstream OpenVPN 2.5.9 Signed-off-by: David Sommerseth --- .gitignore | 2 ++ openvpn.spec | 9 ++++++--- sources | 4 ++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 6888c73..db23f12 100644 --- a/.gitignore +++ b/.gitignore @@ -80,3 +80,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.5.7.tar.xz.asc /openvpn-2.5.8.tar.xz /openvpn-2.5.8.tar.xz.asc +/openvpn-2.5.9.tar.gz +/openvpn-2.5.9.tar.gz.asc diff --git a/openvpn.spec b/openvpn.spec index f96807c..81a4aad 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -5,12 +5,12 @@ %bcond_without tests_long Name: openvpn -Version: 2.5.8 +Version: 2.5.9 Release: 1%{?dist} Summary: A full-featured TLS VPN solution URL: https://community.openvpn.net/ -Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz -Source1: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz.asc +Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.gz +Source1: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.gz.asc Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf # Upstream signing key @@ -201,6 +201,9 @@ done %changelog +* Thu Feb 16 2023 David Sommerseth - 2.5.9-1 +- Update to upstream OpenVPN 2.5.9 + * Tue Nov 1 2022 David Sommerseth - 2.5.8-1 - Update to upstream OpenVPN 2.5.8 diff --git a/sources b/sources index 1656a9d..0de5f76 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.5.8.tar.xz) = 6588e9525ae4cee04ad9099df3f5e4a1d51a2fceb4609d7352089f7c611ae4792ec056bc84a24ee0d6b91a067b1c88b028aa8f282a7f0e1587f80b7603d8d068 -SHA512 (openvpn-2.5.8.tar.xz.asc) = 931f5ba1f40c51175d9a0ae08ed072569b625b26bb58d2ff41d1d069eddb465515766e6e7437c005c40ad1de5baa619fac16c8335bb0499a535931a20a306bc2 +SHA512 (openvpn-2.5.9.tar.gz) = 48d04e08ba62aa098d9e3bc246cf521c6e8b200bd817488a05989ae6c42d8fd144ddf03de43eb2f3c4778a643217db4220288c2d40f324076771a20b95d5028b +SHA512 (openvpn-2.5.9.tar.gz.asc) = 62a8115dedcfcd61cd6ce3e193c7654402b32d1ff5f44ab73115991e7adee848e14b0c76d20b414fc543ec7c6fef6c85823b7d1fa44a7f86fe67f50db482bf19 From 337c9b64fa54a261b4d828cbab227f0bc6337ab1 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Mon, 30 Oct 2023 23:37:08 +0300 Subject: [PATCH 168/168] Remove unnecessary files --- sources | 2 -- tests/tests.yml | 14 -------------- 2 files changed, 16 deletions(-) delete mode 100644 sources delete mode 100644 tests/tests.yml diff --git a/sources b/sources deleted file mode 100644 index 0de5f76..0000000 --- a/sources +++ /dev/null @@ -1,2 +0,0 @@ -SHA512 (openvpn-2.5.9.tar.gz) = 48d04e08ba62aa098d9e3bc246cf521c6e8b200bd817488a05989ae6c42d8fd144ddf03de43eb2f3c4778a643217db4220288c2d40f324076771a20b95d5028b -SHA512 (openvpn-2.5.9.tar.gz.asc) = 62a8115dedcfcd61cd6ce3e193c7654402b32d1ff5f44ab73115991e7adee848e14b0c76d20b414fc543ec7c6fef6c85823b7d1fa44a7f86fe67f50db482bf19 diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index f36be1c..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,14 +0,0 @@ -# Tests for openvpn using NM's tests -- hosts: localhost - roles: - - role: standard-test-basic - tags: - - classic - repositories: - - repo: "https://gitlab.freedesktop.org/NetworkManager/NetworkManager-ci" - dest: "NetworkManager-ci" - tests: - - sanity-tests: - dir: NetworkManager-ci - run: run/osci/run-tests openvpn -