|
|
b871210 |
%define _hardened_build 1
|
|
|
38a33b7 |
|
|
David Sommerseth |
ce20bc1 |
# LTO needs to be disabled to avoid issues on Fedora 34+ and
|
|
David Sommerseth |
ce20bc1 |
# EL-9 when linking the unit-test, which utilizes --wrap in
|
|
David Sommerseth |
ce20bc1 |
# the link process
|
|
David Sommerseth |
ce20bc1 |
%if 0%{?rhel} > 8 || 0%{?fedora} > 34
|
|
David Sommerseth |
ce20bc1 |
%global _lto_cflags %{nil}
|
|
David Sommerseth |
ce20bc1 |
%endif
|
|
David Sommerseth |
ce20bc1 |
|
|
David Sommerseth |
ce20bc1 |
# The DCO feature is only available on EL-8+ or Fedora 34+
|
|
David Sommerseth |
ce20bc1 |
%if 0%{?rhel} > 7 || 0%{?fedora} > 34
|
|
David Sommerseth |
ce20bc1 |
%bcond_without dco
|
|
David Sommerseth |
ce20bc1 |
%else
|
|
David Sommerseth |
ce20bc1 |
%bcond_with dco
|
|
David Sommerseth |
ce20bc1 |
%endif
|
|
David Sommerseth |
ce20bc1 |
|
|
David Sommerseth |
ce20bc1 |
# pkcs11-helper on RHEL9 (v1.27.0) comes with a buggy pkcs11.h, so skip it
|
|
David Sommerseth |
ce20bc1 |
%if 0%{?rhel} == 9
|
|
David Sommerseth |
ce20bc1 |
%bcond_with pkcs11
|
|
David Sommerseth |
ce20bc1 |
%else
|
|
David Sommerseth |
ce20bc1 |
%bcond_without pkcs11
|
|
David Sommerseth |
ce20bc1 |
%endif
|
|
David Sommerseth |
ce20bc1 |
|
|
|
ba1a3a7 |
# Build conditionals
|
|
|
ba1a3a7 |
# tests_long - Enabled by default, enables long running tests in %%check
|
|
|
ba1a3a7 |
%bcond_without tests_long
|
|
|
5994929 |
|
|
|
5994929 |
Name: openvpn
|
|
|
954148f |
Version: 2.6.9
|
|
|
954148f |
Release: 1%{?dist}
|
|
David Sommerseth |
ce20bc1 |
Summary: A full-featured TLS VPN solution (beta release)
|
|
|
9831998 |
URL: https://community.openvpn.net/
|
|
David Sommerseth |
ce20bc1 |
Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.gz
|
|
David Sommerseth |
ce20bc1 |
Source1: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.gz.asc
|
|
|
5994929 |
Source2: roadwarrior-server.conf
|
|
|
5994929 |
Source3: roadwarrior-client.conf
|
|
|
31847e1 |
# Upstream signing key
|
|
|
fbbe525 |
Source10: gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg
|
|
|
b931012 |
Patch1: 0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch
|
|
David Sommerseth |
ce20bc1 |
Patch2: fedora-crypto-policy-compliance.patch
|
|
|
b97c97b |
Patch50: openvpn-2.4-change-tmpfiles-permissions.patch
|
|
|
6fa9826 |
License: GPLv2
|
|
|
2b76cca |
BuildRequires: gnupg2
|
|
|
b97c97b |
BuildRequires: gcc
|
|
|
fbbe525 |
BuildRequires: automake
|
|
|
fbbe525 |
BuildRequires: autoconf
|
|
|
fbbe525 |
BuildRequires: autoconf-archive
|
|
David Sommerseth |
ce20bc1 |
BuildRequires: libcap-ng-devel
|
|
|
fbbe525 |
BuildRequires: libtool
|
|
|
fbbe525 |
BuildRequires: gettext
|
|
|
5994929 |
BuildRequires: lzo-devel
|
|
|
6d9dbb8 |
BuildRequires: lz4-devel
|
|
|
ddc4a64 |
BuildRequires: make
|
|
|
31847e1 |
BuildRequires: openssl-devel
|
|
David Sommerseth |
ce20bc1 |
%if %{with dco}
|
|
David Sommerseth |
ce20bc1 |
BuildRequires: libnl3-devel
|
|
David Sommerseth |
ce20bc1 |
%endif
|
|
David Sommerseth |
ce20bc1 |
%if %{with pkcs11}
|
|
|
31847e1 |
BuildRequires: pkcs11-helper-devel >= 1.11
|
|
David Sommerseth |
ce20bc1 |
%endif
|
|
|
5994929 |
BuildRequires: pam-devel
|
|
|
b97c97b |
BuildRequires: libselinux-devel
|
|
|
fbbe525 |
BuildRequires: libcmocka-devel
|
|
|
31847e1 |
BuildRequires: systemd
|
|
|
fbbe525 |
BuildRequires: systemd-devel
|
|
|
fbbe525 |
|
|
|
5fd6cc8 |
%{?systemd_requires}
|
|
|
5994929 |
Requires(pre): /usr/sbin/useradd
|
|
|
5994929 |
|
|
|
9386b34 |
%if %{with dco}
|
|
|
9386b34 |
Recommends: kmod-ovpn-dco >= 0.2
|
|
|
9386b34 |
%endif
|
|
|
9386b34 |
|
|
David Sommerseth |
ce20bc1 |
%if 0%{?rhel} > 7 || 0%{?fedora} > 34
|
|
|
fbbe525 |
BuildRequires: python3-docutils
|
|
|
fbbe525 |
%else
|
|
|
fbbe525 |
# We cannot use python36-docutils on RHEL-7 as
|
|
|
fbbe525 |
# the ./configure script does not currently find
|
|
|
fbbe525 |
# the rst2man-3 executable, it only looks for rst2man
|
|
|
fbbe525 |
BuildRequires: python-docutils
|
|
|
fbbe525 |
%endif
|
|
|
fbbe525 |
|
|
|
fbbe525 |
# For the perl_default_filter macro
|
|
|
fbbe525 |
BuildRequires: perl-macros
|
|
|
fbbe525 |
|
|
|
5994929 |
# Filter out the perl(Authen::PAM) dependency.
|
|
|
5994929 |
# No perl dependency is really needed at all.
|
|
|
58e2bd8 |
%{?perl_default_filter}
|
|
|
5994929 |
|
|
|
5994929 |
%description
|
|
|
5994929 |
OpenVPN is a robust and highly flexible tunneling application that uses all
|
|
|
5994929 |
of the encryption, authentication, and certification features of the
|
|
|
5994929 |
OpenSSL library to securely tunnel IP networks over a single UDP or TCP
|
|
|
ba1a3a7 |
port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library
|
|
|
5994929 |
for compression.
|
|
|
5994929 |
|
|
|
ba1a3a7 |
%package devel
|
|
|
ba1a3a7 |
Summary: Development headers and examples for OpenVPN plug-ins
|
|
|
ba1a3a7 |
|
|
|
ba1a3a7 |
%description devel
|
|
|
ba1a3a7 |
OpenVPN can be extended through the --plugin option, which provides
|
|
|
ba1a3a7 |
possibilities to add specialized authentication, user accounting,
|
|
|
ba1a3a7 |
packet filtering and related features. These plug-ins need to be
|
|
|
ba1a3a7 |
written in C and provides a more low-level and information rich access
|
|
|
ba1a3a7 |
to similar features as the various script-hooks.
|
|
|
ba1a3a7 |
|
|
|
5994929 |
%prep
|
|
|
fbbe525 |
gpgv2 --quiet --keyring %{SOURCE10} %{SOURCE1} %{SOURCE0}
|
|
|
fbbe525 |
%setup -q -n %{name}-%{version}
|
|
|
a32c568 |
%patch -P 1 -p1
|
|
David Sommerseth |
ce20bc1 |
%if 0%{?rhel} > 7 || 0%{?fedora} > 34
|
|
David Sommerseth |
ce20bc1 |
# The crypto-policy patch is only valid on RHEL-8 and newer plus Fedora
|
|
|
a32c568 |
%patch -P 2 -p1
|
|
David Sommerseth |
ce20bc1 |
%endif
|
|
|
a32c568 |
%patch -P 50 -p1
|
|
|
a0543cc |
|
|
|
2fc8e30 |
# %%doc items shouldn't be executable.
|
|
|
f0c58f1 |
find contrib sample -type f -perm /100 \
|
|
|
2fc8e30 |
-exec chmod a-x {} \;
|
|
|
2fc8e30 |
|
|
|
5994929 |
%build
|
|
|
fe724ad |
%configure \
|
|
|
fbbe525 |
--enable-silent-rules \
|
|
|
6d9dbb8 |
--with-crypto-library=openssl \
|
|
David Sommerseth |
ce20bc1 |
%{?with_pkcs11:--enable-pkcs11} \
|
|
|
a9b2582 |
--enable-selinux \
|
|
|
035df29 |
--enable-systemd \
|
|
|
6d9dbb8 |
--enable-x509-alt-username \
|
|
|
2bb4f27 |
--enable-async-push \
|
|
David Sommerseth |
ce20bc1 |
%{?with_dco:--enable-dco} \
|
|
|
9831998 |
--docdir=%{_pkgdocdir} \
|
|
|
9831998 |
SYSTEMD_UNIT_DIR=%{_unitdir} \
|
|
|
fbbe525 |
TMPFILES_DIR=%{_tmpfilesdir}
|
|
David Sommerseth |
ce20bc1 |
|
|
David Sommerseth |
ce20bc1 |
%{__make} %{?_smp_mflags}
|
|
David Sommerseth |
ce20bc1 |
|
|
|
5994929 |
|
|
|
ba1a3a7 |
%check
|
|
|
ba1a3a7 |
# Test Crypto:
|
|
|
ba1a3a7 |
./src/openvpn/openvpn --genkey --secret key
|
|
|
b97c97b |
./src/openvpn/openvpn --cipher aes-128-cbc --test-crypto --secret key
|
|
|
b97c97b |
./src/openvpn/openvpn --cipher aes-256-cbc --test-crypto --secret key
|
|
|
b97c97b |
./src/openvpn/openvpn --cipher aes-128-gcm --test-crypto --secret key
|
|
|
b97c97b |
./src/openvpn/openvpn --cipher aes-256-gcm --test-crypto --secret key
|
|
|
ba1a3a7 |
|
|
David Sommerseth |
ce20bc1 |
# Some of the unit tests does not run on RHEL-7
|
|
David Sommerseth |
ce20bc1 |
pushd tests/unit_tests
|
|
David Sommerseth |
ce20bc1 |
%{__make} %{?_smp_mflags} check
|
|
David Sommerseth |
ce20bc1 |
popd
|
|
David Sommerseth |
ce20bc1 |
|
|
|
ba1a3a7 |
%if %{with tests_long}
|
|
|
ba1a3a7 |
# Randomize ports for tests to avoid conflicts on the build servers.
|
|
|
ba1a3a7 |
cport=$[ 50000 + ($RANDOM % 15534) ]
|
|
|
ba1a3a7 |
sport=$[ $cport + 1 ]
|
|
|
ba1a3a7 |
sed -e 's/^\(rport\) .*$/\1 '$sport'/' \
|
|
|
ba1a3a7 |
-e 's/^\(lport\) .*$/\1 '$cport'/' \
|
|
|
ba1a3a7 |
< sample/sample-config-files/loopback-client \
|
|
|
ba1a3a7 |
> %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client
|
|
|
ba1a3a7 |
sed -e 's/^\(rport\) .*$/\1 '$cport'/' \
|
|
|
ba1a3a7 |
-e 's/^\(lport\) .*$/\1 '$sport'/' \
|
|
|
ba1a3a7 |
< sample/sample-config-files/loopback-server \
|
|
|
ba1a3a7 |
> %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server
|
|
|
ba1a3a7 |
|
|
|
ba1a3a7 |
pushd sample
|
|
|
ba1a3a7 |
# Test SSL/TLS negotiations (runs for 2 minutes):
|
|
|
ba1a3a7 |
../src/openvpn/openvpn --config \
|
|
|
ba1a3a7 |
%{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client &
|
|
|
ba1a3a7 |
../src/openvpn/openvpn --config \
|
|
|
ba1a3a7 |
%{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server
|
|
|
ba1a3a7 |
wait
|
|
|
ba1a3a7 |
popd
|
|
|
ba1a3a7 |
|
|
|
ba1a3a7 |
rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \
|
|
|
ba1a3a7 |
%{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server
|
|
|
ba1a3a7 |
%endif
|
|
|
7995a20 |
|
|
|
5994929 |
%install
|
|
|
f3eed52 |
%{__make} install DESTDIR=$RPM_BUILD_ROOT
|
|
|
f3eed52 |
find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f
|
|
|
a9b2582 |
mkdir -p -m 0750 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/client $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/server
|
|
|
a9b2582 |
cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/
|
|
|
5994929 |
|
|
|
28587b8 |
# Create some directories the OpenVPN package should own
|
|
|
b97c97b |
mkdir -m 0750 -p $RPM_BUILD_ROOT%{_rundir}/%{name}-{client,server}
|
|
|
28587b8 |
mkdir -m 0770 -p $RPM_BUILD_ROOT%{_sharedstatedir}/%{name}
|
|
|
28587b8 |
|
|
|
035df29 |
# Package installs into %%{_pkgdocdir} directly
|
|
|
b97c97b |
# Add various additional files
|
|
|
b97c97b |
cp -a AUTHORS ChangeLog contrib sample distro/systemd/README.systemd $RPM_BUILD_ROOT%{_pkgdocdir}
|
|
|
035df29 |
|
|
David Sommerseth |
ce20bc1 |
# Fix incorrect she-bang on a python script
|
|
David Sommerseth |
ce20bc1 |
# https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/#_interpreter_invocation
|
|
David Sommerseth |
ce20bc1 |
sed -e "s|^#!/usr/bin/env.*python3$|#!%{python3} -%{py3_shebang_flags}|" \
|
|
David Sommerseth |
ce20bc1 |
-i $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/extract-crl/extractcrl.py
|
|
David Sommerseth |
ce20bc1 |
|
|
|
ba1a3a7 |
# Remove some files which does not really belong here
|
|
|
fbbe525 |
rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/sample/Makefile{,.in,.am}
|
|
|
ba1a3a7 |
rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/multilevel-init.patch
|
|
|
ba1a3a7 |
rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/sample/sample-keys
|
|
|
5994929 |
|
|
David Sommerseth |
ce20bc1 |
# Remove totpauth.py on RHEL-7, as it is not able to process the code
|
|
David Sommerseth |
ce20bc1 |
%if 0%{?rhel} == 7
|
|
David Sommerseth |
ce20bc1 |
rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/sample/sample-scripts/totpauth.py
|
|
David Sommerseth |
ce20bc1 |
%endif
|
|
David Sommerseth |
ce20bc1 |
|
|
David Sommerseth |
ce20bc1 |
|
|
|
5994929 |
%pre
|
|
|
03e60ef |
getent group openvpn &>/dev/null || groupadd -r openvpn
|
|
|
03e60ef |
getent passwd openvpn &>/dev/null || \
|
|
|
03e60ef |
/usr/sbin/useradd -r -g openvpn -s /sbin/nologin -c OpenVPN \
|
|
|
03e60ef |
-d /etc/openvpn openvpn
|
|
|
3149592 |
exit 0
|
|
|
5994929 |
|
|
|
5994929 |
%post
|
|
|
3149592 |
for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`;
|
|
|
3149592 |
do
|
|
|
3149592 |
%systemd_post $srv
|
|
|
3149592 |
done
|
|
|
5994929 |
|
|
|
5994929 |
%preun
|
|
|
3149592 |
for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`;
|
|
|
3149592 |
do
|
|
|
3149592 |
%systemd_preun $srv
|
|
|
3149592 |
done
|
|
|
5994929 |
|
|
|
5994929 |
%postun
|
|
|
3149592 |
for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`;
|
|
|
3149592 |
do
|
|
|
3149592 |
%systemd_postun_with_restart $srv
|
|
|
3149592 |
done
|
|
|
8b3e151 |
|
|
|
5994929 |
%files
|
|
|
035df29 |
%{_pkgdocdir}
|
|
|
b97c97b |
%exclude %{_pkgdocdir}/README.mbedtls
|
|
|
ba1a3a7 |
%exclude %{_pkgdocdir}/sample/sample-plugins
|
|
|
5994929 |
%{_mandir}/man8/%{name}.8*
|
|
|
b0362d8 |
%{_mandir}/man5/%{name}-*.5*
|
|
|
5994929 |
%{_sbindir}/%{name}
|
|
|
170f728 |
%{_libdir}/%{name}/
|
|
|
9831998 |
%{_unitdir}/%{name}-client@.service
|
|
|
9831998 |
%{_unitdir}/%{name}-server@.service
|
|
|
9831998 |
%{_tmpfilesdir}/%{name}.conf
|
|
|
5994929 |
%config %dir %{_sysconfdir}/%{name}/
|
|
|
b97c97b |
%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/client
|
|
|
b97c97b |
%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/server
|
|
David Sommerseth |
ce20bc1 |
%attr(0770,openvpn,openvpn) %{_sharedstatedir}/%{name}
|
|
|
9386b34 |
%ghost %{_rundir}/openvpn-client
|
|
|
9386b34 |
%ghost %{_rundir}/openvpn-server
|
|
|
a9b2582 |
|
|
|
ba1a3a7 |
%files devel
|
|
|
ba1a3a7 |
%{_pkgdocdir}/sample/sample-plugins
|
|
|
ba1a3a7 |
%{_includedir}/openvpn-plugin.h
|
|
|
ba1a3a7 |
%{_includedir}/openvpn-msg.h
|
|
|
ba1a3a7 |
|
|
|
5994929 |
|
|
|
5994929 |
%changelog
|
|
|
954148f |
* Mon Feb 19 2024 David Sommerseth <davids@openvpn.net> - 2.6.9-1
|
|
|
954148f |
- Update to upstream OpenVPN 2.6.9
|
|
|
954148f |
|
|
|
0cb5f76 |
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-3
|
|
|
0cb5f76 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
|
|
0cb5f76 |
|
|
|
cb66e9e |
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.8-2
|
|
|
cb66e9e |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
|
|
cb66e9e |
|
|
|
b5aae94 |
* Mon Nov 20 2023 David Sommerseth <davids@openvpn.net> - 2.6.8-1
|
|
|
b5aae94 |
- Update to upstream OpenPVN 2.6.7
|
|
|
b5aae94 |
- Fixes a regression from 2.6.7 resulting in a SIGSEGV (GitHub#449)
|
|
|
b5aae94 |
|
|
|
3149592 |
* Thu Nov 9 2023 David Sommerseth <davids@openvpn.net> - 2.6.7-1
|
|
|
3149592 |
- Update to upstream OpenVPN 2.6.7
|
|
|
3149592 |
- Fixes CVE-2023-46849, CVE-2023-46850
|
|
|
3149592 |
- Fix false exit status on pre runtime scriptlet (Elkhan Mammadli <elkhan@almalinux.org>, RHBZ#2239722)
|
|
|
3149592 |
- Fix regression of systemctl scriptlet globbing issues (RHBZ#1887984); reintroduced in openvpn-2.6.0-1
|
|
|
3149592 |
|
|
|
a32c568 |
* Mon Aug 21 2023 Frank Lichtenheld <frank@lichtenheld.com> - 2.6.6-1
|
|
|
a69c166 |
- Update to upstream OpenVPN 2.6.6
|
|
|
b5aae94 |
- Fix "warning: %%patchN is deprecated"
|
|
|
a69c166 |
|
|
|
1baf650 |
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.6.5-2
|
|
|
1baf650 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
|
|
1baf650 |
|
|
|
56d0d7d |
* Wed Jun 14 2023 David Sommerseth <davids@openvpn.net> - 2.6.5-1
|
|
|
56d0d7d |
- Update to upstream OpenVPN 2.6.5
|
|
|
56d0d7d |
|
|
|
9386b34 |
* Fri Apr 21 2023 David Sommerseth <davids@openvpn.net> - 2.6.3-1
|
|
|
9386b34 |
- Update to upstream OpenVPN 2.6.3
|
|
|
9386b34 |
- Remove BF-CBC from the --data-ciphers list in openvpn-server@.service
|
|
|
9386b34 |
- Add Recommends dependency to kmod-ovpn-dco (external Copr repo)
|
|
|
9386b34 |
|
|
|
623f389 |
* Fri Mar 24 2023 David Sommerseth <davids@openvpn.net> -2.6.2-1
|
|
|
623f389 |
- Update to upstream OpenVPN 2.6.2
|
|
|
623f389 |
|
|
|
ca58c2f |
* Tue Mar 14 2023 David Sommerseth <davids@openvpn.net> -2.6.1-2
|
|
|
ca58c2f |
- Added patch to fix xkey related issues (rhbz#2177834)
|
|
|
ca58c2f |
|
|
|
a9b03d3 |
* Mon Mar 13 2023 David Sommerseth <davids@openvpn.net> -2.6.1-1
|
|
|
a9b03d3 |
- Update to upstream OpenVPN 2.6.1
|
|
|
a9b03d3 |
|
|
David Sommerseth |
1194355 |
* Thu Jan 26 2023 David Sommerseth <davids@openvpn.net> - 2.6.0-2
|
|
David Sommerseth |
1194355 |
- Add missing fedora-crypto-policy-compliance.patch
|
|
David Sommerseth |
1194355 |
|
|
David Sommerseth |
ce20bc1 |
* Thu Jan 26 2023 David Sommerseth <davids@openvpn.net> - 2.6.0-1
|
|
David Sommerseth |
ce20bc1 |
- Packaging of final openvpn-2.6.0 release
|
|
David Sommerseth |
ce20bc1 |
|
|
|
ebd26d6 |
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.8-2
|
|
|
ebd26d6 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
|
|
ebd26d6 |
|
|
David Sommerseth |
4869c13 |
* Tue Nov 1 2022 David Sommerseth <davids@openvpn.net> - 2.5.8-1
|
|
David Sommerseth |
4869c13 |
- Update to upstream OpenVPN 2.5.8
|
|
David Sommerseth |
4869c13 |
|
|
|
01885a6 |
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.7-3
|
|
|
01885a6 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
|
|
01885a6 |
|
|
|
2bfe48c |
* Tue May 31 2022 David Sommerseth <davids@openvpn.net> - 2.5.7-2
|
|
|
2bfe48c |
- Added additional upstream patch resolving BF-CBC issues (to be removed with 2.5.8)
|
|
|
2bfe48c |
https://patchwork.openvpn.net/patch/2504/
|
|
|
2bfe48c |
- Removed BF-CBC from the --data-ciphers list. This is no longer available by default
|
|
|
2bfe48c |
in OpenSSL 3.0
|
|
|
2bfe48c |
|
|
|
8e594bc |
* Tue May 31 2022 David Sommerseth <davids@openvpn.net> - 2.5.7-1
|
|
|
8e594bc |
- Update to upstream OpenVPN 2.5.7
|
|
|
8e594bc |
|
|
|
cee4386 |
* Wed Mar 16 2022 David Sommerseth <davids@openvpn.net> - 2.5.6-1
|
|
|
cee4386 |
- Update to upstream OpenVPN 2.5.6
|
|
|
cee4386 |
- Fixes CVE-2022-0547
|
|
|
cee4386 |
|
|
|
319722d |
* Thu Jan 27 2022 David Sommerseth <davids@openvpn.net> - 2.5.5-4
|
|
|
319722d |
- Fix systemd related scriptlet error (#1887984)
|
|
|
319722d |
|
|
|
17755bc |
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.5-3
|
|
|
17755bc |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|