From 3149592eee58f06fbc933ec34856f99bb4ff66a3 Mon Sep 17 00:00:00 2001
From: David Sommerseth <dazo@eurephia.org>
Date: Nov 09 2023 22:52:54 +0000
Subject: Update to OpenVPN 2.6.7


Update to upstream OpenVPN 2.6.7
Fixes CVE-2023-46849, CVE-2023-46850
Fix false exit status on pre runtime scriptlet (Elkhan Mammadli <elkhan@almalinux.org>, RHBZ#2239722)
Fix regression of systemctl scriptlet globbing issues (RHBZ#1887984); reintroduced in openvpn-2.6.0-1

Signed-off-by: David Sommerseth <dazo@eurephia.org>

---

diff --git a/.gitignore b/.gitignore
index d0d30d7..1b36d1d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -92,3 +92,5 @@ openvpn-2.1.2.tar.gz.asc
 /openvpn-2.6.5.tar.gz.asc
 /openvpn-2.6.6.tar.gz
 /openvpn-2.6.6.tar.gz.asc
+/openvpn-2.6.7.tar.gz
+/openvpn-2.6.7.tar.gz.asc
diff --git a/openvpn.spec b/openvpn.spec
index 32ddbb2..5601ce1 100644
--- a/openvpn.spec
+++ b/openvpn.spec
@@ -26,7 +26,7 @@
 %bcond_without tests_long
 
 Name:              openvpn
-Version:           2.6.6
+Version:           2.6.7
 Release:           1%{?dist}
 Summary:           A full-featured TLS VPN solution (beta release)
 URL:               https://community.openvpn.net/
@@ -209,19 +209,25 @@ getent group openvpn &>/dev/null || groupadd -r openvpn
 getent passwd openvpn &>/dev/null || \
     /usr/sbin/useradd -r -g openvpn -s /sbin/nologin -c OpenVPN \
         -d /etc/openvpn openvpn
+exit 0
 
 %post
-%systemd_post openvpn-client@\*.service
-%systemd_post openvpn-server@\*.service
+for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`;
+do
+    %systemd_post $srv
+done
 
 %preun
-%systemd_preun openvpn-client@\*.service
-%systemd_preun openvpn-server@\*.service
+for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`;
+do
+    %systemd_preun $srv
+done
 
 %postun
-%systemd_postun_with_restart openvpn-client@\*.service
-%systemd_postun_with_restart openvpn-server@\*.service
-%systemd_postun_with_restart openvpn@\*.service
+for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`;
+do
+    %systemd_postun_with_restart $srv
+done
 
 %files
 %{_pkgdocdir}
@@ -238,8 +244,6 @@ getent passwd openvpn &>/dev/null || \
 %config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/client
 %config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/server
 %attr(0770,openvpn,openvpn) %{_sharedstatedir}/%{name}
-%attr(0750,-,openvpn) %{_rundir}/%{name}-client
-%attr(0750,-,openvpn) %{_rundir}/%{name}-server
 %ghost %{_rundir}/openvpn-client
 %ghost %{_rundir}/openvpn-server
 
@@ -250,6 +254,12 @@ getent passwd openvpn &>/dev/null || \
 
 
 %changelog
+* Thu Nov 9 2023 David Sommerseth <davids@openvpn.net> - 2.6.7-1
+- Update to upstream OpenVPN 2.6.7
+- Fixes CVE-2023-46849, CVE-2023-46850
+- Fix false exit status on pre runtime scriptlet (Elkhan Mammadli <elkhan@almalinux.org>, RHBZ#2239722)
+- Fix regression of systemctl scriptlet globbing issues (RHBZ#1887984); reintroduced in openvpn-2.6.0-1
+
 * Mon Aug 21 2023 Frank Lichtenheld <frank@lichtenheld.com> - 2.6.6-1
 - Update to upstream OpenVPN 2.6.6
 - Fix "warning: %patchN is deprecated"
diff --git a/sources b/sources
index a91fc3d..67d6549 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (openvpn-2.6.6.tar.gz) = f4c528fff6ed130d135d3d5d95dd73b1a9c8eb780b8fbfa30e12107795c1d01a6aaf8940e5b92f4968ddc59a2deb59905ff714632e512444a2f5b0df0dde3cba
-SHA512 (openvpn-2.6.6.tar.gz.asc) = 9409f4699af8451c2a0e58d58c87659a12b86b78f67a0c9a113b045e13d8e62c602cd83e2a6af7afc47ac615c10178533ca67b6988b5da9aa150bf0fd304069a
+SHA512 (openvpn-2.6.7.tar.gz) = 759a2ba1d14425cab202b9c050b8f4452da61776d213de4c64c4f6e0b07313756865d97c152b26fcd334d238684ffdbf60ef28131df463f37fa318b9c8cb10b0
+SHA512 (openvpn-2.6.7.tar.gz.asc) = 1bb1910dda796e42312b01d38e4aef4d318f889b86b8c5f62018c5242d88e1445b8a0e8601f466e532d3c29c5e9c27827ead156ea6669e141b3a6fc02a74a1e2