diff --git a/.gitignore b/.gitignore index 5b78af5..947690d 100644 --- a/.gitignore +++ b/.gitignore @@ -86,3 +86,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.6.1.tar.gz.asc /openvpn-2.6.2.tar.gz /openvpn-2.6.2.tar.gz.asc +/openvpn-2.6.3.tar.gz +/openvpn-2.6.3.tar.gz.asc diff --git a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch index 74892f8..258f5fb 100644 --- a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch +++ b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch @@ -26,15 +26,12 @@ diff --git a/distro/systemd/openvpn-server@.service.in b/distro/systemd/openvpn- index 6e8e7d9..6acbc8e 100644 --- a/distro/systemd/openvpn-server@.service.in +++ b/distro/systemd/openvpn-server@.service.in -@@ -10,7 +10,7 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO +@@ -10,7 +10,7 @@ Type=notify PrivateTmp=true WorkingDirectory=/etc/openvpn/server -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf -+ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf ++ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC --config %i.conf CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE LimitNPROC=10 DeviceAllow=/dev/null rw --- -2.31.1 - diff --git a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg index 8114462..670c446 100644 Binary files a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg and b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg differ diff --git a/openvpn.spec b/openvpn.spec index 7fab4c0..b967a48 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -26,7 +26,7 @@ %bcond_without tests_long Name: openvpn -Version: 2.6.2 +Version: 2.6.3 Release: 1%{?dist} Summary: A full-featured TLS VPN solution (beta release) URL: https://community.openvpn.net/ @@ -67,6 +67,10 @@ BuildRequires: systemd-devel %{?systemd_requires} Requires(pre): /usr/sbin/useradd +%if %{with dco} +Recommends: kmod-ovpn-dco >= 0.2 +%endif + %if 0%{?rhel} > 7 || 0%{?fedora} > 34 BuildRequires: python3-docutils %else @@ -236,6 +240,8 @@ getent passwd openvpn &>/dev/null || \ %attr(0770,openvpn,openvpn) %{_sharedstatedir}/%{name} %attr(0750,-,openvpn) %{_rundir}/%{name}-client %attr(0750,-,openvpn) %{_rundir}/%{name}-server +%ghost %{_rundir}/openvpn-client +%ghost %{_rundir}/openvpn-server %files devel %{_pkgdocdir}/sample/sample-plugins @@ -244,6 +250,11 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Fri Apr 21 2023 David Sommerseth - 2.6.3-1 +- Update to upstream OpenVPN 2.6.3 +- Remove BF-CBC from the --data-ciphers list in openvpn-server@.service +- Add Recommends dependency to kmod-ovpn-dco (external Copr repo) + * Fri Mar 24 2023 David Sommerseth -2.6.2-1 - Update to upstream OpenVPN 2.6.2 diff --git a/sources b/sources index 08343bd..b0f336c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openvpn-2.6.2.tar.gz) = 7f4729f64071d947bc568e2e4fe5051dd9363eecde1493fcc9fc8a8d510277833abc819d382ec64e4e9400b1ae802ddcec28a9c4934f962350d2d0e4b6c5920b -SHA512 (openvpn-2.6.2.tar.gz.asc) = 34bf2b82e90c697c15af6b6de69e4a43b9a3370ba9483bd7d625c30607eb9f650718b4e9a4ac11168e34bba98bec8d918d3679f2fdcea2da10f3419cfa5bc1b2 +SHA512 (openvpn-2.6.3.tar.gz) = ed075f6c4d03f253a44adb2f7ebcb3725aa06a0b8f012dfddeb68dc85f21ff910859bc55f0e4ab9491e37d2470b12d0fc483a5a03bdd5351a38c68a73723b1cb +SHA512 (openvpn-2.6.3.tar.gz.asc) = 1a255555e832ad8070ecf4b5e62269820cd2b1779fa672af9b46013567179774e0f3a2c0cb3d3e8444027152e1130f11e55e0893cf986474249112f6ecfd63c3