[packages/openvpn] - up to 2.5.5
adwol
adwol at pld-linux.org
Thu Dec 30 12:33:15 CET 2021
commit 511cab268511d21b4aeaa9fbcc7f15613c1dbb5c
Author: Adam Osuchowski <adwol at pld-linux.org>
Date: Thu Dec 30 12:32:56 2021 +0100
- up to 2.5.5
...current-common_name-is-in-the-environment.patch | 48 ----------------------
openvpn.spec | 7 ++--
2 files changed, 3 insertions(+), 52 deletions(-)
---
diff --git a/openvpn.spec b/openvpn.spec
index 3e69850..9808aa8 100644
--- a/openvpn.spec
+++ b/openvpn.spec
@@ -7,12 +7,12 @@
Summary: VPN Daemon
Summary(pl.UTF-8): Serwer VPN
Name: openvpn
-Version: 2.5.4
+Version: 2.5.5
Release: 1
License: GPL v2
Group: Networking/Daemons
Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
-# Source0-md5: 336be3b2388cdc65dd8c81f22b1c2836
+# Source0-md5: e469f55a223677b4cb6c7f4541065f5a
Source1: %{name}.init
Source2: %{name}.sysconfig
Source3: %{name}.tmpfiles
@@ -25,7 +25,6 @@ Patch1: unsupported-ciphers.patch
Patch100: 0038-Deprecate-ecdh-curve-with-OpenSSL-3.0-and-adjust-mbe.patch
Patch101: 0039-Use-EVP_PKEY-based-API-for-loading-DH-keys.patch
Patch102: 0040-Remove-DES-check-with-OpenSSL-3.0.patch
-Patch103: 0043-Ensure-the-current-common_name-is-in-the-environment.patch
Patch104: 0044-Don-t-manually-free-DH-params-in-OpenSSL-3.patch
Patch105: 0045-Do-not-allow-CTS-ciphers.patch
Patch106: 0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
@@ -151,7 +150,6 @@ Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN.
%patch100 -p1
%patch101 -p1
%patch102 -p1
-%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
@@ -264,6 +262,7 @@ exit 0
%attr(755,root,root) %{_libdir}/%{name}/client.up
%attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf
%dir %{_libdir}/%{name}/plugins
+%{_mandir}/man5/openvpn.5*
%{_mandir}/man8/openvpn.8*
%dir /var/run/openvpn
%{systemdtmpfilesdir}/%{name}.conf
diff --git a/0043-Ensure-the-current-common_name-is-in-the-environment.patch b/0043-Ensure-the-current-common_name-is-in-the-environment.patch
deleted file mode 100644
index 2f7f1dd..0000000
--- a/0043-Ensure-the-current-common_name-is-in-the-environment.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From fa5ab2438ad2d8a12eaf43e2cdd8b4294299c175 Mon Sep 17 00:00:00 2001
-From: Selva Nair <selva.nair at gmail.com>
-Date: Fri, 22 Oct 2021 20:07:05 -0400
-Subject: [PATCH 43/47] Ensure the current common_name is in the environment
- for scripts
-
-When username-as-common-name is in effect, the common_name
-is "CN" from the certificate for auth-user-pass-verify. It gets
-changed to "username" after successful authentication. This
-changed value gets into the env when client-connect script is
-called.
-
-However, "common_name" goes through the cycle of being
-"CN", then "username" during every reauth (renegotiation).
-As the client-connect script is not called during reneg, the changed
-value never gets back into the env. The end result is that the
-disconnect script gets "common_name=<CN>" instead of the username.
-Unless no reneg steps have happened before disconnect.
-(For a more detailed analysis see
-https://community.openvpn.net/openvpn/ticket/1434#comment:12)
-
-Fix by adding common_name to env whenever it changes.
-
-Trac: #1434
-Very likely applies to #160 as well, but that's too old and
-some of the relevant code path has evolved since then.
-
-Signed-off-by: Selva Nair <selva.nair at gmail.com>
-Acked-by: Gert Doering <gert at greenie.muc.de>
-Message-Id: <20211023000706.25016-1-selva.nair at gmail.com>
-URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23051.html
-Signed-off-by: Gert Doering <gert at greenie.muc.de>
----
- src/openvpn/ssl_verify.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff -urNp -x '*.orig' openvpn-2.5.4.org/src/openvpn/ssl_verify.c openvpn-2.5.4/src/openvpn/ssl_verify.c
---- openvpn-2.5.4.org/src/openvpn/ssl_verify.c 2021-10-05 07:56:34.000000000 +0200
-+++ openvpn-2.5.4/src/openvpn/ssl_verify.c 2021-10-29 13:57:59.008621745 +0200
-@@ -116,6 +116,8 @@ set_common_name(struct tls_session *sess
- }
- #endif
- }
-+ /* update common name in env */
-+ setenv_str(session->opt->es, "common_name", common_name);
- }
-
- /*
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/openvpn.git/commitdiff/511cab268511d21b4aeaa9fbcc7f15613c1dbb5c
More information about the pld-cvs-commit
mailing list