[packages/openvpn] - up to 2.5.5

adwol adwol at pld-linux.org
Thu Dec 30 12:33:15 CET 2021 

commit 511cab268511d21b4aeaa9fbcc7f15613c1dbb5c
Author: Adam Osuchowski <adwol at pld-linux.org>
Date:   Thu Dec 30 12:32:56 2021 +0100

    - up to 2.5.5

 ...current-common_name-is-in-the-environment.patch | 48 ----------------------
 openvpn.spec                                       |  7 ++--
 2 files changed, 3 insertions(+), 52 deletions(-)
---
diff --git a/openvpn.spec b/openvpn.spec
index 3e69850..9808aa8 100644
--- a/openvpn.spec
+++ b/openvpn.spec
@@ -7,12 +7,12 @@
 Summary:	VPN Daemon
 Summary(pl.UTF-8):	Serwer VPN
 Name:		openvpn
-Version:	2.5.4
+Version:	2.5.5
 Release:	1
 License:	GPL v2
 Group:		Networking/Daemons
 Source0:	https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
-# Source0-md5:	336be3b2388cdc65dd8c81f22b1c2836
+# Source0-md5:	e469f55a223677b4cb6c7f4541065f5a
 Source1:	%{name}.init
 Source2:	%{name}.sysconfig
 Source3:	%{name}.tmpfiles
@@ -25,7 +25,6 @@ Patch1:		unsupported-ciphers.patch
 Patch100:	0038-Deprecate-ecdh-curve-with-OpenSSL-3.0-and-adjust-mbe.patch
 Patch101:	0039-Use-EVP_PKEY-based-API-for-loading-DH-keys.patch
 Patch102:	0040-Remove-DES-check-with-OpenSSL-3.0.patch
-Patch103:	0043-Ensure-the-current-common_name-is-in-the-environment.patch
 Patch104:	0044-Don-t-manually-free-DH-params-in-OpenSSL-3.patch
 Patch105:	0045-Do-not-allow-CTS-ciphers.patch
 Patch106:	0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
@@ -151,7 +150,6 @@ Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN.
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1
-%patch103 -p1
 %patch104 -p1
 %patch105 -p1
 %patch106 -p1
@@ -264,6 +262,7 @@ exit 0
 %attr(755,root,root) %{_libdir}/%{name}/client.up
 %attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf
 %dir %{_libdir}/%{name}/plugins
+%{_mandir}/man5/openvpn.5*
 %{_mandir}/man8/openvpn.8*
 %dir /var/run/openvpn
 %{systemdtmpfilesdir}/%{name}.conf
diff --git a/0043-Ensure-the-current-common_name-is-in-the-environment.patch b/0043-Ensure-the-current-common_name-is-in-the-environment.patch
deleted file mode 100644
index 2f7f1dd..0000000
--- a/0043-Ensure-the-current-common_name-is-in-the-environment.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From fa5ab2438ad2d8a12eaf43e2cdd8b4294299c175 Mon Sep 17 00:00:00 2001
-From: Selva Nair <selva.nair at gmail.com>
-Date: Fri, 22 Oct 2021 20:07:05 -0400
-Subject: [PATCH 43/47] Ensure the current common_name is in the environment
- for scripts
-
-When username-as-common-name is in effect, the common_name
-is "CN" from the certificate for auth-user-pass-verify. It gets
-changed to "username" after successful authentication. This
-changed value gets into the env when client-connect script is
-called.
-
-However, "common_name" goes through the cycle of being
-"CN", then "username" during every reauth (renegotiation).
-As the client-connect script is not called during reneg, the changed
-value never gets back into the env. The end result is that the
-disconnect script gets "common_name=<CN>" instead of the username.
-Unless no reneg steps have happened before disconnect.
-(For a more detailed analysis see
-https://community.openvpn.net/openvpn/ticket/1434#comment:12)
-
-Fix by adding common_name to env whenever it changes.
-
-Trac: #1434
-Very likely applies to #160 as well, but that's too old and
-some of the relevant code path has evolved since then.
-
-Signed-off-by: Selva Nair <selva.nair at gmail.com>
-Acked-by: Gert Doering <gert at greenie.muc.de>
-Message-Id: <20211023000706.25016-1-selva.nair at gmail.com>
-URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23051.html
-Signed-off-by: Gert Doering <gert at greenie.muc.de>
----
- src/openvpn/ssl_verify.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff -urNp -x '*.orig' openvpn-2.5.4.org/src/openvpn/ssl_verify.c openvpn-2.5.4/src/openvpn/ssl_verify.c
---- openvpn-2.5.4.org/src/openvpn/ssl_verify.c	2021-10-05 07:56:34.000000000 +0200
-+++ openvpn-2.5.4/src/openvpn/ssl_verify.c	2021-10-29 13:57:59.008621745 +0200
-@@ -116,6 +116,8 @@ set_common_name(struct tls_session *sess
-         }
- #endif
-     }
-+    /* update common name in env */
-+    setenv_str(session->opt->es, "common_name", common_name);
- }
- 
- /*
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/openvpn.git/commitdiff/511cab268511d21b4aeaa9fbcc7f15613c1dbb5c

More information about the pld-cvs-commit mailing list