Browse Source

openvpn package update

Signed-off-by: basebuilder_pel7x64builder0 <basebuilder@powerel.org>
master
basebuilder_pel7x64builder0 6 years ago
parent
commit
b64749db1c
  1. 201
      SOURCES/0001-Re-introduce-tls-remote-for-Fedora-EPEL-6-and-EPEL-7.patch
  2. BIN
      SOURCES/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg
  3. 9
      SOURCES/openvpn-2.4-change-tmpfiles-permissions.patch
  4. 11
      SOURCES/openvpn@.service
  5. 38
      SOURCES/roadwarrior-client.conf
  6. 67
      SOURCES/roadwarrior-server.conf
  7. 259
      SPECS/openvpn.spec

201
SOURCES/0001-Re-introduce-tls-remote-for-Fedora-EPEL-6-and-EPEL-7.patch

@ -0,0 +1,201 @@ @@ -0,0 +1,201 @@
From 273d10b74973d672317c0c0bd5e58897e49a94f0 Mon Sep 17 00:00:00 2001
From: David Sommerseth <davids@openvpn.net>
Date: Thu, 23 Mar 2017 22:50:41 +0100
Subject: [PATCH] Re-introduce --tls-remote for Fedora EPEL-6 and EPEL-7 only

This reverts commit 10ce637066f44e8ad9f4af000b8d0c2a4012236d.

To avoid breaking any existing OpenVPN installations using the
Fedora EPEL repository, this patch re-introduces this DEPRECATED
--tls-remote option for Fedora EPEL-6 and EPEL-7 ONLY. This is
only considered to be an exceptional patch and will not be part
of any upstream OpenVPN releases.

Signed-off-by: David Sommerseth <davids@openvpn.net>
---
Changes.rst | 6 ++++++
doc/openvpn.8 | 45 +++++++++++++++++++++++++++++++++++++++
src/openvpn/options.c | 55 +++++++++++++++++++++++++++++++++++++++++++-----
src/openvpn/ssl_verify.h | 2 ++
4 files changed, 103 insertions(+), 5 deletions(-)

diff --git a/Changes.rst b/Changes.rst
index d5e12eb..a536f5b 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -179,6 +179,12 @@ https://community.openvpn.net/openvpn/wiki/DeprecatedOptions
non-standard X.509 subject formatting must be updated to the standardized
formatting. See the man page for more information.

+ NOTE: For Fedora EPEL-6 and EPEL-7 this feature have been re-introduced
+ to maintain a possible upgrade path from v2.3 to v2.4. All users are STRONGLY
+ encouraged to update their configurations to use ``--verify-x509-name`` ASAP.
+ The ``--tls-remote`` option WILL NOT be preserved in newer major Fedora EPEL
+ releases.
+
- ``--no-iv`` is deprecated in OpenVPN 2.4 and will be removed in v2.5.

- ``--keysize`` is deprecated in OpenVPN 2.4 and will be removed in v2.6
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 0b3e1ad..44f528c 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -5349,6 +5349,51 @@ prefix will be left as\-is. This automatic upcasing feature
is deprecated and will be removed in a future release.
.\"*********************************************************
.TP
+.B \-\-tls\-remote name (DEPRECATED)
+Accept connections only from a host with X509 name
+or common name equal to
+.B name.
+The remote host must also pass all other tests
+of verification.
+
+.B NOTE:
+Because tls\-remote may test against a common name prefix,
+only use this option when you are using OpenVPN with a custom CA
+certificate that is under your control.
+Never use this option when your client certificates are signed by
+a third party, such as a commercial web CA.
+
+Name can also be a common name prefix, for example if you
+want a client to only accept connections to "Server-1",
+"Server-2", etc., you can simply use
+.B \-\-tls\-remote Server
+
+Using a common name prefix is a useful alternative to managing
+a CRL (Certificate Revocation List) on the client, since it allows the client
+to refuse all certificates except for those associated
+with designated servers.
+
+.B \-\-tls\-remote
+is a useful replacement for the
+.B \-\-tls\-verify
+option to verify the remote host, because
+.B \-\-tls\-remote
+works in a
+.B \-\-chroot
+environment too.
+
+.B Please also note:
+This option is DEPRECATED. It has been removed in upstream OpenVPN v2.4.0
+and have only been re-introduced into Fedora EPEL-6 and EPEL-7 for backwards
+compatibility purposes. It will NOT be provided in any newer major EPEL
+releases. So please make sure you support the new X.509 name formatting
+described with the
+.B \-\-compat\-names
+option as soon as possible by updating your configurations to use
+.B \-\-verify\-x509\-name
+instead.
+.\"*********************************************************
+.TP
.B \-\-verify\-x509\-name name type
Accept connections only if a host's X.509 name is equal to
.B name.
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 8dee5d1..2f97442 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -66,7 +66,7 @@ const char title_string[] =
#ifdef CONFIGURE_GIT_REVISION
" [git:" CONFIGURE_GIT_REVISION CONFIGURE_GIT_FLAGS "]"
#endif
- " " TARGET_ALIAS
+ " " TARGET_ALIAS " [Fedora EPEL patched]"
#ifdef ENABLE_CRYPTO
#if defined(ENABLE_CRYPTO_MBEDTLS)
" [SSL (mbed TLS)]"
@@ -7887,12 +7887,16 @@ add_option(struct options *options,
#endif
{
VERIFY_PERMISSION(OPT_P_GENERAL);
- if (options->verify_x509_type != VERIFY_X509_NONE)
+ if (options->verify_x509_type != VERIFY_X509_NONE
+ && options->verify_x509_type != TLS_REMOTE_SUBJECT_DN
+ && options->verify_x509_type != TLS_REMOTE_SUBJECT_RDN_PREFIX)
{
msg(msglevel, "you cannot use --compat-names with --verify-x509-name");
goto err;
}
- msg(M_WARN, "DEPRECATED OPTION: --compat-names, please update your configuration. This will be removed in OpenVPN 2.5.");
+ msg(M_WARN, "DEPRECATED OPTION: --compat-names, please update your "
+ "configuration. This option is especially preserved for "
+ "Fedora EPEL-6 and EPEL-7 ONLY.");
compat_flag(COMPAT_FLAG_SET | COMPAT_NAMES);
#if P2MP_SERVER
if (p[1] && streq(p[1], "no-remapping"))
@@ -7903,16 +7907,57 @@ add_option(struct options *options,
else if (streq(p[0], "no-name-remapping") && !p[1])
{
VERIFY_PERMISSION(OPT_P_GENERAL);
- if (options->verify_x509_type != VERIFY_X509_NONE)
+ if (options->verify_x509_type != VERIFY_X509_NONE
+ && options->verify_x509_type != TLS_REMOTE_SUBJECT_DN
+ && options->verify_x509_type != TLS_REMOTE_SUBJECT_RDN_PREFIX)
{
msg(msglevel, "you cannot use --no-name-remapping with --verify-x509-name");
goto err;
}
- msg(M_WARN, "DEPRECATED OPTION: --no-name-remapping, please update your configuration. This will be removed in OpenVPN 2.5.");
+ msg(M_WARN, "DEPRECATED OPTION: --no-name-remapping, please update your "
+ "configuration. This option is especially preserved for "
+ "Fedora EPEL-6 and EPEL-7 ONLY.");
compat_flag(COMPAT_FLAG_SET | COMPAT_NAMES);
compat_flag(COMPAT_FLAG_SET | COMPAT_NO_NAME_REMAPPING);
#endif
}
+ else if (streq(p[0], "tls-remote") && p[1] && !p[2])
+ {
+ VERIFY_PERMISSION(OPT_P_GENERAL);
+
+ if (options->verify_x509_type != VERIFY_X509_NONE
+ && options->verify_x509_type != TLS_REMOTE_SUBJECT_DN
+ && options->verify_x509_type != TLS_REMOTE_SUBJECT_RDN_PREFIX)
+ {
+ msg(msglevel, "you cannot use --tls-remote with --verify-x509-name");
+ goto err;
+ }
+ msg(M_WARN, "DEPRECATED OPTION: --tls-remote is espectially "
+ "re-introduced in v2.4 for Fedora EPEL-6 and EPEL-7 only. "
+ "Do update your configuration now!");
+
+ if (strlen(p[1]))
+ {
+ int is_username = (!strchr(p[1], '=') || !strstr(p[1], ", "));
+ int type = TLS_REMOTE_SUBJECT_DN;
+ if (p[1][0] != '/' && is_username)
+ {
+ type = TLS_REMOTE_SUBJECT_RDN_PREFIX;
+ }
+
+ /*
+ * Enable legacy openvpn format for DNs that have not been converted
+ * yet and --x509-username-field (not containing an '=' or ', ')
+ */
+ if (p[1][0] == '/' || is_username)
+ {
+ compat_flag(COMPAT_FLAG_SET | COMPAT_NAMES);
+ }
+
+ options->verify_x509_type = type;
+ options->verify_x509_name = p[1];
+ }
+ }
else if (streq(p[0], "verify-x509-name") && p[1] && strlen(p[1]) && !p[3])
{
int type = VERIFY_X509_SUBJECT_DN;
diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h
index f2d0d6c..e244566 100644
--- a/src/openvpn/ssl_verify.h
+++ b/src/openvpn/ssl_verify.h
@@ -66,6 +66,8 @@ struct cert_hash_set {
#define VERIFY_X509_SUBJECT_DN 1
#define VERIFY_X509_SUBJECT_RDN 2
#define VERIFY_X509_SUBJECT_RDN_PREFIX 3
+#define TLS_REMOTE_SUBJECT_DN 1 + 0x100
+#define TLS_REMOTE_SUBJECT_RDN_PREFIX 3 + 0x100

#define TLS_AUTHENTICATION_SUCCEEDED 0
#define TLS_AUTHENTICATION_FAILED 1
--
2.13.5

BIN
SOURCES/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg

Binary file not shown.

9
SOURCES/openvpn-2.4-change-tmpfiles-permissions.patch

@ -0,0 +1,9 @@ @@ -0,0 +1,9 @@
diff --git a/distro/systemd/tmpfiles-openvpn.conf b/distro/systemd/tmpfiles-openvpn.conf
index bb79671e..9258f5c6 100644
--- a/distro/systemd/tmpfiles-openvpn.conf
+++ b/distro/systemd/tmpfiles-openvpn.conf
@@ -1,2 +1,2 @@
-d /run/openvpn-client 0710 root root -
-d /run/openvpn-server 0710 root root -
+d /run/openvpn-client 0750 root openvpn -
+d /run/openvpn-server 0750 root openvpn -

11
SOURCES/openvpn@.service

@ -0,0 +1,11 @@ @@ -0,0 +1,11 @@
[Unit]
Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
After=network.target

[Service]
Type=notify
PrivateTmp=true
ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config %i.conf

[Install]
WantedBy=multi-user.target

38
SOURCES/roadwarrior-client.conf

@ -0,0 +1,38 @@ @@ -0,0 +1,38 @@
#########################################
# Sample client-side OpenVPN config file
# for connecting to multi-client server.
#
# Adapted from http://openvpn.sourceforge.net/20notes.html
#
# The server can be pinged at 10.8.0.1.
#
# This configuration can be used by multiple
# clients, however each client should have
# its own cert and key files.
#
# tun-style tunnel

port 1194
dev tun
remote [my server hostname or IP address]

# TLS parms

tls-client
ca sample-keys/tmp-ca.crt
cert sample-keys/client.crt
key sample-keys/client.key

# This parm is required for connecting
# to a multi-client server. It tells
# the client to accept options which
# the server pushes to us.
pull

# Scripts can be used to do various
# things (change nameservers, for
# example.
#up scripts/ifup-post
#down scripts/ifdown-post

verb 4

67
SOURCES/roadwarrior-server.conf

@ -0,0 +1,67 @@ @@ -0,0 +1,67 @@
########################################
# Sample OpenVPN config file for
# 2.0-style multi-client udp server
#
# Adapted from http://openvpn.sourceforge.net/20notes.html
#
# tun-style tunnel

port 1194
dev tun

# Use "local" to set the source address on multi-homed hosts
#local [IP address]

# TLS parms
tls-server
ca sample-keys/tmp-ca.crt
cert sample-keys/server.crt
key sample-keys/server.key
dh sample-keys/dh1024.pem

# Tell OpenVPN to be a multi-client udp server
mode server

# The server's virtual endpoints
ifconfig 10.8.0.1 10.8.0.2

# Pool of /30 subnets to be allocated to clients.
# When a client connects, an --ifconfig command
# will be automatically generated and pushed back to
# the client.
ifconfig-pool 10.8.0.4 10.8.0.255

# Push route to client to bind it to our local
# virtual endpoint.
push "route 10.8.0.1 255.255.255.255"

# Push any routes the client needs to get in
# to the local network.
push "route 192.168.0.0 255.255.255.0"

# Push DHCP options to Windows clients.
push "dhcp-option DOMAIN example.com"
push "dhcp-option DNS 192.168.0.1"
push "dhcp-option WINS 192.168.0.1"

# Client should attempt reconnection on link
# failure.
keepalive 10 60

# Delete client instances after some period
# of inactivity.
inactive 600

# Route the --ifconfig pool range into the
# OpenVPN server.
route 10.8.0.0 255.255.255.0

# The server doesn't need privileges
user openvpn
group openvpn

# Keep TUN devices and keys open across restarts.
persist-tun
persist-key

verb 4

259
SPECS/openvpn.spec

@ -0,0 +1,259 @@ @@ -0,0 +1,259 @@
%define _hardened_build 1
#define prerelease rc22

# Build conditionals
# tests_long - Enabled by default, enables long running tests in %%check
%bcond_without tests_long

Name: openvpn
Version: 2.4.6
Release: 1%{?prerelease:.%{prerelease}}%{?dist}
Summary: A full-featured SSL VPN solution
URL: https://community.openvpn.net/
Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz
Source1: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz.asc
Source2: roadwarrior-server.conf
Source3: roadwarrior-client.conf
# Deprecated systemd unit file. Will be removed in Fedora 27
Source5: openvpn@.service
# Upstream signing key
Source6: gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg
Patch0: 0001-Re-introduce-tls-remote-for-Fedora-EPEL-6-and-EPEL-7.patch
Patch50: openvpn-2.4-change-tmpfiles-permissions.patch
License: GPLv2
BuildRequires: gnupg2
BuildRequires: gcc
BuildRequires: systemd-devel
BuildRequires: lzo-devel
BuildRequires: lz4-devel
BuildRequires: openssl-devel
BuildRequires: pkcs11-helper-devel >= 1.11
BuildRequires: pam-devel
BuildRequires: libselinux-devel
# For the perl_default_filter macro
BuildRequires: perl-macros
%{?systemd_requires}
# For /sbin/ip.
BuildRequires: iproute
Requires: iproute
Requires(pre): /usr/sbin/useradd
Requires(post): systemd-sysv
Requires(post): systemd-units
Requires(preun): systemd-units
Requires(postun): systemd-units

# Filter out the perl(Authen::PAM) dependency.
# No perl dependency is really needed at all.
%{?perl_default_filter}

%description
OpenVPN is a robust and highly flexible tunneling application that uses all
of the encryption, authentication, and certification features of the
OpenSSL library to securely tunnel IP networks over a single UDP or TCP
port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library
for compression.

%package devel
Group: Applications/Internet
Summary: Development headers and examples for OpenVPN plug-ins

%description devel
OpenVPN can be extended through the --plugin option, which provides
possibilities to add specialized authentication, user accounting,
packet filtering and related features. These plug-ins need to be
written in C and provides a more low-level and information rich access
to similar features as the various script-hooks.


%prep
gpgv2 --quiet --keyring %{SOURCE6} %{SOURCE1} %{SOURCE0}
%setup -q -n %{name}-%{version}%{?prerelease:_%{prerelease}}
%patch0 -p1
%patch50 -p1

sed -i -e 's,%{_datadir}/openvpn/plugin,%{_libdir}/openvpn/plugin,' doc/openvpn.8

# %%doc items shouldn't be executable.
find contrib sample -type f -perm /100 \
-exec chmod a-x {} \;

%build
%configure \
--enable-iproute2 \
--with-crypto-library=openssl \
--enable-pkcs11 \
--enable-selinux \
--enable-systemd \
--enable-x509-alt-username \
--docdir=%{_pkgdocdir} \
SYSTEMD_UNIT_DIR=%{_unitdir} \
TMPFILES_DIR=%{_tmpfilesdir} \
IPROUTE=/sbin/ip
%{__make}

%check
# Test Crypto:
./src/openvpn/openvpn --genkey --secret key
./src/openvpn/openvpn --cipher aes-128-cbc --test-crypto --secret key
./src/openvpn/openvpn --cipher aes-256-cbc --test-crypto --secret key
./src/openvpn/openvpn --cipher aes-128-gcm --test-crypto --secret key
./src/openvpn/openvpn --cipher aes-256-gcm --test-crypto --secret key

%if %{with tests_long}
# Randomize ports for tests to avoid conflicts on the build servers.
cport=$[ 50000 + ($RANDOM % 15534) ]
sport=$[ $cport + 1 ]
sed -e 's/^\(rport\) .*$/\1 '$sport'/' \
-e 's/^\(lport\) .*$/\1 '$cport'/' \
< sample/sample-config-files/loopback-client \
> %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client
sed -e 's/^\(rport\) .*$/\1 '$cport'/' \
-e 's/^\(lport\) .*$/\1 '$sport'/' \
< sample/sample-config-files/loopback-server \
> %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server

pushd sample
# Test SSL/TLS negotiations (runs for 2 minutes):
../src/openvpn/openvpn --config \
%{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client &
../src/openvpn/openvpn --config \
%{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server
wait
popd

rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \
%{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server
%endif

%install
%{__make} install DESTDIR=$RPM_BUILD_ROOT
find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f
mkdir -p -m 0750 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/client $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/server
cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/

# Create some directories the OpenVPN package should own
mkdir -m 0750 -p $RPM_BUILD_ROOT%{_rundir}/%{name}-{client,server}
mkdir -m 0770 -p $RPM_BUILD_ROOT%{_sharedstatedir}/%{name}

# DEPRECATED openvpn@.service ... this unit file will be removed in EPEL8
install -D -m 0644 %{SOURCE5} $RPM_BUILD_ROOT%{_unitdir}/

# Package installs into %%{_pkgdocdir} directly
# Add various additional files
cp -a AUTHORS ChangeLog contrib sample distro/systemd/README.systemd $RPM_BUILD_ROOT%{_pkgdocdir}

# Remove some files which does not really belong here
rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/sample/Makefile{,.in,.am}
rm -f $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/multilevel-init.patch
rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/sample/sample-keys

%pre
getent group openvpn &>/dev/null || groupadd -r openvpn
getent passwd openvpn &>/dev/null || \
/usr/sbin/useradd -r -g openvpn -s /sbin/nologin -c OpenVPN \
-d /etc/openvpn openvpn

%post
%systemd_post openvpn-client@\*.service
%systemd_post openvpn-server@\*.service

%preun
%systemd_preun openvpn-client@\*.service
%systemd_preun openvpn-server@\*.service

%postun
%systemd_postun_with_restart openvpn-client@\*.service
%systemd_postun_with_restart openvpn-server@\*.service
%systemd_postun_with_restart openvpn@\*.service


%files
%{_pkgdocdir}
%exclude %{_pkgdocdir}/README.IPv6
%exclude %{_pkgdocdir}/README.mbedtls
%exclude %{_pkgdocdir}/sample/sample-plugins
%{_mandir}/man8/%{name}.8*
%{_sbindir}/%{name}
%{_libdir}/%{name}/
%{_unitdir}/%{name}@.service
%{_unitdir}/%{name}-client@.service
%{_unitdir}/%{name}-server@.service
%{_tmpfilesdir}/%{name}.conf
%config %dir %{_sysconfdir}/%{name}/
%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/client
%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/server
%attr(0750,-,openvpn) %{_rundir}/%{name}-client
%attr(0750,-,openvpn) %{_rundir}/%{name}-server
%attr(0770,openvpn,openvpn) %{_sharedstatedir}/%{name}

%files devel
%{_pkgdocdir}/sample/sample-plugins
%{_includedir}/openvpn-plugin.h
%{_includedir}/openvpn-msg.h


%changelog
* Thu Apr 26 2018 David Sommerseth <dazo@eurephia.org> - 2.4.6-1
- Updating to upstream, openvpn-2.4.6

* Thu Mar 1 2018 David Sommerseth <dazo@eurephia.org> - 2.4.5-1
- Updating to upstream, openvpn-2.4.5
- Package upstream ChangeLog, which contains a bit more details than Changes.rst
- Cleaned up spec file further, removed Group: tag, trimmed changelog section,
added gcc to BuildRequires.
- Excluded not relevant file, README.mbedtls
- Package upstream version of README.systemd
- Fix wrong group owner of /etc/openvpn/{client,server} (rhbz#1526743)
- Changed crypto self-test to test AES-{128,256}-{CBC,GCM} instead of only BF-CBC (deprecated)
- Change /run/openvpn-{client,server} permissions to be 0750 instead of 0710, with group set to openvpn

* Thu Jan 25 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.4.4-2
- Fix systemd executions/requirements

* Tue Sep 26 2017 David Sommerseth <dazo@eurephia.org> - 2.4.4-1
- Update to upstream openvpn-2.4.4
- Includes fix for possible stack overflow if --key-method 1 is used {CVE-2017-12166}
- Build against Fedora EPEL lz4 compression library
- Build with long running test cases
- Use %%{name} instead of the openvpn string in a few directory paths

* Wed Jun 21 2017 David Sommerseth <dazo@eurephia.org> - 2.4.3-1
- Updating to upstream openvpn-2.4.3
- Fix remotely-triggerable ASSERT() on malformed IPv6 packet {CVE-2017-7508}
- Prevent two kinds of stack buffer OOB reads and a crash for invalid input data {CVE-2017-7520}
- Fix potential double-free in --x509-alt-username {CVE-2017-7521}
- Fix remote-triggerable memory leaks {CVE-2017-7521}
- Ensure OpenVPN systemd services are restarted upon upgrades
- Verify PGP signature of source tarball as part of package building

* Thu May 11 2017 David Sommerseth <dazo@eurephia.org> - 2.4.2-2
- Install and take ownership of /run/openvpn-{client,server} (rhbz#1444601)
- Install and take ownership of /var/lib/openvpn (rhbz#922786)
- Re-enable --enable-x509-alt-username (rhbz#1443942)

* Thu May 11 2017 David Sommerseth <dazo@eurephia.org> - 2.4.2-1
- Update to upstream openvpn-2.4.2

* Mon Apr 3 2017 David Sommerseth <dazo@eurephia.org> - 2.4.1-2
- Splitting out -devel files into a separate package
- Removed several contrib and sample files which makes is not
strictly needed in this package.
- Use systemd-rpm macros (rhbz#850257)
- Updated openvpn@.service to use Type=notify instead of Type=forking (rhbz#1435831)
BEWARE: openvpn@.service is DEPRECATED.
- Added README.systemd describing new systemd unit files (openvpn-client/server@.service)
- Lots of packaging cleanups
- build: Enable tests runs by default, long running tests can
be disabled with "--without tests_long"
- build: Removed defined %%{plugins} macro not in use

* Thu Mar 23 2017 David Sommerseth <dazo@eurephia.org> - 2.4.1-1
- Updating to upstream release, v2.4.1
- Removed no-functional ./configure options
- Use upstream tmfiles.d/openvpn
- Package newer openvpn-client/server@.service unit files
- Fedora EPEL exception: Re-introduce --tls-remote feature
- Package management-notes.txt, describing the management interface

* Thu Feb 09 2017 Jon Ciesla <limburgher@gmail.com> 2.4.0-1
- 2.4.0.
Loading…
Cancel
Save