From 11ebff787f8c29591f0365df6a77527962f26e30 Mon Sep 17 00:00:00 2001 From: David Sommerseth Date: Feb 20 2019 15:06:52 +0000 Subject: Updating to upstream OpenVPN 2.4.7 The unit file patch had to be slightly adopted to fit with upstream changes. And the signing key has been updated. Signed-off-by: David Sommerseth --- diff --git a/.gitignore b/.gitignore index d06925e..e7a97cd 100644 --- a/.gitignore +++ b/.gitignore @@ -56,3 +56,5 @@ openvpn-2.1.2.tar.gz.asc /openvpn-2.4.5.tar.xz.asc /openvpn-2.4.6.tar.xz /openvpn-2.4.6.tar.xz.asc +/openvpn-2.4.7.tar.xz +/openvpn-2.4.7.tar.xz.asc diff --git a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch index 14a16ac..7e11fe8 100644 --- a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch +++ b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch @@ -24,7 +24,7 @@ index 9a8a2c7..0ecda08 100644 WorkingDirectory=/etc/openvpn/server -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC:BF-CBC --config %i.conf - CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE + CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE LimitNPROC=10 DeviceAllow=/dev/null rw -- diff --git a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg index 4dff7eb..0bb85fb 100644 Binary files a/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg and b/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg differ diff --git a/openvpn.spec b/openvpn.spec index 4c0bd66..de33ce9 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -6,12 +6,12 @@ %bcond_without tests_long Name: openvpn -Version: 2.4.6 -Release: 3%{?prerelease:.%{prerelease}}%{?dist} +Version: 2.4.7 +Release: 1%{?prerelease:.%{prerelease}}%{?dist} Summary: A full-featured SSL VPN solution URL: https://community.openvpn.net/ -Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz -Source1: https://swupdate.openvpn.org/community/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz.asc +Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz +Source1: https://build.openvpn.net/downloads/releases/%{name}-%{version}%{?prerelease:_%{prerelease}}.tar.xz.asc Source2: roadwarrior-server.conf Source3: roadwarrior-client.conf # Upstream signing key @@ -49,7 +49,6 @@ port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library for compression. %package devel -Group: Applications/Internet Summary: Development headers and examples for OpenVPN plug-ins %description devel @@ -184,6 +183,9 @@ getent passwd openvpn &>/dev/null || \ %changelog +* Wed Feb 20 2019 David Sommerseth - 2.4.7-1 +- Updating to upstream OpenVPN 2.4.7 + * Sat Oct 6 2018 David Sommerseth - 2.4.6-3 - Enable the asynchronous push feature, which can improve connect speeds with slow authentication backends