commit 511cab268511d21b4aeaa9fbcc7f15613c1dbb5c Author: Adam Osuchowski <ad...@pld-linux.org> Date: Thu Dec 30 12:32:56 2021 +0100
- up to 2.5.5 ...current-common_name-is-in-the-environment.patch | 48 ---------------------- openvpn.spec | 7 ++-- 2 files changed, 3 insertions(+), 52 deletions(-) --- diff --git a/openvpn.spec b/openvpn.spec index 3e69850..9808aa8 100644 --- a/openvpn.spec +++ b/openvpn.spec @@ -7,12 +7,12 @@ Summary: VPN Daemon Summary(pl.UTF-8): Serwer VPN Name: openvpn -Version: 2.5.4 +Version: 2.5.5 Release: 1 License: GPL v2 Group: Networking/Daemons Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz -# Source0-md5: 336be3b2388cdc65dd8c81f22b1c2836 +# Source0-md5: e469f55a223677b4cb6c7f4541065f5a Source1: %{name}.init Source2: %{name}.sysconfig Source3: %{name}.tmpfiles @@ -25,7 +25,6 @@ Patch1: unsupported-ciphers.patch Patch100: 0038-Deprecate-ecdh-curve-with-OpenSSL-3.0-and-adjust-mbe.patch Patch101: 0039-Use-EVP_PKEY-based-API-for-loading-DH-keys.patch Patch102: 0040-Remove-DES-check-with-OpenSSL-3.0.patch -Patch103: 0043-Ensure-the-current-common_name-is-in-the-environment.patch Patch104: 0044-Don-t-manually-free-DH-params-in-OpenSSL-3.patch Patch105: 0045-Do-not-allow-CTS-ciphers.patch Patch106: 0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch @@ -151,7 +150,6 @@ Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN. %patch100 -p1 %patch101 -p1 %patch102 -p1 -%patch103 -p1 %patch104 -p1 %patch105 -p1 %patch106 -p1 @@ -264,6 +262,7 @@ exit 0 %attr(755,root,root) %{_libdir}/%{name}/client.up %attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf %dir %{_libdir}/%{name}/plugins +%{_mandir}/man5/openvpn.5* %{_mandir}/man8/openvpn.8* %dir /var/run/openvpn %{systemdtmpfilesdir}/%{name}.conf diff --git a/0043-Ensure-the-current-common_name-is-in-the-environment.patch b/0043-Ensure-the-current-common_name-is-in-the-environment.patch deleted file mode 100644 index 2f7f1dd..0000000 --- a/0043-Ensure-the-current-common_name-is-in-the-environment.patch +++ /dev/null @@ -1,48 +0,0 @@ -From fa5ab2438ad2d8a12eaf43e2cdd8b4294299c175 Mon Sep 17 00:00:00 2001 -From: Selva Nair <selva.n...@gmail.com> -Date: Fri, 22 Oct 2021 20:07:05 -0400 -Subject: [PATCH 43/47] Ensure the current common_name is in the environment - for scripts - -When username-as-common-name is in effect, the common_name -is "CN" from the certificate for auth-user-pass-verify. It gets -changed to "username" after successful authentication. This -changed value gets into the env when client-connect script is -called. - -However, "common_name" goes through the cycle of being -"CN", then "username" during every reauth (renegotiation). -As the client-connect script is not called during reneg, the changed -value never gets back into the env. The end result is that the -disconnect script gets "common_name=<CN>" instead of the username. -Unless no reneg steps have happened before disconnect. -(For a more detailed analysis see -https://community.openvpn.net/openvpn/ticket/1434#comment:12) - -Fix by adding common_name to env whenever it changes. - -Trac: #1434 -Very likely applies to #160 as well, but that's too old and -some of the relevant code path has evolved since then. - -Signed-off-by: Selva Nair <selva.n...@gmail.com> -Acked-by: Gert Doering <g...@greenie.muc.de> -Message-Id: <20211023000706.25016-1-selva.n...@gmail.com> -URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23051.html -Signed-off-by: Gert Doering <g...@greenie.muc.de> ---- - src/openvpn/ssl_verify.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff -urNp -x '*.orig' openvpn-2.5.4.org/src/openvpn/ssl_verify.c openvpn-2.5.4/src/openvpn/ssl_verify.c ---- openvpn-2.5.4.org/src/openvpn/ssl_verify.c 2021-10-05 07:56:34.000000000 +0200 -+++ openvpn-2.5.4/src/openvpn/ssl_verify.c 2021-10-29 13:57:59.008621745 +0200 -@@ -116,6 +116,8 @@ set_common_name(struct tls_session *sess - } - #endif - } -+ /* update common name in env */ -+ setenv_str(session->opt->es, "common_name", common_name); - } - - /* ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/openvpn.git/commitdiff/511cab268511d21b4aeaa9fbcc7f15613c1dbb5c _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit