- up to 2.5.5

diff --git a/0043-Ensure-the-current-common_name-is-in-the-environment.patch b/0043-Ensure-the-current-common_name-is-in-the-environment.patch
deleted file mode 100644 (file)
index 2f7f1dd..0000000
--- a/0043-Ensure-the-current-common_name-is-in-the-environment.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From fa5ab2438ad2d8a12eaf43e2cdd8b4294299c175 Mon Sep 17 00:00:00 2001
-From: Selva Nair <selva.nair@gmail.com>
-Date: Fri, 22 Oct 2021 20:07:05 -0400
-Subject: [PATCH 43/47] Ensure the current common_name is in the environment
- for scripts
-
-When username-as-common-name is in effect, the common_name
-is "CN" from the certificate for auth-user-pass-verify. It gets
-changed to "username" after successful authentication. This
-changed value gets into the env when client-connect script is
-called.
-
-However, "common_name" goes through the cycle of being
-"CN", then "username" during every reauth (renegotiation).
-As the client-connect script is not called during reneg, the changed
-value never gets back into the env. The end result is that the
-disconnect script gets "common_name=<CN>" instead of the username.
-Unless no reneg steps have happened before disconnect.
-(For a more detailed analysis see
-https://community.openvpn.net/openvpn/ticket/1434#comment:12)
-
-Fix by adding common_name to env whenever it changes.
-
-Trac: #1434
-Very likely applies to #160 as well, but that's too old and
-some of the relevant code path has evolved since then.
-
-Signed-off-by: Selva Nair <selva.nair@gmail.com>
-Acked-by: Gert Doering <gert@greenie.muc.de>
-Message-Id: <20211023000706.25016-1-selva.nair@gmail.com>
-URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23051.html
-Signed-off-by: Gert Doering <gert@greenie.muc.de>
----
- src/openvpn/ssl_verify.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff -urNp -x '*.orig' openvpn-2.5.4.org/src/openvpn/ssl_verify.c openvpn-2.5.4/src/openvpn/ssl_verify.c
---- openvpn-2.5.4.org/src/openvpn/ssl_verify.c 2021-10-05 07:56:34.000000000 +0200
-+++ openvpn-2.5.4/src/openvpn/ssl_verify.c     2021-10-29 13:57:59.008621745 +0200
-@@ -116,6 +116,8 @@ set_common_name(struct tls_session *sess
-         }
- #endif
-     }
-+    /* update common name in env */
-+    setenv_str(session->opt->es, "common_name", common_name);
- }
- 
- /*

diff --git a/openvpn.spec b/openvpn.spec
index 3e69850ed51582ac04afbdefa5939fa626b54c2b..9808aa81f2787d5cbbe6a00d9c6c081861cda79a 100644 (file)
--- a/openvpn.spec
+++ b/openvpn.spec
@@ -7,12 +7,12 @@
 Summary:       VPN Daemon
 Summary(pl.UTF-8):     Serwer VPN
 Name:          openvpn
-Version:       2.5.4
+Version:       2.5.5
 Release:       1
 License:       GPL v2
 Group:         Networking/Daemons
 Source0:       https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
-# Source0-md5: 336be3b2388cdc65dd8c81f22b1c2836
+# Source0-md5: e469f55a223677b4cb6c7f4541065f5a
 Source1:       %{name}.init
 Source2:       %{name}.sysconfig
 Source3:       %{name}.tmpfiles
@@ -25,7 +25,6 @@ Patch1:               unsupported-ciphers.patch
 Patch100:      0038-Deprecate-ecdh-curve-with-OpenSSL-3.0-and-adjust-mbe.patch
 Patch101:      0039-Use-EVP_PKEY-based-API-for-loading-DH-keys.patch
 Patch102:      0040-Remove-DES-check-with-OpenSSL-3.0.patch
-Patch103:      0043-Ensure-the-current-common_name-is-in-the-environment.patch
 Patch104:      0044-Don-t-manually-free-DH-params-in-OpenSSL-3.patch
 Patch105:      0045-Do-not-allow-CTS-ciphers.patch
 Patch106:      0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
@@ -151,7 +150,6 @@ Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN.
 %patch100 -p1
 %patch101 -p1
 %patch102 -p1
-%patch103 -p1
 %patch104 -p1
 %patch105 -p1
 %patch106 -p1
@@ -264,6 +262,7 @@ exit 0
 %attr(755,root,root) %{_libdir}/%{name}/client.up
 %attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf
 %dir %{_libdir}/%{name}/plugins
+%{_mandir}/man5/openvpn.5*
 %{_mandir}/man8/openvpn.8*
 %dir /var/run/openvpn
 %{systemdtmpfilesdir}/%{name}.conf