+++ /dev/null
-From fa5ab2438ad2d8a12eaf43e2cdd8b4294299c175 Mon Sep 17 00:00:00 2001
-From: Selva Nair <selva.nair@gmail.com>
-Date: Fri, 22 Oct 2021 20:07:05 -0400
-Subject: [PATCH 43/47] Ensure the current common_name is in the environment
- for scripts
-
-When username-as-common-name is in effect, the common_name
-is "CN" from the certificate for auth-user-pass-verify. It gets
-changed to "username" after successful authentication. This
-changed value gets into the env when client-connect script is
-called.
-
-However, "common_name" goes through the cycle of being
-"CN", then "username" during every reauth (renegotiation).
-As the client-connect script is not called during reneg, the changed
-value never gets back into the env. The end result is that the
-disconnect script gets "common_name=<CN>" instead of the username.
-Unless no reneg steps have happened before disconnect.
-(For a more detailed analysis see
-https://community.openvpn.net/openvpn/ticket/1434#comment:12)
-
-Fix by adding common_name to env whenever it changes.
-
-Trac: #1434
-Very likely applies to #160 as well, but that's too old and
-some of the relevant code path has evolved since then.
-
-Signed-off-by: Selva Nair <selva.nair@gmail.com>
-Acked-by: Gert Doering <gert@greenie.muc.de>
-Message-Id: <20211023000706.25016-1-selva.nair@gmail.com>
-URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23051.html
-Signed-off-by: Gert Doering <gert@greenie.muc.de>
----
- src/openvpn/ssl_verify.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff -urNp -x '*.orig' openvpn-2.5.4.org/src/openvpn/ssl_verify.c openvpn-2.5.4/src/openvpn/ssl_verify.c
---- openvpn-2.5.4.org/src/openvpn/ssl_verify.c 2021-10-05 07:56:34.000000000 +0200
-+++ openvpn-2.5.4/src/openvpn/ssl_verify.c 2021-10-29 13:57:59.008621745 +0200
-@@ -116,6 +116,8 @@ set_common_name(struct tls_session *sess
- }
- #endif
- }
-+ /* update common name in env */
-+ setenv_str(session->opt->es, "common_name", common_name);
- }
-
- /*
Summary: VPN Daemon
Summary(pl.UTF-8): Serwer VPN
Name: openvpn
-Version: 2.5.4
+Version: 2.5.5
Release: 1
License: GPL v2
Group: Networking/Daemons
Source0: https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
-# Source0-md5: 336be3b2388cdc65dd8c81f22b1c2836
+# Source0-md5: e469f55a223677b4cb6c7f4541065f5a
Source1: %{name}.init
Source2: %{name}.sysconfig
Source3: %{name}.tmpfiles
Patch100: 0038-Deprecate-ecdh-curve-with-OpenSSL-3.0-and-adjust-mbe.patch
Patch101: 0039-Use-EVP_PKEY-based-API-for-loading-DH-keys.patch
Patch102: 0040-Remove-DES-check-with-OpenSSL-3.0.patch
-Patch103: 0043-Ensure-the-current-common_name-is-in-the-environment.patch
Patch104: 0044-Don-t-manually-free-DH-params-in-OpenSSL-3.patch
Patch105: 0045-Do-not-allow-CTS-ciphers.patch
Patch106: 0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
%patch100 -p1
%patch101 -p1
%patch102 -p1
-%patch103 -p1
%patch104 -p1
%patch105 -p1
%patch106 -p1
%attr(755,root,root) %{_libdir}/%{name}/client.up
%attr(755,root,root) %{_libdir}/%{name}/update-resolv-conf
%dir %{_libdir}/%{name}/plugins
+%{_mandir}/man5/openvpn.5*
%{_mandir}/man8/openvpn.8*
%dir /var/run/openvpn
%{systemdtmpfilesdir}/%{name}.conf