%define auth_ldap_version 2.0.3
%define easy_rsa_version 2.2.0_master
%define develname %mklibname %{name} -d
%define plugindir %{_libdir}/%{name}/plugins
%bcond_without ldap
# There is an issue with gcc, so disable for amd64
# waiting reply/fix
%ifarch amd64
%bcond_without ldap
%endif
Summary: A Secure TCP/UDP Tunneling Daemon
Name: openvpn
Version: 2.4.4
%define subrel 1
Release: %mkrel 1
URL: http://openvpn.net/
Source0: https://swupdate.openvpn.org/community/releases/%{name}-%{version}.tar.xz
Source2: http://openvpn-auth-ldap.googlecode.com/files/auth-ldap-%{auth_ldap_version}.tar.gz
Source3: dhcp.sh
Source4: openvpn-tmpfile.conf
Source5: openvpn@.service
Source6: openvpn.target
Source7: https://github.com/downloads/OpenVPN/easy-rsa/easy-rsa-%{easy_rsa_version}.tar.gz
Patch1: openvpn-2.3.openvpn_user.patch
Patch2: openvpn-auth-ldap-2.0.3-disable-tests.patch
#Patch3: openvpn-2.3.1_rc15-wformat.patch
Patch4: auth-ldap-rfc2307.patch
Patch1001: openvpn-auth-ldap-2.0.3-objc.patch
#Patch2000: openvpn-2.4.0-CVE-2017-7478.patch
#Patch2001: openvpn-2.4.0-CVE-2017-7479-prereq.patch
#Patch2002: openvpn-2.4.0-CVE-2017-7479.patch
Patch2003: CVE-2018-9336.patch
License: GPLv2
Group: Networking/Other
BuildRequires: liblzo-devel
BuildRequires: pkgconfig(openssl)
BuildRequires: pam-devel
BuildRequires: pkgconfig(libpkcs11-helper-1)
BuildRequires: automake1.8
BuildRequires: pkgconfig(systemd)
%if %with ldap
BuildRequires: gcc-objc
BuildRequires: openldap-devel
BuildRequires: re2c
%endif
Requires(post): systemd >= %{systemd_required_version}
Requires(post): rpm-helper >= 0.24.8-1
Requires(preun): rpm-helper >= 0.24.8-1
%description
OpenVPN is a robust and highly flexible tunneling application that uses
all of the encryption, authentication, and certification features of the
OpenSSL library to securely tunnel IP networks over a single UDP port.
%package -n %{develname}
Summary: Development package for OpenVPN plugins
Group: System/Libraries
Requires: %{name} = %{version}-%{release}
%description -n %{develname}
OpenVPN .h files.
%if %with ldap
This package contains the auth-ldap plugin
%endif
%prep
%setup -q -n openvpn-%{version} -a 7
%if %with ldap
%setup -q -n openvpn-%{version} -a 2 -a 7
%{__mv} auth-ldap-%{auth_ldap_version}/README auth-ldap-%{auth_ldap_version}/README-openvpn-auth-ldap
pushd auth-ldap-%{auth_ldap_version}
%patch1001 -p1
%patch2 -p1
%patch4 -p1
popd
%endif
%patch1 -p1
#%patch3 -p1
#%patch2000 -p1
#%patch2001 -p1
#%patch2002 -p1
%patch2003 -p1
%build
%serverbuild
#./pre-touch
libtoolize --copy --force --install
aclocal
automake -a -c -f -i
autoreconf -fi
%configure2_5x \
--enable-systemd \
--enable-pthread \
--with-lzo-headers=%{_includedir}/lzo \
--enable-password-save || cat config.log
%make
# plugins
%make -C src/plugins/down-root
%make -C src/plugins/auth-pam
%if %with ldap
pushd auth-ldap-%{auth_ldap_version}
%configure2_5x \
--with-openvpn=`pwd`/../include \
--libdir=%{plugindir} \
--with-objc-runtime=GNU
# workaround parallel build problem with generated header
%make -C tools
make -C src TRConfigParser.h
%make
popd
%endif
pushd easy-rsa-%{easy_rsa_version}
%configure2_5x \
--with-easyrsadir=%{_datadir}/%{name}/easy-rsa
%make
popd
%install
%make_install
%make_install -C easy-rsa-%{easy_rsa_version}
install -d %{buildroot}%{_sysconfdir}/%{name}
# (cg) NB The sample config file is needed for drakvpn
cp -pr sample/sample-{config-file,key,script}s %{buildroot}%{_datadir}/%{name}
mkdir -p %{buildroot}%{_datadir}/%{name}
install -d %{buildroot}%{_localstatedir}/lib/%{name}
# (cg) Nuke sysvinit script
rm -f %{buildroot}%{_datadir}/%{name}/sample-scripts/openvpn.init
# (cg) Add systemd units
install -D -m 644 %{SOURCE4} %{buildroot}%{_tmpfilesdir}/openvpn.conf
install -D -m 644 %{SOURCE5} %{buildroot}%{_unitdir}/openvpn@.service
install -D -m 644 %{SOURCE6} %{buildroot}%{_unitdir}/openvpn.target
# and remove wrongly generated ones
%ifarch x86_64
rm -f %{buildroot}/%{_libdir}/systemd/system/%{name}*.service
rm -f %{buildroot}/%{_libdir}/tmpfiles.d/%{name}.conf
%endif
#plugins
mkdir -p %{buildroot}%{plugindir}
%if %with ldap
pushd auth-ldap-%{auth_ldap_version}
%make_install
popd
%endif
install -m755 %{SOURCE3} %{buildroot}%{_datadir}/%{name}
%pre
%_pre_useradd %{name} %{_localstatedir}/lib/%{name} /bin/true
%post
# (cg) This is a templated unit, so we have to manually convert to systemd
if [ ! -f %{_localstatedir}/lib/rpm-helper/systemd-migration/%{name} ]; then
if [ -f %{_sysconfdir}/rc3.d/S??%{name} ]; then
for conf in %{_sysconfdir}/%{name}/*.conf; do
[ "$conf" = "%{_sysconfdir}/%{name}/*.conf" ] && continue
conf=$(basename $conf .conf)
mkdir -p %{_sysconfdir}/systemd/system/%{name}.target.wants
ln -s %{_unitdir}/%{name}@.service %{_sysconfdir}/systemd/system/%{name}.target.wants/%{name}@$conf.service
done
systemctl --quiet enable %{name}.target
fi
mkdir -p %{_localstatedir}/lib/rpm-helper/systemd-migration
touch %{_localstatedir}/lib/rpm-helper/systemd-migration/%{name}
else
# (cg) Older versions were not controlled by their own target
UNITS=
for unit in %{_sysconfdir}/systemd/system/multi-user.target.wants/%{name}@?*.service; do
[ "$unit" = "%{_sysconfdir}/systemd/system/multi-user.target.wants/%{name}@?*.service" ] && continue
UNITS="$UNITS $unit"
done
if [ -n "$UNITS" ]; then
mkdir %{_sysconfdir}/systemd/system/%{name}.target.wants
mv $UNITS %{_sysconfdir}/systemd/system/%{name}.target.wants
systemctl --quiet enable %{name}.target
fi
fi
%_tmpfilescreate %{name}
%_post_service %{name} %{name}.target
%preun
%_preun_service %{name} %{name}.target
%postun
%_postun_userdel %{name}
%files
%doc AUTHORS INSTALL PORTS README
%doc COPYING COPYRIGHT.GPL README* doc/management-notes.txt Changes.rst
%doc src/plugins/*/README.*
%if %with ldap
%doc auth-ldap-%{auth_ldap_version}/README-openvpn-auth-ldap
%endif
%{_mandir}/man8/%{name}.8*
%{_sbindir}/%{name}
%{_datadir}/%{name}
%dir %{_sysconfdir}/%{name}
#{_datadir}/%%{name}/dhcp.sh
%{_unitdir}/%{name}*.service
%{_unitdir}/%{name}.target
%{_tmpfilesdir}/%{name}.conf
%dir %{_localstatedir}/lib/%{name}
%dir %{plugindir}
%{plugindir}/*
%exclude %{_docdir}/easy-rsa/COPYING
%exclude %{_docdir}/easy-rsa/COPYRIGHT.GPL
%exclude %{_docdir}/easy-rsa/README-2.0
%files -n %{develname}
%{_includedir}/openvpn-plugin.h
%{_includedir}/openvpn-msg.h
%changelog
* Sat Jul 07 2018 bcornec <bcornec> 2.4.4-1.1.mga6
(not released yet)
+ Revision: 1242399
- Fix CVE-2018-9336 by modifying upstream patch for 2.4.4 in mga6
- Update openvpn to upstream 2.4.4 to fix #21780
* Mon Jun 26 2017 bcornec <bcornec> 2.4.3-1.mga6
+ Revision: 1108487
- Remove systemd files only on x86_64 where the delivery is wrong
- Update to upstream 2.4.3
* Mon May 15 2017 neoclust <neoclust> 2.4.0-2.mga6
+ Revision: 1101662
- Add P200{0,1,2} from debian - Fixes CVE-2017-7478 and CVE-2017-7479 (mga#20845)
* Mon Jan 02 2017 bcornec <bcornec> 2.4.0-1.mga6
+ Revision: 1079787
- update to upstream openvpn 2.4.0
* Mon Dec 12 2016 luigiwalser <luigiwalser> 2.3.14-1.mga6
+ Revision: 1074399
- 2.3.14
* Sat Nov 12 2016 luigiwalser <luigiwalser> 2.3.13-1.mga6
+ Revision: 1066632
- 2.3.13
* Fri Aug 26 2016 luigiwalser <luigiwalser> 2.3.12-1.mga6
+ Revision: 1049113
- 2.3.12 (fixes CVE-2016-6329)
* Tue May 17 2016 luigiwalser <luigiwalser> 2.3.11-1.mga6
+ Revision: 1016537
- 2.3.11
* Thu Mar 03 2016 umeabot <umeabot> 2.3.10-2.mga6
+ Revision: 983855
- Rebuild for openssl
* Wed Jan 06 2016 luigiwalser <luigiwalser> 2.3.10-1.mga6
+ Revision: 920141
- 2.3.10
* Fri Dec 18 2015 luigiwalser <luigiwalser> 2.3.9-1.mga6
+ Revision: 911651
- 2.3.9
* Fri Oct 23 2015 tv <tv> 2.3.6-2.mga6
+ Revision: 894412
- fix build: add some doc
* Sat Dec 27 2014 dlucio <dlucio> 2.3.6-1.mga5
+ Revision: 806680
- systemd-devel as BR
- 2.3.6
- P5 merged upstream
- P6 fixes an assertion when there is not crypto
* Tue Dec 02 2014 luigiwalser <luigiwalser> 2.3.2-6.mga5
+ Revision: 800333
- add patch from ubuntu to fix CVE-2014-8104
* Wed Oct 15 2014 umeabot <umeabot> 2.3.2-5.mga5
+ Revision: 743394
- Second Mageia 5 Mass Rebuild
* Tue Sep 16 2014 umeabot <umeabot> 2.3.2-4.mga5
+ Revision: 683259
- Mageia 5 Mass Rebuild
* Mon Jan 27 2014 neoclust <neoclust> 2.3.2-3.mga4
+ Revision: 568428
- Add P4: RFC2307 group support
* Sat Oct 19 2013 umeabot <umeabot> 2.3.2-2.mga4
+ Revision: 529088
- Mageia 4 Mass Rebuild
* Wed Jul 03 2013 dlucio <dlucio> 2.3.2-1.mga4
+ Revision: 449968
- 2.3.2
* Tue Apr 16 2013 colin <colin> 2.3.1-2.mga3
+ Revision: 410213
- Drop patch5 properly (unapplied, but fix is in upstream)
- Rediff and reenable patch3 (wformat)
- Drop patch4 (systemd console input): fixed upstream
- Ship the sample configs accidentally removed in r404203 (needed by drakvpn)
* Sat Apr 13 2013 dlucio <dlucio> 2.3.1-1.mga3
+ Revision: 409825
- 2.3.1
- P5 merged upstream
* Sun Mar 24 2013 colin <colin> 2.3.0-2.mga3
+ Revision: 404859
- Add systemd requires and general post/pre fixes (mga#9302)
* Wed Mar 20 2013 dlucio <dlucio> 2.3.0-1.mga3
+ Revision: 404203
- 2.3.0
- new devel subpackage
- easy-rsa is now anothe project, S7 added
- P1 and P5 rediffed
- P3 and P4 no needed
- lets move plugins to its plugins directory
- multiple spec cleanups
* Sun Jan 27 2013 pterjan <pterjan> 2.2.2-13.mga3
+ Revision: 392746
- Fix parallel build
* Sun Jan 13 2013 umeabot <umeabot> 2.2.2-12.mga3
+ Revision: 362181
- Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild
* Wed Jan 09 2013 cjw <cjw> 2.2.2-11.mga3
+ Revision: 343413
- patch5: fix build with automake 1.13
* Tue Nov 27 2012 colin <colin> 2.2.2-10.mga3
+ Revision: 322422
- Renumber patches
- Do not package /var/run/openvpn dir (tmpfiles takes care of it)
- Completely drop sysvinit script (including patches to it)
- Minor configure tidyup
- No need to explicitly enable -fPIC (it's enabled by default)
- Enable systemd input for authentication (via upstream + Fred Crozat @ suse)
* Sun Nov 25 2012 colin <colin> 2.2.2-9.mga3
+ Revision: 321721
- Switch to an openvpn.target setup with PartOf= support in .service units
- Run systemd-tmpfiles --create on install to ensure pid file dir creation (mga#8200)
- Package tmpfiles.d snippet in the /usr tree, not /etc as config
* Sat Aug 18 2012 nanardon <nanardon> 2.2.2-8.mga3
+ Revision: 281954
- kill initscripts
* Fri Aug 17 2012 nanardon <nanardon> 2.2.2-7.mga3
+ Revision: 281885
- fix startup with systemd
- fix initscript
* Mon Aug 13 2012 dlucio <dlucio> 2.2.2-6.mga3
+ Revision: 281004
- P13 to fix gcc47 issues, from debian
- rebuild for new libs
* Sat Apr 28 2012 tmb <tmb> 2.2.2-5.mga2
+ Revision: 233831
- Require rpm-helper >= 0.24.8-1 for systemd support
* Sat Apr 21 2012 colin <colin> 2.2.2-4.mga2
+ Revision: 232371
- Use macros in post script.
* Sat Apr 21 2012 colin <colin> 2.2.2-3.mga2
+ Revision: 232360
- Handle systemd template unit migration and mask sysvinit script.
* Wed Apr 18 2012 guillomovitch <guillomovitch> 2.2.2-2.mga2
+ Revision: 231466
- spec cleanup
- systemd support
* Fri Mar 16 2012 dlucio <dlucio> 2.2.2-1.mga2
+ Revision: 223673
- Update to 2.2.2
- New dhcp.sh script that lets to handle dynamic dns with dhcp environments
* Fri Dec 09 2011 wally <wally> 2.2.1-1.2.mga2
+ Revision: 179681
- fix build
+ dmorgan <dmorgan>
- Rebuild against gcc 4.6.2
+ dlucio <dlucio>
- more synced patches
- P3 synced from Mandriva
- 2.2.1
* Wed Jun 15 2011 mikala <mikala> 2.1.4-2.mga2
+ Revision: 107896
- Add --enable-save-password switch (Allow --askpass and --auth-user-pass passwords to be read from a file)
* Thu Mar 03 2011 ennael <ennael> 2.1.4-1.mga1
+ Revision: 63137
- imported package openvpn
* Tue Nov 09 2010 Luis Daniel Lucio Quiroz <dlucio@mandriva.org> 2.1.4-1mdv2011.0
+ Revision: 595489
- 2.1.4
Fix summary
* Tue Oct 19 2010 Luis Daniel Lucio Quiroz <dlucio@mandriva.org> 2.1.3-1mdv2011.0
+ Revision: 586743
- 2.1.3
* Wed Aug 18 2010 Luis Daniel Lucio Quiroz <dlucio@mandriva.org> 2.1.2-1mdv2011.0
+ Revision: 571120
- 2.1.2
* Thu Apr 08 2010 Eugeni Dodonov <eugeni@mandriva.com> 2.1.1-3mdv2010.1
+ Revision: 533059
- Rebuild for openssl 1.0.0.
* Fri Feb 26 2010 Oden Eriksson <oeriksson@mandriva.com> 2.1.1-2mdv2010.1
+ Revision: 511606
- rebuilt against openssl-0.9.8m
* Sat Dec 12 2009 Frederik Himpe <fhimpe@mandriva.org> 2.1.1-1mdv2010.1
+ Revision: 477774
- update to new version 2.1.1
* Fri Dec 11 2009 Funda Wang <fwang@mandriva.org> 2.1.0-1mdv2010.1
+ Revision: 476390
- new version 2.1.0
* Mon Nov 23 2009 Luis Daniel Lucio Quiroz <dlucio@mandriva.org> 2.1-0.rc22.2mdv2010.1
+ Revision: 469177
- Source2 URL updated
* Sat Nov 21 2009 Luis Daniel Lucio Quiroz <dlucio@mandriva.org> 2.1-0.rc22.1mdv2010.1
+ Revision: 468162
- New rc22
* Thu Nov 12 2009 Frederik Himpe <fhimpe@mandriva.org> 2.1-0.rc20.1mdv2010.1
+ Revision: 465276
- Update to new version 2.1-rc21
* Mon Oct 05 2009 Luis Daniel Lucio Quiroz <dlucio@mandriva.org> 2.1-0.rc20.1mdv2010.0
+ Revision: 454239
- P7 to let compillation work because buf_printf() function
- RC20, it fixes several bugs
* Thu Jul 23 2009 Frederik Himpe <fhimpe@mandriva.org> 2.1-0.rc19.1mdv2010.0
+ Revision: 399003
- Update to new version 2.1-rc19
+ Christophe Fergeau <cfergeau@mandriva.com>
- fix -Wformat warnings
* Sat Nov 22 2008 Frederik Himpe <fhimpe@mandriva.org> 2.1-0.rc15.1mdv2009.1
+ Revision: 305704
- Update to new version 2.1-rc15, drop UDP ssl/tls negotiation patch
integrated upstream in 2.1-rc11
* Mon Nov 17 2008 Funda Wang <fwang@mandriva.org> 2.1-0.rc10.3mdv2009.1
+ Revision: 303875
- BR libpkcs11-helper-devel (bug#45813)
* Thu Sep 18 2008 Frederik Himpe <fhimpe@mandriva.org> 2.1-0.rc10.2mdv2009.0
+ Revision: 285720
- Fix license
- Add 2.1-rc11 patch fixing TLS/SSL negotiations if UDP packets
are dropped
* Sat Sep 13 2008 Frederik Himpe <fhimpe@mandriva.org> 2.1-0.rc10.1mdv2009.0
+ Revision: 284564
- Update to 2.1 RC 10
* Tue Aug 05 2008 Frederik Himpe <fhimpe@mandriva.org> 2.1-0.rc9.1mdv2009.0
+ Revision: 263636
- Update to new version 2.1-rc9: fixes security problem CVE-2008-3459
+ Pixel <pixel@mandriva.com>
- adapt to %%_localstatedir now being /var instead of /var/lib (#22312)
* Mon May 19 2008 David Walluck <walluck@mandriva.org> 2.1-0.rc7.1mdv2009.0
+ Revision: 209098
- BuildRequires: re2c for ldap support
- 2.1_rc7
- auth_ldap 2.0.3
* Wed Jan 23 2008 Thierry Vignaud <tv@mandriva.org> 2.0.9-4mdv2008.1
+ Revision: 157261
- rebuild with fixed %%serverbuild macro
+ Olivier Blin <oblin@mandriva.com>
- restore BuildRoot
* Mon Dec 24 2007 Oden Eriksson <oeriksson@mandriva.com> 2.0.9-3mdv2008.1
+ Revision: 137470
- rebuilt against openldap-2.4.7 libs
+ Thierry Vignaud <tv@mandriva.org>
- kill re-definition of %%buildroot on Pixel's request
* Wed Jun 27 2007 Andreas Hasenack <andreas@mandriva.com> 2.0.9-2mdv2008.0
+ Revision: 45193
- using serverbuild macro (-fstack-protector-all)
* Wed May 09 2007 Olivier Thauvin <nanardon@mandriva.org> 2.0.9-1mdv2008.0
+ Revision: 25697
- 2.0.9
- don't bzip2 source, add gpg sig into source pkg
* Thu Mar 15 2007 Olivier Thauvin <nanardon@mandriva.org> 2.0.7-4mdv2007.1
+ Revision: 144578
- rebuild
* Wed Jan 31 2007 Olivier Thauvin <nanardon@mandriva.org> 2.1-0.rc2.2mdv2007.1
+ Revision: 115645
- merge patch no-user/group from 2.1 branches (Yves-Gwenael Bourhis)
* Sun Aug 13 2006 Olivier Thauvin <nanardon@mandriva.org> 2.0.7-2mdv2007.0
+ Revision: 55734
- rebuild
- add openvpn
* Thu Apr 20 2006 Olivier Thauvin <nanardon@mandriva.org> 2.0.7-1mdk
- 2.0.7
* Mon Jan 09 2006 Olivier Blin <oblin@mandriva.com> 2.0.5-5mdk
- fix typo in initscript
* Mon Jan 09 2006 Olivier Blin <oblin@mandriva.com> 2.0.5-4mdk
- convert parallel init to LSB
* Tue Jan 03 2006 Per Ãyvind Karlsen <pkarlsen@mandriva.com> 2.0.5-3mdk
- add parallel init support
- fix executable-marked-as-config-file
- be sure to wipe out buildroot at the beginning of %%install
- don't ship copyright notice as the package is GPL (see common-licenses)
* Sun Nov 13 2005 Oden Eriksson <oeriksson@mandriva.com> 2.0.5-2mdk
- rebuilt against openssl-0.9.8a
* Thu Nov 10 2005 Olivier Thauvin <nanardon@mandriva.org> 2.0.5-1mdk
- 2.0.5
* Mon Oct 17 2005 Olivier Thauvin <nanardon@mandriva.org> 2.0.2-1mdk
- 2.0.2
* Wed Aug 31 2005 Oden Eriksson <oeriksson@mandriva.com> 2.0.1-2mdk
- rebuilt against new openldap-2.3.6 libs
* Thu Aug 25 2005 Olivier Thauvin <nanardon@mandriva.org> 2.0.1-1mdk
- 2.0.1
- ldap patch version 1.0.1
- remove patch3, fix upstream
* Sun Jul 10 2005 Olivier Thauvin <nanardon@mandriva.org> 2.0-4mdk
- rebuild for lzo (#16777)
- add patch3: fix -lzo2 calls
* Thu Jun 23 2005 Olivier Thauvin <nanardon@mandriva.org> 2.0-3mdk
- rebuild for lzo (Thanks Michar)
* Thu May 12 2005 Olivier Thauvin <nanardon@mandriva.org> 2.0-2mdk
- Request by Luis Daniel Lucio Quiroz <dlucio@okay.com.mx>
- add native plugin
- add openvpn-auth-ldap plugin (except for amd64)
* Wed Apr 20 2005 Olivier Thauvin <nanardon@mandriva.org> 2.0-1mdk
- 2.0 final
* Fri Apr 08 2005 Olivier Thauvin <thauvin@aerov.jussieu.fr> 2.0-0.rc20.1mdk
- 2.0-rc20
* Thu Jan 13 2005 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.6.0-2mdk
- rebuild
- cosmetics
* Tue Jun 01 2004 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 1.6.0-1mdk
- 1.6.0
- fix buildrequires (lib64..)
- drop GPL license file, there's no reason for us to ship such common
license files in packages, as we ship them with the common-licenses package!
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
49d9ace24277775900418fbf50216de8
>
files
>
11
