Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
openvpn
openvpn.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openvpn.spec of Package openvpn
# # spec file for package openvpn # # Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %if 0%{?suse_version} > 1210 %define with_systemd 1 %else %define with_systemd 0 %endif %if ! %{defined _rundir} %define _rundir %{_localstatedir}/run %endif Name: openvpn URL: http://openvpn.net/ %if %{with_systemd} %{?systemd_requires} %else PreReq: %fillup_prereq PreReq: %insserv_prereq %endif Version: 2.3.8 Release: 0 Summary: Full-featured SSL VPN solution using a TUN/TAP Interface License: LGPL-2.1-only AND SUSE-GPL-2.0-with-openssl-exception Group: Productivity/Networking/Security Source: http://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.gz Source1: http://swupdate.openvpn.org/community/releases/openvpn-%{version}.tar.gz.asc Source2: %{name}.init Source6: %{name}.sysconfig Source3: %{name}.README.SUSE Source4: client-netconfig.up Source5: client-netconfig.down Source7: %{name}.keyring Source8: %{name}.service Source9: %{name}.target Source10: %{name}-tmpfile.conf Source11: rc%{name} Patch1: %{name}-2.3-plugin-man.dif Patch5: %{name}-2.3.0-man-dot.diff Patch6: %{name}-fips140-2.3.2.patch Patch7: revert-daemonize.patch Patch8: openvpn-2.3.9-Fix-heap-overflow-on-getaddrinfo-result.patch # PATCH-FIX-SLE multiple-low-severity-issues bsc#934237 Patch9: openvpn-2.3.x-fixed-multiple-low-severity-issues.patch Patch10: 0001-preform-deferred-authentication-in-the-background.patch Patch11: 0002-openvpn-fips140-AES-cipher-in-config-template.patch Patch12: 0003-cleanup-merge-packet_id_alloc_outgoing-into-packet_i.patch Patch13: 0004-Drop-packets-instead-of-assert-out-if-packet-id-roll.patch Patch14: 0005-Don-t-assert-out-on-receiving-too-large-control-pack.patch Patch15: 0006-Discourage-using-64-bit-block-ciphers.patch Patch20: 0001-Fix-remote-triggerable-memory-leaks-CVE-2017-7521.patch Patch21: 0002-Restrict-x509-alt-username-extension-types.patch Patch22: 0003-Fix-potential-double-free-in-x509-alt-username-CVE-2.patch Patch23: 0004-Prevent-two-kinds-of-stack-buffer-OOB-reads-and-a-cr.patch Patch24: 0005-Fix-remotely-triggerable-ASSERT-on-malformed-IPv6-pa.patch Patch25: 0025-Fix-bounds-check-in-read_key.patch Patch26: openvpn-CVE-2020-15078.patch Patch27: openvpn-CVE-2018-7544.patch Patch28: openvpn-CVE-2022-0547.patch Patch29: openvpn-CVE-2024-28882.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gpg-offline BuildRequires: iproute2 BuildRequires: lzo-devel BuildRequires: openssl-devel BuildRequires: pam-devel %if %{with_systemd} BuildRequires: systemd %endif BuildRequires: libselinux-devel BuildRequires: pkcs11-helper-devel Requires: pkcs11-helper %if %{with_systemd} BuildRequires: systemd-devel %endif %description OpenVPN is a full-featured SSL VPN solution which can accommodate a wide range of configurations, including remote access, site-to-site VPNs, WiFi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. OpenVPN implements OSI layer 2 or 3 secure network extension using the industry standard SSL/TLS protocol, supports flexible client authentication methods based on certificates, smart cards, and/or 2-factor authentication, and allows user or group-specific access control policies using firewall rules applied to the VPN virtual interface. OpenVPN runs on: Linux, Windows 2000/XP and higher, OpenBSD, FreeBSD, NetBSD, Mac OS X, and Solaris. OpenVPN is not a web application proxy and does not operate through a web browser. %package down-root-plugin Summary: OpenVPN down-root plugin Group: Productivity/Networking/Security Requires: %{name} = %{version} %description down-root-plugin The OpenVPN down-root plugin allows an OpenVPN configuration to call a down script with root privileges, even when privileges have been dropped using --user/--group/--chroot. This module uses a split privilege execution model which will fork() before OpenVPN drops root privileges, at the point where the --up script is usually called. The plugin will then remain in a wait state until it receives a message from OpenVPN via pipe to execute the down script. Thus, the down script will be run in the same execution environment as the up script. %package auth-pam-plugin Summary: OpenVPN auth-pam plugin Group: Productivity/Networking/Security Requires: %{name} = %{version} %description auth-pam-plugin The OpenVPN auth-pam plugin implements username/password authentication via PAM, and essentially allows any authentication method supported by PAM (such as LDAP, RADIUS, or Linux Shadow passwords) to be used with OpenVPN. While PAM supports username/password authentication, this can be combined with X509 certificates to provide two indepedent levels of authentication. This plugin uses a split privilege execution model which will function even if you drop openvpn daemon privileges using the user, group, or chroot directives. %package devel Summary: OpenVPN plugin header Group: Development/Libraries/C and C++ Requires: %{name} = %{version} %description devel This package provides the header file to build external plugins. %prep %gpg_verify %{S:1} %setup -q -n %{name}-%{version} %patch1 -p0 %patch5 -p0 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 %patch20 -p1 %patch21 -p1 %patch22 -p1 %patch23 -p1 %patch24 -p1 %patch25 -p1 %patch26 %patch27 %patch28 %patch29 -p1 sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \ -i src/openvpn/options.c sed -e "s|@PLUGIN_LIBDIR@|%{_libdir}/openvpn/plugins|g" \ -e "s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g" \ -i doc/openvpn.8 # %%doc items shouldn't be executable. find contrib sample -type f -exec chmod a-x \{\} \; %build export CFLAGS="$RPM_OPT_FLAGS $(getconf LFS_CFLAGS) -W -Wall -fno-strict-aliasing" export LDFLAGS %configure \ --enable-iproute2 \ --enable-x509-alt-username \ --enable-password-save \ %if %{with_systemd} --enable-systemd \ %endif --enable-plugins \ --enable-plugin-down-root \ --enable-plugin-auth-pam \ CFLAGS="$CFLAGS $(getconf LFS_CFLAGS) -fPIE $PLUGIN_DEFS" \ LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugins" make %install make DESTDIR=$RPM_BUILD_ROOT install find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/openvpn mkdir -p $RPM_BUILD_ROOT/%{_rundir}/openvpn mkdir -p $RPM_BUILD_ROOT/%{_datadir}/openvpn %if %{with_systemd} install -D -m 644 $RPM_SOURCE_DIR/%{name}.service %{buildroot}/%{_unitdir}/%{name}@.service install -D -m 644 $RPM_SOURCE_DIR/%{name}.target %{buildroot}/%{_unitdir}/%{name}.target install -D -m 755 $RPM_SOURCE_DIR/rc%{name} %{buildroot}%{_sbindir}/rc%{name} # tmpfiles.d mkdir -p %{buildroot}%{_libexecdir}/tmpfiles.d install -m 0644 $RPM_SOURCE_DIR/%{name}-tmpfile.conf %{buildroot}%{_libexecdir}/tmpfiles.d/%{name}.conf %else install -D -m 755 $RPM_SOURCE_DIR/openvpn.init $RPM_BUILD_ROOT/%{_sysconfdir}/init.d/openvpn ln -sv %{_sysconfdir}/init.d/openvpn $RPM_BUILD_ROOT/%{_sbindir}/rcopenvpn # the /etc/sysconfig/openvpn template only with sysvinit, no needed with systemd install -d -m0755 %{buildroot}/var/adm/fillup-templates install -m0600 $RPM_SOURCE_DIR/openvpn.sysconfig \ %{buildroot}/var/adm/fillup-templates/sysconfig.openvpn %endif cp -p $RPM_SOURCE_DIR/openvpn.README.SUSE README.SUSE install -m 755 $RPM_SOURCE_DIR/client-netconfig.up sample/sample-scripts/client-netconfig.up install -m 755 $RPM_SOURCE_DIR/client-netconfig.down sample/sample-scripts/client-netconfig.down # we install docs via spec into _defaultdocdir/name/management-notes.txt rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name} find sample -name .gitignore | xargs rm -f %post %__mkdir_p -m750 %{_rundir}/openvpn %if %{with_systemd} %service_add_post %{name}.target # try to migrate openvpn.service autostart to openvpn@<CONF>.service if test ${FIRST_ARG:-$1} -ge 1 -a \ -x /bin/systemctl -a \ -f /etc/sysconfig/openvpn -a \ -f /var/adm/fillup-templates/sysconfig.openvpn && \ /bin/systemctl --quiet is-enabled openvpn.service &>/dev/null ; then . /etc/sysconfig/openvpn try_service_cgroup_join() { local p="/var/run/openvpn/${1}.pid" local t="/sys/fs/cgroup/systemd/system/openvpn@.service/${1}" /sbin/checkproc -p "$p" "%{_sbindir}/openvpn" &>/dev/null || return 0 test -d "$t" || mkdir -p "$t" 2>/dev/null || return 1 cat "$p" > "$t/tasks" 2>/dev/null || return 1 } if test "X$OPENVPN_AUTOSTART" != "X" ; then for conf in $OPENVPN_AUTOSTART ; do test -f "/etc/openvpn/${conf}.conf" && \ /bin/systemctl enable "openvpn@${conf}.service" && \ try_service_cgroup_join "$conf" || continue done else shopt -s nullglob || : for conf in /etc/openvpn/*.conf ; do conf=${conf##*/} conf=${conf%.conf} test -f "/etc/openvpn/${conf}.conf" && \ /bin/systemctl enable "openvpn@${conf}.service" && \ try_service_cgroup_join "$conf" || continue done fi fi rm -f /etc/sysconfig/openvpn || : %else %{?fillup_and_insserv:%fillup_and_insserv} %endif %preun %if %{with_systemd} %service_del_preun %{name}.target %else %{?stop_on_removal:%stop_on_removal openvpn} %endif %postun %if %{with_systemd} /bin/systemctl --system daemon-reload &>/dev/null || : %else %{?insserv_cleanup:%insserv_cleanup} %endif %files %defattr(-,root,root) %doc AUTHORS COPYING COPYRIGHT.GPL ChangeLog PORTS README %doc src/plugins/{auth-pam/README.auth-pam,down-root/README.down-root} %doc README.* %doc contrib %doc sample/sample-config-files %doc sample/sample-keys %doc sample/sample-scripts %doc doc/management-notes.txt %doc %{_mandir}/man8/openvpn.8.gz %config(noreplace) %{_sysconfdir}/openvpn/ %if %{with_systemd} %{_unitdir}/%{name}@.service %{_unitdir}/%{name}.target %{_libexecdir}/tmpfiles.d/%{name}.conf %else %config %{_sysconfdir}/init.d/openvpn /var/adm/fillup-templates/sysconfig.openvpn %endif %{_sbindir}/rcopenvpn %{_sbindir}/openvpn %attr(0750,root,root) %dir %ghost %{_rundir}/openvpn %files down-root-plugin %defattr(-,root,root) %dir %{_libdir}/%{name} %dir %{_libdir}/%{name}/plugins %{_libdir}/%{name}/plugins/%{name}-plugin-down-root.so %files auth-pam-plugin %defattr(-,root,root) %dir %{_libdir}/%{name} %dir %{_libdir}/%{name}/plugins %{_libdir}/%{name}/plugins/%{name}-plugin-auth-pam.so %files devel %defattr(-,root,root) %{_includedir}/%{name}-plugin.h %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor