Bug 1408889
Summary: | openvpn-2.4.0 is available | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Upstream Release Monitoring <upstream-release-monitoring> | ||||
Component: | openvpn | Assignee: | Gwyn Ciesla <gwync> | ||||
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | rawhide | CC: | dazo, dimitris.on.linux, gwync, huzaifas, invalid.path, jan.kratochvil, steve | ||||
Target Milestone: | --- | Keywords: | FutureFeature, Triaged | ||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Enhancement | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-02-13 13:54:37 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1411812 | ||||||
Attachments: |
|
Description
Upstream Release Monitoring
2016-12-28 00:18:48 UTC
Patching or scratch build for openvpn-2.3.14 failed. Created attachment 1235565 [details] Rebase-helper rebase-helper-debug.log log file. See for details and report the eventual error to rebase-helper https://github.com/phracek/rebase-helper/issues. Patches were not touched. All were applied properly In git, but FTBFS due to openssl 1.1.x. Not likely to be supported until 2.5.x (In reply to Jon Ciesla from comment #4) > In git, but FTBFS due to openssl 1.1.x. Not likely to be supported until > 2.5.x An alternative could be to build OpenVPN with ./configure --with-crypto-library=mbedtls ... And drop the OpenSSL dependency in favour of mbedtls-2.x.x. Our mbedtls lacks pkcs11 support. checking mbedtls pkcs11 support... configure: error: mbedtls has no pkcs11 wrapper compiled in I've can file a BZ to get that done, or do it myself, but even if I do a local build that includes it, it doesn't seem to find pkcs11 in mbedtls. Additonally, this would be a problem: configure: error: mbed TLS does not support the --x509-username-field feature (In reply to Jon Ciesla from comment #7) > Additonally, this would be a problem: > > configure: error: mbed TLS does not support the --x509-username-field feature To my knowledge this is a very little used feature, I'd let it pass for Rawhide currently. Is disabling pkcs11 ok for rawhide as well? limb's openvpn-2.4.0-2.fc26 completed http://koji.fedoraproject.org/koji/buildinfo?buildID=839675 openvpn-2.4.0-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-669dbe8a47 openvpn-2.4.0-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-d1000d05d1 openvpn-2.4.0-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-d1000d05d1 openvpn-2.4.0-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-669dbe8a47 Unpushed stable releases, leaving f26+ only. On F25 this works for me with the latest NetworkManager-openvpn plugin from updates-testing, including with server name verification (#1421241). v2.4.0 brings better IPv6 support, allowing me to properly work with untrusted public networks that hand out global IPv6 addresses (Comcast-backed hotspots). Other than the bug above, was there another reason to unpush this for F25? See the comments in the bodhi updates linked above. bug 1421241, referenced by the F25 bodhi thread, seems to be moving well, at least for NM users. As I mentioned using nm-openvpn from updates-testing it already works for me. Is that enough to get 2.4 into F25 (and if further discussion is needed, where should I take it)? I'm not sure. The command line options changed. Comment the above on the bodhi updates and see what the commenters think. As long as the nm-openvpn plug-in is updated, pushing this to F25 should not be an issue a real issues, IMHO. With that said, there are more updates coming to nm-openvpn, which does some additional tricks to ease the migration for most configurations. But it will not cover all scenarios. It is also fairly well discussed in bugzilla #1421241. But regardless of --tls-remote going away. This option have been deprecated for about 3 years and it has been documented as deprecated for the same time. At some point it is needed to tell users to update their configuration. As an F25 and OpenVPN user.. Im just wondering where this left off? My company's vpn requires at least version 2.4 so the lack of a package is stopping me from switching distros. Do I correctly assume that the bodhi link above for F25 is correct if I wanted to try the latest iteration? OpenVPN v2.4.1 have been built for Fedora 25, 26 and Rawhide. Hopefully this resolves most of these issues found in these builds for openvpn-2.4.0. See bz#1435036 for more details. |