Latest upstream release: 2.4.0 Current version/release in rawhide: 2.3.14-1.el7 URL: http://www.openvpn.net/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/2567/
Patching or scratch build for openvpn-2.3.14 failed.
Created attachment 1235565 [details] Rebase-helper rebase-helper-debug.log log file. See for details and report the eventual error to rebase-helper https://github.com/phracek/rebase-helper/issues.
Patches were not touched. All were applied properly
In git, but FTBFS due to openssl 1.1.x. Not likely to be supported until 2.5.x
(In reply to Jon Ciesla from comment #4) > In git, but FTBFS due to openssl 1.1.x. Not likely to be supported until > 2.5.x An alternative could be to build OpenVPN with ./configure --with-crypto-library=mbedtls ... And drop the OpenSSL dependency in favour of mbedtls-2.x.x.
Our mbedtls lacks pkcs11 support. checking mbedtls pkcs11 support... configure: error: mbedtls has no pkcs11 wrapper compiled in I've can file a BZ to get that done, or do it myself, but even if I do a local build that includes it, it doesn't seem to find pkcs11 in mbedtls.
Additonally, this would be a problem: configure: error: mbed TLS does not support the --x509-username-field feature
(In reply to Jon Ciesla from comment #7) > Additonally, this would be a problem: > > configure: error: mbed TLS does not support the --x509-username-field feature To my knowledge this is a very little used feature, I'd let it pass for Rawhide currently.
Is disabling pkcs11 ok for rawhide as well?
limb's openvpn-2.4.0-2.fc26 completed http://koji.fedoraproject.org/koji/buildinfo?buildID=839675
openvpn-2.4.0-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-669dbe8a47
openvpn-2.4.0-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-d1000d05d1
openvpn-2.4.0-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-d1000d05d1
openvpn-2.4.0-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-669dbe8a47
Unpushed stable releases, leaving f26+ only.
On F25 this works for me with the latest NetworkManager-openvpn plugin from updates-testing, including with server name verification (#1421241). v2.4.0 brings better IPv6 support, allowing me to properly work with untrusted public networks that hand out global IPv6 addresses (Comcast-backed hotspots). Other than the bug above, was there another reason to unpush this for F25?
See the comments in the bodhi updates linked above.
bug 1421241, referenced by the F25 bodhi thread, seems to be moving well, at least for NM users. As I mentioned using nm-openvpn from updates-testing it already works for me. Is that enough to get 2.4 into F25 (and if further discussion is needed, where should I take it)?
I'm not sure. The command line options changed. Comment the above on the bodhi updates and see what the commenters think.
As long as the nm-openvpn plug-in is updated, pushing this to F25 should not be an issue a real issues, IMHO. With that said, there are more updates coming to nm-openvpn, which does some additional tricks to ease the migration for most configurations. But it will not cover all scenarios. It is also fairly well discussed in bugzilla #1421241. But regardless of --tls-remote going away. This option have been deprecated for about 3 years and it has been documented as deprecated for the same time. At some point it is needed to tell users to update their configuration.
As an F25 and OpenVPN user.. Im just wondering where this left off? My company's vpn requires at least version 2.4 so the lack of a package is stopping me from switching distros. Do I correctly assume that the bodhi link above for F25 is correct if I wanted to try the latest iteration?
OpenVPN v2.4.1 have been built for Fedora 25, 26 and Rawhide. Hopefully this resolves most of these issues found in these builds for openvpn-2.4.0. See bz#1435036 for more details.