2157946 – Request to update openvpn to 2.5.X

Bug 2157946 - Request to update openvpn to 2.5.X

Summary: Request to update openvpn to 2.5.X

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora EPEL
Classification:	Fedora
Component:	openvpn
Sub Component:
Version:	epel7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	David Sommerseth
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2023-01-03 16:26 UTC by Stephen John Smoogen
Modified:	2023-01-27 10:47 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-01-09 16:32:39 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Description Stephen John Smoogen 2023-01-03 16:26:13 UTC

Description of problem:

There was a request in the EPEL IRC channel about the fact that openvpn in EPEL7 and EPEL8 are 2.4.x and will be EOL for any fixes from upstream in a month or so. The requestor was wondering if 2.5.x could be made available for EL7 and EL8?


Version-Release number of selected component (if applicable): 2.4.x

[corrected the version as I misread what was going on in IRC]

Comment 1 Carl George 🤠 2023-01-05 02:41:00 UTC

Here is the upstream changelog for version 2.5.0, which mentions several things that are removed.

https://github.com/OpenVPN/openvpn/blob/v2.5.0/Changes.rst

I'm not very familiar with this software, but those removals make it sound like going from 2.4.x to 2.5.x can't really be considered compatible, and thus would need to follow EPEL's incompatible upgrade process.

https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades/

Comment 2 David Sommerseth 2023-01-09 16:32:39 UTC

I intend to keep the OpenVPN 2.4 packages up-to-date in regards to security patches and such as best as I can in the current EPEL repos. As Carl points out, it could potentially break existing installations.

I ignored that detail when moving from OpenVPN 2.3 to 2.4 some years ago, and got slammed badly by that; I'm not repeating that mistake again - as I have fully sympathy for people expecting their stable systems to be reliable when upgrading packages.

We could put an effort into testing what would break and how to avoid that. But I don't have enough spare cycles to tackle such a task.

However, I do also maintain some Fedora Copr repositories with more newer releases.

OpenVPN 2.5 releases can be found here: https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release/
OpenVPN 2.6 beta releases are here: https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-beta/ ... and I intend to make an openvpn-release-2.6 repo once that is released.

In addition, the next-generation OpenVPN (currently client only) release, based on the OpenVPN 3 Core library (using C++), can be found here: https://copr.fedorainfracloud.org/coprs/dsommers/openvpn3/

For testing OpenVPN 2.6 using the Data Channel Offload (DCO, an OpenVPN kernel module), you need the openvpn3 repository together with the openvpn-beta repository to get all the packages you need.

So to conclude ... since there are Fedora Copr repositories available with newer versions and I intend to keep the OpenVPN 2.4 packages in a reasonable shape for EPEL releases, I consider this ticket closed.

Comment 3 David Sommerseth 2023-01-27 10:47:50 UTC

The OpenVPN 2.6 release repository has now been published for EPEL 7, 8 and 9 in addition to Fedora 36 and 37.
https://copr.fedorainfracloud.org/coprs/dsommers/openvpn-release-2.6/

Fedora 38 will ship with OpenVPN 2.6.

Note You need to log in before you can comment on or make changes to this bug.