From patchwork Wed Apr 1 14:19:21 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_Sch=C3=BCrmann?= X-Patchwork-Id: 4865 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:fe4d:b0:83c:d90d:321 with SMTP id da13csp167708mac; Wed, 1 Apr 2026 07:19:52 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCU9FtTxLMpSohpJIKEdMB78RfXhW3jMEaRn6TQ2Nc01npkWeopTgex8IfsUwHjs+zgbsMy1ZOqg6QU=@openvpn.net X-Received: by 2002:a05:6820:55d5:10b0:680:17e0:4443 with SMTP id 006d021491bc7-68017e05a56mr474522eaf.63.1775053192125; Wed, 01 Apr 2026 07:19:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1775053192; cv=none; d=google.com; s=arc-20240605; b=f8VXOxOwUC7Aren4eOyrHmPp6JO8NkNQe/zmUXAOpyOUlXWPqppIR/18zzfBUCmZZT 3uxq4uJyfF9g689N0c3kAbHS8xaDIeUUYUIlx29A7Gs0V8bw5ZVucZFajetwwNLuFdwm mrC6I1SaPHlGkD2dFQ0Ady3J0MgedwHcBMZLLm7K6zggcjF65jraesgP4J4XgDtzrq68 bWdNeYD6fMi4WCFSlTd4pPQxWpn1WWnuxCAkZiPbuZ4UI5KE4RL/59H9By+1FyDjLTJp 7eSnHX/4QPobjWhsDujxj3bRVa1TaX5EbbRXtT51bcVac1kEFETN5wABmH/kKJOSCDOY yA1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature; bh=6f3tJ+VTvlKnI/mUKYZikYVPi31d6knRXec0KcFBNcM=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=FK13nWLnW0SGwrpWskztDr8PnuNQT3YRsNJFt5g77/UYxuN2vnIdjSt4oAwJEaEyby 5oO1KI23MbN6q7yRy23jXahMdl8S+8pIrERj04ZG/qQpY7i/cKYyL6RnYIzEmKOtSNV4 W7RPaT6bjVLZx0/vgeQ4TMfXnqRjHSGIHc9FrnHkb/QYoKIgW/nUiHYPtnuJRFNwCUPR hd+mntrwmlKzeH5w1WB0LALlY0CCAdXbGAz/mMKdZigu5KdctDJuq8FCERS1wcNX+7pR +SuXc0FlKD6KLiPfeTS1I8u6C8dyJdKSH4fk6T0ojS2XeWIgdHYfr+DqsOgS0ROM00dz xdTQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=DIaPdPnW; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=iyurb0Yp; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=TCJ3jRL+; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=fedoraproject.org Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-67e231c7168si8786299eaf.44.2026.04.01.07.19.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Apr 2026 07:19:52 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=DIaPdPnW; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=iyurb0Yp; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=TCJ3jRL+; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=fedoraproject.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=6f3tJ+VTvlKnI/mUKYZikYVPi31d6knRXec0KcFBNcM=; b=DIaPdPnWQLhIIe/Z+384lKe8Fv eHVdNl8dfy9c7FAjtGFl6q/JwjjpmK/7oZHT1j5gMZqkdhe/JTFRPlRsstueACmpreZWAKaTiHQ/v UPSFdwU9JQsG71/Lszi5ShwJufKr5R0mThAgNeZBSvqyFbVCznHGp4VXCtaRD+ztNpWQ=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1w7wQ5-00024W-N7; Wed, 01 Apr 2026 14:19:45 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1w7wQ4-00024P-Jo for openvpn-devel@lists.sourceforge.net; Wed, 01 Apr 2026 14:19:44 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:Content-Type:MIME-Version :Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=reR6V42I699SiohVu7drV8O6jSV49pgBn+Al6jx2KzE=; b=iyurb0Yp2+/BdQ54LYzBGMzDxX 20P3JXQt6TFKBtN9TQ5Ho6JGlmZlzyltzmBS36owSJbqoHp2/FpSdAnvHX0pljMRnO2QC2piC8yZI thO2FwLyZadmFclcc8+pUtuHp0yM8lViPkkWKv8qThk7/L4V+GJp5c+x2K3W6Y5fZsxM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID:Date: Subject:Cc:To:From:Sender:Reply-To:Content-ID:Content-Description:Resent-Date :Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=reR6V42I699SiohVu7drV8O6jSV49pgBn+Al6jx2KzE=; b=T CJ3jRL+aHEk3NkFmz//7rVKsWARW+/CBTWLJXFRsRebDhyeQlHzQX08XEhI9ZlgDEiMomm5ht28Cf wKA4+fOFjK9NMpKC21ETBNq+wSfEaJaflOrd8hWZr+RtHZbuWA3rFE/YjDXPmlCr8dg0FJuewSFOk R04QhLqXl+JziHvM=; Received: from mail-ej1-f44.google.com ([209.85.218.44]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.95) id 1w7wQ3-00068Q-RM for openvpn-devel@lists.sourceforge.net; Wed, 01 Apr 2026 14:19:44 +0000 Received: by mail-ej1-f44.google.com with SMTP id a640c23a62f3a-b982518b73fso1106892566b.1 for ; Wed, 01 Apr 2026 07:19:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775053172; x=1775657972; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=reR6V42I699SiohVu7drV8O6jSV49pgBn+Al6jx2KzE=; b=bXtVu0pf1nKFA63ASHlZv3YXaAhi22hVbEux6baO5/EVewuSD56rpPR1frpDSQv1TK lrbX7u2G2Or5jmw0KAN3XkOgnHTMf/THDDQSky0n7ODktBst//0C9+irWOav659kJd+Z jUY1f7N3cbNrjXL3BE4NKIMPQ60ndGcVigi6ptCV85OYToAzzpQy1fHDRR46z8lafy57 J6SS1L8h8hB/Ms46FUa9oaOySzAy2nZCS6vkm4R+18sCn1vwgotc51h8TrqKH/B96cbF ucWRGnLRMKJ4d5pjV+GZYDInXh4cw6Ca33MCQrLbvbGj+PLjnf2EQn2dIr0UioUz6MK4 Sw4g== X-Gm-Message-State: AOJu0YxBLUSKoIs0QVUw2y4Ij0X8juYQ8+3KHF+0sfr/N9Q32s/VqTUp bJ9cGrepJxHOYRvQsuKfMMPU3e9wevC/zfnqGKWN3I6MfOBdHZMQvrYqFqRBMw== X-Gm-Gg: ATEYQzzmXy9QuvJsi8KsAdEFpLg5vZOHjCddoScyKGpst7o74wWjKSZ6meW86eEkDUc 8hqLgHAbRosxPx3kt8JCK4OFfZf5KlQRqxVQLwcS1+bixUjKr0HFqYIVjYdlVDECg3QvZt1ic8U lHLAKCJR/Af0P5E55Yn7YxD8jBoF7vkzaObut2eUdXfNVODsKEfC4EGHWc63iOztu1fJcxlFtgL 149+SI9dD2KfZPbwoti3YBQXfpxeX9hO8EjmYqTNN136X70npwGSzZdlOOA/CUvlRc2FLvfovYJ NisEKChoDfSfIvPtd1lP4ps42bxygsXURYyaVtElYOfDk+RTjMoEaEVBjQKTc4lNK6L2dwPeryj YUuMCEXktMWd3XxpvcU95ZPRvcVD+rDTSOV1hwHhJgQeB/wnU83H+q6yRPwrhJQFjaHFmWota+9 0ZiyCOrYDWsfNipI1AYUg5rLKpUyaamfrVff1AMEMq+w== X-Received: by 2002:a17:906:a50:b0:b98:8d3a:7d26 with SMTP id a640c23a62f3a-b9c138fa8bemr180578566b.15.1775053172145; Wed, 01 Apr 2026 07:19:32 -0700 (PDT) Received: from FatDora.home ([2001:a61:b80:5d00:daaf:2188:7029:22ae]) by smtp.googlemail.com with ESMTPSA id a640c23a62f3a-b9b7ae50e6dsm532838766b.15.2026.04.01.07.19.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 07:19:31 -0700 (PDT) From: =?utf-8?q?Christian_Sch=C3=BCrmann?= To: openvpn-devel@lists.sourceforge.net Date: Wed, 1 Apr 2026 16:19:21 +0200 Message-ID: <20260401141921.1073929-1-spike@fedoraproject.org> X-Mailer: git-send-email 2.53.0 MIME-Version: 1.0 X-Spam-Score: 0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Since openvpn-server@.service.in changed recently and the default fuzz level for RPM's patch macro is 0, patch file can no longer be applied. This should fix the recently failing builds on copr.fedora [...] Content analysis details: (0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.218.44 listed in wl.mailspike.net] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider [spikefedora(at)gmail.com] 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different X-Headers-End: 1w7wQ3-00068Q-RM Subject: [Openvpn-devel] [PATCH] Update patch file so it applies on release/2.7 and master without fuzz X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1861278175645801821?= X-GMAIL-MSGID: =?utf-8?q?1861278175645801821?= Since openvpn-server@.service.in changed recently and the default fuzz level for RPM's patch macro is 0, patch file can no longer be applied. This should fix the recently failing builds on copr.fedoraproject.org Signed-off-by: Christian Schürmann --- ...hange-the-default-cipher-to-AES-256-GCM-for-server-.patch | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch index a281989..2c6ab5b 100644 --- a/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch +++ b/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch @@ -17,7 +17,6 @@ cipher is no longer available by default in OpenSSL 3.0. It can be enabled via the legacy provider in OpenSSL 3.0, but BF-CBC is deprecated and should not be used any more. OpenVPN 2.4 and newer will always negotiate a stronger cipher by default and older OpenVPN releases are no longer supported upstream. - --- distro/systemd/openvpn-server@.service.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -26,12 +25,12 @@ diff --git a/distro/systemd/openvpn-server@.service.in b/distro/systemd/openvpn- index 6e8e7d9..6acbc8e 100644 --- a/distro/systemd/openvpn-server@.service.in +++ b/distro/systemd/openvpn-server@.service.in -@@ -10,7 +10,7 @@ +@@ -10,7 +10,7 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO Type=notify PrivateTmp=true WorkingDirectory=/etc/openvpn/server -ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf +ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC --config %i.conf CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SETPCAP CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_SYS_NICE CAP_AUDIT_WRITE - LimitNPROC=10 + TasksMax=20 DeviceAllow=/dev/null rw