{"update": {"autokarma": true, "autotime": false, "stable_karma": 2, "stable_days": 0, "unstable_karma": -1, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Updates to the latest upstream OpenVPN 2.4.3, containing security updates for CVE-2017-7508, CVE-2017-7520 and CVE-2017-7521.  This update also re-enables automatic restart of OpenVPN on the next updates. For this update, the restart needs to be done manually.", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2017-06-21 14:12:24", "date_modified": null, "date_approved": null, "date_testing": "2017-06-23 01:59:41", "date_stable": "2017-06-23 14:18:21", "alias": "FEDORA-2017-0639fb1490", "test_gating_status": null, "from_tag": null, "date_pushed": "2017-06-23 14:18:21", "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2017-0639fb1490", "title": "openvpn-2.4.3-1.fc25", "version_hash": "12aa3d3d1eddf44333043dfa7b446590cd624626", "release": {"name": "F25", "long_name": "Fedora 25", "version": "25", "id_prefix": "FEDORA", "branch": "f25", "dist_tag": "f25", "stable_tag": "f25-updates", "testing_tag": "f25-updates-testing", "candidate_tag": "f25-updates-candidate", "pending_signing_tag": "f25-signing-pending", "pending_testing_tag": "f25-updates-testing-pending", "pending_stable_tag": "f25-updates-pending", "override_tag": "f25-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "dsommers", "email": "dazo@eurephia.org", "id": 446, "avatar": "https://seccdn.libravatar.org/avatar/3261354ae2f56e3e735b0a15b987268d73f39e052ffd2fa431f74918d9d307dd?s=24&d=retro", "openid": "dsommers.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cla_redhat"}, {"name": "openvpn"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by dsommers. ", "timestamp": "2017-06-21 14:12:24", "update_id": 90589, "user_id": 91, "id": 625307, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "server and client work well for me", "timestamp": "2017-06-22 13:54:37", "update_id": 90589, "user_id": 2619, "id": 625671, "bug_feedback": [{"karma": 0, "comment_id": 625671, "bug_id": 1463643, "bug": {"bug_id": 1463643, "title": "CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 CVE-2017-7522 openvpn: Multiple security issues fixed in OpenVPN 2.4.3 and 2.3.17 [fedora-all]", "security": true, "parent": false}}, {"karma": 1, "comment_id": 625671, "bug_id": 1463647, "bug": {"bug_id": 1463647, "title": "openvpn-2.4.3 is available", "security": false, "parent": false}}], "testcase_feedback": [], "user": {"name": "sjenning", "email": "sethdjennings@gmail.com", "id": 2619, "avatar": "https://seccdn.libravatar.org/avatar/206836f19760600eddc7a5d57eff27911af45cd6700988f4fcb5502927e3c1c2?s=24&d=retro", "openid": "sjenning.id.fedoraproject.org", "groups": [{"name": "packager"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2017-06-23 03:29:25", "update_id": 90589, "user_id": 91, "id": 625899, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "works for me in a VM", "timestamp": "2017-06-23 14:01:38", "update_id": 90589, "user_id": 739, "id": 626182, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "cserpentis", "email": "cserpentis@gmail.com", "id": 739, "avatar": "https://seccdn.libravatar.org/avatar/a3febfef42f58ed535f3c3a3cf9743653cd774dbb6e4554e2ce7c847d9802b6c?s=24&d=retro", "openid": "cserpentis.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2017-06-23 14:01:40", "update_id": 90589, "user_id": 91, "id": 626183, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2017-06-23 20:54:04", "update_id": 90589, "user_id": 91, "id": 626341, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "openvpn-2.4.3-1.fc25", "signed": true, "release_id": 15, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1463643, "title": "CVE-2017-7508 CVE-2017-7520 CVE-2017-7521 CVE-2017-7522 openvpn: Multiple security issues fixed in OpenVPN 2.4.3 and 2.3.17 [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 625671, "bug_id": 1463643, "comment": {"karma": 1, "karma_critpath": 0, "text": "server and client work well for me", "timestamp": "2017-06-22 13:54:37", "update_id": 90589, "user_id": 2619, "id": 625671, "testcase_feedback": [], "user": {"name": "sjenning", "email": "sethdjennings@gmail.com", "id": 2619, "avatar": "https://seccdn.libravatar.org/avatar/206836f19760600eddc7a5d57eff27911af45cd6700988f4fcb5502927e3c1c2?s=24&d=retro", "openid": "sjenning.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 1, "comment_id": 625760, "bug_id": 1463643, "comment": {"karma": 0, "karma_critpath": 0, "text": "client works for me\n\nkarma: +1", "timestamp": "2017-06-22 19:46:59", "update_id": 90588, "user_id": 207, "id": 625760, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1463647, "title": "openvpn-2.4.3 is available", "security": false, "parent": false, "feedback": [{"karma": 1, "comment_id": 625671, "bug_id": 1463647, "comment": {"karma": 1, "karma_critpath": 0, "text": "server and client work well for me", "timestamp": "2017-06-22 13:54:37", "update_id": 90589, "user_id": 2619, "id": 625671, "testcase_feedback": [], "user": {"name": "sjenning", "email": "sethdjennings@gmail.com", "id": 2619, "avatar": "https://seccdn.libravatar.org/avatar/206836f19760600eddc7a5d57eff27911af45cd6700988f4fcb5502927e3c1c2?s=24&d=retro", "openid": "sjenning.id.fedoraproject.org", "groups": [{"name": "packager"}]}}}, {"karma": 1, "comment_id": 625760, "bug_id": 1463647, "comment": {"karma": 0, "karma_critpath": 0, "text": "client works for me\n\nkarma: +1", "timestamp": "2017-06-22 19:46:59", "update_id": 90588, "user_id": 207, "id": 625760, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 1, "comment_id": 626271, "bug_id": 1463647, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2017-06-23 17:15:45", "update_id": 90592, "user_id": 1716, "id": 626271, "testcase_feedback": [], "user": {"name": "dwille", "email": "dwille@gmail.com", "id": 1716, "avatar": "https://seccdn.libravatar.org/avatar/44365488c190217ddaee5acc25b0e94b6cadfc6b4cd4940ff456405c6673220b?s=24&d=retro", "openid": "dwille.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 626917, "bug_id": 1463647, "comment": {"karma": 1, "karma_critpath": 0, "text": "Tested as VPN server", "timestamp": "2017-06-25 03:20:07", "update_id": 90592, "user_id": 2967, "id": 626917, "testcase_feedback": [], "user": {"name": "greenfeld", "email": "samuel@greenfeld.org", "id": 2967, "avatar": "https://seccdn.libravatar.org/avatar/18bb85be37b1762a9e4ac2ab580d9ab88662d289a54249a65400612e1d6c583e?s=24&d=retro", "openid": "greenfeld.id.fedoraproject.org", "groups": [{"name": "proventesters"}]}}}, {"karma": 0, "comment_id": 626981, "bug_id": 1463647, "comment": {"karma": 0, "karma_critpath": 0, "text": "Is there a specific reason you enabled auto restart (again)? Will it restart all server profiles from /etc/openvpn-server that are enabled with systemctl? \n\nIt may be a bit tricky for us, as we generally install updates, but then choose a later time to restart the OpenVPN server processes... Is it possible to disable this behavior?\n\nIn any case, thanks for the heads up, will consider this on the next update.", "timestamp": "2017-06-25 09:43:17", "update_id": 90592, "user_id": 423, "id": 626981, "testcase_feedback": [], "user": {"name": "fkooman", "email": "fkooman@tuxed.net", "id": 423, "avatar": "https://seccdn.libravatar.org/avatar/8af1ab16d532458205b5334907cdfc0ce6483ddf6f514514133cb07cee400ed9?s=24&d=retro", "openid": "fkooman.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 627401, "bug_id": 1463647, "comment": {"karma": 0, "karma_critpath": 0, "text": "@fkooman, Fun fact: I got complaints that updates didn't restart the openvpn services.\n\nYes, it should restart all profiles on the server.  It is not something we can change now; the cat is already out of the bag.  So the next update will restart the service anyhow, also if we add some \"tunable feature\" in the next update - it will be restarted regardless.\n\nBut I can look at adding a \"don't restart\" feature.  For example something like checking if a file named /etc/openvpn/server/.update-no-restart  exists or not.  I'm not saying that's how it will be, but that is one plausible solution.\n\nSo to the longer answer why this was changed.  When I cleaned up the .spec file, a lot of moving parts had to be changed at the same time (otherwise we wouldn't  be finished with the clean up until after the next 5-6 updates).  A lot of the changes involved moving over to standardized RPM macros for doing a lot of things.  So I chose to ensure we don't break running services needlessly on automated updates until the dust had settled a bit.  And now it felt like the right time to do what most users expects.\n", "timestamp": "2017-06-26 11:12:21", "update_id": 90592, "user_id": 446, "id": 627401, "testcase_feedback": [], "user": {"name": "dsommers", "email": "dazo@eurephia.org", "id": 446, "avatar": "https://seccdn.libravatar.org/avatar/3261354ae2f56e3e735b0a15b987268d73f39e052ffd2fa431f74918d9d307dd?s=24&d=retro", "openid": "dsommers.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "cla_redhat"}, {"name": "openvpn"}]}}}, {"karma": 0, "comment_id": 627402, "bug_id": 1463647, "comment": {"karma": 0, "karma_critpath": 0, "text": "> But I can look at adding a \"don't restart\" feature.\n\nThat would be cool, but maybe you don't need to invest time in this if I'm to only one who wants this, something can be said for both approaches. I think also Debian always restarts daemons on update, but not completely sure...\n\n> And now it felt like the right time to do what most users expects.\n\nFair enough. I guess installing updates outside maintenance windows without rebooting/restarting can be unstable/dangerous anyway. So we'll live :-) \n\nThanks for the explanation! ", "timestamp": "2017-06-26 11:35:48", "update_id": 90592, "user_id": 423, "id": 627402, "testcase_feedback": [], "user": {"name": "fkooman", "email": "fkooman@tuxed.net", "id": 423, "avatar": "https://seccdn.libravatar.org/avatar/8af1ab16d532458205b5334907cdfc0ce6483ddf6f514514133cb07cee400ed9?s=24&d=retro", "openid": "fkooman.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 1, "comment_id": 627954, "bug_id": 1463647, "comment": {"karma": 0, "karma_critpath": 0, "text": "\n\nkarma: +1", "timestamp": "2017-06-27 10:58:05", "update_id": 90591, "user_id": 207, "id": 627954, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 1, "comment_id": 627955, "bug_id": 1463647, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2017-06-27 11:05:29", "update_id": 90591, "user_id": 3703, "id": 627955, "testcase_feedback": [], "user": {"name": "markec", "email": "marko.bevc@gmail.com", "id": 3703, "avatar": "https://seccdn.libravatar.org/avatar/2a3640b3b2df97a062aff29758dd6a2ce98adba2cdd4da3fceb85df19b25200c?s=24&d=retro", "openid": "markec.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 1, "comment_id": 627956, "bug_id": 1463647, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2017-06-27 11:08:01", "update_id": 90591, "user_id": 3704, "id": 627956, "testcase_feedback": [], "user": {"name": "defer", "email": "david@scalefactory.com", "id": 3704, "avatar": "https://seccdn.libravatar.org/avatar/9aef900eeaaf586e9362f4097159ab6e6b330a003e2884f2964dde62d2337e4c?s=24&d=retro", "openid": "defer.id.fedoraproject.org", "groups": []}}}]}], "updateid": "FEDORA-2017-0639fb1490", "karma": 2, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}