Overview

Request 1130475 accepted

- Rename gnome subpackage to NetworkManager-applet-l2tp
to more accurately reflect its usage
- Add missing supplements:
- NM and xl2tpd
- NMA subpackage: Main package and NMA
- Configure runstatedir to %_rundir
- Update to version 1.20.8:
+ Fix padding of PPP Options dialog.
+ Undo PTP peer & ext GW routing prevention workaround first
introduced with NetworkManager-l2tp 1.8.4 as workaround no
longer works with NetworkManager 1.36. The actual fix should
be done in NetworkManager.
+ Add support for Manual IPv4 configuration options: Address,
Netmask and Gateway.
+ Remove deprecated OpenSSL 3 related code.
+ Load L2TP kernel modules if NM_L2TP_MODPROBE env variable set.
- Update to version 1.20.6:
+ Fix for Libreswan 4.9 and later detection.
+ Fix for ipsec-psk-flags setting not being saved.
+ Add getenv NM_L2TP_XL2TPD_MAX_RETRIES to allow setting the
xl2tpd max retries value.
+ Increase IPsec and L2TP daemon wait timeouts for potentially
better debugging.
+ Updated translations.
- Changes from version 1.20.4:
+ Security fix - properly detect that strongswan CHILD_SA
connection has been established.
+ Fix for libreswan "cannot route template policy" error.
- Update to version 1.20.2:
+ Gtk4 version of the editor plugin is now available (for use
with Control Center of GNOME 42 or later).
+ Updated translations.
- Add pkgconfig(gtk4) and pkgconfig(libnma-gtk4) BuildRequires and
pass --with-gtk4=yes to configure, build the gtk4 version.
- Pass --enable-lto=yes to configure, build using LTO support.
- Add optional libxml2-tools BuildRequires, build runs
xml-stripblanks preprocessing if available.

- Update to version 1.20.0:
+ Support for kl2tpd from Katalix's go-l2tp project added.
+ Support for Multilink PPP added.
+ L2TP ephemeral source port checkbox added.
+ Honors $CHARONDEBUG and $PLUTODEBUG even without --debug
+ intltool for i18n builds no longer required.
+ deprecated libnm-glib/libnm-util code removed.
+ Updated translations.
- Update dependencies for NetworkManager >= 1.20.0
- Remove redundant intltool build dependency.
- Replace recommends strongswan with (strongswan or libreswan)
- Update to version 1.8.6:
+ Fix for make check warning that prevented RPMs from being
built.
- Changes from version 1.8.2:
+ Update strings for new dialog design in gnome-shell.
e.g use "Password" instead of "Password:".
+ Use /usr/share/metainfo for AppData files.
+ Move D-Bus policy file to /usr/share/dbus-1/system.d/.
+ Add --with-nm-ipsec-nss-dir configure switch for Libreswan NSS
database location with default value of /var/lib/ipsec/nss.
+ Do not add broken route to VPN gateway IP address.
+ Add back import/export capability.
+ Fix for user certificate password flags for connection editor.
+ Fixes for user certificate support.
+ Provide --enable-libreswan-dh2 configure switch for older
versions of Libreswan or those built with USE_DH2.
+ KDE plasma-nm compatibility for "Gateway ID".
+ Updated translations.
- Update default PPPD_PLUGIN_DIR to %{_libdir}/pppd/2.4.8.
- Use --enable-libreswan-dh2 configure switch.
- D-Bus policy file location is now /usr/share/dbus-1/system.d.
- AppData file location is now /usr/share/metainfo.

- Set the path for the VPN service name file correctly to
%_vpnservicedir (provided by macros.NetworkManager).
- No longer recommend -lang: supplements are in use
- Update to version 1.8.0:
+ User and machine TLS certificate support.
+ New dependency on OpenSSL's libcrypto (>= 1.1.0).
+ New dependency on Network Security Services (NSS) libraries.
+ Routines to auto detect the TLS certificate and private key
file formats by looking at the file contents and not the file
extension, also determines if the files are encrypted with a
password, which includes testing if the password is the empty
string or NULL.
+ Routines to import certificates and privates keys into a
Libreswan NSS database.
+ Grey out the auth type selection for user authentication if
EAP-TLS pppd patch (i.e. https://www.nikhef.nl/~janjust/ppp/)
was not detected, e.g. with openSUSE.
+ Updated translations.
- Added BuildRequires for openssl-devel and pkgconfig(nss)
- Update to version 1.2.14:
+ Changed Legacy Proposal button to Prevalent Algorithms button.
+ Prevalent Algorithms button populates Phase 1 and 2 Algorithm
text entry boxes with a merge of Windows 10 and
macOS/iOS/iPadOS L2TP clients' IKEv1 proposals.
+ Added use IKEv2 key exchange option.
+ Improved debugging output for Libreswan and strongSwan.
Libreswan debugging can now be cutomized by setting the
PLUTODEBUG environment variable.
strongSwan debugging can now be cutomized by setting the
CHARONDEBUG environment variable.
+ Gray out "IPsec Settings..." button if neither Libreswan nor
strongSwan are found.
+ Updated translations.
- Update to version 1.2.12:
+ Added Legacy Proposal button.
+ Added extra IPsec configuration options.
+ renamed Gateway ID to Remote ID.
+ Use /etc/ipsec.d/ipsec.nm-l2tp.secrets instead of
/etc/ipsec.d/nm-l2tp-ipsec-UUID.secrets.
+ PSK is now Base64 encoded.
+ Legacy KDE Plasma-nm user certificate support.
+ libnm-glib compatibility (NetworkManager < 1.0) is disabled by
default.
+ Updated translations.
- Changes from version 1.2.10:
+ Point version 1.2.10 appdata image URIs to nm-1-2 github
branch.
+ Corrected force UDP encapsulation toggle button behavior.
- URL and Source0 changes as a consequence of upstream GitHub
project being renamed from network-manager-l2tp to
NetworkManager-l2tp.
- Use upstream provided xz tarball instead of GitHub generated gz
tarball.
- autoreconf no longer required as a result of upstream provided
xz tarball.
- Delete any transient nm-l2rp-ipsec-+.secrets files previously
generated by versions <= 1.2.10 in %pre section.
- Delete transient ipsec.nm-l2tp.secrets files in %postun section.
- remove redundant --without-libnm-glib configure switch which is
now the default.
- Package missing COPYING file.
- Use autosetup and make_build macros.
- Following changes in NetworkManager: pass without-libnm-glib to
configure, no longer build deprecated libnm-glib support.
- Following the above changes: Drop no longer needed
pkgconfig(NetworkManager), pkgconfig(libnm-glib),
pkgconfig(libnm-glib-vpn), pkgconfig(libnm-gtk) and
pkgconfig(libnm-util) BuildRequires.
- Drop explicit autoconf, automake, gettext and grep BuildRequires:
libtool BuildRequires is sufficent.
- Drop unnneeded NetworkManager-applet Requires from gnome
sub-package, it is not longer of use for us.
- Modernize spec-file by calling spec-cleaner
- Update to version 1.2.8:
+ Updated translations.
+ Stops strongSwan service when a connection cannot be
established.
- Changes from version 1.2.6:
+ Prefer building against stable libsecret API.
+ If L2TP port 1701 is already in use, no longer writes
"leftprotoport=udp/l2tp" (which is equivalent to
"leftprotoport=udp/1701") to the ipsec config file. This was
done to ensures L2TP is encapsulated in IPsec.
- Changes from version 1.2.4:
+ Split libnm-vpn-plugin-pptp.so into a GTK-free core plugin
usable by nmcli and a UI plugin for nm-applet and gnome
components.
- Changes from version 1.2.2:
+ runtime test for strongwan or libreswan no longer performed if
IPsec tickbox not ticked.
- Changes from version 1.2.0:
+ NetworkManager 1.1.x and 1.2.0 support
- Replace pkgconfig(libsecret-unstable) for pkgconfig(libsecret-1)
BuildRequires following upstreams changes.
- Introduce GTK-free VPN plugin library to base package.
- Update to version 1.0.8:
+ Updated translations.
+ Stops strongSwan service when a connection cannot be
established.
+ sets phase 1 (ike) and phase 2 (esp) ciphers for strongswan to
the same as those used in version 1.0.4
- Changes from version 1.0.6:
+ If L2TP port 1701 is already in use, no longer writes
"leftprotoport=udp/l2tp" (which is equivalent to
"leftprotoport=udp/1701") to the ipsec config file. This was
done to ensures L2TP is encapsulated in IPsec.
+ Uses UUID instead of PID for run-time generated filenames
+ No longer temporarily replaces system /etc/ipsec.secrets file
+ IPsec rekeying is now possible because the following file
remains for the lifetime of the VPN connection :
/etc/ipsec.d/nm-l2tp-ipsec-UUID.secrets
+ Following line is appended to /etc/ipsec.secrets if the include
line is missing:
include /etc/ipsec.d/+.secrets
+ Removed IPsec Group Name from user interface
+ Added IPsec Phase 1 (ike) & Phase 2 (esp) to user interface.
+ New timeout code for IPsec connection up script.
- Changes from version 1.0.4:
+ xl2tpd-1.3.7 compatibility fix for unrecognized option 'lock'.
+ /usr/sbin/ipsec runtime IPsec stack detection improved so that
Openswan is rejected and not treated the same as openSwan.
+ Explictly check strongSwan connection has been established.
- Changes from version 1.0.2:
+ runtime test for strongwan or libreswan no longer performed if
IPsec tickbox not ticked.
- Changes from version 1.0.0:
+ auth-dialog ported to libnm-gtk's NMAVpnPasswordDialog.
+ migrated from deprecated libgnome-keyring to libsecret.
+ Requires strongSwan or Libreswan for IPsec support,
no longer works with Openswan.
+ Added MTU and MRU setting to PPP settings dialog box.
+ IPsec Group Name is now optional in IPsec dialog box.
- Drop icon install: as there is no icon file in the source
anymore, nor is there a .desktop file that can make use of the
icon.
- Drop --disable-more-warnings from configure line: no longer
needed.
- Added %%check section.
- Replaced Requires strongswan with weaker Recommends strongswan.
- Replaced plus characters to recommended asterisk characters in
changes file.
- Update to version 0.9.8.7:
+ ipsec: missing curly braces led to always false return.
+ Updated translations.
- Update to version 0.9.8.6:
+ Bugfix: (security) don't start l2tp if IPsec enabled, but
failed to start.
+ Bugfix: typo in nm-l2tp-service.name.
+ noccp pppd option added.
+ Minor locales fixes.
+ Require new versions of gtk+ and glib.
- Initial package, version 0.9.8:
+ Builds against the GNOME 3.8 versions of GLib and Gtk+.
+ Fix undefuned NM_L2TP_LOCALEDIR.
+ License file added.
+ Minor localization fixes.

Request History
Callum Farmer's avatar

gmbr3 created request

- Rename gnome subpackage to NetworkManager-applet-l2tp
to more accurately reflect its usage
- Add missing supplements:
- NM and xl2tpd
- NMA subpackage: Main package and NMA
- Configure runstatedir to %_rundir
- Update to version 1.20.8:
+ Fix padding of PPP Options dialog.
+ Undo PTP peer & ext GW routing prevention workaround first
introduced with NetworkManager-l2tp 1.8.4 as workaround no
longer works with NetworkManager 1.36. The actual fix should
be done in NetworkManager.
+ Add support for Manual IPv4 configuration options: Address,
Netmask and Gateway.
+ Remove deprecated OpenSSL 3 related code.
+ Load L2TP kernel modules if NM_L2TP_MODPROBE env variable set.
- Update to version 1.20.6:
+ Fix for Libreswan 4.9 and later detection.
+ Fix for ipsec-psk-flags setting not being saved.
+ Add getenv NM_L2TP_XL2TPD_MAX_RETRIES to allow setting the
xl2tpd max retries value.
+ Increase IPsec and L2TP daemon wait timeouts for potentially
better debugging.
+ Updated translations.
- Changes from version 1.20.4:
+ Security fix - properly detect that strongswan CHILD_SA
connection has been established.
+ Fix for libreswan "cannot route template policy" error.
- Update to version 1.20.2:
+ Gtk4 version of the editor plugin is now available (for use
with Control Center of GNOME 42 or later).
+ Updated translations.
- Add pkgconfig(gtk4) and pkgconfig(libnma-gtk4) BuildRequires and
pass --with-gtk4=yes to configure, build the gtk4 version.
- Pass --enable-lto=yes to configure, build using LTO support.
- Add optional libxml2-tools BuildRequires, build runs
xml-stripblanks preprocessing if available.

- Update to version 1.20.0:
+ Support for kl2tpd from Katalix's go-l2tp project added.
+ Support for Multilink PPP added.
+ L2TP ephemeral source port checkbox added.
+ Honors $CHARONDEBUG and $PLUTODEBUG even without --debug
+ intltool for i18n builds no longer required.
+ deprecated libnm-glib/libnm-util code removed.
+ Updated translations.
- Update dependencies for NetworkManager >= 1.20.0
- Remove redundant intltool build dependency.
- Replace recommends strongswan with (strongswan or libreswan)
- Update to version 1.8.6:
+ Fix for make check warning that prevented RPMs from being
built.
- Changes from version 1.8.2:
+ Update strings for new dialog design in gnome-shell.
e.g use "Password" instead of "Password:".
+ Use /usr/share/metainfo for AppData files.
+ Move D-Bus policy file to /usr/share/dbus-1/system.d/.
+ Add --with-nm-ipsec-nss-dir configure switch for Libreswan NSS
database location with default value of /var/lib/ipsec/nss.
+ Do not add broken route to VPN gateway IP address.
+ Add back import/export capability.
+ Fix for user certificate password flags for connection editor.
+ Fixes for user certificate support.
+ Provide --enable-libreswan-dh2 configure switch for older
versions of Libreswan or those built with USE_DH2.
+ KDE plasma-nm compatibility for "Gateway ID".
+ Updated translations.
- Update default PPPD_PLUGIN_DIR to %{_libdir}/pppd/2.4.8.
- Use --enable-libreswan-dh2 configure switch.
- D-Bus policy file location is now /usr/share/dbus-1/system.d.
- AppData file location is now /usr/share/metainfo.

- Set the path for the VPN service name file correctly to
%_vpnservicedir (provided by macros.NetworkManager).
- No longer recommend -lang: supplements are in use
- Update to version 1.8.0:
+ User and machine TLS certificate support.
+ New dependency on OpenSSL's libcrypto (>= 1.1.0).
+ New dependency on Network Security Services (NSS) libraries.
+ Routines to auto detect the TLS certificate and private key
file formats by looking at the file contents and not the file
extension, also determines if the files are encrypted with a
password, which includes testing if the password is the empty
string or NULL.
+ Routines to import certificates and privates keys into a
Libreswan NSS database.
+ Grey out the auth type selection for user authentication if
EAP-TLS pppd patch (i.e. https://www.nikhef.nl/~janjust/ppp/)
was not detected, e.g. with openSUSE.
+ Updated translations.
- Added BuildRequires for openssl-devel and pkgconfig(nss)
- Update to version 1.2.14:
+ Changed Legacy Proposal button to Prevalent Algorithms button.
+ Prevalent Algorithms button populates Phase 1 and 2 Algorithm
text entry boxes with a merge of Windows 10 and
macOS/iOS/iPadOS L2TP clients' IKEv1 proposals.
+ Added use IKEv2 key exchange option.
+ Improved debugging output for Libreswan and strongSwan.
Libreswan debugging can now be cutomized by setting the
PLUTODEBUG environment variable.
strongSwan debugging can now be cutomized by setting the
CHARONDEBUG environment variable.
+ Gray out "IPsec Settings..." button if neither Libreswan nor
strongSwan are found.
+ Updated translations.
- Update to version 1.2.12:
+ Added Legacy Proposal button.
+ Added extra IPsec configuration options.
+ renamed Gateway ID to Remote ID.
+ Use /etc/ipsec.d/ipsec.nm-l2tp.secrets instead of
/etc/ipsec.d/nm-l2tp-ipsec-UUID.secrets.
+ PSK is now Base64 encoded.
+ Legacy KDE Plasma-nm user certificate support.
+ libnm-glib compatibility (NetworkManager < 1.0) is disabled by
default.
+ Updated translations.
- Changes from version 1.2.10:
+ Point version 1.2.10 appdata image URIs to nm-1-2 github
branch.
+ Corrected force UDP encapsulation toggle button behavior.
- URL and Source0 changes as a consequence of upstream GitHub
project being renamed from network-manager-l2tp to
NetworkManager-l2tp.
- Use upstream provided xz tarball instead of GitHub generated gz
tarball.
- autoreconf no longer required as a result of upstream provided
xz tarball.
- Delete any transient nm-l2rp-ipsec-+.secrets files previously
generated by versions <= 1.2.10 in %pre section.
- Delete transient ipsec.nm-l2tp.secrets files in %postun section.
- remove redundant --without-libnm-glib configure switch which is
now the default.
- Package missing COPYING file.
- Use autosetup and make_build macros.
- Following changes in NetworkManager: pass without-libnm-glib to
configure, no longer build deprecated libnm-glib support.
- Following the above changes: Drop no longer needed
pkgconfig(NetworkManager), pkgconfig(libnm-glib),
pkgconfig(libnm-glib-vpn), pkgconfig(libnm-gtk) and
pkgconfig(libnm-util) BuildRequires.
- Drop explicit autoconf, automake, gettext and grep BuildRequires:
libtool BuildRequires is sufficent.
- Drop unnneeded NetworkManager-applet Requires from gnome
sub-package, it is not longer of use for us.
- Modernize spec-file by calling spec-cleaner
- Update to version 1.2.8:
+ Updated translations.
+ Stops strongSwan service when a connection cannot be
established.
- Changes from version 1.2.6:
+ Prefer building against stable libsecret API.
+ If L2TP port 1701 is already in use, no longer writes
"leftprotoport=udp/l2tp" (which is equivalent to
"leftprotoport=udp/1701") to the ipsec config file. This was
done to ensures L2TP is encapsulated in IPsec.
- Changes from version 1.2.4:
+ Split libnm-vpn-plugin-pptp.so into a GTK-free core plugin
usable by nmcli and a UI plugin for nm-applet and gnome
components.
- Changes from version 1.2.2:
+ runtime test for strongwan or libreswan no longer performed if
IPsec tickbox not ticked.
- Changes from version 1.2.0:
+ NetworkManager 1.1.x and 1.2.0 support
- Replace pkgconfig(libsecret-unstable) for pkgconfig(libsecret-1)
BuildRequires following upstreams changes.
- Introduce GTK-free VPN plugin library to base package.
- Update to version 1.0.8:
+ Updated translations.
+ Stops strongSwan service when a connection cannot be
established.
+ sets phase 1 (ike) and phase 2 (esp) ciphers for strongswan to
the same as those used in version 1.0.4
- Changes from version 1.0.6:
+ If L2TP port 1701 is already in use, no longer writes
"leftprotoport=udp/l2tp" (which is equivalent to
"leftprotoport=udp/1701") to the ipsec config file. This was
done to ensures L2TP is encapsulated in IPsec.
+ Uses UUID instead of PID for run-time generated filenames
+ No longer temporarily replaces system /etc/ipsec.secrets file
+ IPsec rekeying is now possible because the following file
remains for the lifetime of the VPN connection :
/etc/ipsec.d/nm-l2tp-ipsec-UUID.secrets
+ Following line is appended to /etc/ipsec.secrets if the include
line is missing:
include /etc/ipsec.d/+.secrets
+ Removed IPsec Group Name from user interface
+ Added IPsec Phase 1 (ike) & Phase 2 (esp) to user interface.
+ New timeout code for IPsec connection up script.
- Changes from version 1.0.4:
+ xl2tpd-1.3.7 compatibility fix for unrecognized option 'lock'.
+ /usr/sbin/ipsec runtime IPsec stack detection improved so that
Openswan is rejected and not treated the same as openSwan.
+ Explictly check strongSwan connection has been established.
- Changes from version 1.0.2:
+ runtime test for strongwan or libreswan no longer performed if
IPsec tickbox not ticked.
- Changes from version 1.0.0:
+ auth-dialog ported to libnm-gtk's NMAVpnPasswordDialog.
+ migrated from deprecated libgnome-keyring to libsecret.
+ Requires strongSwan or Libreswan for IPsec support,
no longer works with Openswan.
+ Added MTU and MRU setting to PPP settings dialog box.
+ IPsec Group Name is now optional in IPsec dialog box.
- Drop icon install: as there is no icon file in the source
anymore, nor is there a .desktop file that can make use of the
icon.
- Drop --disable-more-warnings from configure line: no longer
needed.
- Added %%check section.
- Replaced Requires strongswan with weaker Recommends strongswan.
- Replaced plus characters to recommended asterisk characters in
changes file.
- Update to version 0.9.8.7:
+ ipsec: missing curly braces led to always false return.
+ Updated translations.
- Update to version 0.9.8.6:
+ Bugfix: (security) don't start l2tp if IPsec enabled, but
failed to start.
+ Bugfix: typo in nm-l2tp-service.name.
+ noccp pppd option added.
+ Minor locales fixes.
+ Require new versions of gtk+ and glib.
- Initial package, version 0.9.8:
+ Builds against the GNOME 3.8 versions of GLib and Gtk+.
+ Fix undefuned NM_L2TP_LOCALEDIR.
+ License file added.
+ Minor localization fixes.


GNOME Review Bot's avatar

gnome-review-bot accepted review

Check script succeeded


Dominique Leuenberger's avatar

dimstar accepted review


Dominique Leuenberger's avatar

dimstar approved review


Dominique Leuenberger's avatar

dimstar accepted request

xin+

openSUSE Build Service is sponsored by