Accepting request 451851 from home:darix:playground

- silence warning about %{_rundir}/openvpn - for non systemd case: just package the %{_rundir}/openvpn in the package - for systemd case: call systemd-tmpfiles and own the dir as %ghost in the filelist - refreshed patches to apply cleanly again openvpn-2.3-plugin-man.dif openvpn-fips140-2.3.2.patch - update to 2.3.14 - update year in copyright message - Document the --auth-token option - Repair topology subnet on FreeBSD 11 - Repair topology subnet on OpenBSD - Drop recursively routed packets - Support --block-outside-dns on multiple tunnels - When parsing '--setenv opt xx ..' make sure a third parameter is present - Map restart signals from event loop to SIGTERM during exit-notification wait - Correctly state the default dhcp server address in man page - Clean up format_hex_ex() - enabled pkcs11 support OBS-URL: https://build.opensuse.org/request/show/451851 OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=113
2017-01-24 10:31:30 +00:00 · 2017-01-24 10:31:30 +00:00 · 9779642307
commit 9779642307
parent ce8599bf09
9 changed files with 121 additions and 59 deletions
--- a/openvpn-2.3-plugin-man.dif
+++ b/openvpn-2.3-plugin-man.dif
@ -1,6 +1,8 @@
--- doc/openvpn.8
-+++ doc/openvpn.8	2015/03/02 08:58:02
-@@ -2569,12 +2569,11 @@ plug-in modules, see the README file in
+Index: doc/openvpn.8
+===================================================================
+--- doc/openvpn.8.orig
+++ doc/openvpn.8
+@@ -2690,12 +2690,11 @@ plug-in modules, see the README file in
 .B plugin
 folder of the OpenVPN source distribution.
 
--- a/openvpn-2.3.13.tar.xz
+++ b/openvpn-2.3.13.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9cde0c8000fd32d5275adb55f8bb1d8ba429ff3de35f60a36e81f3859b7537e0
-size 829484
--- a/openvpn-2.3.13.tar.xz.asc
+++ b/openvpn-2.3.13.tar.xz.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iEYEABECAAYFAlgbEocACgkQwp2X7RmNIqOSJwCfQVrcS2k/XC71G1H8ABMQpPrS
-MvAAn3TdER/TEpi82whq3SLABg8wTNuz
-=Zf4E
-----END PGP SIGNATURE-----
--- a/openvpn-2.3.14.tar.xz
+++ b/openvpn-2.3.14.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f3a0d0eaf8d544409f76a9f2a238a0cd3dde9e1a9c1f98ac732a8b572bcdee98
+size 831404
--- a/openvpn-2.3.14.tar.xz.asc
+++ b/openvpn-2.3.14.tar.xz.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iEYEABECAAYFAlhH9nkACgkQwp2X7RmNIqOYtQCfbRsvCy0r7RnYXEAZJ3nzsaww
+JoMAoIMDSlotKGn/9tey0L+Nj8+8kI+N
+=D64i
+-----END PGP SIGNATURE-----
--- a/openvpn-fips140-2.3.2.patch
+++ b/openvpn-fips140-2.3.2.patch
@ -1,6 +1,8 @@
--- openvpn-2.3.2/src/openvpn/crypto_backend.h
-+++ openvpn-2.3.2/src/openvpn/crypto_backend.h	2015/02/19 09:15:02
-@@ -452,10 +452,11 @@ void md_ctx_final (md_ctx_t *ctx, uint8_
+Index: openvpn-2.3.14/src/openvpn/crypto_backend.h
+===================================================================
+--- openvpn-2.3.14.orig/src/openvpn/crypto_backend.h
+++ openvpn-2.3.14/src/openvpn/crypto_backend.h
+@@ -480,10 +480,11 @@ void md_ctx_final (md_ctx_t *ctx, uint8_
  * @param key		The key to use for the HMAC
  * @param key_len	The key length to use
  * @param kt 		Static message digest parameters
@ -13,9 +15,11 @@
 
 /*
  * Free the given HMAC context.
--- openvpn-2.3.2/src/openvpn/crypto.c
-+++ openvpn-2.3.2/src/openvpn/crypto.c	2015/02/19 09:15:02
-@@ -486,7 +486,7 @@ init_key_ctx (struct key_ctx *ctx, struc
+Index: openvpn-2.3.14/src/openvpn/crypto.c
+===================================================================
+--- openvpn-2.3.14.orig/src/openvpn/crypto.c
+++ openvpn-2.3.14/src/openvpn/crypto.c
+@@ -505,7 +505,7 @@ init_key_ctx (struct key_ctx *ctx, struc
   if (kt->digest && kt->hmac_length > 0)
     {
       ALLOC_OBJ(ctx->hmac, hmac_ctx_t);
@ -24,7 +28,7 @@
 
       msg (D_HANDSHAKE,
       "%s: Using %d bit message hash '%s' for HMAC authentication",
-@@ -1409,61 +1409,61 @@ free_ssl_lib (void)
+@@ -1421,61 +1421,61 @@ free_ssl_lib (void)
 #endif /* ENABLE_SSL */
 
 /*
@ -102,9 +106,11 @@
 }
 
 #endif /* ENABLE_CRYPTO */
--- openvpn-2.3.2/src/openvpn/crypto.h
-+++ openvpn-2.3.2/src/openvpn/crypto.h	2015/02/19 09:15:02
-@@ -364,24 +364,24 @@ void free_ssl_lib (void);
+Index: openvpn-2.3.14/src/openvpn/crypto.h
+===================================================================
+--- openvpn-2.3.14.orig/src/openvpn/crypto.h
+++ openvpn-2.3.14/src/openvpn/crypto.h
+@@ -430,24 +430,24 @@ void free_ssl_lib (void);
 #endif /* ENABLE_SSL */
 
 /*
@ -140,9 +146,11 @@
 
 /*
  * Inline functions
--- openvpn-2.3.2/src/openvpn/crypto_openssl.c
-+++ openvpn-2.3.2/src/openvpn/crypto_openssl.c	2015/02/19 09:15:02
-@@ -719,13 +719,17 @@ md_ctx_final (EVP_MD_CTX *ctx, uint8_t *
+Index: openvpn-2.3.14/src/openvpn/crypto_openssl.c
+===================================================================
+--- openvpn-2.3.14.orig/src/openvpn/crypto_openssl.c
+++ openvpn-2.3.14/src/openvpn/crypto_openssl.c
+@@ -829,13 +829,17 @@ md_ctx_final (EVP_MD_CTX *ctx, uint8_t *
 
 void
 hmac_ctx_init (HMAC_CTX *ctx, const uint8_t *key, int key_len,
@ -161,8 +169,10 @@
   HMAC_Init_ex (ctx, key, key_len, kt, NULL);
 
   /* make sure we used a big enough key */
--- openvpn-2.3.2/src/openvpn/crypto_openssl.h
-+++ openvpn-2.3.2/src/openvpn/crypto_openssl.h	2015/02/19 09:15:02
+Index: openvpn-2.3.14/src/openvpn/crypto_openssl.h
+===================================================================
+--- openvpn-2.3.14.orig/src/openvpn/crypto_openssl.h
+++ openvpn-2.3.14/src/openvpn/crypto_openssl.h
@@ -33,6 +33,7 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
@ -171,9 +181,11 @@
 
 /** Generic cipher key type %context. */
 typedef EVP_CIPHER cipher_kt_t;
--- openvpn-2.3.2/src/openvpn/crypto_polarssl.c
-+++ openvpn-2.3.2/src/openvpn/crypto_polarssl.c	2015/02/19 09:15:02
-@@ -608,7 +608,7 @@ md_ctx_final (md_context_t *ctx, uint8_t
+Index: openvpn-2.3.14/src/openvpn/crypto_polarssl.c
+===================================================================
+--- openvpn-2.3.14.orig/src/openvpn/crypto_polarssl.c
+++ openvpn-2.3.14/src/openvpn/crypto_polarssl.c
+@@ -695,7 +695,7 @@ md_ctx_final (md_context_t *ctx, uint8_t
  * TODO: re-enable dmsg for crypto debug
  */
 void
@ -182,9 +194,11 @@
 {
   ASSERT(NULL != kt && NULL != ctx);
 
--- openvpn-2.3.2/src/openvpn/init.c
-+++ openvpn-2.3.2/src/openvpn/init.c	2015/02/19 09:15:02
-@@ -1352,12 +1352,12 @@ do_route (const struct options *options,
+Index: openvpn-2.3.14/src/openvpn/init.c
+===================================================================
+--- openvpn-2.3.14.orig/src/openvpn/init.c
+++ openvpn-2.3.14/src/openvpn/init.c
+@@ -1360,12 +1360,12 @@ do_route (const struct options *options,
  */
 #if P2MP
 static void
@ -199,7 +213,7 @@
 }
 #endif
 
-@@ -1649,8 +1649,8 @@ do_up (struct context *c, bool pulled_op
+@@ -1713,8 +1713,8 @@ do_up (struct context *c, bool pulled_op
 	  if (!c->c2.did_open_tun
 	      && PULL_DEFINED (&c->options)
 	      && c->c1.tuntap
@ -210,7 +224,7 @@
 	    {
 	      /* if so, close tun, delete routes, then reinitialize tun and add routes */
 	      msg (M_INFO, "NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.");
-@@ -2697,11 +2697,11 @@ do_compute_occ_strings (struct context *
+@@ -2792,11 +2792,11 @@ do_compute_occ_strings (struct context *
 #ifdef ENABLE_CRYPTO
   msg (D_SHOW_OCC_HASH, "Local Options hash (VER=%s): '%s'",
        options_string_version (c->c2.options_string_local, &gc),
@ -224,8 +238,10 @@
 	       strlen (c->c2.options_string_remote), 9, &gc));
 #endif
 
--- openvpn-2.3.2/src/openvpn/ntlm.c
-+++ openvpn-2.3.2/src/openvpn/ntlm.c	2015/02/19 09:15:02
+Index: openvpn-2.3.14/src/openvpn/ntlm.c
+===================================================================
+--- openvpn-2.3.14.orig/src/openvpn/ntlm.c
+++ openvpn-2.3.14/src/openvpn/ntlm.c
@@ -90,7 +90,7 @@ gen_hmac_md5 (const char* data, int data
 	hmac_ctx_t hmac_ctx;
 	CLEAR(hmac_ctx);
@ -235,9 +251,11 @@
 	hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len);
 	hmac_ctx_final(&hmac_ctx, (unsigned char *)result);
 	hmac_ctx_cleanup(&hmac_ctx);
--- openvpn-2.3.2/src/openvpn/openvpn.h
-+++ openvpn-2.3.2/src/openvpn/openvpn.h	2015/02/19 09:15:02
-@@ -206,7 +206,7 @@ struct context_1
+Index: openvpn-2.3.14/src/openvpn/openvpn.h
+===================================================================
+--- openvpn-2.3.14.orig/src/openvpn/openvpn.h
+++ openvpn-2.3.14/src/openvpn/openvpn.h
+@@ -205,7 +205,7 @@ struct context_1
 #endif
 
   /* if client mode, hash of option strings we pulled from server */
@ -246,7 +264,7 @@
                                 /**< Hash of option strings received from the
                                  *   remote OpenVPN server.  Only used in
                                  *   client-mode. */
-@@ -474,9 +474,9 @@ struct context_2
+@@ -473,9 +473,9 @@ struct context_2
   bool did_pre_pull_restore;
 
   /* hash of pulled options, so we can compare when options change */
@ -259,9 +277,11 @@
 
   struct event_timeout server_poll_interval;
 
--- openvpn-2.3.2/src/openvpn/options.c
-+++ openvpn-2.3.2/src/openvpn/options.c	2015/02/19 09:15:10
-@@ -828,6 +828,10 @@ init_options (struct options *o, const b
+Index: openvpn-2.3.14/src/openvpn/options.c
+===================================================================
+--- openvpn-2.3.14.orig/src/openvpn/options.c
+++ openvpn-2.3.14/src/openvpn/options.c
+@@ -835,6 +835,10 @@ init_options (struct options *o, const b
 #endif
 #ifdef ENABLE_CRYPTO
   o->ciphername = "BF-CBC";
@ -272,9 +292,11 @@
   o->ciphername_defined = true;
   o->authname = "SHA1";
   o->authname_defined = true;
--- openvpn-2.3.13.orig/src/openvpn/push.c
-+++ openvpn-2.3.13/src/openvpn/push.c	2016-12-03 22:57:58.198398996 +0100
-@@ -408,7 +408,7 @@
+Index: openvpn-2.3.14/src/openvpn/push.c
+===================================================================
+--- openvpn-2.3.14.orig/src/openvpn/push.c
+++ openvpn-2.3.14/src/openvpn/push.c
+@@ -408,7 +408,7 @@ push_reset (struct options *o)
 #endif
 
 static void
@ -283,7 +305,7 @@
 {
   char line[OPTION_PARM_SIZE];
   while (buf_parse (buf, ',', line, sizeof (line)))
-@@ -416,7 +416,7 @@
+@@ -416,7 +416,7 @@ push_update_digest(struct md5_state *ctx
       /* peer-id might change on restart and this should not trigger reopening tun */
       if (strstr (line, "peer-id ") != line)
 	{
@ -292,7 +314,7 @@
 	}
     }
 }
-@@ -472,10 +472,10 @@
+@@ -472,10 +472,10 @@ process_incoming_push_msg (struct contex
       if (ch == ',')
 	{
 	  struct buffer buf_orig = buf;
@ -306,7 +328,7 @@
 	    }
 	  if (!c->c2.did_pre_pull_restore)
 	    {
-@@ -493,8 +493,8 @@
+@@ -493,8 +493,8 @@ process_incoming_push_msg (struct contex
 		{
 		  case 0:
 		  case 1:
@ -317,9 +339,11 @@
 		    ret = PUSH_MSG_REPLY;
 		    break;
 		  case 2:
--- openvpn-2.3.2/src/openvpn/ssl.c
-+++ openvpn-2.3.2/src/openvpn/ssl.c	2015/02/19 09:15:02
-@@ -1342,8 +1342,8 @@ tls1_P_hash(const md_kt_t *md_kt,
+Index: openvpn-2.3.14/src/openvpn/ssl.c
+===================================================================
+--- openvpn-2.3.14.orig/src/openvpn/ssl.c
+++ openvpn-2.3.14/src/openvpn/ssl.c
+@@ -1396,8 +1396,8 @@ tls1_P_hash(const md_kt_t *md_kt,
   chunk = md_kt_size(md_kt);
   A1_len = md_kt_size(md_kt);
 
--- a/openvpn-tmpfile.conf
+++ b/openvpn-tmpfile.conf
@ -1 +1 @@
-D /var/run/openvpn 0750 root root -
+D /run/openvpn 0750 root root -
--- a/openvpn.changes
+++ b/openvpn.changes
@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Sun Jan 22 15:21:17 UTC 2017 - mrueckert@suse.de
+
+- silence warning about %{_rundir}/openvpn
+  - for non systemd case: just package the %{_rundir}/openvpn in
+    the package
+  - for systemd case: call systemd-tmpfiles and own the dir as
+    %ghost in the filelist
+
+-------------------------------------------------------------------
+Sun Jan 22 14:51:44 UTC 2017 - mrueckert@suse.de
+
+- refreshed patches to apply cleanly again
+  openvpn-2.3-plugin-man.dif
+  openvpn-fips140-2.3.2.patch
+
+-------------------------------------------------------------------
+Sun Jan 22 14:47:39 UTC 2017 - mrueckert@suse.de
+
+- update to 2.3.14
+  - update year in copyright message
+  - Document the --auth-token option
+  - Repair topology subnet on FreeBSD 11
+  - Repair topology subnet on OpenBSD
+  - Drop recursively routed packets
+  - Support --block-outside-dns on multiple tunnels
+  - When parsing '--setenv opt xx ..' make sure a third parameter
+    is present
+  - Map restart signals from event loop to SIGTERM during
+    exit-notification wait
+  - Correctly state the default dhcp server address in man page
+  - Clean up format_hex_ex()
+- enabled pkcs11 support
+
 -------------------------------------------------------------------
 Sat Dec  3 21:26:52 UTC 2016 - michael@stroeder.com

--- a/openvpn.spec
+++ b/openvpn.spec
@ -1,7 +1,7 @@
 #
 # spec file for package openvpn
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -32,7 +32,7 @@ Url:            http://openvpn.net/
 %else
 PreReq:         %insserv_prereq %fillup_prereq
 %endif
-Version:        2.3.13
+Version:        2.3.14
 Release:        0
 Summary:        Full-featured SSL VPN solution using a TUN/TAP Interface
 License:        SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
@ -154,6 +154,7 @@ export LDFLAGS
 	--enable-iproute2		\
 	--enable-x509-alt-username	\
 	--enable-password-save		\
+	--enable-pkcs11 \
 %if %{with_systemd}
 	--enable-systemd		\
 %endif
@ -194,8 +195,8 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name}
 find sample -name .gitignore | xargs rm -f

 %post
-%__mkdir_p -m750 %{_rundir}/openvpn
 %if %{with_systemd}
+systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf ||:
 %service_add_post %{name}.target
 # try to migrate openvpn.service autostart to openvpn@<CONF>.service
 if test ${FIRST_ARG:-$1} -ge 1 -a \
@ -265,13 +266,14 @@ rm -f /etc/sysconfig/openvpn || :
 %{_unitdir}/%{name}@.service
 %{_unitdir}/%{name}.target
 %{_libexecdir}/tmpfiles.d/%{name}.conf
+%dir %attr(0750,root,root) %ghost %{_rundir}/openvpn/
 %else
 %config %{_sysconfdir}/init.d/openvpn
 /var/adm/fillup-templates/sysconfig.openvpn
+%dir %attr(750,root,root) %{_rundir}/openvpn/
 %endif
 %{_sbindir}/rcopenvpn
 %{_sbindir}/openvpn
-%attr(0750,root,root) %dir %ghost %{_rundir}/openvpn

 %files down-root-plugin
 %defattr(-,root,root)