Accepting request 451851 from home:darix:playground

- silence warning about %{_rundir}/openvpn
  - for non systemd case: just package the %{_rundir}/openvpn in
    the package
  - for systemd case: call systemd-tmpfiles and own the dir as
    %ghost in the filelist

- refreshed patches to apply cleanly again
  openvpn-2.3-plugin-man.dif
  openvpn-fips140-2.3.2.patch

- update to 2.3.14
  - update year in copyright message
  - Document the --auth-token option
  - Repair topology subnet on FreeBSD 11
  - Repair topology subnet on OpenBSD
  - Drop recursively routed packets
  - Support --block-outside-dns on multiple tunnels
  - When parsing '--setenv opt xx ..' make sure a third parameter
    is present
  - Map restart signals from event loop to SIGTERM during
    exit-notification wait
  - Correctly state the default dhcp server address in man page
  - Clean up format_hex_ex()
- enabled pkcs11 support

OBS-URL: https://build.opensuse.org/request/show/451851
OBS-URL: https://build.opensuse.org/package/show/network:vpn/openvpn?expand=0&rev=113
This commit is contained in:
Nirmoy Das 2017-01-24 10:31:30 +00:00 committed by Git OBS Bridge
parent ce8599bf09
commit 9779642307
9 changed files with 121 additions and 59 deletions

View File

@ -1,6 +1,8 @@
--- doc/openvpn.8 Index: doc/openvpn.8
+++ doc/openvpn.8 2015/03/02 08:58:02 ===================================================================
@@ -2569,12 +2569,11 @@ plug-in modules, see the README file in --- doc/openvpn.8.orig
+++ doc/openvpn.8
@@ -2690,12 +2690,11 @@ plug-in modules, see the README file in
.B plugin .B plugin
folder of the OpenVPN source distribution. folder of the OpenVPN source distribution.

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9cde0c8000fd32d5275adb55f8bb1d8ba429ff3de35f60a36e81f3859b7537e0
size 829484

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlgbEocACgkQwp2X7RmNIqOSJwCfQVrcS2k/XC71G1H8ABMQpPrS
MvAAn3TdER/TEpi82whq3SLABg8wTNuz
=Zf4E
-----END PGP SIGNATURE-----

3
openvpn-2.3.14.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f3a0d0eaf8d544409f76a9f2a238a0cd3dde9e1a9c1f98ac732a8b572bcdee98
size 831404

View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlhH9nkACgkQwp2X7RmNIqOYtQCfbRsvCy0r7RnYXEAZJ3nzsaww
JoMAoIMDSlotKGn/9tey0L+Nj8+8kI+N
=D64i
-----END PGP SIGNATURE-----

View File

@ -1,6 +1,8 @@
--- openvpn-2.3.2/src/openvpn/crypto_backend.h Index: openvpn-2.3.14/src/openvpn/crypto_backend.h
+++ openvpn-2.3.2/src/openvpn/crypto_backend.h 2015/02/19 09:15:02 ===================================================================
@@ -452,10 +452,11 @@ void md_ctx_final (md_ctx_t *ctx, uint8_ --- openvpn-2.3.14.orig/src/openvpn/crypto_backend.h
+++ openvpn-2.3.14/src/openvpn/crypto_backend.h
@@ -480,10 +480,11 @@ void md_ctx_final (md_ctx_t *ctx, uint8_
* @param key The key to use for the HMAC * @param key The key to use for the HMAC
* @param key_len The key length to use * @param key_len The key length to use
* @param kt Static message digest parameters * @param kt Static message digest parameters
@ -13,9 +15,11 @@
/* /*
* Free the given HMAC context. * Free the given HMAC context.
--- openvpn-2.3.2/src/openvpn/crypto.c Index: openvpn-2.3.14/src/openvpn/crypto.c
+++ openvpn-2.3.2/src/openvpn/crypto.c 2015/02/19 09:15:02 ===================================================================
@@ -486,7 +486,7 @@ init_key_ctx (struct key_ctx *ctx, struc --- openvpn-2.3.14.orig/src/openvpn/crypto.c
+++ openvpn-2.3.14/src/openvpn/crypto.c
@@ -505,7 +505,7 @@ init_key_ctx (struct key_ctx *ctx, struc
if (kt->digest && kt->hmac_length > 0) if (kt->digest && kt->hmac_length > 0)
{ {
ALLOC_OBJ(ctx->hmac, hmac_ctx_t); ALLOC_OBJ(ctx->hmac, hmac_ctx_t);
@ -24,7 +28,7 @@
msg (D_HANDSHAKE, msg (D_HANDSHAKE,
"%s: Using %d bit message hash '%s' for HMAC authentication", "%s: Using %d bit message hash '%s' for HMAC authentication",
@@ -1409,61 +1409,61 @@ free_ssl_lib (void) @@ -1421,61 +1421,61 @@ free_ssl_lib (void)
#endif /* ENABLE_SSL */ #endif /* ENABLE_SSL */
/* /*
@ -102,9 +106,11 @@
} }
#endif /* ENABLE_CRYPTO */ #endif /* ENABLE_CRYPTO */
--- openvpn-2.3.2/src/openvpn/crypto.h Index: openvpn-2.3.14/src/openvpn/crypto.h
+++ openvpn-2.3.2/src/openvpn/crypto.h 2015/02/19 09:15:02 ===================================================================
@@ -364,24 +364,24 @@ void free_ssl_lib (void); --- openvpn-2.3.14.orig/src/openvpn/crypto.h
+++ openvpn-2.3.14/src/openvpn/crypto.h
@@ -430,24 +430,24 @@ void free_ssl_lib (void);
#endif /* ENABLE_SSL */ #endif /* ENABLE_SSL */
/* /*
@ -140,9 +146,11 @@
/* /*
* Inline functions * Inline functions
--- openvpn-2.3.2/src/openvpn/crypto_openssl.c Index: openvpn-2.3.14/src/openvpn/crypto_openssl.c
+++ openvpn-2.3.2/src/openvpn/crypto_openssl.c 2015/02/19 09:15:02 ===================================================================
@@ -719,13 +719,17 @@ md_ctx_final (EVP_MD_CTX *ctx, uint8_t * --- openvpn-2.3.14.orig/src/openvpn/crypto_openssl.c
+++ openvpn-2.3.14/src/openvpn/crypto_openssl.c
@@ -829,13 +829,17 @@ md_ctx_final (EVP_MD_CTX *ctx, uint8_t *
void void
hmac_ctx_init (HMAC_CTX *ctx, const uint8_t *key, int key_len, hmac_ctx_init (HMAC_CTX *ctx, const uint8_t *key, int key_len,
@ -161,8 +169,10 @@
HMAC_Init_ex (ctx, key, key_len, kt, NULL); HMAC_Init_ex (ctx, key, key_len, kt, NULL);
/* make sure we used a big enough key */ /* make sure we used a big enough key */
--- openvpn-2.3.2/src/openvpn/crypto_openssl.h Index: openvpn-2.3.14/src/openvpn/crypto_openssl.h
+++ openvpn-2.3.2/src/openvpn/crypto_openssl.h 2015/02/19 09:15:02 ===================================================================
--- openvpn-2.3.14.orig/src/openvpn/crypto_openssl.h
+++ openvpn-2.3.14/src/openvpn/crypto_openssl.h
@@ -33,6 +33,7 @@ @@ -33,6 +33,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/hmac.h> #include <openssl/hmac.h>
@ -171,9 +181,11 @@
/** Generic cipher key type %context. */ /** Generic cipher key type %context. */
typedef EVP_CIPHER cipher_kt_t; typedef EVP_CIPHER cipher_kt_t;
--- openvpn-2.3.2/src/openvpn/crypto_polarssl.c Index: openvpn-2.3.14/src/openvpn/crypto_polarssl.c
+++ openvpn-2.3.2/src/openvpn/crypto_polarssl.c 2015/02/19 09:15:02 ===================================================================
@@ -608,7 +608,7 @@ md_ctx_final (md_context_t *ctx, uint8_t --- openvpn-2.3.14.orig/src/openvpn/crypto_polarssl.c
+++ openvpn-2.3.14/src/openvpn/crypto_polarssl.c
@@ -695,7 +695,7 @@ md_ctx_final (md_context_t *ctx, uint8_t
* TODO: re-enable dmsg for crypto debug * TODO: re-enable dmsg for crypto debug
*/ */
void void
@ -182,9 +194,11 @@
{ {
ASSERT(NULL != kt && NULL != ctx); ASSERT(NULL != kt && NULL != ctx);
--- openvpn-2.3.2/src/openvpn/init.c Index: openvpn-2.3.14/src/openvpn/init.c
+++ openvpn-2.3.2/src/openvpn/init.c 2015/02/19 09:15:02 ===================================================================
@@ -1352,12 +1352,12 @@ do_route (const struct options *options, --- openvpn-2.3.14.orig/src/openvpn/init.c
+++ openvpn-2.3.14/src/openvpn/init.c
@@ -1360,12 +1360,12 @@ do_route (const struct options *options,
*/ */
#if P2MP #if P2MP
static void static void
@ -199,7 +213,7 @@
} }
#endif #endif
@@ -1649,8 +1649,8 @@ do_up (struct context *c, bool pulled_op @@ -1713,8 +1713,8 @@ do_up (struct context *c, bool pulled_op
if (!c->c2.did_open_tun if (!c->c2.did_open_tun
&& PULL_DEFINED (&c->options) && PULL_DEFINED (&c->options)
&& c->c1.tuntap && c->c1.tuntap
@ -210,7 +224,7 @@
{ {
/* if so, close tun, delete routes, then reinitialize tun and add routes */ /* if so, close tun, delete routes, then reinitialize tun and add routes */
msg (M_INFO, "NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device."); msg (M_INFO, "NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.");
@@ -2697,11 +2697,11 @@ do_compute_occ_strings (struct context * @@ -2792,11 +2792,11 @@ do_compute_occ_strings (struct context *
#ifdef ENABLE_CRYPTO #ifdef ENABLE_CRYPTO
msg (D_SHOW_OCC_HASH, "Local Options hash (VER=%s): '%s'", msg (D_SHOW_OCC_HASH, "Local Options hash (VER=%s): '%s'",
options_string_version (c->c2.options_string_local, &gc), options_string_version (c->c2.options_string_local, &gc),
@ -224,8 +238,10 @@
strlen (c->c2.options_string_remote), 9, &gc)); strlen (c->c2.options_string_remote), 9, &gc));
#endif #endif
--- openvpn-2.3.2/src/openvpn/ntlm.c Index: openvpn-2.3.14/src/openvpn/ntlm.c
+++ openvpn-2.3.2/src/openvpn/ntlm.c 2015/02/19 09:15:02 ===================================================================
--- openvpn-2.3.14.orig/src/openvpn/ntlm.c
+++ openvpn-2.3.14/src/openvpn/ntlm.c
@@ -90,7 +90,7 @@ gen_hmac_md5 (const char* data, int data @@ -90,7 +90,7 @@ gen_hmac_md5 (const char* data, int data
hmac_ctx_t hmac_ctx; hmac_ctx_t hmac_ctx;
CLEAR(hmac_ctx); CLEAR(hmac_ctx);
@ -235,9 +251,11 @@
hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len); hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len);
hmac_ctx_final(&hmac_ctx, (unsigned char *)result); hmac_ctx_final(&hmac_ctx, (unsigned char *)result);
hmac_ctx_cleanup(&hmac_ctx); hmac_ctx_cleanup(&hmac_ctx);
--- openvpn-2.3.2/src/openvpn/openvpn.h Index: openvpn-2.3.14/src/openvpn/openvpn.h
+++ openvpn-2.3.2/src/openvpn/openvpn.h 2015/02/19 09:15:02 ===================================================================
@@ -206,7 +206,7 @@ struct context_1 --- openvpn-2.3.14.orig/src/openvpn/openvpn.h
+++ openvpn-2.3.14/src/openvpn/openvpn.h
@@ -205,7 +205,7 @@ struct context_1
#endif #endif
/* if client mode, hash of option strings we pulled from server */ /* if client mode, hash of option strings we pulled from server */
@ -246,7 +264,7 @@
/**< Hash of option strings received from the /**< Hash of option strings received from the
* remote OpenVPN server. Only used in * remote OpenVPN server. Only used in
* client-mode. */ * client-mode. */
@@ -474,9 +474,9 @@ struct context_2 @@ -473,9 +473,9 @@ struct context_2
bool did_pre_pull_restore; bool did_pre_pull_restore;
/* hash of pulled options, so we can compare when options change */ /* hash of pulled options, so we can compare when options change */
@ -259,9 +277,11 @@
struct event_timeout server_poll_interval; struct event_timeout server_poll_interval;
--- openvpn-2.3.2/src/openvpn/options.c Index: openvpn-2.3.14/src/openvpn/options.c
+++ openvpn-2.3.2/src/openvpn/options.c 2015/02/19 09:15:10 ===================================================================
@@ -828,6 +828,10 @@ init_options (struct options *o, const b --- openvpn-2.3.14.orig/src/openvpn/options.c
+++ openvpn-2.3.14/src/openvpn/options.c
@@ -835,6 +835,10 @@ init_options (struct options *o, const b
#endif #endif
#ifdef ENABLE_CRYPTO #ifdef ENABLE_CRYPTO
o->ciphername = "BF-CBC"; o->ciphername = "BF-CBC";
@ -272,9 +292,11 @@
o->ciphername_defined = true; o->ciphername_defined = true;
o->authname = "SHA1"; o->authname = "SHA1";
o->authname_defined = true; o->authname_defined = true;
--- openvpn-2.3.13.orig/src/openvpn/push.c Index: openvpn-2.3.14/src/openvpn/push.c
+++ openvpn-2.3.13/src/openvpn/push.c 2016-12-03 22:57:58.198398996 +0100 ===================================================================
@@ -408,7 +408,7 @@ --- openvpn-2.3.14.orig/src/openvpn/push.c
+++ openvpn-2.3.14/src/openvpn/push.c
@@ -408,7 +408,7 @@ push_reset (struct options *o)
#endif #endif
static void static void
@ -283,7 +305,7 @@
{ {
char line[OPTION_PARM_SIZE]; char line[OPTION_PARM_SIZE];
while (buf_parse (buf, ',', line, sizeof (line))) while (buf_parse (buf, ',', line, sizeof (line)))
@@ -416,7 +416,7 @@ @@ -416,7 +416,7 @@ push_update_digest(struct md5_state *ctx
/* peer-id might change on restart and this should not trigger reopening tun */ /* peer-id might change on restart and this should not trigger reopening tun */
if (strstr (line, "peer-id ") != line) if (strstr (line, "peer-id ") != line)
{ {
@ -292,7 +314,7 @@
} }
} }
} }
@@ -472,10 +472,10 @@ @@ -472,10 +472,10 @@ process_incoming_push_msg (struct contex
if (ch == ',') if (ch == ',')
{ {
struct buffer buf_orig = buf; struct buffer buf_orig = buf;
@ -306,7 +328,7 @@
} }
if (!c->c2.did_pre_pull_restore) if (!c->c2.did_pre_pull_restore)
{ {
@@ -493,8 +493,8 @@ @@ -493,8 +493,8 @@ process_incoming_push_msg (struct contex
{ {
case 0: case 0:
case 1: case 1:
@ -317,9 +339,11 @@
ret = PUSH_MSG_REPLY; ret = PUSH_MSG_REPLY;
break; break;
case 2: case 2:
--- openvpn-2.3.2/src/openvpn/ssl.c Index: openvpn-2.3.14/src/openvpn/ssl.c
+++ openvpn-2.3.2/src/openvpn/ssl.c 2015/02/19 09:15:02 ===================================================================
@@ -1342,8 +1342,8 @@ tls1_P_hash(const md_kt_t *md_kt, --- openvpn-2.3.14.orig/src/openvpn/ssl.c
+++ openvpn-2.3.14/src/openvpn/ssl.c
@@ -1396,8 +1396,8 @@ tls1_P_hash(const md_kt_t *md_kt,
chunk = md_kt_size(md_kt); chunk = md_kt_size(md_kt);
A1_len = md_kt_size(md_kt); A1_len = md_kt_size(md_kt);

View File

@ -1 +1 @@
D /var/run/openvpn 0750 root root - D /run/openvpn 0750 root root -

View File

@ -1,3 +1,37 @@
-------------------------------------------------------------------
Sun Jan 22 15:21:17 UTC 2017 - mrueckert@suse.de
- silence warning about %{_rundir}/openvpn
- for non systemd case: just package the %{_rundir}/openvpn in
the package
- for systemd case: call systemd-tmpfiles and own the dir as
%ghost in the filelist
-------------------------------------------------------------------
Sun Jan 22 14:51:44 UTC 2017 - mrueckert@suse.de
- refreshed patches to apply cleanly again
openvpn-2.3-plugin-man.dif
openvpn-fips140-2.3.2.patch
-------------------------------------------------------------------
Sun Jan 22 14:47:39 UTC 2017 - mrueckert@suse.de
- update to 2.3.14
- update year in copyright message
- Document the --auth-token option
- Repair topology subnet on FreeBSD 11
- Repair topology subnet on OpenBSD
- Drop recursively routed packets
- Support --block-outside-dns on multiple tunnels
- When parsing '--setenv opt xx ..' make sure a third parameter
is present
- Map restart signals from event loop to SIGTERM during
exit-notification wait
- Correctly state the default dhcp server address in man page
- Clean up format_hex_ex()
- enabled pkcs11 support
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Dec 3 21:26:52 UTC 2016 - michael@stroeder.com Sat Dec 3 21:26:52 UTC 2016 - michael@stroeder.com

View File

@ -1,7 +1,7 @@
# #
# spec file for package openvpn # spec file for package openvpn
# #
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -32,7 +32,7 @@ Url: http://openvpn.net/
%else %else
PreReq: %insserv_prereq %fillup_prereq PreReq: %insserv_prereq %fillup_prereq
%endif %endif
Version: 2.3.13 Version: 2.3.14
Release: 0 Release: 0
Summary: Full-featured SSL VPN solution using a TUN/TAP Interface Summary: Full-featured SSL VPN solution using a TUN/TAP Interface
License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1 License: SUSE-GPL-2.0-with-openssl-exception and LGPL-2.1
@ -154,6 +154,7 @@ export LDFLAGS
--enable-iproute2 \ --enable-iproute2 \
--enable-x509-alt-username \ --enable-x509-alt-username \
--enable-password-save \ --enable-password-save \
--enable-pkcs11 \
%if %{with_systemd} %if %{with_systemd}
--enable-systemd \ --enable-systemd \
%endif %endif
@ -194,8 +195,8 @@ rm -rf $RPM_BUILD_ROOT%{_datadir}/doc/{OpenVPN,%name}
find sample -name .gitignore | xargs rm -f find sample -name .gitignore | xargs rm -f
%post %post
%__mkdir_p -m750 %{_rundir}/openvpn
%if %{with_systemd} %if %{with_systemd}
systemd-tmpfiles --create /usr/lib/tmpfiles.d/%{name}.conf ||:
%service_add_post %{name}.target %service_add_post %{name}.target
# try to migrate openvpn.service autostart to openvpn@<CONF>.service # try to migrate openvpn.service autostart to openvpn@<CONF>.service
if test ${FIRST_ARG:-$1} -ge 1 -a \ if test ${FIRST_ARG:-$1} -ge 1 -a \
@ -265,13 +266,14 @@ rm -f /etc/sysconfig/openvpn || :
%{_unitdir}/%{name}@.service %{_unitdir}/%{name}@.service
%{_unitdir}/%{name}.target %{_unitdir}/%{name}.target
%{_libexecdir}/tmpfiles.d/%{name}.conf %{_libexecdir}/tmpfiles.d/%{name}.conf
%dir %attr(0750,root,root) %ghost %{_rundir}/openvpn/
%else %else
%config %{_sysconfdir}/init.d/openvpn %config %{_sysconfdir}/init.d/openvpn
/var/adm/fillup-templates/sysconfig.openvpn /var/adm/fillup-templates/sysconfig.openvpn
%dir %attr(750,root,root) %{_rundir}/openvpn/
%endif %endif
%{_sbindir}/rcopenvpn %{_sbindir}/rcopenvpn
%{_sbindir}/openvpn %{_sbindir}/openvpn
%attr(0750,root,root) %dir %ghost %{_rundir}/openvpn
%files down-root-plugin %files down-root-plugin
%defattr(-,root,root) %defattr(-,root,root)