Accepting request 290007 from network:vpn

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/290007 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvpn?expand=0&rev=62
2015-03-11 08:57:59 +00:00 · 2015-03-11 08:57:59 +00:00 · 1f1d0bdc05
commit 1f1d0bdc05
parent 2168217c89 515f549344
4 changed files with 55 additions and 47 deletions
--- a/openvpn-2.3-plugin-man.dif
+++ b/openvpn-2.3-plugin-man.dif
@ -1,20 +1,20 @@
-Index: openvpn.8
+--- doc/openvpn.8
-===================================================================
+++ doc/openvpn.8	2015/03/02 08:58:02
--- doc/openvpn.8.orig
+@@ -2569,12 +2569,11 @@ plug-in modules, see the README file in
-+++ doc/openvpn.8
+ .B plugin
@@ -2563,11 +2563,10 @@
 folder of the OpenVPN source distribution.
- If you are using an RPM install of OpenVPN, see
+-If you are using an RPM install of OpenVPN, see
 -/usr/share/openvpn/plugin.  The documentation is
 -in
 -.B doc
 -and the actual plugin modules are in
 -.B lib.
-+@PLUGIN_DIR@. The actual plugin modules are in
+If you are using an RPM install of OpenVPN, the actual
 +plugin modules are in
 +.B @PLUGIN_LIBDIR@
 +and the documentation is in
-+.B @PLUGIN_DOCDIR@.
+.B @PLUGIN_DOCDIR@/README.<plugin-name>.
 Multiple plugin modules can be cascaded, and modules can be
 used in tandem with scripts.  The modules will be called by
--- a/openvpn-fips140-2.3.2.patch
+++ b/openvpn-fips140-2.3.2.patch
@ -1,6 +1,5 @@
-diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_backend.h openvpn-2.3.2/src/openvpn/crypto_backend.h
+--- openvpn-2.3.2/src/openvpn/crypto_backend.h
--- openvpn-2.3.2.orig/src/openvpn/crypto_backend.h	2013-08-13 03:24:16.465313821 +0200
+++ openvpn-2.3.2/src/openvpn/crypto_backend.h	2015/02/19 09:15:02
 +++ openvpn-2.3.2/src/openvpn/crypto_backend.h	2013-08-13 05:55:40.914256287 +0200
@@ -452,10 +452,11 @@ void md_ctx_final (md_ctx_t *ctx, uint8_
  * @param key		The key to use for the HMAC
  * @param key_len	The key length to use
@ -14,9 +13,8 @@ diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_backend.h openvpn-2.3.2/src/ope
 /*
  * Free the given HMAC context.
-diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto.c openvpn-2.3.2/src/openvpn/crypto.c
+--- openvpn-2.3.2/src/openvpn/crypto.c
--- openvpn-2.3.2.orig/src/openvpn/crypto.c	2013-08-13 03:24:16.466313824 +0200
+++ openvpn-2.3.2/src/openvpn/crypto.c	2015/02/19 09:15:02
 +++ openvpn-2.3.2/src/openvpn/crypto.c	2013-08-13 05:54:09.655008218 +0200
@@ -486,7 +486,7 @@ init_key_ctx (struct key_ctx *ctx, struc
   if (kt->digest && kt->hmac_length > 0)
     {
@ -104,9 +102,8 @@ diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto.c openvpn-2.3.2/src/openvpn/cry
 }
 #endif /* ENABLE_CRYPTO */
-diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto.h openvpn-2.3.2/src/openvpn/crypto.h
+--- openvpn-2.3.2/src/openvpn/crypto.h
--- openvpn-2.3.2.orig/src/openvpn/crypto.h	2013-08-13 03:24:16.459313788 +0200
+++ openvpn-2.3.2/src/openvpn/crypto.h	2015/02/19 09:15:02
 +++ openvpn-2.3.2/src/openvpn/crypto.h	2013-08-13 05:54:09.656008193 +0200
@@ -364,24 +364,24 @@ void free_ssl_lib (void);
 #endif /* ENABLE_SSL */
@ -143,9 +140,8 @@ diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto.h openvpn-2.3.2/src/openvpn/cry
 /*
  * Inline functions
-diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_openssl.c openvpn-2.3.2/src/openvpn/crypto_openssl.c
+--- openvpn-2.3.2/src/openvpn/crypto_openssl.c
--- openvpn-2.3.2.orig/src/openvpn/crypto_openssl.c	2013-08-13 03:24:16.462313808 +0200
+++ openvpn-2.3.2/src/openvpn/crypto_openssl.c	2015/02/19 09:15:02
 +++ openvpn-2.3.2/src/openvpn/crypto_openssl.c	2013-08-13 05:56:06.930326789 +0200
@@ -719,13 +719,17 @@ md_ctx_final (EVP_MD_CTX *ctx, uint8_t *
 void
@ -165,9 +161,8 @@ diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_openssl.c openvpn-2.3.2/src/ope
   HMAC_Init_ex (ctx, key, key_len, kt, NULL);
   /* make sure we used a big enough key */
-diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_openssl.h openvpn-2.3.2/src/openvpn/crypto_openssl.h
+--- openvpn-2.3.2/src/openvpn/crypto_openssl.h
--- openvpn-2.3.2.orig/src/openvpn/crypto_openssl.h	2013-08-13 03:24:16.465313821 +0200
+++ openvpn-2.3.2/src/openvpn/crypto_openssl.h	2015/02/19 09:15:02
 +++ openvpn-2.3.2/src/openvpn/crypto_openssl.h	2013-08-13 05:54:09.656008193 +0200
@@ -33,6 +33,7 @@
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
@ -176,9 +171,8 @@ diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_openssl.h openvpn-2.3.2/src/ope
 /** Generic cipher key type %context. */
 typedef EVP_CIPHER cipher_kt_t;
-diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_polarssl.c openvpn-2.3.2/src/openvpn/crypto_polarssl.c
+--- openvpn-2.3.2/src/openvpn/crypto_polarssl.c
--- openvpn-2.3.2.orig/src/openvpn/crypto_polarssl.c	2013-08-13 03:24:16.460313793 +0200
+++ openvpn-2.3.2/src/openvpn/crypto_polarssl.c	2015/02/19 09:15:02
 +++ openvpn-2.3.2/src/openvpn/crypto_polarssl.c	2013-08-13 05:56:23.116370864 +0200
@@ -608,7 +608,7 @@ md_ctx_final (md_context_t *ctx, uint8_t
  * TODO: re-enable dmsg for crypto debug
  */
@ -188,9 +182,8 @@ diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_polarssl.c openvpn-2.3.2/src/op
 {
   ASSERT(NULL != kt && NULL != ctx);
-diff -urNp openvpn-2.3.2.orig/src/openvpn/init.c openvpn-2.3.2/src/openvpn/init.c
+--- openvpn-2.3.2/src/openvpn/init.c
--- openvpn-2.3.2.orig/src/openvpn/init.c	2013-08-13 03:24:16.465313821 +0200
+++ openvpn-2.3.2/src/openvpn/init.c	2015/02/19 09:15:02
 +++ openvpn-2.3.2/src/openvpn/init.c	2013-08-13 05:54:09.658008149 +0200
@@ -1352,12 +1352,12 @@ do_route (const struct options *options,
  */
 #if P2MP
@ -231,9 +224,8 @@ diff -urNp openvpn-2.3.2.orig/src/openvpn/init.c openvpn-2.3.2/src/openvpn/init.
 	       strlen (c->c2.options_string_remote), 9, &gc));
 #endif
-diff -urNp openvpn-2.3.2.orig/src/openvpn/ntlm.c openvpn-2.3.2/src/openvpn/ntlm.c
+--- openvpn-2.3.2/src/openvpn/ntlm.c
--- openvpn-2.3.2.orig/src/openvpn/ntlm.c	2013-08-13 03:24:16.460313793 +0200
+++ openvpn-2.3.2/src/openvpn/ntlm.c	2015/02/19 09:15:02
 +++ openvpn-2.3.2/src/openvpn/ntlm.c	2013-08-13 05:54:09.658008149 +0200
@@ -90,7 +90,7 @@ gen_hmac_md5 (const char* data, int data
 	hmac_ctx_t hmac_ctx;
 	CLEAR(hmac_ctx);
@ -243,9 +235,8 @@ diff -urNp openvpn-2.3.2.orig/src/openvpn/ntlm.c openvpn-2.3.2/src/openvpn/ntlm.
 	hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len);
 	hmac_ctx_final(&hmac_ctx, (unsigned char *)result);
 	hmac_ctx_cleanup(&hmac_ctx);
-diff -urNp openvpn-2.3.2.orig/src/openvpn/openvpn.h openvpn-2.3.2/src/openvpn/openvpn.h
+--- openvpn-2.3.2/src/openvpn/openvpn.h
--- openvpn-2.3.2.orig/src/openvpn/openvpn.h	2013-08-13 03:24:16.465313821 +0200
+++ openvpn-2.3.2/src/openvpn/openvpn.h	2015/02/19 09:15:02
 +++ openvpn-2.3.2/src/openvpn/openvpn.h	2013-08-13 05:54:09.658008149 +0200
@@ -206,7 +206,7 @@ struct context_1
 #endif
@ -268,9 +259,21 @@ diff -urNp openvpn-2.3.2.orig/src/openvpn/openvpn.h openvpn-2.3.2/src/openvpn/op
   struct event_timeout server_poll_interval;
-diff -urNp openvpn-2.3.2.orig/src/openvpn/push.c openvpn-2.3.2/src/openvpn/push.c
+--- openvpn-2.3.2/src/openvpn/options.c
--- openvpn-2.3.2.orig/src/openvpn/push.c	2013-08-13 03:24:16.459313788 +0200
+++ openvpn-2.3.2/src/openvpn/options.c	2015/02/19 09:15:10
-+++ openvpn-2.3.2/src/openvpn/push.c	2013-08-13 05:54:09.659008129 +0200
+@@ -828,6 +828,10 @@ init_options (struct options *o, const b
 #endif
 #ifdef ENABLE_CRYPTO
   o->ciphername = "BF-CBC";
 +#ifdef OPENSSL_FIPS
 +  if(FIPS_mode())
 +    o->ciphername = "AES-256-CBC";
 +#endif
   o->ciphername_defined = true;
   o->authname = "SHA1";
   o->authname_defined = true;
 --- openvpn-2.3.2/src/openvpn/push.c
 +++ openvpn-2.3.2/src/openvpn/push.c	2015/02/19 09:15:02
@@ -446,10 +446,10 @@ process_incoming_push_msg (struct contex
       if (ch == ',')
 	{
@ -303,9 +306,8 @@ diff -urNp openvpn-2.3.2.orig/src/openvpn/push.c openvpn-2.3.2/src/openvpn/push.
 		ret = PUSH_MSG_CONTINUATION;
 		break;
 	      }
-diff -urNp openvpn-2.3.2.orig/src/openvpn/ssl.c openvpn-2.3.2/src/openvpn/ssl.c
+--- openvpn-2.3.2/src/openvpn/ssl.c
--- openvpn-2.3.2.orig/src/openvpn/ssl.c	2013-08-13 03:24:16.459313788 +0200
+++ openvpn-2.3.2/src/openvpn/ssl.c	2015/02/19 09:15:02
 +++ openvpn-2.3.2/src/openvpn/ssl.c	2013-08-13 05:54:09.660008110 +0200
@@ -1342,8 +1342,8 @@ tls1_P_hash(const md_kt_t *md_kt,
   chunk = md_kt_size(md_kt);
   A1_len = md_kt_size(md_kt);
--- a/openvpn.changes
+++ b/openvpn.changes
@ -1,7 +1,9 @@
 -------------------------------------------------------------------
-Wed Feb 18 17:20:46 UTC 2015 - mt@suse.de
+Mon Mar  2 08:26:08 UTC 2015 - mt@suse.de
- Fixed to use correct sha digest data length (boo#914166)
+- Fixed to use correct sha digest data length and in fips mode,
  use aes instead of the disallowed blowfish crypto (boo#914166).
 - Fixed to provide actual plugin/doc dirs in openvpn(8) man page.
 -------------------------------------------------------------------
 Mon Dec  1 19:37:29 UTC 2014 - mt@suse.de
--- a/openvpn.spec
+++ b/openvpn.spec
@ -1,7 +1,7 @@
 #
 # spec file for package openvpn
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -129,7 +129,11 @@ chroot directives.
 %patch1 -p0
 %patch5 -p0
 %patch6 -p1
-sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" -i src/openvpn/options.c
+sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \
    -i src/openvpn/options.c
 sed -e "s|@PLUGIN_LIBDIR@|%{_libdir}/openvpn/plugins|g" \
    -e "s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g" \
    -i doc/openvpn.8
 # %%doc items shouldn't be executable.
 find contrib sample -type f -exec chmod a-x \{\} \;
@ -148,8 +152,8 @@ export LDFLAGS
 	--enable-plugin-down-root	\
 	--enable-plugin-auth-pam	\
 	--with-lzo-headers=%_includedir/lzo	\
-	CFLAGS="$CFLAGS $(getconf LFS_CFLAGS) -fPIE $PLUGIN_DEFS"	\
+	CFLAGS="$CFLAGS -fPIE $PLUGIN_DEFS"	\
-	LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugin/lib"
+	LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugins"
 make
 %install