Hello community, here is the log from the commit of package openvpn for openSUSE:Factory checked in at 2015-03-11 09:57:59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openvpn (Old) and /work/SRC/openSUSE:Factory/.openvpn.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openvpn" Changes: -------- --- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes 2015-02-27 11:00:24.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes 2015-03-11 09:58:00.000000000 +0100 @@ -2 +2 @@ -Wed Feb 18 17:20:46 UTC 2015 - [email protected] +Mon Mar 2 08:26:08 UTC 2015 - [email protected] @@ -4 +4,3 @@ -- Fixed to use correct sha digest data length (boo#914166) +- Fixed to use correct sha digest data length and in fips mode, + use aes instead of the disallowed blowfish crypto (boo#914166). +- Fixed to provide actual plugin/doc dirs in openvpn(8) man page. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openvpn.spec ++++++ --- /var/tmp/diff_new_pack.BgQ9kc/_old 2015-03-11 09:58:01.000000000 +0100 +++ /var/tmp/diff_new_pack.BgQ9kc/_new 2015-03-11 09:58:01.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package openvpn # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -129,7 +129,11 @@ %patch1 -p0 %patch5 -p0 %patch6 -p1 -sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" -i src/openvpn/options.c +sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \ + -i src/openvpn/options.c +sed -e "s|@PLUGIN_LIBDIR@|%{_libdir}/openvpn/plugins|g" \ + -e "s|@PLUGIN_DOCDIR@|%{_defaultdocdir}/%{name}|g" \ + -i doc/openvpn.8 # %%doc items shouldn't be executable. find contrib sample -type f -exec chmod a-x \{\} \; @@ -148,8 +152,8 @@ --enable-plugin-down-root \ --enable-plugin-auth-pam \ --with-lzo-headers=%_includedir/lzo \ - CFLAGS="$CFLAGS $(getconf LFS_CFLAGS) -fPIE $PLUGIN_DEFS" \ - LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugin/lib" + CFLAGS="$CFLAGS -fPIE $PLUGIN_DEFS" \ + LDFLAGS="$LDFLAGS -pie -lpam -rdynamic -Wl,-rpath,%{_libdir}/%{name}/plugins" make %install ++++++ openvpn-2.3-plugin-man.dif ++++++ --- /var/tmp/diff_new_pack.BgQ9kc/_old 2015-03-11 09:58:01.000000000 +0100 +++ /var/tmp/diff_new_pack.BgQ9kc/_new 2015-03-11 09:58:01.000000000 +0100 @@ -1,20 +1,20 @@ -Index: openvpn.8 -=================================================================== ---- doc/openvpn.8.orig -+++ doc/openvpn.8 -@@ -2563,11 +2563,10 @@ +--- doc/openvpn.8 ++++ doc/openvpn.8 2015/03/02 08:58:02 +@@ -2569,12 +2569,11 @@ plug-in modules, see the README file in + .B plugin folder of the OpenVPN source distribution. - If you are using an RPM install of OpenVPN, see +-If you are using an RPM install of OpenVPN, see -/usr/share/openvpn/plugin. The documentation is -in -.B doc -and the actual plugin modules are in -.B lib. -+@PLUGIN_DIR@. The actual plugin modules are in ++If you are using an RPM install of OpenVPN, the actual ++plugin modules are in +.B @PLUGIN_LIBDIR@ +and the documentation is in -+.B @PLUGIN_DOCDIR@. ++.B @PLUGIN_DOCDIR@/README.<plugin-name>. Multiple plugin modules can be cascaded, and modules can be used in tandem with scripts. The modules will be called by ++++++ openvpn-fips140-2.3.2.patch ++++++ --- /var/tmp/diff_new_pack.BgQ9kc/_old 2015-03-11 09:58:01.000000000 +0100 +++ /var/tmp/diff_new_pack.BgQ9kc/_new 2015-03-11 09:58:01.000000000 +0100 @@ -1,6 +1,5 @@ -diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_backend.h openvpn-2.3.2/src/openvpn/crypto_backend.h ---- openvpn-2.3.2.orig/src/openvpn/crypto_backend.h 2013-08-13 03:24:16.465313821 +0200 -+++ openvpn-2.3.2/src/openvpn/crypto_backend.h 2013-08-13 05:55:40.914256287 +0200 +--- openvpn-2.3.2/src/openvpn/crypto_backend.h ++++ openvpn-2.3.2/src/openvpn/crypto_backend.h 2015/02/19 09:15:02 @@ -452,10 +452,11 @@ void md_ctx_final (md_ctx_t *ctx, uint8_ * @param key The key to use for the HMAC * @param key_len The key length to use @@ -14,9 +13,8 @@ /* * Free the given HMAC context. -diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto.c openvpn-2.3.2/src/openvpn/crypto.c ---- openvpn-2.3.2.orig/src/openvpn/crypto.c 2013-08-13 03:24:16.466313824 +0200 -+++ openvpn-2.3.2/src/openvpn/crypto.c 2013-08-13 05:54:09.655008218 +0200 +--- openvpn-2.3.2/src/openvpn/crypto.c ++++ openvpn-2.3.2/src/openvpn/crypto.c 2015/02/19 09:15:02 @@ -486,7 +486,7 @@ init_key_ctx (struct key_ctx *ctx, struc if (kt->digest && kt->hmac_length > 0) { @@ -104,9 +102,8 @@ } #endif /* ENABLE_CRYPTO */ -diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto.h openvpn-2.3.2/src/openvpn/crypto.h ---- openvpn-2.3.2.orig/src/openvpn/crypto.h 2013-08-13 03:24:16.459313788 +0200 -+++ openvpn-2.3.2/src/openvpn/crypto.h 2013-08-13 05:54:09.656008193 +0200 +--- openvpn-2.3.2/src/openvpn/crypto.h ++++ openvpn-2.3.2/src/openvpn/crypto.h 2015/02/19 09:15:02 @@ -364,24 +364,24 @@ void free_ssl_lib (void); #endif /* ENABLE_SSL */ @@ -143,9 +140,8 @@ /* * Inline functions -diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_openssl.c openvpn-2.3.2/src/openvpn/crypto_openssl.c ---- openvpn-2.3.2.orig/src/openvpn/crypto_openssl.c 2013-08-13 03:24:16.462313808 +0200 -+++ openvpn-2.3.2/src/openvpn/crypto_openssl.c 2013-08-13 05:56:06.930326789 +0200 +--- openvpn-2.3.2/src/openvpn/crypto_openssl.c ++++ openvpn-2.3.2/src/openvpn/crypto_openssl.c 2015/02/19 09:15:02 @@ -719,13 +719,17 @@ md_ctx_final (EVP_MD_CTX *ctx, uint8_t * void @@ -165,9 +161,8 @@ HMAC_Init_ex (ctx, key, key_len, kt, NULL); /* make sure we used a big enough key */ -diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_openssl.h openvpn-2.3.2/src/openvpn/crypto_openssl.h ---- openvpn-2.3.2.orig/src/openvpn/crypto_openssl.h 2013-08-13 03:24:16.465313821 +0200 -+++ openvpn-2.3.2/src/openvpn/crypto_openssl.h 2013-08-13 05:54:09.656008193 +0200 +--- openvpn-2.3.2/src/openvpn/crypto_openssl.h ++++ openvpn-2.3.2/src/openvpn/crypto_openssl.h 2015/02/19 09:15:02 @@ -33,6 +33,7 @@ #include <openssl/evp.h> #include <openssl/hmac.h> @@ -176,9 +171,8 @@ /** Generic cipher key type %context. */ typedef EVP_CIPHER cipher_kt_t; -diff -urNp openvpn-2.3.2.orig/src/openvpn/crypto_polarssl.c openvpn-2.3.2/src/openvpn/crypto_polarssl.c ---- openvpn-2.3.2.orig/src/openvpn/crypto_polarssl.c 2013-08-13 03:24:16.460313793 +0200 -+++ openvpn-2.3.2/src/openvpn/crypto_polarssl.c 2013-08-13 05:56:23.116370864 +0200 +--- openvpn-2.3.2/src/openvpn/crypto_polarssl.c ++++ openvpn-2.3.2/src/openvpn/crypto_polarssl.c 2015/02/19 09:15:02 @@ -608,7 +608,7 @@ md_ctx_final (md_context_t *ctx, uint8_t * TODO: re-enable dmsg for crypto debug */ @@ -188,9 +182,8 @@ { ASSERT(NULL != kt && NULL != ctx); -diff -urNp openvpn-2.3.2.orig/src/openvpn/init.c openvpn-2.3.2/src/openvpn/init.c ---- openvpn-2.3.2.orig/src/openvpn/init.c 2013-08-13 03:24:16.465313821 +0200 -+++ openvpn-2.3.2/src/openvpn/init.c 2013-08-13 05:54:09.658008149 +0200 +--- openvpn-2.3.2/src/openvpn/init.c ++++ openvpn-2.3.2/src/openvpn/init.c 2015/02/19 09:15:02 @@ -1352,12 +1352,12 @@ do_route (const struct options *options, */ #if P2MP @@ -231,9 +224,8 @@ strlen (c->c2.options_string_remote), 9, &gc)); #endif -diff -urNp openvpn-2.3.2.orig/src/openvpn/ntlm.c openvpn-2.3.2/src/openvpn/ntlm.c ---- openvpn-2.3.2.orig/src/openvpn/ntlm.c 2013-08-13 03:24:16.460313793 +0200 -+++ openvpn-2.3.2/src/openvpn/ntlm.c 2013-08-13 05:54:09.658008149 +0200 +--- openvpn-2.3.2/src/openvpn/ntlm.c ++++ openvpn-2.3.2/src/openvpn/ntlm.c 2015/02/19 09:15:02 @@ -90,7 +90,7 @@ gen_hmac_md5 (const char* data, int data hmac_ctx_t hmac_ctx; CLEAR(hmac_ctx); @@ -243,9 +235,8 @@ hmac_ctx_update(&hmac_ctx, (const unsigned char *)data, data_len); hmac_ctx_final(&hmac_ctx, (unsigned char *)result); hmac_ctx_cleanup(&hmac_ctx); -diff -urNp openvpn-2.3.2.orig/src/openvpn/openvpn.h openvpn-2.3.2/src/openvpn/openvpn.h ---- openvpn-2.3.2.orig/src/openvpn/openvpn.h 2013-08-13 03:24:16.465313821 +0200 -+++ openvpn-2.3.2/src/openvpn/openvpn.h 2013-08-13 05:54:09.658008149 +0200 +--- openvpn-2.3.2/src/openvpn/openvpn.h ++++ openvpn-2.3.2/src/openvpn/openvpn.h 2015/02/19 09:15:02 @@ -206,7 +206,7 @@ struct context_1 #endif @@ -268,9 +259,21 @@ struct event_timeout server_poll_interval; -diff -urNp openvpn-2.3.2.orig/src/openvpn/push.c openvpn-2.3.2/src/openvpn/push.c ---- openvpn-2.3.2.orig/src/openvpn/push.c 2013-08-13 03:24:16.459313788 +0200 -+++ openvpn-2.3.2/src/openvpn/push.c 2013-08-13 05:54:09.659008129 +0200 +--- openvpn-2.3.2/src/openvpn/options.c ++++ openvpn-2.3.2/src/openvpn/options.c 2015/02/19 09:15:10 +@@ -828,6 +828,10 @@ init_options (struct options *o, const b + #endif + #ifdef ENABLE_CRYPTO + o->ciphername = "BF-CBC"; ++#ifdef OPENSSL_FIPS ++ if(FIPS_mode()) ++ o->ciphername = "AES-256-CBC"; ++#endif + o->ciphername_defined = true; + o->authname = "SHA1"; + o->authname_defined = true; +--- openvpn-2.3.2/src/openvpn/push.c ++++ openvpn-2.3.2/src/openvpn/push.c 2015/02/19 09:15:02 @@ -446,10 +446,10 @@ process_incoming_push_msg (struct contex if (ch == ',') { @@ -303,9 +306,8 @@ ret = PUSH_MSG_CONTINUATION; break; } -diff -urNp openvpn-2.3.2.orig/src/openvpn/ssl.c openvpn-2.3.2/src/openvpn/ssl.c ---- openvpn-2.3.2.orig/src/openvpn/ssl.c 2013-08-13 03:24:16.459313788 +0200 -+++ openvpn-2.3.2/src/openvpn/ssl.c 2013-08-13 05:54:09.660008110 +0200 +--- openvpn-2.3.2/src/openvpn/ssl.c ++++ openvpn-2.3.2/src/openvpn/ssl.c 2015/02/19 09:15:02 @@ -1342,8 +1342,8 @@ tls1_P_hash(const md_kt_t *md_kt, chunk = md_kt_size(md_kt); A1_len = md_kt_size(md_kt); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
