Hello community,

here is the log from the commit of package openvpn for openSUSE:Factory checked 
in at 2016-09-16 11:01:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openvpn (Old)
 and      /work/SRC/openSUSE:Factory/.openvpn.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "openvpn"

Changes:
--------
--- /work/SRC/openSUSE:Factory/openvpn/openvpn.changes  2016-06-07 
23:48:42.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.openvpn.new/openvpn.changes     2016-09-16 
11:01:44.000000000 +0200
@@ -1,0 +2,8 @@
+Thu Sep  8 13:26:16 UTC 2016 - astie...@suse.com
+
+- Add an example for a FIPS 140-2 approved cipher configuration to
+  the sample configuration files. Fixes bsc#988522
+  adding openvpn-fips140-AES-cipher-in-config-template.patch
+- remove gpg-offline signature verification, now a source service
+
+-------------------------------------------------------------------

New:
----
  openvpn-fips140-AES-cipher-in-config-template.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ openvpn.spec ++++++
--- /var/tmp/diff_new_pack.zI3Rao/_old  2016-09-16 11:01:46.000000000 +0200
+++ /var/tmp/diff_new_pack.zI3Rao/_new  2016-09-16 11:01:46.000000000 +0200
@@ -52,8 +52,8 @@
 Patch1:         %{name}-2.3-plugin-man.dif
 Patch5:         %{name}-2.3.0-man-dot.diff
 Patch6:         %{name}-fips140-2.3.2.patch
+Patch7:         openvpn-fips140-AES-cipher-in-config-template.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  gpg-offline
 BuildRequires:  iproute2
 BuildRequires:  lzo-devel
 BuildRequires:  openssl-devel
@@ -133,11 +133,11 @@
 This package provides the header file to build external plugins.
 
 %prep
-%gpg_verify %{S:1}
 %setup -q -n %{name}-%{version}
 %patch1 -p0
 %patch5 -p0
 %patch6 -p1
+%patch7 -p1
 
 sed -e "s|\" __DATE__|$(date '+%b %e %Y' -r version.m4)\"|g" \
     -i src/openvpn/options.c


++++++ openvpn-fips140-AES-cipher-in-config-template.patch ++++++
From: Andreas Stieger <astie...@suse.com>
Date: Thu, 08 Sep 2016 15:23:12 +0200
Subject: Add an example for a FIPS 140-2 approved cipher configuration to the 
sample configuration file
References: bsc#988522 
https://github.com/OpenVPN/openvpn/commit/bde1b90da0db2d68d13d274102986f0ca7096c00
Upstream: no

The 2.3 default is blowfish which does not work in FIPS mode.
This change was done in 2.4, and 2.4 will negotiate AES-256-GCM in TLS mode.

Index: openvpn-2.3.8/sample/sample-config-files/client.conf
===================================================================
--- openvpn-2.3.8.orig/sample/sample-config-files/client.conf   2015-07-17 
07:43:32.000000000 +0200
+++ openvpn-2.3.8/sample/sample-config-files/client.conf        2016-09-08 
15:12:32.650248879 +0200
@@ -111,6 +111,8 @@ remote-cert-tls server
 # If the cipher option is used on the server
 # then you must also specify it here.
 ;cipher x
+# Use a FIPS 140-2 approved cipher in FIPS mode
+;cipher AES-256-CBC   # AES-256
 
 # Enable compression on the VPN link.
 # Don't enable this unless it is also
Index: openvpn-2.3.8/sample/sample-config-files/server.conf
===================================================================
--- openvpn-2.3.8.orig/sample/sample-config-files/server.conf   2015-07-17 
07:43:32.000000000 +0200
+++ openvpn-2.3.8/sample/sample-config-files/server.conf        2016-09-08 
15:11:55.869874892 +0200
@@ -249,6 +249,8 @@ keepalive 10 120
 ;cipher BF-CBC        # Blowfish (default)
 ;cipher AES-128-CBC   # AES
 ;cipher DES-EDE3-CBC  # Triple-DES
+# Use a FIPS 140-2 approved cipher in FIPS mode
+;cipher AES-256-CBC   # AES-256
 
 # Enable compression on the VPN link.
 # If you enable it here, you must also


Reply via email to