commit 56729e80b580b86c49826e116206b222d89d35ee
Author: Arkadiusz Miśkiewicz <[email protected]>
Date: Thu Jun 16 11:05:06 2022 +0200
Up to 2.5.7.
...e-new-EVP_MAC-API-for-HMAC-implementation.patch | 9 +-
...penssl-engine-autoconf-option-auto-yes-no.patch | 111 ---------------------
openvpn.spec | 6 +-
3 files changed, 6 insertions(+), 120 deletions(-)
---
diff --git a/openvpn.spec b/openvpn.spec
index 84062a4..49bd0de 100644
--- a/openvpn.spec
+++ b/openvpn.spec
@@ -7,12 +7,12 @@
Summary: VPN Daemon
Summary(pl.UTF-8): Serwer VPN
Name: openvpn
-Version: 2.5.6
+Version: 2.5.7
Release: 1
License: GPL v2
Group: Networking/Daemons
Source0:
https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
-# Source0-md5: 3d0717bd3eb498b3dec1277b3a65a0a1
+# Source0-md5: 6893bc6b4cc24b15471408200864ce3f
Source1: %{name}.init
Source2: %{name}.sysconfig
Source3: %{name}.tmpfiles
@@ -28,7 +28,6 @@ Patch102: 0040-Remove-DES-check-with-OpenSSL-3.0.patch
Patch104: 0044-Don-t-manually-free-DH-params-in-OpenSSL-3.patch
Patch105: 0045-Do-not-allow-CTS-ciphers.patch
Patch106: 0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
-Patch107: 0047-Add-with-openssl-engine-autoconf-option-auto-yes-no.patch
URL: https://www.openvpn.net/
BuildRequires: autoconf >= 2.59
BuildRequires: automake >= 1:1.9
@@ -153,7 +152,6 @@ Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek
OpenVPN.
%patch104 -p1
%patch105 -p1
%patch106 -p1
-%patch107 -p1
%patch0 -p1
%patch1 -p1
diff --git a/0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
b/0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
index cfc9342..47b7cf1 100644
--- a/0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
+++ b/0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
@@ -174,7 +174,7 @@ diff --git a/src/openvpn/crypto_openssl.h
b/src/openvpn/crypto_openssl.h
index 59a31aac..e540a76b 100644
--- a/src/openvpn/crypto_openssl.h
+++ b/src/openvpn/crypto_openssl.h
-@@ -47,7 +47,15 @@ typedef EVP_CIPHER_CTX cipher_ctx_t;
+@@ -51,7 +51,16 @@ typedef EVP_CIPHER_CTX cipher_ctx_t;
typedef EVP_MD_CTX md_ctx_t;
/** Generic HMAC %context. */
@@ -187,9 +187,8 @@ index 59a31aac..e540a76b 100644
+ EVP_MAC_CTX *ctx;
+} hmac_ctx_t;
+#endif
++
- /** Maximum length of an IV */
- #define OPENVPN_MAX_IV_LENGTH EVP_MAX_IV_LENGTH
---
-2.33.1
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
+ /* Use a dummy type for the provider */
diff --git a/0047-Add-with-openssl-engine-autoconf-option-auto-yes-no.patch
b/0047-Add-with-openssl-engine-autoconf-option-auto-yes-no.patch
deleted file mode 100644
index 64838cb..0000000
--- a/0047-Add-with-openssl-engine-autoconf-option-auto-yes-no.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From 0df2261da192eac74d1c53e99db0ed3f49278986 Mon Sep 17 00:00:00 2001
-From: Arne Schwabe <[email protected]>
-Date: Tue, 19 Oct 2021 20:31:08 +0200
-Subject: [PATCH 47/47] Add --with-openssl-engine autoconf option (auto|yes|no)
-
-This allows to select engine support at configure time. For OpenSSL 1.1 the
-default is not changed and we detect if engine support is available.
-
-Engine support is deprecated in OpenSSL 3.0 and for OpenSSL 3.0 the default
-is to disable engine support as engine support is deprecated and generates
-compiler warnings which in turn also break -Werror.
-
-By using --with-openssl-engine=no or --with-openssl-engine=yes engine
-support can be forced on or off. If it is enabled but not detected an
-error will be thown.
-
-This commit cleans up the configure logic a bit and removes the
-ENGINE_cleanup checks as we can just assume that it will be also
-available as macro or function if the other engine functions are
-available. Before the cleanup we would only check for the existance
-of engine.h if ENGINE_cleanup was not found.
-
-Signed-off-by: Arne Schwabe <[email protected]>
-Acked-by: Max Fillinger <[email protected]>
-Message-Id: <[email protected]>
-URL:
https://www.mail-archive.com/[email protected]/msg23000.html
-Signed-off-by: Gert Doering <[email protected]>
----
- configure.ac | 60 ++++++++++++++++++++++++++++++++++++++++------------
- 1 file changed, 47 insertions(+), 13 deletions(-)
-
-diff -urNp -x '*.orig' openvpn-2.5.4.org/configure.ac
openvpn-2.5.4/configure.ac
---- openvpn-2.5.4.org/configure.ac 2021-10-05 07:56:34.000000000 +0200
-+++ openvpn-2.5.4/configure.ac 2021-10-29 13:58:00.368661733 +0200
-@@ -281,6 +281,18 @@ AC_ARG_WITH(
- [with_crypto_library="openssl"]
- )
-
-+AC_ARG_WITH(
-+ [openssl-engine],
-+ [AS_HELP_STRING([--with-openssl-engine], [enable engine support with
OpenSSL. Default enabled for OpenSSL < 3.0, auto,yes,no @<:@default=auto@:>@])],
-+ [
-+ case "${withval}" in
-+ auto|yes|no) ;;
-+ *) AC_MSG_ERROR([bad value ${withval} for
--with-engine]) ;;
-+ esac
-+ ],
-+ [with_openssl_engine="auto"]
-+)
-+
- AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory
@<:@default=LIBDIR/openvpn/plugins@:>@])
- if test -n "${PLUGINDIR}"; then
- plugindir="${PLUGINDIR}"
-@@ -886,22 +898,44 @@ if test "${with_crypto_library}" = "open
- [AC_MSG_ERROR([openssl check failed])]
- )
-
-- have_openssl_engine="yes"
-- AC_CHECK_FUNCS(
-- [ \
-+ if test "${with_openssl_engine}" = "auto"; then
-+ AC_COMPILE_IFELSE(
-+ [AC_LANG_PROGRAM(
-+ [[
-+ #include <openssl/opensslv.h>
-+ ]],
-+ [[
-+ /* Version encoding: MNNFFPPS - see opensslv.h for details */
-+ #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-+ #error Engine supported disabled by default in OpenSSL 3.0+
-+ #endif
-+ ]]
-+ )],
-+ [have_openssl_engine="yes"],
-+ [have_openssl_engine="no"]
-+ )
-+ if test "${have_openssl_engine}" = "yes"; then
-+ AC_CHECK_FUNCS(
-+ [ \
- ENGINE_load_builtin_engines \
- ENGINE_register_all_complete \
-- ENGINE_cleanup \
-- ],
-- ,
-- [have_openssl_engine="no"; break]
-- )
-- if test "${have_openssl_engine}" = "no"; then
-- AC_CHECK_DECL( [ENGINE_cleanup], [have_openssl_engine="yes"],,
-- [[
-- #include <openssl/engine.h>
-- ]]
-+ ],
-+ ,
-+ [have_openssl_engine="no"; break]
-+ )
-+ fi
-+ else
-+ have_openssl_engine="${with_openssl_engine}"
-+ if test "${have_openssl_engine}" = "yes"; then
-+ AC_CHECK_FUNCS(
-+ [ \
-+ ENGINE_load_builtin_engines \
-+ ENGINE_register_all_complete \
-+ ],
-+ ,
-+ [AC_MSG_ERROR([OpenSSL engine support not found])]
- )
-+ fi
- fi
- if test "${have_openssl_engine}" = "yes"; then
- AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [OpenSSL engine support
available])
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/openvpn.git/commitdiff/56729e80b580b86c49826e116206b222d89d35ee
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
