Bug#1006519: openvpn: FTBFS with OpenSSL 3.0

2022-02-28 Thread Sebastian Andrzej Siewior 
On 2022-02-28 17:22:35 [+0100], Bernhard Schmidt wrote:
> If you want to feel free to push this transition ahead, I can either live
> with temporary removal from testing or I will upload a git snapshot.

Thank you for looking into it. And no need to rush. The transistion did
not start yet. Once it does then you may have a new upstream release
ready ;)

Sebastian

Bug#1006519: openvpn: FTBFS with OpenSSL 3.0

2022-02-28 Thread Bernhard Schmidt 

Control: tags -1 + confirmed upstream

OpenSSL 3.0 compatibility is part of OpenVPN 2.6, which is supposed to 
be released next month. See 
https://community.openvpn.net/openvpn/wiki/StatusOfOpenvpn26 .


If you want to feel free to push this transition ahead, I can either 
live with temporary removal from testing or I will upload a git snapshot.

Bug#1006519: openvpn: FTBFS with OpenSSL 3.0

2022-02-26 Thread Sebastian Andrzej Siewior 
Source: openvpn
Version: 2.5.5-1
Severity: important
Tags: bookworm sid
User: pkg-openssl-de...@lists.alioth.debian.org
Usertags: ftbfs-3.0
control: forwarded -1

Your package is failing to build using OpenSSL 3.0 with the
following error:

| Testing cipher CHACHA20-POLY1305... OK
| Testing cipher SEED-CBC... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher SEED-CFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher SEED-OFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
|Testing cipher SM4-CBC... OK
| Testing cipher SM4-CFB... OK
| Testing cipher SM4-OFB... OK
| Testing cipher BF-CBC... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (BF-CBC) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitiga te by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher BF-CFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (BF-CFB) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitiga te by using a 
--cipher with a larger block size (e.g. AES-256-CBC). Support for these 
insecure ciphers will be removed in OpenVPN 2.7.
| 2022-02-26 17:17:22 OpenSSL: error:0308010C:digital envelope 
routines::unsupported
| 2022-02-26 17:17:22 EVP cipher init #1
| 2022-02-26 17:17:22 Exiting due to fatal error
| Testing cipher BF-OFB... FAILED
| 2022-02-26 17:17:22 Cipher negotiation is disabled since neither P2MP client 
nor server mode is enabled
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 library versions: OpenSSL 3.0.1 14 Dec 2021, LZO 2.10
| 2022-02-26 17:17:22 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] 
[LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 21 2022
| 2022-02-26 17:17:22 WARNING: INSECURE cipher (BF-OFB) with block size less 
than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitiga te by using a