[packages/openvpn] Up to 2.5.7.

arekm arekm at pld-linux.org
Thu Jun 16 11:05:24 CEST 2022 

commit 56729e80b580b86c49826e116206b222d89d35ee
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Thu Jun 16 11:05:06 2022 +0200

    Up to 2.5.7.

 ...e-new-EVP_MAC-API-for-HMAC-implementation.patch |   9 +-
 ...penssl-engine-autoconf-option-auto-yes-no.patch | 111 ---------------------
 openvpn.spec                                       |   6 +-
 3 files changed, 6 insertions(+), 120 deletions(-)
---
diff --git a/openvpn.spec b/openvpn.spec
index 84062a4..49bd0de 100644
--- a/openvpn.spec
+++ b/openvpn.spec
@@ -7,12 +7,12 @@
 Summary:	VPN Daemon
 Summary(pl.UTF-8):	Serwer VPN
 Name:		openvpn
-Version:	2.5.6
+Version:	2.5.7
 Release:	1
 License:	GPL v2
 Group:		Networking/Daemons
 Source0:	https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
-# Source0-md5:	3d0717bd3eb498b3dec1277b3a65a0a1
+# Source0-md5:	6893bc6b4cc24b15471408200864ce3f
 Source1:	%{name}.init
 Source2:	%{name}.sysconfig
 Source3:	%{name}.tmpfiles
@@ -28,7 +28,6 @@ Patch102:	0040-Remove-DES-check-with-OpenSSL-3.0.patch
 Patch104:	0044-Don-t-manually-free-DH-params-in-OpenSSL-3.patch
 Patch105:	0045-Do-not-allow-CTS-ciphers.patch
 Patch106:	0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
-Patch107:	0047-Add-with-openssl-engine-autoconf-option-auto-yes-no.patch
 URL:		https://www.openvpn.net/
 BuildRequires:	autoconf >= 2.59
 BuildRequires:	automake >= 1:1.9
@@ -153,7 +152,6 @@ Ten pakiet zawiera pliki nagłówkowe do tworzenia wtyczek OpenVPN.
 %patch104 -p1
 %patch105 -p1
 %patch106 -p1
-%patch107 -p1
 %patch0 -p1
 %patch1 -p1
 
diff --git a/0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch b/0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
index cfc9342..47b7cf1 100644
--- a/0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
+++ b/0046-Use-new-EVP_MAC-API-for-HMAC-implementation.patch
@@ -174,7 +174,7 @@ diff --git a/src/openvpn/crypto_openssl.h b/src/openvpn/crypto_openssl.h
 index 59a31aac..e540a76b 100644
 --- a/src/openvpn/crypto_openssl.h
 +++ b/src/openvpn/crypto_openssl.h
-@@ -47,7 +47,15 @@ typedef EVP_CIPHER_CTX cipher_ctx_t;
+@@ -51,7 +51,16 @@ typedef EVP_CIPHER_CTX cipher_ctx_t;
  typedef EVP_MD_CTX md_ctx_t;
  
  /** Generic HMAC %context. */
@@ -187,9 +187,8 @@ index 59a31aac..e540a76b 100644
 +    EVP_MAC_CTX *ctx;
 +} hmac_ctx_t;
 +#endif
++
  
- /** Maximum length of an IV */
- #define OPENVPN_MAX_IV_LENGTH   EVP_MAX_IV_LENGTH
--- 
-2.33.1
+ #if OPENSSL_VERSION_NUMBER < 0x30000000L
+ /* Use a dummy type for the provider */
 
diff --git a/0047-Add-with-openssl-engine-autoconf-option-auto-yes-no.patch b/0047-Add-with-openssl-engine-autoconf-option-auto-yes-no.patch
deleted file mode 100644
index 64838cb..0000000
--- a/0047-Add-with-openssl-engine-autoconf-option-auto-yes-no.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From 0df2261da192eac74d1c53e99db0ed3f49278986 Mon Sep 17 00:00:00 2001
-From: Arne Schwabe <arne at rfc2549.org>
-Date: Tue, 19 Oct 2021 20:31:08 +0200
-Subject: [PATCH 47/47] Add --with-openssl-engine autoconf option (auto|yes|no)
-
-This allows to select engine support at configure time. For OpenSSL 1.1 the
-default is not changed and we detect if engine support is available.
-
-Engine support is deprecated in OpenSSL 3.0 and for OpenSSL 3.0 the default
-is to disable engine support as engine support is deprecated and generates
-compiler warnings which in turn also break -Werror.
-
-By using --with-openssl-engine=no or --with-openssl-engine=yes engine
-support can be forced on or off. If it is enabled but not detected an
-error will be thown.
-
-This commit cleans up the configure logic a bit and removes the
-ENGINE_cleanup checks as we can just assume that it will be also
-available as macro or function if the other engine functions are
-available. Before the cleanup we would only check for the existance
-of engine.h if ENGINE_cleanup was not found.
-
-Signed-off-by: Arne Schwabe <arne at rfc2549.org>
-Acked-by: Max Fillinger <maximilian.fillinger at foxcrypto.com>
-Message-Id: <20211019183127.614175-3-arne at rfc2549.org>
-URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23000.html
-Signed-off-by: Gert Doering <gert at greenie.muc.de>
----
- configure.ac | 60 ++++++++++++++++++++++++++++++++++++++++------------
- 1 file changed, 47 insertions(+), 13 deletions(-)
-
-diff -urNp -x '*.orig' openvpn-2.5.4.org/configure.ac openvpn-2.5.4/configure.ac
---- openvpn-2.5.4.org/configure.ac	2021-10-05 07:56:34.000000000 +0200
-+++ openvpn-2.5.4/configure.ac	2021-10-29 13:58:00.368661733 +0200
-@@ -281,6 +281,18 @@ AC_ARG_WITH(
- 	[with_crypto_library="openssl"]
- )
- 
-+AC_ARG_WITH(
-+	[openssl-engine],
-+	[AS_HELP_STRING([--with-openssl-engine], [enable engine support with OpenSSL. Default enabled for OpenSSL < 3.0, auto,yes,no @<:@default=auto@:>@])],
-+	[
-+		case "${withval}" in
-+			auto|yes|no) ;;
-+			*) AC_MSG_ERROR([bad value ${withval} for --with-engine]) ;;
-+		esac
-+	],
-+	[with_openssl_engine="auto"]
-+)
-+
- AC_ARG_VAR([PLUGINDIR], [Path of plug-in directory @<:@default=LIBDIR/openvpn/plugins@:>@])
- if test -n "${PLUGINDIR}"; then
- 	plugindir="${PLUGINDIR}"
-@@ -886,22 +898,44 @@ if test "${with_crypto_library}" = "open
- 				   [AC_MSG_ERROR([openssl check failed])]
- 	)
- 
--	have_openssl_engine="yes"
--	AC_CHECK_FUNCS(
--		[ \
-+	if test "${with_openssl_engine}" = "auto"; then
-+	    AC_COMPILE_IFELSE(
-+				    [AC_LANG_PROGRAM(
-+					    [[
-+	    #include <openssl/opensslv.h>
-+					    ]],
-+					    [[
-+	    /*	     Version encoding: MNNFFPPS - see opensslv.h for details */
-+	    #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-+	    #error Engine supported disabled by default in OpenSSL 3.0+
-+	    #endif
-+					    ]]
-+				    )],
-+				    [have_openssl_engine="yes"],
-+				    [have_openssl_engine="no"]
-+	    )
-+	    if test "${have_openssl_engine}" = "yes"; then
-+		AC_CHECK_FUNCS(
-+		    [ \
- 			ENGINE_load_builtin_engines \
- 			ENGINE_register_all_complete \
--			ENGINE_cleanup \
--		],
--		,
--		[have_openssl_engine="no"; break]
--	)
--	if test "${have_openssl_engine}" = "no"; then
--		AC_CHECK_DECL( [ENGINE_cleanup], [have_openssl_engine="yes"],,
--			[[
--				#include <openssl/engine.h>
--			]]
-+		    ],
-+		    ,
-+		    [have_openssl_engine="no"; break]
-+		)
-+	    fi
-+	else
-+	    have_openssl_engine="${with_openssl_engine}"
-+	    if test "${have_openssl_engine}" = "yes"; then
-+		AC_CHECK_FUNCS(
-+		    [ \
-+			ENGINE_load_builtin_engines \
-+			ENGINE_register_all_complete \
-+		    ],
-+		    ,
-+		    [AC_MSG_ERROR([OpenSSL engine support not found])]
- 		)
-+	    fi
- 	fi
- 	if test "${have_openssl_engine}" = "yes"; then
- 		AC_DEFINE([HAVE_OPENSSL_ENGINE], [1], [OpenSSL engine support available])
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/openvpn.git/commitdiff/56729e80b580b86c49826e116206b222d89d35ee

More information about the pld-cvs-commit mailing list