Bug 30599

Summary: Missing files in openvpn package (contrib/pull-resolv-conf)
Product: Mageia Reporter: Dimitrios Glentadakis <dglent>
Component: RPM PackagesAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: minor    
Priority: Normal CC: andrewsfarm, bruno, davidwhodgins, herman.viaene, sysadmin-bugs
Version: 8Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
URL: https://www.expressvpn.com/support/vpn-setup/manual-config-for-linux-with-openvpn/#install
Whiteboard: MGA8-64-OK
Source RPM: openvpn-2.5.0-2.2.mga8.src.rpm CVE:
Status comment:

Description Dimitrios Glentadakis 2022-07-03 09:35:10 CEST 
I want to use openvpn with expressvpn

I follow this guide for Fedora:
https://www.expressvpn.com/support/vpn-setup/manual-config-for-linux-with-openvpn/#install

and at this step:
"To configure DNS, enter the following:

$ sudo cp /usr/share/doc/openvpn/contrib/pull-resolv-conf/client.{up,down} /etc/openvpn/
"
i don't have the folder /usr/share/doc/openvpn/contrib at all
It is possible to add this folder in the rpm package ? (it is present in source tarball)

I added manually the files and i applied this Feodra guide with success

Thanks
Bruno Cornec 2022-07-05 17:39:56 CEST

Status: NEW => ASSIGNED
CC: (none) => bruno

Comment 1 Bruno Cornec 2022-07-05 18:40:01 CEST 
Fixed for cauldron in 2.5.7-2 just pushed. This will be available then in future relases as well.
Comment 2 Bruno Cornec 2022-07-05 19:29:38 CEST 
Same update pushed to updates_testing for mga8 as well.
Assigning to QA team, but unsure as it's not a security issue.
Feel ree to reassign and push to real updates.

Assignee: bruno.cornec => qa-bugs

Comment 3 Dimitrios Glentadakis 2022-07-06 06:19:25 CEST 
Thanks a lot Bruno
Comment 4 Herman Viaene 2022-07-06 11:29:26 CEST 
Is it openvpn-2.5.0-2.3.mga8 we have to look for???? I don't find a 2.5.7-2.

CC: (none) => herman.viaene

Comment 5 Herman Viaene 2022-07-06 11:53:08 CEST 
MGA8-64 Plasma on Acer Aspire 5253
No installation issues
Relying on Brian's previous test in bug 29007 and 26558, I run the same commands with ample similar results.
One difference:
# openvpn --genkey --secret key
2022-07-06 11:47:43 WARNING: Using --genkey --secret filename is DEPRECATED.  Use --genkey secret filename instead.
but
# openvpn --test-crypto secret key
apparently did the trick since
# openvpn --test-crypto --secret key | more
2022-07-06 11:49:27 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
2022-07-06 11:49:27 OpenVPN 2.5.0 x86_64-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Ju
l  5 2022
2022-07-06 11:49:27 library versions: OpenSSL 1.1.1p  21 Jun 2022, LZO 2.10
2022-07-06 11:49:27 OpenVPN 2.5.0 x86_64-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Ju
l  5 2022
2022-07-06 11:49:27 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  
Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVP
N 2.6.
2022-07-06 11:49:27 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  
Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVP
N 2.6.
2022-07-06 11:49:27 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  
Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVP
N 2.6.
2022-07-06 11:49:27 Entering OpenVPN crypto self-test mode.
2022-07-06 11:49:27 TESTING ENCRYPT/DECRYPT of packet length=1
2022-07-06 11:49:27 TESTING ENCRYPT/DECRYPT of packet length=2
and loads more ...........
with at the end
2022-07-06 11:51:12 OpenVPN crypto self-test mode SUCCEEDED.
So OK'ing based on Brian's superior knowledge of the subject, compared to mine.

Whiteboard: (none) => MGA8-64-OK

Comment 6 Thomas Andrews 2022-07-06 14:47:05 CEST 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-07-12 01:38:05 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 7 Mageia Robot 2022-07-12 10:33:33 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2022-0097.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED