Bug 30599 - Missing files in openvpn package (contrib/pull-resolv-conf)
Summary: Missing files in openvpn package (contrib/pull-resolv-conf)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 8
Hardware: x86_64 Linux
Priority: Normal minor
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: https://www.expressvpn.com/support/vp...
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2022-07-03 09:35 CEST by Dimitrios Glentadakis
Modified: 2022-07-12 10:33 CEST (History)
5 users (show)

See Also:
Source RPM: openvpn-2.5.0-2.2.mga8.src.rpm
CVE:
Status comment:


Attachments

Description Dimitrios Glentadakis 2022-07-03 09:35:10 CEST
I want to use openvpn with expressvpn

I follow this guide for Fedora:
https://www.expressvpn.com/support/vpn-setup/manual-config-for-linux-with-openvpn/#install

and at this step:
"To configure DNS, enter the following:

$ sudo cp /usr/share/doc/openvpn/contrib/pull-resolv-conf/client.{up,down} /etc/openvpn/
"
i don't have the folder /usr/share/doc/openvpn/contrib at all
It is possible to add this folder in the rpm package ? (it is present in source tarball)

I added manually the files and i applied this Feodra guide with success

Thanks
Bruno Cornec 2022-07-05 17:39:56 CEST

Status: NEW => ASSIGNED
CC: (none) => bruno

Comment 1 Bruno Cornec 2022-07-05 18:40:01 CEST
Fixed for cauldron in 2.5.7-2 just pushed. This will be available then in future relases as well.
Comment 2 Bruno Cornec 2022-07-05 19:29:38 CEST
Same update pushed to updates_testing for mga8 as well.
Assigning to QA team, but unsure as it's not a security issue.
Feel ree to reassign and push to real updates.

Assignee: bruno.cornec => qa-bugs

Comment 3 Dimitrios Glentadakis 2022-07-06 06:19:25 CEST
Thanks a lot Bruno
Comment 4 Herman Viaene 2022-07-06 11:29:26 CEST
Is it openvpn-2.5.0-2.3.mga8 we have to look for???? I don't find a 2.5.7-2.

CC: (none) => herman.viaene

Comment 5 Herman Viaene 2022-07-06 11:53:08 CEST
MGA8-64 Plasma on Acer Aspire 5253
No installation issues
Relying on Brian's previous test in bug 29007 and 26558, I run the same commands with ample similar results.
One difference:
# openvpn --genkey --secret key
2022-07-06 11:47:43 WARNING: Using --genkey --secret filename is DEPRECATED.  Use --genkey secret filename instead.
but
# openvpn --test-crypto secret key
apparently did the trick since
# openvpn --test-crypto --secret key | more
2022-07-06 11:49:27 Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
2022-07-06 11:49:27 OpenVPN 2.5.0 x86_64-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Ju
l  5 2022
2022-07-06 11:49:27 library versions: OpenSSL 1.1.1p  21 Jun 2022, LZO 2.10
2022-07-06 11:49:27 OpenVPN 2.5.0 x86_64-mageia-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Ju
l  5 2022
2022-07-06 11:49:27 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  
Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVP
N 2.6.
2022-07-06 11:49:27 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  
Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVP
N 2.6.
2022-07-06 11:49:27 WARNING: INSECURE cipher (BF-CBC) with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  
Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC). Support for these insecure ciphers will be removed in OpenVP
N 2.6.
2022-07-06 11:49:27 Entering OpenVPN crypto self-test mode.
2022-07-06 11:49:27 TESTING ENCRYPT/DECRYPT of packet length=1
2022-07-06 11:49:27 TESTING ENCRYPT/DECRYPT of packet length=2
and loads more ...........
with at the end
2022-07-06 11:51:12 OpenVPN crypto self-test mode SUCCEEDED.
So OK'ing based on Brian's superior knowledge of the subject, compared to mine.

Whiteboard: (none) => MGA8-64-OK

Comment 6 Thomas Andrews 2022-07-06 14:47:05 CEST
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2022-07-12 01:38:05 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 7 Mageia Robot 2022-07-12 10:33:33 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2022-0097.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.