diff options
Diffstat (limited to 'net-vpn/networkmanager-openvpn/files/networkmanager-openvpn-1.10.2-openvpn-2.6-compat.patch')
-rw-r--r-- | net-vpn/networkmanager-openvpn/files/networkmanager-openvpn-1.10.2-openvpn-2.6-compat.patch | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/net-vpn/networkmanager-openvpn/files/networkmanager-openvpn-1.10.2-openvpn-2.6-compat.patch b/net-vpn/networkmanager-openvpn/files/networkmanager-openvpn-1.10.2-openvpn-2.6-compat.patch new file mode 100644 index 000000000000..2b8774b412e8 --- /dev/null +++ b/net-vpn/networkmanager-openvpn/files/networkmanager-openvpn-1.10.2-openvpn-2.6-compat.patch @@ -0,0 +1,43 @@ +https://bugs.gentoo.org/909361 +https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/commit/a790374f4c2e9e1657cbb8470357d72d4bd87916 + +From a790374f4c2e9e1657cbb8470357d72d4bd87916 Mon Sep 17 00:00:00 2001 +From: Beniamino Galvani <bgalvani@redhat.com> +Date: Mon, 28 Nov 2022 17:31:38 +0100 +Subject: [PATCH] Revert "service: automatically add the "cipher" to the + "data-ciphers"" + +`--data-ciphers` has a default value of `AES-256-GCM:AES-128-GCM`. If +we overwrite it with the value of `--cipher` we are diverging from +openvpn behavior and this can cause authentication problems. + +https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/112 + +This reverts commit 020ab0c4b872fa5415ed1a5e682acb3343c7b9f3. +--- a/src/nm-openvpn-service.c ++++ b/src/nm-openvpn-service.c +@@ -1676,22 +1676,6 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, + + args_add_vpn_data (args, s_vpn, NM_OPENVPN_KEY_DATA_CIPHERS, "--data-ciphers"); + +- if (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CIPHER) && +- !nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_DATA_CIPHERS) && +- openvpn_binary_detect_version_cached (openvpn_binary, &openvpn_binary_version) >= +- nmovpn_version_encode (2, 5, 0)) { +- /* Since 2.5, openvpn will warn if "cipher" is set but "data-ciphers" doesn't +- * contain the cipher. It still used to automatically add the cipher. +- * Since 2.6, the cipher is no longer automatically added, which is unlikely +- * what the user wants. +- * +- * We automatically add it, so if the user only sets cipher (e.g. when +- * having an old profile or targeting 2.4) it still works. So ciphers +- * means something slightly different for the plugin, unless you set +- * data-ciphers to anything. */ +- args_add_vpn_data (args, s_vpn, NM_OPENVPN_KEY_CIPHER, "--data-ciphers"); +- } +- + args_add_vpn_data (args, s_vpn, NM_OPENVPN_KEY_TLS_CIPHER, "--tls-cipher"); + + tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEYSIZE); +-- +GitLab |