Thanks for the work on this one, Jorge!
Unfortunately, I don't feel comfortable uploading this as it is. Those
are big refactors from upstream, and they've gone through multiple
rounds of revisions (one of the patches even goes up to v6). I'd be ok
dropping this LP from the next openvpn upload, so we can get the fix for
bug 2077769 first or rework this to be more SRU appropriate.
Essentially, I'm concerned of introducing way too significant changes to
be evaluated in the context of the LP bugs, and worry that we could
sneak in a regression from these intermediate patches.
My suggestions for moving this forward would be having detailed steps
for testing these patches from upstream (not only the functional
result), as well as detailed backport notes in them (as I've noticed not
all are clean cherry-picks). I'd also double-check if we need to
actually pull in all four patches, or if we could get away with a
simpler/different backport of the fix (which seems to be "06f6cf3 Prefer
TLS libraries TLS PRF function, fix OpenVPN in FIPS mode"). What do you
think?
** Changed in: openvpn (Ubuntu Jammy)
Status: In Progress => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2091575
Title:
Message hash algorithm 'MD5' not found on FIPS system
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2091575/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
