[Bug 2097688] Re: [BPO] Backport Noble version to Jammy

Simon Quigley 2097688 at bugs.launchpad.net
Sun Feb 9 21:53:24 UTC 2025 

Hey Jorge, thanks for the patch!

Could you please separate out the histories for 24.04 and 22.04?
Meaning, changelog entries with a 24.04 suffix should not go into 22.04.
This may make the diff quite large; in this case, it would be helpful to
provide a diff against
https://launchpad.net/ubuntu/+source/openvpn/2.6.12-1ubuntu1 as well, to
gauge any changes specific to the stable release.

Thanks for your efforts here! Please resubscribe ~ubuntu-sponsors to the
bug once you've attached those diffs.

** Also affects: openvpn (Ubuntu Jammy)
   Importance: Undecided
       Status: New

** Changed in: openvpn (Ubuntu)
       Status: New => Fix Released

** Changed in: openvpn (Ubuntu Jammy)
       Status: New => Confirmed

** Changed in: openvpn (Ubuntu)
   Importance: Undecided => Wishlist

** Changed in: openvpn (Ubuntu Jammy)
   Importance: Undecided => Wishlist

** Changed in: openvpn (Ubuntu Jammy)
     Assignee: (unassigned) => Jorge Merlino (jorge-merlino)

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2097688

Title:
  [BPO] Backport Noble version to Jammy

Status in openvpn package in Ubuntu:
  Fix Released
Status in openvpn source package in Jammy:
  Confirmed

Bug description:
  [Impact]

  Currently openvpn in Jammy is broken when FIPS is enabled. The TL;DR reason is that openvpn 2.5 does not support openssl 3 very well. There were a number of fixes in openvpn 2.6 to fix this.
  Explaining a bit more the basic issue is that openssl 3 does not allow the use of the MD5 algorithm for random number generation in FIPS mode and openvpn 2.5 is still using it (LP bug #2091575). There are also other issues, for example that openvpn sees no available ciphers when FIPS is enabled which can be easily tested as running 

  openvpn --show-ciphers

  returns nothing (LP bug #2077769).
  I have a patch for openvpn 2.5 to fix this which I tried to SRU in bug #2077769 but failed to get sponsored as it is a significant change. The sponsor suggested backporting instead as the issue does not affect non-FIPS systems and so they can keep using the current package.

  [Scope]

  From Noble (2.6.12-0ubuntu0.24.04.1) to Jammy (currently
  2.5.11-0ubuntu0.22.04.1)

  [Other Info]
   
  My original SRU patch also fixed bug #2086809. This is not a code patch as only affects package testing. This should be SRUd by itself.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openvpn/+bug/2097688/+subscriptions

More information about the Ubuntu-sponsors mailing list