From 0d85c7a4b77d7841435ae1ea6f3c70640f4e974b Mon Sep 17 00:00:00 2001
From: Bernhard Schmidt <berni@debian.org>
Date: Sat, 15 Aug 2020 21:59:32 +0200
Subject: Adjust patches for new major upstream version

---
 debian/patches/auth-pam_libpam_so_filename.patch   |  2 +-
 .../patches/debian_nogroup_for_sample_files.patch  | 26 -----------
 debian/patches/fix-openssl-error.patch             | 51 ---------------------
 debian/patches/series                              |  4 +-
 debian/patches/spelling_errors.patch               | 53 ----------------------
 5 files changed, 2 insertions(+), 134 deletions(-)
 delete mode 100644 debian/patches/fix-openssl-error.patch
 delete mode 100644 debian/patches/spelling_errors.patch

diff --git a/debian/patches/auth-pam_libpam_so_filename.patch b/debian/patches/auth-pam_libpam_so_filename.patch
index 2e7e5c4..336ccd4 100644
--- a/debian/patches/auth-pam_libpam_so_filename.patch
+++ b/debian/patches/auth-pam_libpam_so_filename.patch
@@ -6,7 +6,7 @@ Index: trunk/src/plugins/auth-pam/auth-pam.c
 --- trunk.orig/src/plugins/auth-pam/auth-pam.c
 +++ trunk/src/plugins/auth-pam/auth-pam.c
 @@ -716,7 +716,7 @@ pam_server(int fd, const char *service,
-     struct user_pass up;
+     char ac_file_name[PATH_MAX];
      int command;
  #ifdef USE_PAM_DLOPEN
 -    static const char pam_so[] = "libpam.so";
diff --git a/debian/patches/debian_nogroup_for_sample_files.patch b/debian/patches/debian_nogroup_for_sample_files.patch
index f7dcaaa..3660453 100644
--- a/debian/patches/debian_nogroup_for_sample_files.patch
+++ b/debian/patches/debian_nogroup_for_sample_files.patch
@@ -23,32 +23,6 @@ Index: openvpn/sample/sample-config-files/tls-home.conf
  # for extra security.
  ; user nobody
 -; group nobody
-+; group nogroup
- 
- # If you built OpenVPN with
- # LZO compression, uncomment
-Index: openvpn/sample/sample-config-files/static-home.conf
-===================================================================
---- openvpn.orig/sample/sample-config-files/static-home.conf	2016-11-21 09:53:43.608863207 +0100
-+++ openvpn/sample/sample-config-files/static-home.conf	2016-11-21 09:53:43.608863207 +0100
-@@ -43,7 +43,7 @@
- # "nobody" after initialization
- # for extra security.
- ; user nobody
--; group nobody
-+; group nogroup
- 
- # If you built OpenVPN with
- # LZO compression, uncomment
-Index: openvpn/sample/sample-config-files/static-office.conf
-===================================================================
---- openvpn.orig/sample/sample-config-files/static-office.conf	2016-11-21 09:53:43.608863207 +0100
-+++ openvpn/sample/sample-config-files/static-office.conf	2016-11-21 09:53:43.608863207 +0100
-@@ -40,7 +40,7 @@
- # "nobody" after initialization
- # for extra security.
- ; user nobody
--; group nobody
 +; group nogroup
  
  # If you built OpenVPN with
diff --git a/debian/patches/fix-openssl-error.patch b/debian/patches/fix-openssl-error.patch
deleted file mode 100644
index 566d7e6..0000000
--- a/debian/patches/fix-openssl-error.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-In the corner case that the global OpenSSL has an invalid command like
-
-	MinProtocol = TLSv1.0
-
-(Due to OpenSSL's idiosyncrasies MinProtocol = TLSv1 would be correct)
-
-the SSL_ctx_new function leaves the errors for parsing the config file
-on the stack.
-
-OpenSSL: error:14187180:SSL routines:ssl_do_config:bad value
-
-Since the later functions, especially the one of loading the
-certificates expected a clean error this error got reported at the
-wrong place.
-
-Print the warnings with crypto_msg when we detect that we are in this
-situation (this also clears the stack).
----
- src/openvpn/ssl_openssl.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
-index 5955c6bd..555cbbdf 100644
---- a/src/openvpn/ssl_openssl.c
-+++ b/src/openvpn/ssl_openssl.c
-@@ -115,6 +115,11 @@ tls_ctx_server_new(struct tls_root_ctx *ctx)
-     {
-         crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_server_method");
-     }
-+    if (ERR_peek_error() != 0)
-+    {
-+        crypto_msg(M_WARN, "Warning: TLS server context initialisation "
-+                   "has warnings.");
-+    }
- }
- 
- void
-@@ -128,6 +133,11 @@ tls_ctx_client_new(struct tls_root_ctx *ctx)
-     {
-         crypto_msg(M_FATAL, "SSL_CTX_new SSLv23_client_method");
-     }
-+    if (ERR_peek_error() != 0)
-+    {
-+        crypto_msg(M_WARN, "Warning: TLS client context initialisation "
-+                   "has warnings.");
-+    }
- }
- 
- void
--- 
-2.26.0
diff --git a/debian/patches/series b/debian/patches/series
index 6ef394c..55bae8e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,8 +2,6 @@ move_log_dir.patch
 auth-pam_libpam_so_filename.patch
 debian_nogroup_for_sample_files.patch
 openvpn-pkcs11warn.patch
-kfreebsd_support.patch
+#kfreebsd_support.patch
 match-manpage-and-command-help.patch
-spelling_errors.patch
 systemd.patch
-fix-openssl-error.patch
diff --git a/debian/patches/spelling_errors.patch b/debian/patches/spelling_errors.patch
deleted file mode 100644
index cac36d3..0000000
--- a/debian/patches/spelling_errors.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Description: correct tspelling errors
-Author: Jörg Frings-Fürst <debian@jff.email>
-Last-Update: 2018-07-29
----
-This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
-Index: trunk/src/openvpn/buffer.c
-===================================================================
---- trunk.orig/src/openvpn/buffer.c
-+++ trunk/src/openvpn/buffer.c
-@@ -44,7 +44,7 @@ array_mult_safe(const size_t m1, const s
-     unsigned long long res = (unsigned long long)m1 * (unsigned long long)m2 + (unsigned long long)extra;
-     if (unlikely(m1 > limit) || unlikely(m2 > limit) || unlikely(extra > limit) || unlikely(res > (unsigned long long)limit))
-     {
--        msg(M_FATAL, "attemped allocation of excessively large array");
-+        msg(M_FATAL, "attempted allocation of excessively large array");
-     }
-     return (size_t) res;
- }
-Index: trunk/src/openvpn/options.c
-===================================================================
---- trunk.orig/src/openvpn/options.c
-+++ trunk/src/openvpn/options.c
-@@ -448,7 +448,7 @@ static const char usage_message[] =
-     "                  user/pass via environment, if method='via-file', pass\n"
-     "                  user/pass via temporary file.\n"
-     "--auth-gen-token  [lifetime] Generate a random authentication token which is pushed\n"
--    "                  to each client, replacing the password.  Usefull when\n"
-+    "                  to each client, replacing the password.  Useful when\n"
-     "                  OTP based two-factor auth mechanisms are in use and\n"
-     "                  --reneg-* options are enabled. Optionally a lifetime in seconds\n"
-     "                  for generated tokens can be set.\n"
-Index: trunk/doc/openvpn.8
-===================================================================
---- trunk.orig/doc/openvpn.8
-+++ trunk/doc/openvpn.8
-@@ -2181,7 +2181,7 @@ that
- is parsed on the command line even though
- the daemonization point occurs later.  If one of the
- .B \-\-log
--options is present, it will supercede syslog
-+options is present, it will supersede syslog
- redirection.
- 
- The optional
-@@ -2292,7 +2292,7 @@ If
- already exists it will be truncated.
- This option takes effect
- immediately when it is parsed in the command line
--and will supercede syslog output if
-+and will supersede syslog output if
- .B \-\-daemon
- or
- .B \-\-inetd
-- 
cgit v1.2.3