PKG_NAME:=openvpn
-PKG_VERSION:=2.4.4
-PKG_RELEASE:=2
+PKG_VERSION:=2.4.5
+PKG_RELEASE:=1
PKG_SOURCE_URL:=\
https://build.openvpn.net/downloads/releases/ \
https://swupdate.openvpn.net/community/releases/
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=96cd1b8fe1e8cb2920f07c3fd3985faea756e16fdeebd11d3e146d5bd2b04a80
+PKG_HASH:=43c0a363a332350f620d1cd93bb431e082bedbc93d4fb872f758650d53c1d29e
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
--- a/configure.ac
+++ b/configure.ac
-@@ -1068,62 +1068,15 @@ dnl
+@@ -1077,68 +1077,15 @@ dnl
AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
- if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
- # if the user did not explicitly specify flags, try to autodetect
- PKG_CHECK_MODULES([LZ4],
-- [liblz4 >= 1.7.1],
+- [liblz4 >= 1.7.1 liblz4 < 100],
- [have_lz4="yes"],
-- [] # If this fails, we will do another test next
+- [LZ4_LIBS="-llz4"] # If this fails, we will do another test next.
+- # We also add set LZ4_LIBS otherwise the
+- # linker will not know about the lz4 library
- )
- fi
- fi
- fi
-
-- # if LZ4_LIBS is set, we assume it will work, otherwise test
-- if test -z "${LZ4_LIBS}"; then
+- # Double check we have a few needed functions
+- if test "${have_lz4}" = "yes" ; then
- AC_CHECK_LIB([lz4],
-- [LZ4_compress],
-- [LZ4_LIBS="-llz4"],
+- [LZ4_compress_default],
+- [],
+- [have_lz4="no"])
+- AC_CHECK_LIB([lz4],
+- [LZ4_decompress_safe],
+- [],
- [have_lz4="no"])
- fi
-
- if test "${have_lz4}" != "yes" ; then
-- AC_MSG_RESULT([ usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
+- AC_MSG_RESULT([ usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
- AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
- LZ4_LIBS=""
- fi
-+ AC_MSG_RESULT([ usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
++ AC_MSG_RESULT([ usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
+ AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
+ LZ4_LIBS=""
OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
+++ /dev/null
---- a/src/openvpn/ssl_mbedtls.c
-+++ b/src/openvpn/ssl_mbedtls.c
-@@ -803,7 +803,7 @@ tls_ctx_personalise_random(struct tls_ro
- {
- mbedtls_x509_crt *cert = ctx->crt_chain;
-
-- mbedtls_sha256(cert->tbs.p, cert->tbs.len, sha256_hash, false);
-+ mbedtls_sha256_ret(cert->tbs.p, cert->tbs.len, sha256_hash, false);
- if (0 != memcmp(old_sha256_hash, sha256_hash, sizeof(sha256_hash)))
- {
- mbedtls_ctr_drbg_update(cd_ctx, sha256_hash, 32);