openvpn: update to 2.4.5
authorMagnus Kroken <mkroken@gmail.com>
Sat, 3 Mar 2018 00:11:07 +0000 (01:11 +0100)
committerHauke Mehrtens <hauke@hauke-m.de>
Fri, 9 Mar 2018 21:13:21 +0000 (22:13 +0100)
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
package/network/services/openvpn/Makefile
package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch [deleted file]

index ec48e734ff6ba6fe0739424ebd9764605f75c997..bab426ac58b057ce547e051825b3d08ed4b06544 100644 (file)
@@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openvpn
 
-PKG_VERSION:=2.4.4
-PKG_RELEASE:=2
+PKG_VERSION:=2.4.5
+PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=\
        https://build.openvpn.net/downloads/releases/ \
        https://swupdate.openvpn.net/community/releases/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=96cd1b8fe1e8cb2920f07c3fd3985faea756e16fdeebd11d3e146d5bd2b04a80
+PKG_HASH:=43c0a363a332350f620d1cd93bb431e082bedbc93d4fb872f758650d53c1d29e
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
index 8209bca4f722c9c6f8026e202d6be697018c0057..5608fa4430fc6cd586c30ce0dfa81e71bf1186cd 100644 (file)
@@ -1,6 +1,6 @@
 --- a/src/openvpn/ssl_mbedtls.c
 +++ b/src/openvpn/ssl_mbedtls.c
-@@ -1336,7 +1336,7 @@ const char *
+@@ -1394,7 +1394,7 @@ const char *
  get_ssl_library_version(void)
  {
      static char mbedtls_version[30];
index d49e0bf9ec9f46df6a041a494059ea92cbdb8727..b3eb7c742af61a7b5ba0aa9f1c0abac41f97d66f 100644 (file)
@@ -1,15 +1,17 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1068,62 +1068,15 @@ dnl
+@@ -1077,68 +1077,15 @@ dnl
  AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
  AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
  if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
 -    if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
 -      # if the user did not explicitly specify flags, try to autodetect
 -      PKG_CHECK_MODULES([LZ4],
--                        [liblz4 >= 1.7.1],
+-                        [liblz4 >= 1.7.1 liblz4 < 100],
 -                        [have_lz4="yes"],
--                        [] # If this fails, we will do another test next
+-                        [LZ4_LIBS="-llz4"] # If this fails, we will do another test next.
+-                                           # We also add set LZ4_LIBS otherwise the
+-                                           # linker will not know about the lz4 library
 -      )
 -    fi
 
 -      fi
 -    fi
 -
--    # if LZ4_LIBS is set, we assume it will work, otherwise test
--    if test -z "${LZ4_LIBS}"; then
+-    # Double check we have a few needed functions
+-    if test "${have_lz4}" = "yes" ; then
 -      AC_CHECK_LIB([lz4],
--                   [LZ4_compress],
--                   [LZ4_LIBS="-llz4"],
+-                   [LZ4_compress_default],
+-                   [],
+-                   [have_lz4="no"])
+-      AC_CHECK_LIB([lz4],
+-                   [LZ4_decompress_safe],
+-                   [],
 -                   [have_lz4="no"])
 -    fi
 -
 -    if test "${have_lz4}" != "yes" ; then
--      AC_MSG_RESULT([         usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
+-      AC_MSG_RESULT([         usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
 -      AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
 -      LZ4_LIBS=""
 -    fi
-+    AC_MSG_RESULT([           usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
++    AC_MSG_RESULT([           usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
 +    AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
 +    LZ4_LIBS=""
      OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
diff --git a/package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch b/package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch
deleted file mode 100644 (file)
index b9201a5..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/src/openvpn/ssl_mbedtls.c
-+++ b/src/openvpn/ssl_mbedtls.c
-@@ -803,7 +803,7 @@ tls_ctx_personalise_random(struct tls_ro
-     {
-         mbedtls_x509_crt *cert = ctx->crt_chain;
--        mbedtls_sha256(cert->tbs.p, cert->tbs.len, sha256_hash, false);
-+        mbedtls_sha256_ret(cert->tbs.p, cert->tbs.len, sha256_hash, false);
-         if (0 != memcmp(old_sha256_hash, sha256_hash, sizeof(sha256_hash)))
-         {
-             mbedtls_ctr_drbg_update(cd_ctx, sha256_hash, 32);