[LEDE-DEV] [PATCH] openvpn: update to 2.4.5

Magnus Kroken mkroken at gmail.com
Fri Mar 2 16:11:07 PST 2018 

Signed-off-by: Magnus Kroken <mkroken at gmail.com>
---
Runtime tested on powerpc/mpc85xx, with mbed TLS.

 package/network/services/openvpn/Makefile          |  6 +++---
 ...100-mbedtls-disable-runtime-version-check.patch |  2 +-
 .../210-build_always_use_internal_lz4.patch        | 24 ++++++++++++++--------
 ...edtls_dont_use_deprecated_sha256_function.patch | 11 ----------
 4 files changed, 19 insertions(+), 24 deletions(-)
 delete mode 100644 package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch

diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile
index ec48e734ff..bab426ac58 100644
--- a/package/network/services/openvpn/Makefile
+++ b/package/network/services/openvpn/Makefile
@@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openvpn
 
-PKG_VERSION:=2.4.4
-PKG_RELEASE:=2
+PKG_VERSION:=2.4.5
+PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=\
 	https://build.openvpn.net/downloads/releases/ \
 	https://swupdate.openvpn.net/community/releases/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=96cd1b8fe1e8cb2920f07c3fd3985faea756e16fdeebd11d3e146d5bd2b04a80
+PKG_HASH:=43c0a363a332350f620d1cd93bb431e082bedbc93d4fb872f758650d53c1d29e
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_MAINTAINER:=Felix Fietkau <nbd at nbd.name>
diff --git a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
index 8209bca4f7..5608fa4430 100644
--- a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
+++ b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
@@ -1,6 +1,6 @@
 --- a/src/openvpn/ssl_mbedtls.c
 +++ b/src/openvpn/ssl_mbedtls.c
-@@ -1336,7 +1336,7 @@ const char *
+@@ -1394,7 +1394,7 @@ const char *
  get_ssl_library_version(void)
  {
      static char mbedtls_version[30];
diff --git a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
index d49e0bf9ec..b3eb7c742a 100644
--- a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
+++ b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
@@ -1,15 +1,17 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1068,62 +1068,15 @@ dnl
+@@ -1077,68 +1077,15 @@ dnl
  AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
  AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
  if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
 -    if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
 -	# if the user did not explicitly specify flags, try to autodetect
 -	PKG_CHECK_MODULES([LZ4],
--			  [liblz4 >= 1.7.1],
+-			  [liblz4 >= 1.7.1 liblz4 < 100],
 -			  [have_lz4="yes"],
--			  [] # If this fails, we will do another test next
+-			  [LZ4_LIBS="-llz4"] # If this fails, we will do another test next.
+-					     # We also add set LZ4_LIBS otherwise the
+-					     # linker will not know about the lz4 library
 -	)
 -    fi
 
@@ -47,20 +49,24 @@
 -	fi
 -    fi
 -
--    # if LZ4_LIBS is set, we assume it will work, otherwise test
--    if test -z "${LZ4_LIBS}"; then
+-    # Double check we have a few needed functions
+-    if test "${have_lz4}" = "yes" ; then
 -	AC_CHECK_LIB([lz4],
--		     [LZ4_compress],
--		     [LZ4_LIBS="-llz4"],
+-		     [LZ4_compress_default],
+-		     [],
+-		     [have_lz4="no"])
+-	AC_CHECK_LIB([lz4],
+-		     [LZ4_decompress_safe],
+-		     [],
 -		     [have_lz4="no"])
 -    fi
 -
 -    if test "${have_lz4}" != "yes" ; then
--	AC_MSG_RESULT([		usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
+-	AC_MSG_RESULT([		usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
 -	AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
 -	LZ4_LIBS=""
 -    fi
-+    AC_MSG_RESULT([		usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
++    AC_MSG_RESULT([		usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
 +    AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
 +    LZ4_LIBS=""
      OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
diff --git a/package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch b/package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch
deleted file mode 100644
index b9201a599a..0000000000
--- a/package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/src/openvpn/ssl_mbedtls.c
-+++ b/src/openvpn/ssl_mbedtls.c
-@@ -803,7 +803,7 @@ tls_ctx_personalise_random(struct tls_ro
-     {
-         mbedtls_x509_crt *cert = ctx->crt_chain;
- 
--        mbedtls_sha256(cert->tbs.p, cert->tbs.len, sha256_hash, false);
-+        mbedtls_sha256_ret(cert->tbs.p, cert->tbs.len, sha256_hash, false);
-         if (0 != memcmp(old_sha256_hash, sha256_hash, sizeof(sha256_hash)))
-         {
-             mbedtls_ctr_drbg_update(cd_ctx, sha256_hash, 32);
-- 
2.11.0

More information about the Lede-dev mailing list