aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/openvpn/patches
diff options
context:
space:
mode:
authorMagnus Kroken <mkroken@gmail.com>2016-12-10 12:11:33 +0100
committerFelix Fietkau <nbd@nbd.name>2016-12-22 16:42:18 +0100
commit13592c14541b6dbd9e572b68f30b38fe9788f23f (patch)
tree990efdd8ced61f7024a837069fe9ec6731944c74 /package/network/services/openvpn/patches
parentf67867adb054e16a73c5f644e5bdf77e64eaddcf (diff)
downloadupstream-13592c14541b6dbd9e572b68f30b38fe9788f23f.tar.gz
upstream-13592c14541b6dbd9e572b68f30b38fe9788f23f.tar.bz2
upstream-13592c14541b6dbd9e572b68f30b38fe9788f23f.zip
openvpn: update to 2.4_rc2
OpenVPN 2.4 builds with mbedTLS 2.x, rename openvpn-polarssl variant to openvpn-mbedtls. Some feature highlights: * Data channel cipher negotiation * AEAD cipher support for data channel encryption (currently only * AES-GCM) * ECDH key exchange for control channel * LZ4 compression support See https://github.com/OpenVPN/openvpn/blob/master/Changes.rst for additional change notes. Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Diffstat (limited to 'package/network/services/openvpn/patches')
-rw-r--r--package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch8
-rw-r--r--package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch11
-rw-r--r--package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch11
-rw-r--r--package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch33
-rw-r--r--package/network/services/openvpn/patches/200-small_build_enable_occ.patch2
-rw-r--r--package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch41
6 files changed, 57 insertions, 49 deletions
diff --git a/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch b/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch
index 3ceef6f0ff..5f23994b5c 100644
--- a/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch
+++ b/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch
@@ -1,10 +1,10 @@
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
-@@ -102,7 +102,6 @@ const char title_string[] =
- " [MH]"
+@@ -107,7 +107,6 @@ const char title_string[] =
+ #ifdef HAVE_AEAD_CIPHER_MODES
+ " [AEAD]"
#endif
- " [IPv6]"
-- " built on " __DATE__
+- " built on " __DATE__
;
#ifndef ENABLE_SMALL
diff --git a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
new file mode 100644
index 0000000000..3b8248dd60
--- /dev/null
+++ b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
@@ -0,0 +1,11 @@
+--- a/src/openvpn/ssl_mbedtls.c
++++ b/src/openvpn/ssl_mbedtls.c
+@@ -1333,7 +1333,7 @@ const char *
+ get_ssl_library_version(void)
+ {
+ static char mbedtls_version[30];
+- unsigned int pv = mbedtls_version_get_number();
++ unsigned int pv = MBEDTLS_VERSION_NUMBER;
+ sprintf( mbedtls_version, "mbed TLS %d.%d.%d",
+ (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
+ return mbedtls_version;
diff --git a/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch
deleted file mode 100644
index c7955c2460..0000000000
--- a/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/src/openvpn/ssl_polarssl.c
-+++ b/src/openvpn/ssl_polarssl.c
-@@ -1156,7 +1156,7 @@ const char *
- get_ssl_library_version(void)
- {
- static char polar_version[30];
-- unsigned int pv = version_get_number();
-+ unsigned int pv = POLARSSL_VERSION_NUMBER;
- sprintf( polar_version, "PolarSSL %d.%d.%d",
- (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
- return polar_version;
diff --git a/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch b/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch
deleted file mode 100644
index 2155a4c79b..0000000000
--- a/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-openvpn: fix build without POLARSSL_DEBUG_C
-
-Backport of upstream master commit
-b63f98633dbe2ca92cd43fc6f8597ab283a600bf.
-
-Signed-off-by: Magnus Kroken <mkroken@gmail.com>
-
-From b63f98633dbe2ca92cd43fc6f8597ab283a600bf Mon Sep 17 00:00:00 2001
-From: Steffan Karger <steffan@karger.me>
-Date: Tue, 14 Jun 2016 22:00:03 +0200
-Subject: [PATCH] mbedtls: don't set debug threshold if compiled without
- MBEDTLS_DEBUG_C
-
-For targets with space constraints, one might want to compile mbed TLS
-without MBEDTLS_DEBUG_C defined, to save some tens of kilobytes. Make
-sure OpenVPN still compiles if that is the case.
-
-Signed-off-by: Steffan Karger <steffan@karger.me>
-Acked-by: Gert Doering <gert@greenie.muc.de>
-Message-Id: <1465934403-22226-1-git-send-email-steffan@karger.me>
-URL: http://article.gmane.org/gmane.network.openvpn.devel/11922
-Signed-off-by: Gert Doering <gert@greenie.muc.de>
---- a/src/openvpn/ssl_polarssl.c
-+++ b/src/openvpn/ssl_polarssl.c
-@@ -747,7 +747,9 @@ void key_state_ssl_init(struct key_state
- if (polar_ok(ssl_init(ks_ssl->ctx)))
- {
- /* Initialise SSL context */
-+ #ifdef POLARSSL_DEBUG_C
- debug_set_threshold(3);
-+ #endif
- ssl_set_dbg (ks_ssl->ctx, my_debug, NULL);
- ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint);
diff --git a/package/network/services/openvpn/patches/200-small_build_enable_occ.patch b/package/network/services/openvpn/patches/200-small_build_enable_occ.patch
index eef4da2d26..96276d4723 100644
--- a/package/network/services/openvpn/patches/200-small_build_enable_occ.patch
+++ b/package/network/services/openvpn/patches/200-small_build_enable_occ.patch
@@ -1,6 +1,6 @@
--- a/src/openvpn/syshead.h
+++ b/src/openvpn/syshead.h
-@@ -602,9 +602,7 @@ socket_defined (const socket_descriptor_
+@@ -589,9 +589,7 @@ socket_defined (const socket_descriptor_
/*
* Should we include OCC (options consistency check) code?
*/
diff --git a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
new file mode 100644
index 0000000000..67191076d5
--- /dev/null
+++ b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
@@ -0,0 +1,41 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -1014,37 +1014,14 @@ dnl
+ AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
+ AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
+ if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
+- AC_CHECKING([for LZ4 Library and Header files])
+- havelz4lib=1
+
+- # if LZ4_LIBS is set, we assume it will work, otherwise test
+- if test -z "${LZ4_LIBS}"; then
+- AC_CHECK_LIB(lz4, LZ4_compress,
+- [ LZ4_LIBS="-llz4" ],
+- [
+- AC_MSG_RESULT([LZ4 library not found.])
+- havelz4lib=0
+- ])
+- fi
++ AC_MSG_RESULT([Using LZ4 library in src/compat/compat-lz4.*])
++ AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
++ LZ4_LIBS=""
+
+- saved_CFLAGS="${CFLAGS}"
+- CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
+- AC_CHECK_HEADERS(lz4.h,
+- ,
+- [
+- AC_MSG_RESULT([LZ4 headers not found.])
+- havelz4lib=0
+- ])
+-
+- if test $havelz4lib = 0 ; then
+- AC_MSG_RESULT([LZ4 library or header not found, using version in src/compat/compat-lz4.*])
+- AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
+- LZ4_LIBS=""
+- fi
+ OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
+ OPTIONAL_LZ4_LIBS="${LZ4_LIBS}"
+ AC_DEFINE(ENABLE_LZ4, 1, [Enable LZ4 compression library])
+- CFLAGS="${saved_CFLAGS}"
+ fi