diff options
| author | Magnus Kroken <mkroken@gmail.com> | 2016-12-10 12:11:33 +0100 |
|---|---|---|
| committer | Felix Fietkau <nbd@nbd.name> | 2016-12-22 16:42:18 +0100 |
| commit | 13592c14541b6dbd9e572b68f30b38fe9788f23f (patch) | |
| tree | 990efdd8ced61f7024a837069fe9ec6731944c74 /package/network/services/openvpn/patches | |
| parent | f67867adb054e16a73c5f644e5bdf77e64eaddcf (diff) | |
| download | upstream-13592c14541b6dbd9e572b68f30b38fe9788f23f.tar.gz upstream-13592c14541b6dbd9e572b68f30b38fe9788f23f.tar.bz2 upstream-13592c14541b6dbd9e572b68f30b38fe9788f23f.zip | |
openvpn: update to 2.4_rc2
OpenVPN 2.4 builds with mbedTLS 2.x, rename openvpn-polarssl
variant to openvpn-mbedtls.
Some feature highlights:
* Data channel cipher negotiation
* AEAD cipher support for data channel encryption (currently only
* AES-GCM)
* ECDH key exchange for control channel
* LZ4 compression support
See https://github.com/OpenVPN/openvpn/blob/master/Changes.rst
for additional change notes.
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Diffstat (limited to 'package/network/services/openvpn/patches')
6 files changed, 57 insertions, 49 deletions
diff --git a/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch b/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch index 3ceef6f0ff..5f23994b5c 100644 --- a/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch +++ b/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch @@ -1,10 +1,10 @@ --- a/src/openvpn/options.c +++ b/src/openvpn/options.c -@@ -102,7 +102,6 @@ const char title_string[] = - " [MH]" +@@ -107,7 +107,6 @@ const char title_string[] = + #ifdef HAVE_AEAD_CIPHER_MODES + " [AEAD]" #endif - " [IPv6]" -- " built on " __DATE__ +- " built on " __DATE__ ; #ifndef ENABLE_SMALL diff --git a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch new file mode 100644 index 0000000000..3b8248dd60 --- /dev/null +++ b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch @@ -0,0 +1,11 @@ +--- a/src/openvpn/ssl_mbedtls.c ++++ b/src/openvpn/ssl_mbedtls.c +@@ -1333,7 +1333,7 @@ const char * + get_ssl_library_version(void) + { + static char mbedtls_version[30]; +- unsigned int pv = mbedtls_version_get_number(); ++ unsigned int pv = MBEDTLS_VERSION_NUMBER; + sprintf( mbedtls_version, "mbed TLS %d.%d.%d", + (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff ); + return mbedtls_version; diff --git a/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch deleted file mode 100644 index c7955c2460..0000000000 --- a/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/openvpn/ssl_polarssl.c -+++ b/src/openvpn/ssl_polarssl.c -@@ -1156,7 +1156,7 @@ const char * - get_ssl_library_version(void) - { - static char polar_version[30]; -- unsigned int pv = version_get_number(); -+ unsigned int pv = POLARSSL_VERSION_NUMBER; - sprintf( polar_version, "PolarSSL %d.%d.%d", - (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff ); - return polar_version; diff --git a/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch b/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch deleted file mode 100644 index 2155a4c79b..0000000000 --- a/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch +++ /dev/null @@ -1,33 +0,0 @@ -openvpn: fix build without POLARSSL_DEBUG_C - -Backport of upstream master commit -b63f98633dbe2ca92cd43fc6f8597ab283a600bf. - -Signed-off-by: Magnus Kroken <mkroken@gmail.com> - -From b63f98633dbe2ca92cd43fc6f8597ab283a600bf Mon Sep 17 00:00:00 2001 -From: Steffan Karger <steffan@karger.me> -Date: Tue, 14 Jun 2016 22:00:03 +0200 -Subject: [PATCH] mbedtls: don't set debug threshold if compiled without - MBEDTLS_DEBUG_C - -For targets with space constraints, one might want to compile mbed TLS -without MBEDTLS_DEBUG_C defined, to save some tens of kilobytes. Make -sure OpenVPN still compiles if that is the case. - -Signed-off-by: Steffan Karger <steffan@karger.me> -Acked-by: Gert Doering <gert@greenie.muc.de> -Message-Id: <1465934403-22226-1-git-send-email-steffan@karger.me> -URL: http://article.gmane.org/gmane.network.openvpn.devel/11922 -Signed-off-by: Gert Doering <gert@greenie.muc.de> ---- a/src/openvpn/ssl_polarssl.c -+++ b/src/openvpn/ssl_polarssl.c -@@ -747,7 +747,9 @@ void key_state_ssl_init(struct key_state - if (polar_ok(ssl_init(ks_ssl->ctx))) - { - /* Initialise SSL context */ -+ #ifdef POLARSSL_DEBUG_C - debug_set_threshold(3); -+ #endif - ssl_set_dbg (ks_ssl->ctx, my_debug, NULL); - ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint); diff --git a/package/network/services/openvpn/patches/200-small_build_enable_occ.patch b/package/network/services/openvpn/patches/200-small_build_enable_occ.patch index eef4da2d26..96276d4723 100644 --- a/package/network/services/openvpn/patches/200-small_build_enable_occ.patch +++ b/package/network/services/openvpn/patches/200-small_build_enable_occ.patch @@ -1,6 +1,6 @@ --- a/src/openvpn/syshead.h +++ b/src/openvpn/syshead.h -@@ -602,9 +602,7 @@ socket_defined (const socket_descriptor_ +@@ -589,9 +589,7 @@ socket_defined (const socket_descriptor_ /* * Should we include OCC (options consistency check) code? */ diff --git a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch new file mode 100644 index 0000000000..67191076d5 --- /dev/null +++ b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch @@ -0,0 +1,41 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -1014,37 +1014,14 @@ dnl + AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4]) + AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4]) + if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then +- AC_CHECKING([for LZ4 Library and Header files]) +- havelz4lib=1 + +- # if LZ4_LIBS is set, we assume it will work, otherwise test +- if test -z "${LZ4_LIBS}"; then +- AC_CHECK_LIB(lz4, LZ4_compress, +- [ LZ4_LIBS="-llz4" ], +- [ +- AC_MSG_RESULT([LZ4 library not found.]) +- havelz4lib=0 +- ]) +- fi ++ AC_MSG_RESULT([Using LZ4 library in src/compat/compat-lz4.*]) ++ AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/]) ++ LZ4_LIBS="" + +- saved_CFLAGS="${CFLAGS}" +- CFLAGS="${CFLAGS} ${LZ4_CFLAGS}" +- AC_CHECK_HEADERS(lz4.h, +- , +- [ +- AC_MSG_RESULT([LZ4 headers not found.]) +- havelz4lib=0 +- ]) +- +- if test $havelz4lib = 0 ; then +- AC_MSG_RESULT([LZ4 library or header not found, using version in src/compat/compat-lz4.*]) +- AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/]) +- LZ4_LIBS="" +- fi + OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}" + OPTIONAL_LZ4_LIBS="${LZ4_LIBS}" + AC_DEFINE(ENABLE_LZ4, 1, [Enable LZ4 compression library]) +- CFLAGS="${saved_CFLAGS}" + fi |