From 2653a12c4d5d9c0f600a9d06667aaa3bc55c8756 Mon Sep 17 00:00:00 2001 From: Magnus Kroken Date: Wed, 24 Aug 2016 00:14:46 +0200 Subject: [PATCH] openvpn: update to 2.3.12 300-upstream-fix-polarssl-mbedtls-builds.patch has been applied upstream. Replaced 101-remove_polarssl_debug_call.patch with upstream backport. Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12 Signed-off-by: Magnus Kroken --- package/network/services/openvpn/Makefile | 6 +-- ...larssl-disable-runtime-version-check.patch | 2 +- ...ackport_upstream_polarssl_debug_call.patch | 33 +++++++++++++++ .../101-remove_polarssl_debug_call.patch | 21 ---------- ...upstream-fix-polarssl-mbedtls-builds.patch | 42 ------------------- 5 files changed, 37 insertions(+), 67 deletions(-) create mode 100644 package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch delete mode 100644 package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch delete mode 100644 package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile index 54a540f4f6..c88fcbd8eb 100644 --- a/package/network/services/openvpn/Makefile +++ b/package/network/services/openvpn/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn -PKG_VERSION:=2.3.11 -PKG_RELEASE:=2 +PKG_VERSION:=2.3.12 +PKG_RELEASE:=1 PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_MD5SUM:=0f5f1ca1dc5743fa166d93dd4ec952f014b5f33bafd88f0ea34b455cae1434a7 +PKG_MD5SUM:=e3d6cdf2fb58b7569bd628ddb3d76352aa7e85b9 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) diff --git a/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch index bd8e5b780d..c7955c2460 100644 --- a/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch +++ b/package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch @@ -1,6 +1,6 @@ --- a/src/openvpn/ssl_polarssl.c +++ b/src/openvpn/ssl_polarssl.c -@@ -1151,7 +1151,7 @@ const char * +@@ -1156,7 +1156,7 @@ const char * get_ssl_library_version(void) { static char polar_version[30]; diff --git a/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch b/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch new file mode 100644 index 0000000000..2155a4c79b --- /dev/null +++ b/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch @@ -0,0 +1,33 @@ +openvpn: fix build without POLARSSL_DEBUG_C + +Backport of upstream master commit +b63f98633dbe2ca92cd43fc6f8597ab283a600bf. + +Signed-off-by: Magnus Kroken + +From b63f98633dbe2ca92cd43fc6f8597ab283a600bf Mon Sep 17 00:00:00 2001 +From: Steffan Karger +Date: Tue, 14 Jun 2016 22:00:03 +0200 +Subject: [PATCH] mbedtls: don't set debug threshold if compiled without + MBEDTLS_DEBUG_C + +For targets with space constraints, one might want to compile mbed TLS +without MBEDTLS_DEBUG_C defined, to save some tens of kilobytes. Make +sure OpenVPN still compiles if that is the case. + +Signed-off-by: Steffan Karger +Acked-by: Gert Doering +Message-Id: <1465934403-22226-1-git-send-email-steffan@karger.me> +URL: http://article.gmane.org/gmane.network.openvpn.devel/11922 +Signed-off-by: Gert Doering +--- a/src/openvpn/ssl_polarssl.c ++++ b/src/openvpn/ssl_polarssl.c +@@ -747,7 +747,9 @@ void key_state_ssl_init(struct key_state + if (polar_ok(ssl_init(ks_ssl->ctx))) + { + /* Initialise SSL context */ ++ #ifdef POLARSSL_DEBUG_C + debug_set_threshold(3); ++ #endif + ssl_set_dbg (ks_ssl->ctx, my_debug, NULL); + ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint); diff --git a/package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch b/package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch deleted file mode 100644 index 3cef32395e..0000000000 --- a/package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch +++ /dev/null @@ -1,21 +0,0 @@ -openvpn: remove call to PolarSSL debug function - -OpenVPN >=2.3.11 uses PolarSSL debug functions for improved logging. -This requires that PolarSSL is built with POLARSSL_DEBUG_C, which increases -its size significantly. - -This change does not impact OpenVPN operation, see: -https://sourceforge.net/p/openvpn/mailman/message/35153943/ - -Signed-off-by: Magnus Kroken - ---- a/src/openvpn/ssl_polarssl.c -+++ b/src/openvpn/ssl_polarssl.c -@@ -742,7 +742,7 @@ void key_state_ssl_init(struct key_state - if (polar_ok(ssl_init(ks_ssl->ctx))) - { - /* Initialise SSL context */ -- debug_set_threshold(3); -+ /*debug_set_threshold(3);*/ - ssl_set_dbg (ks_ssl->ctx, my_debug, NULL); - ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint); diff --git a/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch b/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch deleted file mode 100644 index 0a5c49c791..0000000000 --- a/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 629baad8f89af261445a2ace03694601f8e476f9 Mon Sep 17 00:00:00 2001 -From: Steffan Karger -Date: Fri, 13 May 2016 08:54:52 +0200 -Subject: [PATCH] Fix polarssl / mbedtls builds - -Commit 8a399cd3 hardened the OpenSSL default cipher list, -but also introduced a change in shared code that causes -polarssl / mbedtls builds to break when no --tls-cipher is -specified. - -This fix is backported code from the master branch. - -Signed-off-by: Steffan Karger -Acked-by: Gert Doering -Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me> -URL: http://article.gmane.org/gmane.network.openvpn.devel/11647 -Signed-off-by: Gert Doering ---- - src/openvpn/ssl_polarssl.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c -index 1f58369..9263698 100644 ---- a/src/openvpn/ssl_polarssl.c -+++ b/src/openvpn/ssl_polarssl.c -@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) - { - char *tmp_ciphers, *tmp_ciphers_orig, *token; - int i, cipher_count; -- int ciphers_len = strlen (ciphers); -+ int ciphers_len; -+ -+ if (NULL == ciphers) -+ return; /* Nothing to do */ -+ -+ ciphers_len = strlen (ciphers); - - ASSERT (NULL != ctx); - ASSERT (0 != ciphers_len); --- -2.8.1 - -- 2.25.1