Update OpenVPN from upstream

diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile
index 7507e2029bb502c8e471be554c733eae1006fd1e..ea3ac3d83dadccdbe4588c78658f427dc47630c9 100644 (file)
--- a/package/network/services/openvpn/Makefile
+++ b/package/network/services/openvpn/Makefile
@@ -9,14 +9,17 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openvpn
 
-PKG_VERSION:=2.4.0
-PKG_RELEASE:=3
+PKG_VERSION:=2.4.2
+PKG_RELEASE:=1
 
-PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
+PKG_SOURCE_URL:=\
+       https://build.openvpn.net/downloads/releases/ \
+       https://swupdate.openvpn.net/community/releases/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=6f23ba49a1dbeb658f49c7ae17d9ea979de6d92c7357de3d55cd4525e1b2f87e
+PKG_HASH:=df5c4f384b7df6b08a2f6fa8a84b9fd382baf59c2cef1836f82e2a7f62f1bff9
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
+PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
 
 PKG_INSTALL:=1
 PKG_FIXUP:=autoreconf
@@ -39,7 +42,6 @@ ifeq ($(1),nossl)
 else
   PROVIDES:=openvpn openvpn-crypto
 endif
-  MAINTAINER:=Mirko Vogt <mirko@openwrt.org>
 endef
 
 Package/openvpn-openssl=$(call Package/openvpn/Default,openssl,OpenSSL,+PACKAGE_openvpn-openssl:libopenssl)
@@ -106,6 +108,7 @@ endef
 define Package/openvpn-$(BUILD_VARIANT)/install
        $(INSTALL_DIR) \
                $(1)/usr/sbin \
+               $(1)/usr/share/openvpn \
                $(1)/etc/init.d \
                $(1)/etc/config \
                $(1)/etc/openvpn \
@@ -118,6 +121,9 @@ define Package/openvpn-$(BUILD_VARIANT)/install
        $(INSTALL_BIN) \
                files/openvpn.init \
                $(1)/etc/init.d/openvpn
+       $(INSTALL_DATA) \
+               files/openvpn.options \
+               $(1)/usr/share/openvpn/openvpn.options
 
        $(INSTALL_CONF) files/openvpn.config \
                $(1)/etc/config/openvpn

diff --git a/package/network/services/openvpn/files/openvpn.init b/package/network/services/openvpn/files/openvpn.init
index d1f37d5c0f5e74333ed153e3f00d54430c02a43f..98c1710f03f4bd4e0a70806fa13af140096ca57e 100644 (file)
--- a/package/network/services/openvpn/files/openvpn.init
+++ b/package/network/services/openvpn/files/openvpn.init
@@ -68,6 +68,9 @@ openvpn_add_instance() {
                --config "$conf"
        procd_set_param file "$dir/$conf"
        procd_set_param respawn
+       procd_append_param respawn 3600
+       procd_append_param respawn 5
+       procd_append_param respawn -1
        procd_close_instance
 }
 
@@ -93,40 +96,14 @@ start_instance() {
        [ ! -d "/var/etc" ] && mkdir -p "/var/etc"
        [ -f "/var/etc/openvpn-$s.conf" ] && rm "/var/etc/openvpn-$s.conf"
 
-       # append flags
-       append_bools "$s" \
-               allow_recursive_routing auth_nocache auth_user_pass_optional bind ccd_exclusive client client_cert_not_required \
-               client_to_client comp_noadapt disable disable_occ down_pre duplicate_cn fast_io float http_proxy_retry \
-               ifconfig_noexec ifconfig_nowarn ifconfig_pool_linear management_forget_disconnect management_hold \
-               management_query_passwords management_signal mktun mlock mtu_test multihome mute_replay_warnings \
-               ncp_disable nobind no_iv no_name_remapping no_replay opt_verify passtos persist_key persist_local_ip \
-               persist_remote_ip persist_tun ping_timer_rem pull push_reset remote_random rmtun route_noexec route_nopull \
-               single_session socks_proxy_retry suppress_timestamps tcp_nodelay test_crypto tls_client tls_exit tls_server \
-               tun_ipv6 up_delay up_restart username_as_common_name
-
-       # append params
-       append_params "$s" \
-               cd askpass auth auth_retry auth_user_pass auth_user_pass_verify bcast_buffers ca cert capath \
-               chroot cipher client_config_dir client_connect client_disconnect comp_lzo compress connect_freq \
-               connect_retry connect_timeout connect_retry_max crl_verify dev dev_node dev_type dh \
-               ecdh_curve echo engine explicit_exit_notify fragment group hand_window hash_size http_proxy \
-               http_proxy_option http_proxy_timeout ifconfig ifconfig_pool ifconfig_pool_persist ifconfig_push \
-               inactive ipchange iroute keepalive key key_direction key_method keysize learn_address link_mtu lladdr \
-               local log log_append lport management management_log_cache max_clients max_routes_per_client mode \
-               mssfix mtu_disc mute ncp_ciphers nice ns_cert_type ping ping_exit ping_restart pkcs12 plugin \
-               port port_share prng proto pull_filter rcvbuf redirect_gateway remap_usr1 remote remote_cert_eku \
-               remote_cert_ku remote_cert_tls reneg_bytes reneg_pkts reneg_sec replay_persist replay_window \
-               resolv_retry route route_delay route_gateway route_metric route_pre_down route_up rport \
-               script_security secret server server_bridge setenv shaper sndbuf socks_proxy status status_version \
-               syslog tcp_queue_limit tls_auth tls_crypt tls_version_min tls_cipher tls_timeout \
-               tls_verify tmp_dir topology tran_window tun_mtu tun_mtu_extra txqueuelen user verb \
-               down push up verify_x509_name x509_username_field ifconfig_ipv6 route_ipv6 server_ipv6 \
-               ifconfig_ipv6_pool ifconfig_ipv6_push iroute_ipv6
+       append_bools "$s" $OPENVPN_BOOLS
+       append_params "$s" $OPENVPN_PARAMS
 
        openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf"
 }
 
 start_service() {
+       . /usr/share/openvpn/openvpn.options
        config_load 'openvpn'
        config_foreach start_instance 'openvpn'
 

diff --git a/package/network/services/openvpn/files/openvpn.options b/package/network/services/openvpn/files/openvpn.options
new file mode 100644 (file)
index 0000000..022f530
--- /dev/null
+++ b/package/network/services/openvpn/files/openvpn.options
@@ -0,0 +1,197 @@
+OPENVPN_PARAMS='
+askpass
+auth
+auth_retry
+auth_user_pass
+auth_user_pass_verify
+bcast_buffers
+ca
+capath
+cd
+cert
+chroot
+cipher
+client_config_dir
+client_connect
+client_disconnect
+comp_lzo
+compress
+connect_freq
+connect_retry
+connect_retry_max
+connect_timeout
+crl_verify
+dev
+dev_node
+dev_type
+dh
+down
+ecdh_curve
+echo
+engine
+explicit_exit_notify
+fragment
+group
+hand_window
+hash_size
+http_proxy
+http_proxy_option
+http_proxy_timeout
+ifconfig
+ifconfig_ipv6
+ifconfig_ipv6_pool
+ifconfig_ipv6_push
+ifconfig_pool
+ifconfig_pool_persist
+ifconfig_push
+inactive
+ipchange
+iroute
+iroute_ipv6
+keepalive
+key
+key_direction
+key_method
+keysize
+learn_address
+link_mtu
+lladdr
+local
+log
+log_append
+lport
+management
+management_log_cache
+max_clients
+max_routes_per_client
+mode
+mssfix
+mtu_disc
+mute
+ncp_ciphers
+nice
+ns_cert_type
+ping
+ping_exit
+ping_restart
+pkcs12
+plugin
+port
+port_share
+prng
+proto
+pull_filter
+push
+rcvbuf
+redirect_gateway
+remap_usr1
+remote
+remote_cert_eku
+remote_cert_ku
+remote_cert_tls
+reneg_bytes
+reneg_pkts
+reneg_sec
+replay_persist
+replay_window
+resolv_retry
+route
+route_delay
+route_gateway
+route_ipv6
+route_metric
+route_pre_down
+route_up
+rport
+script_security
+secret
+server
+server_bridge
+server_ipv6
+setenv
+shaper
+sndbuf
+socks_proxy
+status
+status_version
+syslog
+tcp_queue_limit
+tls_auth
+tls_cipher
+tls_crypt
+tls_timeout
+tls_verify
+tls_version_min
+tmp_dir
+topology
+tran_window
+tun_mtu
+tun_mtu_extra
+txqueuelen
+up
+user
+verb
+verify_x509_name
+x509_username_field
+'
+
+OPENVPN_BOOLS='
+allow_recursive_routing
+auth_nocache
+auth_user_pass_optional
+bind
+ccd_exclusive
+client
+client_cert_not_required
+client_to_client
+comp_noadapt
+disable
+disable_occ
+down_pre
+duplicate_cn
+fast_io
+float
+http_proxy_retry
+ifconfig_noexec
+ifconfig_nowarn
+ifconfig_pool_linear
+management_forget_disconnect
+management_hold
+management_query_passwords
+management_signal
+mktun
+mlock
+mtu_test
+multihome
+mute_replay_warnings
+ncp_disable
+nobind
+no_iv
+no_name_remapping
+no_replay
+opt_verify
+passtos
+persist_key
+persist_local_ip
+persist_remote_ip
+persist_tun
+ping_timer_rem
+pull
+push_reset
+remote_random
+rmtun
+route_noexec
+route_nopull
+single_session
+socks_proxy_retry
+suppress_timestamps
+tcp_nodelay
+test_crypto
+tls_client
+tls_exit
+tls_server
+tun_ipv6
+up_delay
+up_restart
+username_as_common_name
+'

diff --git a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
index 3b8248dd60c145c1f3d56a2cae4a1f0500b78e57..75e306234f0d354ab9d0fe8c41763574fe55268b 100644 (file)
--- a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
+++ b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
@@ -1,6 +1,6 @@
 --- a/src/openvpn/ssl_mbedtls.c
 +++ b/src/openvpn/ssl_mbedtls.c
-@@ -1333,7 +1333,7 @@ const char *
+@@ -1337,7 +1337,7 @@ const char *
  get_ssl_library_version(void)
  {
      static char mbedtls_version[30];

diff --git a/package/network/services/openvpn/patches/200-small_build_enable_occ.patch b/package/network/services/openvpn/patches/200-small_build_enable_occ.patch
deleted file mode 100644 (file)
index 96276d4..0000000
--- a/package/network/services/openvpn/patches/200-small_build_enable_occ.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/src/openvpn/syshead.h
-+++ b/src/openvpn/syshead.h
-@@ -589,9 +589,7 @@ socket_defined (const socket_descriptor_
- /*
-  * Should we include OCC (options consistency check) code?
-  */
--#ifndef ENABLE_SMALL
- #define ENABLE_OCC
--#endif
- 
- /*
-  * Should we include NTLM proxy functionality

diff --git a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
index 67191076d54807791029f828c648a019892032da..45a0207565f250eea857f9fde19cd5794b2d5b36 100644 (file)
--- a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
+++ b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
@@ -1,12 +1,12 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1014,37 +1014,14 @@ dnl
+@@ -1058,37 +1058,14 @@ dnl
  AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
  AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
  if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
 -    AC_CHECKING([for LZ4 Library and Header files])
 -    havelz4lib=1
-
+ 
 -    # if LZ4_LIBS is set, we assume it will work, otherwise test
 -    if test -z "${LZ4_LIBS}"; then
 -      AC_CHECK_LIB(lz4, LZ4_compress,
@@ -19,7 +19,7 @@
 +    AC_MSG_RESULT([Using LZ4 library in src/compat/compat-lz4.*])
 +    AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
 +    LZ4_LIBS=""
-
+ 
 -    saved_CFLAGS="${CFLAGS}"
 -    CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
 -    AC_CHECK_HEADERS(lz4.h,
@@ -39,3 +39,5 @@
      AC_DEFINE(ENABLE_LZ4, 1, [Enable LZ4 compression library])
 -    CFLAGS="${saved_CFLAGS}"
  fi
+ 
+