summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWaldemar Brodkorb <wbx@openadk.org>2019-10-07 21:07:21 +0200
committerWaldemar Brodkorb <wbx@openadk.org>2019-10-08 05:45:59 +0200
commitb80c554aad23f0107b25709ce30bb6506b62d0ea (patch)
tree02548870891906c5c5df46cf7348f9244c481c9e
parentf92cfc9d1e244e1e5473c08d147769be9f30404f (diff)
openvpn: update to 2.4.7
-rw-r--r--package/openvpn/Makefile20
-rw-r--r--package/openvpn/patches/patch-src_openvpn_ssl_openssl_c29
-rw-r--r--package/openvpn/patches/patch-tests_t_client_sh63
3 files changed, 95 insertions, 17 deletions
diff --git a/package/openvpn/Makefile b/package/openvpn/Makefile
index c5c6d9849..0d2cb25a5 100644
--- a/package/openvpn/Makefile
+++ b/package/openvpn/Makefile
@@ -4,9 +4,9 @@
include $(ADK_TOPDIR)/rules.mk
PKG_NAME:= openvpn
-PKG_VERSION:= 2.4.3
+PKG_VERSION:= 2.4.7
PKG_RELEASE:= 1
-PKG_HASH:= 15e15fc97f189b52aee7c90ec8355aa77469c773125110b4c2f089abecde36fb
+PKG_HASH:= a42f53570f669eaf10af68e98d65b531015ff9e12be7a62d9269ea684652f648
PKG_DESCR:= vpn solution using ssl/tls
PKG_DEPENDS:= libressl
PKG_BUILDDEP:= libressl
@@ -15,7 +15,7 @@ PKG_SECTION:= net/security
PKG_URL:= http://openvpn.net/
PKG_SITES:= http://swupdate.openvpn.org/community/releases/
-PKG_FLAVOURS_OPENVPN:= WITH_LZO WITH_LZ4 WITH_MANAGEMENT WITH_HTTPPROXY WITH_SOCKS WITH_SMALL
+PKG_FLAVOURS_OPENVPN:= WITH_LZO WITH_LZ4 WITH_MANAGEMENT WITH_SMALL
PKGFD_WITH_LZO:= enable lzo compression support
PKGFS_WITH_LZO:= liblzo
PKGFB_WITH_LZO:= liblzo
@@ -23,8 +23,6 @@ PKGFD_WITH_LZ4:= enable lz4 compression support
PKGFS_WITH_LZ4:= liblz4
PKGFB_WITH_LZ4:= lz4
PKGFD_WITH_MANAGEMENT:= enable management server support
-PKGFD_WITH_HTTPPROXY:= enable http proxy support
-PKGFD_WITH_SOCKS:= enable socks proxy support
PKGFD_WITH_SMALL:= enable extra small binary
include $(ADK_TOPDIR)/mk/package.mk
@@ -51,18 +49,6 @@ else
CONFIGURE_ARGS+= --disable-management
endif
-ifneq ($(ADK_PACKAGE_OPENVPN_WITH_HTTPPROXY),)
-CONFIGURE_ARGS+= --enable-http-proxy
-else
-CONFIGURE_ARGS+= --disable-http-proxy
-endif
-
-ifneq ($(ADK_PACKAGE_OPENVPN_WITH_SOCKS),)
-CONFIGURE_ARGS+= --enable-socks
-else
-CONFIGURE_ARGS+= --disable-socks
-endif
-
ifneq ($(ADK_PACKAGE_OPENVPN_WITH_SMALL),)
CONFIGURE_ARGS+= --enable-small
endif
diff --git a/package/openvpn/patches/patch-src_openvpn_ssl_openssl_c b/package/openvpn/patches/patch-src_openvpn_ssl_openssl_c
new file mode 100644
index 000000000..efcbc2600
--- /dev/null
+++ b/package/openvpn/patches/patch-src_openvpn_ssl_openssl_c
@@ -0,0 +1,29 @@
+--- openvpn-2.4.7.orig/src/openvpn/ssl_openssl.c 2019-02-20 13:28:23.000000000 +0100
++++ openvpn-2.4.7/src/openvpn/ssl_openssl.c 2019-10-07 21:44:52.473323073 +0200
+@@ -459,7 +459,7 @@ tls_ctx_restrict_ciphers_tls13(struct tl
+ return;
+ }
+
+-#if (OPENSSL_VERSION_NUMBER < 0x1010100fL)
++#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) || defined(LIBRESSL_VERSION_NUMBER)
+ crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
+ "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
+ ciphers);
+@@ -1846,7 +1846,7 @@ show_available_tls_ciphers_list(const ch
+ crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
+ }
+
+-#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL)
++#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER))
+ if (tls13)
+ {
+ SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);
+@@ -1867,7 +1867,7 @@ show_available_tls_ciphers_list(const ch
+ crypto_msg(M_FATAL, "Cannot create SSL object");
+ }
+
+-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
++#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
+ STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
+ #else
+ STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
diff --git a/package/openvpn/patches/patch-tests_t_client_sh b/package/openvpn/patches/patch-tests_t_client_sh
new file mode 100644
index 000000000..55c7ef7d5
--- /dev/null
+++ b/package/openvpn/patches/patch-tests_t_client_sh
@@ -0,0 +1,63 @@
+--- openvpn-2.4.7.orig/tests/t_client.sh 2019-02-20 13:29:00.000000000 +0100
++++ openvpn-2.4.7/tests/t_client.sh 2019-10-07 21:45:31.399817348 +0200
+@@ -1,4 +1,4 @@
+-#!/bin/sh
++#!/bin/bash
+ #
+ # run OpenVPN client against ``test reference'' server
+ # - check that ping, http, ... via tunnel works
+@@ -133,12 +133,12 @@ fail()
+ get_ifconfig_route()
+ {
+ # linux / iproute2? (-> if configure got a path)
+- if [ -n "/usr/sbin/ip" ]
++ if [ -n "/bin/ip" ]
+ then
+ echo "-- linux iproute2 --"
+- /usr/sbin/ip addr show | grep -v valid_lft
+- /usr/sbin/ip route show
+- /usr/sbin/ip -o -6 route show | grep -v ' cache' | sed -E -e 's/ expires [0-9]*sec//' -e 's/ (mtu|hoplimit|cwnd|ssthresh) [0-9]+//g' -e 's/ (rtt|rttvar) [0-9]+ms//g'
++ /bin/ip addr show | grep -v valid_lft
++ /bin/ip route show
++ /bin/ip -o -6 route show | grep -v ' cache' | sed -E -e 's/ expires [0-9]*sec//' -e 's/ (mtu|hoplimit|cwnd|ssthresh) [0-9]+//g' -e 's/ (rtt|rttvar) [0-9]+ms//g'
+ return
+ fi
+
+@@ -146,32 +146,32 @@ get_ifconfig_route()
+ case `uname -s` in
+ Linux)
+ echo "-- linux / ifconfig --"
+- LANG=C /usr/sbin/ifconfig -a |egrep "( addr:|encap:)"
++ LANG=C /sbin/ifconfig -a |egrep "( addr:|encap:)"
+ LANG=C netstat -rn -4 -6
+ return
+ ;;
+ FreeBSD|NetBSD|Darwin)
+ echo "-- FreeBSD/NetBSD/Darwin [MacOS X] --"
+- /usr/sbin/ifconfig -a | egrep "(flags=|inet)"
++ /sbin/ifconfig -a | egrep "(flags=|inet)"
+ netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
+ return
+ ;;
+ OpenBSD)
+ echo "-- OpenBSD --"
+- /usr/sbin/ifconfig -a | egrep "(flags=|inet)" | \
++ /sbin/ifconfig -a | egrep "(flags=|inet)" | \
+ sed -e 's/pltime [0-9]*//' -e 's/vltime [0-9]*//'
+ netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }'
+ return
+ ;;
+ SunOS)
+ echo "-- Solaris --"
+- /usr/sbin/ifconfig -a | egrep "(flags=|inet)"
++ /sbin/ifconfig -a | egrep "(flags=|inet)"
+ netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }'
+ return
+ ;;
+ AIX)
+ echo "-- AIX --"
+- /usr/sbin/ifconfig -a | egrep "(flags=|inet)"
++ /sbin/ifconfig -a | egrep "(flags=|inet)"
+ netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }'
+ return
+ ;;