diff options
-rw-r--r-- | package/openvpn/Makefile | 20 | ||||
-rw-r--r-- | package/openvpn/patches/patch-src_openvpn_ssl_openssl_c | 29 | ||||
-rw-r--r-- | package/openvpn/patches/patch-tests_t_client_sh | 63 |
3 files changed, 95 insertions, 17 deletions
diff --git a/package/openvpn/Makefile b/package/openvpn/Makefile index c5c6d9849..0d2cb25a5 100644 --- a/package/openvpn/Makefile +++ b/package/openvpn/Makefile @@ -4,9 +4,9 @@ include $(ADK_TOPDIR)/rules.mk PKG_NAME:= openvpn -PKG_VERSION:= 2.4.3 +PKG_VERSION:= 2.4.7 PKG_RELEASE:= 1 -PKG_HASH:= 15e15fc97f189b52aee7c90ec8355aa77469c773125110b4c2f089abecde36fb +PKG_HASH:= a42f53570f669eaf10af68e98d65b531015ff9e12be7a62d9269ea684652f648 PKG_DESCR:= vpn solution using ssl/tls PKG_DEPENDS:= libressl PKG_BUILDDEP:= libressl @@ -15,7 +15,7 @@ PKG_SECTION:= net/security PKG_URL:= http://openvpn.net/ PKG_SITES:= http://swupdate.openvpn.org/community/releases/ -PKG_FLAVOURS_OPENVPN:= WITH_LZO WITH_LZ4 WITH_MANAGEMENT WITH_HTTPPROXY WITH_SOCKS WITH_SMALL +PKG_FLAVOURS_OPENVPN:= WITH_LZO WITH_LZ4 WITH_MANAGEMENT WITH_SMALL PKGFD_WITH_LZO:= enable lzo compression support PKGFS_WITH_LZO:= liblzo PKGFB_WITH_LZO:= liblzo @@ -23,8 +23,6 @@ PKGFD_WITH_LZ4:= enable lz4 compression support PKGFS_WITH_LZ4:= liblz4 PKGFB_WITH_LZ4:= lz4 PKGFD_WITH_MANAGEMENT:= enable management server support -PKGFD_WITH_HTTPPROXY:= enable http proxy support -PKGFD_WITH_SOCKS:= enable socks proxy support PKGFD_WITH_SMALL:= enable extra small binary include $(ADK_TOPDIR)/mk/package.mk @@ -51,18 +49,6 @@ else CONFIGURE_ARGS+= --disable-management endif -ifneq ($(ADK_PACKAGE_OPENVPN_WITH_HTTPPROXY),) -CONFIGURE_ARGS+= --enable-http-proxy -else -CONFIGURE_ARGS+= --disable-http-proxy -endif - -ifneq ($(ADK_PACKAGE_OPENVPN_WITH_SOCKS),) -CONFIGURE_ARGS+= --enable-socks -else -CONFIGURE_ARGS+= --disable-socks -endif - ifneq ($(ADK_PACKAGE_OPENVPN_WITH_SMALL),) CONFIGURE_ARGS+= --enable-small endif diff --git a/package/openvpn/patches/patch-src_openvpn_ssl_openssl_c b/package/openvpn/patches/patch-src_openvpn_ssl_openssl_c new file mode 100644 index 000000000..efcbc2600 --- /dev/null +++ b/package/openvpn/patches/patch-src_openvpn_ssl_openssl_c @@ -0,0 +1,29 @@ +--- openvpn-2.4.7.orig/src/openvpn/ssl_openssl.c 2019-02-20 13:28:23.000000000 +0100 ++++ openvpn-2.4.7/src/openvpn/ssl_openssl.c 2019-10-07 21:44:52.473323073 +0200 +@@ -459,7 +459,7 @@ tls_ctx_restrict_ciphers_tls13(struct tl + return; + } + +-#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) ++#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) || defined(LIBRESSL_VERSION_NUMBER) + crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. " + "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.", + ciphers); +@@ -1846,7 +1846,7 @@ show_available_tls_ciphers_list(const ch + crypto_msg(M_FATAL, "Cannot create SSL_CTX object"); + } + +-#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL) ++#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)) + if (tls13) + { + SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION); +@@ -1867,7 +1867,7 @@ show_available_tls_ciphers_list(const ch + crypto_msg(M_FATAL, "Cannot create SSL object"); + } + +-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) ++#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER) + STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); + #else + STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl); diff --git a/package/openvpn/patches/patch-tests_t_client_sh b/package/openvpn/patches/patch-tests_t_client_sh new file mode 100644 index 000000000..55c7ef7d5 --- /dev/null +++ b/package/openvpn/patches/patch-tests_t_client_sh @@ -0,0 +1,63 @@ +--- openvpn-2.4.7.orig/tests/t_client.sh 2019-02-20 13:29:00.000000000 +0100 ++++ openvpn-2.4.7/tests/t_client.sh 2019-10-07 21:45:31.399817348 +0200 +@@ -1,4 +1,4 @@ +-#!/bin/sh ++#!/bin/bash + # + # run OpenVPN client against ``test reference'' server + # - check that ping, http, ... via tunnel works +@@ -133,12 +133,12 @@ fail() + get_ifconfig_route() + { + # linux / iproute2? (-> if configure got a path) +- if [ -n "/usr/sbin/ip" ] ++ if [ -n "/bin/ip" ] + then + echo "-- linux iproute2 --" +- /usr/sbin/ip addr show | grep -v valid_lft +- /usr/sbin/ip route show +- /usr/sbin/ip -o -6 route show | grep -v ' cache' | sed -E -e 's/ expires [0-9]*sec//' -e 's/ (mtu|hoplimit|cwnd|ssthresh) [0-9]+//g' -e 's/ (rtt|rttvar) [0-9]+ms//g' ++ /bin/ip addr show | grep -v valid_lft ++ /bin/ip route show ++ /bin/ip -o -6 route show | grep -v ' cache' | sed -E -e 's/ expires [0-9]*sec//' -e 's/ (mtu|hoplimit|cwnd|ssthresh) [0-9]+//g' -e 's/ (rtt|rttvar) [0-9]+ms//g' + return + fi + +@@ -146,32 +146,32 @@ get_ifconfig_route() + case `uname -s` in + Linux) + echo "-- linux / ifconfig --" +- LANG=C /usr/sbin/ifconfig -a |egrep "( addr:|encap:)" ++ LANG=C /sbin/ifconfig -a |egrep "( addr:|encap:)" + LANG=C netstat -rn -4 -6 + return + ;; + FreeBSD|NetBSD|Darwin) + echo "-- FreeBSD/NetBSD/Darwin [MacOS X] --" +- /usr/sbin/ifconfig -a | egrep "(flags=|inet)" ++ /sbin/ifconfig -a | egrep "(flags=|inet)" + netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' + return + ;; + OpenBSD) + echo "-- OpenBSD --" +- /usr/sbin/ifconfig -a | egrep "(flags=|inet)" | \ ++ /sbin/ifconfig -a | egrep "(flags=|inet)" | \ + sed -e 's/pltime [0-9]*//' -e 's/vltime [0-9]*//' + netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$NF }' + return + ;; + SunOS) + echo "-- Solaris --" +- /usr/sbin/ifconfig -a | egrep "(flags=|inet)" ++ /sbin/ifconfig -a | egrep "(flags=|inet)" + netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }' + return + ;; + AIX) + echo "-- AIX --" +- /usr/sbin/ifconfig -a | egrep "(flags=|inet)" ++ /sbin/ifconfig -a | egrep "(flags=|inet)" + netstat -rn | awk '$3 !~ /^UHL/ { print $1,$2,$3,$6 }' + return + ;; |