openvpn: update to 2.3.12
authorMagnus Kroken <mkroken@gmail.com>
Tue, 23 Aug 2016 22:14:46 +0000 (00:14 +0200)
committerJo-Philipp Wich <jo@mein.io>
Tue, 23 Aug 2016 22:33:08 +0000 (00:33 +0200)
300-upstream-fix-polarssl-mbedtls-builds.patch has been applied upstream.
Replaced 101-remove_polarssl_debug_call.patch with upstream backport.

Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
package/network/services/openvpn/Makefile
package/network/services/openvpn/patches/100-polarssl-disable-runtime-version-check.patch
package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch [new file with mode: 0644]
package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch [deleted file]
package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch [deleted file]

index 54a540f4f672cf389a529206dac11a618512bff2..c88fcbd8ebe4e3c80702cbc96e3547286caf194d 100644 (file)
@@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openvpn
 
-PKG_VERSION:=2.3.11
-PKG_RELEASE:=2
+PKG_VERSION:=2.3.12
+PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_MD5SUM:=0f5f1ca1dc5743fa166d93dd4ec952f014b5f33bafd88f0ea34b455cae1434a7
+PKG_MD5SUM:=e3d6cdf2fb58b7569bd628ddb3d76352aa7e85b9
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 
index bd8e5b780da31cd68a849bebc0739f080494b7d0..c7955c2460dd4ae4fb1533653fb8161c9b0e9103 100644 (file)
@@ -1,6 +1,6 @@
 --- a/src/openvpn/ssl_polarssl.c
 +++ b/src/openvpn/ssl_polarssl.c
-@@ -1151,7 +1151,7 @@ const char *
+@@ -1156,7 +1156,7 @@ const char *
  get_ssl_library_version(void)
  {
      static char polar_version[30];
diff --git a/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch b/package/network/services/openvpn/patches/101-backport_upstream_polarssl_debug_call.patch
new file mode 100644 (file)
index 0000000..2155a4c
--- /dev/null
@@ -0,0 +1,33 @@
+openvpn: fix build without POLARSSL_DEBUG_C
+
+Backport of upstream master commit
+b63f98633dbe2ca92cd43fc6f8597ab283a600bf.
+
+Signed-off-by: Magnus Kroken <mkroken@gmail.com>
+
+From b63f98633dbe2ca92cd43fc6f8597ab283a600bf Mon Sep 17 00:00:00 2001
+From: Steffan Karger <steffan@karger.me>
+Date: Tue, 14 Jun 2016 22:00:03 +0200
+Subject: [PATCH] mbedtls: don't set debug threshold if compiled without
+ MBEDTLS_DEBUG_C
+
+For targets with space constraints, one might want to compile mbed TLS
+without MBEDTLS_DEBUG_C defined, to save some tens of kilobytes.  Make
+sure OpenVPN still compiles if that is the case.
+
+Signed-off-by: Steffan Karger <steffan@karger.me>
+Acked-by: Gert Doering <gert@greenie.muc.de>
+Message-Id: <1465934403-22226-1-git-send-email-steffan@karger.me>
+URL: http://article.gmane.org/gmane.network.openvpn.devel/11922
+Signed-off-by: Gert Doering <gert@greenie.muc.de>
+--- a/src/openvpn/ssl_polarssl.c
++++ b/src/openvpn/ssl_polarssl.c
+@@ -747,7 +747,9 @@ void key_state_ssl_init(struct key_state
+   if (polar_ok(ssl_init(ks_ssl->ctx)))
+     {
+       /* Initialise SSL context */
++      #ifdef POLARSSL_DEBUG_C
+       debug_set_threshold(3);
++      #endif
+       ssl_set_dbg (ks_ssl->ctx, my_debug, NULL);
+       ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint);
diff --git a/package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch b/package/network/services/openvpn/patches/101-remove_polarssl_debug_call.patch
deleted file mode 100644 (file)
index 3cef323..0000000
+++ /dev/null
@@ -1,21 +0,0 @@
-openvpn: remove call to PolarSSL debug function
-
-OpenVPN >=2.3.11 uses PolarSSL debug functions for improved logging.
-This requires that PolarSSL is built with POLARSSL_DEBUG_C, which increases
-its size significantly.
-
-This change does not impact OpenVPN operation, see:
-https://sourceforge.net/p/openvpn/mailman/message/35153943/
-
-Signed-off-by: Magnus Kroken <mkroken@gmail.com>
-
---- a/src/openvpn/ssl_polarssl.c
-+++ b/src/openvpn/ssl_polarssl.c
-@@ -742,7 +742,7 @@ void key_state_ssl_init(struct key_state
-   if (polar_ok(ssl_init(ks_ssl->ctx)))
-     {
-       /* Initialise SSL context */
--      debug_set_threshold(3);
-+      /*debug_set_threshold(3);*/
-       ssl_set_dbg (ks_ssl->ctx, my_debug, NULL);
-       ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint);
diff --git a/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch b/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch
deleted file mode 100644 (file)
index 0a5c49c..0000000
+++ /dev/null
@@ -1,42 +0,0 @@
-From 629baad8f89af261445a2ace03694601f8e476f9 Mon Sep 17 00:00:00 2001
-From: Steffan Karger <steffan@karger.me>
-Date: Fri, 13 May 2016 08:54:52 +0200
-Subject: [PATCH] Fix polarssl / mbedtls builds
-
-Commit 8a399cd3 hardened the OpenSSL default cipher list,
-but also introduced a change in shared code that causes
-polarssl / mbedtls builds to break when no --tls-cipher is
-specified.
-
-This fix is backported code from the master branch.
-
-Signed-off-by: Steffan Karger <steffan@karger.me>
-Acked-by: Gert Doering <gert@greenie.muc.de>
-Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me>
-URL: http://article.gmane.org/gmane.network.openvpn.devel/11647
-Signed-off-by: Gert Doering <gert@greenie.muc.de>
----
- src/openvpn/ssl_polarssl.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
-index 1f58369..9263698 100644
---- a/src/openvpn/ssl_polarssl.c
-+++ b/src/openvpn/ssl_polarssl.c
-@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
- {
-   char *tmp_ciphers, *tmp_ciphers_orig, *token;
-   int i, cipher_count;
--  int ciphers_len = strlen (ciphers);
-+  int ciphers_len;
-+
-+  if (NULL == ciphers)
-+    return; /* Nothing to do */
-+
-+  ciphers_len = strlen (ciphers);
-   ASSERT (NULL != ctx);
-   ASSERT (0 != ciphers_len);
--- 
-2.8.1
-