mirror of https://github.com/hak5/openwrt.git
openvpn: update to 2.3.12
300-upstream-fix-polarssl-mbedtls-builds.patch has been applied upstream. Replaced 101-remove_polarssl_debug_call.patch with upstream backport. Changelog: https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.12 Signed-off-by: Magnus Kroken <mkroken@gmail.com>
parent
df04723478
commit
2653a12c4d
|
@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=openvpn
|
||||
|
||||
PKG_VERSION:=2.3.11
|
||||
PKG_RELEASE:=2
|
||||
PKG_VERSION:=2.3.12
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
|
||||
PKG_MD5SUM:=0f5f1ca1dc5743fa166d93dd4ec952f014b5f33bafd88f0ea34b455cae1434a7
|
||||
PKG_MD5SUM:=e3d6cdf2fb58b7569bd628ddb3d76352aa7e85b9
|
||||
|
||||
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
--- a/src/openvpn/ssl_polarssl.c
|
||||
+++ b/src/openvpn/ssl_polarssl.c
|
||||
@@ -1151,7 +1151,7 @@ const char *
|
||||
@@ -1156,7 +1156,7 @@ const char *
|
||||
get_ssl_library_version(void)
|
||||
{
|
||||
static char polar_version[30];
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
openvpn: fix build without POLARSSL_DEBUG_C
|
||||
|
||||
Backport of upstream master commit
|
||||
b63f98633dbe2ca92cd43fc6f8597ab283a600bf.
|
||||
|
||||
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
||||
|
||||
From b63f98633dbe2ca92cd43fc6f8597ab283a600bf Mon Sep 17 00:00:00 2001
|
||||
From: Steffan Karger <steffan@karger.me>
|
||||
Date: Tue, 14 Jun 2016 22:00:03 +0200
|
||||
Subject: [PATCH] mbedtls: don't set debug threshold if compiled without
|
||||
MBEDTLS_DEBUG_C
|
||||
|
||||
For targets with space constraints, one might want to compile mbed TLS
|
||||
without MBEDTLS_DEBUG_C defined, to save some tens of kilobytes. Make
|
||||
sure OpenVPN still compiles if that is the case.
|
||||
|
||||
Signed-off-by: Steffan Karger <steffan@karger.me>
|
||||
Acked-by: Gert Doering <gert@greenie.muc.de>
|
||||
Message-Id: <1465934403-22226-1-git-send-email-steffan@karger.me>
|
||||
URL: http://article.gmane.org/gmane.network.openvpn.devel/11922
|
||||
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
||||
--- a/src/openvpn/ssl_polarssl.c
|
||||
+++ b/src/openvpn/ssl_polarssl.c
|
||||
@@ -747,7 +747,9 @@ void key_state_ssl_init(struct key_state
|
||||
if (polar_ok(ssl_init(ks_ssl->ctx)))
|
||||
{
|
||||
/* Initialise SSL context */
|
||||
+ #ifdef POLARSSL_DEBUG_C
|
||||
debug_set_threshold(3);
|
||||
+ #endif
|
||||
ssl_set_dbg (ks_ssl->ctx, my_debug, NULL);
|
||||
ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint);
|
|
@ -1,21 +0,0 @@
|
|||
openvpn: remove call to PolarSSL debug function
|
||||
|
||||
OpenVPN >=2.3.11 uses PolarSSL debug functions for improved logging.
|
||||
This requires that PolarSSL is built with POLARSSL_DEBUG_C, which increases
|
||||
its size significantly.
|
||||
|
||||
This change does not impact OpenVPN operation, see:
|
||||
https://sourceforge.net/p/openvpn/mailman/message/35153943/
|
||||
|
||||
Signed-off-by: Magnus Kroken <mkroken@gmail.com>
|
||||
|
||||
--- a/src/openvpn/ssl_polarssl.c
|
||||
+++ b/src/openvpn/ssl_polarssl.c
|
||||
@@ -742,7 +742,7 @@ void key_state_ssl_init(struct key_state
|
||||
if (polar_ok(ssl_init(ks_ssl->ctx)))
|
||||
{
|
||||
/* Initialise SSL context */
|
||||
- debug_set_threshold(3);
|
||||
+ /*debug_set_threshold(3);*/
|
||||
ssl_set_dbg (ks_ssl->ctx, my_debug, NULL);
|
||||
ssl_set_endpoint (ks_ssl->ctx, ssl_ctx->endpoint);
|
|
@ -1,42 +0,0 @@
|
|||
From 629baad8f89af261445a2ace03694601f8e476f9 Mon Sep 17 00:00:00 2001
|
||||
From: Steffan Karger <steffan@karger.me>
|
||||
Date: Fri, 13 May 2016 08:54:52 +0200
|
||||
Subject: [PATCH] Fix polarssl / mbedtls builds
|
||||
|
||||
Commit 8a399cd3 hardened the OpenSSL default cipher list,
|
||||
but also introduced a change in shared code that causes
|
||||
polarssl / mbedtls builds to break when no --tls-cipher is
|
||||
specified.
|
||||
|
||||
This fix is backported code from the master branch.
|
||||
|
||||
Signed-off-by: Steffan Karger <steffan@karger.me>
|
||||
Acked-by: Gert Doering <gert@greenie.muc.de>
|
||||
Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me>
|
||||
URL: http://article.gmane.org/gmane.network.openvpn.devel/11647
|
||||
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
||||
---
|
||||
src/openvpn/ssl_polarssl.c | 7 ++++++-
|
||||
1 file changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
|
||||
index 1f58369..9263698 100644
|
||||
--- a/src/openvpn/ssl_polarssl.c
|
||||
+++ b/src/openvpn/ssl_polarssl.c
|
||||
@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
|
||||
{
|
||||
char *tmp_ciphers, *tmp_ciphers_orig, *token;
|
||||
int i, cipher_count;
|
||||
- int ciphers_len = strlen (ciphers);
|
||||
+ int ciphers_len;
|
||||
+
|
||||
+ if (NULL == ciphers)
|
||||
+ return; /* Nothing to do */
|
||||
+
|
||||
+ ciphers_len = strlen (ciphers);
|
||||
|
||||
ASSERT (NULL != ctx);
|
||||
ASSERT (0 != ciphers_len);
|
||||
--
|
||||
2.8.1
|
||||
|
Loading…
Reference in New Issue