mirror of https://github.com/hak5/openwrt.git
openvpn: bump to 2.3.7.
Two patches are dropped as they were already applied upstream. Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> SVN-Revision: 46027lede-17.01
parent
949d7e30e4
commit
63cb31d9ec
|
@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=openvpn
|
||||
|
||||
PKG_VERSION:=2.3.6
|
||||
PKG_RELEASE:=5
|
||||
PKG_VERSION:=2.3.7
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_MD5SUM:=6ca03fe0fd093e0d01601abee808835c
|
||||
PKG_MD5SUM:=070bca95e478f88dff9ec6a221e2c3f7
|
||||
|
||||
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
|
||||
|
|
|
@ -1,57 +0,0 @@
|
|||
commit 98156e90e1e83133a6a6a020db8e7333ada6156b
|
||||
Author: Steffan Karger <steffan@karger.me>
|
||||
Date: Tue Dec 2 21:42:00 2014 +0100
|
||||
|
||||
Really fix '--cipher none' regression
|
||||
|
||||
... by not incorrectly hinting to the compiler the function argument of
|
||||
cipher_kt_mode_{cbc,ofb_cfb}() is nonnull, since that no longer is the
|
||||
case.
|
||||
|
||||
Verified the fix on Debian Wheezy, one of the platforms the reporter in
|
||||
trac #473 mentions with a compiler that would optimize out the required
|
||||
checks.
|
||||
|
||||
Also add a testcase for --cipher none to t_lpback, to prevent further
|
||||
regressions.
|
||||
|
||||
Signed-off-by: Steffan Karger <steffan@karger.me>
|
||||
Acked-by: Gert Doering <gert@greenie.muc.de>
|
||||
Message-Id: <1417552920-31770-1-git-send-email-steffan@karger.me>
|
||||
URL: http://article.gmane.org/gmane.network.openvpn.devel/9300
|
||||
Signed-off-by: Gert Doering <gert@greenie.muc.de>
|
||||
|
||||
--- a/src/openvpn/crypto_backend.h
|
||||
+++ b/src/openvpn/crypto_backend.h
|
||||
@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *c
|
||||
*
|
||||
* @return true iff the cipher is a CBC mode cipher.
|
||||
*/
|
||||
-bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
|
||||
- __attribute__((nonnull));
|
||||
+bool cipher_kt_mode_cbc(const cipher_kt_t *cipher);
|
||||
|
||||
/**
|
||||
* Check if the supplied cipher is a supported OFB or CFB mode cipher.
|
||||
@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_
|
||||
*
|
||||
* @return true iff the cipher is a OFB or CFB mode cipher.
|
||||
*/
|
||||
-bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
|
||||
- __attribute__((nonnull));
|
||||
+bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher);
|
||||
|
||||
|
||||
/**
|
||||
--- a/tests/t_lpback.sh
|
||||
+++ b/tests/t_lpback.sh
|
||||
@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/op
|
||||
# GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5)
|
||||
CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' )
|
||||
|
||||
+# Also test cipher 'none'
|
||||
+CIPHERS=${CIPHERS}$(printf "\nnone")
|
||||
+
|
||||
"${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$
|
||||
set +e
|
||||
|
|
@ -239,7 +239,7 @@
|
|||
{
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -819,13 +819,13 @@ if test "${with_crypto_library}" = "pola
|
||||
@@ -832,13 +832,13 @@ if test "${with_crypto_library}" = "pola
|
||||
#include <polarssl/version.h>
|
||||
]],
|
||||
[[
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
--- a/src/openvpn/syshead.h
|
||||
+++ b/src/openvpn/syshead.h
|
||||
@@ -214,10 +214,6 @@
|
||||
|
||||
#ifdef TARGET_LINUX
|
||||
|
||||
-#if defined(HAVE_NETINET_IF_ETHER_H)
|
||||
-#include <netinet/if_ether.h>
|
||||
-#endif
|
||||
-
|
||||
#ifdef HAVE_LINUX_IF_TUN_H
|
||||
#include <linux/if_tun.h>
|
||||
#endif
|
|
@ -1,7 +1,5 @@
|
|||
Index: openvpn-2.3.6/src/openvpn/ssl_polarssl.c
|
||||
===================================================================
|
||||
--- openvpn-2.3.6.orig/src/openvpn/ssl_polarssl.c
|
||||
+++ openvpn-2.3.6/src/openvpn/ssl_polarssl.c
|
||||
--- a/src/openvpn/ssl_polarssl.c
|
||||
+++ b/src/openvpn/ssl_polarssl.c
|
||||
@@ -707,6 +707,11 @@ void key_state_ssl_init(struct key_state
|
||||
if (ssl_ctx->allowed_ciphers)
|
||||
ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);
|
||||
|
|
Loading…
Reference in New Issue