[OpenWrt-Devel] [PATCH v2] openvpn: bump to 2.3.7.

Yousong Zhou yszhou4tech at gmail.com
Wed Jun 17 09:30:43 EDT 2015


Two patches are dropped as they were already applied upstream.

Signed-off-by: Yousong Zhou <yszhou4tech at gmail.com>
---
v2 <- v1

	- Update PKG_MD5SUM
	- Refreshed all patches

 package/network/services/openvpn/Makefile          |    6 +--
 .../patches/001-backport_cipher_none_fix.patch     |   57 --------------------
 .../services/openvpn/patches/100-polarssl_compat.h |    2 +-
 .../services/openvpn/patches/110-musl_compat.patch |   13 -----
 .../120-polarssl-disable-record-splitting.patch    |    6 +--
 5 files changed, 6 insertions(+), 78 deletions(-)
 delete mode 100644 package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch
 delete mode 100644 package/network/services/openvpn/patches/110-musl_compat.patch

diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile
index 81d8007..f3de63d 100644
--- a/package/network/services/openvpn/Makefile
+++ b/package/network/services/openvpn/Makefile
@@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openvpn
 
-PKG_VERSION:=2.3.6
-PKG_RELEASE:=5
+PKG_VERSION:=2.3.7
+PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_MD5SUM:=6ca03fe0fd093e0d01601abee808835c
+PKG_MD5SUM:=070bca95e478f88dff9ec6a221e2c3f7
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 
diff --git a/package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch b/package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch
deleted file mode 100644
index af445e3..0000000
--- a/package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-commit 98156e90e1e83133a6a6a020db8e7333ada6156b
-Author: Steffan Karger <steffan at karger.me>
-Date:   Tue Dec 2 21:42:00 2014 +0100
-
-    Really fix '--cipher none' regression
-    
-    ... by not incorrectly hinting to the compiler the function argument of
-    cipher_kt_mode_{cbc,ofb_cfb}() is nonnull, since that no longer is the
-    case.
-    
-    Verified the fix on Debian Wheezy, one of the platforms the reporter in
-    trac #473 mentions with a compiler that would optimize out the required
-    checks.
-    
-    Also add a testcase for --cipher none to t_lpback, to prevent further
-    regressions.
-    
-    Signed-off-by: Steffan Karger <steffan at karger.me>
-    Acked-by: Gert Doering <gert at greenie.muc.de>
-    Message-Id: <1417552920-31770-1-git-send-email-steffan at karger.me>
-    URL: http://article.gmane.org/gmane.network.openvpn.devel/9300
-    Signed-off-by: Gert Doering <gert at greenie.muc.de>
-
---- a/src/openvpn/crypto_backend.h
-+++ b/src/openvpn/crypto_backend.h
-@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *c
-  *
-  * @return		true iff the cipher is a CBC mode cipher.
-  */
--bool cipher_kt_mode_cbc(const cipher_kt_t *cipher)
--  __attribute__((nonnull));
-+bool cipher_kt_mode_cbc(const cipher_kt_t *cipher);
- 
- /**
-  * Check if the supplied cipher is a supported OFB or CFB mode cipher.
-@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_
-  *
-  * @return		true iff the cipher is a OFB or CFB mode cipher.
-  */
--bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher)
--  __attribute__((nonnull));
-+bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher);
- 
- 
- /**
---- a/tests/t_lpback.sh
-+++ b/tests/t_lpback.sh
-@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/op
- # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5)
- CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' )
- 
-+# Also test cipher 'none'
-+CIPHERS=${CIPHERS}$(printf "\nnone")
-+
- "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$
- set +e
- 
diff --git a/package/network/services/openvpn/patches/100-polarssl_compat.h b/package/network/services/openvpn/patches/100-polarssl_compat.h
index 4def967..a1c83b0 100644
--- a/package/network/services/openvpn/patches/100-polarssl_compat.h
+++ b/package/network/services/openvpn/patches/100-polarssl_compat.h
@@ -239,7 +239,7 @@
  	{
 --- a/configure.ac
 +++ b/configure.ac
-@@ -819,13 +819,13 @@ if test "${with_crypto_library}" = "pola
+@@ -832,13 +832,13 @@ if test "${with_crypto_library}" = "pola
  #include <polarssl/version.h>
  			]],
  			[[
diff --git a/package/network/services/openvpn/patches/110-musl_compat.patch b/package/network/services/openvpn/patches/110-musl_compat.patch
deleted file mode 100644
index 566c17f..0000000
--- a/package/network/services/openvpn/patches/110-musl_compat.patch
+++ /dev/null
@@ -1,13 +0,0 @@
---- a/src/openvpn/syshead.h
-+++ b/src/openvpn/syshead.h
-@@ -214,10 +214,6 @@
- 
- #ifdef TARGET_LINUX
- 
--#if defined(HAVE_NETINET_IF_ETHER_H)
--#include <netinet/if_ether.h>
--#endif
--
- #ifdef HAVE_LINUX_IF_TUN_H
- #include <linux/if_tun.h>
- #endif
diff --git a/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch b/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch
index 9e1511b..b05592e 100644
--- a/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch
+++ b/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch
@@ -1,7 +1,5 @@
-Index: openvpn-2.3.6/src/openvpn/ssl_polarssl.c
-===================================================================
---- openvpn-2.3.6.orig/src/openvpn/ssl_polarssl.c
-+++ openvpn-2.3.6/src/openvpn/ssl_polarssl.c
+--- a/src/openvpn/ssl_polarssl.c
++++ b/src/openvpn/ssl_polarssl.c
 @@ -707,6 +707,11 @@ void key_state_ssl_init(struct key_state
        if (ssl_ctx->allowed_ciphers)
  	ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers);
-- 
1.7.10.4
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list