From 63cb31d9ec0cbcc2633db04069896f86a2380c1a Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Thu, 18 Jun 2015 06:41:49 +0000 Subject: openvpn: bump to 2.3.7. Two patches are dropped as they were already applied upstream. Signed-off-by: Yousong Zhou SVN-Revision: 46027 --- .../patches/001-backport_cipher_none_fix.patch | 57 ---------------------- .../services/openvpn/patches/100-polarssl_compat.h | 2 +- .../services/openvpn/patches/110-musl_compat.patch | 13 ----- .../120-polarssl-disable-record-splitting.patch | 6 +-- 4 files changed, 3 insertions(+), 75 deletions(-) delete mode 100644 package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch delete mode 100644 package/network/services/openvpn/patches/110-musl_compat.patch (limited to 'package/network/services/openvpn/patches') diff --git a/package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch b/package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch deleted file mode 100644 index af445e3bc8..0000000000 --- a/package/network/services/openvpn/patches/001-backport_cipher_none_fix.patch +++ /dev/null @@ -1,57 +0,0 @@ -commit 98156e90e1e83133a6a6a020db8e7333ada6156b -Author: Steffan Karger -Date: Tue Dec 2 21:42:00 2014 +0100 - - Really fix '--cipher none' regression - - ... by not incorrectly hinting to the compiler the function argument of - cipher_kt_mode_{cbc,ofb_cfb}() is nonnull, since that no longer is the - case. - - Verified the fix on Debian Wheezy, one of the platforms the reporter in - trac #473 mentions with a compiler that would optimize out the required - checks. - - Also add a testcase for --cipher none to t_lpback, to prevent further - regressions. - - Signed-off-by: Steffan Karger - Acked-by: Gert Doering - Message-Id: <1417552920-31770-1-git-send-email-steffan@karger.me> - URL: http://article.gmane.org/gmane.network.openvpn.devel/9300 - Signed-off-by: Gert Doering - ---- a/src/openvpn/crypto_backend.h -+++ b/src/openvpn/crypto_backend.h -@@ -237,8 +237,7 @@ int cipher_kt_mode (const cipher_kt_t *c - * - * @return true iff the cipher is a CBC mode cipher. - */ --bool cipher_kt_mode_cbc(const cipher_kt_t *cipher) -- __attribute__((nonnull)); -+bool cipher_kt_mode_cbc(const cipher_kt_t *cipher); - - /** - * Check if the supplied cipher is a supported OFB or CFB mode cipher. -@@ -247,8 +246,7 @@ bool cipher_kt_mode_cbc(const cipher_kt_ - * - * @return true iff the cipher is a OFB or CFB mode cipher. - */ --bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher) -- __attribute__((nonnull)); -+bool cipher_kt_mode_ofb_cfb(const cipher_kt_t *cipher); - - - /** ---- a/tests/t_lpback.sh -+++ b/tests/t_lpback.sh -@@ -35,6 +35,9 @@ CIPHERS=$(${top_builddir}/src/openvpn/op - # GD, 2014-07-06 do not test RC5-* either (fails on NetBSD w/o libcrypto_rc5) - CIPHERS=$(echo "$CIPHERS" | egrep -v '^(DES-EDE3-CFB1|DES-CFB1|RC5-)' ) - -+# Also test cipher 'none' -+CIPHERS=${CIPHERS}$(printf "\nnone") -+ - "${top_builddir}/src/openvpn/openvpn" --genkey --secret key.$$ - set +e - diff --git a/package/network/services/openvpn/patches/100-polarssl_compat.h b/package/network/services/openvpn/patches/100-polarssl_compat.h index 4def9670f0..a1c83b0e42 100644 --- a/package/network/services/openvpn/patches/100-polarssl_compat.h +++ b/package/network/services/openvpn/patches/100-polarssl_compat.h @@ -239,7 +239,7 @@ { --- a/configure.ac +++ b/configure.ac -@@ -819,13 +819,13 @@ if test "${with_crypto_library}" = "pola +@@ -832,13 +832,13 @@ if test "${with_crypto_library}" = "pola #include ]], [[ diff --git a/package/network/services/openvpn/patches/110-musl_compat.patch b/package/network/services/openvpn/patches/110-musl_compat.patch deleted file mode 100644 index 566c17f062..0000000000 --- a/package/network/services/openvpn/patches/110-musl_compat.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- a/src/openvpn/syshead.h -+++ b/src/openvpn/syshead.h -@@ -214,10 +214,6 @@ - - #ifdef TARGET_LINUX - --#if defined(HAVE_NETINET_IF_ETHER_H) --#include --#endif -- - #ifdef HAVE_LINUX_IF_TUN_H - #include - #endif diff --git a/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch b/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch index 9e1511b6b6..b05592e149 100644 --- a/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch +++ b/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch @@ -1,7 +1,5 @@ -Index: openvpn-2.3.6/src/openvpn/ssl_polarssl.c -=================================================================== ---- openvpn-2.3.6.orig/src/openvpn/ssl_polarssl.c -+++ openvpn-2.3.6/src/openvpn/ssl_polarssl.c +--- a/src/openvpn/ssl_polarssl.c ++++ b/src/openvpn/ssl_polarssl.c @@ -707,6 +707,11 @@ void key_state_ssl_init(struct key_state if (ssl_ctx->allowed_ciphers) ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers); -- cgit v1.2.3