openvpn: update to 2.5.3

author Ivan Pavlov <AuthorReflex@gmail.com>

Fri, 18 Jun 2021 07:10:57 +0000 (10:10 +0300)

committer Polynomdivision <vincent@systemli.org>

Fri, 18 Jun 2021 16:13:48 +0000 (18:13 +0200)
author Ivan Pavlov <AuthorReflex@gmail.com>
Fri, 18 Jun 2021 07:10:57 +0000 (10:10 +0300)
committer Polynomdivision <vincent@systemli.org>
Fri, 18 Jun 2021 16:13:48 +0000 (18:13 +0200)
diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile

index 9aeb43a8498fcc6c69484217e033bbf9cad1413a..8afad6f1512df9da8235b40d9067b60ed043d3ae 100644 (file)
--- a/net/openvpn/Makefile
+++ b/net/openvpn/Makefile
@@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk
  
  PKG_NAME:=openvpn
  
-PKG_VERSION:=2.5.2
-PKG_RELEASE:=2
+PKG_VERSION:=2.5.3
+PKG_RELEASE:=1
  
  PKG_SOURCE_URL:=\
         https://build.openvpn.net/downloads/releases/ \
         https://swupdate.openvpn.net/community/releases/
  PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=b12743836901f365efaf82ab2493967e1b21c21eb43ce9a8da1002a17c9c1dc8
+PKG_HASH:=fb6a9943c603a1951ca13e9267653f8dd650c02f84bccd2b9d20f06a4c9c9a7e
  
  PKG_MAINTAINER:=Magnus Kroken <mkroken@gmail.com>
  
diff --git a/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch b/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch

index c54277006d067044bba9d131ffb8dcc9f839664a..8d49d167c4c48711e4d1a191d10f5ad1928fd9b2 100644 (file)
--- a/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
+++ b/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
@@ -1,6 +1,6 @@
  --- a/src/openvpn/ssl_mbedtls.c
  +++ b/src/openvpn/ssl_mbedtls.c
-@@ -1535,7 +1535,7 @@ const char *
+@@ -1538,7 +1538,7 @@ const char *
   get_ssl_library_version(void)
   {
       static char mbedtls_version[30];
diff --git a/net/openvpn/patches/115-fix-mbedtls-without-renegotiation.patch b/net/openvpn/patches/115-fix-mbedtls-without-renegotiation.patch

deleted file mode 100644 (file)

index 532d64f..0000000
--- a/net/openvpn/patches/115-fix-mbedtls-without-renegotiation.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From e4bd17c86e01aaf6f809d9ea355419c86c4defdc Mon Sep 17 00:00:00 2001
-From: Max Fillinger <maximilian.fillinger@foxcrypto.com>
-Date: Mon, 12 Apr 2021 19:46:17 +0200
-Subject: [PATCH] Fix build with mbedtls w/o SSL renegotiation support
-
-In mbedtls, support for SSL renegotiation can be disabled at
-compile-time. However, OpenVPN cannot be built with such a library
-because it calls mbedtls_ssl_conf_renegotiation() to disable this
-feature at runtime. This function doesn't exist when mbedtls was built
-without support for SSL renegotiation.
-
-This commit fixes the build by ifdef'ing out the function call when
-mbedtls was built without support for SSL renegotiation.
-
-Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
-Acked-by: Antonio Quartulli <antonio@openvpn.net>
-Message-Id: <E1lW0eX-00012w-9n@sfs-ml-1.v29.lw.sourceforge.com>
-URL: https://www.mail-archive.com/search?l=mid&q=E1lW0eX-00012w-9n@sfs-ml-1.v29.lw.sourceforge.com
-Signed-off-by: Gert Doering <gert@greenie.muc.de>
----
- src/openvpn/ssl_mbedtls.c | 9 ++++++---
- 1 file changed, 6 insertions(+), 3 deletions(-)
-
---- a/src/openvpn/ssl_mbedtls.c
-+++ b/src/openvpn/ssl_mbedtls.c
-@@ -1098,10 +1098,13 @@ key_state_ssl_init(struct key_state_ssl
-     {
-         mbedtls_ssl_conf_curves(ks_ssl->ssl_config, ssl_ctx->groups);
-     }
--    /* Disable TLS renegotiations. OpenVPN's renegotiation creates new SSL
--     * session and does not depend on this feature. And TLS renegotiations have
--     * been problematic in the past */
-+
-+    /* Disable TLS renegotiations if the mbedtls library supports that feature.
-+     * OpenVPN's renegotiation creates new SSL sessions and does not depend on
-+     * this feature and TLS renegotiations have been problematic in the past. */
-+#if defined(MBEDTLS_SSL_RENEGOTIATION)
-     mbedtls_ssl_conf_renegotiation(ks_ssl->ssl_config, MBEDTLS_SSL_RENEGOTIATION_DISABLED);
-+#endif /* MBEDTLS_SSL_RENEGOTIATION */
- 
-     /* Disable record splitting (for now).  OpenVPN assumes records are sent
-      * unfragmented, and changing that will require thorough review and
diff --git a/net/openvpn/test.sh b/net/openvpn/test.sh

index c2b0cc4b04ae2010cb888d6d1da69caf3065df2d..71cdc35db122f392ba00b59a4cefc406092f1dbc 100755 (executable)
--- a/net/openvpn/test.sh
+++ b/net/openvpn/test.sh
@@ -4,10 +4,7 @@ case "$1" in
         "openvpn-mbedtls")
                 openvpn --version | grep "$2.*SSL (mbed TLS)"
                 ;;
-       "openvpn-openssl")
-               openvpn --version | grep "$2.*SSL (OpenSSL)"
-               ;;
-       "openvpn-wolfssl")
+       "openvpn-openssl"|"openvpn-wolfssl")
                 openvpn --version | grep "$2.*SSL (OpenSSL)"
                 ;;
  esac
author	Ivan Pavlov <AuthorReflex@gmail.com>
	Fri, 18 Jun 2021 07:10:57 +0000 (10:10 +0300)
committer	Polynomdivision <vincent@systemli.org>
	Fri, 18 Jun 2021 16:13:48 +0000 (18:13 +0200)
net/openvpn/Makefile		patch \| blob \| history
net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch		patch \| blob \| history
net/openvpn/patches/115-fix-mbedtls-without-renegotiation.patch	[deleted file]	patch \| blob \| history
net/openvpn/test.sh		patch \| blob \| history