diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile index ec48e734ff6..bab426ac58b 100644 --- a/package/network/services/openvpn/Makefile +++ b/package/network/services/openvpn/Makefile @@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn -PKG_VERSION:=2.4.4 -PKG_RELEASE:=2 +PKG_VERSION:=2.4.5 +PKG_RELEASE:=1 PKG_SOURCE_URL:=\ https://build.openvpn.net/downloads/releases/ \ https://swupdate.openvpn.net/community/releases/ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz -PKG_HASH:=96cd1b8fe1e8cb2920f07c3fd3985faea756e16fdeebd11d3e146d5bd2b04a80 +PKG_HASH:=43c0a363a332350f620d1cd93bb431e082bedbc93d4fb872f758650d53c1d29e PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) PKG_MAINTAINER:=Felix Fietkau diff --git a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch index 8209bca4f72..5608fa4430f 100644 --- a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch +++ b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch @@ -1,6 +1,6 @@ --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c -@@ -1336,7 +1336,7 @@ const char * +@@ -1394,7 +1394,7 @@ const char * get_ssl_library_version(void) { static char mbedtls_version[30]; diff --git a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch index d49e0bf9ec9..b3eb7c742af 100644 --- a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch +++ b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch @@ -1,15 +1,17 @@ --- a/configure.ac +++ b/configure.ac -@@ -1068,62 +1068,15 @@ dnl +@@ -1077,68 +1077,15 @@ dnl AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4]) AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4]) if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then - if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then - # if the user did not explicitly specify flags, try to autodetect - PKG_CHECK_MODULES([LZ4], -- [liblz4 >= 1.7.1], +- [liblz4 >= 1.7.1 liblz4 < 100], - [have_lz4="yes"], -- [] # If this fails, we will do another test next +- [LZ4_LIBS="-llz4"] # If this fails, we will do another test next. +- # We also add set LZ4_LIBS otherwise the +- # linker will not know about the lz4 library - ) - fi @@ -47,20 +49,24 @@ - fi - fi - -- # if LZ4_LIBS is set, we assume it will work, otherwise test -- if test -z "${LZ4_LIBS}"; then +- # Double check we have a few needed functions +- if test "${have_lz4}" = "yes" ; then - AC_CHECK_LIB([lz4], -- [LZ4_compress], -- [LZ4_LIBS="-llz4"], +- [LZ4_compress_default], +- [], +- [have_lz4="no"]) +- AC_CHECK_LIB([lz4], +- [LZ4_decompress_safe], +- [], - [have_lz4="no"]) - fi - - if test "${have_lz4}" != "yes" ; then -- AC_MSG_RESULT([ usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*]) +- AC_MSG_RESULT([ usable LZ4 library or header not found, using version in src/compat/compat-lz4.*]) - AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/]) - LZ4_LIBS="" - fi -+ AC_MSG_RESULT([ usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*]) ++ AC_MSG_RESULT([ usable LZ4 library or header not found, using version in src/compat/compat-lz4.*]) + AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/]) + LZ4_LIBS="" OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}" diff --git a/package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch b/package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch deleted file mode 100644 index b9201a599ad..00000000000 --- a/package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/openvpn/ssl_mbedtls.c -+++ b/src/openvpn/ssl_mbedtls.c -@@ -803,7 +803,7 @@ tls_ctx_personalise_random(struct tls_ro - { - mbedtls_x509_crt *cert = ctx->crt_chain; - -- mbedtls_sha256(cert->tbs.p, cert->tbs.len, sha256_hash, false); -+ mbedtls_sha256_ret(cert->tbs.p, cert->tbs.len, sha256_hash, false); - if (0 != memcmp(old_sha256_hash, sha256_hash, sizeof(sha256_hash))) - { - mbedtls_ctr_drbg_update(cd_ctx, sha256_hash, 32);