From patchwork Sat Mar  3 00:11:07 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Magnus Kroken <mkroken@gmail.com>
X-Patchwork-Id: 880956
X-Patchwork-Delegate: hauke@hauke-m.de
Return-Path: 
 <lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org; spf=none (mailfrom)
	smtp.mailfrom=lists.infradead.org
	(client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org;
	envelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=lists.infradead.org
	header.i=@lists.infradead.org header.b="thC38i92";
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="lo1R77PP"; dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2607:7c80:54:e::133])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3ztRS42Q26z9s8p
	for <incoming@patchwork.ozlabs.org>;
	Sat,  3 Mar 2018 11:12:04 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20170209; h=Sender:
	Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe:
	List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id:
	Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=jS7g9WK7iU5D3sfwicLUs/YKyUnWTGpnLU2JbS/qvRc=;
	b=thC38i92ewOi7i
	M36r+Y8EULOcHc4RwcQUCgp5vaVsXAF3s1i0KC8oZ6Z/AaDWLTr+k9MVHe2PO6XSISb9VtHkBEkVt
	WBRiWB1qunk73zKvCme4RFcl6E+ZTcYzEaxAfqDkr9eIvg/ZR3s4rspOSYUhpOABZ7ILveONlky6l
	YwVqLJ7Y8ZGo49EdOUz2N+AGB+rkiD47cF3Ei8JT7sPXZn55KxL1GtDRMIW8K7cQ6dB4sVhQbfdSJ
	kL/kHqw7q8/gM8HkbgZj12rAzIYsmoR9/DsgV8SKpSs0eHc5vLgZIrCn2osoMVxVxs54MSp5ihX/h
	T3uN9SFvNsz7kOgTR1SQ==;
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.89 #1 (Red Hat Linux))
	id 1erum5-0000Vj-QI; Sat, 03 Mar 2018 00:11:41 +0000
Received: from mail-wm0-x244.google.com ([2a00:1450:400c:c09::244])
	by bombadil.infradead.org with esmtps (Exim 4.89 #1 (Red Hat Linux))
	id 1eruly-0000D8-9H
	for lede-dev@lists.infradead.org; Sat, 03 Mar 2018 00:11:38 +0000
Received: by mail-wm0-x244.google.com with SMTP id z81so6066053wmb.4
	for <lede-dev@lists.infradead.org>;
	Fri, 02 Mar 2018 16:11:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=JGsOOSP7mIdQ/gbj86biWM0QuP2CyX3C1qea6AHCfGo=;
	b=lo1R77PPmFqglUnNZPvd3FIwErtqYzbcPLMxoiJHDLV5YkXT6r3Lj7Zza33NXE9sIA
	QuY/V8w47E2a9wtT/NR2PR4kQ/LVTNxWzK8cFD43E86SHZF95CAnaLtozw06oYqChTOE
	0iWwI1e3TSzcEjX0pHMibTg3l8LtOAbhbPoz0M0tcuwqFW3zzx8YZkyXY4OvhaYqCk1K
	iwkM2feKWUSLC7QuKfogVtEDwDQZNBhpoKnNCMEjcEQ7E4yiT707aJUW8wTotZ+hbsJS
	//Vt7v2uNNaeVBXp7O88CAGnxn/rG9GfMnjdDCdf3fG6hYx1y0Nng5vz5KTk+FBl/wCh
	V3CQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=JGsOOSP7mIdQ/gbj86biWM0QuP2CyX3C1qea6AHCfGo=;
	b=UvOXrJJGa7a742/om5qFp+L3ElGhlstORlREtXuwQRyIvfcwmk4HLUqSxg0HnIk6/2
	Q9TKmx4fK5Z21mq/xW3UNr/tTlppyttEY786NEwmu7HT/TEMigahDX4TWaBladm5nKOu
	zUfiaNFQeOqqFjd+lGjdKgv18Rn3NY50pAFVCCu50DENyKPBoLqGFyN5lM7pVJF8QiGm
	MADm8RYLff5EKEI8NC90DuM585gEc8YgaGZXA4FKaf5SFundthJW3hyuwjohqXR4+vzU
	BZKazKVNt9cdXs2pMtsqzvoPnc4xdRuQEHa9RApsnLD+b8K7Y2QQ07CeYLiTqs5C9Tyd
	ijrQ==
X-Gm-Message-State: AElRT7E9XSESe0um4KZfSX/fmLYIj/4nW/u9kuQAp0oaoEhFOLXCbFLF
	hOmWI0zVSTH/7a0LcCG9TsHkXQIh
X-Google-Smtp-Source: 
 AG47ELsvz8T5GL84ssX+pXJsSOUP4wTCCw42anZvQct0MOGjlUSdgQ+ucw2RJd4kZknAa/801BmqzQ==
X-Received: by 10.28.245.25 with SMTP id t25mr2602888wmh.77.1520035880643;
	Fri, 02 Mar 2018 16:11:20 -0800 (PST)
Received: from localhost.localdomain (113.229.16.62.customer.cdi.no.
	[62.16.229.113]) by smtp.gmail.com with ESMTPSA id
	x82sm365480wmg.7.2018.03.02.16.11.18
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Fri, 02 Mar 2018 16:11:19 -0800 (PST)
From: Magnus Kroken <mkroken@gmail.com>
To: lede-dev@lists.infradead.org
Date: Sat,  3 Mar 2018 01:11:07 +0100
Message-Id: <20180303001107.1313-1-mkroken@gmail.com>
X-Mailer: git-send-email 2.11.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20180302_161134_427875_F19CBD25 
X-CRM114-Status: GOOD (  14.93  )
X-Spam-Score: -2.0 (--)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
	Content analysis details:   (-2.0 points)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
	no
	trust [2a00:1450:400c:c09:0:0:0:244 listed in] [list.dnswl.org]
	-0.0 SPF_PASS               SPF: sender matches SPF record
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
	provider (mkroken[at]gmail.com)
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
Subject: [LEDE-DEV] [PATCH] openvpn: update to 2.4.5
X-BeenThere: lede-dev@lists.infradead.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <lede-dev.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/lede-dev>,
	<mailto:lede-dev-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/lede-dev/>
List-Post: <mailto:lede-dev@lists.infradead.org>
List-Help: <mailto:lede-dev-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/lede-dev>,
	<mailto:lede-dev-request@lists.infradead.org?subject=subscribe>
Cc: Magnus Kroken <mkroken@gmail.com>
MIME-Version: 1.0
Sender: "Lede-dev" <lede-dev-bounces@lists.infradead.org>
Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Signed-off-by: Magnus Kroken <mkroken@gmail.com>
Tested-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
---
Runtime tested on powerpc/mpc85xx, with mbed TLS.

 package/network/services/openvpn/Makefile          |  6 +++---
 ...100-mbedtls-disable-runtime-version-check.patch |  2 +-
 .../210-build_always_use_internal_lz4.patch        | 24 ++++++++++++++--------
 ...edtls_dont_use_deprecated_sha256_function.patch | 11 ----------
 4 files changed, 19 insertions(+), 24 deletions(-)
 delete mode 100644 package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch

diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile
index ec48e734ff..bab426ac58 100644
--- a/package/network/services/openvpn/Makefile
+++ b/package/network/services/openvpn/Makefile
@@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openvpn
 
-PKG_VERSION:=2.4.4
-PKG_RELEASE:=2
+PKG_VERSION:=2.4.5
+PKG_RELEASE:=1
 
 PKG_SOURCE_URL:=\
 	https://build.openvpn.net/downloads/releases/ \
 	https://swupdate.openvpn.net/community/releases/
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=96cd1b8fe1e8cb2920f07c3fd3985faea756e16fdeebd11d3e146d5bd2b04a80
+PKG_HASH:=43c0a363a332350f620d1cd93bb431e082bedbc93d4fb872f758650d53c1d29e
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
diff --git a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
index 8209bca4f7..5608fa4430 100644
--- a/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
+++ b/package/network/services/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
@@ -1,6 +1,6 @@
 --- a/src/openvpn/ssl_mbedtls.c
 +++ b/src/openvpn/ssl_mbedtls.c
-@@ -1336,7 +1336,7 @@ const char *
+@@ -1394,7 +1394,7 @@ const char *
  get_ssl_library_version(void)
  {
      static char mbedtls_version[30];
diff --git a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
index d49e0bf9ec..b3eb7c742a 100644
--- a/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
+++ b/package/network/services/openvpn/patches/210-build_always_use_internal_lz4.patch
@@ -1,15 +1,17 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -1068,62 +1068,15 @@ dnl
+@@ -1077,68 +1077,15 @@ dnl
  AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
  AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
  if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
 -    if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
 -	# if the user did not explicitly specify flags, try to autodetect
 -	PKG_CHECK_MODULES([LZ4],
--			  [liblz4 >= 1.7.1],
+-			  [liblz4 >= 1.7.1 liblz4 < 100],
 -			  [have_lz4="yes"],
--			  [] # If this fails, we will do another test next
+-			  [LZ4_LIBS="-llz4"] # If this fails, we will do another test next.
+-					     # We also add set LZ4_LIBS otherwise the
+-					     # linker will not know about the lz4 library
 -	)
 -    fi
 
@@ -47,20 +49,24 @@
 -	fi
 -    fi
 -
--    # if LZ4_LIBS is set, we assume it will work, otherwise test
--    if test -z "${LZ4_LIBS}"; then
+-    # Double check we have a few needed functions
+-    if test "${have_lz4}" = "yes" ; then
 -	AC_CHECK_LIB([lz4],
--		     [LZ4_compress],
--		     [LZ4_LIBS="-llz4"],
+-		     [LZ4_compress_default],
+-		     [],
+-		     [have_lz4="no"])
+-	AC_CHECK_LIB([lz4],
+-		     [LZ4_decompress_safe],
+-		     [],
 -		     [have_lz4="no"])
 -    fi
 -
 -    if test "${have_lz4}" != "yes" ; then
--	AC_MSG_RESULT([		usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
+-	AC_MSG_RESULT([		usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
 -	AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
 -	LZ4_LIBS=""
 -    fi
-+    AC_MSG_RESULT([		usuable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
++    AC_MSG_RESULT([		usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
 +    AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
 +    LZ4_LIBS=""
      OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
diff --git a/package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch b/package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch
deleted file mode 100644
index b9201a599a..0000000000
--- a/package/network/services/openvpn/patches/300-mbedtls_dont_use_deprecated_sha256_function.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- a/src/openvpn/ssl_mbedtls.c
-+++ b/src/openvpn/ssl_mbedtls.c
-@@ -803,7 +803,7 @@ tls_ctx_personalise_random(struct tls_ro
-     {
-         mbedtls_x509_crt *cert = ctx->crt_chain;
- 
--        mbedtls_sha256(cert->tbs.p, cert->tbs.len, sha256_hash, false);
-+        mbedtls_sha256_ret(cert->tbs.p, cert->tbs.len, sha256_hash, false);
-         if (0 != memcmp(old_sha256_hash, sha256_hash, sizeof(sha256_hash)))
-         {
-             mbedtls_ctr_drbg_update(cd_ctx, sha256_hash, 32);