diff --git a/net/openvpn/Makefile b/net/openvpn/Makefile index 7b9a3a84df052..591f821c2b541 100644 --- a/net/openvpn/Makefile +++ b/net/openvpn/Makefile @@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn -PKG_VERSION:=2.7.1 -PKG_RELEASE:=2 +PKG_VERSION:=2.7.2 +PKG_RELEASE:=1 PKG_SOURCE_URL:=\ https://build.openvpn.net/downloads/releases/ \ https://swupdate.openvpn.net/community/releases/ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_HASH:=9858477ec2894a8a672974d8650dcb1af2eeffb468981a2b619f0fa387081167 +PKG_HASH:=9c3e150a595fc9a375221f2fa9f10524a9c064536cf81c96e3ba66c735b86f26 PKG_MAINTAINER:=Alexandru Ardelean diff --git a/net/openvpn/patches/101-Revert-ssl_verify_openssl-use-official-ASN1_STRING_-.patch b/net/openvpn/patches/101-Revert-ssl_verify_openssl-use-official-ASN1_STRING_-.patch deleted file mode 100644 index deb23f3f0dabc..0000000000000 --- a/net/openvpn/patches/101-Revert-ssl_verify_openssl-use-official-ASN1_STRING_-.patch +++ /dev/null @@ -1,46 +0,0 @@ -Subject: [PATCH] Revert "ssl_verify_openssl: use official ASN1_STRING_ API" - -This reverts commit 388800782687793ea968b722e22319b8a13fddbd. -It breaks wolfSSL build on version <= 5.9.0. ---- - src/openvpn/ssl_verify_openssl.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - ---- a/src/openvpn/ssl_verify_openssl.c -+++ b/src/openvpn/ssl_verify_openssl.c -@@ -257,7 +257,7 @@ backend_x509_get_username(char *common_n - { - ASN1_INTEGER *asn1_i = X509_get_serialNumber(peer_cert); - struct gc_arena gc = gc_new(); -- char *serial = format_hex_ex(ASN1_STRING_get0_data(asn1_i), ASN1_STRING_length(asn1_i), 0, 1 | FHE_CAPS, NULL, &gc); -+ char *serial = format_hex_ex(asn1_i->data, asn1_i->length, 0, 1 | FHE_CAPS, NULL, &gc); - - if (!serial || cn_len <= strlen(serial) + 2) - { -@@ -311,7 +311,7 @@ backend_x509_get_serial_hex(openvpn_x509 - { - const ASN1_INTEGER *asn1_i = X509_get_serialNumber(cert); - -- return format_hex_ex(ASN1_STRING_get0_data(asn1_i), ASN1_STRING_length(asn1_i), 0, 1, ":", gc); -+ return format_hex_ex(asn1_i->data, asn1_i->length, 0, 1, ":", gc); - } - - result_t -@@ -624,7 +624,7 @@ x509_verify_ns_cert_type(openvpn_x509_ce - { - ASN1_BIT_STRING *ns; - ns = X509_get_ext_d2i(peer_cert, NID_netscape_cert_type, NULL, NULL); -- result = (ns && ASN1_STRING_length(ns) > 0 && (ASN1_STRING_get0_data(ns)[0] & NS_SSL_CLIENT)) ? SUCCESS : FAILURE; -+ result = (ns && ns->length > 0 && (ns->data[0] & NS_SSL_CLIENT)) ? SUCCESS : FAILURE; - if (result == SUCCESS) - { - msg(M_WARN, "X509: Certificate is a client certificate yet it's purpose " -@@ -652,7 +652,7 @@ x509_verify_ns_cert_type(openvpn_x509_ce - { - ASN1_BIT_STRING *ns; - ns = X509_get_ext_d2i(peer_cert, NID_netscape_cert_type, NULL, NULL); -- result = (ns && ASN1_STRING_length(ns) > 0 && (ASN1_STRING_get0_data(ns)[0] & NS_SSL_SERVER)) ? SUCCESS : FAILURE; -+ result = (ns && ns->length > 0 && (ns->data[0] & NS_SSL_SERVER)) ? SUCCESS : FAILURE; - if (result == SUCCESS) - { - msg(M_WARN, "X509: Certificate is a server certificate yet it's purpose " diff --git a/net/openvpn/patches/103-define-LN_serialNumber-for-wolfSSL.patch b/net/openvpn/patches/103-define-LN_serialNumber-for-wolfSSL.patch index e79f75fae3c95..41e197fc549ef 100644 --- a/net/openvpn/patches/103-define-LN_serialNumber-for-wolfSSL.patch +++ b/net/openvpn/patches/103-define-LN_serialNumber-for-wolfSSL.patch @@ -1,6 +1,6 @@ --- a/src/openvpn/ssl_verify_openssl.c +++ b/src/openvpn/ssl_verify_openssl.c -@@ -253,6 +253,9 @@ backend_x509_get_username(char *common_n +@@ -258,6 +258,9 @@ backend_x509_get_username(char *common_n return FAILURE; } } @@ -9,4 +9,4 @@ +#endif else if (strcmp(LN_serialNumber, x509_username_field) == 0) { - ASN1_INTEGER *asn1_i = X509_get_serialNumber(peer_cert); + const ASN1_INTEGER *asn1_i = X509_get_serialNumber(peer_cert);