diff options
-rw-r--r-- | package/network/services/openvpn/Makefile | 2 | ||||
-rw-r--r-- | package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch | 42 |
2 files changed, 43 insertions, 1 deletions
diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile index 19f78bc..54a540f 100644 --- a/package/network/services/openvpn/Makefile +++ b/package/network/services/openvpn/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openvpn PKG_VERSION:=2.3.11 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz diff --git a/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch b/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch new file mode 100644 index 0000000..0a5c49c --- /dev/null +++ b/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch @@ -0,0 +1,42 @@ +From 629baad8f89af261445a2ace03694601f8e476f9 Mon Sep 17 00:00:00 2001 +From: Steffan Karger <steffan@karger.me> +Date: Fri, 13 May 2016 08:54:52 +0200 +Subject: [PATCH] Fix polarssl / mbedtls builds + +Commit 8a399cd3 hardened the OpenSSL default cipher list, +but also introduced a change in shared code that causes +polarssl / mbedtls builds to break when no --tls-cipher is +specified. + +This fix is backported code from the master branch. + +Signed-off-by: Steffan Karger <steffan@karger.me> +Acked-by: Gert Doering <gert@greenie.muc.de> +Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me> +URL: http://article.gmane.org/gmane.network.openvpn.devel/11647 +Signed-off-by: Gert Doering <gert@greenie.muc.de> +--- + src/openvpn/ssl_polarssl.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c +index 1f58369..9263698 100644 +--- a/src/openvpn/ssl_polarssl.c ++++ b/src/openvpn/ssl_polarssl.c +@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers) + { + char *tmp_ciphers, *tmp_ciphers_orig, *token; + int i, cipher_count; +- int ciphers_len = strlen (ciphers); ++ int ciphers_len; ++ ++ if (NULL == ciphers) ++ return; /* Nothing to do */ ++ ++ ciphers_len = strlen (ciphers); + + ASSERT (NULL != ctx); + ASSERT (0 != ciphers_len); +-- +2.8.1 + |