From 34db38520b879ba8dcf637d2f8bdb365e545b5bb Mon Sep 17 00:00:00 2001 From: Philipp Schuster Date: Fri, 12 Jul 2019 04:13:03 +0200 Subject: [PATCH] softethervpn: Update to rtm version 4.29-9680 Update SoftEther VPN to the latest rtm version 4.29-9680 Compile tested: Atheros AR7xxx/AR9xxx, TP-LINK Archer C7 v2, 18.06.4 Signed-off-by: Philipp Schuster (rebased and refreshed patches). Signed-off-by: Rosen Penev --- net/softethervpn/Makefile | 10 +-- .../patches/001-Encrypt_set_default_RSA.patch | 61 ------------------- net/softethervpn/patches/103-noeucjp.patch | 6 +- net/softethervpn/patches/110-no-m64.patch | 2 +- .../patches/120-openssl-deprecated.patch | 30 ++++----- net/softethervpn/patches/130-iconv.patch | 6 +- 6 files changed, 27 insertions(+), 88 deletions(-) delete mode 100644 net/softethervpn/patches/001-Encrypt_set_default_RSA.patch diff --git a/net/softethervpn/Makefile b/net/softethervpn/Makefile index 4fd17ab48..a7a4df39d 100644 --- a/net/softethervpn/Makefile +++ b/net/softethervpn/Makefile @@ -9,14 +9,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=softethervpn -PKG_VERSION:=4.28-9669 -PKG_VERREL:=beta -PKG_VERDATE:=2018.09.11 -PKG_RELEASE:=4 +PKG_VERSION:=4.29-9680 +PKG_VERREL:=rtm +PKG_VERDATE:=2019.02.28 +PKG_RELEASE:=1 PKG_SOURCE:=softether-src-v$(PKG_VERSION)-$(PKG_VERREL).tar.gz PKG_SOURCE_URL:=http://www.softether-download.com/files/softether/v$(PKG_VERSION)-$(PKG_VERREL)-$(PKG_VERDATE)-tree/Source_Code/ -PKG_HASH:=1e641fa227a732b3eec3fe8bdcf4d4fd2b1d0b0a5084119126c1216d2ec1b545 +PKG_HASH:=e6035fa7d9aaf59bdb342cd7ab5ecfdff89811a875f62a3230208cdc8a4e26e4 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/v$(PKG_VERSION) HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)/v$(PKG_VERSION) diff --git a/net/softethervpn/patches/001-Encrypt_set_default_RSA.patch b/net/softethervpn/patches/001-Encrypt_set_default_RSA.patch deleted file mode 100644 index da1bcbdb3..000000000 --- a/net/softethervpn/patches/001-Encrypt_set_default_RSA.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 1fad008e1adba5cb596da6f9ec6a244d49a585cf Mon Sep 17 00:00:00 2001 -From: Davide Beatrici -Date: Mon, 9 Apr 2018 22:02:34 +0200 -Subject: [PATCH] Encrypt: set default RSA key size to 1024 everywhere, using - the RSA_KEY_SIZE macro - -This commit also fixes the problem described in #31, which was caused by the test key generated in RsaCheck() being too small for newer OpenSSL versions. ---- - src/Mayaqua/Encrypt.c | 8 ++++---- - src/Mayaqua/Encrypt.h | 2 +- - 2 files changed, 5 insertions(+), 5 deletions(-) - ---- a/src/Mayaqua/Encrypt.c -+++ b/src/Mayaqua/Encrypt.c -@@ -2458,7 +2458,7 @@ bool RsaVerifyEx(void *data, UINT data_s - } - if (bits == 0) - { -- bits = 1024; -+ bits = RSA_KEY_SIZE; - } - - // Hash the data -@@ -2497,7 +2497,7 @@ bool RsaSignEx(void *dst, void *src, UIN - } - if (bits == 0) - { -- bits = 1024; -+ bits = RSA_KEY_SIZE; - } - - Zero(dst, bits / 8); -@@ -2684,7 +2684,7 @@ bool RsaCheck() - BIO *bio; - char errbuf[MAX_SIZE]; - UINT size = 0; -- UINT bit = 32; -+ UINT bit = RSA_KEY_SIZE; - // Validate arguments - - // Key generation -@@ -2754,7 +2754,7 @@ bool RsaGen(K **priv, K **pub, UINT bit) - } - if (bit == 0) - { -- bit = 1024; -+ bit = RSA_KEY_SIZE; - } - - // Key generation ---- a/src/Mayaqua/Encrypt.h -+++ b/src/Mayaqua/Encrypt.h -@@ -128,7 +128,7 @@ void RAND_Free_For_SoftEther(); - #define DES_IV_SIZE 8 // DES IV size - #define DES_BLOCK_SIZE 8 // DES block size - #define DES3_KEY_SIZE (8 * 3) // 3DES key size --#define RSA_KEY_SIZE 128 // RSA key size -+#define RSA_KEY_SIZE 1024 // RSA key size - #define DH_KEY_SIZE 128 // DH key size - #define RSA_MIN_SIGN_HASH_SIZE (15 + SHA1_HASH_SIZE) // Minimum RSA hash size - #define RSA_SIGN_HASH_SIZE (RSA_MIN_SIGN_HASH_SIZE) // RSA hash size diff --git a/net/softethervpn/patches/103-noeucjp.patch b/net/softethervpn/patches/103-noeucjp.patch index f403dfb12..b1e338cfc 100644 --- a/net/softethervpn/patches/103-noeucjp.patch +++ b/net/softethervpn/patches/103-noeucjp.patch @@ -1,6 +1,6 @@ --- a/src/Mayaqua/Internat.c +++ b/src/Mayaqua/Internat.c -@@ -123,7 +123,7 @@ +@@ -114,7 +114,7 @@ #include extern LOCK *token_lock; @@ -9,7 +9,7 @@ static LOCK *iconv_lock = NULL; void *iconv_cache_wide_to_str = 0; void *iconv_cache_str_to_wide = 0; -@@ -938,7 +938,7 @@ void InitInternational() +@@ -929,7 +929,7 @@ void InitInternational() #ifdef UNIX_MACOS StrCpy(charset, sizeof(charset), "utf-8"); #else // UNIX_MACOS @@ -18,7 +18,7 @@ #endif // UNIX_MACOS d = IconvWideToStrInternal(); if (d == (void *)-1) -@@ -1198,7 +1198,7 @@ void GetCurrentCharSet(char *name, UINT +@@ -1189,7 +1189,7 @@ void GetCurrentCharSet(char *name, UINT } else { diff --git a/net/softethervpn/patches/110-no-m64.patch b/net/softethervpn/patches/110-no-m64.patch index 5fc3e61e3..ed21e1488 100644 --- a/net/softethervpn/patches/110-no-m64.patch +++ b/net/softethervpn/patches/110-no-m64.patch @@ -1,6 +1,6 @@ --- a/src/makefiles/linux_64bit.mak +++ b/src/makefiles/linux_64bit.mak -@@ -29,9 +29,9 @@ OPTIONS_COMPILE_DEBUG=-D_DEBUG -DDEBUG -DUNIX -DUNIX_LINUX -DCPU_64 -D_REENTRANT +@@ -66,9 +66,9 @@ OPTIONS_COMPILE_DEBUG=-D_DEBUG -DDEBUG -DUNIX -DUNIX_LINUX -DCPU_64 -D_REENTRANT OPTIONS_LINK_DEBUG=-g -fsigned-char -m64 -lm -ldl -lrt -lpthread -lssl -lcrypto -lreadline -lncurses -lz diff --git a/net/softethervpn/patches/120-openssl-deprecated.patch b/net/softethervpn/patches/120-openssl-deprecated.patch index 6c06e6474..3a154ce40 100644 --- a/net/softethervpn/patches/120-openssl-deprecated.patch +++ b/net/softethervpn/patches/120-openssl-deprecated.patch @@ -2,7 +2,7 @@ diff --git a/src/Mayaqua/Encrypt.c b/src/Mayaqua/Encrypt.c index f3b3908..06b7fea 100644 --- a/src/Mayaqua/Encrypt.c +++ b/src/Mayaqua/Encrypt.c -@@ -129,6 +129,7 @@ +@@ -120,6 +120,7 @@ #include #include #include @@ -10,7 +10,7 @@ index f3b3908..06b7fea 100644 #include #include #include -@@ -137,6 +138,7 @@ +@@ -128,6 +129,7 @@ #include #include #include @@ -18,7 +18,7 @@ index f3b3908..06b7fea 100644 #include #include #include -@@ -634,7 +636,7 @@ UINT CipherProcess(CIPHER *c, void *iv, void *dest, void *src, UINT size) +@@ -625,7 +627,7 @@ UINT CipherProcess(CIPHER *c, void *iv, void *dest, void *src, UINT size) return 0; } @@ -27,7 +27,7 @@ index f3b3908..06b7fea 100644 { return 0; } -@@ -933,6 +935,7 @@ BUF *BigNumToBuf(const BIGNUM *bn) +@@ -924,6 +926,7 @@ BUF *BigNumToBuf(const BIGNUM *bn) // Initialization of the lock of OpenSSL void OpenSSL_InitLock() { @@ -35,7 +35,7 @@ index f3b3908..06b7fea 100644 UINT i; // Initialization of the lock object -@@ -946,11 +949,13 @@ void OpenSSL_InitLock() +@@ -937,11 +940,13 @@ void OpenSSL_InitLock() // Setting the lock function CRYPTO_set_locking_callback(OpenSSL_Lock); CRYPTO_set_id_callback(OpenSSL_Id); @@ -49,7 +49,7 @@ index f3b3908..06b7fea 100644 UINT i; for (i = 0;i < ssl_lock_num;i++) -@@ -962,11 +967,13 @@ void OpenSSL_FreeLock() +@@ -953,11 +958,13 @@ void OpenSSL_FreeLock() CRYPTO_set_locking_callback(NULL); CRYPTO_set_id_callback(NULL); @@ -63,7 +63,7 @@ index f3b3908..06b7fea 100644 LOCK *lock = ssl_lock_obj[n]; if (mode & CRYPTO_LOCK) -@@ -979,12 +986,15 @@ void OpenSSL_Lock(int mode, int n, const char *file, int line) +@@ -970,12 +977,15 @@ void OpenSSL_Lock(int mode, int n, const char *file, int line) // Unlock Unlock(lock); } @@ -79,7 +79,7 @@ index f3b3908..06b7fea 100644 } // Get the display name of the certificate -@@ -1908,8 +1918,8 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial) +@@ -1899,8 +1909,8 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial) X509_set_version(x509, 2L); // Set the Expiration @@ -90,7 +90,7 @@ index f3b3908..06b7fea 100644 if (!UINT64ToAsn1Time(t1, notBefore)) { FreeX509(x509); -@@ -2050,8 +2060,8 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial) +@@ -2041,8 +2051,8 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial) X509_set_version(x509, 2L); // Set the Expiration @@ -101,7 +101,7 @@ index f3b3908..06b7fea 100644 if (!UINT64ToAsn1Time(t1, notBefore)) { FreeX509(x509); -@@ -2677,6 +2687,43 @@ bool RsaCheckEx() +@@ -2697,6 +2707,43 @@ bool RsaCheckEx() return false; } @@ -145,7 +145,7 @@ index f3b3908..06b7fea 100644 bool RsaCheck() { RSA *rsa; -@@ -2690,12 +2737,11 @@ bool RsaCheck() +@@ -2710,12 +2757,11 @@ bool RsaCheck() // Key generation Lock(openssl_lock); { @@ -159,7 +159,7 @@ index f3b3908..06b7fea 100644 return false; } -@@ -2760,12 +2806,11 @@ bool RsaGen(K **priv, K **pub, UINT bit) +@@ -2780,12 +2826,11 @@ bool RsaGen(K **priv, K **pub, UINT bit) // Key generation Lock(openssl_lock); { @@ -173,7 +173,7 @@ index f3b3908..06b7fea 100644 return false; } -@@ -3875,7 +3920,7 @@ X *X509ToX(X509 *x509) +@@ -3895,7 +3940,7 @@ X *X509ToX(X509 *x509) { if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location->type == GEN_URI) { @@ -182,7 +182,7 @@ index f3b3908..06b7fea 100644 if (IsEmptyStr(uri) == false) { -@@ -4088,7 +4133,9 @@ void Rand(void *buf, UINT size) +@@ -4108,7 +4153,9 @@ void Rand(void *buf, UINT size) // Delete a thread-specific information that OpenSSL has holded void FreeOpenSSLThreadState() { @@ -192,7 +192,7 @@ index f3b3908..06b7fea 100644 } // Release the Crypt library -@@ -4110,13 +4157,16 @@ void InitCryptLibrary() +@@ -4130,13 +4177,16 @@ void InitCryptLibrary() CheckIfIntelAesNiSupportedInit(); // RAND_Init_For_SoftEther() openssl_lock = NewLock(); diff --git a/net/softethervpn/patches/130-iconv.patch b/net/softethervpn/patches/130-iconv.patch index dee56d5f9..6f8a5fa7c 100644 --- a/net/softethervpn/patches/130-iconv.patch +++ b/net/softethervpn/patches/130-iconv.patch @@ -2,7 +2,7 @@ diff --git a/src/Mayaqua/Mayaqua.h b/src/Mayaqua/Mayaqua.h index 194f8e6..177129e 100644 --- a/src/Mayaqua/Mayaqua.h +++ b/src/Mayaqua/Mayaqua.h -@@ -292,7 +292,7 @@ int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow) +@@ -283,7 +283,7 @@ int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow) #include #endif // MAYAQUA_SUPPORTS_GETIFADDRS @@ -15,7 +15,7 @@ diff --git a/src/makefiles/linux_32bit.mak b/src/makefiles/linux_32bit.mak index 8219d5d..8020290 100644 --- a/src/makefiles/linux_32bit.mak +++ b/src/makefiles/linux_32bit.mak -@@ -31,7 +31,7 @@ OPTIONS_LINK_DEBUG=-g -fsigned-char -lm -ldl -lrt -lpthread -lssl -lcrypto -lrea +@@ -68,7 +68,7 @@ OPTIONS_LINK_DEBUG=-g -fsigned-char -lm -ldl -lrt -lpthread -lssl -lcrypto -lrea OPTIONS_COMPILE_RELEASE=-DNDEBUG -DVPN_SPEED -DUNIX -DUNIX_LINUX -D_REENTRANT -DREENTRANT -D_THREAD_SAFE -D_THREADSAFE -DTHREAD_SAFE -DTHREADSAFE -D_FILE_OFFSET_BITS=64 -I./src/ -I./src/Cedar/ -I./src/Mayaqua/ -O2 -fsigned-char @@ -28,7 +28,7 @@ diff --git a/src/makefiles/linux_64bit.mak b/src/makefiles/linux_64bit.mak index 7f81b58..a36e0de 100644 --- a/src/makefiles/linux_64bit.mak +++ b/src/makefiles/linux_64bit.mak -@@ -31,7 +31,7 @@ OPTIONS_LINK_DEBUG=-g -fsigned-char -m64 -lm -ldl -lrt -lpthread -lssl -lcrypto +@@ -68,7 +68,7 @@ OPTIONS_LINK_DEBUG=-g -fsigned-char -m64 -lm -ldl -lrt -lpthread -lssl -lcrypto OPTIONS_COMPILE_RELEASE=-DNDEBUG -DVPN_SPEED -DUNIX -DUNIX_LINUX -DCPU_64 -D_REENTRANT -DREENTRANT -D_THREAD_SAFE -D_THREADSAFE -DTHREAD_SAFE -DTHREADSAFE -D_FILE_OFFSET_BITS=64 -I./src/ -I./src/Cedar/ -I./src/Mayaqua/ -O2 -fsigned-char