From 45fcd8c37ed691cf0944576be3ea2eb654fc77be Mon Sep 17 00:00:00 2001 From: Federico Di Marco Date: Sat, 31 Dec 2016 04:20:32 +0100 Subject: [PATCH] softethervpn: updated to version 4.22-9634 - bugfix #3629 - readded nossl3 patch Signed-Off-by: Federico Di Marco --- net/softethervpn/Makefile | 131 ++++++++++++--------- net/softethervpn/patches/105-nossl3.patch | 33 ++++++ net/softethervpn/patches/105-nosslv3.patch | 50 -------- 3 files changed, 109 insertions(+), 105 deletions(-) create mode 100644 net/softethervpn/patches/105-nossl3.patch delete mode 100644 net/softethervpn/patches/105-nosslv3.patch diff --git a/net/softethervpn/Makefile b/net/softethervpn/Makefile index a01b97c88..189f1f561 100644 --- a/net/softethervpn/Makefile +++ b/net/softethervpn/Makefile @@ -9,21 +9,89 @@ include $(TOPDIR)/rules.mk PKG_NAME:=softethervpn -PKG_VERSION:=4.21-9613 +PKG_VERSION:=4.22-9634 PKG_VERREL:=beta -PKG_VERDATE:=2016.04.24 +PKG_VERDATE:=2016.11.27 PKG_RELEASE:=1 PKG_SOURCE:=softether-src-v$(PKG_VERSION)-$(PKG_VERREL).tar.gz PKG_SOURCE_URL:=http://www.softether-download.com/files/softether/v$(PKG_VERSION)-$(PKG_VERREL)-$(PKG_VERDATE)-tree/Source_Code/ -PKG_MD5SUM:=928d882d5fc23e00f0a5fa4ebf292ab9 +PKG_MD5SUM:=703d41b34ff49d008ddd329340a5a75e PKG_BUILD_DIR:=$(BUILD_DIR)/v$(PKG_VERSION) +HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/v$(PKG_VERSION) + PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYING -include $(INCLUDE_DIR)/nls.mk +PKG_BUILD_DEPENDS:=softethervpn/host + +HAMCORE_SE2:=$(STAGING_DIR_HOST)/share/softethervpn/hamcore.se2 + +include $(INCLUDE_DIR)/nls.mk include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/host-build.mk + + +# Override CC to add fake libreadline to linker search path +HOSTCC += -L./src/readline + +# Add defines to turn add_history() and readline() calls into no-ops +HOSTCC += -D'add_history(x)' -D'readline(x)=\"\"' + +# Execute in host build directory +HOST_MAKE_FLAGS += -C $(HOST_BUILD_DIR) + +# Select 32 or 64 bit Makefile for host build depending on host architecture +HOST_MAKE_FLAGS += -f src/makefiles/linux_$(if $(shell uname -m | grep 64),64,32)bit.mak + +# Prevent calling upstream configure +define Host/Configure +endef + +define Host/Compile + # Prepare fake readline headers and library + mkdir -p $(HOST_BUILD_DIR)/src/readline + touch $(HOST_BUILD_DIR)/src/readline/readline.h + touch $(HOST_BUILD_DIR)/src/readline/history.h + ar rcs $(HOST_BUILD_DIR)/src/readline/libreadline.a + + # Build hamcorebuilder using host compiler and let it generate + # the hamcore.se2 archive file + CC="$(HOSTCC)" $(MAKE) $(HOST_MAKE_FLAGS) \ + src/bin/BuiltHamcoreFiles/unix/hamcore.se2 +endef + +define Host/Install + $(INSTALL_DIR) $(STAGING_DIR_HOST)/share/softethervpn + $(INSTALL_DATA) $(HOST_BUILD_DIR)/src/bin/BuiltHamcoreFiles/unix/hamcore.se2 $(HAMCORE_SE2) +endef + + +# Tune CFLAGS for target +TARGET_CFLAGS += \ + $(if $(CONFIG_OPENSSL_WITH_SSL3),,-DSSL_OP_NO_SSLv3) \ + $(if $(filter mips mipsel,$(ARCH)),-minterlink-mips16) + +# Select 32 or 64 bit Makefile for target build depending on 64bit config symbol +MAKE_FLAGS += \ + -f src/makefiles/linux_$(if $(CONFIG_ARCH_64BIT),64,32)bit.mak + +# Map nonstandard CCFLAGS variable to standard TARGET_CFLAGS +MAKE_VARS += \ + CCFLAGS="$(TARGET_CFLAGS)" + +define Build/Configure + # Fetch prebuilt hamcore.se2 from staging dir + $(INSTALL_DIR) $(PKG_BUILD_DIR)/src/bin/BuiltHamcoreFiles/unix + $(CP) $(HAMCORE_SE2) $(PKG_BUILD_DIR)/src/bin/BuiltHamcoreFiles/unix/hamcore.se2 + + # Portably set hamcore.se2 modtime to one day in the future + # to prevent rebuilding it + perl -e 'utime(time() + 86400, time() + 86400, $$$$ARGV[0])' \ + $(PKG_BUILD_DIR)/src/bin/BuiltHamcoreFiles/unix/hamcore.se2 +endef + define Package/softethervpn SECTION:=net @@ -36,10 +104,10 @@ define Package/softethervpn endef define Package/softethervpn/description -SoftEther VPN ("SoftEther" means "Software Ethernet") is one of the world's most powerful and easy-to-use multi-protocol VPN software developed as an academic +SoftEther VPN ("SoftEther" means "Software Ethernet") is one of the world's most powerful and easy-to-use multi-protocol VPN software developed as an academic project from University of Tsukuba, Japan. SoftEther VPN has strong compatibility to today's most popular VPN products among the world. It has the interoperability -with OpenVPN, L2TP, IPsec, EtherIP, L2TPv3, Cisco VPN Routers and MS-SSTP VPN Clients. SoftEther VPN is the world's only VPN software which supports SSL-VPN, -OpenVPN, L2TP, EtherIP, L2TPv3 and IPsec as a single VPN software. SoftEther VPN is not only an alternative VPN server to existing VPN products (OpenVPN, +with OpenVPN, L2TP, IPsec, EtherIP, L2TPv3, Cisco VPN Routers and MS-SSTP VPN Clients. SoftEther VPN is the world's only VPN software which supports SSL-VPN, +OpenVPN, L2TP, EtherIP, L2TPv3 and IPsec as a single VPN software. SoftEther VPN is not only an alternative VPN server to existing VPN products (OpenVPN, IPsec and MS-SSTP), but has also original strong SSL-VPN protocol to penetrate any kinds of firewalls. Ultra-optimized SSL-VPN Protocol of SoftEther VPN has very fast throughput, low latency and firewall resistance. endef @@ -52,54 +120,6 @@ define Package/softethervpn/conffiles /usr/libexec/softethervpn/lang.config endef - -ifeq ($(CONFIG_OPENSSL_WITH_SSL3),y) - SE_FLAGS=-DSSL3_SUPPORT -endif - -ifeq ($(ARCH),mips) - SE_FLAGS+= -minterlink-mips16 -endif - -ifeq ($(ARCH),mipsel) - SE_FLAGS+= -minterlink-mips16 -endif - - -define Build/Configure - if [ -v CONFIG_64BIT ]; then cp $(PKG_BUILD_DIR)/src/makefiles/linux_64bit.mak $(PKG_BUILD_DIR)/Makefile; else cp $(PKG_BUILD_DIR)/src/makefiles/linux_32bit.mak $(PKG_BUILD_DIR)/Makefile; fi; -endef - -define Build/Compile - # Softether compiles first a tool called hamcorebuilder which is essentially an archiver. Then the compilation calls this archiver to pack all - # resource files (*.html, *.config, .txt, readme, languages) it needs to run in an archive file called hamcore.se2. The three executables are then built - # and they will have a runtime dependency on this resource archive. By default OpenWRT build process cross compiles all targets in the makefile - # generating therefore an error when the archive is generated since the executable is crosscompiled to run on the router and instead it is run - # by the build host. The workaround is to compile the archiver with the host environment, generate the hamcore.se2 archive and cross compile everything - # again without regenerating the archive. - - # we clean the last cross compiled version - make -C $(PKG_BUILD_DIR) clean - - # we compile the hamcorebuilder utility and generate hamcore archive using host environment - make -C $(PKG_BUILD_DIR) src/bin/BuiltHamcoreFiles/unix/hamcore.se2 - - # we clean everything, but we save the built hamcore archive and we update its timestamp to avoid rebuilding the archive with cross compiled hamcorebuilder - mv $(PKG_BUILD_DIR)/src/bin/BuiltHamcoreFiles/unix/hamcore.se2 $(PKG_BUILD_DIR)/src/bin/BuiltHamcoreFiles/unix/hamcore.se2.1 - make -C $(PKG_BUILD_DIR) clean - mv $(PKG_BUILD_DIR)/src/bin/BuiltHamcoreFiles/unix/hamcore.se2.1 $(PKG_BUILD_DIR)/src/bin/BuiltHamcoreFiles/unix/hamcore.se2 - touch -d "`date -d 1day`" $(PKG_BUILD_DIR)/src/bin/BuiltHamcoreFiles/unix/hamcore.se2 - - ls -la $(PKG_BUILD_DIR)/src/bin/BuiltHamcoreFiles/unix - - # we cross compile everything from the scratch - $(MAKE) \ - $(TARGET_CONFIGURE_OPTS) \ - CCFLAGS="$(SE_FLAGS) -I$(STAGING_DIR)/usr/include $(ICONV_CFLAGS)" \ - LDFLAGS="-L$(STAGING_DIR)/usr/lib $(ICONV_LDFLAGS)" \ - -C $(PKG_BUILD_DIR) -endef - define Package/softethervpn/install $(INSTALL_DIR) $(1)/usr/libexec/softethervpn $(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vpnserver/vpnserver $(1)/usr/libexec/softethervpn @@ -129,3 +149,4 @@ define Package/softethervpn/install endef $(eval $(call BuildPackage,softethervpn)) +$(eval $(call HostBuild)) diff --git a/net/softethervpn/patches/105-nossl3.patch b/net/softethervpn/patches/105-nossl3.patch new file mode 100644 index 000000000..00e0feaa4 --- /dev/null +++ b/net/softethervpn/patches/105-nossl3.patch @@ -0,0 +1,33 @@ +Index: v4.22-9634/src/Mayaqua/Network.c +=================================================================== +--- v4.22-9634.orig/src/Mayaqua/Network.c ++++ v4.22-9634/src/Mayaqua/Network.c +@@ -13013,20 +13013,28 @@ bool StartSSLEx(SOCK *sock, X *x, K *pri + } + else + { ++#ifndef SSL_OP_NO_SSLv3 + if (client_tls == false) + { + SSL_CTX_set_ssl_version(ssl_ctx, SSLv3_method()); + } + else + { ++#endif // SSL_OP_NO_SSLv3 + SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_client_method()); ++#ifndef SSL_OP_NO_SSLv3 + } ++#endif // SSL_OP_NO_SSLv3 + } + sock->ssl = SSL_new(ssl_ctx); + SSL_set_fd(sock->ssl, (int)sock->socket); + + #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME ++#ifndef SSL_OP_NO_SSLv3 + if (sock->ServerMode == false && client_tls) ++#else ++ if (sock->ServerMode == false) ++#endif // SSL_OP_NO_SSLv3 + { + if (IsEmptyStr(sni_hostname) == false) + { diff --git a/net/softethervpn/patches/105-nosslv3.patch b/net/softethervpn/patches/105-nosslv3.patch deleted file mode 100644 index 221ab1c24..000000000 --- a/net/softethervpn/patches/105-nosslv3.patch +++ /dev/null @@ -1,50 +0,0 @@ ---- a/src/Mayaqua/Network.c -+++ b/src/Mayaqua/Network.c -@@ -12966,35 +12966,46 @@ bool StartSSLEx(SOCK *sock, X *x, K *pri - { - if (sock->ServerMode) - { -+#ifdef SSL3_SUPPORT - if (sock->AcceptOnlyTls == false) - { - SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method()); - } - else - { -+#endif - SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_method()); -+#ifdef SSL3_SUPPORT - } -- -+#endif - Unlock(openssl_lock); - AddChainSslCertOnDirectory(ssl_ctx); - Lock(openssl_lock); - } - else - { -+#ifdef SSL3_SUPPORT - if (client_tls == false) - { - SSL_CTX_set_ssl_version(ssl_ctx, SSLv3_method()); - } - else - { -+#endif - SSL_CTX_set_ssl_version(ssl_ctx, TLSv1_client_method()); -+#ifdef SSL3_SUPPORT - } -+#endif - } - sock->ssl = SSL_new(ssl_ctx); - SSL_set_fd(sock->ssl, (int)sock->socket); - - #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME -+# ifdef SSL3_SUPPORT - if (sock->ServerMode == false && client_tls) -+# else -+ if (sock->ServerMode == false) -+#endif - { - if (IsEmptyStr(sni_hostname) == false) - {