ASR_BASE
Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1
diff --git a/external/subpack/net/openvpn/patches/001-reproducible-remove_DATE.patch b/external/subpack/net/openvpn/patches/001-reproducible-remove_DATE.patch
new file mode 100644
index 0000000..e4e6d39
--- /dev/null
+++ b/external/subpack/net/openvpn/patches/001-reproducible-remove_DATE.patch
@@ -0,0 +1,10 @@
+--- a/src/openvpn/options.c
++++ b/src/openvpn/options.c
+@@ -105,7 +105,6 @@ const char title_string[] =
+ #endif
+ #endif
+ " [AEAD]"
+- " built on " __DATE__
+ ;
+
+ #ifndef ENABLE_SMALL
diff --git a/external/subpack/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch b/external/subpack/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
new file mode 100644
index 0000000..8d49d16
--- /dev/null
+++ b/external/subpack/net/openvpn/patches/100-mbedtls-disable-runtime-version-check.patch
@@ -0,0 +1,11 @@
+--- a/src/openvpn/ssl_mbedtls.c
++++ b/src/openvpn/ssl_mbedtls.c
+@@ -1538,7 +1538,7 @@ const char *
+ get_ssl_library_version(void)
+ {
+ static char mbedtls_version[30];
+- unsigned int pv = mbedtls_version_get_number();
++ unsigned int pv = MBEDTLS_VERSION_NUMBER;
+ sprintf( mbedtls_version, "mbed TLS %d.%d.%d",
+ (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff );
+ return mbedtls_version;
diff --git a/external/subpack/net/openvpn/patches/210-build_always_use_internal_lz4.patch b/external/subpack/net/openvpn/patches/210-build_always_use_internal_lz4.patch
new file mode 100644
index 0000000..a99f923
--- /dev/null
+++ b/external/subpack/net/openvpn/patches/210-build_always_use_internal_lz4.patch
@@ -0,0 +1,74 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -1077,68 +1077,15 @@ dnl
+ AC_ARG_VAR([LZ4_CFLAGS], [C compiler flags for lz4])
+ AC_ARG_VAR([LZ4_LIBS], [linker flags for lz4])
+ if test "$enable_lz4" = "yes" && test "$enable_comp_stub" = "no"; then
+- if test -z "${LZ4_CFLAGS}" -a -z "${LZ4_LIBS}"; then
+- # if the user did not explicitly specify flags, try to autodetect
+- PKG_CHECK_MODULES([LZ4],
+- [liblz4 >= 1.7.1 liblz4 < 100],
+- [have_lz4="yes"],
+- [LZ4_LIBS="-llz4"] # If this fails, we will do another test next.
+- # We also add set LZ4_LIBS otherwise the
+- # linker will not know about the lz4 library
+- )
+- fi
+
+ saved_CFLAGS="${CFLAGS}"
+ saved_LIBS="${LIBS}"
+ CFLAGS="${CFLAGS} ${LZ4_CFLAGS}"
+ LIBS="${LIBS} ${LZ4_LIBS}"
+
+- # If pkgconfig check failed or LZ4_CFLAGS/LZ4_LIBS env vars
+- # are used, check the version directly in the LZ4 include file
+- if test "${have_lz4}" != "yes"; then
+- AC_CHECK_HEADERS([lz4.h],
+- [have_lz4h="yes"],
+- [])
+-
+- if test "${have_lz4h}" = "yes" ; then
+- AC_MSG_CHECKING([additionally if system LZ4 version >= 1.7.1])
+- AC_COMPILE_IFELSE(
+- [AC_LANG_PROGRAM([[
+-#include <lz4.h>
+- ]],
+- [[
+-/* Version encoding: MMNNPP (Major miNor Patch) - see lz4.h for details */
+-#if LZ4_VERSION_NUMBER < 10701L
+-#error LZ4 is too old
+-#endif
+- ]]
+- )],
+- [
+- AC_MSG_RESULT([ok])
+- have_lz4="yes"
+- ],
+- [AC_MSG_RESULT([system LZ4 library is too old])]
+- )
+- fi
+- fi
+-
+- # Double check we have a few needed functions
+- if test "${have_lz4}" = "yes" ; then
+- AC_CHECK_LIB([lz4],
+- [LZ4_compress_default],
+- [],
+- [have_lz4="no"])
+- AC_CHECK_LIB([lz4],
+- [LZ4_decompress_safe],
+- [],
+- [have_lz4="no"])
+- fi
+-
+- if test "${have_lz4}" != "yes" ; then
+- AC_MSG_RESULT([ usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
+- AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
+- LZ4_LIBS=""
+- fi
++ AC_MSG_RESULT([ usable LZ4 library or header not found, using version in src/compat/compat-lz4.*])
++ AC_DEFINE([NEED_COMPAT_LZ4], [1], [use copy of LZ4 source in compat/])
++ LZ4_LIBS=""
+ OPTIONAL_LZ4_CFLAGS="${LZ4_CFLAGS}"
+ OPTIONAL_LZ4_LIBS="${LZ4_LIBS}"
+ AC_DEFINE(ENABLE_LZ4, [1], [Enable LZ4 compression library])
diff --git a/external/subpack/net/openvpn/patches/220-disable_des.patch b/external/subpack/net/openvpn/patches/220-disable_des.patch
new file mode 100644
index 0000000..9ddf104
--- /dev/null
+++ b/external/subpack/net/openvpn/patches/220-disable_des.patch
@@ -0,0 +1,74 @@
+--- a/src/openvpn/syshead.h
++++ b/src/openvpn/syshead.h
+@@ -572,7 +572,7 @@ socket_defined(const socket_descriptor_t
+ /*
+ * Should we include NTLM proxy functionality
+ */
+-#define NTLM 1
++//#define NTLM 1
+
+ /*
+ * Should we include proxy digest auth functionality
+--- a/src/openvpn/crypto_mbedtls.c
++++ b/src/openvpn/crypto_mbedtls.c
+@@ -383,6 +383,7 @@ int
+ key_des_num_cblocks(const mbedtls_cipher_info_t *kt)
+ {
+ int ret = 0;
++#ifdef MBEDTLS_DES_C
+ if (kt->type == MBEDTLS_CIPHER_DES_CBC)
+ {
+ ret = 1;
+@@ -395,6 +396,7 @@ key_des_num_cblocks(const mbedtls_cipher
+ {
+ ret = 3;
+ }
++#endif
+
+ dmsg(D_CRYPTO_DEBUG, "CRYPTO INFO: n_DES_cblocks=%d", ret);
+ return ret;
+@@ -403,6 +405,7 @@ key_des_num_cblocks(const mbedtls_cipher
+ bool
+ key_des_check(uint8_t *key, int key_len, int ndc)
+ {
++#ifdef MBEDTLS_DES_C
+ int i;
+ struct buffer b;
+
+@@ -431,11 +434,15 @@ key_des_check(uint8_t *key, int key_len,
+
+ err:
+ return false;
++#else
++ return true;
++#endif
+ }
+
+ void
+ key_des_fixup(uint8_t *key, int key_len, int ndc)
+ {
++#ifdef MBEDTLS_DES_C
+ int i;
+ struct buffer b;
+
+@@ -450,6 +457,7 @@ key_des_fixup(uint8_t *key, int key_len,
+ }
+ mbedtls_des_key_set_parity(key);
+ }
++#endif
+ }
+
+ /*
+@@ -770,10 +778,12 @@ cipher_des_encrypt_ecb(const unsigned ch
+ unsigned char *src,
+ unsigned char *dst)
+ {
++#ifdef MBEDTLS_DES_C
+ mbedtls_des_context ctx;
+
+ ASSERT(mbed_ok(mbedtls_des_setkey_enc(&ctx, key)));
+ ASSERT(mbed_ok(mbedtls_des_crypt_ecb(&ctx, src, dst)));
++#endif
+ }
+
+