From 3505b0888ab94c90468bd6f41f82770d46677342 Mon Sep 17 00:00:00 2001 From: Alberto Gonzalez Iniesta Date: Thu, 22 Jun 2017 13:19:58 +0200 Subject: Refresh patches for 2.4.3 --- debian/patches/upstream-issue-879.patch | 87 --------------------------------- 1 file changed, 87 deletions(-) delete mode 100644 debian/patches/upstream-issue-879.patch (limited to 'debian/patches/upstream-issue-879.patch') diff --git a/debian/patches/upstream-issue-879.patch b/debian/patches/upstream-issue-879.patch deleted file mode 100644 index 2139afc..0000000 --- a/debian/patches/upstream-issue-879.patch +++ /dev/null @@ -1,87 +0,0 @@ -Index: openvpn/src/openvpn/forward.c -=================================================================== ---- openvpn.orig/src/openvpn/forward.c 2017-05-22 14:59:09.634938195 +0200 -+++ openvpn/src/openvpn/forward.c 2017-05-22 14:59:09.630937170 +0200 -@@ -866,9 +866,16 @@ - * will load crypto_options with the correct encryption key - * and return false. - */ -+ uint8_t opcode = *BPTR(&c->c2.buf) >> P_OPCODE_SHIFT; - if (tls_pre_decrypt(c->c2.tls_multi, &c->c2.from, &c->c2.buf, &co, - floated, &ad_start)) - { -+ /* Restore pre-NCP frame parameters */ -+ if (is_hard_reset(opcode, c->options.key_method)) -+ { -+ c->c2.frame = c->c2.frame_initial; -+ } -+ - interval_action(&c->c2.tmp_int); - - /* reset packet received timer if TLS packet */ -Index: openvpn/src/openvpn/init.c -=================================================================== ---- openvpn.orig/src/openvpn/init.c 2017-05-22 14:59:09.634938195 +0200 -+++ openvpn/src/openvpn/init.c 2017-05-22 14:59:09.634938195 +0200 -@@ -4055,6 +4055,8 @@ - c->c2.did_open_tun = do_open_tun(c); - } - -+ c->c2.frame_initial = c->c2.frame; -+ - /* print MTU info */ - do_print_data_channel_mtu_parms(c); - -Index: openvpn/src/openvpn/openvpn.h -=================================================================== ---- openvpn.orig/src/openvpn/openvpn.h 2017-05-22 14:59:09.634938195 +0200 -+++ openvpn/src/openvpn/openvpn.h 2017-05-22 14:59:09.634938195 +0200 -@@ -263,7 +263,8 @@ - struct link_socket_actual from; /* address of incoming datagram */ - - /* MTU frame parameters */ -- struct frame frame; -+ struct frame frame; /* Active frame parameters */ -+ struct frame frame_initial; /* Restored on new session */ - - #ifdef ENABLE_FRAGMENT - /* Object to handle advanced MTU negotiation and datagram fragmentation */ -Index: openvpn/src/openvpn/ssl.c -=================================================================== ---- openvpn.orig/src/openvpn/ssl.c 2017-05-22 14:59:09.634938195 +0200 -+++ openvpn/src/openvpn/ssl.c 2017-05-22 14:59:09.634938195 +0200 -@@ -830,14 +830,7 @@ - return BSTR(&out); - } - --/* -- * Given a key_method, return true if op -- * represents the required form of hard_reset. -- * -- * If key_method = 0, return true if any -- * form of hard reset is used. -- */ --static bool -+bool - is_hard_reset(int op, int key_method) - { - if (!key_method || key_method == 1) -Index: openvpn/src/openvpn/ssl.h -=================================================================== ---- openvpn.orig/src/openvpn/ssl.h 2017-05-22 14:59:09.634938195 +0200 -+++ openvpn/src/openvpn/ssl.h 2017-05-22 14:59:09.634938195 +0200 -@@ -591,6 +591,14 @@ - /*#define EXTRACT_X509_FIELD_TEST*/ - void extract_x509_field_test(void); - -+/** -+ * Given a key_method, return true if opcode represents the required form of -+ * hard_reset. -+ * -+ * If key_method == 0, return true if any form of hard reset is used. -+ */ -+bool is_hard_reset(int op, int key_method); -+ - #endif /* ENABLE_CRYPTO */ - - #endif /* ifndef OPENVPN_SSL_H */ -- cgit v1.2.3