softethervpn: bump to v4.29

net/softethervpn/Makefile

@@ -9,22 +9,23 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=softethervpn
-PKG_VERSION:=4.25-9656
+PKG_VERSION:=4.29-9680
 PKG_VERREL:=rtm
-PKG_VERDATE:=2018.01.15
+PKG_VERDATE:=2019.02.28
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=softether-src-v$(PKG_VERSION)-$(PKG_VERREL).tar.gz
 PKG_SOURCE_URL:=http://www.softether-download.com/files/softether/v$(PKG_VERSION)-$(PKG_VERREL)-$(PKG_VERDATE)-tree/Source_Code/
-PKG_HASH:=b946dec3da5833ad2be69125224784b8a8e2a4149297d0c0a907ba0e1c4535f8
+PKG_HASH:=e6035fa7d9aaf59bdb342cd7ab5ecfdff89811a875f62a3230208cdc8a4e26e4
 
-PKG_BUILD_DIR:=$(BUILD_DIR)/v$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/v$(PKG_VERSION)
-HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/v$(PKG_VERSION)
+HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)/v$(PKG_VERSION)
 
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYING
 
 PKG_BUILD_DEPENDS:=softethervpn/host
+HOST_BUILD_DEPENDS:=readline/host libiconv/host
 
 HAMCORE_SE2:=$(STAGING_DIR_HOST)/share/softethervpn/hamcore.se2
 
@@ -32,33 +33,22 @@ include $(INCLUDE_DIR)/nls.mk
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/host-build.mk
 
-
-# Override CC to add fake libreadline to linker search path
-HOSTCC += -L./src/readline
-
-# Add defines to turn add_history() and readline() calls into no-ops
-HOSTCC += -D'add_history(x)' -D'readline(x)=\"\"'
-
 # Execute in host build directory
 HOST_MAKE_FLAGS += -C $(HOST_BUILD_DIR)
 
 # Select 32 or 64 bit Makefile for host build depending on host architecture
 HOST_MAKE_FLAGS += -f src/makefiles/linux_$(if $(shell uname -m | grep 64),64,32)bit.mak
 
+HOST_LDFLAGS += -Wl,-rpath="$(STAGING_DIR_HOSTPKG)/lib"
 # Prevent calling upstream configure
 define Host/Configure
 endef
 
 define Host/Compile
-	# Prepare fake readline headers and library
-	mkdir -p $(HOST_BUILD_DIR)/src/readline
-	touch $(HOST_BUILD_DIR)/src/readline/readline.h
-	touch $(HOST_BUILD_DIR)/src/readline/history.h
-	ar rcs $(HOST_BUILD_DIR)/src/readline/libreadline.a
-
 	# Build hamcorebuilder using host compiler and let it generate
 	# the hamcore.se2 archive file
-	CC="$(HOSTCC)" $(MAKE) $(HOST_MAKE_FLAGS) \
+	# CFLAGS, CPPFLAGS & LDFLAGS need to be passed with CC because they are being ingored
+	CC="$(HOSTCC) $(HOST_CFLAGS) $(HOST_CPPFLAGS) $(HOST_LDFLAGS)" $(MAKE) $(HOST_MAKE_FLAGS) \
 		src/bin/BuiltHamcoreFiles/unix/hamcore.se2
 endef
 
@@ -93,11 +83,10 @@ define Build/Configure
 endef
 
 
-define Package/softethervpn
+define Package/softethervpn/default
   SECTION:=net
   CATEGORY:=Network
   SUBMENU:=VPN
-  DEPENDS:=+libpthread +librt +libreadline +libopenssl +libncurses +kmod-tun +zlib $(ICONV_DEPENDS)
   TITLE:=Free Cross-platform Multi-protocol VPN server and client
   URL:=http://www.softether.org/
   MAINTAINER:=Federico Di Marco <fededim@gmail.com>
@@ -112,41 +101,98 @@ IPsec and MS-SSTP), but has also original strong SSL-VPN protocol to penetrate a
 has very fast throughput, low latency and firewall resistance.
 endef
 
-
+define Package/softethervpn-base
-define Package/softethervpn/conffiles
+  $(Package/softethervpn/default)
-/usr/libexec/softethervpn/vpn_server.config
+  DEPENDS:=+libpthread +librt +libreadline +libopenssl +libncurses +kmod-tun +zlib $(ICONV_DEPENDS)
-/usr/libexec/softethervpn/vpn_client.config
+  TITLE += (Base)
-/usr/libexec/softethervpn/vpn_bridge.config
-/usr/libexec/softethervpn/lang.config
 endef
 
-define Package/softethervpn/install
+define Package/softethervpn-server
+  $(Package/softethervpn/default)
+  DEPENDS:=+softethervpn-base
+  TITLE += (Server)
+endef
+
+define Package/softethervpn-bridge
+  $(Package/softethervpn/default)
+  DEPENDS:=+softethervpn-base
+  TITLE += (Bridge)
+endef
+
+define Package/softethervpn-client
+  $(Package/softethervpn/default)
+  DEPENDS:=+softethervpn-base
+  TITLE += (Client)
+endef
+
+Package/softethervpn-base/description = $(Package/softethervpn/description)
+Package/softethervpn-server/description = $(Package/softethervpn/description)
+Package/softethervpn-bridge/description = $(Package/softethervpn/description)
+Package/softethervpn-client/description = $(Package/softethervpn/description)
+
+define Package/softethervpn-base/conffiles
+  /usr/libexec/softethervpn/lang.config
+endef
+
+define Package/softethervpn-server/conffiles
+  /usr/libexec/softethervpn/vpn_server.config
+endef
+
+define Package/softethervpn-client/conffiles
+  /usr/libexec/softethervpn/vpn_client.config
+endef
+
+define Package/softethervpn-bridge/conffiles
+  /usr/libexec/softethervpn/vpn_bridge.config
+endef
+
+define Package/softethervpn-base/install
 	$(INSTALL_DIR) $(1)/usr/libexec/softethervpn
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vpnserver/vpnserver $(1)/usr/libexec/softethervpn
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vpnserver/hamcore.se2 $(1)/usr/libexec/softethervpn
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vpnclient/vpnclient $(1)/usr/libexec/softethervpn
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vpnbridge/vpnbridge $(1)/usr/libexec/softethervpn
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vpncmd/vpncmd $(1)/usr/libexec/softethervpn
 	$(INSTALL_BIN) files/launcher.sh $(1)/usr/libexec/softethervpn
 
-	$(INSTALL_DATA) files/dummy $(1)/usr/libexec/softethervpn/vpn_server.config
-	$(INSTALL_DATA) files/dummy $(1)/usr/libexec/softethervpn/vpn_bridge.config
-	$(INSTALL_DATA) files/dummy $(1)/usr/libexec/softethervpn/vpn_client.config
 	$(INSTALL_DATA) files/dummy $(1)/usr/libexec/softethervpn/lang.config
 
 	$(INSTALL_DIR) $(1)/usr/bin
-
-	#$(LN) ../../usr/libexec/softethervpn/launcher.sh $(1)/usr/bin/vpnserver
-	#$(LN) ../../usr/libexec/softethervpn/launcher.sh $(1)/usr/bin/vpnclient
-	#$(LN) ../../usr/libexec/softethervpn/launcher.sh $(1)/usr/bin/vpnbridge
 	$(LN) ../../usr/libexec/softethervpn/launcher.sh $(1)/usr/bin/vpncmd
+endef
+
+define Package/softethervpn-server/install
+	$(INSTALL_DIR) $(1)/usr/libexec/softethervpn
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vpnserver/vpnserver $(1)/usr/libexec/softethervpn
+
+	$(INSTALL_DATA) files/dummy $(1)/usr/libexec/softethervpn/vpn_server.config
 
 	$(INSTALL_DIR) $(1)/etc
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) files/vpnserver.init $(1)/etc/init.d/softethervpnserver
+endef
+
+define Package/softethervpn-bridge/install
+	$(INSTALL_DIR) $(1)/usr/libexec/softethervpn
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vpnbridge/vpnbridge $(1)/usr/libexec/softethervpn
+
+	$(INSTALL_DATA) files/dummy $(1)/usr/libexec/softethervpn/vpn_bridge.config
+
+	$(INSTALL_DIR) $(1)/etc
+	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) files/vpnbridge.init $(1)/etc/init.d/softethervpnbridge
+endef
+
+define Package/softethervpn-client/install
+	$(INSTALL_DIR) $(1)/usr/libexec/softethervpn
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/bin/vpnclient/vpnclient $(1)/usr/libexec/softethervpn
+
+	$(INSTALL_DATA) files/dummy $(1)/usr/libexec/softethervpn/vpn_client.config
+
+	$(INSTALL_DIR) $(1)/etc
+	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) files/vpnclient.init $(1)/etc/init.d/softethervpnclient
 endef
 
-$(eval $(call BuildPackage,softethervpn))
+$(eval $(call BuildPackage,softethervpn-base))
+$(eval $(call BuildPackage,softethervpn-server))
+$(eval $(call BuildPackage,softethervpn-client))
+$(eval $(call BuildPackage,softethervpn-bridge))
 $(eval $(call HostBuild))

net/softethervpn/patches/103-noeucjp.patch

@@ -1,6 +1,6 @@
 --- a/src/Mayaqua/Internat.c
 +++ b/src/Mayaqua/Internat.c
-@@ -123,7 +123,7 @@
+@@ -114,7 +114,7 @@
  #include <Mayaqua/Mayaqua.h>
  
  extern LOCK *token_lock;
@@ -9,7 +9,7 @@
  static LOCK *iconv_lock = NULL;
  void *iconv_cache_wide_to_str = 0;
  void *iconv_cache_str_to_wide = 0;
-@@ -938,7 +938,7 @@ void InitInternational()
+@@ -929,7 +929,7 @@ void InitInternational()
  #ifdef	UNIX_MACOS
  		StrCpy(charset, sizeof(charset), "utf-8");
  #else	// UNIX_MACOS
@@ -18,7 +18,7 @@
  #endif	// UNIX_MACOS
  		d = IconvWideToStrInternal();
  		if (d == (void *)-1)
-@@ -1198,7 +1198,7 @@ void GetCurrentCharSet(char *name, UINT
+@@ -1189,7 +1189,7 @@ void GetCurrentCharSet(char *name, UINT
  		}
  		else
  		{

net/softethervpn/patches/105-nossl3.patch

@@ -1,13 +0,0 @@
-Index: v4.25-9656/src/Mayaqua/Network.c
-===================================================================
---- v4.25-9656.orig/src/Mayaqua/Network.c
-+++ v4.25-9656/src/Mayaqua/Network.c
-@@ -13025,7 +13025,7 @@ bool StartSSLEx(SOCK *sock, X *x, K *pri
- 		{
- 			if (client_tls == false)
- 			{
--#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#ifndef SSL_OP_NO_SSLv3
- 				SSL_CTX_set_ssl_version(ssl_ctx, SSLv3_method());
- #else
- 				SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());

net/softethervpn/patches/110-no-m64.patch

@@ -0,0 +1,14 @@
+--- a/src/makefiles/linux_64bit.mak
++++ b/src/makefiles/linux_64bit.mak
+@@ -66,9 +66,9 @@ OPTIONS_COMPILE_DEBUG=-D_DEBUG -DDEBUG -DUNIX -DUNIX_LINUX -DCPU_64 -D_REENTRANT
+ 
+ OPTIONS_LINK_DEBUG=-g -fsigned-char -m64 -lm -ldl -lrt -lpthread -lssl -lcrypto -lreadline -lncurses -lz
+ 
+-OPTIONS_COMPILE_RELEASE=-DNDEBUG -DVPN_SPEED -DUNIX -DUNIX_LINUX -DCPU_64 -D_REENTRANT -DREENTRANT -D_THREAD_SAFE -D_THREADSAFE -DTHREAD_SAFE -DTHREADSAFE -D_FILE_OFFSET_BITS=64 -I./src/ -I./src/Cedar/ -I./src/Mayaqua/ -O2 -fsigned-char -m64
++OPTIONS_COMPILE_RELEASE=-DNDEBUG -DVPN_SPEED -DUNIX -DUNIX_LINUX -DCPU_64 -D_REENTRANT -DREENTRANT -D_THREAD_SAFE -D_THREADSAFE -DTHREAD_SAFE -DTHREADSAFE -D_FILE_OFFSET_BITS=64 -I./src/ -I./src/Cedar/ -I./src/Mayaqua/ -O2 -fsigned-char
+ 
+-OPTIONS_LINK_RELEASE=-O2 -fsigned-char -m64 -lm -ldl -lrt -lpthread -lssl -lcrypto -lreadline -lncurses -lz
++OPTIONS_LINK_RELEASE=-O2 -fsigned-char -lm -ldl -lrt -lpthread -lssl -lcrypto -lreadline -lncurses -lz
+ 
+ INSTALL_BINDIR=/usr/bin/
+ INSTALL_VPNSERVER_DIR=/usr/vpnserver/

net/softethervpn/patches/120-openssl-deprecated.patch

@@ -0,0 +1,212 @@
+diff --git a/src/Mayaqua/Encrypt.c b/src/Mayaqua/Encrypt.c
+index f3b3908..06b7fea 100644
+--- a/src/Mayaqua/Encrypt.c
++++ b/src/Mayaqua/Encrypt.c
+@@ -120,6 +120,7 @@
+ #include <openssl/rand.h>
+ #include <openssl/engine.h>
+ #include <openssl/bio.h>
++#include <openssl/bn.h>
+ #include <openssl/x509.h>
+ #include <openssl/pkcs7.h>
+ #include <openssl/pkcs12.h>
+@@ -128,6 +129,7 @@
+ #include <openssl/md4.h>
+ #include <openssl/hmac.h>
+ #include <openssl/sha.h>
++#include <openssl/rsa.h>
+ #include <openssl/des.h>
+ #include <openssl/aes.h>
+ #include <openssl/dh.h>
+@@ -625,7 +627,7 @@ UINT CipherProcess(CIPHER *c, void *iv, void *dest, void *src, UINT size)
+ 		return 0;
+ 	}
+ 
+-	if (EVP_CipherFinal(c->Ctx, ((UCHAR *)dest) + (UINT)r, &r2) == 0)
++	if (EVP_CipherFinal_ex(c->Ctx, ((UCHAR *)dest) + (UINT)r, &r2) == 0)
+ 	{
+ 		return 0;
+ 	}
+@@ -924,6 +926,7 @@ BUF *BigNumToBuf(const BIGNUM *bn)
+ // Initialization of the lock of OpenSSL
+ void OpenSSL_InitLock()
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	UINT i;
+ 
+ 	// Initialization of the lock object
+@@ -937,11 +940,13 @@ void OpenSSL_InitLock()
+ 	// Setting the lock function
+ 	CRYPTO_set_locking_callback(OpenSSL_Lock);
+ 	CRYPTO_set_id_callback(OpenSSL_Id);
++#endif
+ }
+ 
+ // Release of the lock of OpenSSL
+ void OpenSSL_FreeLock()
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	UINT i;
+ 
+ 	for (i = 0;i < ssl_lock_num;i++)
+@@ -953,11 +958,13 @@ void OpenSSL_FreeLock()
+ 
+ 	CRYPTO_set_locking_callback(NULL);
+ 	CRYPTO_set_id_callback(NULL);
++#endif
+ }
+ 
+ // Lock function for OpenSSL
+ void OpenSSL_Lock(int mode, int n, const char *file, int line)
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	LOCK *lock = ssl_lock_obj[n];
+ 
+ 	if (mode & CRYPTO_LOCK)
+@@ -970,12 +977,15 @@ void OpenSSL_Lock(int mode, int n, const char *file, int line)
+ 		// Unlock
+ 		Unlock(lock);
+ 	}
++#endif
+ }
+ 
+ // Return the thread ID
+ unsigned long OpenSSL_Id(void)
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	return (unsigned long)ThreadId();
++#endif
+ }
+ 
+ // Get the display name of the certificate
+@@ -1899,8 +1909,8 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
+ 	X509_set_version(x509, 2L);
+ 
+ 	// Set the Expiration
+-	t1 = X509_get_notBefore(x509);
+-	t2 = X509_get_notAfter(x509);
++	t1 = X509_getm_notBefore(x509);
++	t2 = X509_getm_notAfter(x509);
+ 	if (!UINT64ToAsn1Time(t1, notBefore))
+ 	{
+ 		FreeX509(x509);
+@@ -2041,8 +2051,8 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
+ 	X509_set_version(x509, 2L);
+ 
+ 	// Set the Expiration
+-	t1 = X509_get_notBefore(x509);
+-	t2 = X509_get_notAfter(x509);
++	t1 = X509_getm_notBefore(x509);
++	t2 = X509_getm_notAfter(x509);
+ 	if (!UINT64ToAsn1Time(t1, notBefore))
+ 	{
+ 		FreeX509(x509);
+@@ -2697,6 +2707,43 @@ bool RsaCheckEx()
+ 
+ 	return false;
+ }
++
++// RSA key generation
++static RSA *RsaGenKey(UINT bit, BN_ULONG e)
++{
++	RSA *rsa = NULL;
++	char errbuf[MAX_SIZE];
++	BIGNUM *bne = NULL;
++
++	if ((bne = BN_new()) == NULL)
++	{
++		Debug("BN_new: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
++		return NULL;
++	}
++	if (BN_set_word(bne, e) == 0)
++	{
++		Debug("BN_set_word: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
++		goto fail;
++	}
++	if ((rsa = RSA_new()) == NULL)
++	{
++		Debug("RSA_new: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
++		goto fail;
++	}
++	if (RSA_generate_key_ex(rsa, bit, bne, NULL) == 0)
++	{
++		Debug("RSA_generate_key_ex: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
++		goto fail;
++	}
++	BN_free(bne);
++	return rsa;
++
++fail:
++	RSA_free(rsa);
++	BN_free(bne);
++	return NULL;
++}
++
+ bool RsaCheck()
+ {
+ 	RSA *rsa;
+@@ -2710,12 +2757,11 @@ bool RsaCheck()
+ 	// Key generation
+ 	Lock(openssl_lock);
+ 	{
+-		rsa = RSA_generate_key(bit, RSA_F4, NULL, NULL);
++		rsa = RsaGenKey(bit, RSA_F4);
+ 	}
+ 	Unlock(openssl_lock);
+ 	if (rsa == NULL)
+ 	{
+-		Debug("RSA_generate_key: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
+ 		return false;
+ 	}
+ 
+@@ -2780,12 +2826,11 @@ bool RsaGen(K **priv, K **pub, UINT bit)
+ 	// Key generation
+ 	Lock(openssl_lock);
+ 	{
+-		rsa = RSA_generate_key(bit, RSA_F4, NULL, NULL);
++		rsa = RsaGenKey(bit, RSA_F4);
+ 	}
+ 	Unlock(openssl_lock);
+ 	if (rsa == NULL)
+ 	{
+-		Debug("RSA_generate_key: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
+ 		return false;
+ 	}
+ 
+@@ -3895,7 +3940,7 @@ X *X509ToX(X509 *x509)
+ 				{
+ 					if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location->type == GEN_URI)
+ 					{
+-						char *uri = (char *)ASN1_STRING_data(ad->location->d.uniformResourceIdentifier);
++						char *uri = (char *)ASN1_STRING_get0_data(ad->location->d.uniformResourceIdentifier);
+ 
+ 						if (IsEmptyStr(uri) == false)
+ 						{
+@@ -4108,7 +4153,9 @@ void Rand(void *buf, UINT size)
+ // Delete a thread-specific information that OpenSSL has holded
+ void FreeOpenSSLThreadState()
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	ERR_remove_state(0);
++#endif
+ }
+ 
+ // Release the Crypt library
+@@ -4130,13 +4177,16 @@ void InitCryptLibrary()
+ 	CheckIfIntelAesNiSupportedInit();
+ //	RAND_Init_For_SoftEther()
+ 	openssl_lock = NewLock();
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	SSL_library_init();
+ 	//OpenSSL_add_all_algorithms();
+ 	OpenSSL_add_all_ciphers();
+ 	OpenSSL_add_all_digests();
+ 	ERR_load_crypto_strings();
+ 	SSL_load_error_strings();
+-
++#else
++	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
++#endif
+ #ifdef	OS_UNIX
+ 	{
+ 		char *name1 = "/dev/random";

net/softethervpn/patches/130-iconv.patch

@@ -0,0 +1,39 @@
+diff --git a/src/Mayaqua/Mayaqua.h b/src/Mayaqua/Mayaqua.h
+index 194f8e6..177129e 100644
+--- a/src/Mayaqua/Mayaqua.h
++++ b/src/Mayaqua/Mayaqua.h
+@@ -283,7 +283,7 @@ int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow)
+ #include <ifaddrs.h>
+ #endif	// MAYAQUA_SUPPORTS_GETIFADDRS
+ 
+-#ifdef	UNIX_LINUX
++#if 0
+ typedef void *iconv_t;
+ iconv_t iconv_open (__const char *__tocode, __const char *__fromcode);
+ size_t iconv (iconv_t __cd, char **__restrict __inbuf,
+diff --git a/src/makefiles/linux_32bit.mak b/src/makefiles/linux_32bit.mak
+index 8219d5d..8020290 100644
+--- a/src/makefiles/linux_32bit.mak
++++ b/src/makefiles/linux_32bit.mak
+@@ -68,7 +68,7 @@ OPTIONS_LINK_DEBUG=-g -fsigned-char -lm -ldl -lrt -lpthread -lssl -lcrypto -lrea
+ 
+ OPTIONS_COMPILE_RELEASE=-DNDEBUG -DVPN_SPEED -DUNIX -DUNIX_LINUX -D_REENTRANT -DREENTRANT -D_THREAD_SAFE -D_THREADSAFE -DTHREAD_SAFE -DTHREADSAFE -D_FILE_OFFSET_BITS=64 -I./src/ -I./src/Cedar/ -I./src/Mayaqua/ -O2 -fsigned-char
+ 
+-OPTIONS_LINK_RELEASE=-O2 -fsigned-char -lm -ldl -lrt -lpthread -lssl -lcrypto -lreadline -lncurses -lz
++OPTIONS_LINK_RELEASE=-O2 -fsigned-char -lm -ldl -lrt -liconv -lpthread -lssl -lcrypto -lreadline -lncurses -lz
+ 
+ INSTALL_BINDIR=/usr/bin/
+ INSTALL_VPNSERVER_DIR=/usr/vpnserver/
+diff --git a/src/makefiles/linux_64bit.mak b/src/makefiles/linux_64bit.mak
+index 7f81b58..a36e0de 100644
+--- a/src/makefiles/linux_64bit.mak
++++ b/src/makefiles/linux_64bit.mak
+@@ -68,7 +68,7 @@ OPTIONS_LINK_DEBUG=-g -fsigned-char -m64 -lm -ldl -lrt -lpthread -lssl -lcrypto
+ 
+ OPTIONS_COMPILE_RELEASE=-DNDEBUG -DVPN_SPEED -DUNIX -DUNIX_LINUX -DCPU_64 -D_REENTRANT -DREENTRANT -D_THREAD_SAFE -D_THREADSAFE -DTHREAD_SAFE -DTHREADSAFE -D_FILE_OFFSET_BITS=64 -I./src/ -I./src/Cedar/ -I./src/Mayaqua/ -O2 -fsigned-char
+ 
+-OPTIONS_LINK_RELEASE=-O2 -fsigned-char -lm -ldl -lrt -lpthread -lssl -lcrypto -lreadline -lncurses -lz
++OPTIONS_LINK_RELEASE=-O2 -fsigned-char -lm -ldl -lrt -liconv -lpthread -lssl -lcrypto -lreadline -lncurses -lz
+ 
+ INSTALL_BINDIR=/usr/bin/
+ INSTALL_VPNSERVER_DIR=/usr/vpnserver/

net/softethervpn/patches/140-openssl-header.patch

@@ -0,0 +1,10 @@
+--- a/src/Mayaqua/Secure.c
++++ b/src/Mayaqua/Secure.c
+@@ -127,6 +127,7 @@
+ #include <openssl/pkcs7.h>
+ #include <openssl/pkcs12.h>
+ #include <openssl/rc4.h>
++#include <openssl/rsa.h>
+ #include <openssl/md5.h>
+ #include <openssl/sha.h>
+ #include <Mayaqua/Mayaqua.h>