update openvpn to latest upstream, fix broken path to ip

package/openvpn/Makefile

@@ -4,12 +4,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=		openvpn
-PKG_VERSION:=		2.1.3
+PKG_VERSION:=		2.2.1
 PKG_RELEASE:=		1
-PKG_MD5SUM:=		7486d3e270ba4b033e311d3e022a0ad7
+PKG_MD5SUM:=		500bee5449b29906150569aaf2eb2730
 PKG_DESCR:=		Open Source VPN solution using SSL
 PKG_SECTION:=		net/security
-PKG_DEPENDS:=		kmod-tun libopenssl
+PKG_DEPENDS:=		kmod-tun libopenssl ip
 PKG_BUILDDEP:=		openssl
 PKG_URL:=		http://openvpn.net/
 PKG_SITES:=		http://openvpn.net/release/
@@ -56,7 +56,7 @@ CONFIGURE_ARGS+=	--disable-pthread \
 			--disable-plugins \
 			--enable-small \
 			--enable-iproute2 \
-			--with-iproute-path=ip \
+			--with-iproute-path=/usr/sbin/ip \
 			--without-ifconfig-path \
 			--without-route-path
 
@@ -72,7 +72,7 @@ openvpn-easy-rsa-install:
 	$(CP) ./files/serial $(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/keys
 	$(CP) $(WRKBUILD)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} \
 		$(IDIR_OPENVPN_EASY_RSA)/usr/sbin
-	${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/openssl.cnf \
+	${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/openssl-1.0.0.cnf \
 		$(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/openssl.cnf
 	${INSTALL_DATA} $(WRKBUILD)/easy-rsa/2.0/vars \
 		$(IDIR_OPENVPN_EASY_RSA)/etc/easy-rsa/vars

package/openvpn/patches/easy-rsa.patch

@@ -1,218 +0,0 @@
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-ca openvpn-2.0.8/easy-rsa/2.0/build-ca
---- openvpn-2.0.8_orig/easy-rsa/2.0/build-ca	2005-11-02 19:42:38.000000000 +0100
-+++ openvpn-2.0.8/easy-rsa/2.0/build-ca	2006-10-13 18:14:32.000000000 +0200
-@@ -1,8 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
- 
- #
- # Build a root certificate
- #
- 
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --initca $*
-+/usr/sbin/pkitool --interact --initca $*
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-dh openvpn-2.0.8/easy-rsa/2.0/build-dh
---- openvpn-2.0.8_orig/easy-rsa/2.0/build-dh	2006-06-28 08:29:27.000000000 +0200
-+++ openvpn-2.0.8/easy-rsa/2.0/build-dh	2006-10-13 18:13:40.000000000 +0200
-@@ -1,4 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
- 
- # Build Diffie-Hellman parameters for the server side
- # of an SSL/TLS connection.
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-inter openvpn-2.0.8/easy-rsa/2.0/build-inter
---- openvpn-2.0.8_orig/easy-rsa/2.0/build-inter	2005-11-02 19:42:39.000000000 +0100
-+++ openvpn-2.0.8/easy-rsa/2.0/build-inter	2006-10-13 18:14:32.000000000 +0200
-@@ -1,7 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
- 
- # Make an intermediate CA certificate/private key pair using a locally generated
- # root certificate.
- 
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --inter $*
-+/usr/sbin/pkitool --interact --inter $*
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-key openvpn-2.0.8/easy-rsa/2.0/build-key
---- openvpn-2.0.8_orig/easy-rsa/2.0/build-key	2005-11-02 19:42:39.000000000 +0100
-+++ openvpn-2.0.8/easy-rsa/2.0/build-key	2006-10-13 18:14:32.000000000 +0200
-@@ -1,7 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
- 
- # Make a certificate/private key pair using a locally generated
- # root certificate.
- 
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact $*
-+/usr/sbin/pkitool --interact $*
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-key-pass openvpn-2.0.8/easy-rsa/2.0/build-key-pass
---- openvpn-2.0.8_orig/easy-rsa/2.0/build-key-pass	2005-11-02 19:42:39.000000000 +0100
-+++ openvpn-2.0.8/easy-rsa/2.0/build-key-pass	2006-10-13 18:14:32.000000000 +0200
-@@ -1,7 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
- 
- # Similar to build-key, but protect the private key
- # with a password.
- 
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --pass $*
-+/usr/sbin/pkitool --interact --pass $*
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-key-pkcs12 openvpn-2.0.8/easy-rsa/2.0/build-key-pkcs12
---- openvpn-2.0.8_orig/easy-rsa/2.0/build-key-pkcs12	2005-11-02 19:42:39.000000000 +0100
-+++ openvpn-2.0.8/easy-rsa/2.0/build-key-pkcs12	2006-10-13 18:14:32.000000000 +0200
-@@ -1,8 +1,7 @@
--#!/bin/bash
-+#!/bin/sh
- 
- # Make a certificate/private key pair using a locally generated
- # root certificate and convert it to a PKCS #12 file including the
- # the CA certificate as well.
- 
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --pkcs12 $*
-+/usr/sbin/pkitool --interact --pkcs12 $*
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-key-server openvpn-2.0.8/easy-rsa/2.0/build-key-server
---- openvpn-2.0.8_orig/easy-rsa/2.0/build-key-server	2005-11-02 19:42:39.000000000 +0100
-+++ openvpn-2.0.8/easy-rsa/2.0/build-key-server	2006-10-13 18:14:32.000000000 +0200
-@@ -1,4 +1,4 @@
--#!/bin/bash
-+#!/bin/sh
- 
- # Make a certificate/private key pair using a locally generated
- # root certificate.
-@@ -6,5 +6,4 @@
- # Explicitly set nsCertType to server using the "server"
- # extension in the openssl.cnf file.
- 
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --server $*
-+/usr/sbin/pkitool --interact --server $*
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-req openvpn-2.0.8/easy-rsa/2.0/build-req
---- openvpn-2.0.8_orig/easy-rsa/2.0/build-req	2005-11-02 19:42:38.000000000 +0100
-+++ openvpn-2.0.8/easy-rsa/2.0/build-req	2006-10-13 18:14:32.000000000 +0200
-@@ -1,7 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
- 
- # Build a certificate signing request and private key.  Use this
- # when your root certificate and key is not available locally.
- 
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --csr $*
-+/usr/sbin/pkitool --interact --csr $*
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/build-req-pass openvpn-2.0.8/easy-rsa/2.0/build-req-pass
---- openvpn-2.0.8_orig/easy-rsa/2.0/build-req-pass	2005-11-02 19:42:39.000000000 +0100
-+++ openvpn-2.0.8/easy-rsa/2.0/build-req-pass	2006-10-13 18:14:32.000000000 +0200
-@@ -1,7 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
- 
- # Like build-req, but protect your private key
- # with a password.
- 
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --csr --pass $*
-+/usr/sbin/pkitool --interact --csr --pass $*
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/clean-all openvpn-2.0.8/easy-rsa/2.0/clean-all
---- openvpn-2.0.8_orig/easy-rsa/2.0/clean-all	2005-11-02 19:42:39.000000000 +0100
-+++ openvpn-2.0.8/easy-rsa/2.0/clean-all	2006-10-13 18:13:40.000000000 +0200
-@@ -1,4 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
- 
- # Initialize the $KEY_DIR directory.
- # Note that this script does a
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/inherit-inter openvpn-2.0.8/easy-rsa/2.0/inherit-inter
---- openvpn-2.0.8_orig/easy-rsa/2.0/inherit-inter	2005-11-02 19:42:38.000000000 +0100
-+++ openvpn-2.0.8/easy-rsa/2.0/inherit-inter	2006-10-13 18:13:40.000000000 +0200
-@@ -1,4 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
- 
- # Build a new PKI which is rooted on an intermediate certificate generated
- # by ./build-inter or ./pkitool --inter from a parent PKI.  The new PKI should
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/list-crl openvpn-2.0.8/easy-rsa/2.0/list-crl
---- openvpn-2.0.8_orig/easy-rsa/2.0/list-crl	2006-06-28 08:29:27.000000000 +0200
-+++ openvpn-2.0.8/easy-rsa/2.0/list-crl	2006-10-13 18:13:40.000000000 +0200
-@@ -1,4 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
- 
- # list revoked certificates
- 
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/pkitool openvpn-2.0.8/easy-rsa/2.0/pkitool
---- openvpn-2.0.8_orig/easy-rsa/2.0/pkitool	2006-06-28 08:29:27.000000000 +0200
-+++ openvpn-2.0.8/easy-rsa/2.0/pkitool	2006-10-13 18:13:40.000000000 +0200
-@@ -1,5 +1,7 @@
- #!/bin/sh
- 
-+. /etc/easy-rsa/vars
-+
- #  OpenVPN -- An application to securely tunnel IP networks
- #             over a single TCP/UDP port, with support for SSL/TLS-based
- #             session authentication and key exchange,
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/revoke-full openvpn-2.0.8/easy-rsa/2.0/revoke-full
---- openvpn-2.0.8_orig/easy-rsa/2.0/revoke-full	2006-06-28 08:29:27.000000000 +0200
-+++ openvpn-2.0.8/easy-rsa/2.0/revoke-full	2006-10-13 18:13:40.000000000 +0200
-@@ -1,4 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
-+
-+. /etc/easy-rsa/vars
- 
- # revoke a certificate, regenerate CRL,
- # and verify revocation
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/sign-req openvpn-2.0.8/easy-rsa/2.0/sign-req
---- openvpn-2.0.8_orig/easy-rsa/2.0/sign-req	2005-11-02 19:42:39.000000000 +0100
-+++ openvpn-2.0.8/easy-rsa/2.0/sign-req	2006-10-13 18:14:32.000000000 +0200
-@@ -1,7 +1,6 @@
--#!/bin/bash
-+#!/bin/sh
- 
- # Sign a certificate signing request (a .csr file)
- # with a local root certificate and key.
- 
--export EASY_RSA="${EASY_RSA:-.}"
--"$EASY_RSA/pkitool" --interact --sign $*
-+/usr/sbin/pkitool --interact --sign $*
-diff -Nur openvpn-2.0.8_orig/easy-rsa/2.0/vars openvpn-2.0.8/easy-rsa/2.0/vars
---- openvpn-2.0.8_orig/easy-rsa/2.0/vars	2006-06-28 08:29:27.000000000 +0200
-+++ openvpn-2.0.8/easy-rsa/2.0/vars	2006-10-13 18:24:03.000000000 +0200
-@@ -12,7 +12,7 @@
- # This variable should point to
- # the top level of the easy-rsa
- # tree.
--export EASY_RSA="`pwd`"
-+export EASY_RSA="/etc/easy-rsa"
- 
- #
- # This variable should point to
-@@ -26,7 +26,7 @@
- # This variable should point to
- # the openssl.cnf file included
- # with easy-rsa.
--export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
-+export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA`
- 
- # Edit this variable to point to
- # your soon-to-be-created key
-@@ -39,7 +39,7 @@
- export KEY_DIR="$EASY_RSA/keys"
- 
- # Issue rm -rf warning
--echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
-+echo NOTE: If you run /usr/sbin/clean-all, I will be doing a rm -rf on $KEY_DIR
- 
- # Increase this to 2048 if you
- # are paranoid.  This will slow