Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Gilbert <floppym@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
Date: Sun, 31 Jul 2022 17:04:08
Message-Id: 1659287033.9ea2b28e1c70517b35d40fc0dd93c410c1c18ff7.floppym@gentoo
1 commit: 9ea2b28e1c70517b35d40fc0dd93c410c1c18ff7
2 Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
3 AuthorDate: Sun Jul 31 17:03:53 2022 +0000
4 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
5 CommitDate: Sun Jul 31 17:03:53 2022 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ea2b28e
7
8 net-vpn/openconnect: drop 8.20-r1
9
10 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
11
12 net-vpn/openconnect/Manifest | 1 -
13 .../openconnect/files/8.20-insecure-crypto.patch | 46 -------
14 net-vpn/openconnect/files/8.20-rsa-securid.patch | 51 -------
15 net-vpn/openconnect/openconnect-8.20-r1.ebuild | 153 ---------------------
16 4 files changed, 251 deletions(-)
17
18 diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest
19 index a7dd1ff6597b..a855a2300764 100644
20 --- a/net-vpn/openconnect/Manifest
21 +++ b/net-vpn/openconnect/Manifest
22 @@ -1,2 +1 @@
23 -DIST openconnect-8.20.tar.gz 2651542 BLAKE2B 327b437993ee0d705c0194202f6fd7c2b330e69bfbb916ef004b0662c8b9aebc1252aa3c83bd41b4d1cf85b933878d37b1a7608f076d82b50e325a3efaea2dec SHA512 76f5e49948391397ea1f7d2fca5798731f4278fee74c3da9b0f0daba6c386ce79ec5d87d40b6d3d99bb2528a038b5a2076df4159bb29c52cba62efb2ca52c8ab
24 DIST openconnect-9.01.tar.gz 2718526 BLAKE2B e346b30ed8a299bcdd1fc88868d59b4d501c48bc5c02092e92e7ded0cd36e4de6a5b65aae4f6bf8c9aa60cf70f5466b110b64889df8d286016c9a1b4d9f46ff7 SHA512 b7428847a90f8ca9d1f1f61653c1f2486f0a07989f3b7435b746c5e901998194f4ee2b4f9569a548a23bba368bb1e9f273674c0759aac9df30208d2a6a303c34
25
26 diff --git a/net-vpn/openconnect/files/8.20-insecure-crypto.patch b/net-vpn/openconnect/files/8.20-insecure-crypto.patch
27 deleted file mode 100644
28 index 7644e1a264ba..000000000000
29 --- a/net-vpn/openconnect/files/8.20-insecure-crypto.patch
30 +++ /dev/null
31 @@ -1,46 +0,0 @@
32 -From e2b38313bbd5050acaac49a75f0a024d05b505e5 Mon Sep 17 00:00:00 2001
33 -From: Mike Gilbert <floppym@g.o>
34 -Date: Sun, 10 Apr 2022 12:21:57 -0400
35 -Subject: [PATCH] openssl: allow ALL ciphers when allow-insecure-crypto is
36 - enabled
37 -
38 -Previously, the cipher list was set to "DEFAULT:+3DES:+RC4". However,
39 -according to ciphers(1), the DEFAULT keyword cannot be combined with
40 -other strings using the + characters. In other words, ":+3DES:+RC4" gets
41 -ignored.
42 -
43 -The user is opting into insecure behavior, so let's keep it simple and
44 -just allow everything.
45 -
46 -This change fixes the obsolete-server-crypto test when openconnect is
47 -built against openssl-1.1.x.
48 -
49 -Signed-off-by: Mike Gilbert <floppym@g.o>
50 ----
51 - openssl.c | 9 +++------
52 - 1 file changed, 3 insertions(+), 6 deletions(-)
53 -
54 -diff --git a/openssl.c b/openssl.c
55 -index 3205dbd7..2bf594e7 100644
56 ---- a/openssl.c
57 -+++ b/openssl.c
58 -@@ -1868,13 +1868,10 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
59 - struct oc_text_buf *buf = buf_alloc();
60 - if (vpninfo->pfs)
61 - buf_append(buf, "HIGH:!aNULL:!eNULL:-RSA");
62 -+ else if (vpninfo->allow_insecure_crypto)
63 -+ buf_append(buf, "ALL");
64 - else
65 -- buf_append(buf, "DEFAULT");
66 --
67 -- if (vpninfo->allow_insecure_crypto)
68 -- buf_append(buf, ":+3DES:+RC4");
69 -- else
70 -- buf_append(buf, ":-3DES:-RC4");
71 -+ buf_append(buf, "DEFAULT:-3DES:-RC4");
72 -
73 - if (buf_error(buf)) {
74 - vpn_progress(vpninfo, PRG_ERR,
75 ---
76 -2.35.1
77 -
78
79 diff --git a/net-vpn/openconnect/files/8.20-rsa-securid.patch b/net-vpn/openconnect/files/8.20-rsa-securid.patch
80 deleted file mode 100644
81 index 57ab2d740707..000000000000
82 --- a/net-vpn/openconnect/files/8.20-rsa-securid.patch
83 +++ /dev/null
84 @@ -1,51 +0,0 @@
85 -From 19417131895eb39aabf3641a9e4e0d7082b04f6d Mon Sep 17 00:00:00 2001
86 -From: Daniel Lenski <dlenski@×××××.com>
87 -Date: Mon, 7 Mar 2022 08:50:13 -0800
88 -Subject: [PATCH] Bugfix RSA SecurID token decryption and PIN entry forms
89 -
90 -As of
91 -https://gitlab.com/openconnect/openconnect/-/commit/386a6edb6d2d1d2cd3e9c9de8d85dc7bfda60d34,
92 -all auth forms are required to have a non-NULL `auth_id`.
93 -
94 -However, we forget to make stoken.c set the `auth_id` for the forms that it
95 -creates for RSA SecurID token decryption and PIN entry. Let's name these:
96 -
97 - - `_rsa_unlock`, for token decryption.
98 - - `_rsa_pin`, for PIN entry. Also, rename the numeric PIN field to `pin`
99 - rather than `password`; there can't be any existing users relying on
100 - `--form-entry` to set its value, because that wouldn't work without the
101 - `auth_id`.
102 -
103 -Fixes #388.
104 -
105 -Signed-off-by: Daniel Lenski <dlenski@×××××.com>
106 ----
107 - stoken.c | 4 +++-
108 - 1 file changed, 3 insertions(+), 1 deletion(-)
109 -
110 -diff --git a/stoken.c b/stoken.c
111 -index 00a67625..45d849f5 100644
112 ---- a/stoken.c
113 -+++ b/stoken.c
114 -@@ -100,6 +100,7 @@ static int decrypt_stoken(struct openconnect_info *vpninfo)
115 -
116 - form.opts = opts;
117 - form.message = _("Enter credentials to unlock software token.");
118 -+ form.auth_id = "_rsa_unlock";
119 -
120 - if (stoken_devid_required(vpninfo->stoken_ctx)) {
121 - opt->type = OC_FORM_OPT_TEXT;
122 -@@ -206,9 +207,10 @@ static int request_stoken_pin(struct openconnect_info *vpninfo)
123 -
124 - form.opts = opts;
125 - form.message = _("Enter software token PIN.");
126 -+ form.auth_id = "_rsa_pin";
127 -
128 - opt->type = OC_FORM_OPT_PASSWORD;
129 -- opt->name = (char *)"password";
130 -+ opt->name = (char *)"pin";
131 - opt->label = _("PIN:");
132 - opt->flags = OC_FORM_OPT_NUMERIC;
133 -
134 ---
135 -GitLab
136
137 diff --git a/net-vpn/openconnect/openconnect-8.20-r1.ebuild b/net-vpn/openconnect/openconnect-8.20-r1.ebuild
138 deleted file mode 100644
139 index c9b970792d0e..000000000000
140 --- a/net-vpn/openconnect/openconnect-8.20-r1.ebuild
141 +++ /dev/null
142 @@ -1,153 +0,0 @@
143 -# Copyright 2011-2022 Gentoo Authors
144 -# Distributed under the terms of the GNU General Public License v2
145 -
146 -EAPI=8
147 -
148 -PYTHON_COMPAT=( python3_{8..10} )
149 -PYTHON_REQ_USE="xml"
150 -
151 -inherit linux-info python-any-r1
152 -
153 -if [[ ${PV} == 9999 ]]; then
154 - EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
155 - inherit git-r3 autotools
156 -else
157 - SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
158 - KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86"
159 -fi
160 -
161 -DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
162 -HOMEPAGE="https://www.infradead.org/openconnect/"
163 -
164 -LICENSE="LGPL-2.1 GPL-2"
165 -SLOT="0/5"
166 -IUSE="doc +gnutls gssapi libproxy lz4 nls pskc selinux smartcard stoken test"
167 -RESTRICT="!test? ( test )"
168 -
169 -COMMON_DEPEND="
170 - dev-libs/libxml2
171 - sys-libs/zlib
172 - app-crypt/p11-kit
173 - !gnutls? (
174 - >=dev-libs/openssl-1.0.1h:0=
175 - dev-libs/libp11
176 - )
177 - gnutls? (
178 - app-crypt/trousers
179 - app-misc/ca-certificates
180 - dev-libs/nettle
181 - >=net-libs/gnutls-3.6.13:0=
182 - dev-libs/libtasn1:0=
183 - app-crypt/tpm2-tss:=
184 - )
185 - gssapi? ( virtual/krb5 )
186 - libproxy? ( net-libs/libproxy )
187 - lz4? ( app-arch/lz4:= )
188 - nls? ( virtual/libintl )
189 - pskc? ( sys-auth/oath-toolkit[pskc] )
190 - smartcard? ( sys-apps/pcsc-lite:0= )
191 - stoken? ( app-crypt/stoken )
192 -"
193 -DEPEND="${COMMON_DEPEND}
194 - test? (
195 - net-libs/socket_wrapper
196 - sys-libs/uid_wrapper
197 - !gnutls? ( dev-libs/openssl:0[weak-ssl-ciphers(-)] )
198 - )
199 -"
200 -RDEPEND="${COMMON_DEPEND}
201 - sys-apps/iproute2
202 - >=net-vpn/vpnc-scripts-20210402-r1
203 - selinux? ( sec-policy/selinux-vpn )
204 -"
205 -BDEPEND="
206 - virtual/pkgconfig
207 - doc? ( ${PYTHON_DEPS} sys-apps/groff )
208 - nls? ( sys-devel/gettext )
209 - test? ( net-vpn/ocserv )
210 -"
211 -
212 -CONFIG_CHECK="~TUN"
213 -
214 -pkg_pretend() {
215 - check_extra_config
216 -}
217 -
218 -pkg_setup() {
219 - :
220 -}
221 -
222 -src_unpack() {
223 - if [[ ${PV} == 9999 ]]; then
224 - git-r3_src_unpack
225 - fi
226 - default
227 -}
228 -
229 -src_prepare() {
230 - local PATCHES=(
231 - "${FILESDIR}/8.20-rsa-securid.patch"
232 - "${FILESDIR}/8.20-insecure-crypto.patch"
233 - )
234 - default
235 - if [[ ${PV} == 9999 ]]; then
236 - eautoreconf
237 - fi
238 -}
239 -
240 -src_configure() {
241 - if use doc; then
242 - python_setup
243 - else
244 - export ac_cv_path_PYTHON=
245 - fi
246 -
247 - # Used by tests if userpriv is disabled
248 - addwrite /run/netns
249 -
250 - local myconf=(
251 - --disable-dsa-tests
252 - $(use_enable nls)
253 - --disable-static
254 - $(use_with !gnutls openssl)
255 - $(use_with gnutls)
256 - $(use_with libproxy)
257 - $(use_with lz4)
258 - $(use_with gssapi)
259 - $(use_with pskc libpskc)
260 - $(use_with smartcard libpcsclite)
261 - $(use_with stoken)
262 - --with-vpnc-script="${EPREFIX}/etc/vpnc/vpnc-script"
263 - --without-java
264 - )
265 -
266 - econf "${myconf[@]}"
267 -}
268 -
269 -src_test() {
270 - local charset
271 - for charset in UTF-8 ISO-8859-2; do
272 - if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
273 - # If we don't have valid cs_CZ locale data, auth-nonascii will fail.
274 - # Force a test skip by exiting with status 77.
275 - sed -i -e '2i exit 77' tests/auth-nonascii || die
276 - break
277 - fi
278 - done
279 - default
280 -}
281 -
282 -src_install() {
283 - default
284 - find "${ED}" -name '*.la' -delete || die
285 -
286 - dodoc "${FILESDIR}"/README.OpenRC
287 -
288 - newconfd "${FILESDIR}"/openconnect.confd openconnect
289 - newinitd "${FILESDIR}"/openconnect.initd openconnect
290 -
291 - insinto /etc/logrotate.d
292 - newins "${FILESDIR}"/openconnect.logrotate openconnect
293 -
294 - keepdir /var/log/openconnect
295 -}
Report Message
Find on MARC Find on Google Groups