1 |
commit: 9ea2b28e1c70517b35d40fc0dd93c410c1c18ff7 |
2 |
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Jul 31 17:03:53 2022 +0000 |
4 |
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Jul 31 17:03:53 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ea2b28e |
7 |
|
8 |
net-vpn/openconnect: drop 8.20-r1 |
9 |
|
10 |
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> |
11 |
|
12 |
net-vpn/openconnect/Manifest | 1 - |
13 |
.../openconnect/files/8.20-insecure-crypto.patch | 46 ------- |
14 |
net-vpn/openconnect/files/8.20-rsa-securid.patch | 51 ------- |
15 |
net-vpn/openconnect/openconnect-8.20-r1.ebuild | 153 --------------------- |
16 |
4 files changed, 251 deletions(-) |
17 |
|
18 |
diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest |
19 |
index a7dd1ff6597b..a855a2300764 100644 |
20 |
--- a/net-vpn/openconnect/Manifest |
21 |
+++ b/net-vpn/openconnect/Manifest |
22 |
@@ -1,2 +1 @@ |
23 |
-DIST openconnect-8.20.tar.gz 2651542 BLAKE2B 327b437993ee0d705c0194202f6fd7c2b330e69bfbb916ef004b0662c8b9aebc1252aa3c83bd41b4d1cf85b933878d37b1a7608f076d82b50e325a3efaea2dec SHA512 76f5e49948391397ea1f7d2fca5798731f4278fee74c3da9b0f0daba6c386ce79ec5d87d40b6d3d99bb2528a038b5a2076df4159bb29c52cba62efb2ca52c8ab |
24 |
DIST openconnect-9.01.tar.gz 2718526 BLAKE2B e346b30ed8a299bcdd1fc88868d59b4d501c48bc5c02092e92e7ded0cd36e4de6a5b65aae4f6bf8c9aa60cf70f5466b110b64889df8d286016c9a1b4d9f46ff7 SHA512 b7428847a90f8ca9d1f1f61653c1f2486f0a07989f3b7435b746c5e901998194f4ee2b4f9569a548a23bba368bb1e9f273674c0759aac9df30208d2a6a303c34 |
25 |
|
26 |
diff --git a/net-vpn/openconnect/files/8.20-insecure-crypto.patch b/net-vpn/openconnect/files/8.20-insecure-crypto.patch |
27 |
deleted file mode 100644 |
28 |
index 7644e1a264ba..000000000000 |
29 |
--- a/net-vpn/openconnect/files/8.20-insecure-crypto.patch |
30 |
+++ /dev/null |
31 |
@@ -1,46 +0,0 @@ |
32 |
-From e2b38313bbd5050acaac49a75f0a024d05b505e5 Mon Sep 17 00:00:00 2001 |
33 |
-From: Mike Gilbert <floppym@g.o> |
34 |
-Date: Sun, 10 Apr 2022 12:21:57 -0400 |
35 |
-Subject: [PATCH] openssl: allow ALL ciphers when allow-insecure-crypto is |
36 |
- enabled |
37 |
- |
38 |
-Previously, the cipher list was set to "DEFAULT:+3DES:+RC4". However, |
39 |
-according to ciphers(1), the DEFAULT keyword cannot be combined with |
40 |
-other strings using the + characters. In other words, ":+3DES:+RC4" gets |
41 |
-ignored. |
42 |
- |
43 |
-The user is opting into insecure behavior, so let's keep it simple and |
44 |
-just allow everything. |
45 |
- |
46 |
-This change fixes the obsolete-server-crypto test when openconnect is |
47 |
-built against openssl-1.1.x. |
48 |
- |
49 |
-Signed-off-by: Mike Gilbert <floppym@g.o> |
50 |
---- |
51 |
- openssl.c | 9 +++------ |
52 |
- 1 file changed, 3 insertions(+), 6 deletions(-) |
53 |
- |
54 |
-diff --git a/openssl.c b/openssl.c |
55 |
-index 3205dbd7..2bf594e7 100644 |
56 |
---- a/openssl.c |
57 |
-+++ b/openssl.c |
58 |
-@@ -1868,13 +1868,10 @@ int openconnect_open_https(struct openconnect_info *vpninfo) |
59 |
- struct oc_text_buf *buf = buf_alloc(); |
60 |
- if (vpninfo->pfs) |
61 |
- buf_append(buf, "HIGH:!aNULL:!eNULL:-RSA"); |
62 |
-+ else if (vpninfo->allow_insecure_crypto) |
63 |
-+ buf_append(buf, "ALL"); |
64 |
- else |
65 |
-- buf_append(buf, "DEFAULT"); |
66 |
-- |
67 |
-- if (vpninfo->allow_insecure_crypto) |
68 |
-- buf_append(buf, ":+3DES:+RC4"); |
69 |
-- else |
70 |
-- buf_append(buf, ":-3DES:-RC4"); |
71 |
-+ buf_append(buf, "DEFAULT:-3DES:-RC4"); |
72 |
- |
73 |
- if (buf_error(buf)) { |
74 |
- vpn_progress(vpninfo, PRG_ERR, |
75 |
--- |
76 |
-2.35.1 |
77 |
- |
78 |
|
79 |
diff --git a/net-vpn/openconnect/files/8.20-rsa-securid.patch b/net-vpn/openconnect/files/8.20-rsa-securid.patch |
80 |
deleted file mode 100644 |
81 |
index 57ab2d740707..000000000000 |
82 |
--- a/net-vpn/openconnect/files/8.20-rsa-securid.patch |
83 |
+++ /dev/null |
84 |
@@ -1,51 +0,0 @@ |
85 |
-From 19417131895eb39aabf3641a9e4e0d7082b04f6d Mon Sep 17 00:00:00 2001 |
86 |
-From: Daniel Lenski <dlenski@×××××.com> |
87 |
-Date: Mon, 7 Mar 2022 08:50:13 -0800 |
88 |
-Subject: [PATCH] Bugfix RSA SecurID token decryption and PIN entry forms |
89 |
- |
90 |
-As of |
91 |
-https://gitlab.com/openconnect/openconnect/-/commit/386a6edb6d2d1d2cd3e9c9de8d85dc7bfda60d34, |
92 |
-all auth forms are required to have a non-NULL `auth_id`. |
93 |
- |
94 |
-However, we forget to make stoken.c set the `auth_id` for the forms that it |
95 |
-creates for RSA SecurID token decryption and PIN entry. Let's name these: |
96 |
- |
97 |
- - `_rsa_unlock`, for token decryption. |
98 |
- - `_rsa_pin`, for PIN entry. Also, rename the numeric PIN field to `pin` |
99 |
- rather than `password`; there can't be any existing users relying on |
100 |
- `--form-entry` to set its value, because that wouldn't work without the |
101 |
- `auth_id`. |
102 |
- |
103 |
-Fixes #388. |
104 |
- |
105 |
-Signed-off-by: Daniel Lenski <dlenski@×××××.com> |
106 |
---- |
107 |
- stoken.c | 4 +++- |
108 |
- 1 file changed, 3 insertions(+), 1 deletion(-) |
109 |
- |
110 |
-diff --git a/stoken.c b/stoken.c |
111 |
-index 00a67625..45d849f5 100644 |
112 |
---- a/stoken.c |
113 |
-+++ b/stoken.c |
114 |
-@@ -100,6 +100,7 @@ static int decrypt_stoken(struct openconnect_info *vpninfo) |
115 |
- |
116 |
- form.opts = opts; |
117 |
- form.message = _("Enter credentials to unlock software token."); |
118 |
-+ form.auth_id = "_rsa_unlock"; |
119 |
- |
120 |
- if (stoken_devid_required(vpninfo->stoken_ctx)) { |
121 |
- opt->type = OC_FORM_OPT_TEXT; |
122 |
-@@ -206,9 +207,10 @@ static int request_stoken_pin(struct openconnect_info *vpninfo) |
123 |
- |
124 |
- form.opts = opts; |
125 |
- form.message = _("Enter software token PIN."); |
126 |
-+ form.auth_id = "_rsa_pin"; |
127 |
- |
128 |
- opt->type = OC_FORM_OPT_PASSWORD; |
129 |
-- opt->name = (char *)"password"; |
130 |
-+ opt->name = (char *)"pin"; |
131 |
- opt->label = _("PIN:"); |
132 |
- opt->flags = OC_FORM_OPT_NUMERIC; |
133 |
- |
134 |
--- |
135 |
-GitLab |
136 |
|
137 |
diff --git a/net-vpn/openconnect/openconnect-8.20-r1.ebuild b/net-vpn/openconnect/openconnect-8.20-r1.ebuild |
138 |
deleted file mode 100644 |
139 |
index c9b970792d0e..000000000000 |
140 |
--- a/net-vpn/openconnect/openconnect-8.20-r1.ebuild |
141 |
+++ /dev/null |
142 |
@@ -1,153 +0,0 @@ |
143 |
-# Copyright 2011-2022 Gentoo Authors |
144 |
-# Distributed under the terms of the GNU General Public License v2 |
145 |
- |
146 |
-EAPI=8 |
147 |
- |
148 |
-PYTHON_COMPAT=( python3_{8..10} ) |
149 |
-PYTHON_REQ_USE="xml" |
150 |
- |
151 |
-inherit linux-info python-any-r1 |
152 |
- |
153 |
-if [[ ${PV} == 9999 ]]; then |
154 |
- EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git" |
155 |
- inherit git-r3 autotools |
156 |
-else |
157 |
- SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" |
158 |
- KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86" |
159 |
-fi |
160 |
- |
161 |
-DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" |
162 |
-HOMEPAGE="https://www.infradead.org/openconnect/" |
163 |
- |
164 |
-LICENSE="LGPL-2.1 GPL-2" |
165 |
-SLOT="0/5" |
166 |
-IUSE="doc +gnutls gssapi libproxy lz4 nls pskc selinux smartcard stoken test" |
167 |
-RESTRICT="!test? ( test )" |
168 |
- |
169 |
-COMMON_DEPEND=" |
170 |
- dev-libs/libxml2 |
171 |
- sys-libs/zlib |
172 |
- app-crypt/p11-kit |
173 |
- !gnutls? ( |
174 |
- >=dev-libs/openssl-1.0.1h:0= |
175 |
- dev-libs/libp11 |
176 |
- ) |
177 |
- gnutls? ( |
178 |
- app-crypt/trousers |
179 |
- app-misc/ca-certificates |
180 |
- dev-libs/nettle |
181 |
- >=net-libs/gnutls-3.6.13:0= |
182 |
- dev-libs/libtasn1:0= |
183 |
- app-crypt/tpm2-tss:= |
184 |
- ) |
185 |
- gssapi? ( virtual/krb5 ) |
186 |
- libproxy? ( net-libs/libproxy ) |
187 |
- lz4? ( app-arch/lz4:= ) |
188 |
- nls? ( virtual/libintl ) |
189 |
- pskc? ( sys-auth/oath-toolkit[pskc] ) |
190 |
- smartcard? ( sys-apps/pcsc-lite:0= ) |
191 |
- stoken? ( app-crypt/stoken ) |
192 |
-" |
193 |
-DEPEND="${COMMON_DEPEND} |
194 |
- test? ( |
195 |
- net-libs/socket_wrapper |
196 |
- sys-libs/uid_wrapper |
197 |
- !gnutls? ( dev-libs/openssl:0[weak-ssl-ciphers(-)] ) |
198 |
- ) |
199 |
-" |
200 |
-RDEPEND="${COMMON_DEPEND} |
201 |
- sys-apps/iproute2 |
202 |
- >=net-vpn/vpnc-scripts-20210402-r1 |
203 |
- selinux? ( sec-policy/selinux-vpn ) |
204 |
-" |
205 |
-BDEPEND=" |
206 |
- virtual/pkgconfig |
207 |
- doc? ( ${PYTHON_DEPS} sys-apps/groff ) |
208 |
- nls? ( sys-devel/gettext ) |
209 |
- test? ( net-vpn/ocserv ) |
210 |
-" |
211 |
- |
212 |
-CONFIG_CHECK="~TUN" |
213 |
- |
214 |
-pkg_pretend() { |
215 |
- check_extra_config |
216 |
-} |
217 |
- |
218 |
-pkg_setup() { |
219 |
- : |
220 |
-} |
221 |
- |
222 |
-src_unpack() { |
223 |
- if [[ ${PV} == 9999 ]]; then |
224 |
- git-r3_src_unpack |
225 |
- fi |
226 |
- default |
227 |
-} |
228 |
- |
229 |
-src_prepare() { |
230 |
- local PATCHES=( |
231 |
- "${FILESDIR}/8.20-rsa-securid.patch" |
232 |
- "${FILESDIR}/8.20-insecure-crypto.patch" |
233 |
- ) |
234 |
- default |
235 |
- if [[ ${PV} == 9999 ]]; then |
236 |
- eautoreconf |
237 |
- fi |
238 |
-} |
239 |
- |
240 |
-src_configure() { |
241 |
- if use doc; then |
242 |
- python_setup |
243 |
- else |
244 |
- export ac_cv_path_PYTHON= |
245 |
- fi |
246 |
- |
247 |
- # Used by tests if userpriv is disabled |
248 |
- addwrite /run/netns |
249 |
- |
250 |
- local myconf=( |
251 |
- --disable-dsa-tests |
252 |
- $(use_enable nls) |
253 |
- --disable-static |
254 |
- $(use_with !gnutls openssl) |
255 |
- $(use_with gnutls) |
256 |
- $(use_with libproxy) |
257 |
- $(use_with lz4) |
258 |
- $(use_with gssapi) |
259 |
- $(use_with pskc libpskc) |
260 |
- $(use_with smartcard libpcsclite) |
261 |
- $(use_with stoken) |
262 |
- --with-vpnc-script="${EPREFIX}/etc/vpnc/vpnc-script" |
263 |
- --without-java |
264 |
- ) |
265 |
- |
266 |
- econf "${myconf[@]}" |
267 |
-} |
268 |
- |
269 |
-src_test() { |
270 |
- local charset |
271 |
- for charset in UTF-8 ISO-8859-2; do |
272 |
- if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then |
273 |
- # If we don't have valid cs_CZ locale data, auth-nonascii will fail. |
274 |
- # Force a test skip by exiting with status 77. |
275 |
- sed -i -e '2i exit 77' tests/auth-nonascii || die |
276 |
- break |
277 |
- fi |
278 |
- done |
279 |
- default |
280 |
-} |
281 |
- |
282 |
-src_install() { |
283 |
- default |
284 |
- find "${ED}" -name '*.la' -delete || die |
285 |
- |
286 |
- dodoc "${FILESDIR}"/README.OpenRC |
287 |
- |
288 |
- newconfd "${FILESDIR}"/openconnect.confd openconnect |
289 |
- newinitd "${FILESDIR}"/openconnect.initd openconnect |
290 |
- |
291 |
- insinto /etc/logrotate.d |
292 |
- newins "${FILESDIR}"/openconnect.logrotate openconnect |
293 |
- |
294 |
- keepdir /var/log/openconnect |
295 |
-} |