1 |
commit: 5f9049c9da39886975077c93c119129cd31e8f88 |
2 |
Author: William Hubbs <williamh <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sat Sep 24 17:44:31 2016 +0000 |
4 |
Commit: William Hubbs <williamh <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Sep 24 17:44:31 2016 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f9049c9 |
7 |
|
8 |
net-misc/openconnect: 7.07-r2 revbump to fix pulse secure |
9 |
|
10 |
Current stable openconnect is broken for newer releases of pulse secure [1]. |
11 |
This revbump fixes that issue. I have verified it on amd64 so I'm going |
12 |
straight to stable since the previous revision is stable. |
13 |
|
14 |
[1] http://lists.infradead.org/pipermail/openconnect-devel/2016-September/003952.html |
15 |
|
16 |
Package-Manager: portage-2.2.28 |
17 |
RepoMan-Options: --force |
18 |
|
19 |
.../openconnect-7.07-mimic-pulse-client.patch | 38 +++++ |
20 |
net-misc/openconnect/openconnect-7.07-r2.ebuild | 162 +++++++++++++++++++++ |
21 |
2 files changed, 200 insertions(+) |
22 |
|
23 |
diff --git a/net-misc/openconnect/files/openconnect-7.07-mimic-pulse-client.patch b/net-misc/openconnect/files/openconnect-7.07-mimic-pulse-client.patch |
24 |
new file mode 100644 |
25 |
index 00000000..5cfeca6 |
26 |
--- /dev/null |
27 |
+++ b/net-misc/openconnect/files/openconnect-7.07-mimic-pulse-client.patch |
28 |
@@ -0,0 +1,38 @@ |
29 |
+From 4ce9c9241f5707917e87e93a055f757cea5fb84d Mon Sep 17 00:00:00 2001 |
30 |
+From: Jon DeVree <nuxi@×××××××.org> |
31 |
+Date: Mon, 19 Sep 2016 21:00:18 -0400 |
32 |
+Subject: [PATCH] Add Content-Length header to mimic official pulse client |
33 |
+ |
34 |
+The official pulse client sends in a fixed "Content-Length: 256" header |
35 |
+with these two HTTP requests. Some versions of the VPN server will |
36 |
+reject requests with an HTTP 400 error if they do not have this header. |
37 |
+ |
38 |
+Signed-off-by: Jon DeVree <nuxi@×××××××.org> |
39 |
+Signed-off-by: David Woodhouse <David.Woodhouse@×××××.com> |
40 |
+--- |
41 |
+ oncp.c | 2 ++ |
42 |
+ 1 file changed, 2 insertions(+) |
43 |
+ |
44 |
+diff --git a/oncp.c b/oncp.c |
45 |
+index cc9a223..2bf1571 100644 |
46 |
+--- a/oncp.c |
47 |
++++ b/oncp.c |
48 |
+@@ -562,6 +562,7 @@ int oncp_connect(struct openconnect_info *vpninfo) |
49 |
+ |
50 |
+ buf_append(reqbuf, "POST /dana/js?prot=1&svc=1 HTTP/1.1\r\n"); |
51 |
+ oncp_common_headers(vpninfo, reqbuf); |
52 |
++ buf_append(reqbuf, "Content-Length: 256\r\n"); |
53 |
+ buf_append(reqbuf, "\r\n"); |
54 |
+ |
55 |
+ if (buf_error(reqbuf)) { |
56 |
+@@ -606,6 +607,7 @@ int oncp_connect(struct openconnect_info *vpninfo) |
57 |
+ buf_truncate(reqbuf); |
58 |
+ buf_append(reqbuf, "POST /dana/js?prot=1&svc=4 HTTP/1.1\r\n"); |
59 |
+ oncp_common_headers(vpninfo, reqbuf); |
60 |
++ buf_append(reqbuf, "Content-Length: 256\r\n"); |
61 |
+ buf_append(reqbuf, "\r\n"); |
62 |
+ |
63 |
+ if (buf_error(reqbuf)) { |
64 |
+-- |
65 |
+2.7.3 |
66 |
+ |
67 |
|
68 |
diff --git a/net-misc/openconnect/openconnect-7.07-r2.ebuild b/net-misc/openconnect/openconnect-7.07-r2.ebuild |
69 |
new file mode 100644 |
70 |
index 00000000..57ae5c0 |
71 |
--- /dev/null |
72 |
+++ b/net-misc/openconnect/openconnect-7.07-r2.ebuild |
73 |
@@ -0,0 +1,162 @@ |
74 |
+# Copyright 1999-2016 Gentoo Foundation |
75 |
+# Distributed under the terms of the GNU General Public License v2 |
76 |
+# $Id$ |
77 |
+ |
78 |
+EAPI=6 |
79 |
+ |
80 |
+PYTHON_COMPAT=( python2_7 ) |
81 |
+PYTHON_REQ_USE="xml" |
82 |
+ |
83 |
+inherit eutils java-pkg-opt-2 linux-info python-any-r1 readme.gentoo-r1 |
84 |
+ |
85 |
+if [[ ${PV} == 9999 ]]; then |
86 |
+ EGIT_REPO_URI="git://git.infradead.org/users/dwmw2/${PN}.git" |
87 |
+ inherit git-r3 autotools |
88 |
+else |
89 |
+ ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz" |
90 |
+ KEYWORDS="amd64 ~arm ~arm64 ~ppc64 ~x86" |
91 |
+fi |
92 |
+VPNC_VER=20160829 |
93 |
+SRC_URI="${ARCHIVE_URI} |
94 |
+ ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz" |
95 |
+ |
96 |
+DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" |
97 |
+HOMEPAGE="http://www.infradead.org/openconnect.html" |
98 |
+ |
99 |
+LICENSE="LGPL-2.1 GPL-2" |
100 |
+SLOT="0/5" |
101 |
+IUSE="doc +gnutls gssapi java libproxy nls smartcard static-libs stoken" |
102 |
+ |
103 |
+DEPEND="dev-libs/libxml2 |
104 |
+ sys-libs/zlib |
105 |
+ !gnutls? ( |
106 |
+ >=dev-libs/openssl-1.0.1h:0[static-libs?] |
107 |
+ ) |
108 |
+ gnutls? ( |
109 |
+ >=net-libs/gnutls-3:0=[static-libs?] dev-libs/nettle |
110 |
+ app-misc/ca-certificates |
111 |
+ ) |
112 |
+ gssapi? ( virtual/krb5 ) |
113 |
+ libproxy? ( net-libs/libproxy ) |
114 |
+ nls? ( virtual/libintl ) |
115 |
+ smartcard? ( sys-apps/pcsc-lite:0= ) |
116 |
+ stoken? ( app-crypt/stoken )" |
117 |
+RDEPEND="${DEPEND} |
118 |
+ sys-apps/iproute2 |
119 |
+ !<sys-apps/openrc-0.13" |
120 |
+DEPEND="${DEPEND} |
121 |
+ virtual/pkgconfig |
122 |
+ doc? ( ${PYTHON_DEPS} sys-apps/groff ) |
123 |
+ java? ( >=virtual/jdk-1.6 ) |
124 |
+ nls? ( sys-devel/gettext )" |
125 |
+ |
126 |
+CONFIG_CHECK="~TUN" |
127 |
+ |
128 |
+PATCHES=( |
129 |
+ "${FILESDIR}"/${P}-mimic-pulse-client.patch |
130 |
+) |
131 |
+ |
132 |
+pkg_pretend() { |
133 |
+ check_extra_config |
134 |
+} |
135 |
+ |
136 |
+pkg_setup() { |
137 |
+ java-pkg-opt-2_pkg_setup |
138 |
+} |
139 |
+ |
140 |
+src_unpack() { |
141 |
+ if [[ ${PV} == 9999 ]]; then |
142 |
+ git-r3_src_unpack |
143 |
+ fi |
144 |
+ default |
145 |
+} |
146 |
+ |
147 |
+src_prepare() { |
148 |
+ default |
149 |
+ if [[ ${PV} == 9999 ]]; then |
150 |
+ eautoreconf |
151 |
+ fi |
152 |
+} |
153 |
+ |
154 |
+src_configure() { |
155 |
+ if [[ ${LINGUAS+set} == set ]]; then |
156 |
+ strip-linguas -u po |
157 |
+ echo "${LINGUAS}" > po/LINGUAS || die |
158 |
+ fi |
159 |
+ |
160 |
+ if use doc; then |
161 |
+ python_setup |
162 |
+ else |
163 |
+ # If the python cannot be found, the docs will not build |
164 |
+ sed -e 's#"${ac_cv_path_PYTHON}"#""#' -i configure || die |
165 |
+ fi |
166 |
+ |
167 |
+ # liboath not in portage |
168 |
+ econf \ |
169 |
+ --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" \ |
170 |
+ $(use_enable static-libs static) \ |
171 |
+ $(use_enable nls ) \ |
172 |
+ $(use_with !gnutls openssl) \ |
173 |
+ $(use_with gnutls ) \ |
174 |
+ $(use_with libproxy) \ |
175 |
+ $(use_with gssapi) \ |
176 |
+ $(use_with smartcard libpcsclite) \ |
177 |
+ $(use_with stoken) \ |
178 |
+ $(use_with java) |
179 |
+} |
180 |
+ |
181 |
+DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels. |
182 |
+ |
183 |
+You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d |
184 |
+instead of calling it directly: |
185 |
+ |
186 |
+ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 |
187 |
+ |
188 |
+You can then start the vpn tunnel like this: |
189 |
+ |
190 |
+/etc/init.d/openconnect.vpn0 start |
191 |
+ |
192 |
+If you would like to run preup, postup, predown, and/or postdown scripts, |
193 |
+You need to create a directory in /etc/openconnect with the name of the vpn: |
194 |
+ |
195 |
+mkdir /etc/openconnect/vpn0 |
196 |
+ |
197 |
+Then add executable shell files: |
198 |
+ |
199 |
+mkdir /etc/openconnect/vpn0 |
200 |
+cd /etc/openconnect/vpn0 |
201 |
+echo '#!/bin/sh' > preup.sh |
202 |
+cp preup.sh predown.sh |
203 |
+cp preup.sh postup.sh |
204 |
+cp preup.sh postdown.sh |
205 |
+chmod 755 /etc/openconnect/vpn0/* |
206 |
+" |
207 |
+ |
208 |
+src_install() { |
209 |
+ emake DESTDIR="${D}" install |
210 |
+ |
211 |
+ dodoc AUTHORS TODO |
212 |
+ newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect |
213 |
+ dodir /etc/openconnect |
214 |
+ insinto /etc/openconnect |
215 |
+ newconfd "${FILESDIR}"/openconnect.conf.in openconnect |
216 |
+ exeinto /etc/openconnect |
217 |
+ newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh |
218 |
+ insinto /etc/logrotate.d |
219 |
+ newins "${FILESDIR}"/openconnect.logrotate openconnect |
220 |
+ keepdir /var/log/openconnect |
221 |
+ |
222 |
+ # Remove useless .la files |
223 |
+ prune_libtool_files --all |
224 |
+ |
225 |
+ readme.gentoo_create_doc |
226 |
+} |
227 |
+ |
228 |
+pkg_postinst() { |
229 |
+ readme.gentoo_print_elog |
230 |
+ if [[ -z ${REPLACING_VERSIONS} ]]; then |
231 |
+ elog |
232 |
+ elog "You may want to consider installing the following optional packages." |
233 |
+ optfeature "resolvconf support" net-dns/openresolv |
234 |
+ fi |
235 |
+} |