1 |
hwoarang 15/04/29 17:23:54 |
2 |
|
3 |
Added: plasma-nm-0.9.3.5-openconnect.patch |
4 |
Log: |
5 |
Add upstream patch to fix build with the latest openconnect. Bug #532294 |
6 |
|
7 |
(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 09BF4F54C2BA7F3C!) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 kde-misc/plasma-nm/files/plasma-nm-0.9.3.5-openconnect.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-misc/plasma-nm/files/plasma-nm-0.9.3.5-openconnect.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-misc/plasma-nm/files/plasma-nm-0.9.3.5-openconnect.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: plasma-nm-0.9.3.5-openconnect.patch |
16 |
=================================================================== |
17 |
From: David Woodhouse <David.Woodhouse@×××××.com> |
18 |
Date: Wed, 03 Dec 2014 14:10:44 +0000 |
19 |
Subject: Update OpenConnect support for library version 5 |
20 |
X-Git-Url: http://quickgit.kde.org/?p=plasma-nm.git&a=commitdiff&h=3e6585fa4dd2fb3d9b59c7704bd3d7ae5b2c4167 |
21 |
--- |
22 |
Update OpenConnect support for library version 5 |
23 |
|
24 |
String ownership rules are now very simple: the library never takes ownership |
25 |
of a string it's passed. It always takes its *own* copy and is responsible |
26 |
for freeing that. Mostly driven by Windows DLL Hell where it's painful to |
27 |
allocate in one library and free in another because they might actually be |
28 |
using different heaps. |
29 |
|
30 |
Also adapt to the changes in server certificate hash handling. We are no |
31 |
longer supposed to just compare strings, and must call the relevant function |
32 |
to check a hash against the server's certificate. This gives better matching |
33 |
and allows libopenconnect to upgrade the hash in future when it becomes |
34 |
necessary. |
35 |
--- |
36 |
Backported from upstream |
37 |
|
38 |
Signed-off-by: Markos Chandras <hwoarang@g.o> |
39 |
X-Gentoo-Bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=532294 |
40 |
--- |
41 |
--- a/vpn/openconnect/CMakeLists.txt |
42 |
+++ b/vpn/openconnect/CMakeLists.txt |
43 |
@@ -15,6 +15,8 @@ |
44 |
|
45 |
if (${OPENCONNECT_VERSION} VERSION_GREATER ${MINIMUM_OPENCONNECT_VERSION_REQUIRED} OR |
46 |
${OPENCONNECT_VERSION} VERSION_EQUAL ${MINIMUM_OPENCONNECT_VERSION_REQUIRED}) |
47 |
+ |
48 |
+ include_directories(${OPENCONNECT_INCLUDE_DIRS}) |
49 |
|
50 |
set(openconnect_SRCS |
51 |
openconnectui.cpp |
52 |
|
53 |
--- a/vpn/openconnect/openconnectauth.cpp |
54 |
+++ b/vpn/openconnect/openconnectauth.cpp |
55 |
@@ -161,7 +161,7 @@ |
56 |
} |
57 |
if (!dataMap[NM_OPENCONNECT_KEY_CACERT].isEmpty()) { |
58 |
const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_CACERT]); |
59 |
- openconnect_set_cafile(d->vpninfo, strdup(crt.data())); |
60 |
+ openconnect_set_cafile(d->vpninfo, OC3DUP(crt.data())); |
61 |
} |
62 |
if (dataMap[NM_OPENCONNECT_KEY_CSD_ENABLE] == "yes") { |
63 |
char *wrapper; |
64 |
@@ -174,12 +174,12 @@ |
65 |
} |
66 |
if (!dataMap[NM_OPENCONNECT_KEY_PROXY].isEmpty()) { |
67 |
const QByteArray proxy = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PROXY]); |
68 |
- openconnect_set_http_proxy(d->vpninfo, strdup(proxy.data())); |
69 |
+ openconnect_set_http_proxy(d->vpninfo, OC3DUP(proxy.data())); |
70 |
} |
71 |
if (!dataMap[NM_OPENCONNECT_KEY_USERCERT].isEmpty()) { |
72 |
const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_USERCERT]); |
73 |
const QByteArray key = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PRIVKEY]); |
74 |
- openconnect_set_client_cert (d->vpninfo, strdup(crt.data()), strdup(key.data())); |
75 |
+ openconnect_set_client_cert (d->vpninfo, OC3DUP(crt.data()), OC3DUP(key.data())); |
76 |
|
77 |
if (!crt.isEmpty() && dataMap[NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID] == "yes") { |
78 |
openconnect_passphrase_from_fsid(d->vpninfo); |
79 |
@@ -276,10 +276,10 @@ |
80 |
const VPNHost &host = d->hosts.at(i); |
81 |
if (openconnect_parse_url(d->vpninfo, host.address.toAscii().data())) { |
82 |
kWarning() << "Failed to parse server URL" << host.address; |
83 |
- openconnect_set_hostname(d->vpninfo, strdup(host.address.toAscii().data())); |
84 |
+ openconnect_set_hostname(d->vpninfo, OC3DUP(host.address.toAscii().data())); |
85 |
} |
86 |
if (!openconnect_get_urlpath(d->vpninfo) && !host.group.isEmpty()) |
87 |
- openconnect_set_urlpath(d->vpninfo, strdup(host.group.toAscii().data())); |
88 |
+ openconnect_set_urlpath(d->vpninfo, OC3DUP(host.group.toAscii().data())); |
89 |
d->secrets["lasthost"] = host.name; |
90 |
addFormInfo(QLatin1String("dialog-information"), i18n("Contacting host, please wait...")); |
91 |
d->worker->start(); |
92 |
@@ -301,9 +301,13 @@ |
93 |
secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_COOKIE), QLatin1String(openconnect_get_cookie(d->vpninfo))); |
94 |
openconnect_clear_cookie(d->vpninfo); |
95 |
|
96 |
+#if OPENCONNECT_CHECK_VER(5,0) |
97 |
+ const char *fingerprint = openconnect_get_peer_cert_hash(d->vpninfo); |
98 |
+#else |
99 |
OPENCONNECT_X509 *cert = openconnect_get_peer_cert(d->vpninfo); |
100 |
char fingerprint[41]; |
101 |
openconnect_get_cert_sha1(d->vpninfo, cert, fingerprint); |
102 |
+#endif |
103 |
secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_GWCERT), QLatin1String(fingerprint)); |
104 |
secrets.insert(QLatin1String("certsigs"), d->certificateFingerprints.join("\t")); |
105 |
secrets.insert(QLatin1String("autoconnect"), d->ui.chkAutoconnect->isChecked() ? "yes" : "no"); |
106 |
@@ -578,14 +582,14 @@ |
107 |
if (opt->type == OC_FORM_OPT_PASSWORD || opt->type == OC_FORM_OPT_TEXT) { |
108 |
KLineEdit *le = qobject_cast<KLineEdit*>(widget); |
109 |
QByteArray text = le->text().toUtf8(); |
110 |
- opt->value = strdup(text.data()); |
111 |
+ openconnect_set_option_value(opt, text.data()); |
112 |
if (opt->type == OC_FORM_OPT_TEXT) { |
113 |
d->secrets.insert(key,le->text()); |
114 |
} |
115 |
} else if (opt->type == OC_FORM_OPT_SELECT) { |
116 |
KComboBox *cbo = qobject_cast<KComboBox*>(widget); |
117 |
QByteArray text = cbo->itemData(cbo->currentIndex()).toString().toAscii(); |
118 |
- opt->value = strdup(text.data()); |
119 |
+ openconnect_set_option_value(opt, text.data()); |
120 |
d->secrets.insert(key,cbo->itemData(cbo->currentIndex()).toString()); |
121 |
} |
122 |
} |
123 |
|
124 |
--- a/vpn/openconnect/openconnectauthworkerthread.cpp |
125 |
+++ b/vpn/openconnect/openconnectauthworkerthread.cpp |
126 |
@@ -43,6 +43,20 @@ |
127 |
class OpenconnectAuthStaticWrapper |
128 |
{ |
129 |
public: |
130 |
+#if OPENCONNECT_CHECK_VER(5,0) |
131 |
+ static int writeNewConfig(void *obj, const char *str, int num) |
132 |
+ { |
133 |
+ if (obj) |
134 |
+ return static_cast<OpenconnectAuthWorkerThread*>(obj)->writeNewConfig(str, num); |
135 |
+ return -1; |
136 |
+ } |
137 |
+ static int validatePeerCert(void *obj, const char *str) |
138 |
+ { |
139 |
+ if (obj) |
140 |
+ return static_cast<OpenconnectAuthWorkerThread*>(obj)->validatePeerCert(NULL, str); |
141 |
+ return -1; |
142 |
+ } |
143 |
+#else |
144 |
static int writeNewConfig(void *obj, char *str, int num) |
145 |
{ |
146 |
if (obj) |
147 |
@@ -55,7 +69,8 @@ |
148 |
return static_cast<OpenconnectAuthWorkerThread*>(obj)->validatePeerCert(cert, str); |
149 |
return -1; |
150 |
} |
151 |
- static int processAuthForm(void *obj, struct oc_auth_form *form) |
152 |
+#endif |
153 |
+ static int processAuthForm(void *obj, struct oc_auth_form *form) |
154 |
{ |
155 |
if (obj) |
156 |
return static_cast<OpenconnectAuthWorkerThread*>(obj)->processAuthFormP(form); |
157 |
@@ -108,7 +123,7 @@ |
158 |
return m_openconnectInfo; |
159 |
} |
160 |
|
161 |
-int OpenconnectAuthWorkerThread::writeNewConfig(char *buf, int buflen) |
162 |
+int OpenconnectAuthWorkerThread::writeNewConfig(const char *buf, int buflen) |
163 |
{ |
164 |
Q_UNUSED(buflen) |
165 |
if (*m_userDecidedToQuit) |
166 |
@@ -139,10 +154,16 @@ |
167 |
} |
168 |
#endif |
169 |
|
170 |
-int OpenconnectAuthWorkerThread::validatePeerCert(OPENCONNECT_X509 *cert, const char *reason) |
171 |
-{ |
172 |
- if (*m_userDecidedToQuit) |
173 |
- return -EINVAL; |
174 |
+int OpenconnectAuthWorkerThread::validatePeerCert(void *cert, const char *reason) |
175 |
+{ |
176 |
+ if (*m_userDecidedToQuit) |
177 |
+ return -EINVAL; |
178 |
+ |
179 |
+#if OPENCONNECT_CHECK_VER(5,0) |
180 |
+ (void)cert; |
181 |
+ const char *fingerprint = openconnect_get_peer_cert_hash(m_openconnectInfo); |
182 |
+ char *details = openconnect_get_peer_cert_details(m_openconnectInfo); |
183 |
+#else |
184 |
char fingerprint[41]; |
185 |
int ret = 0; |
186 |
|
187 |
@@ -151,7 +172,7 @@ |
188 |
return ret; |
189 |
|
190 |
char *details = openconnect_get_cert_details(m_openconnectInfo, cert); |
191 |
- |
192 |
+#endif |
193 |
bool accepted = false; |
194 |
m_mutex->lock(); |
195 |
QString qFingerprint(fingerprint); |
196 |
@@ -160,7 +181,7 @@ |
197 |
emit validatePeerCert(qFingerprint, qCertinfo, qReason, &accepted); |
198 |
m_waitForUserInput->wait(m_mutex); |
199 |
m_mutex->unlock(); |
200 |
- ::free(details); |
201 |
+ openconnect_free_cert_info(m_openconnectInfo, details); |
202 |
if (*m_userDecidedToQuit) |
203 |
return -EINVAL; |
204 |
|
205 |
|
206 |
--- a/vpn/openconnect/openconnectauthworkerthread.h |
207 |
+++ b/vpn/openconnect/openconnectauthworkerthread.h |
208 |
@@ -59,6 +59,17 @@ |
209 |
#define OC_FORM_RESULT_NEWGROUP 2 |
210 |
#endif |
211 |
|
212 |
+#if OPENCONNECT_CHECK_VER(4,0) |
213 |
+#define OC3DUP(x) (x) |
214 |
+#else |
215 |
+#define openconnect_set_option_value(opt, val) do { \ |
216 |
+ struct oc_form_opt *_o = (opt); \ |
217 |
+ free(_o->value); _o->value = strdup(val); \ |
218 |
+ } while (0) |
219 |
+#define openconnect_free_cert_info(v, x) ::free(x) |
220 |
+#define OC3DUP(x) strdup(x) |
221 |
+#endif |
222 |
+ |
223 |
#include <QThread> |
224 |
|
225 |
class QMutex; |
226 |
@@ -85,8 +96,8 @@ |
227 |
void run(); |
228 |
|
229 |
private: |
230 |
- int writeNewConfig(char *, int); |
231 |
- int validatePeerCert(OPENCONNECT_X509 *, const char *); |
232 |
+ int writeNewConfig(const char *, int); |
233 |
+ int validatePeerCert(void *, const char *); |
234 |
int processAuthFormP(struct oc_auth_form *); |
235 |
void writeProgress(int level, const char *, va_list); |