Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Markos Chandras (hwoarang)" <hwoarang@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in kde-misc/plasma-nm/files: plasma-nm-0.9.3.5-openconnect.patch
Date: Wed, 29 Apr 2015 17:24:02
Message-Id: 20150429172356.320FA97D@oystercatcher.gentoo.org
1 hwoarang 15/04/29 17:23:54
2
3 Added: plasma-nm-0.9.3.5-openconnect.patch
4 Log:
5 Add upstream patch to fix build with the latest openconnect. Bug #532294
6
7 (Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 09BF4F54C2BA7F3C!)
8
9 Revision Changes Path
10 1.1 kde-misc/plasma-nm/files/plasma-nm-0.9.3.5-openconnect.patch
11
12 file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-misc/plasma-nm/files/plasma-nm-0.9.3.5-openconnect.patch?rev=1.1&view=markup
13 plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-misc/plasma-nm/files/plasma-nm-0.9.3.5-openconnect.patch?rev=1.1&content-type=text/plain
14
15 Index: plasma-nm-0.9.3.5-openconnect.patch
16 ===================================================================
17 From: David Woodhouse <David.Woodhouse@×××××.com>
18 Date: Wed, 03 Dec 2014 14:10:44 +0000
19 Subject: Update OpenConnect support for library version 5
20 X-Git-Url: http://quickgit.kde.org/?p=plasma-nm.git&a=commitdiff&h=3e6585fa4dd2fb3d9b59c7704bd3d7ae5b2c4167
21 ---
22 Update OpenConnect support for library version 5
23
24 String ownership rules are now very simple: the library never takes ownership
25 of a string it's passed. It always takes its *own* copy and is responsible
26 for freeing that. Mostly driven by Windows DLL Hell where it's painful to
27 allocate in one library and free in another because they might actually be
28 using different heaps.
29
30 Also adapt to the changes in server certificate hash handling. We are no
31 longer supposed to just compare strings, and must call the relevant function
32 to check a hash against the server's certificate. This gives better matching
33 and allows libopenconnect to upgrade the hash in future when it becomes
34 necessary.
35 ---
36 Backported from upstream
37
38 Signed-off-by: Markos Chandras <hwoarang@g.o>
39 X-Gentoo-Bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=532294
40 ---
41 --- a/vpn/openconnect/CMakeLists.txt
42 +++ b/vpn/openconnect/CMakeLists.txt
43 @@ -15,6 +15,8 @@
44
45 if (${OPENCONNECT_VERSION} VERSION_GREATER ${MINIMUM_OPENCONNECT_VERSION_REQUIRED} OR
46 ${OPENCONNECT_VERSION} VERSION_EQUAL ${MINIMUM_OPENCONNECT_VERSION_REQUIRED})
47 +
48 + include_directories(${OPENCONNECT_INCLUDE_DIRS})
49
50 set(openconnect_SRCS
51 openconnectui.cpp
52
53 --- a/vpn/openconnect/openconnectauth.cpp
54 +++ b/vpn/openconnect/openconnectauth.cpp
55 @@ -161,7 +161,7 @@
56 }
57 if (!dataMap[NM_OPENCONNECT_KEY_CACERT].isEmpty()) {
58 const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_CACERT]);
59 - openconnect_set_cafile(d->vpninfo, strdup(crt.data()));
60 + openconnect_set_cafile(d->vpninfo, OC3DUP(crt.data()));
61 }
62 if (dataMap[NM_OPENCONNECT_KEY_CSD_ENABLE] == "yes") {
63 char *wrapper;
64 @@ -174,12 +174,12 @@
65 }
66 if (!dataMap[NM_OPENCONNECT_KEY_PROXY].isEmpty()) {
67 const QByteArray proxy = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PROXY]);
68 - openconnect_set_http_proxy(d->vpninfo, strdup(proxy.data()));
69 + openconnect_set_http_proxy(d->vpninfo, OC3DUP(proxy.data()));
70 }
71 if (!dataMap[NM_OPENCONNECT_KEY_USERCERT].isEmpty()) {
72 const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_USERCERT]);
73 const QByteArray key = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PRIVKEY]);
74 - openconnect_set_client_cert (d->vpninfo, strdup(crt.data()), strdup(key.data()));
75 + openconnect_set_client_cert (d->vpninfo, OC3DUP(crt.data()), OC3DUP(key.data()));
76
77 if (!crt.isEmpty() && dataMap[NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID] == "yes") {
78 openconnect_passphrase_from_fsid(d->vpninfo);
79 @@ -276,10 +276,10 @@
80 const VPNHost &host = d->hosts.at(i);
81 if (openconnect_parse_url(d->vpninfo, host.address.toAscii().data())) {
82 kWarning() << "Failed to parse server URL" << host.address;
83 - openconnect_set_hostname(d->vpninfo, strdup(host.address.toAscii().data()));
84 + openconnect_set_hostname(d->vpninfo, OC3DUP(host.address.toAscii().data()));
85 }
86 if (!openconnect_get_urlpath(d->vpninfo) && !host.group.isEmpty())
87 - openconnect_set_urlpath(d->vpninfo, strdup(host.group.toAscii().data()));
88 + openconnect_set_urlpath(d->vpninfo, OC3DUP(host.group.toAscii().data()));
89 d->secrets["lasthost"] = host.name;
90 addFormInfo(QLatin1String("dialog-information"), i18n("Contacting host, please wait..."));
91 d->worker->start();
92 @@ -301,9 +301,13 @@
93 secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_COOKIE), QLatin1String(openconnect_get_cookie(d->vpninfo)));
94 openconnect_clear_cookie(d->vpninfo);
95
96 +#if OPENCONNECT_CHECK_VER(5,0)
97 + const char *fingerprint = openconnect_get_peer_cert_hash(d->vpninfo);
98 +#else
99 OPENCONNECT_X509 *cert = openconnect_get_peer_cert(d->vpninfo);
100 char fingerprint[41];
101 openconnect_get_cert_sha1(d->vpninfo, cert, fingerprint);
102 +#endif
103 secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_GWCERT), QLatin1String(fingerprint));
104 secrets.insert(QLatin1String("certsigs"), d->certificateFingerprints.join("\t"));
105 secrets.insert(QLatin1String("autoconnect"), d->ui.chkAutoconnect->isChecked() ? "yes" : "no");
106 @@ -578,14 +582,14 @@
107 if (opt->type == OC_FORM_OPT_PASSWORD || opt->type == OC_FORM_OPT_TEXT) {
108 KLineEdit *le = qobject_cast<KLineEdit*>(widget);
109 QByteArray text = le->text().toUtf8();
110 - opt->value = strdup(text.data());
111 + openconnect_set_option_value(opt, text.data());
112 if (opt->type == OC_FORM_OPT_TEXT) {
113 d->secrets.insert(key,le->text());
114 }
115 } else if (opt->type == OC_FORM_OPT_SELECT) {
116 KComboBox *cbo = qobject_cast<KComboBox*>(widget);
117 QByteArray text = cbo->itemData(cbo->currentIndex()).toString().toAscii();
118 - opt->value = strdup(text.data());
119 + openconnect_set_option_value(opt, text.data());
120 d->secrets.insert(key,cbo->itemData(cbo->currentIndex()).toString());
121 }
122 }
123
124 --- a/vpn/openconnect/openconnectauthworkerthread.cpp
125 +++ b/vpn/openconnect/openconnectauthworkerthread.cpp
126 @@ -43,6 +43,20 @@
127 class OpenconnectAuthStaticWrapper
128 {
129 public:
130 +#if OPENCONNECT_CHECK_VER(5,0)
131 + static int writeNewConfig(void *obj, const char *str, int num)
132 + {
133 + if (obj)
134 + return static_cast<OpenconnectAuthWorkerThread*>(obj)->writeNewConfig(str, num);
135 + return -1;
136 + }
137 + static int validatePeerCert(void *obj, const char *str)
138 + {
139 + if (obj)
140 + return static_cast<OpenconnectAuthWorkerThread*>(obj)->validatePeerCert(NULL, str);
141 + return -1;
142 + }
143 +#else
144 static int writeNewConfig(void *obj, char *str, int num)
145 {
146 if (obj)
147 @@ -55,7 +69,8 @@
148 return static_cast<OpenconnectAuthWorkerThread*>(obj)->validatePeerCert(cert, str);
149 return -1;
150 }
151 - static int processAuthForm(void *obj, struct oc_auth_form *form)
152 +#endif
153 + static int processAuthForm(void *obj, struct oc_auth_form *form)
154 {
155 if (obj)
156 return static_cast<OpenconnectAuthWorkerThread*>(obj)->processAuthFormP(form);
157 @@ -108,7 +123,7 @@
158 return m_openconnectInfo;
159 }
160
161 -int OpenconnectAuthWorkerThread::writeNewConfig(char *buf, int buflen)
162 +int OpenconnectAuthWorkerThread::writeNewConfig(const char *buf, int buflen)
163 {
164 Q_UNUSED(buflen)
165 if (*m_userDecidedToQuit)
166 @@ -139,10 +154,16 @@
167 }
168 #endif
169
170 -int OpenconnectAuthWorkerThread::validatePeerCert(OPENCONNECT_X509 *cert, const char *reason)
171 -{
172 - if (*m_userDecidedToQuit)
173 - return -EINVAL;
174 +int OpenconnectAuthWorkerThread::validatePeerCert(void *cert, const char *reason)
175 +{
176 + if (*m_userDecidedToQuit)
177 + return -EINVAL;
178 +
179 +#if OPENCONNECT_CHECK_VER(5,0)
180 + (void)cert;
181 + const char *fingerprint = openconnect_get_peer_cert_hash(m_openconnectInfo);
182 + char *details = openconnect_get_peer_cert_details(m_openconnectInfo);
183 +#else
184 char fingerprint[41];
185 int ret = 0;
186
187 @@ -151,7 +172,7 @@
188 return ret;
189
190 char *details = openconnect_get_cert_details(m_openconnectInfo, cert);
191 -
192 +#endif
193 bool accepted = false;
194 m_mutex->lock();
195 QString qFingerprint(fingerprint);
196 @@ -160,7 +181,7 @@
197 emit validatePeerCert(qFingerprint, qCertinfo, qReason, &accepted);
198 m_waitForUserInput->wait(m_mutex);
199 m_mutex->unlock();
200 - ::free(details);
201 + openconnect_free_cert_info(m_openconnectInfo, details);
202 if (*m_userDecidedToQuit)
203 return -EINVAL;
204
205
206 --- a/vpn/openconnect/openconnectauthworkerthread.h
207 +++ b/vpn/openconnect/openconnectauthworkerthread.h
208 @@ -59,6 +59,17 @@
209 #define OC_FORM_RESULT_NEWGROUP 2
210 #endif
211
212 +#if OPENCONNECT_CHECK_VER(4,0)
213 +#define OC3DUP(x) (x)
214 +#else
215 +#define openconnect_set_option_value(opt, val) do { \
216 + struct oc_form_opt *_o = (opt); \
217 + free(_o->value); _o->value = strdup(val); \
218 + } while (0)
219 +#define openconnect_free_cert_info(v, x) ::free(x)
220 +#define OC3DUP(x) strdup(x)
221 +#endif
222 +
223 #include <QThread>
224
225 class QMutex;
226 @@ -85,8 +96,8 @@
227 void run();
228
229 private:
230 - int writeNewConfig(char *, int);
231 - int validatePeerCert(OPENCONNECT_X509 *, const char *);
232 + int writeNewConfig(const char *, int);
233 + int validatePeerCert(void *, const char *);
234 int processAuthFormP(struct oc_auth_form *);
235 void writeProgress(int level, const char *, va_list);
Report Message
Find on MARC Find on Google Groups