[arch-commits] Commit in networkmanager-openconnect/repos/staging-x86_64 (6 files)
Eric Bélanger
eric at archlinux.org
Thu Jan 1 00:29:00 UTC 2015
Date: Thursday, January 1, 2015 @ 01:28:59
Author: eric
Revision: 228269
archrelease: copy trunk to staging-x86_64
Added:
networkmanager-openconnect/repos/staging-x86_64/PKGBUILD
(from rev 228268, networkmanager-openconnect/trunk/PKGBUILD)
networkmanager-openconnect/repos/staging-x86_64/libopenconnect.so.4.patch
(from rev 228268, networkmanager-openconnect/trunk/libopenconnect.so.4.patch)
networkmanager-openconnect/repos/staging-x86_64/libopenconnect.so.5.patch
(from rev 228268, networkmanager-openconnect/trunk/libopenconnect.so.5.patch)
networkmanager-openconnect/repos/staging-x86_64/networkmanager-openconnect.install
(from rev 228268, networkmanager-openconnect/trunk/networkmanager-openconnect.install)
Deleted:
networkmanager-openconnect/repos/staging-x86_64/PKGBUILD
networkmanager-openconnect/repos/staging-x86_64/networkmanager-openconnect.install
------------------------------------+
PKGBUILD | 82 +++++++--------
libopenconnect.so.4.patch | 124 +++++++++++++++++++++++
libopenconnect.so.5.patch | 182 +++++++++++++++++++++++++++++++++++
networkmanager-openconnect.install | 32 +++---
4 files changed, 363 insertions(+), 57 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2015-01-01 00:26:43 UTC (rev 228268)
+++ PKGBUILD 2015-01-01 00:28:59 UTC (rev 228269)
@@ -1,41 +0,0 @@
-# $Id$
-# Maintainer: Ionut Biru <ibiru at archlinux.org>
-
-pkgname=networkmanager-openconnect
-pkgver=0.9.10.0
-pkgrel=2
-pkgdesc="NetworkManager VPN integration for openconnect"
-arch=('i686' 'x86_64')
-license=('GPL')
-url="http://www.gnome.org/projects/NetworkManager/"
-depends=("networkmanager>=${pkgver::6}" 'openconnect' 'gtk3' 'libsecret')
-makedepends=('intltool')
-optdepends=('network-manager-applet: GNOME frontends to NetWorkmanager')
-install=$pkgname.install
-source=(http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openconnect/0.9/NetworkManager-openconnect-${pkgver}.tar.xz
- libopenconnect.so.4.patch
- libopenconnect.so.5.patch)
-sha256sums=('8007d70a6943388bfa141f99fc4da9965fd122cf2741512ce0cf9c0f9c78331a'
- 'e2a84ac7467b5ffb20891946fd132f9d34012f17a4847ab7c7cde34cca3a9762'
- '6b46edb11f96e0ad2b0fd39b11326b24520d9d2ff35a1d167a98c8bc5b7c6272')
-
-prepare() {
- cd NetworkManager-openconnect-${pkgver}
- patch -p1 -i ../libopenconnect.so.4.patch
- patch -p1 -i ../libopenconnect.so.5.patch
-}
-
-build() {
- cd NetworkManager-openconnect-${pkgver}
- ./configure --prefix=/usr \
- --sysconfdir=/etc \
- --libexecdir=/usr/lib/networkmanager \
- --enable-more-warnings=yes \
- --disable-static
- make
-}
-
-package() {
- cd NetworkManager-openconnect-${pkgver}
- make DESTDIR="${pkgdir}" install
-}
Copied: networkmanager-openconnect/repos/staging-x86_64/PKGBUILD (from rev 228268, networkmanager-openconnect/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2015-01-01 00:28:59 UTC (rev 228269)
@@ -0,0 +1,41 @@
+# $Id$
+# Maintainer: Ionut Biru <ibiru at archlinux.org>
+
+pkgname=networkmanager-openconnect
+pkgver=0.9.10.0
+pkgrel=2
+pkgdesc="NetworkManager VPN integration for openconnect"
+arch=('i686' 'x86_64')
+license=('GPL')
+url="http://www.gnome.org/projects/NetworkManager/"
+depends=("networkmanager>=${pkgver::6}" 'openconnect' 'gtk3' 'libsecret')
+makedepends=('intltool')
+optdepends=('network-manager-applet: GNOME frontends to NetWorkmanager')
+install=$pkgname.install
+source=(http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openconnect/0.9/NetworkManager-openconnect-${pkgver}.tar.xz
+ libopenconnect.so.4.patch
+ libopenconnect.so.5.patch)
+sha256sums=('8007d70a6943388bfa141f99fc4da9965fd122cf2741512ce0cf9c0f9c78331a'
+ 'e2a84ac7467b5ffb20891946fd132f9d34012f17a4847ab7c7cde34cca3a9762'
+ '6b46edb11f96e0ad2b0fd39b11326b24520d9d2ff35a1d167a98c8bc5b7c6272')
+
+prepare() {
+ cd NetworkManager-openconnect-${pkgver}
+ patch -p1 -i ../libopenconnect.so.4.patch
+ patch -p1 -i ../libopenconnect.so.5.patch
+}
+
+build() {
+ cd NetworkManager-openconnect-${pkgver}
+ ./configure --prefix=/usr \
+ --sysconfdir=/etc \
+ --libexecdir=/usr/lib/networkmanager \
+ --enable-more-warnings=yes \
+ --disable-static
+ make
+}
+
+package() {
+ cd NetworkManager-openconnect-${pkgver}
+ make DESTDIR="${pkgdir}" install
+}
Copied: networkmanager-openconnect/repos/staging-x86_64/libopenconnect.so.4.patch (from rev 228268, networkmanager-openconnect/trunk/libopenconnect.so.4.patch)
===================================================================
--- libopenconnect.so.4.patch (rev 0)
+++ libopenconnect.so.4.patch 2015-01-01 00:28:59 UTC (rev 228269)
@@ -0,0 +1,124 @@
+From 58944a3ef9c92f7afa07cbb539d062e1956bafc0 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <David.Woodhouse at intel.com>
+Date: Thu, 30 Oct 2014 23:09:14 +0000
+Subject: Support libopenconnect.so.4
+
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index 7171247..8285bf4 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -89,6 +89,21 @@
+ #define OC_FORM_RESULT_NEWGROUP 2
+ #endif
+
++#if OPENCONNECT_CHECK_VER(4,0)
++#define dup_option_value(opt) g_strdup((opt)->_value);
++#define OC3DUP(x) (x)
++#define write_config_const const
++#else
++#define dup_option_value(opt) g_strdup((opt)->value);
++#define openconnect_set_option_value(opt, val) do { \
++ struct oc_form_opt *_o = (opt); \
++ free(_o->value); _o->value = g_strdup(val); \
++ } while (0)
++#define openconnect_free_cert_info(v, x) free(x)
++#define OC3DUP(x) g_strdup(x)
++#define write_config_const /* */
++#endif
++
+ #ifdef OPENCONNECT_OPENSSL
+ #include <openssl/ssl.h>
+ #include <openssl/bio.h>
+@@ -712,7 +727,7 @@ static gboolean ui_form (struct oc_auth_form *form)
+ data->entry_text = g_strdup (find_form_answer(ui_data->secrets,
+ form, opt));
+ if (!data->entry_text)
+- data->entry_text = g_strdup (opt->value);
++ data->entry_text = dup_option_value(opt);
+ } else {
+ GHashTable *attrs;
+
+@@ -776,8 +791,7 @@ static gboolean set_initial_authgroup (auth_ui_data *ui_data, struct oc_auth_for
+ for (i = 0; i < sopt->nr_choices; i++) {
+ struct oc_choice *ch = FORMCHOICE(sopt, i);
+ if (!strcmp(saved_group, ch->name) && i != AUTHGROUP_SELECTION(form)) {
+- free(opt->value);
+- opt->value = g_strdup(saved_group);
++ openconnect_set_option_value(opt, saved_group);
+ return TRUE;
+ }
+ }
+@@ -823,7 +837,7 @@ static int nm_process_auth_form (void *cbdata, struct oc_auth_form *form)
+ g_cancellable_cancel(data->cancel);
+
+ if (data->entry_text) {
+- data->opt->value = g_strdup (data->entry_text);
++ openconnect_set_option_value(data->opt, data->entry_text);
+
+ if (data->opt->type == OC_FORM_OPT_TEXT ||
+ data->opt->type == OC_FORM_OPT_SELECT) {
+@@ -932,7 +946,7 @@ static gboolean user_validate_cert(cert_data *data)
+ text = gtk_text_view_new();
+ buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text));
+ gtk_text_buffer_set_text(buffer, details, -1);
+- free(details);
++ openconnect_free_cert_info(data->ui_data->vpninfo, details);
+ gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0);
+ gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE);
+ gtk_container_add(GTK_CONTAINER(scroll), text);
+@@ -1166,7 +1180,7 @@ static int get_config (GHashTable *options, GHashTable *secrets,
+
+ cafile = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_CACERT);
+ if (cafile)
+- openconnect_set_cafile(vpninfo, g_strdup (cafile));
++ openconnect_set_cafile(vpninfo, OC3DUP (cafile));
+
+ csd = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_CSD_ENABLE);
+ if (csd && !strcmp(csd, "yes")) {
+@@ -1176,16 +1190,16 @@ static int get_config (GHashTable *options, GHashTable *secrets,
+ if (csd_wrapper && !csd_wrapper[0])
+ csd_wrapper = NULL;
+
+- openconnect_setup_csd(vpninfo, getuid(), 1, g_strdup (csd_wrapper));
++ openconnect_setup_csd(vpninfo, getuid(), 1, OC3DUP (csd_wrapper));
+ }
+
+ proxy = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_PROXY);
+- if (proxy && proxy[0] && openconnect_set_http_proxy(vpninfo, g_strdup (proxy)))
++ if (proxy && proxy[0] && openconnect_set_http_proxy(vpninfo, OC3DUP (proxy)))
+ return -EINVAL;
+
+ cert = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_USERCERT);
+ sslkey = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_PRIVKEY);
+- openconnect_set_client_cert (vpninfo, g_strdup (cert), g_strdup (sslkey));
++ openconnect_set_client_cert (vpninfo, OC3DUP (cert), OC3DUP (sslkey));
+
+ pem_passphrase_fsid = g_hash_table_lookup (options,
+ NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID);
+@@ -1245,7 +1259,7 @@ static int update_token(void *cbdata, const char *tok)
+ }
+ #endif
+
+-static int write_new_config(void *cbdata, char *buf, int buflen)
++static int write_new_config(void *cbdata, write_config_const char *buf, int buflen)
+ {
+ auth_ui_data *ui_data = cbdata;
+ g_hash_table_insert (ui_data->secrets, g_strdup ("xmlconfig"),
+@@ -1472,11 +1486,11 @@ static void connect_host(auth_ui_data *ui_data)
+ if (openconnect_parse_url(ui_data->vpninfo, host->hostaddress)) {
+ fprintf(stderr, "Failed to parse server URL '%s'\n",
+ host->hostaddress);
+- openconnect_set_hostname (ui_data->vpninfo, g_strdup(host->hostaddress));
++ openconnect_set_hostname (ui_data->vpninfo, OC3DUP (host->hostaddress));
+ }
+
+ if (!openconnect_get_urlpath(ui_data->vpninfo) && host->usergroup)
+- openconnect_set_urlpath(ui_data->vpninfo, g_strdup(host->usergroup));
++ openconnect_set_urlpath(ui_data->vpninfo, OC3DUP (host->usergroup));
+
+
+ g_hash_table_insert (ui_data->success_secrets, g_strdup("lasthost"),
+--
+cgit v0.10.1
+
Copied: networkmanager-openconnect/repos/staging-x86_64/libopenconnect.so.5.patch (from rev 228268, networkmanager-openconnect/trunk/libopenconnect.so.5.patch)
===================================================================
--- libopenconnect.so.5.patch (rev 0)
+++ libopenconnect.so.5.patch 2015-01-01 00:28:59 UTC (rev 228269)
@@ -0,0 +1,182 @@
+From 2dc45e25b200e1b70e862f46c9f7ad652e59c8a2 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <David.Woodhouse at intel.com>
+Date: Mon, 3 Nov 2014 17:39:43 +0000
+Subject: Update to new hash handling, fix to match stored certs only for the
+ same host/port
+
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index df0146c..38f3a8f 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -694,7 +694,7 @@ static char* get_title(const char *vpn_name)
+
+ typedef struct cert_data {
+ auth_ui_data *ui_data;
+- OPENCONNECT_X509 *peer_cert;
++ char *cert_details;
+ const char *reason;
+ } cert_data;
+
+@@ -722,13 +722,10 @@ static gboolean user_validate_cert(cert_data *data)
+ {
+ auth_ui_data *ui_data = _ui_data; /* FIXME global */
+ char *title;
+- char *details;
+ GtkWidget *dlg, *text, *scroll;
+ GtkTextBuffer *buffer;
+ int result;
+
+- details = openconnect_get_cert_details(ui_data->vpninfo, data->peer_cert);
+-
+ title = get_title(data->ui_data->vpn_name);
+ dlg = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_QUESTION,
+ GTK_BUTTONS_OK_CANCEL,
+@@ -751,8 +748,7 @@ static gboolean user_validate_cert(cert_data *data)
+
+ text = gtk_text_view_new();
+ buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text));
+- gtk_text_buffer_set_text(buffer, details, -1);
+- openconnect_free_cert_info(data->ui_data->vpninfo, details);
++ gtk_text_buffer_set_text(buffer, data->cert_details, -1);
+ gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0);
+ gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE);
+ gtk_container_add(GTK_CONTAINER(scroll), text);
+@@ -775,36 +771,40 @@ static gboolean user_validate_cert(cert_data *data)
+
+ /* runs in worker thread */
+ static int validate_peer_cert(void *cbdata,
+- OPENCONNECT_X509 *peer_cert, const char *reason)
++#if !OPENCONNECT_CHECK_VER(5,0)
++ OPENCONNECT_X509 *peer_cert,
++#endif
++ const char *reason)
+ {
+ auth_ui_data *ui_data = cbdata;
+- char fingerprint[41];
+- char *certs_data;
+ int ret = 0;
+ cert_data *data;
++ char *certkey;
++ char *accepted_hash = NULL;
++#if OPENCONNECT_CHECK_VER(5,0)
++ const char *fingerprint = openconnect_get_peer_cert_hash(ui_data->vpninfo);
++#else
++ char fingerprint[41];
+
+ ret = openconnect_get_cert_sha1(ui_data->vpninfo, peer_cert, fingerprint);
+ if (ret)
+ return ret;
+
+- certs_data = g_hash_table_lookup (ui_data->secrets, "certsigs");
+- if (certs_data) {
+- char **certs = g_strsplit_set(certs_data, "\t", 0);
+- char **this = certs;
++#define openconnect_check_peer_cert_hash(v, h) strcmp(h, fingerprint)
++#define openconnect_get_peer_cert_details(v) openconnect_get_cert_details(v, peer_cert);
++#endif
+
+- while (*this) {
+- if (!strcmp(*this, fingerprint)) {
+- g_strfreev(certs);
+- goto out;
+- }
+- this++;
+- }
+- g_strfreev(certs);
+- }
++ certkey = g_strdup_printf ("certificate:%s:%d",
++ openconnect_get_hostname(ui_data->vpninfo),
++ openconnect_get_port(ui_data->vpninfo));
++
++ accepted_hash = g_hash_table_lookup (ui_data->secrets, certkey);
++ if (accepted_hash && !openconnect_check_peer_cert_hash(ui_data->vpninfo, accepted_hash))
++ goto accepted;
+
+ data = g_slice_new(cert_data);
+ data->ui_data = ui_data; /* FIXME uses global */
+- data->peer_cert = peer_cert;
++ data->cert_details = openconnect_get_peer_cert_details(ui_data->vpninfo);
+ data->reason = reason;
+
+ g_mutex_lock(&ui_data->form_mutex);
+@@ -813,27 +813,27 @@ static int validate_peer_cert(void *cbdata,
+ g_idle_add((GSourceFunc)user_validate_cert, data);
+
+ /* wait for user to accept or cancel */
+- while (ui_data->cert_response == CERT_USER_NOT_READY) {
++ while (ui_data->cert_response == CERT_USER_NOT_READY)
+ g_cond_wait(&ui_data->cert_response_changed, &ui_data->form_mutex);
+- }
+- if (ui_data->cert_response == CERT_ACCEPTED) {
+- if (certs_data) {
+- char *new = g_strdup_printf("%s\t%s", certs_data, fingerprint);
+- g_hash_table_insert (ui_data->secrets,
+- g_strdup ("certsigs"), new);
+- } else {
+- g_hash_table_insert (ui_data->secrets, g_strdup ("certsigs"),
+- g_strdup (fingerprint));
+- }
++
++ openconnect_free_cert_info(data->ui_data->vpninfo, data->cert_details);
++ g_slice_free(cert_data, data);
++
++ if (ui_data->cert_response == CERT_ACCEPTED)
+ ret = 0;
+- } else {
++ else
+ ret = -EINVAL;
+- }
++
+ g_mutex_unlock (&ui_data->form_mutex);
+
+- g_slice_free(cert_data, data);
++ accepted:
++ if (!ret) {
++ g_hash_table_insert (ui_data->secrets, certkey,
++ g_strdup(fingerprint));
++ certkey = NULL;
++ }
+
+- out:
++ g_free (certkey);
+ return ret;
+ }
+
+@@ -1196,7 +1196,7 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
+ gtk_widget_set_sensitive(ui_data->cancel_button, FALSE);
+ }
+ } else if (!ui_data->cookie_retval) {
+- OPENCONNECT_X509 *cert;
++ const void *cert;
+ gchar *key, *value;
+
+ /* got cookie */
+@@ -1218,14 +1218,22 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
+ g_hash_table_insert (ui_data->secrets, key, value);
+ openconnect_clear_cookie(ui_data->vpninfo);
+
++#if OPENCONNECT_CHECK_VER(5,0)
++ cert = openconnect_get_peer_cert_hash (ui_data->vpninfo);
++ if (cert) {
++ key = g_strdup (NM_OPENCONNECT_KEY_GWCERT);
++ value = g_strdup (cert);
++ g_hash_table_insert (ui_data->secrets, key, value);
++ }
++#else
+ cert = openconnect_get_peer_cert (ui_data->vpninfo);
+ if (cert) {
+ key = g_strdup (NM_OPENCONNECT_KEY_GWCERT);
+ value = g_malloc0 (41);
+- openconnect_get_cert_sha1(ui_data->vpninfo, cert, value);
++ openconnect_get_cert_sha1(ui_data->vpninfo, (void *)cert, value);
+ g_hash_table_insert (ui_data->secrets, key, value);
+ }
+-
++#endif
+ if (get_save_passwords(ui_data->secrets)) {
+ g_hash_table_foreach(ui_data->success_passwords,
+ keyring_store_passwords,
+--
+cgit v0.10.1
+
Deleted: networkmanager-openconnect.install
===================================================================
--- networkmanager-openconnect.install 2015-01-01 00:26:43 UTC (rev 228268)
+++ networkmanager-openconnect.install 2015-01-01 00:28:59 UTC (rev 228269)
@@ -1,16 +0,0 @@
-pkgname=networkmanager-openconnect
-
-post_install() {
- getent group nm-openconnect >/dev/null 2>&1 || groupadd -g 104 nm-openconnect
- getent passwd nm-openconnect > /dev/null 2>&1 || useradd -u 104 -s /sbin/nologin -d / -M -c 'NetworkManager user for OpenConnect' -g nm-openconnect nm-openconnect
- passwd -l nm-openconnect > /dev/null
-}
-
-post_upgrade() {
- post_install
-}
-
-post_remove() {
- getent passwd nm-openconnect >/dev/null 2>&1 && userdel nm-openconnect
- getent group nm-openconnect >/dev/null 2>&1 && groupdel nm-openconnect
-}
Copied: networkmanager-openconnect/repos/staging-x86_64/networkmanager-openconnect.install (from rev 228268, networkmanager-openconnect/trunk/networkmanager-openconnect.install)
===================================================================
--- networkmanager-openconnect.install (rev 0)
+++ networkmanager-openconnect.install 2015-01-01 00:28:59 UTC (rev 228269)
@@ -0,0 +1,16 @@
+pkgname=networkmanager-openconnect
+
+post_install() {
+ getent group nm-openconnect >/dev/null 2>&1 || groupadd -g 104 nm-openconnect
+ getent passwd nm-openconnect > /dev/null 2>&1 || useradd -u 104 -s /sbin/nologin -d / -M -c 'NetworkManager user for OpenConnect' -g nm-openconnect nm-openconnect
+ passwd -l nm-openconnect > /dev/null
+}
+
+post_upgrade() {
+ post_install
+}
+
+post_remove() {
+ getent passwd nm-openconnect >/dev/null 2>&1 && userdel nm-openconnect
+ getent group nm-openconnect >/dev/null 2>&1 && groupdel nm-openconnect
+}
More information about the arch-commits
mailing list