[arch-commits] Commit in networkmanager-openvpn/trunk (PKGBUILD reneg-sec.patch)
Jan Steffens
heftig at archlinux.org
Sun Jul 12 16:58:16 UTC 2015
Date: Sunday, July 12, 2015 @ 18:58:16
Author: heftig
Revision: 242149
FS#44875 reneg-sec
Added:
networkmanager-openvpn/trunk/reneg-sec.patch
Modified:
networkmanager-openvpn/trunk/PKGBUILD
-----------------+
PKGBUILD | 13 ++++++++++---
reneg-sec.patch | 46 ++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 56 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2015-07-12 16:56:05 UTC (rev 242148)
+++ PKGBUILD 2015-07-12 16:58:16 UTC (rev 242149)
@@ -3,7 +3,7 @@
pkgname=networkmanager-openvpn
pkgver=1.0.2
-pkgrel=1
+pkgrel=2
pkgdesc="NetworkManager VPN plugin for OpenVPN"
arch=('i686' 'x86_64')
license=('GPL')
@@ -12,9 +12,16 @@
makedepends=('intltool')
optdepends=('network-manager-applet: GNOME frontends to NetWorkmanager')
install=networkmanager-openvpn.install
-source=(http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openvpn/${pkgver::3}/NetworkManager-openvpn-${pkgver}.tar.xz)
-sha256sums=('1643824bc7fdab42e1dab836bf81c328692295c86f146bde602eca093b394bb0')
+source=(http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openvpn/${pkgver::3}/NetworkManager-openvpn-${pkgver}.tar.xz
+ reneg-sec.patch)
+sha256sums=('1643824bc7fdab42e1dab836bf81c328692295c86f146bde602eca093b394bb0'
+ '872a570d733de9553171ea61dd641c47af8dbab8fd0e791b6bc41149f959127e')
+prepare() {
+ cd NetworkManager-openvpn-${pkgver}
+ patch -Np1 -i ../reneg-sec.patch
+}
+
build() {
cd NetworkManager-openvpn-${pkgver}
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
Added: reneg-sec.patch
===================================================================
--- reneg-sec.patch (rev 0)
+++ reneg-sec.patch 2015-07-12 16:58:16 UTC (rev 242149)
@@ -0,0 +1,46 @@
+From 0fd197dc4221708dd37ee256952e8d080356676e Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller at redhat.com>
+Date: Wed, 27 May 2015 10:47:49 +0200
+Subject: service: only set reneg-sec option in TLS mode
+
+Fixes: bfc4464c9b6d7a00be013eee9a4132a1f9c6fbb9
+
+https://bugzilla.gnome.org/show_bug.cgi?id=749050
+https://bugzilla.redhat.com/show_bug.cgi?id=1225218
+
+(cherry picked from commit 7f9031dbaee3059ea072fb2497563aee6acf8da0)
+
+diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c
+index 7cb9438..0a4d5bf 100644
+--- a/src/nm-openvpn-service.c
++++ b/src/nm-openvpn-service.c
+@@ -733,6 +733,14 @@ validate_connection_type (const char *ctype)
+ return NULL;
+ }
+
++static gboolean
++connection_type_is_tls_mode (const char *connection_type)
++{
++ return strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS) == 0
++ || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD) == 0
++ || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS) == 0;
++}
++
+ static const char *
+ nm_find_openvpn (void)
+ {
+@@ -1108,7 +1116,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
+
+ /* Reneg seconds */
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS);
+- if (tmp && strlen (tmp)) {
++ if (!connection_type_is_tls_mode (connection_type)) {
++ /* Ignore --reneg-sec option if we are not in TLS mode (as enabled
++ * by --client below). openvpn will error out otherwise, see bgo#749050. */
++ } else if (tmp && strlen (tmp)) {
+ add_openvpn_arg (args, "--reneg-sec");
+ if (!add_openvpn_arg_int (args, tmp)) {
+ g_set_error (error,
+--
+cgit v0.10.2
+
More information about the arch-commits
mailing list