Date: Saturday, January 10, 2015 @ 22:10:31 Author: heftig Revision: 228898
1.0.0 Modified: networkmanager-openconnect/trunk/PKGBUILD Deleted: networkmanager-openconnect/trunk/libopenconnect.so.4.patch networkmanager-openconnect/trunk/libopenconnect.so.5.patch ---------------------------+ PKGBUILD | 14 --- libopenconnect.so.4.patch | 124 ----------------------------- libopenconnect.so.5.patch | 182 -------------------------------------------- 3 files changed, 4 insertions(+), 316 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2015-01-10 21:05:55 UTC (rev 228897) +++ PKGBUILD 2015-01-10 21:10:31 UTC (rev 228898) @@ -2,8 +2,8 @@ # Maintainer: Ionut Biru <ib...@archlinux.org> pkgname=networkmanager-openconnect -pkgver=0.9.10.0 -pkgrel=2 +pkgver=1.0.0 +pkgrel=1 pkgdesc="NetworkManager VPN integration for openconnect" arch=('i686' 'x86_64') license=('GPL') @@ -12,17 +12,11 @@ makedepends=('intltool') optdepends=('network-manager-applet: GNOME frontends to NetWorkmanager') install=$pkgname.install -source=(http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openconnect/0.9/NetworkManager-openconnect-${pkgver}.tar.xz - libopenconnect.so.4.patch - libopenconnect.so.5.patch) -sha256sums=('8007d70a6943388bfa141f99fc4da9965fd122cf2741512ce0cf9c0f9c78331a' - 'e2a84ac7467b5ffb20891946fd132f9d34012f17a4847ab7c7cde34cca3a9762' - '6b46edb11f96e0ad2b0fd39b11326b24520d9d2ff35a1d167a98c8bc5b7c6272') +source=(http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openconnect/${pkgver::3}/NetworkManager-openconnect-${pkgver}.tar.xz) +sha256sums=('06f322f8efe9b882b19dcaa4314049171fd38701e902f688cbdcacfd21d23f5f') prepare() { cd NetworkManager-openconnect-${pkgver} - patch -p1 -i ../libopenconnect.so.4.patch - patch -p1 -i ../libopenconnect.so.5.patch } build() { Deleted: libopenconnect.so.4.patch =================================================================== --- libopenconnect.so.4.patch 2015-01-10 21:05:55 UTC (rev 228897) +++ libopenconnect.so.4.patch 2015-01-10 21:10:31 UTC (rev 228898) @@ -1,124 +0,0 @@ -From 58944a3ef9c92f7afa07cbb539d062e1956bafc0 Mon Sep 17 00:00:00 2001 -From: David Woodhouse <david.woodho...@intel.com> -Date: Thu, 30 Oct 2014 23:09:14 +0000 -Subject: Support libopenconnect.so.4 - - -diff --git a/auth-dialog/main.c b/auth-dialog/main.c -index 7171247..8285bf4 100644 ---- a/auth-dialog/main.c -+++ b/auth-dialog/main.c -@@ -89,6 +89,21 @@ - #define OC_FORM_RESULT_NEWGROUP 2 - #endif - -+#if OPENCONNECT_CHECK_VER(4,0) -+#define dup_option_value(opt) g_strdup((opt)->_value); -+#define OC3DUP(x) (x) -+#define write_config_const const -+#else -+#define dup_option_value(opt) g_strdup((opt)->value); -+#define openconnect_set_option_value(opt, val) do { \ -+ struct oc_form_opt *_o = (opt); \ -+ free(_o->value); _o->value = g_strdup(val); \ -+ } while (0) -+#define openconnect_free_cert_info(v, x) free(x) -+#define OC3DUP(x) g_strdup(x) -+#define write_config_const /* */ -+#endif -+ - #ifdef OPENCONNECT_OPENSSL - #include <openssl/ssl.h> - #include <openssl/bio.h> -@@ -712,7 +727,7 @@ static gboolean ui_form (struct oc_auth_form *form) - data->entry_text = g_strdup (find_form_answer(ui_data->secrets, - form, opt)); - if (!data->entry_text) -- data->entry_text = g_strdup (opt->value); -+ data->entry_text = dup_option_value(opt); - } else { - GHashTable *attrs; - -@@ -776,8 +791,7 @@ static gboolean set_initial_authgroup (auth_ui_data *ui_data, struct oc_auth_for - for (i = 0; i < sopt->nr_choices; i++) { - struct oc_choice *ch = FORMCHOICE(sopt, i); - if (!strcmp(saved_group, ch->name) && i != AUTHGROUP_SELECTION(form)) { -- free(opt->value); -- opt->value = g_strdup(saved_group); -+ openconnect_set_option_value(opt, saved_group); - return TRUE; - } - } -@@ -823,7 +837,7 @@ static int nm_process_auth_form (void *cbdata, struct oc_auth_form *form) - g_cancellable_cancel(data->cancel); - - if (data->entry_text) { -- data->opt->value = g_strdup (data->entry_text); -+ openconnect_set_option_value(data->opt, data->entry_text); - - if (data->opt->type == OC_FORM_OPT_TEXT || - data->opt->type == OC_FORM_OPT_SELECT) { -@@ -932,7 +946,7 @@ static gboolean user_validate_cert(cert_data *data) - text = gtk_text_view_new(); - buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text)); - gtk_text_buffer_set_text(buffer, details, -1); -- free(details); -+ openconnect_free_cert_info(data->ui_data->vpninfo, details); - gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0); - gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE); - gtk_container_add(GTK_CONTAINER(scroll), text); -@@ -1166,7 +1180,7 @@ static int get_config (GHashTable *options, GHashTable *secrets, - - cafile = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_CACERT); - if (cafile) -- openconnect_set_cafile(vpninfo, g_strdup (cafile)); -+ openconnect_set_cafile(vpninfo, OC3DUP (cafile)); - - csd = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_CSD_ENABLE); - if (csd && !strcmp(csd, "yes")) { -@@ -1176,16 +1190,16 @@ static int get_config (GHashTable *options, GHashTable *secrets, - if (csd_wrapper && !csd_wrapper[0]) - csd_wrapper = NULL; - -- openconnect_setup_csd(vpninfo, getuid(), 1, g_strdup (csd_wrapper)); -+ openconnect_setup_csd(vpninfo, getuid(), 1, OC3DUP (csd_wrapper)); - } - - proxy = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_PROXY); -- if (proxy && proxy[0] && openconnect_set_http_proxy(vpninfo, g_strdup (proxy))) -+ if (proxy && proxy[0] && openconnect_set_http_proxy(vpninfo, OC3DUP (proxy))) - return -EINVAL; - - cert = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_USERCERT); - sslkey = g_hash_table_lookup (options, NM_OPENCONNECT_KEY_PRIVKEY); -- openconnect_set_client_cert (vpninfo, g_strdup (cert), g_strdup (sslkey)); -+ openconnect_set_client_cert (vpninfo, OC3DUP (cert), OC3DUP (sslkey)); - - pem_passphrase_fsid = g_hash_table_lookup (options, - NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID); -@@ -1245,7 +1259,7 @@ static int update_token(void *cbdata, const char *tok) - } - #endif - --static int write_new_config(void *cbdata, char *buf, int buflen) -+static int write_new_config(void *cbdata, write_config_const char *buf, int buflen) - { - auth_ui_data *ui_data = cbdata; - g_hash_table_insert (ui_data->secrets, g_strdup ("xmlconfig"), -@@ -1472,11 +1486,11 @@ static void connect_host(auth_ui_data *ui_data) - if (openconnect_parse_url(ui_data->vpninfo, host->hostaddress)) { - fprintf(stderr, "Failed to parse server URL '%s'\n", - host->hostaddress); -- openconnect_set_hostname (ui_data->vpninfo, g_strdup(host->hostaddress)); -+ openconnect_set_hostname (ui_data->vpninfo, OC3DUP (host->hostaddress)); - } - - if (!openconnect_get_urlpath(ui_data->vpninfo) && host->usergroup) -- openconnect_set_urlpath(ui_data->vpninfo, g_strdup(host->usergroup)); -+ openconnect_set_urlpath(ui_data->vpninfo, OC3DUP (host->usergroup)); - - - g_hash_table_insert (ui_data->success_secrets, g_strdup("lasthost"), --- -cgit v0.10.1 - Deleted: libopenconnect.so.5.patch =================================================================== --- libopenconnect.so.5.patch 2015-01-10 21:05:55 UTC (rev 228897) +++ libopenconnect.so.5.patch 2015-01-10 21:10:31 UTC (rev 228898) @@ -1,182 +0,0 @@ -From 2dc45e25b200e1b70e862f46c9f7ad652e59c8a2 Mon Sep 17 00:00:00 2001 -From: David Woodhouse <david.woodho...@intel.com> -Date: Mon, 3 Nov 2014 17:39:43 +0000 -Subject: Update to new hash handling, fix to match stored certs only for the - same host/port - - -diff --git a/auth-dialog/main.c b/auth-dialog/main.c -index df0146c..38f3a8f 100644 ---- a/auth-dialog/main.c -+++ b/auth-dialog/main.c -@@ -694,7 +694,7 @@ static char* get_title(const char *vpn_name) - - typedef struct cert_data { - auth_ui_data *ui_data; -- OPENCONNECT_X509 *peer_cert; -+ char *cert_details; - const char *reason; - } cert_data; - -@@ -722,13 +722,10 @@ static gboolean user_validate_cert(cert_data *data) - { - auth_ui_data *ui_data = _ui_data; /* FIXME global */ - char *title; -- char *details; - GtkWidget *dlg, *text, *scroll; - GtkTextBuffer *buffer; - int result; - -- details = openconnect_get_cert_details(ui_data->vpninfo, data->peer_cert); -- - title = get_title(data->ui_data->vpn_name); - dlg = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_QUESTION, - GTK_BUTTONS_OK_CANCEL, -@@ -751,8 +748,7 @@ static gboolean user_validate_cert(cert_data *data) - - text = gtk_text_view_new(); - buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text)); -- gtk_text_buffer_set_text(buffer, details, -1); -- openconnect_free_cert_info(data->ui_data->vpninfo, details); -+ gtk_text_buffer_set_text(buffer, data->cert_details, -1); - gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0); - gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE); - gtk_container_add(GTK_CONTAINER(scroll), text); -@@ -775,36 +771,40 @@ static gboolean user_validate_cert(cert_data *data) - - /* runs in worker thread */ - static int validate_peer_cert(void *cbdata, -- OPENCONNECT_X509 *peer_cert, const char *reason) -+#if !OPENCONNECT_CHECK_VER(5,0) -+ OPENCONNECT_X509 *peer_cert, -+#endif -+ const char *reason) - { - auth_ui_data *ui_data = cbdata; -- char fingerprint[41]; -- char *certs_data; - int ret = 0; - cert_data *data; -+ char *certkey; -+ char *accepted_hash = NULL; -+#if OPENCONNECT_CHECK_VER(5,0) -+ const char *fingerprint = openconnect_get_peer_cert_hash(ui_data->vpninfo); -+#else -+ char fingerprint[41]; - - ret = openconnect_get_cert_sha1(ui_data->vpninfo, peer_cert, fingerprint); - if (ret) - return ret; - -- certs_data = g_hash_table_lookup (ui_data->secrets, "certsigs"); -- if (certs_data) { -- char **certs = g_strsplit_set(certs_data, "\t", 0); -- char **this = certs; -+#define openconnect_check_peer_cert_hash(v, h) strcmp(h, fingerprint) -+#define openconnect_get_peer_cert_details(v) openconnect_get_cert_details(v, peer_cert); -+#endif - -- while (*this) { -- if (!strcmp(*this, fingerprint)) { -- g_strfreev(certs); -- goto out; -- } -- this++; -- } -- g_strfreev(certs); -- } -+ certkey = g_strdup_printf ("certificate:%s:%d", -+ openconnect_get_hostname(ui_data->vpninfo), -+ openconnect_get_port(ui_data->vpninfo)); -+ -+ accepted_hash = g_hash_table_lookup (ui_data->secrets, certkey); -+ if (accepted_hash && !openconnect_check_peer_cert_hash(ui_data->vpninfo, accepted_hash)) -+ goto accepted; - - data = g_slice_new(cert_data); - data->ui_data = ui_data; /* FIXME uses global */ -- data->peer_cert = peer_cert; -+ data->cert_details = openconnect_get_peer_cert_details(ui_data->vpninfo); - data->reason = reason; - - g_mutex_lock(&ui_data->form_mutex); -@@ -813,27 +813,27 @@ static int validate_peer_cert(void *cbdata, - g_idle_add((GSourceFunc)user_validate_cert, data); - - /* wait for user to accept or cancel */ -- while (ui_data->cert_response == CERT_USER_NOT_READY) { -+ while (ui_data->cert_response == CERT_USER_NOT_READY) - g_cond_wait(&ui_data->cert_response_changed, &ui_data->form_mutex); -- } -- if (ui_data->cert_response == CERT_ACCEPTED) { -- if (certs_data) { -- char *new = g_strdup_printf("%s\t%s", certs_data, fingerprint); -- g_hash_table_insert (ui_data->secrets, -- g_strdup ("certsigs"), new); -- } else { -- g_hash_table_insert (ui_data->secrets, g_strdup ("certsigs"), -- g_strdup (fingerprint)); -- } -+ -+ openconnect_free_cert_info(data->ui_data->vpninfo, data->cert_details); -+ g_slice_free(cert_data, data); -+ -+ if (ui_data->cert_response == CERT_ACCEPTED) - ret = 0; -- } else { -+ else - ret = -EINVAL; -- } -+ - g_mutex_unlock (&ui_data->form_mutex); - -- g_slice_free(cert_data, data); -+ accepted: -+ if (!ret) { -+ g_hash_table_insert (ui_data->secrets, certkey, -+ g_strdup(fingerprint)); -+ certkey = NULL; -+ } - -- out: -+ g_free (certkey); - return ret; - } - -@@ -1196,7 +1196,7 @@ static gboolean cookie_obtained(auth_ui_data *ui_data) - gtk_widget_set_sensitive(ui_data->cancel_button, FALSE); - } - } else if (!ui_data->cookie_retval) { -- OPENCONNECT_X509 *cert; -+ const void *cert; - gchar *key, *value; - - /* got cookie */ -@@ -1218,14 +1218,22 @@ static gboolean cookie_obtained(auth_ui_data *ui_data) - g_hash_table_insert (ui_data->secrets, key, value); - openconnect_clear_cookie(ui_data->vpninfo); - -+#if OPENCONNECT_CHECK_VER(5,0) -+ cert = openconnect_get_peer_cert_hash (ui_data->vpninfo); -+ if (cert) { -+ key = g_strdup (NM_OPENCONNECT_KEY_GWCERT); -+ value = g_strdup (cert); -+ g_hash_table_insert (ui_data->secrets, key, value); -+ } -+#else - cert = openconnect_get_peer_cert (ui_data->vpninfo); - if (cert) { - key = g_strdup (NM_OPENCONNECT_KEY_GWCERT); - value = g_malloc0 (41); -- openconnect_get_cert_sha1(ui_data->vpninfo, cert, value); -+ openconnect_get_cert_sha1(ui_data->vpninfo, (void *)cert, value); - g_hash_table_insert (ui_data->secrets, key, value); - } -- -+#endif - if (get_save_passwords(ui_data->secrets)) { - g_hash_table_foreach(ui_data->success_passwords, - keyring_store_passwords, --- -cgit v0.10.1 -