From 4e232f81837494a483a357c6c00f1b3fc153115d Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse@intel.com>
Date: Sat, 16 Jun 2012 22:42:36 +0100
Subject: [PATCH] Update to what is almost the final 4.00 release, enable v1
 library on <= f17

---
 .gitignore           |  1 +
 libopenconnect15.map | 51 ++++++++++++++++++++++++++++
 library15.c          | 33 ++++++++++++++++++
 openconnect.spec     | 79 +++++++++++++++++++++++++++++++++++++++-----
 sources              |  2 +-
 5 files changed, 157 insertions(+), 9 deletions(-)
 create mode 100644 libopenconnect15.map
 create mode 100644 library15.c

diff --git a/.gitignore b/.gitignore
index a91f548..f907def 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,4 @@ openconnect-2.25.tar.gz
 /openconnect-3.19.tar.gz
 /openconnect-3.20.tar.gz
 /openconnect-3.99.tar.gz
+/openconnect-3.99-26-gb40dcae.tar.gz
diff --git a/libopenconnect15.map b/libopenconnect15.map
new file mode 100644
index 0000000..39e5f31
--- /dev/null
+++ b/libopenconnect15.map
@@ -0,0 +1,51 @@
+OPENCONNECT_1.0 {
+ global: 
+	openconnect_clear_cookie;
+	openconnect_get_cert_sha1;
+	openconnect_get_cookie;
+	openconnect_get_hostname;
+	openconnect_get_peer_cert;
+	openconnect_get_port;
+	openconnect_get_urlpath;
+	openconnect_get_version;
+	openconnect_init_openssl;
+	openconnect_obtain_cookie;
+	openconnect_parse_url;
+	openconnect_passphrase_from_fsid;
+	openconnect_reset_ssl;
+	openconnect_set_cafile;
+	openconnect_set_client_cert;
+	openconnect_set_hostname;
+	openconnect_set_http_proxy;
+	openconnect_setup_csd;
+	openconnect_set_urlpath;
+	openconnect_set_xmlsha1;
+	openconnect_vpninfo_new;
+ local:
+	*;
+};
+OPENCONNECT_1.1 {
+ global:
+	openconnect_vpninfo_free;
+} OPENCONNECT_1.0;
+
+OPENCONNECT_1.2 {
+ global:
+	openconnect_vpninfo_new_with_cbdata;
+} OPENCONNECT_1.1;
+
+OPENCONNECT_1.3 {
+ global:
+	openconnect_set_cert_expiry_warning;
+} OPENCONNECT_1.2;
+
+OPENCONNECT_1.4 {
+ global:
+	openconnect_set_cancel_fd;
+} OPENCONNECT_1.3;
+
+OPENCONNECT_1.5 {
+ global:
+	openconnect_get_cert_details;
+	openconnect_get_cert_DER;
+} OPENCONNECT_1.4;
diff --git a/library15.c b/library15.c
new file mode 100644
index 0000000..0496cdf
--- /dev/null
+++ b/library15.c
@@ -0,0 +1,33 @@
+#ifndef OPENCONNECT_OPENSSL
+#error Cannot pretend to be compatible if not building with OpenSSL
+#endif
+
+#define openconnect_vpninfo_new openconnect_vpninfo_new_with_cbdata
+#include "library.c"
+#undef openconnect_vpninfo_new
+
+struct openconnect_info *
+openconnect_vpninfo_new (char *useragent,
+			 openconnect_validate_peer_cert_vfn validate_peer_cert,
+			 openconnect_write_new_config_vfn write_new_config,
+			 openconnect_process_auth_form_vfn process_auth_form,
+			 openconnect_progress_vfn progress);
+struct openconnect_info *
+openconnect_vpninfo_new (char *useragent,
+			 openconnect_validate_peer_cert_vfn validate_peer_cert,
+			 openconnect_write_new_config_vfn write_new_config,
+			 openconnect_process_auth_form_vfn process_auth_form,
+			 openconnect_progress_vfn progress)
+{
+	return openconnect_vpninfo_new_with_cbdata(useragent,
+						   validate_peer_cert,
+						   write_new_config,
+						   process_auth_form,
+						   progress, NULL);
+}
+
+void openconnect_init_openssl(void);
+void openconnect_init_openssl(void)
+{
+	openconnect_init_ssl();
+}
diff --git a/openconnect.spec b/openconnect.spec
index 0f39098..1443114 100644
--- a/openconnect.spec
+++ b/openconnect.spec
@@ -1,20 +1,31 @@
+# For Fedora 17 and below, for now, build a compat libopenconnect.so.1 with OpenSSL so
+# that the upgrade path is easier.
+%if 0%fedora < 18
+%define build_compat_lib 1
+%else
+%define build_compat_lib 0
+%endif
+
 Name:		openconnect
 Version:	3.99
-Release:	4%{?dist}
+Release:	5%{?dist}
 Summary:	Open client for Cisco AnyConnect VPN
 
 Group:		Applications/Internet
 License:	LGPLv2+
 URL:		http://www.infradead.org/openconnect.html
-Source0:	ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz
-Patch1:		0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch
+# git reset --hard b40dcae ; make tmp-dist
+Source0:	ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}-26-gb40dcae.tar.gz
+Source1:	library15.c
+Source2:	libopenconnect15.map
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 BuildRequires:	openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel
-BuildRequires:	libproxy-devel python gettext pkgconfig(gnutls) >= 2.12.16
-BuildRequires:	autoconf automake libtool
+BuildRequires:	libproxy-devel python gettext gnutls-devel >= 2.12.14-3
+BuildRequires:	autoconf automake libtool trousers-devel
 Requires:	vpnc-script
 Requires:	openssl >= 0.9.8k-4
+Requires:	gnutls >= 2.12.14-3
 # Older versions of NetworkManager-openconnect won't find openconnect in /usr/sbin
 Conflicts:	NetworkManager-openconnect < 0.9.0-3
 
@@ -32,20 +43,64 @@ This package provides the core HTTP and authentication support from
 the OpenConnect VPN client, to be used by GUI authentication dialogs
 for NetworkManager etc.
 
+%package lib-compat
+Summary: Compatibility library for OpenConnect authentication clients
+Group: Applications/Internet
+Requires: %{name} = %{version}-%{release}
+
+%description lib-compat
+This package provides a backward-compatible library for use by GNOME and KDE
+NetworkManager clients which have not yet been rebuilt to use the new version
+of the library.
+
 %prep
-%setup -q
-%patch1 -p1
-autoreconf
+%setup -q -n openconnect-3.99-26-gb40dcae
+%if %{build_compat_lib}
+cp %{SOURCE1} .
+cp %{SOURCE2} libopenconnect15.map.in
+# In Fedora 16 we fixed the gnutls_record_get_direction() bug without upgrading
+sed 's/2\.12\.16/2.12.14/' -i configure
+touch version.c
+%endif
 
 %build
+%global _configure ../configure
+%if %{build_compat_lib}
+mkdir compat
+cd compat
+%configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version}
+# Hack: Build with library15.c instead of library.c and use the old version
+# script and soname.
+sed -e 's/library\./library15./g' \
+    -e 's/libopenconnect.map/libopenconnect15.map/g' \
+    -e 's/-version-number 2:0/-version-number 1:5/g' \
+    Makefile > Makefile.lib15
+# We configure with --disable-dependency-tracking so we do not need this:
+# cp .deps/libopenconnect_la-library.Plo .deps/libopenconnect_la-library2.Plo
+
+# Do not let it rebuild the symbol map that we provided
+cp %{SOURCE2} .
+make -f Makefile.lib15 libopenconnect.la
+
+cd ..
+%endif
+mkdir gnutls
+cd gnutls
 %configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} --with-gnutls
 make %{?_smp_mflags}
 
 
 %install
 rm -rf $RPM_BUILD_ROOT
+%if %{build_compat_lib}
+mkdir -p $RPM_BUILD_ROOT/%{_libdir}
+install -m0755 compat/.libs/libopenconnect.so.1.5.0 ${RPM_BUILD_ROOT}/%{_libdir}
+ln -sf libopenconnect.so.1.5.0 ${RPM_BUILD_ROOT}/%{_libdir}/libopenconnect.so.1
+%endif
+cd gnutls
 %make_install
 rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la
+cd ..
 %find_lang %{name}
 
 %clean
@@ -62,6 +117,11 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/*
 %doc TODO COPYING.LGPL
 
+%if %{build_compat_lib}
+%files lib-compat
+%{_libdir}/libopenconnect.so.1*
+%endif
+
 %files devel
 %defattr(-,root,root,-)
 %{_libdir}/libopenconnect.so
@@ -69,6 +129,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/openconnect.pc
 
 %changelog
+* Sat Jun 16 2012 David Woodhouse <David.Woodhouse@intel.com> - 3.99-5
+- Enable building compatibility libopenconnect.so.1
+
 * Thu Jun 14 2012 David Woodhouse <David.Woodhouse@intel.com> - 3.99-4
 - Last patch needs autoreconf
 
diff --git a/sources b/sources
index a4a0cd9..007ed63 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-5b71a825b5e13a2ffab72971cdb92ce9  openconnect-3.99.tar.gz
+88b8fe7f32f2164c938a20e1a7765c26  openconnect-3.99-26-gb40dcae.tar.gz