rpms
/
openconnect
20
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add upstreamed version of no-curve patch

Browse Source
f38
David Woodhouse 10 years ago
parent 186eca2a3b
commit 9d8e88fc42
3 changed files with 37 additions and 23 deletions
Show Stats Download Patch File Download Diff File

32
0001-When-compiling-with-old-gnutls-version-completely-di.patch
Unescape View File

@ -0,0 +1,32 @@
From eb34177f1db31df3276b3d5ae1207390b1bb1edf Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 27 Nov 2014 16:24:08 +0000
Subject: [PATCH] When compiling with old gnutls version completely disable
ECDHE instead of disabling the curves
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
---
gnutls.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gnutls.c b/gnutls.c
index e4fcfb7..feb1b27 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -1971,7 +1971,7 @@ static int verify_peer(gnutls_session_t session)
# define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \
"%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION"
# if GNUTLS_VERSION_MAJOR >= 3
-# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL"
+# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA"
#else
# define DEFAULT_PRIO _DEFAULT_PRIO
# endif
--
2.1.0
--- ./version.c.orig 2014-11-27 16:39:58.924714506 +0000
+++ ./version.c 2014-11-27 16:40:00.648735281 +0000
@@ -1 +1 @@
-const char *openconnect_version_str = "v7.00";
+const char *openconnect_version_str = "v7.00-1-geb34177";

21
openconnect-6.00-no-ecdhe.patch
Unescape View File

@ -1,21 +0,0 @@
diff --git a/gnutls.c b/gnutls.c
index 13fb36c..1c1921f 100644
--- a/gnutls.c
+++ b/gnutls.c
@@ -1854,7 +1854,7 @@ static int verify_peer(gnutls_session_t session)
# define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \
"%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION"
# if GNUTLS_VERSION_MAJOR >= 3
-# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL"
+# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA"
#else
# define DEFAULT_PRIO _DEFAULT_PRIO
# endif
@@ -1983,7 +1983,6 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
} else {
prio = DEFAULT_PRIO;
}
-
err = gnutls_priority_set_direct(vpninfo->https_sess,
prio, NULL);
if (err) {

7
openconnect.spec
Unescape View File

@ -13,14 +13,14 @@
Name: openconnect
Version: 7.00
Release: 1%{?dist}
Release: 2%{?dist}
Summary: Open client for Cisco AnyConnect VPN
Group: Applications/Internet
License: LGPLv2+
URL: http://www.infradead.org/openconnect.html
Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz
Patch0: openconnect-6.00-no-ecdhe.patch
Patch0: 0001-When-compiling-with-old-gnutls-version-completely-di.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0)
@ -101,6 +101,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/pkgconfig/openconnect.pc
%changelog
* Thu Nov 27 2014 David Woodhouse <David.Woodhouse@intel.com> - 7.00-2
- Add upstreamed version of Nikos' curve patch with version.c fixed
* Thu Nov 27 2014 David Woodhouse <David.Woodhouse@intel.com> - 7.00-1
- Update to 7.00 release

Write Preview
Loading…
Cancel
Save