From c00f20c19723204eb1694db936d1df54c221972a Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 17 Dec 2008 22:06:29 +0000 Subject: [PATCH 001/184] Setup of module openconnect --- .cvsignore | 0 Makefile | 21 +++++++++++++++++++++ sources | 0 3 files changed, 21 insertions(+) create mode 100644 .cvsignore create mode 100644 Makefile create mode 100644 sources diff --git a/.cvsignore b/.cvsignore new file mode 100644 index 0000000..e69de29 diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..83bd77d --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ +# Makefile for source rpm: openconnect +# $Id$ +NAME := openconnect +SPECFILE = $(firstword $(wildcard *.spec)) + +define find-makefile-common +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +endef + +MAKEFILE_COMMON := $(shell $(find-makefile-common)) + +ifeq ($(MAKEFILE_COMMON),) +# attept a checkout +define checkout-makefile-common +test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 +endef + +MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) +endif + +include $(MAKEFILE_COMMON) diff --git a/sources b/sources new file mode 100644 index 0000000..e69de29 From 098609a3b86c1714fce5dcd3468d579b658d24af Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 18 Dec 2008 00:05:28 +0000 Subject: [PATCH 002/184] import for rawhide --- .cvsignore | 1 + openconnect.spec | 85 ++++++++++++++++++++++++++++++++++++++++++++++++ sources | 1 + 3 files changed, 87 insertions(+) create mode 100644 openconnect.spec diff --git a/.cvsignore b/.cvsignore index e69de29..73ba508 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1 @@ +openconnect-0.99.tar.gz diff --git a/openconnect.spec b/openconnect.spec new file mode 100644 index 0000000..e5ea764 --- /dev/null +++ b/openconnect.spec @@ -0,0 +1,85 @@ +Name: openconnect +Version: 0.99 +Release: 1%{?dist} +Summary: Open client for Cisco AnyConnect VPN + +Group: Applications/Internet +License: LGPLv2+ +URL: http://git.infradead.org/users/dwmw2/openconnect.git +Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel +Requires: vpnc + +%description +This package provides a client for Cisco's "AnyConnect" VPN, which uses +HTTPS and DTLS protocols. + +%prep +%setup -q + +%build +make %{?_smp_mflags} + + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8 +install -m0644 openconnect.8 $RPM_BUILD_ROOT/%{_mandir}/man8 + +%clean +rm -rf $RPM_BUILD_ROOT + + +%files +%defattr(-,root,root,-) +%{_bindir}/openconnect +%{_libexecdir}/nm-openconnect-auth-dialog +%{_mandir}/man8/* +%doc TODO COPYING.LGPL + + + +%changelog +* Tue Dec 16 2008 David Woodhouse - 0.99-1 +- Update to 0.99. +- Fix BuildRequires + +* Mon Nov 24 2008 David Woodhouse - 0.98-1 +- Update to 0.98. + +* Thu Nov 13 2008 David Woodhouse - 0.97-1 +- Update to 0.97. Add man page, validate server certs. + +* Tue Oct 28 2008 David Woodhouse - 0.96-1 +- Update to 0.96. Handle split-includes, MacOS port, more capable SecurID. + +* Thu Oct 09 2008 David Woodhouse - 0.95-1 +- Update to 0.95. A few bug fixes. + +* Thu Oct 09 2008 David Woodhouse - 0.94-3 +- Include COPYING.LGPL file + +* Mon Oct 07 2008 David Woodhouse - 0.94-2 +- Fix auth-dialog crash + +* Mon Oct 06 2008 David Woodhouse - 0.94-1 +- Take cookie on stdin so it's not visible in ps. +- Support running 'script' and passing traffic to it via a socket +- Fix abort when fetching XML config fails + +* Sun Oct 05 2008 David Woodhouse - 0.93-1 +- Work around unexpected disconnection (probably OpenSSL bug) +- Handle host list and report errors in NM auth dialog + +* Sun Oct 05 2008 David Woodhouse - 0.92-1 +- Rename to 'openconnect' +- Include NetworkManager auth helper + +* Thu Oct 02 2008 David Woodhouse - 0.91-1 +- Update to 0.91 + +* Thu Oct 02 2008 David Woodhouse - 0.90-1 +- First package diff --git a/sources b/sources index e69de29..316a9cc 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +5dbb4f92b31fc81d8b9a59083eb160f7 openconnect-0.99.tar.gz From 74ce13c382e294b518aef7e035a1fdf8a76656e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Sat, 17 Jan 2009 16:04:55 +0000 Subject: [PATCH 003/184] - rebuild with new openssl --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index e5ea764..6bbe527 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 0.99 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -43,6 +43,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Sat Jan 17 2009 Tomas Mraz - 0.99-2 +- rebuild with new openssl + * Tue Dec 16 2008 David Woodhouse - 0.99-1 - Update to 0.99. - Fix BuildRequires From c400f4c0ce2a3b9d3155f2ae47302c5542c1a2ae Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Thu, 26 Feb 2009 08:25:05 +0000 Subject: [PATCH 004/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 6bbe527..be371ad 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 0.99 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -43,6 +43,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Feb 26 2009 Fedora Release Engineering - 0.99-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + * Sat Jan 17 2009 Tomas Mraz - 0.99-2 - rebuild with new openssl From d2aa34d163134bce13a358503300cdf4495802cd Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 18 Mar 2009 15:37:44 +0000 Subject: [PATCH 005/184] OpenConnect 1.00 --- .cvsignore | 2 +- openconnect.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.cvsignore b/.cvsignore index 73ba508..235e866 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-0.99.tar.gz +openconnect-1.00.tar.gz diff --git a/openconnect.spec b/openconnect.spec index be371ad..8464c75 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect -Version: 0.99 -Release: 3%{?dist} +Version: 1.00 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -43,6 +43,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Mar 18 2009 David Woodhouse - 1.00-1 +- Update to 1.00. + * Thu Feb 26 2009 Fedora Release Engineering - 0.99-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild diff --git a/sources b/sources index 316a9cc..137a0c7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5dbb4f92b31fc81d8b9a59083eb160f7 openconnect-0.99.tar.gz +e94aafa77f6ee00ace49c8568b251ab3 openconnect-1.00.tar.gz From 50c8e7c4a656efd1214521dcd28f2256f925599e Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 1 Apr 2009 14:39:59 +0000 Subject: [PATCH 006/184] Update to 1.10. UI improvements, support UserGroups --- .cvsignore | 2 +- openconnect.spec | 8 +++++++- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index 235e866..00d9df9 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-1.00.tar.gz +openconnect-1.10.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 8464c75..c7f944a 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 1.00 +Version: 1.10 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -11,6 +11,9 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel Requires: vpnc +# The "lasthost" and "autoconnect" gconf keys will cause older versions of +# NetworkManager-openconnect to barf +Conflicts: NetworkManager-openconnect < 0.7.0.99-2 %description This package provides a client for Cisco's "AnyConnect" VPN, which uses @@ -43,6 +46,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Apr 1 2009 David Woodhouse - 1.10-1 +- Update to 1.10. + * Wed Mar 18 2009 David Woodhouse - 1.00-1 - Update to 1.00. diff --git a/sources b/sources index 137a0c7..6b6439c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e94aafa77f6ee00ace49c8568b251ab3 openconnect-1.00.tar.gz +cf6f8c34b682b980fe86a1395373b18f openconnect-1.10.tar.gz From 4cbd776d8758ecdcad2457a8b8306a6503c878cd Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 21 Apr 2009 14:45:30 +0000 Subject: [PATCH 007/184] require DTLS-fixed openssl --- openconnect.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index c7f944a..ea6cd2f 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 1.10 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -11,6 +11,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel Requires: vpnc +Requires: openssl >= 0.9.8k-4 # The "lasthost" and "autoconnect" gconf keys will cause older versions of # NetworkManager-openconnect to barf Conflicts: NetworkManager-openconnect < 0.7.0.99-2 @@ -46,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Tue Apr 21 2009 David Woodhouse - 1.10-2 +- Require openssl0.9.8k-4, which has all required DTLS patches. + * Wed Apr 1 2009 David Woodhouse - 1.10-1 - Update to 1.10. From 7d9cf86d9db96e5e27dff3122fa3b97fa78c1eab Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 8 May 2009 18:58:51 +0000 Subject: [PATCH 008/184] Update to 1.20 --- .cvsignore | 2 +- openconnect.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.cvsignore b/.cvsignore index 00d9df9..ac52fe7 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-1.10.tar.gz +openconnect-1.20.tar.gz diff --git a/openconnect.spec b/openconnect.spec index ea6cd2f..82c3a62 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect -Version: 1.10 -Release: 2%{?dist} +Version: 1.20 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -47,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri May 8 2009 David Woodhouse - 1.20-1 +- Update to 1.20. + * Tue Apr 21 2009 David Woodhouse - 1.10-2 - Require openssl0.9.8k-4, which has all required DTLS patches. diff --git a/sources b/sources index 6b6439c..88e3558 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -cf6f8c34b682b980fe86a1395373b18f openconnect-1.10.tar.gz +4f7b6fe41163765de9b68622aef6d888 openconnect-1.20.tar.gz From 4af5f357dad72ef15a16b55384d42cf2823d85f5 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 9 May 2009 14:40:49 +0000 Subject: [PATCH 009/184] update URL --- openconnect.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 82c3a62..ccc3ce5 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -5,7 +5,7 @@ Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet License: LGPLv2+ -URL: http://git.infradead.org/users/dwmw2/openconnect.git +URL: http://www.infradead.org/openconnect.html Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) From c5799a02166b10cfa256b45d2c32e17e573cb91b Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 13 May 2009 13:01:31 +0000 Subject: [PATCH 010/184] 1.30 --- .cvsignore | 2 +- openconnect.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.cvsignore b/.cvsignore index ac52fe7..458cb5f 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-1.20.tar.gz +openconnect-1.30.tar.gz diff --git a/openconnect.spec b/openconnect.spec index ccc3ce5..2e2cfde 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 1.20 +Version: 1.30 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -14,7 +14,7 @@ Requires: vpnc Requires: openssl >= 0.9.8k-4 # The "lasthost" and "autoconnect" gconf keys will cause older versions of # NetworkManager-openconnect to barf -Conflicts: NetworkManager-openconnect < 0.7.0.99-2 +Conflicts: NetworkManager-openconnect < 0.7.0.99-3 %description This package provides a client for Cisco's "AnyConnect" VPN, which uses @@ -42,11 +42,14 @@ rm -rf $RPM_BUILD_ROOT %{_bindir}/openconnect %{_libexecdir}/nm-openconnect-auth-dialog %{_mandir}/man8/* -%doc TODO COPYING.LGPL +%doc TODO COPYING.LGPL openconnect.html %changelog +* Fri May 8 2009 David Woodhouse - 1.20-2 +- Update to 1.30. + * Fri May 8 2009 David Woodhouse - 1.20-1 - Update to 1.20. diff --git a/sources b/sources index 88e3558..3c20f2c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -4f7b6fe41163765de9b68622aef6d888 openconnect-1.20.tar.gz +6a0186654d04f52aba9b14ecb416da8a openconnect-1.30.tar.gz From 467162b1dfe88bcc358bca5ab6e14ae2f2122250 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 13 May 2009 13:07:09 +0000 Subject: [PATCH 011/184] fix changelog --- openconnect.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 2e2cfde..2ad6069 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -47,7 +47,7 @@ rm -rf $RPM_BUILD_ROOT %changelog -* Fri May 8 2009 David Woodhouse - 1.20-2 +* Wed May 13 2009 David Woodhouse - 1.30-1 - Update to 1.30. * Fri May 8 2009 David Woodhouse - 1.20-1 From 10430ee6491ed918dcbc21164ab4c78239c7dbb3 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 27 May 2009 13:06:16 +0000 Subject: [PATCH 012/184] 1.40 --- .cvsignore | 2 +- openconnect.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.cvsignore b/.cvsignore index 458cb5f..f0bed35 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-1.30.tar.gz +openconnect-1.40.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 2ad6069..8f3610a 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 1.30 +Version: 1.40 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -13,8 +13,8 @@ BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel Requires: vpnc Requires: openssl >= 0.9.8k-4 # The "lasthost" and "autoconnect" gconf keys will cause older versions of -# NetworkManager-openconnect to barf -Conflicts: NetworkManager-openconnect < 0.7.0.99-3 +# NetworkManager-openconnect to barf. As will the 'gwcert' secret. +Conflicts: NetworkManager-openconnect < 0.7.0.99-4 %description This package provides a client for Cisco's "AnyConnect" VPN, which uses @@ -47,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed May 27 2009 David Woodhouse - 1.40-1 +- Update to 1.40. + * Wed May 13 2009 David Woodhouse - 1.30-1 - Update to 1.30. diff --git a/sources b/sources index 3c20f2c..cb1952f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -6a0186654d04f52aba9b14ecb416da8a openconnect-1.30.tar.gz +0d82ef724125a26fc8da2981590f56e7 openconnect-1.40.tar.gz From e2119f4a9f54527ce1733c9fae2ee8f7f1832d4c Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 3 Jun 2009 12:10:50 +0000 Subject: [PATCH 013/184] update to 2.00 --- .cvsignore | 2 +- openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index f0bed35..89fd6c3 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-1.40.tar.gz +openconnect-2.00.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 8f3610a..b5132d0 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 1.40 +Version: 2.00 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -47,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Jun 3 2009 David Woodhouse - 2.00-1 +- Update to 2.00. + * Wed May 27 2009 David Woodhouse - 1.40-1 - Update to 1.40. diff --git a/sources b/sources index cb1952f..4e6b84f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -0d82ef724125a26fc8da2981590f56e7 openconnect-1.40.tar.gz +a51aa4b05d0cc14b1d1c35b8f57f04fa openconnect-2.00.tar.gz From 19b8ee154d4c54449aaf933631e283da68e5f636 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 24 Jun 2009 17:39:11 +0000 Subject: [PATCH 014/184] --- .cvsignore | 2 +- openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index 89fd6c3..02d9c66 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-2.00.tar.gz +openconnect-2.01.tar.gz diff --git a/openconnect.spec b/openconnect.spec index b5132d0..741cba0 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 2.00 +Version: 2.01 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -47,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Jun 24 2009 David Woodhouse - 2.01-1 +- Update to 2.01. + * Wed Jun 3 2009 David Woodhouse - 2.00-1 - Update to 2.00. diff --git a/sources b/sources index 4e6b84f..1161d5c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a51aa4b05d0cc14b1d1c35b8f57f04fa openconnect-2.00.tar.gz +8fa1f0883c136800dbb992e64a2d579e openconnect-2.01.tar.gz From 3eb372e13f59cd56cfc8754c2ee9af8282fdc0d7 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Sat, 25 Jul 2009 20:45:59 +0000 Subject: [PATCH 015/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 741cba0..a3adb91 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 2.01 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -47,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Sat Jul 25 2009 Fedora Release Engineering - 2.01-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + * Wed Jun 24 2009 David Woodhouse - 2.01-1 - Update to 2.01. From 0c803cd6d2c3835d5b3bc55c6b59f8d71095ab2f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= Date: Fri, 21 Aug 2009 14:50:53 +0000 Subject: [PATCH 016/184] - rebuilt with new openssl --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index a3adb91..8dc5c74 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 2.01 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -47,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Aug 21 2009 Tomas Mraz - 2.01-3 +- rebuilt with new openssl + * Sat Jul 25 2009 Fedora Release Engineering - 2.01-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild From e7c3f96b69bfc2dd6b865a845fe95930f979ed0c Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 4 Nov 2009 09:44:25 +0000 Subject: [PATCH 017/184] 2.10. Close down session properly on disconnect, reconnect when TCP closes unexpectedly --- .cvsignore | 2 +- openconnect.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/.cvsignore b/.cvsignore index 02d9c66..e2580ec 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-2.01.tar.gz +openconnect-2.10.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 8dc5c74..8e49d85 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect -Version: 2.01 -Release: 3%{?dist} +Version: 2.10 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -10,7 +10,7 @@ Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel -Requires: vpnc +Requires: vpnc-script Requires: openssl >= 0.9.8k-4 # The "lasthost" and "autoconnect" gconf keys will cause older versions of # NetworkManager-openconnect to barf. As will the 'gwcert' secret. @@ -47,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Nov 4 2009 David Woodhouse - 2.10-1 +- Update to 2.10. + * Fri Aug 21 2009 Tomas Mraz - 2.01-3 - rebuilt with new openssl diff --git a/sources b/sources index 1161d5c..ef99ffb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8fa1f0883c136800dbb992e64a2d579e openconnect-2.01.tar.gz +49387c17bf2811098d057957a4e21af3 openconnect-2.10.tar.gz From 7d74fe9a26b42e96a50fd8c169ac50bac2ecf492 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 17 Nov 2009 15:59:24 +0000 Subject: [PATCH 018/184] 2.11. Fixes IPv6 routing --- .cvsignore | 2 +- openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index e2580ec..d1270fc 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-2.10.tar.gz +openconnect-2.11.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 8e49d85..4d24f9c 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 2.10 +Version: 2.11 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -47,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Tue Nov 17 2009 David Woodhouse - 2.11-1 +- Update to 2.11. + * Wed Nov 4 2009 David Woodhouse - 2.10-1 - Update to 2.10. diff --git a/sources b/sources index ef99ffb..459d639 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -49387c17bf2811098d057957a4e21af3 openconnect-2.10.tar.gz +509ebd34647dc44115289b2ede5319cd openconnect-2.11.tar.gz From 37e2c2a2f603d5acc22fcffe4e0b93ff4979d1e1 Mon Sep 17 00:00:00 2001 From: Bill Nottingham Date: Wed, 25 Nov 2009 22:56:32 +0000 Subject: [PATCH 019/184] Fix typo that causes a failure to update the common directory. (releng #2781) --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 83bd77d..6e92d4c 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ NAME := openconnect SPECFILE = $(firstword $(wildcard *.spec)) define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done +for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done endef MAKEFILE_COMMON := $(shell $(find-makefile-common)) From be2a637dd479b81c119c3b33f7ef6cb80d8b3d26 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 7 Dec 2009 16:42:42 +0000 Subject: [PATCH 020/184] --- .cvsignore | 2 +- openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index d1270fc..5f33319 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-2.11.tar.gz +openconnect-2.12.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 4d24f9c..4a4e875 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 2.11 +Version: 2.12 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -47,6 +47,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon Dec 7 2009 David Woodhouse - 2.12-1 +- Update to 2.12. + * Tue Nov 17 2009 David Woodhouse - 2.11-1 - Update to 2.11. diff --git a/sources b/sources index 459d639..7a6131d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -509ebd34647dc44115289b2ede5319cd openconnect-2.11.tar.gz +2a9f97a6dd2627553dbf0c3ffbd5c05f openconnect-2.12.tar.gz From 1537c3199860ea4724b76efc1c022042678655cf Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 4 Jan 2010 16:10:59 +0000 Subject: [PATCH 021/184] --- .cvsignore | 2 +- openconnect.spec | 6 +++++- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index 5f33319..a49680c 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-2.12.tar.gz +openconnect-2.20.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 4a4e875..fdf09ba 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 2.12 +Version: 2.20 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -10,6 +10,7 @@ Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel +BuildRequires: libproxy-devel Requires: vpnc-script Requires: openssl >= 0.9.8k-4 # The "lasthost" and "autoconnect" gconf keys will cause older versions of @@ -47,6 +48,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Mon Jan 4 2010 David Woodhouse - 2.20-1 +- Update to 2.20. + * Mon Dec 7 2009 David Woodhouse - 2.12-1 - Update to 2.12. diff --git a/sources b/sources index 7a6131d..1d6433d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2a9f97a6dd2627553dbf0c3ffbd5c05f openconnect-2.12.tar.gz +5ba69238aa1c992a9dae8e5dd0471b7d openconnect-2.20.tar.gz From d7ace8f6f4ae88e8264a20e025a1910ece3403d0 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sun, 10 Jan 2010 11:07:51 +0000 Subject: [PATCH 022/184] --- .cvsignore | 2 +- openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index a49680c..14f1fa7 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-2.20.tar.gz +openconnect-2.21.tar.gz diff --git a/openconnect.spec b/openconnect.spec index fdf09ba..a14b80a 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 2.20 +Version: 2.21 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -48,6 +48,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Sun Jan 10 2010 David Woodhouse - 2.21-1 +- Update to 2.21. + * Mon Jan 4 2010 David Woodhouse - 2.20-1 - Update to 2.20. diff --git a/sources b/sources index 1d6433d..221070f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5ba69238aa1c992a9dae8e5dd0471b7d openconnect-2.20.tar.gz +4aeac75e3b58075ae0ed55e4c4c02864 openconnect-2.21.tar.gz From e68700b73bd62d42e5ac494d119b8aed085c4e60 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 25 Mar 2010 11:04:19 +0000 Subject: [PATCH 023/184] --- .cvsignore | 2 +- openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index 14f1fa7..169883b 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-2.21.tar.gz +openconnect-2.22.tar.gz diff --git a/openconnect.spec b/openconnect.spec index a14b80a..b26e32e 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 2.21 +Version: 2.22 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -48,6 +48,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Sun Mar 7 2010 David Woodhouse - 2.22-1 +- Update to 2.22. (Works around server bug in ASA version 8.2.2.5) + * Sun Jan 10 2010 David Woodhouse - 2.21-1 - Update to 2.21. diff --git a/sources b/sources index 221070f..8be2928 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -4aeac75e3b58075ae0ed55e4c4c02864 openconnect-2.21.tar.gz +cad9b5bee6accde2dea3a5dfd19535cc openconnect-2.22.tar.gz From 261771e49e7876dca0fc2023542489d8885e83d2 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 9 Apr 2010 09:57:16 +0000 Subject: [PATCH 024/184] --- .cvsignore | 2 +- openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index 169883b..1baed65 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-2.22.tar.gz +openconnect-2.23.tar.gz diff --git a/openconnect.spec b/openconnect.spec index b26e32e..73924ae 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 2.22 +Version: 2.23 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -48,6 +48,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Apr 9 2010 David Woodhouse - 2.23-1 +- Update to 2.23. + * Sun Mar 7 2010 David Woodhouse - 2.22-1 - Update to 2.22. (Works around server bug in ASA version 8.2.2.5) diff --git a/sources b/sources index 8be2928..ee58f40 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -cad9b5bee6accde2dea3a5dfd19535cc openconnect-2.22.tar.gz +5ed49f23c642a29848cb2dbcfa96dfce openconnect-2.23.tar.gz From 362afdb9b927d0ed9486d7d4abc1366fe52a6ed0 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 7 May 2010 19:24:43 +0000 Subject: [PATCH 025/184] --- .cvsignore | 2 +- openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index 1baed65..fb06388 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-2.23.tar.gz +openconnect-2.24.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 73924ae..91dc31c 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 2.23 +Version: 2.24 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -48,6 +48,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri May 7 2010 David Woodhouse - 2.24-1 +- Update to 2.24. + * Fri Apr 9 2010 David Woodhouse - 2.23-1 - Update to 2.23. diff --git a/sources b/sources index ee58f40..cc811a1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5ed49f23c642a29848cb2dbcfa96dfce openconnect-2.23.tar.gz +6242c12550c1cb76b7e27f85b87ad598 openconnect-2.24.tar.gz From d7a3dd2bf9f5c3f9d14139a45f2bdae031dbca04 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 15 May 2010 08:34:20 +0000 Subject: [PATCH 026/184] 2.25 -- check certs properly against hostname --- .cvsignore | 2 +- openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.cvsignore b/.cvsignore index fb06388..21863a6 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -openconnect-2.24.tar.gz +openconnect-2.25.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 91dc31c..a70e1c0 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 2.24 +Version: 2.25 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -48,6 +48,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Sat May 15 2010 David Woodhouse - 2.25-1 +- Update to 2.25. + * Fri May 7 2010 David Woodhouse - 2.24-1 - Update to 2.24. diff --git a/sources b/sources index cc811a1..1fa776e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -6242c12550c1cb76b7e27f85b87ad598 openconnect-2.24.tar.gz +796a32b611ee6210a5367eb9684d6778 openconnect-2.25.tar.gz From 938fcfc32e9c719b30de314e0c77c914e38947fa Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 29 Jul 2010 04:56:55 +0000 Subject: [PATCH 027/184] dist-git conversion --- .cvsignore => .gitignore | 0 Makefile | 21 --------------------- 2 files changed, 21 deletions(-) rename .cvsignore => .gitignore (100%) delete mode 100644 Makefile diff --git a/.cvsignore b/.gitignore similarity index 100% rename from .cvsignore rename to .gitignore diff --git a/Makefile b/Makefile deleted file mode 100644 index 6e92d4c..0000000 --- a/Makefile +++ /dev/null @@ -1,21 +0,0 @@ -# Makefile for source rpm: openconnect -# $Id$ -NAME := openconnect -SPECFILE = $(firstword $(wildcard *.spec)) - -define find-makefile-common -for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done -endef - -MAKEFILE_COMMON := $(shell $(find-makefile-common)) - -ifeq ($(MAKEFILE_COMMON),) -# attept a checkout -define checkout-makefile-common -test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2 -endef - -MAKEFILE_COMMON := $(shell $(checkout-makefile-common)) -endif - -include $(MAKEFILE_COMMON) From c9b5d4b737af781d5dafc84b6ca8d7bfce44c1e9 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 12 Aug 2010 17:36:00 +0100 Subject: [PATCH 028/184] bump --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index a70e1c0..27f6a78 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 2.25 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -48,6 +48,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Aug 12 2010 David Woodhouse - 2.25-2 +- Rebuild for new libproxy + * Sat May 15 2010 David Woodhouse - 2.25-1 - Update to 2.25. From 94ed02139d92cccbdc15d4e58f18357f6e1c113b Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 22 Sep 2010 00:07:53 +0100 Subject: [PATCH 029/184] 2.26 --- .gitignore | 1 + openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 21863a6..4000ea7 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ openconnect-2.25.tar.gz +/openconnect-2.26.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 27f6a78..06e7c8e 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 2.25 +Version: 2.26 Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -48,6 +48,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Sep 22 2010 David Woodhouse - 2.26-1 +- Update to 2.26. (#629797: SIGSEGV in nm-openconnect-auth-dialog) + * Thu Aug 12 2010 David Woodhouse - 2.25-2 - Rebuild for new libproxy diff --git a/sources b/sources index 1fa776e..fc18756 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -796a32b611ee6210a5367eb9684d6778 openconnect-2.25.tar.gz +e3c7605fed128efe39c2eb9400af6765 openconnect-2.26.tar.gz From 839acc01b11fb895e8e241b290003061eac55dc4 Mon Sep 17 00:00:00 2001 From: Jesse Keating Date: Wed, 29 Sep 2010 14:55:33 -0700 Subject: [PATCH 030/184] - Rebuilt for gcc bug 634757 --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 06e7c8e..cf314d4 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 2.26 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -48,6 +48,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Wed Sep 29 2010 jkeating - 2.26-3 +- Rebuilt for gcc bug 634757 + * Wed Sep 22 2010 David Woodhouse - 2.26-1 - Update to 2.26. (#629797: SIGSEGV in nm-openconnect-auth-dialog) From 1f32f2490db2293f76bf2362062c17d7b8949726 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sun, 21 Nov 2010 21:00:26 +0000 Subject: [PATCH 031/184] fix bug number --- openconnect.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index cf314d4..c0dda2d 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -52,7 +52,7 @@ rm -rf $RPM_BUILD_ROOT - Rebuilt for gcc bug 634757 * Wed Sep 22 2010 David Woodhouse - 2.26-1 -- Update to 2.26. (#629797: SIGSEGV in nm-openconnect-auth-dialog) +- Update to 2.26. (#629979: SIGSEGV in nm-openconnect-auth-dialog) * Thu Aug 12 2010 David Woodhouse - 2.25-2 - Rebuild for new libproxy From 8d1aca924e54182fa2d4d6002d4242d7e202a3d0 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sun, 21 Nov 2010 21:03:11 +0000 Subject: [PATCH 032/184] bump release for rebuild --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index c0dda2d..4b0741f 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 2.26 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -48,6 +48,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Sun Nov 21 2010 David Woodhouse - 2.26-4 +- Fix bug numbers in changelog + * Wed Sep 29 2010 jkeating - 2.26-3 - Rebuilt for gcc bug 634757 From a5727d844dedaf914cf97620863e952e70541978 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Tue, 8 Feb 2011 21:05:34 -0600 Subject: [PATCH 033/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 4b0741f..bae842b 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 2.26 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -48,6 +48,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Tue Feb 08 2011 Fedora Release Engineering - 2.26-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + * Sun Nov 21 2010 David Woodhouse - 2.26-4 - Fix bug numbers in changelog From c58ce4469be273ae467a605749a2a9cbe4df8e7c Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 9 Mar 2011 22:58:08 +0000 Subject: [PATCH 034/184] Update to 3.0 --- .gitignore | 1 + openconnect.spec | 26 +++++++++++++++++++++----- sources | 2 +- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 4000ea7..6276bfc 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ openconnect-2.25.tar.gz /openconnect-2.26.tar.gz +/openconnect-3.00.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 06e7c8e..053656b 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect -Version: 2.26 -Release: 2%{?dist} +Version: 3.00 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -21,16 +21,26 @@ Conflicts: NetworkManager-openconnect < 0.7.0.99-4 This package provides a client for Cisco's "AnyConnect" VPN, which uses HTTPS and DTLS protocols. +%package devel +Summary: Development package for OpenConnect VPN authentication tools +Group: Applications/Internet + +%description devel +This package provides the core HTTP and authentication support from +the OpenConnect VPN client, to be used by GUI authentication dialogs +for NetworkManager etc. + %prep %setup -q %build -make %{?_smp_mflags} +make %{?_smp_mflags} openconnect %install rm -rf $RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT +make install-lib LIBDIR=%{_libdir} DESTDIR=$RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8 install -m0644 openconnect.8 $RPM_BUILD_ROOT/%{_mandir}/man8 @@ -41,13 +51,19 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) %{_bindir}/openconnect -%{_libexecdir}/nm-openconnect-auth-dialog %{_mandir}/man8/* %doc TODO COPYING.LGPL openconnect.html - +%files devel +%defattr(-,root,root,-) +%{_libdir}/libopenconnect.a +/usr/include/openconnect.h +%{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Mar 9 2011 David Woodhouse - 3.00-1 +- Update to 3.00. + * Wed Sep 22 2010 David Woodhouse - 2.26-1 - Update to 2.26. (#629797: SIGSEGV in nm-openconnect-auth-dialog) diff --git a/sources b/sources index fc18756..cb66b93 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e3c7605fed128efe39c2eb9400af6765 openconnect-2.26.tar.gz +7a24c0d57d2ab9e6bec65e82360a797b openconnect-3.00.tar.gz From 6db9e5583bb0cabfbe3e3c8443e8a67cafe9f132 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 9 Mar 2011 23:18:34 +0000 Subject: [PATCH 035/184] Update to 3.01 (fix libxml missing from pkgconfig) --- .gitignore | 1 + openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 6276bfc..3da752b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ openconnect-2.25.tar.gz /openconnect-2.26.tar.gz /openconnect-3.00.tar.gz +/openconnect-3.01.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 38e232a..c9234f7 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 3.00 +Version: 3.01 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -61,6 +61,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Mar 9 2011 David Woodhouse - 3.01-1 +- Update to 3.01. + * Wed Mar 9 2011 David Woodhouse - 3.00-1 - Update to 3.00. diff --git a/sources b/sources index cb66b93..4f911a6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7a24c0d57d2ab9e6bec65e82360a797b openconnect-3.00.tar.gz +4d41c96f95a2bc5b355e89b845bc5bb7 openconnect-3.01.tar.gz From 8ed22781d9b091612004a0efbd9faeaf9d6099bc Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 17 Mar 2011 11:56:22 +0000 Subject: [PATCH 036/184] Provide openconnect-devel-static to fix bug 688349 I'll switch to using a shared library soon, but for now as we've *just* started moving this stuff to a library, I'd rather not be trying to follow sane soname rules. --- openconnect.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index c9234f7..149328e 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 3.01 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -22,6 +22,7 @@ This package provides a client for Cisco's "AnyConnect" VPN, which uses HTTPS and DTLS protocols. %package devel +Provides: openconnect-devel-static = %{version}-%{release} Summary: Development package for OpenConnect VPN authentication tools Group: Applications/Internet @@ -61,6 +62,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Mar 17 2011 David Woodhouse - 3.01-2 +- Provide openconnect-devel-static (#688349) + * Wed Mar 9 2011 David Woodhouse - 3.01-1 - Update to 3.01. From 49fe85a0d2cfca7428130bc63fbe2f8e205bc798 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 19 Apr 2011 14:40:31 +0100 Subject: [PATCH 037/184] Update to 3.02 --- .gitignore | 1 + openconnect.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 3da752b..9489018 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ openconnect-2.25.tar.gz /openconnect-2.26.tar.gz /openconnect-3.00.tar.gz /openconnect-3.01.tar.gz +/openconnect-3.02.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 149328e..15ebe23 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect -Version: 3.01 -Release: 2%{?dist} +Version: 3.02 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -62,6 +62,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Tue Apr 19 2011 David Woodhouse - 3.02-1 +- Update to 3.02. + * Thu Mar 17 2011 David Woodhouse - 3.01-2 - Provide openconnect-devel-static (#688349) diff --git a/sources b/sources index 4f911a6..5c5f756 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -4d41c96f95a2bc5b355e89b845bc5bb7 openconnect-3.01.tar.gz +2fa4914815f4b692e7a81b49a08332a5 openconnect-3.02.tar.gz From 43e8d47bc1b5b780dd55f62f26f128d448556ce3 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 19 Apr 2011 14:53:56 +0100 Subject: [PATCH 038/184] Update to real 3.02 release tarball --- openconnect.spec | 5 ++++- sources | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index 15ebe23..e372d71 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 3.02 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -62,6 +62,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Tue Apr 19 2011 David Woodhouse - 3.02-2 +- Fix manpage (new tarball) + * Tue Apr 19 2011 David Woodhouse - 3.02-1 - Update to 3.02. diff --git a/sources b/sources index 5c5f756..c04b17b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2fa4914815f4b692e7a81b49a08332a5 openconnect-3.02.tar.gz +c12688474f432a6d590958cc1c1ff076 openconnect-3.02.tar.gz From 5caa6d4ce4cf2dd70d909505e1ea12ad54e859d1 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 30 Jun 2011 00:50:45 +0100 Subject: [PATCH 039/184] Update to 3.10 --- .gitignore | 1 + openconnect.spec | 20 +++++++++++--------- sources | 2 +- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/.gitignore b/.gitignore index 9489018..e75fd6f 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ openconnect-2.25.tar.gz /openconnect-3.00.tar.gz /openconnect-3.01.tar.gz /openconnect-3.02.tar.gz +/openconnect-3.10.tar.gz diff --git a/openconnect.spec b/openconnect.spec index e372d71..83fc348 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect -Version: 3.02 -Release: 2%{?dist} +Version: 3.10 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -22,7 +22,6 @@ This package provides a client for Cisco's "AnyConnect" VPN, which uses HTTPS and DTLS protocols. %package devel -Provides: openconnect-devel-static = %{version}-%{release} Summary: Development package for OpenConnect VPN authentication tools Group: Applications/Internet @@ -35,15 +34,14 @@ for NetworkManager etc. %setup -q %build -make %{?_smp_mflags} openconnect +%configure +make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT -make install DESTDIR=$RPM_BUILD_ROOT -make install-lib LIBDIR=%{_libdir} DESTDIR=$RPM_BUILD_ROOT -mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8 -install -m0644 openconnect.8 $RPM_BUILD_ROOT/%{_mandir}/man8 +%makeinstall +rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la %clean rm -rf $RPM_BUILD_ROOT @@ -51,17 +49,21 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) +%{_libdir}/libopenconnect.so.1* %{_bindir}/openconnect %{_mandir}/man8/* %doc TODO COPYING.LGPL openconnect.html %files devel %defattr(-,root,root,-) -%{_libdir}/libopenconnect.a +%{_libdir}/libopenconnect.so /usr/include/openconnect.h %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jun 30 2011 David Woodhouse - 3.10-1 +- Update to 3.10. (Drop static library, ship libopenconnect.so.1) + * Tue Apr 19 2011 David Woodhouse - 3.02-2 - Fix manpage (new tarball) diff --git a/sources b/sources index c04b17b..270e646 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c12688474f432a6d590958cc1c1ff076 openconnect-3.02.tar.gz +f6cc2d5a97de2fac9810b227a2ad4ff2 openconnect-3.10.tar.gz From c8bccecfeacc196fe3aaef8c152f163175af90ee Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 20 Jul 2011 17:42:50 -0700 Subject: [PATCH 040/184] 3.11 --- .gitignore | 1 + openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index e75fd6f..82e6f5b 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ openconnect-2.25.tar.gz /openconnect-3.01.tar.gz /openconnect-3.02.tar.gz /openconnect-3.10.tar.gz +/openconnect-3.11.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 83fc348..0db3f34 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 3.10 +Version: 3.11 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -61,6 +61,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Jul 20 2011 David Woodhouse - 3.11-1 +- Update to 3.11. (Fix compatibility issue with servers requiring TLS) + * Thu Jun 30 2011 David Woodhouse - 3.10-1 - Update to 3.10. (Drop static library, ship libopenconnect.so.1) diff --git a/sources b/sources index 270e646..cef9cc2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f6cc2d5a97de2fac9810b227a2ad4ff2 openconnect-3.10.tar.gz +b66927f98cfeb577b3016f8b83005d6b openconnect-3.11.tar.gz From 0528d513ebd0e7231cac1f6d5e67720c8f08399d Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 20 Jul 2011 18:01:00 -0700 Subject: [PATCH 041/184] add ldconfig in pre/post --- openconnect.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/openconnect.spec b/openconnect.spec index 0db3f34..b8df346 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -46,6 +46,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la %clean rm -rf $RPM_BUILD_ROOT +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig %files %defattr(-,root,root,-) From e2d4c7e7dfccb4eaeeaa17015810d88c7bceac0d Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 12 Sep 2011 01:07:54 +0100 Subject: [PATCH 042/184] Update to 3.12. (Fix DTLS compatibility issue with new ASA firmware) --- .gitignore | 1 + openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 82e6f5b..b6b6106 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ openconnect-2.25.tar.gz /openconnect-3.02.tar.gz /openconnect-3.10.tar.gz /openconnect-3.11.tar.gz +/openconnect-3.12.tar.gz diff --git a/openconnect.spec b/openconnect.spec index b8df346..433d2ff 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 3.11 +Version: 3.12 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -64,6 +64,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Mon Sep 12 2011 David Woodhouse - 3.12-1 +* Update to 3.12. (Fix DTLS compatibility issue with new ASA firmware) + * Wed Jul 20 2011 David Woodhouse - 3.11-1 - Update to 3.11. (Fix compatibility issue with servers requiring TLS) diff --git a/sources b/sources index cef9cc2..fa496d0 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -b66927f98cfeb577b3016f8b83005d6b openconnect-3.11.tar.gz +2f4fceb3f921ca8deb3a7cbd19a5e008 openconnect-3.12.tar.gz From b38d616ed2c95190f89816fbaaa6fba01f946358 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 30 Sep 2011 23:24:51 +0100 Subject: [PATCH 043/184] 3.13 --- .gitignore | 1 + openconnect.spec | 13 ++++++++++--- sources | 2 +- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index b6b6106..f4a31d7 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ openconnect-2.25.tar.gz /openconnect-3.10.tar.gz /openconnect-3.11.tar.gz /openconnect-3.12.tar.gz +/openconnect-3.13.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 433d2ff..7957ff0 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 3.12 +Version: 3.13 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -41,7 +41,11 @@ make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT %makeinstall +# Move HTML docs into correct place +mkdir -p $RPM_BUILD_ROOT%{_docdir} +mv $RPM_BUILD_ROOT%{_datadir}/%{name} $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version} rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la +%find_lang %{name} %clean rm -rf $RPM_BUILD_ROOT @@ -50,12 +54,12 @@ rm -rf $RPM_BUILD_ROOT %postun -p /sbin/ldconfig -%files +%files -f %{name}.lang %defattr(-,root,root,-) %{_libdir}/libopenconnect.so.1* %{_bindir}/openconnect %{_mandir}/man8/* -%doc TODO COPYING.LGPL openconnect.html +%doc TODO COPYING.LGPL %files devel %defattr(-,root,root,-) @@ -64,6 +68,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Sep 30 2011 David Woodhouse - 3.13-1 +- Update to 3.13. (Add localisation support, --cert-expire-warning) + * Mon Sep 12 2011 David Woodhouse - 3.12-1 * Update to 3.12. (Fix DTLS compatibility issue with new ASA firmware) diff --git a/sources b/sources index fa496d0..84002d2 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -2f4fceb3f921ca8deb3a7cbd19a5e008 openconnect-3.12.tar.gz +4364a779bfce66de243f39eeb7a39c1f openconnect-3.13.tar.gz From 204ca15ef3c21c732355202819b6b3021b03bd88 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 30 Sep 2011 23:33:41 +0100 Subject: [PATCH 044/184] Add intltool --- openconnect.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 7957ff0..efd7d21 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -10,7 +10,7 @@ Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel -BuildRequires: libproxy-devel +BuildRequires: libproxy-devel python intltool Requires: vpnc-script Requires: openssl >= 0.9.8k-4 # The "lasthost" and "autoconnect" gconf keys will cause older versions of From ed18828f4fd9a9aa9a6faa7810a57c369615c26a Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 8 Nov 2011 02:48:05 +0000 Subject: [PATCH 045/184] Update to 3.14 --- .gitignore | 1 + openconnect.spec | 13 ++++++------- sources | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index f4a31d7..3ff6604 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ openconnect-2.25.tar.gz /openconnect-3.11.tar.gz /openconnect-3.12.tar.gz /openconnect-3.13.tar.gz +/openconnect-3.14.tar.gz diff --git a/openconnect.spec b/openconnect.spec index efd7d21..283e558 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 3.13 +Version: 3.14 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -10,12 +10,11 @@ Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel -BuildRequires: libproxy-devel python intltool +BuildRequires: libproxy-devel python Requires: vpnc-script Requires: openssl >= 0.9.8k-4 -# The "lasthost" and "autoconnect" gconf keys will cause older versions of -# NetworkManager-openconnect to barf. As will the 'gwcert' secret. -Conflicts: NetworkManager-openconnect < 0.7.0.99-4 +# Older versions of NetworkManager-openconnect won't find openconnect in /usr/sbin +Conflicts: NetworkManager-openconnect < 0.9.0-3 %description This package provides a client for Cisco's "AnyConnect" VPN, which uses @@ -34,7 +33,7 @@ for NetworkManager etc. %setup -q %build -%configure +%configure --disable-static make %{?_smp_mflags} @@ -57,7 +56,7 @@ rm -rf $RPM_BUILD_ROOT %files -f %{name}.lang %defattr(-,root,root,-) %{_libdir}/libopenconnect.so.1* -%{_bindir}/openconnect +%{_sbindir}/openconnect %{_mandir}/man8/* %doc TODO COPYING.LGPL diff --git a/sources b/sources index 84002d2..be96567 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -4364a779bfce66de243f39eeb7a39c1f openconnect-3.13.tar.gz +c7e73dfa58c7c49683c93800a3506a0f openconnect-3.14.tar.gz From a07eae4d5ab3219d69b49965cd4a4aa486b6d270 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 8 Nov 2011 03:02:56 +0000 Subject: [PATCH 046/184] Add gettext BR, changelog --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 283e558..e181607 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -10,7 +10,7 @@ Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel -BuildRequires: libproxy-devel python +BuildRequires: libproxy-devel python gettext Requires: vpnc-script Requires: openssl >= 0.9.8k-4 # Older versions of NetworkManager-openconnect won't find openconnect in /usr/sbin @@ -67,6 +67,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Sep 30 2011 David Woodhouse - 3.14-1 +- Update to 3.14. + * Fri Sep 30 2011 David Woodhouse - 3.13-1 - Update to 3.13. (Add localisation support, --cert-expire-warning) From 319cc8a2ad97df59a5bce2ac92a8192e87597e0f Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 25 Nov 2011 17:14:11 +0000 Subject: [PATCH 047/184] 3.15 --- .gitignore | 1 + openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 3ff6604..3175333 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ openconnect-2.25.tar.gz /openconnect-3.12.tar.gz /openconnect-3.13.tar.gz /openconnect-3.14.tar.gz +/openconnect-3.15.tar.gz diff --git a/openconnect.spec b/openconnect.spec index e181607..1bb64ce 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 3.14 +Version: 3.15 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -67,6 +67,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Nov 25 2011 David Woodhouse - 3.15-1 +- Update to 3.15. + * Fri Sep 30 2011 David Woodhouse - 3.14-1 - Update to 3.14. diff --git a/sources b/sources index be96567..7eda3d9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c7e73dfa58c7c49683c93800a3506a0f openconnect-3.14.tar.gz +94245f4bac42a288100becab0b4ca29a openconnect-3.15.tar.gz From 9dd6bc81efab0739284d7878f5eb843958773eec Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 13 Jan 2012 05:37:56 -0600 Subject: [PATCH 048/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 1bb64ce..84df35d 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 3.15 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -67,6 +67,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Jan 13 2012 Fedora Release Engineering - 3.15-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + * Fri Nov 25 2011 David Woodhouse - 3.15-1 - Update to 3.15. From dfca85a3e661ae5a0bb7d00fb35bc2b329b40ff6 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sun, 8 Apr 2012 21:37:33 +0100 Subject: [PATCH 049/184] 3.16 --- .gitignore | 1 + openconnect.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 3175333..c19da48 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ openconnect-2.25.tar.gz /openconnect-3.13.tar.gz /openconnect-3.14.tar.gz /openconnect-3.15.tar.gz +/openconnect-3.16.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 84df35d..70c4a68 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect -Version: 3.15 -Release: 2%{?dist} +Version: 3.16 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -67,6 +67,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sun Apr 08 2012 David Woodhouse - 3.16-1 +- Update to 3.16. + * Fri Jan 13 2012 Fedora Release Engineering - 3.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild diff --git a/sources b/sources index 7eda3d9..cdf6166 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -94245f4bac42a288100becab0b4ca29a openconnect-3.15.tar.gz +ce258b996e6af9128f20fb797938f7b7 openconnect-3.16.tar.gz From f2cc455b17f78791c39277a5d68205486c560b84 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 20 Apr 2012 16:33:13 +0100 Subject: [PATCH 050/184] 3.17 --- .gitignore | 1 + openconnect.spec | 10 +++++----- sources | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index c19da48..6303250 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ openconnect-2.25.tar.gz /openconnect-3.14.tar.gz /openconnect-3.15.tar.gz /openconnect-3.16.tar.gz +/openconnect-3.17.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 70c4a68..bc72550 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 3.16 +Version: 3.17 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -33,16 +33,13 @@ for NetworkManager etc. %setup -q %build -%configure --disable-static +%configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir='${datadir}/doc/%{name}-%{version}/' make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT %makeinstall -# Move HTML docs into correct place -mkdir -p $RPM_BUILD_ROOT%{_docdir} -mv $RPM_BUILD_ROOT%{_datadir}/%{name} $RPM_BUILD_ROOT%{_docdir}/%{name}-%{version} rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la %find_lang %{name} @@ -67,6 +64,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Apr 20 2012 David Woodhouse - 3.17-1 +- Update to 3.17. + * Sun Apr 08 2012 David Woodhouse - 3.16-1 - Update to 3.16. diff --git a/sources b/sources index cdf6166..2167c49 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ce258b996e6af9128f20fb797938f7b7 openconnect-3.16.tar.gz +7b42b6bc4ba7641dab9366346cdf2de4 openconnect-3.17.tar.gz From fe4378685b2420463d738f2abdd5676a8496077d Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 26 Apr 2012 13:12:23 +0100 Subject: [PATCH 051/184] 3.18 --- .gitignore | 1 + openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 6303250..31c1f1c 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ openconnect-2.25.tar.gz /openconnect-3.15.tar.gz /openconnect-3.16.tar.gz /openconnect-3.17.tar.gz +/openconnect-3.18.tar.gz diff --git a/openconnect.spec b/openconnect.spec index bc72550..c6a8706 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 3.17 +Version: 3.18 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -64,6 +64,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Apr 26 2012 David Woodhouse - 3.18-1 +- Update to 3.18. + * Fri Apr 20 2012 David Woodhouse - 3.17-1 - Update to 3.17. diff --git a/sources b/sources index 2167c49..1f74bed 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -7b42b6bc4ba7641dab9366346cdf2de4 openconnect-3.17.tar.gz +5a440ad946cfec0f1ee7ee5519081cf1 openconnect-3.18.tar.gz From 4f51f714a2f0b841757320557a5c602fb4a2849b Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 26 Apr 2012 14:28:44 +0100 Subject: [PATCH 052/184] use %make_install not %makeinstall --- openconnect.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index c6a8706..13df224 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -33,13 +33,13 @@ for NetworkManager etc. %setup -q %build -%configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir='${datadir}/doc/%{name}-%{version}/' +%configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT -%makeinstall +%make_install rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la %find_lang %{name} From 8d92abc37807eedf13921264ebe58dcd2562623f Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 17 May 2012 12:42:13 +0100 Subject: [PATCH 053/184] 3.19 --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 13df224..22348f1 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 3.18 +Version: 3.19 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -64,6 +64,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu May 17 2012 David Woodhouse - 3.19-1 +- Update to 3.19. + * Thu Apr 26 2012 David Woodhouse - 3.18-1 - Update to 3.18. From 2c0975c403c2401256047ab9d1163e555e2ff666 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 17 May 2012 12:43:05 +0100 Subject: [PATCH 054/184] Commit 'new-sources' changes which weren't staged before last commit --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 31c1f1c..9f46f5b 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ openconnect-2.25.tar.gz /openconnect-3.16.tar.gz /openconnect-3.17.tar.gz /openconnect-3.18.tar.gz +/openconnect-3.19.tar.gz diff --git a/sources b/sources index 1f74bed..fa145ba 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5a440ad946cfec0f1ee7ee5519081cf1 openconnect-3.18.tar.gz +8209a3d4e56af879262c6e6fb2dbbce1 openconnect-3.19.tar.gz From ac8b29b5aeac05d023eb0e81b05203a273f4a185 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 18 May 2012 02:49:42 +0100 Subject: [PATCH 055/184] 3.20 --- .gitignore | 1 + openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 9f46f5b..4e4fd2e 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ openconnect-2.25.tar.gz /openconnect-3.17.tar.gz /openconnect-3.18.tar.gz /openconnect-3.19.tar.gz +/openconnect-3.20.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 22348f1..16324ce 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ Name: openconnect -Version: 3.19 +Version: 3.20 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -64,6 +64,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri May 18 2012 David Woodhouse - 3.20-1 +- Update to 3.20. + * Thu May 17 2012 David Woodhouse - 3.19-1 - Update to 3.19. diff --git a/sources b/sources index fa145ba..43e7182 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8209a3d4e56af879262c6e6fb2dbbce1 openconnect-3.19.tar.gz +3ba7c295e05b3053eec84ddc6705d89e openconnect-3.20.tar.gz From fa8f218789a26a4d14e56f8b1fccc395e49ba7ff Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 19 May 2012 00:44:28 +0100 Subject: [PATCH 056/184] openconnect-devel package should require precisely matching openconnect --- openconnect.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 16324ce..7a63b31 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 3.20 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -23,6 +23,7 @@ HTTPS and DTLS protocols. %package devel Summary: Development package for OpenConnect VPN authentication tools Group: Applications/Internet +Requires: %{name} = %{version}-%{release} %description devel This package provides the core HTTP and authentication support from @@ -64,6 +65,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat May 19 2012 David Woodhouse - 3.20-2 +- openconnect-devel package should require precisely matching openconnect + * Fri May 18 2012 David Woodhouse - 3.20-1 - Update to 3.20. From 5206d77c50e4cd83f09797a38c107e980b4eebbe Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 14 Jun 2012 00:04:31 +0100 Subject: [PATCH 057/184] 3.99 Signed-off-by: David Woodhouse --- .gitignore | 1 + openconnect.spec | 12 ++++++++---- sources | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 4e4fd2e..a91f548 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ openconnect-2.25.tar.gz /openconnect-3.18.tar.gz /openconnect-3.19.tar.gz /openconnect-3.20.tar.gz +/openconnect-3.99.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 7a63b31..75473e5 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect -Version: 3.20 -Release: 2%{?dist} +Version: 3.99 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -12,6 +12,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel BuildRequires: libproxy-devel python gettext Requires: vpnc-script +Requires: pkgconfig(gnutls) >= 2.12.16 Requires: openssl >= 0.9.8k-4 # Older versions of NetworkManager-openconnect won't find openconnect in /usr/sbin Conflicts: NetworkManager-openconnect < 0.9.0-3 @@ -34,7 +35,7 @@ for NetworkManager etc. %setup -q %build -%configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} +%configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} --with-gnutls make %{?_smp_mflags} @@ -53,7 +54,7 @@ rm -rf $RPM_BUILD_ROOT %files -f %{name}.lang %defattr(-,root,root,-) -%{_libdir}/libopenconnect.so.1* +%{_libdir}/libopenconnect.so.2* %{_sbindir}/openconnect %{_mandir}/man8/* %doc TODO COPYING.LGPL @@ -65,6 +66,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jun 14 2012 David Woodhouse - 3.99-1 +- Update to OpenConnect v3.99, use GnuTLS (enables PKCS#11 support) + * Sat May 19 2012 David Woodhouse - 3.20-2 - openconnect-devel package should require precisely matching openconnect diff --git a/sources b/sources index 43e7182..a4a0cd9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -3ba7c295e05b3053eec84ddc6705d89e openconnect-3.20.tar.gz +5b71a825b5e13a2ffab72971cdb92ce9 openconnect-3.99.tar.gz From 9336f94d2ea2d9fd0e1bd8f5247176846c728251 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 14 Jun 2012 00:30:35 +0100 Subject: [PATCH 058/184] Fix BR --- openconnect.spec | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index 75473e5..2782629 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 3.99 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -10,9 +10,8 @@ Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel -BuildRequires: libproxy-devel python gettext +BuildRequires: libproxy-devel python gettext pkgconfig(gnutls) >= 2.12.16 Requires: vpnc-script -Requires: pkgconfig(gnutls) >= 2.12.16 Requires: openssl >= 0.9.8k-4 # Older versions of NetworkManager-openconnect won't find openconnect in /usr/sbin Conflicts: NetworkManager-openconnect < 0.9.0-3 @@ -66,6 +65,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jun 14 2012 David Woodhouse - 3.99-2 +- Fix GnuTLS BuildRequires + * Thu Jun 14 2012 David Woodhouse - 3.99-1 - Update to OpenConnect v3.99, use GnuTLS (enables PKCS#11 support) From 273e7aaf606fabfe7c79ac4a29ae520b16e7e3c1 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 14 Jun 2012 00:58:43 +0100 Subject: [PATCH 059/184] Gr, f*cking GnuTLS 2. --- ...library-still-referencing-OpenSSL-ER.patch | 89 +++++++++++++++++++ openconnect.spec | 7 +- 2 files changed, 95 insertions(+), 1 deletion(-) create mode 100644 0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch diff --git a/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch b/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch new file mode 100644 index 0000000..033f428 --- /dev/null +++ b/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch @@ -0,0 +1,89 @@ +From 5bb9d1becd94b7c1d3fa2261efc4df9c354fb062 Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Thu, 14 Jun 2012 00:55:54 +0100 +Subject: [PATCH] Fix GnuTLS 2.12 library still referencing OpenSSL + ERR_print_errors_cb() + +Signed-off-by: David Woodhouse +--- + configure.ac | 2 ++ + libopenconnect.map.in | 2 +- + openconnect-internal.h | 5 ++--- + ssl.c | 8 +------- + 4 files changed, 6 insertions(+), 11 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 4cb33b1..9feef4d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -316,6 +316,7 @@ case "$ssl_library" in + AC_SUBST(SSL_LIBRARY, [openssl]) + AC_SUBST(SSL_LIBS, ['$(OPENSSL_LIBS)']) + AC_SUBST(SSL_CFLAGS, ['$(OPENSSL_CFLAGS)']) ++ AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"]) + ;; + both) + # GnuTLS for TCP, OpenSSL for DTLS +@@ -326,6 +327,7 @@ case "$ssl_library" in + AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)']) + AC_SUBST(DTLS_SSL_LIBS, ['$(OPENSSL_LIBS)']) + AC_SUBST(DTLS_SSL_CFLAGS, ['$(OPENSSL_CFLAGS)']) ++ AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"]) + ;; + *) + AC_MSG_ERROR([Neither OpenSSL nor GnuTLS selected for SSL.]) +diff --git a/libopenconnect.map.in b/libopenconnect.map.in +index b6dc842..9e3a47a 100644 +--- a/libopenconnect.map.in ++++ b/libopenconnect.map.in +@@ -31,7 +31,7 @@ OPENCONNECT_2.0 { + }; + + OPENCONNECT_PRIVATE { +- global: @SYMVER_TIME@ @SYMVER_ASPRINTF@ @SYMVER_GETLINE@ ++ global: @SYMVER_TIME@ @SYMVER_ASPRINTF@ @SYMVER_GETLINE@ @SYMVER_PRINT_ERR@ + openconnect_SSL_gets; + openconnect_close_https; + openconnect_open_https; +diff --git a/openconnect-internal.h b/openconnect-internal.h +index 37c6400..d67e601 100644 +--- a/openconnect-internal.h ++++ b/openconnect-internal.h +@@ -337,9 +337,8 @@ int request_passphrase(struct openconnect_info *vpninfo, const char *label, + char **response, const char *fmt, ...); + int __attribute__ ((format (printf, 2, 3))) + openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...); +-#if defined(OPENCONNECT_OPENSSL) || defined (DTLS_OPENSSL) +-void openconnect_report_ssl_errors(struct openconnect_info *vpninfo); +-#endif ++int openconnect_print_err_cb(const char *str, size_t len, void *ptr); ++#define openconnect_report_ssl_errors(v) ERR_print_errors_cb(openconnect_print_err_cb, (v)) + + /* ${SSL_LIBRARY}.c */ + int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len); +diff --git a/ssl.c b/ssl.c +index de16ec4..2303b6f 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -357,17 +357,11 @@ int openconnect_passphrase_from_fsid(struct openconnect_info *vpninfo) + #if defined(OPENCONNECT_OPENSSL) || defined (DTLS_OPENSSL) + /* We put this here rather than in openssl.c because it might be needed + for OpenSSL DTLS support even when GnuTLS is being used for HTTPS */ +-#include +-static int print_err(const char *str, size_t len, void *ptr) ++int openconnect_print_err_cb(const char *str, size_t len, void *ptr) + { + struct openconnect_info *vpninfo = ptr; + + vpn_progress(vpninfo, PRG_ERR, "%s", str); + return 0; + } +- +-void openconnect_report_ssl_errors(struct openconnect_info *vpninfo) +-{ +- ERR_print_errors_cb(print_err, vpninfo); +-} + #endif +-- +1.7.10.2 + diff --git a/openconnect.spec b/openconnect.spec index 2782629..58a059e 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,12 +1,13 @@ Name: openconnect Version: 3.99 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz +Patch1: 0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel @@ -32,6 +33,7 @@ for NetworkManager etc. %prep %setup -q +%patch1 -p1 %build %configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} --with-gnutls @@ -65,6 +67,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jun 14 2012 David Woodhouse - 3.99-3 +- Fix library not to reference OpenSSL symbols when linked against GnuTLS 2 + * Thu Jun 14 2012 David Woodhouse - 3.99-2 - Fix GnuTLS BuildRequires From 0eb0745fd415c036142178ec04500648b6bd85e8 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 14 Jun 2012 01:13:41 +0100 Subject: [PATCH 060/184] autoreconf --- openconnect.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 58a059e..0f39098 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,6 +1,6 @@ Name: openconnect Version: 3.99 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -12,6 +12,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel BuildRequires: libproxy-devel python gettext pkgconfig(gnutls) >= 2.12.16 +BuildRequires: autoconf automake libtool Requires: vpnc-script Requires: openssl >= 0.9.8k-4 # Older versions of NetworkManager-openconnect won't find openconnect in /usr/sbin @@ -34,6 +35,7 @@ for NetworkManager etc. %prep %setup -q %patch1 -p1 +autoreconf %build %configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} --with-gnutls @@ -67,6 +69,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jun 14 2012 David Woodhouse - 3.99-4 +- Last patch needs autoreconf + * Thu Jun 14 2012 David Woodhouse - 3.99-3 - Fix library not to reference OpenSSL symbols when linked against GnuTLS 2 From 73c241ac73ffe3dd6119a4ed6289dd9cdabac39a Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 14 Jun 2012 10:37:52 +0100 Subject: [PATCH 061/184] Fix version number after patch --- ...x-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch b/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch index 033f428..159724e 100644 --- a/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch +++ b/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch @@ -84,6 +84,12 @@ index de16ec4..2303b6f 100644 - ERR_print_errors_cb(print_err, vpninfo); -} #endif +--- a/version.c 2012-06-14 00:54:19.105737751 +0100 ++++ b/version.c 2012-06-14 10:36:03.368397305 +0100 +@@ -1 +1 @@ +-const char *openconnect_version_str = "v3.99"; ++const char *openconnect_version_str = "v3.99-1-gbca3b64"; + -- 1.7.10.2 From 4e232f81837494a483a357c6c00f1b3fc153115d Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 16 Jun 2012 22:42:36 +0100 Subject: [PATCH 062/184] Update to what is almost the final 4.00 release, enable v1 library on <= f17 --- .gitignore | 1 + libopenconnect15.map | 51 ++++++++++++++++++++++++++++ library15.c | 33 ++++++++++++++++++ openconnect.spec | 79 +++++++++++++++++++++++++++++++++++++++----- sources | 2 +- 5 files changed, 157 insertions(+), 9 deletions(-) create mode 100644 libopenconnect15.map create mode 100644 library15.c diff --git a/.gitignore b/.gitignore index a91f548..f907def 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ openconnect-2.25.tar.gz /openconnect-3.19.tar.gz /openconnect-3.20.tar.gz /openconnect-3.99.tar.gz +/openconnect-3.99-26-gb40dcae.tar.gz diff --git a/libopenconnect15.map b/libopenconnect15.map new file mode 100644 index 0000000..39e5f31 --- /dev/null +++ b/libopenconnect15.map @@ -0,0 +1,51 @@ +OPENCONNECT_1.0 { + global: + openconnect_clear_cookie; + openconnect_get_cert_sha1; + openconnect_get_cookie; + openconnect_get_hostname; + openconnect_get_peer_cert; + openconnect_get_port; + openconnect_get_urlpath; + openconnect_get_version; + openconnect_init_openssl; + openconnect_obtain_cookie; + openconnect_parse_url; + openconnect_passphrase_from_fsid; + openconnect_reset_ssl; + openconnect_set_cafile; + openconnect_set_client_cert; + openconnect_set_hostname; + openconnect_set_http_proxy; + openconnect_setup_csd; + openconnect_set_urlpath; + openconnect_set_xmlsha1; + openconnect_vpninfo_new; + local: + *; +}; +OPENCONNECT_1.1 { + global: + openconnect_vpninfo_free; +} OPENCONNECT_1.0; + +OPENCONNECT_1.2 { + global: + openconnect_vpninfo_new_with_cbdata; +} OPENCONNECT_1.1; + +OPENCONNECT_1.3 { + global: + openconnect_set_cert_expiry_warning; +} OPENCONNECT_1.2; + +OPENCONNECT_1.4 { + global: + openconnect_set_cancel_fd; +} OPENCONNECT_1.3; + +OPENCONNECT_1.5 { + global: + openconnect_get_cert_details; + openconnect_get_cert_DER; +} OPENCONNECT_1.4; diff --git a/library15.c b/library15.c new file mode 100644 index 0000000..0496cdf --- /dev/null +++ b/library15.c @@ -0,0 +1,33 @@ +#ifndef OPENCONNECT_OPENSSL +#error Cannot pretend to be compatible if not building with OpenSSL +#endif + +#define openconnect_vpninfo_new openconnect_vpninfo_new_with_cbdata +#include "library.c" +#undef openconnect_vpninfo_new + +struct openconnect_info * +openconnect_vpninfo_new (char *useragent, + openconnect_validate_peer_cert_vfn validate_peer_cert, + openconnect_write_new_config_vfn write_new_config, + openconnect_process_auth_form_vfn process_auth_form, + openconnect_progress_vfn progress); +struct openconnect_info * +openconnect_vpninfo_new (char *useragent, + openconnect_validate_peer_cert_vfn validate_peer_cert, + openconnect_write_new_config_vfn write_new_config, + openconnect_process_auth_form_vfn process_auth_form, + openconnect_progress_vfn progress) +{ + return openconnect_vpninfo_new_with_cbdata(useragent, + validate_peer_cert, + write_new_config, + process_auth_form, + progress, NULL); +} + +void openconnect_init_openssl(void); +void openconnect_init_openssl(void) +{ + openconnect_init_ssl(); +} diff --git a/openconnect.spec b/openconnect.spec index 0f39098..1443114 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,20 +1,31 @@ +# For Fedora 17 and below, for now, build a compat libopenconnect.so.1 with OpenSSL so +# that the upgrade path is easier. +%if 0%fedora < 18 +%define build_compat_lib 1 +%else +%define build_compat_lib 0 +%endif + Name: openconnect Version: 3.99 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html -Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz -Patch1: 0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch +# git reset --hard b40dcae ; make tmp-dist +Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}-26-gb40dcae.tar.gz +Source1: library15.c +Source2: libopenconnect15.map BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel -BuildRequires: libproxy-devel python gettext pkgconfig(gnutls) >= 2.12.16 -BuildRequires: autoconf automake libtool +BuildRequires: libproxy-devel python gettext gnutls-devel >= 2.12.14-3 +BuildRequires: autoconf automake libtool trousers-devel Requires: vpnc-script Requires: openssl >= 0.9.8k-4 +Requires: gnutls >= 2.12.14-3 # Older versions of NetworkManager-openconnect won't find openconnect in /usr/sbin Conflicts: NetworkManager-openconnect < 0.9.0-3 @@ -32,20 +43,64 @@ This package provides the core HTTP and authentication support from the OpenConnect VPN client, to be used by GUI authentication dialogs for NetworkManager etc. +%package lib-compat +Summary: Compatibility library for OpenConnect authentication clients +Group: Applications/Internet +Requires: %{name} = %{version}-%{release} + +%description lib-compat +This package provides a backward-compatible library for use by GNOME and KDE +NetworkManager clients which have not yet been rebuilt to use the new version +of the library. + %prep -%setup -q -%patch1 -p1 -autoreconf +%setup -q -n openconnect-3.99-26-gb40dcae +%if %{build_compat_lib} +cp %{SOURCE1} . +cp %{SOURCE2} libopenconnect15.map.in +# In Fedora 16 we fixed the gnutls_record_get_direction() bug without upgrading +sed 's/2\.12\.16/2.12.14/' -i configure +touch version.c +%endif %build +%global _configure ../configure +%if %{build_compat_lib} +mkdir compat +cd compat +%configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} +# Hack: Build with library15.c instead of library.c and use the old version +# script and soname. +sed -e 's/library\./library15./g' \ + -e 's/libopenconnect.map/libopenconnect15.map/g' \ + -e 's/-version-number 2:0/-version-number 1:5/g' \ + Makefile > Makefile.lib15 +# We configure with --disable-dependency-tracking so we do not need this: +# cp .deps/libopenconnect_la-library.Plo .deps/libopenconnect_la-library2.Plo + +# Do not let it rebuild the symbol map that we provided +cp %{SOURCE2} . +make -f Makefile.lib15 libopenconnect.la + +cd .. +%endif +mkdir gnutls +cd gnutls %configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} --with-gnutls make %{?_smp_mflags} %install rm -rf $RPM_BUILD_ROOT +%if %{build_compat_lib} +mkdir -p $RPM_BUILD_ROOT/%{_libdir} +install -m0755 compat/.libs/libopenconnect.so.1.5.0 ${RPM_BUILD_ROOT}/%{_libdir} +ln -sf libopenconnect.so.1.5.0 ${RPM_BUILD_ROOT}/%{_libdir}/libopenconnect.so.1 +%endif +cd gnutls %make_install rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la +cd .. %find_lang %{name} %clean @@ -62,6 +117,11 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/* %doc TODO COPYING.LGPL +%if %{build_compat_lib} +%files lib-compat +%{_libdir}/libopenconnect.so.1* +%endif + %files devel %defattr(-,root,root,-) %{_libdir}/libopenconnect.so @@ -69,6 +129,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat Jun 16 2012 David Woodhouse - 3.99-5 +- Enable building compatibility libopenconnect.so.1 + * Thu Jun 14 2012 David Woodhouse - 3.99-4 - Last patch needs autoreconf diff --git a/sources b/sources index a4a0cd9..007ed63 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5b71a825b5e13a2ffab72971cdb92ce9 openconnect-3.99.tar.gz +88b8fe7f32f2164c938a20e1a7765c26 openconnect-3.99-26-gb40dcae.tar.gz From 60aba24ceae330db72cf418b65ad0f12a66f5974 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 18 Jun 2012 20:14:25 +0100 Subject: [PATCH 063/184] Fix cleanup crash with no ssl cert --- .gitignore | 1 + openconnect.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index f907def..eb7f8fc 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ openconnect-2.25.tar.gz /openconnect-3.20.tar.gz /openconnect-3.99.tar.gz /openconnect-3.99-26-gb40dcae.tar.gz +/openconnect-3.99-33-g2d08bf0.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 1443114..db53f40 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -8,14 +8,14 @@ Name: openconnect Version: 3.99 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html # git reset --hard b40dcae ; make tmp-dist -Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}-26-gb40dcae.tar.gz +Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}-33-g2d08bf0.tar.gz Source1: library15.c Source2: libopenconnect15.map BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -54,7 +54,7 @@ NetworkManager clients which have not yet been rebuilt to use the new version of the library. %prep -%setup -q -n openconnect-3.99-26-gb40dcae +%setup -q -n openconnect-3.99-33-g2d08bf0 %if %{build_compat_lib} cp %{SOURCE1} . cp %{SOURCE2} libopenconnect15.map.in @@ -129,6 +129,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Mon Jun 18 2012 David Woodhouse - 3.99-6 +- Fix crash on cleanup when no client certificate is set (#833141) + * Sat Jun 16 2012 David Woodhouse - 3.99-5 - Enable building compatibility libopenconnect.so.1 diff --git a/sources b/sources index 007ed63..d4f2d10 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -88b8fe7f32f2164c938a20e1a7765c26 openconnect-3.99-26-gb40dcae.tar.gz +a68cc9bff35a103ca84acb941fea6d9b openconnect-3.99-33-g2d08bf0.tar.gz From 2c7eec624c6df324fd9c31c54dcb32cd1c21c475 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 20 Jun 2012 00:31:39 +0100 Subject: [PATCH 064/184] add OpenSSL encrypted PEM file support --- .gitignore | 1 + openconnect.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index eb7f8fc..6fa04f3 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ openconnect-2.25.tar.gz /openconnect-3.99.tar.gz /openconnect-3.99-26-gb40dcae.tar.gz /openconnect-3.99-33-g2d08bf0.tar.gz +/openconnect-3.99-36-gb0f2edb.tar.gz diff --git a/openconnect.spec b/openconnect.spec index db53f40..e5dbeb4 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -8,14 +8,14 @@ Name: openconnect Version: 3.99 -Release: 6%{?dist} +Release: 7%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html # git reset --hard b40dcae ; make tmp-dist -Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}-33-g2d08bf0.tar.gz +Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}-36-gb0f2edb.tar.gz Source1: library15.c Source2: libopenconnect15.map BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -54,7 +54,7 @@ NetworkManager clients which have not yet been rebuilt to use the new version of the library. %prep -%setup -q -n openconnect-3.99-33-g2d08bf0 +%setup -q -n openconnect-3.99-36-gb0f2edb %if %{build_compat_lib} cp %{SOURCE1} . cp %{SOURCE2} libopenconnect15.map.in @@ -129,6 +129,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Jun 20 2012 David Woodhouse - 3.99-7 +- Add OpenSSL encrypted PEM file support for GnuTLS + * Mon Jun 18 2012 David Woodhouse - 3.99-6 - Fix crash on cleanup when no client certificate is set (#833141) diff --git a/sources b/sources index d4f2d10..db15416 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a68cc9bff35a103ca84acb941fea6d9b openconnect-3.99-33-g2d08bf0.tar.gz +581e6845f6e875601fb249b5878bd51f openconnect-3.99-36-gb0f2edb.tar.gz From ed1e584ea04ea91d82520d0b12119eabc4e67fa5 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 20 Jun 2012 13:15:59 +0100 Subject: [PATCH 065/184] Support RHEL builds --- openconnect.spec | 48 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 33 insertions(+), 15 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index e5dbeb4..9f32ffd 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,14 +1,21 @@ # For Fedora 17 and below, for now, build a compat libopenconnect.so.1 with OpenSSL so # that the upgrade path is easier. -%if 0%fedora < 18 -%define build_compat_lib 1 +%define build_compat_lib 0%{?fedora} && 0%{?fedora} < 18 + +# RHEL6 still has GnuTLS which is even more ancient than Fedora's! +%define use_gnutls 0%{?fedora} + +# RHEL5 has no libproxy, and no %make_install macro +%if 0%{?rhel} && 0%{?rhel} <= 5 +%define use_libproxy 0 +%define make_install %{__make} install DESTDIR=%{?buildroot} %else -%define build_compat_lib 0 +%define use_libproxy 1 %endif Name: openconnect Version: 3.99 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -21,11 +28,18 @@ Source2: libopenconnect15.map BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel -BuildRequires: libproxy-devel python gettext gnutls-devel >= 2.12.14-3 -BuildRequires: autoconf automake libtool trousers-devel +BuildRequires: autoconf automake libtool trousers-devel python gettext Requires: vpnc-script Requires: openssl >= 0.9.8k-4 +%if %use_gnutls +# We need the fix for https://bugzilla.redhat.com/show_bug.cgi?id=826293 +BuildRequires: gnutls-devel >= 2.12.14-3 Requires: gnutls >= 2.12.14-3 +%endif +%if %{use_libproxy} +BuildRequires: libproxy-devel +%endif + # Older versions of NetworkManager-openconnect won't find openconnect in /usr/sbin Conflicts: NetworkManager-openconnect < 0.9.0-3 @@ -64,10 +78,10 @@ touch version.c %endif %build -%global _configure ../configure %if %{build_compat_lib} mkdir compat cd compat +%global _configure ../configure %configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} # Hack: Build with library15.c instead of library.c and use the old version # script and soname. @@ -80,14 +94,17 @@ sed -e 's/library\./library15./g' \ # Do not let it rebuild the symbol map that we provided cp %{SOURCE2} . -make -f Makefile.lib15 libopenconnect.la - +make -f Makefile.lib15 libopenconnect.la V=1 cd .. +%global _configure ./configure +%endif # {build_compat_lib} + +%configure --with-vpnc-script=/etc/vpnc/vpnc-script \ +%if %{use_gnutls} + --with-gnutls \ %endif -mkdir gnutls -cd gnutls -%configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} --with-gnutls -make %{?_smp_mflags} + --htmldir=%{_docdir}/%{name}-%{version} +make %{?_smp_mflags} V=1 %install @@ -97,10 +114,8 @@ mkdir -p $RPM_BUILD_ROOT/%{_libdir} install -m0755 compat/.libs/libopenconnect.so.1.5.0 ${RPM_BUILD_ROOT}/%{_libdir} ln -sf libopenconnect.so.1.5.0 ${RPM_BUILD_ROOT}/%{_libdir}/libopenconnect.so.1 %endif -cd gnutls %make_install rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la -cd .. %find_lang %{name} %clean @@ -129,6 +144,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Jun 20 2012 David Woodhouse - 3.99-8 +- Add support for building on RHEL[56] + * Wed Jun 20 2012 David Woodhouse - 3.99-7 - Add OpenSSL encrypted PEM file support for GnuTLS From 9950d33a6f1eea156d9692095784641488bc8d09 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 20 Jun 2012 20:04:38 +0100 Subject: [PATCH 066/184] 4.00 --- .gitignore | 1 + openconnect.spec | 11 +++++++---- sources | 2 +- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 6fa04f3..3b816ac 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ openconnect-2.25.tar.gz /openconnect-3.99-26-gb40dcae.tar.gz /openconnect-3.99-33-g2d08bf0.tar.gz /openconnect-3.99-36-gb0f2edb.tar.gz +/openconnect-4.00.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 9f32ffd..6e587ed 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -14,15 +14,15 @@ %endif Name: openconnect -Version: 3.99 -Release: 8%{?dist} +Version: 4.00 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html # git reset --hard b40dcae ; make tmp-dist -Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}-36-gb0f2edb.tar.gz +Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz Source1: library15.c Source2: libopenconnect15.map BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -68,7 +68,7 @@ NetworkManager clients which have not yet been rebuilt to use the new version of the library. %prep -%setup -q -n openconnect-3.99-36-gb0f2edb +%setup -q %if %{build_compat_lib} cp %{SOURCE1} . cp %{SOURCE2} libopenconnect15.map.in @@ -144,6 +144,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Jun 20 2012 David Woodhouse - 4.00-1 +- Update to 4.00 release + * Wed Jun 20 2012 David Woodhouse - 3.99-8 - Add support for building on RHEL[56] diff --git a/sources b/sources index db15416..43d9336 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -581e6845f6e875601fb249b5878bd51f openconnect-3.99-36-gb0f2edb.tar.gz +86120e286033c40bfca5b902f40b181d openconnect-4.00.tar.gz From e8dd41e44b9574d20ba1273d53345953347d8e99 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 21 Jun 2012 13:30:13 +0100 Subject: [PATCH 067/184] Fix RHEL dependencies --- openconnect.spec | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index 6e587ed..6271a4c 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -15,13 +15,12 @@ Name: openconnect Version: 4.00 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html -# git reset --hard b40dcae ; make tmp-dist Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz Source1: library15.c Source2: libopenconnect15.map @@ -29,10 +28,16 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel BuildRequires: autoconf automake libtool trousers-devel python gettext +%if 0%{?fedora} Requires: vpnc-script -Requires: openssl >= 0.9.8k-4 +# Older versions in F16 won't find openconnect in /usr/sbin: +Conflicts: NetworkManager-openconnect < 0.9.0-3 +%else +Requires: vpnc +%endif + %if %use_gnutls -# We need the fix for https://bugzilla.redhat.com/show_bug.cgi?id=826293 +# For F16, we need the fix for https://bugzilla.redhat.com/show_bug.cgi?id=826293 BuildRequires: gnutls-devel >= 2.12.14-3 Requires: gnutls >= 2.12.14-3 %endif @@ -40,8 +45,6 @@ Requires: gnutls >= 2.12.14-3 BuildRequires: libproxy-devel %endif -# Older versions of NetworkManager-openconnect won't find openconnect in /usr/sbin -Conflicts: NetworkManager-openconnect < 0.9.0-3 %description This package provides a client for Cisco's "AnyConnect" VPN, which uses @@ -144,6 +147,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jun 21 2012 David Woodhouse - 4.00-2 +- Fix dependencies for RHEL[56] + * Wed Jun 20 2012 David Woodhouse - 4.00-1 - Update to 4.00 release From d76bcbf287b6e79e2c2baf937fa3bc1a289ce8c3 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 21 Jun 2012 13:49:29 +0100 Subject: [PATCH 068/184] Remove unused patch --- ...library-still-referencing-OpenSSL-ER.patch | 95 ------------------- 1 file changed, 95 deletions(-) delete mode 100644 0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch diff --git a/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch b/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch deleted file mode 100644 index 159724e..0000000 --- a/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 5bb9d1becd94b7c1d3fa2261efc4df9c354fb062 Mon Sep 17 00:00:00 2001 -From: David Woodhouse -Date: Thu, 14 Jun 2012 00:55:54 +0100 -Subject: [PATCH] Fix GnuTLS 2.12 library still referencing OpenSSL - ERR_print_errors_cb() - -Signed-off-by: David Woodhouse ---- - configure.ac | 2 ++ - libopenconnect.map.in | 2 +- - openconnect-internal.h | 5 ++--- - ssl.c | 8 +------- - 4 files changed, 6 insertions(+), 11 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 4cb33b1..9feef4d 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -316,6 +316,7 @@ case "$ssl_library" in - AC_SUBST(SSL_LIBRARY, [openssl]) - AC_SUBST(SSL_LIBS, ['$(OPENSSL_LIBS)']) - AC_SUBST(SSL_CFLAGS, ['$(OPENSSL_CFLAGS)']) -+ AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"]) - ;; - both) - # GnuTLS for TCP, OpenSSL for DTLS -@@ -326,6 +327,7 @@ case "$ssl_library" in - AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)']) - AC_SUBST(DTLS_SSL_LIBS, ['$(OPENSSL_LIBS)']) - AC_SUBST(DTLS_SSL_CFLAGS, ['$(OPENSSL_CFLAGS)']) -+ AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"]) - ;; - *) - AC_MSG_ERROR([Neither OpenSSL nor GnuTLS selected for SSL.]) -diff --git a/libopenconnect.map.in b/libopenconnect.map.in -index b6dc842..9e3a47a 100644 ---- a/libopenconnect.map.in -+++ b/libopenconnect.map.in -@@ -31,7 +31,7 @@ OPENCONNECT_2.0 { - }; - - OPENCONNECT_PRIVATE { -- global: @SYMVER_TIME@ @SYMVER_ASPRINTF@ @SYMVER_GETLINE@ -+ global: @SYMVER_TIME@ @SYMVER_ASPRINTF@ @SYMVER_GETLINE@ @SYMVER_PRINT_ERR@ - openconnect_SSL_gets; - openconnect_close_https; - openconnect_open_https; -diff --git a/openconnect-internal.h b/openconnect-internal.h -index 37c6400..d67e601 100644 ---- a/openconnect-internal.h -+++ b/openconnect-internal.h -@@ -337,9 +337,8 @@ int request_passphrase(struct openconnect_info *vpninfo, const char *label, - char **response, const char *fmt, ...); - int __attribute__ ((format (printf, 2, 3))) - openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...); --#if defined(OPENCONNECT_OPENSSL) || defined (DTLS_OPENSSL) --void openconnect_report_ssl_errors(struct openconnect_info *vpninfo); --#endif -+int openconnect_print_err_cb(const char *str, size_t len, void *ptr); -+#define openconnect_report_ssl_errors(v) ERR_print_errors_cb(openconnect_print_err_cb, (v)) - - /* ${SSL_LIBRARY}.c */ - int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len); -diff --git a/ssl.c b/ssl.c -index de16ec4..2303b6f 100644 ---- a/ssl.c -+++ b/ssl.c -@@ -357,17 +357,11 @@ int openconnect_passphrase_from_fsid(struct openconnect_info *vpninfo) - #if defined(OPENCONNECT_OPENSSL) || defined (DTLS_OPENSSL) - /* We put this here rather than in openssl.c because it might be needed - for OpenSSL DTLS support even when GnuTLS is being used for HTTPS */ --#include --static int print_err(const char *str, size_t len, void *ptr) -+int openconnect_print_err_cb(const char *str, size_t len, void *ptr) - { - struct openconnect_info *vpninfo = ptr; - - vpn_progress(vpninfo, PRG_ERR, "%s", str); - return 0; - } -- --void openconnect_report_ssl_errors(struct openconnect_info *vpninfo) --{ -- ERR_print_errors_cb(print_err, vpninfo); --} - #endif ---- a/version.c 2012-06-14 00:54:19.105737751 +0100 -+++ b/version.c 2012-06-14 10:36:03.368397305 +0100 -@@ -1 +1 @@ --const char *openconnect_version_str = "v3.99"; -+const char *openconnect_version_str = "v3.99-1-gbca3b64"; - --- -1.7.10.2 - From 44d3dc28e6cb0f9c3b6413d8c6cc0016fd401161 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 21 Jun 2012 17:08:55 +0100 Subject: [PATCH 069/184] Fix lack of zlib.pc and auto-pkgconfig deps on EL5 --- ...ib-in-pkgconfig-if-it-was-found-with.patch | 58 +++++++++++++++++++ openconnect.spec | 8 ++- 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 0001-Don-t-require-zlib-in-pkgconfig-if-it-was-found-with.patch diff --git a/0001-Don-t-require-zlib-in-pkgconfig-if-it-was-found-with.patch b/0001-Don-t-require-zlib-in-pkgconfig-if-it-was-found-with.patch new file mode 100644 index 0000000..82163e1 --- /dev/null +++ b/0001-Don-t-require-zlib-in-pkgconfig-if-it-was-found-with.patch @@ -0,0 +1,58 @@ +From 644b8aa5f6235ee57a8a91a1db5a02174f57445c Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Thu, 21 Jun 2012 17:04:23 +0100 +Subject: [PATCH] Don't require zlib in pkgconfig if it was found without it + +Signed-off-by: David Woodhouse +--- + configure.ac | 2 +- + openconnect.pc.in | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 8216fe0..2ff8a54 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -359,7 +359,7 @@ AM_CONDITIONAL(HAVE_SYMBOL_VERSIONING, [test "${symvers}" != "no"]) + + PKG_CHECK_MODULES(LIBXML2, libxml-2.0) + +-PKG_CHECK_MODULES(ZLIB, zlib, [], ++PKG_CHECK_MODULES(ZLIB, zlib, [AC_SUBST(ZLIB_PC, [zlib])], + [oldLIBS="$LIBS" + LIBS="$LIBS -lz" + AC_MSG_CHECKING([for zlib without pkg-config]) +diff --git a/openconnect.pc.in b/openconnect.pc.in +index 23b818f..012431f 100644 +--- a/openconnect.pc.in ++++ b/openconnect.pc.in +@@ -7,7 +7,7 @@ includedir=@includedir@ + Name: openconnect + Description: OpenConnect VPN client + Version: @VERSION@ +-Requires.private: @LIBPROXY_PC@ zlib @SSL_LIBRARY@ @P11KIT_PC@ libxml-2.0 ++Requires.private: @LIBPROXY_PC@ @ZLIB_PC@ @SSL_LIBRARY@ @P11KIT_PC@ libxml-2.0 + Libs: -L${libdir} -lopenconnect + Libs.private: @LIBINTL@ + Cflags: -I${includedir} +-- +1.7.10.2 + +--- ./configure.400 2012-06-21 17:05:58.065101753 +0100 ++++ ./configure 2012-06-21 17:06:06.903976972 +0100 +@@ -623,6 +623,7 @@ PYTHON + LIBPROXY_PC + LIBPROXY_LIBS + LIBPROXY_CFLAGS ++ZLIB_PC + ZLIB_LIBS + ZLIB_CFLAGS + LIBXML2_LIBS +@@ -12702,6 +12703,7 @@ else + ZLIB_LIBS=$pkg_cv_ZLIB_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } ++ ZLIB_PC=zlib + + fi + diff --git a/openconnect.spec b/openconnect.spec index 6271a4c..719b65d 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -15,7 +15,7 @@ Name: openconnect Version: 4.00 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -24,6 +24,7 @@ URL: http://www.infradead.org/openconnect.html Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz Source1: library15.c Source2: libopenconnect15.map +Patch1: 0001-Don-t-require-zlib-in-pkgconfig-if-it-was-found-with.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel @@ -54,6 +55,7 @@ HTTPS and DTLS protocols. Summary: Development package for OpenConnect VPN authentication tools Group: Applications/Internet Requires: %{name} = %{version}-%{release} +Requires: openssl-devel zlib-devel %description devel This package provides the core HTTP and authentication support from @@ -72,6 +74,7 @@ of the library. %prep %setup -q +%patch1 -p1 %if %{build_compat_lib} cp %{SOURCE1} . cp %{SOURCE2} libopenconnect15.map.in @@ -147,6 +150,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jun 21 2012 David Woodhouse - 4.00-3 +- Remove zlib from openconnect.pc dependencies + * Thu Jun 21 2012 David Woodhouse - 4.00-2 - Fix dependencies for RHEL[56] From 0aaee52238b23e826fa67a5d2a9badd418ec1a1b Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 21 Jun 2012 17:41:59 +0100 Subject: [PATCH 070/184] Don't touch configure.ac or it'll get rebuilt --- ...ire-zlib-in-pkgconfig-if-it-was-found-with.patch | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/0001-Don-t-require-zlib-in-pkgconfig-if-it-was-found-with.patch b/0001-Don-t-require-zlib-in-pkgconfig-if-it-was-found-with.patch index 82163e1..bc65be2 100644 --- a/0001-Don-t-require-zlib-in-pkgconfig-if-it-was-found-with.patch +++ b/0001-Don-t-require-zlib-in-pkgconfig-if-it-was-found-with.patch @@ -11,19 +11,6 @@ Signed-off-by: David Woodhouse diff --git a/configure.ac b/configure.ac index 8216fe0..2ff8a54 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -359,7 +359,7 @@ AM_CONDITIONAL(HAVE_SYMBOL_VERSIONING, [test "${symvers}" != "no"]) - - PKG_CHECK_MODULES(LIBXML2, libxml-2.0) - --PKG_CHECK_MODULES(ZLIB, zlib, [], -+PKG_CHECK_MODULES(ZLIB, zlib, [AC_SUBST(ZLIB_PC, [zlib])], - [oldLIBS="$LIBS" - LIBS="$LIBS -lz" - AC_MSG_CHECKING([for zlib without pkg-config]) -diff --git a/openconnect.pc.in b/openconnect.pc.in -index 23b818f..012431f 100644 --- a/openconnect.pc.in +++ b/openconnect.pc.in @@ -7,7 +7,7 @@ includedir=@includedir@ From a9896262ebdb4208525c582d1d30b5022fbae1a5 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 28 Jun 2012 13:48:02 +0100 Subject: [PATCH 071/184] 4.01 --- openconnect.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index 6271a4c..db3f00c 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -14,8 +14,8 @@ %endif Name: openconnect -Version: 4.00 -Release: 2%{?dist} +Version: 4.01 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -147,6 +147,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jun 27 2012 David Woodhouse - 4.01-1 +- Update to 4.01 release + * Thu Jun 21 2012 David Woodhouse - 4.00-2 - Fix dependencies for RHEL[56] From 3aff832ccf1acf58f3606a97856e30582966d1b1 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 28 Jun 2012 13:53:23 +0100 Subject: [PATCH 072/184] Missing updates --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 3b816ac..3b12f4d 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ openconnect-2.25.tar.gz /openconnect-3.99-33-g2d08bf0.tar.gz /openconnect-3.99-36-gb0f2edb.tar.gz /openconnect-4.00.tar.gz +/openconnect-4.01.tar.gz diff --git a/sources b/sources index 43d9336..56af222 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -86120e286033c40bfca5b902f40b181d openconnect-4.00.tar.gz +b618de1753aac927dc704dd79d05bf6c openconnect-4.01.tar.gz From b5ce81c4c664bb6d270b9ccf2c0a61ca6da71095 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 28 Jun 2012 15:55:22 +0100 Subject: [PATCH 073/184] 4.02 --- .gitignore | 1 + openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 3b12f4d..a5f49a5 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ openconnect-2.25.tar.gz /openconnect-3.99-36-gb0f2edb.tar.gz /openconnect-4.00.tar.gz /openconnect-4.01.tar.gz +/openconnect-4.02.tar.gz diff --git a/openconnect.spec b/openconnect.spec index db3f00c..f8fd6d8 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -14,7 +14,7 @@ %endif Name: openconnect -Version: 4.01 +Version: 4.02 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -147,6 +147,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jun 27 2012 David Woodhouse - 4.02-1 +- Update to 4.02 release + * Thu Jun 27 2012 David Woodhouse - 4.01-1 - Update to 4.01 release diff --git a/sources b/sources index 56af222..1be9c93 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -b618de1753aac927dc704dd79d05bf6c openconnect-4.01.tar.gz +3743cbf10dbcfd0d28ba270528a2eef2 openconnect-4.02.tar.gz From 249674dae92581253b95dded5926c38b29b17bef Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 2 Jul 2012 11:37:59 +0100 Subject: [PATCH 074/184] 4.03 --- .gitignore | 1 + openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index a5f49a5..eede068 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,4 @@ openconnect-2.25.tar.gz /openconnect-4.00.tar.gz /openconnect-4.01.tar.gz /openconnect-4.02.tar.gz +/openconnect-4.03.tar.gz diff --git a/openconnect.spec b/openconnect.spec index f8fd6d8..14be205 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -14,7 +14,7 @@ %endif Name: openconnect -Version: 4.02 +Version: 4.03 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -147,6 +147,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Mon Jul 02 2012 David Woodhouse - 4.03-1 +- Update to 4.03 release (#836558) + * Thu Jun 27 2012 David Woodhouse - 4.02-1 - Update to 4.02 release diff --git a/sources b/sources index 1be9c93..4cdfe11 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -3743cbf10dbcfd0d28ba270528a2eef2 openconnect-4.02.tar.gz +c9281aaaad2a28429fe73e71f92a2a24 openconnect-4.03.tar.gz From 34daa0e6ddc28b1d1e76c6aee3efef10a9937838 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 3 Jul 2012 14:08:36 +0100 Subject: [PATCH 075/184] RHEL7 should build with GnuTLS --- openconnect.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 6e41977..f3aaedf 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -3,7 +3,7 @@ %define build_compat_lib 0%{?fedora} && 0%{?fedora} < 18 # RHEL6 still has GnuTLS which is even more ancient than Fedora's! -%define use_gnutls 0%{?fedora} +%define use_gnutls 0%{?fedora} || 0%{?rhel} >= 7 # RHEL5 has no libproxy, and no %make_install macro %if 0%{?rhel} && 0%{?rhel} <= 5 From 47f29e9d33746833212efd55e0b6d1f139c0749b Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 5 Jul 2012 11:18:23 +0100 Subject: [PATCH 076/184] 4.04 --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index f3aaedf..ce1870b 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -14,7 +14,7 @@ %endif Name: openconnect -Version: 4.03 +Version: 4.04 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -149,6 +149,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jul 05 2012 David Woodhouse - 4.04-1 +- Update to 4.04 release (Fix PKCS#8 password handling) + * Mon Jul 02 2012 David Woodhouse - 4.03-1 - Update to 4.03 release (#836558) From 886d79d2528723a5e6aebdb700db8208d1374fd6 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 5 Jul 2012 11:18:23 +0100 Subject: [PATCH 077/184] Updated files. Doh. --- .gitignore | 1 + sources | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index eede068..5808b77 100644 --- a/.gitignore +++ b/.gitignore @@ -22,3 +22,4 @@ openconnect-2.25.tar.gz /openconnect-4.01.tar.gz /openconnect-4.02.tar.gz /openconnect-4.03.tar.gz +/openconnect-4.04.tar.gz diff --git a/sources b/sources index 4cdfe11..1ba1fd1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -c9281aaaad2a28429fe73e71f92a2a24 openconnect-4.03.tar.gz +aa245be3874e9c99b88fb56f7562ced2 openconnect-4.04.tar.gz From 1a7164348199da87330f7277f42488063dfbabf6 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 12 Jul 2012 15:02:11 +0100 Subject: [PATCH 078/184] 4.05 --- .gitignore | 1 + openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 5808b77..3022a00 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,4 @@ openconnect-2.25.tar.gz /openconnect-4.02.tar.gz /openconnect-4.03.tar.gz /openconnect-4.04.tar.gz +/openconnect-4.05.tar.gz diff --git a/openconnect.spec b/openconnect.spec index ce1870b..25b3a33 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -14,7 +14,7 @@ %endif Name: openconnect -Version: 4.04 +Version: 4.05 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -149,6 +149,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jul 12 2012 David Woodhouse - 4.05-1 +- Update to 4.05 release (PKCS#11 fixes) + * Thu Jul 05 2012 David Woodhouse - 4.04-1 - Update to 4.04 release (Fix PKCS#8 password handling) diff --git a/sources b/sources index 1ba1fd1..a9d1327 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -aa245be3874e9c99b88fb56f7562ced2 openconnect-4.04.tar.gz +5daa8ccdcaf4ecc93e54b8ec6febee6e openconnect-4.05.tar.gz From 4711f34f95ca72102043d114c835839df51fb9a5 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Fri, 20 Jul 2012 01:46:56 -0500 Subject: [PATCH 079/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 25b3a33..a7f4795 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -15,7 +15,7 @@ Name: openconnect Version: 4.05 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -149,6 +149,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Jul 20 2012 Fedora Release Engineering - 4.05-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + * Thu Jul 12 2012 David Woodhouse - 4.05-1 - Update to 4.05 release (PKCS#11 fixes) From 57600ff305d8cbe2d5f96fb95361e9dc0fb9d02c Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 23 Jul 2012 14:31:06 +0100 Subject: [PATCH 080/184] 4.06 --- .gitignore | 1 + openconnect.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 3022a00..5bb0ed7 100644 --- a/.gitignore +++ b/.gitignore @@ -24,3 +24,4 @@ openconnect-2.25.tar.gz /openconnect-4.03.tar.gz /openconnect-4.04.tar.gz /openconnect-4.05.tar.gz +/openconnect-4.06.tar.gz diff --git a/openconnect.spec b/openconnect.spec index a7f4795..a3223d4 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -14,8 +14,8 @@ %endif Name: openconnect -Version: 4.05 -Release: 2%{?dist} +Version: 4.06 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -149,6 +149,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Mon Jul 23 2012 David Woodhouse - 4.06-1 +- Update to 4.06 release + * Fri Jul 20 2012 Fedora Release Engineering - 4.05-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild diff --git a/sources b/sources index a9d1327..8bd8096 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5daa8ccdcaf4ecc93e54b8ec6febee6e openconnect-4.05.tar.gz +e827c9d08bd4d6983e3cbd0c9c19b978 openconnect-4.06.tar.gz From b06712f8354946227848f81aac13243aec48e5fc Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 31 Aug 2012 13:41:14 +0100 Subject: [PATCH 081/184] 4.07 --- .gitignore | 1 + openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 5bb0ed7..20235cc 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ openconnect-2.25.tar.gz /openconnect-4.04.tar.gz /openconnect-4.05.tar.gz /openconnect-4.06.tar.gz +/openconnect-4.07.tar.gz diff --git a/openconnect.spec b/openconnect.spec index a3223d4..d8b474d 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -14,7 +14,7 @@ %endif Name: openconnect -Version: 4.06 +Version: 4.07 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -149,6 +149,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Aug 31 2012 David Woodhouse - 4.07-1 +- Update to 4.07 release (Fix #845636 CSTP write stall handling) + * Mon Jul 23 2012 David Woodhouse - 4.06-1 - Update to 4.06 release diff --git a/sources b/sources index 8bd8096..4c8b504 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -e827c9d08bd4d6983e3cbd0c9c19b978 openconnect-4.06.tar.gz +61f26e7936d8b26c0f7e8119b7ef84b2 openconnect-4.07.tar.gz From 1ed848e690a72c3c58ecd3ff2435b163054d4bff Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 31 Aug 2012 16:30:17 +0100 Subject: [PATCH 082/184] Obsolete openconnect-lib-compat --- openconnect.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index d8b474d..d515865 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -15,7 +15,7 @@ Name: openconnect Version: 4.07 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -29,6 +29,9 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel BuildRequires: autoconf automake libtool trousers-devel python gettext %if 0%{?fedora} +%if !(%{build_compat_lib}) +Obsoletes: openconnect-lib-compat < %{version}-%{release} +%endif Requires: vpnc-script # Older versions in F16 won't find openconnect in /usr/sbin: Conflicts: NetworkManager-openconnect < 0.9.0-3 @@ -149,6 +152,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Aug 31 2012 David Woodhouse - 4.07-2 +- Obsolete openconnect-lib-compat (#842840) + * Fri Aug 31 2012 David Woodhouse - 4.07-1 - Update to 4.07 release (Fix #845636 CSTP write stall handling) From f58bc9ac791802e5991a7e3caf45be0225be5a55 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 7 Feb 2013 01:33:52 +0000 Subject: [PATCH 083/184] 4.99 --- .gitignore | 1 + openconnect.spec | 9 +++++++-- sources | 2 +- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 20235cc..8d4c2c3 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ openconnect-2.25.tar.gz /openconnect-4.05.tar.gz /openconnect-4.06.tar.gz /openconnect-4.07.tar.gz +/openconnect-4.99.tar.gz diff --git a/openconnect.spec b/openconnect.spec index d515865..336f625 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -14,8 +14,8 @@ %endif Name: openconnect -Version: 4.07 -Release: 2%{?dist} +Version: 4.99 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -58,7 +58,9 @@ Summary: Development package for OpenConnect VPN authentication tools Group: Applications/Internet Requires: %{name} = %{version}-%{release} # RHEL5 needs these spelled out because it doesn't automatically infer from pkgconfig +%if 0%{?rhel} && 0%{?rhel} <= 5 Requires: openssl-devel zlib-devel +%endif %description devel This package provides the core HTTP and authentication support from @@ -152,6 +154,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Feb 08 2013 David Woodhouse - 4.99-1 +- Update to 4.99 release + * Fri Aug 31 2012 David Woodhouse - 4.07-2 - Obsolete openconnect-lib-compat (#842840) diff --git a/sources b/sources index 4c8b504..5799a78 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -61f26e7936d8b26c0f7e8119b7ef84b2 openconnect-4.07.tar.gz +ebd780dfbee3f7a48e0f1bdfe1f5b846 openconnect-4.99.tar.gz From 17d752761cb1d8313e8efe27d7fa71e576ee8a4d Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 15 May 2013 21:36:27 +0100 Subject: [PATCH 084/184] 5.00, and fix some bogus dates --- .gitignore | 1 + openconnect.spec | 17 ++++++++++------- sources | 2 +- 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 8d4c2c3..7f6485a 100644 --- a/.gitignore +++ b/.gitignore @@ -27,3 +27,4 @@ openconnect-2.25.tar.gz /openconnect-4.06.tar.gz /openconnect-4.07.tar.gz /openconnect-4.99.tar.gz +/openconnect-5.00.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 336f625..80b93f7 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -14,7 +14,7 @@ %endif Name: openconnect -Version: 4.99 +Version: 5.00 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -110,8 +110,8 @@ cd .. %endif # {build_compat_lib} %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ -%if %{use_gnutls} - --with-gnutls \ +%if !%{use_gnutls} + --with-openssl \ %endif --htmldir=%{_docdir}/%{name}-%{version} make %{?_smp_mflags} V=1 @@ -154,7 +154,10 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog -* Thu Feb 08 2013 David Woodhouse - 4.99-1 +* Wed May 15 2013 David Woodhouse - 5.00-1 +- Update to 5.00 release + +* Thu Feb 07 2013 David Woodhouse - 4.99-1 - Update to 4.99 release * Fri Aug 31 2012 David Woodhouse - 4.07-2 @@ -178,10 +181,10 @@ rm -rf $RPM_BUILD_ROOT * Mon Jul 02 2012 David Woodhouse - 4.03-1 - Update to 4.03 release (#836558) -* Thu Jun 27 2012 David Woodhouse - 4.02-1 +* Thu Jun 28 2012 David Woodhouse - 4.02-1 - Update to 4.02 release -* Thu Jun 27 2012 David Woodhouse - 4.01-1 +* Thu Jun 28 2012 David Woodhouse - 4.01-1 - Update to 4.01 release * Thu Jun 21 2012 David Woodhouse - 4.00-3 @@ -368,7 +371,7 @@ rm -rf $RPM_BUILD_ROOT * Thu Oct 09 2008 David Woodhouse - 0.94-3 - Include COPYING.LGPL file -* Mon Oct 07 2008 David Woodhouse - 0.94-2 +* Tue Oct 07 2008 David Woodhouse - 0.94-2 - Fix auth-dialog crash * Mon Oct 06 2008 David Woodhouse - 0.94-1 diff --git a/sources b/sources index 5799a78..033d0b5 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ebd780dfbee3f7a48e0f1bdfe1f5b846 openconnect-4.99.tar.gz +b3677a4b15f8c530615f4c42dadce275 openconnect-5.00.tar.gz From c314f3a08ed8b846d617bde075ba5bb316b3c359 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 1 Jun 2013 21:49:30 +0100 Subject: [PATCH 085/184] 5.01 --- .gitignore | 1 + openconnect.spec | 11 +++++++---- sources | 2 +- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 7f6485a..e3707c5 100644 --- a/.gitignore +++ b/.gitignore @@ -28,3 +28,4 @@ openconnect-2.25.tar.gz /openconnect-4.07.tar.gz /openconnect-4.99.tar.gz /openconnect-5.00.tar.gz +/openconnect-5.01.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 80b93f7..8d1e93b 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -14,7 +14,7 @@ %endif Name: openconnect -Version: 5.00 +Version: 5.01 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -92,12 +92,12 @@ touch version.c mkdir compat cd compat %global _configure ../configure -%configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} +%configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} --without-gnutls --without-openssl-version-check # Hack: Build with library15.c instead of library.c and use the old version # script and soname. sed -e 's/library\./library15./g' \ -e 's/libopenconnect.map/libopenconnect15.map/g' \ - -e 's/-version-number 2:0/-version-number 1:5/g' \ + -e 's/\$(LT_VER_ARG) 2:./-version-number 1:5/g' \ Makefile > Makefile.lib15 # We configure with --disable-dependency-tracking so we do not need this: # cp .deps/libopenconnect_la-library.Plo .deps/libopenconnect_la-library2.Plo @@ -111,7 +111,7 @@ cd .. %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ %if !%{use_gnutls} - --with-openssl \ + --with-openssl --without-openssl-version-check \ %endif --htmldir=%{_docdir}/%{name}-%{version} make %{?_smp_mflags} V=1 @@ -154,6 +154,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat Jun 01 2013 David Woodhouse - 5.01-1 +- Update to 5.01 release (#955710, #964329, #964650) + * Wed May 15 2013 David Woodhouse - 5.00-1 - Update to 5.00 release diff --git a/sources b/sources index 033d0b5..9ff163d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -b3677a4b15f8c530615f4c42dadce275 openconnect-5.00.tar.gz +40b059f0fe955cd4f41d7abb97d84ce8 openconnect-5.01.tar.gz From 37fc338ff929606aef661c3722ef08c7727b319c Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 6 Jun 2013 00:17:09 +0100 Subject: [PATCH 086/184] Add token support --- openconnect.spec | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 8d1e93b..605a044 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -9,13 +9,15 @@ %if 0%{?rhel} && 0%{?rhel} <= 5 %define use_libproxy 0 %define make_install %{__make} install DESTDIR=%{?buildroot} +%define use_tokens 0 %else %define use_libproxy 1 +%define use_tokens 1 %endif Name: openconnect Version: 5.01 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -28,6 +30,9 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel BuildRequires: autoconf automake libtool trousers-devel python gettext +%if %{use_tokens} +BuildRequires: pkgconfig(liboath) pkgconfig(stoken) +%endif %if 0%{?fedora} %if !(%{build_compat_lib}) Obsoletes: openconnect-lib-compat < %{version}-%{release} @@ -154,6 +159,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jun 06 2013 David Woodhouse - 5.01-2 +- Build with stoken and OATH support. + * Sat Jun 01 2013 David Woodhouse - 5.01-1 - Update to 5.01 release (#955710, #964329, #964650) From 706d07f655be2936ec304352da13142438ce44e7 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 7 Jun 2013 16:34:32 +0100 Subject: [PATCH 087/184] spec cleanups --- openconnect.spec | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index 605a044..2e0c735 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -28,40 +28,35 @@ Source1: library15.c Source2: libopenconnect15.map BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel -BuildRequires: autoconf automake libtool trousers-devel python gettext -%if %{use_tokens} -BuildRequires: pkgconfig(liboath) pkgconfig(stoken) -%endif +BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) +BuildRequires: autoconf automake libtool python gettext %if 0%{?fedora} %if !(%{build_compat_lib}) -Obsoletes: openconnect-lib-compat < %{version}-%{release} +Obsoletes: openconnect-lib-compat%{?_isa} < %{version}-%{release} %endif Requires: vpnc-script -# Older versions in F16 won't find openconnect in /usr/sbin: -Conflicts: NetworkManager-openconnect < 0.9.0-3 %else Requires: vpnc %endif -%if %use_gnutls -# For F16, we need the fix for https://bugzilla.redhat.com/show_bug.cgi?id=826293 -BuildRequires: gnutls-devel >= 2.12.14-3 -Requires: gnutls >= 2.12.14-3 +%if %{use_gnutls} +BuildRequires: pkgconfig(gnutls) trousers-devel %endif %if %{use_libproxy} -BuildRequires: libproxy-devel +BuildRequires: pkgconfig(libproxy-1.0) +%endif +%if %{use_tokens} +BuildRequires: pkgconfig(liboath) pkgconfig(stoken) %endif - %description -This package provides a client for Cisco's "AnyConnect" VPN, which uses -HTTPS and DTLS protocols. +This package provides a client for the Cisco AnyConnect VPN protocol, which +is based on HTTPS and DTLS. %package devel Summary: Development package for OpenConnect VPN authentication tools Group: Applications/Internet -Requires: %{name} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} # RHEL5 needs these spelled out because it doesn't automatically infer from pkgconfig %if 0%{?rhel} && 0%{?rhel} <= 5 Requires: openssl-devel zlib-devel @@ -75,7 +70,7 @@ for NetworkManager etc. %package lib-compat Summary: Compatibility library for OpenConnect authentication clients Group: Applications/Internet -Requires: %{name} = %{version}-%{release} +Requires: %{name}%{?_isa} = %{version}-%{release} %description lib-compat This package provides a backward-compatible library for use by GNOME and KDE From f994ba0f70994b482977ae38fb1ea62d0cbe8251 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sat, 3 Aug 2013 10:33:07 -0500 Subject: [PATCH 088/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 2e0c735..7597c84 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -17,7 +17,7 @@ Name: openconnect Version: 5.01 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -154,6 +154,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat Aug 03 2013 Fedora Release Engineering - 5.01-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + * Thu Jun 06 2013 David Woodhouse - 5.01-2 - Build with stoken and OATH support. From bfddaebd807f949201ce72c956d7d4fb8c3d2a15 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Sat, 17 Aug 2013 18:10:54 +0100 Subject: [PATCH 089/184] Fix install of docs --- openconnect.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index 7597c84..dbe9029 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -17,7 +17,7 @@ Name: openconnect Version: 5.01 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -113,7 +113,7 @@ cd .. %if !%{use_gnutls} --with-openssl --without-openssl-version-check \ %endif - --htmldir=%{_docdir}/%{name}-%{version} + --htmldir=%{_docdir}/%{name} make %{?_smp_mflags} V=1 @@ -154,6 +154,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat Aug 17 2013 Peter Robinson 5.01-4 +- Fix install of docs + * Sat Aug 03 2013 Fedora Release Engineering - 5.01-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild From 53dde6b7de652a881df55edb4f068bff743a6c99 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 2 Jan 2014 00:02:14 +0000 Subject: [PATCH 090/184] OpenConnect 5.02 --- .gitignore | 1 + openconnect.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index e3707c5..767ab95 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,4 @@ openconnect-2.25.tar.gz /openconnect-4.99.tar.gz /openconnect-5.00.tar.gz /openconnect-5.01.tar.gz +/openconnect-5.02.tar.gz diff --git a/openconnect.spec b/openconnect.spec index dbe9029..a310ff5 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -16,8 +16,8 @@ %endif Name: openconnect -Version: 5.01 -Release: 4%{?dist} +Version: 5.02 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -154,6 +154,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Jan 01 2014 David Woodhouse - 5.02-1 +- Update to 5.02 release (#981911, #991653, #1031886) + * Sat Aug 17 2013 Peter Robinson 5.01-4 - Fix install of docs diff --git a/sources b/sources index 9ff163d..4e5ce1f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -40b059f0fe955cd4f41d7abb97d84ce8 openconnect-5.01.tar.gz +8af1306ac4af7b85b6c08a1a4d216014 openconnect-5.02.tar.gz From f2707c622b5cf91957136ffbecec18f4671ce3b8 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 5 Mar 2014 11:43:55 +0000 Subject: [PATCH 091/184] Remove 1.5 compat library hack --- openconnect.spec | 58 +----------------------------------------------- 1 file changed, 1 insertion(+), 57 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index a310ff5..e284dff 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,8 +1,4 @@ -# For Fedora 17 and below, for now, build a compat libopenconnect.so.1 with OpenSSL so -# that the upgrade path is easier. -%define build_compat_lib 0%{?fedora} && 0%{?fedora} < 18 - -# RHEL6 still has GnuTLS which is even more ancient than Fedora's! +# RHEL6 still has ancient GnuTLS %define use_gnutls 0%{?fedora} || 0%{?rhel} >= 7 # RHEL5 has no libproxy, and no %make_install macro @@ -24,16 +20,12 @@ Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz -Source1: library15.c -Source2: libopenconnect15.map BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) BuildRequires: autoconf automake libtool python gettext %if 0%{?fedora} -%if !(%{build_compat_lib}) Obsoletes: openconnect-lib-compat%{?_isa} < %{version}-%{release} -%endif Requires: vpnc-script %else Requires: vpnc @@ -67,48 +59,10 @@ This package provides the core HTTP and authentication support from the OpenConnect VPN client, to be used by GUI authentication dialogs for NetworkManager etc. -%package lib-compat -Summary: Compatibility library for OpenConnect authentication clients -Group: Applications/Internet -Requires: %{name}%{?_isa} = %{version}-%{release} - -%description lib-compat -This package provides a backward-compatible library for use by GNOME and KDE -NetworkManager clients which have not yet been rebuilt to use the new version -of the library. - %prep %setup -q -%if %{build_compat_lib} -cp %{SOURCE1} . -cp %{SOURCE2} libopenconnect15.map.in -# In Fedora 16 we fixed the gnutls_record_get_direction() bug without upgrading -sed 's/2\.12\.16/2.12.14/' -i configure -touch version.c -%endif %build -%if %{build_compat_lib} -mkdir compat -cd compat -%global _configure ../configure -%configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} --without-gnutls --without-openssl-version-check -# Hack: Build with library15.c instead of library.c and use the old version -# script and soname. -sed -e 's/library\./library15./g' \ - -e 's/libopenconnect.map/libopenconnect15.map/g' \ - -e 's/\$(LT_VER_ARG) 2:./-version-number 1:5/g' \ - Makefile > Makefile.lib15 -# We configure with --disable-dependency-tracking so we do not need this: -# cp .deps/libopenconnect_la-library.Plo .deps/libopenconnect_la-library2.Plo - -# Do not let it rebuild the symbol map that we provided -cp %{SOURCE2} . -make -f Makefile.lib15 libopenconnect.la V=1 -cd .. -%global _configure ./configure -%endif # {build_compat_lib} - %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ %if !%{use_gnutls} --with-openssl --without-openssl-version-check \ @@ -119,11 +73,6 @@ make %{?_smp_mflags} V=1 %install rm -rf $RPM_BUILD_ROOT -%if %{build_compat_lib} -mkdir -p $RPM_BUILD_ROOT/%{_libdir} -install -m0755 compat/.libs/libopenconnect.so.1.5.0 ${RPM_BUILD_ROOT}/%{_libdir} -ln -sf libopenconnect.so.1.5.0 ${RPM_BUILD_ROOT}/%{_libdir}/libopenconnect.so.1 -%endif %make_install rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la %find_lang %{name} @@ -142,11 +91,6 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/* %doc TODO COPYING.LGPL -%if %{build_compat_lib} -%files lib-compat -%{_libdir}/libopenconnect.so.1* -%endif - %files devel %defattr(-,root,root,-) %{_libdir}/libopenconnect.so From 4f19c2a08b7c6d92ccb460f48063c52f577fdea7 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 5 Mar 2014 11:47:41 +0000 Subject: [PATCH 092/184] Update to 5.99 --- .gitignore | 1 + openconnect.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 767ab95..d4e4e35 100644 --- a/.gitignore +++ b/.gitignore @@ -30,3 +30,4 @@ openconnect-2.25.tar.gz /openconnect-5.00.tar.gz /openconnect-5.01.tar.gz /openconnect-5.02.tar.gz +/openconnect-5.99.tar.gz diff --git a/openconnect.spec b/openconnect.spec index e284dff..053f266 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -12,7 +12,7 @@ %endif Name: openconnect -Version: 5.02 +Version: 5.99 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -86,7 +86,7 @@ rm -rf $RPM_BUILD_ROOT %files -f %{name}.lang %defattr(-,root,root,-) -%{_libdir}/libopenconnect.so.2* +%{_libdir}/libopenconnect.so.3* %{_sbindir}/openconnect %{_mandir}/man8/* %doc TODO COPYING.LGPL @@ -98,6 +98,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Mar 05 2014 David Woodhouse - 5.99-1 +- Update to 5.99 release + * Wed Jan 01 2014 David Woodhouse - 5.02-1 - Update to 5.02 release (#981911, #991653, #1031886) diff --git a/sources b/sources index 4e5ce1f..a438980 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8af1306ac4af7b85b6c08a1a4d216014 openconnect-5.02.tar.gz +9131734de36f28860889ac063b519372 openconnect-5.99.tar.gz From 4ccb45218d339ec19cd55bd79d0591842e5b8d27 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Sat, 7 Jun 2014 11:32:09 -0500 Subject: [PATCH 093/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 053f266..f9e0a46 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -13,7 +13,7 @@ Name: openconnect Version: 5.99 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -98,6 +98,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat Jun 07 2014 Fedora Release Engineering - 5.99-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + * Wed Mar 05 2014 David Woodhouse - 5.99-1 - Update to 5.99 release From 2304dd1018986f7538d9d7e0184df102a5afcc93 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 8 Jul 2014 16:29:26 +0100 Subject: [PATCH 094/184] 6.00 --- .gitignore | 1 + openconnect.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index d4e4e35..6876cca 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,4 @@ openconnect-2.25.tar.gz /openconnect-5.01.tar.gz /openconnect-5.02.tar.gz /openconnect-5.99.tar.gz +/openconnect-6.00.tar.gz diff --git a/openconnect.spec b/openconnect.spec index f9e0a46..0985b08 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -12,8 +12,8 @@ %endif Name: openconnect -Version: 5.99 -Release: 2%{?dist} +Version: 6.00 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -98,6 +98,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Tue Jul 08 2014 David Woodhouse - 6.00-1 +- Update to 6.00 release + * Sat Jun 07 2014 Fedora Release Engineering - 5.99-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild diff --git a/sources b/sources index a438980..fb40e2c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -9131734de36f28860889ac063b519372 openconnect-5.99.tar.gz +7e28e23c6e281be31446e6c365f5d273 openconnect-6.00.tar.gz From 08484099635d94d9bbbc2e9a5188116d82258d03 Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Sun, 17 Aug 2014 13:47:37 +0000 Subject: [PATCH 095/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 0985b08..41edef9 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -13,7 +13,7 @@ Name: openconnect Version: 6.00 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -98,6 +98,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sun Aug 17 2014 Fedora Release Engineering - 6.00-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + * Tue Jul 08 2014 David Woodhouse - 6.00-1 - Update to 6.00 release From 9d791afb641da2809453c8a12885f05ab5f82193 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 21 Aug 2014 08:50:43 +0200 Subject: [PATCH 096/184] vpnc-script exists in epel7 --- openconnect.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 41edef9..0168239 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -24,7 +24,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) BuildRequires: autoconf automake libtool python gettext -%if 0%{?fedora} +%if 0%{?fedora} || 0%{?rhel} >= 7 Obsoletes: openconnect-lib-compat%{?_isa} < %{version}-%{release} Requires: vpnc-script %else From c5d7567d217152c9cc6dec759afdcd4edd6ca6c8 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Tue, 23 Sep 2014 16:52:50 +0200 Subject: [PATCH 097/184] When compiling with old gnutls version completely disable ECDHE instead of disabling the curves. Conflicts: openconnect.spec --- openconnect-6.00-no-ecdhe.patch | 21 +++++++++++++++++++++ openconnect.spec | 7 +++++++ 2 files changed, 28 insertions(+) create mode 100644 openconnect-6.00-no-ecdhe.patch diff --git a/openconnect-6.00-no-ecdhe.patch b/openconnect-6.00-no-ecdhe.patch new file mode 100644 index 0000000..aeb75e1 --- /dev/null +++ b/openconnect-6.00-no-ecdhe.patch @@ -0,0 +1,21 @@ +diff --git a/gnutls.c b/gnutls.c +index 13fb36c..1c1921f 100644 +--- a/gnutls.c ++++ b/gnutls.c +@@ -1854,7 +1854,7 @@ static int verify_peer(gnutls_session_t session) + # define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \ + "%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION" + # if GNUTLS_VERSION_MAJOR >= 3 +-# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL" ++# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA" + #else + # define DEFAULT_PRIO _DEFAULT_PRIO + # endif +@@ -1983,7 +1983,6 @@ int openconnect_open_https(struct openconnect_info *vpninfo) + } else { + prio = DEFAULT_PRIO; + } +- + err = gnutls_priority_set_direct(vpninfo->https_sess, + prio, NULL); + if (err) { diff --git a/openconnect.spec b/openconnect.spec index 0168239..2125d3c 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -20,6 +20,7 @@ Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz +Patch0: openconnect-6.00-no-ecdhe.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) @@ -62,6 +63,8 @@ for NetworkManager etc. %prep %setup -q +%patch0 -p1 -b .no-ecdhe + %build %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ %if !%{use_gnutls} @@ -98,6 +101,10 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Tue Sep 16 2014 Nikos Mavrogiannopoulos - 6.00-2 +- When compiling with old gnutls version completely disable ECDHE instead + of disabling the curves. + * Sun Aug 17 2014 Fedora Release Engineering - 6.00-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild From 186eca2a3b489494bda11d78a6a1bafa874f9969 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 27 Nov 2014 16:24:55 +0000 Subject: [PATCH 098/184] Update to 7.00 Signed-off-by: David Woodhouse --- .gitignore | 2 ++ openconnect.spec | 11 +++++++---- sources | 3 ++- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 6876cca..79971b8 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,5 @@ openconnect-2.25.tar.gz /openconnect-5.02.tar.gz /openconnect-5.99.tar.gz /openconnect-6.00.tar.gz +/openconnect-7.00.tar.gz +/openconnect-7.00.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index 2125d3c..f70a981 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -12,8 +12,8 @@ %endif Name: openconnect -Version: 6.00 -Release: 2%{?dist} +Version: 7.00 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -33,7 +33,7 @@ Requires: vpnc %endif %if %{use_gnutls} -BuildRequires: pkgconfig(gnutls) trousers-devel +BuildRequires: pkgconfig(gnutls) trousers-devel pkgconfig(libpcsclite) %endif %if %{use_libproxy} BuildRequires: pkgconfig(libproxy-1.0) @@ -89,7 +89,7 @@ rm -rf $RPM_BUILD_ROOT %files -f %{name}.lang %defattr(-,root,root,-) -%{_libdir}/libopenconnect.so.3* +%{_libdir}/libopenconnect.so.5* %{_sbindir}/openconnect %{_mandir}/man8/* %doc TODO COPYING.LGPL @@ -101,6 +101,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Nov 27 2014 David Woodhouse - 7.00-1 +- Update to 7.00 release + * Tue Sep 16 2014 Nikos Mavrogiannopoulos - 6.00-2 - When compiling with old gnutls version completely disable ECDHE instead of disabling the curves. diff --git a/sources b/sources index fb40e2c..a6a9d14 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -7e28e23c6e281be31446e6c365f5d273 openconnect-6.00.tar.gz +208b03fb66cd8e26633a19b9e12f35af openconnect-7.00.tar.gz +7eb9fa8c15d4d11b2b4814ed13579f61 openconnect-7.00.tar.gz.asc From 9d8e88fc422b23817037b190d4745867517ad166 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 27 Nov 2014 16:41:48 +0000 Subject: [PATCH 099/184] Add upstreamed version of no-curve patch --- ...ith-old-gnutls-version-completely-di.patch | 32 +++++++++++++++++++ openconnect-6.00-no-ecdhe.patch | 21 ------------ openconnect.spec | 7 ++-- 3 files changed, 37 insertions(+), 23 deletions(-) create mode 100644 0001-When-compiling-with-old-gnutls-version-completely-di.patch delete mode 100644 openconnect-6.00-no-ecdhe.patch diff --git a/0001-When-compiling-with-old-gnutls-version-completely-di.patch b/0001-When-compiling-with-old-gnutls-version-completely-di.patch new file mode 100644 index 0000000..e5d7a12 --- /dev/null +++ b/0001-When-compiling-with-old-gnutls-version-completely-di.patch @@ -0,0 +1,32 @@ +From eb34177f1db31df3276b3d5ae1207390b1bb1edf Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Thu, 27 Nov 2014 16:24:08 +0000 +Subject: [PATCH] When compiling with old gnutls version completely disable + ECDHE instead of disabling the curves + +Signed-off-by: David Woodhouse +--- + gnutls.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/gnutls.c b/gnutls.c +index e4fcfb7..feb1b27 100644 +--- a/gnutls.c ++++ b/gnutls.c +@@ -1971,7 +1971,7 @@ static int verify_peer(gnutls_session_t session) + # define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \ + "%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION" + # if GNUTLS_VERSION_MAJOR >= 3 +-# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL" ++# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA" + #else + # define DEFAULT_PRIO _DEFAULT_PRIO + # endif +-- +2.1.0 + +--- ./version.c.orig 2014-11-27 16:39:58.924714506 +0000 ++++ ./version.c 2014-11-27 16:40:00.648735281 +0000 +@@ -1 +1 @@ +-const char *openconnect_version_str = "v7.00"; ++const char *openconnect_version_str = "v7.00-1-geb34177"; diff --git a/openconnect-6.00-no-ecdhe.patch b/openconnect-6.00-no-ecdhe.patch deleted file mode 100644 index aeb75e1..0000000 --- a/openconnect-6.00-no-ecdhe.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff --git a/gnutls.c b/gnutls.c -index 13fb36c..1c1921f 100644 ---- a/gnutls.c -+++ b/gnutls.c -@@ -1854,7 +1854,7 @@ static int verify_peer(gnutls_session_t session) - # define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \ - "%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION" - # if GNUTLS_VERSION_MAJOR >= 3 --# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL" -+# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA" - #else - # define DEFAULT_PRIO _DEFAULT_PRIO - # endif -@@ -1983,7 +1983,6 @@ int openconnect_open_https(struct openconnect_info *vpninfo) - } else { - prio = DEFAULT_PRIO; - } -- - err = gnutls_priority_set_direct(vpninfo->https_sess, - prio, NULL); - if (err) { diff --git a/openconnect.spec b/openconnect.spec index f70a981..e4e7ccb 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -13,14 +13,14 @@ Name: openconnect Version: 7.00 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz -Patch0: openconnect-6.00-no-ecdhe.patch +Patch0: 0001-When-compiling-with-old-gnutls-version-completely-di.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) @@ -101,6 +101,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Nov 27 2014 David Woodhouse - 7.00-2 +- Add upstreamed version of Nikos' curve patch with version.c fixed + * Thu Nov 27 2014 David Woodhouse - 7.00-1 - Update to 7.00 release From f8c6dfc73851209ea969737fc38e9185034d58df Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sun, 7 Dec 2014 21:19:26 +0000 Subject: [PATCH 100/184] 7.01 --- .gitignore | 1 + openconnect.spec | 10 +++++----- sources | 3 +-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.gitignore b/.gitignore index 79971b8..65117d5 100644 --- a/.gitignore +++ b/.gitignore @@ -34,3 +34,4 @@ openconnect-2.25.tar.gz /openconnect-6.00.tar.gz /openconnect-7.00.tar.gz /openconnect-7.00.tar.gz.asc +/openconnect-7.01.tar.gz diff --git a/openconnect.spec b/openconnect.spec index e4e7ccb..d1289f6 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -12,15 +12,14 @@ %endif Name: openconnect -Version: 7.00 -Release: 2%{?dist} +Version: 7.01 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz -Patch0: 0001-When-compiling-with-old-gnutls-version-completely-di.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) @@ -63,8 +62,6 @@ for NetworkManager etc. %prep %setup -q -%patch0 -p1 -b .no-ecdhe - %build %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ %if !%{use_gnutls} @@ -101,6 +98,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sun Dec 07 2014 David Woodhouse - 7.01-1 +- Update to 7.01 release + * Thu Nov 27 2014 David Woodhouse - 7.00-2 - Add upstreamed version of Nikos' curve patch with version.c fixed diff --git a/sources b/sources index a6a9d14..5795a61 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -208b03fb66cd8e26633a19b9e12f35af openconnect-7.00.tar.gz -7eb9fa8c15d4d11b2b4814ed13579f61 openconnect-7.00.tar.gz.asc +a73cffae0d1ae83790385f3081948413 openconnect-7.01.tar.gz From 0550148e2924e459b88aa3ec176979a897e6fcb6 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 8 Dec 2014 15:09:07 +0000 Subject: [PATCH 101/184] Remove old patch --- ...ith-old-gnutls-version-completely-di.patch | 32 ------------------- 1 file changed, 32 deletions(-) delete mode 100644 0001-When-compiling-with-old-gnutls-version-completely-di.patch diff --git a/0001-When-compiling-with-old-gnutls-version-completely-di.patch b/0001-When-compiling-with-old-gnutls-version-completely-di.patch deleted file mode 100644 index e5d7a12..0000000 --- a/0001-When-compiling-with-old-gnutls-version-completely-di.patch +++ /dev/null @@ -1,32 +0,0 @@ -From eb34177f1db31df3276b3d5ae1207390b1bb1edf Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Thu, 27 Nov 2014 16:24:08 +0000 -Subject: [PATCH] When compiling with old gnutls version completely disable - ECDHE instead of disabling the curves - -Signed-off-by: David Woodhouse ---- - gnutls.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/gnutls.c b/gnutls.c -index e4fcfb7..feb1b27 100644 ---- a/gnutls.c -+++ b/gnutls.c -@@ -1971,7 +1971,7 @@ static int verify_peer(gnutls_session_t session) - # define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \ - "%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION" - # if GNUTLS_VERSION_MAJOR >= 3 --# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL" -+# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA" - #else - # define DEFAULT_PRIO _DEFAULT_PRIO - # endif --- -2.1.0 - ---- ./version.c.orig 2014-11-27 16:39:58.924714506 +0000 -+++ ./version.c 2014-11-27 16:40:00.648735281 +0000 -@@ -1 +1 @@ --const char *openconnect_version_str = "v7.00"; -+const char *openconnect_version_str = "v7.00-1-geb34177"; From 11b486693c877d4853749cce002c00910f68e37d Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 19 Dec 2014 11:13:09 +0000 Subject: [PATCH 102/184] 7.02 --- .gitignore | 1 + openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 65117d5..071757f 100644 --- a/.gitignore +++ b/.gitignore @@ -35,3 +35,4 @@ openconnect-2.25.tar.gz /openconnect-7.00.tar.gz /openconnect-7.00.tar.gz.asc /openconnect-7.01.tar.gz +/openconnect-7.02.tar.gz diff --git a/openconnect.spec b/openconnect.spec index d1289f6..6f86981 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -12,7 +12,7 @@ %endif Name: openconnect -Version: 7.01 +Version: 7.02 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -98,6 +98,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Dec 19 2014 David Woodhouse - 7.02-1 +- Update to 7.02 release (#1175951) + * Sun Dec 07 2014 David Woodhouse - 7.01-1 - Update to 7.01 release diff --git a/sources b/sources index 5795a61..2e570ff 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -a73cffae0d1ae83790385f3081948413 openconnect-7.01.tar.gz +d2498cfa1020be4665a7317dc1bf04b0 openconnect-7.02.tar.gz From 96c728bc499524019c6c65ad6a5fcc30db00686c Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 9 Jan 2015 14:04:57 +0000 Subject: [PATCH 103/184] 7.03 --- .gitignore | 1 + openconnect.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 071757f..b709add 100644 --- a/.gitignore +++ b/.gitignore @@ -36,3 +36,4 @@ openconnect-2.25.tar.gz /openconnect-7.00.tar.gz.asc /openconnect-7.01.tar.gz /openconnect-7.02.tar.gz +/openconnect-7.03.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 6f86981..86e2e98 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -12,8 +12,8 @@ %endif Name: openconnect -Version: 7.02 -Release: 1%{?dist} +Version: 7.03 +Release: 1 Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -98,6 +98,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Jan 09 2015 David Woodhouse - 7.03-1 +- Update to 7.03 release (#1179681) + * Fri Dec 19 2014 David Woodhouse - 7.02-1 - Update to 7.02 release (#1175951) diff --git a/sources b/sources index 2e570ff..be12c64 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d2498cfa1020be4665a7317dc1bf04b0 openconnect-7.02.tar.gz +83f6a359906d49473f591ba613ca3fe5 openconnect-7.03.tar.gz From 4c1409aff3429c7f631e63081c225ea1340fce73 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 9 Jan 2015 14:20:26 +0000 Subject: [PATCH 104/184] Oops, add %{?dist} back --- openconnect.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 86e2e98..4ec99cb 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -13,7 +13,7 @@ Name: openconnect Version: 7.03 -Release: 1 +Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet From 7bfd81cfc98d00b62302b2f158fe4db6beaeaba2 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sun, 25 Jan 2015 23:31:00 +0000 Subject: [PATCH 105/184] 7.04 Signed-off-by: David Woodhouse --- .gitignore | 1 + openconnect.spec | 7 +++++-- sources | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index b709add..8589d00 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,4 @@ openconnect-2.25.tar.gz /openconnect-7.01.tar.gz /openconnect-7.02.tar.gz /openconnect-7.03.tar.gz +/openconnect-7.04.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 4ec99cb..3a835aa 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -12,7 +12,7 @@ %endif Name: openconnect -Version: 7.03 +Version: 7.04 Release: 1%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -23,7 +23,7 @@ Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) -BuildRequires: autoconf automake libtool python gettext +BuildRequires: autoconf automake libtool python gettext pkgconfig(liblz4) %if 0%{?fedora} || 0%{?rhel} >= 7 Obsoletes: openconnect-lib-compat%{?_isa} < %{version}-%{release} Requires: vpnc-script @@ -98,6 +98,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sun Jan 25 2015 David Woodhouse - 7.04-1 +- Update to 7.04 release + * Fri Jan 09 2015 David Woodhouse - 7.03-1 - Update to 7.03 release (#1179681) diff --git a/sources b/sources index be12c64..d0b5191 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -83f6a359906d49473f591ba613ca3fe5 openconnect-7.03.tar.gz +828fe81388b7ea1155419b8be64a350f openconnect-7.04.tar.gz From adf4428dce716736e47b26d8c4a9070f288a5089 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 2 Mar 2015 16:10:30 +0000 Subject: [PATCH 106/184] Make it easier to build git snapshot packages (for testing) --- openconnect.spec | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index 3a835aa..330c44e 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,3 +1,11 @@ +#% define gitcount 211 +#% define gitrev 584c84f + +%if 0%{?gitcount} > 0 +%define gitsuffix -%{gitcount}-g%{gitrev} +%define relsuffix .git%{gitcount}_%{gitrev} +%endif + # RHEL6 still has ancient GnuTLS %define use_gnutls 0%{?fedora} || 0%{?rhel} >= 7 @@ -13,13 +21,13 @@ Name: openconnect Version: 7.04 -Release: 1%{?dist} +Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html -Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz +Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-7.04%{?gitsuffix}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) @@ -60,7 +68,7 @@ the OpenConnect VPN client, to be used by GUI authentication dialogs for NetworkManager etc. %prep -%setup -q +%setup -q -n openconnect-7.04%{?gitsuffix} %build %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ From cffc934a66e8f5e32ffc0790657febc2189e83ca Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 10 Mar 2015 21:26:33 +0000 Subject: [PATCH 107/184] 7.05 Signed-off-by: David Woodhouse --- .gitignore | 1 + openconnect.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 8589d00..9b9c49e 100644 --- a/.gitignore +++ b/.gitignore @@ -38,3 +38,4 @@ openconnect-2.25.tar.gz /openconnect-7.02.tar.gz /openconnect-7.03.tar.gz /openconnect-7.04.tar.gz +/openconnect-7.05.tar.gz diff --git a/openconnect.spec b/openconnect.spec index 330c44e..eb1b2f9 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -20,7 +20,7 @@ %endif Name: openconnect -Version: 7.04 +Version: 7.05 Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -106,6 +106,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sun Jan 25 2015 David Woodhouse - 7.05-1 +- Update to 7.05 release + * Sun Jan 25 2015 David Woodhouse - 7.04-1 - Update to 7.04 release diff --git a/sources b/sources index d0b5191..812c787 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -828fe81388b7ea1155419b8be64a350f openconnect-7.04.tar.gz +10cd4f61e8a11cdf793da2b0fd7a6003 openconnect-7.05.tar.gz From f01a25faa62c9036daaba1d4d3595959b60368b8 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 10 Mar 2015 21:51:26 +0000 Subject: [PATCH 108/184] Fix version in source --- openconnect.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index eb1b2f9..4ad901a 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -27,7 +27,7 @@ Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html -Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-7.04%{?gitsuffix}.tar.gz +Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) @@ -68,7 +68,7 @@ the OpenConnect VPN client, to be used by GUI authentication dialogs for NetworkManager etc. %prep -%setup -q -n openconnect-7.04%{?gitsuffix} +%setup -q -n openconnect-%{version}%{?gitsuffix} %build %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ From 899aba1c02a5664550e669e6369d897829084d7a Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 11 Mar 2015 10:48:51 +0100 Subject: [PATCH 109/184] Enforce the system wide crypto policies Resolves: rhbz#1179331 --- ...nsure-dtls-ciphers-match-the-allowed.patch | 200 ++++++++++++++++++ ...ct-7.05-override-default-prio-string.patch | 64 ++++++ openconnect.spec | 13 +- 3 files changed, 276 insertions(+), 1 deletion(-) create mode 100644 openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch create mode 100644 openconnect-7.05-override-default-prio-string.patch diff --git a/openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch b/openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch new file mode 100644 index 0000000..b7d6088 --- /dev/null +++ b/openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch @@ -0,0 +1,200 @@ +From 4892c7a53bb0adec98c4540a0b127b209625f82a Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Wed, 4 Mar 2015 10:29:06 +0100 +Subject: [PATCH 2/2] when using gnutls enable only the DTLS ciphersuites that + were available during TLS + +Signed-off-by: Nikos Mavrogiannopoulos +--- + cstp.c | 3 ++ + dtls.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++---- + gnutls.c | 7 ++--- + openconnect-internal.h | 2 ++ + 4 files changed, 81 insertions(+), 10 deletions(-) + +diff --git a/cstp.c b/cstp.c +index d0d7eff..a06ca34 100644 +--- a/cstp.c ++++ b/cstp.c +@@ -202,6 +202,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) + vpninfo->ip_info.domain = vpninfo->ip_info.proxy_pac = NULL; + vpninfo->banner = NULL; + ++ if (!vpninfo->dtls_ciphers) ++ vpninfo->dtls_ciphers = dtls_ciphers_from_conn(vpninfo); ++ + for (i = 0; i < 3; i++) + vpninfo->ip_info.dns[i] = vpninfo->ip_info.nbns[i] = NULL; + free_split_routes(vpninfo); +diff --git a/dtls.c b/dtls.c +index abffbf1..6ac537d 100644 +--- a/dtls.c ++++ b/dtls.c +@@ -222,6 +222,11 @@ static SSL_SESSION *generate_dtls_session(struct openconnect_info *vpninfo, + } + #endif + ++char *dtls_ciphers_from_conn(struct openconnect_info *vpninfo) ++{ ++ return NULL; ++} ++ + static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd) + { + STACK_OF(SSL_CIPHER) *ciphers; +@@ -438,27 +443,89 @@ void dtls_shutdown(struct openconnect_info *vpninfo) + #include + #include "gnutls.h" + ++#define SSTR(x) x,sizeof(x) + struct { + const char *name; ++ unsigned name_len; + gnutls_protocol_t version; + gnutls_cipher_algorithm_t cipher; + gnutls_mac_algorithm_t mac; + const char *prio; ++ unsigned disabled; + } gnutls_dtls_ciphers[] = { +- { "AES128-SHA", GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, ++ { SSTR("AES128-SHA"), GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, + "NONE:+VERS-DTLS0.9:+COMP-NULL:+AES-128-CBC:+SHA1:+RSA:%COMPAT" }, +- { "AES256-SHA", GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1, ++ { SSTR("AES256-SHA"), GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1, + "NONE:+VERS-DTLS0.9:+COMP-NULL:+AES-256-CBC:+SHA1:+RSA:%COMPAT" }, +- { "DES-CBC3-SHA", GNUTLS_DTLS0_9, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1, ++ { SSTR("DES-CBC3-SHA"), GNUTLS_DTLS0_9, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1, + "NONE:+VERS-DTLS0.9:+COMP-NULL:+3DES-CBC:+SHA1:+RSA:%COMPAT" }, + #if GNUTLS_VERSION_NUMBER >= 0x030207 /* if DTLS 1.2 is supported (and a bug in gnutls is solved) */ +- { "OC-DTLS1_2-AES128-GCM", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD, ++ { SSTR("OC-DTLS1_2-AES128-GCM"), GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD, + "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-128-GCM:+AEAD:+RSA:%COMPAT:+SIGN-ALL" }, +- { "OC-DTLS1_2-AES256-GCM", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD, ++ { SSTR("OC-DTLS1_2-AES256-GCM"), GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD, + "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-256-GCM:+AEAD:+RSA:%COMPAT:+SIGN-ALL" }, + #endif + }; + ++char *dtls_ciphers_from_conn(struct openconnect_info *vpninfo) ++{ ++ /* only enable the ciphers that would have been negotiated in the TLS channel */ ++ unsigned i, j; ++ int ret; ++ unsigned idx; ++ gnutls_cipher_algorithm_t cipher; ++ gnutls_mac_algorithm_t mac; ++ struct oc_text_buf *buf; ++ gnutls_priority_t cache; ++ char *p; ++ ++ /* everything is disabled by default */ ++ for (i = 0; i < sizeof(gnutls_dtls_ciphers)/sizeof(gnutls_dtls_ciphers[0]); i++) { ++ gnutls_dtls_ciphers[i].disabled = 1; ++ } ++ ++ ret = gnutls_priority_init(&cache, vpninfo->gnutls_default_prio, NULL); ++ if (ret < 0) ++ return NULL; ++ ++ for (j=0;;j++) { ++ ret = gnutls_priority_get_cipher_suite_index(cache, j, &idx); ++ if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) ++ continue; ++ else if (ret < 0) ++ break; ++ ++ if (gnutls_cipher_suite_info(idx, NULL, NULL, &cipher, &mac, NULL) != NULL) { ++ for (i = 0; i < sizeof(gnutls_dtls_ciphers)/sizeof(gnutls_dtls_ciphers[0]); i++) { ++ if (gnutls_dtls_ciphers[i].mac == mac && gnutls_dtls_ciphers[i].cipher == cipher) { ++ gnutls_dtls_ciphers[i].disabled = 0; ++ break; ++ } ++ } ++ } ++ } ++ ++ buf = buf_alloc(); ++ ++ for (i = 0; i < sizeof(gnutls_dtls_ciphers)/sizeof(gnutls_dtls_ciphers[0]); i++) { ++ if (!gnutls_dtls_ciphers[i].disabled) { ++ if (buf->buf_len == 0) { ++ buf_append(buf, "%s", gnutls_dtls_ciphers[i].name); ++ } else { ++ buf_append(buf, ":%s", gnutls_dtls_ciphers[i].name); ++ } ++ } ++ } ++ ++ /* steal buffer */ ++ p = buf->data; ++ buf->data = NULL; ++ ++ buf_free(buf); ++ gnutls_priority_deinit(cache); ++ return p; ++} ++ + #define DTLS_SEND gnutls_record_send + #define DTLS_RECV gnutls_record_recv + #define DTLS_FREE gnutls_deinit +@@ -470,7 +537,7 @@ static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd) + int cipher; + + for (cipher = 0; cipher < sizeof(gnutls_dtls_ciphers)/sizeof(gnutls_dtls_ciphers[0]); cipher++) { +- if (!strcmp(vpninfo->dtls_cipher, gnutls_dtls_ciphers[cipher].name)) ++ if (!strcmp(vpninfo->dtls_cipher, gnutls_dtls_ciphers[cipher].name) && !gnutls_dtls_ciphers[cipher].disabled) + goto found_cipher; + } + vpn_progress(vpninfo, PRG_ERR, _("Unknown DTLS parameters for requested CipherSuite '%s'\n"), +diff --git a/gnutls.c b/gnutls.c +index 34119da..e121842 100644 +--- a/gnutls.c ++++ b/gnutls.c +@@ -2070,7 +2070,6 @@ int openconnect_open_https(struct openconnect_info *vpninfo) + { + int ssl_sock = -1; + int err; +- const char * prio; + + if (vpninfo->https_sess) + return 0; +@@ -2196,13 +2195,13 @@ int openconnect_open_https(struct openconnect_info *vpninfo) + strlen(vpninfo->hostname)); + + if (vpninfo->pfs) { +- prio = DEFAULT_PRIO":-RSA"; ++ vpninfo->gnutls_default_prio = DEFAULT_PRIO":-RSA"; + } else { +- prio = DEFAULT_PRIO; ++ vpninfo->gnutls_default_prio = DEFAULT_PRIO; + } + + err = gnutls_priority_set_direct(vpninfo->https_sess, +- prio, NULL); ++ vpninfo->gnutls_default_prio, NULL); + if (err) { + vpn_progress(vpninfo, PRG_ERR, + _("Failed to set TLS priority string: %s\n"), +diff --git a/openconnect-internal.h b/openconnect-internal.h +index 04cb226..7b7161c 100644 +--- a/openconnect-internal.h ++++ b/openconnect-internal.h +@@ -469,6 +469,7 @@ struct openconnect_info { + gnutls_session_t https_sess; + gnutls_certificate_credentials_t https_cred; + char local_cert_md5[MD5_SIZE * 2 + 1]; /* For CSD */ ++ const char *gnutls_default_prio; + #ifdef HAVE_TROUSERS + TSS_HCONTEXT tpm_context; + TSS_HKEY srk; +@@ -765,6 +766,7 @@ int dtls_setup(struct openconnect_info *vpninfo, int dtls_attempt_period); + int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout); + void dtls_close(struct openconnect_info *vpninfo); + void dtls_shutdown(struct openconnect_info *vpninfo); ++char *dtls_ciphers_from_conn(struct openconnect_info *vpninfo); + + /* cstp.c */ + void cstp_common_headers(struct openconnect_info *vpninfo, struct oc_text_buf *buf); +-- +2.1.0 + diff --git a/openconnect-7.05-override-default-prio-string.patch b/openconnect-7.05-override-default-prio-string.patch new file mode 100644 index 0000000..2e5c906 --- /dev/null +++ b/openconnect-7.05-override-default-prio-string.patch @@ -0,0 +1,64 @@ +From db955eceff87ecc7994348c952029ae012fc5b6a Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Tue, 3 Mar 2015 16:57:51 +0100 +Subject: [PATCH 1/2] Allow overriding the default GnuTLS priority string + +Signed-off-by: Nikos Mavrogiannopoulos +--- + configure.ac | 9 +++++++++ + gnutls.c | 18 ++++++++++-------- + 2 files changed, 19 insertions(+), 8 deletions(-) + +diff --git a/configure.ac b/configure.ac +index e5b5e80..ddb5c48 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -417,6 +417,15 @@ if test "$with_gnutls" = "yes"; then + LIBS="$oldlibs" + CFLAGS="$oldcflags" + fi ++ ++AC_ARG_WITH([default-gnutls-priority], ++ AS_HELP_STRING([--with-default-gnutls-priority=STRING], ++ [Provide a default string as GnuTLS priority string]), ++ default_gnutls_priority=$withval) ++if test -n "$default_gnutls_priority"; then ++ AC_DEFINE_UNQUOTED([DEFAULT_PRIO], ["$default_gnutls_priority"], [The GnuTLS priority string]) ++fi ++ + if test "$with_openssl" = "yes" || test "$with_openssl" = "" || test "$ssl_library" = "both"; then + PKG_CHECK_MODULES(OPENSSL, openssl, [], + [oldLIBS="$LIBS" +diff --git a/gnutls.c b/gnutls.c +index 3f79a22..34119da 100644 +--- a/gnutls.c ++++ b/gnutls.c +@@ -2052,15 +2052,17 @@ static int verify_peer(gnutls_session_t session) + * >= 3.2.9 as there the %COMPAT keyword ensures that the client hello + * will be outside that range. + */ +-#if GNUTLS_VERSION_NUMBER >= 0x030209 +-# define DEFAULT_PRIO "NORMAL:-VERS-SSL3.0:%COMPAT" +-#else +-# define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \ ++#ifndef DEFAULT_PRIO ++# if GNUTLS_VERSION_NUMBER >= 0x030209 ++# define DEFAULT_PRIO "NORMAL:-VERS-SSL3.0:%COMPAT" ++# else ++# define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \ + "%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION" +-# if GNUTLS_VERSION_MAJOR >= 3 +-# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA" +-#else +-# define DEFAULT_PRIO _DEFAULT_PRIO ++# if GNUTLS_VERSION_MAJOR >= 3 ++# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA" ++# else ++# define DEFAULT_PRIO _DEFAULT_PRIO ++# endif + # endif + #endif + +-- +2.1.0 + diff --git a/openconnect.spec b/openconnect.spec index 4ad901a..d422caf 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -21,13 +21,16 @@ Name: openconnect Version: 7.05 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz +Patch1: openconnect-7.05-override-default-prio-string.patch +Patch2: openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) @@ -70,8 +73,13 @@ for NetworkManager etc. %prep %setup -q -n openconnect-%{version}%{?gitsuffix} +%patch1 -p1 -b .prio +%patch2 -p1 -b .ciphers + %build +autoreconf -fvi %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ + --with-default-gnutls-priority="@SYSTEM" \ %if !%{use_gnutls} --with-openssl --without-openssl-version-check \ %endif @@ -106,6 +114,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Mar 11 2015 Nikos Mavrogiannopoulos - 7.05-2 +- Utilize and enforce system-wide policies (#1179331) + * Sun Jan 25 2015 David Woodhouse - 7.05-1 - Update to 7.05 release From a948c6a3eea1c04f42b3a457f69767be27f60f54 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 11 Mar 2015 10:48:51 +0100 Subject: [PATCH 110/184] Enforce the system wide crypto policies Resolves: rhbz#1179331 --- ...nsure-dtls-ciphers-match-the-allowed.patch | 200 ++++++++++++++++++ ...ct-7.05-override-default-prio-string.patch | 64 ++++++ openconnect.spec | 13 +- 3 files changed, 276 insertions(+), 1 deletion(-) create mode 100644 openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch create mode 100644 openconnect-7.05-override-default-prio-string.patch diff --git a/openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch b/openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch new file mode 100644 index 0000000..b7d6088 --- /dev/null +++ b/openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch @@ -0,0 +1,200 @@ +From 4892c7a53bb0adec98c4540a0b127b209625f82a Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Wed, 4 Mar 2015 10:29:06 +0100 +Subject: [PATCH 2/2] when using gnutls enable only the DTLS ciphersuites that + were available during TLS + +Signed-off-by: Nikos Mavrogiannopoulos +--- + cstp.c | 3 ++ + dtls.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++---- + gnutls.c | 7 ++--- + openconnect-internal.h | 2 ++ + 4 files changed, 81 insertions(+), 10 deletions(-) + +diff --git a/cstp.c b/cstp.c +index d0d7eff..a06ca34 100644 +--- a/cstp.c ++++ b/cstp.c +@@ -202,6 +202,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) + vpninfo->ip_info.domain = vpninfo->ip_info.proxy_pac = NULL; + vpninfo->banner = NULL; + ++ if (!vpninfo->dtls_ciphers) ++ vpninfo->dtls_ciphers = dtls_ciphers_from_conn(vpninfo); ++ + for (i = 0; i < 3; i++) + vpninfo->ip_info.dns[i] = vpninfo->ip_info.nbns[i] = NULL; + free_split_routes(vpninfo); +diff --git a/dtls.c b/dtls.c +index abffbf1..6ac537d 100644 +--- a/dtls.c ++++ b/dtls.c +@@ -222,6 +222,11 @@ static SSL_SESSION *generate_dtls_session(struct openconnect_info *vpninfo, + } + #endif + ++char *dtls_ciphers_from_conn(struct openconnect_info *vpninfo) ++{ ++ return NULL; ++} ++ + static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd) + { + STACK_OF(SSL_CIPHER) *ciphers; +@@ -438,27 +443,89 @@ void dtls_shutdown(struct openconnect_info *vpninfo) + #include + #include "gnutls.h" + ++#define SSTR(x) x,sizeof(x) + struct { + const char *name; ++ unsigned name_len; + gnutls_protocol_t version; + gnutls_cipher_algorithm_t cipher; + gnutls_mac_algorithm_t mac; + const char *prio; ++ unsigned disabled; + } gnutls_dtls_ciphers[] = { +- { "AES128-SHA", GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, ++ { SSTR("AES128-SHA"), GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, + "NONE:+VERS-DTLS0.9:+COMP-NULL:+AES-128-CBC:+SHA1:+RSA:%COMPAT" }, +- { "AES256-SHA", GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1, ++ { SSTR("AES256-SHA"), GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1, + "NONE:+VERS-DTLS0.9:+COMP-NULL:+AES-256-CBC:+SHA1:+RSA:%COMPAT" }, +- { "DES-CBC3-SHA", GNUTLS_DTLS0_9, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1, ++ { SSTR("DES-CBC3-SHA"), GNUTLS_DTLS0_9, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1, + "NONE:+VERS-DTLS0.9:+COMP-NULL:+3DES-CBC:+SHA1:+RSA:%COMPAT" }, + #if GNUTLS_VERSION_NUMBER >= 0x030207 /* if DTLS 1.2 is supported (and a bug in gnutls is solved) */ +- { "OC-DTLS1_2-AES128-GCM", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD, ++ { SSTR("OC-DTLS1_2-AES128-GCM"), GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD, + "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-128-GCM:+AEAD:+RSA:%COMPAT:+SIGN-ALL" }, +- { "OC-DTLS1_2-AES256-GCM", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD, ++ { SSTR("OC-DTLS1_2-AES256-GCM"), GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD, + "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-256-GCM:+AEAD:+RSA:%COMPAT:+SIGN-ALL" }, + #endif + }; + ++char *dtls_ciphers_from_conn(struct openconnect_info *vpninfo) ++{ ++ /* only enable the ciphers that would have been negotiated in the TLS channel */ ++ unsigned i, j; ++ int ret; ++ unsigned idx; ++ gnutls_cipher_algorithm_t cipher; ++ gnutls_mac_algorithm_t mac; ++ struct oc_text_buf *buf; ++ gnutls_priority_t cache; ++ char *p; ++ ++ /* everything is disabled by default */ ++ for (i = 0; i < sizeof(gnutls_dtls_ciphers)/sizeof(gnutls_dtls_ciphers[0]); i++) { ++ gnutls_dtls_ciphers[i].disabled = 1; ++ } ++ ++ ret = gnutls_priority_init(&cache, vpninfo->gnutls_default_prio, NULL); ++ if (ret < 0) ++ return NULL; ++ ++ for (j=0;;j++) { ++ ret = gnutls_priority_get_cipher_suite_index(cache, j, &idx); ++ if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) ++ continue; ++ else if (ret < 0) ++ break; ++ ++ if (gnutls_cipher_suite_info(idx, NULL, NULL, &cipher, &mac, NULL) != NULL) { ++ for (i = 0; i < sizeof(gnutls_dtls_ciphers)/sizeof(gnutls_dtls_ciphers[0]); i++) { ++ if (gnutls_dtls_ciphers[i].mac == mac && gnutls_dtls_ciphers[i].cipher == cipher) { ++ gnutls_dtls_ciphers[i].disabled = 0; ++ break; ++ } ++ } ++ } ++ } ++ ++ buf = buf_alloc(); ++ ++ for (i = 0; i < sizeof(gnutls_dtls_ciphers)/sizeof(gnutls_dtls_ciphers[0]); i++) { ++ if (!gnutls_dtls_ciphers[i].disabled) { ++ if (buf->buf_len == 0) { ++ buf_append(buf, "%s", gnutls_dtls_ciphers[i].name); ++ } else { ++ buf_append(buf, ":%s", gnutls_dtls_ciphers[i].name); ++ } ++ } ++ } ++ ++ /* steal buffer */ ++ p = buf->data; ++ buf->data = NULL; ++ ++ buf_free(buf); ++ gnutls_priority_deinit(cache); ++ return p; ++} ++ + #define DTLS_SEND gnutls_record_send + #define DTLS_RECV gnutls_record_recv + #define DTLS_FREE gnutls_deinit +@@ -470,7 +537,7 @@ static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd) + int cipher; + + for (cipher = 0; cipher < sizeof(gnutls_dtls_ciphers)/sizeof(gnutls_dtls_ciphers[0]); cipher++) { +- if (!strcmp(vpninfo->dtls_cipher, gnutls_dtls_ciphers[cipher].name)) ++ if (!strcmp(vpninfo->dtls_cipher, gnutls_dtls_ciphers[cipher].name) && !gnutls_dtls_ciphers[cipher].disabled) + goto found_cipher; + } + vpn_progress(vpninfo, PRG_ERR, _("Unknown DTLS parameters for requested CipherSuite '%s'\n"), +diff --git a/gnutls.c b/gnutls.c +index 34119da..e121842 100644 +--- a/gnutls.c ++++ b/gnutls.c +@@ -2070,7 +2070,6 @@ int openconnect_open_https(struct openconnect_info *vpninfo) + { + int ssl_sock = -1; + int err; +- const char * prio; + + if (vpninfo->https_sess) + return 0; +@@ -2196,13 +2195,13 @@ int openconnect_open_https(struct openconnect_info *vpninfo) + strlen(vpninfo->hostname)); + + if (vpninfo->pfs) { +- prio = DEFAULT_PRIO":-RSA"; ++ vpninfo->gnutls_default_prio = DEFAULT_PRIO":-RSA"; + } else { +- prio = DEFAULT_PRIO; ++ vpninfo->gnutls_default_prio = DEFAULT_PRIO; + } + + err = gnutls_priority_set_direct(vpninfo->https_sess, +- prio, NULL); ++ vpninfo->gnutls_default_prio, NULL); + if (err) { + vpn_progress(vpninfo, PRG_ERR, + _("Failed to set TLS priority string: %s\n"), +diff --git a/openconnect-internal.h b/openconnect-internal.h +index 04cb226..7b7161c 100644 +--- a/openconnect-internal.h ++++ b/openconnect-internal.h +@@ -469,6 +469,7 @@ struct openconnect_info { + gnutls_session_t https_sess; + gnutls_certificate_credentials_t https_cred; + char local_cert_md5[MD5_SIZE * 2 + 1]; /* For CSD */ ++ const char *gnutls_default_prio; + #ifdef HAVE_TROUSERS + TSS_HCONTEXT tpm_context; + TSS_HKEY srk; +@@ -765,6 +766,7 @@ int dtls_setup(struct openconnect_info *vpninfo, int dtls_attempt_period); + int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout); + void dtls_close(struct openconnect_info *vpninfo); + void dtls_shutdown(struct openconnect_info *vpninfo); ++char *dtls_ciphers_from_conn(struct openconnect_info *vpninfo); + + /* cstp.c */ + void cstp_common_headers(struct openconnect_info *vpninfo, struct oc_text_buf *buf); +-- +2.1.0 + diff --git a/openconnect-7.05-override-default-prio-string.patch b/openconnect-7.05-override-default-prio-string.patch new file mode 100644 index 0000000..2e5c906 --- /dev/null +++ b/openconnect-7.05-override-default-prio-string.patch @@ -0,0 +1,64 @@ +From db955eceff87ecc7994348c952029ae012fc5b6a Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Tue, 3 Mar 2015 16:57:51 +0100 +Subject: [PATCH 1/2] Allow overriding the default GnuTLS priority string + +Signed-off-by: Nikos Mavrogiannopoulos +--- + configure.ac | 9 +++++++++ + gnutls.c | 18 ++++++++++-------- + 2 files changed, 19 insertions(+), 8 deletions(-) + +diff --git a/configure.ac b/configure.ac +index e5b5e80..ddb5c48 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -417,6 +417,15 @@ if test "$with_gnutls" = "yes"; then + LIBS="$oldlibs" + CFLAGS="$oldcflags" + fi ++ ++AC_ARG_WITH([default-gnutls-priority], ++ AS_HELP_STRING([--with-default-gnutls-priority=STRING], ++ [Provide a default string as GnuTLS priority string]), ++ default_gnutls_priority=$withval) ++if test -n "$default_gnutls_priority"; then ++ AC_DEFINE_UNQUOTED([DEFAULT_PRIO], ["$default_gnutls_priority"], [The GnuTLS priority string]) ++fi ++ + if test "$with_openssl" = "yes" || test "$with_openssl" = "" || test "$ssl_library" = "both"; then + PKG_CHECK_MODULES(OPENSSL, openssl, [], + [oldLIBS="$LIBS" +diff --git a/gnutls.c b/gnutls.c +index 3f79a22..34119da 100644 +--- a/gnutls.c ++++ b/gnutls.c +@@ -2052,15 +2052,17 @@ static int verify_peer(gnutls_session_t session) + * >= 3.2.9 as there the %COMPAT keyword ensures that the client hello + * will be outside that range. + */ +-#if GNUTLS_VERSION_NUMBER >= 0x030209 +-# define DEFAULT_PRIO "NORMAL:-VERS-SSL3.0:%COMPAT" +-#else +-# define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \ ++#ifndef DEFAULT_PRIO ++# if GNUTLS_VERSION_NUMBER >= 0x030209 ++# define DEFAULT_PRIO "NORMAL:-VERS-SSL3.0:%COMPAT" ++# else ++# define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \ + "%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION" +-# if GNUTLS_VERSION_MAJOR >= 3 +-# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA" +-#else +-# define DEFAULT_PRIO _DEFAULT_PRIO ++# if GNUTLS_VERSION_MAJOR >= 3 ++# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA" ++# else ++# define DEFAULT_PRIO _DEFAULT_PRIO ++# endif + # endif + #endif + +-- +2.1.0 + diff --git a/openconnect.spec b/openconnect.spec index 4ad901a..d422caf 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -21,13 +21,16 @@ Name: openconnect Version: 7.05 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz +Patch1: openconnect-7.05-override-default-prio-string.patch +Patch2: openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) @@ -70,8 +73,13 @@ for NetworkManager etc. %prep %setup -q -n openconnect-%{version}%{?gitsuffix} +%patch1 -p1 -b .prio +%patch2 -p1 -b .ciphers + %build +autoreconf -fvi %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ + --with-default-gnutls-priority="@SYSTEM" \ %if !%{use_gnutls} --with-openssl --without-openssl-version-check \ %endif @@ -106,6 +114,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Mar 11 2015 Nikos Mavrogiannopoulos - 7.05-2 +- Utilize and enforce system-wide policies (#1179331) + * Sun Jan 25 2015 David Woodhouse - 7.05-1 - Update to 7.05 release From caf1bde0e95cb63789585b79129fecb510398652 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 17 Mar 2015 13:38:33 +0000 Subject: [PATCH 111/184] 7.06 --- .gitignore | 1 + openconnect.spec | 9 ++++++--- sources | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 9b9c49e..7e6f30e 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,4 @@ openconnect-2.25.tar.gz /openconnect-7.03.tar.gz /openconnect-7.04.tar.gz /openconnect-7.05.tar.gz +/openconnect-7.06.tar.gz diff --git a/openconnect.spec b/openconnect.spec index d422caf..f2fd17a 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -20,8 +20,8 @@ %endif Name: openconnect -Version: 7.05 -Release: 2%{?relsuffix}%{?dist} +Version: 7.06 +Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -114,10 +114,13 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Tue Mar 17 2015 David Woodhouse - 7.06-1 +- Update to 7.06 release + * Wed Mar 11 2015 Nikos Mavrogiannopoulos - 7.05-2 - Utilize and enforce system-wide policies (#1179331) -* Sun Jan 25 2015 David Woodhouse - 7.05-1 +* Tue Mar 10 2015 David Woodhouse - 7.05-1 - Update to 7.05 release * Sun Jan 25 2015 David Woodhouse - 7.04-1 diff --git a/sources b/sources index 812c787..21c4f15 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -10cd4f61e8a11cdf793da2b0fd7a6003 openconnect-7.05.tar.gz +80f397911e1fed43d897d99be3d5f1a1 openconnect-7.06.tar.gz From e9b77aa7374a91c9392b1b19ced17becdc7bdd57 Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Wed, 17 Jun 2015 23:55:04 +0000 Subject: [PATCH 112/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index f2fd17a..7a9c802 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -21,7 +21,7 @@ Name: openconnect Version: 7.06 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -114,6 +114,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Jun 17 2015 Fedora Release Engineering - 7.06-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + * Tue Mar 17 2015 David Woodhouse - 7.06-1 - Update to 7.06 release From 41bba739cddeba6ded35eb96520d4ecd692d4b8f Mon Sep 17 00:00:00 2001 From: Peter Robinson Date: Thu, 29 Oct 2015 23:31:18 +0000 Subject: [PATCH 113/184] Fix FTBFS by including packaged docs --- openconnect.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 7a9c802..d66ec9e 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -21,7 +21,7 @@ Name: openconnect Version: 7.06 -Release: 2%{?relsuffix}%{?dist} +Release: 3%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -106,6 +106,7 @@ rm -rf $RPM_BUILD_ROOT %{_sbindir}/openconnect %{_mandir}/man8/* %doc TODO COPYING.LGPL +%doc %{_docdir}/%{name} %files devel %defattr(-,root,root,-) @@ -114,6 +115,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Oct 29 2015 Peter Robinson 7.06-3 +- Fix FTBFS by including packaged docs + * Wed Jun 17 2015 Fedora Release Engineering - 7.06-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild From e04c2c7bc3f59734199b7c680b4091a05f739bfd Mon Sep 17 00:00:00 2001 From: Dennis Gilmore Date: Tue, 2 Feb 2016 21:38:44 -0600 Subject: [PATCH 114/184] add upstream patch to fix ipv6 only setups --- fix-ipv6-only.patch | 33 +++++++++++++++++++++++++++++++++ openconnect.spec | 7 ++++++- 2 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 fix-ipv6-only.patch diff --git a/fix-ipv6-only.patch b/fix-ipv6-only.patch new file mode 100644 index 0000000..fedef47 --- /dev/null +++ b/fix-ipv6-only.patch @@ -0,0 +1,33 @@ +From 430f8bcab5c0e10881f7dcdc07a15803ebf31607 Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Thu, 26 Nov 2015 08:02:34 +0000 +Subject: [PATCH] Fix IPv6-only connectivity + +Commit a5dd38ec8 ("Assign Address-IP6 field to netmask instead of address") +broke IPv6-only configurations, because we only check for ip_info.addr +and ip_info.addr6 being NULL. We need to allow the connection to continue +when ip_info.netmask6 is non-NULL too. + +Reported-by: Dennis Gilmore +Signed-off-by: David Woodhouse +--- + cstp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/cstp.c b/cstp.c +index 4aad2c1..b9408c7 100644 +--- a/cstp.c ++++ b/cstp.c +@@ -494,7 +494,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) + } + vpninfo->ip_info.mtu = mtu; + +- if (!vpninfo->ip_info.addr && !vpninfo->ip_info.addr6) { ++ if (!vpninfo->ip_info.addr && !vpninfo->ip_info.addr6 && ++ !vpninfo->ip_info.netmask6) { + vpn_progress(vpninfo, PRG_ERR, + _("No IP address received. Aborting\n")); + return -EINVAL; +-- +1.9.3 + diff --git a/openconnect.spec b/openconnect.spec index d66ec9e..e62e1ee 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -21,7 +21,7 @@ Name: openconnect Version: 7.06 -Release: 3%{?relsuffix}%{?dist} +Release: 4%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -30,6 +30,7 @@ URL: http://www.infradead.org/openconnect.html Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz Patch1: openconnect-7.05-override-default-prio-string.patch Patch2: openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch +Patch3: fix-ipv6-only.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -75,6 +76,7 @@ for NetworkManager etc. %patch1 -p1 -b .prio %patch2 -p1 -b .ciphers +%patch3 -p1 -b .ipv6 %build autoreconf -fvi @@ -115,6 +117,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Tue Feb 02 2016 Dennis Gilmore - 7.06-4 +- add upstream patch to fix ipv6 only setups + * Thu Oct 29 2015 Peter Robinson 7.06-3 - Fix FTBFS by including packaged docs From ca61de3f775b3de44244f803120653a8513e2e03 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 21 Mar 2016 10:04:08 +0000 Subject: [PATCH 115/184] Check GPG signatures during build --- .gitignore | 2 ++ openconnect.spec | 16 +++++++++++++++- sources | 3 ++- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 7e6f30e..54774f9 100644 --- a/.gitignore +++ b/.gitignore @@ -40,3 +40,5 @@ openconnect-2.25.tar.gz /openconnect-7.04.tar.gz /openconnect-7.05.tar.gz /openconnect-7.06.tar.gz +/openconnect-7.06.tar.gz.asc +/pubring.gpg diff --git a/openconnect.spec b/openconnect.spec index e62e1ee..be8145a 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -28,13 +28,17 @@ Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz +%if 0%{?gitcount} == 0 +Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz.asc +%endif +Source2: pubring.gpg Patch1: openconnect-7.05-override-default-prio-string.patch Patch2: openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch Patch3: fix-ipv6-only.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) +BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) gnupg BuildRequires: autoconf automake libtool python gettext pkgconfig(liblz4) %if 0%{?fedora} || 0%{?rhel} >= 7 Obsoletes: openconnect-lib-compat%{?_isa} < %{version}-%{release} @@ -72,6 +76,13 @@ the OpenConnect VPN client, to be used by GUI authentication dialogs for NetworkManager etc. %prep +%if 0%{?gitcount} == 0 +gpg --homedir . --no-permission-warning \ + --no-default-keyring --keyring %{SOURCE2} \ + --trusted-key 63762CDA67E2F359 \ + --verify %{SOURCE1} +%endif + %setup -q -n openconnect-%{version}%{?gitsuffix} %patch1 -p1 -b .prio @@ -117,6 +128,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Mon Mar 21 2016 David Woodhouse - 7.06-4 +- Check GPG signature as part of build + * Tue Feb 02 2016 Dennis Gilmore - 7.06-4 - add upstream patch to fix ipv6 only setups diff --git a/sources b/sources index 21c4f15..246342b 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ -80f397911e1fed43d897d99be3d5f1a1 openconnect-7.06.tar.gz +ef7bb028ca55bb5e0794134ceb277efc openconnect-7.06.tar.gz.asc +2b85959af07ca0e8466853443fd7d766 pubring.gpg From 5b09e4c8a90c1d810b3f8d087ff4f284db9656d1 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 21 Mar 2016 10:06:21 +0000 Subject: [PATCH 116/184] Bump release --- openconnect.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index be8145a..ba5762d 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -21,7 +21,7 @@ Name: openconnect Version: 7.06 -Release: 4%{?relsuffix}%{?dist} +Release: 5%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -128,7 +128,7 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog -* Mon Mar 21 2016 David Woodhouse - 7.06-4 +* Mon Mar 21 2016 David Woodhouse - 7.06-5 - Check GPG signature as part of build * Tue Feb 02 2016 Dennis Gilmore - 7.06-4 From e0bb2d84822d20c02fb4b814dd646d36f0d319c3 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 21 Mar 2016 10:09:57 +0000 Subject: [PATCH 117/184] Add tarball back again. It helps. --- openconnect.spec | 4 ++-- sources | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index ba5762d..5cba29c 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -21,7 +21,7 @@ Name: openconnect Version: 7.06 -Release: 5%{?relsuffix}%{?dist} +Release: 6%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -128,7 +128,7 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog -* Mon Mar 21 2016 David Woodhouse - 7.06-5 +* Mon Mar 21 2016 David Woodhouse - 7.06-6 - Check GPG signature as part of build * Tue Feb 02 2016 Dennis Gilmore - 7.06-4 diff --git a/sources b/sources index 246342b..00e8596 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ +80f397911e1fed43d897d99be3d5f1a1 openconnect-7.06.tar.gz ef7bb028ca55bb5e0794134ceb277efc openconnect-7.06.tar.gz.asc 2b85959af07ca0e8466853443fd7d766 pubring.gpg From d9333f394c763ab8d9eadd7cc375566cfd36c014 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 22 Mar 2016 11:52:41 +0000 Subject: [PATCH 118/184] Use GPGv2 for tarball check --- .gitignore | 1 + openconnect.spec | 15 ++++++++------- sources | 2 +- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 54774f9..a780504 100644 --- a/.gitignore +++ b/.gitignore @@ -42,3 +42,4 @@ openconnect-2.25.tar.gz /openconnect-7.06.tar.gz /openconnect-7.06.tar.gz.asc /pubring.gpg +/gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg diff --git a/openconnect.spec b/openconnect.spec index 5cba29c..79fed49 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -21,7 +21,7 @@ Name: openconnect Version: 7.06 -Release: 6%{?relsuffix}%{?dist} +Release: 7%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -31,14 +31,15 @@ Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf %if 0%{?gitcount} == 0 Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz.asc %endif -Source2: pubring.gpg +Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg + Patch1: openconnect-7.05-override-default-prio-string.patch Patch2: openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch Patch3: fix-ipv6-only.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) gnupg +BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) gnupg2 BuildRequires: autoconf automake libtool python gettext pkgconfig(liblz4) %if 0%{?fedora} || 0%{?rhel} >= 7 Obsoletes: openconnect-lib-compat%{?_isa} < %{version}-%{release} @@ -77,10 +78,7 @@ for NetworkManager etc. %prep %if 0%{?gitcount} == 0 -gpg --homedir . --no-permission-warning \ - --no-default-keyring --keyring %{SOURCE2} \ - --trusted-key 63762CDA67E2F359 \ - --verify %{SOURCE1} +gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} %endif %setup -q -n openconnect-%{version}%{?gitsuffix} @@ -128,6 +126,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Tue Mar 22 2016 David Woodhouse - 7.06-7 +- Switch to using GPGv2 for signature check + * Mon Mar 21 2016 David Woodhouse - 7.06-6 - Check GPG signature as part of build diff --git a/sources b/sources index 00e8596..fd37447 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ 80f397911e1fed43d897d99be3d5f1a1 openconnect-7.06.tar.gz ef7bb028ca55bb5e0794134ceb277efc openconnect-7.06.tar.gz.asc -2b85959af07ca0e8466853443fd7d766 pubring.gpg +2b85959af07ca0e8466853443fd7d766 gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg From dd37e45548b2fdb93daca7db7bcb8bb0687e2938 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 11 Jul 2016 16:27:26 +0100 Subject: [PATCH 119/184] Update to 7.07 --- .gitignore | 2 + fix-ipv6-only.patch | 33 --- ...nsure-dtls-ciphers-match-the-allowed.patch | 200 ------------------ ...ct-7.05-override-default-prio-string.patch | 64 ------ openconnect.spec | 27 +-- sources | 5 +- 6 files changed, 18 insertions(+), 313 deletions(-) delete mode 100644 fix-ipv6-only.patch delete mode 100644 openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch delete mode 100644 openconnect-7.05-override-default-prio-string.patch diff --git a/.gitignore b/.gitignore index a780504..2cb5fba 100644 --- a/.gitignore +++ b/.gitignore @@ -43,3 +43,5 @@ openconnect-2.25.tar.gz /openconnect-7.06.tar.gz.asc /pubring.gpg /gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg +/openconnect-7.07.tar.gz +/openconnect-7.07.tar.gz.asc diff --git a/fix-ipv6-only.patch b/fix-ipv6-only.patch deleted file mode 100644 index fedef47..0000000 --- a/fix-ipv6-only.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 430f8bcab5c0e10881f7dcdc07a15803ebf31607 Mon Sep 17 00:00:00 2001 -From: David Woodhouse -Date: Thu, 26 Nov 2015 08:02:34 +0000 -Subject: [PATCH] Fix IPv6-only connectivity - -Commit a5dd38ec8 ("Assign Address-IP6 field to netmask instead of address") -broke IPv6-only configurations, because we only check for ip_info.addr -and ip_info.addr6 being NULL. We need to allow the connection to continue -when ip_info.netmask6 is non-NULL too. - -Reported-by: Dennis Gilmore -Signed-off-by: David Woodhouse ---- - cstp.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/cstp.c b/cstp.c -index 4aad2c1..b9408c7 100644 ---- a/cstp.c -+++ b/cstp.c -@@ -494,7 +494,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) - } - vpninfo->ip_info.mtu = mtu; - -- if (!vpninfo->ip_info.addr && !vpninfo->ip_info.addr6) { -+ if (!vpninfo->ip_info.addr && !vpninfo->ip_info.addr6 && -+ !vpninfo->ip_info.netmask6) { - vpn_progress(vpninfo, PRG_ERR, - _("No IP address received. Aborting\n")); - return -EINVAL; --- -1.9.3 - diff --git a/openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch b/openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch deleted file mode 100644 index b7d6088..0000000 --- a/openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch +++ /dev/null @@ -1,200 +0,0 @@ -From 4892c7a53bb0adec98c4540a0b127b209625f82a Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Wed, 4 Mar 2015 10:29:06 +0100 -Subject: [PATCH 2/2] when using gnutls enable only the DTLS ciphersuites that - were available during TLS - -Signed-off-by: Nikos Mavrogiannopoulos ---- - cstp.c | 3 ++ - dtls.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++---- - gnutls.c | 7 ++--- - openconnect-internal.h | 2 ++ - 4 files changed, 81 insertions(+), 10 deletions(-) - -diff --git a/cstp.c b/cstp.c -index d0d7eff..a06ca34 100644 ---- a/cstp.c -+++ b/cstp.c -@@ -202,6 +202,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo) - vpninfo->ip_info.domain = vpninfo->ip_info.proxy_pac = NULL; - vpninfo->banner = NULL; - -+ if (!vpninfo->dtls_ciphers) -+ vpninfo->dtls_ciphers = dtls_ciphers_from_conn(vpninfo); -+ - for (i = 0; i < 3; i++) - vpninfo->ip_info.dns[i] = vpninfo->ip_info.nbns[i] = NULL; - free_split_routes(vpninfo); -diff --git a/dtls.c b/dtls.c -index abffbf1..6ac537d 100644 ---- a/dtls.c -+++ b/dtls.c -@@ -222,6 +222,11 @@ static SSL_SESSION *generate_dtls_session(struct openconnect_info *vpninfo, - } - #endif - -+char *dtls_ciphers_from_conn(struct openconnect_info *vpninfo) -+{ -+ return NULL; -+} -+ - static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd) - { - STACK_OF(SSL_CIPHER) *ciphers; -@@ -438,27 +443,89 @@ void dtls_shutdown(struct openconnect_info *vpninfo) - #include - #include "gnutls.h" - -+#define SSTR(x) x,sizeof(x) - struct { - const char *name; -+ unsigned name_len; - gnutls_protocol_t version; - gnutls_cipher_algorithm_t cipher; - gnutls_mac_algorithm_t mac; - const char *prio; -+ unsigned disabled; - } gnutls_dtls_ciphers[] = { -- { "AES128-SHA", GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, -+ { SSTR("AES128-SHA"), GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1, - "NONE:+VERS-DTLS0.9:+COMP-NULL:+AES-128-CBC:+SHA1:+RSA:%COMPAT" }, -- { "AES256-SHA", GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1, -+ { SSTR("AES256-SHA"), GNUTLS_DTLS0_9, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_MAC_SHA1, - "NONE:+VERS-DTLS0.9:+COMP-NULL:+AES-256-CBC:+SHA1:+RSA:%COMPAT" }, -- { "DES-CBC3-SHA", GNUTLS_DTLS0_9, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1, -+ { SSTR("DES-CBC3-SHA"), GNUTLS_DTLS0_9, GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1, - "NONE:+VERS-DTLS0.9:+COMP-NULL:+3DES-CBC:+SHA1:+RSA:%COMPAT" }, - #if GNUTLS_VERSION_NUMBER >= 0x030207 /* if DTLS 1.2 is supported (and a bug in gnutls is solved) */ -- { "OC-DTLS1_2-AES128-GCM", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD, -+ { SSTR("OC-DTLS1_2-AES128-GCM"), GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_MAC_AEAD, - "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-128-GCM:+AEAD:+RSA:%COMPAT:+SIGN-ALL" }, -- { "OC-DTLS1_2-AES256-GCM", GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD, -+ { SSTR("OC-DTLS1_2-AES256-GCM"), GNUTLS_DTLS1_2, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_MAC_AEAD, - "NONE:+VERS-DTLS1.2:+COMP-NULL:+AES-256-GCM:+AEAD:+RSA:%COMPAT:+SIGN-ALL" }, - #endif - }; - -+char *dtls_ciphers_from_conn(struct openconnect_info *vpninfo) -+{ -+ /* only enable the ciphers that would have been negotiated in the TLS channel */ -+ unsigned i, j; -+ int ret; -+ unsigned idx; -+ gnutls_cipher_algorithm_t cipher; -+ gnutls_mac_algorithm_t mac; -+ struct oc_text_buf *buf; -+ gnutls_priority_t cache; -+ char *p; -+ -+ /* everything is disabled by default */ -+ for (i = 0; i < sizeof(gnutls_dtls_ciphers)/sizeof(gnutls_dtls_ciphers[0]); i++) { -+ gnutls_dtls_ciphers[i].disabled = 1; -+ } -+ -+ ret = gnutls_priority_init(&cache, vpninfo->gnutls_default_prio, NULL); -+ if (ret < 0) -+ return NULL; -+ -+ for (j=0;;j++) { -+ ret = gnutls_priority_get_cipher_suite_index(cache, j, &idx); -+ if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) -+ continue; -+ else if (ret < 0) -+ break; -+ -+ if (gnutls_cipher_suite_info(idx, NULL, NULL, &cipher, &mac, NULL) != NULL) { -+ for (i = 0; i < sizeof(gnutls_dtls_ciphers)/sizeof(gnutls_dtls_ciphers[0]); i++) { -+ if (gnutls_dtls_ciphers[i].mac == mac && gnutls_dtls_ciphers[i].cipher == cipher) { -+ gnutls_dtls_ciphers[i].disabled = 0; -+ break; -+ } -+ } -+ } -+ } -+ -+ buf = buf_alloc(); -+ -+ for (i = 0; i < sizeof(gnutls_dtls_ciphers)/sizeof(gnutls_dtls_ciphers[0]); i++) { -+ if (!gnutls_dtls_ciphers[i].disabled) { -+ if (buf->buf_len == 0) { -+ buf_append(buf, "%s", gnutls_dtls_ciphers[i].name); -+ } else { -+ buf_append(buf, ":%s", gnutls_dtls_ciphers[i].name); -+ } -+ } -+ } -+ -+ /* steal buffer */ -+ p = buf->data; -+ buf->data = NULL; -+ -+ buf_free(buf); -+ gnutls_priority_deinit(cache); -+ return p; -+} -+ - #define DTLS_SEND gnutls_record_send - #define DTLS_RECV gnutls_record_recv - #define DTLS_FREE gnutls_deinit -@@ -470,7 +537,7 @@ static int start_dtls_handshake(struct openconnect_info *vpninfo, int dtls_fd) - int cipher; - - for (cipher = 0; cipher < sizeof(gnutls_dtls_ciphers)/sizeof(gnutls_dtls_ciphers[0]); cipher++) { -- if (!strcmp(vpninfo->dtls_cipher, gnutls_dtls_ciphers[cipher].name)) -+ if (!strcmp(vpninfo->dtls_cipher, gnutls_dtls_ciphers[cipher].name) && !gnutls_dtls_ciphers[cipher].disabled) - goto found_cipher; - } - vpn_progress(vpninfo, PRG_ERR, _("Unknown DTLS parameters for requested CipherSuite '%s'\n"), -diff --git a/gnutls.c b/gnutls.c -index 34119da..e121842 100644 ---- a/gnutls.c -+++ b/gnutls.c -@@ -2070,7 +2070,6 @@ int openconnect_open_https(struct openconnect_info *vpninfo) - { - int ssl_sock = -1; - int err; -- const char * prio; - - if (vpninfo->https_sess) - return 0; -@@ -2196,13 +2195,13 @@ int openconnect_open_https(struct openconnect_info *vpninfo) - strlen(vpninfo->hostname)); - - if (vpninfo->pfs) { -- prio = DEFAULT_PRIO":-RSA"; -+ vpninfo->gnutls_default_prio = DEFAULT_PRIO":-RSA"; - } else { -- prio = DEFAULT_PRIO; -+ vpninfo->gnutls_default_prio = DEFAULT_PRIO; - } - - err = gnutls_priority_set_direct(vpninfo->https_sess, -- prio, NULL); -+ vpninfo->gnutls_default_prio, NULL); - if (err) { - vpn_progress(vpninfo, PRG_ERR, - _("Failed to set TLS priority string: %s\n"), -diff --git a/openconnect-internal.h b/openconnect-internal.h -index 04cb226..7b7161c 100644 ---- a/openconnect-internal.h -+++ b/openconnect-internal.h -@@ -469,6 +469,7 @@ struct openconnect_info { - gnutls_session_t https_sess; - gnutls_certificate_credentials_t https_cred; - char local_cert_md5[MD5_SIZE * 2 + 1]; /* For CSD */ -+ const char *gnutls_default_prio; - #ifdef HAVE_TROUSERS - TSS_HCONTEXT tpm_context; - TSS_HKEY srk; -@@ -765,6 +766,7 @@ int dtls_setup(struct openconnect_info *vpninfo, int dtls_attempt_period); - int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout); - void dtls_close(struct openconnect_info *vpninfo); - void dtls_shutdown(struct openconnect_info *vpninfo); -+char *dtls_ciphers_from_conn(struct openconnect_info *vpninfo); - - /* cstp.c */ - void cstp_common_headers(struct openconnect_info *vpninfo, struct oc_text_buf *buf); --- -2.1.0 - diff --git a/openconnect-7.05-override-default-prio-string.patch b/openconnect-7.05-override-default-prio-string.patch deleted file mode 100644 index 2e5c906..0000000 --- a/openconnect-7.05-override-default-prio-string.patch +++ /dev/null @@ -1,64 +0,0 @@ -From db955eceff87ecc7994348c952029ae012fc5b6a Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Tue, 3 Mar 2015 16:57:51 +0100 -Subject: [PATCH 1/2] Allow overriding the default GnuTLS priority string - -Signed-off-by: Nikos Mavrogiannopoulos ---- - configure.ac | 9 +++++++++ - gnutls.c | 18 ++++++++++-------- - 2 files changed, 19 insertions(+), 8 deletions(-) - -diff --git a/configure.ac b/configure.ac -index e5b5e80..ddb5c48 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -417,6 +417,15 @@ if test "$with_gnutls" = "yes"; then - LIBS="$oldlibs" - CFLAGS="$oldcflags" - fi -+ -+AC_ARG_WITH([default-gnutls-priority], -+ AS_HELP_STRING([--with-default-gnutls-priority=STRING], -+ [Provide a default string as GnuTLS priority string]), -+ default_gnutls_priority=$withval) -+if test -n "$default_gnutls_priority"; then -+ AC_DEFINE_UNQUOTED([DEFAULT_PRIO], ["$default_gnutls_priority"], [The GnuTLS priority string]) -+fi -+ - if test "$with_openssl" = "yes" || test "$with_openssl" = "" || test "$ssl_library" = "both"; then - PKG_CHECK_MODULES(OPENSSL, openssl, [], - [oldLIBS="$LIBS" -diff --git a/gnutls.c b/gnutls.c -index 3f79a22..34119da 100644 ---- a/gnutls.c -+++ b/gnutls.c -@@ -2052,15 +2052,17 @@ static int verify_peer(gnutls_session_t session) - * >= 3.2.9 as there the %COMPAT keyword ensures that the client hello - * will be outside that range. - */ --#if GNUTLS_VERSION_NUMBER >= 0x030209 --# define DEFAULT_PRIO "NORMAL:-VERS-SSL3.0:%COMPAT" --#else --# define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \ -+#ifndef DEFAULT_PRIO -+# if GNUTLS_VERSION_NUMBER >= 0x030209 -+# define DEFAULT_PRIO "NORMAL:-VERS-SSL3.0:%COMPAT" -+# else -+# define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \ - "%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION" --# if GNUTLS_VERSION_MAJOR >= 3 --# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA" --#else --# define DEFAULT_PRIO _DEFAULT_PRIO -+# if GNUTLS_VERSION_MAJOR >= 3 -+# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA" -+# else -+# define DEFAULT_PRIO _DEFAULT_PRIO -+# endif - # endif - #endif - --- -2.1.0 - diff --git a/openconnect.spec b/openconnect.spec index 79fed49..482def0 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -20,8 +20,8 @@ %endif Name: openconnect -Version: 7.06 -Release: 7%{?relsuffix}%{?dist} +Version: 7.07 +Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -33,14 +33,11 @@ Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf %endif Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg -Patch1: openconnect-7.05-override-default-prio-string.patch -Patch2: openconnect-7.05-ensure-dtls-ciphers-match-the-allowed.patch -Patch3: fix-ipv6-only.patch - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0) gnupg2 +BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) gnupg2 BuildRequires: autoconf automake libtool python gettext pkgconfig(liblz4) +BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper) %if 0%{?fedora} || 0%{?rhel} >= 7 Obsoletes: openconnect-lib-compat%{?_isa} < %{version}-%{release} Requires: vpnc-script @@ -49,7 +46,9 @@ Requires: vpnc %endif %if %{use_gnutls} -BuildRequires: pkgconfig(gnutls) trousers-devel pkgconfig(libpcsclite) +BuildRequires: pkgconfig(gnutls) trousers-devel +%else +BuildRequires: pkgconfig(openssl) pkgconfig(libp11) pkgconfig(p11-kit-1) %endif %if %{use_libproxy} BuildRequires: pkgconfig(libproxy-1.0) @@ -83,12 +82,7 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} %setup -q -n openconnect-%{version}%{?gitsuffix} -%patch1 -p1 -b .prio -%patch2 -p1 -b .ciphers -%patch3 -p1 -b .ipv6 - %build -autoreconf -fvi %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ --with-default-gnutls-priority="@SYSTEM" \ %if !%{use_gnutls} @@ -104,6 +98,9 @@ rm -rf $RPM_BUILD_ROOT rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la %find_lang %{name} +%check +make check + %clean rm -rf $RPM_BUILD_ROOT @@ -126,6 +123,10 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Mon Jul 11 2016 David Woodhouse - 7.07-1 +- Update to 7.07 release +- Enable PKCS#11 and Yubikey OATH support for OpenSSL (i.e. EL6) build + * Tue Mar 22 2016 David Woodhouse - 7.06-7 - Switch to using GPGv2 for signature check diff --git a/sources b/sources index fd37447..89f3573 100644 --- a/sources +++ b/sources @@ -1,3 +1,2 @@ -80f397911e1fed43d897d99be3d5f1a1 openconnect-7.06.tar.gz -ef7bb028ca55bb5e0794134ceb277efc openconnect-7.06.tar.gz.asc -2b85959af07ca0e8466853443fd7d766 gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg +582692c4bd8c157daadfcc89d6680cb8 openconnect-7.07.tar.gz +36043109d9c050e5f12e42c2c8ddf1b6 openconnect-7.07.tar.gz.asc From ead939e2ad3aa85b5f9c92cbd45a4c5e2185f098 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 11 Jul 2016 16:34:16 +0100 Subject: [PATCH 120/184] Add GPG keyring back --- openconnect.spec | 5 ++++- sources | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 482def0..d84ae58 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -21,7 +21,7 @@ Name: openconnect Version: 7.07 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -123,6 +123,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Mon Jul 11 2015 David Woodhouse - 7.07-2 +- Add PGP keyring back to sources + * Mon Jul 11 2016 David Woodhouse - 7.07-1 - Update to 7.07 release - Enable PKCS#11 and Yubikey OATH support for OpenSSL (i.e. EL6) build diff --git a/sources b/sources index 89f3573..4e68d39 100644 --- a/sources +++ b/sources @@ -1,2 +1,4 @@ 582692c4bd8c157daadfcc89d6680cb8 openconnect-7.07.tar.gz 36043109d9c050e5f12e42c2c8ddf1b6 openconnect-7.07.tar.gz.asc +2b85959af07ca0e8466853443fd7d766 gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg + From 7033015867f3cfc27b83923060a710d53fbc2490 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 11 Jul 2016 17:00:13 +0100 Subject: [PATCH 121/184] fix date --- openconnect.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index d84ae58..d0ac317 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -123,7 +123,7 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog -* Mon Jul 11 2015 David Woodhouse - 7.07-2 +* Mon Jul 11 2016 David Woodhouse - 7.07-2 - Add PGP keyring back to sources * Mon Jul 11 2016 David Woodhouse - 7.07-1 From b68a9935fdc651c83a6910abc90f18edd11297a4 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 11 Jul 2016 17:11:44 +0100 Subject: [PATCH 122/184] Remove blank line from sources --- sources | 1 - 1 file changed, 1 deletion(-) diff --git a/sources b/sources index 4e68d39..9b1062b 100644 --- a/sources +++ b/sources @@ -1,4 +1,3 @@ 582692c4bd8c157daadfcc89d6680cb8 openconnect-7.07.tar.gz 36043109d9c050e5f12e42c2c8ddf1b6 openconnect-7.07.tar.gz.asc 2b85959af07ca0e8466853443fd7d766 gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg - From 04978406b2b74b0fdb93efe2905d03663d2bed15 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 11 Jul 2016 17:20:55 +0100 Subject: [PATCH 123/184] Set release back to -1 --- openconnect.spec | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index d0ac317..482def0 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -21,7 +21,7 @@ Name: openconnect Version: 7.07 -Release: 2%{?relsuffix}%{?dist} +Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -123,9 +123,6 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog -* Mon Jul 11 2016 David Woodhouse - 7.07-2 -- Add PGP keyring back to sources - * Mon Jul 11 2016 David Woodhouse - 7.07-1 - Update to 7.07 release - Enable PKCS#11 and Yubikey OATH support for OpenSSL (i.e. EL6) build From 9dcb7d4f0d0a54801bfc6658f247a4af9edfd72e Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 11 Jul 2016 17:22:21 +0100 Subject: [PATCH 124/184] Note bug fixed --- openconnect.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 482def0..35f84fb 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -124,7 +124,7 @@ rm -rf $RPM_BUILD_ROOT %changelog * Mon Jul 11 2016 David Woodhouse - 7.07-1 -- Update to 7.07 release +- Update to 7.07 release (#1268198) - Enable PKCS#11 and Yubikey OATH support for OpenSSL (i.e. EL6) build * Tue Mar 22 2016 David Woodhouse - 7.06-7 From d5fd5f3199a985aa834d08f7bcb476431bbf2f87 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 12 Jul 2016 11:38:59 +0100 Subject: [PATCH 125/184] Use _pkgdocdir and add backward-compatibility Create HTML directory for cases (like EL6) where groff is not UTF-8 capable so we don't build the docs anyway. --- openconnect.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index 35f84fb..79fd97b 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -19,6 +19,8 @@ %define use_tokens 1 %endif +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} + Name: openconnect Version: 7.07 Release: 1%{?relsuffix}%{?dist} @@ -88,13 +90,14 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} %if !%{use_gnutls} --with-openssl --without-openssl-version-check \ %endif - --htmldir=%{_docdir}/%{name} + --htmldir=%{_pkgdocdir} make %{?_smp_mflags} V=1 %install rm -rf $RPM_BUILD_ROOT %make_install +mkdir -p $RPM_BUILD_ROOT/%{_pkgdocdir} rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la %find_lang %{name} @@ -114,7 +117,7 @@ rm -rf $RPM_BUILD_ROOT %{_sbindir}/openconnect %{_mandir}/man8/* %doc TODO COPYING.LGPL -%doc %{_docdir}/%{name} +%doc %{_pkgdocdir} %files devel %defattr(-,root,root,-) From 3ad9d1db2ccb71012a912baa992802fcd9c4bfaa Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 13 Jul 2016 09:36:50 +0100 Subject: [PATCH 126/184] Enable Kerberos and PSKC support For Kerberos we use krb5-config not pkgconfig, so it's OK to explicitly require the krb5-devel package. --- openconnect.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 79fd97b..5a189f6 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -23,7 +23,7 @@ Name: openconnect Version: 7.07 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -38,6 +38,7 @@ Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) gnupg2 +BuildRequires: pkgconfig(libpskc) krb5-devel BuildRequires: autoconf automake libtool python gettext pkgconfig(liblz4) BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper) %if 0%{?fedora} || 0%{?rhel} >= 7 @@ -126,6 +127,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Mon Jul 11 2016 David Woodhouse - 7.07-2 +- Enable Kerberos and PSKC support + * Mon Jul 11 2016 David Woodhouse - 7.07-1 - Update to 7.07 release (#1268198) - Enable PKCS#11 and Yubikey OATH support for OpenSSL (i.e. EL6) build From 8196b1c2407e96711736de338dd67ffe7d1b6d59 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 13 Jul 2016 09:37:43 +0100 Subject: [PATCH 127/184] Update GPG signature checking --- macros.gpg | 316 +++++++++++++++++++++++++++++++++++++++++++++++ openconnect.spec | 6 +- 2 files changed, 320 insertions(+), 2 deletions(-) create mode 100644 macros.gpg diff --git a/macros.gpg b/macros.gpg new file mode 100644 index 0000000..fab8861 --- /dev/null +++ b/macros.gpg @@ -0,0 +1,316 @@ +# The gpg_verify macro is defined further down in this document. + +# gpg_verify takes one option and a list of 2- or 3-tuples. +# +# With no arguments, attempts to figure everything out. Finds one keyring and +# tries to pair each signature file with a source. If there is no source found +# which matches a signature, the build is aborted. +# +# -k gives a common keyring to verify all signatures against, except when an +# argument specifies its own keyring. +# +# Each argument must be of the form "F,S,K" or "F,S", where each of F, S and K +# is either the number or the filename of one of the source files in the +# package. A pathname including directories is not allowed. +# F is a source file to check. +# S is a signature. +# K is a keyring. +# +# When an argument specifies a keyring, that signature will be verified against +# the keys in that keyring. For arguments that don't specify a keyring, the one +# specified with -k will be used, if any. If no keyring is specified either +# way, the macro will default to the first one it finds in the source list. +# +# It is assumed that all the keys in all keyrings, whether automatically found +# or explicitly specified, are trusted to authenticate the source files. There +# must not be any untrusted keys included. + +# Some utility functions to the global namespace +# Most of these should come from the utility macros in the other repo. +%define gpg_macros_init %{lua: + function db(str) + io.stderr:write(tostring(str) .. '\\n') + end +\ + -- Simple basename clone + function basename(str) + local name = string.gsub(str, "(.*/)(.*)", "%2") + return name + end +\ + -- Get the numbered or source file. + -- The spec writer can use any numbering scheme. The sources table + -- always counts from 1 and has no gaps, so we have to go back to the + -- SOURCEN macros. + function get_numbered_source(num) + local macro = "%SOURCE" .. num + local val = rpm.expand(macro) + if val == macro then + return nil + end + return val + end + -- Get the named source file. This returns the full path to a source file, + -- or nil if no such source exists. + function get_named_source(name) + local path + for _,path in ipairs(sources) do + if name == basename(path) then + return path + end + end + return nil + end +\ + -- Determine whether the supplied filename contains a signature + -- Assumes the file will be closed when the handle goes out of scope + function is_signature(fname) + -- I don't really like this, but you can have completely binary sigs + if string.find(fname, '%.sig$') then + return true + end + local file = io.open(fname, 'r') + if file == nil then return false end +\ + local c = 1 + while true do + local line = file:read('*line') + if (line == nil or c > 10) then break end + if string.find(line, "BEGIN PGP SIGNATURE") then + return true + end + c = c+1 + end + return false + end +\ + -- Determine whether the supplied filename looks like a keyring + -- Ends in .gpg (might be binary data)? Contains "BEGIN PGP PUBLIC KEY BLOCK" + function is_keyring(fname) + -- XXX Have to hack this now to make it not find macros.gpg while we're testing. + if string.find(fname, '%.gpg$') and not string.find(fname, 'macros.gpg$') then + return true + end +\ + local file = io.open(fname, 'r') + if file == nil then return false end + io.input(file) + local c = 1 + while true do + local line = io.read('*line') + if (line == nil or c > 10) then break end + if string.find(line, "BEGIN PGP PUBLIC KEY BLOCK") then + return true + end + c = c+1 + end + return false + end +\ + -- Output code to have the current scriptlet echo something + function echo(str) + print("echo " .. str .. "\\n") + end +\ + -- Output an exit statement with nonzero return to the current scriptlet + function exit() + print("exit 1\\n") + end +\ + -- Call the RPM %error macro + function rpmerror(str) + echo("gpg_verify: " .. str) + rpm.expand("%{error:gpg_verify: " .. str .. "}") + exit(1) + end +\ + -- XXX How to we get just a flag and no option? + function getflag(flag) + return nil + end +\ + -- Extract the value of a passed option + function getoption(opt) + out = rpm.expand("%{-" .. opt .. "*}") + -- if string.len(out) == 0 then + if #out == 0 then + return nil + end + return out + end +\ + function unknownarg(a) + rpmerror("Unknown argument to %%gpg_verify: " .. a) + end +\ + function rprint(s, l, i) -- recursive Print (structure, limit, indent) + l = (l) or 100; i = i or ""; -- default item limit, indent string + if (l<1) then db("ERROR: Item limit reached."); return l-1 end; + local ts = type(s); + if (ts ~= "table") then db(i,ts,s); return l-1 end + db(i,ts); -- print "table" + for k,v in pairs(s) do -- db("[KEY] VALUE") + l = rprint(v, l, i.."\t["..tostring(k).."]"); + if (l < 0) then break end + end + return l + end +\ + -- Given a list of source file numbers or file names, validate them and + -- convert them to a list of full filenames. + function check_sources_list(arr) + local files = {} + local src,fpath + for _, src in ipairs(arr) do + if tonumber(src) then + -- We have a number; turn it to a full path to the corresponding source file + fpath = get_numbered_source(src) + else + fpath = get_named_source(src) + end + if not src then + err = 'Not a valid source: ' .. src + if src == '1' then + err = err .. '. Note that "Source:" is the 0th source file, not the 1st.' + end + rpmerror(err) + end + table.insert(files, fpath) + end + return files + end + rpm.define("gpg_macros_init %{nil}") +}# + +# The actual macro +%define gpg_verify(k:) %gpg_macros_init%{lua: + -- RPM will ignore the first thing we output unless we give it a newline. + print('\\n') +\ + local defkeyspec = getoption("k") + local args = rpm.expand("%*") + local sourcefiles = {} + local signature_table = {} + local signatures = {} + local keyrings = {} + local defkey, match, captures, s +\ + local function storematch(m, c) + match = m; captures = c + end +\ + -- Scan all of the sources and try to categorize them. + -- Move to a function + for i,s in pairs(sources) do + sourcefiles[s] = true + -- db('File: ' .. i .. ", " .. s) + if is_signature(s) then + table.insert(signatures, s) + signature_table[s] = true + db('Found signature: ' .. s) + elseif is_keyring(s) then + table.insert(keyrings, s) + db('Found keyring: ' .. s) + else + -- Must be a source + db('Found source: ' .. s) + end + end +\ + if defkeyspec then + defkey = check_sources_list({defkeyspec})[1] + if not defkey then + rpmerror('The provided keyring ' .. defkeyspec .. ' is not a valid source number or filename.') + end + end +\ + if defkey then + db('Defkey: ' .. defkey) + else + db('No common key yet') + if keyrings[1] then + defkey = keyrings[1] + db('Using first found keyring file: '..defkey) + end + end +\ + -- Check over any given args to make sure they're valid, and to see if a + -- common key is required. + local needdefkey = false + local double = rex.newPOSIX('^([^,]+),([^,]+)$') + local triple = rex.newPOSIX('^([^,]+),([^,]+),([^,]+)$') + local arglist = {} +\ + -- RPM gives us the arguments in a single string. + -- Split on spaces and iterate + for arg in args:gmatch('%S+') do + db('Checking ' .. arg) + if triple:gmatch(arg, storematch) > 0 then + db('Looks OK') + local parsed = {srcnum=captures[1], signum=captures[2], keynum=captures[3]} + s = check_sources_list({captures[1], captures[2], captures[3]}) + parsed.srcfile = s[1] + parsed.sigfile = s[2] + parsed.keyfile = s[3] + table.insert(arglist, parsed) + elseif double:gmatch(arg, storematch) > 0 then + db('Looks OK; needs common key') + needdefkey = true + local parsed = {srcnum=captures[1], signum=captures[2], keynum=defkeyspec, keyfile=defkey} + s = check_sources_list({captures[1], captures[2]}) + parsed.srcfile = s[1] + parsed.sigfile = s[2] + table.insert(arglist, parsed) + else + rpmerror('Provided argument '..arg..' is not valid.') + end + end +\ + -- So we now know if one of those args needs a common key + if needdefkey and not defkey then + rpmerror('No common key was specified or found, yet the arguments require one.') + end +\ + -- And if we have no arguments at all and no common key was found, + -- then we can't do an automatic check + if not defkey and args == '' then + rpmerror('No keyring specified and none found; cannot auto-check.') + end +\ + -- Nothing to check means automatic mode + if #arglist == 0 then + local noext + for i,_ in pairs(signature_table) do + -- Find the name without the extension + noext = string.gsub(i, '%.[^.]+$', '') + if sourcefiles[noext] then + table.insert(arglist, {srcfile=noext, sigfile=i, keyfile=defkey}) + else + rpmerror('Found signature ' .. i .. ' with no matching source file.') + end + end + end +\ + -- Now actually check things + for _,arg in ipairs(arglist) do + local gpgfile = '$GPGHOME/' .. basename(arg.keyfile) .. '.gpg' + echo('Checking signature: file ' .. arg.srcfile .. ' sig ' .. arg.sigfile .. ' key ' .. arg.keyfile) +\ + -- We need a secure temp directorry + print('GPGHOME=$(mktemp -qd)\\n') +\ + -- Call gpg2 to generate the dearmored key + print('gpg2 --homedir $GPGHOME --no-default-keyring --quiet --yes ') + print('--output '.. gpgfile .. ' --dearmor ' .. arg.keyfile .. "\\n") +\ + -- Call gpgv2 to verify the signature against the source file with the dearmored key + print('gpgv2 --homedir $GPGHOME --keyring ' .. gpgfile .. ' ' .. arg.sigfile .. ' ' .. arg.srcfile .. '\\n') +\ + print('rm -rf $GPGHOME\\n') + echo('') + end +\ + db('------------') +}# + +# vim: set filetype=spec: diff --git a/openconnect.spec b/openconnect.spec index 5a189f6..0ded4ae 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -33,7 +33,8 @@ Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf %if 0%{?gitcount} == 0 Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz.asc %endif -Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg +Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc +Source3: macros.gpg BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -78,9 +79,10 @@ This package provides the core HTTP and authentication support from the OpenConnect VPN client, to be used by GUI authentication dialogs for NetworkManager etc. +%include %SOURCE3 %prep %if 0%{?gitcount} == 0 -gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} +%gpg_verify %endif %setup -q -n openconnect-%{version}%{?gitsuffix} From a70fd8530c7661c8b5753e58c4433b6fd1e93098 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 13 Jul 2016 09:43:17 +0100 Subject: [PATCH 128/184] add proper key --- ...07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc | 174 ++++++++++++++++++ 1 file changed, 174 insertions(+) create mode 100644 gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc diff --git a/gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc b/gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc new file mode 100644 index 0000000..f084999 --- /dev/null +++ b/gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc @@ -0,0 +1,174 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQINBE6NcQEBEADN5LtGr/flvrjd17mCOlqtRB26tj6G4jAc5VURYbejQGbbYzP5 +L+fCLfDo01MYLI6jffklfpcDRHh2r/ACvA+NBTTVrP+XX8+s8+Y49Ke/39rt4NUW +C/t9UaIkV+0gP3DPYQA2GseOGwaF8V7v3BXq6VrwoyV2KlD4vAYUahJ52VxsZG+/ +IhrvZn2MjmAyb1fjzZYr/7GX568CKdRY5VaVFqLKXdC7ZzRZObgzR83zaa3coC7l +3cFRtmGRmttDgUJ8R3Oqp2X9oe+eylzpmndEZkzGPZiI90VmZchvt1XUJ/VRpRwP +xmJvrz+NJWVktzDU1koauyOmiyB2cO6+RcSMaoQIX+TpyqJZ96rd6KsHCyTodF39 +3xs730V24pRJXSbqJpyBNTOjd2T856MI9CIQ0SRvTUJGsp4x82j+3rJvSKGTClPw +FOJkJ0KaQyPMIaudP0PdsqULSoHXiBk3k+yj6tg9Ca84TrsSrLx1fvM4sAZpqo5p +LriDbl7ji6tUZovqW06MRT7rFCMjJW0Bk8jPp2r/5ASdjv33Ljxvr+9weYHJ5/rN +J9MUVw3rXmyDbUh7+uAm/2e24z26xE6LsxJB8JzdRqRSMqXdf8JsiuQLWpKZBwYo +hLD+EKK+bfpqvTAHH39XLPz+Hx1Pyg3+nkcQJIHsZOiH5uneQyf5oId0MQARAQAB +tCVEYXZpZCBXb29kaG91c2UgPGR3bXcyQGluZnJhZGVhZC5vcmc+iQI7BBMBAgAl +AhsDAh4BAheAAhkBBQJOz8SvBgsJCAcDAgYVCAIJCgsEFgIDAQAKCRBjdizaZ+Lz +WY5QD/9EJrnssxVTZVAt/OeX4ecgy6Z7nEsAq68QWc7nUbumzG3d3kzWn9li5yLL +R6kEvj1g5w6t7X9pOG7UTqpCYs0jw72ozBPrJTNJk8rk00/R24ROVX4Bjb1tBUdL +EuIne9lS7MnI2oaNTT9vyTV07OLc/aorKv3hyI6dryW43IDVAXQBqFL7H+iPzt0m +STOo+uCwY1G5pusmWUlLUAk83AfenBJCgj6F0WrcxY9MRxBpgghBVq07hynM2wul +U4EHxjitzfVHmkqZa0dZhAYo/jOdU+K16kL2+dpKPy/1KADzbpNE4kULOmL0E8te +nEBLM5Cb8QWVE0t4n0phFX2lrfH/bG1X3lj5uVEiBvx8LIjTcve+8G22qATtuQvt +6wuFu6xSqs2LEV5yigVok1bQ7O4L0AXRqlkcCTI9XK0wxYCNPRp/jf17YSHAv0k7 +yXQ4GqJsbr/aFKjPUDJtcfI1Q/uJ5xGD1qVeJrcY6APoCFvlb9TxiUvt/fnZQNkx +LQ8yXxjxN2BdI48vMnKsPsvWq+vp57Kcqy2nwlMm1wmn0NdtfhfsyFX0eiiq/l8u +W3R1FbkVnj/hH1p2mLnr0aDLGPtvXlETuoYdUtWWLpKQDST+zbtqJwDzjj9nvF/E +xdt2XGHDjdP7J3jJ5wrli0P2fdWY0w7vAY2wmD1qoFLg+n/ENrQgRGF2aWQgV29v +ZGhvdXNlIDxkd213MkBleGltLm9yZz6JAjgEEwECACICGwMCHgECF4AFAk7PxLgG +CwkIBwMCBhUIAgkKCwQWAgMBAAoJEGN2LNpn4vNZhm4QALEBYT7YFCeywswA3PH8 +8h951uia3Cc5Gn4XBKbQxQQ4QRWHkrRhmINRqc7SMBUfxUtYnT+T2/Ei07OtRzKX +1AjKN74mF+p7s8i7JCM2t7Kc+/xSIZIhpwgbf4OOjtUQ3RJoYjlL+ke8YomX6geM +ZV/IXN2nqj4a8CYkmzXCi2dg7uWf8v/p/hyk/DLYlD+HwxpRG6ANUkQ6zxTxgnzw +ihrnhaNsu2PAnWJo9G/Tfk8o5JuTRBn5qGr7SyQ0PUG5s8D2IPgMaABHhpoT9mYv +VOundroC2RyusS9xzrTJC+BEvLZ+J3idAvT7/TfjJuOrPpkr2BUIZYr4MF+acG0Q +QUstsJdp7V27iINNN0jmlybbCl7RiIO8nCSfVRssgKbfJMnThvMGjYSSFPUz25gI +gH95t8a/2rGR5nnBJQYbd+1Toj0vqc4PIuSALk8bF/fr0s1DwKUJGgbiUYA4moIY +165he7/RVGVwm5qM49YgSaJWwintDCGox7kDJMBfOz1n0FVi5LLGCHmWosLt/CRp +b+F+r0ix2g4d5kIU/JedT1kU8dOugLVb5bLuisK28h5J06k48VfTkzkSjOb8Nn4w +7q78RUZ2zx8Ny5Y5+BFEKtmu7Bs9Pzs6698DHSaeZzqIuSTgn8ddu8iBjHZF/sw7 +wrZO1z2cKj6FW6bMen/bX+HbtCJEYXZpZCBXb29kaG91c2UgPGRhdmlkQHdvb2Ro +b3Uuc2U+iQI4BBMBAgAiAhsDAh4BAheABQJOz8S4BgsJCAcDAgYVCAIJCgsEFgID +AQAKCRBjdizaZ+LzWbR7D/4hKUfh04TLD2ZFsIWxrgEE/661lHaYZNi/rJAkhX73 ++bpPP5aVuWiqvFkYbcIvA4+PzSi8KXuKiLSbxtUDgqBKPWI9Zh2cOj2Ykl/+Qqp+ +TAPnjTde5+lc++MUm7K0QU2CJQZwvRwnLtwMvqsj7dlF37N46oSOqcPb6JRsDmJm +oJUn1ylZhjys0qAw9A+3VVxXIIacsf7Oxr+5VDMTJmyclfGwbsAAEyYYEgopQ2R8 +Z+bEOVTdDYSC051oO0KUHidbRGU8/un7yM8RFtZSoPp88O4wdWyr9xbahSr4LYIm +oNUGpJLQQKf+EtMI4pKITDs5Nkl8S6q/Gkh8nhqleuVQ/jT35Uk0T1qzhX+8EaUA +s4Bp/kUJ50K+V6C4wBMECoMDHXyvmgkKCkb18g7tMgv1ea3gZXcOU7MUvhgSzcnd +LKZi+taGTgmO+bNNdOnA1MAxMJpoU45cWpVyPp5nUg1E5/joQGW9VDJFLkoIArO5 +0e2Ccx+beDPtD20zBO4Yga+hfrztlAP9aGUAr5Zxu49MpeClqTyTnCoFyAMbAJXS +jaBEcnpIWghaUZinyvnneB8JpK4I4zjwBgwaN2+D6K0MTDJjyYw/bkRa4U6vv8L9 +1NTH6avCpMJMdo9SeokLVuPGXxAH85JfzeK/q1bnjrGBca/HJSksT+3wtj7XCAKI +KLQiRGF2aWQgV29vZGhvdXNlIDxkd213MkBrZXJuZWwub3JnPokCOAQTAQIAIgIb +AwIeAQIXgAUCTs/EuAYLCQgHAwIGFQgCCQoLBBYCAwEACgkQY3Ys2mfi81lOqg/9 +Ev3xFwdEWPZdknj63f4DruELPC7GYb5aY4mANzmsLkl5qlbr6+JtTZOyvM5wmR/0 +zD6me3e7YvMWC3bQJplMExcRJVlTBrk9hdieP/0CGaY5iXFLLqSVbKyNNQ3BoES6 +vJBX4OAgnD5J5NmCy7pnplHF7hRiasK0YyCG2QcDtMdgq2AKkqRjaQ3r0kBblbNQ +bU1KMhVfww890wYIJ/1H51ep3IkCw9L1i/0C8Z9mBQbUBGW8k6Vd4wtvnPYs6LNB +XHuDX9qZumClEALfdIx/WIQZZ5OIhB94FSC206gP4pgMFJb+dgOrQU6Q46y8rRsA +rEJRkQBS0m1Nd5hTxYi+O5V2igbi2vvMw3ijemA+nEURCJku7/qb7vXhtfUYCK+9 +XUUIHkW6IadW5hRqt0+O24tnOsoj5yZWdbbS2tpH44F/lFO5VRhKkKVy+j9D5+WX +sR2NLnujMpqLVezIZY+5H8QsNp9+nPXKaLy6kfg86Ou4C0gdOXY3M9h+j6METzPO +ehhPcU4Oep6uwdogFEP85cQH/YubpX/xrTmVVcXJPfYsDoR/SEvCN0ZW6HBRbXs5 +fJrCZeFwvAG+ytXJ6CY56vp9n9fHp1n1+WuEf8eMBJvWn9IaZYa4fUKNPp2FGj5e +CRS95onmKngom8YL4nzEN2qRQ8edF1Sz9H78Osshh5+5Ag0ETo1xAQEQANqF/lhc +KNgCwHOcuClEUvjsfROGO/Enstf9sI9OjzVfxPe76R3zYAWvqo3Jz91reZUEnQdQ +yo5IZdOdPqdy+XF7nododfT1lZz3I41r4suFYy8eHxx9L1np8fkjVY/QOu0tGh87 +30r6AYTwZ+VoRMiioZUJwpsfByYGbJ8kzs5xhsE2rW8yPu+wXohXJgawYKYugDCO +5lfeA7+ZlLCIkZjhcdBDHjCJEuaHGX8e9wKKo05nLcVoPyz4oFmFeg54C2PmDS9C +V5Fygunp9YRcHP95JoALfLY/16CPsJaOxD/yTLh0Sr73pUP5ev0YTRwpUV8A8NIJ +sLZwcF8VssENeWeLMuCoFYSMknWM8Bwbmlx2ThiUvQ2HvdmSn0S4H2cuzlsuxayZ +w0EKwdeSCr8a4MrORbOZWGBDpil0gzQ8n7JybKzmYStmORT3jZEkgP3Gk7a0iwGh +ZBPnDSe8A56OOOhIUxUYhYpHAyk3Jej8xDwii9qFnCfUH/UJCBtpM/m6eYCDJiBD +lsq9/tBWgUHfS27ZJf1zwifHaZrS2kjzYZleYQDgKuCiTWrctBE07tNUSYTgjlzf +seRZbvP2jI7n0pksjqMJApwhmdO427e+Ip/UYLZ/LbpCB2dNkUjlU6V9FhtXO79X +sysAbnqLeVmMQnu5eEE826DExe3Gh6C9tePzABEBAAGJAh8EGAECAAkFAk6NcQEC +GwwACgkQY3Ys2mfi81kOrRAAx451eVoziks7qykXESWRQrtjBIOPahojcMoN+wy3 +ljVwzWmfoM8lYUTT4jccbsq42PWV1zENAnvktByWBLRIlSSfeQwAWRlFykHattdi +lSg3/11nKI8WPrz0SCqiiJBVW/SZvKucMwkiVDeiPQNQZR8BjcpcFVJqZ4Ochp0w +qw9q7BYi6ppPoGiiShVhqMQbuZ5Szh8IgbwrCL5jP3x0VJxBuS9hJQYLfiL2D7fk +qdDpnJjafuFhAdGLN+S5g4+T2IXxgsxp5/D5IMa7rYQf55Lkinlys3A0DON0RMdG +zd81XNbEe3j7wpgj6dEEHBJ5B6z6DHkhg9oEn27XoFvrKArzgYCmDF1gFPp307wZ +JPlVIUVVrptkNbYavsxQBbo7iMUut+VnHqqp5/zoAb/bLfqlmCul9ODgImzMtKdx +PG4tBLp8rFK5qgH4fhefdTSdYOSmYby0cIRZmQ+S0FwN5uncr6IEYf/TSjLbixNA +/OP+bfPhJPMGYwXIijv/0x3UfQ9qGBNhtUOq4M/b64QiHQGHizFvDlW50HGt7hWl +XEwt+6fZqUPTX0k3WdOwIuy+SdvoDbPIRv9sr9gCs+SALR4r+4bH61IJU0nMnB2a +3LHqUhKy5FaBqZqR6NkBAnVGxh7Li7FyFWggGiwSv3ocYBcLpAapQamaniB3jlk6 +HJGZAg0ETo1xAQEQAM3ku0av9+W+uN3XuYI6Wq1EHbq2PobiMBzlVRFht6NAZttj +M/kv58It8OjTUxgsjqN9+SV+lwNEeHav8AK8D40FNNWs/5dfz6zz5jj0p7/f2u3g +1RYL+31RoiRX7SA/cM9hADYax44bBoXxXu/cFerpWvCjJXYqUPi8BhRqEnnZXGxk +b78iGu9mfYyOYDJvV+PNliv/sZfnrwIp1FjlVpUWospd0LtnNFk5uDNHzfNprdyg +LuXdwVG2YZGa20OBQnxHc6qnZf2h757KXOmad0RmTMY9mIj3RWZlyG+3VdQn9VGl +HA/GYm+vP40lZWS3MNTWShq7I6aLIHZw7r5FxIxqhAhf5OnKoln3qt3oqwcLJOh0 +Xf3fGzvfRXbilEldJuomnIE1M6N3ZPznowj0IhDRJG9NQkaynjHzaP7esm9IoZMK +U/AU4mQnQppDI8whq50/Q92ypQtKgdeIGTeT7KPq2D0JrzhOuxKsvHV+8ziwBmmq +jmkuuINuXuOLq1Rmi+pbToxFPusUIyMlbQGTyM+nav/kBJ2O/fcuPG+v73B5gcnn ++s0n0xRXDetebINtSHv64Cb/Z7bjPbrETouzEkHwnN1GpFIypd1/wmyK5AtakpkH +BiiEsP4Qor5t+mq9MAcff1cs/P4fHU/KDf6eRxAkgexk6Ifm6d5DJ/mgh3QxABEB +AAG0IkRhdmlkIFdvb2Rob3VzZSA8ZHdtdzJAa2VybmVsLm9yZz6JAjkEEwECACMF +Ak6NcQECGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRBjdizaZ+LzWbb7 +EACsXiAheiW9vyTyJlbTV0Fa/ut5QE6Yq//6vqBl1m6OWzax10sq1ydAGyTTMtzK +AaVvFSdnmQ5zmgSA3mnnezLWwMIR94+8iJiWP0zVhwo5I+5hXEa0zz++3PCdLHQI +FizGmBaTBitqHpjzBJxsoJ55Z5A5+75B6bOc3cc93zL5T1i3vcv4KezikVY9B0y0 ++jWU4Pq+IsOoIdUCyCLDtO00nrY3gUPWGNK1dXwhgvRHPlEd7LftQ6oLCrHNr9sh +YCZ+ebz67q+baUyrRGSIoqoIZLDcc1Z9qSnE6xvwR3izZ416ylEgKr6Vb4c5UqKV +SFk6TX1qUjkz5ZuZkGvMduK4Dr1efcv5JkXZIHFbfMJxTLovynOAG6WLkEL6mr0R +cSXVPUfn1+DEy0f5TCrm8btWF8lkI3oHWbD9egqEV5YO8eR5Kik1P+u6Ib0bqZFj +E3vgbeB5e2lhvgix6v32lTeDkXWcUvE331yoPX5Daoev3zNLEWJIduuQ27aaDsJv +KJO8MdiwTk/ob1YyGlu/hd9zoMOkHOJF065GKSBBNcy6uEu4FRv3BTcc6LPti+Ht +Ymt25fwnYa+5d5wGYba6c8Ikrq0yMfqWBoKhkrJuOv+ImDWpgpM0Sjn9bxKD68gj +/KLkP9hx1LhkkM8JGMWyTF342q8EwMbipakJRfembRUm7LQiRGF2aWQgV29vZGhv +dXNlIDxkYXZpZEB3b29kaG91LnNlPokCOQQTAQIAIwUCTo7TBQIbAwcLCQgHAwIB +BhUIAgkKCwQWAgMBAh4BAheAAAoJEGN2LNpn4vNZbtkP/1PemSv+Gneh525mBCYR +pyUwaelWRNp6pw5fi62u5DkckiT647S1X6hOVVqnlEpLLIQOKZFa2GdtrOyzmQ9A +pyfrEGEUNxbqBn/PGJ/OtxLThrwFxGCGLZergms+eyssq8ANYlP25WAh/VSy17+5 +LZuDP/qDzQp92YZ8A5ARWHvf86nQyzOeiyBk6Ws0AAya7I60rXkShsNSxbK9xf4/ +cErgN3B/4clJjyaWRgADRDbYYcXpoU7UBi/DHTZGN7j1e3CFY2ocYnT1ukmWNcou +AzPeKfEpXsXhXc30CKIveZiR6nnDqFxfhfAjNAy0thwcyjPt5GDdxkzrdD4Q5oFf +cz1DaUsf1dmtf4fxM5shKtTdGYW/9Fc+m8hwwYaGhxmlvr7ZzjZ0xQNtPO18k8Ee +ZXKnJh8b6Zvqke+BFAfCYR5NUShV/3YQx6YTbmJ3UUJTxVdZtaLn88m+fIpSq8KU +YPKEqZ5BklZKYxu65KuSco4z9hrW2viNIYx4CSQEyWND171JsWqIEaz9Fde2UzMQ +IAbxRFnQ9516ke87JM5oPqJ/tyxyUvUJpgyZoaab1ExICtXTh+q2ZM6CS6IpeWkn +VzN4stAdYrgWr4ZGwHnh5cwqsB8R/RRFnhc+TeAxnADYi8rBkUFLZK2kXXeRJfEc +UtIUoH73f60RkXVf2TlolgljtCVEYXZpZCBXb29kaG91c2UgPGR3bXcyQGluZnJh +ZGVhZC5vcmc+iQI5BBMBAgAjBQJOjtMWAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwEC +HgECF4AACgkQY3Ys2mfi81lwgBAAnJQTH97P/tXelVSjKzLlSN4eIBHBpiohdBk9 +/oeEzknH/vv2ZVNsv+QoRpeEW1pxwW1QCXqV2yYTa+2O3LwqnbfRJrtM45HVuD6V +YVwfrqu+/KqT7p5DMo++CYjNRzxRJJ9J7Iap6m0hEK5kfXnQKfDNUUfPuEB+4R6e +s8lTUfnGrUAcUreW3DlXTEeZg3FjfNUpijfl+CyRsNcEsczzB4hXfTd4sdE+p6tJ +4T+MFu6NnIX6/fQDK5MP7ga5w1AKL1up59dtZ3klZtRsYOzFWjLyaOYo4NDkwKA2 +QJxM/YKt1ZCvxDbTsRydTRpJpsmoXAU+z7ifjHRjwhVSkW78zkgX49blNznHZjWO +z7xRvZh8MUT6wLmsTCI1/mDrKxPvWz+nPcT4mD6XgyRNIXNgXZr2DNTo5w73U84V +y0UAm/KiZpJJ6fePsmmRvR/LxHHRjMKMYJX3q0m2tRs0B3AXmC7fEr2BfRC/Atru +FVX6QHgwruNTIFd+aac6Spahhs6jK3hU7VVq166iE0JjxNrEM3KQQkcns8EhGiJ5 +IQkLLP+u9PRkxJXE34ksSOwZEWLa7R7xyLrN3cuRxtLH48UzkY7Ab1FU8W/Ptfha +Xkjj7uTULtrcnyWd2OSMimpjhWntBGFyCG/Pt7Pgu7PhJha2H63xwd/ah/EJAcug +/tUvYga0IERhdmlkIFdvb2Rob3VzZSA8ZHdtdzJAZXhpbS5vcmc+iQI5BBMBAgAj +BQJOjzcQAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQY3Ys2mfi81n8 +BBAAn0AY63xTB2SUo44DKVdL6eLfe2L2pINWCW6uOzMzQEduHxCZ2dazlsGVIyqm +F+LsYJP+G/WDvegEpYIL10gdDoYqnVaYegn2en6dv9GZ9E8eaFz4c79rW8fEozip ++faf4opcbyVfl5k3OPdei0VTI6Qku4nmHjgJGvsgNguFzmnhGoqaXZ5TJuXiqnPv +h9jIlAK5hkEa6waZ43uDudrv8f0Srok6qtRN47kOUQr+LQP+uo+to0Gs163abQMm +gq20Y5PuL91pYAIXrrrercgJxMUFCtphjoO3jtqvJQO7pWpRBc/3IAa2MpaGbWpu +5nFf/Tb8vb8xdVT1vFjbGXHaYGkWv19MMhOcX3tw+jxD2FP2kbO6QP8bOkag93qu +go/kLqQ7xZvzxUB/stUU5ZFlwisnzT4iaw2vtmQ+8M7B/Oscdeg9OZi6jUgSdwlX +r5cSPXUKDcRHkf9R7ca9HC08dSnFbFZOp2RmrVukYcqq4cQq76s1FDjdLaXLY/oE +JyweBktZgUtuQpv16yqgH1sRCNSbRY5tMkx6PUWhwVg4Raj28Ub7X6k4H25Zv/NG +Vd+YaL8PzW1dgPtDe8N5eTZ1/4F8CculPy62B0h7xxwfx+0E8YG1+Ts82k2rJJOG +bWhr5KWo8gElEAn+H20cmtlv+HAfc4ai1UwDCuuNnLAoMai5Ag0ETo1xAQEQANqF +/lhcKNgCwHOcuClEUvjsfROGO/Enstf9sI9OjzVfxPe76R3zYAWvqo3Jz91reZUE +nQdQyo5IZdOdPqdy+XF7nododfT1lZz3I41r4suFYy8eHxx9L1np8fkjVY/QOu0t +Gh8730r6AYTwZ+VoRMiioZUJwpsfByYGbJ8kzs5xhsE2rW8yPu+wXohXJgawYKYu +gDCO5lfeA7+ZlLCIkZjhcdBDHjCJEuaHGX8e9wKKo05nLcVoPyz4oFmFeg54C2Pm +DS9CV5Fygunp9YRcHP95JoALfLY/16CPsJaOxD/yTLh0Sr73pUP5ev0YTRwpUV8A +8NIJsLZwcF8VssENeWeLMuCoFYSMknWM8Bwbmlx2ThiUvQ2HvdmSn0S4H2cuzlsu +xayZw0EKwdeSCr8a4MrORbOZWGBDpil0gzQ8n7JybKzmYStmORT3jZEkgP3Gk7a0 +iwGhZBPnDSe8A56OOOhIUxUYhYpHAyk3Jej8xDwii9qFnCfUH/UJCBtpM/m6eYCD +JiBDlsq9/tBWgUHfS27ZJf1zwifHaZrS2kjzYZleYQDgKuCiTWrctBE07tNUSYTg +jlzfseRZbvP2jI7n0pksjqMJApwhmdO427e+Ip/UYLZ/LbpCB2dNkUjlU6V9FhtX +O79XsysAbnqLeVmMQnu5eEE826DExe3Gh6C9tePzABEBAAGJAh8EGAECAAkFAk6N +cQECGwwACgkQY3Ys2mfi81kOrRAAx451eVoziks7qykXESWRQrtjBIOPahojcMoN ++wy3ljVwzWmfoM8lYUTT4jccbsq42PWV1zENAnvktByWBLRIlSSfeQwAWRlFykHa +ttdilSg3/11nKI8WPrz0SCqiiJBVW/SZvKucMwkiVDeiPQNQZR8BjcpcFVJqZ4Oc +hp0wqw9q7BYi6ppPoGiiShVhqMQbuZ5Szh8IgbwrCL5jP3x0VJxBuS9hJQYLfiL2 +D7fkqdDpnJjafuFhAdGLN+S5g4+T2IXxgsxp5/D5IMa7rYQf55Lkinlys3A0DON0 +RMdGzd81XNbEe3j7wpgj6dEEHBJ5B6z6DHkhg9oEn27XoFvrKArzgYCmDF1gFPp3 +07wZJPlVIUVVrptkNbYavsxQBbo7iMUut+VnHqqp5/zoAb/bLfqlmCul9ODgImzM +tKdxPG4tBLp8rFK5qgH4fhefdTSdYOSmYby0cIRZmQ+S0FwN5uncr6IEYf/TSjLb +ixNA/OP+bfPhJPMGYwXIijv/0x3UfQ9qGBNhtUOq4M/b64QiHQGHizFvDlW50HGt +7hWlXEwt+6fZqUPTX0k3WdOwIuy+SdvoDbPIRv9sr9gCs+SALR4r+4bH61IJU0nM +nB2a3LHqUhKy5FaBqZqR6NkBAnVGxh7Li7FyFWggGiwSv3ocYBcLpAapQamaniB3 +jlk6HJE= +=8HB8 +-----END PGP PUBLIC KEY BLOCK----- From fcc6bde403762f08c58c5ad2f9e7682fc651face Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 13 Jul 2016 09:44:09 +0100 Subject: [PATCH 129/184] clean up last changes --- openconnect.spec | 5 ++--- sources | 1 - 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index 0ded4ae..0adc733 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -38,8 +38,7 @@ Source3: macros.gpg BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) gnupg2 -BuildRequires: pkgconfig(libpskc) krb5-devel +BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool python gettext pkgconfig(liblz4) BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper) %if 0%{?fedora} || 0%{?rhel} >= 7 @@ -58,7 +57,7 @@ BuildRequires: pkgconfig(openssl) pkgconfig(libp11) pkgconfig(p11-kit-1) BuildRequires: pkgconfig(libproxy-1.0) %endif %if %{use_tokens} -BuildRequires: pkgconfig(liboath) pkgconfig(stoken) +BuildRequires: pkgconfig(stoken) pkgconfig(libpskc) %endif %description diff --git a/sources b/sources index 9b1062b..89f3573 100644 --- a/sources +++ b/sources @@ -1,3 +1,2 @@ 582692c4bd8c157daadfcc89d6680cb8 openconnect-7.07.tar.gz 36043109d9c050e5f12e42c2c8ddf1b6 openconnect-7.07.tar.gz.asc -2b85959af07ca0e8466853443fd7d766 gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg From c3915f02c11a0576f3cb8ee2b902fb12cd64f9e1 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 13 Dec 2016 16:51:08 +0000 Subject: [PATCH 130/184] 7.08 --- .gitignore | 2 ++ openconnect.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 2cb5fba..a8ed2dc 100644 --- a/.gitignore +++ b/.gitignore @@ -45,3 +45,5 @@ openconnect-2.25.tar.gz /gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg /openconnect-7.07.tar.gz /openconnect-7.07.tar.gz.asc +/openconnect-7.08.tar.gz +/openconnect-7.08.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index 0adc733..309d27b 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -22,8 +22,8 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 7.07 -Release: 2%{?relsuffix}%{?dist} +Version: 7.08 +Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -128,6 +128,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Tue Dec 13 2016 David Woodhouse - 7.08-1 +- Update to 7.08 release + * Mon Jul 11 2016 David Woodhouse - 7.07-2 - Enable Kerberos and PSKC support diff --git a/sources b/sources index 89f3573..b68845d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -582692c4bd8c157daadfcc89d6680cb8 openconnect-7.07.tar.gz -36043109d9c050e5f12e42c2c8ddf1b6 openconnect-7.07.tar.gz.asc +SHA512 (openconnect-7.08.tar.gz) = 22f9b0bd4bd17e2ab91ff42b2464c89abba035fe705c037ba4d1042ace460c8738e20481783a1edc3b7dd6503fe9fcc7fdd188552811fb1525310e25a4c2f400 +SHA512 (openconnect-7.08.tar.gz.asc) = 71225434890bdc9f4ae1f6aaf38037418766f39d8dc549da1ae95b12676c47bd503c7c01a5ccb387a1d36c114aad690ddf01682ec7b24d23fbec7e2d628b0a25 From 94cb9d8a6ed0b53d5822a7f91c3d84f8f7d17a57 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 11 Feb 2017 00:49:36 +0000 Subject: [PATCH 131/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 309d27b..c756074 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -23,7 +23,7 @@ Name: openconnect Version: 7.08 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -128,6 +128,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat Feb 11 2017 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + * Tue Dec 13 2016 David Woodhouse - 7.08-1 - Update to 7.08 release From 1e8608e0e0239549cd62ad5f4bb25c417eed41f2 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 27 Jul 2017 01:45:25 +0000 Subject: [PATCH 132/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index c756074..a4b2d40 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -23,7 +23,7 @@ Name: openconnect Version: 7.08 -Release: 2%{?relsuffix}%{?dist} +Release: 3%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -128,6 +128,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jul 27 2017 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + * Sat Feb 11 2017 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild From cb0ec8ad126012939bf30650b3ce84271f74bd40 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 3 Aug 2017 04:30:14 +0000 Subject: [PATCH 133/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index a4b2d40..2ea888e 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -23,7 +23,7 @@ Name: openconnect Version: 7.08 -Release: 3%{?relsuffix}%{?dist} +Release: 4%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -128,6 +128,9 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Aug 03 2017 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + * Thu Jul 27 2017 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild From 8fd89313188e3934d2ef02a7b997d37745f5dd74 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Mon, 22 Jan 2018 17:55:10 +0100 Subject: [PATCH 134/184] fix wrong Obsoletes Signed-off-by: Igor Gnatenko --- openconnect.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 2ea888e..fa90f97 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -42,7 +42,7 @@ BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool python gettext pkgconfig(liblz4) BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper) %if 0%{?fedora} || 0%{?rhel} >= 7 -Obsoletes: openconnect-lib-compat%{?_isa} < %{version}-%{release} +Obsoletes: openconnect-lib-compat < %{version}-%{release} Requires: vpnc-script %else Requires: vpnc From c568e21ba79941f5edcb4d1669330bb0d81b4044 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Wed, 31 Jan 2018 17:45:43 +0100 Subject: [PATCH 135/184] Switch to %ldconfig_scriptlets Signed-off-by: Igor Gnatenko --- openconnect.spec | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index fa90f97..d62698a 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -23,7 +23,7 @@ Name: openconnect Version: 7.08 -Release: 4%{?relsuffix}%{?dist} +Release: 5%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -97,7 +97,6 @@ make %{?_smp_mflags} V=1 %install -rm -rf $RPM_BUILD_ROOT %make_install mkdir -p $RPM_BUILD_ROOT/%{_pkgdocdir} rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la @@ -106,15 +105,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la %check make check -%clean -rm -rf $RPM_BUILD_ROOT - -%post -p /sbin/ldconfig - -%postun -p /sbin/ldconfig +%ldconfig_scriptlets %files -f %{name}.lang -%defattr(-,root,root,-) %{_libdir}/libopenconnect.so.5* %{_sbindir}/openconnect %{_mandir}/man8/* @@ -122,12 +115,14 @@ rm -rf $RPM_BUILD_ROOT %doc %{_pkgdocdir} %files devel -%defattr(-,root,root,-) %{_libdir}/libopenconnect.so -/usr/include/openconnect.h +%{_includedir}/openconnect.h %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Jan 31 2018 Igor Gnatenko - 7.08-5 +- Switch to %%ldconfig_scriptlets + * Thu Aug 03 2017 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild From 2e2f2b182604bc547005e2e5be164d655f1cb0ff Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 8 Feb 2018 09:25:04 +0000 Subject: [PATCH 136/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index d62698a..b7d39a7 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -23,7 +23,7 @@ Name: openconnect Version: 7.08 -Release: 5%{?relsuffix}%{?dist} +Release: 6%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -120,6 +120,9 @@ make check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Feb 08 2018 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + * Wed Jan 31 2018 Igor Gnatenko - 7.08-5 - Switch to %%ldconfig_scriptlets From 324d5dd5e3bc43df3425d7a04c86b244504ff83b Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Tue, 13 Feb 2018 23:57:42 +0100 Subject: [PATCH 137/184] Remove BuildRoot definition None of currently supported distributions need that. It was needed last for EL5 which is EOL now Signed-off-by: Igor Gnatenko --- openconnect.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index b7d39a7..bb902ef 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -36,7 +36,6 @@ Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc Source3: macros.gpg -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool python gettext pkgconfig(liblz4) From 45ec0b46f6715c3f01c1a39710626cad5ceef552 Mon Sep 17 00:00:00 2001 From: Iryna Shcherbina Date: Mon, 19 Mar 2018 02:20:07 +0100 Subject: [PATCH 138/184] Remove build dependency on Python --- openconnect.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index bb902ef..9fe548c 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -23,7 +23,7 @@ Name: openconnect Version: 7.08 -Release: 6%{?relsuffix}%{?dist} +Release: 7%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -38,7 +38,7 @@ Source3: macros.gpg BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 -BuildRequires: autoconf automake libtool python gettext pkgconfig(liblz4) +BuildRequires: autoconf automake libtool gettext pkgconfig(liblz4) BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper) %if 0%{?fedora} || 0%{?rhel} >= 7 Obsoletes: openconnect-lib-compat < %{version}-%{release} @@ -119,6 +119,9 @@ make check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Apr 4 2018 Iryna Shcherbina - 7.08-7 +- Remove build dependency on Python + * Thu Feb 08 2018 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild From 9d78882e4795761a53773874b1d8732b2efb5b1d Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 13 Jul 2018 15:04:06 +0000 Subject: [PATCH 139/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 9fe548c..0ecf78f 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -23,7 +23,7 @@ Name: openconnect Version: 7.08 -Release: 7%{?relsuffix}%{?dist} +Release: 8%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -119,6 +119,9 @@ make check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Jul 13 2018 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + * Wed Apr 4 2018 Iryna Shcherbina - 7.08-7 - Remove build dependency on Python From f834f4de5f7bd9ff517c6ce7cc11885aebaffa20 Mon Sep 17 00:00:00 2001 From: Michael Riss Date: Wed, 31 Oct 2018 20:38:45 +0000 Subject: [PATCH 140/184] Add @OPENCONNECT priority string to allow a custom cipher suite for openconnect Signed-off-by: Michael Riss --- openconnect.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index 0ecf78f..d10e5b5 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -23,7 +23,7 @@ Name: openconnect Version: 7.08 -Release: 8%{?relsuffix}%{?dist} +Release: 9%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -87,7 +87,7 @@ for NetworkManager etc. %build %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ - --with-default-gnutls-priority="@SYSTEM" \ + --with-default-gnutls-priority="@OPENCONNECT,@SYSTEM" \ %if !%{use_gnutls} --with-openssl --without-openssl-version-check \ %endif @@ -119,6 +119,9 @@ make check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Mon Oct 22 2018 Michael Riss - 7.08-9 +- Add @OPENCONNECT priority string to allow a custom cipher suite for openconnect + * Fri Jul 13 2018 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild From 0bb0aada4215481803fedce694b6616ea4a7398b Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 1 Nov 2018 11:46:34 +0100 Subject: [PATCH 141/184] use autosetup --- openconnect.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index d10e5b5..c3d5a21 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -83,7 +83,7 @@ for NetworkManager etc. %gpg_verify %endif -%setup -q -n openconnect-%{version}%{?gitsuffix} +%autosetup -n openconnect-%{version}%{?gitsuffix} %build %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ From c14fe5f0b9961bb2a0ecee4e48a1fc3207266d21 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 7 Nov 2018 08:42:06 +0100 Subject: [PATCH 142/184] corrected typo --- openconnect.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index c3d5a21..a8d0d93 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -23,7 +23,7 @@ Name: openconnect Version: 7.08 -Release: 9%{?relsuffix}%{?dist} +Release: 10%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -87,7 +87,7 @@ for NetworkManager etc. %build %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ - --with-default-gnutls-priority="@OPENCONNECT,@SYSTEM" \ + --with-default-gnutls-priority="@OPENCONNECT,SYSTEM" \ %if !%{use_gnutls} --with-openssl --without-openssl-version-check \ %endif @@ -119,6 +119,9 @@ make check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Nov 07 2018 Nikos Mavrogiannopoulos - 7.08-9 +- Corrected typo in the @OPENCONNECT priority string + * Mon Oct 22 2018 Michael Riss - 7.08-9 - Add @OPENCONNECT priority string to allow a custom cipher suite for openconnect From e94eb8d497c77b51ebd7990889d68e0ab1572c0e Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 5 Jan 2019 00:19:08 +0000 Subject: [PATCH 143/184] Update to 8.00 --- .gitignore | 2 ++ openconnect.spec | 41 ++++++++++++++++++++++++++++++++--------- sources | 4 ++-- 3 files changed, 36 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index a8ed2dc..df61ee4 100644 --- a/.gitignore +++ b/.gitignore @@ -47,3 +47,5 @@ openconnect-2.25.tar.gz /openconnect-7.07.tar.gz.asc /openconnect-7.08.tar.gz /openconnect-7.08.tar.gz.asc +/openconnect-8.00.tar.gz +/openconnect-8.00.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index a8d0d93..b9433d2 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -1,5 +1,5 @@ -#% define gitcount 211 -#% define gitrev 584c84f +# % define gitcount 227 +# % define gitrev a03e4bf %if 0%{?gitcount} > 0 %define gitsuffix -%{gitcount}-g%{gitrev} @@ -19,11 +19,18 @@ %define use_tokens 1 %endif +# Fedora has tss2-sys from F29 onwards +%if 0%{?fedora} >= 29 +%define use_tss2_esys 1 +%else +%define use_tss2_esys 0 +%endif + %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 7.08 -Release: 10%{?relsuffix}%{?dist} +Version: 8.00 +Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -39,7 +46,7 @@ Source3: macros.gpg BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool gettext pkgconfig(liblz4) -BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper) +BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper) softhsm python2 %if 0%{?fedora} || 0%{?rhel} >= 7 Obsoletes: openconnect-lib-compat < %{version}-%{release} Requires: vpnc-script @@ -47,8 +54,13 @@ Requires: vpnc-script Requires: vpnc %endif +%if 0%{?fedora} >= 30 +BuildRequires: glibc-langpack-cs +%endif %if %{use_gnutls} BuildRequires: pkgconfig(gnutls) trousers-devel +# Anywhere we use GnuTLS ,there should be an ocserv package too +BuildRequires: ocserv %else BuildRequires: pkgconfig(openssl) pkgconfig(libp11) pkgconfig(p11-kit-1) %endif @@ -58,10 +70,15 @@ BuildRequires: pkgconfig(libproxy-1.0) %if %{use_tokens} BuildRequires: pkgconfig(stoken) pkgconfig(libpskc) %endif +%if %{use_tss2_esys} +# https://bugzilla.redhat.com/show_bug.cgi?id=1638961 +BuildRequires: pkgconfig(tss2-esys) libgcrypt-devel +%endif %description -This package provides a client for the Cisco AnyConnect VPN protocol, which -is based on HTTPS and DTLS. +This package provides a multiprotocol VPN client for Cisco AnyConnect, +Juniper SSL VPN / Pulse Connect Secure, and Palo Alto Networks GlobalProtect +SSL VPN. %package devel Summary: Development package for OpenConnect VPN authentication tools @@ -87,8 +104,10 @@ for NetworkManager etc. %build %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ + --disable-dsa-tests \ +%if %{use_gnutls} --with-default-gnutls-priority="@OPENCONNECT,SYSTEM" \ -%if !%{use_gnutls} +%else --with-openssl --without-openssl-version-check \ %endif --htmldir=%{_pkgdocdir} @@ -102,13 +121,14 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la %find_lang %{name} %check -make check +make VERBOSE=1 check %ldconfig_scriptlets %files -f %{name}.lang %{_libdir}/libopenconnect.so.5* %{_sbindir}/openconnect +%{_libexecdir}/openconnect/ %{_mandir}/man8/* %doc TODO COPYING.LGPL %doc %{_pkgdocdir} @@ -119,6 +139,9 @@ make check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat Jan 05 2019 David Woodhouse - 8.00-1 +- Update to 8.00 release + * Wed Nov 07 2018 Nikos Mavrogiannopoulos - 7.08-9 - Corrected typo in the @OPENCONNECT priority string diff --git a/sources b/sources index b68845d..3df93b1 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-7.08.tar.gz) = 22f9b0bd4bd17e2ab91ff42b2464c89abba035fe705c037ba4d1042ace460c8738e20481783a1edc3b7dd6503fe9fcc7fdd188552811fb1525310e25a4c2f400 -SHA512 (openconnect-7.08.tar.gz.asc) = 71225434890bdc9f4ae1f6aaf38037418766f39d8dc549da1ae95b12676c47bd503c7c01a5ccb387a1d36c114aad690ddf01682ec7b24d23fbec7e2d628b0a25 +SHA512 (openconnect-8.00.tar.gz) = c8d104d001fbecf482499814d7a77d02f6a50dfdd7bda36f10b053ae0bf8cd6eb7a88773f12a582e63e82339592d40f34d154c43bc118957930f73ef09def9a3 +SHA512 (openconnect-8.00.tar.gz.asc) = 4693e8ec5ed84727aa18d9f8ffed8093f78956555fc42ce027cff9e87952dd914184350855742dd07a08c98ce5c7482f4d37c19589935dd54e1279b3719cc2c9 From 2d9a30c2e7a48a94652a4f5fb2a0be510c2ee8fc Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 5 Jan 2019 10:49:27 +0000 Subject: [PATCH 144/184] 8.01 --- .gitignore | 2 ++ openconnect.spec | 5 ++++- sources | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index df61ee4..c1feb68 100644 --- a/.gitignore +++ b/.gitignore @@ -49,3 +49,5 @@ openconnect-2.25.tar.gz /openconnect-7.08.tar.gz.asc /openconnect-8.00.tar.gz /openconnect-8.00.tar.gz.asc +/openconnect-8.01.tar.gz +/openconnect-8.01.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index b9433d2..1d807e1 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -29,7 +29,7 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 8.00 +Version: 8.01 Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -139,6 +139,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat Jan 05 2019 David Woodhouse - 8.01-1 +- Update to 8.01 release + * Sat Jan 05 2019 David Woodhouse - 8.00-1 - Update to 8.00 release diff --git a/sources b/sources index 3df93b1..ff4258e 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-8.00.tar.gz) = c8d104d001fbecf482499814d7a77d02f6a50dfdd7bda36f10b053ae0bf8cd6eb7a88773f12a582e63e82339592d40f34d154c43bc118957930f73ef09def9a3 -SHA512 (openconnect-8.00.tar.gz.asc) = 4693e8ec5ed84727aa18d9f8ffed8093f78956555fc42ce027cff9e87952dd914184350855742dd07a08c98ce5c7482f4d37c19589935dd54e1279b3719cc2c9 +SHA512 (openconnect-8.01.tar.gz) = df88bcae590ecea910e85c068ac15b4f8de9a90dc968ddda0b34bd772949cba0382484f80f6d796da43cc2673daa44a094228c5cd35f1de92d6157bc94b2162e +SHA512 (openconnect-8.01.tar.gz.asc) = 454d9e69d2295a99d46114f488eb93969141c8a08c9ce9c96b0b39d1e3a8f708f1f178ef00949772155cea29d786224b6089be8573168e8cd5d7a84b9d33ea7b From ce21bef4e23caa85e591457805c76898f52d6b1c Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 16 Jan 2019 09:32:44 +0000 Subject: [PATCH 145/184] 8.02 --- .gitignore | 2 ++ openconnect.spec | 7 ++++++- sources | 4 ++-- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index c1feb68..f1736cd 100644 --- a/.gitignore +++ b/.gitignore @@ -51,3 +51,5 @@ openconnect-2.25.tar.gz /openconnect-8.00.tar.gz.asc /openconnect-8.01.tar.gz /openconnect-8.01.tar.gz.asc +/openconnect-8.02.tar.gz +/openconnect-8.02.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index 1d807e1..7c1023b 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -29,7 +29,7 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 8.01 +Version: 8.02 Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN @@ -118,6 +118,7 @@ make %{?_smp_mflags} V=1 %make_install mkdir -p $RPM_BUILD_ROOT/%{_pkgdocdir} rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la +rm -f $RPM_BUILD_ROOT/%{_libexecdir}/openconnect/tncc-wrapper.py %find_lang %{name} %check @@ -139,6 +140,10 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Jan 16 2019 David Woodhouse - 8.02-1 +- Update to 8.02 release +- Remove tncc-wrapper.py (#1664029) + * Sat Jan 05 2019 David Woodhouse - 8.01-1 - Update to 8.01 release diff --git a/sources b/sources index ff4258e..3d6d761 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-8.01.tar.gz) = df88bcae590ecea910e85c068ac15b4f8de9a90dc968ddda0b34bd772949cba0382484f80f6d796da43cc2673daa44a094228c5cd35f1de92d6157bc94b2162e -SHA512 (openconnect-8.01.tar.gz.asc) = 454d9e69d2295a99d46114f488eb93969141c8a08c9ce9c96b0b39d1e3a8f708f1f178ef00949772155cea29d786224b6089be8573168e8cd5d7a84b9d33ea7b +SHA512 (openconnect-8.02.tar.gz) = 690a51198aeaf4bb1cd0901b0799ac991712a29aa899fe735a7b5201683cd627556eebeefba01d0c752ba44ba0a6c5ee1c3647d692383f3f4b335e79c5337cbc +SHA512 (openconnect-8.02.tar.gz.asc) = ca203b46117c6aa3aa5b3a2c07b68c45b7e2ecd6a73ade4ae851636e7b841cb2da11cc4a6bca3c1f6dc1ab0430a8d5c7abcabb6c2e6537ecd8f7b8e77d5a3be6 From feb04500b83c50cc84d8ae08d52ae5d498d7cfd4 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 18 Jan 2019 14:14:22 +0100 Subject: [PATCH 146/184] removed python2 dependency --- openconnect.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 7c1023b..9bd2c62 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -46,7 +46,7 @@ Source3: macros.gpg BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool gettext pkgconfig(liblz4) -BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper) softhsm python2 +BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper) softhsm %if 0%{?fedora} || 0%{?rhel} >= 7 Obsoletes: openconnect-lib-compat < %{version}-%{release} Requires: vpnc-script From 0a70d4e3c903867424aa302eba738738e3498957 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 18 Jan 2019 14:17:46 +0100 Subject: [PATCH 147/184] added changelog entry; bumped release --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 9bd2c62..1ffb7d0 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -30,7 +30,7 @@ Name: openconnect Version: 8.02 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN Group: Applications/Internet @@ -140,6 +140,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Jan 18 2019 Nikos Mavrogiannopoulos - 8.02-2 +- Removed python2 dependency (#1664029) + * Wed Jan 16 2019 David Woodhouse - 8.02-1 - Update to 8.02 release - Remove tncc-wrapper.py (#1664029) From 974a21db9a9a35df667ee697d7ea93d7fcebaab4 Mon Sep 17 00:00:00 2001 From: Igor Gnatenko Date: Mon, 28 Jan 2019 20:17:59 +0100 Subject: [PATCH 148/184] Remove obsolete Group tag References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag --- openconnect.spec | 2 -- 1 file changed, 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index 1ffb7d0..b0b7121 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -33,7 +33,6 @@ Version: 8.02 Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN -Group: Applications/Internet License: LGPLv2+ URL: http://www.infradead.org/openconnect.html Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz @@ -82,7 +81,6 @@ SSL VPN. %package devel Summary: Development package for OpenConnect VPN authentication tools -Group: Applications/Internet Requires: %{name}%{?_isa} = %{version}-%{release} # RHEL5 needs these spelled out because it doesn't automatically infer from pkgconfig %if 0%{?rhel} && 0%{?rhel} <= 5 From 21102bf2a40faf7049b0825fdf859e8394453536 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 1 Feb 2019 17:20:58 +0000 Subject: [PATCH 149/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index b0b7121..08db943 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -30,7 +30,7 @@ Name: openconnect Version: 8.02 -Release: 2%{?relsuffix}%{?dist} +Release: 3%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN License: LGPLv2+ @@ -138,6 +138,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Feb 01 2019 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Fri Jan 18 2019 Nikos Mavrogiannopoulos - 8.02-2 - Removed python2 dependency (#1664029) From d31c914fdd9cbd3ec049cac5f8282e696f4edbdf Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 18 May 2019 18:59:02 +0100 Subject: [PATCH 150/184] 8.03 --- .gitignore | 2 ++ openconnect.spec | 9 ++++++--- sources | 4 ++-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index f1736cd..0e5aba7 100644 --- a/.gitignore +++ b/.gitignore @@ -53,3 +53,5 @@ openconnect-2.25.tar.gz /openconnect-8.01.tar.gz.asc /openconnect-8.02.tar.gz /openconnect-8.02.tar.gz.asc +/openconnect-8.03.tar.gz +/openconnect-8.03.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index 08db943..6737b36 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -29,9 +29,9 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 8.02 -Release: 3%{?relsuffix}%{?dist} -Summary: Open client for Cisco AnyConnect VPN +Version: 8.03 +Release: 1%{?relsuffix}%{?dist} +Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ URL: http://www.infradead.org/openconnect.html @@ -138,6 +138,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat May 18 2019 David Woodhouse - 8.03-1 +- Update to 8.03 release + * Fri Feb 01 2019 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild diff --git a/sources b/sources index 3d6d761..a61ad80 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-8.02.tar.gz) = 690a51198aeaf4bb1cd0901b0799ac991712a29aa899fe735a7b5201683cd627556eebeefba01d0c752ba44ba0a6c5ee1c3647d692383f3f4b335e79c5337cbc -SHA512 (openconnect-8.02.tar.gz.asc) = ca203b46117c6aa3aa5b3a2c07b68c45b7e2ecd6a73ade4ae851636e7b841cb2da11cc4a6bca3c1f6dc1ab0430a8d5c7abcabb6c2e6537ecd8f7b8e77d5a3be6 +SHA512 (openconnect-8.03.tar.gz) = e5cae7aacc5684c585992c8199d47c1318a710d2f3638e0b71f5ab3ee7f35406306462e19ba55b32351a3894c83c256569e2e096da0bc8f6404f2740168e73da +SHA512 (openconnect-8.03.tar.gz.asc) = 3daa704045a2f94be9512ad1a4f4cfd0cbc73fb380a63d8795ee78d2e899df32641bce9b43288922ac29c2644ba911ba62824874abc8afad5774b5418029b314 From 0e0e3a172c5b0256105184ab770e3520c63b11b4 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 25 Jul 2019 23:24:16 +0000 Subject: [PATCH 151/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 6737b36..ff7fc68 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -30,7 +30,7 @@ Name: openconnect Version: 8.03 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -138,6 +138,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jul 25 2019 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Sat May 18 2019 David Woodhouse - 8.03-1 - Update to 8.03 release From 29b5d60255d41c51840f3bd34c28be1d473c8948 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 9 Aug 2019 16:19:40 +0100 Subject: [PATCH 152/184] 8.04 --- .gitignore | 2 ++ openconnect.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 0e5aba7..e2ec6cb 100644 --- a/.gitignore +++ b/.gitignore @@ -55,3 +55,5 @@ openconnect-2.25.tar.gz /openconnect-8.02.tar.gz.asc /openconnect-8.03.tar.gz /openconnect-8.03.tar.gz.asc +/openconnect-8.04.tar.gz +/openconnect-8.04.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index ff7fc68..6405266 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -29,8 +29,8 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 8.03 -Release: 2%{?relsuffix}%{?dist} +Version: 8.04 +Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -138,6 +138,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Aug 09 2019 David Woodhouse - 8.04-1 +- Update to 8.04 release + * Thu Jul 25 2019 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild diff --git a/sources b/sources index a61ad80..ca7bff3 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-8.03.tar.gz) = e5cae7aacc5684c585992c8199d47c1318a710d2f3638e0b71f5ab3ee7f35406306462e19ba55b32351a3894c83c256569e2e096da0bc8f6404f2740168e73da -SHA512 (openconnect-8.03.tar.gz.asc) = 3daa704045a2f94be9512ad1a4f4cfd0cbc73fb380a63d8795ee78d2e899df32641bce9b43288922ac29c2644ba911ba62824874abc8afad5774b5418029b314 +SHA512 (openconnect-8.04.tar.gz) = 3d1f335c5ac62cdcf874b0371e9ed939e5e44060d422b35120d0a6bb87f1a7cc4ffc783e6c65d11a9d5ef974c99e56107da837ee61a03f70d9397e077185050a +SHA512 (openconnect-8.04.tar.gz.asc) = 9b4d4c74b4e179561d2cc9e311472116ad5f47ff0eb57cb8e62e4d2a2fb264e2018a3c4b5c8e464ae300e2ad7758aec2fd6f5565303180dd6d14b7eda839ac5e From 0ea55f1599e234ca7934ecd34c2378b8e7f749e4 Mon Sep 17 00:00:00 2001 From: Dusty Mabe Date: Sat, 10 Aug 2019 14:39:38 -0400 Subject: [PATCH 153/184] Remove hipreport-android.sh from sources It causes bogus dependencies on /system/bin/sh. See [1]. This was done upstream [2] by David but didn't propagate to the distgit repo. [1] https://pagure.io/dusty/failed-composes/issue/2245 [2] http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/857165936f247b7632996693260f7a61968b80c6?hp=51676600b366d165d0ce1c9cd34d53bce91bc731 --- openconnect.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/openconnect.spec b/openconnect.spec index 6405266..feba1b0 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -117,6 +117,7 @@ make %{?_smp_mflags} V=1 mkdir -p $RPM_BUILD_ROOT/%{_pkgdocdir} rm -f $RPM_BUILD_ROOT/%{_libdir}/libopenconnect.la rm -f $RPM_BUILD_ROOT/%{_libexecdir}/openconnect/tncc-wrapper.py +rm -f $RPM_BUILD_ROOT/%{_libexecdir}/openconnect/hipreport-android.sh %find_lang %{name} %check From 280da1f398c3a7d8021e9bdb4069c6afe263da8c Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Sat, 10 Aug 2019 13:32:56 -0700 Subject: [PATCH 154/184] Remove hipreport-android.sh from sources --- openconnect.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index feba1b0..dfbaf3e 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -9,7 +9,7 @@ # RHEL6 still has ancient GnuTLS %define use_gnutls 0%{?fedora} || 0%{?rhel} >= 7 -# RHEL5 has no libproxy, and no %make_install macro +# RHEL5 has no libproxy, and no %%make_install macro %if 0%{?rhel} && 0%{?rhel} <= 5 %define use_libproxy 0 %define make_install %{__make} install DESTDIR=%{?buildroot} @@ -30,7 +30,7 @@ Name: openconnect Version: 8.04 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -139,6 +139,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat Aug 10 2019 Kevin Fenzi - 8.04-2 +- Remove hipreport-android.sh from sources + * Fri Aug 09 2019 David Woodhouse - 8.04-1 - Update to 8.04 release From d7c730a5d0b44bd68a9caeb9a786000b880cd633 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 12 Sep 2019 00:37:41 +0100 Subject: [PATCH 155/184] 8.05 --- .gitignore | 2 ++ openconnect.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index e2ec6cb..c7cd92d 100644 --- a/.gitignore +++ b/.gitignore @@ -57,3 +57,5 @@ openconnect-2.25.tar.gz /openconnect-8.03.tar.gz.asc /openconnect-8.04.tar.gz /openconnect-8.04.tar.gz.asc +/openconnect-8.05.tar.gz +/openconnect-8.05.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index dfbaf3e..7978663 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -29,8 +29,8 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 8.04 -Release: 2%{?relsuffix}%{?dist} +Version: 8.05 +Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -139,6 +139,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Sep 12 2019 David Woodhouse - 8.05-1 +- Update to 8.05 release (CVE-2019-16239) + * Sat Aug 10 2019 Kevin Fenzi - 8.04-2 - Remove hipreport-android.sh from sources diff --git a/sources b/sources index ca7bff3..78c7246 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-8.04.tar.gz) = 3d1f335c5ac62cdcf874b0371e9ed939e5e44060d422b35120d0a6bb87f1a7cc4ffc783e6c65d11a9d5ef974c99e56107da837ee61a03f70d9397e077185050a -SHA512 (openconnect-8.04.tar.gz.asc) = 9b4d4c74b4e179561d2cc9e311472116ad5f47ff0eb57cb8e62e4d2a2fb264e2018a3c4b5c8e464ae300e2ad7758aec2fd6f5565303180dd6d14b7eda839ac5e +SHA512 (openconnect-8.05.tar.gz) = 3ac9f1fa5a87b06d45c316897c69470264f2fde7525b5b3ef1352041dd0c8ae5eaf5dd325de1bdcf1e5b82e688fec9c36d531da1b75ac3f49896d4186d83aa15 +SHA512 (openconnect-8.05.tar.gz.asc) = a8b292c74919749739d004501a9e2f27bc4e1e100e005e56eca5e54fac17dd6ad3036a72effbcb836a548657dcad05fc120c72a07dd50076624be9ff652ee7e0 From a56b4a3788c54ec6931aa4266ac0514269c24e72 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Thu, 26 Sep 2019 09:42:23 +0200 Subject: [PATCH 156/184] spec: updated for rhel8 --- openconnect.spec | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 7978663..4dbb525 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -19,6 +19,16 @@ %define use_tokens 1 %endif +# RHEL8 does not have libpskc, softhsm, ocserv yet +%if 0%{?rhel} && 0%{?rhel} == 8 +%define use_tokens 0 +%define use_ocserv 0 +%define use_softhsm 0 +%else +%define use_ocserv 1 +%define use_softhsm 1 +%endif + # Fedora has tss2-sys from F29 onwards %if 0%{?fedora} >= 29 %define use_tss2_esys 1 @@ -45,7 +55,10 @@ Source3: macros.gpg BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool gettext pkgconfig(liblz4) -BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper) softhsm +BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper) +%if %{use_softhsm} +BuildRequires: softhsm +%endif %if 0%{?fedora} || 0%{?rhel} >= 7 Obsoletes: openconnect-lib-compat < %{version}-%{release} Requires: vpnc-script @@ -59,7 +72,9 @@ BuildRequires: glibc-langpack-cs %if %{use_gnutls} BuildRequires: pkgconfig(gnutls) trousers-devel # Anywhere we use GnuTLS ,there should be an ocserv package too +%if %{use_ocserv} BuildRequires: ocserv +%endif %else BuildRequires: pkgconfig(openssl) pkgconfig(libp11) pkgconfig(p11-kit-1) %endif From 1eff3a34adf046402b2eb7c58c0777b4a8bce1e9 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 29 Jan 2020 20:14:41 +0000 Subject: [PATCH 157/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 4dbb525..693380a 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -40,7 +40,7 @@ Name: openconnect Version: 8.05 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -154,6 +154,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Jan 29 2020 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Thu Sep 12 2019 David Woodhouse - 8.05-1 - Update to 8.05 release (CVE-2019-16239) From 9bba5ac2b875fc7a40019271fba54cb0bd9f33f1 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 31 Mar 2020 00:42:40 +0100 Subject: [PATCH 158/184] 8.06 --- .gitignore | 2 ++ openconnect.spec | 7 +++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index c7cd92d..09dcf09 100644 --- a/.gitignore +++ b/.gitignore @@ -59,3 +59,5 @@ openconnect-2.25.tar.gz /openconnect-8.04.tar.gz.asc /openconnect-8.05.tar.gz /openconnect-8.05.tar.gz.asc +/openconnect-8.06.tar.gz +/openconnect-8.06.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index 693380a..e7d5bec 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -39,8 +39,8 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 8.05 -Release: 2%{?relsuffix}%{?dist} +Version: 8.06 +Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -154,6 +154,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Tue Mar 31 2020 David Woodhouse - 8.06-1 +- Update to 8.06 release (Blacklist bad GnuTLS versions for insecure DTLS) + * Wed Jan 29 2020 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild diff --git a/sources b/sources index 78c7246..189ff3d 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-8.05.tar.gz) = 3ac9f1fa5a87b06d45c316897c69470264f2fde7525b5b3ef1352041dd0c8ae5eaf5dd325de1bdcf1e5b82e688fec9c36d531da1b75ac3f49896d4186d83aa15 -SHA512 (openconnect-8.05.tar.gz.asc) = a8b292c74919749739d004501a9e2f27bc4e1e100e005e56eca5e54fac17dd6ad3036a72effbcb836a548657dcad05fc120c72a07dd50076624be9ff652ee7e0 +SHA512 (openconnect-8.06.tar.gz) = 6319aa6b20bf16994b376c2cc2a7cbf2b26a36f35e9607c1886e8fa7a2e1fe111bfb37f9349693ef52a3d2ce718c37e15fe263664e6c0bcbd33ced5ddb9e31b2 +SHA512 (openconnect-8.06.tar.gz.asc) = ca568fc83706b115f2c6ff245366aa2c9a147b1b3deba01d20fa0538884b218467a374f6e45fd169521ee350a092487a1d9f39d445a7da2b05227bdead6e227f From 678a37bd1b78f05d840c03177e44ec9d7898bb96 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 4 Apr 2020 21:32:04 +0100 Subject: [PATCH 159/184] 8.07 --- .gitignore | 2 ++ openconnect.spec | 6 +++++- sources | 4 ++-- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 09dcf09..9aad913 100644 --- a/.gitignore +++ b/.gitignore @@ -61,3 +61,5 @@ openconnect-2.25.tar.gz /openconnect-8.05.tar.gz.asc /openconnect-8.06.tar.gz /openconnect-8.06.tar.gz.asc +/openconnect-8.07.tar.gz +/openconnect-8.07.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index e7d5bec..48b17f5 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -39,7 +39,7 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 8.06 +Version: 8.07 Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect @@ -120,6 +120,7 @@ for NetworkManager etc. --disable-dsa-tests \ %if %{use_gnutls} --with-default-gnutls-priority="@OPENCONNECT,SYSTEM" \ + --without-gnutls-version-check \ %else --with-openssl --without-openssl-version-check \ %endif @@ -154,6 +155,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat Apr 4 2020 David Woodhouse - 8.07-1 +- Update to 8.07 release (runtime check for GnuTLS) + * Tue Mar 31 2020 David Woodhouse - 8.06-1 - Update to 8.06 release (Blacklist bad GnuTLS versions for insecure DTLS) diff --git a/sources b/sources index 189ff3d..d0b3b63 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-8.06.tar.gz) = 6319aa6b20bf16994b376c2cc2a7cbf2b26a36f35e9607c1886e8fa7a2e1fe111bfb37f9349693ef52a3d2ce718c37e15fe263664e6c0bcbd33ced5ddb9e31b2 -SHA512 (openconnect-8.06.tar.gz.asc) = ca568fc83706b115f2c6ff245366aa2c9a147b1b3deba01d20fa0538884b218467a374f6e45fd169521ee350a092487a1d9f39d445a7da2b05227bdead6e227f +SHA512 (openconnect-8.07.tar.gz) = 1929fb062bf701a7dd2a9c5f089d5ae8d53a5ac232de84d8ccc5d28dd1c469eb9a10460393950fe691f1f8aee64128d82dd326a9112bb3963f14fb410ad59ace +SHA512 (openconnect-8.07.tar.gz.asc) = 82a2e631a3fa107c5447a186ad2975d173f65563c06e23b1b593bfedf5d863f6e1eb2bb0419193b8b63ead4b9d95da4b5e55ee566bed24e290283764a91ac8e4 From a8eb92fab18761a2836b1a3cb401daad0325816b Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Mon, 6 Apr 2020 16:47:47 +0100 Subject: [PATCH 160/184] 8.08 --- .gitignore | 2 ++ openconnect.spec | 5 ++++- sources | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 9aad913..9f62211 100644 --- a/.gitignore +++ b/.gitignore @@ -63,3 +63,5 @@ openconnect-2.25.tar.gz /openconnect-8.06.tar.gz.asc /openconnect-8.07.tar.gz /openconnect-8.07.tar.gz.asc +/openconnect-8.08.tar.gz +/openconnect-8.08.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index 48b17f5..df66690 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -39,7 +39,7 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 8.07 +Version: 8.08 Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect @@ -155,6 +155,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Mon Apr 6 2020 David Woodhouse - 8.08-1 +- Update to 8.08 release (CSD stderr handling, cert checking) + * Sat Apr 4 2020 David Woodhouse - 8.07-1 - Update to 8.07 release (runtime check for GnuTLS) diff --git a/sources b/sources index d0b3b63..6984621 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-8.07.tar.gz) = 1929fb062bf701a7dd2a9c5f089d5ae8d53a5ac232de84d8ccc5d28dd1c469eb9a10460393950fe691f1f8aee64128d82dd326a9112bb3963f14fb410ad59ace -SHA512 (openconnect-8.07.tar.gz.asc) = 82a2e631a3fa107c5447a186ad2975d173f65563c06e23b1b593bfedf5d863f6e1eb2bb0419193b8b63ead4b9d95da4b5e55ee566bed24e290283764a91ac8e4 +SHA512 (openconnect-8.08.tar.gz) = 3bf42e194b88f06bbc6c385002e7b76952964e230fc86ee1d803be72204073ffe41286a3d8e189456fd7b905fa63577e6adc64137e893eccada80419c114eeb8 +SHA512 (openconnect-8.08.tar.gz.asc) = 825c9995f26631b0425efd7103015bceb01cf990976469e38a76310b027de49c639960fdabfe9937de6041a3f9697487abc5ec2f7d471d4bd3390eea16355299 From fb087b4c9a6465f27fd06cc83bbf97aebb1b5564 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 29 Apr 2020 14:25:20 +0100 Subject: [PATCH 161/184] 8.09 --- .gitignore | 2 ++ openconnect.spec | 10 +++++++--- sources | 4 ++-- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 9f62211..9acf876 100644 --- a/.gitignore +++ b/.gitignore @@ -65,3 +65,5 @@ openconnect-2.25.tar.gz /openconnect-8.07.tar.gz.asc /openconnect-8.08.tar.gz /openconnect-8.08.tar.gz.asc +/openconnect-8.09.tar.gz +/openconnect-8.09.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index df66690..f4b49cc 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -29,8 +29,8 @@ %define use_softhsm 1 %endif -# Fedora has tss2-sys from F29 onwards -%if 0%{?fedora} >= 29 +# Fedora has tss2-sys from F29 onwards, and RHEL from 8 onwards +%if 0%{?fedora} >= 29 || 0%{?rhel} >= 8 %define use_tss2_esys 1 %else %define use_tss2_esys 0 @@ -39,7 +39,7 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 8.08 +Version: 8.09 Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect @@ -146,6 +146,7 @@ make VERBOSE=1 check %{_sbindir}/openconnect %{_libexecdir}/openconnect/ %{_mandir}/man8/* +%{_sysconfdir}/bash_completion.d %doc TODO COPYING.LGPL %doc %{_pkgdocdir} @@ -155,6 +156,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed Apr 29 2020 David Woodhouse - 8.09-1 +- Update to 8.09 release + * Mon Apr 6 2020 David Woodhouse - 8.08-1 - Update to 8.08 release (CSD stderr handling, cert checking) diff --git a/sources b/sources index 6984621..0147d44 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-8.08.tar.gz) = 3bf42e194b88f06bbc6c385002e7b76952964e230fc86ee1d803be72204073ffe41286a3d8e189456fd7b905fa63577e6adc64137e893eccada80419c114eeb8 -SHA512 (openconnect-8.08.tar.gz.asc) = 825c9995f26631b0425efd7103015bceb01cf990976469e38a76310b027de49c639960fdabfe9937de6041a3f9697487abc5ec2f7d471d4bd3390eea16355299 +SHA512 (openconnect-8.09.tar.gz) = f6890f5bce4b36b162e4590bce8a61d65fc0ae803d62a3dd408fbb13e96ce41b6443740132808491093032545aea919f9076e34bc11160c503c5e3c46457e7bd +SHA512 (openconnect-8.09.tar.gz.asc) = 36370444e7ed76993fb2be127d92f8c9f5cf8960ae312ccd59437e8f76abd1ba3c70394e8c7cdfd25f29c84470466ac22dee8393f3532696a650f53bce4d611b From 0d07f7faec1e81b73de1dca8335cd39b85641123 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 2 May 2020 12:03:29 +0100 Subject: [PATCH 162/184] fix autocompletion --- ...th-to-openconnect-in-bash-completion.patch | 28 +++++++++++++++++++ openconnect.spec | 9 ++++-- 2 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 0001-Fix-path-to-openconnect-in-bash-completion.patch diff --git a/0001-Fix-path-to-openconnect-in-bash-completion.patch b/0001-Fix-path-to-openconnect-in-bash-completion.patch new file mode 100644 index 0000000..2150991 --- /dev/null +++ b/0001-Fix-path-to-openconnect-in-bash-completion.patch @@ -0,0 +1,28 @@ +From 7eba845059e8e373c59391b0520678ea833c6c76 Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Sat, 2 May 2020 09:25:29 +0100 +Subject: [PATCH] Fix path to openconnect in bash completion + +Oops, that wasn't supposed to get committed like that. + +Signed-off-by: David Woodhouse +--- + bash/openconnect.bash | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bash/openconnect.bash b/bash/openconnect.bash +index 5ca05934..a235dfc0 100644 +--- a/bash/openconnect.bash ++++ b/bash/openconnect.bash +@@ -79,7 +79,7 @@ _complete_openconnect () { + #_get_comp_words_by_ref-n =: -w COMP_WORDS -i COMP_CWORD cur + COMP_WORDS[0]="--autocomplete" + local IFS=$'\n' +- COMPREPLY=( $(COMP_CWORD=$COMP_CWORD /home/dwmw/git/openconnect/gtls-ibm/openconnect "${COMP_WORDS[@]}") ) ++ COMPREPLY=( $(COMP_CWORD=$COMP_CWORD openconnect "${COMP_WORDS[@]}") ) + local FILTERPAT="${COMPREPLY[1]}" + local PREFIX="${COMPREPLY[2]}" + local COMP_WORD=${cur#${PREFIX}} +-- +2.17.1 + diff --git a/openconnect.spec b/openconnect.spec index f4b49cc..8c7ade6 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -40,7 +40,7 @@ Name: openconnect Version: 8.09 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -51,7 +51,7 @@ Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf %endif Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc Source3: macros.gpg - +Patch1: 0001-Fix-path-to-openconnect-in-bash-completion.patch BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool gettext pkgconfig(liblz4) @@ -113,7 +113,7 @@ for NetworkManager etc. %gpg_verify %endif -%autosetup -n openconnect-%{version}%{?gitsuffix} +%autosetup -n openconnect-%{version}%{?gitsuffix} -p1 %build %configure --with-vpnc-script=/etc/vpnc/vpnc-script \ @@ -156,6 +156,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat May 2 2020 David Woodhouse - 8.09-2 +- Fix path to openconnect in bash completion script + * Wed Apr 29 2020 David Woodhouse - 8.09-1 - Update to 8.09 release From 9794151c2869e02a6d2e13e307aff203deffd737 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 14 May 2020 16:54:13 +0100 Subject: [PATCH 163/184] 8.10 --- .gitignore | 2 ++ openconnect.spec | 10 ++++++---- sources | 4 ++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 9acf876..e46177a 100644 --- a/.gitignore +++ b/.gitignore @@ -67,3 +67,5 @@ openconnect-2.25.tar.gz /openconnect-8.08.tar.gz.asc /openconnect-8.09.tar.gz /openconnect-8.09.tar.gz.asc +/openconnect-8.10.tar.gz +/openconnect-8.10.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index 8c7ade6..e4b60f4 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -39,8 +39,8 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 8.09 -Release: 2%{?relsuffix}%{?dist} +Version: 8.10 +Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -51,7 +51,6 @@ Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf %endif Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc Source3: macros.gpg -Patch1: 0001-Fix-path-to-openconnect-in-bash-completion.patch BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool gettext pkgconfig(liblz4) @@ -146,7 +145,7 @@ make VERBOSE=1 check %{_sbindir}/openconnect %{_libexecdir}/openconnect/ %{_mandir}/man8/* -%{_sysconfdir}/bash_completion.d +%{_datadir}/bash-completion/completions/openconnect %doc TODO COPYING.LGPL %doc %{_pkgdocdir} @@ -156,6 +155,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu May 14 2020 David Woodhouse - 8.10-1 +- Update to 8.10 release (CVE-2020-12823) + * Sat May 2 2020 David Woodhouse - 8.09-2 - Fix path to openconnect in bash completion script diff --git a/sources b/sources index 0147d44..a925138 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-8.09.tar.gz) = f6890f5bce4b36b162e4590bce8a61d65fc0ae803d62a3dd408fbb13e96ce41b6443740132808491093032545aea919f9076e34bc11160c503c5e3c46457e7bd -SHA512 (openconnect-8.09.tar.gz.asc) = 36370444e7ed76993fb2be127d92f8c9f5cf8960ae312ccd59437e8f76abd1ba3c70394e8c7cdfd25f29c84470466ac22dee8393f3532696a650f53bce4d611b +SHA512 (openconnect-8.10.tar.gz) = a36a106cf5c637602fc5bd3cd12df8f6dfe55217c1aae93c66ca33208507f3f8cda15e3a46d75615c7fcea1859d1a04017a07674ad0246876154467305477356 +SHA512 (openconnect-8.10.tar.gz.asc) = 90c71a939fb4ed42ebdd44bfcdd03481b350975348726f935de2d8456f478b7c3dd16361351dad806d9f6d64bbab8a18edd56e3918a1c046724421e3e1c4441e From d7f921c96b840316476cfc9533786bc3a17c83fb Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 15 May 2020 13:27:56 +0100 Subject: [PATCH 164/184] Remove old dead files --- ...th-to-openconnect-in-bash-completion.patch | 28 ---------- libopenconnect15.map | 51 ------------------- library15.c | 33 ------------ 3 files changed, 112 deletions(-) delete mode 100644 0001-Fix-path-to-openconnect-in-bash-completion.patch delete mode 100644 libopenconnect15.map delete mode 100644 library15.c diff --git a/0001-Fix-path-to-openconnect-in-bash-completion.patch b/0001-Fix-path-to-openconnect-in-bash-completion.patch deleted file mode 100644 index 2150991..0000000 --- a/0001-Fix-path-to-openconnect-in-bash-completion.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 7eba845059e8e373c59391b0520678ea833c6c76 Mon Sep 17 00:00:00 2001 -From: David Woodhouse -Date: Sat, 2 May 2020 09:25:29 +0100 -Subject: [PATCH] Fix path to openconnect in bash completion - -Oops, that wasn't supposed to get committed like that. - -Signed-off-by: David Woodhouse ---- - bash/openconnect.bash | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bash/openconnect.bash b/bash/openconnect.bash -index 5ca05934..a235dfc0 100644 ---- a/bash/openconnect.bash -+++ b/bash/openconnect.bash -@@ -79,7 +79,7 @@ _complete_openconnect () { - #_get_comp_words_by_ref-n =: -w COMP_WORDS -i COMP_CWORD cur - COMP_WORDS[0]="--autocomplete" - local IFS=$'\n' -- COMPREPLY=( $(COMP_CWORD=$COMP_CWORD /home/dwmw/git/openconnect/gtls-ibm/openconnect "${COMP_WORDS[@]}") ) -+ COMPREPLY=( $(COMP_CWORD=$COMP_CWORD openconnect "${COMP_WORDS[@]}") ) - local FILTERPAT="${COMPREPLY[1]}" - local PREFIX="${COMPREPLY[2]}" - local COMP_WORD=${cur#${PREFIX}} --- -2.17.1 - diff --git a/libopenconnect15.map b/libopenconnect15.map deleted file mode 100644 index 39e5f31..0000000 --- a/libopenconnect15.map +++ /dev/null @@ -1,51 +0,0 @@ -OPENCONNECT_1.0 { - global: - openconnect_clear_cookie; - openconnect_get_cert_sha1; - openconnect_get_cookie; - openconnect_get_hostname; - openconnect_get_peer_cert; - openconnect_get_port; - openconnect_get_urlpath; - openconnect_get_version; - openconnect_init_openssl; - openconnect_obtain_cookie; - openconnect_parse_url; - openconnect_passphrase_from_fsid; - openconnect_reset_ssl; - openconnect_set_cafile; - openconnect_set_client_cert; - openconnect_set_hostname; - openconnect_set_http_proxy; - openconnect_setup_csd; - openconnect_set_urlpath; - openconnect_set_xmlsha1; - openconnect_vpninfo_new; - local: - *; -}; -OPENCONNECT_1.1 { - global: - openconnect_vpninfo_free; -} OPENCONNECT_1.0; - -OPENCONNECT_1.2 { - global: - openconnect_vpninfo_new_with_cbdata; -} OPENCONNECT_1.1; - -OPENCONNECT_1.3 { - global: - openconnect_set_cert_expiry_warning; -} OPENCONNECT_1.2; - -OPENCONNECT_1.4 { - global: - openconnect_set_cancel_fd; -} OPENCONNECT_1.3; - -OPENCONNECT_1.5 { - global: - openconnect_get_cert_details; - openconnect_get_cert_DER; -} OPENCONNECT_1.4; diff --git a/library15.c b/library15.c deleted file mode 100644 index 0496cdf..0000000 --- a/library15.c +++ /dev/null @@ -1,33 +0,0 @@ -#ifndef OPENCONNECT_OPENSSL -#error Cannot pretend to be compatible if not building with OpenSSL -#endif - -#define openconnect_vpninfo_new openconnect_vpninfo_new_with_cbdata -#include "library.c" -#undef openconnect_vpninfo_new - -struct openconnect_info * -openconnect_vpninfo_new (char *useragent, - openconnect_validate_peer_cert_vfn validate_peer_cert, - openconnect_write_new_config_vfn write_new_config, - openconnect_process_auth_form_vfn process_auth_form, - openconnect_progress_vfn progress); -struct openconnect_info * -openconnect_vpninfo_new (char *useragent, - openconnect_validate_peer_cert_vfn validate_peer_cert, - openconnect_write_new_config_vfn write_new_config, - openconnect_process_auth_form_vfn process_auth_form, - openconnect_progress_vfn progress) -{ - return openconnect_vpninfo_new_with_cbdata(useragent, - validate_peer_cert, - write_new_config, - process_auth_form, - progress, NULL); -} - -void openconnect_init_openssl(void); -void openconnect_init_openssl(void) -{ - openconnect_init_ssl(); -} From c67862ac8776ebefb3394d007100f69767bbb5d8 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 28 Jul 2020 12:40:47 +0000 Subject: [PATCH 165/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index e4b60f4..1119ebc 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -40,7 +40,7 @@ Name: openconnect Version: 8.10 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -155,6 +155,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Tue Jul 28 2020 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Thu May 14 2020 David Woodhouse - 8.10-1 - Update to 8.10 release (CVE-2020-12823) From 5431e2598b80e93bbe51c06024d5dc2e47c69a40 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 1 Aug 2020 06:50:29 +0000 Subject: [PATCH 166/184] - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openconnect.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 1119ebc..3844960 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -40,7 +40,7 @@ Name: openconnect Version: 8.10 -Release: 2%{?relsuffix}%{?dist} +Release: 3%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -155,6 +155,10 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat Aug 01 2020 Fedora Release Engineering +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Tue Jul 28 2020 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 87ba4acb934eb7ca5b8ce5a606ff3104a50d62c6 Mon Sep 17 00:00:00 2001 From: Tom Stellard Date: Thu, 7 Jan 2021 06:29:36 +0000 Subject: [PATCH 167/184] Add BuildRequires: make https://fedoraproject.org/wiki/Changes/Remove_make_from_BuildRoot --- openconnect.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/openconnect.spec b/openconnect.spec index 3844960..e644dae 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -52,6 +52,7 @@ Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc Source3: macros.gpg +BuildRequires: make BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool gettext pkgconfig(liblz4) BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper) From a499c12df851517ab26c4f536c51f2dcd4e199d7 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Tue, 26 Jan 2021 22:28:27 +0000 Subject: [PATCH 168/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index e644dae..8a08b68 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -40,7 +40,7 @@ Name: openconnect Version: 8.10 -Release: 3%{?relsuffix}%{?dist} +Release: 4%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -156,6 +156,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Tue Jan 26 2021 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Sat Aug 01 2020 Fedora Release Engineering - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 91c24fefe06b016f74975855e194005482045fb8 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Sun, 14 Feb 2021 13:00:07 +0100 Subject: [PATCH 169/184] Expect auth-pkcs11 to fail in fedora34 --- openconnect.spec | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 8a08b68..4fb9350 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -40,7 +40,7 @@ Name: openconnect Version: 8.10 -Release: 4%{?relsuffix}%{?dist} +Release: 5%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -137,7 +137,12 @@ rm -f $RPM_BUILD_ROOT/%{_libexecdir}/openconnect/hipreport-android.sh %find_lang %{name} %check +%if 0%{?fedora} || 0%{?fedora} >= 34 +# auth-pkcs11 fails in Fedora34 for unknown reasons +make VERBOSE=1 check XFAIL_TESTS=auth-pkcs11 +%else make VERBOSE=1 check +%endif %ldconfig_scriptlets @@ -156,6 +161,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sun Feb 14 2021 Nikos Mavrogiannopoulos - 8.10-5 +- Rebuilt while skipping the (PKCS#11) failing tests + * Tue Jan 26 2021 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild From d452e6f1974d222a3751bf99f258599ddae9c335 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 12 Jun 2021 10:50:08 +0100 Subject: [PATCH 170/184] Fix crypto-policy breakage, merge Juniper redirect fix --- ...tching-NC-landing-page-if-auth-was-s.patch | 65 +++++++++ ...tionally-bypass-system-crypto-policy.patch | 134 ++++++++++++++++++ openconnect.spec | 9 +- 3 files changed, 207 insertions(+), 1 deletion(-) create mode 100644 0001-Ignore-errors-fetching-NC-landing-page-if-auth-was-s.patch create mode 100644 0002-Unconditionally-bypass-system-crypto-policy.patch diff --git a/0001-Ignore-errors-fetching-NC-landing-page-if-auth-was-s.patch b/0001-Ignore-errors-fetching-NC-landing-page-if-auth-was-s.patch new file mode 100644 index 0000000..6fe452c --- /dev/null +++ b/0001-Ignore-errors-fetching-NC-landing-page-if-auth-was-s.patch @@ -0,0 +1,65 @@ +From 4ff991c46e6b202cabd623eeffa5ae1af1ba5c8e Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Fri, 23 Apr 2021 10:40:44 +0100 +Subject: [PATCH 1/2] Ignore errors fetching NC landing page if auth was + successful + +Signed-off-by: David Woodhouse +(cherry picked from commit 3e77943692b511719d9217d2ecc43588b7c6c08b) +--- + auth-juniper.c | 18 +++++++++++------- + www/changelog.xml | 2 +- + 2 files changed, 12 insertions(+), 8 deletions(-) + +diff --git a/auth-juniper.c b/auth-juniper.c +index 19d43978..63af3bfc 100644 +--- a/auth-juniper.c ++++ b/auth-juniper.c +@@ -663,6 +663,17 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo) + ret = do_https_request(vpninfo, "GET", NULL, NULL, + &form_buf, 2); + ++ /* After login, the server will redirect the "browser" to a landing page. ++ * https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784 ++ * turned some of those landing pages into a 403 but we don't *care* ++ * about that as long as we have the cookie we wanted. So check for ++ * cookie success *before* checking 'ret'. */ ++ if (!check_cookie_success(vpninfo)) { ++ free(form_buf); ++ ret = 0; ++ break; ++ } ++ + if (ret < 0) + break; + +@@ -680,13 +691,6 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo) + break; + } + +- if (!check_cookie_success(vpninfo)) { +- buf_free(url); +- free(form_buf); +- ret = 0; +- break; +- } +- + doc = htmlReadMemory(form_buf, ret, url->data, NULL, + HTML_PARSE_RECOVER|HTML_PARSE_NOERROR|HTML_PARSE_NOWARNING|HTML_PARSE_NONET); + buf_free(url); +diff --git a/www/changelog.xml b/www/changelog.xml +index bca5c8e2..1a05eda7 100644 +--- a/www/changelog.xml ++++ b/www/changelog.xml +@@ -15,7 +15,7 @@ +
    +
  • OpenConnect HEAD +
      +-
    • No changelog entries yet
      • ++
    • Ignore failures to fetch the NC landing page if the authentication was successful.
      • +

    +
    • +
  • OpenConnect v8.10 +-- +2.31.1 + diff --git a/0002-Unconditionally-bypass-system-crypto-policy.patch b/0002-Unconditionally-bypass-system-crypto-policy.patch new file mode 100644 index 0000000..d274370 --- /dev/null +++ b/0002-Unconditionally-bypass-system-crypto-policy.patch @@ -0,0 +1,134 @@ +From cc4658504b21eb87f9fa6bf7c1e42b83b6f64aaa Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Sat, 12 Jun 2021 08:50:09 +0100 +Subject: [PATCH 2/2] Unconditionally bypass system crypto policy + +This makes me extremely sad, but they rolled it out with *no* way to +selectively allow the user to say "connect anyway", as we've always had +for "invalid" certificates, etc. + +It's just unworkable and incomplete as currently implemented in the +distributions, so we have no choice except to bypass it and wait for +it to be fixed. + +Signed-off-by: David Woodhouse +(cherry picked from commit 7e862f2f0352409357fa7a4762481fde49909eb8 + and commit d29822cf30293d5f8b039baf3306eed2769fa0b5) +--- + configure.ac | 3 +++ + libopenconnect.map.in | 2 +- + main.c | 23 +++++++++++++++++++++++ + openconnect-internal.h | 9 +++++++++ + www/changelog.xml | 1 + + 5 files changed, 37 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 8b1b540f..3ea5e9cc 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -26,6 +26,7 @@ symver_getline= + symver_asprintf= + symver_vasprintf= + symver_win32_strerror= ++symver_win32_setenv= + + case $host_os in + *linux* | *gnu* | *nacl*) +@@ -54,6 +55,7 @@ case $host_os in + # For asprintf() + AC_DEFINE(_GNU_SOURCE, 1, [_GNU_SOURCE]) + symver_win32_strerror="openconnect__win32_strerror;" ++ symver_win32_setenv="openconnect__win32_setenv;" + # Win32 does have the SCard API + system_pcsc_libs="-lwinscard" + system_pcsc_cflags= +@@ -156,6 +158,7 @@ AC_SUBST(SYMVER_GETLINE, $symver_getline) + AC_SUBST(SYMVER_ASPRINTF, $symver_asprintf) + AC_SUBST(SYMVER_VASPRINTF, $symver_vasprintf) + AC_SUBST(SYMVER_WIN32_STRERROR, $symver_win32_strerror) ++AC_SUBST(SYMVER_WIN32_SETENV, $symver_win32_setenv) + + AS_COMPILER_FLAGS(WFLAGS, + "-Wall +diff --git a/libopenconnect.map.in b/libopenconnect.map.in +index 5b4bc5d7..1039aacf 100644 +--- a/libopenconnect.map.in ++++ b/libopenconnect.map.in +@@ -109,7 +109,7 @@ OPENCONNECT_5_6 { + } OPENCONNECT_5_5; + + OPENCONNECT_PRIVATE { +- global: @SYMVER_TIME@ @SYMVER_GETLINE@ @SYMVER_JAVA@ @SYMVER_ASPRINTF@ @SYMVER_VASPRINTF@ @SYMVER_WIN32_STRERROR@ ++ global: @SYMVER_TIME@ @SYMVER_GETLINE@ @SYMVER_JAVA@ @SYMVER_ASPRINTF@ @SYMVER_VASPRINTF@ @SYMVER_WIN32_STRERROR@ @SYMVER_WIN32_SETENV@ + openconnect_get_tls_library_version; + openconnect_fopen_utf8; + openconnect_open_utf8; +diff --git a/main.c b/main.c +index cc3dd91e..129755a1 100644 +--- a/main.c ++++ b/main.c +@@ -1436,6 +1436,29 @@ int main(int argc, char **argv) + openconnect_binary_version, openconnect_version_str); + } + ++ /* Some systems have a crypto policy which completely prevents DTLSv1.0 ++ * from being used, which is entirely pointless and will just drive ++ * users back to the crappy proprietary clients. Or drive OpenConnect ++ * to implement its own DTLS instead of using the system crypto libs. ++ * We're happy to conform by default to the system policy which is ++ * carefully curated to keep up to date with developments in crypto ++ * attacks — but we also *need* to be able to override it and connect ++ * anyway, when the user asks us to. Just as we *can* continue even ++ * when the server has an invalid certificate, based on user input. ++ * It was a massive oversight that GnuTLS implemented the system ++ * policy *without* that basic override facility, so until/unless ++ * it actually gets implemented properly we have to just disable it. ++ * We can't do this from openconnect_init_ssl() since that would be ++ * calling setenv() from a library in someone else's process. And ++ * thankfully we don't really need to since the auth-dialogs don't ++ * care; this is mostly for the DTLS connection. ++ */ ++#ifdef OPENCONNECT_GNUTLS ++ setenv("GNUTLS_SYSTEM_PRIORITY_FILE", DEVNULL, 0); ++#else ++ setenv("OPENSSL_CONF", DEVNULL, 0); ++#endif ++ + openconnect_init_ssl(); + + vpninfo = openconnect_vpninfo_new((char *)"Open AnyConnect VPN Agent", +diff --git a/openconnect-internal.h b/openconnect-internal.h +index 92edf763..9eb274c2 100644 +--- a/openconnect-internal.h ++++ b/openconnect-internal.h +@@ -41,6 +41,15 @@ + + #include "openconnect.h" + ++/* Equivalent of "/dev/null" on Windows. ++ * See https://stackoverflow.com/a/44163934 ++ */ ++#ifdef _WIN32 ++#define DEVNULL "NUL:" ++#else ++#define DEVNULL "/dev/null" ++#endif ++ + #if defined(OPENCONNECT_OPENSSL) + #include + #include +diff --git a/www/changelog.xml b/www/changelog.xml +index 1a05eda7..ca90413f 100644 +--- a/www/changelog.xml ++++ b/www/changelog.xml +@@ -16,6 +16,7 @@ +
  • OpenConnect HEAD +
      +
    • Ignore failures to fetch the NC landing page if the authentication was successful.
      • ++
    • Disable brittle "system policy" enforcement where it cannot be gracefully overridden at user request. (RH#1960763).
      • +

    +
    • +
  • OpenConnect v8.10 +-- +2.31.1 + diff --git a/openconnect.spec b/openconnect.spec index 4fb9350..da576ed 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -40,7 +40,7 @@ Name: openconnect Version: 8.10 -Release: 5%{?relsuffix}%{?dist} +Release: 6%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -52,6 +52,9 @@ Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc Source3: macros.gpg +Patch0001: 0001-Ignore-errors-fetching-NC-landing-page-if-auth-was-s.patch +Patch0002: 0002-Unconditionally-bypass-system-crypto-policy.patch + BuildRequires: make BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool gettext pkgconfig(liblz4) @@ -161,6 +164,10 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat Jun 12 2021 David Woodhouse - 8.10-6 +- Explicitly disable too-brittle system crypto policies (#1960763) +- Ignore with errors fetching Juniper landing page when login was successful anyway. + * Sun Feb 14 2021 Nikos Mavrogiannopoulos - 8.10-5 - Rebuilt while skipping the (PKCS#11) failing tests From 990b21b9f27ab34858a9449bc0e89de59f28ba72 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 22 Jul 2021 17:11:46 +0000 Subject: [PATCH 171/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index da576ed..e798a22 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -40,7 +40,7 @@ Name: openconnect Version: 8.10 -Release: 6%{?relsuffix}%{?dist} +Release: 7%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -164,6 +164,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jul 22 2021 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Sat Jun 12 2021 David Woodhouse - 8.10-6 - Explicitly disable too-brittle system crypto policies (#1960763) - Ignore with errors fetching Juniper landing page when login was successful anyway. From 3e364e3c3ddf5345ecb7ca08f1b5004b966cc1a6 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 20 Jan 2022 22:19:58 +0000 Subject: [PATCH 172/184] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index e798a22..c5204a2 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -40,7 +40,7 @@ Name: openconnect Version: 8.10 -Release: 7%{?relsuffix}%{?dist} +Release: 8%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -164,6 +164,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jan 20 2022 Fedora Release Engineering +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Thu Jul 22 2021 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From f3242da564b5aeea939e5cf16832c4266c8d07a3 Mon Sep 17 00:00:00 2001 From: Troy Dawson Date: Fri, 11 Feb 2022 22:40:52 +0000 Subject: [PATCH 173/184] Fix %if statements to build on RHEL9 --- openconnect.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index c5204a2..488166d 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -69,7 +69,7 @@ Requires: vpnc-script Requires: vpnc %endif -%if 0%{?fedora} >= 30 +%if 0%{?fedora} >= 30 || 0%{?rhel} >= 9 BuildRequires: glibc-langpack-cs %endif %if %{use_gnutls} @@ -140,7 +140,7 @@ rm -f $RPM_BUILD_ROOT/%{_libexecdir}/openconnect/hipreport-android.sh %find_lang %{name} %check -%if 0%{?fedora} || 0%{?fedora} >= 34 +%if 0%{?fedora} >= 34 || 0%{?rhel} >= 9 # auth-pkcs11 fails in Fedora34 for unknown reasons make VERBOSE=1 check XFAIL_TESTS=auth-pkcs11 %else From 414588b865fc9095416c1077c2e299aa9bbbe5c3 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sun, 20 Feb 2022 19:55:09 +0000 Subject: [PATCH 174/184] 8.20 --- .gitignore | 2 ++ openconnect.spec | 14 +++++++------- sources | 4 ++-- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index e46177a..54e59fa 100644 --- a/.gitignore +++ b/.gitignore @@ -69,3 +69,5 @@ openconnect-2.25.tar.gz /openconnect-8.09.tar.gz.asc /openconnect-8.10.tar.gz /openconnect-8.10.tar.gz.asc +/openconnect-8.20.tar.gz +/openconnect-8.20.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index 488166d..0efc5ba 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -39,8 +39,8 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 8.10 -Release: 8%{?relsuffix}%{?dist} +Version: 8.20 +Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -52,9 +52,6 @@ Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc Source3: macros.gpg -Patch0001: 0001-Ignore-errors-fetching-NC-landing-page-if-auth-was-s.patch -Patch0002: 0002-Unconditionally-bypass-system-crypto-policy.patch - BuildRequires: make BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool gettext pkgconfig(liblz4) @@ -141,8 +138,8 @@ rm -f $RPM_BUILD_ROOT/%{_libexecdir}/openconnect/hipreport-android.sh %check %if 0%{?fedora} >= 34 || 0%{?rhel} >= 9 -# auth-pkcs11 fails in Fedora34 for unknown reasons -make VERBOSE=1 check XFAIL_TESTS=auth-pkcs11 +# 3DES and MD5 really are just gone. +make VERBOSE=1 check XFAIL_TESTS=obsolete-server-crypto %else make VERBOSE=1 check %endif @@ -164,6 +161,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sun Feb 20 2022 David Woodhouse - 8.20-1 +- Update to 8.20 release + * Thu Jan 20 2022 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild diff --git a/sources b/sources index a925138..631615c 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-8.10.tar.gz) = a36a106cf5c637602fc5bd3cd12df8f6dfe55217c1aae93c66ca33208507f3f8cda15e3a46d75615c7fcea1859d1a04017a07674ad0246876154467305477356 -SHA512 (openconnect-8.10.tar.gz.asc) = 90c71a939fb4ed42ebdd44bfcdd03481b350975348726f935de2d8456f478b7c3dd16361351dad806d9f6d64bbab8a18edd56e3918a1c046724421e3e1c4441e +SHA512 (openconnect-8.20.tar.gz) = 76f5e49948391397ea1f7d2fca5798731f4278fee74c3da9b0f0daba6c386ce79ec5d87d40b6d3d99bb2528a038b5a2076df4159bb29c52cba62efb2ca52c8ab +SHA512 (openconnect-8.20.tar.gz.asc) = 82bb28c4ab5b8e07f89a1e2a3860a359ef8266637cee47f0905f70631f0bfe3bb37ac5c98746694a38bcadcbb4a35b7d2c4872f0573adce8b2c950dfe9c6fe1b From 0f49f866c677492d1ac85d1a609f4240804d8f64 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 19 Apr 2022 16:27:53 +0100 Subject: [PATCH 175/184] Fix loglevel (upstream bug #401) --- 0001-Set-loglevel-as-soon-as-it-s-known.patch | 36 +++++++++++++++++++ openconnect.spec | 7 +++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 0001-Set-loglevel-as-soon-as-it-s-known.patch diff --git a/0001-Set-loglevel-as-soon-as-it-s-known.patch b/0001-Set-loglevel-as-soon-as-it-s-known.patch new file mode 100644 index 0000000..ee02cd6 --- /dev/null +++ b/0001-Set-loglevel-as-soon-as-it-s-known.patch @@ -0,0 +1,36 @@ +From a061a8e9adcda6c3a6ae39a82f87da13fc9ee207 Mon Sep 17 00:00:00 2001 +From: Maxim Storchak +Date: Tue, 5 Apr 2022 13:23:06 +0300 +Subject: [PATCH] Set loglevel as soon as it's known + +Fixes #401 + +Signed-off-by: Maxim Storchak +--- + main.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/main.c b/main.c +index 166121f2..f382069e 100644 +--- a/main.c ++++ b/main.c +@@ -2155,6 +2155,8 @@ int main(int argc, char **argv) + if (vpninfo->dump_http_traffic && verbose < PRG_DEBUG) + verbose = PRG_DEBUG; + ++ openconnect_set_loglevel(vpninfo, verbose); ++ + if (autoproxy) { + #ifdef LIBPROXY_HDR + vpninfo->proxy_factory = px_proxy_factory_new(); +@@ -2291,7 +2293,6 @@ int main(int argc, char **argv) + } + + +- openconnect_set_loglevel(vpninfo, verbose); + openconnect_set_setup_tun_handler(vpninfo, fully_up_cb); + openconnect_set_stats_handler(vpninfo, print_connection_stats); + +-- +2.25.1 + diff --git a/openconnect.spec b/openconnect.spec index 0efc5ba..88b3de1 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -40,7 +40,7 @@ Name: openconnect Version: 8.20 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -52,6 +52,8 @@ Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc Source3: macros.gpg +Patch0001: 0001-Set-loglevel-as-soon-as-it-s-known.patch + BuildRequires: make BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool gettext pkgconfig(liblz4) @@ -161,6 +163,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Tue Apr 19 2022 David Woodhouse - 8.20-2 +- Merge upstream patch to fix loglevel (OC #401). + * Sun Feb 20 2022 David Woodhouse - 8.20-1 - Update to 8.20 release From 16c2f5115a8e73f43f6a7bd0e97363ef544425a8 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Fri, 29 Apr 2022 22:22:10 +0100 Subject: [PATCH 176/184] 9.01 --- .gitignore | 4 +++ 0001-Set-loglevel-as-soon-as-it-s-known.patch | 36 ------------------- openconnect.spec | 9 ++--- sources | 4 +-- 4 files changed, 11 insertions(+), 42 deletions(-) delete mode 100644 0001-Set-loglevel-as-soon-as-it-s-known.patch diff --git a/.gitignore b/.gitignore index 54e59fa..0dbf0a3 100644 --- a/.gitignore +++ b/.gitignore @@ -71,3 +71,7 @@ openconnect-2.25.tar.gz /openconnect-8.10.tar.gz.asc /openconnect-8.20.tar.gz /openconnect-8.20.tar.gz.asc +/openconnect-9.00.tar.gz +/openconnect-9.00.tar.gz.asc +/openconnect-9.01.tar.gz +/openconnect-9.01.tar.gz.asc diff --git a/0001-Set-loglevel-as-soon-as-it-s-known.patch b/0001-Set-loglevel-as-soon-as-it-s-known.patch deleted file mode 100644 index ee02cd6..0000000 --- a/0001-Set-loglevel-as-soon-as-it-s-known.patch +++ /dev/null @@ -1,36 +0,0 @@ -From a061a8e9adcda6c3a6ae39a82f87da13fc9ee207 Mon Sep 17 00:00:00 2001 -From: Maxim Storchak -Date: Tue, 5 Apr 2022 13:23:06 +0300 -Subject: [PATCH] Set loglevel as soon as it's known - -Fixes #401 - -Signed-off-by: Maxim Storchak ---- - main.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/main.c b/main.c -index 166121f2..f382069e 100644 ---- a/main.c -+++ b/main.c -@@ -2155,6 +2155,8 @@ int main(int argc, char **argv) - if (vpninfo->dump_http_traffic && verbose < PRG_DEBUG) - verbose = PRG_DEBUG; - -+ openconnect_set_loglevel(vpninfo, verbose); -+ - if (autoproxy) { - #ifdef LIBPROXY_HDR - vpninfo->proxy_factory = px_proxy_factory_new(); -@@ -2291,7 +2293,6 @@ int main(int argc, char **argv) - } - - -- openconnect_set_loglevel(vpninfo, verbose); - openconnect_set_setup_tun_handler(vpninfo, fully_up_cb); - openconnect_set_stats_handler(vpninfo, print_connection_stats); - --- -2.25.1 - diff --git a/openconnect.spec b/openconnect.spec index 88b3de1..6536fd4 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -39,8 +39,8 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 8.20 -Release: 2%{?relsuffix}%{?dist} +Version: 9.01 +Release: 1%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -52,8 +52,6 @@ Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc Source3: macros.gpg -Patch0001: 0001-Set-loglevel-as-soon-as-it-s-known.patch - BuildRequires: make BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool gettext pkgconfig(liblz4) @@ -163,6 +161,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Apr 29 2022 David Woodhouse - 9.01-1 +- Update to 9.01 release + * Tue Apr 19 2022 David Woodhouse - 8.20-2 - Merge upstream patch to fix loglevel (OC #401). diff --git a/sources b/sources index 631615c..2c807ee 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-8.20.tar.gz) = 76f5e49948391397ea1f7d2fca5798731f4278fee74c3da9b0f0daba6c386ce79ec5d87d40b6d3d99bb2528a038b5a2076df4159bb29c52cba62efb2ca52c8ab -SHA512 (openconnect-8.20.tar.gz.asc) = 82bb28c4ab5b8e07f89a1e2a3860a359ef8266637cee47f0905f70631f0bfe3bb37ac5c98746694a38bcadcbb4a35b7d2c4872f0573adce8b2c950dfe9c6fe1b +SHA512 (openconnect-9.01.tar.gz) = b7428847a90f8ca9d1f1f61653c1f2486f0a07989f3b7435b746c5e901998194f4ee2b4f9569a548a23bba368bb1e9f273674c0759aac9df30208d2a6a303c34 +SHA512 (openconnect-9.01.tar.gz.asc) = 246167336adf5b9294b6e43bc9f758cd0dd4e322c5e34c608611574ab5f2f2157c492fc7471f61fe846327c3d965649602a7ef46cd66e53c8228173d6a77b6dc From ae605b0cacf3e60ce8b4f5e6549d313a22506b26 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 4 Jul 2022 19:14:00 +0200 Subject: [PATCH 177/184] openconnect.spec: do not use macros.gpg The macro is now included in the standard fedora macros. --- macros.gpg | 316 ----------------------------------------------- openconnect.spec | 4 +- 2 files changed, 1 insertion(+), 319 deletions(-) delete mode 100644 macros.gpg diff --git a/macros.gpg b/macros.gpg deleted file mode 100644 index fab8861..0000000 --- a/macros.gpg +++ /dev/null @@ -1,316 +0,0 @@ -# The gpg_verify macro is defined further down in this document. - -# gpg_verify takes one option and a list of 2- or 3-tuples. -# -# With no arguments, attempts to figure everything out. Finds one keyring and -# tries to pair each signature file with a source. If there is no source found -# which matches a signature, the build is aborted. -# -# -k gives a common keyring to verify all signatures against, except when an -# argument specifies its own keyring. -# -# Each argument must be of the form "F,S,K" or "F,S", where each of F, S and K -# is either the number or the filename of one of the source files in the -# package. A pathname including directories is not allowed. -# F is a source file to check. -# S is a signature. -# K is a keyring. -# -# When an argument specifies a keyring, that signature will be verified against -# the keys in that keyring. For arguments that don't specify a keyring, the one -# specified with -k will be used, if any. If no keyring is specified either -# way, the macro will default to the first one it finds in the source list. -# -# It is assumed that all the keys in all keyrings, whether automatically found -# or explicitly specified, are trusted to authenticate the source files. There -# must not be any untrusted keys included. - -# Some utility functions to the global namespace -# Most of these should come from the utility macros in the other repo. -%define gpg_macros_init %{lua: - function db(str) - io.stderr:write(tostring(str) .. '\\n') - end -\ - -- Simple basename clone - function basename(str) - local name = string.gsub(str, "(.*/)(.*)", "%2") - return name - end -\ - -- Get the numbered or source file. - -- The spec writer can use any numbering scheme. The sources table - -- always counts from 1 and has no gaps, so we have to go back to the - -- SOURCEN macros. - function get_numbered_source(num) - local macro = "%SOURCE" .. num - local val = rpm.expand(macro) - if val == macro then - return nil - end - return val - end - -- Get the named source file. This returns the full path to a source file, - -- or nil if no such source exists. - function get_named_source(name) - local path - for _,path in ipairs(sources) do - if name == basename(path) then - return path - end - end - return nil - end -\ - -- Determine whether the supplied filename contains a signature - -- Assumes the file will be closed when the handle goes out of scope - function is_signature(fname) - -- I don't really like this, but you can have completely binary sigs - if string.find(fname, '%.sig$') then - return true - end - local file = io.open(fname, 'r') - if file == nil then return false end -\ - local c = 1 - while true do - local line = file:read('*line') - if (line == nil or c > 10) then break end - if string.find(line, "BEGIN PGP SIGNATURE") then - return true - end - c = c+1 - end - return false - end -\ - -- Determine whether the supplied filename looks like a keyring - -- Ends in .gpg (might be binary data)? Contains "BEGIN PGP PUBLIC KEY BLOCK" - function is_keyring(fname) - -- XXX Have to hack this now to make it not find macros.gpg while we're testing. - if string.find(fname, '%.gpg$') and not string.find(fname, 'macros.gpg$') then - return true - end -\ - local file = io.open(fname, 'r') - if file == nil then return false end - io.input(file) - local c = 1 - while true do - local line = io.read('*line') - if (line == nil or c > 10) then break end - if string.find(line, "BEGIN PGP PUBLIC KEY BLOCK") then - return true - end - c = c+1 - end - return false - end -\ - -- Output code to have the current scriptlet echo something - function echo(str) - print("echo " .. str .. "\\n") - end -\ - -- Output an exit statement with nonzero return to the current scriptlet - function exit() - print("exit 1\\n") - end -\ - -- Call the RPM %error macro - function rpmerror(str) - echo("gpg_verify: " .. str) - rpm.expand("%{error:gpg_verify: " .. str .. "}") - exit(1) - end -\ - -- XXX How to we get just a flag and no option? - function getflag(flag) - return nil - end -\ - -- Extract the value of a passed option - function getoption(opt) - out = rpm.expand("%{-" .. opt .. "*}") - -- if string.len(out) == 0 then - if #out == 0 then - return nil - end - return out - end -\ - function unknownarg(a) - rpmerror("Unknown argument to %%gpg_verify: " .. a) - end -\ - function rprint(s, l, i) -- recursive Print (structure, limit, indent) - l = (l) or 100; i = i or ""; -- default item limit, indent string - if (l<1) then db("ERROR: Item limit reached."); return l-1 end; - local ts = type(s); - if (ts ~= "table") then db(i,ts,s); return l-1 end - db(i,ts); -- print "table" - for k,v in pairs(s) do -- db("[KEY] VALUE") - l = rprint(v, l, i.."\t["..tostring(k).."]"); - if (l < 0) then break end - end - return l - end -\ - -- Given a list of source file numbers or file names, validate them and - -- convert them to a list of full filenames. - function check_sources_list(arr) - local files = {} - local src,fpath - for _, src in ipairs(arr) do - if tonumber(src) then - -- We have a number; turn it to a full path to the corresponding source file - fpath = get_numbered_source(src) - else - fpath = get_named_source(src) - end - if not src then - err = 'Not a valid source: ' .. src - if src == '1' then - err = err .. '. Note that "Source:" is the 0th source file, not the 1st.' - end - rpmerror(err) - end - table.insert(files, fpath) - end - return files - end - rpm.define("gpg_macros_init %{nil}") -}# - -# The actual macro -%define gpg_verify(k:) %gpg_macros_init%{lua: - -- RPM will ignore the first thing we output unless we give it a newline. - print('\\n') -\ - local defkeyspec = getoption("k") - local args = rpm.expand("%*") - local sourcefiles = {} - local signature_table = {} - local signatures = {} - local keyrings = {} - local defkey, match, captures, s -\ - local function storematch(m, c) - match = m; captures = c - end -\ - -- Scan all of the sources and try to categorize them. - -- Move to a function - for i,s in pairs(sources) do - sourcefiles[s] = true - -- db('File: ' .. i .. ", " .. s) - if is_signature(s) then - table.insert(signatures, s) - signature_table[s] = true - db('Found signature: ' .. s) - elseif is_keyring(s) then - table.insert(keyrings, s) - db('Found keyring: ' .. s) - else - -- Must be a source - db('Found source: ' .. s) - end - end -\ - if defkeyspec then - defkey = check_sources_list({defkeyspec})[1] - if not defkey then - rpmerror('The provided keyring ' .. defkeyspec .. ' is not a valid source number or filename.') - end - end -\ - if defkey then - db('Defkey: ' .. defkey) - else - db('No common key yet') - if keyrings[1] then - defkey = keyrings[1] - db('Using first found keyring file: '..defkey) - end - end -\ - -- Check over any given args to make sure they're valid, and to see if a - -- common key is required. - local needdefkey = false - local double = rex.newPOSIX('^([^,]+),([^,]+)$') - local triple = rex.newPOSIX('^([^,]+),([^,]+),([^,]+)$') - local arglist = {} -\ - -- RPM gives us the arguments in a single string. - -- Split on spaces and iterate - for arg in args:gmatch('%S+') do - db('Checking ' .. arg) - if triple:gmatch(arg, storematch) > 0 then - db('Looks OK') - local parsed = {srcnum=captures[1], signum=captures[2], keynum=captures[3]} - s = check_sources_list({captures[1], captures[2], captures[3]}) - parsed.srcfile = s[1] - parsed.sigfile = s[2] - parsed.keyfile = s[3] - table.insert(arglist, parsed) - elseif double:gmatch(arg, storematch) > 0 then - db('Looks OK; needs common key') - needdefkey = true - local parsed = {srcnum=captures[1], signum=captures[2], keynum=defkeyspec, keyfile=defkey} - s = check_sources_list({captures[1], captures[2]}) - parsed.srcfile = s[1] - parsed.sigfile = s[2] - table.insert(arglist, parsed) - else - rpmerror('Provided argument '..arg..' is not valid.') - end - end -\ - -- So we now know if one of those args needs a common key - if needdefkey and not defkey then - rpmerror('No common key was specified or found, yet the arguments require one.') - end -\ - -- And if we have no arguments at all and no common key was found, - -- then we can't do an automatic check - if not defkey and args == '' then - rpmerror('No keyring specified and none found; cannot auto-check.') - end -\ - -- Nothing to check means automatic mode - if #arglist == 0 then - local noext - for i,_ in pairs(signature_table) do - -- Find the name without the extension - noext = string.gsub(i, '%.[^.]+$', '') - if sourcefiles[noext] then - table.insert(arglist, {srcfile=noext, sigfile=i, keyfile=defkey}) - else - rpmerror('Found signature ' .. i .. ' with no matching source file.') - end - end - end -\ - -- Now actually check things - for _,arg in ipairs(arglist) do - local gpgfile = '$GPGHOME/' .. basename(arg.keyfile) .. '.gpg' - echo('Checking signature: file ' .. arg.srcfile .. ' sig ' .. arg.sigfile .. ' key ' .. arg.keyfile) -\ - -- We need a secure temp directorry - print('GPGHOME=$(mktemp -qd)\\n') -\ - -- Call gpg2 to generate the dearmored key - print('gpg2 --homedir $GPGHOME --no-default-keyring --quiet --yes ') - print('--output '.. gpgfile .. ' --dearmor ' .. arg.keyfile .. "\\n") -\ - -- Call gpgv2 to verify the signature against the source file with the dearmored key - print('gpgv2 --homedir $GPGHOME --keyring ' .. gpgfile .. ' ' .. arg.sigfile .. ' ' .. arg.srcfile .. '\\n') -\ - print('rm -rf $GPGHOME\\n') - echo('') - end -\ - db('------------') -}# - -# vim: set filetype=spec: diff --git a/openconnect.spec b/openconnect.spec index 6536fd4..c2b53e6 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -50,7 +50,6 @@ Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz.asc %endif Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc -Source3: macros.gpg BuildRequires: make BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 @@ -107,10 +106,9 @@ This package provides the core HTTP and authentication support from the OpenConnect VPN client, to be used by GUI authentication dialogs for NetworkManager etc. -%include %SOURCE3 %prep %if 0%{?gitcount} == 0 -%gpg_verify +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %endif %autosetup -n openconnect-%{version}%{?gitsuffix} -p1 From 15db09ca6b283878b1470b35cf095d9a39322787 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Fri, 15 Jul 2022 08:11:02 +0200 Subject: [PATCH 178/184] Compile with xdg-open --- openconnect.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/openconnect.spec b/openconnect.spec index c2b53e6..2f1055d 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -40,7 +40,7 @@ Name: openconnect Version: 9.01 -Release: 1%{?relsuffix}%{?dist} +Release: 2%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -51,7 +51,7 @@ Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf %endif Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc -BuildRequires: make +BuildRequires: make xdg-utils BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2 BuildRequires: autoconf automake libtool gettext pkgconfig(liblz4) BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper) @@ -159,6 +159,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Jul 15 2022 Nikos Mavrogiannopoulos - 9.01-2 +- Compile with support for browser / xdg-open + * Fri Apr 29 2022 David Woodhouse - 9.01-1 - Update to 9.01 release From 9982cf94689227236a9ed52dfe4f7a85933f02d5 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 22 Jul 2022 02:02:28 +0000 Subject: [PATCH 179/184] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index 2f1055d..eb840e8 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -40,7 +40,7 @@ Name: openconnect Version: 9.01 -Release: 2%{?relsuffix}%{?dist} +Release: 3%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -159,6 +159,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Fri Jul 22 2022 Fedora Release Engineering - 9.01-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Fri Jul 15 2022 Nikos Mavrogiannopoulos - 9.01-2 - Compile with support for browser / xdg-open From 4f70f408e1fe25a920c6de61283c3be97ce0016c Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 19 Jan 2023 22:46:44 +0000 Subject: [PATCH 180/184] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- openconnect.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openconnect.spec b/openconnect.spec index eb840e8..602d190 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -40,7 +40,7 @@ Name: openconnect Version: 9.01 -Release: 3%{?relsuffix}%{?dist} +Release: 4%{?relsuffix}%{?dist} Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect License: LGPLv2+ @@ -159,6 +159,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu Jan 19 2023 Fedora Release Engineering - 9.01-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Fri Jul 22 2022 Fedora Release Engineering - 9.01-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From 81414964b24b4f78f2295cc254dfcebe907d216f Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Thu, 4 May 2023 19:30:56 +0100 Subject: [PATCH 181/184] 9.10 --- .gitignore | 2 ++ openconnect.spec | 15 +++++++++------ sources | 4 ++-- 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index 0dbf0a3..9c0669f 100644 --- a/.gitignore +++ b/.gitignore @@ -75,3 +75,5 @@ openconnect-2.25.tar.gz /openconnect-9.00.tar.gz.asc /openconnect-9.01.tar.gz /openconnect-9.01.tar.gz.asc +/openconnect-9.10.tar.gz +/openconnect-9.10.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index 602d190..dabbf95 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -39,9 +39,9 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 9.01 -Release: 4%{?relsuffix}%{?dist} -Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect +Version: 9.10 +Release: 1%{?relsuffix}%{?dist} +Summary: Open multi-protocol SSL VPN client License: LGPLv2+ URL: http://www.infradead.org/openconnect.html @@ -89,9 +89,9 @@ BuildRequires: pkgconfig(tss2-esys) libgcrypt-devel %endif %description -This package provides a multiprotocol VPN client for Cisco AnyConnect, -Juniper SSL VPN / Pulse Connect Secure, and Palo Alto Networks GlobalProtect -SSL VPN. +This package provides a multi-protocol VPN client for Cisco AnyConnect, +Juniper SSL VPN, Pulse/Ivanti Pulse Connect Secure, F5 BIG-IP, Fortinet +Palo Alto Networks GlobalProtect SSL VPN, Array Networks SSL VPN. %package devel Summary: Development package for OpenConnect VPN authentication tools @@ -159,6 +159,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Thu May 04 2023 David Woodhouse - 9.10-1 +- Update to 9.10 release + * Thu Jan 19 2023 Fedora Release Engineering - 9.01-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild diff --git a/sources b/sources index 2c807ee..85c41ac 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-9.01.tar.gz) = b7428847a90f8ca9d1f1f61653c1f2486f0a07989f3b7435b746c5e901998194f4ee2b4f9569a548a23bba368bb1e9f273674c0759aac9df30208d2a6a303c34 -SHA512 (openconnect-9.01.tar.gz.asc) = 246167336adf5b9294b6e43bc9f758cd0dd4e322c5e34c608611574ab5f2f2157c492fc7471f61fe846327c3d965649602a7ef46cd66e53c8228173d6a77b6dc +SHA512 (openconnect-9.10.tar.gz) = 64d10ad67fccd11d1aaae23a77c6cfd8200bbba0eae21a7d01c604688ec9c35b5f19eeb9a47de14d383780eba64a2f6c06daccd4c1fae6289efdb0dc2fb7c536 +SHA512 (openconnect-9.10.tar.gz.asc) = 4ed8be3a8aa1a0bdedff94910b2de792c93025498f83b50033df9ef25fd0a9dd86ab3011183657b49bbc3c2b70a5acb9605bdfa722e2bb2f2318540d1047f730 From 8f5e8cc426e14f30090c7a2c6f6b83fb23f76226 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Wed, 17 May 2023 12:48:41 +0100 Subject: [PATCH 182/184] 9.11 --- .gitignore | 2 ++ openconnect.spec | 5 ++++- sources | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 9c0669f..4f18139 100644 --- a/.gitignore +++ b/.gitignore @@ -77,3 +77,5 @@ openconnect-2.25.tar.gz /openconnect-9.01.tar.gz.asc /openconnect-9.10.tar.gz /openconnect-9.10.tar.gz.asc +/openconnect-9.11.tar.gz +/openconnect-9.11.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index dabbf95..1d653c6 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -39,7 +39,7 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 9.10 +Version: 9.11 Release: 1%{?relsuffix}%{?dist} Summary: Open multi-protocol SSL VPN client @@ -159,6 +159,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Wed May 17 2023 David Woodhouse - 9.11-1 +- Update to 9.11 release + * Thu May 04 2023 David Woodhouse - 9.10-1 - Update to 9.10 release diff --git a/sources b/sources index 85c41ac..e5f3ebb 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-9.10.tar.gz) = 64d10ad67fccd11d1aaae23a77c6cfd8200bbba0eae21a7d01c604688ec9c35b5f19eeb9a47de14d383780eba64a2f6c06daccd4c1fae6289efdb0dc2fb7c536 -SHA512 (openconnect-9.10.tar.gz.asc) = 4ed8be3a8aa1a0bdedff94910b2de792c93025498f83b50033df9ef25fd0a9dd86ab3011183657b49bbc3c2b70a5acb9605bdfa722e2bb2f2318540d1047f730 +SHA512 (openconnect-9.11.tar.gz) = fd1aa12597467102e7c94de9549f02f714736f997b050473d1e0f1a1abd9dc85186436209be9a8b24cafa9dc349329be7d583eb438ce06f14077a7c12598e55e +SHA512 (openconnect-9.11.tar.gz.asc) = c8c25c12d6573ef2c97e5e6d9d46c4c002e7f8357d1bcc1a8b11c3c1fcbfa7e5b2414ac47b635fdea8d1028d9cb8160f1d79567fe046ac1e8b7136edf0e88e51 From 3df16533d74046b005ea7133f8b05198f032d93e Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sat, 20 May 2023 08:45:41 +0100 Subject: [PATCH 183/184] 9.12 --- .gitignore | 2 ++ openconnect.spec | 5 ++++- sources | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 4f18139..20d4b71 100644 --- a/.gitignore +++ b/.gitignore @@ -79,3 +79,5 @@ openconnect-2.25.tar.gz /openconnect-9.10.tar.gz.asc /openconnect-9.11.tar.gz /openconnect-9.11.tar.gz.asc +/openconnect-9.12.tar.gz +/openconnect-9.12.tar.gz.asc diff --git a/openconnect.spec b/openconnect.spec index 1d653c6..0c9caa7 100644 --- a/openconnect.spec +++ b/openconnect.spec @@ -39,7 +39,7 @@ %{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} Name: openconnect -Version: 9.11 +Version: 9.12 Release: 1%{?relsuffix}%{?dist} Summary: Open multi-protocol SSL VPN client @@ -159,6 +159,9 @@ make VERBOSE=1 check %{_libdir}/pkgconfig/openconnect.pc %changelog +* Sat May 20 2023 David Woodhouse - 9.12-1 +- Update to 9.12 release + * Wed May 17 2023 David Woodhouse - 9.11-1 - Update to 9.11 release diff --git a/sources b/sources index e5f3ebb..7ac1bfc 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (openconnect-9.11.tar.gz) = fd1aa12597467102e7c94de9549f02f714736f997b050473d1e0f1a1abd9dc85186436209be9a8b24cafa9dc349329be7d583eb438ce06f14077a7c12598e55e -SHA512 (openconnect-9.11.tar.gz.asc) = c8c25c12d6573ef2c97e5e6d9d46c4c002e7f8357d1bcc1a8b11c3c1fcbfa7e5b2414ac47b635fdea8d1028d9cb8160f1d79567fe046ac1e8b7136edf0e88e51 +SHA512 (openconnect-9.12.tar.gz) = 5c622e8bdfac3d21b5881660444e5d2b84e9463a99493d42cbfb480c3aa3972076bdeeb618aca02abed68e31dbeadcb66fb1c370e62a20f20cd544753c7ac48e +SHA512 (openconnect-9.12.tar.gz.asc) = ade33209a4c17bbdfd0bea7490588b248c36c4da56a9aec60818ed6c96bc8c3570b1f2ac2685003122a1e52dd9d24e4b678d77e001c752461649114167a7304c From 31b14aeae4de13e378cb5a1d60015ef42755a3a9 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Mon, 30 Oct 2023 19:08:46 +0300 Subject: [PATCH 184/184] Remove unnecessary files --- sources | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 sources diff --git a/sources b/sources deleted file mode 100644 index 7ac1bfc..0000000 --- a/sources +++ /dev/null @@ -1,2 +0,0 @@ -SHA512 (openconnect-9.12.tar.gz) = 5c622e8bdfac3d21b5881660444e5d2b84e9463a99493d42cbfb480c3aa3972076bdeeb618aca02abed68e31dbeadcb66fb1c370e62a20f20cd544753c7ac48e -SHA512 (openconnect-9.12.tar.gz.asc) = ade33209a4c17bbdfd0bea7490588b248c36c4da56a9aec60818ed6c96bc8c3570b1f2ac2685003122a1e52dd9d24e4b678d77e001c752461649114167a7304c