rpms
/
openconnect
20
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:f38
Branches Tags
rpms:i8ce
rpms:i9cf
rpms:f38
rpms:epel8
...
pull from: rpms:i8ce
Branches Tags
rpms:i8ce
rpms:i9cf
rpms:f38
rpms:epel8

No commits in common. 'f38' and 'i8ce' have entirely different histories.
f38 ... i8ce

9 changed files with 333 additions and 357 deletions
Show Stats

85
.gitignore vendored
Unescape View File

@ -1,83 +1,2 @@
openconnect-2.25.tar.gz
/openconnect-2.26.tar.gz
/openconnect-3.00.tar.gz
/openconnect-3.01.tar.gz
/openconnect-3.02.tar.gz
/openconnect-3.10.tar.gz
/openconnect-3.11.tar.gz
/openconnect-3.12.tar.gz
/openconnect-3.13.tar.gz
/openconnect-3.14.tar.gz
/openconnect-3.15.tar.gz
/openconnect-3.16.tar.gz
/openconnect-3.17.tar.gz
/openconnect-3.18.tar.gz
/openconnect-3.19.tar.gz
/openconnect-3.20.tar.gz
/openconnect-3.99.tar.gz
/openconnect-3.99-26-gb40dcae.tar.gz
/openconnect-3.99-33-g2d08bf0.tar.gz
/openconnect-3.99-36-gb0f2edb.tar.gz
/openconnect-4.00.tar.gz
/openconnect-4.01.tar.gz
/openconnect-4.02.tar.gz
/openconnect-4.03.tar.gz
/openconnect-4.04.tar.gz
/openconnect-4.05.tar.gz
/openconnect-4.06.tar.gz
/openconnect-4.07.tar.gz
/openconnect-4.99.tar.gz
/openconnect-5.00.tar.gz
/openconnect-5.01.tar.gz
/openconnect-5.02.tar.gz
/openconnect-5.99.tar.gz
/openconnect-6.00.tar.gz
/openconnect-7.00.tar.gz
/openconnect-7.00.tar.gz.asc
/openconnect-7.01.tar.gz
/openconnect-7.02.tar.gz
/openconnect-7.03.tar.gz
/openconnect-7.04.tar.gz
/openconnect-7.05.tar.gz
/openconnect-7.06.tar.gz
/openconnect-7.06.tar.gz.asc
/pubring.gpg
/gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.gpg
/openconnect-7.07.tar.gz
/openconnect-7.07.tar.gz.asc
/openconnect-7.08.tar.gz
/openconnect-7.08.tar.gz.asc
/openconnect-8.00.tar.gz
/openconnect-8.00.tar.gz.asc
/openconnect-8.01.tar.gz
/openconnect-8.01.tar.gz.asc
/openconnect-8.02.tar.gz
/openconnect-8.02.tar.gz.asc
/openconnect-8.03.tar.gz
/openconnect-8.03.tar.gz.asc
/openconnect-8.04.tar.gz
/openconnect-8.04.tar.gz.asc
/openconnect-8.05.tar.gz
/openconnect-8.05.tar.gz.asc
/openconnect-8.06.tar.gz
/openconnect-8.06.tar.gz.asc
/openconnect-8.07.tar.gz
/openconnect-8.07.tar.gz.asc
/openconnect-8.08.tar.gz
/openconnect-8.08.tar.gz.asc
/openconnect-8.09.tar.gz
/openconnect-8.09.tar.gz.asc
/openconnect-8.10.tar.gz
/openconnect-8.10.tar.gz.asc
/openconnect-8.20.tar.gz
/openconnect-8.20.tar.gz.asc
/openconnect-9.00.tar.gz
/openconnect-9.00.tar.gz.asc
/openconnect-9.01.tar.gz
/openconnect-9.01.tar.gz.asc
/openconnect-9.10.tar.gz
/openconnect-9.10.tar.gz.asc
/openconnect-9.11.tar.gz
/openconnect-9.11.tar.gz.asc
/openconnect-9.12.tar.gz
/openconnect-9.12.tar.gz.asc
SOURCES/openconnect-8.20.tar.gz
SOURCES/openconnect-8.20.tar.gz.asc

2
.openconnect.metadata
Unescape View File

@ -0,0 +1,2 @@
5518304b35d865bea3ea6cf927fa0e0e4dd5f08a SOURCES/openconnect-8.20.tar.gz
da33252efc233734598a3db22ddce04827514145 SOURCES/openconnect-8.20.tar.gz.asc

65
0001-Ignore-errors-fetching-NC-landing-page-if-auth-was-s.patch
Unescape View File

@ -1,65 +0,0 @@
From 4ff991c46e6b202cabd623eeffa5ae1af1ba5c8e Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@infradead.org>
Date: Fri, 23 Apr 2021 10:40:44 +0100
Subject: [PATCH 1/2] Ignore errors fetching NC landing page if auth was
successful
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
(cherry picked from commit 3e77943692b511719d9217d2ecc43588b7c6c08b)
---
auth-juniper.c | 18 +++++++++++-------
www/changelog.xml | 2 +-
2 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/auth-juniper.c b/auth-juniper.c
index 19d43978..63af3bfc 100644
--- a/auth-juniper.c
+++ b/auth-juniper.c
@@ -663,6 +663,17 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo)
ret = do_https_request(vpninfo, "GET", NULL, NULL,
&form_buf, 2);
+ /* After login, the server will redirect the "browser" to a landing page.
+ * https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784
+ * turned some of those landing pages into a 403 but we don't *care*
+ * about that as long as we have the cookie we wanted. So check for
+ * cookie success *before* checking 'ret'. */
+ if (!check_cookie_success(vpninfo)) {
+ free(form_buf);
+ ret = 0;
+ break;
+ }
+
if (ret < 0)
break;
@@ -680,13 +691,6 @@ int oncp_obtain_cookie(struct openconnect_info *vpninfo)
break;
}
- if (!check_cookie_success(vpninfo)) {
- buf_free(url);
- free(form_buf);
- ret = 0;
- break;
- }
-
doc = htmlReadMemory(form_buf, ret, url->data, NULL,
HTML_PARSE_RECOVER|HTML_PARSE_NOERROR|HTML_PARSE_NOWARNING|HTML_PARSE_NONET);
buf_free(url);
diff --git a/www/changelog.xml b/www/changelog.xml
index bca5c8e2..1a05eda7 100644
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -15,7 +15,7 @@
<ul>
<li><b>OpenConnect HEAD</b>
<ul>
- <li><i>No changelog entries yet</i></li>
+ <li>Ignore failures to fetch the NC landing page if the authentication was successful.</li>
</ul><br/>
</li>
<li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.10.tar.gz">OpenConnect v8.10</a></b>
--
2.31.1

134
0002-Unconditionally-bypass-system-crypto-policy.patch
Unescape View File

@ -1,134 +0,0 @@
From cc4658504b21eb87f9fa6bf7c1e42b83b6f64aaa Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@infradead.org>
Date: Sat, 12 Jun 2021 08:50:09 +0100
Subject: [PATCH 2/2] Unconditionally bypass system crypto policy
This makes me extremely sad, but they rolled it out with *no* way to
selectively allow the user to say "connect anyway", as we've always had
for "invalid" certificates, etc.
It's just unworkable and incomplete as currently implemented in the
distributions, so we have no choice except to bypass it and wait for
it to be fixed.
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
(cherry picked from commit 7e862f2f0352409357fa7a4762481fde49909eb8
and commit d29822cf30293d5f8b039baf3306eed2769fa0b5)
---
configure.ac | 3 +++
libopenconnect.map.in | 2 +-
main.c | 23 +++++++++++++++++++++++
openconnect-internal.h | 9 +++++++++
www/changelog.xml | 1 +
5 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 8b1b540f..3ea5e9cc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -26,6 +26,7 @@ symver_getline=
symver_asprintf=
symver_vasprintf=
symver_win32_strerror=
+symver_win32_setenv=
case $host_os in
*linux* | *gnu* | *nacl*)
@@ -54,6 +55,7 @@ case $host_os in
# For asprintf()
AC_DEFINE(_GNU_SOURCE, 1, [_GNU_SOURCE])
symver_win32_strerror="openconnect__win32_strerror;"
+ symver_win32_setenv="openconnect__win32_setenv;"
# Win32 does have the SCard API
system_pcsc_libs="-lwinscard"
system_pcsc_cflags=
@@ -156,6 +158,7 @@ AC_SUBST(SYMVER_GETLINE, $symver_getline)
AC_SUBST(SYMVER_ASPRINTF, $symver_asprintf)
AC_SUBST(SYMVER_VASPRINTF, $symver_vasprintf)
AC_SUBST(SYMVER_WIN32_STRERROR, $symver_win32_strerror)
+AC_SUBST(SYMVER_WIN32_SETENV, $symver_win32_setenv)
AS_COMPILER_FLAGS(WFLAGS,
"-Wall
diff --git a/libopenconnect.map.in b/libopenconnect.map.in
index 5b4bc5d7..1039aacf 100644
--- a/libopenconnect.map.in
+++ b/libopenconnect.map.in
@@ -109,7 +109,7 @@ OPENCONNECT_5_6 {
} OPENCONNECT_5_5;
OPENCONNECT_PRIVATE {
- global: @SYMVER_TIME@ @SYMVER_GETLINE@ @SYMVER_JAVA@ @SYMVER_ASPRINTF@ @SYMVER_VASPRINTF@ @SYMVER_WIN32_STRERROR@
+ global: @SYMVER_TIME@ @SYMVER_GETLINE@ @SYMVER_JAVA@ @SYMVER_ASPRINTF@ @SYMVER_VASPRINTF@ @SYMVER_WIN32_STRERROR@ @SYMVER_WIN32_SETENV@
openconnect_get_tls_library_version;
openconnect_fopen_utf8;
openconnect_open_utf8;
diff --git a/main.c b/main.c
index cc3dd91e..129755a1 100644
--- a/main.c
+++ b/main.c
@@ -1436,6 +1436,29 @@ int main(int argc, char **argv)
openconnect_binary_version, openconnect_version_str);
}
+ /* Some systems have a crypto policy which completely prevents DTLSv1.0
+ * from being used, which is entirely pointless and will just drive
+ * users back to the crappy proprietary clients. Or drive OpenConnect
+ * to implement its own DTLS instead of using the system crypto libs.
+ * We're happy to conform by default to the system policy which is
+ * carefully curated to keep up to date with developments in crypto
+ * attacks — but we also *need* to be able to override it and connect
+ * anyway, when the user asks us to. Just as we *can* continue even
+ * when the server has an invalid certificate, based on user input.
+ * It was a massive oversight that GnuTLS implemented the system
+ * policy *without* that basic override facility, so until/unless
+ * it actually gets implemented properly we have to just disable it.
+ * We can't do this from openconnect_init_ssl() since that would be
+ * calling setenv() from a library in someone else's process. And
+ * thankfully we don't really need to since the auth-dialogs don't
+ * care; this is mostly for the DTLS connection.
+ */
+#ifdef OPENCONNECT_GNUTLS
+ setenv("GNUTLS_SYSTEM_PRIORITY_FILE", DEVNULL, 0);
+#else
+ setenv("OPENSSL_CONF", DEVNULL, 0);
+#endif
+
openconnect_init_ssl();
vpninfo = openconnect_vpninfo_new((char *)"Open AnyConnect VPN Agent",
diff --git a/openconnect-internal.h b/openconnect-internal.h
index 92edf763..9eb274c2 100644
--- a/openconnect-internal.h
+++ b/openconnect-internal.h
@@ -41,6 +41,15 @@
#include "openconnect.h"
+/* Equivalent of "/dev/null" on Windows.
+ * See https://stackoverflow.com/a/44163934
+ */
+#ifdef _WIN32
+#define DEVNULL "NUL:"
+#else
+#define DEVNULL "/dev/null"
+#endif
+
#if defined(OPENCONNECT_OPENSSL)
#include <openssl/ssl.h>
#include <openssl/err.h>
diff --git a/www/changelog.xml b/www/changelog.xml
index 1a05eda7..ca90413f 100644
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -16,6 +16,7 @@
<li><b>OpenConnect HEAD</b>
<ul>
<li>Ignore failures to fetch the NC landing page if the authentication was successful.</li>
+ <li>Disable brittle "system policy" enforcement where it cannot be gracefully overridden at user request. <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1960763"><i>(RH#1960763)</i></a>.</li>
</ul><br/>
</li>
<li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-8.10.tar.gz">OpenConnect v8.10</a></b>
--
2.31.1

0
SOURCES/.cvsignore
Unescape View File

0
gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc → SOURCES/gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc
Unescape View File

316
SOURCES/macros.gpg
Unescape View File

@ -0,0 +1,316 @@
# The gpg_verify macro is defined further down in this document.
# gpg_verify takes one option and a list of 2- or 3-tuples.
#
# With no arguments, attempts to figure everything out. Finds one keyring and
# tries to pair each signature file with a source. If there is no source found
# which matches a signature, the build is aborted.
#
# -k gives a common keyring to verify all signatures against, except when an
# argument specifies its own keyring.
#
# Each argument must be of the form "F,S,K" or "F,S", where each of F, S and K
# is either the number or the filename of one of the source files in the
# package. A pathname including directories is not allowed.
# F is a source file to check.
# S is a signature.
# K is a keyring.
#
# When an argument specifies a keyring, that signature will be verified against
# the keys in that keyring. For arguments that don't specify a keyring, the one
# specified with -k will be used, if any. If no keyring is specified either
# way, the macro will default to the first one it finds in the source list.
#
# It is assumed that all the keys in all keyrings, whether automatically found
# or explicitly specified, are trusted to authenticate the source files. There
# must not be any untrusted keys included.
# Some utility functions to the global namespace
# Most of these should come from the utility macros in the other repo.
%define gpg_macros_init %{lua:
function db(str)
io.stderr:write(tostring(str) .. '\\n')
end
\
-- Simple basename clone
function basename(str)
local name = string.gsub(str, "(.*/)(.*)", "%2")
return name
end
\
-- Get the numbered or source file.
-- The spec writer can use any numbering scheme. The sources table
-- always counts from 1 and has no gaps, so we have to go back to the
-- SOURCEN macros.
function get_numbered_source(num)
local macro = "%SOURCE" .. num
local val = rpm.expand(macro)
if val == macro then
return nil
end
return val
end
-- Get the named source file. This returns the full path to a source file,
-- or nil if no such source exists.
function get_named_source(name)
local path
for _,path in ipairs(sources) do
if name == basename(path) then
return path
end
end
return nil
end
\
-- Determine whether the supplied filename contains a signature
-- Assumes the file will be closed when the handle goes out of scope
function is_signature(fname)
-- I don't really like this, but you can have completely binary sigs
if string.find(fname, '%.sig$') then
return true
end
local file = io.open(fname, 'r')
if file == nil then return false end
\
local c = 1
while true do
local line = file:read('*line')
if (line == nil or c > 10) then break end
if string.find(line, "BEGIN PGP SIGNATURE") then
return true
end
c = c+1
end
return false
end
\
-- Determine whether the supplied filename looks like a keyring
-- Ends in .gpg (might be binary data)? Contains "BEGIN PGP PUBLIC KEY BLOCK"
function is_keyring(fname)
-- XXX Have to hack this now to make it not find macros.gpg while we're testing.
if string.find(fname, '%.gpg$') and not string.find(fname, 'macros.gpg$') then
return true
end
\
local file = io.open(fname, 'r')
if file == nil then return false end
io.input(file)
local c = 1
while true do
local line = io.read('*line')
if (line == nil or c > 10) then break end
if string.find(line, "BEGIN PGP PUBLIC KEY BLOCK") then
return true
end
c = c+1
end
return false
end
\
-- Output code to have the current scriptlet echo something
function echo(str)
print("echo " .. str .. "\\n")
end
\
-- Output an exit statement with nonzero return to the current scriptlet
function exit()
print("exit 1\\n")
end
\
-- Call the RPM %error macro
function rpmerror(str)
echo("gpg_verify: " .. str)
rpm.expand("%{error:gpg_verify: " .. str .. "}")
exit(1)
end
\
-- XXX How to we get just a flag and no option?
function getflag(flag)
return nil
end
\
-- Extract the value of a passed option
function getoption(opt)
out = rpm.expand("%{-" .. opt .. "*}")
-- if string.len(out) == 0 then
if #out == 0 then
return nil
end
return out
end
\
function unknownarg(a)
rpmerror("Unknown argument to %%gpg_verify: " .. a)
end
\
function rprint(s, l, i) -- recursive Print (structure, limit, indent)
l = (l) or 100; i = i or ""; -- default item limit, indent string
if (l<1) then db("ERROR: Item limit reached."); return l-1 end;
local ts = type(s);
if (ts ~= "table") then db(i,ts,s); return l-1 end
db(i,ts); -- print "table"
for k,v in pairs(s) do -- db("[KEY] VALUE")
l = rprint(v, l, i.."\t["..tostring(k).."]");
if (l < 0) then break end
end
return l
end
\
-- Given a list of source file numbers or file names, validate them and
-- convert them to a list of full filenames.
function check_sources_list(arr)
local files = {}
local src,fpath
for _, src in ipairs(arr) do
if tonumber(src) then
-- We have a number; turn it to a full path to the corresponding source file
fpath = get_numbered_source(src)
else
fpath = get_named_source(src)
end
if not src then
err = 'Not a valid source: ' .. src
if src == '1' then
err = err .. '. Note that "Source:" is the 0th source file, not the 1st.'
end
rpmerror(err)
end
table.insert(files, fpath)
end
return files
end
rpm.define("gpg_macros_init %{nil}")
}#
# The actual macro
%define gpg_verify(k:) %gpg_macros_init%{lua:
-- RPM will ignore the first thing we output unless we give it a newline.
print('\\n')
\
local defkeyspec = getoption("k")
local args = rpm.expand("%*")
local sourcefiles = {}
local signature_table = {}
local signatures = {}
local keyrings = {}
local defkey, match, captures, s
\
local function storematch(m, c)
match = m; captures = c
end
\
-- Scan all of the sources and try to categorize them.
-- Move to a function
for i,s in pairs(sources) do
sourcefiles[s] = true
-- db('File: ' .. i .. ", " .. s)
if is_signature(s) then
table.insert(signatures, s)
signature_table[s] = true
db('Found signature: ' .. s)
elseif is_keyring(s) then
table.insert(keyrings, s)
db('Found keyring: ' .. s)
else
-- Must be a source
db('Found source: ' .. s)
end
end
\
if defkeyspec then
defkey = check_sources_list({defkeyspec})[1]
if not defkey then
rpmerror('The provided keyring ' .. defkeyspec .. ' is not a valid source number or filename.')
end
end
\
if defkey then
db('Defkey: ' .. defkey)
else
db('No common key yet')
if keyrings[1] then
defkey = keyrings[1]
db('Using first found keyring file: '..defkey)
end
end
\
-- Check over any given args to make sure they're valid, and to see if a
-- common key is required.
local needdefkey = false
local double = rex.newPOSIX('^([^,]+),([^,]+)$')
local triple = rex.newPOSIX('^([^,]+),([^,]+),([^,]+)$')
local arglist = {}
\
-- RPM gives us the arguments in a single string.
-- Split on spaces and iterate
for arg in args:gmatch('%S+') do
db('Checking ' .. arg)
if triple:gmatch(arg, storematch) > 0 then
db('Looks OK')
local parsed = {srcnum=captures[1], signum=captures[2], keynum=captures[3]}
s = check_sources_list({captures[1], captures[2], captures[3]})
parsed.srcfile = s[1]
parsed.sigfile = s[2]
parsed.keyfile = s[3]
table.insert(arglist, parsed)
elseif double:gmatch(arg, storematch) > 0 then
db('Looks OK; needs common key')
needdefkey = true
local parsed = {srcnum=captures[1], signum=captures[2], keynum=defkeyspec, keyfile=defkey}
s = check_sources_list({captures[1], captures[2]})
parsed.srcfile = s[1]
parsed.sigfile = s[2]
table.insert(arglist, parsed)
else
rpmerror('Provided argument '..arg..' is not valid.')
end
end
\
-- So we now know if one of those args needs a common key
if needdefkey and not defkey then
rpmerror('No common key was specified or found, yet the arguments require one.')
end
\
-- And if we have no arguments at all and no common key was found,
-- then we can't do an automatic check
if not defkey and args == '' then
rpmerror('No keyring specified and none found; cannot auto-check.')
end
\
-- Nothing to check means automatic mode
if #arglist == 0 then
local noext
for i,_ in pairs(signature_table) do
-- Find the name without the extension
noext = string.gsub(i, '%.[^.]+$', '')
if sourcefiles[noext] then
table.insert(arglist, {srcfile=noext, sigfile=i, keyfile=defkey})
else
rpmerror('Found signature ' .. i .. ' with no matching source file.')
end
end
end
\
-- Now actually check things
for _,arg in ipairs(arglist) do
local gpgfile = '$GPGHOME/' .. basename(arg.keyfile) .. '.gpg'
echo('Checking signature: file ' .. arg.srcfile .. ' sig ' .. arg.sigfile .. ' key ' .. arg.keyfile)
\
-- We need a secure temp directorry
print('GPGHOME=$(mktemp -qd)\\n')
\
-- Call gpg2 to generate the dearmored key
print('gpg2 --homedir $GPGHOME --no-default-keyring --quiet --yes ')
print('--output '.. gpgfile .. ' --dearmor ' .. arg.keyfile .. "\\n")
\
-- Call gpgv2 to verify the signature against the source file with the dearmored key
print('gpgv2 --homedir $GPGHOME --keyring ' .. gpgfile .. ' ' .. arg.sigfile .. ' ' .. arg.srcfile .. '\\n')
\
print('rm -rf $GPGHOME\\n')
echo('')
end
\
db('------------')
}#
# vim: set filetype=spec:

86
openconnect.spec → SPECS/openconnect.spec
Unescape View File

@ -39,9 +39,9 @@
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
Name: openconnect
Version: 9.12
Version: 8.20
Release: 1%{?relsuffix}%{?dist}
Summary: Open multi-protocol SSL VPN client
Summary: Open client for Cisco AnyConnect VPN, Juniper Network Connect/Pulse, PAN GlobalProtect
License: LGPLv2+
URL: http://www.infradead.org/openconnect.html
@ -50,8 +50,9 @@ Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuf
Source1: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}%{?gitsuffix}.tar.gz.asc
%endif
Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc
Source3: macros.gpg
BuildRequires: make xdg-utils
BuildRequires: make
BuildRequires: pkgconfig(libxml-2.0) pkgconfig(libpcsclite) krb5-devel gnupg2
BuildRequires: autoconf automake libtool gettext pkgconfig(liblz4)
BuildRequires: pkgconfig(uid_wrapper) pkgconfig(socket_wrapper)
@ -89,9 +90,9 @@ BuildRequires: pkgconfig(tss2-esys) libgcrypt-devel
%endif
%description
This package provides a multi-protocol VPN client for Cisco AnyConnect,
Juniper SSL VPN, Pulse/Ivanti Pulse Connect Secure, F5 BIG-IP, Fortinet
Palo Alto Networks GlobalProtect SSL VPN, Array Networks SSL VPN.
This package provides a multiprotocol VPN client for Cisco AnyConnect,
Juniper SSL VPN / Pulse Connect Secure, and Palo Alto Networks GlobalProtect
SSL VPN.
%package devel
Summary: Development package for OpenConnect VPN authentication tools
@ -106,9 +107,10 @@ This package provides the core HTTP and authentication support from
the OpenConnect VPN client, to be used by GUI authentication dialogs
for NetworkManager etc.
%include %SOURCE3
%prep
%if 0%{?gitcount} == 0
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%gpg_verify
%endif
%autosetup -n openconnect-%{version}%{?gitsuffix} -p1
@ -159,77 +161,15 @@ make VERBOSE=1 check
%{_libdir}/pkgconfig/openconnect.pc
%changelog
* Sat May 20 2023 David Woodhouse <dwmw2@infradead.org> - 9.12-1
- Update to 9.12 release
* Fri Mar 22 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 8.20-1
- Rebuilt for MSVSphere 8.9
* Wed May 17 2023 David Woodhouse <dwmw2@infradead.org> - 9.11-1
- Update to 9.11 release
* Thu May 04 2023 David Woodhouse <dwmw2@infradead.org> - 9.10-1
- Update to 9.10 release
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 9.01-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 9.01-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Fri Jul 15 2022 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 9.01-2
- Compile with support for browser / xdg-open
* Fri Apr 29 2022 David Woodhouse <dwmw2@infradead.org> - 9.01-1
- Update to 9.01 release
* Tue Apr 19 2022 David Woodhouse <dwmw2@infradead.org> - 8.20-2
- Merge upstream patch to fix loglevel (OC #401).
* Sun Feb 20 2022 David Woodhouse <dwmw2@infradead.org> - 8.20-1
* Mon Apr 04 2022 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 8.20-1
- Update to 8.20 release
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org>
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org>
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Sat Jun 12 2021 David Woodhouse <dwmw2@infradead.org> - 8.10-6
- Explicitly disable too-brittle system crypto policies (#1960763)
- Ignore with errors fetching Juniper landing page when login was successful anyway.
* Sun Feb 14 2021 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 8.10-5
- Rebuilt while skipping the (PKCS#11) failing tests
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org>
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org>
- Second attempt - Rebuilt for
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org>
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu May 14 2020 David Woodhouse <dwmw2@infradead.orG> - 8.10-1
* Fri May 22 2020 Nikos Mavrogiannopoulos <nmav@redhat.com> - 8.10-1
- Update to 8.10 release (CVE-2020-12823)
* Sat May 2 2020 David Woodhouse <dwmw2@infradead.org> - 8.09-2
- Fix path to openconnect in bash completion script
* Wed Apr 29 2020 David Woodhouse <dwmw2@infradead.org> - 8.09-1
- Update to 8.09 release
* Mon Apr 6 2020 David Woodhouse <dwmw2@infradead.org> - 8.08-1
- Update to 8.08 release (CSD stderr handling, cert checking)
* Sat Apr 4 2020 David Woodhouse <dwmw2@infradead.org> - 8.07-1
- Update to 8.07 release (runtime check for GnuTLS)
* Tue Mar 31 2020 David Woodhouse <dwmw2@infradead.org> - 8.06-1
- Update to 8.06 release (Blacklist bad GnuTLS versions for insecure DTLS)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org>
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Thu Sep 12 2019 David Woodhouse <dwmw2@infradead.org> - 8.05-1
- Update to 8.05 release (CVE-2019-16239)

2
sources
Unescape View File

@ -1,2 +0,0 @@
SHA512 (openconnect-9.12.tar.gz) = 5c622e8bdfac3d21b5881660444e5d2b84e9463a99493d42cbfb480c3aa3972076bdeeb618aca02abed68e31dbeadcb66fb1c370e62a20f20cd544753c7ac48e
SHA512 (openconnect-9.12.tar.gz.asc) = ade33209a4c17bbdfd0bea7490588b248c36c4da56a9aec60818ed6c96bc8c3570b1f2ac2685003122a1e52dd9d24e4b678d77e001c752461649114167a7304c
Write Preview
Loading…
Cancel
Save