public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
@ 2020-04-03  4:14 Mike Gilbert
  0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2020-04-03  4:14 UTC (permalink / raw
  To: gentoo-commits

commit:     2d1a910687e204249655184602d6ccb8b0a14c1b
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Apr  3 03:41:33 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Apr  3 03:42:12 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d1a9106

net-vpn/openconnect: cleanup ebuild

Move the OpenRC-related documentation to a static file.
Reorganize src_install.

Package-Manager: Portage-2.3.96_p4, Repoman-2.3.22_p1
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 net-vpn/openconnect/files/README.OpenRC.txt | 25 +++++++++++++++
 net-vpn/openconnect/openconnect-8.06.ebuild | 50 ++++++-----------------------
 net-vpn/openconnect/openconnect-9999.ebuild | 50 ++++++-----------------------
 3 files changed, 43 insertions(+), 82 deletions(-)

diff --git a/net-vpn/openconnect/files/README.OpenRC.txt b/net-vpn/openconnect/files/README.OpenRC.txt
new file mode 100644
index 00000000000..6bd43e62dfb
--- /dev/null
+++ b/net-vpn/openconnect/files/README.OpenRC.txt
@@ -0,0 +1,25 @@
+The init script for openconnect supports multiple vpn tunnels.
+
+You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d
+instead of calling it directly:
+
+ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0
+
+You can then start the vpn tunnel like this:
+
+/etc/init.d/openconnect.vpn0 start
+
+If you would like to run preup, postup, predown, and/or postdown scripts,
+You need to create a directory in /etc/openconnect with the name of the vpn:
+
+mkdir /etc/openconnect/vpn0
+
+Then add executable shell files:
+
+mkdir /etc/openconnect/vpn0
+cd /etc/openconnect/vpn0
+echo '#!/bin/sh' > preup.sh
+cp preup.sh predown.sh
+cp preup.sh postup.sh
+cp preup.sh postdown.sh
+chmod 755 /etc/openconnect/vpn0/*

diff --git a/net-vpn/openconnect/openconnect-8.06.ebuild b/net-vpn/openconnect/openconnect-8.06.ebuild
index a3c08e954af..45d091c8dc3 100644
--- a/net-vpn/openconnect/openconnect-8.06.ebuild
+++ b/net-vpn/openconnect/openconnect-8.06.ebuild
@@ -6,7 +6,7 @@ EAPI=7
 PYTHON_COMPAT=( python{3_6,3_7} )
 PYTHON_REQ_USE="xml"
 
-inherit eutils linux-info python-any-r1 readme.gentoo-r1
+inherit linux-info python-any-r1
 
 if [[ ${PV} == 9999 ]]; then
 	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
@@ -106,55 +106,23 @@ src_configure() {
 	econf "${myconf[@]}"
 }
 
-DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels.
-
-You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d
-instead of calling it directly:
-
-ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0
-
-You can then start the vpn tunnel like this:
-
-/etc/init.d/openconnect.vpn0 start
-
-If you would like to run preup, postup, predown, and/or postdown scripts,
-You need to create a directory in /etc/openconnect with the name of the vpn:
-
-mkdir /etc/openconnect/vpn0
-
-Then add executable shell files:
-
-mkdir /etc/openconnect/vpn0
-cd /etc/openconnect/vpn0
-echo '#!/bin/sh' > preup.sh
-cp preup.sh predown.sh
-cp preup.sh postup.sh
-cp preup.sh postdown.sh
-chmod 755 /etc/openconnect/vpn0/*
-"
-
 src_install() {
 	default
 
+	find "${ED}" -name '*.la' -delete || die
+
+	dodoc "${FILESDIR}"/README.OpenRC.txt
+
 	newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect
 	insinto /etc/openconnect
+
 	newconfd "${FILESDIR}"/openconnect.conf.in openconnect
+
 	exeinto /etc/openconnect
 	newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh
+
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}"/openconnect.logrotate openconnect
-	keepdir /var/log/openconnect
 
-	find "${ED}" -name '*.la' -delete || die
-
-	readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	readme.gentoo_print_elog
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
-		elog
-		elog "You may want to consider installing the following optional packages."
-		optfeature "resolvconf support" virtual/resolvconf
-	fi
+	keepdir /var/log/openconnect
 }

diff --git a/net-vpn/openconnect/openconnect-9999.ebuild b/net-vpn/openconnect/openconnect-9999.ebuild
index a3c08e954af..45d091c8dc3 100644
--- a/net-vpn/openconnect/openconnect-9999.ebuild
+++ b/net-vpn/openconnect/openconnect-9999.ebuild
@@ -6,7 +6,7 @@ EAPI=7
 PYTHON_COMPAT=( python{3_6,3_7} )
 PYTHON_REQ_USE="xml"
 
-inherit eutils linux-info python-any-r1 readme.gentoo-r1
+inherit linux-info python-any-r1
 
 if [[ ${PV} == 9999 ]]; then
 	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
@@ -106,55 +106,23 @@ src_configure() {
 	econf "${myconf[@]}"
 }
 
-DOC_CONTENTS="The init script for openconnect supports multiple vpn tunnels.
-
-You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d
-instead of calling it directly:
-
-ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0
-
-You can then start the vpn tunnel like this:
-
-/etc/init.d/openconnect.vpn0 start
-
-If you would like to run preup, postup, predown, and/or postdown scripts,
-You need to create a directory in /etc/openconnect with the name of the vpn:
-
-mkdir /etc/openconnect/vpn0
-
-Then add executable shell files:
-
-mkdir /etc/openconnect/vpn0
-cd /etc/openconnect/vpn0
-echo '#!/bin/sh' > preup.sh
-cp preup.sh predown.sh
-cp preup.sh postup.sh
-cp preup.sh postdown.sh
-chmod 755 /etc/openconnect/vpn0/*
-"
-
 src_install() {
 	default
 
+	find "${ED}" -name '*.la' -delete || die
+
+	dodoc "${FILESDIR}"/README.OpenRC.txt
+
 	newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect
 	insinto /etc/openconnect
+
 	newconfd "${FILESDIR}"/openconnect.conf.in openconnect
+
 	exeinto /etc/openconnect
 	newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh
+
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}"/openconnect.logrotate openconnect
-	keepdir /var/log/openconnect
 
-	find "${ED}" -name '*.la' -delete || die
-
-	readme.gentoo_create_doc
-}
-
-pkg_postinst() {
-	readme.gentoo_print_elog
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
-		elog
-		elog "You may want to consider installing the following optional packages."
-		optfeature "resolvconf support" virtual/resolvconf
-	fi
+	keepdir /var/log/openconnect
 }


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
@ 2020-05-12 16:02 Mike Gilbert
  0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2020-05-12 16:02 UTC (permalink / raw
  To: gentoo-commits

commit:     27513d77015771f8604d9a21f388e9846c8c650a
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Tue May 12 16:01:57 2020 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue May 12 16:02:48 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27513d77

net-vpn/openconnect: fix buffer overflow in get_cert_name

Closes: https://bugs.gentoo.org/721570
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../files/8.09-gnutls-buffer-overflow.patch        | 62 ++++++++++++++++++++++
 ...nect-8.09.ebuild => openconnect-8.09-r1.ebuild} |  3 ++
 2 files changed, 65 insertions(+)

diff --git a/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch b/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch
new file mode 100644
index 00000000000..bf8990ae3d3
--- /dev/null
+++ b/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch
@@ -0,0 +1,62 @@
+From eef4c1f9d24478aa1d2dd9ac7ec32efb2137f474 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyfox@gentoo.org>
+Date: Fri, 8 May 2020 10:39:41 -0400
+Subject: [PATCH] gnutls: prevent buffer overflow in get_cert_name
+
+The test suite for ocserv calls openconnect with a certificate that has
+a name that is 84 bytes in length. The buffer passed to get_cert_name is
+currently 80 bytes.
+
+The gnutls_x509_crt_get_dn_by_oid function will update the buffer size
+parameter if the buffer is too small.
+
+http://man7.org/linux/man-pages/man3/gnutls_x509_crt_get_dn_by_oid.3.html
+
+RETURNS
+       GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long
+       enough, and in that case the  buf_size will be updated with the
+       required size. GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there are no
+       data in the current index. On success 0 is returned.
+
+Use a temporary variable to avoid clobbering the namelen variable that is
+passed to get_cert_name.
+
+Bug: https://bugs.gentoo.org/721570
+Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
+Signed-off-by: Mike Gilbert <floppym@gentoo.org>
+---
+ gnutls.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/gnutls.c b/gnutls.c
+index 36bc82e0..53bf2a43 100644
+--- a/gnutls.c
++++ b/gnutls.c
+@@ -546,12 +546,19 @@ static int count_x509_certificates(gnutls_datum_t *datum)
+ 
+ static int get_cert_name(gnutls_x509_crt_t cert, char *name, size_t namelen)
+ {
++	/* When the name buffer is not big enough, gnutls_x509_crt_get_dn*() will
++	 * update the length argument to the required size, and return
++	 * GNUTLS_E_SHORT_MEMORY_BUFFER. We need to avoid clobbering the original
++	 * length variable. */
++	size_t nl = namelen;
+ 	if (gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME,
+-					  0, 0, name, &namelen) &&
+-	    gnutls_x509_crt_get_dn(cert, name, &namelen)) {
+-		name[namelen-1] = 0;
+-		snprintf(name, namelen-1, "<unknown>");
+-		return -EINVAL;
++					  0, 0, name, &nl)) {
++		nl = namelen;
++		if (gnutls_x509_crt_get_dn(cert, name, &nl)) {
++			name[namelen-1] = 0;
++			snprintf(name, namelen-1, "<unknown>");
++			return -EINVAL;
++		}
+ 	}
+ 	return 0;
+ }
+-- 
+2.26.2
+

diff --git a/net-vpn/openconnect/openconnect-8.09.ebuild b/net-vpn/openconnect/openconnect-8.09-r1.ebuild
similarity index 97%
rename from net-vpn/openconnect/openconnect-8.09.ebuild
rename to net-vpn/openconnect/openconnect-8.09-r1.ebuild
index 5e1e96852d1..a55ca7731ca 100644
--- a/net-vpn/openconnect/openconnect-8.09.ebuild
+++ b/net-vpn/openconnect/openconnect-8.09-r1.ebuild
@@ -78,6 +78,9 @@ src_unpack() {
 }
 
 src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}"/8.09-gnutls-buffer-overflow.patch
+	)
 	default
 	if [[ ${PV} == 9999 ]]; then
 		eautoreconf


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
@ 2020-11-23  0:03 William Hubbs
  0 siblings, 0 replies; 12+ messages in thread
From: William Hubbs @ 2020-11-23  0:03 UTC (permalink / raw
  To: gentoo-commits

commit:     41acdc92e655eb64a0d667b3b612fd5312921656
Author:     William Hubbs <williamh <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 22 23:41:54 2020 +0000
Commit:     William Hubbs <williamh <AT> gentoo <DOT> org>
CommitDate: Mon Nov 23 00:03:27 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=41acdc92

net-vpn/openconnect: 8.10-r1 revbump to fix openrc service

This changes the openrc service to support the use of separate
openconnect config files for each tunnel instead of setting the tunnel
options in the conf.d files.

The config files will be stored in /etc/openconnect/<tunnel>.conf. The
contents of these config files is  defined in the openconnect man page.

Closes: https://bugs.gentoo.org/733614
Signed-off-by: William Hubbs <williamh <AT> gentoo.org>

 net-vpn/openconnect/files/README.OpenRC          |  30 +++++
 net-vpn/openconnect/files/openconnect.initd.8.10 | 105 ++++++++++++++++
 net-vpn/openconnect/openconnect-8.10-r1.ebuild   | 153 +++++++++++++++++++++++
 3 files changed, 288 insertions(+)

diff --git a/net-vpn/openconnect/files/README.OpenRC b/net-vpn/openconnect/files/README.OpenRC
new file mode 100644
index 00000000000..baa617d94ea
--- /dev/null
+++ b/net-vpn/openconnect/files/README.OpenRC
@@ -0,0 +1,30 @@
+The service script for openconnect supports multiple vpn tunnels.
+
+You need to create a symbolic link to /etc/init.d/openconnect in
+/etc/init.d for each tunnel instead of calling it directly:
+
+ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0
+
+Also, create a configuration file for the tunnel in /etc/openconnect. To
+follow this example, the configuration file would be called
+/etc/openconnect/vpn0.conf. See man openconnect for the options that can
+go in this file.
+
+You can then start the vpn tunnel like this:
+
+rc-service openconnect.vpn0 start
+
+If you would like to run preup, postup, predown, and/or postdown scripts,
+You need to create a directory in /etc/openconnect with the name of the vpn:
+
+mkdir /etc/openconnect/vpn0
+
+Then add executable shell files:
+
+mkdir /etc/openconnect/vpn0
+cd /etc/openconnect/vpn0
+echo '#!/bin/sh' > preup.sh
+cp preup.sh predown.sh
+cp preup.sh postup.sh
+cp preup.sh postdown.sh
+chmod 755 /etc/openconnect/vpn0/*

diff --git a/net-vpn/openconnect/files/openconnect.initd.8.10 b/net-vpn/openconnect/files/openconnect.initd.8.10
new file mode 100644
index 00000000000..cec5350e17c
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect.initd.8.10
@@ -0,0 +1,105 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+VPN="${RC_SVCNAME#*.}"
+VPNCONF=/etc/openconnect/${VPN}.conf
+VPNDIR="/etc/openconnect/${VPN}"
+VPNLOG="/var/log/openconnect/${VPN}"
+VPNLOGFILE="${VPNLOG}/openconnect.log"
+VPNERRFILE="${VPNLOG}/openconnect.err"
+
+command="/usr/sbin/openconnect"
+name="OpenConnect: ${VPN}"
+pidfile="/run/openconnect/${VPN}.pid"
+stopsig="SIGINT"
+
+depend() {
+	before netmount
+}
+
+checkconfig() {
+	if [ $VPN = "openconnect" ]; then
+		eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:"
+		eerror
+		eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0"
+		eerror
+		eerror "And then call it instead:"
+		eerror
+		eerror "/etc/init.d/openconnect.vpn0 start"
+		return 1
+	fi
+	if [ ! -f "${VPNCONF}" ]; then
+	ewarn "The configuration file for ${VPN} does not exist."
+	ewarn "Please create ${VPNCONF}"
+	ewarn "This will become a fatal error in a future release."
+	fi
+	local server vpnopts password
+	eval server=\$server_${VPN}
+	eval vpnopts=\$vpnopts_${VPN}
+	eval password=\$password_${VPN}
+	if [ -n "$server" ] || [ -n "$vpnopts" ] || [ -n "password" ]; then
+	ewarn "server_${VPN}, vpnopts${VPN} and password_${VPN} are deprecated"
+	ewarn"Please move them to the appropriate settings in ${VPNCONF}"
+	ewarn "They will be ignored in the future."
+	fi
+	return 0
+}
+
+checktuntap() {
+	if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then
+		if ! modprobe tun ; then
+			eerror "TUN/TAP support is not available in this kernel"
+			return 1
+		fi
+	fi
+}
+
+run_hook() {
+	if [ -x "$1" ]; then
+		"$@"
+	fi
+}
+
+start_pre() {
+	checkconfig || return
+	checktuntap || return
+	checkpath -d "${VPNLOG}" || return
+	checkpath -d /run/openconnect || return
+	run_hook "${VPNDIR}/preup.sh"
+}
+
+start() {
+	local server vpnopts password
+	eval server=\$server_${VPN}
+	eval vpnopts=\$vpnopts_${VPN}
+	eval password=\$password_${VPN}
+
+	ebegin "Starting ${name}"
+	start-stop-daemon --start --exec "${command}" -- \
+		--background \
+		--config="${VPNCONF:-/dev/null}" \
+		--interface="${VPN}" \
+		--pid-file="${pidfile}" \
+		${vpnopts} \
+		"${server}" \
+		>> "${VPNLOGFILE}" \
+		2>> "${VPNERRFILE}" \
+		<<EOF
+${password}
+EOF
+	eend $?
+}
+
+start_post() {
+	run_hook "${VPNDIR}/postup.sh"
+}
+
+stop_pre() {
+	checkconfig || return
+	run_hook "${VPNDIR}/predown.sh"
+}
+
+stop_post() {
+	run_hook "${VPNDIR}/postdown.sh"
+}

diff --git a/net-vpn/openconnect/openconnect-8.10-r1.ebuild b/net-vpn/openconnect/openconnect-8.10-r1.ebuild
new file mode 100644
index 00000000000..e4c566efb12
--- /dev/null
+++ b/net-vpn/openconnect/openconnect-8.10-r1.ebuild
@@ -0,0 +1,153 @@
+# Copyright 2011-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python{3_6,3_7,3_8,3_9} )
+PYTHON_REQ_USE="xml"
+
+inherit linux-info python-any-r1
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
+	inherit git-r3 autotools
+else
+	ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
+fi
+VPNC_VER=20200930
+SRC_URI="${ARCHIVE_URI}
+	ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz"
+
+DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
+HOMEPAGE="http://www.infradead.org/openconnect.html"
+
+LICENSE="LGPL-2.1 GPL-2"
+SLOT="0/5"
+IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+	dev-libs/libxml2
+	sys-libs/zlib
+	!gnutls? (
+		>=dev-libs/openssl-1.0.1h:0=
+	)
+	gnutls? (
+		app-crypt/trousers
+		app-misc/ca-certificates
+		dev-libs/nettle
+		>=net-libs/gnutls-3.6.13:0=
+		dev-libs/libtasn1:0=
+		app-crypt/tpm2-tss
+	)
+	gssapi? ( virtual/krb5 )
+	libproxy? ( net-libs/libproxy )
+	lz4? ( app-arch/lz4:= )
+	nls? ( virtual/libintl )
+	smartcard? ( sys-apps/pcsc-lite:0= )
+	stoken? ( app-crypt/stoken )
+"
+RDEPEND="${DEPEND}
+	sys-apps/iproute2
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( ${PYTHON_DEPS} sys-apps/groff )
+	nls? ( sys-devel/gettext )
+	test? (
+		net-libs/socket_wrapper
+		net-vpn/ocserv
+		sys-libs/uid_wrapper
+	)
+"
+
+CONFIG_CHECK="~TUN"
+
+pkg_pretend() {
+	check_extra_config
+}
+
+pkg_setup() {
+	:
+}
+
+src_unpack() {
+	if [[ ${PV} == 9999 ]]; then
+		git-r3_src_unpack
+	fi
+	default
+}
+
+src_prepare() {
+	default
+	if [[ ${PV} == 9999 ]]; then
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	if use doc; then
+		python_setup
+	else
+		export ac_cv_path_PYTHON=
+	fi
+
+	# Used by tests if userpriv is disabled
+	addwrite /run/netns
+
+	local myconf=(
+		--disable-dsa-tests
+		$(use_enable nls)
+		--disable-static
+		$(use_with !gnutls openssl)
+		$(use_with gnutls)
+		$(use_with libproxy)
+		$(use_with lz4)
+		$(use_with gssapi)
+		$(use_with smartcard libpcsclite)
+		$(use_with stoken)
+		--with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh"
+		--without-java
+	)
+
+	econf "${myconf[@]}"
+}
+
+src_test() {
+	local charset
+	for charset in UTF-8 ISO8859-2; do
+		if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
+			# If we don't have valid cs_CZ locale data, auth-nonascii will fail.
+			# Force a test skip by exiting with status 77.
+			sed -i -e '2i exit 77' tests/auth-nonascii || die
+			break
+		fi
+	done
+	default
+}
+
+src_install() {
+	default
+	find "${ED}" -name '*.la' -delete || die
+
+	exeinto /etc/openconnect
+	newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh
+
+	newinitd "${FILESDIR}"/openconnect.initd.${PV} openconnect
+	dodoc "${FILESDIR}"/README.OpenRC
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/openconnect.logrotate openconnect
+
+	keepdir /var/log/openconnect
+}
+
+pkg_postinst() {
+	local v
+	for v in ${REPLACING_VERSIONS}; do
+		ver_test $v -ge 8.10-r1 && continue
+		ewarn "openconnect tunnel-specific configurations stored in ${EROOT}/etc/conf.d"
+		ewarn "should be migrated to ${EROOT}/etc/openconnect/<tunnel>.conf"
+		ewarn "For more information see ${EROOT}/usr/share/doc/${PF}/README.OpenRC"
+	done
+}


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
@ 2021-10-02  6:02 Mike Gilbert
  0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2021-10-02  6:02 UTC (permalink / raw
  To: gentoo-commits

commit:     e7ea3fbeadbd0524ea7d7498a8eb563b0b780495
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Oct  2 05:54:38 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Oct  2 06:00:09 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7ea3fbe

net-vpn/openconnect: revise init script

Remove warnings about removal of variables.
Restore sample conf.d file.
Allow for missing config file.
Use eval to allow quoted whitespace in vpnopts.

Bug: https://bugs.gentoo.org/733614
Closes: https://bugs.gentoo.org/763579
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 net-vpn/openconnect/files/openconnect.conf.in      |   2 +-
 net-vpn/openconnect/files/openconnect.initd        | 109 +++++++++++++++++++++
 ...t-8.10-r2.ebuild => openconnect-8.10-r3.ebuild} |   5 +-
 net-vpn/openconnect/openconnect-9999.ebuild        |   5 +-
 4 files changed, 118 insertions(+), 3 deletions(-)

diff --git a/net-vpn/openconnect/files/openconnect.conf.in b/net-vpn/openconnect/files/openconnect.conf.in
index 53b14e61378..7e44f569c0c 100644
--- a/net-vpn/openconnect/files/openconnect.conf.in
+++ b/net-vpn/openconnect/files/openconnect.conf.in
@@ -23,4 +23,4 @@
 server_vpn0="vpn.server.tld"
 password_vpn0="YOUR_PASSWORD"
 # Any OPENCONNECT options my go here (see openconnect --help)
-vpnopts_vpn0="-l --passwd-on-stdin --user=YOUR_USERNAME --script=/etc/openconnect/openconnect.sh"
+vpnopts_vpn0="-l --passwd-on-stdin --user=YOUR_USERNAME"

diff --git a/net-vpn/openconnect/files/openconnect.initd b/net-vpn/openconnect/files/openconnect.initd
new file mode 100644
index 00000000000..7b33920f498
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect.initd
@@ -0,0 +1,109 @@
+#!/sbin/openrc-run
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+VPN="${RC_SVCNAME#*.}"
+VPNCONF=/etc/openconnect/${VPN}.conf
+VPNDIR="/etc/openconnect/${VPN}"
+VPNLOG="/var/log/openconnect/${VPN}"
+VPNLOGFILE="${VPNLOG}/openconnect.log"
+VPNERRFILE="${VPNLOG}/openconnect.err"
+
+command="/usr/sbin/openconnect"
+name="OpenConnect: ${VPN}"
+pidfile="/run/openconnect/${VPN}.pid"
+stopsig="SIGINT"
+
+depend() {
+	before netmount
+}
+
+checkconfig() {
+	if [ $VPN = "openconnect" ]; then
+		eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:"
+		eerror
+		eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0"
+		eerror
+		eerror "And then call it instead:"
+		eerror
+		eerror "/etc/init.d/openconnect.vpn0 start"
+		return 1
+	fi
+	return 0
+}
+
+checktuntap() {
+	if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then
+		if ! modprobe tun ; then
+			eerror "TUN/TAP support is not available in this kernel"
+			return 1
+		fi
+	fi
+}
+
+run_hook() {
+	if [ -x "$1" ]; then
+		"$@"
+	fi
+}
+
+start_pre() {
+	checkconfig || return
+	checktuntap || return
+	checkpath -d "${VPNLOG}" || return
+	checkpath -d /run/openconnect || return
+	run_hook "${VPNDIR}/preup.sh"
+}
+
+ssd_helper() {
+	if [ -n "${password}" ]; then
+		start-stop-daemon "$@" <<EOF
+${password}
+EOF
+	else
+		start-stop-daemon "$@"
+	fi
+}
+
+start() {
+	local server vpnopts password
+	eval server=\$server_${VPN}
+	eval vpnopts=\$vpnopts_${VPN}
+	eval password=\$password_${VPN}
+
+	local config=
+	if [ -e "${VPNCONF}" ]; then
+		config="--config=${VPNCONF}"
+	fi
+
+	# Allow quoted whitespace in vpnopts.
+	eval set -- ${vpnopts}
+
+	ebegin "Starting ${name}"
+	ssd_helper --start \
+		--exec "${command}" \
+		--pidfile "${pidfile}" \
+		-- \
+		--background \
+		${config} \
+		--interface="${VPN}" \
+		--pid-file="${pidfile}" \
+		"$@" \
+		"${server}" \
+		>> "${VPNLOGFILE}" \
+		2>> "${VPNERRFILE}"
+	eend $?
+}
+
+start_post() {
+	run_hook "${VPNDIR}/postup.sh"
+}
+
+stop_pre() {
+	checkconfig || return
+	run_hook "${VPNDIR}/predown.sh"
+}
+
+stop_post() {
+	run_hook "${VPNDIR}/postdown.sh"
+}

diff --git a/net-vpn/openconnect/openconnect-8.10-r2.ebuild b/net-vpn/openconnect/openconnect-8.10-r3.ebuild
similarity index 96%
rename from net-vpn/openconnect/openconnect-8.10-r2.ebuild
rename to net-vpn/openconnect/openconnect-8.10-r3.ebuild
index ba71fcaef77..8b5c8962bee 100644
--- a/net-vpn/openconnect/openconnect-8.10-r2.ebuild
+++ b/net-vpn/openconnect/openconnect-8.10-r3.ebuild
@@ -129,8 +129,11 @@ src_install() {
 	default
 	find "${ED}" -name '*.la' -delete || die
 
-	newinitd "${FILESDIR}"/openconnect.initd.8.10 openconnect
 	dodoc "${FILESDIR}"/README.OpenRC
+
+	newconfd "${FILESDIR}"/openconnect.conf.in openconnect
+	newinitd "${FILESDIR}"/openconnect.initd openconnect
+
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}"/openconnect.logrotate openconnect
 

diff --git a/net-vpn/openconnect/openconnect-9999.ebuild b/net-vpn/openconnect/openconnect-9999.ebuild
index ba71fcaef77..8b5c8962bee 100644
--- a/net-vpn/openconnect/openconnect-9999.ebuild
+++ b/net-vpn/openconnect/openconnect-9999.ebuild
@@ -129,8 +129,11 @@ src_install() {
 	default
 	find "${ED}" -name '*.la' -delete || die
 
-	newinitd "${FILESDIR}"/openconnect.initd.8.10 openconnect
 	dodoc "${FILESDIR}"/README.OpenRC
+
+	newconfd "${FILESDIR}"/openconnect.conf.in openconnect
+	newinitd "${FILESDIR}"/openconnect.initd openconnect
+
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}"/openconnect.logrotate openconnect
 


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
@ 2021-10-02  6:35 Mike Gilbert
  0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2021-10-02  6:35 UTC (permalink / raw
  To: gentoo-commits

commit:     f8970e67e5f1dc182b59b60690320aab5bff8bfd
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sat Oct  2 06:34:23 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Oct  2 06:34:23 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f8970e67

net-vpn/openconnect: drop pkg_postinst

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 net-vpn/openconnect/files/openconnect.initd.8.10 | 105 -----------------------
 net-vpn/openconnect/openconnect-8.10-r3.ebuild   |  10 ---
 net-vpn/openconnect/openconnect-9999.ebuild      |  10 ---
 3 files changed, 125 deletions(-)

diff --git a/net-vpn/openconnect/files/openconnect.initd.8.10 b/net-vpn/openconnect/files/openconnect.initd.8.10
deleted file mode 100644
index 020eeb91aa1..00000000000
--- a/net-vpn/openconnect/files/openconnect.initd.8.10
+++ /dev/null
@@ -1,105 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-VPN="${RC_SVCNAME#*.}"
-VPNCONF=/etc/openconnect/${VPN}.conf
-VPNDIR="/etc/openconnect/${VPN}"
-VPNLOG="/var/log/openconnect/${VPN}"
-VPNLOGFILE="${VPNLOG}/openconnect.log"
-VPNERRFILE="${VPNLOG}/openconnect.err"
-
-command="/usr/sbin/openconnect"
-name="OpenConnect: ${VPN}"
-pidfile="/run/openconnect/${VPN}.pid"
-stopsig="SIGINT"
-
-depend() {
-	before netmount
-}
-
-checkconfig() {
-	if [ $VPN = "openconnect" ]; then
-		eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:"
-		eerror
-		eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0"
-		eerror
-		eerror "And then call it instead:"
-		eerror
-		eerror "/etc/init.d/openconnect.vpn0 start"
-		return 1
-	fi
-	if [ ! -f "${VPNCONF}" ]; then
-	ewarn "The configuration file for ${VPN} does not exist."
-	ewarn "Please create ${VPNCONF}"
-	ewarn "This will become a fatal error in a future release."
-	fi
-	local server vpnopts password
-	eval server=\$server_${VPN}
-	eval vpnopts=\$vpnopts_${VPN}
-	eval password=\$password_${VPN}
-	if [ -n "$server" ] || [ -n "$vpnopts" ] || [ -n "password" ]; then
-	ewarn "server_${VPN}, vpnopts${VPN} and password_${VPN} are deprecated"
-	ewarn"Please move them to the appropriate settings in ${VPNCONF}"
-	ewarn "They will be ignored in the future."
-	fi
-	return 0
-}
-
-checktuntap() {
-	if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then
-		if ! modprobe tun ; then
-			eerror "TUN/TAP support is not available in this kernel"
-			return 1
-		fi
-	fi
-}
-
-run_hook() {
-	if [ -x "$1" ]; then
-		"$@"
-	fi
-}
-
-start_pre() {
-	checkconfig || return
-	checktuntap || return
-	checkpath -d "${VPNLOG}" || return
-	checkpath -d /run/openconnect || return
-	run_hook "${VPNDIR}/preup.sh"
-}
-
-start() {
-	local server vpnopts password
-	eval server=\$server_${VPN}
-	eval vpnopts=\$vpnopts_${VPN}
-	eval password=\$password_${VPN}
-
-	ebegin "Starting ${name}"
-	start-stop-daemon --start --exec "${command}" -- \
-		--background \
-		--config="${VPNCONF:-/dev/null}" \
-		--interface="${VPN}" \
-		--pid-file="${pidfile}" \
-		${vpnopts} \
-		"${server}" \
-		>> "${VPNLOGFILE}" \
-		2>> "${VPNERRFILE}" \
-		<<EOF
-${password}
-EOF
-	eend $?
-}
-
-start_post() {
-	run_hook "${VPNDIR}/postup.sh"
-}
-
-stop_pre() {
-	checkconfig || return
-	run_hook "${VPNDIR}/predown.sh"
-}
-
-stop_post() {
-	run_hook "${VPNDIR}/postdown.sh"
-}

diff --git a/net-vpn/openconnect/openconnect-8.10-r3.ebuild b/net-vpn/openconnect/openconnect-8.10-r3.ebuild
index 8b5c8962bee..8e690399601 100644
--- a/net-vpn/openconnect/openconnect-8.10-r3.ebuild
+++ b/net-vpn/openconnect/openconnect-8.10-r3.ebuild
@@ -139,13 +139,3 @@ src_install() {
 
 	keepdir /var/log/openconnect
 }
-
-pkg_postinst() {
-	local v
-	for v in ${REPLACING_VERSIONS}; do
-		ver_test $v -ge 8.10-r1 && continue
-		ewarn "openconnect tunnel-specific configurations stored in ${EROOT}/etc/conf.d"
-		ewarn "should be migrated to ${EROOT}/etc/openconnect/<tunnel>.conf"
-		ewarn "For more information see ${EROOT}/usr/share/doc/${PF}/README.OpenRC"
-	done
-}

diff --git a/net-vpn/openconnect/openconnect-9999.ebuild b/net-vpn/openconnect/openconnect-9999.ebuild
index 8b5c8962bee..8e690399601 100644
--- a/net-vpn/openconnect/openconnect-9999.ebuild
+++ b/net-vpn/openconnect/openconnect-9999.ebuild
@@ -139,13 +139,3 @@ src_install() {
 
 	keepdir /var/log/openconnect
 }
-
-pkg_postinst() {
-	local v
-	for v in ${REPLACING_VERSIONS}; do
-		ver_test $v -ge 8.10-r1 && continue
-		ewarn "openconnect tunnel-specific configurations stored in ${EROOT}/etc/conf.d"
-		ewarn "should be migrated to ${EROOT}/etc/openconnect/<tunnel>.conf"
-		ewarn "For more information see ${EROOT}/usr/share/doc/${PF}/README.OpenRC"
-	done
-}


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
@ 2021-10-20 17:47 Mike Gilbert
  0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2021-10-20 17:47 UTC (permalink / raw
  To: gentoo-commits

commit:     7f376dc79d0dd572e9771c03558fd631fd86af1e
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Wed Oct 20 17:27:35 2021 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Wed Oct 20 17:27:35 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f376dc7

net-vpn/openconnect: drop 8.09-r3, 8.10

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 net-vpn/openconnect/Manifest                       |   3 -
 .../files/8.09-gnutls-buffer-overflow.patch        |  62 ---------
 net-vpn/openconnect/files/README.OpenRC.txt        |  25 ----
 net-vpn/openconnect/files/openconnect.conf.in      |  26 ----
 net-vpn/openconnect/files/openconnect.init.in-r4   |  88 ------------
 net-vpn/openconnect/openconnect-8.09-r3.ebuild     | 152 ---------------------
 net-vpn/openconnect/openconnect-8.10.ebuild        | 149 --------------------
 7 files changed, 505 deletions(-)

diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest
index 59221ffa774..3938384a696 100644
--- a/net-vpn/openconnect/Manifest
+++ b/net-vpn/openconnect/Manifest
@@ -1,4 +1 @@
-DIST openconnect-8.09.tar.gz 2083279 BLAKE2B 4588c693a7a641faad271b034e8713f00fda04a872641e45a8ce3e1a236b8d2f4e1b8d973d20e7a9fc656f9460a0e990cbaada008d4ecf9a46353f20c25ac87a SHA512 f6890f5bce4b36b162e4590bce8a61d65fc0ae803d62a3dd408fbb13e96ce41b6443740132808491093032545aea919f9076e34bc11160c503c5e3c46457e7bd
 DIST openconnect-8.10.tar.gz 2084534 BLAKE2B 98ad0e24e09bc565f359139540f60eb9b6b5ed2239a9c46c56889b8554fc3de3605c10f1bb4fa0b0b206ba35404ae90a389ab8dcee54cf05a24d984529d24c2a SHA512 a36a106cf5c637602fc5bd3cd12df8f6dfe55217c1aae93c66ca33208507f3f8cda15e3a46d75615c7fcea1859d1a04017a07674ad0246876154467305477356
-DIST vpnc-scripts-20200226.tar.gz 21460 BLAKE2B 8f00ce3dc49725758abce27f3688946df1bbd4e92769ef02aa9ee66db8b9f41bef3442eaa5405ab1467476899c6d364dfea898ed924ca83497823a85515d48e5 SHA512 3a1eac4ccfaefb0f837189c8cef696b33ab8b8a68cb50a3ad29206b708d0aa479e8eed0c09bef6f60d056cd98d63cc898a1609d734030a63df3be2cfa6c00f9a
-DIST vpnc-scripts-20200930.tar.gz 22305 BLAKE2B 5db809ef674cb3cb8f1c775adc1e83debbda28fdcf47e0b0527efe6d1cea09781ef02b2827d9704140b884a85e7ec51fba497f47f6793520b471a7bba0dde6b6 SHA512 5f42bc7b168b5fdfc3ebd4bae52a42a654f102982852cc74240972e16e77fe0b54d82175e2a067e1d7e408bd14c3f465f7eb82b23b41885cb25a813d9587fd3d

diff --git a/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch b/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch
deleted file mode 100644
index bf8990ae3d3..00000000000
--- a/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From eef4c1f9d24478aa1d2dd9ac7ec32efb2137f474 Mon Sep 17 00:00:00 2001
-From: Sergei Trofimovich <slyfox@gentoo.org>
-Date: Fri, 8 May 2020 10:39:41 -0400
-Subject: [PATCH] gnutls: prevent buffer overflow in get_cert_name
-
-The test suite for ocserv calls openconnect with a certificate that has
-a name that is 84 bytes in length. The buffer passed to get_cert_name is
-currently 80 bytes.
-
-The gnutls_x509_crt_get_dn_by_oid function will update the buffer size
-parameter if the buffer is too small.
-
-http://man7.org/linux/man-pages/man3/gnutls_x509_crt_get_dn_by_oid.3.html
-
-RETURNS
-       GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long
-       enough, and in that case the  buf_size will be updated with the
-       required size. GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there are no
-       data in the current index. On success 0 is returned.
-
-Use a temporary variable to avoid clobbering the namelen variable that is
-passed to get_cert_name.
-
-Bug: https://bugs.gentoo.org/721570
-Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
-Signed-off-by: Mike Gilbert <floppym@gentoo.org>
----
- gnutls.c | 17 ++++++++++++-----
- 1 file changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/gnutls.c b/gnutls.c
-index 36bc82e0..53bf2a43 100644
---- a/gnutls.c
-+++ b/gnutls.c
-@@ -546,12 +546,19 @@ static int count_x509_certificates(gnutls_datum_t *datum)
- 
- static int get_cert_name(gnutls_x509_crt_t cert, char *name, size_t namelen)
- {
-+	/* When the name buffer is not big enough, gnutls_x509_crt_get_dn*() will
-+	 * update the length argument to the required size, and return
-+	 * GNUTLS_E_SHORT_MEMORY_BUFFER. We need to avoid clobbering the original
-+	 * length variable. */
-+	size_t nl = namelen;
- 	if (gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME,
--					  0, 0, name, &namelen) &&
--	    gnutls_x509_crt_get_dn(cert, name, &namelen)) {
--		name[namelen-1] = 0;
--		snprintf(name, namelen-1, "<unknown>");
--		return -EINVAL;
-+					  0, 0, name, &nl)) {
-+		nl = namelen;
-+		if (gnutls_x509_crt_get_dn(cert, name, &nl)) {
-+			name[namelen-1] = 0;
-+			snprintf(name, namelen-1, "<unknown>");
-+			return -EINVAL;
-+		}
- 	}
- 	return 0;
- }
--- 
-2.26.2
-

diff --git a/net-vpn/openconnect/files/README.OpenRC.txt b/net-vpn/openconnect/files/README.OpenRC.txt
deleted file mode 100644
index 6bd43e62dfb..00000000000
--- a/net-vpn/openconnect/files/README.OpenRC.txt
+++ /dev/null
@@ -1,25 +0,0 @@
-The init script for openconnect supports multiple vpn tunnels.
-
-You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d
-instead of calling it directly:
-
-ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0
-
-You can then start the vpn tunnel like this:
-
-/etc/init.d/openconnect.vpn0 start
-
-If you would like to run preup, postup, predown, and/or postdown scripts,
-You need to create a directory in /etc/openconnect with the name of the vpn:
-
-mkdir /etc/openconnect/vpn0
-
-Then add executable shell files:
-
-mkdir /etc/openconnect/vpn0
-cd /etc/openconnect/vpn0
-echo '#!/bin/sh' > preup.sh
-cp preup.sh predown.sh
-cp preup.sh postup.sh
-cp preup.sh postdown.sh
-chmod 755 /etc/openconnect/vpn0/*

diff --git a/net-vpn/openconnect/files/openconnect.conf.in b/net-vpn/openconnect/files/openconnect.conf.in
deleted file mode 100644
index 7e44f569c0c..00000000000
--- a/net-vpn/openconnect/files/openconnect.conf.in
+++ /dev/null
@@ -1,26 +0,0 @@
-# Variables to configure vpn tunnels where "vpnname" is the name of your vpn tunnel:
-#
-# server_vpnname
-# password_vpnname
-# vpnopts_vpnname
-#
-# The tunnel will need to be started with a symbolic link to openconnect:
-#
-# ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpnname
-#
-# If you'd like to execute a script on preup, postup, predown and postdown of the vpn tunnel, you
-# need to create executable scripts in a directory with the same name as
-# the vpn tunnel (vpn0 can be replaced with the vpn name):
-#
-# mkdir /etc/openconnect/vpn0
-# cd /etc/openconnect/vpn0"
-# echo '#!/bin/sh' > preup.sh"
-# cp preup.sh predown.sh"
-# cp preup.sh postup.sh"
-# cp preup.sh postdown.sh"
-# chmod 755 /etc/openconnect/vpn0/*"
-
-server_vpn0="vpn.server.tld"
-password_vpn0="YOUR_PASSWORD"
-# Any OPENCONNECT options my go here (see openconnect --help)
-vpnopts_vpn0="-l --passwd-on-stdin --user=YOUR_USERNAME"

diff --git a/net-vpn/openconnect/files/openconnect.init.in-r4 b/net-vpn/openconnect/files/openconnect.init.in-r4
deleted file mode 100644
index 040edc76f63..00000000000
--- a/net-vpn/openconnect/files/openconnect.init.in-r4
+++ /dev/null
@@ -1,88 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-VPN="${RC_SVCNAME#*.}"
-VPNDIR="/etc/openconnect/${VPN}"
-VPNLOG="/var/log/openconnect/${VPN}"
-VPNLOGFILE="${VPNLOG}/openconnect.log"
-VPNERRFILE="${VPNLOG}/openconnect.err"
-
-command="/usr/sbin/openconnect"
-name="OpenConnect: ${VPN}"
-pidfile="/run/openconnect/${VPN}.pid"
-stopsig="SIGINT"
-
-depend() {
-	before netmount
-}
-
-checkconfig() {
-	if [ $VPN = "openconnect" ]; then
-		eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:"
-		eerror
-		eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0"
-		eerror
-		eerror "And then call it instead:"
-		eerror
-		eerror "/etc/init.d/openconnect.vpn0 start"
-		return 1
-	fi
-}
-
-checktuntap() {
-	if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then
-		if ! modprobe tun ; then
-			eerror "TUN/TAP support is not available in this kernel"
-			return 1
-		fi
-	fi
-}
-
-run_hook() {
-	if [ -x "$1" ]; then
-		"$@"
-	fi
-}
-
-start_pre() {
-	checkconfig || return
-	checktuntap || return
-	checkpath -d "${VPNLOG}" || return
-	checkpath -d /run/openconnect || return
-	run_hook "${VPNDIR}/preup.sh"
-}
-
-start() {
-	local server vpnopts password
-	eval server=\$server_${VPN}
-	eval vpnopts=\$vpnopts_${VPN}
-	eval password=\$password_${VPN}
-
-	ebegin "Starting ${name}"
-	start-stop-daemon --start --exec "${command}" -- \
-		--background \
-		--interface="${VPN}" \
-		--pid-file="${pidfile}" \
-		${vpnopts} \
-		"${server}" \
-		>> "${VPNLOGFILE}" \
-		2>> "${VPNERRFILE}" \
-		<<EOF
-${password}
-EOF
-	eend $?
-}
-
-start_post() {
-	run_hook "${VPNDIR}/postup.sh"
-}
-
-stop_pre() {
-	checkconfig || return
-	run_hook "${VPNDIR}/predown.sh"
-}
-
-stop_post() {
-	run_hook "${VPNDIR}/postdown.sh"
-}

diff --git a/net-vpn/openconnect/openconnect-8.09-r3.ebuild b/net-vpn/openconnect/openconnect-8.09-r3.ebuild
deleted file mode 100644
index c5c21a23d94..00000000000
--- a/net-vpn/openconnect/openconnect-8.09-r3.ebuild
+++ /dev/null
@@ -1,152 +0,0 @@
-# Copyright 2011-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python{3_7,3_8,3_9} )
-PYTHON_REQ_USE="xml"
-
-inherit linux-info python-any-r1
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
-	inherit git-r3 autotools
-else
-	ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
-	KEYWORDS="amd64 arm arm64 ppc64 x86"
-fi
-VPNC_VER=20200226
-SRC_URI="${ARCHIVE_URI}
-	ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz"
-
-DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
-HOMEPAGE="http://www.infradead.org/openconnect.html"
-
-LICENSE="LGPL-2.1 GPL-2"
-SLOT="0/5"
-IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test"
-RESTRICT="!test? ( test )"
-
-DEPEND="
-	dev-libs/libxml2
-	sys-libs/zlib
-	!gnutls? (
-		>=dev-libs/openssl-1.0.1h:0=
-	)
-	gnutls? (
-		app-crypt/trousers
-		app-misc/ca-certificates
-		dev-libs/nettle
-		>=net-libs/gnutls-3.6.13:0=
-		dev-libs/libtasn1:0=
-		app-crypt/tpm2-tss
-	)
-	gssapi? ( virtual/krb5 )
-	libproxy? ( net-libs/libproxy )
-	lz4? ( app-arch/lz4:= )
-	nls? ( virtual/libintl )
-	smartcard? ( sys-apps/pcsc-lite:0= )
-	stoken? ( app-crypt/stoken )
-"
-RDEPEND="${DEPEND}
-	sys-apps/iproute2
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( ${PYTHON_DEPS} sys-apps/groff )
-	nls? ( sys-devel/gettext )
-	test? (
-		net-libs/socket_wrapper
-		net-vpn/ocserv
-		sys-libs/uid_wrapper
-	)
-"
-
-CONFIG_CHECK="~TUN"
-
-pkg_pretend() {
-	check_extra_config
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999 ]]; then
-		git-r3_src_unpack
-	fi
-	default
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}"/8.09-gnutls-buffer-overflow.patch
-	)
-	default
-	if [[ ${PV} == 9999 ]]; then
-		eautoreconf
-	fi
-}
-
-src_configure() {
-	if use doc; then
-		python_setup
-	else
-		export ac_cv_path_PYTHON=
-	fi
-
-	# Used by tests if userpriv is disabled
-	addwrite /run/netns
-
-	local myconf=(
-		--disable-dsa-tests
-		$(use_enable nls)
-		--disable-static
-		$(use_with !gnutls openssl)
-		$(use_with gnutls)
-		$(use_with libproxy)
-		$(use_with lz4)
-		$(use_with gssapi)
-		$(use_with smartcard libpcsclite)
-		$(use_with stoken)
-		--with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh"
-		--without-java
-	)
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local charset
-	for charset in UTF-8 ISO8859-2; do
-		if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
-			# If we don't have valid cs_CZ locale data, auth-nonascii will fail.
-			# Force a test skip by exiting with status 77.
-			sed -i -e '2i exit 77' tests/auth-nonascii || die
-			break
-		fi
-	done
-	default
-}
-
-src_install() {
-	default
-
-	find "${ED}" -name '*.la' -delete || die
-
-	dodoc "${FILESDIR}"/README.OpenRC.txt
-
-	newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect
-	insinto /etc/openconnect
-
-	newconfd "${FILESDIR}"/openconnect.conf.in openconnect
-
-	exeinto /etc/openconnect
-	newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/openconnect.logrotate openconnect
-
-	keepdir /var/log/openconnect
-}

diff --git a/net-vpn/openconnect/openconnect-8.10.ebuild b/net-vpn/openconnect/openconnect-8.10.ebuild
deleted file mode 100644
index ff4f18582c1..00000000000
--- a/net-vpn/openconnect/openconnect-8.10.ebuild
+++ /dev/null
@@ -1,149 +0,0 @@
-# Copyright 2011-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python{3_7,3_8,3_9} )
-PYTHON_REQ_USE="xml"
-
-inherit linux-info python-any-r1
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
-	inherit git-r3 autotools
-else
-	ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
-	KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
-fi
-VPNC_VER=20200930
-SRC_URI="${ARCHIVE_URI}
-	ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz"
-
-DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
-HOMEPAGE="http://www.infradead.org/openconnect.html"
-
-LICENSE="LGPL-2.1 GPL-2"
-SLOT="0/5"
-IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test"
-RESTRICT="!test? ( test )"
-
-DEPEND="
-	dev-libs/libxml2
-	sys-libs/zlib
-	!gnutls? (
-		>=dev-libs/openssl-1.0.1h:0=
-	)
-	gnutls? (
-		app-crypt/trousers
-		app-misc/ca-certificates
-		dev-libs/nettle
-		>=net-libs/gnutls-3.6.13:0=
-		dev-libs/libtasn1:0=
-		app-crypt/tpm2-tss
-	)
-	gssapi? ( virtual/krb5 )
-	libproxy? ( net-libs/libproxy )
-	lz4? ( app-arch/lz4:= )
-	nls? ( virtual/libintl )
-	smartcard? ( sys-apps/pcsc-lite:0= )
-	stoken? ( app-crypt/stoken )
-"
-RDEPEND="${DEPEND}
-	sys-apps/iproute2
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( ${PYTHON_DEPS} sys-apps/groff )
-	nls? ( sys-devel/gettext )
-	test? (
-		net-libs/socket_wrapper
-		net-vpn/ocserv
-		sys-libs/uid_wrapper
-	)
-"
-
-CONFIG_CHECK="~TUN"
-
-pkg_pretend() {
-	check_extra_config
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999 ]]; then
-		git-r3_src_unpack
-	fi
-	default
-}
-
-src_prepare() {
-	default
-	if [[ ${PV} == 9999 ]]; then
-		eautoreconf
-	fi
-}
-
-src_configure() {
-	if use doc; then
-		python_setup
-	else
-		export ac_cv_path_PYTHON=
-	fi
-
-	# Used by tests if userpriv is disabled
-	addwrite /run/netns
-
-	local myconf=(
-		--disable-dsa-tests
-		$(use_enable nls)
-		--disable-static
-		$(use_with !gnutls openssl)
-		$(use_with gnutls)
-		$(use_with libproxy)
-		$(use_with lz4)
-		$(use_with gssapi)
-		$(use_with smartcard libpcsclite)
-		$(use_with stoken)
-		--with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh"
-		--without-java
-	)
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local charset
-	for charset in UTF-8 ISO8859-2; do
-		if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
-			# If we don't have valid cs_CZ locale data, auth-nonascii will fail.
-			# Force a test skip by exiting with status 77.
-			sed -i -e '2i exit 77' tests/auth-nonascii || die
-			break
-		fi
-	done
-	default
-}
-
-src_install() {
-	default
-
-	find "${ED}" -name '*.la' -delete || die
-
-	dodoc "${FILESDIR}"/README.OpenRC.txt
-
-	newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect
-	insinto /etc/openconnect
-
-	newconfd "${FILESDIR}"/openconnect.conf.in openconnect
-
-	exeinto /etc/openconnect
-	newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/openconnect.logrotate openconnect
-
-	keepdir /var/log/openconnect
-}


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
@ 2022-04-11  1:08 Mike Gilbert
  0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2022-04-11  1:08 UTC (permalink / raw
  To: gentoo-commits

commit:     cb84d12940f854ce1704fa1afacc92422810b7b5
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Apr 11 00:58:05 2022 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Mon Apr 11 00:58:42 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb84d129

net-vpn/openconnect: add 8.20

Closes: https://bugs.gentoo.org/837638
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 net-vpn/openconnect/Manifest                       |   1 +
 .../openconnect/files/8.20-insecure-crypto.patch   |  46 ++++++
 net-vpn/openconnect/files/8.20-rsa-securid.patch   |  51 +++++++
 net-vpn/openconnect/openconnect-8.20.ebuild        | 154 +++++++++++++++++++++
 4 files changed, 252 insertions(+)

diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest
index 3938384a6964..d98ead0c1db1 100644
--- a/net-vpn/openconnect/Manifest
+++ b/net-vpn/openconnect/Manifest
@@ -1 +1,2 @@
 DIST openconnect-8.10.tar.gz 2084534 BLAKE2B 98ad0e24e09bc565f359139540f60eb9b6b5ed2239a9c46c56889b8554fc3de3605c10f1bb4fa0b0b206ba35404ae90a389ab8dcee54cf05a24d984529d24c2a SHA512 a36a106cf5c637602fc5bd3cd12df8f6dfe55217c1aae93c66ca33208507f3f8cda15e3a46d75615c7fcea1859d1a04017a07674ad0246876154467305477356
+DIST openconnect-8.20.tar.gz 2651542 BLAKE2B 327b437993ee0d705c0194202f6fd7c2b330e69bfbb916ef004b0662c8b9aebc1252aa3c83bd41b4d1cf85b933878d37b1a7608f076d82b50e325a3efaea2dec SHA512 76f5e49948391397ea1f7d2fca5798731f4278fee74c3da9b0f0daba6c386ce79ec5d87d40b6d3d99bb2528a038b5a2076df4159bb29c52cba62efb2ca52c8ab

diff --git a/net-vpn/openconnect/files/8.20-insecure-crypto.patch b/net-vpn/openconnect/files/8.20-insecure-crypto.patch
new file mode 100644
index 000000000000..7644e1a264ba
--- /dev/null
+++ b/net-vpn/openconnect/files/8.20-insecure-crypto.patch
@@ -0,0 +1,46 @@
+From e2b38313bbd5050acaac49a75f0a024d05b505e5 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sun, 10 Apr 2022 12:21:57 -0400
+Subject: [PATCH] openssl: allow ALL ciphers when allow-insecure-crypto is
+ enabled
+
+Previously, the cipher list was set to "DEFAULT:+3DES:+RC4". However,
+according to ciphers(1), the DEFAULT keyword cannot be combined with
+other strings using the + characters. In other words, ":+3DES:+RC4" gets
+ignored.
+
+The user is opting into insecure behavior, so let's keep it simple and
+just allow everything.
+
+This change fixes the obsolete-server-crypto test when openconnect is
+built against openssl-1.1.x.
+
+Signed-off-by: Mike Gilbert <floppym@gentoo.org>
+---
+ openssl.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/openssl.c b/openssl.c
+index 3205dbd7..2bf594e7 100644
+--- a/openssl.c
++++ b/openssl.c
+@@ -1868,13 +1868,10 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
+ 			struct oc_text_buf *buf = buf_alloc();
+ 			if (vpninfo->pfs)
+ 				buf_append(buf, "HIGH:!aNULL:!eNULL:-RSA");
++			else if (vpninfo->allow_insecure_crypto)
++				buf_append(buf, "ALL");
+ 			else
+-				buf_append(buf, "DEFAULT");
+-
+-			if (vpninfo->allow_insecure_crypto)
+-				buf_append(buf, ":+3DES:+RC4");
+-			else
+-				buf_append(buf, ":-3DES:-RC4");
++				buf_append(buf, "DEFAULT:-3DES:-RC4");
+ 
+ 			if (buf_error(buf)) {
+ 				vpn_progress(vpninfo, PRG_ERR,
+-- 
+2.35.1
+

diff --git a/net-vpn/openconnect/files/8.20-rsa-securid.patch b/net-vpn/openconnect/files/8.20-rsa-securid.patch
new file mode 100644
index 000000000000..57ab2d740707
--- /dev/null
+++ b/net-vpn/openconnect/files/8.20-rsa-securid.patch
@@ -0,0 +1,51 @@
+From 19417131895eb39aabf3641a9e4e0d7082b04f6d Mon Sep 17 00:00:00 2001
+From: Daniel Lenski <dlenski@gmail.com>
+Date: Mon, 7 Mar 2022 08:50:13 -0800
+Subject: [PATCH] Bugfix RSA SecurID token decryption and PIN entry forms
+
+As of
+https://gitlab.com/openconnect/openconnect/-/commit/386a6edb6d2d1d2cd3e9c9de8d85dc7bfda60d34,
+all auth forms are required to have a non-NULL `auth_id`.
+
+However, we forget to make stoken.c set the `auth_id` for the forms that it
+creates for RSA SecurID token decryption and PIN entry.  Let's name these:
+
+  - `_rsa_unlock`, for token decryption.
+  - `_rsa_pin`, for PIN entry.  Also, rename the numeric PIN field to `pin`
+    rather than `password`; there can't be any existing users relying on
+    `--form-entry` to set its value, because that wouldn't work without the
+    `auth_id`.
+
+Fixes #388.
+
+Signed-off-by: Daniel Lenski <dlenski@gmail.com>
+---
+ stoken.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/stoken.c b/stoken.c
+index 00a67625..45d849f5 100644
+--- a/stoken.c
++++ b/stoken.c
+@@ -100,6 +100,7 @@ static int decrypt_stoken(struct openconnect_info *vpninfo)
+ 
+ 	form.opts = opts;
+ 	form.message = _("Enter credentials to unlock software token.");
++	form.auth_id = "_rsa_unlock";
+ 
+ 	if (stoken_devid_required(vpninfo->stoken_ctx)) {
+ 		opt->type = OC_FORM_OPT_TEXT;
+@@ -206,9 +207,10 @@ static int request_stoken_pin(struct openconnect_info *vpninfo)
+ 
+ 	form.opts = opts;
+ 	form.message = _("Enter software token PIN.");
++	form.auth_id = "_rsa_pin";
+ 
+ 	opt->type = OC_FORM_OPT_PASSWORD;
+-	opt->name = (char *)"password";
++	opt->name = (char *)"pin";
+ 	opt->label = _("PIN:");
+ 	opt->flags = OC_FORM_OPT_NUMERIC;
+ 
+-- 
+GitLab

diff --git a/net-vpn/openconnect/openconnect-8.20.ebuild b/net-vpn/openconnect/openconnect-8.20.ebuild
new file mode 100644
index 000000000000..ba5c1e11f3b9
--- /dev/null
+++ b/net-vpn/openconnect/openconnect-8.20.ebuild
@@ -0,0 +1,154 @@
+# Copyright 2011-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{8..10} )
+PYTHON_REQ_USE="xml"
+
+inherit linux-info python-any-r1
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
+	inherit git-r3 autotools
+else
+	SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~riscv ~x86"
+fi
+
+DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
+HOMEPAGE="http://www.infradead.org/openconnect.html"
+
+LICENSE="LGPL-2.1 GPL-2"
+SLOT="0/5"
+IUSE="doc +gnutls gssapi libproxy lz4 nls pskc selinux smartcard stoken test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+	dev-libs/libxml2
+	sys-libs/zlib
+	app-crypt/p11-kit
+	!gnutls? (
+		>=dev-libs/openssl-1.0.1h:0=
+		dev-libs/libp11
+		test? ( || (
+			>=dev-libs/openssl-1.1.0:0[weak-ssl-ciphers(-)]
+			<dev-libs/openssl-1.1.0:0
+		) )
+	)
+	gnutls? (
+		app-crypt/trousers
+		app-misc/ca-certificates
+		dev-libs/nettle
+		>=net-libs/gnutls-3.6.13:0=
+		dev-libs/libtasn1:0=
+		app-crypt/tpm2-tss
+	)
+	gssapi? ( virtual/krb5 )
+	libproxy? ( net-libs/libproxy )
+	lz4? ( app-arch/lz4:= )
+	nls? ( virtual/libintl )
+	pskc? ( sys-auth/oath-toolkit[pskc] )
+	smartcard? ( sys-apps/pcsc-lite:0= )
+	stoken? ( app-crypt/stoken )
+"
+RDEPEND="${DEPEND}
+	sys-apps/iproute2
+	>=net-vpn/vpnc-scripts-20210402-r1
+	selinux? ( sec-policy/selinux-vpn )
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( ${PYTHON_DEPS} sys-apps/groff )
+	nls? ( sys-devel/gettext )
+	test? (
+		net-libs/socket_wrapper
+		net-vpn/ocserv
+		sys-libs/uid_wrapper
+	)
+"
+
+CONFIG_CHECK="~TUN"
+
+pkg_pretend() {
+	check_extra_config
+}
+
+pkg_setup() {
+	:
+}
+
+src_unpack() {
+	if [[ ${PV} == 9999 ]]; then
+		git-r3_src_unpack
+	fi
+	default
+}
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/8.20-rsa-securid.patch"
+		"${FILESDIR}/8.20-insecure-crypto.patch"
+	)
+	default
+	if [[ ${PV} == 9999 ]]; then
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	if use doc; then
+		python_setup
+	else
+		export ac_cv_path_PYTHON=
+	fi
+
+	# Used by tests if userpriv is disabled
+	addwrite /run/netns
+
+	local myconf=(
+		--disable-dsa-tests
+		$(use_enable nls)
+		--disable-static
+		$(use_with !gnutls openssl)
+		$(use_with gnutls)
+		$(use_with libproxy)
+		$(use_with lz4)
+		$(use_with gssapi)
+		$(use_with pskc libpskc)
+		$(use_with smartcard libpcsclite)
+		$(use_with stoken)
+		--with-vpnc-script="${EPREFIX}/etc/vpnc/vpnc-script"
+		--without-java
+	)
+
+	econf "${myconf[@]}"
+}
+
+src_test() {
+	local charset
+	for charset in UTF-8 ISO-8859-2; do
+		if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
+			# If we don't have valid cs_CZ locale data, auth-nonascii will fail.
+			# Force a test skip by exiting with status 77.
+			sed -i -e '2i exit 77' tests/auth-nonascii || die
+			break
+		fi
+	done
+	default
+}
+
+src_install() {
+	default
+	find "${ED}" -name '*.la' -delete || die
+
+	dodoc "${FILESDIR}"/README.OpenRC
+
+	newconfd "${FILESDIR}"/openconnect.confd openconnect
+	newinitd "${FILESDIR}"/openconnect.initd openconnect
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/openconnect.logrotate openconnect
+
+	keepdir /var/log/openconnect
+}


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
@ 2022-07-31 17:04 Mike Gilbert
  0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2022-07-31 17:04 UTC (permalink / raw
  To: gentoo-commits

commit:     9ea2b28e1c70517b35d40fc0dd93c410c1c18ff7
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 31 17:03:53 2022 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun Jul 31 17:03:53 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9ea2b28e

net-vpn/openconnect: drop 8.20-r1

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 net-vpn/openconnect/Manifest                       |   1 -
 .../openconnect/files/8.20-insecure-crypto.patch   |  46 -------
 net-vpn/openconnect/files/8.20-rsa-securid.patch   |  51 -------
 net-vpn/openconnect/openconnect-8.20-r1.ebuild     | 153 ---------------------
 4 files changed, 251 deletions(-)

diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest
index a7dd1ff6597b..a855a2300764 100644
--- a/net-vpn/openconnect/Manifest
+++ b/net-vpn/openconnect/Manifest
@@ -1,2 +1 @@
-DIST openconnect-8.20.tar.gz 2651542 BLAKE2B 327b437993ee0d705c0194202f6fd7c2b330e69bfbb916ef004b0662c8b9aebc1252aa3c83bd41b4d1cf85b933878d37b1a7608f076d82b50e325a3efaea2dec SHA512 76f5e49948391397ea1f7d2fca5798731f4278fee74c3da9b0f0daba6c386ce79ec5d87d40b6d3d99bb2528a038b5a2076df4159bb29c52cba62efb2ca52c8ab
 DIST openconnect-9.01.tar.gz 2718526 BLAKE2B e346b30ed8a299bcdd1fc88868d59b4d501c48bc5c02092e92e7ded0cd36e4de6a5b65aae4f6bf8c9aa60cf70f5466b110b64889df8d286016c9a1b4d9f46ff7 SHA512 b7428847a90f8ca9d1f1f61653c1f2486f0a07989f3b7435b746c5e901998194f4ee2b4f9569a548a23bba368bb1e9f273674c0759aac9df30208d2a6a303c34

diff --git a/net-vpn/openconnect/files/8.20-insecure-crypto.patch b/net-vpn/openconnect/files/8.20-insecure-crypto.patch
deleted file mode 100644
index 7644e1a264ba..000000000000
--- a/net-vpn/openconnect/files/8.20-insecure-crypto.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From e2b38313bbd5050acaac49a75f0a024d05b505e5 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Sun, 10 Apr 2022 12:21:57 -0400
-Subject: [PATCH] openssl: allow ALL ciphers when allow-insecure-crypto is
- enabled
-
-Previously, the cipher list was set to "DEFAULT:+3DES:+RC4". However,
-according to ciphers(1), the DEFAULT keyword cannot be combined with
-other strings using the + characters. In other words, ":+3DES:+RC4" gets
-ignored.
-
-The user is opting into insecure behavior, so let's keep it simple and
-just allow everything.
-
-This change fixes the obsolete-server-crypto test when openconnect is
-built against openssl-1.1.x.
-
-Signed-off-by: Mike Gilbert <floppym@gentoo.org>
----
- openssl.c | 9 +++------
- 1 file changed, 3 insertions(+), 6 deletions(-)
-
-diff --git a/openssl.c b/openssl.c
-index 3205dbd7..2bf594e7 100644
---- a/openssl.c
-+++ b/openssl.c
-@@ -1868,13 +1868,10 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
- 			struct oc_text_buf *buf = buf_alloc();
- 			if (vpninfo->pfs)
- 				buf_append(buf, "HIGH:!aNULL:!eNULL:-RSA");
-+			else if (vpninfo->allow_insecure_crypto)
-+				buf_append(buf, "ALL");
- 			else
--				buf_append(buf, "DEFAULT");
--
--			if (vpninfo->allow_insecure_crypto)
--				buf_append(buf, ":+3DES:+RC4");
--			else
--				buf_append(buf, ":-3DES:-RC4");
-+				buf_append(buf, "DEFAULT:-3DES:-RC4");
- 
- 			if (buf_error(buf)) {
- 				vpn_progress(vpninfo, PRG_ERR,
--- 
-2.35.1
-

diff --git a/net-vpn/openconnect/files/8.20-rsa-securid.patch b/net-vpn/openconnect/files/8.20-rsa-securid.patch
deleted file mode 100644
index 57ab2d740707..000000000000
--- a/net-vpn/openconnect/files/8.20-rsa-securid.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 19417131895eb39aabf3641a9e4e0d7082b04f6d Mon Sep 17 00:00:00 2001
-From: Daniel Lenski <dlenski@gmail.com>
-Date: Mon, 7 Mar 2022 08:50:13 -0800
-Subject: [PATCH] Bugfix RSA SecurID token decryption and PIN entry forms
-
-As of
-https://gitlab.com/openconnect/openconnect/-/commit/386a6edb6d2d1d2cd3e9c9de8d85dc7bfda60d34,
-all auth forms are required to have a non-NULL `auth_id`.
-
-However, we forget to make stoken.c set the `auth_id` for the forms that it
-creates for RSA SecurID token decryption and PIN entry.  Let's name these:
-
-  - `_rsa_unlock`, for token decryption.
-  - `_rsa_pin`, for PIN entry.  Also, rename the numeric PIN field to `pin`
-    rather than `password`; there can't be any existing users relying on
-    `--form-entry` to set its value, because that wouldn't work without the
-    `auth_id`.
-
-Fixes #388.
-
-Signed-off-by: Daniel Lenski <dlenski@gmail.com>
----
- stoken.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/stoken.c b/stoken.c
-index 00a67625..45d849f5 100644
---- a/stoken.c
-+++ b/stoken.c
-@@ -100,6 +100,7 @@ static int decrypt_stoken(struct openconnect_info *vpninfo)
- 
- 	form.opts = opts;
- 	form.message = _("Enter credentials to unlock software token.");
-+	form.auth_id = "_rsa_unlock";
- 
- 	if (stoken_devid_required(vpninfo->stoken_ctx)) {
- 		opt->type = OC_FORM_OPT_TEXT;
-@@ -206,9 +207,10 @@ static int request_stoken_pin(struct openconnect_info *vpninfo)
- 
- 	form.opts = opts;
- 	form.message = _("Enter software token PIN.");
-+	form.auth_id = "_rsa_pin";
- 
- 	opt->type = OC_FORM_OPT_PASSWORD;
--	opt->name = (char *)"password";
-+	opt->name = (char *)"pin";
- 	opt->label = _("PIN:");
- 	opt->flags = OC_FORM_OPT_NUMERIC;
- 
--- 
-GitLab

diff --git a/net-vpn/openconnect/openconnect-8.20-r1.ebuild b/net-vpn/openconnect/openconnect-8.20-r1.ebuild
deleted file mode 100644
index c9b970792d0e..000000000000
--- a/net-vpn/openconnect/openconnect-8.20-r1.ebuild
+++ /dev/null
@@ -1,153 +0,0 @@
-# Copyright 2011-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{8..10} )
-PYTHON_REQ_USE="xml"
-
-inherit linux-info python-any-r1
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
-	inherit git-r3 autotools
-else
-	SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
-	KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86"
-fi
-
-DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
-HOMEPAGE="https://www.infradead.org/openconnect/"
-
-LICENSE="LGPL-2.1 GPL-2"
-SLOT="0/5"
-IUSE="doc +gnutls gssapi libproxy lz4 nls pskc selinux smartcard stoken test"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	dev-libs/libxml2
-	sys-libs/zlib
-	app-crypt/p11-kit
-	!gnutls? (
-		>=dev-libs/openssl-1.0.1h:0=
-		dev-libs/libp11
-	)
-	gnutls? (
-		app-crypt/trousers
-		app-misc/ca-certificates
-		dev-libs/nettle
-		>=net-libs/gnutls-3.6.13:0=
-		dev-libs/libtasn1:0=
-		app-crypt/tpm2-tss:=
-	)
-	gssapi? ( virtual/krb5 )
-	libproxy? ( net-libs/libproxy )
-	lz4? ( app-arch/lz4:= )
-	nls? ( virtual/libintl )
-	pskc? ( sys-auth/oath-toolkit[pskc] )
-	smartcard? ( sys-apps/pcsc-lite:0= )
-	stoken? ( app-crypt/stoken )
-"
-DEPEND="${COMMON_DEPEND}
-	test? (
-		net-libs/socket_wrapper
-		sys-libs/uid_wrapper
-		!gnutls? ( dev-libs/openssl:0[weak-ssl-ciphers(-)] )
-	)
-"
-RDEPEND="${COMMON_DEPEND}
-	sys-apps/iproute2
-	>=net-vpn/vpnc-scripts-20210402-r1
-	selinux? ( sec-policy/selinux-vpn )
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( ${PYTHON_DEPS} sys-apps/groff )
-	nls? ( sys-devel/gettext )
-	test? ( net-vpn/ocserv )
-"
-
-CONFIG_CHECK="~TUN"
-
-pkg_pretend() {
-	check_extra_config
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999 ]]; then
-		git-r3_src_unpack
-	fi
-	default
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/8.20-rsa-securid.patch"
-		"${FILESDIR}/8.20-insecure-crypto.patch"
-	)
-	default
-	if [[ ${PV} == 9999 ]]; then
-		eautoreconf
-	fi
-}
-
-src_configure() {
-	if use doc; then
-		python_setup
-	else
-		export ac_cv_path_PYTHON=
-	fi
-
-	# Used by tests if userpriv is disabled
-	addwrite /run/netns
-
-	local myconf=(
-		--disable-dsa-tests
-		$(use_enable nls)
-		--disable-static
-		$(use_with !gnutls openssl)
-		$(use_with gnutls)
-		$(use_with libproxy)
-		$(use_with lz4)
-		$(use_with gssapi)
-		$(use_with pskc libpskc)
-		$(use_with smartcard libpcsclite)
-		$(use_with stoken)
-		--with-vpnc-script="${EPREFIX}/etc/vpnc/vpnc-script"
-		--without-java
-	)
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local charset
-	for charset in UTF-8 ISO-8859-2; do
-		if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
-			# If we don't have valid cs_CZ locale data, auth-nonascii will fail.
-			# Force a test skip by exiting with status 77.
-			sed -i -e '2i exit 77' tests/auth-nonascii || die
-			break
-		fi
-	done
-	default
-}
-
-src_install() {
-	default
-	find "${ED}" -name '*.la' -delete || die
-
-	dodoc "${FILESDIR}"/README.OpenRC
-
-	newconfd "${FILESDIR}"/openconnect.confd openconnect
-	newinitd "${FILESDIR}"/openconnect.initd openconnect
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/openconnect.logrotate openconnect
-
-	keepdir /var/log/openconnect
-}


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
@ 2022-08-19 19:12 Mike Gilbert
  0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2022-08-19 19:12 UTC (permalink / raw
  To: gentoo-commits

commit:     40559d7761064c24a692fbf4ec9fa97f450958b2
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Fri Aug 19 19:01:43 2022 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Fri Aug 19 19:12:51 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40559d77

net-vpn/openconnect: include inttypes.h in jsondump.c

Closes: https://bugs.gentoo.org/865797
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../files/openconnect-9.01-inttypes.patch          | 32 ++++++++++++++++++++++
 net-vpn/openconnect/openconnect-9.01.ebuild        |  3 ++
 2 files changed, 35 insertions(+)

diff --git a/net-vpn/openconnect/files/openconnect-9.01-inttypes.patch b/net-vpn/openconnect/files/openconnect-9.01-inttypes.patch
new file mode 100644
index 000000000000..c9b28913ce9f
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect-9.01-inttypes.patch
@@ -0,0 +1,32 @@
+From c0775e6cd46fb5df6c6aab52314e3038c44d2152 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Fri, 19 Aug 2022 11:55:42 -0400
+Subject: [PATCH] jsondump.c: include <inttypes.h> for PRId64
+
+Fixes a build failure with gnutls and a json-parser snapshot taken on
+2021-12-08.
+
+Building with openssl or with the bundled copy of json-parser causes
+inttypes.h to be included indirectly.
+
+Bug: https://bugs.gentoo.org/865797
+Signed-off-by: Mike Gilbert <floppym@gentoo.org>
+---
+ jsondump.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/jsondump.c b/jsondump.c
+index a18780b5..2b097e8a 100644
+--- a/jsondump.c
++++ b/jsondump.c
+@@ -24,6 +24,7 @@
+ #include <string.h>
+ #include <ctype.h>
+ #include <errno.h>
++#include <inttypes.h>
+ 
+ /*
+  * Copyright (C) 2015 Mirko Pasqualetti  All rights reserved.
+-- 
+GitLab
+

diff --git a/net-vpn/openconnect/openconnect-9.01.ebuild b/net-vpn/openconnect/openconnect-9.01.ebuild
index 824c77958d4b..e4aa08f994e4 100644
--- a/net-vpn/openconnect/openconnect-9.01.ebuild
+++ b/net-vpn/openconnect/openconnect-9.01.ebuild
@@ -85,6 +85,9 @@ src_unpack() {
 }
 
 src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/openconnect-9.01-inttypes.patch"
+	)
 	default
 	if [[ ${PV} == 9999 ]]; then
 		eautoreconf


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
@ 2023-05-21 20:47 Mike Gilbert
  0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2023-05-21 20:47 UTC (permalink / raw
  To: gentoo-commits

commit:     a1af029715b1944e743630b661630228c1b90ec1
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Sun May 21 20:46:18 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sun May 21 20:47:03 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a1af0297

net-vpn/openconnect: drop 9.10, 9.11

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 net-vpn/openconnect/Manifest                       |   4 -
 .../files/openconnect-9.11-json-cflags.patch       |  57 -------
 net-vpn/openconnect/openconnect-9.10.ebuild        | 163 --------------------
 net-vpn/openconnect/openconnect-9.11.ebuild        | 164 ---------------------
 4 files changed, 388 deletions(-)

diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest
index a72035d984f5..ca17f671e069 100644
--- a/net-vpn/openconnect/Manifest
+++ b/net-vpn/openconnect/Manifest
@@ -1,7 +1,3 @@
 DIST openconnect-9.01.tar.gz 2718526 BLAKE2B e346b30ed8a299bcdd1fc88868d59b4d501c48bc5c02092e92e7ded0cd36e4de6a5b65aae4f6bf8c9aa60cf70f5466b110b64889df8d286016c9a1b4d9f46ff7 SHA512 b7428847a90f8ca9d1f1f61653c1f2486f0a07989f3b7435b746c5e901998194f4ee2b4f9569a548a23bba368bb1e9f273674c0759aac9df30208d2a6a303c34
-DIST openconnect-9.10.tar.gz 2843858 BLAKE2B 03349acaf2420fc1acb4e5787159a7185708e9e2fe8f7e3b54141342da361b304967a27d60ea3b3bede62b9e74718cbcc734c33c36bf49a7ab4ca8ee5d96bbbf SHA512 64d10ad67fccd11d1aaae23a77c6cfd8200bbba0eae21a7d01c604688ec9c35b5f19eeb9a47de14d383780eba64a2f6c06daccd4c1fae6289efdb0dc2fb7c536
-DIST openconnect-9.10.tar.gz.asc 833 BLAKE2B 37ac92d70b415ba4d80c6a9028610e5660eecf7bd826d8ea708c8c59b60ff2fc8dcdc583dbc163ad5929c34b034e44273dc91d966b81397daaa8edda6407f5bc SHA512 4ed8be3a8aa1a0bdedff94910b2de792c93025498f83b50033df9ef25fd0a9dd86ab3011183657b49bbc3c2b70a5acb9605bdfa722e2bb2f2318540d1047f730
-DIST openconnect-9.11.tar.gz 2844135 BLAKE2B a5b40c9d70eecd0464daf78367cb0af688596a71ddf90b19435f03446e9cdb1d7aba151436dbe819d2d2d9b70c30d38acd7caebfc8636ed5c960b70cf3e55b58 SHA512 fd1aa12597467102e7c94de9549f02f714736f997b050473d1e0f1a1abd9dc85186436209be9a8b24cafa9dc349329be7d583eb438ce06f14077a7c12598e55e
-DIST openconnect-9.11.tar.gz.asc 833 BLAKE2B de1f38aaf6abd158ef8d54934f239b88b72502b2b9205c35e3374eb4ce33cadd929f3ef5517b088bff152016ad12ed5be93fc46c28f7168cac8b36fd28c3360a SHA512 c8c25c12d6573ef2c97e5e6d9d46c4c002e7f8357d1bcc1a8b11c3c1fcbfa7e5b2414ac47b635fdea8d1028d9cb8160f1d79567fe046ac1e8b7136edf0e88e51
 DIST openconnect-9.12.tar.gz 2843115 BLAKE2B cd5f65ae0d67bece3e5aacdfb4c5c73c893d45d756554a1b6e39e66af5c6a171735d535ca7b16ed94244d02798d3c43a45b252ba05ddb0f3505f1fafc2ec0de9 SHA512 5c622e8bdfac3d21b5881660444e5d2b84e9463a99493d42cbfb480c3aa3972076bdeeb618aca02abed68e31dbeadcb66fb1c370e62a20f20cd544753c7ac48e
 DIST openconnect-9.12.tar.gz.asc 833 BLAKE2B c974439cef74eea9698a0b565c0d49c6026a0afe322739d5adfee2d484279d7366c6c3c703019ff2492eb3d5725de8e0fe4505d9e3a0e5b6d36201974d20a223 SHA512 ade33209a4c17bbdfd0bea7490588b248c36c4da56a9aec60818ed6c96bc8c3570b1f2ac2685003122a1e52dd9d24e4b678d77e001c752461649114167a7304c

diff --git a/net-vpn/openconnect/files/openconnect-9.11-json-cflags.patch b/net-vpn/openconnect/files/openconnect-9.11-json-cflags.patch
deleted file mode 100644
index c09e87bff7c9..000000000000
--- a/net-vpn/openconnect/files/openconnect-9.11-json-cflags.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From ce49cf495276c737fe95725da8f0773742fb838d Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Thu, 18 May 2023 15:04:17 -0400
-Subject: [PATCH] Move JSON_CFLAGS before LIBPROXY_CFLAGS
-
-Depending on build options, libproxy-1.0.pc depends indirectly
-on json-c.pc:
-
-libproxy-1.0 -> gio-2.0 -> mount -> libcryptsetup -> json-c
-
-This causes "pkg-config --cflags libproxy-1.0" to emit
-"-I/usr/include/json-c".
-
-json-c installs a "json.h" file that conflicts with the one provided by
-json-parser. If json-c comes before json-parser on the compiler command,
-we get a build failure:
-
-openconnect-internal.h:1654:59: error: unknown type name 'json_value'
-
-[ dwmw2: This is a combination of at *least* three different bugs in
-         three different packages conspiring to be my problem. See
-         https://gitlab.com/openconnect/openconnect/-/merge_requests/476#note_1397129468
-         But still, working around it does no harm for now.
-         Ironically, if the presence of json-c on the include path
-         wasn't *entirely* gratuitous then hiding it by putting it
-         last wouldn't actually work because then something would
-         fail to include the json-c version of <json.h> instead. ]
-
-Bug: https://bugs.gentoo.org/906662
-Signed-off-by: Mike Gilbert <floppym@gentoo.org>
-Signed-off-by: David Woodhouse <dwmw2@infradead.org>
----
- Makefile.am | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 495b46f2..a09c0614 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -128,10 +128,10 @@ endif
- 
- libopenconnect_la_SOURCES = version.c $(library_srcs)
- libopenconnect_la_CFLAGS = $(AM_CFLAGS) $(SSL_CFLAGS) $(DTLS_SSL_CFLAGS) \
--	$(LIBXML2_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS) $(P11KIT_CFLAGS) \
--	$(TSS_CFLAGS) $(LIBSTOKEN_CFLAGS) $(LIBPSKC_CFLAGS) $(GSSAPI_CFLAGS) \
--	$(INTL_CFLAGS) $(ICONV_CFLAGS) $(LIBPCSCLITE_CFLAGS) $(LIBP11_CFLAGS) \
--	$(LIBLZ4_CFLAGS) $(JSON_CFLAGS)
-+	$(LIBXML2_CFLAGS) $(JSON_CFLAGS) $(LIBPROXY_CFLAGS) $(ZLIB_CFLAGS) \
-+	$(P11KIT_CFLAGS) $(TSS_CFLAGS) $(LIBSTOKEN_CFLAGS) $(LIBPSKC_CFLAGS) \
-+	$(GSSAPI_CFLAGS) $(INTL_CFLAGS) $(ICONV_CFLAGS) $(LIBPCSCLITE_CFLAGS) \
-+	$(LIBP11_CFLAGS) $(LIBLZ4_CFLAGS)
- libopenconnect_la_LIBADD = $(SSL_LIBS) $(DTLS_SSL_LIBS) \
- 	$(LIBXML2_LIBS) $(LIBPROXY_LIBS) $(ZLIB_LIBS) $(P11KIT_LIBS) \
- 	$(TSS_LIBS) $(LIBSTOKEN_LIBS) $(LIBPSKC_LIBS) $(GSSAPI_LIBS) \
--- 
-GitLab
-

diff --git a/net-vpn/openconnect/openconnect-9.10.ebuild b/net-vpn/openconnect/openconnect-9.10.ebuild
deleted file mode 100644
index bda422a32553..000000000000
--- a/net-vpn/openconnect/openconnect-9.10.ebuild
+++ /dev/null
@@ -1,163 +0,0 @@
-# Copyright 2011-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-PYTHON_REQ_USE="xml(+)"
-
-inherit linux-info python-any-r1
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
-	inherit git-r3 autotools
-else
-	inherit verify-sig
-	SRC_URI="https://www.infradead.org/openconnect/download/${P}.tar.gz
-		verify-sig? ( https://www.infradead.org/openconnect/download/${P}.tar.gz.asc )"
-	KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
-fi
-
-DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
-HOMEPAGE="https://www.infradead.org/openconnect/"
-
-LICENSE="LGPL-2.1 GPL-2"
-SLOT="0/5"
-IUSE="doc +gnutls gssapi libproxy lz4 nls pskc selinux smartcard stoken test"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	dev-libs/json-parser:0=
-	dev-libs/libxml2
-	sys-libs/zlib
-	app-crypt/p11-kit
-	!gnutls? (
-		>=dev-libs/openssl-1.0.1h:0=
-		dev-libs/libp11
-	)
-	gnutls? (
-		app-crypt/trousers
-		app-misc/ca-certificates
-		dev-libs/nettle
-		>=net-libs/gnutls-3.6.13:0=
-		dev-libs/libtasn1:0=
-		app-crypt/tpm2-tss:=
-	)
-	gssapi? ( virtual/krb5 )
-	libproxy? ( net-libs/libproxy )
-	lz4? ( app-arch/lz4:= )
-	nls? ( virtual/libintl )
-	pskc? ( sys-auth/oath-toolkit[pskc(+)] )
-	smartcard? ( sys-apps/pcsc-lite:0= )
-	stoken? ( app-crypt/stoken )
-"
-DEPEND="${COMMON_DEPEND}
-	test? (
-		net-libs/socket_wrapper
-		sys-libs/uid_wrapper
-		!gnutls? ( dev-libs/openssl:0[weak-ssl-ciphers(-)] )
-	)
-"
-RDEPEND="${COMMON_DEPEND}
-	sys-apps/iproute2
-	>=net-vpn/vpnc-scripts-20210402-r1
-	selinux? ( sec-policy/selinux-vpn )
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( ${PYTHON_DEPS} sys-apps/groff )
-	nls? ( sys-devel/gettext )
-	test? ( net-vpn/ocserv )
-"
-
-if [[ ${PV} != 9999 ]]; then
-	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-dwmw2 )"
-	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/dwmw2@kernel.org.key"
-fi
-
-CONFIG_CHECK="~TUN"
-
-pkg_pretend() {
-	check_extra_config
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999 ]]; then
-		git-r3_src_unpack
-	else
-		if use verify-sig; then
-			verify-sig_verify_detached "${DISTDIR}/${P}".tar.gz{,.asc}
-		fi
-		unpack "${P}.tar.gz"
-	fi
-}
-
-src_prepare() {
-	default
-	if [[ ${PV} == 9999 ]]; then
-		eautoreconf
-	fi
-}
-
-src_configure() {
-	if use doc; then
-		python_setup
-	else
-		export ac_cv_path_PYTHON=
-	fi
-
-	# Used by tests if userpriv is disabled
-	addwrite /run/netns
-
-	local myconf=(
-		--disable-dsa-tests
-		$(use_enable nls)
-		--disable-static
-		$(use_with !gnutls openssl)
-		$(use_with gnutls)
-		$(use_with libproxy)
-		$(use_with lz4)
-		$(use_with gssapi)
-		$(use_with pskc libpskc)
-		$(use_with smartcard libpcsclite)
-		$(use_with stoken)
-		--with-vpnc-script="${EPREFIX}/etc/vpnc/vpnc-script"
-		--without-builtin-json
-		--without-java
-	)
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local charset
-	for charset in UTF-8 ISO-8859-2; do
-		if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
-			# If we don't have valid cs_CZ locale data, auth-nonascii will fail.
-			# Force a test skip by exiting with status 77.
-			sed -i -e '2i exit 77' tests/auth-nonascii || die
-			break
-		fi
-	done
-	addwrite /proc
-	default
-}
-
-src_install() {
-	default
-	find "${ED}" -name '*.la' -delete || die
-
-	dodoc "${FILESDIR}"/README.OpenRC
-
-	newconfd "${FILESDIR}"/openconnect.confd openconnect
-	newinitd "${FILESDIR}"/openconnect.initd openconnect
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/openconnect.logrotate openconnect
-
-	keepdir /var/log/openconnect
-}

diff --git a/net-vpn/openconnect/openconnect-9.11.ebuild b/net-vpn/openconnect/openconnect-9.11.ebuild
deleted file mode 100644
index c0d892b7dd16..000000000000
--- a/net-vpn/openconnect/openconnect-9.11.ebuild
+++ /dev/null
@@ -1,164 +0,0 @@
-# Copyright 2011-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-PYTHON_REQ_USE="xml(+)"
-
-inherit autotools linux-info python-any-r1
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
-	inherit git-r3
-else
-	inherit verify-sig
-	SRC_URI="https://www.infradead.org/openconnect/download/${P}.tar.gz
-		verify-sig? ( https://www.infradead.org/openconnect/download/${P}.tar.gz.asc )"
-	KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
-fi
-
-DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
-HOMEPAGE="https://www.infradead.org/openconnect/"
-
-LICENSE="LGPL-2.1 GPL-2"
-SLOT="0/5"
-IUSE="doc +gnutls gssapi libproxy lz4 nls pskc selinux smartcard stoken test"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	dev-libs/json-parser:0=
-	dev-libs/libxml2
-	sys-libs/zlib
-	app-crypt/p11-kit
-	!gnutls? (
-		>=dev-libs/openssl-1.0.1h:0=
-		dev-libs/libp11
-	)
-	gnutls? (
-		app-crypt/trousers
-		app-misc/ca-certificates
-		dev-libs/nettle
-		>=net-libs/gnutls-3.6.13:0=
-		dev-libs/libtasn1:0=
-		app-crypt/tpm2-tss:=
-	)
-	gssapi? ( virtual/krb5 )
-	libproxy? ( net-libs/libproxy )
-	lz4? ( app-arch/lz4:= )
-	nls? ( virtual/libintl )
-	pskc? ( sys-auth/oath-toolkit[pskc(+)] )
-	smartcard? ( sys-apps/pcsc-lite:0= )
-	stoken? ( app-crypt/stoken )
-"
-DEPEND="${COMMON_DEPEND}
-	test? (
-		net-libs/socket_wrapper
-		sys-libs/uid_wrapper
-		!gnutls? ( dev-libs/openssl:0[weak-ssl-ciphers(-)] )
-	)
-"
-RDEPEND="${COMMON_DEPEND}
-	sys-apps/iproute2
-	>=net-vpn/vpnc-scripts-20210402-r1
-	selinux? ( sec-policy/selinux-vpn )
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( ${PYTHON_DEPS} sys-apps/groff )
-	nls? ( sys-devel/gettext )
-	test? ( net-vpn/ocserv )
-"
-
-if [[ ${PV} != 9999 ]]; then
-	BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-dwmw2 )"
-	VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}/usr/share/openpgp-keys/dwmw2@kernel.org.key"
-fi
-
-CONFIG_CHECK="~TUN"
-
-pkg_pretend() {
-	check_extra_config
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999 ]]; then
-		git-r3_src_unpack
-	else
-		if use verify-sig; then
-			verify-sig_verify_detached "${DISTDIR}/${P}".tar.gz{,.asc}
-		fi
-		unpack "${P}.tar.gz"
-	fi
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/openconnect-9.11-json-cflags.patch"
-	)
-	default
-	eautoreconf
-}
-
-src_configure() {
-	if use doc; then
-		python_setup
-	else
-		export ac_cv_path_PYTHON=
-	fi
-
-	# Used by tests if userpriv is disabled
-	addwrite /run/netns
-
-	local myconf=(
-		--disable-dsa-tests
-		$(use_enable nls)
-		--disable-static
-		$(use_with !gnutls openssl)
-		$(use_with gnutls)
-		$(use_with libproxy)
-		$(use_with lz4)
-		$(use_with gssapi)
-		$(use_with pskc libpskc)
-		$(use_with smartcard libpcsclite)
-		$(use_with stoken)
-		--with-vpnc-script="${EPREFIX}/etc/vpnc/vpnc-script"
-		--without-builtin-json
-		--without-java
-	)
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local charset
-	for charset in UTF-8 ISO-8859-2; do
-		if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
-			# If we don't have valid cs_CZ locale data, auth-nonascii will fail.
-			# Force a test skip by exiting with status 77.
-			sed -i -e '2i exit 77' tests/auth-nonascii || die
-			break
-		fi
-	done
-	addwrite /proc
-	default
-}
-
-src_install() {
-	default
-	find "${ED}" -name '*.la' -delete || die
-
-	dodoc "${FILESDIR}"/README.OpenRC
-
-	newconfd "${FILESDIR}"/openconnect.confd openconnect
-	newinitd "${FILESDIR}"/openconnect.initd openconnect
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/openconnect.logrotate openconnect
-
-	keepdir /var/log/openconnect
-}


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
@ 2023-06-06  0:26 Mike Gilbert
  0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2023-06-06  0:26 UTC (permalink / raw
  To: gentoo-commits

commit:     efccc84553d9fe442448fda4d57fda7a0150a5e2
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Tue Jun  6 00:25:25 2023 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Jun  6 00:25:25 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=efccc845

net-vpn/openconnect: drop 9.01-r2, 9.01-r3

Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 net-vpn/openconnect/Manifest                       |   1 -
 .../files/openconnect-9.01-inttypes.patch          |  32 -----
 net-vpn/openconnect/openconnect-9.01-r2.ebuild     | 153 --------------------
 net-vpn/openconnect/openconnect-9.01-r3.ebuild     | 154 ---------------------
 4 files changed, 340 deletions(-)

diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest
index ca17f671e069..24ba24e5dd3f 100644
--- a/net-vpn/openconnect/Manifest
+++ b/net-vpn/openconnect/Manifest
@@ -1,3 +1,2 @@
-DIST openconnect-9.01.tar.gz 2718526 BLAKE2B e346b30ed8a299bcdd1fc88868d59b4d501c48bc5c02092e92e7ded0cd36e4de6a5b65aae4f6bf8c9aa60cf70f5466b110b64889df8d286016c9a1b4d9f46ff7 SHA512 b7428847a90f8ca9d1f1f61653c1f2486f0a07989f3b7435b746c5e901998194f4ee2b4f9569a548a23bba368bb1e9f273674c0759aac9df30208d2a6a303c34
 DIST openconnect-9.12.tar.gz 2843115 BLAKE2B cd5f65ae0d67bece3e5aacdfb4c5c73c893d45d756554a1b6e39e66af5c6a171735d535ca7b16ed94244d02798d3c43a45b252ba05ddb0f3505f1fafc2ec0de9 SHA512 5c622e8bdfac3d21b5881660444e5d2b84e9463a99493d42cbfb480c3aa3972076bdeeb618aca02abed68e31dbeadcb66fb1c370e62a20f20cd544753c7ac48e
 DIST openconnect-9.12.tar.gz.asc 833 BLAKE2B c974439cef74eea9698a0b565c0d49c6026a0afe322739d5adfee2d484279d7366c6c3c703019ff2492eb3d5725de8e0fe4505d9e3a0e5b6d36201974d20a223 SHA512 ade33209a4c17bbdfd0bea7490588b248c36c4da56a9aec60818ed6c96bc8c3570b1f2ac2685003122a1e52dd9d24e4b678d77e001c752461649114167a7304c

diff --git a/net-vpn/openconnect/files/openconnect-9.01-inttypes.patch b/net-vpn/openconnect/files/openconnect-9.01-inttypes.patch
deleted file mode 100644
index c9b28913ce9f..000000000000
--- a/net-vpn/openconnect/files/openconnect-9.01-inttypes.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From c0775e6cd46fb5df6c6aab52314e3038c44d2152 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Fri, 19 Aug 2022 11:55:42 -0400
-Subject: [PATCH] jsondump.c: include <inttypes.h> for PRId64
-
-Fixes a build failure with gnutls and a json-parser snapshot taken on
-2021-12-08.
-
-Building with openssl or with the bundled copy of json-parser causes
-inttypes.h to be included indirectly.
-
-Bug: https://bugs.gentoo.org/865797
-Signed-off-by: Mike Gilbert <floppym@gentoo.org>
----
- jsondump.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/jsondump.c b/jsondump.c
-index a18780b5..2b097e8a 100644
---- a/jsondump.c
-+++ b/jsondump.c
-@@ -24,6 +24,7 @@
- #include <string.h>
- #include <ctype.h>
- #include <errno.h>
-+#include <inttypes.h>
- 
- /*
-  * Copyright (C) 2015 Mirko Pasqualetti  All rights reserved.
--- 
-GitLab
-

diff --git a/net-vpn/openconnect/openconnect-9.01-r2.ebuild b/net-vpn/openconnect/openconnect-9.01-r2.ebuild
deleted file mode 100644
index 1d3056470a80..000000000000
--- a/net-vpn/openconnect/openconnect-9.01-r2.ebuild
+++ /dev/null
@@ -1,153 +0,0 @@
-# Copyright 2011-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-PYTHON_REQ_USE="xml(+)"
-
-inherit linux-info python-any-r1
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
-	inherit git-r3 autotools
-else
-	SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
-	KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86"
-fi
-
-DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
-HOMEPAGE="https://www.infradead.org/openconnect/"
-
-LICENSE="LGPL-2.1 GPL-2"
-SLOT="0/5"
-IUSE="doc +gnutls gssapi libproxy lz4 nls pskc selinux smartcard stoken test"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	dev-libs/libxml2
-	sys-libs/zlib
-	app-crypt/p11-kit
-	!gnutls? (
-		>=dev-libs/openssl-1.0.1h:0=
-		dev-libs/libp11
-	)
-	gnutls? (
-		app-crypt/trousers
-		app-misc/ca-certificates
-		dev-libs/nettle
-		>=net-libs/gnutls-3.6.13:0=
-		dev-libs/libtasn1:0=
-		app-crypt/tpm2-tss:=
-	)
-	gssapi? ( virtual/krb5 )
-	libproxy? ( net-libs/libproxy )
-	lz4? ( app-arch/lz4:= )
-	nls? ( virtual/libintl )
-	pskc? ( sys-auth/oath-toolkit[pskc(+)] )
-	smartcard? ( sys-apps/pcsc-lite:0= )
-	stoken? ( app-crypt/stoken )
-"
-DEPEND="${COMMON_DEPEND}
-	test? (
-		net-libs/socket_wrapper
-		sys-libs/uid_wrapper
-		!gnutls? ( dev-libs/openssl:0[weak-ssl-ciphers(-)] )
-	)
-"
-RDEPEND="${COMMON_DEPEND}
-	sys-apps/iproute2
-	>=net-vpn/vpnc-scripts-20210402-r1
-	selinux? ( sec-policy/selinux-vpn )
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( ${PYTHON_DEPS} sys-apps/groff )
-	nls? ( sys-devel/gettext )
-	test? ( net-vpn/ocserv )
-"
-
-CONFIG_CHECK="~TUN"
-
-pkg_pretend() {
-	check_extra_config
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999 ]]; then
-		git-r3_src_unpack
-	fi
-	default
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/openconnect-9.01-inttypes.patch"
-	)
-	default
-	if [[ ${PV} == 9999 ]]; then
-		eautoreconf
-	fi
-}
-
-src_configure() {
-	if use doc; then
-		python_setup
-	else
-		export ac_cv_path_PYTHON=
-	fi
-
-	# Used by tests if userpriv is disabled
-	addwrite /run/netns
-
-	local myconf=(
-		--disable-dsa-tests
-		$(use_enable nls)
-		--disable-static
-		$(use_with !gnutls openssl)
-		$(use_with gnutls)
-		$(use_with libproxy)
-		$(use_with lz4)
-		$(use_with gssapi)
-		$(use_with pskc libpskc)
-		$(use_with smartcard libpcsclite)
-		$(use_with stoken)
-		--with-vpnc-script="${EPREFIX}/etc/vpnc/vpnc-script"
-		--with-builtin-json
-		--without-java
-	)
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local charset
-	for charset in UTF-8 ISO-8859-2; do
-		if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
-			# If we don't have valid cs_CZ locale data, auth-nonascii will fail.
-			# Force a test skip by exiting with status 77.
-			sed -i -e '2i exit 77' tests/auth-nonascii || die
-			break
-		fi
-	done
-	default
-}
-
-src_install() {
-	default
-	find "${ED}" -name '*.la' -delete || die
-
-	dodoc "${FILESDIR}"/README.OpenRC
-
-	newconfd "${FILESDIR}"/openconnect.confd openconnect
-	newinitd "${FILESDIR}"/openconnect.initd openconnect
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/openconnect.logrotate openconnect
-
-	keepdir /var/log/openconnect
-}

diff --git a/net-vpn/openconnect/openconnect-9.01-r3.ebuild b/net-vpn/openconnect/openconnect-9.01-r3.ebuild
deleted file mode 100644
index 397203414c25..000000000000
--- a/net-vpn/openconnect/openconnect-9.01-r3.ebuild
+++ /dev/null
@@ -1,154 +0,0 @@
-# Copyright 2011-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{9..11} )
-PYTHON_REQ_USE="xml(+)"
-
-inherit linux-info python-any-r1
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
-	inherit git-r3 autotools
-else
-	SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
-	KEYWORDS="~amd64 ~arm ~arm64 ~loong ~ppc64 ~riscv ~x86"
-fi
-
-DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
-HOMEPAGE="https://www.infradead.org/openconnect/"
-
-LICENSE="LGPL-2.1 GPL-2"
-SLOT="0/5"
-IUSE="doc +gnutls gssapi libproxy lz4 nls pskc selinux smartcard stoken test"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	dev-libs/json-parser:0=
-	dev-libs/libxml2
-	sys-libs/zlib
-	app-crypt/p11-kit
-	!gnutls? (
-		>=dev-libs/openssl-1.0.1h:0=
-		dev-libs/libp11
-	)
-	gnutls? (
-		app-crypt/trousers
-		app-misc/ca-certificates
-		dev-libs/nettle
-		>=net-libs/gnutls-3.6.13:0=
-		dev-libs/libtasn1:0=
-		app-crypt/tpm2-tss:=
-	)
-	gssapi? ( virtual/krb5 )
-	libproxy? ( net-libs/libproxy )
-	lz4? ( app-arch/lz4:= )
-	nls? ( virtual/libintl )
-	pskc? ( sys-auth/oath-toolkit[pskc(+)] )
-	smartcard? ( sys-apps/pcsc-lite:0= )
-	stoken? ( app-crypt/stoken )
-"
-DEPEND="${COMMON_DEPEND}
-	test? (
-		net-libs/socket_wrapper
-		sys-libs/uid_wrapper
-		!gnutls? ( dev-libs/openssl:0[weak-ssl-ciphers(-)] )
-	)
-"
-RDEPEND="${COMMON_DEPEND}
-	sys-apps/iproute2
-	>=net-vpn/vpnc-scripts-20210402-r1
-	selinux? ( sec-policy/selinux-vpn )
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( ${PYTHON_DEPS} sys-apps/groff )
-	nls? ( sys-devel/gettext )
-	test? ( net-vpn/ocserv )
-"
-
-CONFIG_CHECK="~TUN"
-
-pkg_pretend() {
-	check_extra_config
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999 ]]; then
-		git-r3_src_unpack
-	fi
-	default
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/openconnect-9.01-inttypes.patch"
-	)
-	default
-	if [[ ${PV} == 9999 ]]; then
-		eautoreconf
-	fi
-}
-
-src_configure() {
-	if use doc; then
-		python_setup
-	else
-		export ac_cv_path_PYTHON=
-	fi
-
-	# Used by tests if userpriv is disabled
-	addwrite /run/netns
-
-	local myconf=(
-		--disable-dsa-tests
-		$(use_enable nls)
-		--disable-static
-		$(use_with !gnutls openssl)
-		$(use_with gnutls)
-		$(use_with libproxy)
-		$(use_with lz4)
-		$(use_with gssapi)
-		$(use_with pskc libpskc)
-		$(use_with smartcard libpcsclite)
-		$(use_with stoken)
-		--with-vpnc-script="${EPREFIX}/etc/vpnc/vpnc-script"
-		--without-builtin-json
-		--without-java
-	)
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local charset
-	for charset in UTF-8 ISO-8859-2; do
-		if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
-			# If we don't have valid cs_CZ locale data, auth-nonascii will fail.
-			# Force a test skip by exiting with status 77.
-			sed -i -e '2i exit 77' tests/auth-nonascii || die
-			break
-		fi
-	done
-	default
-}
-
-src_install() {
-	default
-	find "${ED}" -name '*.la' -delete || die
-
-	dodoc "${FILESDIR}"/README.OpenRC
-
-	newconfd "${FILESDIR}"/openconnect.confd openconnect
-	newinitd "${FILESDIR}"/openconnect.initd openconnect
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/openconnect.logrotate openconnect
-
-	keepdir /var/log/openconnect
-}


^ permalink raw reply related	[flat|nested] 12+ messages in thread

* [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/
@ 2024-01-30 16:13 Mike Gilbert
  0 siblings, 0 replies; 12+ messages in thread
From: Mike Gilbert @ 2024-01-30 16:13 UTC (permalink / raw
  To: gentoo-commits

commit:     645ac58671ce1918f13479ab38000a9ffc6e5f5e
Author:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Tue Jan 30 16:13:06 2024 +0000
Commit:     Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Tue Jan 30 16:13:06 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=645ac586

net-vpn/openconnect: fix implicit declaration of malloc

Closes: https://bugs.gentoo.org/923173
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>

 .../files/openconnect-9.12-stdlib.patch            | 37 ++++++++++++++++++++++
 net-vpn/openconnect/openconnect-9.12.ebuild        |  5 ++-
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/net-vpn/openconnect/files/openconnect-9.12-stdlib.patch b/net-vpn/openconnect/files/openconnect-9.12-stdlib.patch
new file mode 100644
index 000000000000..6e8ce06a8bef
--- /dev/null
+++ b/net-vpn/openconnect/files/openconnect-9.12-stdlib.patch
@@ -0,0 +1,37 @@
+https://gitlab.com/openconnect/openconnect/-/merge_requests/533
+
+From 5f59c2efa27295d6b3675a8b750357a6e883c45d Mon Sep 17 00:00:00 2001
+From: Brahmajit Das <brahmajit.xyz@gmail.com>
+Date: Mon, 29 Jan 2024 23:28:53 +0530
+Subject: [PATCH] Fix implicit declaration of function 'malloc'
+
+First observed on Gentoo Linux with GCC 14. This is due to GCC 14
+enabling -Werror=implicit-function-declaration by default.
+Thus resulting in errors such as:
+
+openconnect-internal.h: In function 'alloc_pkt':
+openconnect-internal.h:911:27: error: implicit declaration of function 'malloc' [-Werror=implicit-function-declaration]
+  911 |         struct pkt *pkt = malloc(alloc_len);
+      |                           ^~~~~~
+
+Plese refer gentoo bug: https://bugs.gentoo.org/923173
+Signed-off-by: Brahmajit Das <brahmajit.xyz@gmail.com>
+---
+ openconnect-internal.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/openconnect-internal.h b/openconnect-internal.h
+index 21460adf..5abfe98d 100644
+--- a/openconnect-internal.h
++++ b/openconnect-internal.h
+@@ -119,6 +119,7 @@
+ #include <sys/types.h>
+ 
+ #include <stdint.h>
++#include <stdlib.h>
+ #include <string.h>
+ #include <errno.h>
+ 
+-- 
+2.43.0
+

diff --git a/net-vpn/openconnect/openconnect-9.12.ebuild b/net-vpn/openconnect/openconnect-9.12.ebuild
index f98706b42254..3918970bc11e 100644
--- a/net-vpn/openconnect/openconnect-9.12.ebuild
+++ b/net-vpn/openconnect/openconnect-9.12.ebuild
@@ -1,4 +1,4 @@
-# Copyright 2011-2023 Gentoo Authors
+# Copyright 2011-2024 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -86,6 +86,9 @@ pkg_setup() {
 }
 
 src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}/openconnect-9.12-stdlib.patch"
+	)
 	default
 	if [[ ${PV} == 9999 ]]; then
 		eautoreconf


^ permalink raw reply related	[flat|nested] 12+ messages in thread

end of thread, other threads:[~2024-01-30 16:14 UTC | newest]

Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-10-20 17:47 [gentoo-commits] repo/gentoo:master commit in: net-vpn/openconnect/files/, net-vpn/openconnect/ Mike Gilbert
  -- strict thread matches above, loose matches on Subject: below --
2024-01-30 16:13 Mike Gilbert
2023-06-06  0:26 Mike Gilbert
2023-05-21 20:47 Mike Gilbert
2022-08-19 19:12 Mike Gilbert
2022-07-31 17:04 Mike Gilbert
2022-04-11  1:08 Mike Gilbert
2021-10-02  6:35 Mike Gilbert
2021-10-02  6:02 Mike Gilbert
2020-11-23  0:03 William Hubbs
2020-05-12 16:02 Mike Gilbert
2020-04-03  4:14 Mike Gilbert

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox