summaryrefslogtreecommitdiff
path: root/net-vpn/openconnect
diff options
context:
space:
mode:
Diffstat (limited to 'net-vpn/openconnect')
-rw-r--r--net-vpn/openconnect/Manifest4
-rw-r--r--net-vpn/openconnect/files/8.20-insecure-crypto.patch46
-rw-r--r--net-vpn/openconnect/files/8.20-rsa-securid.patch51
-rw-r--r--net-vpn/openconnect/openconnect-8.20-r1.ebuild153
4 files changed, 0 insertions, 254 deletions
diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest
index 6b21a089b279..d42bf9e6e667 100644
--- a/net-vpn/openconnect/Manifest
+++ b/net-vpn/openconnect/Manifest
@@ -1,12 +1,8 @@
-AUX 8.20-insecure-crypto.patch 1437 BLAKE2B 9f69172f9e2b6518b5952c25b636e8fbba89b0810acf502db178b72e23477f44b298d0f64d81dc55527438eec539960d4b5bbb55ff5283dcee449362e5a2ff09 SHA512 112614751241f48395c57a5e07d46907e645de7cde2ceabbd6643ff6c6d52482348acf4c5240ad0e0dae56683fa300a7128f868143f407495a834f198eb48278
-AUX 8.20-rsa-securid.patch 1693 BLAKE2B 4660d2c604f58fd2097b781b1ea69eb9b99ca0b3732e9c0ed720a5a7e5b1f1fb59093b3510496b93b16ca62a87469a9db3b957c94996fe9f80afb5eba12b85c9 SHA512 3c4c15b5496983e82347cc540391aeaee08b62653d7c5009e5a4ccd41c13fff350828f17448bdcdfc49308beeb938fd29bc36005ed1bfef005a8558a55ea16f6
AUX README.OpenRC 416 BLAKE2B a7dcfde210b217d521fcb7c54eb41d07b0e32321aa9c6cc47c78ad7952ee5b6ceede5850de4c4e30891e29e2c4b631b99f65c2c696a9d4fa01ddd190346363bf SHA512 fed0a786466736cd891de7783994e86bb2a20bdb8aa2f9a18f55bc892be0e50d514855b120def151b6fac7e3d2b819510d7dbf496deca65579fea9b42206c49a
AUX openconnect.confd 230 BLAKE2B 6013d6e415ad37f5c4b0d31df011c207978c2f266d94bc081b64c2950ef2a14fd80606abe0f950f443323b43811198838252f2a80e1f3812aed9397ca9809053 SHA512 d773926cf787c5f819f4bdd750ccc6de84a287ce7e0f7322b748a2fb1d88dc4822f8ea0f41c14c60054a54b69caeffe0fc9db76021667b44f0db013ed28cee1b
AUX openconnect.initd 664 BLAKE2B 5fcf983c474ccb10c2b785f1af161e6f85efcb19fe13abc9710a797633496a48ced470cac73cb9c51e3ad66f5efc9e5c559961cfb4213b12684133410614203c SHA512 5c75143e61fd215e13888b647357cf5626902b74cc4af2a8c147c95412ef9393572a8eb34cd5d86babedf2674ca5c3aa35991101a730a033b5af5c8ee9cc4ad9
AUX openconnect.logrotate 116 BLAKE2B 308d088f7c06239ec68831e415df420362c1825ae279fa6f736f36df0bf2e7efc8ea6a4ab43d9b53680dd0ab5028c92bf70a0597b56a20da06b302457e7d5f07 SHA512 ea1b6caf6278fea515c299072ee799ab3676014784703d7fa8e4f4d7bfc4599650c386d9706a3e6d92c195c9e5e1628fa6efc1124e1ae72875cc9eaab73cb077
-DIST openconnect-8.20.tar.gz 2651542 BLAKE2B 327b437993ee0d705c0194202f6fd7c2b330e69bfbb916ef004b0662c8b9aebc1252aa3c83bd41b4d1cf85b933878d37b1a7608f076d82b50e325a3efaea2dec SHA512 76f5e49948391397ea1f7d2fca5798731f4278fee74c3da9b0f0daba6c386ce79ec5d87d40b6d3d99bb2528a038b5a2076df4159bb29c52cba62efb2ca52c8ab
DIST openconnect-9.01.tar.gz 2718526 BLAKE2B e346b30ed8a299bcdd1fc88868d59b4d501c48bc5c02092e92e7ded0cd36e4de6a5b65aae4f6bf8c9aa60cf70f5466b110b64889df8d286016c9a1b4d9f46ff7 SHA512 b7428847a90f8ca9d1f1f61653c1f2486f0a07989f3b7435b746c5e901998194f4ee2b4f9569a548a23bba368bb1e9f273674c0759aac9df30208d2a6a303c34
-EBUILD openconnect-8.20-r1.ebuild 3138 BLAKE2B c049cf672ec1ca349e5d3c14ac4f18526c0185ef828168e027138f017b212ba27dd524bbef0bed93f882dbcdbca77b177e4c362a261381e0a94774a4c44a852e SHA512 1d81c6c7a0edc175402177170e71627446264cefef066260dcb90251e7cc5dcee237aa9d7ef58b11c4bc0e672d0cf81bd8a7672ebf994bcbb965e79adcd3c482
EBUILD openconnect-9.01.ebuild 3036 BLAKE2B 3635f24b24608fa8c531d9281ee73e40afd2e6e17f1b894c1203feced8303930ddb5cf3e27e4af06e24f3ade45f461dede0f244911d1e758754a1ae05446bfa4 SHA512 36a892281398f0bd1e3bde564e7ed24c0456785a055ddeca74ec1905777757eb316d9e75c84993aba81daf42f2880945cd7ea37112a585670a7359ac2b67998a
EBUILD openconnect-9999.ebuild 3041 BLAKE2B d82548582e999cec6737785172ee766d77ea39860996ee4caba46a00436cb0825ac4cec1c77febcf608f64390fce959ef3b16ea4e3ebf353d371cefdefc1913e SHA512 4a1b2b2ca8bdeafad99d6878eeb256f2c4e8b36d92ec4231289b9c7aab412d44e42cc9541070a2eef7b8673b0b2f4121e718268673bab21edce640d61d01e24d
MISC metadata.xml 594 BLAKE2B 63b24f0d189e935368858b3f7f4160d9121847dc598ee6fb0cd8ed313d51e03de983584a48a799553349f779c6a18d1f080a906449fe0f4d05cec0f43c4a2c70 SHA512 6a474d13019ee9a325c3b262220a41b1faeaa3315500a2e73670bfea2cb2778036d107fcf783f89d286ec4125460b0cf7a19b85155f9b6b9f9d9459cbf87e070
diff --git a/net-vpn/openconnect/files/8.20-insecure-crypto.patch b/net-vpn/openconnect/files/8.20-insecure-crypto.patch
deleted file mode 100644
index 7644e1a264ba..000000000000
--- a/net-vpn/openconnect/files/8.20-insecure-crypto.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From e2b38313bbd5050acaac49a75f0a024d05b505e5 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Sun, 10 Apr 2022 12:21:57 -0400
-Subject: [PATCH] openssl: allow ALL ciphers when allow-insecure-crypto is
- enabled
-
-Previously, the cipher list was set to "DEFAULT:+3DES:+RC4". However,
-according to ciphers(1), the DEFAULT keyword cannot be combined with
-other strings using the + characters. In other words, ":+3DES:+RC4" gets
-ignored.
-
-The user is opting into insecure behavior, so let's keep it simple and
-just allow everything.
-
-This change fixes the obsolete-server-crypto test when openconnect is
-built against openssl-1.1.x.
-
-Signed-off-by: Mike Gilbert <floppym@gentoo.org>
----
- openssl.c | 9 +++------
- 1 file changed, 3 insertions(+), 6 deletions(-)
-
-diff --git a/openssl.c b/openssl.c
-index 3205dbd7..2bf594e7 100644
---- a/openssl.c
-+++ b/openssl.c
-@@ -1868,13 +1868,10 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
- struct oc_text_buf *buf = buf_alloc();
- if (vpninfo->pfs)
- buf_append(buf, "HIGH:!aNULL:!eNULL:-RSA");
-+ else if (vpninfo->allow_insecure_crypto)
-+ buf_append(buf, "ALL");
- else
-- buf_append(buf, "DEFAULT");
--
-- if (vpninfo->allow_insecure_crypto)
-- buf_append(buf, ":+3DES:+RC4");
-- else
-- buf_append(buf, ":-3DES:-RC4");
-+ buf_append(buf, "DEFAULT:-3DES:-RC4");
-
- if (buf_error(buf)) {
- vpn_progress(vpninfo, PRG_ERR,
---
-2.35.1
-
diff --git a/net-vpn/openconnect/files/8.20-rsa-securid.patch b/net-vpn/openconnect/files/8.20-rsa-securid.patch
deleted file mode 100644
index 57ab2d740707..000000000000
--- a/net-vpn/openconnect/files/8.20-rsa-securid.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 19417131895eb39aabf3641a9e4e0d7082b04f6d Mon Sep 17 00:00:00 2001
-From: Daniel Lenski <dlenski@gmail.com>
-Date: Mon, 7 Mar 2022 08:50:13 -0800
-Subject: [PATCH] Bugfix RSA SecurID token decryption and PIN entry forms
-
-As of
-https://gitlab.com/openconnect/openconnect/-/commit/386a6edb6d2d1d2cd3e9c9de8d85dc7bfda60d34,
-all auth forms are required to have a non-NULL `auth_id`.
-
-However, we forget to make stoken.c set the `auth_id` for the forms that it
-creates for RSA SecurID token decryption and PIN entry. Let's name these:
-
- - `_rsa_unlock`, for token decryption.
- - `_rsa_pin`, for PIN entry. Also, rename the numeric PIN field to `pin`
- rather than `password`; there can't be any existing users relying on
- `--form-entry` to set its value, because that wouldn't work without the
- `auth_id`.
-
-Fixes #388.
-
-Signed-off-by: Daniel Lenski <dlenski@gmail.com>
----
- stoken.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/stoken.c b/stoken.c
-index 00a67625..45d849f5 100644
---- a/stoken.c
-+++ b/stoken.c
-@@ -100,6 +100,7 @@ static int decrypt_stoken(struct openconnect_info *vpninfo)
-
- form.opts = opts;
- form.message = _("Enter credentials to unlock software token.");
-+ form.auth_id = "_rsa_unlock";
-
- if (stoken_devid_required(vpninfo->stoken_ctx)) {
- opt->type = OC_FORM_OPT_TEXT;
-@@ -206,9 +207,10 @@ static int request_stoken_pin(struct openconnect_info *vpninfo)
-
- form.opts = opts;
- form.message = _("Enter software token PIN.");
-+ form.auth_id = "_rsa_pin";
-
- opt->type = OC_FORM_OPT_PASSWORD;
-- opt->name = (char *)"password";
-+ opt->name = (char *)"pin";
- opt->label = _("PIN:");
- opt->flags = OC_FORM_OPT_NUMERIC;
-
---
-GitLab
diff --git a/net-vpn/openconnect/openconnect-8.20-r1.ebuild b/net-vpn/openconnect/openconnect-8.20-r1.ebuild
deleted file mode 100644
index c9b970792d0e..000000000000
--- a/net-vpn/openconnect/openconnect-8.20-r1.ebuild
+++ /dev/null
@@ -1,153 +0,0 @@
-# Copyright 2011-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{8..10} )
-PYTHON_REQ_USE="xml"
-
-inherit linux-info python-any-r1
-
-if [[ ${PV} == 9999 ]]; then
- EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
- inherit git-r3 autotools
-else
- SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
- KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86"
-fi
-
-DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
-HOMEPAGE="https://www.infradead.org/openconnect/"
-
-LICENSE="LGPL-2.1 GPL-2"
-SLOT="0/5"
-IUSE="doc +gnutls gssapi libproxy lz4 nls pskc selinux smartcard stoken test"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
- dev-libs/libxml2
- sys-libs/zlib
- app-crypt/p11-kit
- !gnutls? (
- >=dev-libs/openssl-1.0.1h:0=
- dev-libs/libp11
- )
- gnutls? (
- app-crypt/trousers
- app-misc/ca-certificates
- dev-libs/nettle
- >=net-libs/gnutls-3.6.13:0=
- dev-libs/libtasn1:0=
- app-crypt/tpm2-tss:=
- )
- gssapi? ( virtual/krb5 )
- libproxy? ( net-libs/libproxy )
- lz4? ( app-arch/lz4:= )
- nls? ( virtual/libintl )
- pskc? ( sys-auth/oath-toolkit[pskc] )
- smartcard? ( sys-apps/pcsc-lite:0= )
- stoken? ( app-crypt/stoken )
-"
-DEPEND="${COMMON_DEPEND}
- test? (
- net-libs/socket_wrapper
- sys-libs/uid_wrapper
- !gnutls? ( dev-libs/openssl:0[weak-ssl-ciphers(-)] )
- )
-"
-RDEPEND="${COMMON_DEPEND}
- sys-apps/iproute2
- >=net-vpn/vpnc-scripts-20210402-r1
- selinux? ( sec-policy/selinux-vpn )
-"
-BDEPEND="
- virtual/pkgconfig
- doc? ( ${PYTHON_DEPS} sys-apps/groff )
- nls? ( sys-devel/gettext )
- test? ( net-vpn/ocserv )
-"
-
-CONFIG_CHECK="~TUN"
-
-pkg_pretend() {
- check_extra_config
-}
-
-pkg_setup() {
- :
-}
-
-src_unpack() {
- if [[ ${PV} == 9999 ]]; then
- git-r3_src_unpack
- fi
- default
-}
-
-src_prepare() {
- local PATCHES=(
- "${FILESDIR}/8.20-rsa-securid.patch"
- "${FILESDIR}/8.20-insecure-crypto.patch"
- )
- default
- if [[ ${PV} == 9999 ]]; then
- eautoreconf
- fi
-}
-
-src_configure() {
- if use doc; then
- python_setup
- else
- export ac_cv_path_PYTHON=
- fi
-
- # Used by tests if userpriv is disabled
- addwrite /run/netns
-
- local myconf=(
- --disable-dsa-tests
- $(use_enable nls)
- --disable-static
- $(use_with !gnutls openssl)
- $(use_with gnutls)
- $(use_with libproxy)
- $(use_with lz4)
- $(use_with gssapi)
- $(use_with pskc libpskc)
- $(use_with smartcard libpcsclite)
- $(use_with stoken)
- --with-vpnc-script="${EPREFIX}/etc/vpnc/vpnc-script"
- --without-java
- )
-
- econf "${myconf[@]}"
-}
-
-src_test() {
- local charset
- for charset in UTF-8 ISO-8859-2; do
- if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
- # If we don't have valid cs_CZ locale data, auth-nonascii will fail.
- # Force a test skip by exiting with status 77.
- sed -i -e '2i exit 77' tests/auth-nonascii || die
- break
- fi
- done
- default
-}
-
-src_install() {
- default
- find "${ED}" -name '*.la' -delete || die
-
- dodoc "${FILESDIR}"/README.OpenRC
-
- newconfd "${FILESDIR}"/openconnect.confd openconnect
- newinitd "${FILESDIR}"/openconnect.initd openconnect
-
- insinto /etc/logrotate.d
- newins "${FILESDIR}"/openconnect.logrotate openconnect
-
- keepdir /var/log/openconnect
-}