Date: Sunday, July 12, 2015 @ 18:58:16 Author: heftig Revision: 242149
FS#44875 reneg-sec Added: networkmanager-openvpn/trunk/reneg-sec.patch Modified: networkmanager-openvpn/trunk/PKGBUILD -----------------+ PKGBUILD | 13 ++++++++++--- reneg-sec.patch | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 3 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2015-07-12 16:56:05 UTC (rev 242148) +++ PKGBUILD 2015-07-12 16:58:16 UTC (rev 242149) @@ -3,7 +3,7 @@ pkgname=networkmanager-openvpn pkgver=1.0.2 -pkgrel=1 +pkgrel=2 pkgdesc="NetworkManager VPN plugin for OpenVPN" arch=('i686' 'x86_64') license=('GPL') @@ -12,9 +12,16 @@ makedepends=('intltool') optdepends=('network-manager-applet: GNOME frontends to NetWorkmanager') install=networkmanager-openvpn.install -source=(http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openvpn/${pkgver::3}/NetworkManager-openvpn-${pkgver}.tar.xz) -sha256sums=('1643824bc7fdab42e1dab836bf81c328692295c86f146bde602eca093b394bb0') +source=(http://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openvpn/${pkgver::3}/NetworkManager-openvpn-${pkgver}.tar.xz + reneg-sec.patch) +sha256sums=('1643824bc7fdab42e1dab836bf81c328692295c86f146bde602eca093b394bb0' + '872a570d733de9553171ea61dd641c47af8dbab8fd0e791b6bc41149f959127e') +prepare() { + cd NetworkManager-openvpn-${pkgver} + patch -Np1 -i ../reneg-sec.patch +} + build() { cd NetworkManager-openvpn-${pkgver} ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \ Added: reneg-sec.patch =================================================================== --- reneg-sec.patch (rev 0) +++ reneg-sec.patch 2015-07-12 16:58:16 UTC (rev 242149) @@ -0,0 +1,46 @@ +From 0fd197dc4221708dd37ee256952e8d080356676e Mon Sep 17 00:00:00 2001 +From: Thomas Haller <thal...@redhat.com> +Date: Wed, 27 May 2015 10:47:49 +0200 +Subject: service: only set reneg-sec option in TLS mode + +Fixes: bfc4464c9b6d7a00be013eee9a4132a1f9c6fbb9 + +https://bugzilla.gnome.org/show_bug.cgi?id=749050 +https://bugzilla.redhat.com/show_bug.cgi?id=1225218 + +(cherry picked from commit 7f9031dbaee3059ea072fb2497563aee6acf8da0) + +diff --git a/src/nm-openvpn-service.c b/src/nm-openvpn-service.c +index 7cb9438..0a4d5bf 100644 +--- a/src/nm-openvpn-service.c ++++ b/src/nm-openvpn-service.c +@@ -733,6 +733,14 @@ validate_connection_type (const char *ctype) + return NULL; + } + ++static gboolean ++connection_type_is_tls_mode (const char *connection_type) ++{ ++ return strcmp (connection_type, NM_OPENVPN_CONTYPE_TLS) == 0 ++ || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD) == 0 ++ || strcmp (connection_type, NM_OPENVPN_CONTYPE_PASSWORD_TLS) == 0; ++} ++ + static const char * + nm_find_openvpn (void) + { +@@ -1108,7 +1116,10 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin, + + /* Reneg seconds */ + tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_RENEG_SECONDS); +- if (tmp && strlen (tmp)) { ++ if (!connection_type_is_tls_mode (connection_type)) { ++ /* Ignore --reneg-sec option if we are not in TLS mode (as enabled ++ * by --client below). openvpn will error out otherwise, see bgo#749050. */ ++ } else if (tmp && strlen (tmp)) { + add_openvpn_arg (args, "--reneg-sec"); + if (!add_openvpn_arg_int (args, tmp)) { + g_set_error (error, +-- +cgit v0.10.2 +