--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: [email protected]
Usertags: pu
X-Debbugs-Cc: [email protected], Florian Echtler
<[email protected]>, Luca Boccassi <[email protected]>, [email protected]
Control: affects -1 + src:network-manager-openconnect
Hi Stable release managers,
[ Reason ]
In recent cases where institutions updated their Cisco AnyConnect
server, connecting with openconnect requires to pass an appropriate
UserAgent. Cf. for instance
https://gitlab.com/openconnect/openconnect/-/issues/544 .
network-manager-openconnect plugin for NetworkManager had no
possibilty to configure this. As result after such updates users using
the NetworkManager plugin cannot connect to the VPN servers.
[ Impact ]
Impossibility to use the NetworkManager plugin for openconnect in
situations where the Cisco AnyConnect server has been updated.
[ Tests ]
I manually tested the plugin in one affected configuration. After the
update the GUI field for configuring the UserAgent can be configured
for the specific configuration.
[ Risks ]
Patches have been taken from upstream and apply with minor context
tewak to the older version. Luca has reviewed and acked the MR in
https://salsa.debian.org/debian/network-manager-openconnect/-/merge_requests/6
[ Checklist ]
[x] *all* changes are documented in the d/changelog
(the salsa pipleline one is not, but has not a user impact)
[x] I reviewed all changes and I approve them
[x ] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
Adds support for the mentioned UserAgent field and setting.
[ Other info ]
Nothing.
Regards,
Salvatore
diff -Nru network-manager-openconnect-1.2.8/debian/changelog
network-manager-openconnect-1.2.8/debian/changelog
--- network-manager-openconnect-1.2.8/debian/changelog 2022-05-21
15:35:15.000000000 +0200
+++ network-manager-openconnect-1.2.8/debian/changelog 2023-11-14
15:15:44.000000000 +0100
@@ -1,3 +1,14 @@
+network-manager-openconnect (1.2.8-3+deb12u1) bookworm; urgency=medium
+
+ [ Salvatore Bonaccorso ]
+ * Add User Agent to Openconnect VPN for NetworkManager (Closes:
+ #1053467)
+ * Use openconnect_set_useragent() where available
+ * Add support for GTK4 in user-agent calls
+ * Add Build-Depends on libgtk-4-bin for gtk4-builder-tool
+
+ -- Luca Boccassi <[email protected]> Tue, 14 Nov 2023 14:15:44 +0000
+
network-manager-openconnect (1.2.8-3) unstable; urgency=medium
* Bump Standards-Version to 4.6.1, no changes
diff -Nru network-manager-openconnect-1.2.8/debian/control
network-manager-openconnect-1.2.8/debian/control
--- network-manager-openconnect-1.2.8/debian/control 2022-05-21
15:35:15.000000000 +0200
+++ network-manager-openconnect-1.2.8/debian/control 2023-11-14
15:15:44.000000000 +0100
@@ -8,6 +8,7 @@
libgcr-3-dev,
libglib2.0-dev,
libgtk-3-dev,
+ libgtk-4-bin,
libgtk-4-dev,
libnm-dev,
libnma-dev,
diff -Nru network-manager-openconnect-1.2.8/debian/gbp.conf
network-manager-openconnect-1.2.8/debian/gbp.conf
--- network-manager-openconnect-1.2.8/debian/gbp.conf 2022-03-14
00:08:09.000000000 +0100
+++ network-manager-openconnect-1.2.8/debian/gbp.conf 2023-11-14
15:15:44.000000000 +0100
@@ -1,5 +1,6 @@
[DEFAULT]
pristine-tar = True
+debian-branch = debian/bookworm
[import-orig]
upstream-vcs-tag = %(version)s
diff -Nru
network-manager-openconnect-1.2.8/debian/patches/0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch
network-manager-openconnect-1.2.8/debian/patches/0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch
---
network-manager-openconnect-1.2.8/debian/patches/0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch
1970-01-01 01:00:00.000000000 +0100
+++
network-manager-openconnect-1.2.8/debian/patches/0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch
2023-11-14 15:15:44.000000000 +0100
@@ -0,0 +1,302 @@
+From: Debasish Patra <[email protected]>
+Date: Sat, 29 Aug 2020 17:58:16 -0400
+Subject: Add User Agent to Openconnect VPN for NetworkManager
+Origin:
https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/commit/b5e154c06fd9013a925f85c2aa38d88e4ee53db0
+Bug-Debian: https://bugs.debian.org/1053467
+
+---
+ auth-dialog/main.c | 3 +-
+ properties/nm-openconnect-dialog.ui | 73 +++++++++++++++++------
+ properties/nm-openconnect-editor-plugin.c | 5 ++
+ properties/nm-openconnect-editor.c | 15 +++++
+ shared/nm-service-defines.h | 1 +
+ 5 files changed, 79 insertions(+), 18 deletions(-)
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index 99cab7cd921f..305b568650ba 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -1853,6 +1853,7 @@ static void build_main_dialog(auth_ui_data *ui_data)
+
+ static auth_ui_data *init_ui_data (char *vpn_name, GHashTable *options,
GHashTable *secrets, char *vpn_uuid)
+ {
++ char *vpn_useragent = g_hash_table_lookup(options, "useragent");
+ auth_ui_data *ui_data;
+
+ ui_data = g_slice_new0(auth_ui_data);
+@@ -1883,7 +1884,7 @@ static auth_ui_data *init_ui_data (char *vpn_name,
GHashTable *options, GHashTab
+ g_unix_set_fd_nonblocking(ui_data->cancel_pipes[0], TRUE, NULL);
+ g_unix_set_fd_nonblocking(ui_data->cancel_pipes[1], TRUE, NULL);
+
+- ui_data->vpninfo = (void *)openconnect_vpninfo_new("OpenConnect VPN
Agent (NetworkManager)",
++ ui_data->vpninfo = (void *)openconnect_vpninfo_new(vpn_useragent ?:
"OpenConnect VPN Agent (NetworkManager)",
+ validate_peer_cert,
write_new_config,
+
nm_process_auth_form, write_progress,
+ ui_data);
+diff --git a/properties/nm-openconnect-dialog.ui
b/properties/nm-openconnect-dialog.ui
+index 43beb44a34a9..f32afcd5899f 100644
+--- a/properties/nm-openconnect-dialog.ui
++++ b/properties/nm-openconnect-dialog.ui
+@@ -105,6 +105,45 @@
+ <property name="top_attach">2</property>
+ </packing>
+ </child>
++ <child>
++ <object class="GtkLabel" id="useragent_label">
++ <property name="visible">True</property>
++ <property name="label" translatable="yes">_User Agent:</property>
++ <property name="use_underline">True</property>
++ <property name="use_markup">False</property>
++ <property name="justify">GTK_JUSTIFY_LEFT</property>
++ <property name="wrap">False</property>
++ <property name="selectable">False</property>
++ <property name="xalign">1</property>
++ <property name="yalign">0.5</property>
++ <property name="mnemonic_widget">user_agent_entry</property>
++ <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
++ <property name="width_chars">-1</property>
++ <property name="single_line_mode">False</property>
++ </object>
++ <packing>
++ <property name="left_attach">0</property>
++ <property name="top_attach">3</property>
++ </packing>
++ </child>
++ <child>
++ <object class="GtkEntry" id="user_agent_entry">
++ <property name="visible">True</property>
++ <property name="can_focus">True</property>
++ <property name="editable">True</property>
++ <property name="visibility">True</property>
++ <property name="max_length">0</property>
++ <property name="text"/>
++ <property name="has_frame">True</property>
++ <property name="invisible_char">•</property>
++ <property name="activates_default">False</property>
++ <property name="hexpand">True</property>
++ </object>
++ <packing>
++ <property name="left_attach">1</property>
++ <property name="top_attach">3</property>
++ </packing>
++ </child>
+ <child>
+ <object class="NmaCertChooser" id="ca_chooser">
+ <property name="flags">13</property>
+@@ -114,7 +153,7 @@
+ </object>
+ <packing>
+ <property name="left-attach">0</property>
+- <property name="top-attach">3</property>
++ <property name="top-attach">4</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
+@@ -136,7 +175,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+- <property name="top_attach">4</property>
++ <property name="top_attach">5</property>
+ </packing>
+ </child>
+ <child>
+@@ -154,7 +193,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+- <property name="top_attach">4</property>
++ <property name="top_attach">5</property>
+ </packing>
+ </child>
+ <child>
+@@ -170,7 +209,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+- <property name="top_attach">5</property>
++ <property name="top_attach">6</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
+@@ -192,7 +231,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+- <property name="top_attach">6</property>
++ <property name="top_attach">7</property>
+ </packing>
+ </child>
+ <child>
+@@ -210,7 +249,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+- <property name="top_attach">6</property>
++ <property name="top_attach">7</property>
+ </packing>
+ </child>
+ <child>
+@@ -232,7 +271,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+- <property name="top_attach">7</property>
++ <property name="top_attach">8</property>
+ </packing>
+ </child>
+ <child>
+@@ -250,7 +289,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+- <property name="top_attach">7</property>
++ <property name="top_attach">8</property>
+ </packing>
+ </child>
+ <child>
+@@ -273,7 +312,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+- <property name="top_attach">8</property>
++ <property name="top_attach">9</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
+@@ -286,7 +325,7 @@
+ </object>
+ <packing>
+ <property name="left-attach">0</property>
+- <property name="top-attach">9</property>
++ <property name="top-attach">10</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
+@@ -303,7 +342,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+- <property name="top_attach">11</property>
++ <property name="top_attach">12</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
+@@ -320,7 +359,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+- <property name="top_attach">12</property>
++ <property name="top_attach">13</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
+@@ -344,7 +383,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+- <property name="top_attach">13</property>
++ <property name="top_attach">14</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
+@@ -366,7 +405,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+- <property name="top_attach">14</property>
++ <property name="top_attach">15</property>
+ </packing>
+ </child>
+ <child>
+@@ -384,7 +423,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">1</property>
+- <property name="top_attach">14</property>
++ <property name="top_attach">15</property>
+ </packing>
+ </child>
+ <child>
+@@ -406,7 +445,7 @@
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+- <property name="top_attach">15</property>
++ <property name="top_attach">16</property>
+ </packing>
+ </child>
+ <child>
+@@ -420,7 +459,7 @@
+ </object>
+ <packing>
+ <property name="left-attach">0</property>
+- <property name="top-attach">16</property>
++ <property name="top-attach">17</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
+diff --git a/properties/nm-openconnect-editor-plugin.c
b/properties/nm-openconnect-editor-plugin.c
+index 90dd5af55e1e..3f3c7c55b4b4 100644
+--- a/properties/nm-openconnect-editor-plugin.c
++++ b/properties/nm-openconnect-editor-plugin.c
+@@ -229,6 +229,11 @@ import (NMVpnEditorPlugin *iface, const char *path,
GError **error)
+ if (buf)
+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY,
buf);
+
++ /* UserAgent */
++ buf = g_key_file_get_string (keyfile, "openconnect", "UserAgent", NULL);
++ if (buf)
++ nm_setting_vpn_add_data_item (s_vpn,
NM_OPENCONNECT_KEY_USERAGENT, buf);
++
+ /* Cisco Secure Desktop */
+ bval = g_key_file_get_boolean (keyfile, "openconnect", "CSDEnable",
NULL);
+ if (bval)
+diff --git a/properties/nm-openconnect-editor.c
b/properties/nm-openconnect-editor.c
+index de0c27a1b14d..813ff4c010e3 100644
+--- a/properties/nm-openconnect-editor.c
++++ b/properties/nm-openconnect-editor.c
+@@ -344,6 +344,16 @@ init_editor_plugin (OpenconnectEditor *self, NMConnection
*connection, GError **
+ }
+ g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK
(stuff_changed_cb), self);
+
++ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder,
"user_agent_entry"));
++ g_return_val_if_fail (widget, FALSE);
++
++ if (s_vpn) {
++ value = nm_setting_vpn_get_data_item (s_vpn,
NM_OPENCONNECT_KEY_USERAGENT);
++ if (value)
++ gtk_entry_set_text (GTK_ENTRY (widget), value);
++ }
++ g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK
(stuff_changed_cb), self);
++
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder,
"fsid_button"));
+ g_return_val_if_fail (widget, FALSE);
+
+@@ -460,6 +470,11 @@ update_connection (NMVpnEditor *iface,
+ if (str && strlen (str))
+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY,
str);
+
++ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder,
"user_agent_entry"));
++ str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
++ if (str && strlen (str))
++ nm_setting_vpn_add_data_item (s_vpn,
NM_OPENCONNECT_KEY_USERAGENT, str);
++
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder,
"fsid_button"));
+ str = gtk_check_button_get_active (GTK_CHECK_BUTTON
(widget))?"yes":"no";
+ nm_setting_vpn_add_data_item (s_vpn,
NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID, str);
+diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
+index 4e7d48132824..21e1ce4f555a 100644
+--- a/shared/nm-service-defines.h
++++ b/shared/nm-service-defines.h
+@@ -46,6 +46,7 @@
+ #define NM_OPENCONNECT_KEY_PROTOCOL "protocol"
+ #define NM_OPENCONNECT_KEY_PROXY "proxy"
+ #define NM_OPENCONNECT_KEY_CSD_ENABLE "enable_csd_trojan"
++#define NM_OPENCONNECT_KEY_USERAGENT "useragent"
+ #define NM_OPENCONNECT_KEY_CSD_WRAPPER "csd_wrapper"
+ #define NM_OPENCONNECT_KEY_TOKEN_MODE "stoken_source"
+ #define NM_OPENCONNECT_KEY_TOKEN_SECRET "stoken_string"
+--
+2.42.0
+
diff -Nru
network-manager-openconnect-1.2.8/debian/patches/0003-Use-openconnect_set_useragent-where-available.patch
network-manager-openconnect-1.2.8/debian/patches/0003-Use-openconnect_set_useragent-where-available.patch
---
network-manager-openconnect-1.2.8/debian/patches/0003-Use-openconnect_set_useragent-where-available.patch
1970-01-01 01:00:00.000000000 +0100
+++
network-manager-openconnect-1.2.8/debian/patches/0003-Use-openconnect_set_useragent-where-available.patch
2023-11-14 15:15:44.000000000 +0100
@@ -0,0 +1,28 @@
+From: David Woodhouse <[email protected]>
+Date: Fri, 29 Apr 2022 17:10:24 +0100
+Subject: Use openconnect_set_useragent() where available
+Origin: Origin:
https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/commit/bad2d616d2bced3a83ad689daaadb25eed84931b
+
+---
+ auth-dialog/main.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -1885,6 +1885,16 @@ static auth_ui_data *init_ui_data (char
+
nm_process_auth_form, write_progress,
+ ui_data);
+
++#if OPENCONNECT_CHECK_VER(5,8)
++ /* The useragent provided to openconnect_vpninfo_new() gets the
++ * OpenConnect version appended to it. But some servers need the
++ * useragent to *precisely* match a known string; support for
++ * that was added in OpenConnect 9.00 (API 5.8) with the
++ * openconnect_set_useragent() function. */
++ if (vpn_useragent)
++ openconnect_set_useragent(ui_data->vpninfo, vpn_useragent);
++#endif
++
+ openconnect_set_webview_callback(ui_data->vpninfo, open_webview);
+
+ #if OPENCONNECT_CHECK_VER(1,4)
diff -Nru
network-manager-openconnect-1.2.8/debian/patches/0004-Add-support-for-GTK4-in-user-agent-calls.patch
network-manager-openconnect-1.2.8/debian/patches/0004-Add-support-for-GTK4-in-user-agent-calls.patch
---
network-manager-openconnect-1.2.8/debian/patches/0004-Add-support-for-GTK4-in-user-agent-calls.patch
1970-01-01 01:00:00.000000000 +0100
+++
network-manager-openconnect-1.2.8/debian/patches/0004-Add-support-for-GTK4-in-user-agent-calls.patch
2023-11-14 15:15:44.000000000 +0100
@@ -0,0 +1,34 @@
+From: Esteban Mandirola <[email protected]>
+Date: Fri, 13 May 2022 17:50:00 -0300
+Subject: Add support for GTK4 in user-agent calls
+Origin:
https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/commit/55688199533d9f75fe86d9b3f881f65c1ceccddb
+
+---
+ properties/nm-openconnect-editor.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/properties/nm-openconnect-editor.c
b/properties/nm-openconnect-editor.c
+index 813ff4c010e3..3089dd826df6 100644
+--- a/properties/nm-openconnect-editor.c
++++ b/properties/nm-openconnect-editor.c
+@@ -350,7 +350,7 @@ init_editor_plugin (OpenconnectEditor *self, NMConnection
*connection, GError **
+ if (s_vpn) {
+ value = nm_setting_vpn_get_data_item (s_vpn,
NM_OPENCONNECT_KEY_USERAGENT);
+ if (value)
+- gtk_entry_set_text (GTK_ENTRY (widget), value);
++ gtk_editable_set_text (GTK_EDITABLE (widget), value);
+ }
+ g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK
(stuff_changed_cb), self);
+
+@@ -471,7 +471,7 @@ update_connection (NMVpnEditor *iface,
+ nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY,
str);
+
+ widget = GTK_WIDGET (gtk_builder_get_object (priv->builder,
"user_agent_entry"));
+- str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
++ str = (char *) gtk_editable_get_text (GTK_EDITABLE (widget));
+ if (str && strlen (str))
+ nm_setting_vpn_add_data_item (s_vpn,
NM_OPENCONNECT_KEY_USERAGENT, str);
+
+--
+2.42.0
+
diff -Nru network-manager-openconnect-1.2.8/debian/patches/series
network-manager-openconnect-1.2.8/debian/patches/series
--- network-manager-openconnect-1.2.8/debian/patches/series 2022-05-21
15:33:22.000000000 +0200
+++ network-manager-openconnect-1.2.8/debian/patches/series 2023-11-14
15:15:44.000000000 +0100
@@ -1 +1,4 @@
0001-Support-GlobalProtect-SAML-SSO-MFA.patch
+0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch
+0003-Use-openconnect_set_useragent-where-available.patch
+0004-Add-support-for-GTK4-in-user-agent-calls.patch
diff -Nru network-manager-openconnect-1.2.8/debian/salsa-ci.yml
network-manager-openconnect-1.2.8/debian/salsa-ci.yml
--- network-manager-openconnect-1.2.8/debian/salsa-ci.yml 2022-03-14
00:08:09.000000000 +0100
+++ network-manager-openconnect-1.2.8/debian/salsa-ci.yml 2023-11-14
15:15:44.000000000 +0100
@@ -2,3 +2,7 @@
include:
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
-
https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
+variables:
+ RELEASE: 'bookworm'
+ SALSA_CI_LINTIAN_SUPPRESS_TAGS: "bad-distribution-in-changes-file"
--- End Message ---
