commit: 7f376dc79d0dd572e9771c03558fd631fd86af1e Author: Mike Gilbert <floppym <AT> gentoo <DOT> org> AuthorDate: Wed Oct 20 17:27:35 2021 +0000 Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org> CommitDate: Wed Oct 20 17:27:35 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f376dc7
net-vpn/openconnect: drop 8.09-r3, 8.10 Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org> net-vpn/openconnect/Manifest | 3 - .../files/8.09-gnutls-buffer-overflow.patch | 62 --------- net-vpn/openconnect/files/README.OpenRC.txt | 25 ---- net-vpn/openconnect/files/openconnect.conf.in | 26 ---- net-vpn/openconnect/files/openconnect.init.in-r4 | 88 ------------ net-vpn/openconnect/openconnect-8.09-r3.ebuild | 152 --------------------- net-vpn/openconnect/openconnect-8.10.ebuild | 149 -------------------- 7 files changed, 505 deletions(-) diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest index 59221ffa774..3938384a696 100644 --- a/net-vpn/openconnect/Manifest +++ b/net-vpn/openconnect/Manifest @@ -1,4 +1 @@ -DIST openconnect-8.09.tar.gz 2083279 BLAKE2B 4588c693a7a641faad271b034e8713f00fda04a872641e45a8ce3e1a236b8d2f4e1b8d973d20e7a9fc656f9460a0e990cbaada008d4ecf9a46353f20c25ac87a SHA512 f6890f5bce4b36b162e4590bce8a61d65fc0ae803d62a3dd408fbb13e96ce41b6443740132808491093032545aea919f9076e34bc11160c503c5e3c46457e7bd DIST openconnect-8.10.tar.gz 2084534 BLAKE2B 98ad0e24e09bc565f359139540f60eb9b6b5ed2239a9c46c56889b8554fc3de3605c10f1bb4fa0b0b206ba35404ae90a389ab8dcee54cf05a24d984529d24c2a SHA512 a36a106cf5c637602fc5bd3cd12df8f6dfe55217c1aae93c66ca33208507f3f8cda15e3a46d75615c7fcea1859d1a04017a07674ad0246876154467305477356 -DIST vpnc-scripts-20200226.tar.gz 21460 BLAKE2B 8f00ce3dc49725758abce27f3688946df1bbd4e92769ef02aa9ee66db8b9f41bef3442eaa5405ab1467476899c6d364dfea898ed924ca83497823a85515d48e5 SHA512 3a1eac4ccfaefb0f837189c8cef696b33ab8b8a68cb50a3ad29206b708d0aa479e8eed0c09bef6f60d056cd98d63cc898a1609d734030a63df3be2cfa6c00f9a -DIST vpnc-scripts-20200930.tar.gz 22305 BLAKE2B 5db809ef674cb3cb8f1c775adc1e83debbda28fdcf47e0b0527efe6d1cea09781ef02b2827d9704140b884a85e7ec51fba497f47f6793520b471a7bba0dde6b6 SHA512 5f42bc7b168b5fdfc3ebd4bae52a42a654f102982852cc74240972e16e77fe0b54d82175e2a067e1d7e408bd14c3f465f7eb82b23b41885cb25a813d9587fd3d diff --git a/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch b/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch deleted file mode 100644 index bf8990ae3d3..00000000000 --- a/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch +++ /dev/null @@ -1,62 +0,0 @@ -From eef4c1f9d24478aa1d2dd9ac7ec32efb2137f474 Mon Sep 17 00:00:00 2001 -From: Sergei Trofimovich <[email protected]> -Date: Fri, 8 May 2020 10:39:41 -0400 -Subject: [PATCH] gnutls: prevent buffer overflow in get_cert_name - -The test suite for ocserv calls openconnect with a certificate that has -a name that is 84 bytes in length. The buffer passed to get_cert_name is -currently 80 bytes. - -The gnutls_x509_crt_get_dn_by_oid function will update the buffer size -parameter if the buffer is too small. - -http://man7.org/linux/man-pages/man3/gnutls_x509_crt_get_dn_by_oid.3.html - -RETURNS - GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long - enough, and in that case the buf_size will be updated with the - required size. GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there are no - data in the current index. On success 0 is returned. - -Use a temporary variable to avoid clobbering the namelen variable that is -passed to get_cert_name. - -Bug: https://bugs.gentoo.org/721570 -Signed-off-by: Sergei Trofimovich <[email protected]> -Signed-off-by: Mike Gilbert <[email protected]> ---- - gnutls.c | 17 ++++++++++++----- - 1 file changed, 12 insertions(+), 5 deletions(-) - -diff --git a/gnutls.c b/gnutls.c -index 36bc82e0..53bf2a43 100644 ---- a/gnutls.c -+++ b/gnutls.c -@@ -546,12 +546,19 @@ static int count_x509_certificates(gnutls_datum_t *datum) - - static int get_cert_name(gnutls_x509_crt_t cert, char *name, size_t namelen) - { -+ /* When the name buffer is not big enough, gnutls_x509_crt_get_dn*() will -+ * update the length argument to the required size, and return -+ * GNUTLS_E_SHORT_MEMORY_BUFFER. We need to avoid clobbering the original -+ * length variable. */ -+ size_t nl = namelen; - if (gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME, -- 0, 0, name, &namelen) && -- gnutls_x509_crt_get_dn(cert, name, &namelen)) { -- name[namelen-1] = 0; -- snprintf(name, namelen-1, "<unknown>"); -- return -EINVAL; -+ 0, 0, name, &nl)) { -+ nl = namelen; -+ if (gnutls_x509_crt_get_dn(cert, name, &nl)) { -+ name[namelen-1] = 0; -+ snprintf(name, namelen-1, "<unknown>"); -+ return -EINVAL; -+ } - } - return 0; - } --- -2.26.2 - diff --git a/net-vpn/openconnect/files/README.OpenRC.txt b/net-vpn/openconnect/files/README.OpenRC.txt deleted file mode 100644 index 6bd43e62dfb..00000000000 --- a/net-vpn/openconnect/files/README.OpenRC.txt +++ /dev/null @@ -1,25 +0,0 @@ -The init script for openconnect supports multiple vpn tunnels. - -You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d -instead of calling it directly: - -ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0 - -You can then start the vpn tunnel like this: - -/etc/init.d/openconnect.vpn0 start - -If you would like to run preup, postup, predown, and/or postdown scripts, -You need to create a directory in /etc/openconnect with the name of the vpn: - -mkdir /etc/openconnect/vpn0 - -Then add executable shell files: - -mkdir /etc/openconnect/vpn0 -cd /etc/openconnect/vpn0 -echo '#!/bin/sh' > preup.sh -cp preup.sh predown.sh -cp preup.sh postup.sh -cp preup.sh postdown.sh -chmod 755 /etc/openconnect/vpn0/* diff --git a/net-vpn/openconnect/files/openconnect.conf.in b/net-vpn/openconnect/files/openconnect.conf.in deleted file mode 100644 index 7e44f569c0c..00000000000 --- a/net-vpn/openconnect/files/openconnect.conf.in +++ /dev/null @@ -1,26 +0,0 @@ -# Variables to configure vpn tunnels where "vpnname" is the name of your vpn tunnel: -# -# server_vpnname -# password_vpnname -# vpnopts_vpnname -# -# The tunnel will need to be started with a symbolic link to openconnect: -# -# ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpnname -# -# If you'd like to execute a script on preup, postup, predown and postdown of the vpn tunnel, you -# need to create executable scripts in a directory with the same name as -# the vpn tunnel (vpn0 can be replaced with the vpn name): -# -# mkdir /etc/openconnect/vpn0 -# cd /etc/openconnect/vpn0" -# echo '#!/bin/sh' > preup.sh" -# cp preup.sh predown.sh" -# cp preup.sh postup.sh" -# cp preup.sh postdown.sh" -# chmod 755 /etc/openconnect/vpn0/*" - -server_vpn0="vpn.server.tld" -password_vpn0="YOUR_PASSWORD" -# Any OPENCONNECT options my go here (see openconnect --help) -vpnopts_vpn0="-l --passwd-on-stdin --user=YOUR_USERNAME" diff --git a/net-vpn/openconnect/files/openconnect.init.in-r4 b/net-vpn/openconnect/files/openconnect.init.in-r4 deleted file mode 100644 index 040edc76f63..00000000000 --- a/net-vpn/openconnect/files/openconnect.init.in-r4 +++ /dev/null @@ -1,88 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -VPN="${RC_SVCNAME#*.}" -VPNDIR="/etc/openconnect/${VPN}" -VPNLOG="/var/log/openconnect/${VPN}" -VPNLOGFILE="${VPNLOG}/openconnect.log" -VPNERRFILE="${VPNLOG}/openconnect.err" - -command="/usr/sbin/openconnect" -name="OpenConnect: ${VPN}" -pidfile="/run/openconnect/${VPN}.pid" -stopsig="SIGINT" - -depend() { - before netmount -} - -checkconfig() { - if [ $VPN = "openconnect" ]; then - eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:" - eerror - eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0" - eerror - eerror "And then call it instead:" - eerror - eerror "/etc/init.d/openconnect.vpn0 start" - return 1 - fi -} - -checktuntap() { - if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then - if ! modprobe tun ; then - eerror "TUN/TAP support is not available in this kernel" - return 1 - fi - fi -} - -run_hook() { - if [ -x "$1" ]; then - "$@" - fi -} - -start_pre() { - checkconfig || return - checktuntap || return - checkpath -d "${VPNLOG}" || return - checkpath -d /run/openconnect || return - run_hook "${VPNDIR}/preup.sh" -} - -start() { - local server vpnopts password - eval server=\$server_${VPN} - eval vpnopts=\$vpnopts_${VPN} - eval password=\$password_${VPN} - - ebegin "Starting ${name}" - start-stop-daemon --start --exec "${command}" -- \ - --background \ - --interface="${VPN}" \ - --pid-file="${pidfile}" \ - ${vpnopts} \ - "${server}" \ - >> "${VPNLOGFILE}" \ - 2>> "${VPNERRFILE}" \ - <<EOF -${password} -EOF - eend $? -} - -start_post() { - run_hook "${VPNDIR}/postup.sh" -} - -stop_pre() { - checkconfig || return - run_hook "${VPNDIR}/predown.sh" -} - -stop_post() { - run_hook "${VPNDIR}/postdown.sh" -} diff --git a/net-vpn/openconnect/openconnect-8.09-r3.ebuild b/net-vpn/openconnect/openconnect-8.09-r3.ebuild deleted file mode 100644 index c5c21a23d94..00000000000 --- a/net-vpn/openconnect/openconnect-8.09-r3.ebuild +++ /dev/null @@ -1,152 +0,0 @@ -# Copyright 2011-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python{3_7,3_8,3_9} ) -PYTHON_REQ_USE="xml" - -inherit linux-info python-any-r1 - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"; - inherit git-r3 autotools -else - ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"; - KEYWORDS="amd64 arm arm64 ppc64 x86" -fi -VPNC_VER=20200226 -SRC_URI="${ARCHIVE_URI} - ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz"; - -DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" -HOMEPAGE="http://www.infradead.org/openconnect.html"; - -LICENSE="LGPL-2.1 GPL-2" -SLOT="0/5" -IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test" -RESTRICT="!test? ( test )" - -DEPEND=" - dev-libs/libxml2 - sys-libs/zlib - !gnutls? ( - >=dev-libs/openssl-1.0.1h:0= - ) - gnutls? ( - app-crypt/trousers - app-misc/ca-certificates - dev-libs/nettle - >=net-libs/gnutls-3.6.13:0= - dev-libs/libtasn1:0= - app-crypt/tpm2-tss - ) - gssapi? ( virtual/krb5 ) - libproxy? ( net-libs/libproxy ) - lz4? ( app-arch/lz4:= ) - nls? ( virtual/libintl ) - smartcard? ( sys-apps/pcsc-lite:0= ) - stoken? ( app-crypt/stoken ) -" -RDEPEND="${DEPEND} - sys-apps/iproute2 -" -BDEPEND=" - virtual/pkgconfig - doc? ( ${PYTHON_DEPS} sys-apps/groff ) - nls? ( sys-devel/gettext ) - test? ( - net-libs/socket_wrapper - net-vpn/ocserv - sys-libs/uid_wrapper - ) -" - -CONFIG_CHECK="~TUN" - -pkg_pretend() { - check_extra_config -} - -pkg_setup() { - : -} - -src_unpack() { - if [[ ${PV} == 9999 ]]; then - git-r3_src_unpack - fi - default -} - -src_prepare() { - local PATCHES=( - "${FILESDIR}"/8.09-gnutls-buffer-overflow.patch - ) - default - if [[ ${PV} == 9999 ]]; then - eautoreconf - fi -} - -src_configure() { - if use doc; then - python_setup - else - export ac_cv_path_PYTHON= - fi - - # Used by tests if userpriv is disabled - addwrite /run/netns - - local myconf=( - --disable-dsa-tests - $(use_enable nls) - --disable-static - $(use_with !gnutls openssl) - $(use_with gnutls) - $(use_with libproxy) - $(use_with lz4) - $(use_with gssapi) - $(use_with smartcard libpcsclite) - $(use_with stoken) - --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" - --without-java - ) - - econf "${myconf[@]}" -} - -src_test() { - local charset - for charset in UTF-8 ISO8859-2; do - if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then - # If we don't have valid cs_CZ locale data, auth-nonascii will fail. - # Force a test skip by exiting with status 77. - sed -i -e '2i exit 77' tests/auth-nonascii || die - break - fi - done - default -} - -src_install() { - default - - find "${ED}" -name '*.la' -delete || die - - dodoc "${FILESDIR}"/README.OpenRC.txt - - newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect - insinto /etc/openconnect - - newconfd "${FILESDIR}"/openconnect.conf.in openconnect - - exeinto /etc/openconnect - newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh - - insinto /etc/logrotate.d - newins "${FILESDIR}"/openconnect.logrotate openconnect - - keepdir /var/log/openconnect -} diff --git a/net-vpn/openconnect/openconnect-8.10.ebuild b/net-vpn/openconnect/openconnect-8.10.ebuild deleted file mode 100644 index ff4f18582c1..00000000000 --- a/net-vpn/openconnect/openconnect-8.10.ebuild +++ /dev/null @@ -1,149 +0,0 @@ -# Copyright 2011-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -PYTHON_COMPAT=( python{3_7,3_8,3_9} ) -PYTHON_REQ_USE="xml" - -inherit linux-info python-any-r1 - -if [[ ${PV} == 9999 ]]; then - EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"; - inherit git-r3 autotools -else - ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"; - KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86" -fi -VPNC_VER=20200930 -SRC_URI="${ARCHIVE_URI} - ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz"; - -DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software" -HOMEPAGE="http://www.infradead.org/openconnect.html"; - -LICENSE="LGPL-2.1 GPL-2" -SLOT="0/5" -IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test" -RESTRICT="!test? ( test )" - -DEPEND=" - dev-libs/libxml2 - sys-libs/zlib - !gnutls? ( - >=dev-libs/openssl-1.0.1h:0= - ) - gnutls? ( - app-crypt/trousers - app-misc/ca-certificates - dev-libs/nettle - >=net-libs/gnutls-3.6.13:0= - dev-libs/libtasn1:0= - app-crypt/tpm2-tss - ) - gssapi? ( virtual/krb5 ) - libproxy? ( net-libs/libproxy ) - lz4? ( app-arch/lz4:= ) - nls? ( virtual/libintl ) - smartcard? ( sys-apps/pcsc-lite:0= ) - stoken? ( app-crypt/stoken ) -" -RDEPEND="${DEPEND} - sys-apps/iproute2 -" -BDEPEND=" - virtual/pkgconfig - doc? ( ${PYTHON_DEPS} sys-apps/groff ) - nls? ( sys-devel/gettext ) - test? ( - net-libs/socket_wrapper - net-vpn/ocserv - sys-libs/uid_wrapper - ) -" - -CONFIG_CHECK="~TUN" - -pkg_pretend() { - check_extra_config -} - -pkg_setup() { - : -} - -src_unpack() { - if [[ ${PV} == 9999 ]]; then - git-r3_src_unpack - fi - default -} - -src_prepare() { - default - if [[ ${PV} == 9999 ]]; then - eautoreconf - fi -} - -src_configure() { - if use doc; then - python_setup - else - export ac_cv_path_PYTHON= - fi - - # Used by tests if userpriv is disabled - addwrite /run/netns - - local myconf=( - --disable-dsa-tests - $(use_enable nls) - --disable-static - $(use_with !gnutls openssl) - $(use_with gnutls) - $(use_with libproxy) - $(use_with lz4) - $(use_with gssapi) - $(use_with smartcard libpcsclite) - $(use_with stoken) - --with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh" - --without-java - ) - - econf "${myconf[@]}" -} - -src_test() { - local charset - for charset in UTF-8 ISO8859-2; do - if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then - # If we don't have valid cs_CZ locale data, auth-nonascii will fail. - # Force a test skip by exiting with status 77. - sed -i -e '2i exit 77' tests/auth-nonascii || die - break - fi - done - default -} - -src_install() { - default - - find "${ED}" -name '*.la' -delete || die - - dodoc "${FILESDIR}"/README.OpenRC.txt - - newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect - insinto /etc/openconnect - - newconfd "${FILESDIR}"/openconnect.conf.in openconnect - - exeinto /etc/openconnect - newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh - - insinto /etc/logrotate.d - newins "${FILESDIR}"/openconnect.logrotate openconnect - - keepdir /var/log/openconnect -}
