On Sun 05/04/2020 07:57, Bjorn Ketelaars wrote:
> Simple diff for updating openconnect to 8.07. Overview on changes can be
> found at:
> http://lists.infradead.org/pipermail/openconnect-devel/2020-March/005562.html
> http://lists.infradead.org/pipermail/openconnect-devel/2020-April/005575.html
>
> This update checks the version of gnutls>=3.6.13. gnutls from 3.6.3 to
> 3.6.12 sends DTLS ClientHello with all zeroes in the client random and
> openconnect advises, and enforces, against using these versions.
>
> Changes to the port:
> - Symbols have been added to libopenconnect so bump minor
> - Add version requirement to gnutls>=3.6.13
> - Take MAINTAINER
>
> Testing:
> - 'make test' runs successful
> - Run tested on amd64 in combination with ocserv
Upstream released 8.08, which fixes a couple of regressions:
"...a fix for case sensitivity of pin-sha256 hashes in the --servercert
option, a fix for a crash when OIDC mode was select but no token
provided, and some more improvements to the CSD trojan handling when
there's no stderr."
Run tested on amd64.
Comments/OK?
diff --git Makefile Makefile
index 1820496cae7..c111a68ee89 100644
--- Makefile
+++ Makefile
@@ -2,15 +2,16 @@
COMMENT= client for Cisco AnyConnect SSL VPN
-DISTNAME= openconnect-8.05
-REVISION= 0
+DISTNAME= openconnect-8.08
-SHARED_LIBS += openconnect 4.4 # 5.5
+SHARED_LIBS += openconnect 4.5 # 5.6
CATEGORIES= net
HOMEPAGE= https://www.infradead.org/openconnect/
+MAINTAINER= Bjorn Ketelaars <bket@openbsd.org>
+
# LGPLv2.1 only
PERMIT_PACKAGE= Yes
@@ -26,6 +27,7 @@ FLAVOR?=
MODULES= lang/python
MODPY_RUNDEP= No
+
# groff is used to format html during build, USE_GROFF not needed
# XXX can probably convert to using mandoc?
BUILD_DEPENDS= devel/gettext,-tools \
@@ -34,7 +36,7 @@ BUILD_DEPENDS= devel/gettext,-tools \
RUN_DEPENDS= net/vpnc-scripts
LIB_DEPENDS= archivers/lz4 \
devel/gettext,-runtime \
- security/gnutls \
+ security/gnutls>=3.6.13 \
textproc/libxml
# also wants socket_wrapper and uid_wrapper from cwrap to be present at
# configure time (in openbsd-wip); tests currently failing, in need of
@@ -44,11 +46,10 @@ TEST_DEPENDS= net/ocserv
FAKE_FLAGS= pkgdatadir=${PREFIX}/share/doc/openconnect
CONFIGURE_STYLE= gnu
-
-CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
- LDFLAGS="-L${LOCALBASE}/lib -liconv"
-CONFIGURE_ARGS= --with-vpnc-script=${SYSCONFDIR}/vpnc-script \
- --without-stoken
+CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
+ LDFLAGS="-L${LOCALBASE}/lib -liconv"
+CONFIGURE_ARGS= --with-vpnc-script=${SYSCONFDIR}/vpnc-script \
+ --without-stoken
# make sure libstoken isn't picked up automatically if we import it.
.if ${FLAVOR:Mlight}
diff --git distinfo distinfo
index 7549b13e496..ac8f211db28 100644
--- distinfo
+++ distinfo
@@ -1,2 +1,2 @@
-SHA256 (openconnect-8.05.tar.gz) = M1wpUtDLNoIqyxEuqvXjtKz/xodJhfthT+wLdsTBKZI=
-SIZE (openconnect-8.05.tar.gz) = 1922100
+SHA256 (openconnect-8.08.tar.gz) = t0sw66u9SAEFbkbANz5x89QcdbgF/Mfuj8WG/lWTeeg=
+SIZE (openconnect-8.08.tar.gz) = 2038269
diff --git pkg/PLIST pkg/PLIST
index 941baf59e32..f2b461d13f6 100644
--- pkg/PLIST
+++ pkg/PLIST
@@ -1,6 +1,6 @@
@comment $OpenBSD: PLIST,v 1.17 2019/08/10 04:02:13 bket Exp $
include/openconnect.h
-lib/libopenconnect.a
+@static-lib lib/libopenconnect.a
lib/libopenconnect.la
@lib lib/libopenconnect.so.${LIBopenconnect_VERSION}
lib/pkgconfig/openconnect.pc
No comments:
Post a Comment