On Mon Apr 06, 2020 at 06:51:37PM +0200, Bjorn Ketelaars wrote:
> On Sun 05/04/2020 07:57, Bjorn Ketelaars wrote:
> > Simple diff for updating openconnect to 8.07. Overview on changes can be
> > found at:
> > http://lists.infradead.org/pipermail/openconnect-devel/2020-March/005562.html
> > http://lists.infradead.org/pipermail/openconnect-devel/2020-April/005575.html
> >
> > This update checks the version of gnutls>=3.6.13. gnutls from 3.6.3 to
> > 3.6.12 sends DTLS ClientHello with all zeroes in the client random and
> > openconnect advises, and enforces, against using these versions.
> >
> > Changes to the port:
> > - Symbols have been added to libopenconnect so bump minor
> > - Add version requirement to gnutls>=3.6.13
> > - Take MAINTAINER
> >
> > Testing:
> > - 'make test' runs successful
> > - Run tested on amd64 in combination with ocserv
>
> Upstream released 8.08, which fixes a couple of regressions:
>
> "...a fix for case sensitivity of pin-sha256 hashes in the --servercert
> option, a fix for a crash when OIDC mode was select but no token
> provided, and some more improvements to the CSD trojan handling when
> there's no stderr."
>
> Run tested on amd64.
OK rsadowski@, works here on amd64.
>
> Comments/OK?
>
>
> diff --git Makefile Makefile
> index 1820496cae7..c111a68ee89 100644
> --- Makefile
> +++ Makefile
> @@ -2,15 +2,16 @@
>
> COMMENT= client for Cisco AnyConnect SSL VPN
>
> -DISTNAME= openconnect-8.05
> -REVISION= 0
> +DISTNAME= openconnect-8.08
>
> -SHARED_LIBS += openconnect 4.4 # 5.5
> +SHARED_LIBS += openconnect 4.5 # 5.6
>
> CATEGORIES= net
>
> HOMEPAGE= https://www.infradead.org/openconnect/
>
> +MAINTAINER= Bjorn Ketelaars <bket@openbsd.org>
> +
> # LGPLv2.1 only
> PERMIT_PACKAGE= Yes
>
> @@ -26,6 +27,7 @@ FLAVOR?=
>
> MODULES= lang/python
> MODPY_RUNDEP= No
> +
> # groff is used to format html during build, USE_GROFF not needed
> # XXX can probably convert to using mandoc?
> BUILD_DEPENDS= devel/gettext,-tools \
> @@ -34,7 +36,7 @@ BUILD_DEPENDS= devel/gettext,-tools \
> RUN_DEPENDS= net/vpnc-scripts
> LIB_DEPENDS= archivers/lz4 \
> devel/gettext,-runtime \
> - security/gnutls \
> + security/gnutls>=3.6.13 \
> textproc/libxml
> # also wants socket_wrapper and uid_wrapper from cwrap to be present at
> # configure time (in openbsd-wip); tests currently failing, in need of
> @@ -44,11 +46,10 @@ TEST_DEPENDS= net/ocserv
> FAKE_FLAGS= pkgdatadir=${PREFIX}/share/doc/openconnect
>
> CONFIGURE_STYLE= gnu
> -
> -CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
> - LDFLAGS="-L${LOCALBASE}/lib -liconv"
> -CONFIGURE_ARGS= --with-vpnc-script=${SYSCONFDIR}/vpnc-script \
> - --without-stoken
> +CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
> + LDFLAGS="-L${LOCALBASE}/lib -liconv"
> +CONFIGURE_ARGS= --with-vpnc-script=${SYSCONFDIR}/vpnc-script \
> + --without-stoken
> # make sure libstoken isn't picked up automatically if we import it.
>
> .if ${FLAVOR:Mlight}
> diff --git distinfo distinfo
> index 7549b13e496..ac8f211db28 100644
> --- distinfo
> +++ distinfo
> @@ -1,2 +1,2 @@
> -SHA256 (openconnect-8.05.tar.gz) = M1wpUtDLNoIqyxEuqvXjtKz/xodJhfthT+wLdsTBKZI=
> -SIZE (openconnect-8.05.tar.gz) = 1922100
> +SHA256 (openconnect-8.08.tar.gz) = t0sw66u9SAEFbkbANz5x89QcdbgF/Mfuj8WG/lWTeeg=
> +SIZE (openconnect-8.08.tar.gz) = 2038269
> diff --git pkg/PLIST pkg/PLIST
> index 941baf59e32..f2b461d13f6 100644
> --- pkg/PLIST
> +++ pkg/PLIST
> @@ -1,6 +1,6 @@
> @comment $OpenBSD: PLIST,v 1.17 2019/08/10 04:02:13 bket Exp $
> include/openconnect.h
> -lib/libopenconnect.a
> +@static-lib lib/libopenconnect.a
> lib/libopenconnect.la
> @lib lib/libopenconnect.so.${LIBopenconnect_VERSION}
> lib/pkgconfig/openconnect.pc
>
No comments:
Post a Comment