From abfeebeb0c6d8c592e5db2c0e33cbfc34b7b4b46 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sun, 30 Mar 2014 18:41:16 +0000 Subject: [PATCH] openconnect: Updated openconnect to 5.03 Signed-off-by: Nikos Mavrogiannopoulos Signed-off-by: Hauke Mehrtens SVN-Revision: 40339 --- net/openconnect/Config.in | 18 ++++ net/openconnect/Makefile | 17 ++- net/openconnect/files/openconnect.sh | 4 +- net/openconnect/patches/100-passwd_file.patch | 100 ------------------ 4 files changed, 33 insertions(+), 106 deletions(-) create mode 100644 net/openconnect/Config.in delete mode 100644 net/openconnect/patches/100-passwd_file.patch diff --git a/net/openconnect/Config.in b/net/openconnect/Config.in new file mode 100644 index 0000000000..1daaeaa6a0 --- /dev/null +++ b/net/openconnect/Config.in @@ -0,0 +1,18 @@ +# openconnect avanced configuration + +menu "Configuration" + depends on PACKAGE_openconnect + +choice + prompt "SSL library" + default OPENCONNECT_GNUTLS + +config OPENCONNECT_GNUTLS + bool "GnuTLS support" + +config OPENCONNECT_OPENSSL + bool "OpenSSL" + +endchoice + +endmenu diff --git a/net/openconnect/Makefile b/net/openconnect/Makefile index 865972b9e4..106e9bbf6c 100644 --- a/net/openconnect/Makefile +++ b/net/openconnect/Makefile @@ -8,26 +8,30 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openconnect -PKG_VERSION:=4.08 +PKG_VERSION:=5.03 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/ -PKG_MD5SUM:=3dd065194d87c08084675d255c8e29ef +PKG_MD5SUM:=ff43ed1dbaccd2537fd7c5bfb04295a6 include $(INCLUDE_DIR)/package.mk +define Package/openconnect/config + source "$(SOURCE)/Config.in" +endef + define Package/openconnect SECTION:=net CATEGORY:=Network - DEPENDS:=+libxml2 +libopenssl +kmod-tun +resolveip + DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls TITLE:=VPN client for Cisco's AnyConnect SSL VPN URL:=http://www.infradead.org/openconnect/ SUBMENU:=VPN endef define Package/openconnect/description - A VPN client compatible with Cisco's AnyConnect SSL VPN. + A VPN client compatible with Cisco's AnyConnect SSL VPN and ocserv. OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is supported by IOS 12.4(9)T or later on Cisco SR500, 870, 880, 1800, 2800, @@ -38,6 +42,11 @@ CONFIGURE_ARGS += \ --disable-shared \ --with-vpnc-script=/lib/netifd/vpnc-script +ifeq ($(CONFIG_OPENCONNECT_OPENSSL),y) +CONFIGURE_ARGS += \ + --without-gnutls +endif + define Package/openconnect/install $(INSTALL_DIR) $(1)/lib/netifd/proto $(INSTALL_BIN) ./files/openconnect.sh $(1)/lib/netifd/proto/ diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh index 21100678ca..2610194387 100755 --- a/net/openconnect/files/openconnect.sh +++ b/net/openconnect/files/openconnect.sh @@ -42,11 +42,11 @@ proto_openconnect_setup() { umask 077 pwfile="/var/run/openconnect-$config.passwd" echo "$password" > "$pwfile" - append cmdline "--passwd-file=$pwfile" + append cmdline "--passwd-on-stdin" } proto_export INTERFACE="$config" - proto_run_command "$config" /usr/sbin/openconnect $cmdline + proto_run_command "$config" /usr/sbin/openconnect $cmdline <$pwfile } proto_openconnect_teardown() { diff --git a/net/openconnect/patches/100-passwd_file.patch b/net/openconnect/patches/100-passwd_file.patch deleted file mode 100644 index 3e074d54ec..0000000000 --- a/net/openconnect/patches/100-passwd_file.patch +++ /dev/null @@ -1,100 +0,0 @@ ---- a/main.c -+++ b/main.c -@@ -77,6 +77,7 @@ enum { - OPT_CAFILE, - OPT_COOKIEONLY, - OPT_COOKIE_ON_STDIN, -+ OPT_COOKIE_FILE, - OPT_CSD_USER, - OPT_CSD_WRAPPER, - OPT_DISABLE_IPV6, -@@ -91,6 +92,7 @@ enum { - OPT_NO_PROXY, - OPT_PIDFILE, - OPT_PASSWORD_ON_STDIN, -+ OPT_PASSWORD_FILE, - OPT_PRINTCOOKIE, - OPT_RECONNECT_TIMEOUT, - OPT_SERVERCERT, -@@ -139,7 +141,9 @@ static struct option long_options[] = { - OPTION("queue-len", 1, 'Q'), - OPTION("xmlconfig", 1, 'x'), - OPTION("cookie-on-stdin", 0, OPT_COOKIE_ON_STDIN), -+ OPTION("cookie-file", 1, OPT_COOKIE_FILE), - OPTION("passwd-on-stdin", 0, OPT_PASSWORD_ON_STDIN), -+ OPTION("passwd-file", 1, OPT_PASSWORD_FILE), - OPTION("no-passwd", 0, OPT_NO_PASSWD), - OPTION("reconnect-timeout", 1, OPT_RECONNECT_TIMEOUT), - OPTION("dtls-ciphers", 1, OPT_DTLS_CIPHERS), -@@ -177,6 +181,7 @@ static void usage(void) - printf(" -K, --key-type=TYPE %s\n", _("Private key type (PKCS#12 / TPM / PEM)")); - printf(" -C, --cookie=COOKIE %s\n", _("Use WebVPN cookie COOKIE")); - printf(" --cookie-on-stdin %s\n", _("Read cookie from standard input")); -+ printf(" --cookie-file=FILE %s\n", _("Read cookie from a file")); - printf(" -d, --deflate %s\n", _("Enable compression (default)")); - printf(" -D, --no-deflate %s\n", _("Disable compression")); - printf(" --force-dpd=INTERVAL %s\n", _("Set minimum Dead Peer Detection interval")); -@@ -217,6 +222,7 @@ static void usage(void) - printf(" --no-cert-check %s\n", _("Do not require server SSL cert to be valid")); - printf(" --non-inter %s\n", _("Do not expect user input; exit if it is required")); - printf(" --passwd-on-stdin %s\n", _("Read password from standard input")); -+ printf(" --passwd-file=FILE %s\n", _("Read password from a file")); - printf(" --reconnect-timeout %s\n", _("Connection retry timeout in seconds")); - printf(" --servercert=FINGERPRINT %s\n", _("Server's certificate SHA1 fingerprint")); - printf(" --useragent=STRING %s\n", _("HTTP header User-Agent: field")); -@@ -226,15 +232,28 @@ static void usage(void) - exit(1); - } - --static void read_stdin(char **string) -+static void read_file(const char *file, char **string) - { - char *c = malloc(100); -+ FILE *f; -+ -+ if (file) { -+ f = fopen(file, "r"); -+ if (!f) { -+ fprintf(stderr, _("Failed to open password file\n")); -+ exit(1); -+ } -+ } else { -+ file = "stdin"; -+ f = stdin; -+ } -+ - if (!c) { -- fprintf(stderr, _("Allocation failure for string from stdin\n")); -+ fprintf(stderr, _("Allocation failure for string from %s\n"), file); - exit(1); - } -- if (!fgets(c, 100, stdin)) { -- perror(_("fgets (stdin)")); -+ if (!fgets(c, 100, f)) { -+ perror(_("fgets")); - exit(1); - } - -@@ -332,14 +351,20 @@ int main(int argc, char **argv) - cookieonly = 2; - break; - case OPT_COOKIE_ON_STDIN: -- read_stdin(&vpninfo->cookie); -+ optarg = NULL; -+ /* fall through */ -+ case OPT_COOKIE_FILE: -+ read_file(optarg, &vpninfo->cookie); - /* If the cookie is empty, ignore it */ - if (! *vpninfo->cookie) { - vpninfo->cookie = NULL; - } - break; - case OPT_PASSWORD_ON_STDIN: -- read_stdin(&vpninfo->password); -+ optarg = NULL; -+ /* fall through */ -+ case OPT_PASSWORD_FILE: -+ read_file(optarg, &vpninfo->password); - break; - case OPT_NO_PASSWD: - vpninfo->nopasswd = 1; -- 2.30.2