hwoarang 15/04/29 17:23:54 Added: plasma-nm-0.9.3.5-openconnect.patch Log: Add upstream patch to fix build with the latest openconnect. Bug #532294 (Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 09BF4F54C2BA7F3C!)
Revision Changes Path 1.1 kde-misc/plasma-nm/files/plasma-nm-0.9.3.5-openconnect.patch file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-misc/plasma-nm/files/plasma-nm-0.9.3.5-openconnect.patch?rev=1.1&view=markup plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-misc/plasma-nm/files/plasma-nm-0.9.3.5-openconnect.patch?rev=1.1&content-type=text/plain Index: plasma-nm-0.9.3.5-openconnect.patch =================================================================== From: David Woodhouse <[email protected]> Date: Wed, 03 Dec 2014 14:10:44 +0000 Subject: Update OpenConnect support for library version 5 X-Git-Url: http://quickgit.kde.org/?p=plasma-nm.git&a=commitdiff&h=3e6585fa4dd2fb3d9b59c7704bd3d7ae5b2c4167 --- Update OpenConnect support for library version 5 String ownership rules are now very simple: the library never takes ownership of a string it's passed. It always takes its *own* copy and is responsible for freeing that. Mostly driven by Windows DLL Hell where it's painful to allocate in one library and free in another because they might actually be using different heaps. Also adapt to the changes in server certificate hash handling. We are no longer supposed to just compare strings, and must call the relevant function to check a hash against the server's certificate. This gives better matching and allows libopenconnect to upgrade the hash in future when it becomes necessary. --- Backported from upstream Signed-off-by: Markos Chandras <[email protected]> X-Gentoo-Bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=532294 --- --- a/vpn/openconnect/CMakeLists.txt +++ b/vpn/openconnect/CMakeLists.txt @@ -15,6 +15,8 @@ if (${OPENCONNECT_VERSION} VERSION_GREATER ${MINIMUM_OPENCONNECT_VERSION_REQUIRED} OR ${OPENCONNECT_VERSION} VERSION_EQUAL ${MINIMUM_OPENCONNECT_VERSION_REQUIRED}) + + include_directories(${OPENCONNECT_INCLUDE_DIRS}) set(openconnect_SRCS openconnectui.cpp --- a/vpn/openconnect/openconnectauth.cpp +++ b/vpn/openconnect/openconnectauth.cpp @@ -161,7 +161,7 @@ } if (!dataMap[NM_OPENCONNECT_KEY_CACERT].isEmpty()) { const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_CACERT]); - openconnect_set_cafile(d->vpninfo, strdup(crt.data())); + openconnect_set_cafile(d->vpninfo, OC3DUP(crt.data())); } if (dataMap[NM_OPENCONNECT_KEY_CSD_ENABLE] == "yes") { char *wrapper; @@ -174,12 +174,12 @@ } if (!dataMap[NM_OPENCONNECT_KEY_PROXY].isEmpty()) { const QByteArray proxy = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PROXY]); - openconnect_set_http_proxy(d->vpninfo, strdup(proxy.data())); + openconnect_set_http_proxy(d->vpninfo, OC3DUP(proxy.data())); } if (!dataMap[NM_OPENCONNECT_KEY_USERCERT].isEmpty()) { const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_USERCERT]); const QByteArray key = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PRIVKEY]); - openconnect_set_client_cert (d->vpninfo, strdup(crt.data()), strdup(key.data())); + openconnect_set_client_cert (d->vpninfo, OC3DUP(crt.data()), OC3DUP(key.data())); if (!crt.isEmpty() && dataMap[NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID] == "yes") { openconnect_passphrase_from_fsid(d->vpninfo); @@ -276,10 +276,10 @@ const VPNHost &host = d->hosts.at(i); if (openconnect_parse_url(d->vpninfo, host.address.toAscii().data())) { kWarning() << "Failed to parse server URL" << host.address; - openconnect_set_hostname(d->vpninfo, strdup(host.address.toAscii().data())); + openconnect_set_hostname(d->vpninfo, OC3DUP(host.address.toAscii().data())); } if (!openconnect_get_urlpath(d->vpninfo) && !host.group.isEmpty()) - openconnect_set_urlpath(d->vpninfo, strdup(host.group.toAscii().data())); + openconnect_set_urlpath(d->vpninfo, OC3DUP(host.group.toAscii().data())); d->secrets["lasthost"] = host.name; addFormInfo(QLatin1String("dialog-information"), i18n("Contacting host, please wait...")); d->worker->start(); @@ -301,9 +301,13 @@ secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_COOKIE), QLatin1String(openconnect_get_cookie(d->vpninfo))); openconnect_clear_cookie(d->vpninfo); +#if OPENCONNECT_CHECK_VER(5,0) + const char *fingerprint = openconnect_get_peer_cert_hash(d->vpninfo); +#else OPENCONNECT_X509 *cert = openconnect_get_peer_cert(d->vpninfo); char fingerprint[41]; openconnect_get_cert_sha1(d->vpninfo, cert, fingerprint); +#endif secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_GWCERT), QLatin1String(fingerprint)); secrets.insert(QLatin1String("certsigs"), d->certificateFingerprints.join("\t")); secrets.insert(QLatin1String("autoconnect"), d->ui.chkAutoconnect->isChecked() ? "yes" : "no"); @@ -578,14 +582,14 @@ if (opt->type == OC_FORM_OPT_PASSWORD || opt->type == OC_FORM_OPT_TEXT) { KLineEdit *le = qobject_cast<KLineEdit*>(widget); QByteArray text = le->text().toUtf8(); - opt->value = strdup(text.data()); + openconnect_set_option_value(opt, text.data()); if (opt->type == OC_FORM_OPT_TEXT) { d->secrets.insert(key,le->text()); } } else if (opt->type == OC_FORM_OPT_SELECT) { KComboBox *cbo = qobject_cast<KComboBox*>(widget); QByteArray text = cbo->itemData(cbo->currentIndex()).toString().toAscii(); - opt->value = strdup(text.data()); + openconnect_set_option_value(opt, text.data()); d->secrets.insert(key,cbo->itemData(cbo->currentIndex()).toString()); } } --- a/vpn/openconnect/openconnectauthworkerthread.cpp +++ b/vpn/openconnect/openconnectauthworkerthread.cpp @@ -43,6 +43,20 @@ class OpenconnectAuthStaticWrapper { public: +#if OPENCONNECT_CHECK_VER(5,0) + static int writeNewConfig(void *obj, const char *str, int num) + { + if (obj) + return static_cast<OpenconnectAuthWorkerThread*>(obj)->writeNewConfig(str, num); + return -1; + } + static int validatePeerCert(void *obj, const char *str) + { + if (obj) + return static_cast<OpenconnectAuthWorkerThread*>(obj)->validatePeerCert(NULL, str); + return -1; + } +#else static int writeNewConfig(void *obj, char *str, int num) { if (obj) @@ -55,7 +69,8 @@ return static_cast<OpenconnectAuthWorkerThread*>(obj)->validatePeerCert(cert, str); return -1; } - static int processAuthForm(void *obj, struct oc_auth_form *form) +#endif + static int processAuthForm(void *obj, struct oc_auth_form *form) { if (obj) return static_cast<OpenconnectAuthWorkerThread*>(obj)->processAuthFormP(form); @@ -108,7 +123,7 @@ return m_openconnectInfo; } -int OpenconnectAuthWorkerThread::writeNewConfig(char *buf, int buflen) +int OpenconnectAuthWorkerThread::writeNewConfig(const char *buf, int buflen) { Q_UNUSED(buflen) if (*m_userDecidedToQuit) @@ -139,10 +154,16 @@ } #endif -int OpenconnectAuthWorkerThread::validatePeerCert(OPENCONNECT_X509 *cert, const char *reason) -{ - if (*m_userDecidedToQuit) - return -EINVAL; +int OpenconnectAuthWorkerThread::validatePeerCert(void *cert, const char *reason) +{ + if (*m_userDecidedToQuit) + return -EINVAL; + +#if OPENCONNECT_CHECK_VER(5,0) + (void)cert; + const char *fingerprint = openconnect_get_peer_cert_hash(m_openconnectInfo); + char *details = openconnect_get_peer_cert_details(m_openconnectInfo); +#else char fingerprint[41]; int ret = 0; @@ -151,7 +172,7 @@ return ret; char *details = openconnect_get_cert_details(m_openconnectInfo, cert); - +#endif bool accepted = false; m_mutex->lock(); QString qFingerprint(fingerprint); @@ -160,7 +181,7 @@ emit validatePeerCert(qFingerprint, qCertinfo, qReason, &accepted); m_waitForUserInput->wait(m_mutex); m_mutex->unlock(); - ::free(details); + openconnect_free_cert_info(m_openconnectInfo, details); if (*m_userDecidedToQuit) return -EINVAL; --- a/vpn/openconnect/openconnectauthworkerthread.h +++ b/vpn/openconnect/openconnectauthworkerthread.h @@ -59,6 +59,17 @@ #define OC_FORM_RESULT_NEWGROUP 2 #endif +#if OPENCONNECT_CHECK_VER(4,0) +#define OC3DUP(x) (x) +#else +#define openconnect_set_option_value(opt, val) do { \ + struct oc_form_opt *_o = (opt); \ + free(_o->value); _o->value = strdup(val); \ + } while (0) +#define openconnect_free_cert_info(v, x) ::free(x) +#define OC3DUP(x) strdup(x) +#endif + #include <QThread> class QMutex; @@ -85,8 +96,8 @@ void run(); private: - int writeNewConfig(char *, int); - int validatePeerCert(OPENCONNECT_X509 *, const char *); + int writeNewConfig(const char *, int); + int validatePeerCert(void *, const char *); int processAuthFormP(struct oc_auth_form *); void writeProgress(int level, const char *, va_list);
