On Sun 05/04/2020 07:57, Bjorn Ketelaars wrote: > Simple diff for updating openconnect to 8.07. Overview on changes can be > found at: > http://lists.infradead.org/pipermail/openconnect-devel/2020-March/005562.html > http://lists.infradead.org/pipermail/openconnect-devel/2020-April/005575.html > > This update checks the version of gnutls>=3.6.13. gnutls from 3.6.3 to > 3.6.12 sends DTLS ClientHello with all zeroes in the client random and > openconnect advises, and enforces, against using these versions. > > Changes to the port: > - Symbols have been added to libopenconnect so bump minor > - Add version requirement to gnutls>=3.6.13 > - Take MAINTAINER > > Testing: > - 'make test' runs successful > - Run tested on amd64 in combination with ocserv
Upstream released 8.08, which fixes a couple of regressions: "...a fix for case sensitivity of pin-sha256 hashes in the --servercert option, a fix for a crash when OIDC mode was select but no token provided, and some more improvements to the CSD trojan handling when there's no stderr." Run tested on amd64. Comments/OK? diff --git Makefile Makefile index 1820496cae7..c111a68ee89 100644 --- Makefile +++ Makefile @@ -2,15 +2,16 @@ COMMENT= client for Cisco AnyConnect SSL VPN -DISTNAME= openconnect-8.05 -REVISION= 0 +DISTNAME= openconnect-8.08 -SHARED_LIBS += openconnect 4.4 # 5.5 +SHARED_LIBS += openconnect 4.5 # 5.6 CATEGORIES= net HOMEPAGE= https://www.infradead.org/openconnect/ +MAINTAINER= Bjorn Ketelaars <b...@openbsd.org> + # LGPLv2.1 only PERMIT_PACKAGE= Yes @@ -26,6 +27,7 @@ FLAVOR?= MODULES= lang/python MODPY_RUNDEP= No + # groff is used to format html during build, USE_GROFF not needed # XXX can probably convert to using mandoc? BUILD_DEPENDS= devel/gettext,-tools \ @@ -34,7 +36,7 @@ BUILD_DEPENDS= devel/gettext,-tools \ RUN_DEPENDS= net/vpnc-scripts LIB_DEPENDS= archivers/lz4 \ devel/gettext,-runtime \ - security/gnutls \ + security/gnutls>=3.6.13 \ textproc/libxml # also wants socket_wrapper and uid_wrapper from cwrap to be present at # configure time (in openbsd-wip); tests currently failing, in need of @@ -44,11 +46,10 @@ TEST_DEPENDS= net/ocserv FAKE_FLAGS= pkgdatadir=${PREFIX}/share/doc/openconnect CONFIGURE_STYLE= gnu - -CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ - LDFLAGS="-L${LOCALBASE}/lib -liconv" -CONFIGURE_ARGS= --with-vpnc-script=${SYSCONFDIR}/vpnc-script \ - --without-stoken +CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ + LDFLAGS="-L${LOCALBASE}/lib -liconv" +CONFIGURE_ARGS= --with-vpnc-script=${SYSCONFDIR}/vpnc-script \ + --without-stoken # make sure libstoken isn't picked up automatically if we import it. .if ${FLAVOR:Mlight} diff --git distinfo distinfo index 7549b13e496..ac8f211db28 100644 --- distinfo +++ distinfo @@ -1,2 +1,2 @@ -SHA256 (openconnect-8.05.tar.gz) = M1wpUtDLNoIqyxEuqvXjtKz/xodJhfthT+wLdsTBKZI= -SIZE (openconnect-8.05.tar.gz) = 1922100 +SHA256 (openconnect-8.08.tar.gz) = t0sw66u9SAEFbkbANz5x89QcdbgF/Mfuj8WG/lWTeeg= +SIZE (openconnect-8.08.tar.gz) = 2038269 diff --git pkg/PLIST pkg/PLIST index 941baf59e32..f2b461d13f6 100644 --- pkg/PLIST +++ pkg/PLIST @@ -1,6 +1,6 @@ @comment $OpenBSD: PLIST,v 1.17 2019/08/10 04:02:13 bket Exp $ include/openconnect.h -lib/libopenconnect.a +@static-lib lib/libopenconnect.a lib/libopenconnect.la @lib lib/libopenconnect.so.${LIBopenconnect_VERSION} lib/pkgconfig/openconnect.pc
