Add upstream patch to fix build with the latest openconnect. Bug #532294

(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 09BF4F54C2BA7F3C!)
author: Markos Chandras <hwoarang@gentoo.org> 2015-04-29 17:23:53 +0000
committer: Markos Chandras <hwoarang@gentoo.org> 2015-04-29 17:23:53 +0000
commit: 74a7b58946b42da4e660f447f4ded7bfd4b00613 (patch)
tree: bf7a5ffaee9868a5a8521661e060240e0bcd1927 /kde-misc
parent: Linux patch 3.14.40 (diff)
download: gentoo-2-74a7b58946b42da4e660f447f4ded7bfd4b00613.tar.gz
gentoo-2-74a7b58946b42da4e660f447f4ded7bfd4b00613.tar.bz2
gentoo-2-74a7b58946b42da4e660f447f4ded7bfd4b00613.zip
3 files changed, 231 insertions, 4 deletions
diff --git a/kde-misc/plasma-nm/ChangeLog b/kde-misc/plasma-nm/ChangeLog
index 72b70cc0332e..66184da09b9c 100644
--- a/kde-misc/plasma-nm/ChangeLog
+++ b/kde-misc/plasma-nm/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for kde-misc/plasma-nm
-# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/kde-misc/plasma-nm/ChangeLog,v 1.18 2014/11/24 16:41:07 kensington Exp $
+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/kde-misc/plasma-nm/ChangeLog,v 1.19 2015/04/29 17:23:53 hwoarang Exp $
+
+  29 Apr 2015; Markos Chandras <hwoarang@gentoo.org>
+  +files/plasma-nm-0.9.3.5-openconnect.patch, plasma-nm-0.9.3.5.ebuild:
+  Add upstream patch to fix build with the latest openconnect. Bug #532294
 
   24 Nov 2014; Michael Palimaka <kensington@gentoo.org>
   plasma-nm-0.9.3.5.ebuild:
diff --git a/kde-misc/plasma-nm/files/plasma-nm-0.9.3.5-openconnect.patch b/kde-misc/plasma-nm/files/plasma-nm-0.9.3.5-openconnect.patch
new file mode 100644
index 000000000000..43efb16fef36
--- /dev/null
+++ b/kde-misc/plasma-nm/files/plasma-nm-0.9.3.5-openconnect.patch
@@ -0,0 +1,221 @@
+From: David Woodhouse <David.Woodhouse@intel.com>
+Date: Wed, 03 Dec 2014 14:10:44 +0000
+Subject: Update OpenConnect support for library version 5
+X-Git-Url: http://quickgit.kde.org/?p=plasma-nm.git&a=commitdiff&h=3e6585fa4dd2fb3d9b59c7704bd3d7ae5b2c4167
+---
+Update OpenConnect support for library version 5
+
+String ownership rules are now very simple: the library never takes ownership
+of a string it's passed. It always takes its *own* copy and is responsible
+for freeing that. Mostly driven by Windows DLL Hell where it's painful to
+allocate in one library and free in another because they might actually be
+using different heaps.
+
+Also adapt to the changes in server certificate hash handling. We are no
+longer supposed to just compare strings, and must call the relevant function
+to check a hash against the server's certificate. This gives better matching
+and allows libopenconnect to upgrade the hash in future when it becomes
+necessary.
+---
+Backported from upstream
+
+Signed-off-by: Markos Chandras <hwoarang@gentoo.org>
+X-Gentoo-Bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=532294
+---
+--- a/vpn/openconnect/CMakeLists.txt
++++ b/vpn/openconnect/CMakeLists.txt
+@@ -15,6 +15,8 @@
+ 
+     if (${OPENCONNECT_VERSION} VERSION_GREATER ${MINIMUM_OPENCONNECT_VERSION_REQUIRED} OR
+         ${OPENCONNECT_VERSION} VERSION_EQUAL ${MINIMUM_OPENCONNECT_VERSION_REQUIRED})
++
++        include_directories(${OPENCONNECT_INCLUDE_DIRS})
+ 
+         set(openconnect_SRCS
+         openconnectui.cpp
+
+--- a/vpn/openconnect/openconnectauth.cpp
++++ b/vpn/openconnect/openconnectauth.cpp
+@@ -161,7 +161,7 @@
+     }
+     if (!dataMap[NM_OPENCONNECT_KEY_CACERT].isEmpty()) {
+         const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_CACERT]);
+-        openconnect_set_cafile(d->vpninfo, strdup(crt.data()));
++        openconnect_set_cafile(d->vpninfo, OC3DUP(crt.data()));
+     }
+     if (dataMap[NM_OPENCONNECT_KEY_CSD_ENABLE] == "yes") {
+         char *wrapper;
+@@ -174,12 +174,12 @@
+     }
+     if (!dataMap[NM_OPENCONNECT_KEY_PROXY].isEmpty()) {
+         const QByteArray proxy = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PROXY]);
+-        openconnect_set_http_proxy(d->vpninfo, strdup(proxy.data()));
++        openconnect_set_http_proxy(d->vpninfo, OC3DUP(proxy.data()));
+     }
+     if (!dataMap[NM_OPENCONNECT_KEY_USERCERT].isEmpty()) {
+         const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_USERCERT]);
+         const QByteArray key = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PRIVKEY]);
+-        openconnect_set_client_cert (d->vpninfo, strdup(crt.data()), strdup(key.data()));
++        openconnect_set_client_cert (d->vpninfo, OC3DUP(crt.data()), OC3DUP(key.data()));
+ 
+         if (!crt.isEmpty() && dataMap[NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID] == "yes") {
+             openconnect_passphrase_from_fsid(d->vpninfo);
+@@ -276,10 +276,10 @@
+     const VPNHost &host = d->hosts.at(i);
+     if (openconnect_parse_url(d->vpninfo, host.address.toAscii().data())) {
+         kWarning() << "Failed to parse server URL" << host.address;
+-        openconnect_set_hostname(d->vpninfo, strdup(host.address.toAscii().data()));
++        openconnect_set_hostname(d->vpninfo, OC3DUP(host.address.toAscii().data()));
+     }
+     if (!openconnect_get_urlpath(d->vpninfo) && !host.group.isEmpty())
+-        openconnect_set_urlpath(d->vpninfo, strdup(host.group.toAscii().data()));
++        openconnect_set_urlpath(d->vpninfo, OC3DUP(host.group.toAscii().data()));
+     d->secrets["lasthost"] = host.name;
+     addFormInfo(QLatin1String("dialog-information"), i18n("Contacting host, please wait..."));
+     d->worker->start();
+@@ -301,9 +301,13 @@
+     secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_COOKIE), QLatin1String(openconnect_get_cookie(d->vpninfo)));
+     openconnect_clear_cookie(d->vpninfo);
+ 
++#if OPENCONNECT_CHECK_VER(5,0)
++    const char *fingerprint = openconnect_get_peer_cert_hash(d->vpninfo);
++#else
+     OPENCONNECT_X509 *cert = openconnect_get_peer_cert(d->vpninfo);
+     char fingerprint[41];
+     openconnect_get_cert_sha1(d->vpninfo, cert, fingerprint);
++#endif
+     secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_GWCERT), QLatin1String(fingerprint));
+     secrets.insert(QLatin1String("certsigs"), d->certificateFingerprints.join("\t"));
+     secrets.insert(QLatin1String("autoconnect"), d->ui.chkAutoconnect->isChecked() ? "yes" : "no");
+@@ -578,14 +582,14 @@
+             if (opt->type == OC_FORM_OPT_PASSWORD || opt->type == OC_FORM_OPT_TEXT) {
+                 KLineEdit *le = qobject_cast<KLineEdit*>(widget);
+                 QByteArray text = le->text().toUtf8();
+-                opt->value = strdup(text.data());
++                openconnect_set_option_value(opt, text.data());
+                 if (opt->type == OC_FORM_OPT_TEXT) {
+                     d->secrets.insert(key,le->text());
+                 }
+             } else if (opt->type == OC_FORM_OPT_SELECT) {
+                 KComboBox *cbo = qobject_cast<KComboBox*>(widget);
+                 QByteArray text = cbo->itemData(cbo->currentIndex()).toString().toAscii();
+-                opt->value = strdup(text.data());
++                openconnect_set_option_value(opt, text.data());
+                 d->secrets.insert(key,cbo->itemData(cbo->currentIndex()).toString());
+             }
+         }
+
+--- a/vpn/openconnect/openconnectauthworkerthread.cpp
++++ b/vpn/openconnect/openconnectauthworkerthread.cpp
+@@ -43,6 +43,20 @@
+ class OpenconnectAuthStaticWrapper
+ {
+ public:
++#if OPENCONNECT_CHECK_VER(5,0)
++    static int writeNewConfig(void *obj, const char *str, int num)
++    {
++        if (obj)
++            return static_cast<OpenconnectAuthWorkerThread*>(obj)->writeNewConfig(str, num);
++        return -1;
++    }
++    static int validatePeerCert(void *obj, const char *str)
++    {
++        if (obj)
++            return static_cast<OpenconnectAuthWorkerThread*>(obj)->validatePeerCert(NULL, str);
++        return -1;
++    }
++#else
+     static int writeNewConfig(void *obj, char *str, int num)
+     {
+         if (obj)
+@@ -55,7 +69,8 @@
+             return static_cast<OpenconnectAuthWorkerThread*>(obj)->validatePeerCert(cert, str);
+         return -1;
+     }
+-    static int processAuthForm(void *obj, struct oc_auth_form *form)
++#endif
++	static int processAuthForm(void *obj, struct oc_auth_form *form)
+     {
+         if (obj)
+             return static_cast<OpenconnectAuthWorkerThread*>(obj)->processAuthFormP(form);
+@@ -108,7 +123,7 @@
+     return m_openconnectInfo;
+ }
+ 
+-int OpenconnectAuthWorkerThread::writeNewConfig(char *buf, int buflen)
++int OpenconnectAuthWorkerThread::writeNewConfig(const char *buf, int buflen)
+ {
+     Q_UNUSED(buflen)
+     if (*m_userDecidedToQuit)
+@@ -139,10 +154,16 @@
+ }
+ #endif
+ 
+-int OpenconnectAuthWorkerThread::validatePeerCert(OPENCONNECT_X509 *cert, const char *reason)
+-{
+-    if (*m_userDecidedToQuit)
+-        return -EINVAL;
++int OpenconnectAuthWorkerThread::validatePeerCert(void *cert, const char *reason)
++{
++    if (*m_userDecidedToQuit)
++        return -EINVAL;
++
++#if OPENCONNECT_CHECK_VER(5,0)
++    (void)cert;
++    const char *fingerprint = openconnect_get_peer_cert_hash(m_openconnectInfo);
++    char *details = openconnect_get_peer_cert_details(m_openconnectInfo);
++#else
+     char fingerprint[41];
+     int ret = 0;
+ 
+@@ -151,7 +172,7 @@
+         return ret;
+ 
+     char *details = openconnect_get_cert_details(m_openconnectInfo, cert);
+-
++#endif
+     bool accepted = false;
+     m_mutex->lock();
+     QString qFingerprint(fingerprint);
+@@ -160,7 +181,7 @@
+     emit validatePeerCert(qFingerprint, qCertinfo, qReason, &accepted);
+     m_waitForUserInput->wait(m_mutex);
+     m_mutex->unlock();
+-    ::free(details);
++    openconnect_free_cert_info(m_openconnectInfo, details);
+     if (*m_userDecidedToQuit)
+         return -EINVAL;
+ 
+
+--- a/vpn/openconnect/openconnectauthworkerthread.h
++++ b/vpn/openconnect/openconnectauthworkerthread.h
+@@ -59,6 +59,17 @@
+ #define OC_FORM_RESULT_NEWGROUP	2
+ #endif
+ 
++#if OPENCONNECT_CHECK_VER(4,0)
++#define OC3DUP(x)			(x)
++#else
++#define openconnect_set_option_value(opt, val) do { \
++		struct oc_form_opt *_o = (opt);				\
++		free(_o->value); _o->value = strdup(val);		\
++	} while (0)
++#define openconnect_free_cert_info(v, x) ::free(x)
++#define OC3DUP(x)			strdup(x)
++#endif
++
+ #include <QThread>
+ 
+ class QMutex;
+@@ -85,8 +96,8 @@
+     void run();
+ 
+ private:
+-    int writeNewConfig(char *, int);
+-    int validatePeerCert(OPENCONNECT_X509 *, const char *);
++    int writeNewConfig(const char *, int);
++    int validatePeerCert(void *, const char *);
+     int processAuthFormP(struct oc_auth_form *);
+     void writeProgress(int level, const char *, va_list);
+ 
+
diff --git a/kde-misc/plasma-nm/plasma-nm-0.9.3.5.ebuild b/kde-misc/plasma-nm/plasma-nm-0.9.3.5.ebuild
index 01edd70eb23b..9e1f4f69e495 100644
--- a/kde-misc/plasma-nm/plasma-nm-0.9.3.5.ebuild
+++ b/kde-misc/plasma-nm/plasma-nm-0.9.3.5.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/kde-misc/plasma-nm/plasma-nm-0.9.3.5.ebuild,v 1.3 2014/11/24 16:41:07 kensington Exp $
+# $Header: /var/cvsroot/gentoo-x86/kde-misc/plasma-nm/plasma-nm-0.9.3.5.ebuild,v 1.4 2015/04/29 17:23:53 hwoarang Exp $
 
 EAPI=5
 
@@ -39,6 +39,8 @@ DEPEND="${RDEPEND}
 	sys-devel/gettext
 "
 
+PATCHES=( "${FILESDIR}"/${P}-openconnect.patch )
+
 src_configure() {
 	local mycmakeargs=(
 		$(cmake-utils_use !modemmanager DISABLE_MODEMMANAGER_SUPPORT)
author	Markos Chandras <hwoarang@gentoo.org>	2015-04-29 17:23:53 +0000
committer	Markos Chandras <hwoarang@gentoo.org>	2015-04-29 17:23:53 +0000
commit	74a7b58946b42da4e660f447f4ded7bfd4b00613 (patch)
tree	bf7a5ffaee9868a5a8521661e060240e0bcd1927 /kde-misc
parent	Linux patch 3.14.40 (diff)
download	gentoo-2-74a7b58946b42da4e660f447f4ded7bfd4b00613.tar.gz gentoo-2-74a7b58946b42da4e660f447f4ded7bfd4b00613.tar.bz2 gentoo-2-74a7b58946b42da4e660f447f4ded7bfd4b00613.zip