Hello community,
here is the log from the commit of package openconnect for openSUSE:Factory checked in at 2015-01-20 12:26:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openconnect (Old)
and /work/SRC/openSUSE:Factory/.openconnect.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openconnect"
Changes:
--------
--- /work/SRC/openSUSE:Factory/openconnect/openconnect.changes 2014-12-21 12:01:16.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.openconnect.new/openconnect.changes 2015-01-20 12:26:42.000000000 +0100
@@ -1,0 +2,9 @@
+Wed Jan 14 11:46:54 UTC 2015 - idonmez@suse.com
+
+- Update to Version 7.03
+ * Clean up handling of incoming packets.
+ * Fix issue with two-stage (i.e. NetworkManager) connection to
+ servers with trick DNS (rh#1179681).
+ * Stop using static variables for received packets.
+
+-------------------------------------------------------------------
Old:
----
openconnect-7.02.tar.gz
New:
----
openconnect-7.03.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openconnect.spec ++++++
--- /var/tmp/diff_new_pack.2fqWOn/_old 2015-01-20 12:26:44.000000000 +0100
+++ /var/tmp/diff_new_pack.2fqWOn/_new 2015-01-20 12:26:44.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openconnect
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: openconnect
-Version: 7.02
+Version: 7.03
Release: 0
Summary: Open client for Cisco AnyConnect VPN
License: LGPL-2.1+
++++++ openconnect-7.02.tar.gz -> openconnect-7.03.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/android/Makefile new/openconnect-7.03/android/Makefile
--- old/openconnect-7.02/android/Makefile 2014-07-21 16:11:34.000000000 +0200
+++ new/openconnect-7.03/android/Makefile 2015-01-06 21:10:29.000000000 +0100
@@ -10,7 +10,7 @@
#
# It should also be fairly simple to extend this to cross-compile for any target
-NDK := /opt/android-sdk-linux_x86/android-ndk-r9b/
+NDK := /opt/android-sdk-linux_x86/android-ndk-r10d/
ARCH := arm
# You should be able to just 'make ARCH=x86' and it should DTRT.
@@ -43,6 +43,9 @@
export PATH PKG_CONFIG_LIBDIR
+# PKG_CONFIG_LIBDIR gets exported to sub-makes, but not to $(shell
+PKG_CONFIG := PKG_CONFIG_LIBDIR=$(PKG_CONFIG_LIBDIR) pkg-config
+
MAKEINSTALL=$(MAKE) INSTALL=$(TOPDIR)/install_symlink.sh
FETCH=$(TOPDIR)/fetch.sh
@@ -52,14 +55,13 @@
SOURCE_LIST = $(LIBXML2_SRC)/configure $(GMP_SRC)/configure \
$(NETTLE_SRC)/configure $(GNUTLS_SRC)/configure \
- $(TOMCRYPT_DIR)/makefile $(STOKEN_SRC)/configure \
- $(OATH_SRC)/configure
+ $(STOKEN_SRC)/configure $(OATH_SRC)/configure
-PKG_LIST := LIBXML2 OPENSSL GMP NETTLE GNUTLS TOMCRYPT STOKEN OATH
+PKG_LIST := LIBXML2 OPENSSL GMP NETTLE GNUTLS STOKEN OATH
MIRROR_TEST_TARGETS := $(addprefix mirror-test-,$(PKG_LIST))
-all: openconnect
+all: openconnect run_pie
#####################################################################
#
@@ -198,9 +200,9 @@
#
# Build nettle
#
-NETTLE_VER := 2.7
+NETTLE_VER := 2.7.1
NETTLE_TAR := nettle-$(NETTLE_VER).tar.gz
-NETTLE_SHA1 := e17de3678b987841e88a724b7d2f6856d97ab139
+NETTLE_SHA1 := e7477df5f66e650c4c4738ec8e01c2efdb5d1211
NETTLE_SRC := sources/nettle-$(NETTLE_VER)
NETTLE_BUILD := $(TRIPLET)/nettle
@@ -231,9 +233,9 @@
#
# Build GnuTLS
#
-GNUTLS_VER := 3.2.15
+GNUTLS_VER := 3.2.21
GNUTLS_TAR := gnutls-$(GNUTLS_VER).tar.xz
-GNUTLS_SHA1 := 31f289b48b0bf054f5f8c16d3b878615d0ae06fc
+GNUTLS_SHA1 := fa12e643ad21bcaf450d534f262c813d75843966
GNUTLS_SRC := sources/gnutls-$(GNUTLS_VER)
GNUTLS_BUILD := $(TRIPLET)/gnutls
@@ -278,47 +280,11 @@
#####################################################################
#
-# Build libtomcrypt
-#
-TOMCRYPT_VER := 1.17
-TOMCRYPT_TAR := crypt-$(TOMCRYPT_VER).tar.bz2
-TOMCRYPT_SHA1 := 9c746822c84e4276e432b64964f94d1d5ddd13ad
-TOMCRYPT_DIR := $(TRIPLET)/libtomcrypt-$(TOMCRYPT_VER)
-
-$(TOMCRYPT_TAR):
- $(FETCH) $@ $(TOMCRYPT_SHA1)
-
-$(TOMCRYPT_DIR)/makefile: $(TOMCRYPT_TAR)
- mkdir -p $(TRIPLET)
- tar xfj $< -C $(TRIPLET)
- touch $@
-
-$(TOMCRYPT_DIR)/libtomcrypt.a: $(TOOLCHAIN_BUILT) $(TOMCRYPT_DIR)/makefile
- $(MAKE) -C $(TOMCRYPT_DIR) \
- CC="$(TRIPLET)-gcc $(EXTRA_CFLAGS)" \
- AR="$(TRIPLET)-ar" \
- RANLIB="$(TRIPLET)-ranlib"
-
-$(OC_SYSROOT)/lib/libtomcrypt.a: $(TOMCRYPT_DIR)/libtomcrypt.a
- $(MAKE) -C $(TOMCRYPT_DIR) \
- DESTDIR=$(OC_SYSROOT) \
- LIBPATH=/lib INCPATH=/include \
- INSTALL_USER=$(shell id -u) \
- INSTALL_GROUP=$(shell id -g) \
- NODOCS=1 install
-
-TOMCRYPT_DEPS := $(OC_SYSROOT)/lib/libtomcrypt.a
-
-tomcrypt: $(TOMCRYPT_DEPS)
-
-
-#####################################################################
-#
# Build libstoken
#
-STOKEN_VER := 0.5
+STOKEN_VER := 0.81
STOKEN_TAR := stoken-$(STOKEN_VER).tar.gz
-STOKEN_SHA1 := 1fcc026580a3cf28904212f34ae2cf2180586f86
+STOKEN_SHA1 := db36aec5a8bd3f5f92deaebdea08cb639b78da73
STOKEN_SRC := sources/stoken-$(STOKEN_VER)
STOKEN_BUILD := $(TRIPLET)/stoken
@@ -330,7 +296,7 @@
tar xfz $< -C sources
touch $@
-$(STOKEN_BUILD)/Makefile: $(TOOLCHAIN_BUILT) $(STOKEN_SRC)/configure $(TOMCRYPT_DEPS)
+$(STOKEN_BUILD)/Makefile: $(TOOLCHAIN_BUILT) $(STOKEN_SRC)/configure $(NETTLE_DEPS)
mkdir -p $(STOKEN_BUILD)
cd $(STOKEN_BUILD) && ../../$(STOKEN_SRC)/configure $(CONFIGURE_ARGS) \
--without-gtk
@@ -350,9 +316,9 @@
#
# Build liboath
#
-OATH_VER := 2.4.0
+OATH_VER := 2.4.1
OATH_TAR := oath-toolkit-$(OATH_VER).tar.gz
-OATH_SHA1 := 89d2cd30dd401a3f6973ec3c2b26f1cb737764a7
+OATH_SHA1 := b0ca4c5f89c12c550f7227123c2f21f45b2bf969
OATH_SRC := sources/oath-toolkit-$(OATH_VER)
OATH_BUILD := $(TRIPLET)/oath
@@ -370,10 +336,10 @@
cd $(OATH_BUILD) && ../../$(OATH_SRC)/configure $(CONFIGURE_ARGS) \
--disable-pskc --disable-pam
-$(OATH_BUILD)/liboath.la: $(OATH_BUILD)/Makefile
+$(OATH_BUILD)/liboath/liboath.la: $(OATH_BUILD)/Makefile
$(MAKE) -C $(OATH_BUILD)
-$(OC_SYSROOT)/lib/liboath.la: $(OATH_BUILD)/liboath.la
+$(OC_SYSROOT)/lib/liboath.la: $(OATH_BUILD)/liboath/liboath.la
$(MAKEINSTALL) -C $(OATH_BUILD) install
OATH_DEPS := $(OC_SYSROOT)/lib/liboath.la
@@ -395,9 +361,10 @@
mkdir -p $(OPENCONNECT_BUILD)
cd $(OPENCONNECT_BUILD) && ../../../configure \
--host=$(TRIPLET) --prefix=/ \
- CFLAGS="$(EXTRA_CFLAGS)" \
- LDFLAGS="$(EXTRA_LDFLAGS)" \
- GNUTLS_LIBS="$(shell PKG_CONFIG_LIBDIR=$(OC_SYSROOT)/lib/pkgconfig pkg-config --static --libs gnutls)" \
+ CFLAGS="$(EXTRA_CFLAGS) -fvisibility=default -fPIE" \
+ LDFLAGS="$(EXTRA_LDFLAGS) -rdynamic -pie" \
+ GNUTLS_LIBS="$(shell $(PKG_CONFIG) --static --libs gnutls)" \
+ LIBSTOKEN_LIBS="$(shell $(PKG_CONFIG) --static --libs stoken)" \
--enable-shared --with-vpnc-script=/etc/vpnc/vpnc-script \
--with-java=$(OC_SYSROOT)/include --enable-jni-standalone \
--disable-symvers
@@ -408,6 +375,18 @@
#####################################################################
+#
+# Build run_pie helper program
+#
+$(DESTDIR)/sbin/run_pie: run_pie.c $(TOOLCHAIN_BUILT)
+ mkdir -p $(DESTDIR)/sbin
+ $(TRIPLET)-gcc $< -o $@ -ldl
+
+.PHONY: run_pie
+run_pie: $(DESTDIR)/sbin/run_pie
+
+
+#####################################################################
#
# Special targets for maintainer use
#
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/android/fetch.sh new/openconnect-7.03/android/fetch.sh
--- old/openconnect-7.02/android/fetch.sh 2014-07-21 16:11:34.000000000 +0200
+++ new/openconnect-7.03/android/fetch.sh 2015-01-06 21:10:29.000000000 +0100
@@ -41,10 +41,6 @@
gnutls_MIRROR_2=http://gd.tuwien.ac.at/pub/gnupg/gnutls/v3.2
gnutls_MIRROR_3=http://thammuz.tchpc.tcd.ie/mirrors/gnupg/gnutls/v3.2
-crypt_MIRROR_0=http://libtom.org/files
-crypt_MIRROR_1=ftp://ftp.allbsd.org/pub/FreeBSD/ports/distfiles
-crypt_MIRROR_2=ftp://ftp.mirrorservice.org/sites/ftp.netbsd.org/pub/pkgsrc/distfiles
-
stoken_MIRROR_0=http://sourceforge.net/projects/stoken/files
stoken_SUFFIX_0=/download
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/android/install_symlink.sh new/openconnect-7.03/android/install_symlink.sh
--- old/openconnect-7.02/android/install_symlink.sh 2014-07-21 16:11:34.000000000 +0200
+++ new/openconnect-7.03/android/install_symlink.sh 2015-01-06 21:10:29.000000000 +0100
@@ -24,5 +24,5 @@
if [ ! -z $MAKEDIR ]; then
mkdir -p $1
fi
-ln -sf $SRCS "$1"
+cp -f $SRCS "$1"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/android/run_pie.c new/openconnect-7.03/android/run_pie.c
--- old/openconnect-7.02/android/run_pie.c 1970-01-01 01:00:00.000000000 +0100
+++ new/openconnect-7.03/android/run_pie.c 2015-01-06 21:10:29.000000000 +0100
@@ -0,0 +1,92 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Google Inc. nor the names of its
+// contributors may be used to endorse or promote products derived from
+// this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+#include
+#include
+#include
+#include
+#include
+
+// This is a wrapper to run position independent executables on Android ICS,
+// where the linker doesn't support PIE. This requires the PIE binaries to be
+// built with CFLAGS +=-fvisibility=default -fPIE, and LDFLAGS += -rdynamic -pie
+// such that the main() symbol remains exported and can be dlsym-ed.
+
+#define ERR_PREFIX "[PIE Loader] "
+
+typedef int (*main_t)(int, char**);
+
+
+int main(int argc, char** argv) {
+ if (argc < 2) {
+ printf("Usage: %s path_to_pie_executable [args]\n", argv[0]);
+ return -1;
+ }
+
+ // Shift left the argv[]. argv is what /proc/PID/cmdline prints out. In turn
+ // cmdline is what Android "ps" prints out. In turn "ps" is what many scripts
+ // look for to decide which processes to kill / killall.
+ int i;
+ char* next_argv_start = argv[0];
+ for (i = 1; i < argc; ++i) {
+ const size_t argv_len = strlen(argv[i]) + 1;
+ memmove(argv[i - 1], argv[i], argv_len);
+ next_argv_start += argv_len;
+ argv[i] = next_argv_start;
+ }
+ argv[argc - 1] = NULL; // The last argv must be a NULL ptr.
+
+ // Set also the proc name accordingly (/proc/PID/comm).
+ prctl(PR_SET_NAME, (long) argv[0]);
+
+ // dlopen should not fail, unless:
+ // - The target binary does not exists:
+ // - The dependent .so libs cannot be loaded.
+ // In both cases, just bail out with an explicit error message.
+ void* handle = dlopen(argv[0], RTLD_NOW);
+ if (handle == NULL) {
+ printf(ERR_PREFIX "dlopen() failed: %s.\n", dlerror());
+ return -1;
+ }
+
+ main_t pie_main = (main_t) dlsym(handle, "main");
+ if (pie_main) {
+ return pie_main(argc - 1, argv);
+ }
+
+ // If we reached this point dlsym failed, very likely because the target
+ // binary has not been compiled with the proper CFLAGS / LDFLAGS.
+ // At this point the most sensible thing to do is running that normally
+ // via exec and hope that the target binary wasn't a PIE.
+ execv(argv[0], argv);
+
+ // exevc is supposed to never return, unless it fails.
+ printf(ERR_PREFIX "Both dlsym() and the execv() fallback failed.\n");
+ perror("execv");
+ return -1;
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/configure new/openconnect-7.03/configure
--- old/openconnect-7.02/configure 2014-12-19 12:09:40.000000000 +0100
+++ new/openconnect-7.03/configure 2015-01-09 14:35:22.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for openconnect 7.02.
+# Generated by GNU Autoconf 2.69 for openconnect 7.03.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
# Identity of this package.
PACKAGE_NAME='openconnect'
PACKAGE_TARNAME='openconnect'
-PACKAGE_VERSION='7.02'
-PACKAGE_STRING='openconnect 7.02'
+PACKAGE_VERSION='7.03'
+PACKAGE_STRING='openconnect 7.03'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1451,7 +1451,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures openconnect 7.02 to adapt to many kinds of systems.
+\`configure' configures openconnect 7.03 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1521,7 +1521,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of openconnect 7.02:";;
+ short | recursive ) echo "Configuration of openconnect 7.03:";;
esac
cat <<\_ACEOF
@@ -1699,7 +1699,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-openconnect configure 7.02
+openconnect configure 7.03
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2064,7 +2064,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by openconnect $as_me 7.02, which was
+It was created by openconnect $as_me 7.03, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3150,7 +3150,7 @@
# Define the identity of the package.
PACKAGE='openconnect'
- VERSION='7.02'
+ VERSION='7.03'
cat >>confdefs.h <<_ACEOF
@@ -17484,7 +17484,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by openconnect $as_me 7.02, which was
+This file was extended by openconnect $as_me 7.03, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -17550,7 +17550,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-openconnect config.status 7.02
+openconnect config.status 7.03
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/configure.ac new/openconnect-7.03/configure.ac
--- old/openconnect-7.02/configure.ac 2014-12-19 12:09:34.000000000 +0100
+++ new/openconnect-7.03/configure.ac 2015-01-09 14:35:15.000000000 +0100
@@ -1,4 +1,4 @@
-AC_INIT(openconnect, 7.02)
+AC_INIT(openconnect, 7.03)
AC_CONFIG_HEADERS([config.h])
PKG_PROG_PKG_CONFIG
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/cstp.c new/openconnect-7.03/cstp.c
--- old/openconnect-7.02/cstp.c 2014-12-05 12:57:01.000000000 +0100
+++ new/openconnect-7.03/cstp.c 2015-01-09 02:06:27.000000000 +0100
@@ -40,22 +40,22 @@
* 0008: data payload
*/
-static char data_hdr[8] = {
+static const char data_hdr[8] = {
'S', 'T', 'F', 1,
0, 0, /* Length */
AC_PKT_DATA, /* Type */
0 /* Unknown */
};
-static struct pkt keepalive_pkt = {
+static const struct pkt keepalive_pkt = {
.hdr = { 'S', 'T', 'F', 1, 0, 0, AC_PKT_KEEPALIVE, 0 },
};
-static struct pkt dpd_pkt = {
+static const struct pkt dpd_pkt = {
.hdr = { 'S', 'T', 'F', 1, 0, 0, AC_PKT_DPD_OUT, 0 },
};
-static struct pkt dpd_resp_pkt = {
+static const struct pkt dpd_resp_pkt = {
.hdr = { 'S', 'T', 'F', 1, 0, 0, AC_PKT_DPD_RESP, 0 },
};
@@ -188,8 +188,15 @@
buf_append(reqbuf, "Cookie: webvpn=%s\r\n", vpninfo->cookie);
buf_append(reqbuf, "X-CSTP-Version: 1\r\n");
buf_append(reqbuf, "X-CSTP-Hostname: %s\r\n", vpninfo->localname);
- if (vpninfo->deflate && i < sizeof(buf))
- buf_append(reqbuf, "X-CSTP-Accept-Encoding: deflate;q=1.0\r\n");
+ if (vpninfo->req_compr) {
+ char sep = ' ';
+ buf_append(reqbuf, "X-CSTP-Accept-Encoding:");
+ if (vpninfo->req_compr & COMPR_DEFLATE) {
+ buf_append(reqbuf, "%cdeflate", sep);
+ sep = ',';
+ }
+ buf_append(reqbuf, "\r\n");
+ }
if (base_mtu)
buf_append(reqbuf, "X-CSTP-Base-MTU: %d\r\n", base_mtu);
buf_append(reqbuf, "X-CSTP-MTU: %d\r\n", mtu);
@@ -267,7 +274,7 @@
vpn_progress(vpninfo, PRG_INFO, _("Got CONNECT response: %s\n"), buf);
/* We may have advertised it, but we only do it if the server agrees */
- vpninfo->deflate = 0;
+ vpninfo->cstp_compr = vpninfo->dtls_compr = 0;
mtu = 0;
while ((i = vpninfo->ssl_gets(vpninfo, buf, sizeof(buf)))) {
@@ -367,7 +374,7 @@
vpninfo->ssl_times.rekey_method = REKEY_NONE;
} else if (!strcmp(buf + 7, "Content-Encoding")) {
if (!strcmp(colon, "deflate"))
- vpninfo->deflate = 1;
+ vpninfo->cstp_compr = COMPR_DEFLATE;
else {
vpn_progress(vpninfo, PRG_ERR,
_("Unknown CSTP-Content-Encoding %s\n"),
@@ -531,6 +538,7 @@
int openconnect_make_cstp_connection(struct openconnect_info *vpninfo)
{
int ret;
+ int deflate_bufsize = 0;
/* This needs to be done before openconnect_setup_dtls() because it's
sent with the CSTP CONNECT handshake. Even if we don't end up doing
@@ -546,7 +554,13 @@
if (ret)
return ret;
- if (vpninfo->deflate) {
+ ret = start_cstp_connection(vpninfo);
+ if (ret)
+ goto out;
+
+ /* If deflate compression is enabled (which is CSTP-only), it needs its
+ * context to be allocated. */
+ if (vpninfo->cstp_compr == COMPR_DEFLATE) {
vpninfo->deflate_adler32 = 1;
vpninfo->inflate_adler32 = 1;
@@ -554,28 +568,37 @@
deflateInit2(&vpninfo->deflate_strm, Z_DEFAULT_COMPRESSION,
Z_DEFLATED, -12, 9, Z_DEFAULT_STRATEGY)) {
vpn_progress(vpninfo, PRG_ERR, _("Compression setup failed\n"));
- vpninfo->deflate = 0;
+ ret = -ENOMEM;
+ goto out;
}
+ /* Add four bytes for the adler32 */
+ deflate_bufsize = deflateBound(&vpninfo->deflate_strm,
+ vpninfo->ip_info.mtu) + 4;
+ }
+
+ /* If *any* compression is enabled, we'll need a deflate_pkt to compress into */
+ if (deflate_bufsize > vpninfo->deflate_pkt_size) {
+ free(vpninfo->deflate_pkt);
+ vpninfo->deflate_pkt = malloc(sizeof(struct pkt) + deflate_bufsize);
if (!vpninfo->deflate_pkt) {
- vpninfo->deflate_pkt = malloc(sizeof(struct pkt) + 2048);
- if (!vpninfo->deflate_pkt) {
- vpn_progress(vpninfo, PRG_ERR,
- _("Allocation of deflate buffer failed\n"));
- inflateEnd(&vpninfo->inflate_strm);
- deflateEnd(&vpninfo->deflate_strm);
- vpninfo->deflate = 0;
- } else {
- memset(vpninfo->deflate_pkt, 0, sizeof(struct pkt));
- memcpy(vpninfo->deflate_pkt->hdr, data_hdr, 8);
- vpninfo->deflate_pkt->hdr[6] = AC_PKT_COMPRESSED;
- }
+ vpninfo->deflate_pkt_size = 0;
+ vpn_progress(vpninfo, PRG_ERR,
+ _("Allocation of deflate buffer failed\n"));
+ ret = -ENOMEM;
+ goto out;
}
+
+ vpninfo->deflate_pkt_size = deflate_bufsize;
+ memset(vpninfo->deflate_pkt, 0, sizeof(struct pkt));
+ memcpy(vpninfo->deflate_pkt->hdr, data_hdr, 8);
+ vpninfo->deflate_pkt->hdr[6] = AC_PKT_COMPRESSED;
}
- ret = start_cstp_connection(vpninfo);
+ out:
if (ret < 0)
openconnect_close_https(vpninfo, 0);
+
return ret;
}
@@ -587,7 +610,7 @@
openconnect_close_https(vpninfo, 0);
- if (vpninfo->deflate) {
+ if (vpninfo->cstp_compr == COMPR_DEFLATE) {
/* Requeue the original packet that was deflated */
if (vpninfo->current_ssl_pkt == vpninfo->deflate_pkt) {
vpninfo->current_ssl_pkt = NULL;
@@ -600,6 +623,11 @@
timeout = vpninfo->reconnect_timeout;
interval = vpninfo->reconnect_interval;
+ free(vpninfo->dtls_pkt);
+ vpninfo->dtls_pkt = NULL;
+ free(vpninfo->tun_pkt);
+ vpninfo->tun_pkt = NULL;
+
while ((ret = openconnect_make_cstp_connection(vpninfo))) {
if (timeout <= 0)
return ret;
@@ -752,8 +780,7 @@
int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)
{
- unsigned char buf[16384];
- int len, ret;
+ int ret;
int work_done = 0;
if (vpninfo->ssl_fd == -1)
@@ -765,26 +792,49 @@
we should probably remove POLLIN from the events we're looking for,
and add POLLOUT. As it is, though, it'll just chew CPU time in that
fairly unlikely situation, until the write backlog clears. */
- while ((len = cstp_read(vpninfo, buf, sizeof(buf))) > 0) {
+ while (1) {
+ int len = vpninfo->deflate_pkt_size ? : vpninfo->ip_info.mtu;
int payload_len;
- if (buf[0] != 'S' || buf[1] != 'T' ||
- buf[2] != 'F' || buf[3] != 1 || buf[7])
+ if (!vpninfo->cstp_pkt) {
+ vpninfo->cstp_pkt = malloc(sizeof(struct pkt) + len);
+ if (!vpninfo->cstp_pkt) {
+ vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n"));
+ break;
+ }
+ }
+
+ len = cstp_read(vpninfo, vpninfo->cstp_pkt->hdr, len + 8);
+ if (!len)
+ break;
+ if (len < 0)
+ goto do_reconnect;
+ if (len < 8) {
+ vpn_progress(vpninfo, PRG_ERR, _("Short packet received (%d bytes)\n"), len);
+ vpninfo->quit_reason = "Short packet received";
+ return 1;
+ }
+
+ if (vpninfo->cstp_pkt->hdr[0] != 'S' || vpninfo->cstp_pkt->hdr[1] != 'T' ||
+ vpninfo->cstp_pkt->hdr[2] != 'F' || vpninfo->cstp_pkt->hdr[3] != 1 ||
+ vpninfo->cstp_pkt->hdr[7])
goto unknown_pkt;
- payload_len = (buf[4] << 8) + buf[5];
+ payload_len = (vpninfo->cstp_pkt->hdr[4] << 8) + vpninfo->cstp_pkt->hdr[5];
if (len != 8 + payload_len) {
vpn_progress(vpninfo, PRG_ERR,
_("Unexpected packet length. SSL_read returned %d but packet is\n"),
len);
vpn_progress(vpninfo, PRG_ERR,
"%02x %02x %02x %02x %02x %02x %02x %02x\n",
- buf[0], buf[1], buf[2], buf[3],
- buf[4], buf[5], buf[6], buf[7]);
+ vpninfo->cstp_pkt->hdr[0], vpninfo->cstp_pkt->hdr[1],
+ vpninfo->cstp_pkt->hdr[2], vpninfo->cstp_pkt->hdr[3],
+ vpninfo->cstp_pkt->hdr[4], vpninfo->cstp_pkt->hdr[5],
+ vpninfo->cstp_pkt->hdr[6], vpninfo->cstp_pkt->hdr[7]);
continue;
}
vpninfo->ssl_times.last_rx = time(NULL);
- switch (buf[6]) {
+ switch (vpninfo->cstp_pkt->hdr[6]) {
case AC_PKT_DPD_OUT:
vpn_progress(vpninfo, PRG_DEBUG,
_("Got CSTP DPD request\n"));
@@ -805,31 +855,32 @@
vpn_progress(vpninfo, PRG_TRACE,
_("Received uncompressed data packet of %d bytes\n"),
payload_len);
- queue_new_packet(&vpninfo->incoming_queue, buf + 8,
- payload_len);
+ vpninfo->cstp_pkt->len = payload_len;
+ queue_packet(&vpninfo->incoming_queue, vpninfo->cstp_pkt);
+ vpninfo->cstp_pkt = NULL;
work_done = 1;
continue;
case AC_PKT_DISCONN: {
int i;
- for (i = 0; i < payload_len; i++) {
- if (!isprint(buf[payload_len + 8 + i]))
- buf[payload_len + 8 + i] = '.';
+ for (i = 1; i < payload_len; i++) {
+ if (!isprint(vpninfo->cstp_pkt->data[i]))
+ vpninfo->cstp_pkt->data[i] = '.';
}
- buf[payload_len + 8] = 0;
+ vpninfo->cstp_pkt->data[payload_len] = 0;
vpn_progress(vpninfo, PRG_ERR,
_("Received server disconnect: %02x '%s'\n"),
- buf[8], buf + 9);
+ vpninfo->cstp_pkt->data[0], vpninfo->cstp_pkt->data + 1);
vpninfo->quit_reason = "Server request";
return -EPIPE;
}
case AC_PKT_COMPRESSED:
- if (!vpninfo->deflate) {
+ if (!vpninfo->cstp_compr) {
vpn_progress(vpninfo, PRG_ERR,
_("Compressed packet received in !deflate mode\n"));
goto unknown_pkt;
}
- inflate_and_queue_packet(vpninfo, buf + 8, payload_len);
+ inflate_and_queue_packet(vpninfo, vpninfo->cstp_pkt->data, payload_len);
work_done = 1;
continue;
@@ -842,13 +893,13 @@
unknown_pkt:
vpn_progress(vpninfo, PRG_ERR,
_("Unknown packet %02x %02x %02x %02x %02x %02x %02x %02x\n"),
- buf[0], buf[1], buf[2], buf[3],
- buf[4], buf[5], buf[6], buf[7]);
+ vpninfo->cstp_pkt->hdr[0], vpninfo->cstp_pkt->hdr[1],
+ vpninfo->cstp_pkt->hdr[2], vpninfo->cstp_pkt->hdr[3],
+ vpninfo->cstp_pkt->hdr[4], vpninfo->cstp_pkt->hdr[5],
+ vpninfo->cstp_pkt->hdr[6], vpninfo->cstp_pkt->hdr[7]);
vpninfo->quit_reason = "Unknown packet received";
return 1;
}
- if (len < 0)
- goto do_reconnect;
/* If SSL_write() fails we are expected to try again. With exactly
@@ -902,7 +953,7 @@
if (vpninfo->owe_ssl_dpd_response) {
vpninfo->owe_ssl_dpd_response = 0;
- vpninfo->current_ssl_pkt = &dpd_resp_pkt;
+ vpninfo->current_ssl_pkt = (struct pkt *)&dpd_resp_pkt;
goto handle_outgoing;
}
@@ -951,7 +1002,7 @@
case KA_DPD:
vpn_progress(vpninfo, PRG_DEBUG, _("Send CSTP DPD\n"));
- vpninfo->current_ssl_pkt = &dpd_pkt;
+ vpninfo->current_ssl_pkt = (struct pkt *)&dpd_pkt;
goto handle_outgoing;
case KA_KEEPALIVE:
@@ -962,7 +1013,7 @@
vpn_progress(vpninfo, PRG_DEBUG, _("Send CSTP Keepalive\n"));
- vpninfo->current_ssl_pkt = &keepalive_pkt;
+ vpninfo->current_ssl_pkt = (struct pkt *)&keepalive_pkt;
goto handle_outgoing;
case KA_NONE:
@@ -975,14 +1026,14 @@
vpninfo->outgoing_queue = this->next;
vpninfo->outgoing_qlen--;
- if (vpninfo->deflate) {
+ if (vpninfo->cstp_compr == COMPR_DEFLATE) {
unsigned char *adler;
int ret;
vpninfo->deflate_strm.next_in = this->data;
vpninfo->deflate_strm.avail_in = this->len;
vpninfo->deflate_strm.next_out = (void *)vpninfo->deflate_pkt->data;
- vpninfo->deflate_strm.avail_out = 2040;
+ vpninfo->deflate_strm.avail_out = vpninfo->deflate_pkt_size - 4;
vpninfo->deflate_strm.total_out = 0;
ret = deflate(&vpninfo->deflate_strm, Z_SYNC_FLUSH);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/dtls.c new/openconnect-7.03/dtls.c
--- old/openconnect-7.02/dtls.c 2014-11-18 22:44:53.000000000 +0100
+++ new/openconnect-7.03/dtls.c 2015-01-09 02:06:27.000000000 +0100
@@ -677,9 +677,6 @@
return 0;
}
-static struct pkt *dtls_pkt;
-static int dtls_pkt_max;
-
int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
{
int work_done = 0;
@@ -712,16 +709,15 @@
int len = vpninfo->ip_info.mtu;
unsigned char *buf;
- if (!dtls_pkt || len > dtls_pkt_max) {
- realloc_inplace(dtls_pkt, sizeof(struct pkt) + len);
- if (!dtls_pkt) {
- vpn_progress(vpninfo, PRG_ERR, "Allocation failed\n");
+ if (!vpninfo->dtls_pkt) {
+ vpninfo->dtls_pkt = malloc(sizeof(struct pkt) + len);
+ if (!vpninfo->dtls_pkt) {
+ vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n"));
break;
}
- dtls_pkt_max = len;
}
- buf = dtls_pkt->data - 1;
+ buf = vpninfo->dtls_pkt->data - 1;
len = DTLS_RECV(vpninfo->dtls_ssl, buf, len + 1);
if (len <= 0)
break;
@@ -734,9 +730,9 @@
switch (buf[0]) {
case AC_PKT_DATA:
- dtls_pkt->len = len - 1;
- queue_packet(&vpninfo->incoming_queue, dtls_pkt);
- dtls_pkt = NULL;
+ vpninfo->dtls_pkt->len = len - 1;
+ queue_packet(&vpninfo->incoming_queue, vpninfo->dtls_pkt);
+ vpninfo->dtls_pkt = NULL;
work_done = 1;
break;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/library.c new/openconnect-7.03/library.c
--- old/openconnect-7.02/library.c 2014-12-17 15:34:20.000000000 +0100
+++ new/openconnect-7.03/library.c 2015-01-07 21:29:50.000000000 +0100
@@ -72,7 +72,7 @@
vpninfo->ssl_fd = vpninfo->dtls_fd = -1;
vpninfo->cmd_fd = vpninfo->cmd_fd_write = -1;
vpninfo->cert_expire_warning = 60 * 86400;
- vpninfo->deflate = 1;
+ vpninfo->req_compr = COMPR_ALL;
vpninfo->max_qlen = 10;
vpninfo->localname = strdup("localhost");
vpninfo->useragent = openconnect_create_useragent(useragent);
@@ -294,6 +294,8 @@
free(vpninfo->deflate_pkt);
free(vpninfo->tun_pkt);
+ free(vpninfo->dtls_pkt);
+ free(vpninfo->cstp_pkt);
free(vpninfo);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/main.c new/openconnect-7.03/main.c
--- old/openconnect-7.02/main.c 2014-12-07 19:58:46.000000000 +0100
+++ new/openconnect-7.03/main.c 2015-01-09 02:06:27.000000000 +0100
@@ -157,6 +157,7 @@
OPT_DTLS_CIPHERS,
OPT_DUMP_HTTP,
OPT_FORCE_DPD,
+ OPT_GNUTLS_DEBUG,
OPT_KEY_PASSWORD_FROM_FSID,
OPT_LIBPROXY,
OPT_NO_CERT_CHECK,
@@ -192,7 +193,7 @@
#define OPTION(name, arg, abbrev) {name, arg, NULL, abbrev}
#endif
-static struct option long_options[] = {
+static const struct option long_options[] = {
#ifndef _WIN32
OPTION("background", 0, 'b'),
OPTION("pid-file", 1, OPT_PIDFILE),
@@ -254,9 +255,19 @@
OPTION("no-xmlpost", 0, OPT_NO_XMLPOST),
OPTION("dump-http-traffic", 0, OPT_DUMP_HTTP),
OPTION("no-system-trust", 0, OPT_NO_SYSTEM_TRUST),
+#ifdef OPENCONNECT_GNUTLS
+ OPTION("gnutls-debug", 1, OPT_GNUTLS_DEBUG),
+#endif
OPTION(NULL, 0, 0)
};
+#ifdef OPENCONNECT_GNUTLS
+static void oc_gnutls_log_func(int level, const char *str)
+{
+ fputs(str, stderr);
+}
+#endif
+
#ifdef _WIN32
static int __attribute__ ((format(printf, 2, 0)))
vfprintf_utf8(FILE *f, const char *fmt, va_list args)
@@ -824,7 +835,7 @@
ssize_t llen;
int opt, optlen = 0;
- struct option *this;
+ const struct option *this;
char *line;
int ate_equals = 0;
@@ -1121,10 +1132,10 @@
vpninfo->sslkey = dup_config_arg();
break;
case 'd':
- vpninfo->deflate = 1;
+ vpninfo->req_compr = COMPR_ALL;
break;
case 'D':
- vpninfo->deflate = 0;
+ vpninfo->req_compr = 0;
break;
case 'g':
free(urlpath);
@@ -1263,6 +1274,12 @@
case OPT_TIMESTAMP:
timestamp = 1;
break;
+#ifdef OPENCONNECT_GNUTLS
+ case OPT_GNUTLS_DEBUG:
+ gnutls_global_set_log_level(atoi(config_arg));
+ gnutls_global_set_log_function(oc_gnutls_log_func);
+ break;
+#endif
default:
usage();
}
@@ -1412,7 +1429,7 @@
(ip_info->netmask6 && ip_info->addr) ? " + " : "",
ip_info->netmask6 ? : "",
(vpninfo->dtls_state != DTLS_CONNECTED) ?
- (vpninfo->deflate ? "SSL + deflate" : "SSL")
+ (vpninfo->cstp_compr == COMPR_DEFLATE) ? "SSL + deflate" : "SSL"
: "DTLS");
if (!vpninfo->vpnc_script) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/mainloop.c new/openconnect-7.03/mainloop.c
--- old/openconnect-7.02/mainloop.c 2014-11-04 16:08:45.000000000 +0100
+++ new/openconnect-7.03/mainloop.c 2015-01-07 10:51:12.000000000 +0100
@@ -61,7 +61,7 @@
if (!out_pkt) {
out_pkt = malloc(sizeof(struct pkt) + len);
if (!out_pkt) {
- vpn_progress(vpninfo, PRG_ERR, "Allocation failed\n");
+ vpn_progress(vpninfo, PRG_ERR, _("Allocation failed\n"));
break;
}
out_pkt->len = len;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/ntlm.c new/openconnect-7.03/ntlm.c
--- old/openconnect-7.02/ntlm.c 2014-11-04 16:08:45.000000000 +0100
+++ new/openconnect-7.03/ntlm.c 2015-01-07 10:57:17.000000000 +0100
@@ -400,7 +400,7 @@
}
/* Public domain DES implementation from Phil Karn */
-static uint32_t Spbox[8][64] = {
+static const uint32_t Spbox[8][64] = {
{ 0x01010400, 0x00000000, 0x00010000, 0x01010404,
0x01010004, 0x00010404, 0x00000004, 0x00010000,
0x00000400, 0x01010400, 0x01010404, 0x00000400,
@@ -639,7 +639,7 @@
/* Key schedule-related tables from FIPS-46 */
/* permuted choice table (key) */
-static unsigned char pc1[] = {
+static const unsigned char pc1[] = {
57, 49, 41, 33, 25, 17, 9,
1, 58, 50, 42, 34, 26, 18,
10, 2, 59, 51, 43, 35, 27,
@@ -652,12 +652,12 @@
};
/* number left rotations of pc1 */
-static unsigned char totrot[] = {
+static const unsigned char totrot[] = {
1,2,4,6,8,10,12,14,15,17,19,21,23,25,27,28
};
/* permuted choice key (table) */
-static unsigned char pc2[] = {
+static const unsigned char pc2[] = {
14, 17, 11, 24, 1, 5,
3, 28, 15, 6, 21, 10,
23, 19, 12, 4, 26, 8,
@@ -671,7 +671,7 @@
/* End of DES-defined tables */
/* bit 0 is left-most in byte */
-static int bytebit[] = {
+static const int bytebit[] = {
0200,0100,040,020,010,04,02,01
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/openconnect-internal.h new/openconnect-7.03/openconnect-internal.h
--- old/openconnect-7.02/openconnect-internal.h 2014-12-17 15:34:20.000000000 +0100
+++ new/openconnect-7.03/openconnect-internal.h 2015-01-09 02:06:27.000000000 +0100
@@ -140,6 +140,9 @@
#define DTLS_CONNECTING 3
#define DTLS_CONNECTED 4
+#define COMPR_DEFLATE (1<<0)
+#define COMPR_ALL (COMPR_DEFLATE)
+
struct keepalive_info {
int dpd;
int keepalive;
@@ -349,12 +352,17 @@
struct pin_cache *pin_cache;
struct keepalive_info ssl_times;
int owe_ssl_dpd_response;
- struct pkt *deflate_pkt;
- struct pkt *current_ssl_pkt;
- struct pkt *pending_deflated_pkt;
+ int deflate_pkt_size; /* It may need to be larger than MTU */
+ struct pkt *deflate_pkt; /* For compressing outbound packets into */
+ struct pkt *pending_deflated_pkt; /* The original packet associated with above */
+ struct pkt *current_ssl_pkt; /* Partially sent SSL packet */
+
+ /* Packet buffers for receiving into */
+ struct pkt *cstp_pkt;
+ struct pkt *dtls_pkt;
struct pkt *tun_pkt;
-
+
z_stream inflate_strm;
uint32_t inflate_adler32;
z_stream deflate_strm;
@@ -438,7 +446,10 @@
int dtls_local_port;
- int deflate;
+ int req_compr; /* What we requested */
+ int cstp_compr; /* Accepted for CSTP */
+ int dtls_compr; /* Accepted for DTLS */
+
int is_dyndns; /* Attempt to redo DNS lookup on each CSTP reconnect */
char *useragent;
@@ -499,7 +510,7 @@
#define AC_PKT_TERM_SERVER 9 /* Server kick */
#define vpn_progress(vpninfo, ...) (vpninfo)->progress((vpninfo)->cbdata, __VA_ARGS__)
-#define vpn_perror(vpninfo, msg) vpn_progress((vpninfo), PRG_ERR, "%s: %s", (msg), strerror(errno));
+#define vpn_perror(vpninfo, msg) vpn_progress((vpninfo), PRG_ERR, "%s: %s\n", (msg), strerror(errno));
/****************************************************************************/
/* Oh Solaris how we hate thee! */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/ssl.c new/openconnect-7.03/ssl.c
--- old/openconnect-7.02/ssl.c 2014-12-07 19:57:10.000000000 +0100
+++ new/openconnect-7.03/ssl.c 2015-01-07 10:44:45.000000000 +0100
@@ -297,10 +297,17 @@
}
vpninfo->peer_addrlen = rp->ai_addrlen;
memcpy(vpninfo->peer_addr, rp->ai_addr, rp->ai_addrlen);
- /* If no proxy, and if more than one address for the hostname,
- ensure that we output the same IP address in authentication
- results (from libopenconnect or --authenticate). */
- if (!vpninfo->proxy && (rp != result || rp->ai_next) && host[0]) {
+ /* If no proxy, ensure that we output *this* IP address in
+ * authentication results because we're going to need to
+ * reconnect to the *same* server from the rotation. And with
+ * some trick DNS setups, it might possibly be a "rotation"
+ * even if we only got one result from getaddrinfo() this
+ * time.
+ *
+ * If there's a proxy, we're kind of screwed; we can't know
+ * which IP address we connected to. Perhaps we ought to do
+ * the DNS lookup locally and connect to a specific IP? */
+ if (!vpninfo->proxy && host[0]) {
char *p = malloc(strlen(host) + 3);
if (p) {
free(vpninfo->unique_hostname);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/version.c new/openconnect-7.03/version.c
--- old/openconnect-7.02/version.c 2014-12-19 12:09:45.000000000 +0100
+++ new/openconnect-7.03/version.c 2015-01-09 14:35:29.000000000 +0100
@@ -1 +1 @@
-const char *openconnect_version_str = "v7.02";
+const char *openconnect_version_str = "v7.03";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/version.sh new/openconnect-7.03/version.sh
--- old/openconnect-7.02/version.sh 2014-12-19 12:09:34.000000000 +0100
+++ new/openconnect-7.03/version.sh 2015-01-09 14:35:15.000000000 +0100
@@ -1,6 +1,6 @@
#!/bin/sh
-v="v7.02"
+v="v7.03"
if [ -d ${GIT_DIR:-.git} ] && tag=`git describe --tags`; then
v="$tag"
@@ -11,7 +11,9 @@
# Does the index show uncommitted changes?
git diff-index --exit-code HEAD > /dev/null || \
v="$v"-dirty
-else
+elif [ -n "$RPM_PACKAGE_VERSION" ] && [ -n "$RPM_PACKAGE_RELEASE" ]; then
+ v="v$RPM_PACKAGE_VERSION-$RPM_PACKAGE_RELEASE"
+else # XXX: Equivalent for .deb packages?
v="$v"-unknown
fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/www/changelog.xml new/openconnect-7.03/www/changelog.xml
--- old/openconnect-7.02/www/changelog.xml 2014-12-19 12:09:34.000000000 +0100
+++ new/openconnect-7.03/www/changelog.xml 2015-01-09 14:35:15.000000000 +0100
@@ -18,6 +18,15 @@
<li><i>No changelog entries yet</i></li>
</ul><br/>
</li>
+ <li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.03.tar.gz">OpenConnect v7.03</a></b>
+ <i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.03.tar.gz.asc">PGP signature</a>)</i> — 2015-01-09
+ <ul>
+ <li>Android build infrastructure updates, including 64-bit support.</li>
+ <li>Clean up handling of incoming packets.</li>
+ <li>Fix issue with two-stage <i>(i.e. NetworkManager)</i> connection to servers with trick DNS <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1179681"><i>(RH#1179681)</i></a>.</li>
+ <li>Stop using static variables for received packets.</li>
+ </ul><br/>
+ </li>
<li><b><a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.02.tar.gz">OpenConnect v7.02</a></b>
<i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.02.tar.gz.asc">PGP signature</a>)</i> — 2014-12-19
<ul>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openconnect-7.02/www/download.xml new/openconnect-7.03/www/download.xml
--- old/openconnect-7.02/www/download.xml 2014-12-19 12:09:34.000000000 +0100
+++ new/openconnect-7.03/www/download.xml 2015-01-09 14:35:15.000000000 +0100
@@ -17,12 +17,14 @@
<p>
<!-- latest-release-start -->
-The latest release is <a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.02.tar.gz">OpenConnect v7.02</a>
-<i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.02.tar.gz.asc">PGP signature</a>)</i>,
-released on 2014-12-19 with the following changelog:</p>
+The latest release is <a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.03.tar.gz">OpenConnect v7.03</a>
+<i>(<a href="ftp://ftp.infradead.org/pub/openconnect/openconnect-7.03.tar.gz.asc">PGP signature</a>)</i>,
+released on 2015-01-09 with the following changelog:</p>
<ul>
- <li>Add PKCS#11 support for OpenSSL.</li>
- <li>Fix handling of select options in <tt>openconnect_set_option_value().</tt></li>
+ <li>Android build infrastructure updates, including 64-bit support.</li>
+ <li>Clean up handling of incoming packets.</li>
+ <li>Fix issue with two-stage <i>(i.e. NetworkManager)</i> connection to servers with trick DNS <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1179681"><i>(RH#1179681)</i></a>.</li>
+ <li>Stop using static variables for received packets.</li>
</ul>
<!-- latest-release-end -->
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org
