openconnect: Updated openconnect to 5.03

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@40339 3c298f89-4303-0410-b956-a3cf2f4a3e73

diff --git a/net/openconnect/Config.in b/net/openconnect/Config.in
new file mode 100644 (file)
index 0000000..1daaeaa
--- /dev/null
+++ b/net/openconnect/Config.in
@@ -0,0 +1,18 @@
+# openconnect avanced configuration
+
+menu "Configuration"
+       depends on PACKAGE_openconnect
+
+choice
+       prompt "SSL library"
+       default OPENCONNECT_GNUTLS
+
+config OPENCONNECT_GNUTLS
+       bool "GnuTLS support"
+
+config OPENCONNECT_OPENSSL
+       bool "OpenSSL"
+
+endchoice
+
+endmenu

diff --git a/net/openconnect/Makefile b/net/openconnect/Makefile
index 865972b..106e9bb 100644 (file)
--- a/net/openconnect/Makefile
+++ b/net/openconnect/Makefile
@@ -8,26 +8,30 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openconnect
-PKG_VERSION:=4.08
+PKG_VERSION:=5.03
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/
-PKG_MD5SUM:=3dd065194d87c08084675d255c8e29ef
+PKG_MD5SUM:=ff43ed1dbaccd2537fd7c5bfb04295a6
 
 include $(INCLUDE_DIR)/package.mk
 
+define Package/openconnect/config
+       source "$(SOURCE)/Config.in"
+endef
+
 define Package/openconnect
   SECTION:=net
   CATEGORY:=Network
-  DEPENDS:=+libxml2 +libopenssl +kmod-tun +resolveip
+  DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls
   TITLE:=VPN client for Cisco's AnyConnect SSL VPN
   URL:=http://www.infradead.org/openconnect/
   SUBMENU:=VPN
 endef
 
 define Package/openconnect/description
-       A VPN client compatible with Cisco's AnyConnect SSL VPN.
+       A VPN client compatible with Cisco's AnyConnect SSL VPN and ocserv.
 
         OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
         supported by IOS 12.4(9)T or later on Cisco SR500, 870, 880, 1800, 2800,
@@ -38,6 +42,11 @@ CONFIGURE_ARGS += \
        --disable-shared \
        --with-vpnc-script=/lib/netifd/vpnc-script
 
+ifeq ($(CONFIG_OPENCONNECT_OPENSSL),y)
+CONFIGURE_ARGS += \
+       --without-gnutls
+endif
+
 define Package/openconnect/install
        $(INSTALL_DIR) $(1)/lib/netifd/proto
        $(INSTALL_BIN) ./files/openconnect.sh $(1)/lib/netifd/proto/

diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh
index 2110067..2610194 100755 (executable)
--- a/net/openconnect/files/openconnect.sh
+++ b/net/openconnect/files/openconnect.sh
@@ -42,11 +42,11 @@ proto_openconnect_setup() {
                umask 077
                pwfile="/var/run/openconnect-$config.passwd"
                echo "$password" > "$pwfile"
-               append cmdline "--passwd-file=$pwfile"
+               append cmdline "--passwd-on-stdin"
        }
 
        proto_export INTERFACE="$config"
-       proto_run_command "$config" /usr/sbin/openconnect $cmdline
+       proto_run_command "$config" /usr/sbin/openconnect $cmdline <$pwfile
 }
 
 proto_openconnect_teardown() {

diff --git a/net/openconnect/patches/100-passwd_file.patch b/net/openconnect/patches/100-passwd_file.patch
deleted file mode 100644 (file)
index 3e074d5..0000000
--- a/net/openconnect/patches/100-passwd_file.patch
+++ /dev/null
@@ -1,100 +0,0 @@
---- a/main.c
-+++ b/main.c
-@@ -77,6 +77,7 @@ enum {
-       OPT_CAFILE,
-       OPT_COOKIEONLY,
-       OPT_COOKIE_ON_STDIN,
-+      OPT_COOKIE_FILE,
-       OPT_CSD_USER,
-       OPT_CSD_WRAPPER,
-       OPT_DISABLE_IPV6,
-@@ -91,6 +92,7 @@ enum {
-       OPT_NO_PROXY,
-       OPT_PIDFILE,
-       OPT_PASSWORD_ON_STDIN,
-+      OPT_PASSWORD_FILE,
-       OPT_PRINTCOOKIE,
-       OPT_RECONNECT_TIMEOUT,
-       OPT_SERVERCERT,
-@@ -139,7 +141,9 @@ static struct option long_options[] = {
-       OPTION("queue-len", 1, 'Q'),
-       OPTION("xmlconfig", 1, 'x'),
-       OPTION("cookie-on-stdin", 0, OPT_COOKIE_ON_STDIN),
-+      OPTION("cookie-file", 1, OPT_COOKIE_FILE),
-       OPTION("passwd-on-stdin", 0, OPT_PASSWORD_ON_STDIN),
-+      OPTION("passwd-file", 1, OPT_PASSWORD_FILE),
-       OPTION("no-passwd", 0, OPT_NO_PASSWD),
-       OPTION("reconnect-timeout", 1, OPT_RECONNECT_TIMEOUT),
-       OPTION("dtls-ciphers", 1, OPT_DTLS_CIPHERS),
-@@ -177,6 +181,7 @@ static void usage(void)
-       printf("  -K, --key-type=TYPE             %s\n", _("Private key type (PKCS#12 / TPM / PEM)"));
-       printf("  -C, --cookie=COOKIE             %s\n", _("Use WebVPN cookie COOKIE"));
-       printf("      --cookie-on-stdin           %s\n", _("Read cookie from standard input"));
-+      printf("      --cookie-file=FILE          %s\n", _("Read cookie from a file"));
-       printf("  -d, --deflate                   %s\n", _("Enable compression (default)"));
-       printf("  -D, --no-deflate                %s\n", _("Disable compression"));
-       printf("      --force-dpd=INTERVAL        %s\n", _("Set minimum Dead Peer Detection interval"));
-@@ -217,6 +222,7 @@ static void usage(void)
-       printf("      --no-cert-check             %s\n", _("Do not require server SSL cert to be valid"));
-       printf("      --non-inter                 %s\n", _("Do not expect user input; exit if it is required"));
-       printf("      --passwd-on-stdin           %s\n", _("Read password from standard input"));
-+      printf("      --passwd-file=FILE          %s\n", _("Read password from a file"));
-       printf("      --reconnect-timeout         %s\n", _("Connection retry timeout in seconds"));
-       printf("      --servercert=FINGERPRINT    %s\n", _("Server's certificate SHA1 fingerprint"));
-       printf("      --useragent=STRING          %s\n", _("HTTP header User-Agent: field"));
-@@ -226,15 +232,28 @@ static void usage(void)
-       exit(1);
- }
- 
--static void read_stdin(char **string)
-+static void read_file(const char *file, char **string)
- {
-       char *c = malloc(100);
-+      FILE *f;
-+
-+      if (file) {
-+              f = fopen(file, "r");
-+              if (!f) {
-+                      fprintf(stderr, _("Failed to open password file\n"));
-+                      exit(1);
-+              }
-+      } else {
-+              file = "stdin";
-+              f = stdin;
-+      }
-+
-       if (!c) {
--              fprintf(stderr, _("Allocation failure for string from stdin\n"));
-+              fprintf(stderr, _("Allocation failure for string from %s\n"), file);
-               exit(1);
-       }
--      if (!fgets(c, 100, stdin)) {
--              perror(_("fgets (stdin)"));
-+      if (!fgets(c, 100, f)) {
-+              perror(_("fgets"));
-               exit(1);
-       }
- 
-@@ -332,14 +351,20 @@ int main(int argc, char **argv)
-                       cookieonly = 2;
-                       break;
-               case OPT_COOKIE_ON_STDIN:
--                      read_stdin(&vpninfo->cookie);
-+                      optarg = NULL;
-+                      /* fall through */
-+              case OPT_COOKIE_FILE:
-+                      read_file(optarg, &vpninfo->cookie);
-                       /* If the cookie is empty, ignore it */
-                       if (! *vpninfo->cookie) {
-                               vpninfo->cookie = NULL;
-                       }
-                       break;
-               case OPT_PASSWORD_ON_STDIN:
--                      read_stdin(&vpninfo->password);
-+                      optarg = NULL;
-+                      /* fall through */
-+              case OPT_PASSWORD_FILE:
-+                      read_file(optarg, &vpninfo->password);
-                       break;
-               case OPT_NO_PASSWD:
-                       vpninfo->nopasswd = 1;