From 3e3e7b7693e23f5f26a71cb4660a886adf231fc0 Mon Sep 17 00:00:00 2001
From: hauke <hauke@3c298f89-4303-0410-b956-a3cf2f4a3e73>
Date: Sun, 30 Mar 2014 18:41:16 +0000
Subject: [PATCH] openconnect: Updated openconnect to 5.03

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>


git-svn-id: svn://svn.openwrt.org/openwrt/packages@40339 3c298f89-4303-0410-b956-a3cf2f4a3e73
---
 net/openconnect/Config.in                     |  18 +++++
 net/openconnect/Makefile                      |  17 +++--
 net/openconnect/files/openconnect.sh          |   4 +-
 net/openconnect/patches/100-passwd_file.patch | 100 --------------------------
 4 files changed, 33 insertions(+), 106 deletions(-)
 create mode 100644 net/openconnect/Config.in
 delete mode 100644 net/openconnect/patches/100-passwd_file.patch

diff --git a/net/openconnect/Config.in b/net/openconnect/Config.in
new file mode 100644
index 000000000..1daaeaa6a
--- /dev/null
+++ b/net/openconnect/Config.in
@@ -0,0 +1,18 @@
+# openconnect avanced configuration
+
+menu "Configuration"
+	depends on PACKAGE_openconnect
+
+choice
+	prompt "SSL library"
+	default OPENCONNECT_GNUTLS
+
+config OPENCONNECT_GNUTLS
+	bool "GnuTLS support"
+
+config OPENCONNECT_OPENSSL
+	bool "OpenSSL"
+
+endchoice
+
+endmenu
diff --git a/net/openconnect/Makefile b/net/openconnect/Makefile
index 865972b9e..106e9bbf6 100644
--- a/net/openconnect/Makefile
+++ b/net/openconnect/Makefile
@@ -8,26 +8,30 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openconnect
-PKG_VERSION:=4.08
+PKG_VERSION:=5.03
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/
-PKG_MD5SUM:=3dd065194d87c08084675d255c8e29ef
+PKG_MD5SUM:=ff43ed1dbaccd2537fd7c5bfb04295a6
 
 include $(INCLUDE_DIR)/package.mk
 
+define Package/openconnect/config
+	source "$(SOURCE)/Config.in"
+endef
+
 define Package/openconnect
   SECTION:=net
   CATEGORY:=Network
-  DEPENDS:=+libxml2 +libopenssl +kmod-tun +resolveip
+  DEPENDS:=+libxml2 +kmod-tun +resolveip +OPENCONNECT_OPENSSL:libopenssl +OPENCONNECT_GNUTLS:libgnutls
   TITLE:=VPN client for Cisco's AnyConnect SSL VPN
   URL:=http://www.infradead.org/openconnect/
   SUBMENU:=VPN
 endef
 
 define Package/openconnect/description
-	A VPN client compatible with Cisco's AnyConnect SSL VPN.
+	A VPN client compatible with Cisco's AnyConnect SSL VPN and ocserv.
 
         OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
         supported by IOS 12.4(9)T or later on Cisco SR500, 870, 880, 1800, 2800,
@@ -38,6 +42,11 @@ CONFIGURE_ARGS += \
 	--disable-shared \
 	--with-vpnc-script=/lib/netifd/vpnc-script
 
+ifeq ($(CONFIG_OPENCONNECT_OPENSSL),y)
+CONFIGURE_ARGS += \
+	--without-gnutls
+endif
+
 define Package/openconnect/install
 	$(INSTALL_DIR) $(1)/lib/netifd/proto
 	$(INSTALL_BIN) ./files/openconnect.sh $(1)/lib/netifd/proto/
diff --git a/net/openconnect/files/openconnect.sh b/net/openconnect/files/openconnect.sh
index 21100678c..261019438 100755
--- a/net/openconnect/files/openconnect.sh
+++ b/net/openconnect/files/openconnect.sh
@@ -42,11 +42,11 @@ proto_openconnect_setup() {
 		umask 077
 		pwfile="/var/run/openconnect-$config.passwd"
 		echo "$password" > "$pwfile"
-		append cmdline "--passwd-file=$pwfile"
+		append cmdline "--passwd-on-stdin"
 	}
 
 	proto_export INTERFACE="$config"
-	proto_run_command "$config" /usr/sbin/openconnect $cmdline
+	proto_run_command "$config" /usr/sbin/openconnect $cmdline <$pwfile
 }
 
 proto_openconnect_teardown() {
diff --git a/net/openconnect/patches/100-passwd_file.patch b/net/openconnect/patches/100-passwd_file.patch
deleted file mode 100644
index 3e074d54e..000000000
--- a/net/openconnect/patches/100-passwd_file.patch
+++ /dev/null
@@ -1,100 +0,0 @@
---- a/main.c
-+++ b/main.c
-@@ -77,6 +77,7 @@ enum {
- 	OPT_CAFILE,
- 	OPT_COOKIEONLY,
- 	OPT_COOKIE_ON_STDIN,
-+	OPT_COOKIE_FILE,
- 	OPT_CSD_USER,
- 	OPT_CSD_WRAPPER,
- 	OPT_DISABLE_IPV6,
-@@ -91,6 +92,7 @@ enum {
- 	OPT_NO_PROXY,
- 	OPT_PIDFILE,
- 	OPT_PASSWORD_ON_STDIN,
-+	OPT_PASSWORD_FILE,
- 	OPT_PRINTCOOKIE,
- 	OPT_RECONNECT_TIMEOUT,
- 	OPT_SERVERCERT,
-@@ -139,7 +141,9 @@ static struct option long_options[] = {
- 	OPTION("queue-len", 1, 'Q'),
- 	OPTION("xmlconfig", 1, 'x'),
- 	OPTION("cookie-on-stdin", 0, OPT_COOKIE_ON_STDIN),
-+	OPTION("cookie-file", 1, OPT_COOKIE_FILE),
- 	OPTION("passwd-on-stdin", 0, OPT_PASSWORD_ON_STDIN),
-+	OPTION("passwd-file", 1, OPT_PASSWORD_FILE),
- 	OPTION("no-passwd", 0, OPT_NO_PASSWD),
- 	OPTION("reconnect-timeout", 1, OPT_RECONNECT_TIMEOUT),
- 	OPTION("dtls-ciphers", 1, OPT_DTLS_CIPHERS),
-@@ -177,6 +181,7 @@ static void usage(void)
- 	printf("  -K, --key-type=TYPE             %s\n", _("Private key type (PKCS#12 / TPM / PEM)"));
- 	printf("  -C, --cookie=COOKIE             %s\n", _("Use WebVPN cookie COOKIE"));
- 	printf("      --cookie-on-stdin           %s\n", _("Read cookie from standard input"));
-+	printf("      --cookie-file=FILE          %s\n", _("Read cookie from a file"));
- 	printf("  -d, --deflate                   %s\n", _("Enable compression (default)"));
- 	printf("  -D, --no-deflate                %s\n", _("Disable compression"));
- 	printf("      --force-dpd=INTERVAL        %s\n", _("Set minimum Dead Peer Detection interval"));
-@@ -217,6 +222,7 @@ static void usage(void)
- 	printf("      --no-cert-check             %s\n", _("Do not require server SSL cert to be valid"));
- 	printf("      --non-inter                 %s\n", _("Do not expect user input; exit if it is required"));
- 	printf("      --passwd-on-stdin           %s\n", _("Read password from standard input"));
-+	printf("      --passwd-file=FILE          %s\n", _("Read password from a file"));
- 	printf("      --reconnect-timeout         %s\n", _("Connection retry timeout in seconds"));
- 	printf("      --servercert=FINGERPRINT    %s\n", _("Server's certificate SHA1 fingerprint"));
- 	printf("      --useragent=STRING          %s\n", _("HTTP header User-Agent: field"));
-@@ -226,15 +232,28 @@ static void usage(void)
- 	exit(1);
- }
- 
--static void read_stdin(char **string)
-+static void read_file(const char *file, char **string)
- {
- 	char *c = malloc(100);
-+	FILE *f;
-+
-+	if (file) {
-+		f = fopen(file, "r");
-+		if (!f) {
-+			fprintf(stderr, _("Failed to open password file\n"));
-+			exit(1);
-+		}
-+	} else {
-+		file = "stdin";
-+		f = stdin;
-+	}
-+
- 	if (!c) {
--		fprintf(stderr, _("Allocation failure for string from stdin\n"));
-+		fprintf(stderr, _("Allocation failure for string from %s\n"), file);
- 		exit(1);
- 	}
--	if (!fgets(c, 100, stdin)) {
--		perror(_("fgets (stdin)"));
-+	if (!fgets(c, 100, f)) {
-+		perror(_("fgets"));
- 		exit(1);
- 	}
- 
-@@ -332,14 +351,20 @@ int main(int argc, char **argv)
- 			cookieonly = 2;
- 			break;
- 		case OPT_COOKIE_ON_STDIN:
--			read_stdin(&vpninfo->cookie);
-+			optarg = NULL;
-+			/* fall through */
-+		case OPT_COOKIE_FILE:
-+			read_file(optarg, &vpninfo->cookie);
- 			/* If the cookie is empty, ignore it */
- 			if (! *vpninfo->cookie) {
- 				vpninfo->cookie = NULL;
- 			}
- 			break;
- 		case OPT_PASSWORD_ON_STDIN:
--			read_stdin(&vpninfo->password);
-+			optarg = NULL;
-+			/* fall through */
-+		case OPT_PASSWORD_FILE:
-+			read_file(optarg, &vpninfo->password);
- 			break;
- 		case OPT_NO_PASSWD:
- 			vpninfo->nopasswd = 1;
-- 
2.11.0