On Mon Apr 06, 2020 at 06:51:37PM +0200, Bjorn Ketelaars wrote: > On Sun 05/04/2020 07:57, Bjorn Ketelaars wrote: > > Simple diff for updating openconnect to 8.07. Overview on changes can be > > found at: > > http://lists.infradead.org/pipermail/openconnect-devel/2020-March/005562.html > > http://lists.infradead.org/pipermail/openconnect-devel/2020-April/005575.html > > > > This update checks the version of gnutls>=3.6.13. gnutls from 3.6.3 to > > 3.6.12 sends DTLS ClientHello with all zeroes in the client random and > > openconnect advises, and enforces, against using these versions. > > > > Changes to the port: > > - Symbols have been added to libopenconnect so bump minor > > - Add version requirement to gnutls>=3.6.13 > > - Take MAINTAINER > > > > Testing: > > - 'make test' runs successful > > - Run tested on amd64 in combination with ocserv > > Upstream released 8.08, which fixes a couple of regressions: > > "...a fix for case sensitivity of pin-sha256 hashes in the --servercert > option, a fix for a crash when OIDC mode was select but no token > provided, and some more improvements to the CSD trojan handling when > there's no stderr." > > Run tested on amd64.
OK rsadowski@, works here on amd64. > > Comments/OK? > > > diff --git Makefile Makefile > index 1820496cae7..c111a68ee89 100644 > --- Makefile > +++ Makefile > @@ -2,15 +2,16 @@ > > COMMENT= client for Cisco AnyConnect SSL VPN > > -DISTNAME= openconnect-8.05 > -REVISION= 0 > +DISTNAME= openconnect-8.08 > > -SHARED_LIBS += openconnect 4.4 # 5.5 > +SHARED_LIBS += openconnect 4.5 # 5.6 > > CATEGORIES= net > > HOMEPAGE= https://www.infradead.org/openconnect/ > > +MAINTAINER= Bjorn Ketelaars <[email protected]> > + > # LGPLv2.1 only > PERMIT_PACKAGE= Yes > > @@ -26,6 +27,7 @@ FLAVOR?= > > MODULES= lang/python > MODPY_RUNDEP= No > + > # groff is used to format html during build, USE_GROFF not needed > # XXX can probably convert to using mandoc? > BUILD_DEPENDS= devel/gettext,-tools \ > @@ -34,7 +36,7 @@ BUILD_DEPENDS= devel/gettext,-tools \ > RUN_DEPENDS= net/vpnc-scripts > LIB_DEPENDS= archivers/lz4 \ > devel/gettext,-runtime \ > - security/gnutls \ > + security/gnutls>=3.6.13 \ > textproc/libxml > # also wants socket_wrapper and uid_wrapper from cwrap to be present at > # configure time (in openbsd-wip); tests currently failing, in need of > @@ -44,11 +46,10 @@ TEST_DEPENDS= net/ocserv > FAKE_FLAGS= pkgdatadir=${PREFIX}/share/doc/openconnect > > CONFIGURE_STYLE= gnu > - > -CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ > - LDFLAGS="-L${LOCALBASE}/lib -liconv" > -CONFIGURE_ARGS= --with-vpnc-script=${SYSCONFDIR}/vpnc-script \ > - --without-stoken > +CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ > + LDFLAGS="-L${LOCALBASE}/lib -liconv" > +CONFIGURE_ARGS= --with-vpnc-script=${SYSCONFDIR}/vpnc-script \ > + --without-stoken > # make sure libstoken isn't picked up automatically if we import it. > > .if ${FLAVOR:Mlight} > diff --git distinfo distinfo > index 7549b13e496..ac8f211db28 100644 > --- distinfo > +++ distinfo > @@ -1,2 +1,2 @@ > -SHA256 (openconnect-8.05.tar.gz) = > M1wpUtDLNoIqyxEuqvXjtKz/xodJhfthT+wLdsTBKZI= > -SIZE (openconnect-8.05.tar.gz) = 1922100 > +SHA256 (openconnect-8.08.tar.gz) = > t0sw66u9SAEFbkbANz5x89QcdbgF/Mfuj8WG/lWTeeg= > +SIZE (openconnect-8.08.tar.gz) = 2038269 > diff --git pkg/PLIST pkg/PLIST > index 941baf59e32..f2b461d13f6 100644 > --- pkg/PLIST > +++ pkg/PLIST > @@ -1,6 +1,6 @@ > @comment $OpenBSD: PLIST,v 1.17 2019/08/10 04:02:13 bket Exp $ > include/openconnect.h > -lib/libopenconnect.a > +@static-lib lib/libopenconnect.a > lib/libopenconnect.la > @lib lib/libopenconnect.so.${LIBopenconnect_VERSION} > lib/pkgconfig/openconnect.pc >
