[NetworkManager-openconnect] Build against openconnect 3.99
David Woodhouse
dwmw2 at fedoraproject.org
Thu Jun 14 00:21:29 UTC 2012
commit 40e1bf0bb2795e3ea8c80cedabc2058c2f2fbdbf
Author: David Woodhouse <David.Woodhouse at intel.com>
Date: Thu Jun 14 00:34:12 2012 +0100
Build against openconnect 3.99
0001-Check-for-success-when-dropping-privs.patch | 6 +-
...ultiple-domains-back-to-NM-if-given-by-vp.patch | 55 +++
...istent-tundev-on-demand-for-each-connecti.patch | 7 +-
0003-Wait-for-QUIT-command-before-exiting.patch | 6 +-
...roper-cancellation-now-that-libopenconnec.patch | 6 +-
...r-warnings-about-ignoring-return-value-fr.patch | 6 +-
0006-Fix-error-check-for-write-failing.patch | 6 +-
...-cancel-after-failure-causes-the-next-att.patch | 6 +-
0008-service-fix-up-indentation.patch | 147 +++++++
...VPNGATEWAY-is-an-IPv6-address-send-it-as-.patch | 62 +++
...ss-IPv6-related-information-to-NM-as-well.patch | 442 ++++++++++++++++++++
0011-Update-to-SSL-library-agnostic-API.patch | 131 ++++++
0012-Use-GChecksum-for-sha1-not-OpenSSL.patch | 48 +++
0013-Make-OpenSSL-UI-support-optional.patch | 164 ++++++++
0014-Support-new-libopenconnect.patch | 116 +++++
0015-Mark-two-strings-for-translation.patch | 28 ++
0016-Updated-Norwegian-bokm-l-translation.patch | 204 +++++++++
0017-Updated-Norwegian-bokm-l-translation.patch | 82 ++++
0018-Updated-Spanish-translation.patch | 192 +++++++++
0019-Updated-Polish-translation.patch | 187 +++++++++
...ultiple-domains-back-to-NM-if-given-by-vp.patch | 57 +++
NetworkManager-openconnect.spec | 53 ++-
22 files changed, 1979 insertions(+), 32 deletions(-)
---
diff --git a/0001-Check-for-success-when-dropping-privs.patch b/0001-Check-for-success-when-dropping-privs.patch
index beaa185..ed4bf75 100644
--- a/0001-Check-for-success-when-dropping-privs.patch
+++ b/0001-Check-for-success-when-dropping-privs.patch
@@ -1,7 +1,7 @@
From f88cd27978fd8d4bcdfee96c6150b418719effb9 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse at intel.com>
Date: Thu, 29 Mar 2012 13:15:06 +0100
-Subject: [PATCH 1/7] Check for success when dropping privs.
+Subject: [PATCH 01/20] Check for success when dropping privs.
If the nm-openconnect user exists, but setuid/setgid fails, then abort.
@@ -11,7 +11,7 @@ only reason we're looking at it is because this code path was
(correctly) highlighted in a security review.
---
src/nm-openconnect-service.c | 7 +++++--
- 1 files changed, 5 insertions(+), 2 deletions(-)
+ 1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/nm-openconnect-service.c b/src/nm-openconnect-service.c
index a5d95ce..168d154 100644
@@ -32,5 +32,5 @@ index a5d95ce..168d154 100644
}
--
-1.7.7.6
+1.7.10.2
diff --git a/0001-core-pass-multiple-domains-back-to-NM-if-given-by-vp.patch b/0001-core-pass-multiple-domains-back-to-NM-if-given-by-vp.patch
new file mode 100644
index 0000000..5c78466
--- /dev/null
+++ b/0001-core-pass-multiple-domains-back-to-NM-if-given-by-vp.patch
@@ -0,0 +1,55 @@
+From 237e625883d251cb922d90c8cd7fa91fb9cc6c08 Mon Sep 17 00:00:00 2001
+From: Evan Broder <evan at ebroder.net>
+Date: Thu, 15 Mar 2012 14:57:12 -0700
+Subject: [PATCH] core: pass multiple domains back to NM if given by vpnc
+
+---
+ src/nm-vpnc-service-vpnc-helper.c | 25 +++++++++++++++++++++++++
+ 1 file changed, 25 insertions(+)
+
+diff --git a/src/nm-vpnc-service-vpnc-helper.c b/src/nm-vpnc-service-vpnc-helper.c
+index 21942f6..bc91771 100644
+--- a/src/nm-openconnect-service-openconnect-helper.c
++++ b/src/nm-openconnect-service-openconnect-helper.c
+@@ -198,6 +198,26 @@ addr_list_to_gvalue (const char *str)
+ }
+
+ static GValue *
++split_dns_list_to_gvalue (const char *str)
++{
++ GValue *val;
++ char **split;
++
++ if (!str || strlen (str) < 1)
++ return NULL;
++
++ split = g_strsplit (str, ",", -1);
++ if (g_strv_length (split) == 0)
++ return NULL;
++
++ val = g_slice_new0 (GValue);
++ g_value_init (val, G_TYPE_STRV);
++ g_value_take_boxed (val, split);
++
++ return val;
++}
++
++static GValue *
+ get_routes (void)
+ {
+ GValue *value = NULL;
+@@ -389,6 +409,11 @@ main (int argc, char *argv[])
+ if (val)
+ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val);
+
++ /* Split DNS domains */
++ val = split_dns_list_to_gvalue (getenv ("CISCO_SPLIT_DNS"));
++ if (val)
++ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAINS, val);
++
+ /* Routes */
+ val = get_routes ();
+ if (val) {
+--
+1.7.10.2
+
diff --git a/0002-Create-persistent-tundev-on-demand-for-each-connecti.patch b/0002-Create-persistent-tundev-on-demand-for-each-connecti.patch
index ee88232..d6b6965 100644
--- a/0002-Create-persistent-tundev-on-demand-for-each-connecti.patch
+++ b/0002-Create-persistent-tundev-on-demand-for-each-connecti.patch
@@ -1,7 +1,8 @@
From 85d9cebaf76c28d356bb0eb8da0cd364ab8f6b78 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse at intel.com>
Date: Thu, 29 Mar 2012 13:40:21 +0100
-Subject: [PATCH 2/7] Create persistent tundev on demand for each connection.
+Subject: [PATCH 02/20] Create persistent tundev on demand for each
+ connection.
We theoretically support having more than one VPN connection at a time.
That's not going to work too well if we create *one* tun device at
@@ -11,7 +12,7 @@ Create the device at connection time, and tear it down when openconnect
dies.
---
src/nm-openconnect-service.c | 178 +++++++++++++++++++++---------------------
- 1 files changed, 90 insertions(+), 88 deletions(-)
+ 1 file changed, 90 insertions(+), 88 deletions(-)
diff --git a/src/nm-openconnect-service.c b/src/nm-openconnect-service.c
index 168d154..bbf4193 100644
@@ -268,5 +269,5 @@ index 168d154..bbf4193 100644
exit (EXIT_SUCCESS);
}
--
-1.7.7.6
+1.7.10.2
diff --git a/0003-Wait-for-QUIT-command-before-exiting.patch b/0003-Wait-for-QUIT-command-before-exiting.patch
index 80d8e20..4f62028 100644
--- a/0003-Wait-for-QUIT-command-before-exiting.patch
+++ b/0003-Wait-for-QUIT-command-before-exiting.patch
@@ -1,7 +1,7 @@
From d0c4ce17395d48566300e7bdd25a06617d13ecb3 Mon Sep 17 00:00:00 2001
From: Dan Winship <danw at gnome.org>
Date: Fri, 27 Apr 2012 15:55:02 -0400
-Subject: [PATCH 3/7] Wait for "QUIT" command before exiting
+Subject: [PATCH 03/20] Wait for "QUIT" command before exiting
According to the NM VPN auth dialog "protocol", the helper isn't
supposed to exit until the caller sends "QUIT". Doing otherwise
@@ -11,7 +11,7 @@ for this.
https://bugzilla.gnome.org/show_bug.cgi?id=674991
---
auth-dialog/main.c | 26 ++++++++++++++++++++++++++
- 1 files changed, 26 insertions(+), 0 deletions(-)
+ 1 file changed, 26 insertions(+)
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index 83e42eb..109531e 100644
@@ -57,5 +57,5 @@ index 83e42eb..109531e 100644
return _ui_data->retval;
}
--
-1.7.7.6
+1.7.10.2
diff --git a/0004-Implement-proper-cancellation-now-that-libopenconnec.patch b/0004-Implement-proper-cancellation-now-that-libopenconnec.patch
index 6484e3e..18ac3ef 100644
--- a/0004-Implement-proper-cancellation-now-that-libopenconnec.patch
+++ b/0004-Implement-proper-cancellation-now-that-libopenconnec.patch
@@ -1,12 +1,12 @@
From e4dc523828691207f97da3c767d9791500aff3bf Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse at intel.com>
Date: Sat, 12 May 2012 20:36:51 -0700
-Subject: [PATCH 4/7] Implement proper cancellation now that libopenconnect
+Subject: [PATCH 04/20] Implement proper cancellation now that libopenconnect
supports it
---
auth-dialog/main.c | 19 ++++++++++++++++++-
- 1 files changed, 18 insertions(+), 1 deletions(-)
+ 1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index 109531e..798c075 100644
@@ -89,5 +89,5 @@ index 109531e..798c075 100644
ui_data->vpninfo->proxy_factory = px_proxy_factory_new();
#endif
--
-1.7.7.6
+1.7.10.2
diff --git a/0005-Fix-compiler-warnings-about-ignoring-return-value-fr.patch b/0005-Fix-compiler-warnings-about-ignoring-return-value-fr.patch
index e4baee4..910ec9e 100644
--- a/0005-Fix-compiler-warnings-about-ignoring-return-value-fr.patch
+++ b/0005-Fix-compiler-warnings-about-ignoring-return-value-fr.patch
@@ -1,13 +1,13 @@
From de9f32757689d9e8dbeed2557a39e7e6cf71dc1b Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse at intel.com>
Date: Mon, 21 May 2012 13:47:38 +0100
-Subject: [PATCH 5/7] Fix compiler warnings about ignoring return value from
+Subject: [PATCH 05/20] Fix compiler warnings about ignoring return value from
pipe() and write()
Not that we can really do much, but we can at least shut the compiler up.
---
auth-dialog/main.c | 12 ++++++++++--
- 1 files changed, 10 insertions(+), 2 deletions(-)
+ 1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index 798c075..31ef7ea 100644
@@ -40,5 +40,5 @@ index 798c075..31ef7ea 100644
g_unix_set_fd_nonblocking(ui_data->cancel_pipes[1], TRUE, NULL);
--
-1.7.7.6
+1.7.10.2
diff --git a/0006-Fix-error-check-for-write-failing.patch b/0006-Fix-error-check-for-write-failing.patch
index c125a82..c48a2ca 100644
--- a/0006-Fix-error-check-for-write-failing.patch
+++ b/0006-Fix-error-check-for-write-failing.patch
@@ -1,13 +1,13 @@
From 64be7353da3f9bb06f4e852d1fe604dea982f673 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse at intel.com>
Date: Mon, 21 May 2012 15:12:16 +0100
-Subject: [PATCH 6/7] Fix error check for write() failing.
+Subject: [PATCH 06/20] Fix error check for write() failing.
It's cosmetic, since we're doing nothing anyway and we only did it to shut
the compiler up. But we ought to get it right.
---
auth-dialog/main.c | 2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
+ 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index 31ef7ea..fd14459 100644
@@ -23,5 +23,5 @@ index 31ef7ea..fd14459 100644
}
/* Fall through... */
--
-1.7.7.6
+1.7.10.2
diff --git a/0007-Fix-Hitting-cancel-after-failure-causes-the-next-att.patch b/0007-Fix-Hitting-cancel-after-failure-causes-the-next-att.patch
index 71a0d2c..6f10f3b 100644
--- a/0007-Fix-Hitting-cancel-after-failure-causes-the-next-att.patch
+++ b/0007-Fix-Hitting-cancel-after-failure-causes-the-next-att.patch
@@ -1,7 +1,7 @@
From 12e173e93b1fc2559c24d870bcf1d0aba41e3d32 Mon Sep 17 00:00:00 2001
From: David Woodhouse <David.Woodhouse at intel.com>
Date: Tue, 22 May 2012 10:12:48 +0100
-Subject: [PATCH 7/7] Fix: Hitting cancel after failure causes the next
+Subject: [PATCH 07/20] Fix: Hitting cancel after failure causes the next
attempt to abort immediately
If you cancel one connection while it's connecting, you get the 'Socket
@@ -20,7 +20,7 @@ from the cancel pipes before starting a connection, just in case.
Reported by Mike Miller.
---
auth-dialog/main.c | 6 ++++--
- 1 files changed, 4 insertions(+), 2 deletions(-)
+ 1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/auth-dialog/main.c b/auth-dialog/main.c
index fd14459..8a59e25 100644
@@ -54,5 +54,5 @@ index fd14459..8a59e25 100644
* TODO: this is probably not the way to go... */
openconnect_reset_ssl(ui_data->vpninfo);
--
-1.7.7.6
+1.7.10.2
diff --git a/0008-service-fix-up-indentation.patch b/0008-service-fix-up-indentation.patch
new file mode 100644
index 0000000..f3f7a74
--- /dev/null
+++ b/0008-service-fix-up-indentation.patch
@@ -0,0 +1,147 @@
+From 8e4ea1d478f0841f59a7f6103a4201df631c1a09 Mon Sep 17 00:00:00 2001
+From: Dan Winship <danw at gnome.org>
+Date: Fri, 18 May 2012 09:24:24 -0400
+Subject: [PATCH 08/20] service: fix up indentation
+
+---
+ src/nm-openconnect-service-openconnect-helper.c | 26 +++++++++++------------
+ src/nm-openconnect-service.c | 26 +++++++++++------------
+ 2 files changed, 26 insertions(+), 26 deletions(-)
+
+diff --git a/src/nm-openconnect-service-openconnect-helper.c b/src/nm-openconnect-service-openconnect-helper.c
+index 01af370..7f2d01d 100644
+--- a/src/nm-openconnect-service-openconnect-helper.c
++++ b/src/nm-openconnect-service-openconnect-helper.c
+@@ -51,14 +51,14 @@ helper_failed (DBusGConnection *connection, const char *reason)
+ g_warning ("nm-nopenconnect-service-openconnect-helper did not receive a valid %s from openconnect", reason);
+
+ proxy = dbus_g_proxy_new_for_name (connection,
+- NM_DBUS_SERVICE_OPENCONNECT,
+- NM_VPN_DBUS_PLUGIN_PATH,
+- NM_VPN_DBUS_PLUGIN_INTERFACE);
++ NM_DBUS_SERVICE_OPENCONNECT,
++ NM_VPN_DBUS_PLUGIN_PATH,
++ NM_VPN_DBUS_PLUGIN_INTERFACE);
+
+ dbus_g_proxy_call (proxy, "SetFailure", &err,
+- G_TYPE_STRING, reason,
+- G_TYPE_INVALID,
+- G_TYPE_INVALID);
++ G_TYPE_STRING, reason,
++ G_TYPE_INVALID,
++ G_TYPE_INVALID);
+
+ if (err) {
+ g_warning ("Could not send failure information: %s", err->message);
+@@ -77,15 +77,15 @@ send_ip4_config (DBusGConnection *connection, GHashTable *config)
+ GError *err = NULL;
+
+ proxy = dbus_g_proxy_new_for_name (connection,
+- NM_DBUS_SERVICE_OPENCONNECT,
+- NM_VPN_DBUS_PLUGIN_PATH,
+- NM_VPN_DBUS_PLUGIN_INTERFACE);
++ NM_DBUS_SERVICE_OPENCONNECT,
++ NM_VPN_DBUS_PLUGIN_PATH,
++ NM_VPN_DBUS_PLUGIN_INTERFACE);
+
+ dbus_g_proxy_call (proxy, "SetIp4Config", &err,
+- dbus_g_type_get_map ("GHashTable", G_TYPE_STRING, G_TYPE_VALUE),
+- config,
+- G_TYPE_INVALID,
+- G_TYPE_INVALID);
++ dbus_g_type_get_map ("GHashTable", G_TYPE_STRING, G_TYPE_VALUE),
++ config,
++ G_TYPE_INVALID,
++ G_TYPE_INVALID);
+
+ if (err) {
+ g_warning ("Could not send failure information: %s", err->message);
+diff --git a/src/nm-openconnect-service.c b/src/nm-openconnect-service.c
+index bbf4193..90e6b92 100644
+--- a/src/nm-openconnect-service.c
++++ b/src/nm-openconnect-service.c
+@@ -292,7 +292,7 @@ static void openconnect_drop_child_privs(gpointer user_data)
+
+ if (tun_name) {
+ if (initgroups(NM_OPENCONNECT_USER, tun_group) ||
+- setgid(tun_group) || setuid(tun_owner)) {
++ setgid(tun_group) || setuid(tun_owner)) {
+ g_warning ("Failed to drop privileges when spawning openconnect");
+ exit (1);
+ }
+@@ -347,8 +347,8 @@ openconnect_watch_cb (GPid pid, gint status, gpointer user_data)
+
+ static gint
+ nm_openconnect_start_openconnect_binary (NMOPENCONNECTPlugin *plugin,
+- NMSettingVPN *s_vpn,
+- GError **error)
++ NMSettingVPN *s_vpn,
++ GError **error)
+ {
+ NMOPENCONNECTPluginPrivate *priv = NM_OPENCONNECT_PLUGIN_GET_PRIVATE (plugin);
+ GPid pid;
+@@ -441,9 +441,9 @@ nm_openconnect_start_openconnect_binary (NMOPENCONNECTPlugin *plugin,
+ g_ptr_array_add (openconnect_argv, NULL);
+
+ if (!g_spawn_async_with_pipes (NULL, (char **) openconnect_argv->pdata, NULL,
+- G_SPAWN_DO_NOT_REAP_CHILD,
+- openconnect_drop_child_privs, priv->tun_name,
+- &pid, &stdin_fd, NULL, NULL, error)) {
++ G_SPAWN_DO_NOT_REAP_CHILD,
++ openconnect_drop_child_privs, priv->tun_name,
++ &pid, &stdin_fd, NULL, NULL, error)) {
+ g_ptr_array_free (openconnect_argv, TRUE);
+ g_warning ("openconnect failed to start. error: '%s'", (*error)->message);
+ return -1;
+@@ -453,7 +453,7 @@ nm_openconnect_start_openconnect_binary (NMOPENCONNECTPlugin *plugin,
+ g_message ("openconnect started with pid %d", pid);
+
+ if (write(stdin_fd, props_cookie, strlen(props_cookie)) != strlen(props_cookie) ||
+- write(stdin_fd, "\n", 1) != 1) {
++ write(stdin_fd, "\n", 1) != 1) {
+ g_warning ("openconnect didn't eat the cookie we fed it");
+ return -1;
+ }
+@@ -504,7 +504,7 @@ real_need_secrets (NMVPNPlugin *plugin,
+
+ s_vpn = NM_SETTING_VPN (nm_connection_get_setting (connection, NM_TYPE_SETTING_VPN));
+ if (!s_vpn) {
+- g_set_error (error,
++ g_set_error (error,
+ NM_VPN_PLUGIN_ERROR,
+ NM_VPN_PLUGIN_ERROR_CONNECTION_INVALID,
+ "%s",
+@@ -543,7 +543,7 @@ ensure_killed (gpointer data)
+
+ static gboolean
+ real_disconnect (NMVPNPlugin *plugin,
+- GError **err)
++ GError **err)
+ {
+ NMOPENCONNECTPluginPrivate *priv = NM_OPENCONNECT_PLUGIN_GET_PRIVATE (plugin);
+
+@@ -583,8 +583,8 @@ NMOPENCONNECTPlugin *
+ nm_openconnect_plugin_new (void)
+ {
+ return (NMOPENCONNECTPlugin *) g_object_new (NM_TYPE_OPENCONNECT_PLUGIN,
+- NM_VPN_PLUGIN_DBUS_SERVICE_NAME, NM_DBUS_SERVICE_OPENCONNECT,
+- NULL);
++ NM_VPN_PLUGIN_DBUS_SERVICE_NAME, NM_DBUS_SERVICE_OPENCONNECT,
++ NULL);
+ }
+
+ static void
+@@ -610,8 +610,8 @@ int main (int argc, char *argv[])
+ main_loop = g_main_loop_new (NULL, FALSE);
+
+ g_signal_connect (plugin, "quit",
+- G_CALLBACK (quit_mainloop),
+- main_loop);
++ G_CALLBACK (quit_mainloop),
++ main_loop);
+
+ g_main_loop_run (main_loop);
+
+--
+1.7.10.2
+
diff --git a/0009-service-If-VPNGATEWAY-is-an-IPv6-address-send-it-as-.patch b/0009-service-If-VPNGATEWAY-is-an-IPv6-address-send-it-as-.patch
new file mode 100644
index 0000000..7830b56
--- /dev/null
+++ b/0009-service-If-VPNGATEWAY-is-an-IPv6-address-send-it-as-.patch
@@ -0,0 +1,62 @@
+From da9b5ab84f487707b20fb246da2a518b81b476e6 Mon Sep 17 00:00:00 2001
+From: Dan Winship <danw at gnome.org>
+Date: Wed, 23 May 2012 16:33:04 -0400
+Subject: [PATCH 09/20] service: If VPNGATEWAY is an IPv6 address, send it as
+ such
+
+If we get connected to the VPN via IPv6, pass that IPv6 address to the
+daemon rather than just bailing out with an error.
+
+With old NetworkManager, this will hit a g_return_if_fail(), and
+result in no explicit route to the endpoint being configured, but
+things may work anyway. It's at least not worse than the current
+situation, where it's guaranteed to not work.
+---
+ src/nm-openconnect-service-openconnect-helper.c | 24 +++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+diff --git a/src/nm-openconnect-service-openconnect-helper.c b/src/nm-openconnect-service-openconnect-helper.c
+index 7f2d01d..be540ec 100644
+--- a/src/nm-openconnect-service-openconnect-helper.c
++++ b/src/nm-openconnect-service-openconnect-helper.c
+@@ -200,6 +200,28 @@ addr_list_to_gvalue (const char *str)
+ }
+
+ static GValue *
++addr6_to_gvalue (const char *str)
++{
++ struct in6_addr temp_addr;
++ GValue *val;
++ GByteArray *ba;
++
++ /* Empty */
++ if (!str || strlen (str) < 1)
++ return NULL;
++
++ if (inet_pton (AF_INET6, str, &temp_addr) <= 0)
++ return NULL;
++
++ val = g_slice_new0 (GValue);
++ g_value_init (val, DBUS_TYPE_G_UCHAR_ARRAY);
++ ba = g_byte_array_new ();
++ g_byte_array_append (ba, (guint8 *) &temp_addr, sizeof (temp_addr));
++ g_value_take_boxed (val, ba);
++ return val;
++}
++
++static GValue *
+ get_routes (void)
+ {
+ GValue *value = NULL;
+@@ -318,6 +340,8 @@ main (int argc, char *argv[])
+
+ /* Gateway */
+ val = addr_to_gvalue (getenv ("VPNGATEWAY"));
++ if (!val)
++ val = addr6_to_gvalue (getenv ("VPNGATEWAY"));
+ if (val)
+ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_GATEWAY, val);
+ else
+--
+1.7.10.2
+
diff --git a/0010-service-pass-IPv6-related-information-to-NM-as-well.patch b/0010-service-pass-IPv6-related-information-to-NM-as-well.patch
new file mode 100644
index 0000000..a3418b2
--- /dev/null
+++ b/0010-service-pass-IPv6-related-information-to-NM-as-well.patch
@@ -0,0 +1,442 @@
+From 1aecd6000ed5baedc6c5a9d38933e3bf52e5bd06 Mon Sep 17 00:00:00 2001
+From: Dan Winship <danw at gnome.org>
+Date: Wed, 23 May 2012 16:30:47 -0400
+Subject: [PATCH 10/20] service: pass IPv6-related information to NM as well
+
+---
+ src/nm-openconnect-service-openconnect-helper.c | 303 ++++++++++++++++++-----
+ 1 file changed, 246 insertions(+), 57 deletions(-)
+
+diff --git a/src/nm-openconnect-service-openconnect-helper.c b/src/nm-openconnect-service-openconnect-helper.c
+index be540ec..25e63c8 100644
+--- a/src/nm-openconnect-service-openconnect-helper.c
++++ b/src/nm-openconnect-service-openconnect-helper.c
+@@ -34,6 +34,7 @@
+ #include <dbus/dbus-glib-lowlevel.h>
+ #include <dbus/dbus-glib.h>
+ #include <NetworkManager.h>
++#include <nm-vpn-plugin-utils.h>
+
+ #include "nm-openconnect-service.h"
+ #include "nm-utils.h"
+@@ -41,6 +42,9 @@
+ /* These are here because nm-dbus-glib-types.h isn't exported */
+ #define DBUS_TYPE_G_ARRAY_OF_UINT (dbus_g_type_get_collection ("GArray", G_TYPE_UINT))
+ #define DBUS_TYPE_G_ARRAY_OF_ARRAY_OF_UINT (dbus_g_type_get_collection ("GPtrArray", DBUS_TYPE_G_ARRAY_OF_UINT))
++#define DBUS_TYPE_G_MAP_OF_VARIANT (dbus_g_type_get_map ("GHashTable", G_TYPE_STRING, G_TYPE_VALUE))
++#define DBUS_TYPE_G_IP6_ROUTE (dbus_g_type_get_struct ("GValueArray", DBUS_TYPE_G_UCHAR_ARRAY, G_TYPE_UINT, DBUS_TYPE_G_UCHAR_ARRAY, G_TYPE_UINT, G_TYPE_INVALID))
++#define DBUS_TYPE_G_ARRAY_OF_IP6_ROUTE (dbus_g_type_get_collection ("GPtrArray", DBUS_TYPE_G_IP6_ROUTE))
+
+ static void
+ helper_failed (DBusGConnection *connection, const char *reason)
+@@ -71,7 +75,8 @@ helper_failed (DBusGConnection *connection, const char *reason)
+ }
+
+ static void
+-send_ip4_config (DBusGConnection *connection, GHashTable *config)
++send_config (DBusGConnection *connection, GHashTable *config,
++ GHashTable *ip4config, GHashTable *ip6config)
+ {
+ DBusGProxy *proxy;
+ GError *err = NULL;
+@@ -81,14 +86,34 @@ send_ip4_config (DBusGConnection *connection, GHashTable *config)
+ NM_VPN_DBUS_PLUGIN_PATH,
+ NM_VPN_DBUS_PLUGIN_INTERFACE);
+
+- dbus_g_proxy_call (proxy, "SetIp4Config", &err,
+- dbus_g_type_get_map ("GHashTable", G_TYPE_STRING, G_TYPE_VALUE),
+- config,
+- G_TYPE_INVALID,
+- G_TYPE_INVALID);
++ if (!dbus_g_proxy_call (proxy, "SetConfig", &err,
++ DBUS_TYPE_G_MAP_OF_VARIANT,
++ config,
++ G_TYPE_INVALID,
++ G_TYPE_INVALID))
++ goto done;
++
++ if (ip4config) {
++ if (!dbus_g_proxy_call (proxy, "SetIp4Config", &err,
++ DBUS_TYPE_G_MAP_OF_VARIANT,
++ ip4config,
++ G_TYPE_INVALID,
++ G_TYPE_INVALID))
++ goto done;
++ }
++
++ if (ip6config) {
++ if (!dbus_g_proxy_call (proxy, "SetIp6Config", &err,
++ DBUS_TYPE_G_MAP_OF_VARIANT,
++ ip6config,
++ G_TYPE_INVALID,
++ G_TYPE_INVALID))
++ goto done;
++ }
+
++ done:
+ if (err) {
+- g_warning ("Could not send failure information: %s", err->message);
++ g_warning ("Could not send configuration information: %s", err->message);
+ g_error_free (err);
+ }
+
+@@ -147,7 +172,7 @@ bool_to_gvalue (gboolean b)
+ }
+
+ static GValue *
+-addr_to_gvalue (const char *str)
++addr4_to_gvalue (const char *str)
+ {
+ struct in_addr temp_addr;
+
+@@ -162,7 +187,7 @@ addr_to_gvalue (const char *str)
+ }
+
+ static GValue *
+-addr_list_to_gvalue (const char *str)
++addr4_list_to_gvalue (const char *str)
+ {
+ GValue *val;
+ char **split;
+@@ -222,7 +247,51 @@ addr6_to_gvalue (const char *str)
+ }
+
+ static GValue *
+-get_routes (void)
++addr6_list_to_gvalue (const char *str)
++{
++ GValue *val;
++ char **split;
++ int i;
++ GPtrArray *array;
++ GByteArray *ba;
++
++ /* Empty */
++ if (!str || strlen (str) < 1)
++ return NULL;
++
++ split = g_strsplit (str, " ", -1);
++ if (g_strv_length (split) == 0)
++ return NULL;
++
++ array = g_ptr_array_new_full (g_strv_length (split),
++ (GDestroyNotify) g_byte_array_unref);
++ for (i = 0; split[i]; i++) {
++ struct in6_addr addr;
++
++ if (inet_pton (AF_INET6, split[i], &addr) > 0) {
++ ba = g_byte_array_new ();
++ g_byte_array_append (ba, (guint8 *) &addr, sizeof (addr));
++ g_ptr_array_add (array, ba);
++ } else {
++ g_strfreev (split);
++ g_ptr_array_free (array, TRUE);
++ return NULL;
++ }
++ }
++
++ g_strfreev (split);
++
++ val = g_slice_new0 (GValue);
++ g_value_init (val, DBUS_TYPE_G_ARRAY_OF_ARRAY_OF_UINT);
++ g_value_set_boxed (val, array);
++
++ return val;
++}
++
++#define BUFLEN 256
++
++static GValue *
++get_ip4_routes (void)
+ {
+ GValue *value = NULL;
+ GPtrArray *routes;
+@@ -230,8 +299,6 @@ get_routes (void)
+ int num;
+ int i;
+
+-#define BUFLEN 256
+-
+ tmp = getenv ("CISCO_SPLIT_INC");
+ if (!tmp || strlen (tmp) < 1)
+ return NULL;
+@@ -298,6 +365,77 @@ get_routes (void)
+ return value;
+ }
+
++static GValue *
++get_ip6_routes (void)
++{
++ GValue *value = NULL;
++ GSList *routes;
++ char *tmp;
++ int num;
++ int i;
++
++ tmp = getenv ("CISCO_IPV6_SPLIT_INC");
++ if (!tmp || strlen (tmp) < 1)
++ return NULL;
++
++ num = atoi (tmp);
++ if (!num)
++ return NULL;
++
++ routes = NULL;
++
++ for (i = 0; i < num; i++) {
++ NMIP6Route *route;
++ char buf[BUFLEN];
++ struct in6_addr network;
++ guint32 prefix;
++
++ snprintf (buf, BUFLEN, "CISCO_IPV6_SPLIT_INC_%d_ADDR", i);
++ tmp = getenv (buf);
++ if (!tmp || inet_pton (AF_INET6, tmp, &network) <= 0) {
++ g_warning ("Ignoring invalid static route address '%s'", tmp ? tmp : "NULL");
++ continue;
++ }
++
++ snprintf (buf, BUFLEN, "CISCO_IPV6_SPLIT_INC_%d_MASKLEN", i);
++ tmp = getenv (buf);
++ if (tmp) {
++ long int tmp_prefix;
++
++ errno = 0;
++ tmp_prefix = strtol (tmp, NULL, 10);
++ if (errno || tmp_prefix <= 0 || tmp_prefix > 128) {
++ g_warning ("Ignoring invalid static route prefix '%s'", tmp ? tmp : "NULL");
++ continue;
++ }
++ prefix = (guint32) tmp_prefix;
++ } else {
++ g_warning ("Ignoring static route %d with no prefix length", i);
++ continue;
++ }
++
++ route = nm_ip6_route_new ();
++ nm_ip6_route_set_dest (route, &network);
++ nm_ip6_route_set_prefix (route, prefix);
++
++ routes = g_slist_append (routes, route);
++ }
++
++ if (routes) {
++ GSList *iter;
++
++ value = g_slice_new0 (GValue);
++ g_value_init (value, DBUS_TYPE_G_ARRAY_OF_IP6_ROUTE);
++ nm_utils_ip6_routes_to_gvalue (routes, value);
++
++ for (iter = routes; iter; iter = iter->next)
++ nm_ip6_route_unref (iter->data);
++ g_slist_free (routes);
++ }
++
++ return value;
++}
++
+ /*
+ * Environment variables passed back from 'openconnect':
+ *
+@@ -316,7 +454,7 @@ main (int argc, char *argv[])
+ {
+ DBusGConnection *connection;
+ char *tmp;
+- GHashTable *config;
++ GHashTable *config, *ip4config, *ip6config;
+ GValue *val;
+ GError *err = NULL;
+ struct in_addr temp_addr;
+@@ -337,94 +475,145 @@ main (int argc, char *argv[])
+ }
+
+ config = g_hash_table_new (g_str_hash, g_str_equal);
++ ip4config = g_hash_table_new (g_str_hash, g_str_equal);
++ ip6config = g_hash_table_new (g_str_hash, g_str_equal);
+
+ /* Gateway */
+- val = addr_to_gvalue (getenv ("VPNGATEWAY"));
++ val = addr4_to_gvalue (getenv ("VPNGATEWAY"));
+ if (!val)
+ val = addr6_to_gvalue (getenv ("VPNGATEWAY"));
+ if (val)
+- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_GATEWAY, val);
++ g_hash_table_insert (config, NM_VPN_PLUGIN_CONFIG_EXT_GATEWAY, val);
+ else
+ helper_failed (connection, "VPN Gateway");
+
+ /* Tunnel device */
+ val = str_to_gvalue (getenv ("TUNDEV"), FALSE);
+ if (val)
+- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_TUNDEV, val);
++ g_hash_table_insert (config, NM_VPN_PLUGIN_CONFIG_TUNDEV, val);
+ else
+ helper_failed (connection, "Tunnel Device");
+
+- /* IP address */
+- val = addr_to_gvalue (getenv ("INTERNAL_IP4_ADDRESS"));
++ /* Banner */
++ val = str_to_gvalue (getenv ("CISCO_BANNER"), TRUE);
++ if (val)
++ g_hash_table_insert (config, NM_VPN_PLUGIN_CONFIG_BANNER, val);
++
++ /* Default domain */
++ val = str_to_gvalue (getenv ("CISCO_DEF_DOMAIN"), TRUE);
++ if (val)
++ g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val);
++
++ /* MTU */
++ tmp = getenv ("INTERNAL_IP4_MTU");
++ if (tmp && strlen (tmp)) {
++ long int mtu;
++
++ errno = 0;
++ mtu = strtol (tmp, NULL, 10);
++ if (errno || mtu < 0 || mtu > 20000) {
++ g_warning ("Ignoring invalid tunnel MTU '%s'", tmp);
++ } else {
++ val = uint_to_gvalue ((guint32) mtu);
++ g_hash_table_insert (config, NM_VPN_PLUGIN_CONFIG_MTU, val);
++ }
++ }
++
++ /* IPv4 address */
++ val = addr4_to_gvalue (getenv ("INTERNAL_IP4_ADDRESS"));
+ if (val)
+- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val);
++ g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val);
+ else
+ helper_failed (connection, "IP4 Address");
+
+- /* PTP address; for openconnect PTP address == internal IP4 address */
+- val = addr_to_gvalue (getenv ("INTERNAL_IP4_ADDRESS"));
++ /* IPv4 PTP address; for openconnect PTP address == internal IPv4 address */
++ val = addr4_to_gvalue (getenv ("INTERNAL_IP4_ADDRESS"));
+ if (val)
+- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PTP, val);
++ g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_PTP, val);
+ else
+ helper_failed (connection, "IP4 PTP Address");
+
+- /* Netmask */
++ /* IPv4 Netmask */
+ tmp = getenv ("INTERNAL_IP4_NETMASK");
+ if (tmp && inet_pton (AF_INET, tmp, &temp_addr) > 0) {
+- GValue *value;
+-
+- value = g_slice_new0 (GValue);
+- g_value_init (value, G_TYPE_UINT);
+- g_value_set_uint (value, nm_utils_ip4_netmask_to_prefix (temp_addr.s_addr));
+-
+- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, value);
++ val = uint_to_gvalue (nm_utils_ip4_netmask_to_prefix (temp_addr.s_addr));
++ g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_PREFIX, val);
+ }
+
+ /* DNS */
+- val = addr_list_to_gvalue (getenv ("INTERNAL_IP4_DNS"));
++ val = addr4_list_to_gvalue (getenv ("INTERNAL_IP4_DNS"));
+ if (val)
+- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val);
++ g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_DNS, val);
+
+ /* WINS servers */
+- val = addr_list_to_gvalue (getenv ("INTERNAL_IP4_NBNS"));
++ val = addr4_list_to_gvalue (getenv ("INTERNAL_IP4_NBNS"));
+ if (val)
+- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val);
++ g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val);
+
+- /* Default domain */
+- val = str_to_gvalue (getenv ("CISCO_DEF_DOMAIN"), TRUE);
++ /* Routes */
++ val = get_ip4_routes ();
++ if (val) {
++ g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_ROUTES, val);
++ /* If routes-to-include were provided, that means no default route */
++ g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT,
++ bool_to_gvalue (TRUE));
++ }
++
++ /* IPv6 address */
++ val = addr6_to_gvalue (getenv ("INTERNAL_IP6_ADDRESS"));
++ if (val)
++ g_hash_table_insert (ip6config, NM_VPN_PLUGIN_IP6_CONFIG_ADDRESS, val);
++ else
++ helper_failed (connection, "IP6 Address");
++
++ /* IPv6 PTP address; for openconnect PTP address == internal IPv6 address */
++ val = addr6_to_gvalue (getenv ("INTERNAL_IP6_ADDRESS"));
++ if (val)
++ g_hash_table_insert (ip6config, NM_VPN_PLUGIN_IP6_CONFIG_PTP, val);
++ else
++ helper_failed (connection, "IP6 PTP Address");
++
++ /* IPv6 Netmask */
++ tmp = getenv ("INTERNAL_IP6_NETMASK");
++ if (tmp)
++ tmp = strchr (tmp, '/');
++ if (tmp) {
++ val = uint_to_gvalue (strtol (tmp + 1, NULL, 10));
++ g_hash_table_insert (ip6config, NM_VPN_PLUGIN_IP6_CONFIG_PREFIX, val);
++ }
++
++ /* DNS */
++ val = addr6_list_to_gvalue (getenv ("INTERNAL_IP6_DNS"));
+ if (val)
+- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAIN, val);
++ g_hash_table_insert (ip6config, NM_VPN_PLUGIN_IP6_CONFIG_DNS, val);
+
+ /* Routes */
+- val = get_routes ();
++ val = get_ip6_routes ();
+ if (val) {
+- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_ROUTES, val);
++ g_hash_table_insert (ip6config, NM_VPN_PLUGIN_IP6_CONFIG_ROUTES, val);
+ /* If routes-to-include were provided, that means no default route */
+- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_NEVER_DEFAULT,
++ g_hash_table_insert (ip6config, NM_VPN_PLUGIN_IP6_CONFIG_NEVER_DEFAULT,
+ bool_to_gvalue (TRUE));
+ }
+- /* Banner */
+- val = str_to_gvalue (getenv ("CISCO_BANNER"), TRUE);
+- if (val)
+- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_BANNER, val);
+
+- /* MTU */
+- tmp = getenv ("INTERNAL_IP4_MTU");
+- if (tmp && strlen (tmp)) {
+- long int mtu;
++ if (g_hash_table_size (ip4config)) {
++ g_hash_table_insert (config, NM_VPN_PLUGIN_CONFIG_HAS_IP4,
++ bool_to_gvalue (TRUE));
++ } else {
++ g_hash_table_destroy (ip4config);
++ ip4config = NULL;
++ }
+
+- errno = 0;
+- mtu = strtol (tmp, NULL, 10);
+- if (errno || mtu < 0 || mtu > 20000) {
+- g_warning ("Ignoring invalid tunnel MTU '%s'", tmp);
+- } else {
+- val = uint_to_gvalue ((guint32) mtu);
+- g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_MTU, val);
+- }
++ if (g_hash_table_size (ip6config)) {
++ g_hash_table_insert (config, NM_VPN_PLUGIN_CONFIG_HAS_IP6,
++ bool_to_gvalue (TRUE));
++ } else {
++ g_hash_table_destroy (ip6config);
++ ip6config = NULL;
+ }
+
+ /* Send the config info to nm-openconnect-service */
+- send_ip4_config (connection, config);
++ send_config (connection, config, ip4config, ip6config);
+
+ exit (0);
+ }
+--
+1.7.10.2
+
diff --git a/0011-Update-to-SSL-library-agnostic-API.patch b/0011-Update-to-SSL-library-agnostic-API.patch
new file mode 100644
index 0000000..e1286b7
--- /dev/null
+++ b/0011-Update-to-SSL-library-agnostic-API.patch
@@ -0,0 +1,131 @@
+From d91c6204bbff0b5ac5555c9781ee203cf4c62fba Mon Sep 17 00:00:00 2001
+From: David Woodhouse <David.Woodhouse at intel.com>
+Date: Thu, 31 May 2012 23:31:36 +0100
+Subject: [PATCH 11/20] Update to SSL-library-agnostic API
+
+This should now build against either the OpenSSL or GnuTLS version of
+libopenconnect. We still need to register either the OpenSSL UI or the
+GnuTLS PIN helper as appropriate though.
+---
+ auth-dialog/main.c | 51 +++++++++++++++++++++++++++++++++++----------------
+ 1 file changed, 35 insertions(+), 16 deletions(-)
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index 8a59e25..ce9ec49 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -52,6 +52,14 @@
+ #include <openssl/bio.h>
+ #include <openssl/ui.h>
+
++#ifndef OPENCONNECT_CHECK_VER
++#define OPENCONNECT_CHECK_VER(x,y) 0
++#endif
++
++#if !OPENCONNECT_CHECK_VER(1,5)
++#define OPENCONNECT_X509 X509
++#endif
++
+ static char *lasthost;
+
+ typedef struct vpnhost {
+@@ -646,28 +654,40 @@ static char* get_title(const char *vpn_name)
+
+ typedef struct cert_data {
+ auth_ui_data *ui_data;
+- X509 *peer_cert;
++ OPENCONNECT_X509 *peer_cert;
+ const char *reason;
+ } cert_data;
+
++#if !OPENCONNECT_CHECK_VER(1,5)
++static char *openconnect_get_cert_details(struct openconnect_info *vpninfo,
++ OPENCONNECT_X509 *cert)
++{
++ BIO *bp = BIO_new(BIO_s_mem());
++ BUF_MEM *certinfo;
++ char zero = 0;
++ char *ret;
++
++ X509_print_ex(bp, cert, 0, 0);
++ BIO_write(bp, &zero, 1);
++ BIO_get_mem_ptr(bp, &certinfo);
++
++ ret = strdup(certinfo->data);
++ BIO_free(bp);
++
++ return ret;
++}
++#endif
+
+ static gboolean user_validate_cert(cert_data *data)
+ {
+ auth_ui_data *ui_data = _ui_data; /* FIXME global */
+- BIO *bp = BIO_new(BIO_s_mem());
+ char *title;
+- BUF_MEM *certinfo;
+- char zero = 0;
++ char *details;
+ GtkWidget *dlg, *text, *scroll;
+ GtkTextBuffer *buffer;
+ int result;
+
+- /* There are probably better ways to do this -- getting individual
+- elements of the cert info and formatting it nicely in the dialog
+- box. But this will do for now... */
+- X509_print_ex(bp, data->peer_cert, 0, 0);
+- BIO_write(bp, &zero, 1);
+- BIO_get_mem_ptr(bp, &certinfo);
++ details = openconnect_get_cert_details(ui_data->vpninfo, data->peer_cert);
+
+ title = get_title(data->ui_data->vpn_name);
+ dlg = gtk_message_dialog_new(NULL, 0, GTK_MESSAGE_QUESTION,
+@@ -691,7 +711,8 @@ static gboolean user_validate_cert(cert_data *data)
+
+ text = gtk_text_view_new();
+ buffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text));
+- gtk_text_buffer_set_text(buffer, certinfo->data, -1);
++ gtk_text_buffer_set_text(buffer, details, -1);
++ free(details);
+ gtk_text_view_set_editable(GTK_TEXT_VIEW(text), 0);
+ gtk_text_view_set_cursor_visible(GTK_TEXT_VIEW(text), FALSE);
+ gtk_container_add(GTK_CONTAINER(scroll), text);
+@@ -699,7 +720,6 @@ static gboolean user_validate_cert(cert_data *data)
+
+ result = gtk_dialog_run(GTK_DIALOG(dlg));
+
+- BIO_free(bp);
+ gtk_widget_destroy(dlg);
+
+ g_mutex_lock (ui_data->form_mutex);
+@@ -715,7 +735,7 @@ static gboolean user_validate_cert(cert_data *data)
+
+ /* runs in worker thread */
+ static int validate_peer_cert(struct openconnect_info *vpninfo,
+- X509 *peer_cert, const char *reason)
++ OPENCONNECT_X509 *peer_cert, const char *reason)
+ {
+ auth_ui_data *ui_data = _ui_data; /* FIXME global */
+ char fingerprint[EVP_MAX_MD_SIZE * 2 + 1];
+@@ -1076,7 +1096,7 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
+ }
+ ui_data->retval = 1;
+ } else if (!ui_data->cookie_retval) {
+- X509 *cert;
++ OPENCONNECT_X509 *cert;
+ gchar *key, *value;
+
+ /* got cookie */
+@@ -1422,8 +1442,7 @@ static auth_ui_data *init_ui_data (char *vpn_name, GHashTable *options, GHashTab
+ validate_peer_cert, write_new_config,
+ nm_process_auth_form, write_progress);
+
+-#if OPENCONNECT_API_VERSION_MAJOR > 1 || (OPENCONNECT_API_VERSION_MAJOR == 1 && OPENCONNECT_API_VERSION_MINOR >= 4)
+-
++#if OPENCONNECT_CHECK_VER(1,4)
+ openconnect_set_cancel_fd (ui_data->vpninfo, ui_data->cancel_pipes[0]);
+ #endif
+
+--
+1.7.10.2
+
diff --git a/0012-Use-GChecksum-for-sha1-not-OpenSSL.patch b/0012-Use-GChecksum-for-sha1-not-OpenSSL.patch
new file mode 100644
index 0000000..2743db4
--- /dev/null
+++ b/0012-Use-GChecksum-for-sha1-not-OpenSSL.patch
@@ -0,0 +1,48 @@
+From a79c67b6c9ed4271651fc0b367f6d3439b8013af Mon Sep 17 00:00:00 2001
+From: David Woodhouse <David.Woodhouse at intel.com>
+Date: Fri, 1 Jun 2012 00:20:52 +0100
+Subject: [PATCH 12/20] Use GChecksum for sha1, not OpenSSL
+
+---
+ auth-dialog/main.c | 19 ++++++++-----------
+ 1 file changed, 8 insertions(+), 11 deletions(-)
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index ce9ec49..146c0f3 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -915,23 +915,20 @@ static int get_config (GHashTable *options, GHashTable *secrets,
+
+ xmlconfig = g_hash_table_lookup (secrets, "xmlconfig");
+ if (xmlconfig) {
++ GChecksum *sha1;
+ gchar *config_str;
+ gsize config_len;
+- unsigned char sha1[SHA_DIGEST_LENGTH];
+- char sha1_text[SHA_DIGEST_LENGTH * 2];
+- EVP_MD_CTX c;
+- int i;
++ const char *sha1_text;
+
+ config_str = (gchar *)g_base64_decode (xmlconfig, &config_len);
+
+- EVP_MD_CTX_init (&c);
+- EVP_Digest (config_str, config_len, sha1, NULL, EVP_sha1(), NULL);
+- EVP_MD_CTX_cleanup (&c);
++ sha1 = g_checksum_new (G_CHECKSUM_SHA1);
++ g_checksum_update (sha1, (gpointer) config_str, config_len);
++ sha1_text = g_checksum_get_string(sha1);
+
+- for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+- sprintf (&sha1_text[i*2], "%02x", sha1[i]);
+-
+- openconnect_set_xmlsha1 (vpninfo, sha1_text, sizeof(sha1_text));
++ openconnect_set_xmlsha1 (vpninfo, (char *)sha1_text, strlen(sha1_text) + 1);
++ g_checksum_free(sha1);
++
+ parse_xmlconfig (config_str);
+ }
+
+--
+1.7.10.2
+
diff --git a/0013-Make-OpenSSL-UI-support-optional.patch b/0013-Make-OpenSSL-UI-support-optional.patch
new file mode 100644
index 0000000..9ab26f1
--- /dev/null
+++ b/0013-Make-OpenSSL-UI-support-optional.patch
@@ -0,0 +1,164 @@
+From 192b8a6904a44c9772ece56f10d36aee6d45bb2a Mon Sep 17 00:00:00 2001
+From: David Woodhouse <David.Woodhouse at intel.com>
+Date: Fri, 1 Jun 2012 00:21:09 +0100
+Subject: [PATCH 13/20] Make OpenSSL UI support optional
+
+We only want this if libopenconnect was built against OpenSSL, not GnuTLS.
+
+For GnuTLS we'll want a PIN helper function, which will come later. It's
+not needed for basic file passwords; only for smart cards.
+---
+ auth-dialog/main.c | 35 +++++++++++++++++++++++++++--------
+ 1 file changed, 27 insertions(+), 8 deletions(-)
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index 146c0f3..755bbfa 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -48,9 +48,6 @@
+
+ #include "openconnect.h"
+
+-#include <openssl/ssl.h>
+-#include <openssl/bio.h>
+-#include <openssl/ui.h>
+
+ #ifndef OPENCONNECT_CHECK_VER
+ #define OPENCONNECT_CHECK_VER(x,y) 0
+@@ -58,6 +55,13 @@
+
+ #if !OPENCONNECT_CHECK_VER(1,5)
+ #define OPENCONNECT_X509 X509
++#define OPENCONNECT_OPENSSL
++#endif
++
++#ifdef OPENCONNECT_OPENSSL
++#include <openssl/ssl.h>
++#include <openssl/bio.h>
++#include <openssl/ui.h>
+ #endif
+
+ static char *lasthost;
+@@ -216,7 +220,9 @@ static void ssl_box_clear(auth_ui_data *ui_data)
+ typedef struct ui_fragment_data {
+ GtkWidget *widget;
+ auth_ui_data *ui_data;
++#ifdef OPENCONNECT_OPENSSL
+ UI_STRING *uis;
++#endif
+ struct oc_form_opt *opt;
+ char *entry_text;
+ int grab_focus;
+@@ -227,6 +233,7 @@ static void entry_activate_cb(GtkWidget *widget, auth_ui_data *ui_data)
+ gtk_dialog_response(GTK_DIALOG(ui_data->dialog), AUTH_DIALOG_RESPONSE_LOGIN);
+ }
+
++#ifdef OPENCONNECT_OPENSSL
+ static void do_check_visibility(ui_fragment_data *data, gboolean *visible)
+ {
+ int min_len;
+@@ -239,13 +246,14 @@ static void do_check_visibility(ui_fragment_data *data, gboolean *visible)
+ if (min_len && (!data->entry_text || strlen(data->entry_text) < min_len))
+ *visible = FALSE;
+ }
+-
++#endif
+ static void evaluate_login_visibility(auth_ui_data *ui_data)
+ {
+ gboolean visible = TRUE;
++#ifdef OPENCONNECT_OPENSSL
+ g_queue_foreach(ui_data->form_entries, (GFunc)do_check_visibility,
+ &visible);
+-
++#endif
+ gtk_widget_set_sensitive (ui_data->login_button, visible);
+ }
+
+@@ -253,7 +261,9 @@ static void entry_changed(GtkEntry *entry, ui_fragment_data *data)
+ {
+ g_free (data->entry_text);
+ data->entry_text = g_strdup(gtk_entry_get_text(entry));
++#ifdef OPENCONNECT_OPENSSL
+ evaluate_login_visibility(data->ui_data);
++#endif
+ }
+
+ static void do_override_label(ui_fragment_data *data, struct oc_choice *choice)
+@@ -282,6 +292,7 @@ static void combo_changed(GtkComboBox *combo, ui_fragment_data *data)
+ &sopt->choices[entry]);
+ }
+
++#ifdef OPENCONNECT_OPENSSL
+ static gboolean ui_write_error (ui_fragment_data *data)
+ {
+ ssl_box_add_error(data->ui_data, UI_get0_output_string(data->uis));
+@@ -299,6 +310,7 @@ static gboolean ui_write_info (ui_fragment_data *data)
+
+ return FALSE;
+ }
++#endif
+
+ static gboolean ui_write_prompt (ui_fragment_data *data)
+ {
+@@ -307,10 +319,13 @@ static gboolean ui_write_prompt (ui_fragment_data *data)
+ int visible;
+ const char *label;
+
++#ifdef OPENCONNECT_OPENSSL
+ if (data->uis) {
+ label = UI_get0_output_string(data->uis);
+ visible = UI_get_input_flags(data->uis) & UI_INPUT_FLAG_ECHO;
+- } else {
++ } else
++#endif
++ {
+ label = data->opt->label;
+ visible = (data->opt->type == OC_FORM_OPT_TEXT);
+ }
+@@ -403,6 +418,7 @@ static gboolean ui_show (auth_ui_data *ui_data)
+ return FALSE;
+ }
+
++#ifdef OPENCONNECT_OPENSSL
+ /* runs in worker thread */
+ static int ui_open(UI *ui)
+ {
+@@ -519,6 +535,7 @@ static int init_openssl_ui(void)
+ UI_set_default_method(ui_method);
+ return 0;
+ }
++#endif /* OPENCONNECT_OPENSSL */
+
+ static char *find_form_answer(GHashTable *secrets, struct oc_auth_form *form,
+ struct oc_form_opt *opt)
+@@ -738,7 +755,7 @@ static int validate_peer_cert(struct openconnect_info *vpninfo,
+ OPENCONNECT_X509 *peer_cert, const char *reason)
+ {
+ auth_ui_data *ui_data = _ui_data; /* FIXME global */
+- char fingerprint[EVP_MAX_MD_SIZE * 2 + 1];
++ char fingerprint[41];
+ char *certs_data;
+ int ret = 0;
+ cert_data *data;
+@@ -1118,7 +1135,7 @@ static gboolean cookie_obtained(auth_ui_data *ui_data)
+ cert = openconnect_get_peer_cert (ui_data->vpninfo);
+ if (cert) {
+ key = g_strdup (NM_OPENCONNECT_KEY_GWCERT);
+- value = g_malloc0 (EVP_MAX_MD_SIZE * 2 + 1);
++ value = g_malloc0 (41);
+ openconnect_get_cert_sha1(ui_data->vpninfo, cert, value);
+ g_hash_table_insert (ui_data->secrets, key, value);
+ }
+@@ -1560,7 +1577,9 @@ int main (int argc, char **argv)
+ }
+ build_main_dialog(_ui_data);
+
++#ifdef OPENCONNECT_OPENSSL
+ init_openssl_ui();
++#endif
+ openconnect_init_openssl();
+
+ if (get_autoconnect (secrets))
+--
+1.7.10.2
+
diff --git a/0014-Support-new-libopenconnect.patch b/0014-Support-new-libopenconnect.patch
new file mode 100644
index 0000000..41973bb
--- /dev/null
+++ b/0014-Support-new-libopenconnect.patch
@@ -0,0 +1,116 @@
+From 9150dc373ec398d0260aa684d2d04960fb47359c Mon Sep 17 00:00:00 2001
+From: David Woodhouse <David.Woodhouse at intel.com>
+Date: Fri, 8 Jun 2012 03:34:15 +0100
+Subject: [PATCH 14/20] Support new libopenconnect
+
+---
+ auth-dialog/main.c | 28 ++++++++++++++++------------
+ configure.ac | 2 +-
+ 2 files changed, 17 insertions(+), 13 deletions(-)
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index 755bbfa..1dd9c39 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -48,6 +48,10 @@
+
+ #include "openconnect.h"
+
++#if OPENCONNECT_API_VERSION_MAJOR == 1
++#define openconnect_vpninfo_new openconnect_vpninfo_new_with_cbdata
++#define openconnect_init_ssl openconnect_init_openssl
++#endif
+
+ #ifndef OPENCONNECT_CHECK_VER
+ #define OPENCONNECT_CHECK_VER(x,y) 0
+@@ -606,10 +610,9 @@ static gboolean ui_form (struct oc_auth_form *form)
+ return ui_show(ui_data);
+ }
+
+-static int nm_process_auth_form (struct openconnect_info *vpninfo,
+- struct oc_auth_form *form)
++static int nm_process_auth_form (void *cbdata, struct oc_auth_form *form)
+ {
+- auth_ui_data *ui_data = _ui_data; /* FIXME global */
++ auth_ui_data *ui_data = cbdata;
+ int response;
+
+ g_idle_add((GSourceFunc)ui_form, form);
+@@ -751,16 +754,16 @@ static gboolean user_validate_cert(cert_data *data)
+ }
+
+ /* runs in worker thread */
+-static int validate_peer_cert(struct openconnect_info *vpninfo,
++static int validate_peer_cert(void *cbdata,
+ OPENCONNECT_X509 *peer_cert, const char *reason)
+ {
+- auth_ui_data *ui_data = _ui_data; /* FIXME global */
++ auth_ui_data *ui_data = cbdata;
+ char fingerprint[41];
+ char *certs_data;
+ int ret = 0;
+ cert_data *data;
+
+- ret = openconnect_get_cert_sha1(vpninfo, peer_cert, fingerprint);
++ ret = openconnect_get_cert_sha1(ui_data->vpninfo, peer_cert, fingerprint);
+ if (ret)
+ return ret;
+
+@@ -995,9 +998,9 @@ static void populate_vpnhost_combo(auth_ui_data *ui_data)
+ }
+ }
+
+-static int write_new_config(struct openconnect_info *vpninfo, char *buf, int buflen)
++static int write_new_config(void *cbdata, char *buf, int buflen)
+ {
+- auth_ui_data *ui_data = _ui_data; /* FIXME global */
++ auth_ui_data *ui_data = cbdata;
+ g_hash_table_insert (ui_data->secrets, g_strdup ("xmlconfig"),
+ g_base64_encode ((guchar *)buf, buflen));
+
+@@ -1057,7 +1060,7 @@ static gboolean write_notice_real(char *message)
+ }
+
+ /* runs in worker thread */
+-static void write_progress(struct openconnect_info *info, int level, const char *fmt, ...)
++static void write_progress(void *cbdata, int level, const char *fmt, ...)
+ {
+ va_list args;
+ char *msg;
+@@ -1453,8 +1456,9 @@ static auth_ui_data *init_ui_data (char *vpn_name, GHashTable *options, GHashTab
+ g_unix_set_fd_nonblocking(ui_data->cancel_pipes[1], TRUE, NULL);
+
+ ui_data->vpninfo = (void *)openconnect_vpninfo_new("OpenConnect VPN Agent (NetworkManager)",
+- validate_peer_cert, write_new_config,
+- nm_process_auth_form, write_progress);
++ validate_peer_cert, write_new_config,
++ nm_process_auth_form, write_progress,
++ ui_data);
+
+ #if OPENCONNECT_CHECK_VER(1,4)
+ openconnect_set_cancel_fd (ui_data->vpninfo, ui_data->cancel_pipes[0]);
+@@ -1580,7 +1584,7 @@ int main (int argc, char **argv)
+ #ifdef OPENCONNECT_OPENSSL
+ init_openssl_ui();
+ #endif
+- openconnect_init_openssl();
++ openconnect_init_ssl();
+
+ if (get_autoconnect (secrets))
+ queue_connect_host(_ui_data);
+diff --git a/configure.ac b/configure.ac
+index dfa5119..7e24c7e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -89,7 +89,7 @@ if test x"$with_gnome" != xno; then
+ AC_SUBST(GCONF_LIBS)
+
+ if test x"$with_authdlg" != xno; then
+- PKG_CHECK_MODULES(OPENCONNECT, openconnect)
++ PKG_CHECK_MODULES(OPENCONNECT, openconnect >= 3.02)
+ AC_SUBST(OPENCONNECT_CFLAGS)
+ AC_SUBST(OPENCONNECT_LIBS)
+ fi
+--
+1.7.10.2
+
diff --git a/0015-Mark-two-strings-for-translation.patch b/0015-Mark-two-strings-for-translation.patch
new file mode 100644
index 0000000..7d58e06
--- /dev/null
+++ b/0015-Mark-two-strings-for-translation.patch
@@ -0,0 +1,28 @@
+From 02a75b1ce0ba38d9b447ce09dea61354cfdce9a0 Mon Sep 17 00:00:00 2001
+From: Kjartan Maraas <kmaraas at gnome.org>
+Date: Sun, 10 Jun 2012 19:09:37 +0200
+Subject: [PATCH 15/20] Mark two strings for translation
+
+---
+ auth-dialog/main.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index 1dd9c39..f3eb493 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -667,9 +667,9 @@ static int nm_process_auth_form (void *cbdata, struct oc_auth_form *form)
+ static char* get_title(const char *vpn_name)
+ {
+ if (vpn_name)
+- return g_strdup_printf("Connect to VPN '%s'", vpn_name);
++ return g_strdup_printf(_("Connect to VPN '%s'"), vpn_name);
+ else
+- return g_strdup("Connect to VPN");
++ return g_strdup(_("Connect to VPN"));
+ }
+
+ typedef struct cert_data {
+--
+1.7.10.2
+
diff --git a/0016-Updated-Norwegian-bokm-l-translation.patch b/0016-Updated-Norwegian-bokm-l-translation.patch
new file mode 100644
index 0000000..50ccb4a
--- /dev/null
+++ b/0016-Updated-Norwegian-bokm-l-translation.patch
@@ -0,0 +1,204 @@
+From e7bfebe89b1c461f63bb3bd543044f77a0ea1771 Mon Sep 17 00:00:00 2001
+From: Kjartan Maraas <kmaraas at gnome.org>
+Date: Sun, 10 Jun 2012 19:11:18 +0200
+Subject: [PATCH 16/20] =?UTF-8?q?Updated=20Norwegian=20bokm=C3=A5l=20transla?=
+ =?UTF-8?q?tion?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ po/nb.po | 96 ++++++++++++++++++++++++++++++++++----------------------------
+ 1 file changed, 52 insertions(+), 44 deletions(-)
+
+diff --git a/po/nb.po b/po/nb.po
+index d9d4e34..855b40c 100644
+--- a/po/nb.po
++++ b/po/nb.po
+@@ -8,8 +8,8 @@ msgid ""
+ msgstr ""
+ "Project-Id-Version: NetworkManager 0.9.x\n"
+ "Report-Msgid-Bugs-To: \n"
+-"POT-Creation-Date: 2011-07-19 13:27+0200\n"
+-"PO-Revision-Date: 2011-07-19 13:29+0200\n"
++"POT-Creation-Date: 2012-06-10 19:08+0200\n"
++"PO-Revision-Date: 2012-06-10 19:09+0200\n"
+ "Last-Translator: Kjartan Maraas <kmaraas at gnome.org>\n"
+ "Language-Team: Norwegian Bokmal <i18n-nb at lister.ping.uio.no>\n"
+ "Language: nb\n"
+@@ -18,7 +18,16 @@ msgstr ""
+ "Content-Transfer-Encoding: 8bit\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+-#: ../auth-dialog/main.c:636
++#: ../auth-dialog/main.c:670
++#, c-format
++msgid "Connect to VPN '%s'"
++msgstr "Koble til VPN «%s»"
++
++#: ../auth-dialog/main.c:672
++msgid "Connect to VPN"
++msgstr "Koble til VPN"
++
++#: ../auth-dialog/main.c:715
+ #, c-format
+ msgid ""
+ "Certificate from VPN server \"%s\" failed verification.\n"
+@@ -29,28 +38,27 @@ msgstr ""
+ "Årsak: %s\n"
+ "Vil du godta det?"
+
+-#: ../auth-dialog/main.c:1212
++#: ../auth-dialog/main.c:1315
+ msgid "VPN host"
+ msgstr "VPN-vert"
+
+-#: ../auth-dialog/main.c:1232
++#: ../auth-dialog/main.c:1335
+ msgid "Automatically start connecting next time"
+ msgstr "Start tilkobling automatisk neste gang"
+
+-#: ../auth-dialog/main.c:1249
+-#, fuzzy
++#: ../auth-dialog/main.c:1356
+ msgid "Select a host to fetch the login form"
+-msgstr "Velg en vert å hente innlogging fra"
++msgstr "Velg en vert å hente innloggingsskjema fra"
+
+-#: ../auth-dialog/main.c:1254
++#: ../auth-dialog/main.c:1361
+ msgid "Contacting host, please wait..."
+ msgstr "Kontakter vert, vennligst vent …"
+
+-#: ../auth-dialog/main.c:1266
++#: ../auth-dialog/main.c:1381
+ msgid "_Login"
+-msgstr ""
++msgstr "_Login"
+
+-#: ../auth-dialog/main.c:1280
++#: ../auth-dialog/main.c:1395
+ msgid "Log"
+ msgstr "Logg"
+
+@@ -79,85 +87,85 @@ msgid "Compatible with Cisco AnyConnect SSL VPN."
+ msgstr "Kompatibel med Cisco AnyConnect SSL-VPN."
+
+ #: ../properties/nm-openconnect-dialog.ui.h:1
+-msgid "<b>Certificate Authentication</b>"
+-msgstr "<b>Autentisering med sertifikat</b>"
+-
+-#: ../properties/nm-openconnect-dialog.ui.h:2
+ msgid "<b>General</b>"
+ msgstr "<b>Generelt</b>"
+
++#: ../properties/nm-openconnect-dialog.ui.h:2
++msgid "Select A File"
++msgstr "Velg en fil"
++
+ #: ../properties/nm-openconnect-dialog.ui.h:3
+-msgid "Allow Cisco Secure Desktop _trojan"
+-msgstr "Tillat Cisco Secure Desktop _trojaner"
++msgid "_Gateway:"
++msgstr "_Gateway:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:4
+-msgid "CSD _Wrapper Script:"
+-msgstr "Skript for inpakking av _CSD:"
++msgid "_Proxy:"
++msgstr "_Proxy:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:5
+-msgid "Private _Key:"
+-msgstr "Privat nø_kkel:"
++msgid "_CA Certificate:"
++msgstr "_CA-sertifikat:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:6
+-msgid "Select A File"
+-msgstr "Velg en fil"
++msgid "Allow Cisco Secure Desktop _trojan"
++msgstr "Tillat Cisco Secure Desktop _trojaner"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:7
+-msgid "Use _FSID for key passphrase"
+-msgstr "Bruk _FSID for nøkkelpassord"
++msgid "CSD _Wrapper Script:"
++msgstr "Skript for inpakking av _CSD:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:8
+-msgid "_CA Certificate:"
+-msgstr "_CA-sertifikat:"
++msgid "<b>Certificate Authentication</b>"
++msgstr "<b>Autentisering med sertifikat</b>"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:9
+-msgid "_Gateway:"
+-msgstr "_Gateway:"
++msgid "_User Certificate:"
++msgstr "Br_ukersertifikat:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:10
+-msgid "_Proxy:"
+-msgstr "_Proxy:"
++msgid "Private _Key:"
++msgstr "Privat nø_kkel:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:11
+-msgid "_User Certificate:"
+-msgstr "Br_ukersertifikat:"
++msgid "Use _FSID for key passphrase"
++msgstr "Bruk _FSID for nøkkelpassord"
+
+-#: ../src/nm-openconnect-service.c:139
++#: ../src/nm-openconnect-service.c:142
+ #, c-format
+ msgid "invalid integer property '%s' or out of range [%d -> %d]"
+ msgstr ""
+
+-#: ../src/nm-openconnect-service.c:149
++#: ../src/nm-openconnect-service.c:152
+ #, c-format
+ msgid "invalid boolean property '%s' (not yes or no)"
+ msgstr ""
+
+-#: ../src/nm-openconnect-service.c:156
++#: ../src/nm-openconnect-service.c:159
+ #, c-format
+ msgid "unhandled property '%s' type %s"
+ msgstr ""
+
+-#: ../src/nm-openconnect-service.c:169
++#: ../src/nm-openconnect-service.c:172
+ #, c-format
+ msgid "property '%s' invalid or not supported"
+ msgstr ""
+
+-#: ../src/nm-openconnect-service.c:185
++#: ../src/nm-openconnect-service.c:188
+ msgid "No VPN configuration options."
+ msgstr ""
+
+-#: ../src/nm-openconnect-service.c:203
++#: ../src/nm-openconnect-service.c:206
+ msgid "No VPN secrets!"
+-msgstr ""
++msgstr "Ingen VPN-hemmeligheter!"
+
+-#: ../src/nm-openconnect-service.c:283
++#: ../src/nm-openconnect-service.c:374
+ msgid "Could not find openconnect binary."
+ msgstr ""
+
+-#: ../src/nm-openconnect-service.c:295
++#: ../src/nm-openconnect-service.c:386
+ msgid "No VPN gateway specified."
+ msgstr ""
+
+-#: ../src/nm-openconnect-service.c:305
++#: ../src/nm-openconnect-service.c:396
+ msgid "No WebVPN cookie provided."
+ msgstr ""
+--
+1.7.10.2
+
diff --git a/0017-Updated-Norwegian-bokm-l-translation.patch b/0017-Updated-Norwegian-bokm-l-translation.patch
new file mode 100644
index 0000000..8dcba10
--- /dev/null
+++ b/0017-Updated-Norwegian-bokm-l-translation.patch
@@ -0,0 +1,82 @@
+From ea67461182c3c36bf6f25611b111cafb27872ee4 Mon Sep 17 00:00:00 2001
+From: Kjartan Maraas <kmaraas at gnome.org>
+Date: Sun, 10 Jun 2012 19:14:01 +0200
+Subject: [PATCH 17/20] =?UTF-8?q?Updated=20Norwegian=20bokm=C3=A5l=20transla?=
+ =?UTF-8?q?tion?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ po/nb.po | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/po/nb.po b/po/nb.po
+index 855b40c..cdfa21f 100644
+--- a/po/nb.po
++++ b/po/nb.po
+@@ -9,7 +9,7 @@ msgstr ""
+ "Project-Id-Version: NetworkManager 0.9.x\n"
+ "Report-Msgid-Bugs-To: \n"
+ "POT-Creation-Date: 2012-06-10 19:08+0200\n"
+-"PO-Revision-Date: 2012-06-10 19:09+0200\n"
++"PO-Revision-Date: 2012-06-10 19:13+0200\n"
+ "Last-Translator: Kjartan Maraas <kmaraas at gnome.org>\n"
+ "Language-Team: Norwegian Bokmal <i18n-nb at lister.ping.uio.no>\n"
+ "Language: nb\n"
+@@ -56,7 +56,7 @@ msgstr "Kontakter vert, vennligst vent …"
+
+ #: ../auth-dialog/main.c:1381
+ msgid "_Login"
+-msgstr "_Login"
++msgstr "_Logg inn"
+
+ #: ../auth-dialog/main.c:1395
+ msgid "Log"
+@@ -64,15 +64,15 @@ msgstr "Logg"
+
+ #: ../properties/auth-helpers.c:64
+ msgid "Choose a Certificate Authority certificate..."
+-msgstr "Velg et Certificate Authority-sertifikat ..."
++msgstr "Velg et Certificate Authority-sertifikat …"
+
+ #: ../properties/auth-helpers.c:80
+ msgid "Choose your personal certificate..."
+-msgstr "Velg ditt personlige sertifikat ..."
++msgstr "Velg ditt personlige sertifikat …"
+
+ #: ../properties/auth-helpers.c:96
+ msgid "Choose your private key..."
+-msgstr "Velg din private nøkkel ..."
++msgstr "Velg din private nøkkel …"
+
+ #: ../properties/auth-helpers.c:256
+ msgid "PEM certificates (*.pem, *.crt, *.key)"
+@@ -152,7 +152,7 @@ msgstr ""
+
+ #: ../src/nm-openconnect-service.c:188
+ msgid "No VPN configuration options."
+-msgstr ""
++msgstr "Ingen konfigurasjonsvalg for VPN."
+
+ #: ../src/nm-openconnect-service.c:206
+ msgid "No VPN secrets!"
+@@ -160,12 +160,12 @@ msgstr "Ingen VPN-hemmeligheter!"
+
+ #: ../src/nm-openconnect-service.c:374
+ msgid "Could not find openconnect binary."
+-msgstr ""
++msgstr "Fant ikke den kjørbare filen openconnect."
+
+ #: ../src/nm-openconnect-service.c:386
+ msgid "No VPN gateway specified."
+-msgstr ""
++msgstr "Ingen VPN-portner oppgitt."
+
+ #: ../src/nm-openconnect-service.c:396
+ msgid "No WebVPN cookie provided."
+-msgstr ""
++msgstr "Ingen WebVPN-informasjonskapsel gitt."
+--
+1.7.10.2
+
diff --git a/0018-Updated-Spanish-translation.patch b/0018-Updated-Spanish-translation.patch
new file mode 100644
index 0000000..c99d7b7
--- /dev/null
+++ b/0018-Updated-Spanish-translation.patch
@@ -0,0 +1,192 @@
+From ccde664c2450f7ee3278a8b899a8034898fc518d Mon Sep 17 00:00:00 2001
+From: Daniel Mustieles <daniel.mustieles at gmail.com>
+Date: Mon, 11 Jun 2012 13:40:22 +0200
+Subject: [PATCH 18/20] Updated Spanish translation
+
+---
+ po/es.po | 85 ++++++++++++++++++++++++++++++++++----------------------------
+ 1 file changed, 47 insertions(+), 38 deletions(-)
+
+diff --git a/po/es.po b/po/es.po
+index e381b14..3c427e4 100644
+--- a/po/es.po
++++ b/po/es.po
+@@ -2,15 +2,15 @@
+ # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
+ # This file is distributed under the same license as the PACKAGE package.
+ # Jorge González <jorgegonz at svn.gnome.org>, 2008, 2010.
+-# Daniel Mustieles <daniel.mustieles at gmail.com>, 2011.
++# Daniel Mustieles <daniel.mustieles at gmail.com>, 2011, 2012.
+ #
+ msgid ""
+ msgstr ""
+ "Project-Id-Version: network-manager-openconnect.HEAD\n"
+ "Report-Msgid-Bugs-To: http://bugzilla.gnome.org/enter_bug.cgi?"
+ "product=NetworkManager&keywords=I18N+L10N&component=general\n"
+-"POT-Creation-Date: 2011-03-31 11:34+0000\n"
+-"PO-Revision-Date: 2011-04-15 10:52+0200\n"
++"POT-Creation-Date: 2012-06-10 17:06+0000\n"
++"PO-Revision-Date: 2012-06-11 12:08+0200\n"
+ "Last-Translator: Daniel Mustieles <daniel.mustieles at gmail.com>\n"
+ "Language-Team: Español <gnome-es-list at gnome.org>\n"
+ "MIME-Version: 1.0\n"
+@@ -19,7 +19,16 @@ msgstr ""
+ "X-Generator: KBabel 1.11.4\n"
+ "Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+-#: ../auth-dialog/main.c:658
++#: ../auth-dialog/main.c:670
++#, c-format
++msgid "Connect to VPN '%s'"
++msgstr "Conectarse a la VPN «%s»"
++
++#: ../auth-dialog/main.c:672
++msgid "Connect to VPN"
++msgstr "Conectar a la VPN"
++
++#: ../auth-dialog/main.c:715
+ #, c-format
+ msgid ""
+ "Certificate from VPN server \"%s\" failed verification.\n"
+@@ -30,27 +39,27 @@ msgstr ""
+ "Motivo: %s\n"
+ "¿Quiere aceptarlo?"
+
+-#: ../auth-dialog/main.c:1317
++#: ../auth-dialog/main.c:1315
+ msgid "VPN host"
+ msgstr "Servidor VPN"
+
+-#: ../auth-dialog/main.c:1337
++#: ../auth-dialog/main.c:1335
+ msgid "Automatically start connecting next time"
+ msgstr "Iniciar la conexión automáticamente la próxima vez"
+
+-#: ../auth-dialog/main.c:1354
++#: ../auth-dialog/main.c:1356
+ msgid "Select a host to fetch the login form"
+ msgstr "Seleccionar un servidor para obtener el formulario de inicio de sesión"
+
+-#: ../auth-dialog/main.c:1359
++#: ../auth-dialog/main.c:1361
+ msgid "Contacting host, please wait..."
+ msgstr "Conectando al servidor, espere…"
+
+-#: ../auth-dialog/main.c:1371
++#: ../auth-dialog/main.c:1381
+ msgid "_Login"
+ msgstr "_Entrar"
+
+-#: ../auth-dialog/main.c:1385
++#: ../auth-dialog/main.c:1395
+ msgid "Log"
+ msgstr "Registro"
+
+@@ -79,60 +88,60 @@ msgid "Compatible with Cisco AnyConnect SSL VPN."
+ msgstr "Compatible con VPN Cisco AnyConnect SSL."
+
+ #: ../properties/nm-openconnect-dialog.ui.h:1
+-msgid "<b>Certificate Authentication</b>"
+-msgstr "<b>Certificado de autenticación</b>"
+-
+-#: ../properties/nm-openconnect-dialog.ui.h:2
+ msgid "<b>General</b>"
+ msgstr "<b>General</b>"
+
++#: ../properties/nm-openconnect-dialog.ui.h:2
++msgid "Select A File"
++msgstr "Seleccione un archivo"
++
+ #: ../properties/nm-openconnect-dialog.ui.h:3
+-msgid "Allow Cisco Secure Desktop _trojan"
+-msgstr "Permitir el _troyano de escritorio Cisco Secure"
++msgid "_Gateway:"
++msgstr "_Pasarela:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:4
+-msgid "CSD _Wrapper Script:"
+-msgstr "Script CSD _envolvente:"
++msgid "_Proxy:"
++msgstr "_Proxy:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:5
+-msgid "Private _Key:"
+-msgstr "Clave pri_vada:"
++msgid "_CA Certificate:"
++msgstr "Certificado _CA:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:6
+-msgid "Select A File"
+-msgstr "Seleccione un archivo"
++msgid "Allow Cisco Secure Desktop _trojan"
++msgstr "Permitir el _troyano de escritorio Cisco Secure"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:7
+-msgid "Use _FSID for key passphrase"
+-msgstr "Usar _FSID para la frase de paso de la clave"
++msgid "CSD _Wrapper Script:"
++msgstr "Script CSD _envolvente:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:8
+-msgid "_CA Certificate:"
+-msgstr "Certificado _CA:"
++msgid "<b>Certificate Authentication</b>"
++msgstr "<b>Certificado de autenticación</b>"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:9
+-msgid "_Gateway:"
+-msgstr "_Pasarela:"
++msgid "_User Certificate:"
++msgstr "Certificado del _usuario:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:10
+-msgid "_Proxy:"
+-msgstr "_Proxy:"
++msgid "Private _Key:"
++msgstr "Clave pri_vada:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:11
+-msgid "_User Certificate:"
+-msgstr "Certificado del _usuario:"
++msgid "Use _FSID for key passphrase"
++msgstr "Usar _FSID para la frase de paso de la clave"
+
+-#: ../src/nm-openconnect-service.c:144
++#: ../src/nm-openconnect-service.c:142
+ #, c-format
+ msgid "invalid integer property '%s' or out of range [%d -> %d]"
+ msgstr "propiedad entera «%s» no válida o fuera de rango [%d -> %d]"
+
+-#: ../src/nm-openconnect-service.c:154
++#: ../src/nm-openconnect-service.c:152
+ #, c-format
+ msgid "invalid boolean property '%s' (not yes or no)"
+ msgstr "propiedad booleana «%s» no válida (no es «sí» o «no»)"
+
+-#: ../src/nm-openconnect-service.c:161
++#: ../src/nm-openconnect-service.c:159
+ #, c-format
+ msgid "unhandled property '%s' type %s"
+ msgstr "propiedad «%s» de tipo %s no controlada"
+@@ -150,15 +159,15 @@ msgstr "No hay opciones de configuración de VPN."
+ msgid "No VPN secrets!"
+ msgstr "No hay secretos VPN."
+
+-#: ../src/nm-openconnect-service.c:286
++#: ../src/nm-openconnect-service.c:374
+ msgid "Could not find openconnect binary."
+ msgstr "No se pudo encontrar el binario «openconnect»."
+
+-#: ../src/nm-openconnect-service.c:298
++#: ../src/nm-openconnect-service.c:386
+ msgid "No VPN gateway specified."
+ msgstr "No se especificó ninguna puerta de enlace."
+
+-#: ../src/nm-openconnect-service.c:308
++#: ../src/nm-openconnect-service.c:396
+ msgid "No WebVPN cookie provided."
+ msgstr "No se proporcionó una cookie WebVPN."
+
+--
+1.7.10.2
+
diff --git a/0019-Updated-Polish-translation.patch b/0019-Updated-Polish-translation.patch
new file mode 100644
index 0000000..f16aa92
--- /dev/null
+++ b/0019-Updated-Polish-translation.patch
@@ -0,0 +1,187 @@
+From cebe23e0fbf9ec5e2a48e73fbe8e0d2432fde64c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Piotr=20Dr=C4=85g?= <piotrdrag at gmail.com>
+Date: Tue, 12 Jun 2012 01:00:17 +0200
+Subject: [PATCH 19/20] Updated Polish translation
+
+---
+ po/pl.po | 83 ++++++++++++++++++++++++++++++++++----------------------------
+ 1 file changed, 46 insertions(+), 37 deletions(-)
+
+diff --git a/po/pl.po b/po/pl.po
+index ab6f518..1592ba8 100644
+--- a/po/pl.po
++++ b/po/pl.po
+@@ -8,8 +8,8 @@ msgid ""
+ msgstr ""
+ "Project-Id-Version: network-manager-openconnect\n"
+ "Report-Msgid-Bugs-To: \n"
+-"POT-Creation-Date: 2011-04-05 21:17+0200\n"
+-"PO-Revision-Date: 2011-04-05 21:18+0200\n"
++"POT-Creation-Date: 2012-06-12 00:59+0200\n"
++"PO-Revision-Date: 2011-06-12 01:01+0200\n"
+ "Last-Translator: Piotr Drąg <piotrdrag at gmail.com>\n"
+ "Language-Team: Polish <gnomepl at aviary.pl>\n"
+ "Language: pl\n"
+@@ -23,7 +23,16 @@ msgstr ""
+ "X-Poedit-Language: Polish\n"
+ "X-Poedit-Country: Poland\n"
+
+-#: ../auth-dialog/main.c:658
++#: ../auth-dialog/main.c:670
++#, c-format
++msgid "Connect to VPN '%s'"
++msgstr "Połącz z siecią VPN \"%s\""
++
++#: ../auth-dialog/main.c:672
++msgid "Connect to VPN"
++msgstr "Połącz z siecią VPN"
++
++#: ../auth-dialog/main.c:715
+ #, c-format
+ msgid ""
+ "Certificate from VPN server \"%s\" failed verification.\n"
+@@ -34,27 +43,27 @@ msgstr ""
+ "Przyczyna: %s\n"
+ "Zaakceptować go?"
+
+-#: ../auth-dialog/main.c:1317
++#: ../auth-dialog/main.c:1315
+ msgid "VPN host"
+ msgstr "Komputer VPN"
+
+-#: ../auth-dialog/main.c:1337
++#: ../auth-dialog/main.c:1335
+ msgid "Automatically start connecting next time"
+ msgstr "Automatyczne rozpoczynanie połączenie następnym razem"
+
+-#: ../auth-dialog/main.c:1354
++#: ../auth-dialog/main.c:1356
+ msgid "Select a host to fetch the login form"
+ msgstr "Wybór komputera, z którego pobrać login"
+
+-#: ../auth-dialog/main.c:1359
++#: ../auth-dialog/main.c:1361
+ msgid "Contacting host, please wait..."
+ msgstr "Łączenie się z komputerem, proszę czekać..."
+
+-#: ../auth-dialog/main.c:1371
++#: ../auth-dialog/main.c:1381
+ msgid "_Login"
+ msgstr "_Login"
+
+-#: ../auth-dialog/main.c:1385
++#: ../auth-dialog/main.c:1395
+ msgid "Log"
+ msgstr "Dziennik"
+
+@@ -83,64 +92,64 @@ msgid "Compatible with Cisco AnyConnect SSL VPN."
+ msgstr "Zgodny z VPN Cisco AnyConnect SSL."
+
+ #: ../properties/nm-openconnect-dialog.ui.h:1
+-msgid "<b>Certificate Authentication</b>"
+-msgstr "<b>Uwierzytelnianie certyfikatu</b>"
+-
+-#: ../properties/nm-openconnect-dialog.ui.h:2
+ msgid "<b>General</b>"
+ msgstr "<b>Ogólne</b>"
+
++#: ../properties/nm-openconnect-dialog.ui.h:2
++msgid "Select A File"
++msgstr "Wybór pliku"
++
+ #: ../properties/nm-openconnect-dialog.ui.h:3
+-msgid "Allow Cisco Secure Desktop _trojan"
+-msgstr "_Zezwolenie na trojana Cisco Secure Desktop"
++msgid "_Gateway:"
++msgstr "_Brama:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:4
+-msgid "CSD _Wrapper Script:"
+-msgstr "Skrypt _wrappera CSD:"
++msgid "_Proxy:"
++msgstr "_Pośrednik:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:5
+-msgid "Private _Key:"
+-msgstr "_Klucz prywatny:"
++msgid "_CA Certificate:"
++msgstr "Certyfikat _CA:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:6
+-msgid "Select A File"
+-msgstr "Wybór pliku"
++msgid "Allow Cisco Secure Desktop _trojan"
++msgstr "_Zezwolenie na trojana Cisco Secure Desktop"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:7
+-msgid "Use _FSID for key passphrase"
+-msgstr "Użycie _FSID dla hasła klucza"
++msgid "CSD _Wrapper Script:"
++msgstr "Skrypt _wrappera CSD:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:8
+-msgid "_CA Certificate:"
+-msgstr "Certyfikat _CA:"
++msgid "<b>Certificate Authentication</b>"
++msgstr "<b>Uwierzytelnianie certyfikatu</b>"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:9
+-msgid "_Gateway:"
+-msgstr "_Brama:"
++msgid "_User Certificate:"
++msgstr "Certyfikat _użytkownika:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:10
+-msgid "_Proxy:"
+-msgstr "_Pośrednik:"
++msgid "Private _Key:"
++msgstr "_Klucz prywatny:"
+
+ #: ../properties/nm-openconnect-dialog.ui.h:11
+-msgid "_User Certificate:"
+-msgstr "Certyfikat _użytkownika:"
++msgid "Use _FSID for key passphrase"
++msgstr "Użycie _FSID dla hasła klucza"
+
+-#: ../src/nm-openconnect-service.c:144
++#: ../src/nm-openconnect-service.c:142
+ #, c-format
+ msgid "invalid integer property '%s' or out of range [%d -> %d]"
+ msgstr ""
+ "nieprawidłowa własność liczby całkowitej \"%s\" lub jest poza zakresem [%d -"
+ "> %d]"
+
+-#: ../src/nm-openconnect-service.c:154
++#: ../src/nm-openconnect-service.c:152
+ #, c-format
+ msgid "invalid boolean property '%s' (not yes or no)"
+ msgstr ""
+ "nieprawidłowa własność zmiennej logicznej \"%s\" (nie wynosi \"yes\" lub \"no"
+ "\")"
+
+-#: ../src/nm-openconnect-service.c:161
++#: ../src/nm-openconnect-service.c:159
+ #, c-format
+ msgid "unhandled property '%s' type %s"
+ msgstr "nieobsługiwana własność \"%s\" typu \"%s\""
+@@ -158,14 +167,14 @@ msgstr "Brak opcji konfiguracji VPN."
+ msgid "No VPN secrets!"
+ msgstr "Brak haseł VPN."
+
+-#: ../src/nm-openconnect-service.c:286
++#: ../src/nm-openconnect-service.c:374
+ msgid "Could not find openconnect binary."
+ msgstr "Nie można odnaleźć pliku binarnego openconnect."
+
+-#: ../src/nm-openconnect-service.c:298
++#: ../src/nm-openconnect-service.c:386
+ msgid "No VPN gateway specified."
+ msgstr "Nie podano bramy VPN."
+
+-#: ../src/nm-openconnect-service.c:308
++#: ../src/nm-openconnect-service.c:396
+ msgid "No WebVPN cookie provided."
+ msgstr "Nie podano ciasteczka WebVPN."
+--
+1.7.10.2
+
diff --git a/0020-core-pass-multiple-domains-back-to-NM-if-given-by-vp.patch b/0020-core-pass-multiple-domains-back-to-NM-if-given-by-vp.patch
new file mode 100644
index 0000000..a1f9c0d
--- /dev/null
+++ b/0020-core-pass-multiple-domains-back-to-NM-if-given-by-vp.patch
@@ -0,0 +1,57 @@
+From 0ed6b66d8461922e35bf91d054858df35d185dae Mon Sep 17 00:00:00 2001
+From: Evan Broder <evan at ebroder.net>
+Date: Thu, 15 Mar 2012 14:57:12 -0700
+Subject: [PATCH 20/20] core: pass multiple domains back to NM if given by
+ vpnc (cherry picked from n-m-vpnc commit
+ 237e625883d251cb922d90c8cd7fa91fb9cc6c08)
+
+---
+ src/nm-openconnect-service-openconnect-helper.c | 25 +++++++++++++++++++++++
+ 1 file changed, 25 insertions(+)
+
+diff --git a/src/nm-openconnect-service-openconnect-helper.c b/src/nm-openconnect-service-openconnect-helper.c
+index 25e63c8..8ac651f 100644
+--- a/src/nm-openconnect-service-openconnect-helper.c
++++ b/src/nm-openconnect-service-openconnect-helper.c
+@@ -291,6 +291,26 @@ addr6_list_to_gvalue (const char *str)
+ #define BUFLEN 256
+
+ static GValue *
++split_dns_list_to_gvalue (const char *str)
++{
++ GValue *val;
++ char **split;
++
++ if (!str || strlen (str) < 1)
++ return NULL;
++
++ split = g_strsplit (str, ",", -1);
++ if (g_strv_length (split) == 0)
++ return NULL;
++
++ val = g_slice_new0 (GValue);
++ g_value_init (val, G_TYPE_STRV);
++ g_value_take_boxed (val, split);
++
++ return val;
++}
++
++static GValue *
+ get_ip4_routes (void)
+ {
+ GValue *value = NULL;
+@@ -550,6 +570,11 @@ main (int argc, char *argv[])
+ if (val)
+ g_hash_table_insert (ip4config, NM_VPN_PLUGIN_IP4_CONFIG_NBNS, val);
+
++ /* Split DNS domains */
++ val = split_dns_list_to_gvalue (getenv ("CISCO_SPLIT_DNS"));
++ if (val)
++ g_hash_table_insert (config, NM_VPN_PLUGIN_IP4_CONFIG_DOMAINS, val);
++
+ /* Routes */
+ val = get_ip4_routes ();
+ if (val) {
+--
+1.7.10.2
+
diff --git a/NetworkManager-openconnect.spec b/NetworkManager-openconnect.spec
index 4ac0919..f7cb861 100644
--- a/NetworkManager-openconnect.spec
+++ b/NetworkManager-openconnect.spec
@@ -1,7 +1,7 @@
%define nm_version 1:0.9.2
%define dbus_version 1.1
%define gtk3_version 3.0.0
-%define openconnect_version 3.19
+%define openconnect_version 3.99
%define snapshot %{nil}
%define realversion 0.9.4.0
@@ -9,18 +9,34 @@
Summary: NetworkManager VPN integration for openconnect
Name: NetworkManager-openconnect
Version: 0.9.4.0
-Release: 4%{snapshot}%{?dist}
+Release: 5%{snapshot}%{?dist}
License: GPLv2+, LGPLv2.1
Group: System Environment/Base
URL: http://www.gnome.org/projects/NetworkManager/
Source: ftp://ftp.gnome.org/pub/GNOME/sources/NetworkManager-openconnect/0.9/%{name}-%{realversion}%{snapshot}.tar.xz
-Patch0: 0001-Check-for-success-when-dropping-privs.patch
-Patch1: 0002-Create-persistent-tundev-on-demand-for-each-connecti.patch
-Patch2: 0003-Wait-for-QUIT-command-before-exiting.patch
-Patch3: 0004-Implement-proper-cancellation-now-that-libopenconnec.patch
-Patch4: 0005-Fix-compiler-warnings-about-ignoring-return-value-fr.patch
-Patch5: 0006-Fix-error-check-for-write-failing.patch
-Patch6: 0007-Fix-Hitting-cancel-after-failure-causes-the-next-att.patch
+Patch1: 0001-Check-for-success-when-dropping-privs.patch
+Patch2: 0002-Create-persistent-tundev-on-demand-for-each-connecti.patch
+Patch3: 0003-Wait-for-QUIT-command-before-exiting.patch
+Patch4: 0004-Implement-proper-cancellation-now-that-libopenconnec.patch
+Patch5: 0005-Fix-compiler-warnings-about-ignoring-return-value-fr.patch
+Patch6: 0006-Fix-error-check-for-write-failing.patch
+Patch7: 0007-Fix-Hitting-cancel-after-failure-causes-the-next-att.patch
+Patch8: 0008-service-fix-up-indentation.patch
+Patch9: 0009-service-If-VPNGATEWAY-is-an-IPv6-address-send-it-as-.patch
+# Enable this when NM is updated to match.
+#Patch10: 0010-service-pass-IPv6-related-information-to-NM-as-well.patch
+Patch11: 0011-Update-to-SSL-library-agnostic-API.patch
+Patch12: 0012-Use-GChecksum-for-sha1-not-OpenSSL.patch
+Patch13: 0013-Make-OpenSSL-UI-support-optional.patch
+Patch14: 0014-Support-new-libopenconnect.patch
+Patch15: 0015-Mark-two-strings-for-translation.patch
+Patch16: 0016-Updated-Norwegian-bokm-l-translation.patch
+Patch17: 0017-Updated-Norwegian-bokm-l-translation.patch
+Patch18: 0018-Updated-Spanish-translation.patch
+Patch19: 0019-Updated-Polish-translation.patch
+# Cope with the absence of patch #10. In fact, just use the original from n-m-vpnc
+#Patch20: 0020-core-pass-multiple-domains-back-to-NM-if-given-by-vp.patch
+Patch20: 0001-core-pass-multiple-domains-back-to-NM-if-given-by-vp.patch
BuildRequires: gtk3-devel >= %{gtk3_version}
BuildRequires: dbus-devel >= %{dbus_version}
@@ -37,7 +53,6 @@ BuildRequires: intltool gettext
BuildRequires: autoconf automake libtool
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(openconnect) >= %{openconnect_version}
-BuildRequires: openconnect-devel
Requires: NetworkManager >= %{nm_version}
Requires: openconnect >= %{openconnect_version}
@@ -52,13 +67,26 @@ with NetworkManager and the GNOME desktop
%prep
%setup -q -n NetworkManager-openconnect-%{realversion}
-%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+#%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
+%patch14 -p1
+%patch15 -p1
+%patch16 -p1
+%patch17 -p1
+%patch18 -p1
+%patch19 -p1
+%patch20 -p1
%build
autoreconf
@@ -109,6 +137,9 @@ fi
%{_datadir}/gnome-vpn-properties/openconnect/nm-openconnect-dialog.ui
%changelog
+* Wed Jun 13 2012 David Woodhouse <David.Woodhouse at intel.com> - 0.9.4-5
+- Update to work with new libopenconnect
+
* Wed Jun 13 2012 Ville Skyttä <ville.skytta at iki.fi> - 0.9.4.0-4
- Remove unnecessary ldconfig calls from scriptlets (#737330).
More information about the scm-commits
mailing list