[openconnect] Gr, f*cking GnuTLS 2.
David Woodhouse
dwmw2 at fedoraproject.org
Wed Jun 13 23:59:03 UTC 2012
commit 273e7aaf606fabfe7c79ac4a29ae520b16e7e3c1
Author: David Woodhouse <David.Woodhouse at intel.com>
Date: Thu Jun 14 00:58:43 2012 +0100
Gr, f*cking GnuTLS 2.
...2.12-library-still-referencing-OpenSSL-ER.patch | 89 ++++++++++++++++++++
openconnect.spec | 7 ++-
2 files changed, 95 insertions(+), 1 deletions(-)
---
diff --git a/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch b/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch
new file mode 100644
index 0000000..033f428
--- /dev/null
+++ b/0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch
@@ -0,0 +1,89 @@
+From 5bb9d1becd94b7c1d3fa2261efc4df9c354fb062 Mon Sep 17 00:00:00 2001
+From: David Woodhouse <David.Woodhouse at intel.com>
+Date: Thu, 14 Jun 2012 00:55:54 +0100
+Subject: [PATCH] Fix GnuTLS 2.12 library still referencing OpenSSL
+ ERR_print_errors_cb()
+
+Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
+---
+ configure.ac | 2 ++
+ libopenconnect.map.in | 2 +-
+ openconnect-internal.h | 5 ++---
+ ssl.c | 8 +-------
+ 4 files changed, 6 insertions(+), 11 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 4cb33b1..9feef4d 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -316,6 +316,7 @@ case "$ssl_library" in
+ AC_SUBST(SSL_LIBRARY, [openssl])
+ AC_SUBST(SSL_LIBS, ['$(OPENSSL_LIBS)'])
+ AC_SUBST(SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
++ AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"])
+ ;;
+ both)
+ # GnuTLS for TCP, OpenSSL for DTLS
+@@ -326,6 +327,7 @@ case "$ssl_library" in
+ AC_SUBST(SSL_CFLAGS, ['$(GNUTLS_CFLAGS)'])
+ AC_SUBST(DTLS_SSL_LIBS, ['$(OPENSSL_LIBS)'])
+ AC_SUBST(DTLS_SSL_CFLAGS, ['$(OPENSSL_CFLAGS)'])
++ AC_SUBST(SYMVER_PRINT_ERR, ["openconnect_print_err_cb;"])
+ ;;
+ *)
+ AC_MSG_ERROR([Neither OpenSSL nor GnuTLS selected for SSL.])
+diff --git a/libopenconnect.map.in b/libopenconnect.map.in
+index b6dc842..9e3a47a 100644
+--- a/libopenconnect.map.in
++++ b/libopenconnect.map.in
+@@ -31,7 +31,7 @@ OPENCONNECT_2.0 {
+ };
+
+ OPENCONNECT_PRIVATE {
+- global: @SYMVER_TIME@ @SYMVER_ASPRINTF@ @SYMVER_GETLINE@
++ global: @SYMVER_TIME@ @SYMVER_ASPRINTF@ @SYMVER_GETLINE@ @SYMVER_PRINT_ERR@
+ openconnect_SSL_gets;
+ openconnect_close_https;
+ openconnect_open_https;
+diff --git a/openconnect-internal.h b/openconnect-internal.h
+index 37c6400..d67e601 100644
+--- a/openconnect-internal.h
++++ b/openconnect-internal.h
+@@ -337,9 +337,8 @@ int request_passphrase(struct openconnect_info *vpninfo, const char *label,
+ char **response, const char *fmt, ...);
+ int __attribute__ ((format (printf, 2, 3)))
+ openconnect_SSL_printf(struct openconnect_info *vpninfo, const char *fmt, ...);
+-#if defined(OPENCONNECT_OPENSSL) || defined (DTLS_OPENSSL)
+-void openconnect_report_ssl_errors(struct openconnect_info *vpninfo);
+-#endif
++int openconnect_print_err_cb(const char *str, size_t len, void *ptr);
++#define openconnect_report_ssl_errors(v) ERR_print_errors_cb(openconnect_print_err_cb, (v))
+
+ /* ${SSL_LIBRARY}.c */
+ int openconnect_SSL_gets(struct openconnect_info *vpninfo, char *buf, size_t len);
+diff --git a/ssl.c b/ssl.c
+index de16ec4..2303b6f 100644
+--- a/ssl.c
++++ b/ssl.c
+@@ -357,17 +357,11 @@ int openconnect_passphrase_from_fsid(struct openconnect_info *vpninfo)
+ #if defined(OPENCONNECT_OPENSSL) || defined (DTLS_OPENSSL)
+ /* We put this here rather than in openssl.c because it might be needed
+ for OpenSSL DTLS support even when GnuTLS is being used for HTTPS */
+-#include <openssl/err.h>
+-static int print_err(const char *str, size_t len, void *ptr)
++int openconnect_print_err_cb(const char *str, size_t len, void *ptr)
+ {
+ struct openconnect_info *vpninfo = ptr;
+
+ vpn_progress(vpninfo, PRG_ERR, "%s", str);
+ return 0;
+ }
+-
+-void openconnect_report_ssl_errors(struct openconnect_info *vpninfo)
+-{
+- ERR_print_errors_cb(print_err, vpninfo);
+-}
+ #endif
+--
+1.7.10.2
+
diff --git a/openconnect.spec b/openconnect.spec
index 2782629..58a059e 100644
--- a/openconnect.spec
+++ b/openconnect.spec
@@ -1,12 +1,13 @@
Name: openconnect
Version: 3.99
-Release: 2%{?dist}
+Release: 3%{?dist}
Summary: Open client for Cisco AnyConnect VPN
Group: Applications/Internet
License: LGPLv2+
URL: http://www.infradead.org/openconnect.html
Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz
+Patch1: 0001-Fix-GnuTLS-2.12-library-still-referencing-OpenSSL-ER.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: openssl-devel libxml2-devel gtk2-devel GConf2-devel dbus-devel
@@ -32,6 +33,7 @@ for NetworkManager etc.
%prep
%setup -q
+%patch1 -p1
%build
%configure --with-vpnc-script=/etc/vpnc/vpnc-script --htmldir=%{_docdir}/%{name}-%{version} --with-gnutls
@@ -65,6 +67,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/pkgconfig/openconnect.pc
%changelog
+* Thu Jun 14 2012 David Woodhouse <David.Woodhouse at intel.com> - 3.99-3
+- Fix library not to reference OpenSSL symbols when linked against GnuTLS 2
+
* Thu Jun 14 2012 David Woodhouse <David.Woodhouse at intel.com> - 3.99-2
- Fix GnuTLS BuildRequires
More information about the scm-commits
mailing list