[openconnect] Add upstreamed version of no-curve patch
David Woodhouse
dwmw2 at fedoraproject.org
Thu Nov 27 16:41:56 UTC 2014
commit 9d8e88fc422b23817037b190d4745867517ad166
Author: David Woodhouse <David.Woodhouse at intel.com>
Date: Thu Nov 27 16:41:48 2014 +0000
Add upstreamed version of no-curve patch
...ing-with-old-gnutls-version-completely-di.patch | 32 ++++++++++++++++++++
openconnect-6.00-no-ecdhe.patch | 21 -------------
openconnect.spec | 7 +++-
3 files changed, 37 insertions(+), 23 deletions(-)
---
diff --git a/0001-When-compiling-with-old-gnutls-version-completely-di.patch b/0001-When-compiling-with-old-gnutls-version-completely-di.patch
new file mode 100644
index 0000000..e5d7a12
--- /dev/null
+++ b/0001-When-compiling-with-old-gnutls-version-completely-di.patch
@@ -0,0 +1,32 @@
+From eb34177f1db31df3276b3d5ae1207390b1bb1edf Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav at redhat.com>
+Date: Thu, 27 Nov 2014 16:24:08 +0000
+Subject: [PATCH] When compiling with old gnutls version completely disable
+ ECDHE instead of disabling the curves
+
+Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
+---
+ gnutls.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gnutls.c b/gnutls.c
+index e4fcfb7..feb1b27 100644
+--- a/gnutls.c
++++ b/gnutls.c
+@@ -1971,7 +1971,7 @@ static int verify_peer(gnutls_session_t session)
+ # define _DEFAULT_PRIO "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:" \
+ "%COMPAT:%DISABLE_SAFE_RENEGOTIATION:%LATEST_RECORD_VERSION"
+ # if GNUTLS_VERSION_MAJOR >= 3
+-# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL"
++# define DEFAULT_PRIO _DEFAULT_PRIO":-CURVE-ALL:-ECDHE-RSA:-ECDHE-ECDSA"
+ #else
+ # define DEFAULT_PRIO _DEFAULT_PRIO
+ # endif
+--
+2.1.0
+
+--- ./version.c.orig 2014-11-27 16:39:58.924714506 +0000
++++ ./version.c 2014-11-27 16:40:00.648735281 +0000
+@@ -1 +1 @@
+-const char *openconnect_version_str = "v7.00";
++const char *openconnect_version_str = "v7.00-1-geb34177";
diff --git a/openconnect.spec b/openconnect.spec
index f70a981..e4e7ccb 100644
--- a/openconnect.spec
+++ b/openconnect.spec
@@ -13,14 +13,14 @@
Name: openconnect
Version: 7.00
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: Open client for Cisco AnyConnect VPN
Group: Applications/Internet
License: LGPLv2+
URL: http://www.infradead.org/openconnect.html
Source0: ftp://ftp.infradead.org/pub/openconnect/openconnect-%{version}.tar.gz
-Patch0: openconnect-6.00-no-ecdhe.patch
+Patch0: 0001-When-compiling-with-old-gnutls-version-completely-di.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: pkgconfig(openssl) pkgconfig(libxml-2.0)
@@ -101,6 +101,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/pkgconfig/openconnect.pc
%changelog
+* Thu Nov 27 2014 David Woodhouse <David.Woodhouse at intel.com> - 7.00-2
+- Add upstreamed version of Nikos' curve patch with version.c fixed
+
* Thu Nov 27 2014 David Woodhouse <David.Woodhouse at intel.com> - 7.00-1
- Update to 7.00 release
More information about the scm-commits
mailing list