jgrulich pushed to kde-plasma-nm (f20). "Update to 0.9.3.6"
notifications at fedoraproject.org
notifications at fedoraproject.org
Tue Apr 7 13:41:36 UTC 2015
>From a8455677719d3f928f5d0c0a6033a6772cdf1c42 Mon Sep 17 00:00:00 2001
From: Jan Grulich <jgrulich at redhat.com>
Date: Tue, 7 Apr 2015 15:36:21 +0200
Subject: Update to 0.9.3.6
diff --git a/.gitignore b/.gitignore
index f21d4bf..7fb3f4a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,4 @@
/plasma-nm-0.9.3.3.tar.xz
/plasma-nm-0.9.3.4.tar.xz
/plasma-nm-0.9.3.5.tar.xz
+/plasma-nm-0.9.3.6.tar.xz
diff --git a/kde-plasma-nm.spec b/kde-plasma-nm.spec
index 7969610..ce96caa 100644
--- a/kde-plasma-nm.spec
+++ b/kde-plasma-nm.spec
@@ -1,7 +1,7 @@
# %global git_commit f2ca6ae
Name: kde-plasma-nm
-Version: 0.9.3.5
-Release: 7%{?dist}
+Version: 0.9.3.6
+Release: 1%{?dist}
Summary: Plasma applet written in QML for managing network connections
License: LGPLv2+ and GPLv2+
URL: https://projects.kde.org/projects/kde/workspace/plasma-nm/
@@ -13,13 +13,6 @@ Source0: http://download.kde.org/stable/plasma-nm//plasma-nm-%{version}.t
Source10: 01-fedora-plasma-nm.js
# Upstream patches
-Patch0: plasma-nm-add-option-for-server-certificate-verification.patch
-Patch1: plasma-nm-update-openconnect-support-for-library-version-5.patch
-Patch2: plasma-nm-update-openconnect-storage-of-manually-accepted-server-certs.patch
-Patch3: plasma-nm-return-secrets-back-otherwise-they-will-be-lost-every-time-when-we-edit-connection.patch
-Patch4: plasma-nm-workaround-make-sure-we-don-t-send-completely-empty-map-to-nm-back.patch
-Patch5: plasma-nm-make-NM-to-store-Openconnect-secrets-into-KWallet.patch
-Patch6: plasma-nm-make-storing-openconnect-secrets-optional.patch
BuildRequires: gettext
BuildRequires: kdelibs4-devel
@@ -121,14 +114,6 @@ Provides: kde-plasma-networkmanagement-pptp = 1:%{version}-%{release}
%prep
%setup -qn plasma-nm-%{version}
-%patch0 -p1 -b .add-option-for-server-certificate-verification
-%patch1 -p1 -b .update-openconnect-support-for-library-version-5
-%patch2 -p1 -b .update-openconnect-storage-of-manually-accepted-server-certs
-%patch3 -p1 -b .return-secrets-back-otherwise-they-will-be-lost-every-time-when-we-edit-connection
-%patch4 -p1 -b .workaround-make-sure-we-don-t-send-completely-empty-map-to-nm-back
-%patch5 -p1 -b .make-NM-to-store-Openconnect-secrets-into-KWallet
-%patch6 -p1 -b .make-storing-openconnect-secrets-optional
-
%build
mkdir -p %{_target_platform}
pushd %{_target_platform}
@@ -245,6 +230,9 @@ fi
%endif
%changelog
+* Tue Apr 07 2015 Jan Grulich <jgrulich at redhat.com> - 0.9.3.6-1
+- Update to 0.9.3.6
+
* Mon Jan 19 2015 Jan Grulich <jgrulich at redhat.com> - 0.9.3-5-7
- Make storing openconnect secrets optional
diff --git a/plasma-nm-add-option-for-server-certificate-verification.patch b/plasma-nm-add-option-for-server-certificate-verification.patch
deleted file mode 100644
index 8af95cb..0000000
--- a/plasma-nm-add-option-for-server-certificate-verification.patch
+++ /dev/null
@@ -1,209 +0,0 @@
-diff --git a/vpn/openvpn/nm-openvpn-service.h b/vpn/openvpn/nm-openvpn-service.h
-index def533e..39e2251 100644
---- a/vpn/openvpn/nm-openvpn-service.h
-+++ b/vpn/openvpn/nm-openvpn-service.h
-@@ -54,6 +54,7 @@
- #define NM_OPENVPN_KEY_USERNAME "username"
- #define NM_OPENVPN_KEY_TAP_DEV "tap-dev"
- #define NM_OPENVPN_KEY_TLS_REMOTE "tls-remote"
-+#define NM_OPENVPN_KEY_REMOTE_CERT_TLS "remote-cert-tls"
-
- #define NM_OPENVPN_KEY_PASSWORD "password"
- #define NM_OPENVPN_KEY_CERTPASS "cert-pass"
-diff --git a/vpn/openvpn/openvpnadvanced.ui b/vpn/openvpn/openvpnadvanced.ui
-index 3fc4796..ed3ba53 100644
---- a/vpn/openvpn/openvpnadvanced.ui
-+++ b/vpn/openvpn/openvpnadvanced.ui
-@@ -6,13 +6,16 @@
- <rect>
- <x>0</x>
- <y>0</y>
-- <width>560</width>
-- <height>462</height>
-+ <width>573</width>
-+ <height>471</height>
- </rect>
- </property>
- <layout class="QVBoxLayout" name="verticalLayout">
- <item>
- <widget class="KTabWidget" name="tabWidget">
-+ <property name="currentIndex">
-+ <number>0</number>
-+ </property>
- <widget class="QWidget" name="generalTab">
- <attribute name="title">
- <string>General</string>
-@@ -284,7 +287,7 @@
- <attribute name="title">
- <string>TLS Settings</string>
- </attribute>
-- <layout class="QVBoxLayout" name="verticalLayout_9">
-+ <layout class="QVBoxLayout" name="verticalLayout_2">
- <item>
- <layout class="QHBoxLayout" name="horizontalLayout_10">
- <item>
-@@ -307,6 +310,44 @@
- </layout>
- </item>
- <item>
-+ <widget class="QCheckBox" name="chkRemoteCertTls">
-+ <property name="text">
-+ <string>Verify peer (server) certificate usage signature</string>
-+ </property>
-+ </widget>
-+ </item>
-+ <item>
-+ <layout class="QHBoxLayout" name="horizontalLayout_3">
-+ <item>
-+ <widget class="QLabel" name="labelRemoteCertTls">
-+ <property name="enabled">
-+ <bool>false</bool>
-+ </property>
-+ <property name="text">
-+ <string>Remote peer certificate TLS type:</string>
-+ </property>
-+ </widget>
-+ </item>
-+ <item>
-+ <widget class="QComboBox" name="cmbRemoteCertTls">
-+ <property name="enabled">
-+ <bool>false</bool>
-+ </property>
-+ <item>
-+ <property name="text">
-+ <string>Server</string>
-+ </property>
-+ </item>
-+ <item>
-+ <property name="text">
-+ <string>Client</string>
-+ </property>
-+ </item>
-+ </widget>
-+ </item>
-+ </layout>
-+ </item>
-+ <item>
- <widget class="QGroupBox" name="useExtraTlsAuth">
- <property name="title">
- <string>Use additional TLS authentication</string>
-@@ -384,8 +425,8 @@
- </property>
- <property name="sizeHint" stdset="0">
- <size>
-- <width>20</width>
-- <height>0</height>
-+ <width>533</width>
-+ <height>178</height>
- </size>
- </property>
- </spacer>
-@@ -521,7 +562,7 @@
- <property name="enabled">
- <bool>false</bool>
- </property>
-- <property name="passwordMode">
-+ <property name="passwordMode" stdset="0">
- <bool>true</bool>
- </property>
- </widget>
-@@ -580,6 +621,7 @@
- <class>KUrlRequester</class>
- <extends>QFrame</extends>
- <header>kurlrequester.h</header>
-+ <container>1</container>
- </customwidget>
- <customwidget>
- <class>KTabWidget</class>
-@@ -602,17 +644,19 @@
- <tabstop>cboCipher</tabstop>
- <tabstop>cboHmac</tabstop>
- <tabstop>subjectMatch</tabstop>
-+ <tabstop>chkRemoteCertTls</tabstop>
-+ <tabstop>cmbRemoteCertTls</tabstop>
- <tabstop>useExtraTlsAuth</tabstop>
-- <tabstop>kurlTlsAuthKey</tabstop>
- <tabstop>cboDirection</tabstop>
- <tabstop>cmbProxyType</tabstop>
- <tabstop>proxyServerAddress</tabstop>
- <tabstop>sbProxyPort</tabstop>
- <tabstop>chkProxyRetry</tabstop>
- <tabstop>proxyUsername</tabstop>
-- <tabstop>chkProxyShowPassword</tabstop>
- <tabstop>proxyPassword</tabstop>
- <tabstop>proxyPasswordStorage</tabstop>
-+ <tabstop>chkProxyShowPassword</tabstop>
-+ <tabstop>buttonBox</tabstop>
- </tabstops>
- <resources/>
- <connections>
-@@ -632,5 +676,37 @@
- </hint>
- </hints>
- </connection>
-+ <connection>
-+ <sender>chkRemoteCertTls</sender>
-+ <signal>toggled(bool)</signal>
-+ <receiver>labelRemoteCertTls</receiver>
-+ <slot>setEnabled(bool)</slot>
-+ <hints>
-+ <hint type="sourcelabel">
-+ <x>279</x>
-+ <y>73</y>
-+ </hint>
-+ <hint type="destinationlabel">
-+ <x>145</x>
-+ <y>100</y>
-+ </hint>
-+ </hints>
-+ </connection>
-+ <connection>
-+ <sender>chkRemoteCertTls</sender>
-+ <signal>toggled(bool)</signal>
-+ <receiver>cmbRemoteCertTls</receiver>
-+ <slot>setEnabled(bool)</slot>
-+ <hints>
-+ <hint type="sourcelabel">
-+ <x>279</x>
-+ <y>73</y>
-+ </hint>
-+ <hint type="destinationlabel">
-+ <x>413</x>
-+ <y>100</y>
-+ </hint>
-+ </hints>
-+ </connection>
- </connections>
- </ui>
-diff --git a/vpn/openvpn/openvpnadvancedwidget.cpp b/vpn/openvpn/openvpnadvancedwidget.cpp
-index 0ee97e3..ae44806 100644
---- a/vpn/openvpn/openvpnadvancedwidget.cpp
-+++ b/vpn/openvpn/openvpnadvancedwidget.cpp
-@@ -208,6 +208,15 @@ void OpenVpnAdvancedWidget::loadConfig()
- if (dataMap.contains(NM_OPENVPN_KEY_TLS_REMOTE)) {
- m_ui->subjectMatch->setText(dataMap[NM_OPENVPN_KEY_TLS_REMOTE]);
- }
-+
-+ if (dataMap.contains(NM_OPENVPN_KEY_REMOTE_CERT_TLS)) {
-+ const QString remoteCertTls = dataMap[NM_OPENVPN_KEY_REMOTE_CERT_TLS];
-+ m_ui->chkRemoteCertTls->setChecked(true);
-+ m_ui->labelRemoteCertTls->setEnabled(true);
-+ m_ui->cmbRemoteCertTls->setEnabled(true);
-+ m_ui->cmbRemoteCertTls->setCurrentIndex(remoteCertTls == QLatin1String("server") ? 0 : 1);
-+ }
-+
- m_ui->useExtraTlsAuth->setChecked(!dataMap[NM_OPENVPN_KEY_TA].isEmpty());
- m_ui->kurlTlsAuthKey->setUrl(KUrl(dataMap[NM_OPENVPN_KEY_TA]) );
- if (dataMap.contains(NM_OPENVPN_KEY_TA_DIR)) {
-@@ -320,6 +329,11 @@ NetworkManager::VpnSetting::Ptr OpenVpnAdvancedWidget::setting() const
- if (!m_ui->subjectMatch->text().isEmpty()) {
- data.insert(QLatin1String(NM_OPENVPN_KEY_TLS_REMOTE), m_ui->subjectMatch->text());
- }
-+
-+ if (m_ui->chkRemoteCertTls->isChecked()) {
-+ data.insert(QLatin1String(NM_OPENVPN_KEY_REMOTE_CERT_TLS), m_ui->cmbRemoteCertTls->currentText().toLower());
-+ }
-+
- if (m_ui->useExtraTlsAuth->isChecked()) {
- KUrl tlsAuthKeyUrl = m_ui->kurlTlsAuthKey->url();
- if (!tlsAuthKeyUrl.isEmpty()) {
diff --git a/plasma-nm-make-NM-to-store-Openconnect-secrets-into-KWallet.patch b/plasma-nm-make-NM-to-store-Openconnect-secrets-into-KWallet.patch
deleted file mode 100644
index 32b5c9d..0000000
--- a/plasma-nm-make-NM-to-store-Openconnect-secrets-into-KWallet.patch
+++ /dev/null
@@ -1,143 +0,0 @@
-From 35effa11540bbec8b6d13aa520656b270b31728e Mon Sep 17 00:00:00 2001
-From: Jan Grulich <jgrulich at redhat.com>
-Date: Tue, 13 Jan 2015 16:27:49 +0100
-Subject: [PATCH] Make NM to store Openconnect secrets into KWallet
-
-REVIEW:122012
-BUG:309931
-BUG:334474
----
- kded/secretagent.cpp | 36 +++++++++++++++++++++++++++++++++++
- vpn/openconnect/openconnectauth.cpp | 14 ++++++++++++--
- vpn/openconnect/openconnectwidget.cpp | 7 +++++++
- 3 files changed, 55 insertions(+), 2 deletions(-)
-
-diff --git a/kded/secretagent.cpp b/kded/secretagent.cpp
-index 101506f..3aece0c 100644
---- a/kded/secretagent.cpp
-+++ b/kded/secretagent.cpp
-@@ -155,7 +155,16 @@ void SecretAgent::dialogAccepted()
- for (int i = 0; i < m_calls.size(); ++i) {
- SecretsRequest request = m_calls[i];
- if (request.type == SecretsRequest::GetSecrets && request.dialog == m_dialog) {
-+ NMStringMap tmpOpenconnectSecrets;
- NMVariantMapMap connection = request.dialog->secrets();
-+ if (connection.contains(QLatin1String("vpn"))) {
-+ if (connection.value(QLatin1String("vpn")).contains(QLatin1String("tmp-secrets"))) {
-+ QVariantMap vpnSetting = connection.value(QLatin1String("vpn"));
-+ tmpOpenconnectSecrets = qdbus_cast<NMStringMap>(vpnSetting.take(QLatin1String("tmp-secrets")));
-+ connection.insert(QLatin1String("vpn"), vpnSetting);
-+ }
-+ }
-+
- sendSecrets(connection, request.message);
- NetworkManager::ConnectionSettings::Ptr connectionSettings = NetworkManager::ConnectionSettings::Ptr(new NetworkManager::ConnectionSettings(connection));
- NetworkManager::ConnectionSettings::Ptr completeConnectionSettings;
-@@ -205,6 +214,33 @@ void SecretAgent::dialogAccepted()
- requestOffline.saveSecretsWithoutReply = true;
- m_calls << requestOffline;
- }
-+ } else if (request.saveSecretsWithoutReply && completeConnectionSettings->connectionType() == NetworkManager::ConnectionSettings::Vpn && !tmpOpenconnectSecrets.isEmpty()) {
-+ NetworkManager::VpnSetting::Ptr vpnSetting = completeConnectionSettings->setting(NetworkManager::Setting::Vpn).staticCast<NetworkManager::VpnSetting>();
-+ if (vpnSetting) {
-+ NMStringMap data = vpnSetting->data();
-+ NMStringMap secrets = vpnSetting->secrets();
-+
-+ // Load secrets from auth dialog which are returned back to NM
-+ if (connection.value(QLatin1String("vpn")).contains(QLatin1String("secrets"))) {
-+ secrets.unite(qdbus_cast<NMStringMap>(connection.value(QLatin1String("vpn")).value(QLatin1String("secrets"))));
-+ }
-+
-+ // Load temporary secrets from auth dialog which are not returned to NM
-+ foreach (const QString &key, tmpOpenconnectSecrets.keys()) {
-+ data.insert(key + QLatin1String("-flags"), QString::number(NetworkManager::Setting::AgentOwned));
-+ secrets.insert(key, tmpOpenconnectSecrets.value(key));
-+ }
-+
-+ vpnSetting->setData(data);
-+ vpnSetting->setSecrets(secrets);
-+ if (!con) {
-+ con = NetworkManager::findConnection(request.connection_path.path());
-+ }
-+
-+ if (con) {
-+ con->update(completeConnectionSettings->toMap());
-+ }
-+ }
- }
-
- m_calls.removeAt(i);
-diff --git a/vpn/openconnect/openconnectauth.cpp b/vpn/openconnect/openconnectauth.cpp
-index 419ff67..d3b609e 100644
---- a/vpn/openconnect/openconnectauth.cpp
-+++ b/vpn/openconnect/openconnectauth.cpp
-@@ -67,6 +67,7 @@ public:
- NetworkManager::VpnSetting::Ptr setting;
- struct openconnect_info *vpninfo;
- NMStringMap secrets;
-+ NMStringMap tmpSecrets;
- QMutex mutex;
- QWaitCondition workerWaiting;
- OpenconnectAuthWorkerThread *worker;
-@@ -310,6 +311,12 @@ QVariantMap OpenconnectAuthWidget::setting(bool agentOwned) const
- }
-
- secretData.insert("secrets", QVariant::fromValue<NMStringMap>(secrets));
-+
-+ // These secrets are not officially part of the secrets which would be returned back to NetworkManager. We just
-+ // need to somehow get them to our secret agent which will handle them separately and store them.
-+ if (!d->tmpSecrets.isEmpty()) {
-+ secretData.insert("tmp-secrets", QVariant::fromValue<NMStringMap>(d->tmpSecrets));
-+ }
- return secretData;
- }
-
-@@ -489,7 +496,7 @@ void OpenconnectAuthWidget::validatePeerCert(const QString &fingerprint,
- #if !OPENCONNECT_CHECK_VER(5,0)
- #define openconnect_check_peer_cert_hash(v,d) strcmp(d, fingerprint.toUtf8().data())
- #endif
--
-+
- if (openconnect_check_peer_cert_hash(d->vpninfo, value.toUtf8().data())) {
- QWidget *widget = new QWidget();
- QVBoxLayout *verticalLayout;
-@@ -583,7 +590,9 @@ void OpenconnectAuthWidget::formLoginClicked()
- QByteArray text = le->text().toUtf8();
- openconnect_set_option_value(opt, text.data());
- if (opt->type == OC_FORM_OPT_TEXT) {
-- d->secrets.insert(key,le->text());
-+ d->secrets.insert(key, le->text());
-+ } else {
-+ d->tmpSecrets.insert(key, le->text());
- }
- } else if (opt->type == OC_FORM_OPT_SELECT) {
- KComboBox *cbo = qobject_cast<KComboBox*>(widget);
-@@ -593,6 +602,7 @@ void OpenconnectAuthWidget::formLoginClicked()
- }
- }
- }
-+
- deleteAllFromLayout(d->ui.loginBoxLayout);
- d->workerWaiting.wakeAll();
- }
-diff --git a/vpn/openconnect/openconnectwidget.cpp b/vpn/openconnect/openconnectwidget.cpp
-index 51e97d1..0ec870c 100644
---- a/vpn/openconnect/openconnectwidget.cpp
-+++ b/vpn/openconnect/openconnectwidget.cpp
-@@ -96,6 +96,13 @@ QVariantMap OpenconnectSettingWidget::setting(bool agentOwned) const
- data.insert(QLatin1String(NM_OPENCONNECT_KEY_PRIVKEY), d->ui.leUserPrivateKey->url().path());
- data.insert(QLatin1String(NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID), d->ui.chkUseFsid->isChecked() ? "yes" : "no");
-
-+ // Restore previous flags, this is necessary for keeping secrets stored in KWallet
-+ foreach (const QString &key, d->setting->data().keys()) {
-+ if (key.contains(QLatin1String("-flags"))) {
-+ data.insert(key, d->setting->data().value(key));
-+ }
-+ }
-+
- /* These are different for every login session, and should not be stored */
- data.insert(QLatin1String(NM_OPENCONNECT_KEY_COOKIE"-flags"), QString::number(NetworkManager::Setting::NotSaved));
- data.insert(QLatin1String(NM_OPENCONNECT_KEY_GWCERT"-flags"), QString::number(NetworkManager::Setting::NotSaved));
---
-2.1.0
-
diff --git a/plasma-nm-make-storing-openconnect-secrets-optional.patch b/plasma-nm-make-storing-openconnect-secrets-optional.patch
deleted file mode 100644
index a2947e4..0000000
--- a/plasma-nm-make-storing-openconnect-secrets-optional.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From fb0a729cf712be5eab96a7e957e85a3d2c02bf7d Mon Sep 17 00:00:00 2001
-From: Jan Grulich <jgrulich at redhat.com>
-Date: Mon, 19 Jan 2015 14:15:31 +0100
-Subject: [PATCH] Make storing openconnect secrets optional
-
-BUG:309931
----
- kded/secretagent.cpp | 7 ++++++-
- vpn/openconnect/openconnectauth.cpp | 5 +++++
- vpn/openconnect/openconnectauth.ui | 29 +++++++++++++++++++++++++++--
- 3 files changed, 38 insertions(+), 3 deletions(-)
-
-diff --git a/kded/secretagent.cpp b/kded/secretagent.cpp
-index 1862346..cfc2ac5 100644
---- a/kded/secretagent.cpp
-+++ b/kded/secretagent.cpp
-@@ -224,7 +224,12 @@ void SecretAgent::dialogAccepted()
-
- // Load temporary secrets from auth dialog which are not returned to NM
- foreach (const QString &key, tmpOpenconnectSecrets.keys()) {
-- data.insert(key + QLatin1String("-flags"), QString::number(NetworkManager::Setting::AgentOwned));
-+ if (secrets.contains(QLatin1String("save_passwords")) && secrets.value(QLatin1String("save_passwords")) == QLatin1String("yes")) {
-+ data.insert(key + QLatin1String("-flags"), QString::number(NetworkManager::Setting::AgentOwned));
-+ } else {
-+ data.insert(key + QLatin1String("-flags"), QString::number(NetworkManager::Setting::NotSaved));
-+ }
-+
- secrets.insert(key, tmpOpenconnectSecrets.value(key));
- }
-
-diff --git a/vpn/openconnect/openconnectauth.cpp b/vpn/openconnect/openconnectauth.cpp
-index d3b609e..27a4bba 100644
---- a/vpn/openconnect/openconnectauth.cpp
-+++ b/vpn/openconnect/openconnectauth.cpp
-@@ -232,6 +232,10 @@ void OpenconnectAuthWidget::readSecrets()
- d->ui.chkAutoconnect->setChecked(true);
- QTimer::singleShot(0, this, SLOT(connectHost()));
- }
-+
-+ if (d->secrets["save_passwords"] == "yes") {
-+ d->ui.chkStorePasswords->setChecked(true);
-+ }
- }
-
- void OpenconnectAuthWidget::acceptDialog()
-@@ -301,6 +305,7 @@ QVariantMap OpenconnectAuthWidget::setting(bool agentOwned) const
- #endif
- secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_GWCERT), QLatin1String(fingerprint));
- secrets.insert(QLatin1String("autoconnect"), d->ui.chkAutoconnect->isChecked() ? "yes" : "no");
-+ secrets.insert(QLatin1String("save_passwords"), d->ui.chkStorePasswords->isChecked() ? "yes" : "no");
-
- NMStringMap::iterator i = secrets.begin();
- while (i != secrets.end()) {
-diff --git a/vpn/openconnect/openconnectauth.ui b/vpn/openconnect/openconnectauth.ui
-index 538d109..e1990b7 100644
---- a/vpn/openconnect/openconnectauth.ui
-+++ b/vpn/openconnect/openconnectauth.ui
-@@ -23,7 +23,16 @@
- <property name="sizeConstraint">
- <enum>QLayout::SetMinimumSize</enum>
- </property>
-- <property name="margin">
-+ <property name="leftMargin">
-+ <number>0</number>
-+ </property>
-+ <property name="topMargin">
-+ <number>0</number>
-+ </property>
-+ <property name="rightMargin">
-+ <number>0</number>
-+ </property>
-+ <property name="bottomMargin">
- <number>0</number>
- </property>
- <item>
-@@ -79,6 +88,13 @@
- </widget>
- </item>
- <item>
-+ <widget class="QCheckBox" name="chkStorePasswords">
-+ <property name="text">
-+ <string>Store passwords</string>
-+ </property>
-+ </widget>
-+ </item>
-+ <item>
- <widget class="QGroupBox" name="loginBox">
- <property name="minimumSize">
- <size>
-@@ -101,7 +117,16 @@
- </sizepolicy>
- </property>
- <layout class="QVBoxLayout" name="logLayout">
-- <property name="margin">
-+ <property name="leftMargin">
-+ <number>0</number>
-+ </property>
-+ <property name="topMargin">
-+ <number>0</number>
-+ </property>
-+ <property name="rightMargin">
-+ <number>0</number>
-+ </property>
-+ <property name="bottomMargin">
- <number>0</number>
- </property>
- <item>
---
-2.1.0
-
diff --git a/plasma-nm-return-secrets-back-otherwise-they-will-be-lost-every-time-when-we-edit-connection.patch b/plasma-nm-return-secrets-back-otherwise-they-will-be-lost-every-time-when-we-edit-connection.patch
deleted file mode 100644
index ecebd4e..0000000
--- a/plasma-nm-return-secrets-back-otherwise-they-will-be-lost-every-time-when-we-edit-connection.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 356ec1b587d31a597d99f7acde755109474ad54f Mon Sep 17 00:00:00 2001
-From: Jan Grulich <jgrulich at redhat.com>
-Date: Fri, 9 Jan 2015 10:54:59 +0100
-Subject: [PATCH 2/2] Return secrets back otherwise they will be lost everytime
- we edit an openconnect connection
-
----
- vpn/openconnect/openconnectwidget.cpp | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/vpn/openconnect/openconnectwidget.cpp b/vpn/openconnect/openconnectwidget.cpp
-index acefd31..51e97d1 100644
---- a/vpn/openconnect/openconnectwidget.cpp
-+++ b/vpn/openconnect/openconnectwidget.cpp
-@@ -102,6 +102,8 @@ QVariantMap OpenconnectSettingWidget::setting(bool agentOwned) const
- data.insert(QLatin1String(NM_OPENCONNECT_KEY_GATEWAY"-flags"), QString::number(NetworkManager::Setting::NotSaved));
-
- setting.setData(data);
-+ setting.setSecrets(d->setting->secrets());
-+
- return setting.toMap();
- }
-
---
-2.1.0
-
diff --git a/plasma-nm-update-openconnect-storage-of-manually-accepted-server-certs.patch b/plasma-nm-update-openconnect-storage-of-manually-accepted-server-certs.patch
deleted file mode 100644
index 5f76f44..0000000
--- a/plasma-nm-update-openconnect-storage-of-manually-accepted-server-certs.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From bd557b7b8af86ff4b0350a235ff8232fe6c92c0c Mon Sep 17 00:00:00 2001
-From: David Woodhouse <David.Woodhouse at intel.com>
-Date: Wed, 3 Dec 2014 15:13:22 +0100
-Subject: [PATCH 2/2] Update OpenConnect storage of manually-accepted server
- certs
-
-We shouldn't just be storing the certificate hash; we should remember
-*which* host/port it was accepted for, and only accept it for *that* service.
-
-This matches the change in NetworkManager-openconnect 2dc45e25.
----
- vpn/openconnect/openconnectauth.cpp | 25 ++++++++++++-------------
- 1 file changed, 12 insertions(+), 13 deletions(-)
-
-diff --git a/vpn/openconnect/openconnectauth.cpp b/vpn/openconnect/openconnectauth.cpp
-index ead9511..419ff67 100644
---- a/vpn/openconnect/openconnectauth.cpp
-+++ b/vpn/openconnect/openconnectauth.cpp
-@@ -66,7 +66,6 @@ public:
- Ui_OpenconnectAuth ui;
- NetworkManager::VpnSetting::Ptr setting;
- struct openconnect_info *vpninfo;
-- QStringList certificateFingerprints;
- NMStringMap secrets;
- QMutex mutex;
- QWaitCondition workerWaiting;
-@@ -193,10 +192,6 @@ void OpenconnectAuthWidget::readSecrets()
-
- d->secrets = d->setting->secrets();
-
-- if (!d->secrets[NM_OPENCONNECT_KEY_GWCERT].isEmpty()) {
-- d->certificateFingerprints.append(d->secrets[NM_OPENCONNECT_KEY_GWCERT]);
-- }
--
- if (!d->secrets["xmlconfig"].isEmpty()) {
- const QByteArray config = QByteArray::fromBase64(d->secrets["xmlconfig"].toAscii());
-
-@@ -236,11 +231,6 @@ void OpenconnectAuthWidget::readSecrets()
- d->ui.chkAutoconnect->setChecked(true);
- QTimer::singleShot(0, this, SLOT(connectHost()));
- }
--
-- if (!d->secrets["certsigs"].isEmpty()) {
-- d->certificateFingerprints.append(d->secrets["certsigs"].split('\t'));
-- }
-- d->certificateFingerprints.removeDuplicates();
- }
-
- void OpenconnectAuthWidget::acceptDialog()
-@@ -309,7 +299,6 @@ QVariantMap OpenconnectAuthWidget::setting(bool agentOwned) const
- openconnect_get_cert_sha1(d->vpninfo, cert, fingerprint);
- #endif
- secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_GWCERT), QLatin1String(fingerprint));
-- secrets.insert(QLatin1String("certsigs"), d->certificateFingerprints.join("\t"));
- secrets.insert(QLatin1String("autoconnect"), d->ui.chkAutoconnect->isChecked() ? "yes" : "no");
-
- NMStringMap::iterator i = secrets.begin();
-@@ -492,7 +481,16 @@ void OpenconnectAuthWidget::validatePeerCert(const QString &fingerprint,
- {
- Q_D(OpenconnectAuthWidget);
-
-- if (!d->certificateFingerprints.contains(fingerprint)) {
-+ const QString host = QLatin1String(openconnect_get_hostname(d->vpninfo));
-+ const QString port = QString::number(openconnect_get_port(d->vpninfo));
-+ const QString key = QString("certificate:%1:%2").arg(host, port);
-+ const QString value = d->secrets.value(key);
-+
-+#if !OPENCONNECT_CHECK_VER(5,0)
-+#define openconnect_check_peer_cert_hash(v,d) strcmp(d, fingerprint.toUtf8().data())
-+#endif
-+
-+ if (openconnect_check_peer_cert_hash(d->vpninfo, value.toUtf8().data())) {
- QWidget *widget = new QWidget();
- QVBoxLayout *verticalLayout;
- QHBoxLayout *horizontalLayout;
-@@ -537,7 +535,6 @@ void OpenconnectAuthWidget::validatePeerCert(const QString &fingerprint,
- dialog.data()->setButtons(KDialog::Yes | KDialog::No);
- dialog.data()->setMainWidget(widget);
- if(dialog.data()->exec() == KDialog::Yes) {
-- d->certificateFingerprints.append(fingerprint);
- *accepted = true;
- } else {
- *accepted = false;
-@@ -549,6 +546,8 @@ void OpenconnectAuthWidget::validatePeerCert(const QString &fingerprint,
- } else {
- *accepted = true;
- }
-+ if (*accepted)
-+ d->secrets.insert(key, QString(fingerprint));
- d->mutex.lock();
- d->workerWaiting.wakeAll();
- d->mutex.unlock();
---
-2.1.0
-
diff --git a/plasma-nm-update-openconnect-support-for-library-version-5.patch b/plasma-nm-update-openconnect-support-for-library-version-5.patch
deleted file mode 100644
index f3c0ffa..0000000
--- a/plasma-nm-update-openconnect-support-for-library-version-5.patch
+++ /dev/null
@@ -1,224 +0,0 @@
-From 3e6585fa4dd2fb3d9b59c7704bd3d7ae5b2c4167 Mon Sep 17 00:00:00 2001
-From: David Woodhouse <David.Woodhouse at intel.com>
-Date: Wed, 3 Dec 2014 15:10:44 +0100
-Subject: [PATCH 1/2] Update OpenConnect support for library version 5
-
-String ownership rules are now very simple: the library never takes ownership
-of a string it's passed. It always takes its *own* copy and is responsible
-for freeing that. Mostly driven by Windows DLL Hell where it's painful to
-allocate in one library and free in another because they might actually be
-using different heaps.
-
-Also adapt to the changes in server certificate hash handling. We are no
-longer supposed to just compare strings, and must call the relevant function
-to check a hash against the server's certificate. This gives better matching
-and allows libopenconnect to upgrade the hash in future when it becomes
-necessary.
----
- vpn/openconnect/CMakeLists.txt | 2 ++
- vpn/openconnect/openconnectauth.cpp | 18 ++++++++------
- vpn/openconnect/openconnectauthworkerthread.cpp | 31 +++++++++++++++++++++----
- vpn/openconnect/openconnectauthworkerthread.h | 15 ++++++++++--
- 4 files changed, 52 insertions(+), 14 deletions(-)
-
-diff --git a/vpn/openconnect/CMakeLists.txt b/vpn/openconnect/CMakeLists.txt
-index d59d13d..23096ee 100644
---- a/vpn/openconnect/CMakeLists.txt
-+++ b/vpn/openconnect/CMakeLists.txt
-@@ -16,6 +16,8 @@ if (OPENCONNECT_FOUND)
- if (${OPENCONNECT_VERSION} VERSION_GREATER ${MINIMUM_OPENCONNECT_VERSION_REQUIRED} OR
- ${OPENCONNECT_VERSION} VERSION_EQUAL ${MINIMUM_OPENCONNECT_VERSION_REQUIRED})
-
-+ include_directories(${OPENCONNECT_INCLUDE_DIRS})
-+
- set(openconnect_SRCS
- openconnectui.cpp
- openconnectwidget.cpp
-diff --git a/vpn/openconnect/openconnectauth.cpp b/vpn/openconnect/openconnectauth.cpp
-index 40cb82d..ead9511 100644
---- a/vpn/openconnect/openconnectauth.cpp
-+++ b/vpn/openconnect/openconnectauth.cpp
-@@ -161,7 +161,7 @@ void OpenconnectAuthWidget::readConfig()
- }
- if (!dataMap[NM_OPENCONNECT_KEY_CACERT].isEmpty()) {
- const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_CACERT]);
-- openconnect_set_cafile(d->vpninfo, strdup(crt.data()));
-+ openconnect_set_cafile(d->vpninfo, OC3DUP(crt.data()));
- }
- if (dataMap[NM_OPENCONNECT_KEY_CSD_ENABLE] == "yes") {
- char *wrapper;
-@@ -174,12 +174,12 @@ void OpenconnectAuthWidget::readConfig()
- }
- if (!dataMap[NM_OPENCONNECT_KEY_PROXY].isEmpty()) {
- const QByteArray proxy = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PROXY]);
-- openconnect_set_http_proxy(d->vpninfo, strdup(proxy.data()));
-+ openconnect_set_http_proxy(d->vpninfo, OC3DUP(proxy.data()));
- }
- if (!dataMap[NM_OPENCONNECT_KEY_USERCERT].isEmpty()) {
- const QByteArray crt = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_USERCERT]);
- const QByteArray key = QFile::encodeName(dataMap[NM_OPENCONNECT_KEY_PRIVKEY]);
-- openconnect_set_client_cert (d->vpninfo, strdup(crt.data()), strdup(key.data()));
-+ openconnect_set_client_cert (d->vpninfo, OC3DUP(crt.data()), OC3DUP(key.data()));
-
- if (!crt.isEmpty() && dataMap[NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID] == "yes") {
- openconnect_passphrase_from_fsid(d->vpninfo);
-@@ -276,10 +276,10 @@ void OpenconnectAuthWidget::connectHost()
- const VPNHost &host = d->hosts.at(i);
- if (openconnect_parse_url(d->vpninfo, host.address.toAscii().data())) {
- kWarning() << "Failed to parse server URL" << host.address;
-- openconnect_set_hostname(d->vpninfo, strdup(host.address.toAscii().data()));
-+ openconnect_set_hostname(d->vpninfo, OC3DUP(host.address.toAscii().data()));
- }
- if (!openconnect_get_urlpath(d->vpninfo) && !host.group.isEmpty())
-- openconnect_set_urlpath(d->vpninfo, strdup(host.group.toAscii().data()));
-+ openconnect_set_urlpath(d->vpninfo, OC3DUP(host.group.toAscii().data()));
- d->secrets["lasthost"] = host.name;
- addFormInfo(QLatin1String("dialog-information"), i18n("Contacting host, please wait..."));
- d->worker->start();
-@@ -301,9 +301,13 @@ QVariantMap OpenconnectAuthWidget::setting(bool agentOwned) const
- secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_COOKIE), QLatin1String(openconnect_get_cookie(d->vpninfo)));
- openconnect_clear_cookie(d->vpninfo);
-
-+#if OPENCONNECT_CHECK_VER(5,0)
-+ const char *fingerprint = openconnect_get_peer_cert_hash(d->vpninfo);
-+#else
- OPENCONNECT_X509 *cert = openconnect_get_peer_cert(d->vpninfo);
- char fingerprint[41];
- openconnect_get_cert_sha1(d->vpninfo, cert, fingerprint);
-+#endif
- secrets.insert(QLatin1String(NM_OPENCONNECT_KEY_GWCERT), QLatin1String(fingerprint));
- secrets.insert(QLatin1String("certsigs"), d->certificateFingerprints.join("\t"));
- secrets.insert(QLatin1String("autoconnect"), d->ui.chkAutoconnect->isChecked() ? "yes" : "no");
-@@ -578,14 +582,14 @@ void OpenconnectAuthWidget::formLoginClicked()
- if (opt->type == OC_FORM_OPT_PASSWORD || opt->type == OC_FORM_OPT_TEXT) {
- KLineEdit *le = qobject_cast<KLineEdit*>(widget);
- QByteArray text = le->text().toUtf8();
-- opt->value = strdup(text.data());
-+ openconnect_set_option_value(opt, text.data());
- if (opt->type == OC_FORM_OPT_TEXT) {
- d->secrets.insert(key,le->text());
- }
- } else if (opt->type == OC_FORM_OPT_SELECT) {
- KComboBox *cbo = qobject_cast<KComboBox*>(widget);
- QByteArray text = cbo->itemData(cbo->currentIndex()).toString().toAscii();
-- opt->value = strdup(text.data());
-+ openconnect_set_option_value(opt, text.data());
- d->secrets.insert(key,cbo->itemData(cbo->currentIndex()).toString());
- }
- }
-diff --git a/vpn/openconnect/openconnectauthworkerthread.cpp b/vpn/openconnect/openconnectauthworkerthread.cpp
-index cf130da..63ff237 100644
---- a/vpn/openconnect/openconnectauthworkerthread.cpp
-+++ b/vpn/openconnect/openconnectauthworkerthread.cpp
-@@ -43,6 +43,20 @@ extern "C"
- class OpenconnectAuthStaticWrapper
- {
- public:
-+#if OPENCONNECT_CHECK_VER(5,0)
-+ static int writeNewConfig(void *obj, const char *str, int num)
-+ {
-+ if (obj)
-+ return static_cast<OpenconnectAuthWorkerThread*>(obj)->writeNewConfig(str, num);
-+ return -1;
-+ }
-+ static int validatePeerCert(void *obj, const char *str)
-+ {
-+ if (obj)
-+ return static_cast<OpenconnectAuthWorkerThread*>(obj)->validatePeerCert(NULL, str);
-+ return -1;
-+ }
-+#else
- static int writeNewConfig(void *obj, char *str, int num)
- {
- if (obj)
-@@ -55,7 +69,8 @@ public:
- return static_cast<OpenconnectAuthWorkerThread*>(obj)->validatePeerCert(cert, str);
- return -1;
- }
-- static int processAuthForm(void *obj, struct oc_auth_form *form)
-+#endif
-+ static int processAuthForm(void *obj, struct oc_auth_form *form)
- {
- if (obj)
- return static_cast<OpenconnectAuthWorkerThread*>(obj)->processAuthFormP(form);
-@@ -108,7 +123,7 @@ struct openconnect_info* OpenconnectAuthWorkerThread::getOpenconnectInfo()
- return m_openconnectInfo;
- }
-
--int OpenconnectAuthWorkerThread::writeNewConfig(char *buf, int buflen)
-+int OpenconnectAuthWorkerThread::writeNewConfig(const char *buf, int buflen)
- {
- Q_UNUSED(buflen)
- if (*m_userDecidedToQuit)
-@@ -139,10 +154,16 @@ static char *openconnect_get_cert_details(struct openconnect_info *vpninfo,
- }
- #endif
-
--int OpenconnectAuthWorkerThread::validatePeerCert(OPENCONNECT_X509 *cert, const char *reason)
-+int OpenconnectAuthWorkerThread::validatePeerCert(void *cert, const char *reason)
- {
- if (*m_userDecidedToQuit)
- return -EINVAL;
-+
-+#if OPENCONNECT_CHECK_VER(5,0)
-+ (void)cert;
-+ const char *fingerprint = openconnect_get_peer_cert_hash(m_openconnectInfo);
-+ char *details = openconnect_get_peer_cert_details(m_openconnectInfo);
-+#else
- char fingerprint[41];
- int ret = 0;
-
-@@ -151,7 +172,7 @@ int OpenconnectAuthWorkerThread::validatePeerCert(OPENCONNECT_X509 *cert, const
- return ret;
-
- char *details = openconnect_get_cert_details(m_openconnectInfo, cert);
--
-+#endif
- bool accepted = false;
- m_mutex->lock();
- QString qFingerprint(fingerprint);
-@@ -160,7 +181,7 @@ int OpenconnectAuthWorkerThread::validatePeerCert(OPENCONNECT_X509 *cert, const
- emit validatePeerCert(qFingerprint, qCertinfo, qReason, &accepted);
- m_waitForUserInput->wait(m_mutex);
- m_mutex->unlock();
-- ::free(details);
-+ openconnect_free_cert_info(m_openconnectInfo, details);
- if (*m_userDecidedToQuit)
- return -EINVAL;
-
-diff --git a/vpn/openconnect/openconnectauthworkerthread.h b/vpn/openconnect/openconnectauthworkerthread.h
-index 282d8ce..cfe3681 100644
---- a/vpn/openconnect/openconnectauthworkerthread.h
-+++ b/vpn/openconnect/openconnectauthworkerthread.h
-@@ -59,6 +59,17 @@ struct x509_st;
- #define OC_FORM_RESULT_NEWGROUP 2
- #endif
-
-+#if OPENCONNECT_CHECK_VER(4,0)
-+#define OC3DUP(x) (x)
-+#else
-+#define openconnect_set_option_value(opt, val) do { \
-+ struct oc_form_opt *_o = (opt); \
-+ free(_o->value); _o->value = strdup(val); \
-+ } while (0)
-+#define openconnect_free_cert_info(v, x) ::free(x)
-+#define OC3DUP(x) strdup(x)
-+#endif
-+
- #include <QThread>
-
- class QMutex;
-@@ -85,8 +96,8 @@ protected:
- void run();
-
- private:
-- int writeNewConfig(char *, int);
-- int validatePeerCert(OPENCONNECT_X509 *, const char *);
-+ int writeNewConfig(const char *, int);
-+ int validatePeerCert(void *, const char *);
- int processAuthFormP(struct oc_auth_form *);
- void writeProgress(int level, const char *, va_list);
-
---
-2.1.0
-
diff --git a/plasma-nm-workaround-make-sure-we-don-t-send-completely-empty-map-to-nm-back.patch b/plasma-nm-workaround-make-sure-we-don-t-send-completely-empty-map-to-nm-back.patch
deleted file mode 100644
index c9b7bc8..0000000
--- a/plasma-nm-workaround-make-sure-we-don-t-send-completely-empty-map-to-nm-back.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 20e8f2d6924b90492074221a2c3d971eb9c52112 Mon Sep 17 00:00:00 2001
-From: Jan Grulich <jgrulich at redhat.com>
-Date: Thu, 8 Jan 2015 13:41:48 +0100
-Subject: [PATCH 1/2] Workaround: make sure we don't send completely empty map
- to NM back when asking for VPN secrets
-
-When NM asks for secrets, which should be system-owned (stored in NM), it also asks our
-secret agent from some reason if we have them, but if we send back an empty map, it won't ask
-again with required flag which would invoke displaying an auth dialog. We have to send back a
-map containing "secrets" key which should be without any value. It worked before that way
-because in NetworkManagerQt we always returned this map with secrets even when it was empty.
-
-BUG:339296
-CCBUG:309931
-CCBUG:334474
----
- kded/secretagent.cpp | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/kded/secretagent.cpp b/kded/secretagent.cpp
-index 07711a5..101506f 100644
---- a/kded/secretagent.cpp
-+++ b/kded/secretagent.cpp
-@@ -368,7 +368,17 @@ bool SecretAgent::processGetSecrets(SecretsRequest &request) const
- NMVariantMapMap result;
- NetworkManager::VpnSetting::Ptr vpnSetting;
- vpnSetting = connectionSettings.setting(NetworkManager::Setting::Vpn).dynamicCast<NetworkManager::VpnSetting>();
-- result.insert("vpn", vpnSetting->secretsToMap());
-+ //FIXME workaround when NM is asking for secrets which should be system-stored, if we send an empty map it
-+ // won't ask for additional secrets with AllowInteraction flag which would display the authentication dialog
-+ if (vpnSetting->secretsToMap().isEmpty()) {
-+ // Insert an empty secrets map as it was before I fixed it in NetworkManagerQt to make sure NM will ask again
-+ // with flags we need
-+ QVariantMap secretsMap;
-+ secretsMap.insert(QLatin1String("secrets"), QVariant::fromValue<NMStringMap>(NMStringMap()));
-+ result.insert("vpn", secretsMap);
-+ } else {
-+ result.insert("vpn", vpnSetting->secretsToMap());
-+ }
- sendSecrets(result, request.message);
- return true;
- } else if (setting->needSecrets().isEmpty()) {
---
-2.1.0
-
diff --git a/sources b/sources
index be91dbc..59f91e0 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-16f5e711de503fa8e5adeef9922c7c98 plasma-nm-0.9.3.5.tar.xz
+ab94be59919eca6bf89fc1930cf3dd39 plasma-nm-0.9.3.6.tar.xz
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/kde-plasma-nm.git/commit/?h=f20&id=a8455677719d3f928f5d0c0a6033a6772cdf1c42
More information about the scm-commits
mailing list