openconnect: updated to 7.02

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/net/openconnect/Makefile b/net/openconnect/Makefile
index 6bd402f34a5756b940ca70f5e24f945425138655..7b6410d26bba148359d41f6b559275f9a3373081 100644 (file)
--- a/net/openconnect/Makefile
+++ b/net/openconnect/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openconnect
-PKG_VERSION:=7.00
-PKG_RELEASE:=4
+PKG_VERSION:=7.02
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=ftp://ftp.infradead.org/pub/openconnect/
-PKG_MD5SUM:=208b03fb66cd8e26633a19b9e12f35af
+PKG_MD5SUM:=d2498cfa1020be4665a7317dc1bf04b0
 
 PKG_CONFIG_DEPENDS:= \
        CONFIG_OPENCONNECT_GNUTLS \

diff --git a/net/openconnect/patches/001-always-resolve-ips.patch b/net/openconnect/patches/001-always-resolve-ips.patch
deleted file mode 100644 (file)
index 809dd23..0000000
--- a/net/openconnect/patches/001-always-resolve-ips.patch
+++ /dev/null
@@ -1,143 +0,0 @@
-From 2f55fec323730a94ed49d401d93b913d85e43b65 Mon Sep 17 00:00:00 2001
-From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Date: Mon, 1 Dec 2014 20:10:06 +0100
-Subject: [PATCH 1/2] Re-resolve when reconnecting CSTP and the X-CSTP-DynDNS
- is set by the server
-
-That is, when reconnecting CSTP due to peer tearing the connection
-down attempt to re-resolve its IP. That handles the case where
-the server is using dynamic DNS and is advertising it.
-
-[dwmw2: refactored to simplify it somewhat]
-
-Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
----
- cstp.c                 |  3 +++
- openconnect-internal.h |  1 +
- ssl.c                  | 48 +++++++++++++++++++++++++++++++++++++++++++++++-
- 4 files changed, 52 insertions(+), 2 deletions(-)
-
-diff --git a/cstp.c b/cstp.c
-index 3b93538..55225f4 100644
---- a/cstp.c
-+++ b/cstp.c
-@@ -378,6 +378,9 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
-                       int cstpmtu = atol(colon);
-                       if (cstpmtu > mtu)
-                               mtu = cstpmtu;
-+              } else if (!strcmp(buf + 7, "DynDNS")) {
-+                      if (!strcmp(colon, "true"))
-+                              vpninfo->is_dyndns = 1;
-               } else if (!strcmp(buf + 7, "Address-IP6")) {
-                       vpninfo->ip_info.netmask6 = new_option->value;
-               } else if (!strcmp(buf + 7, "Address")) {
-diff --git a/openconnect-internal.h b/openconnect-internal.h
-index 1bc79e5..db6c2ba 100644
---- a/openconnect-internal.h
-+++ b/openconnect-internal.h
-@@ -427,6 +427,7 @@ struct openconnect_info {
-       int dtls_local_port;
- 
-       int deflate;
-+      int is_dyndns; /* Attempt to redo DNS lookup on each CSTP reconnect */
-       char *useragent;
- 
-       const char *quit_reason;
-diff --git a/ssl.c b/ssl.c
-index b50652d..d47a819 100644
---- a/ssl.c
-+++ b/ssl.c
-@@ -106,6 +106,23 @@ unsigned string_is_hostname(const char *str)
-       return 1;
- }
- 
-+static int match_sockaddr(struct sockaddr *a, struct sockaddr *b)
-+{
-+      if (a->sa_family == AF_INET) {
-+              struct sockaddr_in *a4 = (void *)a;
-+              struct sockaddr_in *b4 = (void *)b;
-+
-+              return (a4->sin_addr.s_addr == b4->sin_addr.s_addr) &&
-+                      (a4->sin_port == b4->sin_port);
-+      } else if (a->sa_family == AF_INET6) {
-+              struct sockaddr_in6 *a6 = (void *)a;
-+              struct sockaddr_in6 *b6 = (void *)b;
-+              return !memcmp(&a6->sin6_addr, &b6->sin6_addr, sizeof(a6->sin6_addr) &&
-+                             a6->sin6_port == b6->sin6_port);
-+      } else
-+              return 0;
-+}
-+
- int connect_https_socket(struct openconnect_info *vpninfo)
- {
-       int ssl_sock = -1;
-@@ -114,7 +131,11 @@ int connect_https_socket(struct openconnect_info *vpninfo)
-       if (!vpninfo->port)
-               vpninfo->port = 443;
- 
--      if (vpninfo->peer_addr) {
-+      /* If we're talking to a server which told us it has dynamic DNS, don't
-+         just re-use its previous IP address. If we're talking to a proxy, we
-+         can use *its* previous IP address. We expect it'll re-do the DNS
-+         lookup for the server anyway. */
-+      if (vpninfo->peer_addr && (!vpninfo->is_dyndns || vpninfo->proxy)) {
-       reconnect:
- #ifdef SOCK_CLOEXEC
-               ssl_sock = socket(vpninfo->peer_addr->sa_family, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_IP);
-@@ -230,6 +251,13 @@ int connect_https_socket(struct openconnect_info *vpninfo)
-                       if (hints.ai_flags & AI_NUMERICHOST)
-                               free(hostname);
-                       ssl_sock = -EINVAL;
-+                      /* If we were just retrying for dynamic DNS, reconnct using
-+                         the previously-known IP address */
-+                      if (vpninfo->peer_addr) {
-+                              vpn_progress(vpninfo, PRG_ERR,
-+                                           _("Reconnecting to DynDNS server using previously cached IP address\n"));
-+                              goto reconnect;
-+                      }
-                       goto out;
-               }
-               if (hints.ai_flags & AI_NUMERICHOST)
-@@ -257,6 +285,8 @@ int connect_https_socket(struct openconnect_info *vpninfo)
-                       if (cancellable_connect(vpninfo, ssl_sock, rp->ai_addr, rp->ai_addrlen) >= 0) {
-                               /* Store the peer address we actually used, so that DTLS can
-                                  use it again later */
-+                              free(vpninfo->peer_addr);
-+                              vpninfo->peer_addrlen = 0;
-                               vpninfo->peer_addr = malloc(rp->ai_addrlen);
-                               if (!vpninfo->peer_addr) {
-                                       vpn_progress(vpninfo, PRG_ERR,
-@@ -288,6 +318,17 @@ int connect_https_socket(struct openconnect_info *vpninfo)
-                       }
-                       closesocket(ssl_sock);
-                       ssl_sock = -1;
-+
-+                      /* If we're in DynDNS mode but this *was* the cached IP address,
-+                       * don't bother falling back to it if it didn't work. */
-+                      if (vpninfo->peer_addr && vpninfo->peer_addrlen == rp->ai_addrlen &&
-+                          match_sockaddr(vpninfo->peer_addr, rp->ai_addr)) {
-+                              vpn_progress(vpninfo, PRG_TRACE,
-+                                           _("Forgetting non-functional previous peer address\n"));
-+                              free(vpninfo->peer_addr);
-+                              vpninfo->peer_addr = 0;
-+                              vpninfo->peer_addrlen = 0;
-+                      }
-               }
-               freeaddrinfo(result);
- 
-@@ -296,6 +337,11 @@ int connect_https_socket(struct openconnect_info *vpninfo)
-                                    _("Failed to connect to host %s\n"),
-                                    vpninfo->proxy?:vpninfo->hostname);
-                       ssl_sock = -EINVAL;
-+                      if (vpninfo->peer_addr) {
-+                              vpn_progress(vpninfo, PRG_ERR,
-+                                           _("Reconnecting to DynDNS server using previously cached IP address\n"));
-+                              goto reconnect;
-+                      }
-                       goto out;
-               }
-       }
--- 
-2.1.3
-