net-vpn/openconnect: drop 8.20-r1

Signed-off-by: Mike Gilbert <floppym@gentoo.org>

4 files changed, 0 insertions, 251 deletions

diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest
index a7dd1ff6597b..a855a2300764 100644
--- a/net-vpn/openconnect/Manifest
+++ b/net-vpn/openconnect/Manifest
@@ -1,2 +1 @@
-DIST openconnect-8.20.tar.gz 2651542 BLAKE2B 327b437993ee0d705c0194202f6fd7c2b330e69bfbb916ef004b0662c8b9aebc1252aa3c83bd41b4d1cf85b933878d37b1a7608f076d82b50e325a3efaea2dec SHA512 76f5e49948391397ea1f7d2fca5798731f4278fee74c3da9b0f0daba6c386ce79ec5d87d40b6d3d99bb2528a038b5a2076df4159bb29c52cba62efb2ca52c8ab
 DIST openconnect-9.01.tar.gz 2718526 BLAKE2B e346b30ed8a299bcdd1fc88868d59b4d501c48bc5c02092e92e7ded0cd36e4de6a5b65aae4f6bf8c9aa60cf70f5466b110b64889df8d286016c9a1b4d9f46ff7 SHA512 b7428847a90f8ca9d1f1f61653c1f2486f0a07989f3b7435b746c5e901998194f4ee2b4f9569a548a23bba368bb1e9f273674c0759aac9df30208d2a6a303c34
diff --git a/net-vpn/openconnect/files/8.20-insecure-crypto.patch b/net-vpn/openconnect/files/8.20-insecure-crypto.patch
deleted file mode 100644
index 7644e1a264ba..000000000000
--- a/net-vpn/openconnect/files/8.20-insecure-crypto.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From e2b38313bbd5050acaac49a75f0a024d05b505e5 Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym@gentoo.org>
-Date: Sun, 10 Apr 2022 12:21:57 -0400
-Subject: [PATCH] openssl: allow ALL ciphers when allow-insecure-crypto is
- enabled
-
-Previously, the cipher list was set to "DEFAULT:+3DES:+RC4". However,
-according to ciphers(1), the DEFAULT keyword cannot be combined with
-other strings using the + characters. In other words, ":+3DES:+RC4" gets
-ignored.
-
-The user is opting into insecure behavior, so let's keep it simple and
-just allow everything.
-
-This change fixes the obsolete-server-crypto test when openconnect is
-built against openssl-1.1.x.
-
-Signed-off-by: Mike Gilbert <floppym@gentoo.org>
----
- openssl.c | 9 +++------
- 1 file changed, 3 insertions(+), 6 deletions(-)
-
-diff --git a/openssl.c b/openssl.c
-index 3205dbd7..2bf594e7 100644
---- a/openssl.c
-+++ b/openssl.c
-@@ -1868,13 +1868,10 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
- 			struct oc_text_buf *buf = buf_alloc();
- 			if (vpninfo->pfs)
- 				buf_append(buf, "HIGH:!aNULL:!eNULL:-RSA");
-+			else if (vpninfo->allow_insecure_crypto)
-+				buf_append(buf, "ALL");
- 			else
--				buf_append(buf, "DEFAULT");
--
--			if (vpninfo->allow_insecure_crypto)
--				buf_append(buf, ":+3DES:+RC4");
--			else
--				buf_append(buf, ":-3DES:-RC4");
-+				buf_append(buf, "DEFAULT:-3DES:-RC4");
- 
- 			if (buf_error(buf)) {
- 				vpn_progress(vpninfo, PRG_ERR,
--- 
-2.35.1
-
diff --git a/net-vpn/openconnect/files/8.20-rsa-securid.patch b/net-vpn/openconnect/files/8.20-rsa-securid.patch
deleted file mode 100644
index 57ab2d740707..000000000000
--- a/net-vpn/openconnect/files/8.20-rsa-securid.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 19417131895eb39aabf3641a9e4e0d7082b04f6d Mon Sep 17 00:00:00 2001
-From: Daniel Lenski <dlenski@gmail.com>
-Date: Mon, 7 Mar 2022 08:50:13 -0800
-Subject: [PATCH] Bugfix RSA SecurID token decryption and PIN entry forms
-
-As of
-https://gitlab.com/openconnect/openconnect/-/commit/386a6edb6d2d1d2cd3e9c9de8d85dc7bfda60d34,
-all auth forms are required to have a non-NULL `auth_id`.
-
-However, we forget to make stoken.c set the `auth_id` for the forms that it
-creates for RSA SecurID token decryption and PIN entry.  Let's name these:
-
-  - `_rsa_unlock`, for token decryption.
-  - `_rsa_pin`, for PIN entry.  Also, rename the numeric PIN field to `pin`
-    rather than `password`; there can't be any existing users relying on
-    `--form-entry` to set its value, because that wouldn't work without the
-    `auth_id`.
-
-Fixes #388.
-
-Signed-off-by: Daniel Lenski <dlenski@gmail.com>
----
- stoken.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/stoken.c b/stoken.c
-index 00a67625..45d849f5 100644
---- a/stoken.c
-+++ b/stoken.c
-@@ -100,6 +100,7 @@ static int decrypt_stoken(struct openconnect_info *vpninfo)
- 
- 	form.opts = opts;
- 	form.message = _("Enter credentials to unlock software token.");
-+	form.auth_id = "_rsa_unlock";
- 
- 	if (stoken_devid_required(vpninfo->stoken_ctx)) {
- 		opt->type = OC_FORM_OPT_TEXT;
-@@ -206,9 +207,10 @@ static int request_stoken_pin(struct openconnect_info *vpninfo)
- 
- 	form.opts = opts;
- 	form.message = _("Enter software token PIN.");
-+	form.auth_id = "_rsa_pin";
- 
- 	opt->type = OC_FORM_OPT_PASSWORD;
--	opt->name = (char *)"password";
-+	opt->name = (char *)"pin";
- 	opt->label = _("PIN:");
- 	opt->flags = OC_FORM_OPT_NUMERIC;
- 
--- 
-GitLab
diff --git a/net-vpn/openconnect/openconnect-8.20-r1.ebuild b/net-vpn/openconnect/openconnect-8.20-r1.ebuild
deleted file mode 100644
index c9b970792d0e..000000000000
--- a/net-vpn/openconnect/openconnect-8.20-r1.ebuild
+++ /dev/null
@@ -1,153 +0,0 @@
-# Copyright 2011-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{8..10} )
-PYTHON_REQ_USE="xml"
-
-inherit linux-info python-any-r1
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
-	inherit git-r3 autotools
-else
-	SRC_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
-	KEYWORDS="amd64 arm arm64 ppc64 ~riscv x86"
-fi
-
-DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
-HOMEPAGE="https://www.infradead.org/openconnect/"
-
-LICENSE="LGPL-2.1 GPL-2"
-SLOT="0/5"
-IUSE="doc +gnutls gssapi libproxy lz4 nls pskc selinux smartcard stoken test"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	dev-libs/libxml2
-	sys-libs/zlib
-	app-crypt/p11-kit
-	!gnutls? (
-		>=dev-libs/openssl-1.0.1h:0=
-		dev-libs/libp11
-	)
-	gnutls? (
-		app-crypt/trousers
-		app-misc/ca-certificates
-		dev-libs/nettle
-		>=net-libs/gnutls-3.6.13:0=
-		dev-libs/libtasn1:0=
-		app-crypt/tpm2-tss:=
-	)
-	gssapi? ( virtual/krb5 )
-	libproxy? ( net-libs/libproxy )
-	lz4? ( app-arch/lz4:= )
-	nls? ( virtual/libintl )
-	pskc? ( sys-auth/oath-toolkit[pskc] )
-	smartcard? ( sys-apps/pcsc-lite:0= )
-	stoken? ( app-crypt/stoken )
-"
-DEPEND="${COMMON_DEPEND}
-	test? (
-		net-libs/socket_wrapper
-		sys-libs/uid_wrapper
-		!gnutls? ( dev-libs/openssl:0[weak-ssl-ciphers(-)] )
-	)
-"
-RDEPEND="${COMMON_DEPEND}
-	sys-apps/iproute2
-	>=net-vpn/vpnc-scripts-20210402-r1
-	selinux? ( sec-policy/selinux-vpn )
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( ${PYTHON_DEPS} sys-apps/groff )
-	nls? ( sys-devel/gettext )
-	test? ( net-vpn/ocserv )
-"
-
-CONFIG_CHECK="~TUN"
-
-pkg_pretend() {
-	check_extra_config
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999 ]]; then
-		git-r3_src_unpack
-	fi
-	default
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}/8.20-rsa-securid.patch"
-		"${FILESDIR}/8.20-insecure-crypto.patch"
-	)
-	default
-	if [[ ${PV} == 9999 ]]; then
-		eautoreconf
-	fi
-}
-
-src_configure() {
-	if use doc; then
-		python_setup
-	else
-		export ac_cv_path_PYTHON=
-	fi
-
-	# Used by tests if userpriv is disabled
-	addwrite /run/netns
-
-	local myconf=(
-		--disable-dsa-tests
-		$(use_enable nls)
-		--disable-static
-		$(use_with !gnutls openssl)
-		$(use_with gnutls)
-		$(use_with libproxy)
-		$(use_with lz4)
-		$(use_with gssapi)
-		$(use_with pskc libpskc)
-		$(use_with smartcard libpcsclite)
-		$(use_with stoken)
-		--with-vpnc-script="${EPREFIX}/etc/vpnc/vpnc-script"
-		--without-java
-	)
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local charset
-	for charset in UTF-8 ISO-8859-2; do
-		if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
-			# If we don't have valid cs_CZ locale data, auth-nonascii will fail.
-			# Force a test skip by exiting with status 77.
-			sed -i -e '2i exit 77' tests/auth-nonascii || die
-			break
-		fi
-	done
-	default
-}
-
-src_install() {
-	default
-	find "${ED}" -name '*.la' -delete || die
-
-	dodoc "${FILESDIR}"/README.OpenRC
-
-	newconfd "${FILESDIR}"/openconnect.confd openconnect
-	newinitd "${FILESDIR}"/openconnect.initd openconnect
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/openconnect.logrotate openconnect
-
-	keepdir /var/log/openconnect
-}