Bug#1055965: bookworm-pu: package network-manager-openconnect/1.2.8-3+deb12u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1055965: bookworm-pu: package network-manager-openconnect/1.2.8-3+deb12u1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 14 Nov 2023 22:57:47 +0100
Message-id: <[🔎] 169999906787.2001362.16357724685272034361.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1055965@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: network-manager-openconnect@packages.debian.org, Florian Echtler <floe@butterbrot.org>, Luca Boccassi <bluca@debian.org>, carnil@debian.org
Control: affects -1 + src:network-manager-openconnect

Hi Stable release managers,

[ Reason ]
In recent cases where institutions updated their Cisco AnyConnect
server, connecting with openconnect requires to pass an appropriate
UserAgent. Cf. for instance
https://gitlab.com/openconnect/openconnect/-/issues/544 .
network-manager-openconnect plugin for NetworkManager had no
possibilty to configure this. As result after such updates users using
the NetworkManager plugin cannot connect to the VPN servers.

[ Impact ]
Impossibility to use the NetworkManager plugin for openconnect in
situations where the Cisco AnyConnect server has been updated.

[ Tests ]
I manually tested the plugin in one affected configuration. After the
update the GUI field for configuring the UserAgent can be configured
for the specific configuration.

[ Risks ]
Patches have been taken from upstream and apply with minor context
tewak to the older version. Luca has reviewed and acked the MR in 
https://salsa.debian.org/debian/network-manager-openconnect/-/merge_requests/6

[ Checklist ]
  [x] *all* changes are documented in the d/changelog

(the salsa pipleline one is not, but has not a user impact)

  [x] I reviewed all changes and I approve them
  [x ] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Adds support for the mentioned UserAgent field and setting.

[ Other info ]
Nothing.

Regards,
Salvatore

diff -Nru network-manager-openconnect-1.2.8/debian/changelog network-manager-openconnect-1.2.8/debian/changelog
--- network-manager-openconnect-1.2.8/debian/changelog	2022-05-21 15:35:15.000000000 +0200
+++ network-manager-openconnect-1.2.8/debian/changelog	2023-11-14 15:15:44.000000000 +0100
@@ -1,3 +1,14 @@
+network-manager-openconnect (1.2.8-3+deb12u1) bookworm; urgency=medium
+
+  [ Salvatore Bonaccorso ]
+  * Add User Agent to Openconnect VPN for NetworkManager (Closes:
+    #1053467)
+  * Use openconnect_set_useragent() where available
+  * Add support for GTK4 in user-agent calls
+  * Add Build-Depends on libgtk-4-bin for gtk4-builder-tool
+
+ -- Luca Boccassi <bluca@debian.org>  Tue, 14 Nov 2023 14:15:44 +0000
+
 network-manager-openconnect (1.2.8-3) unstable; urgency=medium
 
   * Bump Standards-Version to 4.6.1, no changes
diff -Nru network-manager-openconnect-1.2.8/debian/control network-manager-openconnect-1.2.8/debian/control
--- network-manager-openconnect-1.2.8/debian/control	2022-05-21 15:35:15.000000000 +0200
+++ network-manager-openconnect-1.2.8/debian/control	2023-11-14 15:15:44.000000000 +0100
@@ -8,6 +8,7 @@
                libgcr-3-dev,
                libglib2.0-dev,
                libgtk-3-dev,
+               libgtk-4-bin,
                libgtk-4-dev,
                libnm-dev,
                libnma-dev,
diff -Nru network-manager-openconnect-1.2.8/debian/gbp.conf network-manager-openconnect-1.2.8/debian/gbp.conf
--- network-manager-openconnect-1.2.8/debian/gbp.conf	2022-03-14 00:08:09.000000000 +0100
+++ network-manager-openconnect-1.2.8/debian/gbp.conf	2023-11-14 15:15:44.000000000 +0100
@@ -1,5 +1,6 @@
 [DEFAULT]
 pristine-tar = True
+debian-branch = debian/bookworm
 
 [import-orig]
 upstream-vcs-tag = %(version)s
diff -Nru network-manager-openconnect-1.2.8/debian/patches/0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch network-manager-openconnect-1.2.8/debian/patches/0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch
--- network-manager-openconnect-1.2.8/debian/patches/0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch	1970-01-01 01:00:00.000000000 +0100
+++ network-manager-openconnect-1.2.8/debian/patches/0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch	2023-11-14 15:15:44.000000000 +0100
@@ -0,0 +1,302 @@
+From: Debasish Patra <patradebasish1987@gmail.com>
+Date: Sat, 29 Aug 2020 17:58:16 -0400
+Subject: Add User Agent to Openconnect VPN for NetworkManager
+Origin: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/commit/b5e154c06fd9013a925f85c2aa38d88e4ee53db0
+Bug-Debian: https://bugs.debian.org/1053467
+
+---
+ auth-dialog/main.c                        |  3 +-
+ properties/nm-openconnect-dialog.ui       | 73 +++++++++++++++++------
+ properties/nm-openconnect-editor-plugin.c |  5 ++
+ properties/nm-openconnect-editor.c        | 15 +++++
+ shared/nm-service-defines.h               |  1 +
+ 5 files changed, 79 insertions(+), 18 deletions(-)
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index 99cab7cd921f..305b568650ba 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -1853,6 +1853,7 @@ static void build_main_dialog(auth_ui_data *ui_data)
+ 
+ static auth_ui_data *init_ui_data (char *vpn_name, GHashTable *options, GHashTable *secrets, char *vpn_uuid)
+ {
++	char *vpn_useragent = g_hash_table_lookup(options, "useragent");
+ 	auth_ui_data *ui_data;
+ 
+ 	ui_data = g_slice_new0(auth_ui_data);
+@@ -1883,7 +1884,7 @@ static auth_ui_data *init_ui_data (char *vpn_name, GHashTable *options, GHashTab
+ 	g_unix_set_fd_nonblocking(ui_data->cancel_pipes[0], TRUE, NULL);
+ 	g_unix_set_fd_nonblocking(ui_data->cancel_pipes[1], TRUE, NULL);
+ 
+-	ui_data->vpninfo = (void *)openconnect_vpninfo_new("OpenConnect VPN Agent (NetworkManager)",
++	ui_data->vpninfo = (void *)openconnect_vpninfo_new(vpn_useragent ?: "OpenConnect VPN Agent (NetworkManager)",
+ 							   validate_peer_cert, write_new_config,
+ 							   nm_process_auth_form, write_progress,
+ 							   ui_data);
+diff --git a/properties/nm-openconnect-dialog.ui b/properties/nm-openconnect-dialog.ui
+index 43beb44a34a9..f32afcd5899f 100644
+--- a/properties/nm-openconnect-dialog.ui
++++ b/properties/nm-openconnect-dialog.ui
+@@ -105,6 +105,45 @@
+         <property name="top_attach">2</property>
+       </packing>
+     </child>
++    <child>
++      <object class="GtkLabel" id="useragent_label">
++        <property name="visible">True</property>
++        <property name="label" translatable="yes">_User Agent:</property>
++        <property name="use_underline">True</property>
++        <property name="use_markup">False</property>
++        <property name="justify">GTK_JUSTIFY_LEFT</property>
++        <property name="wrap">False</property>
++        <property name="selectable">False</property>
++        <property name="xalign">1</property>
++        <property name="yalign">0.5</property>
++        <property name="mnemonic_widget">user_agent_entry</property>
++        <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
++        <property name="width_chars">-1</property>
++        <property name="single_line_mode">False</property>
++      </object>
++      <packing>
++        <property name="left_attach">0</property>
++        <property name="top_attach">3</property>
++      </packing>
++    </child>
++     <child>
++      <object class="GtkEntry" id="user_agent_entry">
++        <property name="visible">True</property>
++        <property name="can_focus">True</property>
++        <property name="editable">True</property>
++        <property name="visibility">True</property>
++        <property name="max_length">0</property>
++        <property name="text"/>
++        <property name="has_frame">True</property>
++        <property name="invisible_char">&#x2022;</property>
++        <property name="activates_default">False</property>
++        <property name="hexpand">True</property>
++      </object>
++      <packing>
++        <property name="left_attach">1</property>
++        <property name="top_attach">3</property>
++      </packing>
++    </child>
+     <child>
+       <object class="NmaCertChooser" id="ca_chooser">
+         <property name="flags">13</property>
+@@ -114,7 +153,7 @@
+       </object>
+       <packing>
+         <property name="left-attach">0</property>
+-        <property name="top-attach">3</property>
++        <property name="top-attach">4</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+@@ -136,7 +175,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">4</property>
++        <property name="top_attach">5</property>
+       </packing>
+     </child>
+     <child>
+@@ -154,7 +193,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">1</property>
+-        <property name="top_attach">4</property>
++        <property name="top_attach">5</property>
+       </packing>
+     </child>
+     <child>
+@@ -170,7 +209,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">5</property>
++        <property name="top_attach">6</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+@@ -192,7 +231,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">6</property>
++        <property name="top_attach">7</property>
+       </packing>
+     </child>
+     <child>
+@@ -210,7 +249,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">1</property>
+-        <property name="top_attach">6</property>
++        <property name="top_attach">7</property>
+       </packing>
+     </child>
+     <child>
+@@ -232,7 +271,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">7</property>
++        <property name="top_attach">8</property>
+       </packing>
+     </child>
+     <child>
+@@ -250,7 +289,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">1</property>
+-        <property name="top_attach">7</property>
++        <property name="top_attach">8</property>
+       </packing>
+     </child>
+     <child>
+@@ -273,7 +312,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">8</property>
++        <property name="top_attach">9</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+@@ -286,7 +325,7 @@
+       </object>
+       <packing>
+         <property name="left-attach">0</property>
+-        <property name="top-attach">9</property>
++        <property name="top-attach">10</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+@@ -303,7 +342,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">11</property>
++        <property name="top_attach">12</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+@@ -320,7 +359,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">12</property>
++        <property name="top_attach">13</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+@@ -344,7 +383,7 @@
+       </object>
+       <packing>
+           <property name="left_attach">0</property>
+-          <property name="top_attach">13</property>
++          <property name="top_attach">14</property>
+           <property name="width">2</property>
+       </packing>
+     </child>
+@@ -366,7 +405,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">14</property>
++        <property name="top_attach">15</property>
+       </packing>
+     </child>
+     <child>
+@@ -384,7 +423,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">1</property>
+-        <property name="top_attach">14</property>
++        <property name="top_attach">15</property>
+       </packing>
+     </child>
+     <child>
+@@ -406,7 +445,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">15</property>
++        <property name="top_attach">16</property>
+       </packing>
+     </child>
+     <child>
+@@ -420,7 +459,7 @@
+       </object>
+       <packing>
+         <property name="left-attach">0</property>
+-        <property name="top-attach">16</property>
++        <property name="top-attach">17</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+diff --git a/properties/nm-openconnect-editor-plugin.c b/properties/nm-openconnect-editor-plugin.c
+index 90dd5af55e1e..3f3c7c55b4b4 100644
+--- a/properties/nm-openconnect-editor-plugin.c
++++ b/properties/nm-openconnect-editor-plugin.c
+@@ -229,6 +229,11 @@ import (NMVpnEditorPlugin *iface, const char *path, GError **error)
+ 	if (buf)
+ 		nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY, buf);
+ 
++	/* UserAgent */
++	buf = g_key_file_get_string (keyfile, "openconnect", "UserAgent", NULL);
++	if (buf)
++		nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_USERAGENT, buf);
++
+ 	/* Cisco Secure Desktop */
+ 	bval = g_key_file_get_boolean (keyfile, "openconnect", "CSDEnable", NULL);
+ 	if (bval)
+diff --git a/properties/nm-openconnect-editor.c b/properties/nm-openconnect-editor.c
+index de0c27a1b14d..813ff4c010e3 100644
+--- a/properties/nm-openconnect-editor.c
++++ b/properties/nm-openconnect-editor.c
+@@ -344,6 +344,16 @@ init_editor_plugin (OpenconnectEditor *self, NMConnection *connection, GError **
+ 	}
+ 	g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
+ 
++	widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_agent_entry"));
++	g_return_val_if_fail (widget, FALSE);
++
++	if (s_vpn) {
++		value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_USERAGENT);
++		if (value)
++			gtk_entry_set_text (GTK_ENTRY (widget), value);
++	}
++	g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
++
+ 	widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "fsid_button"));
+ 	g_return_val_if_fail (widget, FALSE);
+ 
+@@ -460,6 +470,11 @@ update_connection (NMVpnEditor *iface,
+ 	if (str && strlen (str))
+ 		nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY, str);
+ 
++	widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_agent_entry"));
++	str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
++	if (str && strlen (str))
++		nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_USERAGENT, str);
++
+ 	widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "fsid_button"));
+ 	str = gtk_check_button_get_active (GTK_CHECK_BUTTON (widget))?"yes":"no";
+ 	nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID, str);
+diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
+index 4e7d48132824..21e1ce4f555a 100644
+--- a/shared/nm-service-defines.h
++++ b/shared/nm-service-defines.h
+@@ -46,6 +46,7 @@
+ #define NM_OPENCONNECT_KEY_PROTOCOL "protocol"
+ #define NM_OPENCONNECT_KEY_PROXY "proxy"
+ #define NM_OPENCONNECT_KEY_CSD_ENABLE "enable_csd_trojan"
++#define NM_OPENCONNECT_KEY_USERAGENT "useragent"
+ #define NM_OPENCONNECT_KEY_CSD_WRAPPER "csd_wrapper"
+ #define NM_OPENCONNECT_KEY_TOKEN_MODE "stoken_source"
+ #define NM_OPENCONNECT_KEY_TOKEN_SECRET "stoken_string"
+-- 
+2.42.0
+
diff -Nru network-manager-openconnect-1.2.8/debian/patches/0003-Use-openconnect_set_useragent-where-available.patch network-manager-openconnect-1.2.8/debian/patches/0003-Use-openconnect_set_useragent-where-available.patch
--- network-manager-openconnect-1.2.8/debian/patches/0003-Use-openconnect_set_useragent-where-available.patch	1970-01-01 01:00:00.000000000 +0100
+++ network-manager-openconnect-1.2.8/debian/patches/0003-Use-openconnect_set_useragent-where-available.patch	2023-11-14 15:15:44.000000000 +0100
@@ -0,0 +1,28 @@
+From: David Woodhouse <dwmw2@infradead.org>
+Date: Fri, 29 Apr 2022 17:10:24 +0100
+Subject: Use openconnect_set_useragent() where available
+Origin: Origin: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/commit/bad2d616d2bced3a83ad689daaadb25eed84931b
+
+---
+ auth-dialog/main.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -1885,6 +1885,16 @@ static auth_ui_data *init_ui_data (char
+ 							   nm_process_auth_form, write_progress,
+ 							   ui_data);
+ 
++#if OPENCONNECT_CHECK_VER(5,8)
++	/* The useragent provided to openconnect_vpninfo_new() gets the
++	 * OpenConnect version appended to it. But some servers need the
++	 * useragent to *precisely* match a known string; support for
++	 * that was added in OpenConnect 9.00 (API 5.8) with the
++	 * openconnect_set_useragent() function. */
++	if (vpn_useragent)
++		openconnect_set_useragent(ui_data->vpninfo, vpn_useragent);
++#endif
++
+         openconnect_set_webview_callback(ui_data->vpninfo, open_webview);
+ 
+ #if OPENCONNECT_CHECK_VER(1,4)
diff -Nru network-manager-openconnect-1.2.8/debian/patches/0004-Add-support-for-GTK4-in-user-agent-calls.patch network-manager-openconnect-1.2.8/debian/patches/0004-Add-support-for-GTK4-in-user-agent-calls.patch
--- network-manager-openconnect-1.2.8/debian/patches/0004-Add-support-for-GTK4-in-user-agent-calls.patch	1970-01-01 01:00:00.000000000 +0100
+++ network-manager-openconnect-1.2.8/debian/patches/0004-Add-support-for-GTK4-in-user-agent-calls.patch	2023-11-14 15:15:44.000000000 +0100
@@ -0,0 +1,34 @@
+From: Esteban Mandirola <esteban.mandirola@despegar.com>
+Date: Fri, 13 May 2022 17:50:00 -0300
+Subject: Add support for GTK4 in user-agent calls
+Origin: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/commit/55688199533d9f75fe86d9b3f881f65c1ceccddb
+
+---
+ properties/nm-openconnect-editor.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/properties/nm-openconnect-editor.c b/properties/nm-openconnect-editor.c
+index 813ff4c010e3..3089dd826df6 100644
+--- a/properties/nm-openconnect-editor.c
++++ b/properties/nm-openconnect-editor.c
+@@ -350,7 +350,7 @@ init_editor_plugin (OpenconnectEditor *self, NMConnection *connection, GError **
+ 	if (s_vpn) {
+ 		value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_USERAGENT);
+ 		if (value)
+-			gtk_entry_set_text (GTK_ENTRY (widget), value);
++			gtk_editable_set_text (GTK_EDITABLE (widget), value);
+ 	}
+ 	g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
+ 
+@@ -471,7 +471,7 @@ update_connection (NMVpnEditor *iface,
+ 		nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY, str);
+ 
+ 	widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_agent_entry"));
+-	str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
++	str = (char *) gtk_editable_get_text (GTK_EDITABLE (widget));
+ 	if (str && strlen (str))
+ 		nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_USERAGENT, str);
+ 
+-- 
+2.42.0
+
diff -Nru network-manager-openconnect-1.2.8/debian/patches/series network-manager-openconnect-1.2.8/debian/patches/series
--- network-manager-openconnect-1.2.8/debian/patches/series	2022-05-21 15:33:22.000000000 +0200
+++ network-manager-openconnect-1.2.8/debian/patches/series	2023-11-14 15:15:44.000000000 +0100
@@ -1 +1,4 @@
 0001-Support-GlobalProtect-SAML-SSO-MFA.patch
+0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch
+0003-Use-openconnect_set_useragent-where-available.patch
+0004-Add-support-for-GTK4-in-user-agent-calls.patch
diff -Nru network-manager-openconnect-1.2.8/debian/salsa-ci.yml network-manager-openconnect-1.2.8/debian/salsa-ci.yml
--- network-manager-openconnect-1.2.8/debian/salsa-ci.yml	2022-03-14 00:08:09.000000000 +0100
+++ network-manager-openconnect-1.2.8/debian/salsa-ci.yml	2023-11-14 15:15:44.000000000 +0100
@@ -2,3 +2,7 @@
 include:
   - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
   - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
+variables:
+  RELEASE: 'bookworm'
+  SALSA_CI_LINTIAN_SUPPRESS_TAGS: "bad-distribution-in-changes-file"

Reply to:

Follow-Ups:
- Processed: bookworm-pu: package network-manager-openconnect/1.2.8-3+deb12u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1055965: network-manager-openconnect 1.2.8-3+deb12u1 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>

Prev by Date: Processed: bookworm-pu: package network-manager-openconnect/1.2.8-3+deb12u1
Next by Date: Re: Matrix update triggering need for four rebuilds
Previous by thread: Bug#1055964: marked as done (transition: proftpd-dfsg)
Next by thread: Processed: bookworm-pu: package network-manager-openconnect/1.2.8-3+deb12u1
Index(es):
- Date
- Thread