[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1055965: marked as done (bookworm-pu: package network-manager-openconnect/1.2.8-3+deb12u1)

Your message dated Sat, 09 Dec 2023 10:20:37 +0000
with message-id <83d3a3621a56b9af1e20d36ee9d390a46ab64a8a.camel@adam-barratt.org.uk>
and subject line Closing requests for updates included in 12.3 point release
has caused the Debian Bug report #1055965,
regarding bookworm-pu: package network-manager-openconnect/1.2.8-3+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1055965: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055965
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: network-manager-openconnect@packages.debian.org, Florian Echtler <floe@butterbrot.org>, Luca Boccassi <bluca@debian.org>, carnil@debian.org
Control: affects -1 + src:network-manager-openconnect

Hi Stable release managers,

[ Reason ]
In recent cases where institutions updated their Cisco AnyConnect
server, connecting with openconnect requires to pass an appropriate
UserAgent. Cf. for instance
https://gitlab.com/openconnect/openconnect/-/issues/544 .
network-manager-openconnect plugin for NetworkManager had no
possibilty to configure this. As result after such updates users using
the NetworkManager plugin cannot connect to the VPN servers.

[ Impact ]
Impossibility to use the NetworkManager plugin for openconnect in
situations where the Cisco AnyConnect server has been updated.

[ Tests ]
I manually tested the plugin in one affected configuration. After the
update the GUI field for configuring the UserAgent can be configured
for the specific configuration.

[ Risks ]
Patches have been taken from upstream and apply with minor context
tewak to the older version. Luca has reviewed and acked the MR in 
https://salsa.debian.org/debian/network-manager-openconnect/-/merge_requests/6

[ Checklist ]
  [x] *all* changes are documented in the d/changelog

(the salsa pipleline one is not, but has not a user impact)

  [x] I reviewed all changes and I approve them
  [x ] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Adds support for the mentioned UserAgent field and setting.

[ Other info ]
Nothing.

Regards,
Salvatore

diff -Nru network-manager-openconnect-1.2.8/debian/changelog network-manager-openconnect-1.2.8/debian/changelog
--- network-manager-openconnect-1.2.8/debian/changelog	2022-05-21 15:35:15.000000000 +0200
+++ network-manager-openconnect-1.2.8/debian/changelog	2023-11-14 15:15:44.000000000 +0100
@@ -1,3 +1,14 @@
+network-manager-openconnect (1.2.8-3+deb12u1) bookworm; urgency=medium
+
+  [ Salvatore Bonaccorso ]
+  * Add User Agent to Openconnect VPN for NetworkManager (Closes:
+    #1053467)
+  * Use openconnect_set_useragent() where available
+  * Add support for GTK4 in user-agent calls
+  * Add Build-Depends on libgtk-4-bin for gtk4-builder-tool
+
+ -- Luca Boccassi <bluca@debian.org>  Tue, 14 Nov 2023 14:15:44 +0000
+
 network-manager-openconnect (1.2.8-3) unstable; urgency=medium
 
   * Bump Standards-Version to 4.6.1, no changes
diff -Nru network-manager-openconnect-1.2.8/debian/control network-manager-openconnect-1.2.8/debian/control
--- network-manager-openconnect-1.2.8/debian/control	2022-05-21 15:35:15.000000000 +0200
+++ network-manager-openconnect-1.2.8/debian/control	2023-11-14 15:15:44.000000000 +0100
@@ -8,6 +8,7 @@
                libgcr-3-dev,
                libglib2.0-dev,
                libgtk-3-dev,
+               libgtk-4-bin,
                libgtk-4-dev,
                libnm-dev,
                libnma-dev,
diff -Nru network-manager-openconnect-1.2.8/debian/gbp.conf network-manager-openconnect-1.2.8/debian/gbp.conf
--- network-manager-openconnect-1.2.8/debian/gbp.conf	2022-03-14 00:08:09.000000000 +0100
+++ network-manager-openconnect-1.2.8/debian/gbp.conf	2023-11-14 15:15:44.000000000 +0100
@@ -1,5 +1,6 @@
 [DEFAULT]
 pristine-tar = True
+debian-branch = debian/bookworm
 
 [import-orig]
 upstream-vcs-tag = %(version)s
diff -Nru network-manager-openconnect-1.2.8/debian/patches/0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch network-manager-openconnect-1.2.8/debian/patches/0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch
--- network-manager-openconnect-1.2.8/debian/patches/0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch	1970-01-01 01:00:00.000000000 +0100
+++ network-manager-openconnect-1.2.8/debian/patches/0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch	2023-11-14 15:15:44.000000000 +0100
@@ -0,0 +1,302 @@
+From: Debasish Patra <patradebasish1987@gmail.com>
+Date: Sat, 29 Aug 2020 17:58:16 -0400
+Subject: Add User Agent to Openconnect VPN for NetworkManager
+Origin: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/commit/b5e154c06fd9013a925f85c2aa38d88e4ee53db0
+Bug-Debian: https://bugs.debian.org/1053467
+
+---
+ auth-dialog/main.c                        |  3 +-
+ properties/nm-openconnect-dialog.ui       | 73 +++++++++++++++++------
+ properties/nm-openconnect-editor-plugin.c |  5 ++
+ properties/nm-openconnect-editor.c        | 15 +++++
+ shared/nm-service-defines.h               |  1 +
+ 5 files changed, 79 insertions(+), 18 deletions(-)
+
+diff --git a/auth-dialog/main.c b/auth-dialog/main.c
+index 99cab7cd921f..305b568650ba 100644
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -1853,6 +1853,7 @@ static void build_main_dialog(auth_ui_data *ui_data)
+ 
+ static auth_ui_data *init_ui_data (char *vpn_name, GHashTable *options, GHashTable *secrets, char *vpn_uuid)
+ {
++	char *vpn_useragent = g_hash_table_lookup(options, "useragent");
+ 	auth_ui_data *ui_data;
+ 
+ 	ui_data = g_slice_new0(auth_ui_data);
+@@ -1883,7 +1884,7 @@ static auth_ui_data *init_ui_data (char *vpn_name, GHashTable *options, GHashTab
+ 	g_unix_set_fd_nonblocking(ui_data->cancel_pipes[0], TRUE, NULL);
+ 	g_unix_set_fd_nonblocking(ui_data->cancel_pipes[1], TRUE, NULL);
+ 
+-	ui_data->vpninfo = (void *)openconnect_vpninfo_new("OpenConnect VPN Agent (NetworkManager)",
++	ui_data->vpninfo = (void *)openconnect_vpninfo_new(vpn_useragent ?: "OpenConnect VPN Agent (NetworkManager)",
+ 							   validate_peer_cert, write_new_config,
+ 							   nm_process_auth_form, write_progress,
+ 							   ui_data);
+diff --git a/properties/nm-openconnect-dialog.ui b/properties/nm-openconnect-dialog.ui
+index 43beb44a34a9..f32afcd5899f 100644
+--- a/properties/nm-openconnect-dialog.ui
++++ b/properties/nm-openconnect-dialog.ui
+@@ -105,6 +105,45 @@
+         <property name="top_attach">2</property>
+       </packing>
+     </child>
++    <child>
++      <object class="GtkLabel" id="useragent_label">
++        <property name="visible">True</property>
++        <property name="label" translatable="yes">_User Agent:</property>
++        <property name="use_underline">True</property>
++        <property name="use_markup">False</property>
++        <property name="justify">GTK_JUSTIFY_LEFT</property>
++        <property name="wrap">False</property>
++        <property name="selectable">False</property>
++        <property name="xalign">1</property>
++        <property name="yalign">0.5</property>
++        <property name="mnemonic_widget">user_agent_entry</property>
++        <property name="ellipsize">PANGO_ELLIPSIZE_NONE</property>
++        <property name="width_chars">-1</property>
++        <property name="single_line_mode">False</property>
++      </object>
++      <packing>
++        <property name="left_attach">0</property>
++        <property name="top_attach">3</property>
++      </packing>
++    </child>
++     <child>
++      <object class="GtkEntry" id="user_agent_entry">
++        <property name="visible">True</property>
++        <property name="can_focus">True</property>
++        <property name="editable">True</property>
++        <property name="visibility">True</property>
++        <property name="max_length">0</property>
++        <property name="text"/>
++        <property name="has_frame">True</property>
++        <property name="invisible_char">&#x2022;</property>
++        <property name="activates_default">False</property>
++        <property name="hexpand">True</property>
++      </object>
++      <packing>
++        <property name="left_attach">1</property>
++        <property name="top_attach">3</property>
++      </packing>
++    </child>
+     <child>
+       <object class="NmaCertChooser" id="ca_chooser">
+         <property name="flags">13</property>
+@@ -114,7 +153,7 @@
+       </object>
+       <packing>
+         <property name="left-attach">0</property>
+-        <property name="top-attach">3</property>
++        <property name="top-attach">4</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+@@ -136,7 +175,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">4</property>
++        <property name="top_attach">5</property>
+       </packing>
+     </child>
+     <child>
+@@ -154,7 +193,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">1</property>
+-        <property name="top_attach">4</property>
++        <property name="top_attach">5</property>
+       </packing>
+     </child>
+     <child>
+@@ -170,7 +209,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">5</property>
++        <property name="top_attach">6</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+@@ -192,7 +231,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">6</property>
++        <property name="top_attach">7</property>
+       </packing>
+     </child>
+     <child>
+@@ -210,7 +249,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">1</property>
+-        <property name="top_attach">6</property>
++        <property name="top_attach">7</property>
+       </packing>
+     </child>
+     <child>
+@@ -232,7 +271,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">7</property>
++        <property name="top_attach">8</property>
+       </packing>
+     </child>
+     <child>
+@@ -250,7 +289,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">1</property>
+-        <property name="top_attach">7</property>
++        <property name="top_attach">8</property>
+       </packing>
+     </child>
+     <child>
+@@ -273,7 +312,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">8</property>
++        <property name="top_attach">9</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+@@ -286,7 +325,7 @@
+       </object>
+       <packing>
+         <property name="left-attach">0</property>
+-        <property name="top-attach">9</property>
++        <property name="top-attach">10</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+@@ -303,7 +342,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">11</property>
++        <property name="top_attach">12</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+@@ -320,7 +359,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">12</property>
++        <property name="top_attach">13</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+@@ -344,7 +383,7 @@
+       </object>
+       <packing>
+           <property name="left_attach">0</property>
+-          <property name="top_attach">13</property>
++          <property name="top_attach">14</property>
+           <property name="width">2</property>
+       </packing>
+     </child>
+@@ -366,7 +405,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">14</property>
++        <property name="top_attach">15</property>
+       </packing>
+     </child>
+     <child>
+@@ -384,7 +423,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">1</property>
+-        <property name="top_attach">14</property>
++        <property name="top_attach">15</property>
+       </packing>
+     </child>
+     <child>
+@@ -406,7 +445,7 @@
+       </object>
+       <packing>
+         <property name="left_attach">0</property>
+-        <property name="top_attach">15</property>
++        <property name="top_attach">16</property>
+       </packing>
+     </child>
+     <child>
+@@ -420,7 +459,7 @@
+       </object>
+       <packing>
+         <property name="left-attach">0</property>
+-        <property name="top-attach">16</property>
++        <property name="top-attach">17</property>
+         <property name="width">2</property>
+       </packing>
+     </child>
+diff --git a/properties/nm-openconnect-editor-plugin.c b/properties/nm-openconnect-editor-plugin.c
+index 90dd5af55e1e..3f3c7c55b4b4 100644
+--- a/properties/nm-openconnect-editor-plugin.c
++++ b/properties/nm-openconnect-editor-plugin.c
+@@ -229,6 +229,11 @@ import (NMVpnEditorPlugin *iface, const char *path, GError **error)
+ 	if (buf)
+ 		nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY, buf);
+ 
++	/* UserAgent */
++	buf = g_key_file_get_string (keyfile, "openconnect", "UserAgent", NULL);
++	if (buf)
++		nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_USERAGENT, buf);
++
+ 	/* Cisco Secure Desktop */
+ 	bval = g_key_file_get_boolean (keyfile, "openconnect", "CSDEnable", NULL);
+ 	if (bval)
+diff --git a/properties/nm-openconnect-editor.c b/properties/nm-openconnect-editor.c
+index de0c27a1b14d..813ff4c010e3 100644
+--- a/properties/nm-openconnect-editor.c
++++ b/properties/nm-openconnect-editor.c
+@@ -344,6 +344,16 @@ init_editor_plugin (OpenconnectEditor *self, NMConnection *connection, GError **
+ 	}
+ 	g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
+ 
++	widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_agent_entry"));
++	g_return_val_if_fail (widget, FALSE);
++
++	if (s_vpn) {
++		value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_USERAGENT);
++		if (value)
++			gtk_entry_set_text (GTK_ENTRY (widget), value);
++	}
++	g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
++
+ 	widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "fsid_button"));
+ 	g_return_val_if_fail (widget, FALSE);
+ 
+@@ -460,6 +470,11 @@ update_connection (NMVpnEditor *iface,
+ 	if (str && strlen (str))
+ 		nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY, str);
+ 
++	widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_agent_entry"));
++	str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
++	if (str && strlen (str))
++		nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_USERAGENT, str);
++
+ 	widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "fsid_button"));
+ 	str = gtk_check_button_get_active (GTK_CHECK_BUTTON (widget))?"yes":"no";
+ 	nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PEM_PASSPHRASE_FSID, str);
+diff --git a/shared/nm-service-defines.h b/shared/nm-service-defines.h
+index 4e7d48132824..21e1ce4f555a 100644
+--- a/shared/nm-service-defines.h
++++ b/shared/nm-service-defines.h
+@@ -46,6 +46,7 @@
+ #define NM_OPENCONNECT_KEY_PROTOCOL "protocol"
+ #define NM_OPENCONNECT_KEY_PROXY "proxy"
+ #define NM_OPENCONNECT_KEY_CSD_ENABLE "enable_csd_trojan"
++#define NM_OPENCONNECT_KEY_USERAGENT "useragent"
+ #define NM_OPENCONNECT_KEY_CSD_WRAPPER "csd_wrapper"
+ #define NM_OPENCONNECT_KEY_TOKEN_MODE "stoken_source"
+ #define NM_OPENCONNECT_KEY_TOKEN_SECRET "stoken_string"
+-- 
+2.42.0
+
diff -Nru network-manager-openconnect-1.2.8/debian/patches/0003-Use-openconnect_set_useragent-where-available.patch network-manager-openconnect-1.2.8/debian/patches/0003-Use-openconnect_set_useragent-where-available.patch
--- network-manager-openconnect-1.2.8/debian/patches/0003-Use-openconnect_set_useragent-where-available.patch	1970-01-01 01:00:00.000000000 +0100
+++ network-manager-openconnect-1.2.8/debian/patches/0003-Use-openconnect_set_useragent-where-available.patch	2023-11-14 15:15:44.000000000 +0100
@@ -0,0 +1,28 @@
+From: David Woodhouse <dwmw2@infradead.org>
+Date: Fri, 29 Apr 2022 17:10:24 +0100
+Subject: Use openconnect_set_useragent() where available
+Origin: Origin: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/commit/bad2d616d2bced3a83ad689daaadb25eed84931b
+
+---
+ auth-dialog/main.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+--- a/auth-dialog/main.c
++++ b/auth-dialog/main.c
+@@ -1885,6 +1885,16 @@ static auth_ui_data *init_ui_data (char
+ 							   nm_process_auth_form, write_progress,
+ 							   ui_data);
+ 
++#if OPENCONNECT_CHECK_VER(5,8)
++	/* The useragent provided to openconnect_vpninfo_new() gets the
++	 * OpenConnect version appended to it. But some servers need the
++	 * useragent to *precisely* match a known string; support for
++	 * that was added in OpenConnect 9.00 (API 5.8) with the
++	 * openconnect_set_useragent() function. */
++	if (vpn_useragent)
++		openconnect_set_useragent(ui_data->vpninfo, vpn_useragent);
++#endif
++
+         openconnect_set_webview_callback(ui_data->vpninfo, open_webview);
+ 
+ #if OPENCONNECT_CHECK_VER(1,4)
diff -Nru network-manager-openconnect-1.2.8/debian/patches/0004-Add-support-for-GTK4-in-user-agent-calls.patch network-manager-openconnect-1.2.8/debian/patches/0004-Add-support-for-GTK4-in-user-agent-calls.patch
--- network-manager-openconnect-1.2.8/debian/patches/0004-Add-support-for-GTK4-in-user-agent-calls.patch	1970-01-01 01:00:00.000000000 +0100
+++ network-manager-openconnect-1.2.8/debian/patches/0004-Add-support-for-GTK4-in-user-agent-calls.patch	2023-11-14 15:15:44.000000000 +0100
@@ -0,0 +1,34 @@
+From: Esteban Mandirola <esteban.mandirola@despegar.com>
+Date: Fri, 13 May 2022 17:50:00 -0300
+Subject: Add support for GTK4 in user-agent calls
+Origin: https://gitlab.gnome.org/GNOME/NetworkManager-openconnect/-/commit/55688199533d9f75fe86d9b3f881f65c1ceccddb
+
+---
+ properties/nm-openconnect-editor.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/properties/nm-openconnect-editor.c b/properties/nm-openconnect-editor.c
+index 813ff4c010e3..3089dd826df6 100644
+--- a/properties/nm-openconnect-editor.c
++++ b/properties/nm-openconnect-editor.c
+@@ -350,7 +350,7 @@ init_editor_plugin (OpenconnectEditor *self, NMConnection *connection, GError **
+ 	if (s_vpn) {
+ 		value = nm_setting_vpn_get_data_item (s_vpn, NM_OPENCONNECT_KEY_USERAGENT);
+ 		if (value)
+-			gtk_entry_set_text (GTK_ENTRY (widget), value);
++			gtk_editable_set_text (GTK_EDITABLE (widget), value);
+ 	}
+ 	g_signal_connect (G_OBJECT (widget), "changed", G_CALLBACK (stuff_changed_cb), self);
+ 
+@@ -471,7 +471,7 @@ update_connection (NMVpnEditor *iface,
+ 		nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_PROXY, str);
+ 
+ 	widget = GTK_WIDGET (gtk_builder_get_object (priv->builder, "user_agent_entry"));
+-	str = (char *) gtk_entry_get_text (GTK_ENTRY (widget));
++	str = (char *) gtk_editable_get_text (GTK_EDITABLE (widget));
+ 	if (str && strlen (str))
+ 		nm_setting_vpn_add_data_item (s_vpn, NM_OPENCONNECT_KEY_USERAGENT, str);
+ 
+-- 
+2.42.0
+
diff -Nru network-manager-openconnect-1.2.8/debian/patches/series network-manager-openconnect-1.2.8/debian/patches/series
--- network-manager-openconnect-1.2.8/debian/patches/series	2022-05-21 15:33:22.000000000 +0200
+++ network-manager-openconnect-1.2.8/debian/patches/series	2023-11-14 15:15:44.000000000 +0100
@@ -1 +1,4 @@
 0001-Support-GlobalProtect-SAML-SSO-MFA.patch
+0002-Add-User-Agent-to-Openconnect-VPN-for-NetworkManager.patch
+0003-Use-openconnect_set_useragent-where-available.patch
+0004-Add-support-for-GTK4-in-user-agent-calls.patch
diff -Nru network-manager-openconnect-1.2.8/debian/salsa-ci.yml network-manager-openconnect-1.2.8/debian/salsa-ci.yml
--- network-manager-openconnect-1.2.8/debian/salsa-ci.yml	2022-03-14 00:08:09.000000000 +0100
+++ network-manager-openconnect-1.2.8/debian/salsa-ci.yml	2023-11-14 15:15:44.000000000 +0100
@@ -2,3 +2,7 @@
 include:
   - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
   - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
+variables:
+  RELEASE: 'bookworm'
+  SALSA_CI_LINTIAN_SUPPRESS_TAGS: "bad-distribution-in-changes-file"

--- End Message ---
--- Begin Message --- 
Package: release.debian.org
Version: 12.3

Hi,

Each of the updates discussed in these requests was included in this
morning's 12.3 bookworm point release.

Regards,

Adam

--- End Message ---
Reply to: