public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openconnect] f44: 9.20
@ 2026-06-14 14:22 David Woodhouse
0 siblings, 0 replies; only message in thread
From: David Woodhouse @ 2026-06-14 14:22 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openconnect
Branch : f44
Commit : 82a9ab12d6e940479a268286da8d8e9758376752
Author : David Woodhouse <dwmw2@infradead.org>
Date : 2026-06-14T15:22:33+01:00
Stats : +7/-134 in 3 file(s)
URL : https://src.fedoraproject.org/rpms/openconnect/c/82a9ab12d6e940479a268286da8d8e9758376752?branch=f44
Log:
9.20
---
diff --git a/openconnect-5fec1e2-fixed.patch b/openconnect-5fec1e2-fixed.patch
deleted file mode 100644
index 8212262..0000000
--- a/openconnect-5fec1e2-fixed.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From 19a7183c6c712601e2b8303ed9162da1e4c9a289 Mon Sep 17 00:00:00 2001
-From: David Woodhouse <dwmw2@infradead.org>
-Date: Wed, 1 Oct 2025 16:00:10 +0100
-Subject: [PATCH] Fix Cisco DTLS MTU detection
-
-New ASA firmware apparently doesn't send back the same payload in a DPD
-response, so we can't match on it. But it does thankfully still return
-responses of the same length, it seems. And the matching isn't important;
-if *any* packet of the given size gets through, that's good enough for
-the MTU detection. So just match the length.
-
-And once we start looking at it, it looks like the whole thing was hosed
-and would never even retry the same packet size as it was supposed to.
-Fix it all.
-
-Fixes: #823
-
-Signed-off-by: David Woodhouse <dwmw2@infradead.org>
----
- dtls.c | 51 ++++++++++++++++++++++++-----------------------
- www/changelog.xml | 1 +
- 2 files changed, 27 insertions(+), 25 deletions(-)
-
-diff --git a/dtls.c b/dtls.c
-index 2e723f2a..704c5045 100644
---- a/dtls.c
-+++ b/dtls.c
-@@ -474,7 +474,6 @@ static int probe_mtu(struct openconnect_info *vpninfo, unsigned char *buf)
- {
- int max, min, cur, ret, absolute_min, last;
- int tries = 0; /* Number of loops in bin search - includes resends */
-- uint32_t id, id_len;
- struct timeval start_tv, now_tv, last_tv;
-
- absolute_min = 576;
-@@ -492,13 +491,11 @@ static int probe_mtu(struct openconnect_info *vpninfo, unsigned char *buf)
- if (max <= min)
- goto fail;
-
-- /* Generate unique ID */
-- if (openconnect_random(&id, sizeof(id)) < 0)
-- goto fail;
--
- vpn_progress(vpninfo, PRG_DEBUG,
- _("Initiating MTU detection (min=%d, max=%d)\n"), min, max);
-
-+ memset(buf, 0x5a, max + 1);
-+
- gettimeofday(&start_tv, NULL);
- last_tv = start_tv;
-
-@@ -527,11 +524,10 @@ static int probe_mtu(struct openconnect_info *vpninfo, unsigned char *buf)
- #endif
-
- buf[0] = AC_PKT_DPD_OUT;
-- id_len = id + cur;
-- memcpy(&buf[1], &id_len, sizeof(id_len));
-
-- vpn_progress(vpninfo, PRG_TRACE,
-+ vpn_progress(vpninfo, PRG_DEBUG,
- _("Sending MTU DPD probe (%u bytes)\n"), cur);
-+ dump_buf_hex(vpninfo, PRG_TRACE, '>', buf, cur + 1);
- ret = openconnect_dtls_write(vpninfo, buf, cur + 1);
- if (ret != cur + 1) {
- vpn_progress(vpninfo, PRG_ERR,
-@@ -550,7 +546,6 @@ static int probe_mtu(struct openconnect_info *vpninfo, unsigned char *buf)
- last = cur;
- }
-
-- memset(buf, 0, sizeof(id)+1);
- keep_waiting:
- gettimeofday(&now_tv, NULL);
-
-@@ -576,30 +571,36 @@ static int probe_mtu(struct openconnect_info *vpninfo, unsigned char *buf)
- wait_ms = PKT_INTERVAL_MS;
-
- ret = openconnect_dtls_read(vpninfo, buf, max+1, wait_ms);
-- if (ret > 0 && (buf[0] != AC_PKT_DPD_RESP || !memcpy(&id_len, &buf[1], sizeof(id_len)) ||
-- id_len != id + ret - 1)) {
-+ if (ret > 0) {
-+ dump_buf_hex(vpninfo, PRG_TRACE, '<', buf, ret);
-+ if (buf[0] != AC_PKT_DPD_RESP || ret != cur + 1) {
-+ vpn_progress(vpninfo, PRG_DEBUG,
-+ _("Received unexpected packet (type 0x%02x, %d bytes, expected %d) in MTU detection; skipping.\n"),
-+ buf[0], ret, cur + 1);
-+ goto keep_waiting;
-+ }
-+
- vpn_progress(vpninfo, PRG_DEBUG,
-- _("Received unexpected packet (%.2x) in MTU detection; skipping.\n"), (unsigned)buf[0]);
-- goto keep_waiting;
-- }
-+ _("Received MTU DPD probe (%u bytes)\n"), ret - 1);
-+ ret--;
-+ tries = 0;
-+ } else if (ret == -ETIMEDOUT) {
-+ if (tries < 6)
-+ continue;
-
-- if (ret == -ETIMEDOUT) {
-- if (tries >= 6) {
-- vpn_progress(vpninfo, PRG_DEBUG,
-- _("No response to size %u after %d tries; declare MTU is %u\n"),
-- last, tries, min);
-+ vpn_progress(vpninfo, PRG_DEBUG,
-+ _("No response to size %u after %d tries (min %d max %d)\n"),
-+ last, tries, min, max);
-+ if (cur <= max)
-+ max = cur - 1;
-+ if (cur <= min + 1) {
- ret = min;
- goto out;
- }
-- } else if (ret < 0) {
-+ } else {
- vpn_progress(vpninfo, PRG_ERR,
- _("Failed to recv DPD request (%d)\n"), ret);
- goto fail;
-- } else if (ret > 0) {
-- vpn_progress(vpninfo, PRG_TRACE,
-- _("Received MTU DPD probe (%u bytes)\n"), ret - 1);
-- ret--;
-- tries = 0;
- }
-
- if (ret == max)
---
-GitLab
-
diff --git a/openconnect.spec b/openconnect.spec
index a7977ec..372f0f0 100644
--- a/openconnect.spec
+++ b/openconnect.spec
@@ -10,8 +10,8 @@
%endif
Name: openconnect
-Version: 9.12
-Release: 11%{?dist}
+Version: 9.20
+Release: 1%{?dist}
Summary: Open multi-protocol SSL VPN client
License: LGPL-2.1-or-later
URL: https://www.infradead.org/%{name}/
@@ -19,7 +19,6 @@ URL: https://www.infradead.org/%{name}/
Source0: %{url}/download/%{name}-%{version}.tar.gz
Source1: %{url}/download/%{name}-%{version}.tar.gz.asc
Source2: gpgkey-BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359.asc
-Patch0: openconnect-5fec1e2-fixed.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -119,6 +118,9 @@ make VERBOSE=1 check
%{_libdir}/pkgconfig/%{name}.pc
%changelog
+* Sat Jun 13 2026 David Woodhouse <dwmw2@infradead.org> - 9.20-1
+- Update to 9.20 release
+
* Mon Apr 27 2026 Angelo Theodorakis <angelotheo@meta.com> - 9.12-11
- Backport upstream commit 5fec1e2: Fix Cisco DTLS MTU detection
diff --git a/sources b/sources
index 7ac1bfc..4b4a71d 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
-SHA512 (openconnect-9.12.tar.gz) = 5c622e8bdfac3d21b5881660444e5d2b84e9463a99493d42cbfb480c3aa3972076bdeeb618aca02abed68e31dbeadcb66fb1c370e62a20f20cd544753c7ac48e
-SHA512 (openconnect-9.12.tar.gz.asc) = ade33209a4c17bbdfd0bea7490588b248c36c4da56a9aec60818ed6c96bc8c3570b1f2ac2685003122a1e52dd9d24e4b678d77e001c752461649114167a7304c
+SHA512 (openconnect-9.20.tar.gz.asc) = 188433840498d4db1ba0fcd92a78deb01f00d474830d5c0ed5c9db9336453b64cf56d9a7b53f8fad1ee74128cb79580c085037b72edae0121ce55d4088a5fc86
+SHA512 (openconnect-9.20.tar.gz) = 69532011d7d5462cdb5726213c66b6fd0025d8ba7a02d84f8ffabe9082bfecb9aa59f06426fbeab599bd98c952669018747a1657937da4a4df7d201f040edd93
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-14 14:22 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-14 14:22 [rpms/openconnect] f44: 9.20 David Woodhouse
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox