summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--net-vpn/networkmanager-openvpn/files/networkmanager-openvpn-1.10.2-openvpn-2.6-compat.patch43
-rw-r--r--net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.10.2-r1.ebuild58
2 files changed, 101 insertions, 0 deletions
diff --git a/net-vpn/networkmanager-openvpn/files/networkmanager-openvpn-1.10.2-openvpn-2.6-compat.patch b/net-vpn/networkmanager-openvpn/files/networkmanager-openvpn-1.10.2-openvpn-2.6-compat.patch
new file mode 100644
index 000000000000..2b8774b412e8
--- /dev/null
+++ b/net-vpn/networkmanager-openvpn/files/networkmanager-openvpn-1.10.2-openvpn-2.6-compat.patch
@@ -0,0 +1,43 @@
+https://bugs.gentoo.org/909361
+https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/commit/a790374f4c2e9e1657cbb8470357d72d4bd87916
+
+From a790374f4c2e9e1657cbb8470357d72d4bd87916 Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Mon, 28 Nov 2022 17:31:38 +0100
+Subject: [PATCH] Revert "service: automatically add the "cipher" to the
+ "data-ciphers""
+
+`--data-ciphers` has a default value of `AES-256-GCM:AES-128-GCM`. If
+we overwrite it with the value of `--cipher` we are diverging from
+openvpn behavior and this can cause authentication problems.
+
+https://gitlab.gnome.org/GNOME/NetworkManager-openvpn/-/issues/112
+
+This reverts commit 020ab0c4b872fa5415ed1a5e682acb3343c7b9f3.
+--- a/src/nm-openvpn-service.c
++++ b/src/nm-openvpn-service.c
+@@ -1676,22 +1676,6 @@ nm_openvpn_start_openvpn_binary (NMOpenvpnPlugin *plugin,
+
+ args_add_vpn_data (args, s_vpn, NM_OPENVPN_KEY_DATA_CIPHERS, "--data-ciphers");
+
+- if (nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_CIPHER) &&
+- !nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_DATA_CIPHERS) &&
+- openvpn_binary_detect_version_cached (openvpn_binary, &openvpn_binary_version) >=
+- nmovpn_version_encode (2, 5, 0)) {
+- /* Since 2.5, openvpn will warn if "cipher" is set but "data-ciphers" doesn't
+- * contain the cipher. It still used to automatically add the cipher.
+- * Since 2.6, the cipher is no longer automatically added, which is unlikely
+- * what the user wants.
+- *
+- * We automatically add it, so if the user only sets cipher (e.g. when
+- * having an old profile or targeting 2.4) it still works. So ciphers
+- * means something slightly different for the plugin, unless you set
+- * data-ciphers to anything. */
+- args_add_vpn_data (args, s_vpn, NM_OPENVPN_KEY_CIPHER, "--data-ciphers");
+- }
+-
+ args_add_vpn_data (args, s_vpn, NM_OPENVPN_KEY_TLS_CIPHER, "--tls-cipher");
+
+ tmp = nm_setting_vpn_get_data_item (s_vpn, NM_OPENVPN_KEY_KEYSIZE);
+--
+GitLab
diff --git a/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.10.2-r1.ebuild b/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.10.2-r1.ebuild
new file mode 100644
index 000000000000..d1c4cbfc07ea
--- /dev/null
+++ b/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.10.2-r1.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+GNOME_ORG_MODULE="NetworkManager-${PN##*-}"
+
+inherit gnome2
+
+DESCRIPTION="NetworkManager OpenVPN plugin"
+HOMEPAGE="https://gitlab.gnome.org/GNOME/NetworkManager-openvpn"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+IUSE="gtk test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+ >=dev-libs/glib-2.34:2
+ >=net-misc/networkmanager-1.7.0
+ >=net-vpn/openvpn-2.1
+ gtk? (
+ >=app-crypt/libsecret-0.18
+
+ >=net-libs/libnma-1.8.0
+ >=x11-libs/gtk+-3.4:3
+
+ >=gui-libs/gtk-4.0:4
+ >=net-libs/libnma-1.8.36
+ )
+"
+
+RDEPEND="
+ ${DEPEND}
+ acct-group/nm-openvpn
+ acct-user/nm-openvpn
+"
+
+BDEPEND="
+ >=sys-devel/gettext-0.19
+ virtual/pkgconfig
+"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-openvpn-2.6-compat.patch
+)
+
+src_configure() {
+ # --localstatedir=/var needed per bug #536248
+ gnome2_src_configure \
+ --localstatedir=/var \
+ --disable-more-warnings \
+ --disable-static \
+ --with-dist-version=Gentoo \
+ $(use_with gtk gnome) \
+ $(use_with gtk gtk4)
+}