[pkgsrc/trunk]: pkgsrc/net/openconnect Update to 9.01. From the changelog:

[schmonz <schmonz%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/0495fd350153
branches:  trunk
changeset: 386917:0495fd350153
user:      schmonz <schmonz%pkgsrc.org@localhost>
date:      Tue Oct 18 01:18:10 2022 +0000

description:
Update to 9.01. From the changelog:

9.01:
- Fix library minor version (missing bump to 5.8).

9.00:
- Add support for AnyConnect "Session Token Re-use Anchor Protocol"
  (STRAP) (#410).
- Add support for AnyConnect "external browser" SSO mode (!354).
- On Windows, fix crash on tunnel setup. (#370, 6a2ffbb)
- Bugfix RSA SecurID token decryption and PIN entry forms, broken in
  v8.20. (#388, !344)
- Support Cisco's multiple-certificate authentication (!194).
- Append internal=no to GlobalProtect authentication/configuration
  forms, for compatibility with servers which apparently require this to
  function properly. (#246, !337)
- Revert GlobalProtect default route handling change from v8.20. (!367)
- Support split-exclude routes for Fortinet. (#394, !345)
- Add openconnect_set_useragent() function.
- Add webview callback and SAML/SSO support for AnyConnect,
  GlobalProtect. (!126).

8.20:
- When the queue length (-Q option) is 16 or more, try using vhost-net
  to accelerate tun device access.
- Use epoll() where available.
- Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect. (#249)
- Make tncc-emulate.py work with Python 3.7+. (#152, !120)
- Emulated a newer version of GlobalProtect official clients, 5.1.5-8;
  was 4.0.2-19 (!131)
- Support Juniper login forms containing both password and 2FA
  token (!121)
- Explicitly disable 3DES and RC4, unless enabled with
  --allow-insecure-crypto (!114)
- Add obsolete-server-crypto test (!114)
- Allow protocols to delay tunnel setup and shutdown (!117)
- Support for GlobalProtect IPv6 (!155 and !188; previous work in
  d6db0ec)
- SIGUSR1 causes OpenConnect to log detailed connection information and
  statistics (!154)
- Allow --servercert to be specified multiple times in order to accept
  server certificates matching more than one possible fingerprint
  (!162, #25)
- Add insecure debugging build mode for developers (!112)
- Demangle default routes sent as split routes by GlobalProtect (!118)
- Improve GlobalProtect login argument decoding (!143)
- Add detection of authentication expiration date, intended to allow
  front-ends to cache and reuse authentication cookies/sessions (!156)
- Small bug fixes and clarification of many logging messages.
- Support more Juniper login forms, including some SSO forms (!171)
- Automatically build Windows installers for OpenConnect command-line
  interface (!176)
- Restore compatibility with newer Cisco servers, by no longer sending
  them the X-AnyConnect-Platform header (#101, !175)
- Add support for PPP-based protocols, currently over TLS only (!165).
- Add support for two PPP-based protocols, F5 with --protocol=f5 and
  Fortinet with --protocol=fortinet (!169).
- Add experimental support for Wintun Layer 3 TUN driver under Windows
  (#231, !178).
- Clean up and improve Windows routing/DNS configuration script
  (vpnc-scripts!26, vpnc-scripts!41, vpnc-scripts!44).
- On Windows, reclaim needed IP addresses from down network interfaces
  so that configuration script can succeed (!178).
- Fix output redirection under Windows (#229)
- More gracefully handle idle timeouts and other fatal errors for
  Juniper and Pulse (!187)
- Ignore failures to fetch the Juniper/oNCP landing page if the
  authentication was successful (3e779436).
- Add support for Array Networks SSL VPN (#102)
- Support TLSv1.3 with TPMv2 EC and RSA keys, add test cases for swtpm
  and hardware TPM. (ed80bfac...ee1cd782)
- Add openconnect_get_connect_url() to simplify passing correct server
  information to the connecting openconnect process.
  (NetworkManager-openconnect #46, #53)
- Disable brittle "system policy" enforcement where it cannot be
  gracefully overridden at user request. (RH#1960763).
- Pass "portal cookie" fields from GlobalProtect portal to gateway to
  avoid repetition of password- or SAML-based login (!199)
- With --user, enter username supplied via command-line into all
  authentication forms, not just the first. (#267, !220).
- Fix a subtle bug which has prevented ESP rekey and ESP-to-TLS fallback
  from working reliably with the Juniper/oNCP protocol since v8.04.
  (#322, !293).
- Fix a bug in csd-wrapper.sh which has prevented it from correctly
  downloading compressed Trojan binaries since at least v8.00. (!305)
- Make Windows socketpair emulation more robust in the face of Windows's
  ability to break its localhost routes. (#228, #361, !320)
- Perform proper disconnect and routes cleanup on Windows when receiving
  Ctrl+C or Ctrl+Break. (#362, !323)
- Improve logging in routing/DNS configuration scripts. (!328,
  vpnc-scripts!45)
- Support modified configuration packet from Pulse 9.1R14 servers
  (#379, !331)

diffstat:

 net/openconnect/Makefile                |   9 +++++----
 net/openconnect/distinfo                |   9 ++++-----
 net/openconnect/patches/patch-configure |  15 ---------------
 3 files changed, 9 insertions(+), 24 deletions(-)

diffs (58 lines):

diff -r 2cb68321bc0a -r 0495fd350153 net/openconnect/Makefile
--- a/net/openconnect/Makefile  Tue Oct 18 01:17:58 2022 +0000
+++ b/net/openconnect/Makefile  Tue Oct 18 01:18:10 2022 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.22 2022/06/30 11:18:43 nia Exp $
+# $NetBSD: Makefile,v 1.23 2022/10/18 01:18:10 schmonz Exp $
 
-DISTNAME=      openconnect-8.10
-PKGREVISION=   6
+DISTNAME=      openconnect-9.01
 CATEGORIES=    net security
-MASTER_SITES=  ftp://ftp.infradead.org/pub/openconnect/
+MASTER_SITES=  https://www.infradead.org/openconnect/download/ \
+               ftp://ftp.infradead.org/pub/openconnect/
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=      http://www.infradead.org/openconnect/
@@ -19,6 +19,7 @@
 CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR}
 CONFIGURE_ARGS+=       --with-vpnc-script=${PKG_SYSCONFDIR}/vpnc-script
 CONFIGURE_ARGS+=       --disable-nls
+CONFIGURE_ARGS+=       --disable-docs
 
 REPLACE_PYTHON=                trojans/*.py
 REPLACE_BASH=          trojans/*.sh
diff -r 2cb68321bc0a -r 0495fd350153 net/openconnect/distinfo
--- a/net/openconnect/distinfo  Tue Oct 18 01:17:58 2022 +0000
+++ b/net/openconnect/distinfo  Tue Oct 18 01:18:10 2022 +0000
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.13 2021/10/26 11:06:11 nia Exp $
+$NetBSD: distinfo,v 1.14 2022/10/18 01:18:10 schmonz Exp $
 
-BLAKE2s (openconnect-8.10.tar.gz) = 66f456ad82bf911e6aa63b460f486906066cd148756f3e02f97701e32500acd5
-SHA512 (openconnect-8.10.tar.gz) = a36a106cf5c637602fc5bd3cd12df8f6dfe55217c1aae93c66ca33208507f3f8cda15e3a46d75615c7fcea1859d1a04017a07674ad0246876154467305477356
-Size (openconnect-8.10.tar.gz) = 2084534 bytes
-SHA1 (patch-configure) = d9ecd9e7f726dc6982f401871f5c67ffc0ca7a15
+BLAKE2s (openconnect-9.01.tar.gz) = a56f3914b696aa3a11ea5a1732dec1b77c2aa8d6de72c3fb8f8abb3f9078ccfd
+SHA512 (openconnect-9.01.tar.gz) = b7428847a90f8ca9d1f1f61653c1f2486f0a07989f3b7435b746c5e901998194f4ee2b4f9569a548a23bba368bb1e9f273674c0759aac9df30208d2a6a303c34
+Size (openconnect-9.01.tar.gz) = 2718526 bytes
diff -r 2cb68321bc0a -r 0495fd350153 net/openconnect/patches/patch-configure
--- a/net/openconnect/patches/patch-configure   Tue Oct 18 01:17:58 2022 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,15 +0,0 @@
-$NetBSD: patch-configure,v 1.1 2020/06/05 15:50:31 bacon Exp $
-
-# Disable HTML docs
-
---- configure.orig     2020-05-26 02:45:24.000000000 +0000
-+++ configure
-@@ -18210,7 +18210,7 @@ fi
- 
- 
- 
--build_www=yes
-+build_www=no
- for ac_prog in python3 python2 python
- do
-   # Extract the first word of "$ac_prog", so it can be a program name with args.