gentoo resync : 25.10.2021

10 files changed, 14 insertions, 516 deletions

diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest
index ea3ade64a98c..5b166f73a971 100644
--- a/net-vpn/openconnect/Manifest
+++ b/net-vpn/openconnect/Manifest
@@ -1,17 +1,8 @@
-AUX 8.09-gnutls-buffer-overflow.patch 2172 BLAKE2B 6c1251936ad2606c9b68036820e930efc392132b365faa14e690a6df4daa339c24614f856423a2d7d04bcbb3b799e96486dfb18430a6b9d8016eaeaf60a19ee5 SHA512 d74920e6eb5f8ef6ca4dcf03cf8d47a5e2ed480573dfd0c8742851e9b830fc6b379b24e945c5b429a50919a7a5041f007ba76ba93dc22eaecb27e84a84a89011
 AUX README.OpenRC 416 BLAKE2B a7dcfde210b217d521fcb7c54eb41d07b0e32321aa9c6cc47c78ad7952ee5b6ceede5850de4c4e30891e29e2c4b631b99f65c2c696a9d4fa01ddd190346363bf SHA512 fed0a786466736cd891de7783994e86bb2a20bdb8aa2f9a18f55bc892be0e50d514855b120def151b6fac7e3d2b819510d7dbf496deca65579fea9b42206c49a
-AUX README.OpenRC.txt 715 BLAKE2B 1f76faac7bf705fc3a4adbb8902e0fbd3354e654f0af59cb59b92fc4188400c9dfeef0267ebe39c8eb4842df8a6421aaf472e7bd20097cdc0d620e10fbafd28a SHA512 172b845cc46465119d14e304a0ea9a13d28497bc9e80688eab3ccce0e14ee17917fb6b8a06dd7e9a4657ef4f51a023045ac45bc5d8823e29b2d0cb9854425f66
-AUX openconnect.conf.in 900 BLAKE2B d72a595e6292655a759d3cbc5daf18b2f5d4d2a4ce65e852742e9f4f816cb370566fc03be8958fcf579c1822d5fa098cdcbc2b3300764d22625f8bd62f0c2d03 SHA512 5c49123d5389426ad419415c036a076cec6993729624ee90b77bc570c6bb32579e862845fa79d12ff586e570fbbda16cbe55421d7b4ee39b5bca1ebdd84d9fc7
 AUX openconnect.confd 230 BLAKE2B 6013d6e415ad37f5c4b0d31df011c207978c2f266d94bc081b64c2950ef2a14fd80606abe0f950f443323b43811198838252f2a80e1f3812aed9397ca9809053 SHA512 d773926cf787c5f819f4bdd750ccc6de84a287ce7e0f7322b748a2fb1d88dc4822f8ea0f41c14c60054a54b69caeffe0fc9db76021667b44f0db013ed28cee1b
-AUX openconnect.init.in-r4 1775 BLAKE2B 2237238a2d149532e90c96190829e9ef51afa50487a0fd45c3c4d2e983fb8755bdf0de3eca44df740b286f4d353b03d71fcd2c2a27129f18031b2bd01989f738 SHA512 7b832550ef21ddb4b1c0eae7f3838b925745a5ebbdb74f1583fb8710b75175ebcbc7b1558ce95f59cd78542bec8bc01f7ab6d32ec4a5b168bb8a516a8907d362
 AUX openconnect.initd 664 BLAKE2B 5fcf983c474ccb10c2b785f1af161e6f85efcb19fe13abc9710a797633496a48ced470cac73cb9c51e3ad66f5efc9e5c559961cfb4213b12684133410614203c SHA512 5c75143e61fd215e13888b647357cf5626902b74cc4af2a8c147c95412ef9393572a8eb34cd5d86babedf2674ca5c3aa35991101a730a033b5af5c8ee9cc4ad9
 AUX openconnect.logrotate 116 BLAKE2B 308d088f7c06239ec68831e415df420362c1825ae279fa6f736f36df0bf2e7efc8ea6a4ab43d9b53680dd0ab5028c92bf70a0597b56a20da06b302457e7d5f07 SHA512 ea1b6caf6278fea515c299072ee799ab3676014784703d7fa8e4f4d7bfc4599650c386d9706a3e6d92c195c9e5e1628fa6efc1124e1ae72875cc9eaab73cb077
-DIST openconnect-8.09.tar.gz 2083279 BLAKE2B 4588c693a7a641faad271b034e8713f00fda04a872641e45a8ce3e1a236b8d2f4e1b8d973d20e7a9fc656f9460a0e990cbaada008d4ecf9a46353f20c25ac87a SHA512 f6890f5bce4b36b162e4590bce8a61d65fc0ae803d62a3dd408fbb13e96ce41b6443740132808491093032545aea919f9076e34bc11160c503c5e3c46457e7bd
 DIST openconnect-8.10.tar.gz 2084534 BLAKE2B 98ad0e24e09bc565f359139540f60eb9b6b5ed2239a9c46c56889b8554fc3de3605c10f1bb4fa0b0b206ba35404ae90a389ab8dcee54cf05a24d984529d24c2a SHA512 a36a106cf5c637602fc5bd3cd12df8f6dfe55217c1aae93c66ca33208507f3f8cda15e3a46d75615c7fcea1859d1a04017a07674ad0246876154467305477356
-DIST vpnc-scripts-20200226.tar.gz 21460 BLAKE2B 8f00ce3dc49725758abce27f3688946df1bbd4e92769ef02aa9ee66db8b9f41bef3442eaa5405ab1467476899c6d364dfea898ed924ca83497823a85515d48e5 SHA512 3a1eac4ccfaefb0f837189c8cef696b33ab8b8a68cb50a3ad29206b708d0aa479e8eed0c09bef6f60d056cd98d63cc898a1609d734030a63df3be2cfa6c00f9a
-DIST vpnc-scripts-20200930.tar.gz 22305 BLAKE2B 5db809ef674cb3cb8f1c775adc1e83debbda28fdcf47e0b0527efe6d1cea09781ef02b2827d9704140b884a85e7ec51fba497f47f6793520b471a7bba0dde6b6 SHA512 5f42bc7b168b5fdfc3ebd4bae52a42a654f102982852cc74240972e16e77fe0b54d82175e2a067e1d7e408bd14c3f465f7eb82b23b41885cb25a813d9587fd3d
-EBUILD openconnect-8.09-r3.ebuild 3079 BLAKE2B 030c6f46ebb04966924f6e51487608660e4d2157ae5364d413db5f8cf6c12d50b7b771c640a60047f14a2df1a33dbfc97ff6bf8e07916c496a844d47766aaef0 SHA512 5eabd5db4a6fff49744f8005a98f91f7b9eb0e1ad704cb63451fbd49b6564b294a2c39b3d8c887ebaaacfdaac780f4f255f0f46bba24186e31d9880524a156f1
-EBUILD openconnect-8.10-r5.ebuild 2778 BLAKE2B d92b86c623f8added6049222af6dd26083f83ced603bdf8cab34a3681e47928f9999d7518b48ed1ad92e9243db4f10a25df11eb2cbb34934bdaddf3c28dcb71d SHA512 5d778bef6808f0f0dc6ea5ba83ad515dc14de58fdca74a9c051507c7b7b4303a1da38c0c7dc736eaaf3b20181f2e40dd149dbc68f037db78e8561aec1f388ab5
-EBUILD openconnect-8.10.ebuild 3014 BLAKE2B ef2a3c2d603c2bfc155fc502009d49e0b6240e625ad7655dba2efb807531767d49ffdbc258ea24ebbd1654b36b36d156c52e3c9e900e1baad942243b74e686f7 SHA512 4c5afe5f42e3befa0aa5e5fc8a788ab1c7c637f1e7981102df9b51aff685f18a9302164edc8c2b5365ed439d2f605a3b74ec6392b61f2c19b0f4fe8c54ed8ae8
-EBUILD openconnect-9999.ebuild 2783 BLAKE2B 2e78bffa405e1d6a010abcdfdf4b7182c1189c3d5402aa8cc4f954b9a58efd48a9153ea7ab2c7a6e39da38fe7e863df9edf50f4840237aed852e08846d988567 SHA512 d3a65bbd01236738bd499ba13abd1d9b7cb752ed5e51de0582617828fd83109899ce55885c8ed8f359d9a3b2ae62cc6cb51f912b7a1c62e5e5cbb7aa67ce46dd
-MISC metadata.xml 524 BLAKE2B 8c9fc21b88e3dac2cd58d754d25dca9f12c835937c6265536767d242670ed6e12240ba2d9fc54e87ea265edd637c923eb97d03414f5846733076535126748cf4 SHA512 08d9d5104712ad4c311e87b18013868168f8fe5fc46f555c70e1bbfd8c066918ec1fa7f46ecd09b3b40db485da7f0155b1dde336e8baf48eccd5ea95abeabe79
+EBUILD openconnect-8.10-r6.ebuild 2886 BLAKE2B 9e755bfe27024b468fc029b83e1646be46e3ff2a5169d0d5a9703a0cbd458017afae5359fd650baee400fd4368fad49a6f86235cf587285dd715a17c8e5e0c6e SHA512 6a17c273c2cc7213635d8e8d97fa1b1885db6eaa0d42617eb3cfe0f694f2de7a4672921b103a9a7929301bea18c707b3d75e5011a5d999c4df02ddd2dee3f28d
+EBUILD openconnect-9999.ebuild 2891 BLAKE2B 1d57c5d59b90ee18227561c1a2fefeae492e33476fb469f13365d7aee9b95d43a4a3a6f4b9110b96eedaf875e518bee5e47d647012b7e4b9add28b9a3c60bf3f SHA512 68e4417b6f075496d7fad2863b487dc43ceb3790d7efd02d12e1a7c90f2b37d63d610ab422a6de783680f1b6f784faa18cb3e36254891945943b4c2ed787df14
+MISC metadata.xml 594 BLAKE2B 63b24f0d189e935368858b3f7f4160d9121847dc598ee6fb0cd8ed313d51e03de983584a48a799553349f779c6a18d1f080a906449fe0f4d05cec0f43c4a2c70 SHA512 6a474d13019ee9a325c3b262220a41b1faeaa3315500a2e73670bfea2cb2778036d107fcf783f89d286ec4125460b0cf7a19b85155f9b6b9f9d9459cbf87e070
diff --git a/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch b/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch
deleted file mode 100644
index bf8990ae3d3c..000000000000
--- a/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From eef4c1f9d24478aa1d2dd9ac7ec32efb2137f474 Mon Sep 17 00:00:00 2001
-From: Sergei Trofimovich <slyfox@gentoo.org>
-Date: Fri, 8 May 2020 10:39:41 -0400
-Subject: [PATCH] gnutls: prevent buffer overflow in get_cert_name
-
-The test suite for ocserv calls openconnect with a certificate that has
-a name that is 84 bytes in length. The buffer passed to get_cert_name is
-currently 80 bytes.
-
-The gnutls_x509_crt_get_dn_by_oid function will update the buffer size
-parameter if the buffer is too small.
-
-http://man7.org/linux/man-pages/man3/gnutls_x509_crt_get_dn_by_oid.3.html
-
-RETURNS
-       GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long
-       enough, and in that case the  buf_size will be updated with the
-       required size. GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there are no
-       data in the current index. On success 0 is returned.
-
-Use a temporary variable to avoid clobbering the namelen variable that is
-passed to get_cert_name.
-
-Bug: https://bugs.gentoo.org/721570
-Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
-Signed-off-by: Mike Gilbert <floppym@gentoo.org>
----
- gnutls.c | 17 ++++++++++++-----
- 1 file changed, 12 insertions(+), 5 deletions(-)
-
-diff --git a/gnutls.c b/gnutls.c
-index 36bc82e0..53bf2a43 100644
---- a/gnutls.c
-+++ b/gnutls.c
-@@ -546,12 +546,19 @@ static int count_x509_certificates(gnutls_datum_t *datum)
- 
- static int get_cert_name(gnutls_x509_crt_t cert, char *name, size_t namelen)
- {
-+	/* When the name buffer is not big enough, gnutls_x509_crt_get_dn*() will
-+	 * update the length argument to the required size, and return
-+	 * GNUTLS_E_SHORT_MEMORY_BUFFER. We need to avoid clobbering the original
-+	 * length variable. */
-+	size_t nl = namelen;
- 	if (gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME,
--					  0, 0, name, &namelen) &&
--	    gnutls_x509_crt_get_dn(cert, name, &namelen)) {
--		name[namelen-1] = 0;
--		snprintf(name, namelen-1, "<unknown>");
--		return -EINVAL;
-+					  0, 0, name, &nl)) {
-+		nl = namelen;
-+		if (gnutls_x509_crt_get_dn(cert, name, &nl)) {
-+			name[namelen-1] = 0;
-+			snprintf(name, namelen-1, "<unknown>");
-+			return -EINVAL;
-+		}
- 	}
- 	return 0;
- }
--- 
-2.26.2
-
diff --git a/net-vpn/openconnect/files/README.OpenRC.txt b/net-vpn/openconnect/files/README.OpenRC.txt
deleted file mode 100644
index 6bd43e62dfbc..000000000000
--- a/net-vpn/openconnect/files/README.OpenRC.txt
+++ /dev/null
@@ -1,25 +0,0 @@
-The init script for openconnect supports multiple vpn tunnels.
-
-You need to create a symbolic link to /etc/init.d/openconnect in /etc/init.d
-instead of calling it directly:
-
-ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0
-
-You can then start the vpn tunnel like this:
-
-/etc/init.d/openconnect.vpn0 start
-
-If you would like to run preup, postup, predown, and/or postdown scripts,
-You need to create a directory in /etc/openconnect with the name of the vpn:
-
-mkdir /etc/openconnect/vpn0
-
-Then add executable shell files:
-
-mkdir /etc/openconnect/vpn0
-cd /etc/openconnect/vpn0
-echo '#!/bin/sh' > preup.sh
-cp preup.sh predown.sh
-cp preup.sh postup.sh
-cp preup.sh postdown.sh
-chmod 755 /etc/openconnect/vpn0/*
diff --git a/net-vpn/openconnect/files/openconnect.conf.in b/net-vpn/openconnect/files/openconnect.conf.in
deleted file mode 100644
index 7e44f569c0c4..000000000000
--- a/net-vpn/openconnect/files/openconnect.conf.in
+++ /dev/null
@@ -1,26 +0,0 @@
-# Variables to configure vpn tunnels where "vpnname" is the name of your vpn tunnel:
-#
-# server_vpnname
-# password_vpnname
-# vpnopts_vpnname
-#
-# The tunnel will need to be started with a symbolic link to openconnect:
-#
-# ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpnname
-#
-# If you'd like to execute a script on preup, postup, predown and postdown of the vpn tunnel, you
-# need to create executable scripts in a directory with the same name as
-# the vpn tunnel (vpn0 can be replaced with the vpn name):
-#
-# mkdir /etc/openconnect/vpn0
-# cd /etc/openconnect/vpn0"
-# echo '#!/bin/sh' > preup.sh"
-# cp preup.sh predown.sh"
-# cp preup.sh postup.sh"
-# cp preup.sh postdown.sh"
-# chmod 755 /etc/openconnect/vpn0/*"
-
-server_vpn0="vpn.server.tld"
-password_vpn0="YOUR_PASSWORD"
-# Any OPENCONNECT options my go here (see openconnect --help)
-vpnopts_vpn0="-l --passwd-on-stdin --user=YOUR_USERNAME"
diff --git a/net-vpn/openconnect/files/openconnect.init.in-r4 b/net-vpn/openconnect/files/openconnect.init.in-r4
deleted file mode 100644
index 040edc76f637..000000000000
--- a/net-vpn/openconnect/files/openconnect.init.in-r4
+++ /dev/null
@@ -1,88 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-VPN="${RC_SVCNAME#*.}"
-VPNDIR="/etc/openconnect/${VPN}"
-VPNLOG="/var/log/openconnect/${VPN}"
-VPNLOGFILE="${VPNLOG}/openconnect.log"
-VPNERRFILE="${VPNLOG}/openconnect.err"
-
-command="/usr/sbin/openconnect"
-name="OpenConnect: ${VPN}"
-pidfile="/run/openconnect/${VPN}.pid"
-stopsig="SIGINT"
-
-depend() {
-	before netmount
-}
-
-checkconfig() {
-	if [ $VPN = "openconnect" ]; then
-		eerror "You cannot call openconnect directly. You must create a symbolic link to it with the vpn name:"
-		eerror
-		eerror "ln -s /etc/init.d/openconnect /etc/init.d/openconnect.vpn0"
-		eerror
-		eerror "And then call it instead:"
-		eerror
-		eerror "/etc/init.d/openconnect.vpn0 start"
-		return 1
-	fi
-}
-
-checktuntap() {
-	if [ "$RC_UNAME" = "Linux" -a ! -e /dev/net/tun ] ; then
-		if ! modprobe tun ; then
-			eerror "TUN/TAP support is not available in this kernel"
-			return 1
-		fi
-	fi
-}
-
-run_hook() {
-	if [ -x "$1" ]; then
-		"$@"
-	fi
-}
-
-start_pre() {
-	checkconfig || return
-	checktuntap || return
-	checkpath -d "${VPNLOG}" || return
-	checkpath -d /run/openconnect || return
-	run_hook "${VPNDIR}/preup.sh"
-}
-
-start() {
-	local server vpnopts password
-	eval server=\$server_${VPN}
-	eval vpnopts=\$vpnopts_${VPN}
-	eval password=\$password_${VPN}
-
-	ebegin "Starting ${name}"
-	start-stop-daemon --start --exec "${command}" -- \
-		--background \
-		--interface="${VPN}" \
-		--pid-file="${pidfile}" \
-		${vpnopts} \
-		"${server}" \
-		>> "${VPNLOGFILE}" \
-		2>> "${VPNERRFILE}" \
-		<<EOF
-${password}
-EOF
-	eend $?
-}
-
-start_post() {
-	run_hook "${VPNDIR}/postup.sh"
-}
-
-stop_pre() {
-	checkconfig || return
-	run_hook "${VPNDIR}/predown.sh"
-}
-
-stop_post() {
-	run_hook "${VPNDIR}/postdown.sh"
-}
diff --git a/net-vpn/openconnect/metadata.xml b/net-vpn/openconnect/metadata.xml
index 41262f103fd0..0660a620fe5b 100644
--- a/net-vpn/openconnect/metadata.xml
+++ b/net-vpn/openconnect/metadata.xml
@@ -12,6 +12,7 @@
 	<use>
 		<flag name="gssapi">Build GSSAPI support</flag>
 		<flag name="libproxy">Enable proxy support</flag>
+		<flag name="pskc">Enable PSKC file storage of HOTP/TOTP keys</flag>
 		<flag name="stoken">Enable stoken support</flag>
 	</use>
 </pkgmetadata>
diff --git a/net-vpn/openconnect/openconnect-8.09-r3.ebuild b/net-vpn/openconnect/openconnect-8.09-r3.ebuild
deleted file mode 100644
index c5c21a23d94d..000000000000
--- a/net-vpn/openconnect/openconnect-8.09-r3.ebuild
+++ /dev/null
@@ -1,152 +0,0 @@
-# Copyright 2011-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python{3_7,3_8,3_9} )
-PYTHON_REQ_USE="xml"
-
-inherit linux-info python-any-r1
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
-	inherit git-r3 autotools
-else
-	ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
-	KEYWORDS="amd64 arm arm64 ppc64 x86"
-fi
-VPNC_VER=20200226
-SRC_URI="${ARCHIVE_URI}
-	ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz"
-
-DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
-HOMEPAGE="http://www.infradead.org/openconnect.html"
-
-LICENSE="LGPL-2.1 GPL-2"
-SLOT="0/5"
-IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test"
-RESTRICT="!test? ( test )"
-
-DEPEND="
-	dev-libs/libxml2
-	sys-libs/zlib
-	!gnutls? (
-		>=dev-libs/openssl-1.0.1h:0=
-	)
-	gnutls? (
-		app-crypt/trousers
-		app-misc/ca-certificates
-		dev-libs/nettle
-		>=net-libs/gnutls-3.6.13:0=
-		dev-libs/libtasn1:0=
-		app-crypt/tpm2-tss
-	)
-	gssapi? ( virtual/krb5 )
-	libproxy? ( net-libs/libproxy )
-	lz4? ( app-arch/lz4:= )
-	nls? ( virtual/libintl )
-	smartcard? ( sys-apps/pcsc-lite:0= )
-	stoken? ( app-crypt/stoken )
-"
-RDEPEND="${DEPEND}
-	sys-apps/iproute2
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( ${PYTHON_DEPS} sys-apps/groff )
-	nls? ( sys-devel/gettext )
-	test? (
-		net-libs/socket_wrapper
-		net-vpn/ocserv
-		sys-libs/uid_wrapper
-	)
-"
-
-CONFIG_CHECK="~TUN"
-
-pkg_pretend() {
-	check_extra_config
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999 ]]; then
-		git-r3_src_unpack
-	fi
-	default
-}
-
-src_prepare() {
-	local PATCHES=(
-		"${FILESDIR}"/8.09-gnutls-buffer-overflow.patch
-	)
-	default
-	if [[ ${PV} == 9999 ]]; then
-		eautoreconf
-	fi
-}
-
-src_configure() {
-	if use doc; then
-		python_setup
-	else
-		export ac_cv_path_PYTHON=
-	fi
-
-	# Used by tests if userpriv is disabled
-	addwrite /run/netns
-
-	local myconf=(
-		--disable-dsa-tests
-		$(use_enable nls)
-		--disable-static
-		$(use_with !gnutls openssl)
-		$(use_with gnutls)
-		$(use_with libproxy)
-		$(use_with lz4)
-		$(use_with gssapi)
-		$(use_with smartcard libpcsclite)
-		$(use_with stoken)
-		--with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh"
-		--without-java
-	)
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local charset
-	for charset in UTF-8 ISO8859-2; do
-		if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
-			# If we don't have valid cs_CZ locale data, auth-nonascii will fail.
-			# Force a test skip by exiting with status 77.
-			sed -i -e '2i exit 77' tests/auth-nonascii || die
-			break
-		fi
-	done
-	default
-}
-
-src_install() {
-	default
-
-	find "${ED}" -name '*.la' -delete || die
-
-	dodoc "${FILESDIR}"/README.OpenRC.txt
-
-	newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect
-	insinto /etc/openconnect
-
-	newconfd "${FILESDIR}"/openconnect.conf.in openconnect
-
-	exeinto /etc/openconnect
-	newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/openconnect.logrotate openconnect
-
-	keepdir /var/log/openconnect
-}
diff --git a/net-vpn/openconnect/openconnect-8.10-r5.ebuild b/net-vpn/openconnect/openconnect-8.10-r6.ebuild
index d8210a2b00ad..da0988a8a8fc 100644
--- a/net-vpn/openconnect/openconnect-8.10-r5.ebuild
+++ b/net-vpn/openconnect/openconnect-8.10-r6.ebuild
@@ -21,14 +21,16 @@ HOMEPAGE="http://www.infradead.org/openconnect.html"
 
 LICENSE="LGPL-2.1 GPL-2"
 SLOT="0/5"
-IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test"
+IUSE="doc +gnutls gssapi libproxy lz4 nls pskc smartcard stoken test"
 RESTRICT="!test? ( test )"
 
 DEPEND="
 	dev-libs/libxml2
 	sys-libs/zlib
+	app-crypt/p11-kit
 	!gnutls? (
 		>=dev-libs/openssl-1.0.1h:0=
+		dev-libs/libp11
 	)
 	gnutls? (
 		app-crypt/trousers
@@ -42,6 +44,7 @@ DEPEND="
 	libproxy? ( net-libs/libproxy )
 	lz4? ( app-arch/lz4:= )
 	nls? ( virtual/libintl )
+	pskc? ( sys-auth/oath-toolkit[pskc] )
 	smartcard? ( sys-apps/pcsc-lite:0= )
 	stoken? ( app-crypt/stoken )
 "
@@ -103,6 +106,7 @@ src_configure() {
 		$(use_with libproxy)
 		$(use_with lz4)
 		$(use_with gssapi)
+		$(use_with pskc libpskc)
 		$(use_with smartcard libpcsclite)
 		$(use_with stoken)
 		--with-vpnc-script="${EPREFIX}/etc/vpnc/vpnc-script"
diff --git a/net-vpn/openconnect/openconnect-8.10.ebuild b/net-vpn/openconnect/openconnect-8.10.ebuild
deleted file mode 100644
index ff4f18582c19..000000000000
--- a/net-vpn/openconnect/openconnect-8.10.ebuild
+++ /dev/null
@@ -1,149 +0,0 @@
-# Copyright 2011-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python{3_7,3_8,3_9} )
-PYTHON_REQ_USE="xml"
-
-inherit linux-info python-any-r1
-
-if [[ ${PV} == 9999 ]]; then
-	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
-	inherit git-r3 autotools
-else
-	ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
-	KEYWORDS="~amd64 ~arm ~arm64 ~ppc64 ~x86"
-fi
-VPNC_VER=20200930
-SRC_URI="${ARCHIVE_URI}
-	ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz"
-
-DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
-HOMEPAGE="http://www.infradead.org/openconnect.html"
-
-LICENSE="LGPL-2.1 GPL-2"
-SLOT="0/5"
-IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test"
-RESTRICT="!test? ( test )"
-
-DEPEND="
-	dev-libs/libxml2
-	sys-libs/zlib
-	!gnutls? (
-		>=dev-libs/openssl-1.0.1h:0=
-	)
-	gnutls? (
-		app-crypt/trousers
-		app-misc/ca-certificates
-		dev-libs/nettle
-		>=net-libs/gnutls-3.6.13:0=
-		dev-libs/libtasn1:0=
-		app-crypt/tpm2-tss
-	)
-	gssapi? ( virtual/krb5 )
-	libproxy? ( net-libs/libproxy )
-	lz4? ( app-arch/lz4:= )
-	nls? ( virtual/libintl )
-	smartcard? ( sys-apps/pcsc-lite:0= )
-	stoken? ( app-crypt/stoken )
-"
-RDEPEND="${DEPEND}
-	sys-apps/iproute2
-"
-BDEPEND="
-	virtual/pkgconfig
-	doc? ( ${PYTHON_DEPS} sys-apps/groff )
-	nls? ( sys-devel/gettext )
-	test? (
-		net-libs/socket_wrapper
-		net-vpn/ocserv
-		sys-libs/uid_wrapper
-	)
-"
-
-CONFIG_CHECK="~TUN"
-
-pkg_pretend() {
-	check_extra_config
-}
-
-pkg_setup() {
-	:
-}
-
-src_unpack() {
-	if [[ ${PV} == 9999 ]]; then
-		git-r3_src_unpack
-	fi
-	default
-}
-
-src_prepare() {
-	default
-	if [[ ${PV} == 9999 ]]; then
-		eautoreconf
-	fi
-}
-
-src_configure() {
-	if use doc; then
-		python_setup
-	else
-		export ac_cv_path_PYTHON=
-	fi
-
-	# Used by tests if userpriv is disabled
-	addwrite /run/netns
-
-	local myconf=(
-		--disable-dsa-tests
-		$(use_enable nls)
-		--disable-static
-		$(use_with !gnutls openssl)
-		$(use_with gnutls)
-		$(use_with libproxy)
-		$(use_with lz4)
-		$(use_with gssapi)
-		$(use_with smartcard libpcsclite)
-		$(use_with stoken)
-		--with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh"
-		--without-java
-	)
-
-	econf "${myconf[@]}"
-}
-
-src_test() {
-	local charset
-	for charset in UTF-8 ISO8859-2; do
-		if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
-			# If we don't have valid cs_CZ locale data, auth-nonascii will fail.
-			# Force a test skip by exiting with status 77.
-			sed -i -e '2i exit 77' tests/auth-nonascii || die
-			break
-		fi
-	done
-	default
-}
-
-src_install() {
-	default
-
-	find "${ED}" -name '*.la' -delete || die
-
-	dodoc "${FILESDIR}"/README.OpenRC.txt
-
-	newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect
-	insinto /etc/openconnect
-
-	newconfd "${FILESDIR}"/openconnect.conf.in openconnect
-
-	exeinto /etc/openconnect
-	newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh
-
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}"/openconnect.logrotate openconnect
-
-	keepdir /var/log/openconnect
-}
diff --git a/net-vpn/openconnect/openconnect-9999.ebuild b/net-vpn/openconnect/openconnect-9999.ebuild
index b2332da693ea..5a6a3065e1dc 100644
--- a/net-vpn/openconnect/openconnect-9999.ebuild
+++ b/net-vpn/openconnect/openconnect-9999.ebuild
@@ -21,14 +21,16 @@ HOMEPAGE="http://www.infradead.org/openconnect.html"
 
 LICENSE="LGPL-2.1 GPL-2"
 SLOT="0/5"
-IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard stoken test"
+IUSE="doc +gnutls gssapi libproxy lz4 nls pskc smartcard stoken test"
 RESTRICT="!test? ( test )"
 
 DEPEND="
 	dev-libs/libxml2
 	sys-libs/zlib
+	app-crypt/p11-kit
 	!gnutls? (
 		>=dev-libs/openssl-1.0.1h:0=
+		dev-libs/libp11
 	)
 	gnutls? (
 		app-crypt/trousers
@@ -42,6 +44,7 @@ DEPEND="
 	libproxy? ( net-libs/libproxy )
 	lz4? ( app-arch/lz4:= )
 	nls? ( virtual/libintl )
+	pskc? ( sys-auth/oath-toolkit[pskc] )
 	smartcard? ( sys-apps/pcsc-lite:0= )
 	stoken? ( app-crypt/stoken )
 "
@@ -103,6 +106,7 @@ src_configure() {
 		$(use_with libproxy)
 		$(use_with lz4)
 		$(use_with gssapi)
+		$(use_with pskc libpskc)
 		$(use_with smartcard libpcsclite)
 		$(use_with stoken)
 		--with-vpnc-script="${EPREFIX}/etc/vpnc/vpnc-script"