Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2018-05-16 11:39:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ocserv" Wed May 16 11:39:41 2018 rev:7 rq:606702 version:0.12.0 Changes: -------- --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes 2018-02-27 17:00:55.585606486 +0100 +++ /work/SRC/openSUSE:Factory/.ocserv.new/ocserv.changes 2018-05-16 11:41:25.420669839 +0200 @@ -1,0 +2,13 @@ +Fri May 11 08:08:54 UTC 2018 - [email protected] + +- Update to version 0.12.0 + * Allow DTLS stream to come from different IP from TLS stream. There are situations where internet providers send the UDP stream from different IP. + * Increased possibilities of allowed combinations of authentication methods. + * Corrected regression since 0.11.8 with OTP authentication. + * Added support for hostname-based virtual hosts, utilizing TLS SNI. With that change it is possible to configure multiple servers running over the same port. + * Rename the tun device on BSD systems which support SIOCSIFNAME ioctl. + * Correctly handle proxy-protocol’s health commands. That eliminates few connection drops when proxy protocol is in use. + * Corrected crash on certain cases when proxy protocol is in use. +- Update ocserv.config.patch due to upstream changes + +------------------------------------------------------------------- Old: ---- ocserv-0.11.10.tar.xz New: ---- ocserv-0.12.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ocserv.spec ++++++ --- /var/tmp/diff_new_pack.EgXzOq/_old 2018-05-16 11:41:26.308637522 +0200 +++ /var/tmp/diff_new_pack.EgXzOq/_new 2018-05-16 11:41:26.308637522 +0200 @@ -17,10 +17,10 @@ Name: ocserv -Version: 0.11.10 +Version: 0.12.0 Release: 0 Summary: OpenConnect VPN Server -License: GPL-2.0 +License: GPL-2.0-only Group: Productivity/Networking/Security Url: http://www.infradead.org/ocserv #Source: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz @@ -59,6 +59,7 @@ BuildRequires: pkgconfig BuildRequires: protobuf-c BuildRequires: readline-devel +BuildRequires: ruby2.5-rubygem-ronn BuildRequires: systemd-devel # /usr/bin/certtool for generating certificates Requires: gnutls >= 3.1.10 @@ -93,7 +94,6 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 -sed -i "s/\@AUTOGEN\@/autogen/" doc/Makefile.am autoreconf -fiv %build ++++++ ocserv-0.11.10.tar.xz -> ocserv-0.12.0.tar.xz ++++++ ++++ 57508 lines of diff (skipped) ++++++ ocserv.config.patch ++++++ --- /var/tmp/diff_new_pack.EgXzOq/_old 2018-05-16 11:41:26.752621365 +0200 +++ /var/tmp/diff_new_pack.EgXzOq/_new 2018-05-16 11:41:26.756621220 +0200 @@ -1,8 +1,8 @@ -Index: ocserv-0.11.10/doc/sample.config +Index: ocserv-0.12.0/doc/sample.config =================================================================== ---- ocserv-0.11.10.orig/doc/sample.config -+++ ocserv-0.11.10/doc/sample.config -@@ -47,7 +47,7 @@ +--- ocserv-0.12.0.orig/doc/sample.config ++++ ocserv-0.12.0/doc/sample.config +@@ -48,7 +48,7 @@ #auth = "pam" #auth = "pam[gid-min=1000]" #auth = "plain[passwd=./sample.passwd,otp=./sample.otp]" @@ -11,7 +11,7 @@ #auth = "certificate" #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]" -@@ -80,8 +80,8 @@ auth = "plain[passwd=./sample.passwd]" +@@ -83,8 +83,8 @@ auth = "plain[passwd=./sample.passwd]" #listen-host-is-dyndns = true # TCP and UDP port number @@ -22,27 +22,27 @@ # Accept connections using a socket file. It accepts HTTP # connections (i.e., without SSL/TLS unlike its TCP counterpart), -@@ -124,8 +124,8 @@ socket-file = /var/run/ocserv-socket - # - # There may be multiple server-cert and server-key directives, - # but each key should correspond to the preceding certificate. +@@ -132,8 +132,8 @@ socket-file = /var/run/ocserv-socket + + #server-cert = /etc/ocserv/server-cert.pem + #server-key = /etc/ocserv/server-key.pem -server-cert = ../tests/certs/server-cert.pem -server-key = ../tests/certs/server-key.pem +server-cert = /etc/ocserv/certificates/server-cert.pem +server-key = /etc/ocserv/certificates/server-key.pem - # Diffie-Hellman parameters. Only needed if you require support - # for the DHE ciphersuites (by default this server supports ECDHE). -@@ -151,7 +151,7 @@ server-key = ../tests/certs/server-key.p - # The Certificate Authority that will be used to verify + # Diffie-Hellman parameters. Only needed if for old (pre 3.6.0 + # versions of GnuTLS for supporting DHE ciphersuites. +@@ -160,7 +160,7 @@ server-key = ../tests/certs/server-key.pem # client certificates (public keys) if certificate authentication # is set. + #ca-cert = /etc/ocserv/ca.pem -ca-cert = ../tests/certs/ca.pem +ca-cert = /etc/ocserv/certificates/ca-cert.pem ### All configuration options below this line are reloaded on a SIGHUP. -@@ -171,7 +171,7 @@ ca-cert = ../tests/certs/ca.pem +@@ -180,7 +180,7 @@ ca-cert = ../tests/certs/ca.pem # the isolation was tested at. If you get random failures on worker processes, try # disabling that option and report the failures you, along with system and debugging # information at: https://gitlab.com/ocserv/ocserv/issues @@ -51,7 +51,7 @@ # A banner to be displayed on clients #banner = "Welcome" -@@ -234,7 +234,7 @@ mobile-dpd = 1800 +@@ -243,7 +243,7 @@ mobile-dpd = 1800 switch-to-tcp-timeout = 25 # MTU discovery (DPD must be enabled) @@ -60,7 +60,7 @@ # If you have a certificate from a CA that provides an OCSP # service you may provide a fresh OCSP status response within -@@ -398,8 +398,8 @@ rekey-method = ssl +@@ -407,8 +407,8 @@ rekey-method = ssl # STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes # output from the tun device, and the duration of the session in seconds. @@ -71,7 +71,7 @@ # UTMP # Register the connected clients to utmp. This will allow viewing -@@ -469,7 +469,8 @@ ipv4-netmask = 255.255.255.0 +@@ -478,7 +478,8 @@ ipv4-netmask = 255.255.255.0 # The advertized DNS server. Use multiple lines for # multiple servers. # dns = fc00::4be0 @@ -81,7 +81,7 @@ # The NBNS server (if any) #nbns = 192.168.1.3 -@@ -508,8 +509,8 @@ ping-leases = false +@@ -517,8 +518,8 @@ ping-leases = false # comment out all routes from the server, or use the special keyword # 'default'. @@ -92,10 +92,38 @@ #route = fef4:db8:1000:1001::/64 #route = default -Index: ocserv-0.11.10/doc/systemd/socket-activated/ocserv.socket +@@ -682,18 +683,18 @@ dtls-legacy = true + # An example virtual host with different authentication methods serviced + # by this server. + +-[vhost:www.example.com] +-auth = "certificate" ++#[vhost:www.example.com] ++#auth = "certificate" + +-ca-cert = ../tests/certs/ca.pem ++#ca-cert = ../tests/certs/ca.pem + + # The certificate set here must include a 'dns_name' corresponding to + # the virtual host name. + +-server-cert = ../tests/certs/server-cert-secp521r1.pem +-server-key = ../tests/certs/server-key-secp521r1.pem ++#server-cert = ../tests/certs/server-cert-secp521r1.pem ++#server-key = ../tests/certs/server-key-secp521r1.pem + +-ipv4-network = 192.168.2.0 +-ipv4-netmask = 255.255.255.0 ++#ipv4-network = 192.168.2.0 ++#ipv4-netmask = 255.255.255.0 + +-cert-user-oid = 0.9.2342.19200300.100.1.1 ++#cert-user-oid = 0.9.2342.19200300.100.1.1 + +Index: ocserv-0.12.0/doc/systemd/socket-activated/ocserv.socket =================================================================== ---- ocserv-0.11.10.orig/doc/systemd/socket-activated/ocserv.socket -+++ ocserv-0.11.10/doc/systemd/socket-activated/ocserv.socket +--- ocserv-0.12.0.orig/doc/systemd/socket-activated/ocserv.socket ++++ ocserv-0.12.0/doc/systemd/socket-activated/ocserv.socket @@ -2,8 +2,8 @@ Description=OpenConnect SSL VPN server Socket
