commit ocserv for openSUSE:Factory
Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2020-08-29 20:42:15 Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new.3399 (New) Package is "ocserv" Sat Aug 29 20:42:15 2020 rev:15 rq:829969 version:1.1.0 Changes: --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes2020-07-06 16:36:09.608428995 +0200 +++ /work/SRC/openSUSE:Factory/.ocserv.new.3399/ocserv.changes 2020-08-29 20:42:31.085469367 +0200 @@ -1,0 +2,5 @@ +Wed Aug 19 10:46:22 UTC 2020 - Callum Farmer + +- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) + +--- Other differences: -- ++ ocserv.spec ++ --- /var/tmp/diff_new_pack.s4vqn3/_old 2020-08-29 20:42:31.637469597 +0200 +++ /var/tmp/diff_new_pack.s4vqn3/_new 2020-08-29 20:42:31.641469599 +0200 @@ -110,7 +110,7 @@ install -Dm 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysctl.d/60-ocserv.conf %if 0%{suse_version} >= 1500 -install -D -m 644 %{SOURCE6} %{buildroot}%{_libexecdir}/firewalld/services/ocserv.xml +install -D -m 644 %{SOURCE6} %{buildroot}%{_prefix}/lib/firewalld/services/ocserv.xml %endif install -d %{buildroot}%{_sysconfdir}/ocserv/certificates @@ -149,9 +149,9 @@ %config %{_sysconfdir}/ocserv %config(noreplace) %{_sysconfdir}/sysctl.d/60-ocserv.conf %if 0%{suse_version} >= 1500 -%dir %{_libexecdir}/firewalld -%dir %{_libexecdir}/firewalld/services -%{_libexecdir}/firewalld/services/ocserv.xml +%dir %{_prefix}/lib/firewalld +%dir %{_prefix}/lib/firewalld/services +%{_prefix}/lib/firewalld/services/ocserv.xml %endif %{_bindir}/occtl %{_bindir}/ocpasswd
commit ocserv for openSUSE:Factory
Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2020-07-06 16:33:07 Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new.3060 (New) Package is "ocserv" Mon Jul 6 16:33:07 2020 rev:14 rq:818952 version:1.1.0 Changes: --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes2020-07-05 01:23:21.393934275 +0200 +++ /work/SRC/openSUSE:Factory/.ocserv.new.3060/ocserv.changes 2020-07-06 16:36:09.608428995 +0200 @@ -1,0 +2,14 @@ +Fri Jul 3 17:34:58 UTC 2020 - Michael Du + +- Update to version 1.1.0: + * Switch from fork to fork/exec model to achieve better scaling +and ASLR protection. This introduces an ocserv-worker application +which should be installed at the same path as ocserv (#285). + * When Linux OOM takes control kill ocserv workers before +ocserv-main or ocserv-secmod (#283). + * Disable TCP queuing on the TLS port. + * Fix leak of GnuTLS session when DTLS connection is +re-established (#293). +- Verify source with keyring before build. + +--- Old: ocserv-1.0.1.tar.xz ocserv-1.0.1.tar.xz.sig ocserv.keyring New: gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg ocserv-1.1.0.tar.xz ocserv-1.1.0.tar.xz.sig Other differences: -- ++ ocserv.spec ++ --- /var/tmp/diff_new_pack.lqbvdB/_old 2020-07-06 16:36:10.760432541 +0200 +++ /var/tmp/diff_new_pack.lqbvdB/_new 2020-07-06 16:36:10.764432554 +0200 @@ -17,21 +17,21 @@ Name: ocserv -Version:1.0.1 +Version:1.1.0 Release:0 Summary:OpenConnect VPN Server License:GPL-2.0-only Group: Productivity/Networking/Security URL:http://www.infradead.org/ocserv Source: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz -Source100: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig -Source101: %{name}.keyring -Source1:ca.tmpl -Source2:server.tmpl -Source3:user.tmpl +Source1: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig +Source2:ca.tmpl +Source3:server.tmpl +Source4:user.tmpl Source5:ocserv.sysctl Source6:ocserv.firewalld.xml Source99: README.SUSE +Source100: gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg #PATCH-FIX-UPSTREAM marguer...@opensuse.org $LIBSYSTEMD_DAEMON env is not set on openSUSE Patch1: %{name}-enable-systemd.patch #PATCH-FIX-UPSTREAM marguer...@opensuse.org tweak configuration @@ -45,6 +45,7 @@ %endif BuildRequires: freeradius-client-devel BuildRequires: gperf +BuildRequires: gpg2 BuildRequires: libev-devel BuildRequires: libgnutls-devel >= 3.1.10 BuildRequires: libmaxminddb-devel @@ -89,6 +90,7 @@ A management interface allows for viewing and querying logged-in users. %prep +gpg --import %{SOURCE100} && gpg --verify %{SOURCE1} %setup -q %patch1 -p1 %patch2 -p1 @@ -112,9 +114,9 @@ %endif install -d %{buildroot}%{_sysconfdir}/ocserv/certificates -install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/ocserv/certificates install -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/ocserv/certificates install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/ocserv/certificates +install -m 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/ocserv/certificates install -m 0644 %{SOURCE99} %{buildroot}%{_sysconfdir}/ocserv/ install -m 0644 doc/sample.config %{buildroot}%{_sysconfdir}/ocserv/ocserv.conf install -m 0644 doc/sample.passwd %{buildroot}%{_sysconfdir}/ocserv/ocpasswd @@ -156,6 +158,7 @@ %{_bindir}/ocserv-script %{_bindir}/ocserv-fw %{_sbindir}/ocserv +%{_sbindir}/ocserv-worker %{_unitdir}/ocserv.service %{_unitdir}/ocserv.socket %{_mandir}/man8/occtl.8%{ext_man} ++ ocserv-1.0.1.tar.xz -> ocserv-1.1.0.tar.xz ++ 9341 lines of diff (skipped)
commit ocserv for openSUSE:Factory
Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2020-07-05 01:21:42 Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new.3060 (New) Package is "ocserv" Sun Jul 5 01:21:42 2020 rev:13 rq:818571 version:1.0.1 Changes: --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes2020-01-21 21:03:35.300939096 +0100 +++ /work/SRC/openSUSE:Factory/.ocserv.new.3060/ocserv.changes 2020-07-05 01:23:21.393934275 +0200 @@ -1,0 +2,49 @@ +Tue Apr 21 17:20:49 UTC 2020 - Martin Hauke + +- Add signature and keyring for source verification +- Build with support for maxminddb +- Build with support for OATH +- Update to version 1.0.1 + * Prevent clients that use broken versions of gnutls from +connecting using DTLS. + * occtl: added machine-readable fields in json output. + * occtl: IPs in ban list value is now reflecting the actual +banned IPs rather than the database size. +- Update to version 1.0.0 + * Avoid crash on invalid configuration values. + * Updated manpage generation to work with newer versions of ronn. + * Ensure scripts have all the information on all disconnection +types. + * Several updates to further restrict the control that worker +processes have on the main process. + * Add support for RFC6750 bearer tokens. This adds the "auth=oidc" +config option. See doc/README-oidc.md for more information. + * Add USER_AGENT, DEVICE_TYPE and DEVICE_PLATFORM environment +variables when connect/disconnect scripts execute. + * Corrected issue with DTLS-PSK negotiation which prevented it +from being enabled. + * Improved IPv6 handling of AnyConnect client for Apple ios. + * Fixed issue with Radius accounting. +- Update to version 0.12.6 + * Improved IPv6 support for anyconnect clients. + * The 'split-dns' configuration directive can be used per-user. + * The max-same-clients=1 configuration option no longer refuses +the reconnection of an already connected user. + * Added openat() to the accepted list of seccomp calls. This +allows ocserv to run under certain libcs. +- Update to version 0.12.5 + * Added configuration option udp-listen-host. This option +supports different listen addresses for tcp and udp such as +haproxy for tcp, but support dtls at the same time. + * occtl: fixed json output of show status command. Introduced +tests for checking its json output using yajl. + * occtl: use maxminddb when available. +- Update to version 0.12.4 + * Added support for radius access-challenge (multifactor) +authentication. + * Fixed race condition when connect-script and disconnect-script +are set, which could potentially cause a crash. + * Perform quicker cleanup of sessions which their user explicitly +disconnected. + +--- Old: ocserv-0.12.3.tar.xz New: ocserv-1.0.1.tar.xz ocserv-1.0.1.tar.xz.sig ocserv.keyring Other differences: -- ++ ocserv.spec ++ --- /var/tmp/diff_new_pack.sIFyZ4/_old 2020-07-05 01:23:26.057947975 +0200 +++ /var/tmp/diff_new_pack.sIFyZ4/_new 2020-07-05 01:23:26.061947987 +0200 @@ -1,7 +1,7 @@ # # spec file for package ocserv # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,17 +17,15 @@ Name: ocserv -Version:0.12.3 +Version:1.0.1 Release:0 Summary:OpenConnect VPN Server License:GPL-2.0-only Group: Productivity/Networking/Security URL:http://www.infradead.org/ocserv -#Source: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz -# released tarball has some problem, check out same thing from git -# git clone https://gitlab.com/ocserv/ocserv -# git checkout -b fce7610a -Source: %{name}-%{version}.tar.xz +Source: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz +Source100: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig +Source101: %{name}.keyring Source1:ca.tmpl Source2:server.tmpl Source3:user.tmpl @@ -49,6 +47,7 @@ BuildRequires: gperf BuildRequires: libev-devel BuildRequires: libgnutls-devel >= 3.1.10 +BuildRequires: libmaxminddb-devel BuildRequires: libnl3-devel BuildRequires: libprotobuf-c-devel BuildRequires: libseccomp-devel @@ -58,6 +57,7 @@ BuildRequires: pkgconfig BuildRequires: protobuf-c BuildRequires: readline-devel +BuildRequires: pkgconfig(liboath) BuildRequires: pkgconfig(libsystemd) BuildRequires: ru
commit ocserv for openSUSE:Factory
Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2020-01-21 21:02:46 Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new.26092 (New) Package is "ocserv" Tue Jan 21 21:02:46 2020 rev:12 rq:766080 version:0.12.3 Changes: --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes2019-08-14 11:38:14.496687518 +0200 +++ /work/SRC/openSUSE:Factory/.ocserv.new.26092/ocserv.changes 2020-01-21 21:03:35.300939096 +0100 @@ -1,0 +2,6 @@ +Thu Dec 19 14:56:10 UTC 2019 - Dominique Leuenberger + +- BuildRequire pkgconfig(libsystemd) instead of systemd-devel: + Allow OBS to shortcut through the -mini flavors. + +--- Other differences: -- ++ ocserv.spec ++ --- /var/tmp/diff_new_pack.so3lLL/_old 2020-01-21 21:03:37.184939975 +0100 +++ /var/tmp/diff_new_pack.so3lLL/_new 2020-01-21 21:03:37.188939977 +0100 @@ -1,7 +1,7 @@ # # spec file for package ocserv # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -22,7 +22,7 @@ Summary:OpenConnect VPN Server License:GPL-2.0-only Group: Productivity/Networking/Security -Url:http://www.infradead.org/ocserv +URL:http://www.infradead.org/ocserv #Source: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz # released tarball has some problem, check out same thing from git # git clone https://gitlab.com/ocserv/ocserv @@ -58,7 +58,7 @@ BuildRequires: pkgconfig BuildRequires: protobuf-c BuildRequires: readline-devel -BuildRequires: systemd-devel +BuildRequires: pkgconfig(libsystemd) BuildRequires: rubygem(ronn) # /usr/bin/certtool for generating certificates Requires: gnutls >= 3.1.10
commit ocserv for openSUSE:Factory
Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2019-08-14 11:38:10 Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new.9556 (New) Package is "ocserv" Wed Aug 14 11:38:10 2019 rev:11 rq:723235 version:0.12.3 Changes: --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes2019-04-26 22:54:41.921305525 +0200 +++ /work/SRC/openSUSE:Factory/.ocserv.new.9556/ocserv.changes 2019-08-14 11:38:14.496687518 +0200 @@ -1,0 +2,8 @@ +Wed Jul 24 13:28:00 UTC 2019 - matthias.gerst...@suse.com + +- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by + firewalld, see [1]. + + [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html + +--- Old: ocserv.SuSEfirewall Other differences: -- ++ ocserv.spec ++ --- /var/tmp/diff_new_pack.PDoAMh/_old 2019-08-14 11:38:15.024687423 +0200 +++ /var/tmp/diff_new_pack.PDoAMh/_new 2019-08-14 11:38:15.024687423 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -31,7 +31,6 @@ Source1:ca.tmpl Source2:server.tmpl Source3:user.tmpl -Source4:ocserv.SuSEfirewall Source5:ocserv.sysctl Source6:ocserv.firewalld.xml Source99: README.SUSE @@ -107,7 +106,6 @@ %install make %{?_smp_mflags} DESTDIR=%{buildroot} install -install -Dm 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ocserv install -Dm 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysctl.d/60-ocserv.conf %if 0%{suse_version} >= 1500 install -D -m 644 %{SOURCE6} %{buildroot}%{_libexecdir}/firewalld/services/ocserv.xml @@ -147,7 +145,6 @@ %doc AUTHORS NEWS README.md TODO %license COPYING LICENSE %config %{_sysconfdir}/ocserv -%config(noreplace) %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ocserv %config(noreplace) %{_sysconfdir}/sysctl.d/60-ocserv.conf %if 0%{suse_version} >= 1500 %dir %{_libexecdir}/firewalld
commit ocserv for openSUSE:Factory
Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2019-04-26 22:54:40 Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new.5536 (New) Package is "ocserv" Fri Apr 26 22:54:40 2019 rev:10 rq:697985 version:0.12.3 Changes: --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes2019-01-25 22:45:38.191060617 +0100 +++ /work/SRC/openSUSE:Factory/.ocserv.new.5536/ocserv.changes 2019-04-26 22:54:41.921305525 +0200 @@ -1,0 +2,11 @@ +Tue Apr 23 09:08:03 UTC 2019 - Michael Du + +- Update to version 0.12.3: + * Fixed crash when no DTLS ciphersuite is negotiated. + * Fixed crash happening arbitrarily depending on handled string +sizes (#197). + * Fixed compatibility issue with GnuTLS 3.3.x (#201). + * occtl: print the TLS session information, even if the DTLS +channel is not established. + +--- Old: ocserv-0.12.2.tar.xz New: ocserv-0.12.3.tar.xz Other differences: -- ++ ocserv.spec ++ --- /var/tmp/diff_new_pack.ZgqHTY/_old 2019-04-26 22:54:42.469305173 +0200 +++ /var/tmp/diff_new_pack.ZgqHTY/_new 2019-04-26 22:54:42.473305170 +0200 @@ -17,7 +17,7 @@ Name: ocserv -Version:0.12.2 +Version:0.12.3 Release:0 Summary:OpenConnect VPN Server License:GPL-2.0-only ++ ocserv-0.12.2.tar.xz -> ocserv-0.12.3.tar.xz ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ocserv-0.12.2/ChangeLog new/ocserv-0.12.3/ChangeLog --- old/ocserv-0.12.2/ChangeLog 2019-01-10 20:02:17.0 +0100 +++ new/ocserv-0.12.3/ChangeLog 2019-03-12 21:16:19.0 +0100 @@ -1,3 +1,129 @@ +2019-03-12 Nikos Mavrogiannopoulos + + * NEWS: NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos + +2019-03-12 Nikos Mavrogiannopoulos + + * NEWS, configure.ac: released 0.12.3 Signed-off-by: Nikos Mavrogiannopoulos + +2019-03-12 Nikos Mavrogiannopoulos + + * : commit 6cac2252033081de8ab3a8e078d0bc115e740080 Author: Nikos + Mavrogiannopoulos Date: Tue Mar 12 15:32:21 2019 + +0100 + +2019-03-12 Nikos Mavrogiannopoulos + + * src/worker-http.c: worker: workarounds string is made applicable + for gnutls 3.3 The %NO_SESSION_HASH priority string does not work with gnutls 3.3. + This fix does not include it into the priority string. Resolves: #201 Signed-off-by: Nikos Mavrogiannopoulos + +2019-02-22 Nikos Mavrogiannopoulos + + * NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos + +2019-02-22 Nikos Mavrogiannopoulos + + * NEWS: doc update Signed-off-by: Nikos Mavrogiannopoulos + +2019-02-22 Nikos Mavrogiannopoulos + + * : commit d3cb2e8f53eb36ae007c6dd5cfa6a8455d741b5e Author: Frank + Huang Date: Sun Feb 17 08:12:42 2019 + + +2019-01-31 Nikos Mavrogiannopoulos + + * src/main.c: main: removed unused code Signed-off-by: Nikos Mavrogiannopoulos + +2019-01-30 Nikos Mavrogiannopoulos + + * : commit 383c25e239a482b212699b9ccab72f94c9f84d5b Author: Nikos + Mavrogiannopoulos Date: Wed Jan 30 19:23:05 2019 + +0100 + +2019-01-30 Nikos Mavrogiannopoulos + + * README.md: README.md: updated URIs for new gitlab group Signed-off-by: Nikos Mavrogiannopoulos + +2019-01-30 Nikos Mavrogiannopoulos + + * : commit 385af4e8312118fef44299c6846a1b305e370fe6 Author: Nikos + Mavrogiannopoulos Date: Sun Jan 20 06:44:29 2019 + +0100 + +2019-01-20 Nikos Mavrogiannopoulos + + * .gitlab-ci.yml, tests/common.sh, + tests/data/multiple-routes.config, tests/data/test-ban.config, + tests/data/test-cert-opt-pass.config, + tests/data/test-ciphers.config, + tests/data/test-compression-lz4.config, + tests/data/test-compression-lzs.config, + tests/data/test-cookie-invalidation.config, + tests/data/test-cookie-timeout-2.config, + tests/data/test-cookie-timeout.config, + tests/data/test-ed25519.config, tests/data/test-enc-key.config, + tests/data/test-enc-key2.config, + tests/data/test-explicit-ip.config, + tests/data/test-group-cert.config, + tests/data/test-group-pass.config, + tests/data/test-gssapi-local-map.config, + tests/data/test-gssapi-opt-cert.config, + tests/data/test-gssapi-opt-pass.config, + tests/data/test-gssapi.config, tests/data/test-haproxy-auth.config, + tests/data/test-haproxy-connect.config, + tests/data/test-iroute.config, tests/data/test-multi-cookie.config, + tests/data/test-otp-cert.config, tests/data/test-otp.config, +
commit ocserv for openSUSE:Factory
Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2019-01-25 22:45:36 Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new.28833 (New) Package is "ocserv" Fri Jan 25 22:45:36 2019 rev:9 rq:668707 version:0.12.2 Changes: --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes2018-05-29 16:52:23.287568380 +0200 +++ /work/SRC/openSUSE:Factory/.ocserv.new.28833/ocserv.changes 2019-01-25 22:45:38.191060617 +0100 @@ -1,0 +2,9 @@ +Fri Jan 25 14:54:35 UTC 2019 - Michael Du + +- Update to version 0.12.2: + * Added support for AES256-SHA legacy cipher. This allows the +anyconnect clients to use AES256. + * Added support for the DTLS1.2 protocol hack used by new +Anyconnect clients. + +--- Old: ocserv-0.12.1.tar.xz New: ocserv-0.12.2.tar.xz Other differences: -- ++ ocserv.spec ++ --- /var/tmp/diff_new_pack.CtVjHP/_old 2019-01-25 22:45:39.159059485 +0100 +++ /var/tmp/diff_new_pack.CtVjHP/_new 2019-01-25 22:45:39.163059480 +0100 @@ -1,7 +1,7 @@ # # spec file for package ocserv # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,12 +12,12 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # Name: ocserv -Version:0.12.1 +Version:0.12.2 Release:0 Summary:OpenConnect VPN Server License:GPL-2.0-only @@ -59,8 +59,8 @@ BuildRequires: pkgconfig BuildRequires: protobuf-c BuildRequires: readline-devel -BuildRequires: ruby2.5-rubygem-ronn BuildRequires: systemd-devel +BuildRequires: rubygem(ronn) # /usr/bin/certtool for generating certificates Requires: gnutls >= 3.1.10 BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -144,7 +144,8 @@ %files %defattr(-,root,root) -%doc AUTHORS LICENSE NEWS README.md COPYING TODO +%doc AUTHORS NEWS README.md TODO +%license COPYING LICENSE %config %{_sysconfdir}/ocserv %config(noreplace) %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ocserv %config(noreplace) %{_sysconfdir}/sysctl.d/60-ocserv.conf ++ ocserv-0.12.1.tar.xz -> ocserv-0.12.2.tar.xz ++ 4492 lines of diff (skipped)
commit ocserv for openSUSE:Factory
Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2018-05-29 16:52:22 Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new (New) Package is "ocserv" Tue May 29 16:52:22 2018 rev:8 rq:612713 version:0.12.1 Changes: --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes2018-05-16 11:41:25.420669839 +0200 +++ /work/SRC/openSUSE:Factory/.ocserv.new/ocserv.changes 2018-05-29 16:52:23.287568380 +0200 @@ -1,0 +2,7 @@ +Thu May 17 10:48:43 UTC 2018 - duyizhaozj...@yahoo.com + +- Update to version 0.12.1: + * Fixed crash on initialization when server was running on background + * Work around issues with GnuTLS 3.4.x on ubuntu 16.04, at the cost of a memory leak on key reload + +--- Old: ocserv-0.12.0.tar.xz New: ocserv-0.12.1.tar.xz Other differences: -- ++ ocserv.spec ++ --- /var/tmp/diff_new_pack.J7yq1E/_old 2018-05-29 16:52:24.483524378 +0200 +++ /var/tmp/diff_new_pack.J7yq1E/_new 2018-05-29 16:52:24.487524230 +0200 @@ -17,7 +17,7 @@ Name: ocserv -Version:0.12.0 +Version:0.12.1 Release:0 Summary:OpenConnect VPN Server License:GPL-2.0-only ++ ocserv-0.12.0.tar.xz -> ocserv-0.12.1.tar.xz ++ 2161 lines of diff (skipped)
commit ocserv for openSUSE:Factory
Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2018-05-16 11:39:41 Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new (New) Package is "ocserv" Wed May 16 11:39:41 2018 rev:7 rq:606702 version:0.12.0 Changes: --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes2018-02-27 17:00:55.585606486 +0100 +++ /work/SRC/openSUSE:Factory/.ocserv.new/ocserv.changes 2018-05-16 11:41:25.420669839 +0200 @@ -1,0 +2,13 @@ +Fri May 11 08:08:54 UTC 2018 - duyizhaozj...@yahoo.com + +- Update to version 0.12.0 + * Allow DTLS stream to come from different IP from TLS stream. There are situations where internet providers send the UDP stream from different IP. + * Increased possibilities of allowed combinations of authentication methods. + * Corrected regression since 0.11.8 with OTP authentication. + * Added support for hostname-based virtual hosts, utilizing TLS SNI. With that change it is possible to configure multiple servers running over the same port. + * Rename the tun device on BSD systems which support SIOCSIFNAME ioctl. + * Correctly handle proxy-protocol’s health commands. That eliminates few connection drops when proxy protocol is in use. + * Corrected crash on certain cases when proxy protocol is in use. +- Update ocserv.config.patch due to upstream changes + +--- Old: ocserv-0.11.10.tar.xz New: ocserv-0.12.0.tar.xz Other differences: -- ++ ocserv.spec ++ --- /var/tmp/diff_new_pack.EgXzOq/_old 2018-05-16 11:41:26.308637522 +0200 +++ /var/tmp/diff_new_pack.EgXzOq/_new 2018-05-16 11:41:26.308637522 +0200 @@ -17,10 +17,10 @@ Name: ocserv -Version:0.11.10 +Version:0.12.0 Release:0 Summary:OpenConnect VPN Server -License:GPL-2.0 +License:GPL-2.0-only Group: Productivity/Networking/Security Url:http://www.infradead.org/ocserv #Source: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz @@ -59,6 +59,7 @@ BuildRequires: pkgconfig BuildRequires: protobuf-c BuildRequires: readline-devel +BuildRequires: ruby2.5-rubygem-ronn BuildRequires: systemd-devel # /usr/bin/certtool for generating certificates Requires: gnutls >= 3.1.10 @@ -93,7 +94,6 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 -sed -i "s/\@AUTOGEN\@/autogen/" doc/Makefile.am autoreconf -fiv %build ++ ocserv-0.11.10.tar.xz -> ocserv-0.12.0.tar.xz ++ 57508 lines of diff (skipped) ++ ocserv.config.patch ++ --- /var/tmp/diff_new_pack.EgXzOq/_old 2018-05-16 11:41:26.752621365 +0200 +++ /var/tmp/diff_new_pack.EgXzOq/_new 2018-05-16 11:41:26.756621220 +0200 @@ -1,8 +1,8 @@ -Index: ocserv-0.11.10/doc/sample.config +Index: ocserv-0.12.0/doc/sample.config === ocserv-0.11.10.orig/doc/sample.config -+++ ocserv-0.11.10/doc/sample.config -@@ -47,7 +47,7 @@ +--- ocserv-0.12.0.orig/doc/sample.config ocserv-0.12.0/doc/sample.config +@@ -48,7 +48,7 @@ #auth = "pam" #auth = "pam[gid-min=1000]" #auth = "plain[passwd=./sample.passwd,otp=./sample.otp]" @@ -11,7 +11,7 @@ #auth = "certificate" #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]" -@@ -80,8 +80,8 @@ auth = "plain[passwd=./sample.passwd]" +@@ -83,8 +83,8 @@ auth = "plain[passwd=./sample.passwd]" #listen-host-is-dyndns = true # TCP and UDP port number @@ -22,27 +22,27 @@ # Accept connections using a socket file. It accepts HTTP # connections (i.e., without SSL/TLS unlike its TCP counterpart), -@@ -124,8 +124,8 @@ socket-file = /var/run/ocserv-socket - # - # There may be multiple server-cert and server-key directives, - # but each key should correspond to the preceding certificate. +@@ -132,8 +132,8 @@ socket-file = /var/run/ocserv-socket + + #server-cert = /etc/ocserv/server-cert.pem + #server-key = /etc/ocserv/server-key.pem -server-cert = ../tests/certs/server-cert.pem -server-key = ../tests/certs/server-key.pem +server-cert = /etc/ocserv/certificates/server-cert.pem +server-key = /etc/ocserv/certificates/server-key.pem - # Diffie-Hellman parameters. Only needed if you require support - # for the DHE ciphersuites (by default this server supports ECDHE). -@@ -151,7 +151,7 @@ server-key = ../tests/certs/server-key.p - # The Certificate Authority that will be used to verify + # Diffie-Hellman parameters. Only needed if for old (pre 3.6.0 + # versions of GnuTLS for supporting DHE ciphersuites. +@@ -160,7 +160,7 @@ server-key = ../tests/certs/server-key.pem # client certificates (public keys) if
commit ocserv for openSUSE:Factory
Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2018-02-27 17:00:28 Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new (New) Package is "ocserv" Tue Feb 27 17:00:28 2018 rev:6 rq:580606 version:0.11.10 Changes: --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes2018-02-26 23:25:39.797230750 +0100 +++ /work/SRC/openSUSE:Factory/.ocserv.new/ocserv.changes 2018-02-27 17:00:55.585606486 +0100 @@ -1,0 +2,5 @@ +Tue Feb 27 02:50:33 UTC 2018 - i...@marguerite.su + +- add firewalld service + +--- New: ocserv.firewalld.xml Other differences: -- ++ ocserv.spec ++ --- /var/tmp/diff_new_pack.V5ywSB/_old 2018-02-27 17:00:56.833561396 +0100 +++ /var/tmp/diff_new_pack.V5ywSB/_new 2018-02-27 17:00:56.837561252 +0100 @@ -33,6 +33,7 @@ Source3:user.tmpl Source4:ocserv.SuSEfirewall Source5:ocserv.sysctl +Source6:ocserv.firewalld.xml Source99: README.SUSE #PATCH-FIX-UPSTREAM marguer...@opensuse.org $LIBSYSTEMD_DAEMON env is not set on openSUSE Patch1: %{name}-enable-systemd.patch @@ -42,6 +43,9 @@ Patch3: %{name}-LZ4_compress_default.patch BuildRequires: autogen BuildRequires: dbus-1-devel +%if 0%{suse_version} >= 1500 +BuildRequires: firewall-macros +%endif BuildRequires: freeradius-client-devel BuildRequires: gperf BuildRequires: libev-devel @@ -105,6 +109,9 @@ install -Dm 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ocserv install -Dm 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysctl.d/60-ocserv.conf +%if 0%{suse_version} >= 1500 +install -D -m 644 %{SOURCE6} %{buildroot}%{_libexecdir}/firewalld/services/ocserv.xml +%endif install -d %{buildroot}%{_sysconfdir}/ocserv/certificates install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/ocserv/certificates @@ -125,6 +132,9 @@ %post %service_add_post ocserv.service ocserv.socket +%if 0%{suse_version} >= 1500 +%firewalld_reload +%endif %preun %service_del_preun ocserv.service ocserv.socket @@ -138,6 +148,11 @@ %config %{_sysconfdir}/ocserv %config(noreplace) %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ocserv %config(noreplace) %{_sysconfdir}/sysctl.d/60-ocserv.conf +%if 0%{suse_version} >= 1500 +%dir %{_libexecdir}/firewalld +%dir %{_libexecdir}/firewalld/services +%{_libexecdir}/firewalld/services/ocserv.xml +%endif %{_bindir}/occtl %{_bindir}/ocpasswd %{_bindir}/ocserv-script ++ ocserv.firewalld.xml ++ ocserv open ports for ocserv vpn service
commit ocserv for openSUSE:Factory
Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2018-02-26 23:25:39 Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new (New) Package is "ocserv" Mon Feb 26 23:25:39 2018 rev:5 rq:580001 version:0.11.10 Changes: --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes2017-05-31 12:20:03.105778390 +0200 +++ /work/SRC/openSUSE:Factory/.ocserv.new/ocserv.changes 2018-02-26 23:25:39.797230750 +0100 @@ -1,0 +2,10 @@ +Sat Feb 24 05:43:55 UTC 2018 - i...@marguerite.su + +- update version 0.11.10 + * see NEWS +- drop boo1021353-ocserv-doc-racing-in-parallel-build.patch + * upstreamed +- add ocserv-LZ4_compress_default.patch + * leap doesn't have LZ4_compress_default + +--- Old: boo1021353-ocserv-doc-racing-in-parallel-build.patch ocserv-0.11.6.tar.xz New: ocserv-0.11.10.tar.xz ocserv-LZ4_compress_default.patch Other differences: -- ++ ocserv.spec ++ --- /var/tmp/diff_new_pack.lctHIA/_old 2018-02-26 23:25:40.897191190 +0100 +++ /var/tmp/diff_new_pack.lctHIA/_new 2018-02-26 23:25:40.901191046 +0100 @@ -1,7 +1,7 @@ # # spec file for package ocserv # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: ocserv -Version:0.11.6 +Version:0.11.10 Release:0 Summary:OpenConnect VPN Server License:GPL-2.0 @@ -38,8 +38,8 @@ Patch1: %{name}-enable-systemd.patch #PATCH-FIX-UPSTREAM marguer...@opensuse.org tweak configuration Patch2: %{name}.config.patch -#PATCH-FIX-UPSTREAM marguer...@opensuse.org avoid racing problem when building documentation in parallel -Patch3: boo1021353-ocserv-doc-racing-in-parallel-build.patch +#PATCH-FIX-OPENSUSE marguer...@opensuse.org leap doesn't have LZ4_compress_default +Patch3: %{name}-LZ4_compress_default.patch BuildRequires: autogen BuildRequires: dbus-1-devel BuildRequires: freeradius-client-devel ++ ocserv-0.11.6.tar.xz -> ocserv-0.11.10.tar.xz ++ 87129 lines of diff (skipped) ++ ocserv-LZ4_compress_default.patch ++ Index: ocserv-0.11.10/src/worker-http.c === --- ocserv-0.11.10.orig/src/worker-http.c +++ ocserv-0.11.10/src/worker-http.c @@ -137,7 +137,11 @@ int lz4_compress(void *dst, int dstlen, { /* we intentionally restrict output to srclen so that * compression fails early for packets that expand. */ +#ifdef LZ4_COMPRESS_DEFAULT return LZ4_compress_default(src, dst, srclen, srclen); +#else + return LZ4_compress_limitedOutput(src, dst, srclen, srclen); +#endif } #endif ++ ocserv.config.patch ++ --- /var/tmp/diff_new_pack.lctHIA/_old 2018-02-26 23:25:41.345175079 +0100 +++ /var/tmp/diff_new_pack.lctHIA/_new 2018-02-26 23:25:41.345175079 +0100 @@ -1,8 +1,8 @@ -Index: b/doc/sample.config +Index: ocserv-0.11.10/doc/sample.config === a/doc/sample.config -+++ b/doc/sample.config -@@ -41,7 +41,7 @@ +--- ocserv-0.11.10.orig/doc/sample.config ocserv-0.11.10/doc/sample.config +@@ -47,7 +47,7 @@ #auth = "pam" #auth = "pam[gid-min=1000]" #auth = "plain[passwd=./sample.passwd,otp=./sample.otp]" @@ -11,7 +11,7 @@ #auth = "certificate" #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]" -@@ -74,8 +74,8 @@ auth = "plain[passwd=./sample.passwd]" +@@ -80,8 +80,8 @@ auth = "plain[passwd=./sample.passwd]" #listen-host-is-dyndns = true # TCP and UDP port number @@ -22,7 +22,7 @@ # Accept connections using a socket file. It accepts HTTP # connections (i.e., without SSL/TLS unlike its TCP counterpart), -@@ -110,8 +110,8 @@ socket-file = /var/run/ocserv-socket +@@ -124,8 +124,8 @@ socket-file = /var/run/ocserv-socket # # There may be multiple server-cert and server-key directives, # but each key should correspond to the preceding certificate. @@ -33,7 +33,7 @@ # Diffie-Hellman parameters. Only needed if you require support # for the DHE ciphersuites (by default this server supports ECDHE). -@@ -137,7 +137,7 @@ server-key = ../tests/certs/server-key.p +@@ -151,7 +151,7 @@ server-key = ../tests/certs/server-key.p # The Certificate Authority that will be used to verify # client certificates (public keys) if certificate authentication # is set. @@ -42,7 +4
commit ocserv for openSUSE:Factory
Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2017-05-31 12:19:14 Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new (New) Package is "ocserv" Wed May 31 12:19:14 2017 rev:4 rq:498971 version:0.11.6 Changes: --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes2017-01-25 23:31:44.494744426 +0100 +++ /work/SRC/openSUSE:Factory/.ocserv.new/ocserv.changes 2017-05-31 12:20:03.105778390 +0200 @@ -1,0 +2,6 @@ +Thu May 11 08:35:51 UTC 2017 - dims...@opensuse.org + +- Use readline (current) instead of readline5: + + Replace readline5-devel BuildRequires with readline-devel. + +--- Other differences: -- ++ ocserv.spec ++ --- /var/tmp/diff_new_pack.Tndi7S/_old 2017-05-31 12:20:04.737548042 +0200 +++ /var/tmp/diff_new_pack.Tndi7S/_new 2017-05-31 12:20:04.741547477 +0200 @@ -54,7 +54,7 @@ BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: protobuf-c -BuildRequires: readline5-devel +BuildRequires: readline-devel BuildRequires: systemd-devel # /usr/bin/certtool for generating certificates Requires: gnutls >= 3.1.10
commit ocserv for openSUSE:Factory
Hello community, here is the log from the commit of package ocserv for openSUSE:Factory checked in at 2017-01-25 23:31:43 Comparing /work/SRC/openSUSE:Factory/ocserv (Old) and /work/SRC/openSUSE:Factory/.ocserv.new (New) Package is "ocserv" Changes: --- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes2017-01-09 10:56:07.216453276 +0100 +++ /work/SRC/openSUSE:Factory/.ocserv.new/ocserv.changes 2017-01-25 23:31:44.494744426 +0100 @@ -1,0 +2,10 @@ +Mon Jan 23 16:35:52 UTC 2017 - i...@marguerite.su + +- fix boo#1021353: ocserv randomly misbuilds man pages +- add patch: boo1021353-ocserv-doc-racing-in-parallel-build.patch + * occtl and ocpasswd are both built from args.def, which +will cause a racing problem in parallel builds that autogen +write contents randomly. fixed by adding a prefix to make +them different in filename. + +--- New: boo1021353-ocserv-doc-racing-in-parallel-build.patch Other differences: -- ++ ocserv.spec ++ --- /var/tmp/diff_new_pack.656IjJ/_old 2017-01-25 23:31:45.170642563 +0100 +++ /var/tmp/diff_new_pack.656IjJ/_new 2017-01-25 23:31:45.174641961 +0100 @@ -1,7 +1,7 @@ # # spec file for package ocserv # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -38,6 +38,8 @@ Patch1: %{name}-enable-systemd.patch #PATCH-FIX-UPSTREAM marguer...@opensuse.org tweak configuration Patch2: %{name}.config.patch +#PATCH-FIX-UPSTREAM marguer...@opensuse.org avoid racing problem when building documentation in parallel +Patch3: boo1021353-ocserv-doc-racing-in-parallel-build.patch BuildRequires: autogen BuildRequires: dbus-1-devel BuildRequires: freeradius-client-devel @@ -86,6 +88,7 @@ %setup -q %patch1 -p1 %patch2 -p1 +%patch3 -p1 sed -i "s/\@AUTOGEN\@/autogen/" doc/Makefile.am autoreconf -fiv ++ boo1021353-ocserv-doc-racing-in-parallel-build.patch ++ Index: b/doc/Makefile.am === --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -10,12 +10,12 @@ ocserv.8: ../src/ocserv-args.def @AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl "$<".tmp && \ rm -f "$<".tmp -occtl.8: ../src/occtl/args.def +occtl.8: ../src/occtl/occtl-args.def -$(SED) 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \ @AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl "$<".tmp && \ rm -f "$<".tmp -ocpasswd.8: ../src/ocpasswd/args.def +ocpasswd.8: ../src/ocpasswd/ocpasswd-args.def -$(SED) 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \ @AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl "$<".tmp && \ rm -f "$<".tmp Index: b/src/occtl/Makefile.am === --- a/src/occtl/Makefile.am +++ b/src/occtl/Makefile.am @@ -5,7 +5,7 @@ AM_CPPFLAGS += -I$(srcdir)/../../gl/ -I$ $(LIBNL3_CFLAGS) $(LIBPROTOBUF_C_CFLAGS) $(LIBTALLOC_CFLAGS) \ -I$(srcdir)/../common/ -I$(builddir)/../common/ $(CODE_COVERAGE_CFLAGS) -EXTRA_DIST = args.def +EXTRA_DIST = occtl-args.def bin_PROGRAMS = occtl Index: b/src/occtl/args.def === --- a/src/occtl/args.def +++ /dev/null @@ -1,105 +0,0 @@ -AutoGen Definitions options; -prog-name = occtl; -prog-title= "OpenConnect VPN server control"; -prog-desc = "OpenConnect VPN server control."; -disable-save; -no-xlate = opt; -gnu-usage; -config-header = config.h; -long-opts; -no-misuse-usage; -short-usage = "Usage: occtl [options] [command]\nocctl --help for usage instructions.\n"; -explain = ""; -#include ../version.inc - -detail = "Openconnect VPN server control (occtl) is a tool to control -the ocserv VPN server."; - -copyright = { -date = "2014-2016"; -owner = "Red Hat"; -author = "Nikos Mavrogiannopoulos"; -eaddr = "openconnect-de...@lists.infradead.org"; -type = gplv2; -}; - -help-value= h; - -flag = { -name = socket-file; -value = s; -arg-type = file; -descrip = "Specify the server's occtl socket file"; -doc = "This option is only needed if you have multiple servers."; -}; - -flag = { -name = json; -value = j; -descrip = "Output will be JSON formatted"; -doc = "This option can only be used with non-interactive output, e.g., 'occtl --json show users'."; -}; - -flag = { -name = no-pager; -value