diff --git a/ocserv-0.12.3.tar.xz b/ocserv-0.12.3.tar.xz deleted file mode 100644 index 39ab94a..0000000 --- a/ocserv-0.12.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:42f8f459dae6f88862d4098997d8f5668d97439ec78beede3985f6ff24d91edd -size 683632 diff --git a/ocserv-1.0.1.tar.xz b/ocserv-1.0.1.tar.xz new file mode 100644 index 0000000..1171821 --- /dev/null +++ b/ocserv-1.0.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:59d9ef7a1aeb95ff6e762e2a0f231b3fae2ea420f68a1cf09d39a26395040f4b +size 787800 diff --git a/ocserv-1.0.1.tar.xz.sig b/ocserv-1.0.1.tar.xz.sig new file mode 100644 index 0000000..37af1a3 Binary files /dev/null and b/ocserv-1.0.1.tar.xz.sig differ diff --git a/ocserv.changes b/ocserv.changes index bf306cb..af487a3 100644 --- a/ocserv.changes +++ b/ocserv.changes @@ -1,3 +1,52 @@ +------------------------------------------------------------------- +Tue Apr 21 17:20:49 UTC 2020 - Martin Hauke + +- Add signature and keyring for source verification +- Build with support for maxminddb +- Build with support for OATH +- Update to version 1.0.1 + * Prevent clients that use broken versions of gnutls from + connecting using DTLS. + * occtl: added machine-readable fields in json output. + * occtl: IPs in ban list value is now reflecting the actual + banned IPs rather than the database size. +- Update to version 1.0.0 + * Avoid crash on invalid configuration values. + * Updated manpage generation to work with newer versions of ronn. + * Ensure scripts have all the information on all disconnection + types. + * Several updates to further restrict the control that worker + processes have on the main process. + * Add support for RFC6750 bearer tokens. This adds the "auth=oidc" + config option. See doc/README-oidc.md for more information. + * Add USER_AGENT, DEVICE_TYPE and DEVICE_PLATFORM environment + variables when connect/disconnect scripts execute. + * Corrected issue with DTLS-PSK negotiation which prevented it + from being enabled. + * Improved IPv6 handling of AnyConnect client for Apple ios. + * Fixed issue with Radius accounting. +- Update to version 0.12.6 + * Improved IPv6 support for anyconnect clients. + * The 'split-dns' configuration directive can be used per-user. + * The max-same-clients=1 configuration option no longer refuses + the reconnection of an already connected user. + * Added openat() to the accepted list of seccomp calls. This + allows ocserv to run under certain libcs. +- Update to version 0.12.5 + * Added configuration option udp-listen-host. This option + supports different listen addresses for tcp and udp such as + haproxy for tcp, but support dtls at the same time. + * occtl: fixed json output of show status command. Introduced + tests for checking its json output using yajl. + * occtl: use maxminddb when available. +- Update to version 0.12.4 + * Added support for radius access-challenge (multifactor) + authentication. + * Fixed race condition when connect-script and disconnect-script + are set, which could potentially cause a crash. + * Perform quicker cleanup of sessions which their user explicitly + disconnected. + ------------------------------------------------------------------- Thu Dec 19 14:56:10 UTC 2019 - Dominique Leuenberger diff --git a/ocserv.keyring b/ocserv.keyring new file mode 100644 index 0000000..0b255b8 --- /dev/null +++ b/ocserv.keyring @@ -0,0 +1,117 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGRBEgd5bQBDCDc8Z7h2Damx3Xm+kMFXMKHqVUdPOqvcFT0c1gnQ9LPw3JiswvB +dM3SBRb2LxtEAnXt0Bw8WBbcCF9s05h8xjCSLDmBwQ1EBEeTvUN18TgeM6t4rNTZ +NrXl5wRmvkAzdO+EOHWx2gDRApLbdkkBK21+M6HPhtqRiMWK6zd5bPmiiAKNRv0G +aC71qUpdNSrWVzB02s8+LUivwH+kUksMX2nXps7b6RPhQyFl6FSv0LsHDd3yxRrB +JIikUAsSnQbDSPws+Srq1VFLhaARiPF2tg7ag1n4qbbZiK3XOSjK3X+b2XkdZrWY +7orBke/J1cMv/9XnqtsE1P1EYcuPk34yxjz/E5+0vf8DlzQ86c2DHRCpr81XV3qD +tNeouQFLDI1kkpG6QTY3S2SPMUht8V8JxhqBzbjWZmKGUf1ISYI2p9FqtXF4rL2D +u1QLPQGLwqYaUvnGCYFxEMpnDcYheF6zOUtow527WgrJcATDXW/HCzidwi2+o/cU +bdCeYOiN28IMCOIBJZjLABEBAAG0KU5pa29zIE1hdnJvZ2lhbm5vcG91bG9zIDxu +bWF2QGdudXRscy5vcmc+iQHYBBMBCAA+FiEEH0JBiQXYIGqnVMzcKe5YuZaGUXEF +Al4XSloCGwMFCSWYBgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQKe5YuZaG +UXFSTwwfQytoBEKigUPJjHmVtmnGto5uqF2oR8x/uFYIn0wX2Pq+eyNQVhHlcWxg +J1XiifCcBYLlvUujLIBhk5/InEReMwGWUVtnI+EgEosw7Y3VK3u+GAIggDLhvWlN +vJspD/KTcQDq6psO8SQ30vM2CXK7q0q1TQk+cfiTYx+Pha8+xxaCkUTmDGuwQSvb ++KinsBJZngT7Wq99MAyPYT86ybd7EQz+WbxgDAwabqgcdmkdcQF6Cg4TJKNB90KQ +ZW9STisQeIE/+IGJIxt82Dqp6IOKtmCQhfgw+bW0M/Q9RVptoQeCzPtRKCiCk3zM +hldGWxZoQKiCejp0KzDbcciiPZ3FeW3eHgKTlSWfjlVXgDIoQ/byW7zoo4rm3j0e +fDJlsfRK6bi29J6yTLq9OyBk9hpCPmJcc6qe0TDvkzUGtrUd9CvbfWKCOiMLl2Ky +hS5BpKPfSziRDNqUwOZy1DpjNFqk3peHLsDfSgWOYfihVBpHGAqC6awpKi8rda+h +XiW5RT2KY+yatbQrTmlrb3MgTWF2cm9naWFubm9wb3Vsb3MgPG5tYXZAaHVzaG1h +aWwuY29tPokB2AQTAQgAPhYhBB9CQYkF2CBqp1TM3CnuWLmWhlFxBQJeF0pcAhsD +BQklmAYABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJECnuWLmWhlFx7A4MHi/V +IUQUQEeQprKxxNVuBN+2e87JzAAqyvOBRa1pfYnDpOmVVn2AKq2DTlWoEiAFRXTE +5tiJjxG4oHPoTiqUuIVxnoJwyVvPBsyaeX1CNRp9y+CxYCXsRAxTRzpzShsX36nk +Cax87NEIeBhzgun9iyqcKHqc3rRxXLQJgcM/7smC8+5YWXiuVNEILf9psyJJvyci +H7fexxKleAkCnTN9Nkb9r77Mz9RddaGetZztThSIO5Es3wzfXGoP4w5wrKxNsJ0g +Hki4xfDxdlPijUxjFsS1HHVABqzy2+J/0CKCafTroEKfaWC31HFYqoqEbpwNSJoE +38a63hxx0NlHPoVBDzrfQ7IXa9BGNSQ65QbfKNsMGQfexzXpC9r5DMReg7dKBB2Q +scTNYR83Y8k59domfxypDYUTdIk/pAp0IPiL+hpjX9gN6AOlRYo6X3JTRz893VLh +kH/kCWVTwQtaoORVCsj5kL3L0S2Dtqn3+9Ztit28f6Zs20nQcBDqQhdRHfvH7ZNU +4By0N05pa29zIE1hdnJvZ2lhbm5vcG91bG9zIDxuLm1hdnJvZ2lhbm5vcG91bG9z +QGdtYWlsLmNvbT6JAdgEEwEIAD4WIQQfQkGJBdggaqdUzNwp7li5loZRcQUCXhdK +XAIbAwUJJZgGAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAp7li5loZRcfyK +DB0TrmubgZfD38mRtbGBVshrqaD/uWK4xw4GFQI65Iy+gnp0lDAVeC/raz28nRzR +vcs+46Fr5Eg/eRzA8k4cYrMA5QvuJ0MBIdGT7jdGOMY/YChYayvPlbuPqFXIDkTp +pQkDLPob0YJbAev2rYxnadlMrKueHfMn+2+zFGXbhWWXzZywJ7lLif8ofXe5YOo8 +UQqbV/Eft3WnVmr7cMo5zzBk5u6dGcdh8/BtyoCnkLMY9KfVdE3aa+VBR2rVNFSk +9pOBsJaZtsN7ibOnwwUb40ZOuOtpHM+ZDM0n5caWSHt9zc+zrFrug+9B91dTnGVQ +1mDqjStxU2Gtclwepq95rOpaYJoq8aYePZa/5ymSHA8faMAx47SOfHDvh8Rhuf7K +pnPRghl0hDs16w9npvdv69uAU4qe2yZrEiY1WMxCdENiPoK+1KR2G+k5bIfnxYp7 +AcDlC/f34Ftidwe2yyC2wunVns/nv/IAFlgAvfGUVXjBiZhb63riocqueomX1Log +6tBF0RQ1uQENBEgd5i0BCAC/9nfIuUtQnpG3ldqumR6XsaWBYCO/BjSQjv31Nv+q +/5u82RP9vPD/SdQ29Dl8WPiG3KbiwHs8vo1geGgWaMtqwuXP8HxMCvXai1JCSRPD +m2wDIJEWTvvlcvTKAsNxXMfMm9EgTw5/Xq5JEjQ7kSjdyJgG8FUgx+OThweVJEQr +fGN2zLqL9p+D7kheqMY3EindaE4kPgNYFJQDDaS1vcyudeNcHKCJ1S5+uWPJS15Q +qguOcl+4PN26ezW73uPug6bXxC6JKCfCTWBlJBa5KjJQFz3JBofbvuyeU9n80rdo +Oik8fknv3m/W55JyBC3Okuv8t7tyoz7iS/fSGrrHtPNLABEBAAGJAsgEGAECAA8F +Akgd5i4CGwIFCRLMAwABKQkQKe5YuZaGUXHAXSAEGQECAAYFAkgd5i4ACgkQnV6q +9pATuEIxSAgAhmaI+89sebZC94mF1GtOuEFs8tpCbBw/RJhO6AAAPjlzSvY1m1TW +HlqCSrCPthJZ+Hb4Tzcf+PNbGd0YnU2kslFML4MY7tX1fjGi+xU8Z2xHFw7jR+E4 ++7QM1fOPVIcGWfXWwQkvTq74hH3WhSBbhYKEQmTbza8oRUcwjD6i9qH44CYDXy7V +CYPWyy+12lnwur0NEtSbJ5RW6ZuhvvrBsuz0cAuHiXdN7wdpJ9lYa7tgZUW6GWJM +NcJpTRQffYUslJKffyo2YEsD9VY9SlYzcSZ0+aFCxRm/eie+UNxGuSkOJ90Umkg1 +QlVuXadtVtlbTldm7k80IDviZAQzOk4Tg1RPDB9jXo31FlX0DeogAEksPjx2VUk1 +gQv9vD+x+HVmESsX0tWgh4G2rSkia7d/XclmEmHDws3y+T0YnvymQpPPfsl9iRZA +CTJCXIXSl1f3GOMRn5XkFQQ4BwQ6Tm7OL+65so1cRrJ9Y1NR4+/OlVrEYwFEIphi +pzx7MwMwaUinMMKjv3VS5BMkRbbqVUDgyu5i3pH9U2UjzYNjwn9+HJu6lyrT8a4M +jQakYZ+qDpIofnf6uOqAIOWRR2fyuOMgzF/7UjIIR5N5StpisXwgzfgNAIVTdqWK +ly/zT38XJqju2cJ1zYnyLIbsHYfE6A47rfUep9ja3RMBMRA8hm+N5ny3cUCTFrVN +X3S488YbzNRP6X/BRH+8K22oaVdAHoWYrpnblWZB/OzQnL2R89JwdAG0KnilSRAP +Ez3UeSus2uGlQJ+TwCshisV3sUS4uyFhHHvtzgInfOwCCAeLZuc16crGYQD2h0VX +sAdjT2RtAj1iVmUBLHPH8F+WPSJmtSaNlS/Fe9qobJKiuQENBEgd5mkBCADHDPwG +FZSRYZncDpMQfdpr9EYnUqLfN8Nixiut9TdaAIn9GDatlykj08x65r/5LonRxJcb +vfHwvvBnRfa4q/5kKAzTtY4AUGVIaNP0Dkrq9PBUwD9F3N9ouPStCfg4RoTzUruI +LQ0rQ2h89sGdpO4Gp4yJqNjj1+SfK6i/mLgGG8ibpA/B1bDdMHsDJVxbE6jT2Rua +T5FuxrMus4lq4NYSuPhIEUQ1uQsKF/lX3E9DtyOi9LLkCui2+F35XzX/6/JG4MU4 +0Z7jmPe3aqR3GT2Vxk5HnVN2yI/hn2FPqoGtnR2FR6k1lrdMKcFG2StcaJW7ukY2 +Yt0/SHpad5hJP7nJABEBAAGJAakEGAECAA8FAkgd5mkCGwwFCRLMAwAACgkQKe5Y +uZaGUXF4JAwgrepkeOv9HYK+vr0bloTgJ/kWUeXZvhbFX0eMxCFaktaYIglWE5WP +qcyf1U3IXa0YxKoFa6t6mYeRzUI7kTTzQLbiG2KjnLXBqDzMHZP/s9T2UUuq3RSB +nf2aedbfAu9HDpts9VHyv1oJnpkOY2OjM/1OYOlE3s45pE9wBZWxRVnVBbcE3hb4 +2yr5kBKLEzlaDqhcxj2wpZu+ALmoYOs3gmtXout0GVMZlxTWFQldh9FmWXhsd/9E +Q9p1bczt1hapalhQSKgwzRpkZtsM/8WE9nC3aF4iTmU/DzIt/rCFJ7+saAc3KFQM +RPWEgpJ/XWx9OZmDes8U3LvfJ/RWzb0JNw7at3axQzoaEOS5Hcyon60VuG2SB8Au +Iq8L3CGOHwnruKnZLPBCrqo8JavRsBI0r5RIB9Kg7M2QVc2Zs1R/UNxrZ/07vjzD +EV5TmvSOWDVKug+yLclkeDj6Q1wL39vlvtgGu+KOYsyHHIFLLFg2v5gRlEG+TJvw +my+mLoYj82eDq0dfoLkBDQRaeUDpAQgAsNl4EliTztpzahvKFW5UGbdFZ0IfumlC +CyuIKW6Tl8k5IqCmupVab74CgQarThH6I0zLGj+rFWOsl8ioak+VhoTt5HfoTzIv +eIU5mrLcL+hgSLfmsofNJG/zUNcTDy+oJPFCEMEbFbzArwYTkJbtK7lC9bc0nCVZ +PVwWkFLjK2FB0gObZlfVzrHMh07O3OZnDEmt4DPHuUxy5jttD2XyOQvc5xZFhQZC +MuO81dc+wuoDhu37vGuV0pDHEknLNjQdY0JHgzNJYDRdaeI8q6jF5XH1067ftyzF +uhMoFH2aNe3pm6Ns9IfQo51AYZYvwjYzBfHnK+BA+wRyQoPcA/jMuQARAQABiQL2 +BBgBCAAmFiEEH0JBiQXYIGqnVMzcKe5YuZaGUXEFAlp5QOkCGwIFCRLMAwABQAkQ +Ke5YuZaGUXHAdCAEGQEIAB0WIQRZ+7Vcp/OoqwxQN3PYHEiH8WeaZQUCWnlA6QAK +CRDYHEiH8WeaZTZrB/4ofixTAgSc3vlTSDsTu5v9oP3FvHYcJ0KqAr4hS5qxviul +TXdCkqL4/KhvsqVXgKLj64nD1y+VRuR5soVZ1u7JQTVd9jjERlI1NH4cvpukTq+5 +G5bF/+7iBPAHSGaTcVndZHXxn69Q7bnliz7+rTnkYtuldk5g032W11wnwatCrKC2 +Z+QYqbhC/sMGVbxSGP1tkWqXoCJ5Mh8Bdit8+4qafd+wHbOOLNLHGYUKBoeRUwR0 +7N8YhH7eJxfVV0sBLDLngtO5T06VjQsVeUJuLqhtoU/oz5ellCIvzipRzgRNWyUN +cuIS5Wi1C6tO+Eatw94+eSbLom5M57EyGyJiRo3t2BUMIIW8xNuGy/YTGRFT7l2c +71SWHjY50DbNl+JCjyAOitLtEGLtHJJtxv9AmmlHJ+CLDw0Ctm2j3xgk2KbkeHQK +pai8d8Fee4rzsVU9WanUX8hg7yv3IXEdFpIJaNMKkeedmCrTMPrhz1TthyJSBbLN +8tKrLdv5IPOvGQIrJdsaVByZFDuxbNSKqonVvVYDxA+xM76E+8AuRlBcYtzyblXI +wIUa+kkGdhBQGp0hBdAqYKq4iFWRVlqy44M7Xt8RUk1yu9u2+c+BcitOnlqYOImO +p2THhjNGeLi7GDqtwizGNSEz1p76vOUErvcwR7DNyVcyuYrD/HVV4Qp16Njy0hnH +A67NB23CB7IN5tyJ8GsRHb/wPd/78tJedeJUJ5LO6FdbvNV2SdFzKYfUVGmWcAPM +5sgB02UG6/Hphag092gfOnqeArAWg3pk6NWysWC6pBZWRNMvExnRf3kHIAn4j3su +UohuPhr7nKIEoUtIbB6IorGj9shVi91hIcYiM9mFvkUJ5cp81a+5AQ0EWnlBCgEI +ALVO9ZzEdre381rsxAr9JLM1uCrb00t1PrYlfrG1uaYCnx1MpRE+kRZsr94WhZcc +N6hzjdU50LnKx5ZKZkrqQ9oQf9cl+ZzNIasc8+bopJyXy7cVvOMZlojsqxQLHDD/ +w9IZTLnnGtSjpF0jpAg+g9dPimEhG9o9+fhQxxzAzh22aIbqFKW2CwV6NsNbQ5i6 +UmIWWkz+CQ0Me5xJXz7G7EdBtNeGEQ6bi1AthaxW1fMGLqujL6dSS4QVYMOdqXYS +gnboI6CZJqJgvDYSuQJrmOWtHziUP7cMHQVirePvsnc/vpZ5lNoGml0kMlEsDwwo +3nPvxQdXNGSezt3rXlq0Ot0AEQEAAYkBwAQYAQgAJhYhBB9CQYkF2CBqp1TM3Cnu +WLmWhlFxBQJaeUEKAhsMBQkSzAMAAAoJECnuWLmWhlFxRecMHix2Ljo9c4jinJwy +zWXad5EWbI1pck1I9wrq69HXJiW18O1luWWF+fBOHFWCEh/ucceH0V65ES4G4TdH +F0R7QRA8jbSJ25KjKhvWghBou6JLYDvRcY/Aogqt57BBnsFlMIxVsT8OiI5zWsW6 +kaDTACVbRTlKWXzcACg68eYVE0oi+Pfdfcmtw0gu6TRDMwFuQ3xHxET+WrxOqmRY +2DFQ8VRSHpGaAieKQiKLU3mVnLD9zXiY8U7ZgO1MWVKtyVFcxgor0kYBakMihKw0 +5uBg6ubkGj2l1kmmHrfEjakyG7C4BW3JW9XngEbOGb7P1cICe7lOuZw/BQxvYdv/ +Q6w4cKBXAKFFOu2kWPIQ0xdCQt0ENguDS1W721k2MYJs+u4fNjhqMO+SDMEdwwMe +Ex2FwjqXlukICekdhEE8tEzy/0VhsYT3tP2D9K7XDhmdmM+iKZ7Ql6IIHyk8Kd+W +3EWGQ2clDsYJWHvC6y7KAH2onmxM2h6VDGm82/j5F/jhskwdrGfOLnE= +=GCTz +-----END PGP PUBLIC KEY BLOCK----- diff --git a/ocserv.spec b/ocserv.spec index 15500d4..34c4f1b 100644 --- a/ocserv.spec +++ b/ocserv.spec @@ -1,7 +1,7 @@ # # spec file for package ocserv # -# Copyright (c) 2019 SUSE LLC +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,17 +17,15 @@ Name: ocserv -Version: 0.12.3 +Version: 1.0.1 Release: 0 Summary: OpenConnect VPN Server License: GPL-2.0-only Group: Productivity/Networking/Security URL: http://www.infradead.org/ocserv -#Source: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz -# released tarball has some problem, check out same thing from git -# git clone https://gitlab.com/ocserv/ocserv -# git checkout -b fce7610a -Source: %{name}-%{version}.tar.xz +Source: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz +Source100: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig +Source101: %{name}.keyring Source1: ca.tmpl Source2: server.tmpl Source3: user.tmpl @@ -49,6 +47,7 @@ BuildRequires: freeradius-client-devel BuildRequires: gperf BuildRequires: libev-devel BuildRequires: libgnutls-devel >= 3.1.10 +BuildRequires: libmaxminddb-devel BuildRequires: libnl3-devel BuildRequires: libprotobuf-c-devel BuildRequires: libseccomp-devel @@ -58,6 +57,7 @@ BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: protobuf-c BuildRequires: readline-devel +BuildRequires: pkgconfig(liboath) BuildRequires: pkgconfig(libsystemd) BuildRequires: rubygem(ronn) # /usr/bin/certtool for generating certificates