Accepting request 995041 from home:stawidy

- Update to version 1.1.6 * Fixed compatibility with clients on Windows ARM64. * Added futex() to the accepted list of seccomp. It is required by Fedora 36’s libc. * Work around change of returned error code in GnuTLS 3.7.3 for gnutls_privkey_import_x509_raw(). - Changes in version 1.1.5 * Fixed manpage output. - Changes in version 1.1.4 * Added newfstatat() and epoll_pwait() to the accepted list of seccomp calls. This improves compatibility with certain libcs and aarch64. * Do not allow assigning the same IPv6 as tun device address and to the client. This allows using /127 as prefix (#430). OBS-URL: https://build.opensuse.org/request/show/995041 OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=43
2022-08-14 14:54:59 +00:00 · 2022-08-14 14:54:59 +00:00 · 82e9a0ee9b
commit 82e9a0ee9b
parent 76ba281b0c
7 changed files with 35 additions and 15 deletions
--- a/ocserv-1.1.3.tar.xz
+++ b/ocserv-1.1.3.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1ab70c6e6ea36b613e8e171fc03b6081c4312a45ee52cc2959c068c27324107e
-size 833320
--- a/ocserv-1.1.3.tar.xz.sig
+++ b/ocserv-1.1.3.tar.xz.sig
--- a/ocserv-1.1.6.tar.xz
+++ b/ocserv-1.1.6.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6a6cbe92212e32280426a51c634adc3d4803579dd049cfdb7e014714cc82c693
+size 839744
--- a/ocserv-1.1.6.tar.xz.sig
+++ b/ocserv-1.1.6.tar.xz.sig
--- a/ocserv.changes
+++ b/ocserv.changes
@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Sun Aug 14 14:11:34 UTC 2022 - Michael Du <duyizhaozj321@yahoo.com>
+
+- Update to version 1.1.6
+  * Fixed compatibility with clients on Windows ARM64.
+  * Added futex() to the accepted list of seccomp. 
+    It is required by Fedora 36’s libc.
+  * Work around change of returned error code in GnuTLS 3.7.3 
+    for gnutls_privkey_import_x509_raw().
+
+- Changes in version 1.1.5
+  * Fixed manpage output.
+
+- Changes in version 1.1.4
+  * Added newfstatat() and epoll_pwait() to the accepted list of 
+    seccomp calls. This improves compatibility with certain libcs 
+    and aarch64.
+  * Do not allow assigning the same IPv6 as tun device address and 
+    to the client. This allows using /127 as prefix (#430).
+
 -------------------------------------------------------------------
 Mon Jun 20 07:49:38 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>

--- a/ocserv.config.patch
+++ b/ocserv.config.patch
@ -1,5 +1,5 @@
 diff --git a/doc/sample.config b/doc/sample.config
-index 6a677c9..1cd1d96 100644
+index 0e33484f..60ab3e93 100644
 --- a/doc/sample.config
 +++ b/doc/sample.config
@@ -48,7 +48,7 @@
@ -40,9 +40,9 @@ index 6a677c9..1cd1d96 100644
 -ca-cert = ../tests/certs/ca.pem
 +ca-cert = /etc/ocserv/certificates/ca-cert.pem
 
- 
- ### All configuration options below this line are reloaded on a SIGHUP.
-@@ -174,7 +174,7 @@ ca-cert = ../tests/certs/ca.pem
+ # The number of sub-processes to use for the security module (authentication)
+ # processes. Typically this should not be set as the number of processes
+@@ -180,7 +180,7 @@ ca-cert = ../tests/certs/ca.pem
 # the isolation was tested at. If you get random failures on worker processes, try
 # disabling that option and report the failures you, along with system and debugging
 # information at: https://gitlab.com/ocserv/ocserv/issues
@ -51,7 +51,7 @@ index 6a677c9..1cd1d96 100644
 
 # A banner to be displayed on clients after connection
 #banner = "Welcome"
-@@ -242,7 +242,7 @@ mobile-dpd = 1800
+@@ -249,7 +249,7 @@ mobile-dpd = 1800
 switch-to-tcp-timeout = 25
 
 # MTU discovery (DPD must be enabled)
@ -60,7 +60,7 @@ index 6a677c9..1cd1d96 100644
 
 # To enable load-balancer connection draining, set server-drain-ms to a value
 # higher than your load-balancer health probe interval.
-@@ -412,8 +412,8 @@ rekey-method = ssl
+@@ -415,8 +415,8 @@ rekey-method = ssl
 # STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes 
 # output from the tun device, and the duration of the session in seconds.
 
@ -71,8 +71,8 @@ index 6a677c9..1cd1d96 100644
 
 # This script is to be called when the client's advertised hostname becomes
 # available. It will contain REASON with "host-update" value and the
-@@ -491,7 +491,8 @@ ipv4-netmask = 255.255.255.0
- # The advertized DNS server. Use multiple lines for
+@@ -506,7 +506,8 @@ ipv4-netmask = 255.255.255.0
+ # The advertised DNS server. Use multiple lines for
 # multiple servers.
 # dns = fc00::4be0
 -dns = 192.168.1.2
@ -81,7 +81,7 @@ index 6a677c9..1cd1d96 100644
 
 # The NBNS server (if any)
 #nbns = 192.168.1.3
-@@ -530,8 +531,8 @@ ping-leases = false
+@@ -545,8 +546,8 @@ ping-leases = false
 # comment out all routes from the server, or use the special keyword
 # 'default'.
 
@ -92,7 +92,7 @@ index 6a677c9..1cd1d96 100644
 #route = fef4:db8:1000:1001::/64
 #route = default
 
-@@ -698,18 +699,18 @@ dtls-legacy = true
+@@ -719,18 +720,18 @@ client-bypass-protocol = false
 # An example virtual host with different authentication methods serviced
 # by this server.
 
@ -120,7 +120,7 @@ index 6a677c9..1cd1d96 100644
 -cert-user-oid = 0.9.2342.19200300.100.1.1
 +#cert-user-oid = 0.9.2342.19200300.100.1.1
 diff --git a/doc/systemd/socket-activated/ocserv.socket b/doc/systemd/socket-activated/ocserv.socket
-index 9444f19..a0ac362 100644
+index 9444f190..a0ac362a 100644
 --- a/doc/systemd/socket-activated/ocserv.socket
 +++ b/doc/systemd/socket-activated/ocserv.socket
@@ -2,8 +2,8 @@
--- a/ocserv.spec
+++ b/ocserv.spec
@ -17,7 +17,7 @@


 Name:           ocserv
-Version:        1.1.3
+Version:        1.1.6
 Release:        0
 Summary:        OpenConnect VPN Server
 License:        GPL-2.0-only