Accepting request 995041 from home:stawidy

- Update to version 1.1.6
  * Fixed compatibility with clients on Windows ARM64.
  * Added futex() to the accepted list of seccomp. 
    It is required by Fedora 36’s libc.
  * Work around change of returned error code in GnuTLS 3.7.3 
    for gnutls_privkey_import_x509_raw().
- Changes in version 1.1.5
  * Fixed manpage output.
- Changes in version 1.1.4
  * Added newfstatat() and epoll_pwait() to the accepted list of 
    seccomp calls. This improves compatibility with certain libcs 
    and aarch64.
  * Do not allow assigning the same IPv6 as tun device address and 
    to the client. This allows using /127 as prefix (#430).

OBS-URL: https://build.opensuse.org/request/show/995041
OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=43
This commit is contained in:
Michael Du 2022-08-14 14:54:59 +00:00 committed by Git OBS Bridge
parent 76ba281b0c
commit 82e9a0ee9b
7 changed files with 35 additions and 15 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1ab70c6e6ea36b613e8e171fc03b6081c4312a45ee52cc2959c068c27324107e
size 833320

Binary file not shown.

3
ocserv-1.1.6.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:6a6cbe92212e32280426a51c634adc3d4803579dd049cfdb7e014714cc82c693
size 839744

BIN
ocserv-1.1.6.tar.xz.sig Normal file

Binary file not shown.

View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Sun Aug 14 14:11:34 UTC 2022 - Michael Du <duyizhaozj321@yahoo.com>
- Update to version 1.1.6
* Fixed compatibility with clients on Windows ARM64.
* Added futex() to the accepted list of seccomp.
It is required by Fedora 36s libc.
* Work around change of returned error code in GnuTLS 3.7.3
for gnutls_privkey_import_x509_raw().
- Changes in version 1.1.5
* Fixed manpage output.
- Changes in version 1.1.4
* Added newfstatat() and epoll_pwait() to the accepted list of
seccomp calls. This improves compatibility with certain libcs
and aarch64.
* Do not allow assigning the same IPv6 as tun device address and
to the client. This allows using /127 as prefix (#430).
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jun 20 07:49:38 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org> Mon Jun 20 07:49:38 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>

View File

@ -1,5 +1,5 @@
diff --git a/doc/sample.config b/doc/sample.config diff --git a/doc/sample.config b/doc/sample.config
index 6a677c9..1cd1d96 100644 index 0e33484f..60ab3e93 100644
--- a/doc/sample.config --- a/doc/sample.config
+++ b/doc/sample.config +++ b/doc/sample.config
@@ -48,7 +48,7 @@ @@ -48,7 +48,7 @@
@ -40,9 +40,9 @@ index 6a677c9..1cd1d96 100644
-ca-cert = ../tests/certs/ca.pem -ca-cert = ../tests/certs/ca.pem
+ca-cert = /etc/ocserv/certificates/ca-cert.pem +ca-cert = /etc/ocserv/certificates/ca-cert.pem
# The number of sub-processes to use for the security module (authentication)
### All configuration options below this line are reloaded on a SIGHUP. # processes. Typically this should not be set as the number of processes
@@ -174,7 +174,7 @@ ca-cert = ../tests/certs/ca.pem @@ -180,7 +180,7 @@ ca-cert = ../tests/certs/ca.pem
# the isolation was tested at. If you get random failures on worker processes, try # the isolation was tested at. If you get random failures on worker processes, try
# disabling that option and report the failures you, along with system and debugging # disabling that option and report the failures you, along with system and debugging
# information at: https://gitlab.com/ocserv/ocserv/issues # information at: https://gitlab.com/ocserv/ocserv/issues
@ -51,7 +51,7 @@ index 6a677c9..1cd1d96 100644
# A banner to be displayed on clients after connection # A banner to be displayed on clients after connection
#banner = "Welcome" #banner = "Welcome"
@@ -242,7 +242,7 @@ mobile-dpd = 1800 @@ -249,7 +249,7 @@ mobile-dpd = 1800
switch-to-tcp-timeout = 25 switch-to-tcp-timeout = 25
# MTU discovery (DPD must be enabled) # MTU discovery (DPD must be enabled)
@ -60,7 +60,7 @@ index 6a677c9..1cd1d96 100644
# To enable load-balancer connection draining, set server-drain-ms to a value # To enable load-balancer connection draining, set server-drain-ms to a value
# higher than your load-balancer health probe interval. # higher than your load-balancer health probe interval.
@@ -412,8 +412,8 @@ rekey-method = ssl @@ -415,8 +415,8 @@ rekey-method = ssl
# STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes # STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes
# output from the tun device, and the duration of the session in seconds. # output from the tun device, and the duration of the session in seconds.
@ -71,8 +71,8 @@ index 6a677c9..1cd1d96 100644
# This script is to be called when the client's advertised hostname becomes # This script is to be called when the client's advertised hostname becomes
# available. It will contain REASON with "host-update" value and the # available. It will contain REASON with "host-update" value and the
@@ -491,7 +491,8 @@ ipv4-netmask = 255.255.255.0 @@ -506,7 +506,8 @@ ipv4-netmask = 255.255.255.0
# The advertized DNS server. Use multiple lines for # The advertised DNS server. Use multiple lines for
# multiple servers. # multiple servers.
# dns = fc00::4be0 # dns = fc00::4be0
-dns = 192.168.1.2 -dns = 192.168.1.2
@ -81,7 +81,7 @@ index 6a677c9..1cd1d96 100644
# The NBNS server (if any) # The NBNS server (if any)
#nbns = 192.168.1.3 #nbns = 192.168.1.3
@@ -530,8 +531,8 @@ ping-leases = false @@ -545,8 +546,8 @@ ping-leases = false
# comment out all routes from the server, or use the special keyword # comment out all routes from the server, or use the special keyword
# 'default'. # 'default'.
@ -92,7 +92,7 @@ index 6a677c9..1cd1d96 100644
#route = fef4:db8:1000:1001::/64 #route = fef4:db8:1000:1001::/64
#route = default #route = default
@@ -698,18 +699,18 @@ dtls-legacy = true @@ -719,18 +720,18 @@ client-bypass-protocol = false
# An example virtual host with different authentication methods serviced # An example virtual host with different authentication methods serviced
# by this server. # by this server.
@ -120,7 +120,7 @@ index 6a677c9..1cd1d96 100644
-cert-user-oid = 0.9.2342.19200300.100.1.1 -cert-user-oid = 0.9.2342.19200300.100.1.1
+#cert-user-oid = 0.9.2342.19200300.100.1.1 +#cert-user-oid = 0.9.2342.19200300.100.1.1
diff --git a/doc/systemd/socket-activated/ocserv.socket b/doc/systemd/socket-activated/ocserv.socket diff --git a/doc/systemd/socket-activated/ocserv.socket b/doc/systemd/socket-activated/ocserv.socket
index 9444f19..a0ac362 100644 index 9444f190..a0ac362a 100644
--- a/doc/systemd/socket-activated/ocserv.socket --- a/doc/systemd/socket-activated/ocserv.socket
+++ b/doc/systemd/socket-activated/ocserv.socket +++ b/doc/systemd/socket-activated/ocserv.socket
@@ -2,8 +2,8 @@ @@ -2,8 +2,8 @@

View File

@ -17,7 +17,7 @@
Name: ocserv Name: ocserv
Version: 1.1.3 Version: 1.1.6
Release: 0 Release: 0
Summary: OpenConnect VPN Server Summary: OpenConnect VPN Server
License: GPL-2.0-only License: GPL-2.0-only