From 82e9a0ee9bb471127317bfe4a69357993e0d74dbc5b507a696e86e59c07a9ef5 Mon Sep 17 00:00:00 2001
From: Michael Du <duyizhaozj321@yahoo.com>
Date: Sun, 14 Aug 2022 14:54:59 +0000
Subject: [PATCH] Accepting request 995041 from home:stawidy
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Update to version 1.1.6
  * Fixed compatibility with clients on Windows ARM64.
  * Added futex() to the accepted list of seccomp.
    It is required by Fedora 36’s libc.
  * Work around change of returned error code in GnuTLS 3.7.3
    for gnutls_privkey_import_x509_raw().
- Changes in version 1.1.5
  * Fixed manpage output.
- Changes in version 1.1.4
  * Added newfstatat() and epoll_pwait() to the accepted list of
    seccomp calls. This improves compatibility with certain libcs
    and aarch64.
  * Do not allow assigning the same IPv6 as tun device address and
    to the client. This allows using /127 as prefix (#430).

OBS-URL: https://build.opensuse.org/request/show/995041
OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=43
---
 ocserv-1.1.3.tar.xz     |   3 ---
 ocserv-1.1.3.tar.xz.sig | Bin 442 -> 0 bytes
 ocserv-1.1.6.tar.xz     |   3 +++
 ocserv-1.1.6.tar.xz.sig | Bin 0 -> 442 bytes
 ocserv.changes          |  20 ++++++++++++++++++++
 ocserv.config.patch     |  22 +++++++++++-----------
 ocserv.spec             |   2 +-
 7 files changed, 35 insertions(+), 15 deletions(-)
 delete mode 100644 ocserv-1.1.3.tar.xz
 delete mode 100644 ocserv-1.1.3.tar.xz.sig
 create mode 100644 ocserv-1.1.6.tar.xz
 create mode 100644 ocserv-1.1.6.tar.xz.sig

diff --git a/ocserv-1.1.3.tar.xz b/ocserv-1.1.3.tar.xz
deleted file mode 100644
index 93f66c9..0000000
--- a/ocserv-1.1.3.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1ab70c6e6ea36b613e8e171fc03b6081c4312a45ee52cc2959c068c27324107e
-size 833320
diff --git a/ocserv-1.1.3.tar.xz.sig b/ocserv-1.1.3.tar.xz.sig
deleted file mode 100644
index 1c60e628f3584466138a09f3fd10652adf1091f43de6f82d8858db61f0cf4816..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 442
zcmV;r0Y(0a0k;GI0SW*e79j*5LP3cI*dS`BRLtBd?pV2&hEZ_^0${f$r~nEH5Gn3h
zxt4}eaaVo}A85JzU!QdfNUbU^D##7dEWIxsZ;p(~0i*iC6iKoR)i_p~c-v%6L*isd
z905)v4W888AoJNGvJ|q8j$?ap6hq0f`}rA1_GfgQpjxGTTRn^h&Zd*leTy6?XR*kr
z9!OWqcwDQRUPPOyah^+OpMB{PDoIQ=YTXUJXuuAWE{jCF;fU&E1jc2b&dy1z&o=qb
zU<TdB_u(W)G^DS#XO68`ee4qbPFJY9h9XL&7oKIVk@_c{wP&<9&r;EQF=ZaZ+i`~y
z4nfR)(G8$gI;MgRp5HL4oxUMOi7LW0^uxDGGTX&lP0XojA^%<sFB;77G|KS{mqR`)
zV7O3AOmq15x|djc4f1Z$WlAu{<YXcfb7)JgdQhtluI0h1OgB?^MrD?bDQ|QzzH4<T
zw}Q^Unt-jwXNPMxn(51ag~{OoJsX@;{RM?uLHGn32>8Y?!ilj^u6(9|F3I)Ld^rjf
k#DYUVC+zpRyU|hY5BV3(ha$<#35On<FC`W)O)R#9z;Rv9H~;_u

diff --git a/ocserv-1.1.6.tar.xz b/ocserv-1.1.6.tar.xz
new file mode 100644
index 0000000..f886200
--- /dev/null
+++ b/ocserv-1.1.6.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6a6cbe92212e32280426a51c634adc3d4803579dd049cfdb7e014714cc82c693
+size 839744
diff --git a/ocserv-1.1.6.tar.xz.sig b/ocserv-1.1.6.tar.xz.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..c06d1efb208bdebaa8646cf565e792ffbdb975628126206e538c5ba32f5a22c3
GIT binary patch
literal 442
zcmV;r0Y(0a0k;GI0SW*e79j*5LP3cI*dS`BRLtBd?pV2&hEZ_^0%8sYyZ{Ob5Gn3h
zxt4}eap=<wA67^J-zYhsdV0LNl7no;%-F~X_mF<OURyQvsPGKD**?bI>OT<=c$%YF
zX2K?Hz-&d;Y*V`r)$CeWW#$)_X8vbZNO5|B^upx2WF>YaVa14CoUMx@ZL~@0p?y@P
z7Gkl-0yTcry+Dqn##u<L=LXMcA^sC^<8+Q(Lcr(htgCMO-$h>=xn5bFxKat<dBC5S
zprLFfEU+U|$}?`D_S$!Lk9DaRpKZRUGqDIyz?#ZYci($%zMJ<5&I8=Np}nA|^6~{o
zMnQc5nWiO1jE_B<hF{HN_|`aa*)%>tb7&xtY=tLB2cgFBA!n+>fbvshNXFBPRMp+%
zv6IMU4XSA0VHDUL={JDtL#aOU`qKmkZ}Wy+j2tTvlwMc*gCdoBuw$Z209&zq7J`nV
z*deZ2Iz`@z5(5b}(2t>mA$VuWGtPN`SH%l~_{&9<(KPFrA^;B}BdT)$X=DnygL#`u
kWtQ8tlC;6PS%~EAxln+5JIlp~rsGN7stBLXREr4-aaZcrkpKVy

literal 0
HcmV?d00001

diff --git a/ocserv.changes b/ocserv.changes
index 04f9ee7..c324303 100644
--- a/ocserv.changes
+++ b/ocserv.changes
@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Sun Aug 14 14:11:34 UTC 2022 - Michael Du <duyizhaozj321@yahoo.com>
+
+- Update to version 1.1.6
+  * Fixed compatibility with clients on Windows ARM64.
+  * Added futex() to the accepted list of seccomp. 
+    It is required by Fedora 36’s libc.
+  * Work around change of returned error code in GnuTLS 3.7.3 
+    for gnutls_privkey_import_x509_raw().
+
+- Changes in version 1.1.5
+  * Fixed manpage output.
+
+- Changes in version 1.1.4
+  * Added newfstatat() and epoll_pwait() to the accepted list of 
+    seccomp calls. This improves compatibility with certain libcs 
+    and aarch64.
+  * Do not allow assigning the same IPv6 as tun device address and 
+    to the client. This allows using /127 as prefix (#430).
+
 -------------------------------------------------------------------
 Mon Jun 20 07:49:38 UTC 2022 - Dominique Leuenberger <dimstar@opensuse.org>
 
diff --git a/ocserv.config.patch b/ocserv.config.patch
index 039d934..838b239 100644
--- a/ocserv.config.patch
+++ b/ocserv.config.patch
@@ -1,5 +1,5 @@
 diff --git a/doc/sample.config b/doc/sample.config
-index 6a677c9..1cd1d96 100644
+index 0e33484f..60ab3e93 100644
 --- a/doc/sample.config
 +++ b/doc/sample.config
 @@ -48,7 +48,7 @@
@@ -40,9 +40,9 @@ index 6a677c9..1cd1d96 100644
 -ca-cert = ../tests/certs/ca.pem
 +ca-cert = /etc/ocserv/certificates/ca-cert.pem
  
- 
- ### All configuration options below this line are reloaded on a SIGHUP.
-@@ -174,7 +174,7 @@ ca-cert = ../tests/certs/ca.pem
+ # The number of sub-processes to use for the security module (authentication)
+ # processes. Typically this should not be set as the number of processes
+@@ -180,7 +180,7 @@ ca-cert = ../tests/certs/ca.pem
  # the isolation was tested at. If you get random failures on worker processes, try
  # disabling that option and report the failures you, along with system and debugging
  # information at: https://gitlab.com/ocserv/ocserv/issues
@@ -51,7 +51,7 @@ index 6a677c9..1cd1d96 100644
  
  # A banner to be displayed on clients after connection
  #banner = "Welcome"
-@@ -242,7 +242,7 @@ mobile-dpd = 1800
+@@ -249,7 +249,7 @@ mobile-dpd = 1800
  switch-to-tcp-timeout = 25
  
  # MTU discovery (DPD must be enabled)
@@ -60,7 +60,7 @@ index 6a677c9..1cd1d96 100644
  
  # To enable load-balancer connection draining, set server-drain-ms to a value
  # higher than your load-balancer health probe interval.
-@@ -412,8 +412,8 @@ rekey-method = ssl
+@@ -415,8 +415,8 @@ rekey-method = ssl
  # STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes 
  # output from the tun device, and the duration of the session in seconds.
  
@@ -71,8 +71,8 @@ index 6a677c9..1cd1d96 100644
  
  # This script is to be called when the client's advertised hostname becomes
  # available. It will contain REASON with "host-update" value and the
-@@ -491,7 +491,8 @@ ipv4-netmask = 255.255.255.0
- # The advertized DNS server. Use multiple lines for
+@@ -506,7 +506,8 @@ ipv4-netmask = 255.255.255.0
+ # The advertised DNS server. Use multiple lines for
  # multiple servers.
  # dns = fc00::4be0
 -dns = 192.168.1.2
@@ -81,7 +81,7 @@ index 6a677c9..1cd1d96 100644
  
  # The NBNS server (if any)
  #nbns = 192.168.1.3
-@@ -530,8 +531,8 @@ ping-leases = false
+@@ -545,8 +546,8 @@ ping-leases = false
  # comment out all routes from the server, or use the special keyword
  # 'default'.
  
@@ -92,7 +92,7 @@ index 6a677c9..1cd1d96 100644
  #route = fef4:db8:1000:1001::/64
  #route = default
  
-@@ -698,18 +699,18 @@ dtls-legacy = true
+@@ -719,18 +720,18 @@ client-bypass-protocol = false
  # An example virtual host with different authentication methods serviced
  # by this server.
  
@@ -120,7 +120,7 @@ index 6a677c9..1cd1d96 100644
 -cert-user-oid = 0.9.2342.19200300.100.1.1
 +#cert-user-oid = 0.9.2342.19200300.100.1.1
 diff --git a/doc/systemd/socket-activated/ocserv.socket b/doc/systemd/socket-activated/ocserv.socket
-index 9444f19..a0ac362 100644
+index 9444f190..a0ac362a 100644
 --- a/doc/systemd/socket-activated/ocserv.socket
 +++ b/doc/systemd/socket-activated/ocserv.socket
 @@ -2,8 +2,8 @@
diff --git a/ocserv.spec b/ocserv.spec
index 4a03cb6..0ac84f2 100644
--- a/ocserv.spec
+++ b/ocserv.spec
@@ -17,7 +17,7 @@
 
 
 Name:           ocserv
-Version:        1.1.3
+Version:        1.1.6
 Release:        0
 Summary:        OpenConnect VPN Server
 License:        GPL-2.0-only