Accepting request 447316 from network:vpn

1

OBS-URL: https://build.opensuse.org/request/show/447316
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ocserv?expand=0&rev=2

ocserv-0.10.11.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ba607ecc377d62e66cecaca73154c97e2ef6609e932250aad2906af46c1f785c
-size 730128

ocserv-0.11.6.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:93203b344644f1a97ae7ca3cf08853c3f9793a1555e85366e16c425b8d65151e
+size 567552

ocserv.changes

@@ -1,3 +1,23 @@
+-------------------------------------------------------------------
+Wed Dec 21 10:59:26 UTC 2016 - i@marguerite.su
+
+- update version 0.11.6
+  * cserv: Improved detection of mobile clients
+  * ocserv: Update the worker's ID on Radius accounting messages.
+    That is, even if we initially advertize the ID of the worker
+    handling the client as NAS-Port, the client may eventually end-up
+    being served by another process with different ID. In that case we make
+    sure that the radius server is notified on the next accounting message.
+    If you are using radius see doc/README.radius.md about NAS-Port, since
+    that behavior may cause issues in freeradius installations.
+  * ocserv: Added config option 'switch-to-tcp-timeout'. That allows an
+    automatic switch to TCP in case of no received UDP traffic for
+    certain time
+  * ocserv: Pre-load the OCSP response file; that way worker processes can
+    serve it, even if they have no access to it.
+  * ocserv: When compiled with GnuTLS 3.5.6 automatically set DH
+    parameters from the known set.
+
 -------------------------------------------------------------------
 Fri Feb 12 14:10:54 UTC 2016 - i@marguerite.su
 

ocserv.config.patch

@@ -1,8 +1,8 @@
-Index: ocserv-0.10.9/doc/sample.config
+Index: b/doc/sample.config
 ===================================================================
---- ocserv-0.10.9.orig/doc/sample.config
+--- a/doc/sample.config
-+++ ocserv-0.10.9/doc/sample.config
++++ b/doc/sample.config
-@@ -39,7 +39,7 @@
+@@ -41,7 +41,7 @@
  #auth = "pam"
  #auth = "pam[gid-min=1000]"
  #auth = "plain[passwd=./sample.passwd,otp=./sample.otp]"
@@ -11,7 +11,7 @@ Index: ocserv-0.10.9/doc/sample.config
  #auth = "certificate"
  #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]"
  
-@@ -72,8 +72,8 @@ auth = "plain[passwd=./sample.passwd]"
+@@ -74,8 +74,8 @@ auth = "plain[passwd=./sample.passwd]"
  #listen-host-is-dyndns = true
  
  # TCP and UDP port number
@@ -22,36 +22,36 @@ Index: ocserv-0.10.9/doc/sample.config
  
  # Accept connections using a socket file. It accepts HTTP
  # connections (i.e., without SSL/TLS unlike its TCP counterpart),
-@@ -108,8 +108,8 @@ socket-file = /var/run/ocserv-socket
+@@ -110,8 +110,8 @@ socket-file = /var/run/ocserv-socket
  #
  # There may be multiple server-cert and server-key directives,
  # but each key should correspond to the preceding certificate.
--server-cert = ../tests/server-cert.pem
+-server-cert = ../tests/certs/server-cert.pem
--server-key = ../tests/server-key.pem
+-server-key = ../tests/certs/server-key.pem
 +server-cert = /etc/ocserv/certificates/server-cert.pem
 +server-key = /etc/ocserv/certificates/server-key.pem
  
  # Diffie-Hellman parameters. Only needed if you require support
  # for the DHE ciphersuites (by default this server supports ECDHE).
-@@ -135,7 +135,7 @@ server-key = ../tests/server-key.pem
+@@ -137,7 +137,7 @@ server-key = ../tests/certs/server-key.p
  # The Certificate Authority that will be used to verify
  # client certificates (public keys) if certificate authentication
  # is set.
--ca-cert = ../tests/ca.pem
+-ca-cert = ../tests/certs/ca.pem
 +ca-cert = /etc/ocserv/certificates/ca-cert.pem
  
  
  ### All configuration options below this line are reloaded on a SIGHUP.
-@@ -145,7 +145,7 @@ ca-cert = ../tests/ca.pem
+@@ -157,7 +157,7 @@ ca-cert = ../tests/certs/ca.pem
- # system calls allowed to a worker process, in order to reduce damage from a
+ # the isolation was tested at. If you get random failures on worker processes, try
- # bug in the worker process. It is available on Linux systems at a performance cost.
+ # disabling that option and report the failures you, along with system and debugging
- # The performance cost is roughly 2% overhead at transfer time (tested on a Linux 3.17.8).
+ # information at: https://gitlab.com/ocserv/ocserv/issues
 -isolate-workers = true
 +isolate-workers = false
  
  # A banner to be displayed on clients
  #banner = "Welcome"
-@@ -197,7 +197,7 @@ dpd = 90
+@@ -204,7 +204,7 @@ dpd = 90
  mobile-dpd = 1800
  
  # MTU discovery (DPD must be enabled)
@@ -60,7 +60,7 @@ Index: ocserv-0.10.9/doc/sample.config
  
  # If you have a certificate from a CA that provides an OCSP
  # service you may provide a fresh OCSP status response within
-@@ -341,8 +341,8 @@ rekey-method = ssl
+@@ -362,8 +362,8 @@ rekey-method = ssl
  # STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes 
  # output from the tun device, and the duration of the session in seconds.
  
@@ -71,16 +71,17 @@ Index: ocserv-0.10.9/doc/sample.config
  
  # UTMP
  # Register the connected clients to utmp. This will allow viewing
-@@ -401,7 +401,7 @@ ipv4-netmask = 255.255.255.0
+@@ -433,7 +433,8 @@ ipv4-netmask = 255.255.255.0
  # The advertized DNS server. Use multiple lines for
  # multiple servers.
  # dns = fc00::4be0
 -dns = 192.168.1.2
 +dns = 8.8.8.8
++dns = 8.8.4.4
  
  # The NBNS server (if any)
  #nbns = 192.168.1.3
-@@ -438,8 +438,8 @@ ping-leases = false
+@@ -472,8 +473,8 @@ ping-leases = false
  # comment out all routes from the server, or use the special keyword
  # 'default'.
  
@@ -89,12 +90,12 @@ Index: ocserv-0.10.9/doc/sample.config
 +#route = 10.10.10.0/255.255.255.0
 +#route = 192.168.0.0/255.255.0.0
  #route = fef4:db8:1000:1001::/64
+ #route = default
  
- # Subsets of the routes above that will not be routed by
+Index: b/doc/systemd/socket-activated/ocserv.socket
-Index: ocserv-0.10.9/doc/systemd/socket-activated/ocserv.socket
 ===================================================================
---- ocserv-0.10.9.orig/doc/systemd/socket-activated/ocserv.socket
+--- a/doc/systemd/socket-activated/ocserv.socket
-+++ ocserv-0.10.9/doc/systemd/socket-activated/ocserv.socket
++++ b/doc/systemd/socket-activated/ocserv.socket
 @@ -2,8 +2,8 @@
  Description=OpenConnect SSL VPN server Socket
  

ocserv.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package ocserv
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -15,44 +15,52 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 
+
 Name:           ocserv
-Version:	0.10.11
+Version:        0.11.6
-Release:	0
+Release:        0
-License:	GPL-2.0
+Summary:        OpenConnect VPN Server
-Summary:	OpenConnect VPN Server
+License:        GPL-2.0
-Url:	http://www.infradead.org/ocserv
+Group:          Productivity/Networking/Security
-Group:	Productivity/Networking/Security
+Url:            http://www.infradead.org/ocserv
-Source:	ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz
+#Source:         ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz
-Source1:	ca.tmpl
+# released tarball has some problem, check out same thing from git
-Source2:	server.tmpl
+# git clone https://gitlab.com/ocserv/ocserv
-Source3:	user.tmpl
+# git checkout -b fce7610a
-Source4:	ocserv.SuSEfirewall
+Source:         %{name}-%{version}.tar.xz
-Source5:	ocserv.sysctl
+Source1:        ca.tmpl
-Source99:	README.SUSE
+Source2:        server.tmpl
+Source3:        user.tmpl
+Source4:        ocserv.SuSEfirewall
+Source5:        ocserv.sysctl
+Source99:       README.SUSE
 #PATCH-FIX-UPSTREAM marguerite@opensuse.org $LIBSYSTEMD_DAEMON env is not set on openSUSE
-Patch1:	%{name}-enable-systemd.patch
+Patch1:         %{name}-enable-systemd.patch
 #PATCH-FIX-UPSTREAM marguerite@opensuse.org tweak configuration
-Patch2:	%{name}.config.patch
+Patch2:         %{name}.config.patch
-BuildRequires:	autogen
+BuildRequires:  autogen
-BuildRequires:	libtool
+BuildRequires:  dbus-1-devel
-BuildRequires:	pkg-config
+BuildRequires:  freeradius-client-devel
-BuildRequires:	libgnutls-devel >= 3.1.10
+BuildRequires:  gperf
-BuildRequires:	protobuf-devel
+BuildRequires:  libev-devel
-BuildRequires:	libtalloc-devel
+BuildRequires:  libgnutls-devel >= 3.1.10
-BuildRequires:	libnl3-devel
+BuildRequires:  libnl3-devel
-BuildRequires:	readline5-devel
+BuildRequires:  libprotobuf-c-devel
-BuildRequires:	pam-devel
+BuildRequires:  libseccomp-devel
-BuildRequires:	freeradius-client-devel
+BuildRequires:  libtalloc-devel
-BuildRequires:	libseccomp-devel
+BuildRequires:  libtool
-BuildRequires:	dbus-1-devel
+BuildRequires:  pam-devel
-BuildRequires:	systemd-devel
+BuildRequires:  pkgconfig
-%if 0%{?suse_version} > 1310
+BuildRequires:  protobuf-c
-BuildRequires:	liblz4-devel
+BuildRequires:  readline5-devel
-%endif
+BuildRequires:  systemd-devel
 # /usr/bin/certtool for generating certificates
-Requires:	gnutls >= 3.1.10
+Requires:       gnutls >= 3.1.10
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %{?systemd_requires}
+%if 0%{?suse_version} > 1310
+BuildRequires:  liblz4-devel
+%endif
 
 %description
 OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to
@@ -78,19 +86,19 @@ A management interface allows for viewing and querying logged-in users.
 %setup -q
 %patch1 -p1
 %patch2 -p1
+sed -i "s/\@AUTOGEN\@/autogen/" doc/Makefile.am
 autoreconf -fiv
 
 %build
 %configure --enable-systemd \
 	--enable-seccomp \
-	--enable-linux-namespaces \
 	--disable-rpath \
 	--enable-local-libopts \
 	--enable-libopts-install
 make V=1 %{?_smp_mflags}
 
 %install
-make install DESTDIR=%{buildroot} %{?_smp_mflags}
+make %{?_smp_mflags} DESTDIR=%{buildroot} install
 
 install -Dm 0644 %{SOURCE4} %{buildroot}%{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ocserv
 install -Dm 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysctl.d/60-ocserv.conf
@@ -123,7 +131,7 @@ install -m 0644 doc/systemd/socket-activated/ocserv.service %{buildroot}%{_unitd
 
 %files
 %defattr(-,root,root)
-%doc AUTHORS ChangeLog LICENSE NEWS README.md COPYING TODO
+%doc AUTHORS LICENSE NEWS README.md COPYING TODO
 %config %{_sysconfdir}/ocserv
 %config(noreplace) %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/ocserv
 %config(noreplace) %{_sysconfdir}/sysctl.d/60-ocserv.conf
@@ -134,8 +142,8 @@ install -m 0644 doc/systemd/socket-activated/ocserv.service %{buildroot}%{_unitd
 %{_sbindir}/ocserv
 %{_unitdir}/ocserv.service
 %{_unitdir}/ocserv.socket
-%{_mandir}/man8/occtl.8.gz
+%{_mandir}/man8/occtl.8%{ext_man}
-%{_mandir}/man8/ocpasswd.8.gz
+%{_mandir}/man8/ocpasswd.8%{ext_man}
-%{_mandir}/man8/ocserv.8.gz
+%{_mandir}/man8/ocserv.8%{ext_man}
 
 %changelog