Accepting request 796111 from home:mnhauke:network

- Add signature and keyring for source verification - Build with support for maxminddb - Build with support for OATH - Update to version 1.0.1 * Prevent clients that use broken versions of gnutls from connecting using DTLS. * occtl: added machine-readable fields in json output. * occtl: IPs in ban list value is now reflecting the actual banned IPs rather than the database size. - Update to version 1.0.0 * Avoid crash on invalid configuration values. * Updated manpage generation to work with newer versions of ronn. * Ensure scripts have all the information on all disconnection types. * Several updates to further restrict the control that worker processes have on the main process. * Add support for RFC6750 bearer tokens. This adds the "auth=oidc" config option. See doc/README-oidc.md for more information. * Add USER_AGENT, DEVICE_TYPE and DEVICE_PLATFORM environment variables when connect/disconnect scripts execute. * Corrected issue with DTLS-PSK negotiation which prevented it from being enabled. * Improved IPv6 handling of AnyConnect client for Apple ios. * Fixed issue with Radius accounting. - Update to version 0.12.6 * Improved IPv6 support for anyconnect clients. * The 'split-dns' configuration directive can be used per-user. * The max-same-clients=1 configuration option no longer refuses the reconnection of an already connected user. * Added openat() to the accepted list of seccomp calls. This OBS-URL: https://build.opensuse.org/request/show/796111 OBS-URL: https://build.opensuse.org/package/show/network:vpn/ocserv?expand=0&rev=30
2020-07-03 11:12:30 +00:00 · 2020-07-03 11:12:30 +00:00 · ecec316348
commit ecec316348
parent da1b247839
6 changed files with 176 additions and 10 deletions
--- a/ocserv-0.12.3.tar.xz
+++ b/ocserv-0.12.3.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:42f8f459dae6f88862d4098997d8f5668d97439ec78beede3985f6ff24d91edd
-size 683632
--- a/ocserv-1.0.1.tar.xz
+++ b/ocserv-1.0.1.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:59d9ef7a1aeb95ff6e762e2a0f231b3fae2ea420f68a1cf09d39a26395040f4b
+size 787800
--- a/ocserv-1.0.1.tar.xz.sig
+++ b/ocserv-1.0.1.tar.xz.sig
--- a/ocserv.changes
+++ b/ocserv.changes
@ -1,3 +1,52 @@
+-------------------------------------------------------------------
+Tue Apr 21 17:20:49 UTC 2020 - Martin Hauke <mardnh@gmx.de>
+
+- Add signature and keyring for source verification
+- Build with support for maxminddb
+- Build with support for OATH
+- Update to version 1.0.1
+  * Prevent clients that use broken versions of gnutls from
+    connecting using DTLS.
+  * occtl: added machine-readable fields in json output.
+  * occtl: IPs in ban list value is now reflecting the actual
+    banned IPs rather than the database size.
+- Update to version 1.0.0
+  * Avoid crash on invalid configuration values.
+  * Updated manpage generation to work with newer versions of ronn.
+  * Ensure scripts have all the information on all disconnection
+    types.
+  * Several updates to further restrict the control that worker
+    processes have on the main process.
+  * Add support for RFC6750 bearer tokens. This adds the "auth=oidc"
+    config option. See doc/README-oidc.md for more information.
+  * Add USER_AGENT, DEVICE_TYPE and DEVICE_PLATFORM environment
+    variables when connect/disconnect scripts execute.
+  * Corrected issue with DTLS-PSK negotiation which prevented it
+    from being enabled.
+  * Improved IPv6 handling of AnyConnect client for Apple ios.
+  * Fixed issue with Radius accounting.
+- Update to version 0.12.6
+  * Improved IPv6 support for anyconnect clients.
+  * The 'split-dns' configuration directive can be used per-user.
+  * The max-same-clients=1 configuration option no longer refuses
+    the reconnection of an already connected user.
+  * Added openat() to the accepted list of seccomp calls. This
+    allows ocserv to run under certain libcs.
+- Update to version 0.12.5
+  * Added configuration option udp-listen-host. This option
+    supports different listen addresses for tcp and udp such as
+    haproxy for tcp, but support dtls at the same time.
+  * occtl: fixed json output of show status command. Introduced
+    tests for checking its json output using yajl.
+  * occtl: use maxminddb when available.
+- Update to version 0.12.4
+  * Added support for radius access-challenge (multifactor)
+    authentication.
+  * Fixed race condition when connect-script and disconnect-script
+    are set, which could potentially cause a crash.
+  * Perform quicker cleanup of sessions which their user explicitly
+    disconnected.
+
 -------------------------------------------------------------------
 Thu Dec 19 14:56:10 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>

--- a/ocserv.keyring
+++ b/ocserv.keyring
@ -0,0 +1,117 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGRBEgd5bQBDCDc8Z7h2Damx3Xm+kMFXMKHqVUdPOqvcFT0c1gnQ9LPw3JiswvB
+dM3SBRb2LxtEAnXt0Bw8WBbcCF9s05h8xjCSLDmBwQ1EBEeTvUN18TgeM6t4rNTZ
+NrXl5wRmvkAzdO+EOHWx2gDRApLbdkkBK21+M6HPhtqRiMWK6zd5bPmiiAKNRv0G
+aC71qUpdNSrWVzB02s8+LUivwH+kUksMX2nXps7b6RPhQyFl6FSv0LsHDd3yxRrB
+JIikUAsSnQbDSPws+Srq1VFLhaARiPF2tg7ag1n4qbbZiK3XOSjK3X+b2XkdZrWY
+7orBke/J1cMv/9XnqtsE1P1EYcuPk34yxjz/E5+0vf8DlzQ86c2DHRCpr81XV3qD
+tNeouQFLDI1kkpG6QTY3S2SPMUht8V8JxhqBzbjWZmKGUf1ISYI2p9FqtXF4rL2D
+u1QLPQGLwqYaUvnGCYFxEMpnDcYheF6zOUtow527WgrJcATDXW/HCzidwi2+o/cU
+bdCeYOiN28IMCOIBJZjLABEBAAG0KU5pa29zIE1hdnJvZ2lhbm5vcG91bG9zIDxu
+bWF2QGdudXRscy5vcmc+iQHYBBMBCAA+FiEEH0JBiQXYIGqnVMzcKe5YuZaGUXEF
+Al4XSloCGwMFCSWYBgAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQKe5YuZaG
+UXFSTwwfQytoBEKigUPJjHmVtmnGto5uqF2oR8x/uFYIn0wX2Pq+eyNQVhHlcWxg
+J1XiifCcBYLlvUujLIBhk5/InEReMwGWUVtnI+EgEosw7Y3VK3u+GAIggDLhvWlN
+vJspD/KTcQDq6psO8SQ30vM2CXK7q0q1TQk+cfiTYx+Pha8+xxaCkUTmDGuwQSvb
+KinsBJZngT7Wq99MAyPYT86ybd7EQz+WbxgDAwabqgcdmkdcQF6Cg4TJKNB90KQ
+ZW9STisQeIE/+IGJIxt82Dqp6IOKtmCQhfgw+bW0M/Q9RVptoQeCzPtRKCiCk3zM
+hldGWxZoQKiCejp0KzDbcciiPZ3FeW3eHgKTlSWfjlVXgDIoQ/byW7zoo4rm3j0e
+fDJlsfRK6bi29J6yTLq9OyBk9hpCPmJcc6qe0TDvkzUGtrUd9CvbfWKCOiMLl2Ky
+hS5BpKPfSziRDNqUwOZy1DpjNFqk3peHLsDfSgWOYfihVBpHGAqC6awpKi8rda+h
+XiW5RT2KY+yatbQrTmlrb3MgTWF2cm9naWFubm9wb3Vsb3MgPG5tYXZAaHVzaG1h
+aWwuY29tPokB2AQTAQgAPhYhBB9CQYkF2CBqp1TM3CnuWLmWhlFxBQJeF0pcAhsD
+BQklmAYABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJECnuWLmWhlFx7A4MHi/V
+IUQUQEeQprKxxNVuBN+2e87JzAAqyvOBRa1pfYnDpOmVVn2AKq2DTlWoEiAFRXTE
+5tiJjxG4oHPoTiqUuIVxnoJwyVvPBsyaeX1CNRp9y+CxYCXsRAxTRzpzShsX36nk
+Cax87NEIeBhzgun9iyqcKHqc3rRxXLQJgcM/7smC8+5YWXiuVNEILf9psyJJvyci
+H7fexxKleAkCnTN9Nkb9r77Mz9RddaGetZztThSIO5Es3wzfXGoP4w5wrKxNsJ0g
+Hki4xfDxdlPijUxjFsS1HHVABqzy2+J/0CKCafTroEKfaWC31HFYqoqEbpwNSJoE
+38a63hxx0NlHPoVBDzrfQ7IXa9BGNSQ65QbfKNsMGQfexzXpC9r5DMReg7dKBB2Q
+scTNYR83Y8k59domfxypDYUTdIk/pAp0IPiL+hpjX9gN6AOlRYo6X3JTRz893VLh
+kH/kCWVTwQtaoORVCsj5kL3L0S2Dtqn3+9Ztit28f6Zs20nQcBDqQhdRHfvH7ZNU
+4By0N05pa29zIE1hdnJvZ2lhbm5vcG91bG9zIDxuLm1hdnJvZ2lhbm5vcG91bG9z
+QGdtYWlsLmNvbT6JAdgEEwEIAD4WIQQfQkGJBdggaqdUzNwp7li5loZRcQUCXhdK
+XAIbAwUJJZgGAAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAp7li5loZRcfyK
+DB0TrmubgZfD38mRtbGBVshrqaD/uWK4xw4GFQI65Iy+gnp0lDAVeC/raz28nRzR
+vcs+46Fr5Eg/eRzA8k4cYrMA5QvuJ0MBIdGT7jdGOMY/YChYayvPlbuPqFXIDkTp
+pQkDLPob0YJbAev2rYxnadlMrKueHfMn+2+zFGXbhWWXzZywJ7lLif8ofXe5YOo8
+UQqbV/Eft3WnVmr7cMo5zzBk5u6dGcdh8/BtyoCnkLMY9KfVdE3aa+VBR2rVNFSk
+9pOBsJaZtsN7ibOnwwUb40ZOuOtpHM+ZDM0n5caWSHt9zc+zrFrug+9B91dTnGVQ
+1mDqjStxU2Gtclwepq95rOpaYJoq8aYePZa/5ymSHA8faMAx47SOfHDvh8Rhuf7K
+pnPRghl0hDs16w9npvdv69uAU4qe2yZrEiY1WMxCdENiPoK+1KR2G+k5bIfnxYp7
+AcDlC/f34Ftidwe2yyC2wunVns/nv/IAFlgAvfGUVXjBiZhb63riocqueomX1Log
+6tBF0RQ1uQENBEgd5i0BCAC/9nfIuUtQnpG3ldqumR6XsaWBYCO/BjSQjv31Nv+q
+/5u82RP9vPD/SdQ29Dl8WPiG3KbiwHs8vo1geGgWaMtqwuXP8HxMCvXai1JCSRPD
+m2wDIJEWTvvlcvTKAsNxXMfMm9EgTw5/Xq5JEjQ7kSjdyJgG8FUgx+OThweVJEQr
+fGN2zLqL9p+D7kheqMY3EindaE4kPgNYFJQDDaS1vcyudeNcHKCJ1S5+uWPJS15Q
+qguOcl+4PN26ezW73uPug6bXxC6JKCfCTWBlJBa5KjJQFz3JBofbvuyeU9n80rdo
+Oik8fknv3m/W55JyBC3Okuv8t7tyoz7iS/fSGrrHtPNLABEBAAGJAsgEGAECAA8F
+Akgd5i4CGwIFCRLMAwABKQkQKe5YuZaGUXHAXSAEGQECAAYFAkgd5i4ACgkQnV6q
+9pATuEIxSAgAhmaI+89sebZC94mF1GtOuEFs8tpCbBw/RJhO6AAAPjlzSvY1m1TW
+HlqCSrCPthJZ+Hb4Tzcf+PNbGd0YnU2kslFML4MY7tX1fjGi+xU8Z2xHFw7jR+E4
+7QM1fOPVIcGWfXWwQkvTq74hH3WhSBbhYKEQmTbza8oRUcwjD6i9qH44CYDXy7V
+CYPWyy+12lnwur0NEtSbJ5RW6ZuhvvrBsuz0cAuHiXdN7wdpJ9lYa7tgZUW6GWJM
+NcJpTRQffYUslJKffyo2YEsD9VY9SlYzcSZ0+aFCxRm/eie+UNxGuSkOJ90Umkg1
+QlVuXadtVtlbTldm7k80IDviZAQzOk4Tg1RPDB9jXo31FlX0DeogAEksPjx2VUk1
+gQv9vD+x+HVmESsX0tWgh4G2rSkia7d/XclmEmHDws3y+T0YnvymQpPPfsl9iRZA
+CTJCXIXSl1f3GOMRn5XkFQQ4BwQ6Tm7OL+65so1cRrJ9Y1NR4+/OlVrEYwFEIphi
+pzx7MwMwaUinMMKjv3VS5BMkRbbqVUDgyu5i3pH9U2UjzYNjwn9+HJu6lyrT8a4M
+jQakYZ+qDpIofnf6uOqAIOWRR2fyuOMgzF/7UjIIR5N5StpisXwgzfgNAIVTdqWK
+ly/zT38XJqju2cJ1zYnyLIbsHYfE6A47rfUep9ja3RMBMRA8hm+N5ny3cUCTFrVN
+X3S488YbzNRP6X/BRH+8K22oaVdAHoWYrpnblWZB/OzQnL2R89JwdAG0KnilSRAP
+Ez3UeSus2uGlQJ+TwCshisV3sUS4uyFhHHvtzgInfOwCCAeLZuc16crGYQD2h0VX
+sAdjT2RtAj1iVmUBLHPH8F+WPSJmtSaNlS/Fe9qobJKiuQENBEgd5mkBCADHDPwG
+FZSRYZncDpMQfdpr9EYnUqLfN8Nixiut9TdaAIn9GDatlykj08x65r/5LonRxJcb
+vfHwvvBnRfa4q/5kKAzTtY4AUGVIaNP0Dkrq9PBUwD9F3N9ouPStCfg4RoTzUruI
+LQ0rQ2h89sGdpO4Gp4yJqNjj1+SfK6i/mLgGG8ibpA/B1bDdMHsDJVxbE6jT2Rua
+T5FuxrMus4lq4NYSuPhIEUQ1uQsKF/lX3E9DtyOi9LLkCui2+F35XzX/6/JG4MU4
+0Z7jmPe3aqR3GT2Vxk5HnVN2yI/hn2FPqoGtnR2FR6k1lrdMKcFG2StcaJW7ukY2
+Yt0/SHpad5hJP7nJABEBAAGJAakEGAECAA8FAkgd5mkCGwwFCRLMAwAACgkQKe5Y
+uZaGUXF4JAwgrepkeOv9HYK+vr0bloTgJ/kWUeXZvhbFX0eMxCFaktaYIglWE5WP
+qcyf1U3IXa0YxKoFa6t6mYeRzUI7kTTzQLbiG2KjnLXBqDzMHZP/s9T2UUuq3RSB
+nf2aedbfAu9HDpts9VHyv1oJnpkOY2OjM/1OYOlE3s45pE9wBZWxRVnVBbcE3hb4
+2yr5kBKLEzlaDqhcxj2wpZu+ALmoYOs3gmtXout0GVMZlxTWFQldh9FmWXhsd/9E
+Q9p1bczt1hapalhQSKgwzRpkZtsM/8WE9nC3aF4iTmU/DzIt/rCFJ7+saAc3KFQM
+RPWEgpJ/XWx9OZmDes8U3LvfJ/RWzb0JNw7at3axQzoaEOS5Hcyon60VuG2SB8Au
+Iq8L3CGOHwnruKnZLPBCrqo8JavRsBI0r5RIB9Kg7M2QVc2Zs1R/UNxrZ/07vjzD
+EV5TmvSOWDVKug+yLclkeDj6Q1wL39vlvtgGu+KOYsyHHIFLLFg2v5gRlEG+TJvw
+my+mLoYj82eDq0dfoLkBDQRaeUDpAQgAsNl4EliTztpzahvKFW5UGbdFZ0IfumlC
+CyuIKW6Tl8k5IqCmupVab74CgQarThH6I0zLGj+rFWOsl8ioak+VhoTt5HfoTzIv
+eIU5mrLcL+hgSLfmsofNJG/zUNcTDy+oJPFCEMEbFbzArwYTkJbtK7lC9bc0nCVZ
+PVwWkFLjK2FB0gObZlfVzrHMh07O3OZnDEmt4DPHuUxy5jttD2XyOQvc5xZFhQZC
+MuO81dc+wuoDhu37vGuV0pDHEknLNjQdY0JHgzNJYDRdaeI8q6jF5XH1067ftyzF
+uhMoFH2aNe3pm6Ns9IfQo51AYZYvwjYzBfHnK+BA+wRyQoPcA/jMuQARAQABiQL2
+BBgBCAAmFiEEH0JBiQXYIGqnVMzcKe5YuZaGUXEFAlp5QOkCGwIFCRLMAwABQAkQ
+Ke5YuZaGUXHAdCAEGQEIAB0WIQRZ+7Vcp/OoqwxQN3PYHEiH8WeaZQUCWnlA6QAK
+CRDYHEiH8WeaZTZrB/4ofixTAgSc3vlTSDsTu5v9oP3FvHYcJ0KqAr4hS5qxviul
+TXdCkqL4/KhvsqVXgKLj64nD1y+VRuR5soVZ1u7JQTVd9jjERlI1NH4cvpukTq+5
+G5bF/+7iBPAHSGaTcVndZHXxn69Q7bnliz7+rTnkYtuldk5g032W11wnwatCrKC2
+Z+QYqbhC/sMGVbxSGP1tkWqXoCJ5Mh8Bdit8+4qafd+wHbOOLNLHGYUKBoeRUwR0
+7N8YhH7eJxfVV0sBLDLngtO5T06VjQsVeUJuLqhtoU/oz5ellCIvzipRzgRNWyUN
+cuIS5Wi1C6tO+Eatw94+eSbLom5M57EyGyJiRo3t2BUMIIW8xNuGy/YTGRFT7l2c
+71SWHjY50DbNl+JCjyAOitLtEGLtHJJtxv9AmmlHJ+CLDw0Ctm2j3xgk2KbkeHQK
+pai8d8Fee4rzsVU9WanUX8hg7yv3IXEdFpIJaNMKkeedmCrTMPrhz1TthyJSBbLN
+8tKrLdv5IPOvGQIrJdsaVByZFDuxbNSKqonVvVYDxA+xM76E+8AuRlBcYtzyblXI
+wIUa+kkGdhBQGp0hBdAqYKq4iFWRVlqy44M7Xt8RUk1yu9u2+c+BcitOnlqYOImO
+p2THhjNGeLi7GDqtwizGNSEz1p76vOUErvcwR7DNyVcyuYrD/HVV4Qp16Njy0hnH
+A67NB23CB7IN5tyJ8GsRHb/wPd/78tJedeJUJ5LO6FdbvNV2SdFzKYfUVGmWcAPM
+5sgB02UG6/Hphag092gfOnqeArAWg3pk6NWysWC6pBZWRNMvExnRf3kHIAn4j3su
+UohuPhr7nKIEoUtIbB6IorGj9shVi91hIcYiM9mFvkUJ5cp81a+5AQ0EWnlBCgEI
+ALVO9ZzEdre381rsxAr9JLM1uCrb00t1PrYlfrG1uaYCnx1MpRE+kRZsr94WhZcc
+N6hzjdU50LnKx5ZKZkrqQ9oQf9cl+ZzNIasc8+bopJyXy7cVvOMZlojsqxQLHDD/
+w9IZTLnnGtSjpF0jpAg+g9dPimEhG9o9+fhQxxzAzh22aIbqFKW2CwV6NsNbQ5i6
+UmIWWkz+CQ0Me5xJXz7G7EdBtNeGEQ6bi1AthaxW1fMGLqujL6dSS4QVYMOdqXYS
+gnboI6CZJqJgvDYSuQJrmOWtHziUP7cMHQVirePvsnc/vpZ5lNoGml0kMlEsDwwo
+3nPvxQdXNGSezt3rXlq0Ot0AEQEAAYkBwAQYAQgAJhYhBB9CQYkF2CBqp1TM3Cnu
+WLmWhlFxBQJaeUEKAhsMBQkSzAMAAAoJECnuWLmWhlFxRecMHix2Ljo9c4jinJwy
+zWXad5EWbI1pck1I9wrq69HXJiW18O1luWWF+fBOHFWCEh/ucceH0V65ES4G4TdH
+F0R7QRA8jbSJ25KjKhvWghBou6JLYDvRcY/Aogqt57BBnsFlMIxVsT8OiI5zWsW6
+kaDTACVbRTlKWXzcACg68eYVE0oi+Pfdfcmtw0gu6TRDMwFuQ3xHxET+WrxOqmRY
+2DFQ8VRSHpGaAieKQiKLU3mVnLD9zXiY8U7ZgO1MWVKtyVFcxgor0kYBakMihKw0
+5uBg6ubkGj2l1kmmHrfEjakyG7C4BW3JW9XngEbOGb7P1cICe7lOuZw/BQxvYdv/
+Q6w4cKBXAKFFOu2kWPIQ0xdCQt0ENguDS1W721k2MYJs+u4fNjhqMO+SDMEdwwMe
+Ex2FwjqXlukICekdhEE8tEzy/0VhsYT3tP2D9K7XDhmdmM+iKZ7Ql6IIHyk8Kd+W
+3EWGQ2clDsYJWHvC6y7KAH2onmxM2h6VDGm82/j5F/jhskwdrGfOLnE=
+=GCTz
+-----END PGP PUBLIC KEY BLOCK-----
--- a/ocserv.spec
+++ b/ocserv.spec
@ -1,7 +1,7 @@
 #
 # spec file for package ocserv
 #
-# Copyright (c) 2019 SUSE LLC
+# Copyright (c) 2020 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -17,17 +17,15 @@


 Name:           ocserv
-Version:        0.12.3
+Version:        1.0.1
 Release:        0
 Summary:        OpenConnect VPN Server
 License:        GPL-2.0-only
 Group:          Productivity/Networking/Security
 URL:            http://www.infradead.org/ocserv
-#Source:         ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz
-# released tarball has some problem, check out same thing from git
-# git clone https://gitlab.com/ocserv/ocserv
-# git checkout -b fce7610a
-Source:         %{name}-%{version}.tar.xz
+Source:         ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz
+Source100:      ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig
+Source101:      %{name}.keyring
 Source1:        ca.tmpl
 Source2:        server.tmpl
 Source3:        user.tmpl
@ -49,6 +47,7 @@ BuildRequires:  freeradius-client-devel
 BuildRequires:  gperf
 BuildRequires:  libev-devel
 BuildRequires:  libgnutls-devel >= 3.1.10
+BuildRequires:  libmaxminddb-devel
 BuildRequires:  libnl3-devel
 BuildRequires:  libprotobuf-c-devel
 BuildRequires:  libseccomp-devel
@ -58,6 +57,7 @@ BuildRequires:  pam-devel
 BuildRequires:  pkgconfig
 BuildRequires:  protobuf-c
 BuildRequires:  readline-devel
+BuildRequires:  pkgconfig(liboath)
 BuildRequires:  pkgconfig(libsystemd)
 BuildRequires:  rubygem(ronn)
 # /usr/bin/certtool for generating certificates