Accepting request 580001 from network:vpn

OBS-URL: https://build.opensuse.org/request/show/580001
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ocserv?expand=0&rev=5

boo1021353-ocserv-doc-racing-in-parallel-build.patch

@@ -1,513 +0,0 @@
-Index: b/doc/Makefile.am
-===================================================================
---- a/doc/Makefile.am
-+++ b/doc/Makefile.am
-@@ -10,12 +10,12 @@ ocserv.8: ../src/ocserv-args.def
- 	@AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl "$<".tmp && \
- 	rm -f "$<".tmp
- 
--occtl.8: ../src/occtl/args.def
-+occtl.8: ../src/occtl/occtl-args.def
- 	-$(SED) 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \
- 	@AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl "$<".tmp && \
- 	rm -f "$<".tmp
- 
--ocpasswd.8: ../src/ocpasswd/args.def
-+ocpasswd.8: ../src/ocpasswd/ocpasswd-args.def
- 	-$(SED) 's/@subheading \(.*\)/@*\n@var{\1}\n@*/' $< > "$<".tmp && \
- 	@AUTOGEN@ -L../src -DMAN_SECTION=8 -Tagman-cmd.tpl "$<".tmp && \
- 	rm -f "$<".tmp
-Index: b/src/occtl/Makefile.am
-===================================================================
---- a/src/occtl/Makefile.am
-+++ b/src/occtl/Makefile.am
-@@ -5,7 +5,7 @@ AM_CPPFLAGS += -I$(srcdir)/../../gl/ -I$
- 	$(LIBNL3_CFLAGS) $(LIBPROTOBUF_C_CFLAGS) $(LIBTALLOC_CFLAGS) \
- 	-I$(srcdir)/../common/ -I$(builddir)/../common/ $(CODE_COVERAGE_CFLAGS)
- 
--EXTRA_DIST = args.def
-+EXTRA_DIST = occtl-args.def
- 
- bin_PROGRAMS = occtl
- 
-Index: b/src/occtl/args.def
-===================================================================
---- a/src/occtl/args.def
-+++ /dev/null
-@@ -1,105 +0,0 @@
--AutoGen Definitions options;
--prog-name     = occtl;
--prog-title    = "OpenConnect VPN server control";
--prog-desc     = "OpenConnect VPN server control.";
--disable-save;
--no-xlate = opt;
--gnu-usage;
--config-header = config.h;
--long-opts;
--no-misuse-usage;
--short-usage   = "Usage: occtl [options] [command]\nocctl --help for usage instructions.\n";
--explain       = "";
--#include ../version.inc
--
--detail  = "Openconnect VPN server control (occtl) is a tool to control
--the ocserv VPN server.";
--
--copyright = {
--    date  = "2014-2016";
--    owner = "Red Hat";
--    author = "Nikos Mavrogiannopoulos";
--    eaddr  = "openconnect-devel@lists.infradead.org";
--    type  = gplv2;
--};
--
--help-value    = h;
--
--flag = {
--    name      = socket-file;
--    value     = s;
--    arg-type  = file;
--    descrip   = "Specify the server's occtl socket file";
--    doc   = "This option is only needed if you have multiple servers.";
--};
--
--flag = {
--    name      = json;
--    value     = j;
--    descrip   = "Output will be JSON formatted";
--    doc   = "This option can only be used with non-interactive output, e.g., 'occtl --json show users'.";
--};
--
--flag = {
--    name      = no-pager;
--    value     = n;
--    descrip   = "No pager will be used over output data";
--    doc   = "";
--};
--
--
--doc-section = {
--  ds-type = 'SYNOPSIS';
--  ds-format = 'texi';
--  ds-text   = <<-_EOT_
--Openconnect VPN server control (occtl) is a tool to control
--the ocserv VPN server.
--_EOT_;
--};
--
--doc-section = {
--  ds-type = 'DESCRIPTION';
--  ds-format = 'texi';
--  ds-text   = <<-_EOT_
--This a control tool that can be used to send commands to ocserv. When
--called without any arguments the tool can be used interactively, where 
--each command is entered on a command prompt; alternatively the tool
--can be called with the command specified as parameter. In the latter
--case the tool's exit code will reflect the successful execution of
--the command.
--_EOT_;
--};
--
--doc-section = {
--  ds-type = 'EXAMPLES';
--  ds-format = 'texi';
--  ds-text   = <<-_EOT_
--The tool can be run interactively when run with no arguments. When
--arguments are given they are interpreted as commands. For example:
--@example
--$ occtl show users
--@end example
--
--Any command line arguments to be used as options must preceed the
--command (if any), as shown below.
--@example
--$ occtl --json show users
--@end example
--_EOT_;
--};
--
--doc-section = {
--  ds-type = 'IMPLEMENTATION NOTES';
--  ds-format = 'texi';
--  ds-text   = <<-_EOT_
--This tool uses unix domain sockets to connect to ocserv.
--_EOT_;
--};
--
--doc-section = {
--  ds-type   = 'SEE ALSO';
--  ds-format = 'man';
--  ds-text   = <<-_EOText_
--ocserv(8)
--_EOText_;
--};
-Index: b/src/occtl/occtl-args.def
-===================================================================
---- /dev/null
-+++ b/src/occtl/occtl-args.def
-@@ -0,0 +1,105 @@
-+AutoGen Definitions options;
-+prog-name     = occtl;
-+prog-title    = "OpenConnect VPN server control";
-+prog-desc     = "OpenConnect VPN server control.";
-+disable-save;
-+no-xlate = opt;
-+gnu-usage;
-+config-header = config.h;
-+long-opts;
-+no-misuse-usage;
-+short-usage   = "Usage: occtl [options] [command]\nocctl --help for usage instructions.\n";
-+explain       = "";
-+#include ../version.inc
-+
-+detail  = "Openconnect VPN server control (occtl) is a tool to control
-+the ocserv VPN server.";
-+
-+copyright = {
-+    date  = "2014-2016";
-+    owner = "Red Hat";
-+    author = "Nikos Mavrogiannopoulos";
-+    eaddr  = "openconnect-devel@lists.infradead.org";
-+    type  = gplv2;
-+};
-+
-+help-value    = h;
-+
-+flag = {
-+    name      = socket-file;
-+    value     = s;
-+    arg-type  = file;
-+    descrip   = "Specify the server's occtl socket file";
-+    doc   = "This option is only needed if you have multiple servers.";
-+};
-+
-+flag = {
-+    name      = json;
-+    value     = j;
-+    descrip   = "Output will be JSON formatted";
-+    doc   = "This option can only be used with non-interactive output, e.g., 'occtl --json show users'.";
-+};
-+
-+flag = {
-+    name      = no-pager;
-+    value     = n;
-+    descrip   = "No pager will be used over output data";
-+    doc   = "";
-+};
-+
-+
-+doc-section = {
-+  ds-type = 'SYNOPSIS';
-+  ds-format = 'texi';
-+  ds-text   = <<-_EOT_
-+Openconnect VPN server control (occtl) is a tool to control
-+the ocserv VPN server.
-+_EOT_;
-+};
-+
-+doc-section = {
-+  ds-type = 'DESCRIPTION';
-+  ds-format = 'texi';
-+  ds-text   = <<-_EOT_
-+This a control tool that can be used to send commands to ocserv. When
-+called without any arguments the tool can be used interactively, where 
-+each command is entered on a command prompt; alternatively the tool
-+can be called with the command specified as parameter. In the latter
-+case the tool's exit code will reflect the successful execution of
-+the command.
-+_EOT_;
-+};
-+
-+doc-section = {
-+  ds-type = 'EXAMPLES';
-+  ds-format = 'texi';
-+  ds-text   = <<-_EOT_
-+The tool can be run interactively when run with no arguments. When
-+arguments are given they are interpreted as commands. For example:
-+@example
-+$ occtl show users
-+@end example
-+
-+Any command line arguments to be used as options must preceed the
-+command (if any), as shown below.
-+@example
-+$ occtl --json show users
-+@end example
-+_EOT_;
-+};
-+
-+doc-section = {
-+  ds-type = 'IMPLEMENTATION NOTES';
-+  ds-format = 'texi';
-+  ds-text   = <<-_EOT_
-+This tool uses unix domain sockets to connect to ocserv.
-+_EOT_;
-+};
-+
-+doc-section = {
-+  ds-type   = 'SEE ALSO';
-+  ds-format = 'man';
-+  ds-text   = <<-_EOText_
-+ocserv(8)
-+_EOText_;
-+};
-Index: b/src/ocpasswd/Makefile.am
-===================================================================
---- a/src/ocpasswd/Makefile.am
-+++ b/src/ocpasswd/Makefile.am
-@@ -6,21 +6,21 @@ AM_CPPFLAGS += -I$(srcdir)/../../gl/ -I$
- 	$(CODE_COVERAGE_CFLAGS) $(LIBGNUTLS_CFLAGS)
- 
- 
--EXTRA_DIST = args.def
-+EXTRA_DIST = ocpasswd-args.def
- 
- BUILT_SOURCES = args.c args.h
- 
- bin_PROGRAMS = ocpasswd
- 
- noinst_LIBRARIES = libcmd-ocpasswd.a
--libcmd_ocpasswd_a_SOURCES = args.def args.c args.h
-+libcmd_ocpasswd_a_SOURCES = ocpasswd-args.def args.c args.h
- 
- ocpasswd_SOURCES = ocpasswd.c
- ocpasswd_LDADD = ../../gl/libgnu.a $(NEEDED_LIBOPTS) libcmd-ocpasswd.a
- ocpasswd_LDADD += $(LIBGNUTLS_LIBS) $(LIBCRYPT) $(CODE_COVERAGE_LDFLAGS) \
- 	$(LIBNETTLE_LIBS)
- 
--args.c: $(srcdir)/args.def $(builddir)/../version.inc
-+args.c: $(srcdir)/ocpasswd-args.def $(builddir)/../version.inc
- 	if test "$(AUTOGEN)" = ":";then \
- 		rm -f $(builddir)/args.c; \
- 		rm -f $(builddir)/args.h; \
-Index: b/src/ocpasswd/args.def
-===================================================================
---- a/src/ocpasswd/args.def
-+++ /dev/null
-@@ -1,111 +0,0 @@
--AutoGen Definitions options;
--prog-name     = ocpasswd;
--prog-title    = "OpenConnect server password utility";
--prog-desc     = "OpenConnect VPN server plain password file handling program.";
--disable-save;
--no-xlate = opt;
--gnu-usage;
--config-header = config.h;
--long-opts;
--no-misuse-usage;
--short-usage   = "Usage: ocpasswd -c [passwd] [options] username\nocpasswd --help for usage instructions.\n";
--explain       = "";
--reorder-args;
--argument      = "[username]";
--#include ../version.inc
--
--detail  = "This program is openconnect password (ocpasswd) utility. It allows the generation
--and handling of a 'plain' password file used by ocserv.";
--
--copyright = {
--    date  = "2013-2016";
--    owner = "Nikos Mavrogiannopoulos";
--    author = "Nikos Mavrogiannopoulos";
--    eaddr  = "openconnect-devel@lists.infradead.org";
--    type  = gplv2;
--};
--
--flag = {
--    name      = passwd;
--    value     = c;
--    arg-type  = file;
--    descrip   = "Password file";
--    doc   = "";
--};
--
--flag = {
--    name      = groupname;
--    value     = g;
--    arg-type  = string;
--    descrip   = "User's group name";
--    doc   = "";
--};
--
--flag = {
--    name      = delete;
--    value     = d;
--    descrip   = "Delete user";
--    doc   = "Removes the specified user from the password file";
--};
--
--flag = {
--    name      = lock;
--    value     = l;
--    descrip   = "Lock user";
--    doc   = "Prevents the specified user from logging in";
--};
--
--flag = {
--    name      = unlock;
--    value     = u;
--    descrip   = "Unlock user";
--    doc   = "Re-enables login for the specified user";
--};
--
--help-value    = h;
--
--
--doc-section = {
--  ds-type = 'FILES';
--  ds-format = 'texi';
--  ds-text   = <<-_EOT_
--@subheading Password file format
--The password format of ocpasswd is as follows.
--
--@example
--username:groupname:encoded-password
--@end example
--
--The crypt(3) encoding is used for the encoded-password.
--
--_EOT_;
--};
--
--doc-section = {
--  ds-type = 'EXAMPLES';
--  ds-format = 'texi';
--  ds-text   = <<-_EOT_
--@subheading Adding a user
--@example
--$ ocpasswd -c ocpasswd my_username
--@end example
--
--@subheading Locking a user
--@example
--$ ocpasswd -c ocpasswd -l my_username
--@end example
--
--@subheading Unlocking a user
--@example
--$ ocpasswd -c ocpasswd -u my_username
--@end example
--_EOT_;
--};
--
--doc-section = {
--  ds-type   = 'SEE ALSO';
--  ds-format = 'man';
--  ds-text   = <<-_EOText_
--ocserv(8), occtl(8)
--_EOText_;
--};
-Index: b/src/ocpasswd/ocpasswd-args.def
-===================================================================
---- /dev/null
-+++ b/src/ocpasswd/ocpasswd-args.def
-@@ -0,0 +1,111 @@
-+AutoGen Definitions options;
-+prog-name     = ocpasswd;
-+prog-title    = "OpenConnect server password utility";
-+prog-desc     = "OpenConnect VPN server plain password file handling program.";
-+disable-save;
-+no-xlate = opt;
-+gnu-usage;
-+config-header = config.h;
-+long-opts;
-+no-misuse-usage;
-+short-usage   = "Usage: ocpasswd -c [passwd] [options] username\nocpasswd --help for usage instructions.\n";
-+explain       = "";
-+reorder-args;
-+argument      = "[username]";
-+#include ../version.inc
-+
-+detail  = "This program is openconnect password (ocpasswd) utility. It allows the generation
-+and handling of a 'plain' password file used by ocserv.";
-+
-+copyright = {
-+    date  = "2013-2016";
-+    owner = "Nikos Mavrogiannopoulos";
-+    author = "Nikos Mavrogiannopoulos";
-+    eaddr  = "openconnect-devel@lists.infradead.org";
-+    type  = gplv2;
-+};
-+
-+flag = {
-+    name      = passwd;
-+    value     = c;
-+    arg-type  = file;
-+    descrip   = "Password file";
-+    doc   = "";
-+};
-+
-+flag = {
-+    name      = groupname;
-+    value     = g;
-+    arg-type  = string;
-+    descrip   = "User's group name";
-+    doc   = "";
-+};
-+
-+flag = {
-+    name      = delete;
-+    value     = d;
-+    descrip   = "Delete user";
-+    doc   = "Removes the specified user from the password file";
-+};
-+
-+flag = {
-+    name      = lock;
-+    value     = l;
-+    descrip   = "Lock user";
-+    doc   = "Prevents the specified user from logging in";
-+};
-+
-+flag = {
-+    name      = unlock;
-+    value     = u;
-+    descrip   = "Unlock user";
-+    doc   = "Re-enables login for the specified user";
-+};
-+
-+help-value    = h;
-+
-+
-+doc-section = {
-+  ds-type = 'FILES';
-+  ds-format = 'texi';
-+  ds-text   = <<-_EOT_
-+@subheading Password file format
-+The password format of ocpasswd is as follows.
-+
-+@example
-+username:groupname:encoded-password
-+@end example
-+
-+The crypt(3) encoding is used for the encoded-password.
-+
-+_EOT_;
-+};
-+
-+doc-section = {
-+  ds-type = 'EXAMPLES';
-+  ds-format = 'texi';
-+  ds-text   = <<-_EOT_
-+@subheading Adding a user
-+@example
-+$ ocpasswd -c ocpasswd my_username
-+@end example
-+
-+@subheading Locking a user
-+@example
-+$ ocpasswd -c ocpasswd -l my_username
-+@end example
-+
-+@subheading Unlocking a user
-+@example
-+$ ocpasswd -c ocpasswd -u my_username
-+@end example
-+_EOT_;
-+};
-+
-+doc-section = {
-+  ds-type   = 'SEE ALSO';
-+  ds-format = 'man';
-+  ds-text   = <<-_EOText_
-+ocserv(8), occtl(8)
-+_EOText_;
-+};

ocserv-0.11.10.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:52c821dcd234a8f0d61f440ce3c80d0b23051d7fbd74c6d47dc2b884ae25966a
+size 784420

ocserv-0.11.6.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:93203b344644f1a97ae7ca3cf08853c3f9793a1555e85366e16c425b8d65151e
-size 567552

ocserv-LZ4_compress_default.patch

@@ -0,0 +1,16 @@
+Index: ocserv-0.11.10/src/worker-http.c
+===================================================================
+--- ocserv-0.11.10.orig/src/worker-http.c
++++ ocserv-0.11.10/src/worker-http.c
+@@ -137,7 +137,11 @@ int lz4_compress(void *dst, int dstlen,
+ {
+ 	/* we intentionally restrict output to srclen so that
+ 	 * compression fails early for packets that expand. */
++#ifdef LZ4_COMPRESS_DEFAULT
+ 	return LZ4_compress_default(src, dst, srclen, srclen);
++#else
++	return LZ4_compress_limitedOutput(src, dst, srclen, srclen);
++#endif
+ }
+ #endif
+ 

ocserv.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Sat Feb 24 05:43:55 UTC 2018 - i@marguerite.su
+
+- update version 0.11.10
+  * see NEWS
+- drop boo1021353-ocserv-doc-racing-in-parallel-build.patch
+  * upstreamed
+- add ocserv-LZ4_compress_default.patch
+  * leap doesn't have LZ4_compress_default
+
 -------------------------------------------------------------------
 Thu May 11 08:35:51 UTC 2017 - dimstar@opensuse.org
 

ocserv.config.patch

@@ -1,8 +1,8 @@
-Index: b/doc/sample.config
+Index: ocserv-0.11.10/doc/sample.config
 ===================================================================
---- a/doc/sample.config
+--- ocserv-0.11.10.orig/doc/sample.config
-+++ b/doc/sample.config
++++ ocserv-0.11.10/doc/sample.config
-@@ -41,7 +41,7 @@
+@@ -47,7 +47,7 @@
  #auth = "pam"
  #auth = "pam[gid-min=1000]"
  #auth = "plain[passwd=./sample.passwd,otp=./sample.otp]"
@@ -11,7 +11,7 @@ Index: b/doc/sample.config
  #auth = "certificate"
  #auth = "radius[config=/etc/radiusclient/radiusclient.conf,groupconfig=true]"
  
-@@ -74,8 +74,8 @@ auth = "plain[passwd=./sample.passwd]"
+@@ -80,8 +80,8 @@ auth = "plain[passwd=./sample.passwd]"
  #listen-host-is-dyndns = true
  
  # TCP and UDP port number
@@ -22,7 +22,7 @@ Index: b/doc/sample.config
  
  # Accept connections using a socket file. It accepts HTTP
  # connections (i.e., without SSL/TLS unlike its TCP counterpart),
-@@ -110,8 +110,8 @@ socket-file = /var/run/ocserv-socket
+@@ -124,8 +124,8 @@ socket-file = /var/run/ocserv-socket
  #
  # There may be multiple server-cert and server-key directives,
  # but each key should correspond to the preceding certificate.
@@ -33,7 +33,7 @@ Index: b/doc/sample.config
  
  # Diffie-Hellman parameters. Only needed if you require support
  # for the DHE ciphersuites (by default this server supports ECDHE).
-@@ -137,7 +137,7 @@ server-key = ../tests/certs/server-key.p
+@@ -151,7 +151,7 @@ server-key = ../tests/certs/server-key.p
  # The Certificate Authority that will be used to verify
  # client certificates (public keys) if certificate authentication
  # is set.
@@ -42,7 +42,7 @@ Index: b/doc/sample.config
  
  
  ### All configuration options below this line are reloaded on a SIGHUP.
-@@ -157,7 +157,7 @@ ca-cert = ../tests/certs/ca.pem
+@@ -171,7 +171,7 @@ ca-cert = ../tests/certs/ca.pem
  # the isolation was tested at. If you get random failures on worker processes, try
  # disabling that option and report the failures you, along with system and debugging
  # information at: https://gitlab.com/ocserv/ocserv/issues
@@ -51,8 +51,8 @@ Index: b/doc/sample.config
  
  # A banner to be displayed on clients
  #banner = "Welcome"
-@@ -204,7 +204,7 @@ dpd = 90
+@@ -234,7 +234,7 @@ mobile-dpd = 1800
- mobile-dpd = 1800
+ switch-to-tcp-timeout = 25
  
  # MTU discovery (DPD must be enabled)
 -try-mtu-discovery = false
@@ -60,7 +60,7 @@ Index: b/doc/sample.config
  
  # If you have a certificate from a CA that provides an OCSP
  # service you may provide a fresh OCSP status response within
-@@ -362,8 +362,8 @@ rekey-method = ssl
+@@ -398,8 +398,8 @@ rekey-method = ssl
  # STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes 
  # output from the tun device, and the duration of the session in seconds.
  
@@ -71,7 +71,7 @@ Index: b/doc/sample.config
  
  # UTMP
  # Register the connected clients to utmp. This will allow viewing
-@@ -433,7 +433,8 @@ ipv4-netmask = 255.255.255.0
+@@ -469,7 +469,8 @@ ipv4-netmask = 255.255.255.0
  # The advertized DNS server. Use multiple lines for
  # multiple servers.
  # dns = fc00::4be0
@@ -81,7 +81,7 @@ Index: b/doc/sample.config
  
  # The NBNS server (if any)
  #nbns = 192.168.1.3
-@@ -472,8 +473,8 @@ ping-leases = false
+@@ -508,8 +509,8 @@ ping-leases = false
  # comment out all routes from the server, or use the special keyword
  # 'default'.
  
@@ -92,10 +92,10 @@ Index: b/doc/sample.config
  #route = fef4:db8:1000:1001::/64
  #route = default
  
-Index: b/doc/systemd/socket-activated/ocserv.socket
+Index: ocserv-0.11.10/doc/systemd/socket-activated/ocserv.socket
 ===================================================================
---- a/doc/systemd/socket-activated/ocserv.socket
+--- ocserv-0.11.10.orig/doc/systemd/socket-activated/ocserv.socket
-+++ b/doc/systemd/socket-activated/ocserv.socket
++++ ocserv-0.11.10/doc/systemd/socket-activated/ocserv.socket
 @@ -2,8 +2,8 @@
  Description=OpenConnect SSL VPN server Socket
  

ocserv.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package ocserv
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           ocserv
-Version:        0.11.6
+Version:        0.11.10
 Release:        0
 Summary:        OpenConnect VPN Server
 License:        GPL-2.0
@@ -38,8 +38,8 @@ Source99:       README.SUSE
 Patch1:         %{name}-enable-systemd.patch
 #PATCH-FIX-UPSTREAM marguerite@opensuse.org tweak configuration
 Patch2:         %{name}.config.patch
-#PATCH-FIX-UPSTREAM marguerite@opensuse.org avoid racing problem when building documentation in parallel
+#PATCH-FIX-OPENSUSE marguerite@opensuse.org leap doesn't have LZ4_compress_default
-Patch3:         boo1021353-ocserv-doc-racing-in-parallel-build.patch
+Patch3:         %{name}-LZ4_compress_default.patch
 BuildRequires:  autogen
 BuildRequires:  dbus-1-devel
 BuildRequires:  freeradius-client-devel