diff --git a/ocserv-1.1.3.tar.xz b/ocserv-1.1.3.tar.xz deleted file mode 100644 index 93f66c9..0000000 --- a/ocserv-1.1.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1ab70c6e6ea36b613e8e171fc03b6081c4312a45ee52cc2959c068c27324107e -size 833320 diff --git a/ocserv-1.1.3.tar.xz.sig b/ocserv-1.1.3.tar.xz.sig deleted file mode 100644 index 1c60e62..0000000 Binary files a/ocserv-1.1.3.tar.xz.sig and /dev/null differ diff --git a/ocserv-1.1.6.tar.xz b/ocserv-1.1.6.tar.xz new file mode 100644 index 0000000..f886200 --- /dev/null +++ b/ocserv-1.1.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6a6cbe92212e32280426a51c634adc3d4803579dd049cfdb7e014714cc82c693 +size 839744 diff --git a/ocserv-1.1.6.tar.xz.sig b/ocserv-1.1.6.tar.xz.sig new file mode 100644 index 0000000..c06d1ef Binary files /dev/null and b/ocserv-1.1.6.tar.xz.sig differ diff --git a/ocserv.changes b/ocserv.changes index 04f9ee7..c324303 100644 --- a/ocserv.changes +++ b/ocserv.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Sun Aug 14 14:11:34 UTC 2022 - Michael Du + +- Update to version 1.1.6 + * Fixed compatibility with clients on Windows ARM64. + * Added futex() to the accepted list of seccomp. + It is required by Fedora 36’s libc. + * Work around change of returned error code in GnuTLS 3.7.3 + for gnutls_privkey_import_x509_raw(). + +- Changes in version 1.1.5 + * Fixed manpage output. + +- Changes in version 1.1.4 + * Added newfstatat() and epoll_pwait() to the accepted list of + seccomp calls. This improves compatibility with certain libcs + and aarch64. + * Do not allow assigning the same IPv6 as tun device address and + to the client. This allows using /127 as prefix (#430). + ------------------------------------------------------------------- Mon Jun 20 07:49:38 UTC 2022 - Dominique Leuenberger diff --git a/ocserv.config.patch b/ocserv.config.patch index 039d934..838b239 100644 --- a/ocserv.config.patch +++ b/ocserv.config.patch @@ -1,5 +1,5 @@ diff --git a/doc/sample.config b/doc/sample.config -index 6a677c9..1cd1d96 100644 +index 0e33484f..60ab3e93 100644 --- a/doc/sample.config +++ b/doc/sample.config @@ -48,7 +48,7 @@ @@ -40,9 +40,9 @@ index 6a677c9..1cd1d96 100644 -ca-cert = ../tests/certs/ca.pem +ca-cert = /etc/ocserv/certificates/ca-cert.pem - - ### All configuration options below this line are reloaded on a SIGHUP. -@@ -174,7 +174,7 @@ ca-cert = ../tests/certs/ca.pem + # The number of sub-processes to use for the security module (authentication) + # processes. Typically this should not be set as the number of processes +@@ -180,7 +180,7 @@ ca-cert = ../tests/certs/ca.pem # the isolation was tested at. If you get random failures on worker processes, try # disabling that option and report the failures you, along with system and debugging # information at: https://gitlab.com/ocserv/ocserv/issues @@ -51,7 +51,7 @@ index 6a677c9..1cd1d96 100644 # A banner to be displayed on clients after connection #banner = "Welcome" -@@ -242,7 +242,7 @@ mobile-dpd = 1800 +@@ -249,7 +249,7 @@ mobile-dpd = 1800 switch-to-tcp-timeout = 25 # MTU discovery (DPD must be enabled) @@ -60,7 +60,7 @@ index 6a677c9..1cd1d96 100644 # To enable load-balancer connection draining, set server-drain-ms to a value # higher than your load-balancer health probe interval. -@@ -412,8 +412,8 @@ rekey-method = ssl +@@ -415,8 +415,8 @@ rekey-method = ssl # STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes # output from the tun device, and the duration of the session in seconds. @@ -71,8 +71,8 @@ index 6a677c9..1cd1d96 100644 # This script is to be called when the client's advertised hostname becomes # available. It will contain REASON with "host-update" value and the -@@ -491,7 +491,8 @@ ipv4-netmask = 255.255.255.0 - # The advertized DNS server. Use multiple lines for +@@ -506,7 +506,8 @@ ipv4-netmask = 255.255.255.0 + # The advertised DNS server. Use multiple lines for # multiple servers. # dns = fc00::4be0 -dns = 192.168.1.2 @@ -81,7 +81,7 @@ index 6a677c9..1cd1d96 100644 # The NBNS server (if any) #nbns = 192.168.1.3 -@@ -530,8 +531,8 @@ ping-leases = false +@@ -545,8 +546,8 @@ ping-leases = false # comment out all routes from the server, or use the special keyword # 'default'. @@ -92,7 +92,7 @@ index 6a677c9..1cd1d96 100644 #route = fef4:db8:1000:1001::/64 #route = default -@@ -698,18 +699,18 @@ dtls-legacy = true +@@ -719,18 +720,18 @@ client-bypass-protocol = false # An example virtual host with different authentication methods serviced # by this server. @@ -120,7 +120,7 @@ index 6a677c9..1cd1d96 100644 -cert-user-oid = 0.9.2342.19200300.100.1.1 +#cert-user-oid = 0.9.2342.19200300.100.1.1 diff --git a/doc/systemd/socket-activated/ocserv.socket b/doc/systemd/socket-activated/ocserv.socket -index 9444f19..a0ac362 100644 +index 9444f190..a0ac362a 100644 --- a/doc/systemd/socket-activated/ocserv.socket +++ b/doc/systemd/socket-activated/ocserv.socket @@ -2,8 +2,8 @@ diff --git a/ocserv.spec b/ocserv.spec index 4a03cb6..0ac84f2 100644 --- a/ocserv.spec +++ b/ocserv.spec @@ -17,7 +17,7 @@ Name: ocserv -Version: 1.1.3 +Version: 1.1.6 Release: 0 Summary: OpenConnect VPN Server License: GPL-2.0-only