git: 39beea106002 - main - net/ocserv: Update to 1.1.7
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 13 May 2023 16:49:47 UTC
The branch main has been updated by otis:
URL: https://cgit.FreeBSD.org/ports/commit/?id=39beea1060026e7f4751713a5719280698ccfb2b
commit 39beea1060026e7f4751713a5719280698ccfb2b
Author: Juraj Lutter <otis@FreeBSD.org>
AuthorDate: 2023-05-13 16:32:37 +0000
Commit: Juraj Lutter <otis@FreeBSD.org>
CommitDate: 2023-05-13 16:49:36 +0000
net/ocserv: Update to 1.1.7
- Update to 1.1.7
- Regen patches
---
net/ocserv/Makefile | 4 ++--
net/ocserv/distinfo | 6 +++---
net/ocserv/files/patch-doc_sample.config | 34 ++++++++++++++++----------------
net/ocserv/files/patch-src_main-ban.c | 15 ++++----------
4 files changed, 26 insertions(+), 33 deletions(-)
diff --git a/net/ocserv/Makefile b/net/ocserv/Makefile
index 934705b2df50..6dc13dac271e 100644
--- a/net/ocserv/Makefile
+++ b/net/ocserv/Makefile
@@ -1,5 +1,5 @@
PORTNAME= ocserv
-DISTVERSION= 1.1.6
+DISTVERSION= 1.1.7
CATEGORIES= net net-vpn security
MASTER_SITES= https://www.infradead.org/ocserv/download/
@@ -8,7 +8,7 @@ COMMENT= Server implementing the AnyConnect SSL VPN protocol
WWW= https://ocserv.gitlab.io/www/index.html
LICENSE= GPLv2+
-LICENSE_FILE= ${WRKSRC}/LICENSE
+LICENSE_FILE= ${WRKSRC}/COPYING
BUILD_DEPENDS= bash:shells/bash \
gsed:textproc/gsed
diff --git a/net/ocserv/distinfo b/net/ocserv/distinfo
index c8d80b9bcbf2..30465e6a2b45 100644
--- a/net/ocserv/distinfo
+++ b/net/ocserv/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1661367781
-SHA256 (ocserv-1.1.6.tar.xz) = 6a6cbe92212e32280426a51c634adc3d4803579dd049cfdb7e014714cc82c693
-SIZE (ocserv-1.1.6.tar.xz) = 839744
+TIMESTAMP = 1683875970
+SHA256 (ocserv-1.1.7.tar.xz) = f30f7515e1e569ca2e68a96fa5e3dd10d49a18a40c981ad95b484d10835e3aa6
+SIZE (ocserv-1.1.7.tar.xz) = 844140
diff --git a/net/ocserv/files/patch-doc_sample.config b/net/ocserv/files/patch-doc_sample.config
index 415691eb9b3a..f866507ac5a0 100644
--- a/net/ocserv/files/patch-doc_sample.config
+++ b/net/ocserv/files/patch-doc_sample.config
@@ -1,4 +1,4 @@
---- doc/sample.config.orig 2020-12-03 22:31:10 UTC
+--- doc/sample.config.orig 2022-12-02 18:59:51 UTC
+++ doc/sample.config
@@ -19,7 +19,7 @@
# This enabled PAM authentication of the user. The gid-min option is used
@@ -60,8 +60,8 @@
-#server-key = /etc/ocserv/server-key.pem
-server-cert = ../tests/certs/server-cert.pem
-server-key = ../tests/certs/server-key.pem
-+server-cert = %%ETCDIR%%/server-cert.pem
-+server-key = %%ETCDIR%%/server-key.pem
+++server-cert = %%ETCDIR%%/server-cert.pem
+++server-key = %%ETCDIR%%/server-key.pem
# Diffie-Hellman parameters. Only needed if for old (pre 3.6.0
# versions of GnuTLS for supporting DHE ciphersuites.
@@ -72,7 +72,7 @@
+#dh-params = %%ETCDIR%%/dh.pem
# In case PKCS #11, TPM or encrypted keys are used the PINs should be available
- # in files. The srk-pin-file is applicable to TPM keys only, and is the
+ # in files. The srk-pin-file is applicable to TPM keys only, and is the
# storage root key.
-#pin-file = /etc/ocserv/pin.txt
-#srk-pin-file = /etc/ocserv/srkpin.txt
@@ -89,13 +89,13 @@
-ca-cert = ../tests/certs/ca.pem
+ca-cert = %%ETCDIR%%/ca.pem
-
- ### All configuration options below this line are reloaded on a SIGHUP.
-@@ -166,15 +163,9 @@ ca-cert = ../tests/certs/ca.pem
+ # The number of sub-processes to use for the security module (authentication)
+ # processes. Typically this should not be set as the number of processes
+@@ -172,15 +169,9 @@ ca-cert = ../tests/certs/ca.pem
### failures during the reloading time.
--# Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of
+-# Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of
-# system calls allowed to a worker process, in order to reduce damage from a
-# bug in the worker process. It is available on Linux systems at a performance cost.
-# The performance cost is roughly 2% overhead at transfer time (tested on a Linux 3.17.8).
@@ -110,16 +110,16 @@
# A banner to be displayed on clients after connection
#banner = "Welcome"
-@@ -255,7 +246,7 @@ try-mtu-discovery = false
+@@ -262,7 +253,7 @@ try-mtu-discovery = false
# You can update this response periodically using:
# ocsptool --ask --load-cert=your_cert --load-issuer=your_ca --outfile response
# Make sure that you replace the following file in an atomic way.
-#ocsp-response = /etc/ocserv/ocsp.der
+#ocsp-response = %%ETCDIR%%/ocsp.der
- # The object identifier that will be used to read the user ID in the client
+ # The object identifier that will be used to read the user ID in the client
# certificate. The object identifier should be part of the certificate's DN
-@@ -274,7 +265,7 @@ cert-user-oid = 0.9.2342.19200300.100.1.1
+@@ -281,7 +272,7 @@ cert-user-oid = 0.9.2342.19200300.100.1.1
# See the manual to generate an empty CRL initially. The CRL will be reloaded
# periodically when ocserv detects a change in the file. To force a reload use
# SIGHUP.
@@ -128,9 +128,9 @@
# Uncomment this to enable compression negotiation (LZS, LZ4).
#compression = true
-@@ -543,15 +534,15 @@ no-route = 192.168.5.0/255.255.255.0
+@@ -558,15 +549,15 @@ no-route = 192.168.5.0/255.255.255.0
# Note the that following two firewalling options currently are available
- # in Linux systems with iptables software.
+ # in Linux systems with iptables software.
-# If set, the script /usr/bin/ocserv-fw will be called to restrict
+# If set, the script %%PREFIX%%/bin/ocserv-fw will be called to restrict
@@ -147,8 +147,8 @@
# access specific ports in the network. This option can be set globally
# or in the per-user configuration.
#restrict-user-to-ports = "tcp(443), tcp(80), udp(443), sctp(99), tcp(583), icmp(), icmpv6()"
-@@ -599,13 +590,13 @@ no-route = 192.168.5.0/255.255.255.0
- # hostname to override any proposed by the user. Note also, that, any
+@@ -614,13 +605,13 @@ no-route = 192.168.5.0/255.255.255.0
+ # hostname to override any proposed by the user. Note also, that, any
# routes, no-routes, DNS or NBNS servers present will overwrite the global ones.
-#config-per-user = /etc/ocserv/config-per-user/
@@ -165,7 +165,7 @@
# The system command to use to setup a route. %{R} will be replaced with the
# route/mask, %{RI} with the route in CIDR format, and %{D} with the (tun) device.
-@@ -627,7 +618,7 @@ no-route = 192.168.5.0/255.255.255.0
+@@ -642,7 +633,7 @@ no-route = 192.168.5.0/255.255.255.0
# In MIT kerberos you'll need to add in realms:
# EXAMPLE.COM = {
# kdc = https://ocserv.example.com/KdcProxy
@@ -174,7 +174,7 @@
# }
# In some distributions the krb5-k5tls plugin of kinit is required.
#
-@@ -701,13 +692,13 @@ dtls-legacy = true
+@@ -722,13 +713,13 @@ client-bypass-protocol = false
[vhost:www.example.com]
auth = "certificate"
diff --git a/net/ocserv/files/patch-src_main-ban.c b/net/ocserv/files/patch-src_main-ban.c
index 2a4446d29abb..86483cf2e9f7 100644
--- a/net/ocserv/files/patch-src_main-ban.c
+++ b/net/ocserv/files/patch-src_main-ban.c
@@ -1,20 +1,13 @@
---- src/main-ban.c.orig 2021-01-26 17:01:03 UTC
+--- src/main-ban.c.orig 2023-01-29 14:09:45 UTC
+++ src/main-ban.c
-@@ -403,8 +403,8 @@ static bool test_local_ipv6(struct sockaddr_in6 * remo
+@@ -408,8 +408,8 @@ static bool test_local_ipv6(struct sockaddr_in6 * remo
unsigned index = 0;
-
+
for (index = 0; index < 4; index ++) {
- uint32_t l = local->sin6_addr.s6_addr32[index] & network->sin6_addr.s6_addr32[index];
- uint32_t r = remote->sin6_addr.s6_addr32[index] & network->sin6_addr.s6_addr32[index];
+ uint32_t l = local->sin6_addr.__u6_addr.__u6_addr32[index] & network->sin6_addr.__u6_addr.__u6_addr32[index];
+ uint32_t r = remote->sin6_addr.__u6_addr.__u6_addr32[index] & network->sin6_addr.__u6_addr.__u6_addr32[index];
- if (l != r)
+ if (l != r)
return false;
}
-@@ -443,4 +443,4 @@ void if_address_cleanup(main_server_st * s)
-
- s->if_addresses = NULL;
- s->if_addresses_count = 0;
--}
-\ No newline at end of file
-+}