From nobody Sat May 13 16:49:47 2023 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QJWnm07PCz4BYMB; Sat, 13 May 2023 16:49:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QJWnl6h4nz3H9G; Sat, 13 May 2023 16:49:47 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1683996587; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Al5XuPRN13R9o8opnTEfpa1AGXZAYmqjlWkQjDvh204=; b=hPge6AOjn+DzgM3cKGhtiEHkNXDDUwizE+TlsRXSHgKRBzjBc4tejtB5j/nb5/FcnunTTq ppYrh6jy9CC3N01tM308wC9SyZsENtKH/M60ksoW3chYZrR3xkwKzowQI37512SNGdz6m2 bag7tpUOvfI+1HrXhuEDmGShIlFcHV3cStmg25cB7s/xbVjA+P5Yaem03bjj8CGTv2RPz8 gyknDIIkvOq+R1PAiKXvlrbvgTP6cF7ftJFoVX/6SasgkgSuFS0af3nDXwErrrgyqASy0w ZHw45GtprYmZCFV5orG/lU/N739gjYPVBlF1Ex57nPjNnF20wok+3kRS394aIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1683996587; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Al5XuPRN13R9o8opnTEfpa1AGXZAYmqjlWkQjDvh204=; b=wGW+oYdZzAyJIEwikDp2aTU5Vo/5NXRnSXwLR+jw+t44gy6+4T8LfAtsN8HOLsJbMbp9AO QdJJcfpegSem6RgP8GBUXR1O9vTcl++C0KMNuJ5cBnZA3IeNNz1953X//kuw6nDXExmflz uUw5CAOHK573GGwk+OzgaPE5dA8VrW5HlopX/YDmO+N88MD5/h4TlrIl7qW0PpwP6YkxMJ p7kXBPgtsOIE06Vb4tF/LtnY76n2yyK7T7ocatbDLje2EfCZvKHbfi9I5IquU6DbZDll2N 7KKm8d7uThGz4hM4YvjG8snmXfMJoVNJ84HFPZdoYfESbtjyKQX54r+ir8ZTHg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1683996587; a=rsa-sha256; cv=none; b=EKYAa0uZqz8IDfuURZ3FOF9waLRB2ltpZDtrOHLcInf6ekpzuEbF4oiN+4v3s/i3D59Qu9 0jZj4pCrzTsZO9JU66mV64rWbFKk6rXSM2sEUoUHMx5BWolNsEjXLaJ0GGbeYkrGQxKLVy kGgdeypaBhM5Hzh2dHyxYSodMjvXEhhxzrsbWU3BS0+i6J8unw1U4cH8IwEZJhVw0hd++3 bes2dKVPrfqo/GFwS23MMdbZwTKeBwPj1xsHW064rzlfsjogboDqWdXZCvXgvDm3JQYryV 5hBBCi4JgRNsqLhtj6YxrazwojfBh1M0juOIbYmsAfHtSFsFh8PsBRUradvLsA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QJWnl5SN2zPMk; Sat, 13 May 2023 16:49:47 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 34DGnlJv031181; Sat, 13 May 2023 16:49:47 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 34DGnls2031180; Sat, 13 May 2023 16:49:47 GMT (envelope-from git) Date: Sat, 13 May 2023 16:49:47 GMT Message-Id: <202305131649.34DGnls2031180@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Juraj Lutter Subject: git: 39beea106002 - main - net/ocserv: Update to 1.1.7 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: otis X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 39beea1060026e7f4751713a5719280698ccfb2b Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by otis: URL: https://cgit.FreeBSD.org/ports/commit/?id=39beea1060026e7f4751713a5719280698ccfb2b commit 39beea1060026e7f4751713a5719280698ccfb2b Author: Juraj Lutter AuthorDate: 2023-05-13 16:32:37 +0000 Commit: Juraj Lutter CommitDate: 2023-05-13 16:49:36 +0000 net/ocserv: Update to 1.1.7 - Update to 1.1.7 - Regen patches --- net/ocserv/Makefile | 4 ++-- net/ocserv/distinfo | 6 +++--- net/ocserv/files/patch-doc_sample.config | 34 ++++++++++++++++---------------- net/ocserv/files/patch-src_main-ban.c | 15 ++++---------- 4 files changed, 26 insertions(+), 33 deletions(-) diff --git a/net/ocserv/Makefile b/net/ocserv/Makefile index 934705b2df50..6dc13dac271e 100644 --- a/net/ocserv/Makefile +++ b/net/ocserv/Makefile @@ -1,5 +1,5 @@ PORTNAME= ocserv -DISTVERSION= 1.1.6 +DISTVERSION= 1.1.7 CATEGORIES= net net-vpn security MASTER_SITES= https://www.infradead.org/ocserv/download/ @@ -8,7 +8,7 @@ COMMENT= Server implementing the AnyConnect SSL VPN protocol WWW= https://ocserv.gitlab.io/www/index.html LICENSE= GPLv2+ -LICENSE_FILE= ${WRKSRC}/LICENSE +LICENSE_FILE= ${WRKSRC}/COPYING BUILD_DEPENDS= bash:shells/bash \ gsed:textproc/gsed diff --git a/net/ocserv/distinfo b/net/ocserv/distinfo index c8d80b9bcbf2..30465e6a2b45 100644 --- a/net/ocserv/distinfo +++ b/net/ocserv/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1661367781 -SHA256 (ocserv-1.1.6.tar.xz) = 6a6cbe92212e32280426a51c634adc3d4803579dd049cfdb7e014714cc82c693 -SIZE (ocserv-1.1.6.tar.xz) = 839744 +TIMESTAMP = 1683875970 +SHA256 (ocserv-1.1.7.tar.xz) = f30f7515e1e569ca2e68a96fa5e3dd10d49a18a40c981ad95b484d10835e3aa6 +SIZE (ocserv-1.1.7.tar.xz) = 844140 diff --git a/net/ocserv/files/patch-doc_sample.config b/net/ocserv/files/patch-doc_sample.config index 415691eb9b3a..f866507ac5a0 100644 --- a/net/ocserv/files/patch-doc_sample.config +++ b/net/ocserv/files/patch-doc_sample.config @@ -1,4 +1,4 @@ ---- doc/sample.config.orig 2020-12-03 22:31:10 UTC +--- doc/sample.config.orig 2022-12-02 18:59:51 UTC +++ doc/sample.config @@ -19,7 +19,7 @@ # This enabled PAM authentication of the user. The gid-min option is used @@ -60,8 +60,8 @@ -#server-key = /etc/ocserv/server-key.pem -server-cert = ../tests/certs/server-cert.pem -server-key = ../tests/certs/server-key.pem -+server-cert = %%ETCDIR%%/server-cert.pem -+server-key = %%ETCDIR%%/server-key.pem +++server-cert = %%ETCDIR%%/server-cert.pem +++server-key = %%ETCDIR%%/server-key.pem # Diffie-Hellman parameters. Only needed if for old (pre 3.6.0 # versions of GnuTLS for supporting DHE ciphersuites. @@ -72,7 +72,7 @@ +#dh-params = %%ETCDIR%%/dh.pem # In case PKCS #11, TPM or encrypted keys are used the PINs should be available - # in files. The srk-pin-file is applicable to TPM keys only, and is the + # in files. The srk-pin-file is applicable to TPM keys only, and is the # storage root key. -#pin-file = /etc/ocserv/pin.txt -#srk-pin-file = /etc/ocserv/srkpin.txt @@ -89,13 +89,13 @@ -ca-cert = ../tests/certs/ca.pem +ca-cert = %%ETCDIR%%/ca.pem - - ### All configuration options below this line are reloaded on a SIGHUP. -@@ -166,15 +163,9 @@ ca-cert = ../tests/certs/ca.pem + # The number of sub-processes to use for the security module (authentication) + # processes. Typically this should not be set as the number of processes +@@ -172,15 +169,9 @@ ca-cert = ../tests/certs/ca.pem ### failures during the reloading time. --# Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of +-# Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of -# system calls allowed to a worker process, in order to reduce damage from a -# bug in the worker process. It is available on Linux systems at a performance cost. -# The performance cost is roughly 2% overhead at transfer time (tested on a Linux 3.17.8). @@ -110,16 +110,16 @@ # A banner to be displayed on clients after connection #banner = "Welcome" -@@ -255,7 +246,7 @@ try-mtu-discovery = false +@@ -262,7 +253,7 @@ try-mtu-discovery = false # You can update this response periodically using: # ocsptool --ask --load-cert=your_cert --load-issuer=your_ca --outfile response # Make sure that you replace the following file in an atomic way. -#ocsp-response = /etc/ocserv/ocsp.der +#ocsp-response = %%ETCDIR%%/ocsp.der - # The object identifier that will be used to read the user ID in the client + # The object identifier that will be used to read the user ID in the client # certificate. The object identifier should be part of the certificate's DN -@@ -274,7 +265,7 @@ cert-user-oid = 0.9.2342.19200300.100.1.1 +@@ -281,7 +272,7 @@ cert-user-oid = 0.9.2342.19200300.100.1.1 # See the manual to generate an empty CRL initially. The CRL will be reloaded # periodically when ocserv detects a change in the file. To force a reload use # SIGHUP. @@ -128,9 +128,9 @@ # Uncomment this to enable compression negotiation (LZS, LZ4). #compression = true -@@ -543,15 +534,15 @@ no-route = 192.168.5.0/255.255.255.0 +@@ -558,15 +549,15 @@ no-route = 192.168.5.0/255.255.255.0 # Note the that following two firewalling options currently are available - # in Linux systems with iptables software. + # in Linux systems with iptables software. -# If set, the script /usr/bin/ocserv-fw will be called to restrict +# If set, the script %%PREFIX%%/bin/ocserv-fw will be called to restrict @@ -147,8 +147,8 @@ # access specific ports in the network. This option can be set globally # or in the per-user configuration. #restrict-user-to-ports = "tcp(443), tcp(80), udp(443), sctp(99), tcp(583), icmp(), icmpv6()" -@@ -599,13 +590,13 @@ no-route = 192.168.5.0/255.255.255.0 - # hostname to override any proposed by the user. Note also, that, any +@@ -614,13 +605,13 @@ no-route = 192.168.5.0/255.255.255.0 + # hostname to override any proposed by the user. Note also, that, any # routes, no-routes, DNS or NBNS servers present will overwrite the global ones. -#config-per-user = /etc/ocserv/config-per-user/ @@ -165,7 +165,7 @@ # The system command to use to setup a route. %{R} will be replaced with the # route/mask, %{RI} with the route in CIDR format, and %{D} with the (tun) device. -@@ -627,7 +618,7 @@ no-route = 192.168.5.0/255.255.255.0 +@@ -642,7 +633,7 @@ no-route = 192.168.5.0/255.255.255.0 # In MIT kerberos you'll need to add in realms: # EXAMPLE.COM = { # kdc = https://ocserv.example.com/KdcProxy @@ -174,7 +174,7 @@ # } # In some distributions the krb5-k5tls plugin of kinit is required. # -@@ -701,13 +692,13 @@ dtls-legacy = true +@@ -722,13 +713,13 @@ client-bypass-protocol = false [vhost:www.example.com] auth = "certificate" diff --git a/net/ocserv/files/patch-src_main-ban.c b/net/ocserv/files/patch-src_main-ban.c index 2a4446d29abb..86483cf2e9f7 100644 --- a/net/ocserv/files/patch-src_main-ban.c +++ b/net/ocserv/files/patch-src_main-ban.c @@ -1,20 +1,13 @@ ---- src/main-ban.c.orig 2021-01-26 17:01:03 UTC +--- src/main-ban.c.orig 2023-01-29 14:09:45 UTC +++ src/main-ban.c -@@ -403,8 +403,8 @@ static bool test_local_ipv6(struct sockaddr_in6 * remo +@@ -408,8 +408,8 @@ static bool test_local_ipv6(struct sockaddr_in6 * remo unsigned index = 0; - + for (index = 0; index < 4; index ++) { - uint32_t l = local->sin6_addr.s6_addr32[index] & network->sin6_addr.s6_addr32[index]; - uint32_t r = remote->sin6_addr.s6_addr32[index] & network->sin6_addr.s6_addr32[index]; + uint32_t l = local->sin6_addr.__u6_addr.__u6_addr32[index] & network->sin6_addr.__u6_addr.__u6_addr32[index]; + uint32_t r = remote->sin6_addr.__u6_addr.__u6_addr32[index] & network->sin6_addr.__u6_addr.__u6_addr32[index]; - if (l != r) + if (l != r) return false; } -@@ -443,4 +443,4 @@ void if_address_cleanup(main_server_st * s) - - s->if_addresses = NULL; - s->if_addresses_count = 0; --} -\ No newline at end of file -+}