On Sun 31/12/2023 23:05, Dylan D'Silva wrote:
> Hello Bjorn,
>
> Any change of getting a update to ocserv?
> Latest is 1.2.3.
>
> Thanks
> Dylan
(CC'ed to ports@ for some exposure)
Diff below updates ocserv to 1.2.3. Overview on changes can be found on
https://gitlab.com/openconnect/ocserv/-/blob/0f5ba83f762bed11815d1dd37c37dcc6d1cd26d1/NEWS
Synced patches (several did not apply cleanly), and changed
AUTOCONF_VERSION to 2.71 to get rid of a warning. No new failing tests
while running 'make test'.
I stopped using ocserv some time ago so testing is limited to building
and running 'make test'. Before committing this it would be helpful if
actual users test this update, and report back.
Comments?
diff --git Makefile Makefile
index 3e6077b19b1..1041430bb21 100644
--- Makefile
+++ Makefile
@@ -1,8 +1,7 @@
COMMENT= server implementing the AnyConnect SSL VPN protocol
-DISTNAME= ocserv-1.1.6
+DISTNAME= ocserv-1.2.3
EXTRACT_SUFX= .tar.xz
-REVISION= 2
CATEGORIES= net
@@ -46,7 +45,7 @@ CONFIGURE_ARGS= --disable-namespaces \
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib"
-AUTOCONF_VERSION= 2.69
+AUTOCONF_VERSION= 2.71
post-extract:
find ${WRKSRC}/tests -type f -perm -+x -exec \
@@ -65,7 +64,7 @@ post-install:
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/ocserv
cd ${WRKSRC}/doc; ${INSTALL_DATA} profile.xml sample.passwd \
${PREFIX}/share/examples/ocserv/
- mv ${PREFIX}/bin/ocserv-fw ${PREFIX}/share/examples/ocserv/
+ mv ${PREFIX}/libexec/ocserv-fw ${PREFIX}/share/examples/ocserv/
${SUBST_CMD} -c -m ${SHAREMODE} -o ${SHAREOWN} -g ${SHAREGRP} \
${WRKSRC}/doc/sample.config \
${PREFIX}/share/examples/ocserv/sample.config
diff --git distinfo distinfo
index 16c7a6c526b..5af47ccb0fe 100644
--- distinfo
+++ distinfo
@@ -1,2 +1,2 @@
-SHA256 (ocserv-1.1.6.tar.xz) = amy+kiEuMigEJqUcY0rcPUgDV53QSc/bfgFHFMyCxpM=
-SIZE (ocserv-1.1.6.tar.xz) = 839744
+SHA256 (ocserv-1.2.3.tar.xz) = Bs4Py1moszuNZdblUd4rXvd7fqZBuHyqZUpe6cSfG78=
+SIZE (ocserv-1.2.3.tar.xz) = 757484
diff --git patches/patch-configure_ac patches/patch-configure_ac
index 57995c43ca3..2ebaa85895b 100644
--- patches/patch-configure_ac
+++ patches/patch-configure_ac
@@ -1,7 +1,7 @@
Index: configure.ac
--- configure.ac.orig
+++ configure.ac
-@@ -222,7 +222,7 @@ if test "$test_for_geoip" = yes && test "$have_maxmind
+@@ -219,7 +219,7 @@ if test "$test_for_geoip" = yes && test "$have_maxmind
fi
have_readline=no
diff --git patches/patch-doc_sample_config patches/patch-doc_sample_config
index e509136066d..60a4aea8589 100644
--- patches/patch-doc_sample_config
+++ patches/patch-doc_sample_config
@@ -52,14 +52,14 @@ Index: doc/sample.config
### failures during the reloading time.
--# Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of
+-# Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of
-# system calls allowed to a worker process, in order to reduce damage from a
-# bug in the worker process. It is available on Linux systems at a performance cost.
-# The performance cost is roughly 2% overhead at transfer time (tested on a Linux 3.17.8).
-# Note however, that process isolation is restricted to the specific libc versions
-# the isolation was tested at. If you get random failures on worker processes, try
-# disabling that option and report the failures you, along with system and debugging
--# information at: https://gitlab.com/ocserv/ocserv/issues
+-# information at: https://gitlab.com/openconnect/ocserv/issues
-isolate-workers = true
-
# A banner to be displayed on clients after connection
@@ -94,11 +94,11 @@ Index: doc/sample.config
-pid-file = /var/run/ocserv.pid
+pid-file = ${LOCALSTATEDIR}/run/ocserv.pid
- # Log Level. It can be overridden in the command line with the -d option.
- # All messages at the configure level and lower will be displayed.
-@@ -563,6 +540,11 @@ no-route = 192.168.5.0/255.255.255.0
+ # Log Level. Ocserv sends the logging messages to standard error
+ # as well as the system log. The log level can be overridden in the
+@@ -568,6 +545,11 @@ no-route = 192.168.5.0/255.255.255.0
# any other routes. In case of defaultroute, the no-routes are restricted.
- # All the routes applied by ocserv can be reverted using /etc/ocserv/ocserv-fw
+ # All the routes applied by ocserv can be reverted using /usr/libexec/ocserv-fw
# --removeall. This option can be set globally or in the per-user configuration.
+#
+# OpenBSD package notes:
@@ -108,7 +108,7 @@ Index: doc/sample.config
#restrict-user-to-routes = true
# This option implies restrict-user-to-routes set to true. If set, the
-@@ -635,23 +617,6 @@ no-route = 192.168.5.0/255.255.255.0
+@@ -640,23 +622,6 @@ no-route = 192.168.5.0/255.255.255.0
# and '%{G}', if present will be replaced by the username and group name.
#proxy-url = http://example.com/
#proxy-url = http://example.com/%{U}/
@@ -123,7 +123,7 @@ Index: doc/sample.config
-# }
-# In some distributions the krb5-k5tls plugin of kinit is required.
-#
--# The following option is available in ocserv, when compiled with GSSAPI support.
+-# The following option is available in ocserv, when compiled with GSSAPI support.
-
-#kkdcp = "SERVER-PATH KERBEROS-REALM PROTOCOL@SERVER:PORT"
-#kkdcp = "/KdcProxy KERBEROS.REALM udp@127.0.0.1:88"
diff --git patches/patch-src_main-ban_c patches/patch-src_main-ban_c
index 1a26d4a0ef9..04fb867bbbb 100644
--- patches/patch-src_main-ban_c
+++ patches/patch-src_main-ban_c
@@ -1,21 +1,14 @@
Index: src/main-ban.c
--- src/main-ban.c.orig
+++ src/main-ban.c
-@@ -408,8 +408,8 @@ static bool test_local_ipv6(struct sockaddr_in6 * remo
+@@ -407,8 +407,8 @@ static bool test_local_ipv6(struct sockaddr_in6 * remo
unsigned index = 0;
-
+
for (index = 0; index < 4; index ++) {
- uint32_t l = local->sin6_addr.s6_addr32[index] & network->sin6_addr.s6_addr32[index];
- uint32_t r = remote->sin6_addr.s6_addr32[index] & network->sin6_addr.s6_addr32[index];
+ uint32_t l = local->sin6_addr.__u6_addr.__u6_addr32[index] & network->sin6_addr.__u6_addr.__u6_addr32[index];
+ uint32_t r = remote->sin6_addr.__u6_addr.__u6_addr32[index] & network->sin6_addr.__u6_addr.__u6_addr32[index];
- if (l != r)
+ if (l != r)
return false;
}
-@@ -448,4 +448,4 @@ void if_address_cleanup(main_server_st * s)
-
- s->if_addresses = NULL;
- s->if_addresses_count = 0;
--}
-\ No newline at end of file
-+}
diff --git patches/patch-src_occtl_occtl_c patches/patch-src_occtl_occtl_c
index 9f3ef714c77..42aef789566 100644
--- patches/patch-src_occtl_occtl_c
+++ patches/patch-src_occtl_occtl_c
@@ -1,7 +1,7 @@
Index: src/occtl/occtl.c
--- src/occtl/occtl.c.orig
+++ src/occtl/occtl.c
-@@ -264,7 +264,7 @@ static int handle_help_cmd(CONN_TYPE * conn, const cha
+@@ -260,7 +260,7 @@ static int handle_help_cmd(CONN_TYPE * conn, const cha
static int handle_reset_cmd(CONN_TYPE * conn, const char *arg, cmd_params_st *params)
{
rl_reset_terminal(NULL);
diff --git patches/patch-src_occtl_time_c patches/patch-src_occtl_time_c
index 43ff537f893..afd8eb16800 100644
--- patches/patch-src_occtl_time_c
+++ patches/patch-src_occtl_time_c
@@ -1,19 +1,20 @@
time_t is 64 bits on all OpenBSD (and NetBSD) arch; cast time values
to a specific-width type to avoid problems on 32-bit arch
---- src/occtl/time.c.orig Sun Mar 6 09:44:05 2016
-+++ src/occtl/time.c Sat Mar 19 14:25:48 2016
+Index: src/occtl/time.c
+--- src/occtl/time.c.orig
++++ src/occtl/time.c
@@ -36,7 +36,7 @@ void print_time_ival7(char output[MAX_TMPSTR_SIZE], ti
{
time_t t = t1 - t2;
-- if ((long)t < (long)0) {
-+ if ((long long)t < (long long)0) {
+- if ((long)t < 0) {
++ if ((long long)t < 0) {
/* system clock changed? */
snprintf(output, MAX_TMPSTR_SIZE, " ? ");
return;
@@ -44,17 +44,17 @@ void print_time_ival7(char output[MAX_TMPSTR_SIZE], ti
-
+
if (t >= 48 * 60 * 60)
/* 2 days or more */
- snprintf(output, MAX_TMPSTR_SIZE, _("%2ludays"), (long)t / (24 * 60 * 60));
diff --git patches/patch-src_ocpasswd_ocpasswd_c patches/patch-src_ocpasswd_ocpasswd_c
index f0a0398ce8f..7f44b7711c7 100644
--- patches/patch-src_ocpasswd_ocpasswd_c
+++ patches/patch-src_ocpasswd_ocpasswd_c
@@ -4,18 +4,15 @@ support SHA2 ($5$ hashes) and has removed support for MD5 ($1$).
Index: src/ocpasswd/ocpasswd.c
--- src/ocpasswd/ocpasswd.c.orig
+++ src/ocpasswd/ocpasswd.c
-@@ -26,6 +26,10 @@
- #ifndef _XOPEN_SOURCE
- # define _XOPEN_SOURCE
-
No comments:
Post a Comment