Updated to 1.1.6

This commit is contained in:
Nikos Mavrogiannopoulos 2022-02-17 13:07:15 +01:00
parent 17e5b407a3
commit 6f808d4213
5 changed files with 9 additions and 34 deletions

2
.gitignore vendored
View File

@ -235,3 +235,5 @@
/ocserv-1.1.3.tar.xz.sig
/ocserv-1.1.4.tar.xz
/ocserv-1.1.4.tar.xz.sig
/ocserv-1.1.6.tar.xz.sig
/ocserv-1.1.6.tar.xz

View File

@ -1,12 +0,0 @@
diff --git a/src/worker-privs.c b/src/worker-privs.c
index ae0b375d..0b285113 100644
--- a/src/worker-privs.c
+++ b/src/worker-privs.c
@@ -128,6 +128,7 @@ int disable_system_calls(struct worker_st *ws)
ADD_SYSCALL(getrusage, 0);
ADD_SYSCALL(alarm, 0);
ADD_SYSCALL(getpid, 0);
+ ADD_SYSCALL(futex, 0);
/* memory allocation - both are used by different platforms */
ADD_SYSCALL(brk, 0);

View File

@ -1,16 +0,0 @@
diff --git a/src/sec-mod.c b/src/sec-mod.c
index 03f78276..6492b68a 100644
--- a/src/sec-mod.c
+++ b/src/sec-mod.c
@@ -834,7 +834,10 @@ static int load_keys(sec_mod_st *sec, unsigned force)
gnutls_privkey_import_x509_raw(p, &data,
GNUTLS_X509_FMT_PEM,
NULL, 0);
- if (ret == GNUTLS_E_DECRYPTION_FAILED && vhost->pins.pin[0]) {
+ /* GnuTLS 3.7.3 introduces a backwards incompatible change and
+ * GNUTLS_E_PKCS11_PIN_ERROR is returned when an encrypted
+ * file is loaded https://gitlab.com/gnutls/gnutls/-/issues/1321 */
+ if ((ret == GNUTLS_E_DECRYPTION_FAILED || ret == GNUTLS_E_PKCS11_PIN_ERROR) && vhost->pins.pin[0]) {
ret =
gnutls_privkey_import_x509_raw(p, &data,
GNUTLS_X509_FMT_PEM,

View File

@ -1,5 +1,5 @@
Version: 1.1.4
Release: 3%{?dist}
Version: 1.1.6
Release: 1%{?dist}
%global _hardened_build 1
%if 0%{?fedora} || 0%{?rhel} >= 7
@ -38,8 +38,6 @@ Source8: ocserv-genkey
Source9: ocserv-script
Source10: gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg
Source11: ocserv.init
Patch1: futex.patch
Patch2: gnutls-3.7.3.patch
# Taken from upstream:
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
@ -274,6 +272,9 @@ install -D -m 0755 %{SOURCE11} %{buildroot}/%{_initrddir}/%{name}
%endif
%changelog
* Thu Feb 17 2022 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.6-1
- Updated to 1.1.6
* Thu Feb 10 2022 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.4-3
- Update seccomp rules to allow the futex syscall
- Workaround incompatible API change in GnuTLS 3.7.3.

View File

@ -1,2 +1,2 @@
SHA512 (ocserv-1.1.4.tar.xz) = bbdbf8d4fbe0c2aa3cf03e2b049d42a73918cc0863fa3ad0db79905e7855c7cb875e46c1d817e8c9eb19632bb0ee8a097f45c168046d9442901b56a5fd2a69a8
SHA512 (ocserv-1.1.4.tar.xz.sig) = 1ca7a2fdd56dc7e628f4331c77b9859c9867af3eeef058357b3c197106a93052b099c278bef495f622a00ce5527f69b3762e9f57001cf6ba9f7b3b219a3e1a0d
SHA512 (ocserv-1.1.6.tar.xz.sig) = 2a87768ad63d40053732fa011bbeb3532c9673296b9be299bf8f7d8dd3dd35571eee96c0b4fa9bf5a30633b4c844337ab3d562d6ea2b6ad8efca084eb5e6f502
SHA512 (ocserv-1.1.6.tar.xz) = d1c5e5cf0e84aab168ed51516534df8b2968194dd1421f33563c61b3e47d5d79ebe9e6ffbf7cbcc9ff1242fae05151024f70ef586d063bec0b3eec00050bfdfa