rpms/ocserv
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

updated to 0.2.3

Browse Source
This commit is contained in:
Nikos Mavrogiannopoulos 2013-12-16 10:32:18 +01:00
parent 642f6cd3b1
commit 8e96cd34fb
6 changed files with 27 additions and 245 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
/ocserv-0.2.1.tar.xz
/ocserv-0.2.3.tar.xz

139
ocserv-http-parser.patch
View File

@ -1,139 +0,0 @@
diff -ur ocserv-0.2.1.orig/configure.ac ocserv-0.2.1/configure.ac
--- ocserv-0.2.1.orig/configure.ac 2013-11-06 20:47:34.000000000 +0100
+++ ocserv-0.2.1/configure.ac 2013-11-11 13:48:45.536372275 +0100
@@ -94,6 +94,27 @@
AC_DEFINE([ANYCONNECT_CLIENT_COMPAT], [], [Enable Anyconnect compatibility])
fi
+dnl Test for http_parser library
+with_local_http_parser=yes
+LIBS="$oldlibs -lhttp_parser"
+AC_MSG_CHECKING([for http_parser library])
+AC_LINK_IFELSE([AC_LANG_PROGRAM([
+ #include <http_parser.h>],[
+ http_parser_init(0, 0);])],
+ [AC_MSG_RESULT(yes)
+ AC_SUBST([HTTP_PARSER_LIBS], [-lhttp_parser])
+ AC_SUBST([HTTP_PARSER_CFLAGS], [])
+ with_local_http_parser=no],
+ [AC_MSG_RESULT(no)
+ AC_MSG_WARN([[
+***
+*** libhttp-parser not found.
+*** An included version of the library will be used.
+*** ]])])
+LIBS="$oldlibs"
+AM_CONDITIONAL(LOCAL_HTTP_PARSER, test "x$with_local_http_parser" != xno)
+
+
dnl needed in the included PCL
AC_C_VOLATILE
AC_C_CONST
diff -ur ocserv-0.2.1.orig/src/Makefile.am ocserv-0.2.1/src/Makefile.am
--- ocserv-0.2.1.orig/src/Makefile.am 2013-11-05 19:59:45.000000000 +0100
+++ ocserv-0.2.1/src/Makefile.am 2013-11-11 13:48:45.536372275 +0100
@@ -3,10 +3,18 @@
AM_CPPFLAGS = -I$(srcdir)/../gl/ -I$(builddir)/../gl/ \
-I$(srcdir)/ -I$(builddir)/../ $(LIBOPTS_CFLAGS)
+if LOCAL_HTTP_PARSER
+AM_CPPFLAGS += -I$(srcdir)/http-parser/
+HTTP_PARSER_SOURCES = http-parser/http_parser.c http-parser/http_parser.h
+NEEDED_HTTP_PARSER_LIBS =
+else
+NEEDED_HTTP_PARSER_LIBS = $(HTTP_PARSER_LIBS)
+endif
+
if NEED_LIBOPTS
-LIBOPTS = ../libopts/libopts.a
+NEEDED_LIBOPTS = ../libopts/libopts.a
else
-LIBOPTS = $(LIBOPTS_LDADD)
+NEEDED_LIBOPTS = $(LIBOPTS_LDADD)
endif
EXTRA_DIST = ccan/licenses/BSD-MIT version.inc.in \
@@ -24,21 +32,21 @@
ocserv_SOURCES = ocserv-args.def ocserv-args.c ocserv-args.h
ocserv_SOURCES += main.c main-auth.c worker-vpn.c worker-auth.c tlslib.c \
- http-parser/http_parser.c ipc.h cookies.c worker-tun.c main-misc.c \
+ ipc.h cookies.c worker-tun.c main-misc.c \
main-config.c ip-lease.c ip-lease.h \
- vpn.h cookies.h tlslib.h http-parser/http_parser.h log.c tun.c tun.h \
+ vpn.h cookies.h tlslib.h log.c tun.c tun.h \
config.c pam.c pam.h worker-resume.c worker.h main-resume.c main.h \
worker-extras.c main-auth.h html.c html.h \
main-user.c worker-misc.c setproctitle.h route-add.c route-add.h \
setproctitle.c worker-privs.c plain.c plain.h common.h common.c \
sec-mod.c sec-mod.h script-list.h system.c system.h icmp-ping.c icmp-ping.h \
worker-bandwidth.c worker-bandwidth.h \
- str.c str.h gettime.h $(CCAN_SOURCES)
+ str.c str.h gettime.h $(CCAN_SOURCES) $(HTTP_PARSER_SOURCES)
-ocserv_LDADD = ../gl/libgnu.a $(LIBOPTS)
+ocserv_LDADD = ../gl/libgnu.a $(NEEDED_LIBOPTS)
ocserv_LDADD += $(LIBGNUTLS_LIBS) $(PAM_LIBS) $(LIBUTIL) \
- $(LIBSECCOMP) $(LIBWRAP) $(LIBCRYPT)
+ $(LIBSECCOMP) $(LIBWRAP) $(LIBCRYPT) $(NEEDED_HTTP_PARSER_LIBS)
if PCL
ocserv_LDADD += $(PCL_LIBS)
@@ -54,7 +62,7 @@
ocpasswd_SOURCES = ocpasswd-args.def ocpasswd-args.c ocpasswd-args.h \
ocpasswd.c
-ocpasswd_LDADD = ../gl/libgnu.a $(LIBOPTS)
+ocpasswd_LDADD = ../gl/libgnu.a $(NEEDED_LIBOPTS)
ocpasswd_LDADD += $(LIBGNUTLS_LIBS) $(LIBCRYPT)
ocpasswd-args.c ocpasswd-args.h: $(srcdir)/ocpasswd-args.def
diff -ur ocserv-0.2.1.orig/src/vpn.h ocserv-0.2.1/src/vpn.h
--- ocserv-0.2.1.orig/src/vpn.h 2013-11-05 19:34:54.000000000 +0100
+++ ocserv-0.2.1/src/vpn.h 2013-11-11 13:49:03.608470106 +0100
@@ -23,7 +23,7 @@
#include <config.h>
#include <gnutls/gnutls.h>
-#include <http-parser/http_parser.h>
+#include <http_parser.h>
#include <ccan/htable/htable.h>
#include <syslog.h>
#include <sys/types.h>
diff -ur ocserv-0.2.1.orig/src/worker-auth.c ocserv-0.2.1/src/worker-auth.c
--- ocserv-0.2.1.orig/src/worker-auth.c 2013-11-05 19:38:09.000000000 +0100
+++ ocserv-0.2.1/src/worker-auth.c 2013-11-11 13:48:45.537372280 +0100
@@ -41,7 +41,7 @@
#include <common.h>
#include <tlslib.h>
-#include <http-parser/http_parser.h>
+#include <http_parser.h>
#define SUCCESS_MSG_HEAD "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" \
"<auth id=\"success\">\n" \
diff -ur ocserv-0.2.1.orig/src/worker-tun.c ocserv-0.2.1/src/worker-tun.c
--- ocserv-0.2.1.orig/src/worker-tun.c 2013-11-05 19:38:22.000000000 +0100
+++ ocserv-0.2.1/src/worker-tun.c 2013-11-11 13:48:45.537372280 +0100
@@ -45,8 +45,6 @@
#include <worker.h>
#include <tlslib.h>
-#include <http-parser/http_parser.h>
-
/* if local is non zero it returns the local, otherwise the remote */
static
int get_ip(struct worker_st* ws, int fd, int family, unsigned int local,
diff -ur ocserv-0.2.1.orig/src/worker-vpn.c ocserv-0.2.1/src/worker-vpn.c
--- ocserv-0.2.1.orig/src/worker-vpn.c 2013-11-05 20:06:51.000000000 +0100
+++ ocserv-0.2.1/src/worker-vpn.c 2013-11-11 13:48:45.537372280 +0100
@@ -49,7 +49,7 @@
#include <worker.h>
#include <tlslib.h>
-#include <http-parser/http_parser.h>
+#include <http_parser.h>
/* after that time (secs) of inactivity in the UDP part, connection switches to
* TCP (if activity occurs there).

91
ocserv-tests.patch
View File

@ -1,91 +0,0 @@
diff -ur ocserv-0.2.1.orig/tests/Makefile.in ocserv-0.2.1/tests/Makefile.in
--- ocserv-0.2.1.orig/tests/Makefile.in 2013-11-06 20:47:51.000000000 +0100
+++ ocserv-0.2.1/tests/Makefile.in 2013-11-11 13:56:15.231784324 +0100
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.14 from Makefile.am.
+# Makefile.in generated by automake 1.13.4 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2013 Free Software Foundation, Inc.
@@ -721,6 +721,8 @@
HAVE_WCHAR_T = @HAVE_WCHAR_T@
HAVE__BOOL = @HAVE__BOOL@
HAVE__EXIT = @HAVE__EXIT@
+HTTP_PARSER_CFLAGS = @HTTP_PARSER_CFLAGS@
+HTTP_PARSER_LIBS = @HTTP_PARSER_LIBS@
INCLUDE_NEXT = @INCLUDE_NEXT@
INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@
INSTALL = @INSTALL@
diff -ur ocserv-0.2.1.orig/tests/test1.config ocserv-0.2.1/tests/test1.config
--- ocserv-0.2.1.orig/tests/test1.config 2013-07-06 15:10:57.000000000 +0200
+++ ocserv-0.2.1/tests/test1.config 2013-11-11 13:56:15.231784324 +0100
@@ -132,7 +132,7 @@
# The user the worker processes will be run as. It should be
# unique (no other services run as this user).
run-as-user = nobody
-run-as-group = nogroup
+run-as-group = nobody
# Network settings
diff -ur ocserv-0.2.1.orig/tests/test2.config ocserv-0.2.1/tests/test2.config
--- ocserv-0.2.1.orig/tests/test2.config 2013-07-06 16:54:44.000000000 +0200
+++ ocserv-0.2.1/tests/test2.config 2013-11-11 13:56:15.231784324 +0100
@@ -132,7 +132,7 @@
# The user the worker processes will be run as. It should be
# unique (no other services run as this user).
run-as-user = nobody
-run-as-group = nogroup
+run-as-group = nobody
# Network settings
diff -ur ocserv-0.2.1.orig/tests/test3.config ocserv-0.2.1/tests/test3.config
--- ocserv-0.2.1.orig/tests/test3.config 2013-10-29 20:11:52.000000000 +0100
+++ ocserv-0.2.1/tests/test3.config 2013-11-11 13:56:15.232784330 +0100
@@ -132,7 +132,7 @@
# The user the worker processes will be run as. It should be
# unique (no other services run as this user).
run-as-user = nobody
-run-as-group = nogroup
+run-as-group = nobody
# Network settings
diff -ur ocserv-0.2.1.orig/tests/test-iroute ocserv-0.2.1/tests/test-iroute
--- ocserv-0.2.1.orig/tests/test-iroute 2013-10-30 12:39:28.000000000 +0100
+++ ocserv-0.2.1/tests/test-iroute 2013-11-11 13:56:32.933878367 +0100
@@ -35,7 +35,7 @@
echo -n "Checking if routes have been applied... "
-if [ ! -f test-iroute.tmp ];then
+if [ ! -f ./test-iroute.tmp ];then
fail $PID "Temporary file cannot be found"
fi
Only in ocserv-0.2.1/tests: test-iroute~
diff -ur ocserv-0.2.1.orig/tests/test-iroute.config ocserv-0.2.1/tests/test-iroute.config
--- ocserv-0.2.1.orig/tests/test-iroute.config 2013-10-30 12:31:33.000000000 +0100
+++ ocserv-0.2.1/tests/test-iroute.config 2013-11-11 13:56:15.232784330 +0100
@@ -132,7 +132,7 @@
# The user the worker processes will be run as. It should be
# unique (no other services run as this user).
run-as-user = nobody
-run-as-group = nogroup
+run-as-group = nobody
# Network settings
diff -ur ocserv-0.2.1.orig/tests/test-pass-script.config ocserv-0.2.1/tests/test-pass-script.config
--- ocserv-0.2.1.orig/tests/test-pass-script.config 2013-10-31 17:20:37.000000000 +0100
+++ ocserv-0.2.1/tests/test-pass-script.config 2013-11-11 13:56:15.232784330 +0100
@@ -132,7 +132,7 @@
# The user the worker processes will be run as. It should be
# unique (no other services run as this user).
run-as-user = nobody
-run-as-group = nogroup
+run-as-group = nobody
# Network settings

12
ocserv.conf
View File

@ -134,6 +134,18 @@ socket-file = ocserv.sock
run-as-user = ocserv
run-as-group = ocserv
# Set the protocol-defined priority (SO_PRIORITY) for packets to
# be sent. That is a number from 0 to 6 with 0 being the lowest
# priority. Alternatively this can be used to set the IP Type-
# Of-Service, by setting it to a hexadecimal number (e.g., 0x20).
# This can be set per user/group or globally.
#net-priority = 3
# Set the VPN worker process into a specific cgroup. This is Linux
# specific and can be set per user/group or globally.
#cgroup = "cpuset,cpu:test"
# Network settings
device = vpns

27
ocserv.spec
View File

@ -1,6 +1,6 @@
Name: ocserv
Version: 0.2.1
Release: 6%{?dist}
Version: 0.2.3
Release: 1%{?dist}
Summary: OpenConnect SSL VPN server
# For a breakdown of the licensing, see PACKAGE-LICENSING
@ -15,8 +15,6 @@ Source4: PACKAGE-LICENSING
# Taken from upstream:
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
Patch0: ocserv-http-parser.patch
Patch1: ocserv-tests.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: gnutls-devel
@ -42,28 +40,25 @@ Provides: bundled(ccan-htable) bundled(ccan-list)
Provides: bundled(ccan-check_type) bundled(ccan-build_assert)
%description
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be
a secure, small, fast and configurable VPN server that uses standard
protocols such as TLS 1.2, and Datagram TLS. It implements the
OpenConnect SSL VPN protocol, which is compatible with the AnyConnect
SSL VPN protocol.
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a
secure, small, fast and configurable VPN server. It implements the OpenConnect
SSL VPN protocol, and has also (currently experimental) compatibility with
clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol
uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS
to provide the secure VPN service.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h
rm -f libopts/*.c libopts/*.h libopts/*/*.c libopts/*/*.h
rm -f src/pcl/*.c src/pcl/*.h
sed -i 's|/etc/ocserv.conf|/etc/ocserv/ocserv.conf|g' src/config.c
sed -i 's/run-as-group = nogroup/run-as-group = nobody/g' tests/*.config
# GPLv3 in headers was a gnulib bug:
# http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
sed -i 's/either version 3 of the License/either version 2 of the License/g' build-aux/snippet/*
# remove GPLv3 components
rm -f tests/test-* tests/common.sh
%build
autoreconf -fi
%configure
@ -119,6 +114,10 @@ rm -rf %{buildroot}
%{_unitdir}/ocserv.service
%changelog
* Mon Dec 16 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.3-1
- Updated to latest upstream version (0.2.3).
- Corrected the chroot directory in config file.
* Fri Dec 6 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-6
- Added exception for the bundling of CCAN components.

2
sources
View File

@ -1 +1 @@
99f239f796c9d29746e307e6a51999f0 ocserv-0.2.1.tar.xz
8ea3cd7decf8a95f96e41f6a2ea5152c ocserv-0.2.3.tar.xz