Update to 0.12.0-1
- Update to upstream 0.12.0 release
This commit is contained in:
parent
b13f7a7526
commit
a5336195d4
11
.gitignore
vendored
11
.gitignore
vendored
@ -105,3 +105,14 @@
|
||||
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
/ocserv-0.11.11.tar.xz.sig
|
||||
/ocserv-0.11.11.tar.xz
|
||||
/ocserv.init
|
||||
/gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg
|
||||
/ocserv-script
|
||||
/ocserv-genkey
|
||||
/PACKAGE-LICENSING
|
||||
/ocserv-pamd.conf
|
||||
/ocserv.service
|
||||
/ocserv.conf
|
||||
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
|
||||
/ocserv-0.12.0.tar.xz.sig
|
||||
/ocserv-0.12.0.tar.xz
|
||||
|
46
ocserv-0.12.0-add-missing-test.patch
Normal file
46
ocserv-0.12.0-add-missing-test.patch
Normal file
@ -0,0 +1,46 @@
|
||||
diff --git a/tests/server-cert-rsa-pss b/tests/server-cert-rsa-pss
|
||||
new file mode 100755
|
||||
index 0000000..be3d098
|
||||
--- /dev/null
|
||||
+++ b/tests/server-cert-rsa-pss
|
||||
@@ -0,0 +1,40 @@
|
||||
+#!/bin/sh
|
||||
+#
|
||||
+# Copyright (C) 2017 Red Hat, Inc.
|
||||
+#
|
||||
+# This file is part of ocserv.
|
||||
+#
|
||||
+# ocserv is free software; you can redistribute it and/or modify it
|
||||
+# under the terms of the GNU General Public License as published by the
|
||||
+# Free Software Foundation; either version 2 of the License, or (at
|
||||
+# your option) any later version.
|
||||
+#
|
||||
+# ocserv is distributed in the hope that it will be useful, but
|
||||
+# WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
+# General Public License for more details.
|
||||
+#
|
||||
+# You should have received a copy of the GNU General Public License
|
||||
+# along with GnuTLS; if not, write to the Free Software Foundation,
|
||||
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
+
|
||||
+SERV="${SERV:-../src/ocserv}"
|
||||
+srcdir=${srcdir:-.}
|
||||
+NO_NEED_ROOT=1
|
||||
+PORT=4444
|
||||
+
|
||||
+. `dirname $0`/common.sh
|
||||
+
|
||||
+echo "Testing server cert with RSA-PSS... "
|
||||
+
|
||||
+update_config test-rsa-pss.config
|
||||
+launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
|
||||
+wait_server $PID
|
||||
+
|
||||
+echo "Connecting to obtain cookie... "
|
||||
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=sha256:7462b697482f771a9a787bc19db00f704a1685ae09ed201b7a126b052a09522e --cookieonly ) ||
|
||||
+ fail $PID "Could not receive cookie from server"
|
||||
+
|
||||
+cleanup
|
||||
+
|
||||
+exit 0
|
27
ocserv.conf
27
ocserv.conf
@ -1,12 +1,19 @@
|
||||
# User authentication method. Could be set multiple times and in
|
||||
# that case all should succeed. To enable multiple methods use
|
||||
# multiple auth directives. Available options: certificate,
|
||||
# plain, pam, radius, gssapi.
|
||||
### The following directives do not change with server reload.
|
||||
#
|
||||
# User authentication method. To require multiple methods to be
|
||||
# used for the user to login, add multiple auth directives. The values
|
||||
# in the 'auth' directive are AND composed (if multiple all must
|
||||
# succeed).
|
||||
# Available options: certificate, plain, pam, radius, gssapi.
|
||||
# Note that authentication methods utilizing passwords cannot be
|
||||
# combined (e.g., the plain, pam or radius methods).
|
||||
#
|
||||
# Note that authentication methods cannot be changed with reload.
|
||||
|
||||
# certificate:
|
||||
# This indicates that all connecting users must present a certificate.
|
||||
# The username and user group will be then extracted from it (see
|
||||
# cert-user-oid and cert-group-oid). The certificate to be accepted
|
||||
# it must be signed by the CA certificate as specified in 'ca-cert' and
|
||||
# it must not be listed in the CRL, as specified by the 'crl' option.
|
||||
#
|
||||
# pam[gid-min=1000]:
|
||||
# This enabled PAM authentication of the user. The gid-min option is used
|
||||
@ -44,7 +51,9 @@ auth = "pam"
|
||||
|
||||
# Specify alternative authentication methods that are sufficient
|
||||
# for authentication. That is, if set, any of the methods enabled
|
||||
# will be sufficient to login.
|
||||
# will be sufficient to login, irrespective of the main 'auth' entries.
|
||||
# When multiple options are present, they are OR composed (any of them
|
||||
# succeeding allows login).
|
||||
#enable-auth = "certificate"
|
||||
#enable-auth = "gssapi"
|
||||
#enable-auth = "gssapi[keytab=/etc/key.tab,require-local-user-map=true,tgt-freshness-time=900]"
|
||||
@ -176,6 +185,10 @@ try-mtu-discovery = false
|
||||
#
|
||||
# There may be multiple server-cert and server-key directives,
|
||||
# but each key should correspond to the preceding certificate.
|
||||
# The certificate files will be reloaded when changed allowing for in-place
|
||||
# certificate renewal (they are checked and reloaded periodically;
|
||||
# a SIGHUP signal to main server will force reload).
|
||||
|
||||
server-cert = /etc/pki/ocserv/public/server.crt
|
||||
server-key = /etc/pki/ocserv/private/server.key
|
||||
|
||||
|
34
ocserv.spec
34
ocserv.spec
@ -1,6 +1,7 @@
|
||||
# This spec file has been automatically updated
|
||||
Version: 0.11.11
|
||||
Version: 0.12.0
|
||||
Release: 1%{?dist}
|
||||
Patch1: ocserv-0.12.0-add-missing-test.patch
|
||||
%global _hardened_build 1
|
||||
|
||||
%if 0%{?fedora} || 0%{?rhel} >= 7
|
||||
@ -18,11 +19,6 @@ Release: 1%{?dist}
|
||||
%endif
|
||||
|
||||
%define use_local_protobuf 0
|
||||
%if 0%{?rhel} && 0%{?rhel} == 7
|
||||
%ifarch ppc64
|
||||
%define use_local_protobuf 1
|
||||
%endif
|
||||
%endif
|
||||
|
||||
Name: ocserv
|
||||
Summary: OpenConnect SSL VPN server
|
||||
@ -78,8 +74,6 @@ BuildRequires: GeoIP-devel
|
||||
%if %{use_systemd}
|
||||
BuildRequires: systemd
|
||||
BuildRequires: systemd-devel
|
||||
BuildRequires: autogen-libopts-devel
|
||||
BuildRequires: autogen
|
||||
BuildRequires: liboath-devel
|
||||
BuildRequires: uid_wrapper
|
||||
BuildRequires: socket_wrapper
|
||||
@ -97,6 +91,11 @@ BuildRequires: libseccomp-devel
|
||||
|
||||
%endif #use systemd
|
||||
|
||||
# no rubygem in epel7
|
||||
%if 0%{?fedora} || 0%{?rhel} > 7
|
||||
BuildRequires: rubygem(ronn)
|
||||
%endif
|
||||
|
||||
Requires: gnutls-utils
|
||||
Requires: iproute
|
||||
Requires: pam
|
||||
@ -126,7 +125,8 @@ to provide the secure VPN service.
|
||||
%if %{have_gpgv2}
|
||||
gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} || gpgv2 --keyring %{SOURCE10} %{SOURCE1} %{SOURCE0}
|
||||
%endif
|
||||
%setup -q
|
||||
|
||||
%autosetup -p1
|
||||
|
||||
rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h
|
||||
%if (0%{?use_local_protobuf} == 0)
|
||||
@ -140,14 +140,13 @@ sed -i 's/run-as-group = nogroup/run-as-group = nobody/g' tests/data/*.config
|
||||
# GPLv3 in headers is a gnulib bug:
|
||||
# http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
|
||||
sed -i 's/either version 3 of the License/either version 2 of the License/g' build-aux/snippet/*
|
||||
sed -i 's/exit 1/exit 77/g' tests/ocpasswd-test
|
||||
|
||||
%if 0%{?rhel} && 0%{?rhel} <= 6
|
||||
echo "int main() { return 77; }" > tests/valid-hostname.c
|
||||
%else
|
||||
rm -f libopts/*.c libopts/*.h libopts/*/*.c libopts/*/*.h
|
||||
%endif
|
||||
|
||||
chmod 755 tests/server-cert-rsa-pss
|
||||
|
||||
%build
|
||||
|
||||
%if 0%{?rhel} && 0%{?rhel} <= 6
|
||||
@ -165,9 +164,6 @@ autoreconf -fvi
|
||||
%else
|
||||
--disable-systemd \
|
||||
%endif
|
||||
%if 0%{?rhel} && 0%{?rhel} <= 6
|
||||
--enable-local-libopts \
|
||||
%endif
|
||||
%if %{use_local_protobuf}
|
||||
--without-protobuf \
|
||||
%endif
|
||||
@ -245,9 +241,14 @@ install -D -m 0755 %{SOURCE11} %{buildroot}/%{_initrddir}/%{name}
|
||||
|
||||
%doc AUTHORS ChangeLog NEWS COPYING LICENSE README.md TODO PACKAGE-LICENSING
|
||||
%doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT
|
||||
|
||||
## Temporarily disable when rubygem is not present; there is a bug in 0.12.0 dist
|
||||
%if 0%{?fedora} || 0%{?rhel} > 7
|
||||
%{_mandir}/man8/ocserv.8*
|
||||
%{_mandir}/man8/occtl.8*
|
||||
%{_mandir}/man8/ocpasswd.8*
|
||||
%endif
|
||||
|
||||
%{_bindir}/ocpasswd
|
||||
%{_bindir}/occtl
|
||||
%{_bindir}/ocserv-fw
|
||||
@ -262,6 +263,9 @@ install -D -m 0755 %{SOURCE11} %{buildroot}/%{_initrddir}/%{name}
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Apr 23 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.12.0-1
|
||||
- Update to upstream 0.12.0 release
|
||||
|
||||
* Mon Mar 05 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.11-1
|
||||
- Update to upstream 0.11.11 release
|
||||
|
||||
|
6
sources
6
sources
@ -5,7 +5,7 @@ SHA512 (ocserv-genkey) = e898144fd977e4c57c4a9a5480b38f6a166c0281c41500c3fa9b7e1
|
||||
SHA512 (PACKAGE-LICENSING) = eea2a2a4765c90d874c79bb72d754c8b26b58d5e5b3c3cee10c24754fbba6849fd91f7b28e380b5db9789a456f95fc94b3bd8fe8c160a98c8042f404479ecb68
|
||||
SHA512 (ocserv-pamd.conf) = 3a75f19d89ddd164f3faa9c3579c7f675fc58413a194f43ec28eee7ebced6fee3f4ca305fe9b0ddf76ae39cd669e8d3d63b58afbbf19b84e4ca646ae7f42d61a
|
||||
SHA512 (ocserv.service) = 264f3389d88aec1f7d2e4683a4dfc0aa67af2325154de822eecf5fb43f8c221aab0d9f0c6a8eedb893e6d69ed4d94c9397b01e5d0d12e88330017a3bfa5f3644
|
||||
SHA512 (ocserv.conf) = 0a48d394dba183528c1e92df2a8b844a4d7d419244b1c08883f79c8b48843986e786ea4d48478ed4e8d57fd56626bf962dbcf6c76b5839ba5ab5fac8b089c44c
|
||||
SHA512 (ocserv.conf) = 5b68a3547c6c69bf7c2b322692d6382162a587c47edad97690223c36f30ed98d3869d1ce063c630740d91888a4d70aadd657ddc6052c10e6e26800fca2e9d0c0
|
||||
SHA512 (gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg) = 3b1989dc6a64d1140f83a2af0773da2adb03c50d97b6da7357cf09525050651aafa21131f1e3180baa540a8af922119a256f5ff5bcd6602996a806e8e1816bad
|
||||
SHA512 (ocserv-0.11.11.tar.xz.sig) = 7a1521f94d48d7aafb66e6c544eb2e1c5a08d02441acc5f57876faaa984ad203f0395da37e602ad5539f54aa0ce1ff5da7389254028f6b811a9e01d6f86b1e84
|
||||
SHA512 (ocserv-0.11.11.tar.xz) = 1750e4ddd221913f82379ed34cf63f2ce858d73cfda0bcf60670a32bf2e8574a39f267c77abab78d2cf9a563a816d975e1a07b85c5e2412bd6d009850c8c262d
|
||||
SHA512 (ocserv-0.12.0.tar.xz.sig) = a746e72ba07bf7d28104385a70ba4c685389353368d02383eb385aece19ccc9d51a86226371338dbe1737046e403b17e351a04ffa2674ca594bf9e467438b534
|
||||
SHA512 (ocserv-0.12.0.tar.xz) = 73e39a6073761a42cff7637fdc0748d969dc6ddd80635633487aa2627ae7234af772194cf27fdded9f08637b26d7ca9017555242ccdb6ade03897f9d4ca4de8d
|
||||
|
Loading…
Reference in New Issue
Block a user