Update to upstream 1.1.2 release

This commit is contained in:
Nikos Mavrogiannopoulos 2020-12-06 14:11:06 +01:00
parent 1400361cdd
commit e9d48e920a
5 changed files with 9 additions and 30 deletions

2
.gitignore vendored
View File

@ -229,3 +229,5 @@
/ocserv-1.1.0.tar.xz.sig
/ocserv-1.1.1.tar.xz
/ocserv-1.1.1.tar.xz.sig
/ocserv-1.1.2.tar.xz
/ocserv-1.1.2.tar.xz.sig

View File

@ -1,19 +0,0 @@
diff --git a/src/worker-privs.c b/src/worker-privs.c
index ea503cd0..3d4d5fa4 100644
--- a/src/worker-privs.c
+++ b/src/worker-privs.c
@@ -166,6 +166,14 @@ int disable_system_calls(struct worker_st *ws)
ADD_SYSCALL(fstat, 0);
ADD_SYSCALL(lseek, 0);
+ /* if running under socketwrapper ensure we allow its calls */
+ if (getenv("SOCKET_WRAPPER_DIR") != NULL) {
+ ADD_SYSCALL(stat64, 0);
+ ADD_SYSCALL(readlink, 0);
+ ADD_SYSCALL(newfstatat, 0);
+ ADD_SYSCALL(mmap, 0);
+ }
+
ADD_SYSCALL(getsockopt, 0);
ADD_SYSCALL(setsockopt, 0);

View File

@ -89,12 +89,6 @@ auth = "pam"
tcp-port = 443
udp-port = 443
# Accept connections using a socket file. It accepts HTTP
# connections (i.e., without SSL/TLS unlike its TCP counterpart),
# and uses it as the primary channel. That option cannot be
# combined with certificate authentication.
#listen-clear-file = /var/run/ocserv-conn.socket
# The user the worker processes will be run as. It should be
# unique (no other services run as this user).
run-as-user = ocserv

View File

@ -1,5 +1,5 @@
Version: 1.1.1
Release: 5%{?dist}
Version: 1.1.2
Release: 1%{?dist}
%global _hardened_build 1
%if 0%{?fedora} || 0%{?rhel} >= 7
@ -44,7 +44,6 @@ Source8: ocserv-genkey
Source9: ocserv-script
Source10: gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg
Source11: ocserv.init
Patch0: ocserv-1.1.1-socketwrapper.patch
# Taken from upstream:
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
@ -285,6 +284,9 @@ install -D -m 0755 %{SOURCE11} %{buildroot}/%{_initrddir}/%{name}
%endif
%changelog
* Sat Dec 6 2020 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.2-1
- Update to upstream 1.1.2 release
* Mon Nov 23 2020 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1.1.1-5
- Rebuilt for ronn successor

View File

@ -1,2 +1,2 @@
SHA512 (ocserv-1.1.1.tar.xz) = 1173416f0d32f9faf98e539c8e73316a50ac93b519d1ade19374a3df865d10d975e13ac53e0c5a5e77c80f3605d7a810287b18b85b798887d227389761b54220
SHA512 (ocserv-1.1.1.tar.xz.sig) = 9fe0f3e2ea4daaf1d053c2cdc87d38dc8256feb11c16f93e7e677500457914a82e659901f77f6ec4ca175fceeec74e3f8d001412c969c18dcf486545bac83393
SHA512 (ocserv-1.1.2.tar.xz) = 8a145ff729414482c10ab763ac891e21f588fb8f61265fb4e6e61684a9b48c5fcaaafaad1ddcaeaf4ffad85377be45c002b628b27d9a7d08f5b403668f62c3f0
SHA512 (ocserv-1.1.2.tar.xz.sig) = 3de64d1b4812c836ce809dd31adbf0ba7f2b11f408bb279bdd64f915be7c70b6601f098281e219a986febd0f5ddabaa6eba2448a0b9baf0ae025187b06aec3ce