recompile

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
updated configuration to mark profile as configuration
2020-03-30 22:27:45 +02:00 · 2020-01-02 12:54:42 +01:00 · 2020-01-02 12:54:42 +01:00 · 2019-12-28 20:35:01 +01:00 · 2019-10-16 22:23:18 +02:00
4 changed files with 48 additions and 141 deletions
--- a/.gitignore
+++ b/.gitignore
@ -203,37 +203,3 @@
 /gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
 /ocserv-0.12.6.tar.xz.sig
 /ocserv-0.12.6.tar.xz
-/ocserv.init
-/gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg
-/ocserv-script
-/ocserv-genkey
-/PACKAGE-LICENSING
-/ocserv-pamd.conf
-/ocserv.service
-/ocserv.conf
-/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
-/ocserv-1.0.0.tar.xz.sig
-/ocserv-1.0.0.tar.xz
-/ocserv.init
-/gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg
-/ocserv-script
-/ocserv-genkey
-/PACKAGE-LICENSING
-/ocserv-pamd.conf
-/ocserv.service
-/ocserv.conf
-/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
-/ocserv-1.0.1.tar.xz.sig
-/ocserv-1.0.1.tar.xz
-/ocserv-1.1.0.tar.xz
-/ocserv-1.1.0.tar.xz.sig
-/ocserv-1.1.1.tar.xz
-/ocserv-1.1.1.tar.xz.sig
-/ocserv-1.1.2.tar.xz
-/ocserv-1.1.2.tar.xz.sig
-/ocserv-1.1.3.tar.xz
-/ocserv-1.1.3.tar.xz.sig
-/ocserv-1.1.4.tar.xz
-/ocserv-1.1.4.tar.xz.sig
-/ocserv-1.1.6.tar.xz.sig
-/ocserv-1.1.6.tar.xz
--- a/ocserv.conf
+++ b/ocserv.conf
@ -89,6 +89,12 @@ auth = "pam"
 tcp-port = 443
 udp-port = 443

+# Accept connections using a socket file. It accepts HTTP
+# connections (i.e., without SSL/TLS unlike its TCP counterpart),
+# and uses it as the primary channel. That option cannot be
+# combined with certificate authentication.
+#listen-clear-file = /var/run/ocserv-conn.socket
+
 # The user the worker processes will be run as. It should be
 # unique (no other services run as this user).
 run-as-user = ocserv
@ -170,12 +176,9 @@ server-key = /etc/pki/ocserv/private/server.key
 # information at: https://gitlab.com/ocserv/ocserv/issues
 isolate-workers = true

-# A banner to be displayed on clients after connection
+# A banner to be displayed on clients
 #banner = "Welcome"

-# A banner to be displayed on clients before connection
-#pre-login-banner = "Welcome"
-
 # Limit the number of clients. Unset or set to zero for unlimited.
 #max-clients = 1024
 max-clients = 16
@ -192,11 +195,9 @@ max-same-clients = 2
 # is recommended as it is more efficient in parsing.
 #listen-proxy-proto = true

-# Rate limit the number of incoming connections to one every X milliseconds
-# (X is the provided value), as the secmod backlog grows. This
-# makes the server more resilient (and prevents connection failures) on
-# multiple concurrent connections. Set to zero for no limit.
-rate-limit-ms = 100
+# Limit the number of client connections to one every X milliseconds 
+# (X is the provided value). Set to zero for no limit.
+#rate-limit-ms = 100

 # Stats report time. The number of seconds after which each
 # worker process will report its usage statistics (number of
--- a/ocserv.spec
+++ b/ocserv.spec
@ -1,5 +1,6 @@
-Version:	1.1.6
-Release: 3%{?dist}
+# This spec file has been automatically updated
+Version:	0.12.6
+Release: 4%{?dist}
 %global _hardened_build 1

 %if 0%{?fedora} || 0%{?rhel} >= 7
@ -18,6 +19,12 @@ Release: 3%{?dist}
 %define use_geoip 1
 %endif

+%if 0%{?rhel} && 0%{?rhel} == 8
+%define use_http_parser 0
+%else
+%define use_http_parser 1
+%endif
+
 %define use_local_protobuf 0

 Name:		ocserv
@ -42,7 +49,6 @@ Source11:	ocserv.init
 # Taken from upstream:
 # http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09

-BuildRequires: make
 BuildRequires:	gcc
 %if 0%{?rhel} && 0%{?rhel} <= 6
 BuildRequires:	gnutls30-devel
@ -51,8 +57,6 @@ BuildRequires:	gnutls-devel
 %endif
 BuildRequires:	pam-devel
 BuildRequires:	iproute
-BuildRequires:	openconnect
-BuildRequires:  gnutls-utils

 %if (0%{?use_local_protobuf} == 0)
 BuildRequires:	protobuf-c-devel
@ -62,9 +66,12 @@ BuildRequires:	libnl3-devel
 BuildRequires:	krb5-devel
 BuildRequires:	libtasn1-devel
 BuildRequires:	gperf
+BuildRequires:	pcllib-devel
 BuildRequires:	libtalloc-devel
 BuildRequires:	libev-devel
+%if %{use_http_parser}
 BuildRequires:	http-parser-devel
+%endif

 %if %{use_libwrap}
 BuildRequires:	tcp_wrappers-devel
@ -84,11 +91,7 @@ BuildRequires:	systemd
 BuildRequires:	systemd-devel
 BuildRequires:	liboath-devel
 BuildRequires:	uid_wrapper
-# Disable socket_wrapper on certain architectures because it
-# introduces new syscalls that the worker cannot handle.
-%ifnarch aarch64 %{ix86} %{arm}
 BuildRequires:	socket_wrapper
-%endif
 BuildRequires:	gnupg2

 %if 0%{?rhel} && 0%{?rhel} >= 7
@ -105,12 +108,12 @@ BuildRequires:	libseccomp-devel

 # no rubygem in epel7
 %if 0%{?fedora}
-BuildRequires:	rubygem-ronn-ng
+BuildRequires:	rubygem(ronn)
 %endif

-Recommends:		gnutls-utils
-Recommends:		iproute
-Recommends:		pam
+Requires:		gnutls-utils
+Requires:		iproute
+Requires:		pam
 Requires(pre):		shadow-utils
 %if %{use_systemd}
 Requires(post):		systemd
@ -140,12 +143,15 @@ gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} || gpgv2 --keyring %{SOURCE10}

 %autosetup -p1

+%if %{use_http_parser}
 rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h
+%endif
 %if (0%{?use_local_protobuf} == 0)
 rm -rf src/protobuf/protobuf-c/
 touch src/*.proto
 %endif
 rm -rf src/ccan/talloc
+rm -f src/pcl/*.c src/pcl/*.h
 sed -i 's|/etc/ocserv.conf|/etc/ocserv/ocserv.conf|g' src/config.c
 sed -i 's/run-as-group = nogroup/run-as-group = nobody/g' tests/data/*.config
 # GPLv3 in headers is a gnulib bug: 
@ -168,7 +174,6 @@ autoreconf -fvi
 %endif

 %configure \
-        --without-pcl-lib \
 %if %{use_systemd}
 	--enable-systemd \
 %else
@ -177,13 +182,16 @@ autoreconf -fvi
 %if %{use_local_protobuf}
 	--without-protobuf \
 %endif
+%if ! %{use_http_parser}
+	--without-http-parser \
+%endif
 %if %{use_libwrap}
 	--with-libwrap
 %else
 	--without-libwrap
 %endif

-make %{?_smp_mflags}
+make #%{?_smp_mflags}

 %pre
 getent group ocserv &>/dev/null || groupadd -r ocserv
@ -195,7 +203,7 @@ mkdir -p -m 700 %{_sysconfdir}/pki/ocserv/private
 mkdir -p %{_sysconfdir}/pki/ocserv/cacerts

 %check
-make check %{?_smp_mflags} VERBOSE=1
+make check %{?_smp_mflags}

 %if %{use_systemd}
 %post
@ -250,7 +258,7 @@ install -D -m 0755 %{SOURCE11} %{buildroot}/%{_initrddir}/%{name}
 %config(noreplace) %{_sysconfdir}/pam.d/ocserv
 %config(noreplace) %{_localstatedir}/lib/ocserv/profile.xml

-%doc AUTHORS ChangeLog NEWS COPYING LICENSE README.md PACKAGE-LICENSING
+%doc AUTHORS ChangeLog NEWS COPYING LICENSE README.md TODO PACKAGE-LICENSING
 %doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT

 %{_mandir}/man8/ocserv.8*
@ -262,7 +270,6 @@ install -D -m 0755 %{SOURCE11} %{buildroot}/%{_initrddir}/%{name}
 %{_bindir}/ocserv-fw
 %{_bindir}/ocserv-script
 %{_sbindir}/ocserv
-%{_sbindir}/ocserv-worker
 %{_sbindir}/ocserv-genkey
 %{_localstatedir}/lib/ocserv/profile.xml
 %if %{use_systemd}
@ -272,84 +279,8 @@ install -D -m 0755 %{SOURCE11} %{buildroot}/%{_initrddir}/%{name}
 %endif

 %changelog
-* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Thu Feb 17 2022 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.6-1
- Updated to 1.1.6
-
-* Thu Feb 10 2022 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.4-3
- Update seccomp rules to allow the futex syscall
- Workaround incompatible API change in GnuTLS 3.7.3.
-
-* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Sat Nov 13 2021 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.4-1
- Update to upstream 1.1.4 release
-
-* Sat Nov 06 2021 Adrian Reber <adrian@lisas.de> - 1.1.3-4
- Rebuilt for protobuf 3.19.0
-
-* Tue Oct 26 2021 Adrian Reber <adrian@lisas.de> - 1.1.3-3
- Rebuilt for protobuf 3.18.1
-
-* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Wed Jun  2 2021 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.3-1
- Updated to latest release
-
-* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Thu Jan 14 08:31:24 CET 2021 Adrian Reber <adrian@lisas.de> - 1.1.2-2
- Rebuilt for protobuf 3.14
-
-* Sun Dec  6 2020 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.2-1
- Update to upstream 1.1.2 release
-
-* Mon Nov 23 2020 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1.1.1-5
- Rebuilt for ronn successor
-
-* Wed Nov 11 2020 Nikos Mavrogiannopoulos <nmav@redhat.com> - 1.1.1-4
- Rebuilt for radcli 1.3.0
-
-* Thu Oct 29 2020 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.1-3
- Rebuild without pcllib dependency
- Enhanced seccomp filters for tests to run in all architectures
-
-* Thu Sep 24 2020 Adrian Reber <adrian@lisas.de> - 1.1.1-2
- Rebuilt for protobuf 3.13
-
-* Mon Sep 21 2020 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.1-1
- Update to upstream 1.1.1 release
- Set default priorities to NORMAL as using @SYSTEM is no longer necessary
-  to follow crypto policies.
-
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Sun Jun 21 2020 Adrian Reber <adrian@lisas.de> - 1.1.0-2
- Rebuilt for protobuf 3.12
-
-* Tue Jun 16 2020 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.1.0-1
- Update to upstream 1.1.0 release (introduces ocserv-worker)
-
-* Wed Apr 15 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 1.0.1-2
- Rebuild for http-parser 2.9.4
-
-* Thu Apr 09 2020 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.0.1-1
- Update to upstream 1.0.1 release
-
-* Fri Mar 20 2020 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 1.0.0-1
- Update to upstream 1.0.0 release
-
-* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.12.6-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+* Mon Mar 30 2020 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 0.12.6-4
+- Recompile to work around broken http-parser update (#1816266)

 * Sat Dec 28 2019 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> - 0.12.6-1
 - Update to upstream 0.12.6 release
--- a/13
+++ b/13
@ -1,2 +1,11 @@
-SHA512 (ocserv-1.1.6.tar.xz.sig) = 2a87768ad63d40053732fa011bbeb3532c9673296b9be299bf8f7d8dd3dd35571eee96c0b4fa9bf5a30633b4c844337ab3d562d6ea2b6ad8efca084eb5e6f502
-SHA512 (ocserv-1.1.6.tar.xz) = d1c5e5cf0e84aab168ed51516534df8b2968194dd1421f33563c61b3e47d5d79ebe9e6ffbf7cbcc9ff1242fae05151024f70ef586d063bec0b3eec00050bfdfa
+SHA512 (ocserv.init) = 7c3256dd0f7d5882c4e126c95209084e2476f7d8d142af137f46c5987364982eb88044bfa5d587ebc397ebd379edb40f22e5c97c0276764be982a27715a9c601
+SHA512 (gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg) = c664fd9999cbf9912eeea88ee3a2c356df3f70813a664bb7a7f592be258c12bdeb9e99e4aa9a368c1f123ee449eb08e288d1dc3dcf81e849a958ece6eab82d67
+SHA512 (ocserv-script) = 6d77ebe95d23469d96b45b1ac8de7a062cb1360febd0f9664b42debf0494891a522e3da8feec53d22b84e39ad349a1824b7ecd6b6b8f0790edf75aed1087e2d0
+SHA512 (ocserv-genkey) = e898144fd977e4c57c4a9a5480b38f6a166c0281c41500c3fa9b7e142197c4525d3fb90846a738e38d217116dc33c2ba5c16ec3e11de0dbf4d834e204c598eac
+SHA512 (PACKAGE-LICENSING) = eea2a2a4765c90d874c79bb72d754c8b26b58d5e5b3c3cee10c24754fbba6849fd91f7b28e380b5db9789a456f95fc94b3bd8fe8c160a98c8042f404479ecb68
+SHA512 (ocserv-pamd.conf) = 3a75f19d89ddd164f3faa9c3579c7f675fc58413a194f43ec28eee7ebced6fee3f4ca305fe9b0ddf76ae39cd669e8d3d63b58afbbf19b84e4ca646ae7f42d61a
+SHA512 (ocserv.service) = 2b258b2e9d211c9626e9e5c67b6c2573b713e0f490917ed1c84c2bb2708f874026ddb55dceb9585e491f86de5d3c8cd400bba864d12966ae96609cc4ce6413d2
+SHA512 (ocserv.conf) = 5b68a3547c6c69bf7c2b322692d6382162a587c47edad97690223c36f30ed98d3869d1ce063c630740d91888a4d70aadd657ddc6052c10e6e26800fca2e9d0c0
+SHA512 (gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg) = 3b1989dc6a64d1140f83a2af0773da2adb03c50d97b6da7357cf09525050651aafa21131f1e3180baa540a8af922119a256f5ff5bcd6602996a806e8e1816bad
+SHA512 (ocserv-0.12.6.tar.xz.sig) = 8791479c6f1e6e8c6fd7b6f08857c5e6c1fc81ebc9a11c55231a049c27e2ee9f0bf938ccf1b66fb704eafb26cda6c9595f54edffa265d732dd640e8123538313
+SHA512 (ocserv-0.12.6.tar.xz) = 4d254298dc897304b4676f28a21338c138196cbdb08170c6d536c8c6730fab307642dbf853f96e66335604cb68711262678d3d0be84e6768ec720b9a81ccf813
Author	SHA1	Message	Date
Nikos Mavrogiannopoulos	9e58974027	recompile Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>	2020-03-30 22:27:45 +02:00
Nikos Mavrogiannopoulos	18f1dfd0fd	updated configuration to mark profile as configuration	2020-01-02 12:54:42 +01:00
Nikos Mavrogiannopoulos	485328c539	ocserv.conf: updated to latest upstream version	2020-01-02 12:54:42 +01:00
Nikos Mavrogiannopoulos	e4dc858f35	Update to 0.12.6-1 - Update to upstream 0.12.6 release	2019-12-28 20:35:01 +01:00
Nikos Mavrogiannopoulos	f047769dbc	Update to 0.12.5-1 - Update to upstream 0.12.5 release	2019-10-16 22:23:18 +02:00