Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ocserv for openSUSE:Factory checked
in at 2023-09-02 22:07:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ocserv (Old)
and /work/SRC/openSUSE:Factory/.ocserv.new.1766 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ocserv"
Sat Sep 2 22:07:48 2023 rev:21 rq:1108560 version:1.2.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/ocserv/ocserv.changes 2023-03-07
16:51:23.057916405 +0100
+++ /work/SRC/openSUSE:Factory/.ocserv.new.1766/ocserv.changes 2023-09-02
22:08:32.553170775 +0200
@@ -1,0 +2,33 @@
+Tue Aug 29 12:37:56 UTC 2023 - Martin Hauke <mar...@gmx.de>
+
+- Update to version 1.2.1
+ * Accept the Clavister OneConnect VPN Android client.
+ * No longer require to set device name per vhost.
+ * Account the correct number of points when proxyproto is in use
+ * nuttcp tests were replaced with iperf3 that is available
+ in more environments
+ * occtl: fix duplicate key in `occtl --json show users` output
+- Update to version 1.2.0
+ * Add support for Cisco Enterprise phones to authenticate via
+ the /svc endpoint and the 'cisco-svc-client-compat' config
+ option.
+ * Enhanced radius group support to enable radius servers send
+ multiple group class attributes
+ See doc/README-radius.md for more information.
+ * Enhanced the seccomp filters to open files related to FIPS
+ compliance on SuSe.
+ * Added "Camouflage" functionality that makes ocserv look like a
+ web server to unauthorized parties.
+ * Avoid login failure when the end point of server URI
+ contains a query string.
+ * Make sure we print proper JSON with `occtl --debug --json`
+ * Eliminated the need for using the gnulib portability library.
+- Update to version 1.1.7
+ * Emit a LOG_ERR error message with plain authentication fails
+ * The bundled inih was updated to r56.
+ * The bundled protobuf-c was updated to 1.4.1.
+ * Enhanced the seccomp filters for ARMv7 compatibility and musl
+ libc
+ * HTTP headers always capitalised as in RFC 9110
+
+-------------------------------------------------------------------
Old:
----
ocserv-1.1.6.tar.xz
ocserv-1.1.6.tar.xz.sig
New:
----
ocserv-1.2.1.tar.xz
ocserv-1.2.1.tar.xz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ocserv.spec ++++++
--- /var/tmp/diff_new_pack.cpwnpW/_old 2023-09-02 22:08:35.641281123 +0200
+++ /var/tmp/diff_new_pack.cpwnpW/_new 2023-09-02 22:08:35.693282981 +0200
@@ -17,7 +17,7 @@
Name: ocserv
-Version: 1.1.6
+Version: 1.2.1
Release: 0
Summary: OpenConnect VPN Server
License: GPL-2.0-only
@@ -149,7 +149,7 @@
%files
%defattr(-,root,root)
%doc AUTHORS NEWS README.md
-%license COPYING LICENSE
+%license COPYING
%config %{_sysconfdir}/ocserv
%if 0%{suse_version} >= 1500
%dir %{_prefix}/lib/firewalld
++++++ ocserv-1.1.6.tar.xz -> ocserv-1.2.1.tar.xz ++++++
++++ 83353 lines of diff (skipped)
++++++ ocserv.config.patch ++++++
--- /var/tmp/diff_new_pack.cpwnpW/_old 2023-09-02 22:08:36.737320288 +0200
+++ /var/tmp/diff_new_pack.cpwnpW/_new 2023-09-02 22:08:36.741320431 +0200
@@ -1,5 +1,5 @@
diff --git a/doc/sample.config b/doc/sample.config
-index 0e33484f..60ab3e93 100644
+index 4c8c8c6..7a4697f 100644
--- a/doc/sample.config
+++ b/doc/sample.config
@@ -48,7 +48,7 @@
@@ -22,18 +22,19 @@
# The user the worker processes will be run as. This should be a dedicated
# unprivileged user (e.g., 'ocserv') and no other services should run as this
-@@ -126,8 +126,8 @@ socket-file = /var/run/ocserv-socket
+@@ -126,9 +126,8 @@ socket-file = /var/run/ocserv-socket
#server-cert = /etc/ocserv/server-cert.pem
#server-key = /etc/ocserv/server-key.pem
-server-cert = ../tests/certs/server-cert.pem
-server-key = ../tests/certs/server-key.pem
+-
+server-cert = /etc/ocserv/certificates/server-cert.pem
+server-key = /etc/ocserv/certificates/server-key.pem
-
# Diffie-Hellman parameters. Only needed if for old (pre 3.6.0
# versions of GnuTLS for supporting DHE ciphersuites.
-@@ -154,7 +154,7 @@ server-key = ../tests/certs/server-key.pem
+ # Can be generated using:
+@@ -154,7 +153,7 @@ server-key = ../tests/certs/server-key.pem
# client certificates (public keys) if certificate authentication
# is set.
#ca-cert = /etc/ocserv/ca.pem
@@ -42,16 +43,7 @@
# The number of sub-processes to use for the security module (authentication)
# processes. Typically this should not be set as the number of processes
-@@ -180,7 +180,7 @@ ca-cert = ../tests/certs/ca.pem
- # the isolation was tested at. If you get random failures on worker
processes, try
- # disabling that option and report the failures you, along with system and
debugging
- # information at: https://gitlab.com/ocserv/ocserv/issues
--isolate-workers = true
-+isolate-workers = false
-
- # A banner to be displayed on clients after connection
- #banner = "Welcome"
-@@ -249,7 +249,7 @@ mobile-dpd = 1800
+@@ -249,7 +248,7 @@ mobile-dpd = 1800
switch-to-tcp-timeout = 25
# MTU discovery (DPD must be enabled)
@@ -60,78 +52,4 @@
# To enable load-balancer connection draining, set server-drain-ms to a value
# higher than your load-balancer health probe interval.
-@@ -415,8 +415,8 @@ rekey-method = ssl
- # STATS_BYTES_OUT, STATS_DURATION that contain a 64-bit counter of the bytes
- # output from the tun device, and the duration of the session in seconds.
-
--#connect-script = /usr/bin/myscript
--#disconnect-script = /usr/bin/myscript
-+#connect-script = /usr/bin/ocserv-script
-+#disconnect-script = /usr/bin/ocserv-script
-
- # This script is to be called when the client's advertised hostname becomes
- # available. It will contain REASON with "host-update" value and the
-@@ -506,7 +506,8 @@ ipv4-netmask = 255.255.255.0
- # The advertised DNS server. Use multiple lines for
- # multiple servers.
- # dns = fc00::4be0
--dns = 192.168.1.2
-+dns = 8.8.8.8
-+dns = 8.8.4.4
-
- # The NBNS server (if any)
- #nbns = 192.168.1.3
-@@ -545,8 +546,8 @@ ping-leases = false
- # comment out all routes from the server, or use the special keyword
- # 'default'.
-
--route = 10.10.10.0/255.255.255.0
--route = 192.168.0.0/255.255.0.0
-+#route = 10.10.10.0/255.255.255.0
-+#route = 192.168.0.0/255.255.0.0
- #route = fef4:db8:1000:1001::/64
- #route = default
-
-@@ -719,18 +720,18 @@ client-bypass-protocol = false
- # An example virtual host with different authentication methods serviced
- # by this server.
-
--[vhost:www.example.com]
--auth = "certificate"
-+#[vhost:www.example.com]
-+#auth = "certificate"
-
--ca-cert = ../tests/certs/ca.pem
-+#ca-cert = ../tests/certs/ca.pem
-
- # The certificate set here must include a 'dns_name' corresponding to
- # the virtual host name.
-
--server-cert = ../tests/certs/server-cert-secp521r1.pem
--server-key = ../tests/certs/server-key-secp521r1.pem
-+#server-cert = ../tests/certs/server-cert-secp521r1.pem
-+#server-key = ../tests/certs/server-key-secp521r1.pem
-
--ipv4-network = 192.168.2.0
--ipv4-netmask = 255.255.255.0
-+#ipv4-network = 192.168.2.0
-+#ipv4-netmask = 255.255.255.0
-
--cert-user-oid = 0.9.2342.19200300.100.1.1
-+#cert-user-oid = 0.9.2342.19200300.100.1.1
-diff --git a/doc/systemd/socket-activated/ocserv.socket
b/doc/systemd/socket-activated/ocserv.socket
-index 9444f190..a0ac362a 100644
---- a/doc/systemd/socket-activated/ocserv.socket
-+++ b/doc/systemd/socket-activated/ocserv.socket
-@@ -2,8 +2,8 @@
- Description=OpenConnect SSL VPN server Socket
-
- [Socket]
--ListenStream=443
--ListenDatagram=443
-+ListenStream=9000
-+ListenDatagram=9001
- BindIPv6Only=default
- Accept=false
- ReusePort=true
