diff -Nru ocserv-1.3.0/debian/changelog ocserv-1.3.0/debian/changelog --- ocserv-1.3.0/debian/changelog 2024-08-18 14:03:40.000000000 +0800 +++ ocserv-1.3.0/debian/changelog 2025-05-08 19:52:25.000000000 +0800 @@ -1,3 +1,9 @@ +ocserv (1.3.0-2) unstable; urgency=medium + + * d/patches: add upstream patches + + -- Aron Xu Thu, 08 May 2025 19:52:25 +0800 + ocserv (1.3.0-1) unstable; urgency=medium * New upstream version 1.3.0 diff -Nru ocserv-1.3.0/debian/patches/0001-Check-return-value-of-remove.patch ocserv-1.3.0/debian/patches/0001-Check-return-value-of-remove.patch --- ocserv-1.3.0/debian/patches/0001-Check-return-value-of-remove.patch 1970-01-01 08:00:00.000000000 +0800 +++ ocserv-1.3.0/debian/patches/0001-Check-return-value-of-remove.patch 2025-05-08 19:49:29.000000000 +0800 @@ -0,0 +1,32 @@ +From 6746d1d6f41382bdb264576bdfbf20f95c6b30ba Mon Sep 17 00:00:00 2001 +From: Dimitri Papadopoulos + <3350651-DimitriPapadopoulos@users.noreply.gitlab.com> +Date: Tue, 25 Jun 2024 22:13:21 +0200 +Subject: [PATCH] Check return value of remove() + +Signed-off-by: Dimitri Papadopoulos <3350651-DimitriPapadopoulos@users.noreply.gitlab.com> +--- + src/main-ctl-unix.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/main-ctl-unix.c b/src/main-ctl-unix.c +index 856954a4..1354bee6 100644 +--- a/src/main-ctl-unix.c ++++ b/src/main-ctl-unix.c +@@ -131,7 +131,12 @@ int ctl_handler_init(main_server_st * s) + memset(&sa, 0, sizeof(sa)); + sa.sun_family = AF_UNIX; + strlcpy(sa.sun_path, GETPCONFIG(s)->occtl_socket_file, sizeof(sa.sun_path)); +- remove(GETPCONFIG(s)->occtl_socket_file); ++ ret = remove(GETPCONFIG(s)->occtl_socket_file); ++ if (ret != 0) { ++ e = errno; ++ mslog(s, NULL, LOG_DEBUG, "could not delete socket: '%s': %s", ++ GETPCONFIG(s)->occtl_socket_file, strerror(e)); ++ } + + sd = socket(AF_UNIX, SOCK_STREAM, 0); + if (sd == -1) { +-- +2.39.5 + diff -Nru ocserv-1.3.0/debian/patches/0002-src-ocpasswd-ocpasswd.c-handle-strup-errors.patch ocserv-1.3.0/debian/patches/0002-src-ocpasswd-ocpasswd.c-handle-strup-errors.patch --- ocserv-1.3.0/debian/patches/0002-src-ocpasswd-ocpasswd.c-handle-strup-errors.patch 1970-01-01 08:00:00.000000000 +0800 +++ ocserv-1.3.0/debian/patches/0002-src-ocpasswd-ocpasswd.c-handle-strup-errors.patch 2025-05-08 19:49:58.000000000 +0800 @@ -0,0 +1,34 @@ +From 9536c53521c08055d13664f75fb8f6808d138a73 Mon Sep 17 00:00:00 2001 +From: Ilya Shipitsin +Date: Tue, 25 Jun 2024 23:52:07 +0200 +Subject: [PATCH] src/ocpasswd/ocpasswd.c: handle strup errors + +Signed-off-by: Ilya Shipitsin +--- + src/ocpasswd/ocpasswd.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/ocpasswd/ocpasswd.c b/src/ocpasswd/ocpasswd.c +index 3bb8600a..da039d06 100644 +--- a/src/ocpasswd/ocpasswd.c ++++ b/src/ocpasswd/ocpasswd.c +@@ -491,8 +491,16 @@ int main(int argc, char **argv) + + if (!groupname) + groupname = strdup("*"); ++ if (!groupname) { ++ fprintf(stderr, "memory error\n"); ++ exit(EXIT_FAILURE); ++ } + if (!fpasswd) + fpasswd = strdup(DEFAULT_OCPASSWD); ++ if (!fpasswd) { ++ fprintf(stderr, "memory error\n"); ++ exit(EXIT_FAILURE); ++ } + + if (flags & FLAG_LOCK) { + lock_user(fpasswd, username); +-- +2.39.5 + diff -Nru ocserv-1.3.0/debian/patches/0003-Update-to-increase-pam-stack-size-per-https-gitlab.c.patch ocserv-1.3.0/debian/patches/0003-Update-to-increase-pam-stack-size-per-https-gitlab.c.patch --- ocserv-1.3.0/debian/patches/0003-Update-to-increase-pam-stack-size-per-https-gitlab.c.patch 1970-01-01 08:00:00.000000000 +0800 +++ ocserv-1.3.0/debian/patches/0003-Update-to-increase-pam-stack-size-per-https-gitlab.c.patch 2025-05-08 19:50:29.000000000 +0800 @@ -0,0 +1,27 @@ +From 3606482486b8b4726dd25d4938567479d706c763 Mon Sep 17 00:00:00 2001 +From: theevilapplepie +Date: Tue, 3 Sep 2024 12:46:57 -0400 +Subject: [PATCH] Update to increase pam stack size per + https://gitlab.com/openconnect/ocserv/-/issues/619 Signed-off-by: James Vess + + +--- + src/auth/pam.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/auth/pam.c b/src/auth/pam.c +index e8529718..43ab8004 100644 +--- a/src/auth/pam.c ++++ b/src/auth/pam.c +@@ -48,7 +48,7 @@ + #include "auth/pam.h" + #include "auth-unix.h" + +-#define PAM_STACK_SIZE (96*1024) ++#define PAM_STACK_SIZE (1024*1024) + + #define MAX_REPLIES 2 + +-- +2.39.5 + diff -Nru ocserv-1.3.0/debian/patches/0004-Make-path-to-ocserv-fw-script-conform-to-config-pref.patch ocserv-1.3.0/debian/patches/0004-Make-path-to-ocserv-fw-script-conform-to-config-pref.patch --- ocserv-1.3.0/debian/patches/0004-Make-path-to-ocserv-fw-script-conform-to-config-pref.patch 1970-01-01 08:00:00.000000000 +0800 +++ ocserv-1.3.0/debian/patches/0004-Make-path-to-ocserv-fw-script-conform-to-config-pref.patch 2025-05-08 19:52:25.000000000 +0800 @@ -0,0 +1,40 @@ +From 58263db7798aecbb22e82fef2ebb417d543e4155 Mon Sep 17 00:00:00 2001 +From: Lee Keitel +Date: Tue, 25 Mar 2025 21:18:55 +0000 +Subject: [PATCH] Make path to ocserv-fw script conform to config prefix + +Signed-off-by: default avatarLee Keitel +Reviewed-by: Aron Xu +--- + src/Makefile.am | 3 ++- + src/main-user.c | 2 ++ + 2 files changed, 4 insertions(+), 1 deletion(-) + +Index: ocserv/src/Makefile.am +=================================================================== +--- ocserv.orig/src/Makefile.am ++++ ocserv/src/Makefile.am +@@ -6,7 +6,8 @@ AM_CPPFLAGS += \ + $(LIBPROTOBUF_C_CFLAGS) $(LIBLZ4_CFLAGS) \ + $(LIBREADLINE_CFLAGS) $(CODE_COVERAGE_CFLAGS) \ + $(LIBTALLOC_CFLAGS) $(LIBDBUS_CFLAGS) $(LIBOATH_CFLAGS) \ +- $(LIBKRB5_CFLAGS) $(LIBTASN1_CFLAGS) $(RADCLI_CFLAGS) $(SRC_CFLAGS) ++ $(LIBKRB5_CFLAGS) $(LIBTASN1_CFLAGS) $(RADCLI_CFLAGS) $(SRC_CFLAGS) \ ++ -DOCSERV_FW_SCRIPT=\"${libexecdir}/ocserv-fw\" + + if ENABLE_OIDC_AUTH + AM_CPPFLAGS += $(LIBCURL_CFLAGS) $(CJOSE_CFLAGS) $(JANSSON_CFLAGS) +Index: ocserv/src/main-user.c +=================================================================== +--- ocserv.orig/src/main-user.c ++++ ocserv/src/main-user.c +@@ -47,7 +47,9 @@ + #include + #include + ++#ifndef OCSERV_FW_SCRIPT + #define OCSERV_FW_SCRIPT "/usr/libexec/ocserv-fw" ++#endif + + #define APPEND_TO_STR(str, val) \ + do { \ diff -Nru ocserv-1.3.0/debian/patches/0005-Allow-the-readlinkat-syscall-when-socket_wrapper-is-.patch ocserv-1.3.0/debian/patches/0005-Allow-the-readlinkat-syscall-when-socket_wrapper-is-.patch --- ocserv-1.3.0/debian/patches/0005-Allow-the-readlinkat-syscall-when-socket_wrapper-is-.patch 1970-01-01 08:00:00.000000000 +0800 +++ ocserv-1.3.0/debian/patches/0005-Allow-the-readlinkat-syscall-when-socket_wrapper-is-.patch 2025-05-08 19:51:11.000000000 +0800 @@ -0,0 +1,29 @@ +From 310ef4a732817ce5056a69f8d817af1a639f453e Mon Sep 17 00:00:00 2001 +From: Mike Gilbert +Date: Wed, 6 Nov 2024 13:53:51 -0500 +Subject: [PATCH] Allow the readlinkat syscall when socket_wrapper is in use + +On arm64, the realpath function calls readlinkat instead of readlink. + +Fixes: #627 + +Signed-off-by: Mike Gilbert +--- + src/worker-privs.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/worker-privs.c b/src/worker-privs.c +index 54985999..6e076278 100644 +--- a/src/worker-privs.c ++++ b/src/worker-privs.c +@@ -105,6 +105,7 @@ int disable_system_calls(struct worker_st *ws) + * them when socket wrapper is active */ + if (getenv("SOCKET_WRAPPER_DIR") != NULL) { + ADD_SYSCALL(readlink, 0); ++ ADD_SYSCALL(readlinkat, 0); + } + + /* we use quite some system calls here, and in the end +-- +2.39.5 + diff -Nru ocserv-1.3.0/debian/patches/series ocserv-1.3.0/debian/patches/series --- ocserv-1.3.0/debian/patches/series 1970-01-01 08:00:00.000000000 +0800 +++ ocserv-1.3.0/debian/patches/series 2025-05-08 19:52:25.000000000 +0800 @@ -0,0 +1,5 @@ +0001-Check-return-value-of-remove.patch +0002-src-ocpasswd-ocpasswd.c-handle-strup-errors.patch +0003-Update-to-increase-pam-stack-size-per-https-gitlab.c.patch +0004-Make-path-to-ocserv-fw-script-conform-to-config-pref.patch +0005-Allow-the-readlinkat-syscall-when-socket_wrapper-is-.patch