Bug 250225 - net/ocserv: Update to 1.1.1
Summary: net/ocserv: Update to 1.1.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kurt Jaeger
URL: https://ocserv.gitlab.io/www/index.html
Keywords: buildisok
Depends on:
Blocks:
 
Reported: 2020-10-09 14:18 UTC by Juraj Lutter
Modified: 2020-10-11 08:37 UTC (History)
1 user (show)

See Also:

Attachments
net/ocserv: Update to 1.1.1 (9.70 KB, patch)
2020-10-09 14:18 UTC, Juraj Lutter 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Juraj Lutter freebsd_committer freebsd_triage 2020-10-09 14:18:46 UTC 
Created attachment 218625 [details]
net/ocserv: Update to 1.1.1

Hi,

plese find the patch attached.

Changelog since 1.0.1:
      - Fixed compatibility with OpenBSD that lacks procfs

      - Improved rate-limit-ms and made it dependent on secmod backlog. This makes
    the server more resilient (and prevents connection failures) on multiple
    concurrent connections

      - Added namespace support for listen address by introducing the listen-netns
    option

      - Disable TLS1.3 when cisco client compatibility is enabled. New anyconnect
    clients seem to supporting TLS1.3 but are unable to handle a client with an RSA
    key

      - Enable a race free user disconnection via occtl

      - Added the config option of a pre-login-banner

      - Ocserv siwtched to using multiple ocserv-sm processes to improve scale,
    with the number of ocserv-sm process dependent on maximum clients and number of
    CPUs. Configuration option sec-mod-scale can be used to override the
    heuristics.

      - Fixed issue with group selection on radius servers sending multiple group
    class attribute.

See https://gitlab.com/openconnect/ocserv/-/releases/1.1.1 for details.
Comment 1 Automation User 2020-10-09 15:38:50 UTC 
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/200510910
Comment 2 Juraj Lutter freebsd_committer freebsd_triage 2020-10-09 22:15:45 UTC 
Please do not commit, there is some issue when connecting using Cisco AnyConnect client.
Comment 3 Juraj Lutter freebsd_committer freebsd_triage 2020-10-10 09:22:38 UTC 
So it was a "false alarm" (due to my specific config), it works OK with cisco anyconnect client.
Comment 4 Kurt Jaeger freebsd_committer freebsd_triage 2020-10-11 08:36:37 UTC 
Committed, thanks!
Comment 5 commit-hook freebsd_committer freebsd_triage 2020-10-11 08:37:00 UTC 
A commit references this bug:

Author: pi
Date: Sun Oct 11 08:36:35 UTC 2020
New revision: 552035
URL: https://svnweb.freebsd.org/changeset/ports/552035

Log:
  net/ocserv: update 1.0.1 -> 1.1.1

  - Fixed compatibility with OpenBSD that lacks procfs
  - Improved rate-limit-ms and made it dependent on secmod backlog. This makes
    the server more resilient (and prevents connection failures) on multiple
    concurrent connections
  - Added namespace support for listen address by introducing the listen-netns
    option
  - Disable TLS1.3 when cisco client compatibility is enabled. New anyconnect
    clients seem to supporting TLS1.3 but are unable to handle a
    client with an RSA key
  - Enable a race free user disconnection via occtl
  - Added the config option of a pre-login-banner
  - Ocserv siwtched to using multiple ocserv-sm processes to improve scale,
    with the number of ocserv-sm process dependent on maximum clients
    and number of CPUs. Configuration option sec-mod-scale can be
    used to override the heuristics.
  - Fixed issue with group selection on radius servers sending multiple group
    class attribute.

  PR:		250225
  Submitted by:	Juraj Lutter <juraj@lutter.sk>
  Relnotes:	https://gitlab.com/openconnect/ocserv/-/releases/1.1.1

Changes:
  head/net/ocserv/Makefile
  head/net/ocserv/distinfo
  head/net/ocserv/files/patch-configure.ac
  head/net/ocserv/files/patch-doc_sample.config
  head/net/ocserv/pkg-plist