FreeBSD Bugzilla – Attachment 218625 Details for
Bug 250225
net/ocserv: Update to 1.1.1
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
net/ocserv: Update to 1.1.1
net_ocserv-1.1.1.diff (text/plain), 9.70 KB, created by
Juraj Lutter
on 2020-10-09 14:18:46 UTC
(
hide
)
Description:
net/ocserv: Update to 1.1.1
Filename:
MIME Type:
Creator:
Juraj Lutter
Created:
2020-10-09 14:18:46 UTC
Size:
9.70 KB
patch
obsolete
>diff --git a/net/ocserv/Makefile b/net/ocserv/Makefile >index ed98bb1ec105..5e3cd41ca232 100644 >--- a/net/ocserv/Makefile >+++ b/net/ocserv/Makefile >@@ -1,80 +1,84 @@ > # Created by: Carlos J Puga Medina <cpm@fbsd.es> > # $FreeBSD$ > > PORTNAME= ocserv >-PORTVERSION= 1.0.1 >-PORTREVISION= 1 >+PORTVERSION= 1.1.1 > CATEGORIES= net net-vpn security > MASTER_SITES= ftp://ftp.infradead.org/pub/ocserv/ > > MAINTAINER= ports@FreeBSD.org > COMMENT= Server implementing the AnyConnect SSL VPN protocol > > LICENSE= GPLv2+ > LICENSE_FILE= ${WRKSRC}/LICENSE > > BUILD_DEPENDS= bash:shells/bash \ > gsed:textproc/gsed > LIB_DEPENDS= liblz4.so:archivers/liblz4 \ > libiconv.so:converters/libiconv \ > libev.so:devel/libev \ > libtalloc.so:devel/talloc \ > libprotobuf-c.so:devel/protobuf-c \ > libgnutls.so:security/gnutls \ > libtasn1.so:security/libtasn1 \ > libnettle.so:security/nettle \ > liboath.so:security/oath-toolkit \ > libpcl.so:devel/pcl > > USES= autoreconf cpe gperf libtool localbase ncurses \ > pathfix pkgconfig readline tar:xz > > CPE_VENDOR= infradead > GNU_CONFIGURE= yes > CONFIGURE_ARGS= --without-geoip \ >- --without-http-parser >+ --without-http-parser \ >+ --disable-namespaces > > USERS= _ocserv > GROUPS= _ocserv > > USE_RC_SUBR= ocserv > > PLIST_SUB= USERS="${USERS}" GROUPS="${GROUPS}" > >-OPTIONS_DEFINE= DOCS EXAMPLES GSSAPI RADIUS >+OPTIONS_DEFINE= DOCS EXAMPLES GSSAPI MAXMIND RADIUS > > PORTDOCS= AUTHORS ChangeLog NEWS README TODO > PORTEXAMPLES= profile.xml sample.config sample.passwd > > GSSAPI_USES= gssapi:mit > GSSAPI_LIB_DEPENDS= libkrb5support.so:security/krb5 > GSSAPI_CONFIGURE_OFF= --without-gssapi > > RADIUS_LIB_DEPENDS= libradcli.so:net/radcli > RADIUS_CONFIGURE_OFF= --without-radius > >+MAXMIND_DESC= Use Maxmind GeoIP library >+MAXMIND_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb >+MAXMIND_CONFIGURE_OFF= --without-maxmind >+ > .include <bsd.port.pre.mk> > > post-patch: > ${REINPLACE_CMD} 's|/usr/bin/ocserv-fw|${PREFIX}/bin/ocserv-fw|g' \ > ${WRKSRC}/src/main-user.c > ${REINPLACE_CMD} 's|/usr/bin/ocserv\\-fw|${PREFIX}/bin/ocserv\\-fw|g' \ > ${WRKSRC}/doc/ocserv.8 > .if "${PREFIX}" != "" && "${PREFIX}" != "/" && "${PREFIX}" != "/usr" > ${REINPLACE_CMD} -E 's|^(#define DEFAULT_CFG_FILE ")(/etc/ocserv/ocserv.conf")|\1${PREFIX}\2|' ${WRKSRC}/src/config.c > .endif > > post-install: > ${MKDIR} ${STAGEDIR}${PREFIX}/etc/ocserv ${STAGEDIR}/var/run/ocserv > ${INSTALL_DATA} ${FILESDIR}/ocserv.conf ${STAGEDIR}${PREFIX}/etc/ocserv/ocserv.conf.sample > ${INSTALL_MAN} ${WRKSRC}/doc/*.8 ${STAGEDIR}${MANPREFIX}/man/man8 > > post-install-DOCS-on: > ${MKDIR} ${STAGEDIR}${DOCSDIR} > cd ${WRKSRC} && ${INSTALL_DATA} ${PORTDOCS} ${STAGEDIR}${DOCSDIR} > > post-install-EXAMPLES-on: > ${MKDIR} ${STAGEDIR}${EXAMPLESDIR} > cd ${WRKSRC}/doc && ${INSTALL_DATA} ${PORTEXAMPLES} ${STAGEDIR}${EXAMPLESDIR} > > .include <bsd.port.post.mk> >diff --git a/net/ocserv/distinfo b/net/ocserv/distinfo >index 949c48c6a695..8173d7823eec 100644 >--- a/net/ocserv/distinfo >+++ b/net/ocserv/distinfo >@@ -1,3 +1,3 @@ >-TIMESTAMP = 1586552655 >-SHA256 (ocserv-1.0.1.tar.xz) = 59d9ef7a1aeb95ff6e762e2a0f231b3fae2ea420f68a1cf09d39a26395040f4b >-SIZE (ocserv-1.0.1.tar.xz) = 787800 >+TIMESTAMP = 1602242932 >+SHA256 (ocserv-1.1.1.tar.xz) = 9c7aaf46e53e28cfa7be329b18f3951e7e851153ff6a27e946496fd4e8e5765a >+SIZE (ocserv-1.1.1.tar.xz) = 818988 >diff --git a/net/ocserv/files/patch-configure.ac b/net/ocserv/files/patch-configure.ac >index d7a63c6cb88f..27f60419b701 100644 >--- a/net/ocserv/files/patch-configure.ac >+++ b/net/ocserv/files/patch-configure.ac >@@ -1,20 +1,20 @@ >---- configure.ac.orig 2020-04-09 21:07:12 UTC >+--- configure.ac.orig 2020-10-09 11:32:59 UTC > +++ configure.ac > @@ -15,7 +15,7 @@ AM_PROG_AR > AM_PROG_CC_C_O > AC_PROG_SED >- if [ test "$GCC" = "yes" ];then >+ if test "$GCC" = "yes" && ! expr "$CC" : clang >/dev/null 2>&1;then > - CFLAGS="$CFLAGS -Wall -Wno-strict-aliasing -Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-missing-field-initializers -Wno-implicit-fallthrough -Wno-stringop-truncation" > + CFLAGS="$CFLAGS -Wall -Wno-strict-aliasing -Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-missing-field-initializers" > fi >+ > AC_PATH_PROG(CTAGS, ctags, [:]) >- AC_PATH_PROG(CSCOPE, cscope, [:]) >-@@ -199,7 +199,7 @@ if test "$test_for_geoip" = yes && test "$have_maxmind >+@@ -222,7 +222,7 @@ if test "$test_for_geoip" = yes && test "$have_maxmind > fi > > have_readline=no > -AC_LIB_HAVE_LINKFLAGS(readline,, [ > +AC_LIB_HAVE_LINKFLAGS(readline,ncurses, [ > #include <stdio.h> > #include <readline/readline.h>], [rl_replace_line(0,0);]) > if test x$ac_cv_libreadline = xyes; then >diff --git a/net/ocserv/files/patch-doc_sample.config b/net/ocserv/files/patch-doc_sample.config >index 9793353efa4b..145c3bf2de82 100644 >--- a/net/ocserv/files/patch-doc_sample.config >+++ b/net/ocserv/files/patch-doc_sample.config >@@ -1,78 +1,78 @@ >---- doc/sample.config.orig 2020-04-09 20:56:20 UTC >+--- doc/sample.config.orig 2020-09-20 19:49:01 UTC > +++ doc/sample.config > @@ -19,7 +19,7 @@ > # This enabled PAM authentication of the user. The gid-min option is used > # by auto-select-group option, in order to select the minimum valid group ID. > # > -# plain[passwd=/etc/ocserv/ocpasswd,otp=/etc/ocserv/users.otp] > +# plain[passwd=/usr/local/etc/ocserv/ocpasswd,otp=/etc/ocserv/users.otp] > # The plain option requires specifying a password file which contains > # entries of the following format. > # "username:groupname1,groupname2:encoded-password" >-@@ -106,8 +106,8 @@ udp-port = 443 >- >- # The user the worker processes will be run as. It should be >- # unique (no other services run as this user). >+@@ -110,8 +110,8 @@ udp-port = 443 >+ # The user the worker processes will be run as. This should be a dedicated >+ # unprivileged user (e.g., 'ocserv') and no other services should run as this >+ # user. > -run-as-user = nobody > -run-as-group = daemon > +run-as-user = _ocserv > +run-as-group = _ocserv > > # socket file used for IPC with occtl. You only need to set that, > # if you use more than a single servers. >-@@ -176,15 +176,9 @@ ca-cert = ../tests/certs/ca.pem >+@@ -180,15 +180,9 @@ ca-cert = ../tests/certs/ca.pem > ### failures during the reloading time. > > > -# Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of > -# system calls allowed to a worker process, in order to reduce damage from a > -# bug in the worker process. It is available on Linux systems at a performance cost. > -# The performance cost is roughly 2% overhead at transfer time (tested on a Linux 3.17.8). > -# Note however, that process isolation is restricted to the specific libc versions > -# the isolation was tested at. If you get random failures on worker processes, try > -# disabling that option and report the failures you, along with system and debugging > -# information at: https://gitlab.com/ocserv/ocserv/issues > -isolate-workers = true >-+# ocserv 1.0.1 on FreeBSD does not currently support process isolation, >++# ocserv 1.1.1 on FreeBSD does not currently support process isolation, > +# because ocserv only supports Linux's seccomp system, but not capsicum(4). > +#isolate-workers = false > >- # A banner to be displayed on clients >+ # A banner to be displayed on clients after connection > #banner = "Welcome" >-@@ -535,15 +529,15 @@ no-route = 192.168.5.0/255.255.255.0 >+@@ -553,15 +547,15 @@ no-route = 192.168.5.0/255.255.255.0 > # Note the that following two firewalling options currently are available > # in Linux systems with iptables software. > > -# If set, the script /usr/bin/ocserv-fw will be called to restrict > +# If set, the script /usr/local/bin/ocserv-fw will be called to restrict > # the user to its allowed routes and prevent him from accessing > # any other routes. In case of defaultroute, the no-routes are restricted. > -# All the routes applied by ocserv can be reverted using /usr/bin/ocserv-fw > +# All the routes applied by ocserv can be reverted using /usr/local/bin/ocserv-fw > # --removeall. This option can be set globally or in the per-user configuration. > #restrict-user-to-routes = true > > # This option implies restrict-user-to-routes set to true. If set, the > -# script /usr/bin/ocserv-fw will be called to restrict the user to > +# script /usr/local/bin/ocserv-fw will be called to restrict the user to > # access specific ports in the network. This option can be set globally > # or in the per-user configuration. > #restrict-user-to-ports = "tcp(443), tcp(80), udp(443), sctp(99), tcp(583), icmp(), icmpv6()" >-@@ -591,13 +585,13 @@ no-route = 192.168.5.0/255.255.255.0 >+@@ -609,13 +603,13 @@ no-route = 192.168.5.0/255.255.255.0 > # hostname to override any proposed by the user. Note also, that, any > # routes, no-routes, DNS or NBNS servers present will overwrite the global ones. > > -#config-per-user = /etc/ocserv/config-per-user/ > -#config-per-group = /etc/ocserv/config-per-group/ > +#config-per-user = /usr/local/etc/ocserv/config-per-user/ > +#config-per-group = /usr/local/etc/ocserv/config-per-group/ > > # When config-per-xxx is specified and there is no group or user that > # matches, then utilize the following configuration. > -#default-user-config = /etc/ocserv/defaults/user.conf > -#default-group-config = /etc/ocserv/defaults/group.conf > +#default-user-config = /usr/local/etc/ocserv/defaults/user.conf > +#default-group-config = /usr/local/etc/ocserv/defaults/group.conf > > # The system command to use to setup a route. %{R} will be replaced with the > # route/mask, %{RI} with the route in CIDR format, and %{D} with the (tun) device. >diff --git a/net/ocserv/pkg-plist b/net/ocserv/pkg-plist >index 15cd6baa9b09..8d684679a078 100644 >--- a/net/ocserv/pkg-plist >+++ b/net/ocserv/pkg-plist >@@ -1,9 +1,10 @@ > bin/occtl > bin/ocpasswd > bin/ocserv-fw > man/man8/occtl.8.gz > man/man8/ocpasswd.8.gz > man/man8/ocserv.8.gz > @sample etc/ocserv/ocserv.conf.sample > sbin/ocserv >+sbin/ocserv-worker > @dir(%%USERS%%,%%GROUPS%%,750) /var/run/ocserv
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=218625">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 250225
: 218625