Bug 250225 - net/ocserv: Update to 1.1.1
Summary: net/ocserv: Update to 1.1.1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kurt Jaeger
URL: https://ocserv.gitlab.io/www/index.html
Keywords: buildisok
Depends on:
Blocks:
 
Reported: 2020-10-09 14:18 UTC by Juraj Lutter
Modified: 2020-10-11 08:37 UTC (History)
1 user (show)

See Also:


Attachments
net/ocserv: Update to 1.1.1 (9.70 KB, patch)
2020-10-09 14:18 UTC, Juraj Lutter
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Juraj Lutter 2020-10-09 14:18:46 UTC
Created attachment 218625 [details]
net/ocserv: Update to 1.1.1

Hi,

plese find the patch attached.

Changelog since 1.0.1:
      - Fixed compatibility with OpenBSD that lacks procfs

      - Improved rate-limit-ms and made it dependent on secmod backlog. This makes
    the server more resilient (and prevents connection failures) on multiple
    concurrent connections

      - Added namespace support for listen address by introducing the listen-netns
    option

      - Disable TLS1.3 when cisco client compatibility is enabled. New anyconnect
    clients seem to supporting TLS1.3 but are unable to handle a client with an RSA
    key

      - Enable a race free user disconnection via occtl

      - Added the config option of a pre-login-banner

      - Ocserv siwtched to using multiple ocserv-sm processes to improve scale,
    with the number of ocserv-sm process dependent on maximum clients and number of
    CPUs. Configuration option sec-mod-scale can be used to override the
    heuristics.

      - Fixed issue with group selection on radius servers sending multiple group
    class attribute.

See https://gitlab.com/openconnect/ocserv/-/releases/1.1.1 for details.
Comment 1 Automation User 2020-10-09 15:38:50 UTC
Build and package info is available at https://gitlab.com/swills/freebsd-ports/pipelines/200510910
Comment 2 Juraj Lutter 2020-10-09 22:15:45 UTC
Please do not commit, there is some issue when connecting using Cisco AnyConnect client.
Comment 3 Juraj Lutter 2020-10-10 09:22:38 UTC
So it was a "false alarm" (due to my specific config), it works OK with cisco anyconnect client.
Comment 4 Kurt Jaeger freebsd_committer 2020-10-11 08:36:37 UTC
Committed, thanks!
Comment 5 commit-hook freebsd_committer 2020-10-11 08:37:00 UTC
A commit references this bug:

Author: pi
Date: Sun Oct 11 08:36:35 UTC 2020
New revision: 552035
URL: https://svnweb.freebsd.org/changeset/ports/552035

Log:
  net/ocserv: update 1.0.1 -> 1.1.1

  - Fixed compatibility with OpenBSD that lacks procfs
  - Improved rate-limit-ms and made it dependent on secmod backlog. This makes
    the server more resilient (and prevents connection failures) on multiple
    concurrent connections
  - Added namespace support for listen address by introducing the listen-netns
    option
  - Disable TLS1.3 when cisco client compatibility is enabled. New anyconnect
    clients seem to supporting TLS1.3 but are unable to handle a
    client with an RSA key
  - Enable a race free user disconnection via occtl
  - Added the config option of a pre-login-banner
  - Ocserv siwtched to using multiple ocserv-sm processes to improve scale,
    with the number of ocserv-sm process dependent on maximum clients
    and number of CPUs. Configuration option sec-mod-scale can be
    used to override the heuristics.
  - Fixed issue with group selection on radius servers sending multiple group
    class attribute.

  PR:		250225
  Submitted by:	Juraj Lutter <juraj@lutter.sk>
  Relnotes:	https://gitlab.com/openconnect/ocserv/-/releases/1.1.1

Changes:
  head/net/ocserv/Makefile
  head/net/ocserv/distinfo
  head/net/ocserv/files/patch-configure.ac
  head/net/ocserv/files/patch-doc_sample.config
  head/net/ocserv/pkg-plist