ocserv/ocserv.spec

%global _hardened_build 1

Name:		ocserv
Version:	0.9.0
Release:	2%{?dist}
Summary:	OpenConnect SSL VPN server

# For a breakdown of the licensing, see PACKAGE-LICENSING 
# To simplify licenses LGPLv2+ files have been promoted to GPLv3+.
License:	GPLv3+ and BSD and MIT and CC0
URL:		http://www.infradead.org/ocserv/
Source0:	ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz
Source1:	ocserv.conf
Source2:	ocserv.service
Source3:	ocserv-pamd.conf
Source4:	PACKAGE-LICENSING
Source6:	ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig
Source7:	ocserv-genkey
Source8:	ocserv-script

# Taken from upstream:
# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildRequires:	gnutls-devel
BuildRequires:	pam-devel
BuildRequires:	iproute
BuildRequires:	systemd
BuildRequires:	systemd-devel
BuildRequires:	autogen-libopts-devel
BuildRequires:	protobuf-c-devel
BuildRequires:	libnl3-devel
BuildRequires:	readline-devel
BuildRequires:	autogen
BuildRequires:	gperf
%ifarch x86_64 #%{ix86}
BuildRequires:	libseccomp-devel
%endif
BuildRequires:	pcllib-devel
BuildRequires:	libtalloc-devel
BuildRequires:	http-parser-devel
BuildRequires:	tcp_wrappers-devel
BuildRequires:	automake, autoconf

# we don't build with dbus support
#BuildRequires:	dbus-devel

Requires:		gnutls-utils
Requires:		iproute
Requires:		pam
Requires(pre):		shadow-utils
Requires(post):		systemd
Requires(preun):	systemd
Requires(postun):	systemd
#gnulib is bundled. See https://fedorahosted.org/fpc/ticket/174
Provides:		bundled(gnulib)
#CCAN is bundled. See https://fedorahosted.org/fpc/ticket/364
Provides:		bundled(bobjenkins-hash) bundled(ccan-container_of) 
Provides:		bundled(ccan-htable) bundled(ccan-list)
Provides:		bundled(ccan-check_type) bundled(ccan-build_assert)

%description
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a 
secure, small, fast and configurable VPN server. It implements the OpenConnect 
SSL VPN protocol, and has also (currently experimental) compatibility with 
clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol 
uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS 
to provide the secure VPN service. 

%prep
%setup -q
rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h
rm -rf src/protobuf/
rm -rf src/ccan/talloc
rm -f libopts/*.c libopts/*.h libopts/*/*.c libopts/*/*.h
rm -f src/pcl/*.c src/pcl/*.h
sed -i 's|/etc/ocserv.conf|/etc/ocserv/ocserv.conf|g' src/config.c
sed -i 's/run-as-group = nogroup/run-as-group = nobody/g' tests/*.config
# GPLv3 in headers is a gnulib bug: 
# http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
sed -i 's/either version 3 of the License/either version 2 of the License/g' build-aux/snippet/*
touch src/*.proto

%build

%configure \
	--enable-systemd

make #%{?_smp_mflags}

%pre
getent group ocserv &>/dev/null || groupadd -r ocserv
getent passwd ocserv &>/dev/null || \
	/usr/sbin/useradd -r -g ocserv -s /sbin/nologin -c ocserv \
		-d %{_localstatedir}/lib/ocserv ocserv
mkdir -p %{_sysconfdir}/pki/ocserv/public
mkdir -p -m 700 %{_sysconfdir}/pki/ocserv/private
mkdir -p %{_sysconfdir}/pki/ocserv/cacerts

%check
make check %{?_smp_mflags}

%post
%systemd_post ocserv.service

%preun
%systemd_preun ocserv.service

%postun
%systemd_postun ocserv.service

%install
rm -rf %{buildroot}
cp -a %{SOURCE4} PACKAGE-LICENSING
mkdir -p %{buildroot}/%{_sysconfdir}/pam.d/
mkdir -p %{buildroot}/%{_sysconfdir}/ocserv/
install -p -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/pam.d/ocserv
install -p -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/ocserv/
mkdir -p %{buildroot}/%{_unitdir}
install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}
mkdir -p %{buildroot}%{_localstatedir}/lib/ocserv/
install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/
mkdir -p %{buildroot}/%{_sbindir}
install -p -m 755 %{SOURCE7} %{buildroot}/%{_sbindir}
mkdir -p %{buildroot}/%{_bindir}
install -p -m 755 %{SOURCE8} %{buildroot}/%{_bindir}
%make_install

%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root,-)

%dir %{_localstatedir}/lib/ocserv
%dir %{_sysconfdir}/ocserv

%config(noreplace) %{_sysconfdir}/ocserv/ocserv.conf
%config(noreplace) %{_sysconfdir}/pam.d/ocserv

%doc AUTHORS ChangeLog NEWS COPYING LICENSE README TODO PACKAGE-LICENSING
%doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT
%{_mandir}/man8/ocserv.8*
%{_mandir}/man8/occtl.8*
%{_mandir}/man8/ocpasswd.8*
%{_bindir}/ocpasswd
%{_bindir}/occtl
%{_bindir}/ocserv-script
%{_sbindir}/ocserv
%{_sbindir}/ocserv-genkey
%{_unitdir}/ocserv.service
%{_localstatedir}/lib/ocserv/profile.xml

%changelog
* Thu Jan 29 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9.0-2
- only enable seccomp in x86-64. It seems to be broken in x86:
  http://sourceforge.net/p/libseccomp/mailman/message/33275762/

* Thu Jan 22 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9.0-1
- new upstream release

* Fri Jan  9 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.9-4
- enable PIE

* Tue Jan  6 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.9-3
- Comply with system-wide crypto policies (#1179332)

* Mon Jan  5 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.9-2
- ocserv.service: depend on network-online.target (#1178760)
- enable seccomp (on platforms it is available)

* Thu Dec 11 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.9-1
- New upstream release

* Wed Nov 26 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.8-1
- New upstream release

* Mon Oct 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.7-1
- New upstream release

* Tue Sep 09 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-2
- Ship a default ocserv-script, which will put connecting clients
  into the internal firewall zone.

* Thu Aug 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-1
- New upstream release

* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

* Fri Aug 08 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.2-3
- Rebuilt

* Tue Aug 05 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.2-2
- Rebuilt for new protobuf-c

* Mon Jul 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.2-1
- New upstream release

* Mon Jun 30 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.1-1
- New upstream release

* Fri Jun 06 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.0-2
- Generate certificates and private keys before the first run
- Corrected chroot path

* Mon Jun 02 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.0-1
- New upstream release

* Mon May 26 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.0pre0-1
- New upstream release

* Fri May 09 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.5-1
- New upstream release

* Fri May 02 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.4-1
- New upstream release

* Thu Apr 10 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.3-1
- New upstream release

* Fri Mar 14 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.2-1
- New upstream release

* Mon Feb 17 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.1-2
- new upstream release

* Wed Jan 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.0-2
- Generated certificates no longer carry an expiration date.

* Mon Jan 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.0-1
- Updated to latest upstream version (0.3.0).
- Certificates and private keys are auto-generated.

* Mon Dec 16 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.3-1
- Updated to latest upstream version (0.2.3).
- Corrected the chroot directory in config file.

* Fri Dec  6 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-6
- Added exception for the bundling of CCAN components.

* Wed Nov 13 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-5
- Updated the way PACKAGE-LICENSING is handled.

* Tue Nov 12 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-4
- Replaced gnulib's GPLv3+ license with GPLv2+. According to 
  http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
  it was a gnulib bug.
- Reduced the number of applicable licenses by upgrading LGPLv2+ 
  components to GPLv2+.
- Added PACKAGE-LICENSING.

* Mon Nov 11 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-3
- Updated spec to add http-parser and pcllib as dependencies.
- Bundled library files are removed.
- Updated license information.

* Fri Nov  8 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-2
- Updated spec to account improvements suggested by Alec Leamas.

* Thu Nov  7 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-1
- Initial version of the package
enable PIE 10 years ago			`%global _hardened_build 1`

Initial import (#1027770) 11 years ago			`Name: ocserv`
new upstream release 10 years ago			`Version: 0.9.0`
Do not enable seccomp in x86. It is broken. 10 years ago			`Release: 2%{?dist}`
Initial import (#1027770) 11 years ago			`Summary: OpenConnect SSL VPN server`

			`# For a breakdown of the licensing, see PACKAGE-LICENSING`
Updated license information 11 years ago			`# To simplify licenses LGPLv2+ files have been promoted to GPLv3+.`
			`License: GPLv3+ and BSD and MIT and CC0`
Initial import (#1027770) 11 years ago			`URL: http://www.infradead.org/ocserv/`
			`Source0: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz`
			`Source1: ocserv.conf`
			`Source2: ocserv.service`
			`Source3: ocserv-pamd.conf`
			`Source4: PACKAGE-LICENSING`
new upstream release 11 years ago			`Source6: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig`
Generate the certificates and private keys before the first run 11 years ago			`Source7: ocserv-genkey`
Ship a default ocserv-script, which will put connecting clients into the internal firewall zone. 10 years ago			`Source8: ocserv-script`
Initial import (#1027770) 11 years ago
			`# Taken from upstream:`
			`# http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09`
			`BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)`

			`BuildRequires: gnutls-devel`
			`BuildRequires: pam-devel`
			`BuildRequires: iproute`
			`BuildRequires: systemd`
depend on systemd-devel 11 years ago			`BuildRequires: systemd-devel`
compile with any version of libopts 11 years ago			`BuildRequires: autogen-libopts-devel`
updated to ocserv 0.3.0 11 years ago			`BuildRequires: protobuf-c-devel`
			`BuildRequires: libnl3-devel`
			`BuildRequires: readline-devel`
Initial import (#1027770) 11 years ago			`BuildRequires: autogen`
new upstream release 10 years ago			`BuildRequires: gperf`
Do not enable seccomp in x86. It is broken. 10 years ago			`%ifarch x86_64 #%{ix86}`
Added seccomp dependency 10 years ago			`BuildRequires: libseccomp-devel`
enable seccomp on x86 platforms only 10 years ago			`%endif`
more uniform handling of buildrequires 11 years ago			`BuildRequires: pcllib-devel`
depend on talloc 11 years ago			`BuildRequires: libtalloc-devel`
more uniform handling of buildrequires 11 years ago			`BuildRequires: http-parser-devel`
			`BuildRequires: tcp_wrappers-devel`
Initial import (#1027770) 11 years ago			`BuildRequires: automake, autoconf`

new upstream release 11 years ago			`# we don't build with dbus support`
			`#BuildRequires: dbus-devel`

updated to ocserv 0.3.0 11 years ago			`Requires: gnutls-utils`
Initial import (#1027770) 11 years ago			`Requires: iproute`
			`Requires: pam`
			`Requires(pre): shadow-utils`
			`Requires(post): systemd`
			`Requires(preun): systemd`
			`Requires(postun): systemd`
			`#gnulib is bundled. See https://fedorahosted.org/fpc/ticket/174`
			`Provides: bundled(gnulib)`
			`#CCAN is bundled. See https://fedorahosted.org/fpc/ticket/364`
			`Provides: bundled(bobjenkins-hash) bundled(ccan-container_of)`
			`Provides: bundled(ccan-htable) bundled(ccan-list)`
			`Provides: bundled(ccan-check_type) bundled(ccan-build_assert)`

			`%description`
updated to 0.2.3 11 years ago			`OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to be a`
			`secure, small, fast and configurable VPN server. It implements the OpenConnect`
			`SSL VPN protocol, and has also (currently experimental) compatibility with`
			`clients using the AnyConnect SSL VPN protocol. The OpenConnect VPN protocol`
			`uses the standard IETF security protocols such as TLS 1.2, and Datagram TLS`
			`to provide the secure VPN service.`
Initial import (#1027770) 11 years ago
			`%prep`
			`%setup -q`
			`rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h`
updated to ocserv 0.3.0 11 years ago			`rm -rf src/protobuf/`
depend on talloc 11 years ago			`rm -rf src/ccan/talloc`
Initial import (#1027770) 11 years ago			`rm -f libopts/.c libopts/.h libopts//.c libopts//.h`
			`rm -f src/pcl/.c src/pcl/.h`
use the correct config file 11 years ago			`sed -i 's\|/etc/ocserv.conf\|/etc/ocserv/ocserv.conf\|g' src/config.c`
updated to 0.2.3 11 years ago			`sed -i 's/run-as-group = nogroup/run-as-group = nobody/g' tests/*.config`
updated to ocserv 0.3.0 11 years ago			`# GPLv3 in headers is a gnulib bug:`
Initial import (#1027770) 11 years ago			`# http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html`
			`sed -i 's/either version 3 of the License/either version 2 of the License/g' build-aux/snippet/*`
rebuilt for new protobuf-c 11 years ago			`touch src/*.proto`
Initial import (#1027770) 11 years ago
			`%build`

disable seccomp on arm 10 years ago			`%configure \`
			`--enable-systemd`
Initial import (#1027770) 11 years ago
compile without support for smp to prevent issues with autogen 10 years ago			`make #%{?_smp_mflags}`
Initial import (#1027770) 11 years ago
			`%pre`
			`getent group ocserv &>/dev/null \|\| groupadd -r ocserv`
			`getent passwd ocserv &>/dev/null \|\| \`
			`/usr/sbin/useradd -r -g ocserv -s /sbin/nologin -c ocserv \`
Added missing profile file. 11 years ago			`-d %{_localstatedir}/lib/ocserv ocserv`
updated to ocserv 0.3.0 11 years ago			`mkdir -p %{_sysconfdir}/pki/ocserv/public`
			`mkdir -p -m 700 %{_sysconfdir}/pki/ocserv/private`
			`mkdir -p %{_sysconfdir}/pki/ocserv/cacerts`
Initial import (#1027770) 11 years ago
run make check 10 years ago			`%check`
			`make check %{?_smp_mflags}`

Initial import (#1027770) 11 years ago			`%post`
			`%systemd_post ocserv.service`

			`%preun`
			`%systemd_preun ocserv.service`

			`%postun`
			`%systemd_postun ocserv.service`

			`%install`
			`rm -rf %{buildroot}`
			`cp -a %{SOURCE4} PACKAGE-LICENSING`
			`mkdir -p %{buildroot}/%{_sysconfdir}/pam.d/`
			`mkdir -p %{buildroot}/%{_sysconfdir}/ocserv/`
			`install -p -m 644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/pam.d/ocserv`
			`install -p -m 644 %{SOURCE1} %{buildroot}/%{_sysconfdir}/ocserv/`
			`mkdir -p %{buildroot}/%{_unitdir}`
			`install -p -m 644 %{SOURCE2} %{buildroot}/%{_unitdir}`
Added missing profile file. 11 years ago			`mkdir -p %{buildroot}%{_localstatedir}/lib/ocserv/`
new upstream release 11 years ago			`install -p -m 644 doc/profile.xml %{buildroot}%{_localstatedir}/lib/ocserv/`
Generate the certificates and private keys before the first run 11 years ago			`mkdir -p %{buildroot}/%{_sbindir}`
			`install -p -m 755 %{SOURCE7} %{buildroot}/%{_sbindir}`
Ship a default ocserv-script, which will put connecting clients into the internal firewall zone. 10 years ago			`mkdir -p %{buildroot}/%{_bindir}`
			`install -p -m 755 %{SOURCE8} %{buildroot}/%{_bindir}`
Initial import (#1027770) 11 years ago			`%make_install`

			`%clean`
			`rm -rf %{buildroot}`

			`%files`
			`%defattr(-,root,root,-)`

Added missing profile file. 11 years ago			`%dir %{_localstatedir}/lib/ocserv`
Initial import (#1027770) 11 years ago			`%dir %{_sysconfdir}/ocserv`

			`%config(noreplace) %{_sysconfdir}/ocserv/ocserv.conf`
			`%config(noreplace) %{_sysconfdir}/pam.d/ocserv`

			`%doc AUTHORS ChangeLog NEWS COPYING LICENSE README TODO PACKAGE-LICENSING`
Added missing profile file. 11 years ago			`%doc src/ccan/licenses/CC0 src/ccan/licenses/LGPL-2.1 src/ccan/licenses/BSD-MIT`
Initial import (#1027770) 11 years ago			`%{_mandir}/man8/ocserv.8*`
updated to ocserv 0.3.0 11 years ago			`%{_mandir}/man8/occtl.8*`
Initial import (#1027770) 11 years ago			`%{_mandir}/man8/ocpasswd.8*`
			`%{_bindir}/ocpasswd`
updated to ocserv 0.3.0 11 years ago			`%{_bindir}/occtl`
Ship a default ocserv-script, which will put connecting clients into the internal firewall zone. 10 years ago			`%{_bindir}/ocserv-script`
Initial import (#1027770) 11 years ago			`%{_sbindir}/ocserv`
Generate the certificates and private keys before the first run 11 years ago			`%{_sbindir}/ocserv-genkey`
Initial import (#1027770) 11 years ago			`%{_unitdir}/ocserv.service`
Added missing profile file. 11 years ago			`%{_localstatedir}/lib/ocserv/profile.xml`
Initial import (#1027770) 11 years ago
			`%changelog`
Do not enable seccomp in x86. It is broken. 10 years ago			`* Thu Jan 29 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9.0-2`
			`- only enable seccomp in x86-64. It seems to be broken in x86:`
			`http://sourceforge.net/p/libseccomp/mailman/message/33275762/`

new upstream release 10 years ago			`* Thu Jan 22 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9.0-1`
			`- new upstream release`

enable PIE 10 years ago			`* Fri Jan 9 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.9-4`
			`- enable PIE`

Comply with system-wide crypto policies Resolves: rhbz#1179332 10 years ago			`* Tue Jan 6 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.9-3`
			`- Comply with system-wide crypto policies (#1179332)`

ocserv.service: depend on network-online.target (#1178760) 10 years ago			`* Mon Jan 5 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.9-2`
			`- ocserv.service: depend on network-online.target (#1178760)`
enable seccomp on x86 platforms only 10 years ago			`- enable seccomp (on platforms it is available)`
ocserv.service: depend on network-online.target (#1178760) 10 years ago
new upstream release 10 years ago			`* Thu Dec 11 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.9-1`
			`- New upstream release`

new upstream release Resolves: #1167692 10 years ago			`* Wed Nov 26 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.8-1`
			`- New upstream release`

updated to 0.8.7 10 years ago			`* Mon Oct 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.7-1`
			`- New upstream release`

corrected bogus date 10 years ago			`* Tue Sep 09 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-2`
Ship a default ocserv-script, which will put connecting clients into the internal firewall zone. 10 years ago			`- Ship a default ocserv-script, which will put connecting clients`
			`into the internal firewall zone.`

updated to 0.8.4 and removed unused file 10 years ago			`* Thu Aug 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.4-1`
			`- New upstream release`

- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 11 years ago			`* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.2-4`
			`- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild`

rebuilt 11 years ago			`* Fri Aug 08 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.2-3`
			`- Rebuilt`

rebuilt for new protobuf-c 11 years ago			`* Tue Aug 05 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.2-2`
			`- Rebuilt for new protobuf-c`

new upstream release 11 years ago			`* Mon Jul 28 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.2-1`
			`- New upstream release`

Updated to 0.8.1 11 years ago			`* Mon Jun 30 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.1-1`
			`- New upstream release`

corrected date 11 years ago			`* Fri Jun 06 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.0-2`
Generate the certificates and private keys before the first run 11 years ago			`- Generate certificates and private keys before the first run`
doc update 11 years ago			`- Corrected chroot path`
Generate the certificates and private keys before the first run 11 years ago
updated ocserv to 0.8.0 11 years ago			`* Mon Jun 02 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.0-1`
			`- New upstream release`

new upstream release 11 years ago			`* Mon May 26 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.0pre0-1`
			`- New upstream release`

new upstream release 11 years ago			`* Fri May 09 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.5-1`
			`- New upstream release`

new upstream release 11 years ago			`* Fri May 02 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.4-1`
			`- New upstream release`

new upstream release 11 years ago			`* Thu Apr 10 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.3-1`
			`- New upstream release`

new upstream release 11 years ago			`* Fri Mar 14 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.2-1`
			`- New upstream release`
Added missing profile file. 11 years ago
fixes in default config 11 years ago			`* Mon Feb 17 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.1-2`
new upstream release 11 years ago			`- new upstream release`

remove expiration date by default 11 years ago			`* Wed Jan 29 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.0-2`
			`- Generated certificates no longer carry an expiration date.`

added changelog entry 11 years ago			`* Mon Jan 27 2014 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.3.0-1`
			`- Updated to latest upstream version (0.3.0).`
			`- Certificates and private keys are auto-generated.`

updated to 0.2.3 11 years ago			`* Mon Dec 16 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.3-1`
			`- Updated to latest upstream version (0.2.3).`
			`- Corrected the chroot directory in config file.`

Initial import (#1027770) 11 years ago			`* Fri Dec 6 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-6`
			`- Added exception for the bundling of CCAN components.`

			`* Wed Nov 13 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-5`
			`- Updated the way PACKAGE-LICENSING is handled.`

			`* Tue Nov 12 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-4`
			`- Replaced gnulib's GPLv3+ license with GPLv2+. According to`
			`http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html`
			`it was a gnulib bug.`
			`- Reduced the number of applicable licenses by upgrading LGPLv2+`
			`components to GPLv2+.`
			`- Added PACKAGE-LICENSING.`

			`* Mon Nov 11 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-3`
			`- Updated spec to add http-parser and pcllib as dependencies.`
			`- Bundled library files are removed.`
			`- Updated license information.`

			`* Fri Nov 8 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-2`
			`- Updated spec to account improvements suggested by Alec Leamas.`

			`* Thu Nov 7 2013 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.2.1-1`
			`- Initial version of the package`