From 86abe99de540d3c3735524071f646d84b365bfa8 Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 2 Jun 2014 09:10:26 +0200 Subject: [PATCH] updated ocserv to 0.8.0 --- .gitignore | 2 + ocserv-0.8.0-cmp.patch | 13 +++++++ ocserv-0.8.0-endianness.patch | 70 +++++++++++++++++++++++++++++++++++ ocserv.conf | 7 +--- ocserv.spec | 10 ++++- sources | 4 +- 6 files changed, 98 insertions(+), 8 deletions(-) create mode 100644 ocserv-0.8.0-cmp.patch create mode 100644 ocserv-0.8.0-endianness.patch diff --git a/.gitignore b/.gitignore index 26820b3..11ec67a 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,5 @@ /ocserv-0.3.5.tar.xz /ocserv-0.8.0pre0.tar.xz /ocserv-0.8.0pre0.tar.xz.sig +/ocserv-0.8.0.tar.xz +/ocserv-0.8.0.tar.xz.sig diff --git a/ocserv-0.8.0-cmp.patch b/ocserv-0.8.0-cmp.patch new file mode 100644 index 0000000..1a00580 --- /dev/null +++ b/ocserv-0.8.0-cmp.patch @@ -0,0 +1,13 @@ +diff --git a/src/auth/plain.c b/src/auth/plain.c +index 1b66683..c8ed5bf 100644 +--- a/src/auth/plain.c ++++ b/src/auth/plain.c +@@ -266,7 +266,7 @@ static size_t rehash(const void *_e, void *unused) + + static bool str_cmp(const void* _c1, void* _c2) + { +- const char *c1 = _c1, *c2 = c2; ++ const char *c1 = _c1, *c2 = _c2; + + if (strcmp(c1, c2) == 0) + return 1; diff --git a/ocserv-0.8.0-endianness.patch b/ocserv-0.8.0-endianness.patch new file mode 100644 index 0000000..0afd8a3 --- /dev/null +++ b/ocserv-0.8.0-endianness.patch @@ -0,0 +1,70 @@ +diff --git a/src/main-ctl-unix.c b/src/main-ctl-unix.c +index b4da5eb..90d604f 100644 +--- a/src/main-ctl-unix.c ++++ b/src/main-ctl-unix.c +@@ -629,7 +629,7 @@ static void ctl_handle_commands(main_server_st * s) + } + goto cleanup; + } +- length = (buffer[2] << 8) | buffer[1]; ++ memcpy(&length, &buffer[1], 2); + buffer_size = ret - 3; + + if (length != buffer_size) { +diff --git a/src/occtl-unix.c b/src/occtl-unix.c +index 183825d..0c1b3e1 100644 +--- a/src/occtl-unix.c ++++ b/src/occtl-unix.c +@@ -83,15 +83,14 @@ int send_cmd(struct unix_ctx *ctx, unsigned cmd, const void *data, + struct iovec iov[2]; + unsigned iov_len = 1; + int e, ret; +- unsigned length = 0; ++ uint16_t length = 0; + void *packed = NULL; + + if (get_size) + length = get_size(data); + + header[0] = cmd; +- header[1] = length; +- header[2] = length >> 8; ++ memcpy(&header[1], &length, 2); + + iov[0].iov_base = header; + iov[0].iov_len = 3; +@@ -145,7 +144,7 @@ int send_cmd(struct unix_ctx *ctx, unsigned cmd, const void *data, + goto fail; + } + +- length = (header[2] << 8) | header[1]; ++ memcpy(&length, &header[1], 2); + + rep->data_size = length; + rep->data = talloc_size(ctx, length); +diff --git a/src/sec-mod.c b/src/sec-mod.c +index 15ee32a..c3d4bad 100644 +--- a/src/sec-mod.c ++++ b/src/sec-mod.c +@@ -354,6 +354,7 @@ void sec_mod_server(void *main_pool, struct cfg_st *config, const char *socket_f + unsigned cmd, length; + unsigned i, buffer_size; + uint8_t *buffer, *tpool; ++ uint16_t l16; + struct pin_st pins; + int sd; + sec_mod_st *sec; +@@ -538,10 +539,11 @@ void sec_mod_server(void *main_pool, struct cfg_st *config, const char *socket_f + } + + cmd = buffer[0]; +- length = buffer[1] | buffer[2] << 8; ++ memcpy(&l16, &buffer[1], 2); ++ length = l16; + + if (length > buffer_size - 4) { +- seclog(LOG_INFO, "too big message"); ++ seclog(LOG_INFO, "too big message (%d)", length); + goto cont; + } + diff --git a/ocserv.conf b/ocserv.conf index b87ba46..002dcee 100644 --- a/ocserv.conf +++ b/ocserv.conf @@ -128,11 +128,8 @@ auth-timeout = 40 # a failed authentication attempt. #min-reauth-time = 2 -# Cookie validity time (in seconds) -# Once a client is authenticated he's provided a cookie with -# which he can reconnect. This option sets the maximum lifetime -# of that cookie. -cookie-validity = 10800 +# Cookie timeout (in seconds) +cookie-timeout = 360 # ReKey time (in seconds) # ocserv will ask the client to refresh keys periodically once diff --git a/ocserv.spec b/ocserv.spec index 0c73e2d..27665b5 100644 --- a/ocserv.spec +++ b/ocserv.spec @@ -1,5 +1,5 @@ Name: ocserv -Version: 0.8.0pre0 +Version: 0.8.0 Release: 1%{?dist} Summary: OpenConnect SSL VPN server @@ -15,6 +15,9 @@ Source4: PACKAGE-LICENSING Source5: org.infradead.ocserv.conf Source6: ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig +Patch1: ocserv-0.8.0-endianness.patch +Patch2: ocserv-0.8.0-cmp.patch + # Taken from upstream: # http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -72,6 +75,8 @@ sed -i 's/run-as-group = nogroup/run-as-group = nobody/g' tests/*.config # GPLv3 in headers is a gnulib bug: # http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html sed -i 's/either version 3 of the License/either version 2 of the License/g' build-aux/snippet/* +%patch1 -p1 -b .cmp +%patch2 -p1 -b .endianness %build @@ -164,6 +169,9 @@ rm -rf %{buildroot} %{_localstatedir}/lib/ocserv/profile.xml %changelog +* Mon Jun 02 2014 Nikos Mavrogiannopoulos - 0.8.0-1 +- New upstream release + * Mon May 26 2014 Nikos Mavrogiannopoulos - 0.8.0pre0-1 - New upstream release diff --git a/sources b/sources index d20aea7..fb6cafa 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -de476b85be78be000f33c912a076657a ocserv-0.8.0pre0.tar.xz -0f2c49c121883cd189f28126d8ff718f ocserv-0.8.0pre0.tar.xz.sig +6383535a21f8eecfb1bbb7f7ac99c41f ocserv-0.8.0.tar.xz +1336250a0db4923e6a597b960209b42d ocserv-0.8.0.tar.xz.sig