rpms
/
ocserv
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 0.12.0-1

Browse Source 
- Update to upstream 0.12.0 release
epel9
Nikos Mavrogiannopoulos 7 years ago
parent dc565f4e83
commit 914a518ada
6 changed files with 97 additions and 89 deletions
Show Stats Download Patch File Download Diff File

11
.gitignore vendored
Unescape View File

@ -126,3 +126,14 @@
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg /gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
/ocserv-0.11.11.tar.xz.sig /ocserv-0.11.11.tar.xz.sig
/ocserv-0.11.11.tar.xz /ocserv-0.11.11.tar.xz
/ocserv.init
/gpgkey-56EE7FA9E8173B19FE86268D763712747F343FA7.gpg
/ocserv-script
/ocserv-genkey
/PACKAGE-LICENSING
/ocserv-pamd.conf
/ocserv.service
/ocserv.conf
/gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg
/ocserv-0.12.0.tar.xz.sig
/ocserv-0.12.0.tar.xz

65
ocserv-0.11.11-crypt.patch
Unescape View File

@ -1,65 +0,0 @@
From cf9cda99a5caf8fabd547f25a962b96a46e13957 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Thu, 12 Apr 2018 14:58:59 +0200
Subject: [PATCH] include crypt.h to use crypt()
This is necessary in Fedora28 as it doesn't provide
crypt() prototype in unistd.h
https://bugzilla.redhat.com/show_bug.cgi?id=1566464
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
configure.ac | 2 +-
src/auth/plain.c | 5 +++++
src/ocpasswd/ocpasswd.c | 5 +++++
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
index 71c27564..c03d8e7b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -319,7 +319,7 @@ AC_CHECK_MEMBER([struct sockaddr.sa_len],
#include <sys/socket.h>
])
-AC_CHECK_HEADERS([net/if_tun.h linux/if_tun.h netinet/in_systm.h], [], [], [])
+AC_CHECK_HEADERS([net/if_tun.h linux/if_tun.h netinet/in_systm.h crypt.h], [], [], [])
AC_CHECK_FUNCS([setproctitle vasprintf clock_gettime isatty pselect ppoll getpeereid sigaltstack])
AC_CHECK_FUNCS([strlcpy posix_memalign malloc_trim strsep])
diff --git a/src/auth/plain.c b/src/auth/plain.c
index 2052e07d..f9c7b1b1 100644
--- a/src/auth/plain.c
+++ b/src/auth/plain.c
@@ -37,6 +37,11 @@
#ifdef HAVE_LIBOATH
# include <liboath/oath.h>
#endif
+#ifdef HAVE_CRYPT_H
+ /* libcrypt in Fedora28 does not provide prototype
+ * in unistd.h */
+# include <crypt.h>
+#endif
#define MAX_CPASS_SIZE 128
#define HOTP_WINDOW 20
diff --git a/src/ocpasswd/ocpasswd.c b/src/ocpasswd/ocpasswd.c
index de3b8396..abb66744 100644
--- a/src/ocpasswd/ocpasswd.c
+++ b/src/ocpasswd/ocpasswd.c
@@ -32,6 +32,11 @@
#include <sys/types.h>
#include <sys/stat.h>
#include "ocpasswd-args.h"
+#ifdef HAVE_CRYPT_H
+ /* libcrypt in Fedora28 does not provide prototype
+ * in unistd.h */
+# include <crypt.h>
+#endif
/* Gnulib portability files. */
#include <getpass.h>
--
2.14.3

46
ocserv-0.12.0-add-missing-test.patch
Unescape View File

@ -0,0 +1,46 @@
diff --git a/tests/server-cert-rsa-pss b/tests/server-cert-rsa-pss
new file mode 100755
index 0000000..be3d098
--- /dev/null
+++ b/tests/server-cert-rsa-pss
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# This file is part of ocserv.
+#
+# ocserv is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation; either version 2 of the License, or (at
+# your option) any later version.
+#
+# ocserv is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GnuTLS; if not, write to the Free Software Foundation,
+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+SERV="${SERV:-../src/ocserv}"
+srcdir=${srcdir:-.}
+NO_NEED_ROOT=1
+PORT=4444
+
+. `dirname $0`/common.sh
+
+echo "Testing server cert with RSA-PSS... "
+
+update_config test-rsa-pss.config
+launch_sr_server -d 1 -f -c ${CONFIG} & PID=$!
+wait_server $PID
+
+echo "Connecting to obtain cookie... "
+( echo "test" | LD_PRELOAD=libsocket_wrapper.so $OPENCONNECT -q $ADDRESS:$PORT -u test --servercert=sha256:7462b697482f771a9a787bc19db00f704a1685ae09ed201b7a126b052a09522e --cookieonly ) ||
+ fail $PID "Could not receive cookie from server"
+
+cleanup
+
+exit 0

27
ocserv.conf
Unescape View File

@ -1,12 +1,19 @@
# User authentication method. Could be set multiple times and in ### The following directives do not change with server reload.
# that case all should succeed. To enable multiple methods use #
# multiple auth directives. Available options: certificate, # User authentication method. To require multiple methods to be
# plain, pam, radius, gssapi. # used for the user to login, add multiple auth directives. The values
# in the 'auth' directive are AND composed (if multiple all must
# succeed).
# Available options: certificate, plain, pam, radius, gssapi.
# Note that authentication methods utilizing passwords cannot be
# combined (e.g., the plain, pam or radius methods).
# #
# Note that authentication methods cannot be changed with reload.
# certificate: # certificate:
# This indicates that all connecting users must present a certificate. # This indicates that all connecting users must present a certificate.
# The username and user group will be then extracted from it (see
# cert-user-oid and cert-group-oid). The certificate to be accepted
# it must be signed by the CA certificate as specified in 'ca-cert' and
# it must not be listed in the CRL, as specified by the 'crl' option.
# #
# pam[gid-min=1000]: # pam[gid-min=1000]:
# This enabled PAM authentication of the user. The gid-min option is used # This enabled PAM authentication of the user. The gid-min option is used
@ -44,7 +51,9 @@ auth = "pam"
# Specify alternative authentication methods that are sufficient # Specify alternative authentication methods that are sufficient
# for authentication. That is, if set, any of the methods enabled # for authentication. That is, if set, any of the methods enabled
# will be sufficient to login. # will be sufficient to login, irrespective of the main 'auth' entries.
# When multiple options are present, they are OR composed (any of them
# succeeding allows login).
#enable-auth = "certificate" #enable-auth = "certificate"
#enable-auth = "gssapi" #enable-auth = "gssapi"
#enable-auth = "gssapi[keytab=/etc/key.tab,require-local-user-map=true,tgt-freshness-time=900]" #enable-auth = "gssapi[keytab=/etc/key.tab,require-local-user-map=true,tgt-freshness-time=900]"
@ -176,6 +185,10 @@ try-mtu-discovery = false
# #
# There may be multiple server-cert and server-key directives, # There may be multiple server-cert and server-key directives,
# but each key should correspond to the preceding certificate. # but each key should correspond to the preceding certificate.
# The certificate files will be reloaded when changed allowing for in-place
# certificate renewal (they are checked and reloaded periodically;
# a SIGHUP signal to main server will force reload).
server-cert = /etc/pki/ocserv/public/server.crt server-cert = /etc/pki/ocserv/public/server.crt
server-key = /etc/pki/ocserv/private/server.key server-key = /etc/pki/ocserv/private/server.key

31
ocserv.spec
Unescape View File

@ -1,7 +1,7 @@
# This spec file has been automatically updated # This spec file has been automatically updated
Version: 0.11.11 Version: 0.12.0
Release: 2%{?dist} Release: 1%{?dist}
Patch1: ocserv-0.11.11-crypt.patch Patch1: ocserv-0.12.0-add-missing-test.patch
%global _hardened_build 1 %global _hardened_build 1
%if 0%{?fedora} || 0%{?rhel} >= 7 %if 0%{?fedora} || 0%{?rhel} >= 7
@ -20,9 +20,9 @@ Patch1: ocserv-0.11.11-crypt.patch
%define use_local_protobuf 0 %define use_local_protobuf 0
%if 0%{?rhel} && 0%{?rhel} == 7 %if 0%{?rhel} && 0%{?rhel} == 7
%ifarch ppc64 #%ifarch ppc64
%define use_local_protobuf 1 #%define use_local_protobuf 1
%endif #%endif
%endif %endif
Name: ocserv Name: ocserv
@ -79,12 +79,11 @@ BuildRequires: GeoIP-devel
%if %{use_systemd} %if %{use_systemd}
BuildRequires: systemd BuildRequires: systemd
BuildRequires: systemd-devel BuildRequires: systemd-devel
BuildRequires: autogen-libopts-devel
BuildRequires: autogen
BuildRequires: liboath-devel BuildRequires: liboath-devel
BuildRequires: uid_wrapper BuildRequires: uid_wrapper
BuildRequires: socket_wrapper BuildRequires: socket_wrapper
BuildRequires: gnupg2 BuildRequires: gnupg2
BuildRequires: rubygem(ronn)
%if 0%{?rhel} && 0%{?rhel} >= 7 %if 0%{?rhel} && 0%{?rhel} >= 7
%ifarch x86_64 %{ix86} %ifarch x86_64 %{ix86}
@ -127,7 +126,12 @@ to provide the secure VPN service.
%if %{have_gpgv2} %if %{have_gpgv2}
gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} || gpgv2 --keyring %{SOURCE10} %{SOURCE1} %{SOURCE0} gpgv2 --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} || gpgv2 --keyring %{SOURCE10} %{SOURCE1} %{SOURCE0}
%endif %endif
%if 0%{?rhel} && 0%{?rhel} <= 6
%setup -q %setup -q
%else
%autosetup -p1
%endif
rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h rm -f src/http-parser/http_parser.c src/http-parser/http_parser.h
%if (0%{?use_local_protobuf} == 0) %if (0%{?use_local_protobuf} == 0)
@ -141,14 +145,13 @@ sed -i 's/run-as-group = nogroup/run-as-group = nobody/g' tests/data/*.config
# GPLv3 in headers is a gnulib bug: # GPLv3 in headers is a gnulib bug:
# http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html # http://lists.gnu.org/archive/html/bug-gnulib/2013-11/msg00062.html
sed -i 's/either version 3 of the License/either version 2 of the License/g' build-aux/snippet/* sed -i 's/either version 3 of the License/either version 2 of the License/g' build-aux/snippet/*
sed -i 's/exit 1/exit 77/g' tests/ocpasswd-test
%if 0%{?rhel} && 0%{?rhel} <= 6 %if 0%{?rhel} && 0%{?rhel} <= 6
echo "int main() { return 77; }" > tests/valid-hostname.c echo "int main() { return 77; }" > tests/valid-hostname.c
%else
rm -f libopts/*.c libopts/*.h libopts/*/*.c libopts/*/*.h
%endif %endif
chmod 755 tests/server-cert-rsa-pss
%build %build
%if 0%{?rhel} && 0%{?rhel} <= 6 %if 0%{?rhel} && 0%{?rhel} <= 6
@ -166,9 +169,6 @@ autoreconf -fvi
%else %else
--disable-systemd \ --disable-systemd \
%endif %endif
%if 0%{?rhel} && 0%{?rhel} <= 6
--enable-local-libopts \
%endif
%if %{use_local_protobuf} %if %{use_local_protobuf}
--without-protobuf \ --without-protobuf \
%endif %endif
@ -263,6 +263,9 @@ install -D -m 0755 %{SOURCE11} %{buildroot}/%{_initrddir}/%{name}
%endif %endif
%changelog %changelog
* Mon Apr 23 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.12.0-1
- Update to upstream 0.12.0 release
* Thu Apr 12 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.11-2 * Thu Apr 12 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.11.11-2
- Update to upstream 0.11.11 release - Update to upstream 0.11.11 release
- include crypt.h to use crypt() - include crypt.h to use crypt()

6
sources
Unescape View File

@ -5,7 +5,7 @@ SHA512 (ocserv-genkey) = e898144fd977e4c57c4a9a5480b38f6a166c0281c41500c3fa9b7e1
SHA512 (PACKAGE-LICENSING) = eea2a2a4765c90d874c79bb72d754c8b26b58d5e5b3c3cee10c24754fbba6849fd91f7b28e380b5db9789a456f95fc94b3bd8fe8c160a98c8042f404479ecb68 SHA512 (PACKAGE-LICENSING) = eea2a2a4765c90d874c79bb72d754c8b26b58d5e5b3c3cee10c24754fbba6849fd91f7b28e380b5db9789a456f95fc94b3bd8fe8c160a98c8042f404479ecb68
SHA512 (ocserv-pamd.conf) = 3a75f19d89ddd164f3faa9c3579c7f675fc58413a194f43ec28eee7ebced6fee3f4ca305fe9b0ddf76ae39cd669e8d3d63b58afbbf19b84e4ca646ae7f42d61a SHA512 (ocserv-pamd.conf) = 3a75f19d89ddd164f3faa9c3579c7f675fc58413a194f43ec28eee7ebced6fee3f4ca305fe9b0ddf76ae39cd669e8d3d63b58afbbf19b84e4ca646ae7f42d61a
SHA512 (ocserv.service) = 264f3389d88aec1f7d2e4683a4dfc0aa67af2325154de822eecf5fb43f8c221aab0d9f0c6a8eedb893e6d69ed4d94c9397b01e5d0d12e88330017a3bfa5f3644 SHA512 (ocserv.service) = 264f3389d88aec1f7d2e4683a4dfc0aa67af2325154de822eecf5fb43f8c221aab0d9f0c6a8eedb893e6d69ed4d94c9397b01e5d0d12e88330017a3bfa5f3644
SHA512 (ocserv.conf) = 0a48d394dba183528c1e92df2a8b844a4d7d419244b1c08883f79c8b48843986e786ea4d48478ed4e8d57fd56626bf962dbcf6c76b5839ba5ab5fac8b089c44c SHA512 (ocserv.conf) = 5b68a3547c6c69bf7c2b322692d6382162a587c47edad97690223c36f30ed98d3869d1ce063c630740d91888a4d70aadd657ddc6052c10e6e26800fca2e9d0c0
SHA512 (gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg) = 3b1989dc6a64d1140f83a2af0773da2adb03c50d97b6da7357cf09525050651aafa21131f1e3180baa540a8af922119a256f5ff5bcd6602996a806e8e1816bad SHA512 (gpgkey-1F42418905D8206AA754CCDC29EE58B996865171.gpg) = 3b1989dc6a64d1140f83a2af0773da2adb03c50d97b6da7357cf09525050651aafa21131f1e3180baa540a8af922119a256f5ff5bcd6602996a806e8e1816bad
SHA512 (ocserv-0.11.11.tar.xz.sig) = 7a1521f94d48d7aafb66e6c544eb2e1c5a08d02441acc5f57876faaa984ad203f0395da37e602ad5539f54aa0ce1ff5da7389254028f6b811a9e01d6f86b1e84 SHA512 (ocserv-0.12.0.tar.xz.sig) = a746e72ba07bf7d28104385a70ba4c685389353368d02383eb385aece19ccc9d51a86226371338dbe1737046e403b17e351a04ffa2674ca594bf9e467438b534
SHA512 (ocserv-0.11.11.tar.xz) = 1750e4ddd221913f82379ed34cf63f2ce858d73cfda0bcf60670a32bf2e8574a39f267c77abab78d2cf9a563a816d975e1a07b85c5e2412bd6d009850c8c262d SHA512 (ocserv-0.12.0.tar.xz) = 73e39a6073761a42cff7637fdc0748d969dc6ddd80635633487aa2627ae7234af772194cf27fdded9f08637b26d7ca9017555242ccdb6ade03897f9d4ca4de8d

Write Preview
Loading…
Cancel
Save