updated to 0.9.1

.gitignore

@@ -24,3 +24,5 @@
 /ocserv-0.8.9.tar.xz
 /ocserv-0.9.0.tar.xz
 /ocserv-0.9.0.tar.xz.sig
+/ocserv-0.9.1.tar.xz.sig
+/ocserv-0.9.1.tar.xz

ocserv.conf

@@ -1,16 +1,11 @@
 # User authentication method. Could be set multiple times and in 
 # that case all should succeed. To enable multiple methods use
-# multiple auth directives. Available options: certificate, certificate[optional],
+# multiple auth directives. Available options: certificate,
 # plain, pam, radius[configfile,groupconfig]. 
 
 # certificate:
 #  This indicates that all connecting users must present a certificate.
 #
-# certificate[optional]:
-#  This indicates that a user may present a certificate. When that option
-# is set, individual users or user groups can be forced to present a valid
-# certificate by adding "require-cert=true" in the per-user configuration file.
-#
 # pam[gid-min=1000]:
 #  The gid-min option is used by auto-select-group option, in order to
 # select the minimum valid group ID.
@@ -31,7 +26,6 @@
 # Framed-IP-Address, Framed-IP-Netmask, MS-Primary-DNS-Server, MS-Secondary-DNS-Server
 
 #auth = "certificate"
-#auth = "certificate[optional]"
 auth = "pam"
 #auth = "pam[gid-min=1000]"
 #auth = "plain[/etc/ocserv/ocpasswd]"
@@ -293,13 +287,20 @@ predictable-ips = true
 # The default domain to be advertised
 default-domain = example.com
 
-# The pool of addresses that leases will be given from.
+# The pool of addresses that leases will be given from. If the leases
+# are given via Radius, or via explicit-ip? per-user config option then 
+# these network values should contain a network with at least a single
+# address that will remain under the full control of ocserv (that is
+# to be able to assign the local part of the tun device address).
 #ipv4-network = 192.168.1.0
 #ipv4-netmask = 255.255.255.0
 
 # An alternative way of specifying the network:
 #ipv4-network = 192.168.1.0/24
 
+# The IPv6 subnet that leases will be given from.
+#ipv6-network = fda9:4efe:7e3b:03ea::/64
+
 # The advertized DNS server. Use multiple lines for
 # multiple servers.
 # dns = fc00::4be0
@@ -308,9 +309,6 @@ default-domain = example.com
 # The NBNS server (if any)
 #nbns = 192.168.1.3
 
-# The IPv6 subnet that leases will be given from.
-#ipv6-network = fda9:4efe:7e3b:03ea::/64
-
 # The domains over which the provided DNS should be used. Use
 # multiple lines for multiple domains.
 #split-dns = example.com
@@ -384,11 +382,6 @@ ping-leases = false
 #default-user-config = /etc/ocserv/defaults/user.conf
 #default-group-config = /etc/ocserv/defaults/group.conf
 
-# This option is only valid in a user/group configuration file. If the
-# auth mode is certificate[optional], it requires a certificate for this
-# particular user or group.
-#require-cert = true
-
 # The system command to use to setup a route. %{R} will be replaced with the
 # route/mask and %{D} with the (tun) device.
 #

ocserv.spec

@@ -1,8 +1,8 @@
 %global _hardened_build 1
 
 Name:		ocserv
-Version:	0.9.0
+Version:	0.9.1
-Release:	2%{?dist}
+Release:	1%{?dist}
 Summary:	OpenConnect SSL VPN server
 
 # For a breakdown of the licensing, see PACKAGE-LICENSING 
@@ -33,7 +33,7 @@ BuildRequires:	libnl3-devel
 BuildRequires:	readline-devel
 BuildRequires:	autogen
 BuildRequires:	gperf
-%ifarch x86_64 #%{ix86}
+%ifarch x86_64 %{ix86}
 BuildRequires:	libseccomp-devel
 %endif
 BuildRequires:	pcllib-devel
@@ -152,6 +152,9 @@ rm -rf %{buildroot}
 %{_localstatedir}/lib/ocserv/profile.xml
 
 %changelog
+* Mon Feb 16 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9.1-1
+- new upstream release
+
 * Thu Jan 29 2015 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.9.0-2
 - only enable seccomp in x86-64. It seems to be broken in x86:
   http://sourceforge.net/p/libseccomp/mailman/message/33275762/

sources

@@ -1,2 +1,2 @@
-50994bf7e40fd6bedda33bb2f99b1f11  ocserv-0.9.0.tar.xz
+c7e0d60139372b9fbb866cd271ded8c4  ocserv-0.9.1.tar.xz.sig
-62942bdda7e101c0049622c68fd13dd4  ocserv-0.9.0.tar.xz.sig
+5dee08e1386258a32a73caf2cb47749c  ocserv-0.9.1.tar.xz