ocserv: update to 0.9.0

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
2015-01-20 22:17:15 +01:00 · 2015-01-20 22:17:15 +01:00 · b83057ce9c
commit b83057ce9c
parent cabf81b35e
5 changed files with 19 additions and 17 deletions
--- a/net/ocserv/Makefile
+++ b/net/ocserv/Makefile
@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=ocserv
-PKG_VERSION:=0.8.9
+PKG_VERSION:=0.9.0
-PKG_RELEASE:=4
+PKG_RELEASE:=1
 PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL :=ftp://ftp.infradead.org/pub/ocserv/
-PKG_MD5SUM:=cd935cc89bffac75c825e66ef71f6a73
+PKG_MD5SUM:=50994bf7e40fd6bedda33bb2f99b1f11
 PKG_LICENSE:=GPLv2
 PKG_LICENSE_FILES:=COPYING
--- a/net/ocserv/README
+++ b/net/ocserv/README
@ -15,6 +15,7 @@ config ocserv 'config'
 	option auth 'plain'
 	option zone 'vpn'
 	option default_domain 'lan'
 	option compression '1'
 	option enable '1'
 config dns
--- a/net/ocserv/files/ocserv.conf.template
+++ b/net/ocserv/files/ocserv.conf.template
@ -43,6 +43,12 @@ max-same-clients = |MAX_SAME|
 tcp-port = |PORT|
 |UDP|udp-port = |PORT|
 # Stats report time. The number of seconds after which each
 # worker process will report its usage statistics (number of
 # bytes transferred etc). This is useful when accounting like
 # radius is in use.
 #stats-report-time = 360
 # Keepalive in seconds
 keepalive = 32400
@ -109,11 +115,14 @@ server-key = /etc/ocserv/server-key.pem
 # The revocation list of the certificates issued by the 'ca-cert' above.
 #crl = /etc/ocserv/crl.pem
 # Uncomment this to enable compression negotiation (LZS, LZ4).
 |COMPRESSION|compression = true
 # GnuTLS priority string
-tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT"
+tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
 # To enforce perfect forward secrecy (PFS) on the main channel.
-#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA"
+#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-RSA"
 # The time (in seconds) that a client is allowed to stay connected prior
 # to authentication
--- a/net/ocserv/files/ocserv.init
+++ b/net/ocserv/files/ocserv.init
@ -10,6 +10,7 @@ setup_config() {
 	config_get max_same     $1 max_same "2"
 	config_get dpd          $1 dpd "120"
 	config_get predictable_ips  $1 predictable_ips "1"
 	config_get compression  $1 compression "0"
 	config_get udp          $1 udp "1"
 	config_get auth         $1 auth "plain"
 	config_get cisco_compat $1 cisco_compat "1"
@ -20,11 +21,13 @@ setup_config() {
 	enable_default_domain="#"
 	enable_udp="#"
 	enable_compression="#"
 	test $predictable_ips = "0" && predictable_ips="false"
 	test $predictable_ips = "1" && predictable_ips="true"
 	test $cisco_compat = "0" && cisco_compat="false"
 	test $cisco_compat = "1" && cisco_compat="true"
 	test $udp = "1" && enable_udp=""
 	test $compression = "1" && enable_compression=""
 	test -z $default_domain && enable_default_domain=""
 	test -z $ip6addr && enable_ipv6="#"
@ -49,6 +52,7 @@ setup_config() {
 	    -e "s/|ENABLE_DEFAULT_DOMAIN|/$enable_default_domain/g" \
 	    -e "s/|CISCO_COMPAT|/$cisco_compat/g" \
 	    -e "s/|UDP|/$enable_udp/g" \
 	    -e "s/|COMPRESSION|/$enable_compression/g" \
 	    -e "s/|IPV4ADDR|/$ipaddr/g" \
 	    -e "s/|NETMASK|/$netmask/g" \
 	    -e "s/|IPV6ADDR|/$ipv6_addr/g" \
--- a/net/ocserv/patches/001-ocpasswd-sha2crypt.patch
+++ b/net/ocserv/patches/001-ocpasswd-sha2crypt.patch
@ -1,12 +0,0 @@
 diff -ur ocserv-0.8.9/src/ocpasswd.c ocserv-0.8.9.new/src/ocpasswd.c
 --- ocserv-0.8.9/src/ocpasswd.c	2014-11-29 19:49:38.000000000 +0100
 +++ ocserv-0.8.9.new/src/ocpasswd.c	2015-01-19 23:21:14.959144113 +0100
@@ -69,7 +69,7 @@
 		exit(1);
 	}
 -	strcpy(salt, "$5$");
 +	strcpy(salt, "$1$");
 	p = salt + 3;
 	for (i = 0; i < sizeof(_salt); i++) {