Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ocserv-1.3.0-2.1 RPM for s390x

From OpenSuSE Ports Tumbleweed for s390x

Name: ocserv Distribution: openSUSE:Factory:zSystems
Version: 1.3.0 Vendor: openSUSE
Release: 2.1 Build date: Fri Aug 23 17:09:09 2024
Group: Productivity/Networking/Security Build host: reproducible
Size: 819629 Source RPM: ocserv-1.3.0-2.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://ocserv.gitlab.io/www/
Summary: OpenConnect VPN Server
OpenConnect server (ocserv) is an SSL VPN server. Its purpose is to
be a secure, small, fast and configurable VPN server. It implements
the OpenConnect SSL VPN protocol, and has also (currently experimental)
compatibility with clients using the AnyConnect SSL VPN protocol.
The OpenConnect protocol provides a dual TCP/UDP VPN channel, and
uses the standard IETF security protocols to secure it. The server
is implemented primarily for the GNU/Linux platform but its code
is designed to be portable to other UNIX variants as well.

Ocserv's main features are security through privilege separation
and sandboxing, accounting, and resilience due to a combined use
of TCP and UDP. Authentication occurs in an isolated security
module process, and each user is assigned an unprivileged worker
process, and a networking (tun) device. That not only eases the
control of the resources of each user or group of users, but also
prevents data leak (e.g., heartbleed-style attacks), and privilege
escalation due to any bug on the VPN handling (worker) process.
A management interface allows for viewing and querying logged-in users.

Provides

Requires

License

GPL-2.0-only

Changelog

* Fri Aug 23 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - BuildRequire /usr/bin/ronn instead of rubygem(ronn): there are
    alternatives around and the build does not care wich one is used.
* Wed May 15 2024 Андрей Кувшинов <m407@mail.ru>
  - Update to version 1.3.0
    * Switch to https://github.com/nodejs/llhttp from http-parser.
      http-parser was a liability as an unmaintained project (#598)
    * Bump the number of groups per account from 128 to 512 (#219)
    * Allow connecting users to select an authgroup by appending the
      group name to the URL, as in https://vpn.example.com/groupname;
      this introduces the select-group-by-url config option (#597).
    * Informational messages due to configuration loading are not printed
      during worker initialization.
  - Update to version 1.2.4
    * Get connection speed limits (traffic shaping) from RADIUS (#554)
    * Fix logging to stderr: add missing newline.
    * Fixed compatibility with AnyConnect clients on Linux (#544)
    * Detect the new AnyConnect-compatible identifier of OpenConnect clients
    * occtl: Print bit rates as kb/s.
  - Update to version 1.2.3
    * Treat unknown clients as capable of IPv6 routes and DNS servers
    * Introduced new ocserv options --log-stderr and --syslog that redirect
      logging to stderr or syslog explicitly. The stderr option allows for better
      integration with logging on containers or under systemd. The default remains
      syslog.
    * Warn when more than 2 DNS server IPv6 addresses are sent by Radius.
    * Improved server shutdown (#563)
    * Modified Camouflage functionality to allow AnyConnect clients (#544)
    * ocserv-fw: Move under libexec.
    * ocserv-fw: Fixed clean_all_rules logic on multiple similar devices (!384)
    * occtl: added machine-readable raw_connected_at field for user stats
* Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org>
  - Use %autosetup macro. Allows to eliminate the usage of deprecated
    PatchN.
* Mon Sep 25 2023 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.2.2
    * Fix session and accounting data tracking of ocserv. This
    reverts fix for #444 (#541)
    * No longer account ICMP and IGMP data for idle session detection
  - Update URL
* Tue Aug 29 2023 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.2.1
    * Accept the Clavister OneConnect VPN Android client.
    * No longer require to set device name per vhost.
    * Account the correct number of points when proxyproto is in use
    * nuttcp tests were replaced with iperf3 that is available
      in more environments
    * occtl: fix duplicate key in `occtl --json show users` output
  - Update to version 1.2.0
    * Add support for Cisco Enterprise phones to authenticate via
      the /svc endpoint and the 'cisco-svc-client-compat' config
      option.
    * Enhanced radius group support to enable radius servers send
      multiple group class attributes
      See doc/README-radius.md for more information.
    * Enhanced the seccomp filters to open files related to FIPS
      compliance on SuSe.
    * Added "Camouflage" functionality that makes ocserv look like a
      web server to unauthorized parties.
    * Avoid login failure when the end point of server URI
      contains a query string.
    * Make sure we print proper JSON with `occtl --debug --json`
    * Eliminated the need for using the gnulib portability library.
  - Update to version 1.1.7
    * Emit a LOG_ERR error message with plain authentication fails
    * The bundled inih was updated to r56.
    * The bundled protobuf-c was updated to 1.4.1.
    * Enhanced the seccomp filters for ARMv7 compatibility and musl
      libc
    * HTTP headers always capitalised as in RFC 9110
* Wed Jan 18 2023 Matthias Gerstner <matthias.gerstner@suse.com>
  - add ocserv-forwarding.sh: replace the sysctl drop-in file which was wrongly
    installed into /etc by a more tailored mechanism. Enabling IP routing
    globally and permanently, just because the package is installed is quite
    invasive. This new script will be invoked before and after the ocserv
    service to switch on and off forwarding, if necessary (bsc#1174722).
* Sun Aug 14 2022 Michael Du <duyizhaozj321@yahoo.com>
  - Update to version 1.1.6
    * Fixed compatibility with clients on Windows ARM64.
    * Added futex() to the accepted list of seccomp.
      It is required by Fedora 36’s libc.
    * Work around change of returned error code in GnuTLS 3.7.3
      for gnutls_privkey_import_x509_raw().
  - Changes in version 1.1.5
    * Fixed manpage output.
  - Changes in version 1.1.4
    * Added newfstatat() and epoll_pwait() to the accepted list of
      seccomp calls. This improves compatibility with certain libcs
      and aarch64.
    * Do not allow assigning the same IPv6 as tun device address and
      to the client. This allows using /127 as prefix (#430).
* Mon Jun 20 2022 Dominique Leuenberger <dimstar@opensuse.org>
  - explicitly buildignore libevent-devel, which is pulled in by
    ubound. We use libev here and can get away with this.
* Sat Jun 05 2021 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.1.3
    * No longer close stdin and stdout on worker processes as they
      are already closed in main process.
    * Advertise X-CSTP-Session-Timeout.
    * No longer recommend building with system's libpcl but rather
      the bundled as it is not a very common shared library.
    * Corrected busyloop on failed DTLS handshakes.
    * Emit OWASP best practice headers for HTTP.
* Mon Dec 07 2020 Martin Hauke <mardnh@gmx.de>
  - Update to version 1.1.2
    * Allow setup of new DTLS session concurrent with old session.
    * Fixed an infinite loop on sec-mod crash when server-drain-ms
      is set.
    * Don't apply BanIP checks to clients on the same subnet.
    * Don't attempt TLS if the client closes the connection with
      zero data sent.
    * Increased the maximum configuration line; this allows banner
      messages longer than 200 characters.
    * Removed the listen-clear-file config option. This option was
      incompatible with several clients, and thus is unusable for a
      generic server.

Files

/etc/ocserv
/etc/ocserv/README.SUSE
/etc/ocserv/certificates
/etc/ocserv/certificates/ca.tmpl
/etc/ocserv/certificates/server.tmpl
/etc/ocserv/certificates/user.tmpl
/etc/ocserv/ocpasswd
/etc/ocserv/ocserv.conf
/usr/bin/occtl
/usr/bin/ocpasswd
/usr/bin/ocserv-script
/usr/lib/firewalld
/usr/lib/firewalld/services
/usr/lib/firewalld/services/ocserv.xml
/usr/lib/systemd/system/ocserv.service
/usr/lib/systemd/system/ocserv.socket
/usr/libexec/ocserv-fw
/usr/sbin/ocserv
/usr/sbin/ocserv-forwarding
/usr/sbin/ocserv-worker
/usr/share/doc/packages/ocserv
/usr/share/doc/packages/ocserv/AUTHORS
/usr/share/doc/packages/ocserv/NEWS
/usr/share/doc/packages/ocserv/README.md
/usr/share/licenses/ocserv
/usr/share/licenses/ocserv/COPYING
/usr/share/man/man8/occtl.8.gz
/usr/share/man/man8/ocpasswd.8.gz
/usr/share/man/man8/ocserv.8.gz


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Nov 7 00:51:36 2024