[ocserv/f20] new upstream release

Nikos Mavrogiannopoulos nmav at fedoraproject.org
Mon Jun 2 07:16:22 UTC 2014 

commit d704a085e168151b8dd6d9d34b154d9d387c1456
Author: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date:   Mon May 26 13:06:37 2014 +0200

    new upstream release

 .gitignore  |    2 ++
 ocserv.conf |   44 +++++++++++++++++++++++++++++++++++++++-----
 ocserv.spec |   10 ++++++++--
 sources     |    3 ++-
 4 files changed, 51 insertions(+), 8 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index ba9312a..26820b3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,5 @@
 /ocserv-0.3.3.tar.xz
 /ocserv-0.3.4.tar.xz
 /ocserv-0.3.5.tar.xz
+/ocserv-0.8.0pre0.tar.xz
+/ocserv-0.8.0pre0.tar.xz.sig
diff --git a/ocserv.conf b/ocserv.conf
index 0e638e5..b87ba46 100644
--- a/ocserv.conf
+++ b/ocserv.conf
@@ -5,6 +5,10 @@
 #auth = "plain[./sample.passwd]"
 auth = "pam"
 
+# The gid-min option is used by auto-select-group option, in order to
+# select the minimum group ID.
+#auth = "pam[gid-min=1000]"
+
 # The plain option requires specifying a password file which contains
 # entries of the following format.
 # "username:groupname:encoded-password"
@@ -128,7 +132,7 @@ auth-timeout = 40
 # Once a client is authenticated he's provided a cookie with
 # which he can reconnect. This option sets the maximum lifetime
 # of that cookie.
-cookie-validity = 86400
+cookie-validity = 10800
 
 # ReKey time (in seconds)
 # ocserv will ask the client to refresh keys periodically once
@@ -156,10 +160,13 @@ rekey-method = ssl
 # UTMP
 use-utmp = true
 
-# D-BUS usage. If disabled occtl tool cannot be used. If enabled
-# then ocserv must have access to register org.infradead.ocserv
-# D-BUS service. See doc/dbus/org.infradead.ocserv.conf
-use-dbus = true
+# Whether to enable support for the occtl tool (i.e., either through D-BUS,
+# or via a unix socket).
+use-occtl = true
+
+# socket file used for IPC with occtl. You only need to set that,
+# if you use more than a single servers.
+#occtl-socket-file = /var/run/occtl.socket
 
 # PID file. It can be overriden in the command line.
 #pid-file = /var/run/ocserv.pid
@@ -194,6 +201,10 @@ run-as-group = ocserv
 # The name of the tun device
 device = vpns
 
+# Whether the generated IPs will be predictable, i.e., IP stays the
+# same for the same user when possible.
+predictable-ips = true
+
 # The default domain to be advertised
 default-domain = example.com
 
@@ -258,6 +269,29 @@ route = 192.168.1.0/255.255.255.0
 #config-per-user = /etc/ocserv/config-per-user/
 #config-per-group = /etc/ocserv/config-per-group/
 
+# When config-per-xxx is specified and there is no group or user that
+# matches, then utilize the following configuration.
+
+#default-user-config = /etc/ocserv/defaults/user.conf
+#default-group-config = /etc/ocserv/defaults/group.conf
+
+# Groups that a client is allowed to select from.
+# A client may belong in multiple groups, and in certain use-cases
+# it is needed to switch between them. For these cases the client can
+# select prior to authentication. Add multiple entries for multiple groups.
+#select-group = group1
+#select-group = group2[My group 2]
+#select-group = tost[The tost group]
+
+# The name of the group that if selected it would allow to use
+# the assigned by default group.
+default-select-group = DEFAULT
+
+# Instead of specifying manually all the allowed groups, you may instruct
+# ocserv to scan all available groups and include the full list. That
+# option is only functional on plain authentication.
+auto-select-group = true
+
 # The system command to use to setup a route. %R will be replaced with the
 # route/mask and %D with the (tun) device.
 #
diff --git a/ocserv.spec b/ocserv.spec
index 79094fe..87a96ca 100644
--- a/ocserv.spec
+++ b/ocserv.spec
@@ -1,5 +1,5 @@
 Name:		ocserv
-Version:	0.3.5
+Version:	0.8.0pre0
 Release:	1%{?dist}
 Summary:	OpenConnect SSL VPN server
 
@@ -13,6 +13,7 @@ Source2:	ocserv.service
 Source3:	ocserv-pamd.conf
 Source4:	PACKAGE-LICENSING
 Source5:	org.infradead.ocserv.conf
+Source6:	ftp://ftp.infradead.org/pub/ocserv/%{name}-%{version}.tar.xz.sig
 
 # Taken from upstream:
 # http://git.infradead.org/ocserv.git/commitdiff/7d70006a2dbddf783213f1856374bacc74217e09
@@ -26,13 +27,15 @@ BuildRequires:	autogen-libopts-devel
 BuildRequires:	protobuf-c-devel
 BuildRequires:	libnl3-devel
 BuildRequires:	readline-devel
-BuildRequires:	dbus-devel
 BuildRequires:	autogen
 BuildRequires:	pcllib-devel
 BuildRequires:	http-parser-devel
 BuildRequires:	tcp_wrappers-devel
 BuildRequires:	automake, autoconf
 
+# we don't build with dbus support
+#BuildRequires:	dbus-devel
+
 Requires:		gnutls-utils
 Requires:		iproute
 Requires:		pam
@@ -158,6 +161,9 @@ rm -rf %{buildroot}
 %{_localstatedir}/lib/ocserv/profile.xml
 
 %changelog
+* Mon May 26 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.8.0pre0-1
+- New upstream release
+
 * Fri May 09 2014 Nikos Mavrogiannopoulos <nmav at redhat.com> - 0.3.5-1
 - New upstream release
 
diff --git a/sources b/sources
index f768ad7..d20aea7 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
-7ba8ebe4eba08b6e1c9dabbc78da16e5  ocserv-0.3.5.tar.xz
+de476b85be78be000f33c912a076657a  ocserv-0.8.0pre0.tar.xz
+0f2c49c121883cd189f28126d8ff718f  ocserv-0.8.0pre0.tar.xz.sig

More information about the scm-commits mailing list