Overview Repositories Revisions Requests Users Attributes Meta

Revisions of ocserv

buildservice-autocommit accepted request 1154177 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 52) 
baserev update by copy to link target
buildservice-autocommit accepted request 1114117 from Michael Du's avatar Michael Du (stawidy) (revision 50) 
baserev update by copy to link target
Michael Du's avatar Michael Du (stawidy) accepted request 1113393 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 49) 
- Update to version 1.2.2
  * Fix session and accounting data tracking of ocserv. This
  reverts fix for #444 (#541)
  * No longer account ICMP and IGMP data for idle session detection
- Update URL
buildservice-autocommit accepted request 1108560 from Michael Du's avatar Michael Du (stawidy) (revision 48) 
baserev update by copy to link target
Michael Du's avatar Michael Du (stawidy) accepted request 1107938 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 47) 
- Update to version 1.2.1
  * Accept the Clavister OneConnect VPN Android client.
  * No longer require to set device name per vhost.
  * Account the correct number of points when proxyproto is in use
  * nuttcp tests were replaced with iperf3 that is available
    in more environments
  * occtl: fix duplicate key in `occtl --json show users` output
- Update to version 1.2.0
  * Add support for Cisco Enterprise phones to authenticate via
    the /svc endpoint and the 'cisco-svc-client-compat' config
    option.
  * Enhanced radius group support to enable radius servers send
    multiple group class attributes
    See doc/README-radius.md for more information.
  * Enhanced the seccomp filters to open files related to FIPS
    compliance on SuSe.
  * Added "Camouflage" functionality that makes ocserv look like a
    web server to unauthorized parties.
  * Avoid login failure when the end point of server URI
    contains a query string.
  * Make sure we print proper JSON with `occtl --debug --json`
  * Eliminated the need for using the gnulib portability library.
- Update to version 1.1.7
  * Emit a LOG_ERR error message with plain authentication fails
  * The bundled inih was updated to r56.
  * The bundled protobuf-c was updated to 1.4.1.
  * Enhanced the seccomp filters for ARMv7 compatibility and musl
    libc
  * HTTP headers always capitalised as in RFC 9110
buildservice-autocommit accepted request 1069915 from Alexandre Vicenzi's avatar Alexandre Vicenzi (avicenzi) (revision 46) 
baserev update by copy to link target
Alexandre Vicenzi's avatar Alexandre Vicenzi (avicenzi) accepted request 1059390 from Matthias Gerstner's avatar Matthias Gerstner (mgerstner) (revision 45) 
- add ocserv-forwarding.sh: replace the sysctl drop-in file which was wrongly
  installed into /etc by a more tailored mechanism. Enabling IP routing
  globally and permanently, just because the package is installed is quite
  invasive. This new script will be invoked before and after the ocserv
  service to switch on and off forwarding, if necessary (bsc#1174722).
buildservice-autocommit accepted request 995042 from Michael Du's avatar Michael Du (stawidy) (revision 44) 
baserev update by copy to link target
Michael Du's avatar Michael Du (stawidy) accepted request 995041 from Michael Du's avatar Michael Du (stawidy) (revision 43) 
- Update to version 1.1.6
  * Fixed compatibility with clients on Windows ARM64.
  * Added futex() to the accepted list of seccomp. 
    It is required by Fedora 36’s libc.
  * Work around change of returned error code in GnuTLS 3.7.3 
    for gnutls_privkey_import_x509_raw().
- Changes in version 1.1.5
  * Fixed manpage output.
- Changes in version 1.1.4
  * Added newfstatat() and epoll_pwait() to the accepted list of 
    seccomp calls. This improves compatibility with certain libcs 
    and aarch64.
  * Do not allow assigning the same IPv6 as tun device address and 
    to the client. This allows using /127 as prefix (#430).
buildservice-autocommit accepted request 986990 from Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) (revision 42) 
baserev update by copy to link target
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 983859 from Dominique Leuenberger's avatar Dominique Leuenberger (dimstar) (revision 41) 
- explicitly buildignore libevent-devel, which is pulled in by
  ubound. We use libev here and can get away with this.
buildservice-autocommit accepted request 901365 from Michael Du's avatar Michael Du (stawidy) (revision 40) 
baserev update by copy to link target
Michael Du's avatar Michael Du (stawidy) accepted request 897666 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 39) 
- Update to version 1.1.3
  * No longer close stdin and stdout on worker processes as they
    are already closed in main process.
  * Advertise X-CSTP-Session-Timeout.
  * No longer recommend building with system's libpcl but rather
    the bundled as it is not a very common shared library.
  * Corrected busyloop on failed DTLS handshakes.
  * Emit OWASP best practice headers for HTTP.
buildservice-autocommit accepted request 894668 from Ferdinand Thiessen's avatar Ferdinand Thiessen (susnux) (revision 38) 
baserev update by copy to link target
Michael Du's avatar Michael Du (stawidy) accepted request 853618 from Martin Hauke's avatar Martin Hauke (mnhauke) (revision 37) 
- Update to version 1.1.2
  * Allow setup of new DTLS session concurrent with old session.
  * Fixed an infinite loop on sec-mod crash when server-drain-ms
    is set.
  * Don't apply BanIP checks to clients on the same subnet.
  * Don't attempt TLS if the client closes the connection with
    zero data sent.
  * Increased the maximum configuration line; this allows banner
    messages longer than 200 characters.
  * Removed the listen-clear-file config option. This option was
    incompatible with several clients, and thus is unusable for a
    generic server.

- Update to version 1.1.1:
  * Improved rate-limit-ms and made it dependent on secmod backlog.
    This makes the server more resilient (and prevents connection
    failures) on multiple concurrent connections
  - Added namespace support for listen address by introducing the
    listen-netns option.
  - Disable TLS1.3 when cisco client compatibility is enabled. New
    anyconnect clients seem to supporting TLS1.3 but are unable to
     handle a client with an RSA key.
  - Enable a race free user disconnection via occtl.
  - Added the config option of a pre-login-banner.
  - Ocserv siwtched to using multiple ocserv-sm processes to
    improve scale, with the number of ocserv-sm process dependent
    on maximum clients and number of CPUs. Configuration option
    sec-mod-scale can be used to override the heuristics.
  - Fixed issue with group selection on radius servers sending
    multiple group class attribute.
buildservice-autocommit accepted request 829969 from Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) (revision 36) 
baserev update by copy to link target
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 827856 from Callum Farmer's avatar Callum Farmer (gmbr3) (revision 35) 
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
buildservice-autocommit accepted request 818952 from Michael Du's avatar Michael Du (stawidy) (revision 34) 
baserev update by copy to link target
buildservice-autocommit accepted request 818571 from Factory Maintainer's avatar Factory Maintainer (factory-maintainer) (revision 33) 
baserev update by copy to link target
Displaying revisions 1 - 20 of 52
openSUSE Build Service is sponsored by
Places