Changelog for
ocserv-debugsource-1.2.2-2.1.i586.rpm :
* Mon Feb 26 2024 Dominique Leuenberger
- Use %autosetup macro. Allows to eliminate the usage of deprecated PatchN.
* Mon Sep 25 2023 Martin Hauke - Update to version 1.2.2
* Fix session and accounting data tracking of ocserv. This reverts fix for #444 (#541)
* No longer account ICMP and IGMP data for idle session detection- Update URL
* Tue Aug 29 2023 Martin Hauke - Update to version 1.2.1
* Accept the Clavister OneConnect VPN Android client.
* No longer require to set device name per vhost.
* Account the correct number of points when proxyproto is in use
* nuttcp tests were replaced with iperf3 that is available in more environments
* occtl: fix duplicate key in `occtl --json show users` output- Update to version 1.2.0
* Add support for Cisco Enterprise phones to authenticate via the /svc endpoint and the \'cisco-svc-client-compat\' config option.
* Enhanced radius group support to enable radius servers send multiple group class attributes See doc/README-radius.md for more information.
* Enhanced the seccomp filters to open files related to FIPS compliance on SuSe.
* Added \"Camouflage\" functionality that makes ocserv look like a web server to unauthorized parties.
* Avoid login failure when the end point of server URI contains a query string.
* Make sure we print proper JSON with `occtl --debug --json`
* Eliminated the need for using the gnulib portability library.- Update to version 1.1.7
* Emit a LOG_ERR error message with plain authentication fails
* The bundled inih was updated to r56.
* The bundled protobuf-c was updated to 1.4.1.
* Enhanced the seccomp filters for ARMv7 compatibility and musl libc
* HTTP headers always capitalised as in RFC 9110
* Wed Jan 18 2023 Matthias Gerstner - add ocserv-forwarding.sh: replace the sysctl drop-in file which was wrongly installed into /etc by a more tailored mechanism. Enabling IP routing globally and permanently, just because the package is installed is quite invasive. This new script will be invoked before and after the ocserv service to switch on and off forwarding, if necessary (bsc#1174722).
* Sun Aug 14 2022 Michael Du - Update to version 1.1.6
* Fixed compatibility with clients on Windows ARM64.
* Added futex() to the accepted list of seccomp. It is required by Fedora 36’s libc.
* Work around change of returned error code in GnuTLS 3.7.3 for gnutls_privkey_import_x509_raw().- Changes in version 1.1.5
* Fixed manpage output.- Changes in version 1.1.4
* Added newfstatat() and epoll_pwait() to the accepted list of seccomp calls. This improves compatibility with certain libcs and aarch64.
* Do not allow assigning the same IPv6 as tun device address and to the client. This allows using /127 as prefix (#430).
* Mon Jun 20 2022 Dominique Leuenberger - explicitly buildignore libevent-devel, which is pulled in by ubound. We use libev here and can get away with this.
* Sat Jun 05 2021 Martin Hauke - Update to version 1.1.3
* No longer close stdin and stdout on worker processes as they are already closed in main process.
* Advertise X-CSTP-Session-Timeout.
* No longer recommend building with system\'s libpcl but rather the bundled as it is not a very common shared library.
* Corrected busyloop on failed DTLS handshakes.
* Emit OWASP best practice headers for HTTP.
* Mon Dec 07 2020 Martin Hauke - Update to version 1.1.2
* Allow setup of new DTLS session concurrent with old session.
* Fixed an infinite loop on sec-mod crash when server-drain-ms is set.
* Don\'t apply BanIP checks to clients on the same subnet.
* Don\'t attempt TLS if the client closes the connection with zero data sent.
* Increased the maximum configuration line; this allows banner messages longer than 200 characters.
* Removed the listen-clear-file config option. This option was incompatible with several clients, and thus is unusable for a generic server.
* Mon Sep 21 2020 Martin Hauke - Update to version 1.1.1:
* Improved rate-limit-ms and made it dependent on secmod backlog. This makes the server more resilient (and prevents connection failures) on multiple concurrent connections - Added namespace support for listen address by introducing the listen-netns option. - Disable TLS1.3 when cisco client compatibility is enabled. New anyconnect clients seem to supporting TLS1.3 but are unable to handle a client with an RSA key. - Enable a race free user disconnection via occtl. - Added the config option of a pre-login-banner. - Ocserv siwtched to using multiple ocserv-sm processes to improve scale, with the number of ocserv-sm process dependent on maximum clients and number of CPUs. Configuration option sec-mod-scale can be used to override the heuristics. - Fixed issue with group selection on radius servers sending multiple group class attribute.- Update patch:
* ocserv-enable-systemd.patch
* ocserv.config.patch
* Wed Aug 19 2020 Callum Farmer - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)