20:30 Juraj Lutter (otis) 

net/ocserv: Update to 1.2.3

Release notes: https://gitlab.com/openconnect/ocserv/-/releases/1.2.3

    7f0a801

13:08 Juraj Lutter (otis) 

net/ocserv: Update to 1.2.0

- Update to 1.2.0
- Adjust dependencies
- Make DTLS work
- Regen patches

Co-authored-by:	Eugene Mitrofanov <emitrofanov@gmail.com>

    944e00e

08:36 pi 

net/ocserv: update 1.0.1 -> 1.1.1

- Fixed compatibility with OpenBSD that lacks procfs
- Improved rate-limit-ms and made it dependent on secmod backlog. This makes
  the server more resilient (and prevents connection failures) on multiple
  concurrent connections
- Added namespace support for listen address by introducing the listen-netns
  option
- Disable TLS1.3 when cisco client compatibility is enabled. New anyconnect
  clients seem to supporting TLS1.3 but are unable to handle a
  client with an RSA key
- Enable a race free user disconnection via occtl
- Added the config option of a pre-login-banner
- Ocserv siwtched to using multiple ocserv-sm processes to improve scale,
  with the number of ocserv-sm process dependent on maximum clients
  and number of CPUs. Configuration option sec-mod-scale can be
  used to override the heuristics.
- Fixed issue with group selection on radius servers sending multiple group
  class attribute.

PR:		250225
Submitted by:	Juraj Lutter <juraj@lutter.sk>
Relnotes:	https://gitlab.com/openconnect/ocserv/-/releases/1.1.1

 

14:38 mandree 

net/ocserv: Update to 1.0.1

Changelog:
https://gitlab.com/openconnect/ocserv/-/blob/1.0.1/NEWS#L1

This commit makes the following additional changes from Juraj's
submission:

- fix LIB_DEPENDS to libpc.so:devel/pcl (not devel/libpcl)
- replace LOCALBASE by PREFIX throughout, as these are internal references
- remove the src/config.c patch, it makes no sense to first
  statically patch and then run REINPLACE_CMD for DEFAULT_CFG_FILE
- remove doc/sample.config from another REINPLACE_CMD
- remove @ - it makes no sense to hide running commands
- patch example configuration to avoid isolate-workers = true, which
  currently only works on Linux's seccomp.
- in the same vein, put up a warning pkg-message that there is no worker
  process isolation
- install the @sample file as ocserv.conf.sample, not conf.sample,
  so it matches the default configuration file path

Things that could be done but are not:
- rcfile option to configure a separate config file

PR:		245521
Submitted by:	Juraj Lutter <juraj@lutter.sk>
Approved by:	cpm@ (maintainer timeout, 15 d)

 

16:14 pkubaj 

net/ocserv: fix build with base GCC

-Wno-implicit-fallthrough is not supported by GCC 4.2

PR:		237558
Approved by:	tcberner (mentor), cpm (maintainer)
Differential Revision:	https://reviews.freebsd.org/D20075

 

18:23 cpm 

net/ocserv: update to 0.12.1

Changelog: https://gitlab.com/ocserv/ocserv/blob/master/NEWS

Tested by:	Jov <amutu@amutu.com>

 

18:38 cpm 

net/ocserv: update to 0.11.7

- Update PORTVERSION and distinfo checksum (0.11.7)
- Regenerate some patches to apply cleanly
- Remove MAKE_JOBS_UNSAFE=yes

Changelog:
http://lists.infradead.org/pipermail/openconnect-devel/2017-February/004204.html

 

19:24 tijl 

Let USES=localbase add -L${LOCALBASE}/lib to LIBS instead of LDFLAGS.
USES=localbase:ldflags can be used to set LDFLAGS.  Normally LDFLAGS
appears too early on the command line causing some ports to link with
their own libraries in LOCALBASE (if installed) instead of WRKSRC.

Also make use of _USES_POST so -L${LOCALBASE}/lib is added as late as
possible after anything a port Makefile might set.  Use _USES_POST
instead of .include in libedit.mk and libarchive.mk so things like
'USES=libedit localbase:ldflags' work correctly.

Fix some issues with LIBS in some ports.

Switch ports that don't support LIBS to localbase:ldflags.

PR:		212987
Exp-run by:	antoine
Approved by:	portmgr (antoine)

 

20:24 pi 

net/ocserv: 0.10.7 -> 0.10.8

- Update to 0.10.8 release
- Add libtasn1 dependency
- Fix patches

PR:		202936
Submitted by:	Carlos J Puga Medina <cpm@fbsd.es> (maintainer)

 

21:48 pi 

New port: net/ocserv: server implementing the AnyConnect SSL VPN protocol

OpenConnect server (ocserv) is an SSL VPN server. Its purpose is
to be a secure, small, fast and configurable VPN server. It implements
the OpenConnect SSL VPN protocol, and has also (currently experimental)
compatibility with clients using the AnyConnect SSL VPN protocol.
The OpenConnect protocol provides a dual TCP/UDP VPN channel, and
uses the standard IETF security protocols to secure it. Both IPv4
and IPv6 are supported.

Ocserv's main features are security through provilege separation
and sandboxing, accounting, and resilience due to a combined use
of TCP and UDP.  Authentication occurs in an isolated security
module process, and each user is assigned an unprivileged worker
process, and a networking (tun) device. That not only eases the

(Only the first 15 lines of the commit message are shown above )