diff --git a/net/ocserv/Makefile b/net/ocserv/Makefile index 4a30551757..2cbf69ef4f 100644 --- a/net/ocserv/Makefile +++ b/net/ocserv/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=ocserv -PKG_VERSION:=0.8.2 -PKG_RELEASE:=2 +PKG_VERSION:=0.8.4 +PKG_RELEASE:=1 PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION) PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL :=ftp://ftp.infradead.org/pub/ocserv/ -PKG_MD5SUM:=fd890e121445dfe8bb514da67c91c675 +PKG_MD5SUM:=3eb452fddebda887eaa5f6412dab634c PKG_LICENSE:=GPLv3 PKG_LICENSE_FILES:=COPYING diff --git a/net/ocserv/patches/0001-worker-call-sigprocmask-prior-to-entering-main-loop.patch b/net/ocserv/patches/0001-worker-call-sigprocmask-prior-to-entering-main-loop.patch deleted file mode 100644 index 783aa2b1df..0000000000 --- a/net/ocserv/patches/0001-worker-call-sigprocmask-prior-to-entering-main-loop.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 9be381859d7c9077ed652a82ec06ef01494d413d Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Fri, 8 Aug 2014 12:27:08 +0200 -Subject: [PATCH 01/10] worker: call sigprocmask() prior to entering main loop - ---- - src/worker-vpn.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/worker-vpn.c b/src/worker-vpn.c -index 1c30f14..55ab375 100644 ---- a/src/worker-vpn.c -+++ b/src/worker-vpn.c -@@ -1856,6 +1856,7 @@ static int connect_handler(worker_st * ws) - bandwidth_init(&ws->b_tx, ws->config->tx_per_sec); - - session_info_send(ws); -+ sigprocmask(SIG_BLOCK, &blockset, NULL); - - /* worker main loop */ - for (;;) { --- -2.0.0 - diff --git a/net/ocserv/patches/0002-worker-when-the-UDP-socket-is-updated-update-the-DTL.patch b/net/ocserv/patches/0002-worker-when-the-UDP-socket-is-updated-update-the-DTL.patch deleted file mode 100644 index 0c5ea02ce8..0000000000 --- a/net/ocserv/patches/0002-worker-when-the-UDP-socket-is-updated-update-the-DTL.patch +++ /dev/null @@ -1,26 +0,0 @@ -From c567a129f4dac88d1b3c4508484a2dffd78e1e5a Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Fri, 22 Aug 2014 11:57:15 +0200 -Subject: [PATCH 06/10] worker: when the UDP socket is updated, update the DTLS - session - ---- - src/worker-misc.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/src/worker-misc.c b/src/worker-misc.c -index 52be346..bde24d7 100644 ---- a/src/worker-misc.c -+++ b/src/worker-misc.c -@@ -139,6 +139,8 @@ int handle_worker_commands(struct worker_st *ws) - close(fd); - return 0; - } -+ if (ws->dtls_session != NULL) -+ gnutls_transport_set_ptr(ws->dtls_session, (gnutls_transport_ptr_t)(long)fd); - } else { /* received client hello */ - ws->udp_state = UP_SETUP; - } --- -2.0.0 - diff --git a/net/ocserv/patches/0003-after-fork-restore-the-default-signal-mask.patch b/net/ocserv/patches/0003-after-fork-restore-the-default-signal-mask.patch deleted file mode 100644 index c16228a4a6..0000000000 --- a/net/ocserv/patches/0003-after-fork-restore-the-default-signal-mask.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 817f757577ef78bcc19aecf73d6ecf1b11258c82 Mon Sep 17 00:00:00 2001 -From: Nikos Mavrogiannopoulos -Date: Fri, 22 Aug 2014 15:23:16 +0200 -Subject: [PATCH 07/10] after fork restore the default signal mask - ---- - src/main-user.c | 2 ++ - src/main.c | 5 +++-- - src/main.h | 1 + - 3 files changed, 6 insertions(+), 2 deletions(-) - -diff --git a/src/main-user.c b/src/main-user.c -index bc16e3a..9b57e00 100644 ---- a/src/main-user.c -+++ b/src/main-user.c -@@ -66,6 +66,8 @@ const char* script; - char local[64] = ""; - char remote[64] = ""; - -+ sigprocmask(SIG_SETMASK, &sig_default_set, NULL); -+ - snprintf(real, sizeof(real), "%u", (unsigned)proc->pid); - setenv("ID", real, 1); - -diff --git a/src/main.c b/src/main.c -index 8bb3061..a71bde6 100644 ---- a/src/main.c -+++ b/src/main.c -@@ -64,6 +64,7 @@ static unsigned int terminate = 0; - static unsigned int reload_conf = 0; - unsigned int need_maintenance = 0; - static unsigned int need_children_cleanup = 0; -+sigset_t sig_default_set; - - static void ms_sleep(unsigned ms) - { -@@ -974,7 +975,7 @@ int main(int argc, char** argv) - exit(1); - } - -- sigprocmask(SIG_BLOCK, &blockset, NULL); -+ sigprocmask(SIG_BLOCK, &blockset, &sig_default_set); - alarm(MAINTAINANCE_TIME(s)); - - for (;;) { -@@ -1061,6 +1062,7 @@ int main(int argc, char** argv) - /* close any open descriptors, and erase - * sensitive data before running the worker - */ -+ sigprocmask(SIG_SETMASK, &sig_default_set, NULL); - close(cmd_fd[0]); - clear_lists(s); - -@@ -1096,7 +1098,6 @@ int main(int argc, char** argv) - * sensitive data have to be overwritten anyway. */ - malloc_trim(0); - #endif -- sigprocmask(SIG_UNBLOCK, &blockset, NULL); - vpn_server(ws); - exit(0); - } else if (pid == -1) { -diff --git a/src/main.h b/src/main.h -index de3d00c..cf5a0b1 100644 ---- a/src/main.h -+++ b/src/main.h -@@ -39,6 +39,7 @@ - - #define COOKIE_KEY_SIZE 16 - -+extern sigset_t sig_default_set; - int cmd_parser (void *pool, int argc, char **argv, struct cfg_st** config); - void reload_cfg_file(void *pool, struct cfg_st* config); - void clear_cfg_file(struct cfg_st* config); --- -2.0.0 - diff --git a/net/ocserv/patches/0004-added-work-around-for-infinite-loop-if-the-UDP-descr.patch b/net/ocserv/patches/0004-added-work-around-for-infinite-loop-if-the-UDP-descr.patch deleted file mode 100644 index 33f03c650c..0000000000 --- a/net/ocserv/patches/0004-added-work-around-for-infinite-loop-if-the-UDP-descr.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff --git a/src/worker-vpn.c b/src/worker-vpn.c -index 55ab375..12cd3c8 100644 ---- a/src/worker-vpn.c -+++ b/src/worker-vpn.c -@@ -1071,9 +1071,20 @@ static int dtls_mainloop(worker_st * ws, struct timespec *tnow) - { - int ret, l; - -+#if GNUTLS_VERSION_NUMBER <= 0x030210 -+ /* work-around an infinite loop caused by gnutls_record_recv() -+ * always succeeding by counting every error as a discarded packet. -+ */ -+ ret = gnutls_record_get_discarded(ws->dtls_session); -+ if (ret > 1000) { -+ ws->udp_state = UP_DISABLED; -+ return 0; -+ } -+#endif - switch (ws->udp_state) { - case UP_ACTIVE: - case UP_INACTIVE: -+ - ret = - tls_recv_nb(ws->dtls_session, ws->buffer, ws->buffer_size); - oclog(ws, LOG_TRANSFER_DEBUG,