ocserv: updated to 0.8.4
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
This commit is contained in:
parent
fe1862d395
commit
b90c261d34
|
@ -8,13 +8,13 @@
|
||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=ocserv
|
PKG_NAME:=ocserv
|
||||||
PKG_VERSION:=0.8.2
|
PKG_VERSION:=0.8.4
|
||||||
PKG_RELEASE:=2
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
|
||||||
PKG_SOURCE_URL :=ftp://ftp.infradead.org/pub/ocserv/
|
PKG_SOURCE_URL :=ftp://ftp.infradead.org/pub/ocserv/
|
||||||
PKG_MD5SUM:=fd890e121445dfe8bb514da67c91c675
|
PKG_MD5SUM:=3eb452fddebda887eaa5f6412dab634c
|
||||||
|
|
||||||
PKG_LICENSE:=GPLv3
|
PKG_LICENSE:=GPLv3
|
||||||
PKG_LICENSE_FILES:=COPYING
|
PKG_LICENSE_FILES:=COPYING
|
||||||
|
|
|
@ -1,24 +0,0 @@
|
||||||
From 9be381859d7c9077ed652a82ec06ef01494d413d Mon Sep 17 00:00:00 2001
|
|
||||||
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
||||||
Date: Fri, 8 Aug 2014 12:27:08 +0200
|
|
||||||
Subject: [PATCH 01/10] worker: call sigprocmask() prior to entering main loop
|
|
||||||
|
|
||||||
---
|
|
||||||
src/worker-vpn.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/src/worker-vpn.c b/src/worker-vpn.c
|
|
||||||
index 1c30f14..55ab375 100644
|
|
||||||
--- a/src/worker-vpn.c
|
|
||||||
+++ b/src/worker-vpn.c
|
|
||||||
@@ -1856,6 +1856,7 @@ static int connect_handler(worker_st * ws)
|
|
||||||
bandwidth_init(&ws->b_tx, ws->config->tx_per_sec);
|
|
||||||
|
|
||||||
session_info_send(ws);
|
|
||||||
+ sigprocmask(SIG_BLOCK, &blockset, NULL);
|
|
||||||
|
|
||||||
/* worker main loop */
|
|
||||||
for (;;) {
|
|
||||||
--
|
|
||||||
2.0.0
|
|
||||||
|
|
|
@ -1,26 +0,0 @@
|
||||||
From c567a129f4dac88d1b3c4508484a2dffd78e1e5a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
||||||
Date: Fri, 22 Aug 2014 11:57:15 +0200
|
|
||||||
Subject: [PATCH 06/10] worker: when the UDP socket is updated, update the DTLS
|
|
||||||
session
|
|
||||||
|
|
||||||
---
|
|
||||||
src/worker-misc.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/worker-misc.c b/src/worker-misc.c
|
|
||||||
index 52be346..bde24d7 100644
|
|
||||||
--- a/src/worker-misc.c
|
|
||||||
+++ b/src/worker-misc.c
|
|
||||||
@@ -139,6 +139,8 @@ int handle_worker_commands(struct worker_st *ws)
|
|
||||||
close(fd);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
+ if (ws->dtls_session != NULL)
|
|
||||||
+ gnutls_transport_set_ptr(ws->dtls_session, (gnutls_transport_ptr_t)(long)fd);
|
|
||||||
} else { /* received client hello */
|
|
||||||
ws->udp_state = UP_SETUP;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.0.0
|
|
||||||
|
|
|
@ -1,76 +0,0 @@
|
||||||
From 817f757577ef78bcc19aecf73d6ecf1b11258c82 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
||||||
Date: Fri, 22 Aug 2014 15:23:16 +0200
|
|
||||||
Subject: [PATCH 07/10] after fork restore the default signal mask
|
|
||||||
|
|
||||||
---
|
|
||||||
src/main-user.c | 2 ++
|
|
||||||
src/main.c | 5 +++--
|
|
||||||
src/main.h | 1 +
|
|
||||||
3 files changed, 6 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/main-user.c b/src/main-user.c
|
|
||||||
index bc16e3a..9b57e00 100644
|
|
||||||
--- a/src/main-user.c
|
|
||||||
+++ b/src/main-user.c
|
|
||||||
@@ -66,6 +66,8 @@ const char* script;
|
|
||||||
char local[64] = "";
|
|
||||||
char remote[64] = "";
|
|
||||||
|
|
||||||
+ sigprocmask(SIG_SETMASK, &sig_default_set, NULL);
|
|
||||||
+
|
|
||||||
snprintf(real, sizeof(real), "%u", (unsigned)proc->pid);
|
|
||||||
setenv("ID", real, 1);
|
|
||||||
|
|
||||||
diff --git a/src/main.c b/src/main.c
|
|
||||||
index 8bb3061..a71bde6 100644
|
|
||||||
--- a/src/main.c
|
|
||||||
+++ b/src/main.c
|
|
||||||
@@ -64,6 +64,7 @@ static unsigned int terminate = 0;
|
|
||||||
static unsigned int reload_conf = 0;
|
|
||||||
unsigned int need_maintenance = 0;
|
|
||||||
static unsigned int need_children_cleanup = 0;
|
|
||||||
+sigset_t sig_default_set;
|
|
||||||
|
|
||||||
static void ms_sleep(unsigned ms)
|
|
||||||
{
|
|
||||||
@@ -974,7 +975,7 @@ int main(int argc, char** argv)
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
|
|
||||||
- sigprocmask(SIG_BLOCK, &blockset, NULL);
|
|
||||||
+ sigprocmask(SIG_BLOCK, &blockset, &sig_default_set);
|
|
||||||
alarm(MAINTAINANCE_TIME(s));
|
|
||||||
|
|
||||||
for (;;) {
|
|
||||||
@@ -1061,6 +1062,7 @@ int main(int argc, char** argv)
|
|
||||||
/* close any open descriptors, and erase
|
|
||||||
* sensitive data before running the worker
|
|
||||||
*/
|
|
||||||
+ sigprocmask(SIG_SETMASK, &sig_default_set, NULL);
|
|
||||||
close(cmd_fd[0]);
|
|
||||||
clear_lists(s);
|
|
||||||
|
|
||||||
@@ -1096,7 +1098,6 @@ int main(int argc, char** argv)
|
|
||||||
* sensitive data have to be overwritten anyway. */
|
|
||||||
malloc_trim(0);
|
|
||||||
#endif
|
|
||||||
- sigprocmask(SIG_UNBLOCK, &blockset, NULL);
|
|
||||||
vpn_server(ws);
|
|
||||||
exit(0);
|
|
||||||
} else if (pid == -1) {
|
|
||||||
diff --git a/src/main.h b/src/main.h
|
|
||||||
index de3d00c..cf5a0b1 100644
|
|
||||||
--- a/src/main.h
|
|
||||||
+++ b/src/main.h
|
|
||||||
@@ -39,6 +39,7 @@
|
|
||||||
|
|
||||||
#define COOKIE_KEY_SIZE 16
|
|
||||||
|
|
||||||
+extern sigset_t sig_default_set;
|
|
||||||
int cmd_parser (void *pool, int argc, char **argv, struct cfg_st** config);
|
|
||||||
void reload_cfg_file(void *pool, struct cfg_st* config);
|
|
||||||
void clear_cfg_file(struct cfg_st* config);
|
|
||||||
--
|
|
||||||
2.0.0
|
|
||||||
|
|
|
@ -1,25 +0,0 @@
|
||||||
diff --git a/src/worker-vpn.c b/src/worker-vpn.c
|
|
||||||
index 55ab375..12cd3c8 100644
|
|
||||||
--- a/src/worker-vpn.c
|
|
||||||
+++ b/src/worker-vpn.c
|
|
||||||
@@ -1071,9 +1071,20 @@ static int dtls_mainloop(worker_st * ws, struct timespec *tnow)
|
|
||||||
{
|
|
||||||
int ret, l;
|
|
||||||
|
|
||||||
+#if GNUTLS_VERSION_NUMBER <= 0x030210
|
|
||||||
+ /* work-around an infinite loop caused by gnutls_record_recv()
|
|
||||||
+ * always succeeding by counting every error as a discarded packet.
|
|
||||||
+ */
|
|
||||||
+ ret = gnutls_record_get_discarded(ws->dtls_session);
|
|
||||||
+ if (ret > 1000) {
|
|
||||||
+ ws->udp_state = UP_DISABLED;
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
switch (ws->udp_state) {
|
|
||||||
case UP_ACTIVE:
|
|
||||||
case UP_INACTIVE:
|
|
||||||
+
|
|
||||||
ret =
|
|
||||||
tls_recv_nb(ws->dtls_session, ws->buffer, ws->buffer_size);
|
|
||||||
oclog(ws, LOG_TRANSFER_DEBUG,
|
|
Loading…
Reference in New Issue