net/ocserv: Update to 1.1.7

- Update to 1.1.7
- Regen patches

4 files changed, 26 insertions, 33 deletions

diff --git a/net/ocserv/Makefile b/net/ocserv/Makefile
index 934705b2df50..6dc13dac271e 100644
--- a/net/ocserv/Makefile
+++ b/net/ocserv/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	ocserv
-DISTVERSION=	1.1.6
+DISTVERSION=	1.1.7
 CATEGORIES=	net net-vpn security
 MASTER_SITES=	https://www.infradead.org/ocserv/download/
 
@@ -8,7 +8,7 @@ COMMENT=	Server implementing the AnyConnect SSL VPN protocol
 WWW=		https://ocserv.gitlab.io/www/index.html
 
 LICENSE=	GPLv2+
-LICENSE_FILE=	${WRKSRC}/LICENSE
+LICENSE_FILE=	${WRKSRC}/COPYING
 
 BUILD_DEPENDS=	bash:shells/bash \
 		gsed:textproc/gsed
diff --git a/net/ocserv/distinfo b/net/ocserv/distinfo
index c8d80b9bcbf2..30465e6a2b45 100644
--- a/net/ocserv/distinfo
+++ b/net/ocserv/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1661367781
-SHA256 (ocserv-1.1.6.tar.xz) = 6a6cbe92212e32280426a51c634adc3d4803579dd049cfdb7e014714cc82c693
-SIZE (ocserv-1.1.6.tar.xz) = 839744
+TIMESTAMP = 1683875970
+SHA256 (ocserv-1.1.7.tar.xz) = f30f7515e1e569ca2e68a96fa5e3dd10d49a18a40c981ad95b484d10835e3aa6
+SIZE (ocserv-1.1.7.tar.xz) = 844140
diff --git a/net/ocserv/files/patch-doc_sample.config b/net/ocserv/files/patch-doc_sample.config
index 415691eb9b3a..f866507ac5a0 100644
--- a/net/ocserv/files/patch-doc_sample.config
+++ b/net/ocserv/files/patch-doc_sample.config
@@ -1,4 +1,4 @@
---- doc/sample.config.orig	2020-12-03 22:31:10 UTC
+--- doc/sample.config.orig	2022-12-02 18:59:51 UTC
 +++ doc/sample.config
 @@ -19,7 +19,7 @@
  #  This enabled PAM authentication of the user. The gid-min option is used
@@ -60,8 +60,8 @@
 -#server-key = /etc/ocserv/server-key.pem
 -server-cert = ../tests/certs/server-cert.pem
 -server-key = ../tests/certs/server-key.pem
-+server-cert = %%ETCDIR%%/server-cert.pem
-+server-key = %%ETCDIR%%/server-key.pem
+++server-cert = %%ETCDIR%%/server-cert.pem
+++server-key = %%ETCDIR%%/server-key.pem
  
  # Diffie-Hellman parameters. Only needed if for old (pre 3.6.0
  # versions of GnuTLS for supporting DHE ciphersuites.
@@ -72,7 +72,7 @@
 +#dh-params = %%ETCDIR%%/dh.pem
  
  # In case PKCS #11, TPM or encrypted keys are used the PINs should be available
- # in files. The srk-pin-file is applicable to TPM keys only, and is the 
+ # in files. The srk-pin-file is applicable to TPM keys only, and is the
  # storage root key.
 -#pin-file = /etc/ocserv/pin.txt
 -#srk-pin-file = /etc/ocserv/srkpin.txt
@@ -89,13 +89,13 @@
 -ca-cert = ../tests/certs/ca.pem
 +ca-cert = %%ETCDIR%%/ca.pem
  
- 
- ### All configuration options below this line are reloaded on a SIGHUP.
-@@ -166,15 +163,9 @@ ca-cert = ../tests/certs/ca.pem
+ # The number of sub-processes to use for the security module (authentication)
+ # processes. Typically this should not be set as the number of processes
+@@ -172,15 +169,9 @@ ca-cert = ../tests/certs/ca.pem
  ### failures during the reloading time.
  
  
--# Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of 
+-# Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of
 -# system calls allowed to a worker process, in order to reduce damage from a
 -# bug in the worker process. It is available on Linux systems at a performance cost.
 -# The performance cost is roughly 2% overhead at transfer time (tested on a Linux 3.17.8).
@@ -110,16 +110,16 @@
  
  # A banner to be displayed on clients after connection
  #banner = "Welcome"
-@@ -255,7 +246,7 @@ try-mtu-discovery = false
+@@ -262,7 +253,7 @@ try-mtu-discovery = false
  # You can update this response periodically using:
  # ocsptool --ask --load-cert=your_cert --load-issuer=your_ca --outfile response
  # Make sure that you replace the following file in an atomic way.
 -#ocsp-response = /etc/ocserv/ocsp.der
 +#ocsp-response = %%ETCDIR%%/ocsp.der
  
- # The object identifier that will be used to read the user ID in the client 
+ # The object identifier that will be used to read the user ID in the client
  # certificate. The object identifier should be part of the certificate's DN
-@@ -274,7 +265,7 @@ cert-user-oid = 0.9.2342.19200300.100.1.1
+@@ -281,7 +272,7 @@ cert-user-oid = 0.9.2342.19200300.100.1.1
  # See the manual to generate an empty CRL initially. The CRL will be reloaded
  # periodically when ocserv detects a change in the file. To force a reload use
  # SIGHUP.
@@ -128,9 +128,9 @@
  
  # Uncomment this to enable compression negotiation (LZS, LZ4).
  #compression = true
-@@ -543,15 +534,15 @@ no-route = 192.168.5.0/255.255.255.0
+@@ -558,15 +549,15 @@ no-route = 192.168.5.0/255.255.255.0
  # Note the that following two firewalling options currently are available
- # in Linux systems with iptables software. 
+ # in Linux systems with iptables software.
  
 -# If set, the script /usr/bin/ocserv-fw will be called to restrict
 +# If set, the script %%PREFIX%%/bin/ocserv-fw will be called to restrict
@@ -147,8 +147,8 @@
  # access specific ports in the network. This option can be set globally
  # or in the per-user configuration.
  #restrict-user-to-ports = "tcp(443), tcp(80), udp(443), sctp(99), tcp(583), icmp(), icmpv6()"
-@@ -599,13 +590,13 @@ no-route = 192.168.5.0/255.255.255.0
- # hostname to override any proposed by the user. Note also, that, any 
+@@ -614,13 +605,13 @@ no-route = 192.168.5.0/255.255.255.0
+ # hostname to override any proposed by the user. Note also, that, any
  # routes, no-routes, DNS or NBNS servers present will overwrite the global ones.
  
 -#config-per-user = /etc/ocserv/config-per-user/
@@ -165,7 +165,7 @@
  
  # The system command to use to setup a route. %{R} will be replaced with the
  # route/mask, %{RI} with the route in CIDR format, and %{D} with the (tun) device.
-@@ -627,7 +618,7 @@ no-route = 192.168.5.0/255.255.255.0
+@@ -642,7 +633,7 @@ no-route = 192.168.5.0/255.255.255.0
  # In MIT kerberos you'll need to add in realms:
  #   EXAMPLE.COM = {
  #     kdc = https://ocserv.example.com/KdcProxy
@@ -174,7 +174,7 @@
  #   }
  # In some distributions the krb5-k5tls plugin of kinit is required.
  #
-@@ -701,13 +692,13 @@ dtls-legacy = true
+@@ -722,13 +713,13 @@ client-bypass-protocol = false
  [vhost:www.example.com]
  auth = "certificate"
  
diff --git a/net/ocserv/files/patch-src_main-ban.c b/net/ocserv/files/patch-src_main-ban.c
index 2a4446d29abb..86483cf2e9f7 100644
--- a/net/ocserv/files/patch-src_main-ban.c
+++ b/net/ocserv/files/patch-src_main-ban.c
@@ -1,20 +1,13 @@
---- src/main-ban.c.orig	2021-01-26 17:01:03 UTC
+--- src/main-ban.c.orig	2023-01-29 14:09:45 UTC
 +++ src/main-ban.c
-@@ -403,8 +403,8 @@ static bool test_local_ipv6(struct sockaddr_in6 * remo
+@@ -408,8 +408,8 @@ static bool test_local_ipv6(struct sockaddr_in6 * remo
  	unsigned index = 0;
- 	
+ 
  	for (index = 0; index < 4; index ++) {
 -		uint32_t l = local->sin6_addr.s6_addr32[index] & network->sin6_addr.s6_addr32[index];
 -		uint32_t r = remote->sin6_addr.s6_addr32[index] & network->sin6_addr.s6_addr32[index];
 +		uint32_t l = local->sin6_addr.__u6_addr.__u6_addr32[index] & network->sin6_addr.__u6_addr.__u6_addr32[index];
 +		uint32_t r = remote->sin6_addr.__u6_addr.__u6_addr32[index] & network->sin6_addr.__u6_addr.__u6_addr32[index];
- 		if (l != r) 
+ 		if (l != r)
  			return false;
  	}
-@@ -443,4 +443,4 @@ void if_address_cleanup(main_server_st * s)
- 
- 	s->if_addresses = NULL;
- 	s->if_addresses_count = 0;
--}
-\ No newline at end of file
-+}