net/ocserv: update to 0.12.1

Changelog: https://gitlab.com/ocserv/ocserv/blob/master/NEWS

Tested by:	Jov <amutu@amutu.com>

1 files changed, 76 insertions, 0 deletions

diff --git a/net/ocserv/files/patch-doc_sample.config b/net/ocserv/files/patch-doc_sample.config
new file mode 100644
index 000000000000..c511b6163590
--- /dev/null
+++ b/net/ocserv/files/patch-doc_sample.config
@@ -0,0 +1,76 @@
+--- doc/sample.config.orig	2018-04-15 19:13:39 UTC
++++ doc/sample.config
+@@ -19,7 +19,7 @@
+ #  This enabled PAM authentication of the user. The gid-min option is used
+ # by auto-select-group option, in order to select the minimum valid group ID.
+ #
+-# plain[passwd=/etc/ocserv/ocpasswd,otp=/etc/ocserv/users.otp]
++# plain[passwd=/usr/local/etc/ocserv/ocpasswd,otp=/etc/ocserv/users.otp]
+ #  The plain option requires specifying a password file which contains
+ # entries of the following format.
+ # "username:groupname1,groupname2:encoded-password"
+@@ -102,8 +102,8 @@ udp-port = 443
+ 
+ # The user the worker processes will be run as. It should be
+ # unique (no other services run as this user).
+-run-as-user = nobody
+-run-as-group = daemon
++run-as-user = _ocserv
++run-as-group = _ocserv
+ 
+ # socket file used for IPC with occtl. You only need to set that,
+ # if you use more than a single servers.
+@@ -172,16 +172,6 @@ ca-cert = ../tests/certs/ca.pem
+ ### failures during the reloading time.
+ 
+ 
+-# Whether to enable seccomp/Linux namespaces worker isolation. That restricts the number of 
+-# system calls allowed to a worker process, in order to reduce damage from a
+-# bug in the worker process. It is available on Linux systems at a performance cost.
+-# The performance cost is roughly 2% overhead at transfer time (tested on a Linux 3.17.8).
+-# Note however, that process isolation is restricted to the specific libc versions
+-# the isolation was tested at. If you get random failures on worker processes, try
+-# disabling that option and report the failures you, along with system and debugging
+-# information at: https://gitlab.com/ocserv/ocserv/issues
+-isolate-workers = true
+-
+ # A banner to be displayed on clients
+ #banner = "Welcome"
+ 
+@@ -530,15 +520,15 @@ no-route = 192.168.5.0/255.255.255.0
+ # Note the that following two firewalling options currently are available
+ # in Linux systems with iptables software. 
+ 
+-# If set, the script /usr/bin/ocserv-fw will be called to restrict
++# If set, the script /usr/local/bin/ocserv-fw will be called to restrict
+ # the user to its allowed routes and prevent him from accessing
+ # any other routes. In case of defaultroute, the no-routes are restricted.
+-# All the routes applied by ocserv can be reverted using /usr/bin/ocserv-fw
++# All the routes applied by ocserv can be reverted using /usr/local/bin/ocserv-fw
+ # --removeall. This option can be set globally or in the per-user configuration.
+ #restrict-user-to-routes = true
+ 
+ # This option implies restrict-user-to-routes set to true. If set, the
+-# script /usr/bin/ocserv-fw will be called to restrict the user to
++# script /usr/local/bin/ocserv-fw will be called to restrict the user to
+ # access specific ports in the network. This option can be set globally
+ # or in the per-user configuration.
+ #restrict-user-to-ports = "tcp(443), tcp(80), udp(443), sctp(99), tcp(583), icmp(), icmpv6()"
+@@ -586,13 +576,13 @@ no-route = 192.168.5.0/255.255.255.0
+ # hostname to override any proposed by the user. Note also, that, any 
+ # routes, no-routes, DNS or NBNS servers present will overwrite the global ones.
+ 
+-#config-per-user = /etc/ocserv/config-per-user/
+-#config-per-group = /etc/ocserv/config-per-group/
++#config-per-user = /usr/local/etc/ocserv/config-per-user/
++#config-per-group = /usr/local/etc/ocserv/config-per-group/
+ 
+ # When config-per-xxx is specified and there is no group or user that
+ # matches, then utilize the following configuration.
+-#default-user-config = /etc/ocserv/defaults/user.conf
+-#default-group-config = /etc/ocserv/defaults/group.conf
++#default-user-config = /usr/local/etc/ocserv/defaults/user.conf
++#default-group-config = /usr/local/etc/ocserv/defaults/group.conf
+ 
+ # The system command to use to setup a route. %{R} will be replaced with the
+ # route/mask, %{RI} with the route in CIDR format, and %{D} with the (tun) device.