ocserv: update to 0.9.0

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

net/ocserv/Makefile

@@ -8,13 +8,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ocserv
-PKG_VERSION:=0.8.9
-PKG_RELEASE:=4
+PKG_VERSION:=0.9.0
+PKG_RELEASE:=1
 
 PKG_BUILD_DIR :=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL :=ftp://ftp.infradead.org/pub/ocserv/
-PKG_MD5SUM:=cd935cc89bffac75c825e66ef71f6a73
+PKG_MD5SUM:=50994bf7e40fd6bedda33bb2f99b1f11
 
 PKG_LICENSE:=GPLv2
 PKG_LICENSE_FILES:=COPYING

net/ocserv/README

@@ -15,6 +15,7 @@ config ocserv 'config'
 	option auth 'plain'
 	option zone 'vpn'
 	option default_domain 'lan'
+	option compression '1'
 	option enable '1'
 
 config dns

net/ocserv/files/ocserv.conf.template

@@ -43,6 +43,12 @@ max-same-clients = |MAX_SAME|
 tcp-port = |PORT|
 |UDP|udp-port = |PORT|
 
+# Stats report time. The number of seconds after which each
+# worker process will report its usage statistics (number of
+# bytes transferred etc). This is useful when accounting like
+# radius is in use.
+#stats-report-time = 360
+
 # Keepalive in seconds
 keepalive = 32400
 
@@ -109,11 +115,14 @@ server-key = /etc/ocserv/server-key.pem
 # The revocation list of the certificates issued by the 'ca-cert' above.
 #crl = /etc/ocserv/crl.pem
 
+# Uncomment this to enable compression negotiation (LZS, LZ4).
+|COMPRESSION|compression = true
+
 # GnuTLS priority string
-tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT"
+tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
 
 # To enforce perfect forward secrecy (PFS) on the main channel.
-#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA"
+#tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0:-RSA"
 
 # The time (in seconds) that a client is allowed to stay connected prior
 # to authentication

net/ocserv/files/ocserv.init

@@ -10,6 +10,7 @@ setup_config() {
 	config_get max_same     $1 max_same "2"
 	config_get dpd          $1 dpd "120"
 	config_get predictable_ips  $1 predictable_ips "1"
+	config_get compression  $1 compression "0"
 	config_get udp          $1 udp "1"
 	config_get auth         $1 auth "plain"
 	config_get cisco_compat $1 cisco_compat "1"
@@ -20,11 +21,13 @@ setup_config() {
 
 	enable_default_domain="#"
 	enable_udp="#"
+	enable_compression="#"
 	test $predictable_ips = "0" && predictable_ips="false"
 	test $predictable_ips = "1" && predictable_ips="true"
 	test $cisco_compat = "0" && cisco_compat="false"
 	test $cisco_compat = "1" && cisco_compat="true"
 	test $udp = "1" && enable_udp=""
+	test $compression = "1" && enable_compression=""
 	test -z $default_domain && enable_default_domain=""
 	test -z $ip6addr && enable_ipv6="#"
 
@@ -49,6 +52,7 @@ setup_config() {
 	    -e "s/|ENABLE_DEFAULT_DOMAIN|/$enable_default_domain/g" \
 	    -e "s/|CISCO_COMPAT|/$cisco_compat/g" \
 	    -e "s/|UDP|/$enable_udp/g" \
+	    -e "s/|COMPRESSION|/$enable_compression/g" \
 	    -e "s/|IPV4ADDR|/$ipaddr/g" \
 	    -e "s/|NETMASK|/$netmask/g" \
 	    -e "s/|IPV6ADDR|/$ipv6_addr/g" \

net/ocserv/patches/001-ocpasswd-sha2crypt.patch

@@ -1,12 +0,0 @@
-diff -ur ocserv-0.8.9/src/ocpasswd.c ocserv-0.8.9.new/src/ocpasswd.c
---- ocserv-0.8.9/src/ocpasswd.c	2014-11-29 19:49:38.000000000 +0100
-+++ ocserv-0.8.9.new/src/ocpasswd.c	2015-01-19 23:21:14.959144113 +0100
-@@ -69,7 +69,7 @@
- 		exit(1);
- 	}
- 
--	strcpy(salt, "$5$");
-+	strcpy(salt, "$1$");
- 	p = salt + 3;
- 
- 	for (i = 0; i < sizeof(_salt); i++) {