Update to ocserv-1.1.6

Changes: https://ocserv.gitlab.io/www/changelog.html

OK sthen@

net/ocserv/Makefile

@@ -1,6 +1,6 @@
 COMMENT=	server implementing the AnyConnect SSL VPN protocol
 
-DISTNAME=	ocserv-1.1.3
+DISTNAME=	ocserv-1.1.6
 EXTRACT_SUFX=	.tar.xz
 
 CATEGORIES=	net

net/ocserv/distinfo

@@ -1,2 +1,2 @@
-SHA256 (ocserv-1.1.3.tar.xz) = GrcMbm6ja2E+jhcfwDtggcQxKkXuUswpWcBownMkEH4=
-SIZE (ocserv-1.1.3.tar.xz) = 833320
+SHA256 (ocserv-1.1.6.tar.xz) = amy+kiEuMigEJqUcY0rcPUgDV53QSc/bfgFHFMyCxpM=
+SIZE (ocserv-1.1.6.tar.xz) = 839744

net/ocserv/patches/patch-doc_sample_config

@@ -6,7 +6,7 @@ Index: doc/sample.config
 @@ -35,15 +35,6 @@
  # Acct-Interim-Interval, and Session-Timeout values.
  #
- # See doc/README-radius.md for the supported radius configuration atributes.
+ # See doc/README-radius.md for the supported radius configuration attributes.
 -#
 -# gssapi[keytab=/etc/key.tab,require-local-user-map=true,tgt-freshness-time=900]
 -#  The gssapi option allows one to use authentication methods supported by GSSAPI,
@@ -48,7 +48,7 @@ Index: doc/sample.config
  
  # The default server directory. Does not require any devices present.
  #chroot-dir = /var/lib/ocserv
-@@ -166,16 +155,6 @@ ca-cert = ../tests/certs/ca.pem
+@@ -172,16 +161,6 @@ ca-cert = ../tests/certs/ca.pem
  ### failures during the reloading time.
  
  
@@ -65,19 +65,21 @@ Index: doc/sample.config
  # A banner to be displayed on clients after connection
  #banner = "Welcome"
  
-@@ -341,9 +320,8 @@ min-reauth-time = 300
+@@ -345,10 +324,9 @@ min-reauth-time = 300
  # Banning clients in ocserv works with a point system. IP addresses
  # that get a score over that configured number are banned for
  # min-reauth-time seconds. By default a wrong password attempt is 10 points,
 -# a KKDCP POST is 1 point, and a connection is 1 point. Note that
--# due to difference processes being involved the count of points
--# will not be real-time precise.
-+# and a connection is 1 point. Note that due to different processes
-+# being involved the count of points will not be real-time precise.
+-# due to different processes being involved the count of points
+-# will not be real-time precise. Local subnet IPs are exempt to allow
+-# services that check for process health.
++# and a connection is 1 point. Note that due to different processes being
++# involved the count of points will not be real-time precise. Local subnet
++# IPs are exempt to allow services that check for process health.
  #
- # Score banning cannot be reliably used when receiving proxied connections
- # locally from an HTTP server (i.e., when listen-clear-file is used).
-@@ -357,7 +335,6 @@ ban-reset-time = 1200
+ # Set to zero to disable.
+ max-ban-score = 80
+@@ -359,7 +337,6 @@ ban-reset-time = 1200
  # In case you'd like to change the default points.
  #ban-points-wrong-password = 10
  #ban-points-connection = 1
@@ -85,7 +87,7 @@ Index: doc/sample.config
  
  # Cookie timeout (in seconds)
  # Once a client is authenticated he's provided a cookie with
-@@ -432,7 +409,7 @@ rekey-method = ssl
+@@ -434,7 +411,7 @@ rekey-method = ssl
  use-occtl = true
  
  # PID file. It can be overridden in the command line.
@@ -94,7 +96,7 @@ Index: doc/sample.config
  
  # Log Level. It can be overridden in the command line with the -d option.
  # All messages at the configure level and lower will be displayed.
-@@ -561,6 +538,11 @@ no-route = 192.168.5.0/255.255.255.0
+@@ -563,6 +540,11 @@ no-route = 192.168.5.0/255.255.255.0
  # any other routes. In case of defaultroute, the no-routes are restricted.
  # All the routes applied by ocserv can be reverted using /etc/ocserv/ocserv-fw
  # --removeall. This option can be set globally or in the per-user configuration.
@@ -106,7 +108,7 @@ Index: doc/sample.config
  #restrict-user-to-routes = true
  
  # This option implies restrict-user-to-routes set to true. If set, the
-@@ -633,23 +615,6 @@ no-route = 192.168.5.0/255.255.255.0
+@@ -635,23 +617,6 @@ no-route = 192.168.5.0/255.255.255.0
  # and '%{G}', if present will be replaced by the username and group name.
  #proxy-url = http://example.com/
  #proxy-url = http://example.com/%{U}/