freeradius3: Update to 3.0.26
authorJianhui Zhao <zhaojh329@gmail.com>
Sun, 28 May 2023 14:04:17 +0000 (22:04 +0800)
committerJosef Schlehofer <pepe.schlehofer@gmail.com>
Tue, 31 Oct 2023 12:46:12 +0000 (13:46 +0100)
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
(cherry picked from commit dda8ba0ca732d613238db973f00e20dc83d8fc77)

net/freeradius3/Makefile
net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch
net/freeradius3/patches/010-openssl-deprecated.patch

index 37316c72c7956c057a7698d3b91bdb3b88837b38..d908ed81524fe6a00becfed0fa97003716710f01 100644 (file)
@@ -8,19 +8,19 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=freeradius3
-PKG_VERSION:=3_0_21
-PKG_RELEASE:=2
+PKG_VERSION:=3.0.26
+PKG_RELEASE:=1
 
-PKG_SOURCE:=release_$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive
-PKG_HASH:=b2014372948a92f86cfe2cf43c58ef47921c03af05666eb9d6416bdc6eeaedc2
+PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/releases/download/release_$(subst .,_,$(PKG_VERSION))/
+PKG_HASH:=9a65314c462da4d4c4204df72c45f210de671f89317299b01f78549ac4503f59
 
 PKG_MAINTAINER:=
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYRIGHT LICENSE
 PKG_CPE_ID:=cpe:/a:freeradius:freeradius
 
-PKG_BUILD_DIR:=$(BUILD_DIR)/freeradius-server-release_$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/freeradius-server-$(PKG_VERSION)
 PKG_FIXUP:=autoreconf
 PYTHON3_PKG_BUILD:=0
 
@@ -77,7 +77,6 @@ define Package/freeradius3-default
 +freeradius3-mod-digest \
 +freeradius3-mod-eap \
 +freeradius3-mod-eap-gtc \
-+freeradius3-mod-eap-leap \
 +freeradius3-mod-eap-md5 \
 +freeradius3-mod-eap-mschapv2 \
 +freeradius3-mod-eap-peap \
@@ -195,12 +194,6 @@ define Package/freeradius3-mod-eap-gtc
   TITLE:=EAP/GTC module
 endef
 
-define Package/freeradius3-mod-eap-leap
-  $(call Package/freeradius3/Default)
-  DEPENDS:=freeradius3-mod-eap
-  TITLE:=EAP/LEAP module
-endef
-
 define Package/freeradius3-mod-eap-md5
   $(call Package/freeradius3/Default)
   DEPENDS:=freeradius3-mod-eap
@@ -774,7 +767,6 @@ $(eval $(call BuildPlugin,freeradius3-mod-detail,rlm_detail,))
 $(eval $(call BuildPlugin,freeradius3-mod-digest,rlm_digest,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap,rlm_eap,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-gtc,rlm_eap_gtc,))
-$(eval $(call BuildPlugin,freeradius3-mod-eap-leap,rlm_eap_leap,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-md5,rlm_eap_md5,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-mschapv2,rlm_eap_mschapv2,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-peap,rlm_eap_peap,))
index 73561f50f321719de7a68dd53942758d7725deb2..ed5ed009df4faf0ec52b5dae62fb486cbf000130 100644 (file)
@@ -9,16 +9,16 @@ Last-Update: 2020-04-28
 
 --- a/src/main/tls.c
 +++ b/src/main/tls.c
-@@ -675,7 +675,7 @@ tls_session_t *tls_new_session(TALLOC_CT
-               state->mtu = vp->vp_integer;
+@@ -934,7 +934,7 @@ after_chain:
        }
+       if (vp) vp->vp_integer = state->mtu;
  
 -      if (conf->session_cache_enable) state->allow_session_resumption = true; /* otherwise it's false */
 +      if (/*conf->session_cache_enable*/0) state->allow_session_resumption = true; /* otherwise it's false */
  
        return state;
  }
-@@ -3332,7 +3332,7 @@ post_ca:
+@@ -4389,7 +4389,7 @@ post_ca:
        /*
         *      Callbacks, etc. for session resumption.
         */
@@ -27,7 +27,7 @@ Last-Update: 2020-04-28
                /*
                 *      Cache sessions on disk if requested.
                 */
-@@ -3402,7 +3402,7 @@ post_ca:
+@@ -4469,7 +4469,7 @@ post_ca:
        /*
         *      Setup session caching
         */
@@ -36,7 +36,7 @@ Last-Update: 2020-04-28
                /*
                 *      Create a unique context Id per EAP-TLS configuration.
                 */
-@@ -3571,7 +3571,7 @@ fr_tls_server_conf_t *tls_server_conf_pa
+@@ -4757,7 +4757,7 @@ fr_tls_server_conf_t *tls_server_conf_pa
                goto error;
        }
  
index aeaf4928e635c3b0828d5f09cad20d2d71e3c4eb..d2123c9657343eb98b5dca072fcc7486f07695b9 100644 (file)
  }
 --- a/src/main/tls.c
 +++ b/src/main/tls.c
-@@ -55,6 +55,7 @@ USES_APPLE_DEPRECATED_API    /* OpenSSL API
+@@ -60,6 +60,7 @@ USES_APPLE_DEPRECATED_API    /* OpenSSL API
  #    include <openssl/evp.h>
  #  endif
  #  include <openssl/ssl.h>
 +#  include <openssl/dh.h>
  
- #define LOG_PREFIX "tls"
-@@ -2133,7 +2134,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
+ #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ #  include <openssl/provider.h>
+@@ -2954,7 +2955,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
        int             my_ok = ok;
  
        ASN1_INTEGER    *sn = NULL;
@@ -35,7 +35,7 @@
        VALUE_PAIR      **certs;
        char **identity;
  #ifdef HAVE_OPENSSL_OCSP_H
-@@ -2207,7 +2208,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
+@@ -3028,7 +3029,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
         *      Get the Expiration Date
         */
        buf[0] = '\0';
@@ -44,7 +44,7 @@
        if (certs && (lookup <= 1) && asn_time &&
            (asn_time->length < (int) sizeof(buf))) {
                memcpy(buf, (char*) asn_time->data, asn_time->length);
-@@ -2220,7 +2221,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
+@@ -3041,7 +3042,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
         *      Get the Valid Since Date
         */
        buf[0] = '\0';
@@ -53,7 +53,7 @@
        if (certs && (lookup <= 1) && asn_time &&
            (asn_time->length < (int) sizeof(buf))) {
                memcpy(buf, (char*) asn_time->data, asn_time->length);
-@@ -2690,10 +2691,12 @@ static int set_ecdh_curve(SSL_CTX *ctx,
+@@ -3592,10 +3593,12 @@ static int set_ecdh_curve(SSL_CTX *ctx,
   */
  int tls_global_init(bool spawn_flag, bool check)
  {
@@ -66,7 +66,7 @@
  
        /*
         *      Initialize the index for the certificates.
-@@ -2769,6 +2772,7 @@ int tls_global_version_check(char const
+@@ -3693,6 +3696,7 @@ int tls_global_version_check(char const
   */
  void tls_global_cleanup(void)
  {
@@ -74,7 +74,7 @@
  #if OPENSSL_VERSION_NUMBER < 0x10000000L
        ERR_remove_state(0);
  #elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-@@ -2781,6 +2785,7 @@ void tls_global_cleanup(void)
+@@ -3718,6 +3722,7 @@ void tls_global_cleanup(void)
        ERR_free_strings();
        EVP_cleanup();
        CRYPTO_cleanup_all_ex_data();