From dda8ba0ca732d613238db973f00e20dc83d8fc77 Mon Sep 17 00:00:00 2001 From: Jianhui Zhao Date: Sun, 28 May 2023 22:04:17 +0800 Subject: [PATCH] freeradius3: Update to 3.0.26 Signed-off-by: Jianhui Zhao --- net/freeradius3/Makefile | 20 ++++++------------- ...-disable-session-cache-CVE-2017-9148.patch | 10 +++++----- .../patches/010-openssl-deprecated.patch | 18 ++++++++--------- 3 files changed, 20 insertions(+), 28 deletions(-) diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile index 37316c72c7..d908ed8152 100644 --- a/net/freeradius3/Makefile +++ b/net/freeradius3/Makefile @@ -8,19 +8,19 @@ include $(TOPDIR)/rules.mk PKG_NAME:=freeradius3 -PKG_VERSION:=3_0_21 -PKG_RELEASE:=2 +PKG_VERSION:=3.0.26 +PKG_RELEASE:=1 -PKG_SOURCE:=release_$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive -PKG_HASH:=b2014372948a92f86cfe2cf43c58ef47921c03af05666eb9d6416bdc6eeaedc2 +PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/releases/download/release_$(subst .,_,$(PKG_VERSION))/ +PKG_HASH:=9a65314c462da4d4c4204df72c45f210de671f89317299b01f78549ac4503f59 PKG_MAINTAINER:= PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYRIGHT LICENSE PKG_CPE_ID:=cpe:/a:freeradius:freeradius -PKG_BUILD_DIR:=$(BUILD_DIR)/freeradius-server-release_$(PKG_VERSION) +PKG_BUILD_DIR:=$(BUILD_DIR)/freeradius-server-$(PKG_VERSION) PKG_FIXUP:=autoreconf PYTHON3_PKG_BUILD:=0 @@ -77,7 +77,6 @@ define Package/freeradius3-default +freeradius3-mod-digest \ +freeradius3-mod-eap \ +freeradius3-mod-eap-gtc \ -+freeradius3-mod-eap-leap \ +freeradius3-mod-eap-md5 \ +freeradius3-mod-eap-mschapv2 \ +freeradius3-mod-eap-peap \ @@ -195,12 +194,6 @@ define Package/freeradius3-mod-eap-gtc TITLE:=EAP/GTC module endef -define Package/freeradius3-mod-eap-leap - $(call Package/freeradius3/Default) - DEPENDS:=freeradius3-mod-eap - TITLE:=EAP/LEAP module -endef - define Package/freeradius3-mod-eap-md5 $(call Package/freeradius3/Default) DEPENDS:=freeradius3-mod-eap @@ -774,7 +767,6 @@ $(eval $(call BuildPlugin,freeradius3-mod-detail,rlm_detail,)) $(eval $(call BuildPlugin,freeradius3-mod-digest,rlm_digest,)) $(eval $(call BuildPlugin,freeradius3-mod-eap,rlm_eap,)) $(eval $(call BuildPlugin,freeradius3-mod-eap-gtc,rlm_eap_gtc,)) -$(eval $(call BuildPlugin,freeradius3-mod-eap-leap,rlm_eap_leap,)) $(eval $(call BuildPlugin,freeradius3-mod-eap-md5,rlm_eap_md5,)) $(eval $(call BuildPlugin,freeradius3-mod-eap-mschapv2,rlm_eap_mschapv2,)) $(eval $(call BuildPlugin,freeradius3-mod-eap-peap,rlm_eap_peap,)) diff --git a/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch b/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch index 73561f50f3..ed5ed009df 100644 --- a/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch +++ b/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch @@ -9,16 +9,16 @@ Last-Update: 2020-04-28 --- a/src/main/tls.c +++ b/src/main/tls.c -@@ -675,7 +675,7 @@ tls_session_t *tls_new_session(TALLOC_CT - state->mtu = vp->vp_integer; +@@ -934,7 +934,7 @@ after_chain: } + if (vp) vp->vp_integer = state->mtu; - if (conf->session_cache_enable) state->allow_session_resumption = true; /* otherwise it's false */ + if (/*conf->session_cache_enable*/0) state->allow_session_resumption = true; /* otherwise it's false */ return state; } -@@ -3332,7 +3332,7 @@ post_ca: +@@ -4389,7 +4389,7 @@ post_ca: /* * Callbacks, etc. for session resumption. */ @@ -27,7 +27,7 @@ Last-Update: 2020-04-28 /* * Cache sessions on disk if requested. */ -@@ -3402,7 +3402,7 @@ post_ca: +@@ -4469,7 +4469,7 @@ post_ca: /* * Setup session caching */ @@ -36,7 +36,7 @@ Last-Update: 2020-04-28 /* * Create a unique context Id per EAP-TLS configuration. */ -@@ -3571,7 +3571,7 @@ fr_tls_server_conf_t *tls_server_conf_pa +@@ -4757,7 +4757,7 @@ fr_tls_server_conf_t *tls_server_conf_pa goto error; } diff --git a/net/freeradius3/patches/010-openssl-deprecated.patch b/net/freeradius3/patches/010-openssl-deprecated.patch index aeaf4928e6..d2123c9657 100644 --- a/net/freeradius3/patches/010-openssl-deprecated.patch +++ b/net/freeradius3/patches/010-openssl-deprecated.patch @@ -18,15 +18,15 @@ } --- a/src/main/tls.c +++ b/src/main/tls.c -@@ -55,6 +55,7 @@ USES_APPLE_DEPRECATED_API /* OpenSSL API +@@ -60,6 +60,7 @@ USES_APPLE_DEPRECATED_API /* OpenSSL API # include # endif # include +# include - #define LOG_PREFIX "tls" - -@@ -2133,7 +2134,7 @@ int cbtls_verify(int ok, X509_STORE_CTX + #if OPENSSL_VERSION_NUMBER >= 0x30000000L + # include +@@ -2954,7 +2955,7 @@ int cbtls_verify(int ok, X509_STORE_CTX int my_ok = ok; ASN1_INTEGER *sn = NULL; @@ -35,7 +35,7 @@ VALUE_PAIR **certs; char **identity; #ifdef HAVE_OPENSSL_OCSP_H -@@ -2207,7 +2208,7 @@ int cbtls_verify(int ok, X509_STORE_CTX +@@ -3028,7 +3029,7 @@ int cbtls_verify(int ok, X509_STORE_CTX * Get the Expiration Date */ buf[0] = '\0'; @@ -44,7 +44,7 @@ if (certs && (lookup <= 1) && asn_time && (asn_time->length < (int) sizeof(buf))) { memcpy(buf, (char*) asn_time->data, asn_time->length); -@@ -2220,7 +2221,7 @@ int cbtls_verify(int ok, X509_STORE_CTX +@@ -3041,7 +3042,7 @@ int cbtls_verify(int ok, X509_STORE_CTX * Get the Valid Since Date */ buf[0] = '\0'; @@ -53,7 +53,7 @@ if (certs && (lookup <= 1) && asn_time && (asn_time->length < (int) sizeof(buf))) { memcpy(buf, (char*) asn_time->data, asn_time->length); -@@ -2690,10 +2691,12 @@ static int set_ecdh_curve(SSL_CTX *ctx, +@@ -3592,10 +3593,12 @@ static int set_ecdh_curve(SSL_CTX *ctx, */ int tls_global_init(bool spawn_flag, bool check) { @@ -66,7 +66,7 @@ /* * Initialize the index for the certificates. -@@ -2769,6 +2772,7 @@ int tls_global_version_check(char const +@@ -3693,6 +3696,7 @@ int tls_global_version_check(char const */ void tls_global_cleanup(void) { @@ -74,7 +74,7 @@ #if OPENSSL_VERSION_NUMBER < 0x10000000L ERR_remove_state(0); #elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -@@ -2781,6 +2785,7 @@ void tls_global_cleanup(void) +@@ -3718,6 +3722,7 @@ void tls_global_cleanup(void) ERR_free_strings(); EVP_cleanup(); CRYPTO_cleanup_all_ex_data(); -- 2.30.2