freeradius3: Update to 3.0.26

Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
2023-05-28 22:04:17 +08:00 · 2023-05-28 22:04:17 +08:00 · dda8ba0ca7
parent fa76c4df5c
commit dda8ba0ca7
3 changed files with 20 additions and 28 deletions
--- a/net/freeradius3/Makefile
+++ b/net/freeradius3/Makefile
@ -8,19 +8,19 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=freeradius3
-PKG_VERSION:=3_0_21
-PKG_RELEASE:=2
+PKG_VERSION:=3.0.26
+PKG_RELEASE:=1

-PKG_SOURCE:=release_$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive
-PKG_HASH:=b2014372948a92f86cfe2cf43c58ef47921c03af05666eb9d6416bdc6eeaedc2
+PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/releases/download/release_$(subst .,_,$(PKG_VERSION))/
+PKG_HASH:=9a65314c462da4d4c4204df72c45f210de671f89317299b01f78549ac4503f59

 PKG_MAINTAINER:=
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYRIGHT LICENSE
 PKG_CPE_ID:=cpe:/a:freeradius:freeradius

-PKG_BUILD_DIR:=$(BUILD_DIR)/freeradius-server-release_$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/freeradius-server-$(PKG_VERSION)
 PKG_FIXUP:=autoreconf
 PYTHON3_PKG_BUILD:=0

@ -77,7 +77,6 @@ define Package/freeradius3-default
 +freeradius3-mod-digest \
 +freeradius3-mod-eap \
 +freeradius3-mod-eap-gtc \
-+freeradius3-mod-eap-leap \
 +freeradius3-mod-eap-md5 \
 +freeradius3-mod-eap-mschapv2 \
 +freeradius3-mod-eap-peap \
@ -195,12 +194,6 @@ define Package/freeradius3-mod-eap-gtc
  TITLE:=EAP/GTC module
 endef

-define Package/freeradius3-mod-eap-leap
-  $(call Package/freeradius3/Default)
-  DEPENDS:=freeradius3-mod-eap
-  TITLE:=EAP/LEAP module
-endef
-
 define Package/freeradius3-mod-eap-md5
  $(call Package/freeradius3/Default)
  DEPENDS:=freeradius3-mod-eap
@ -774,7 +767,6 @@ $(eval $(call BuildPlugin,freeradius3-mod-detail,rlm_detail,))
 $(eval $(call BuildPlugin,freeradius3-mod-digest,rlm_digest,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap,rlm_eap,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-gtc,rlm_eap_gtc,))
-$(eval $(call BuildPlugin,freeradius3-mod-eap-leap,rlm_eap_leap,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-md5,rlm_eap_md5,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-mschapv2,rlm_eap_mschapv2,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-peap,rlm_eap_peap,))
--- a/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch
+++ b/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch
@ -9,16 +9,16 @@ Last-Update: 2020-04-28

 --- a/src/main/tls.c
 +++ b/src/main/tls.c
-@@ -675,7 +675,7 @@ tls_session_t *tls_new_session(TALLOC_CT
- 		state->mtu = vp->vp_integer;
+@@ -934,7 +934,7 @@ after_chain:
 	}
+ 	if (vp) vp->vp_integer = state->mtu;
 
 -	if (conf->session_cache_enable) state->allow_session_resumption = true; /* otherwise it's false */
 +	if (/*conf->session_cache_enable*/0) state->allow_session_resumption = true; /* otherwise it's false */
 
 	return state;
 }
-@@ -3332,7 +3332,7 @@ post_ca:
+@@ -4389,7 +4389,7 @@ post_ca:
 	/*
 	 *	Callbacks, etc. for session resumption.
 	 */
@ -27,7 +27,7 @@ Last-Update: 2020-04-28
 		/*
 		 *	Cache sessions on disk if requested.
 		 */
-@@ -3402,7 +3402,7 @@ post_ca:
+@@ -4469,7 +4469,7 @@ post_ca:
 	/*
 	 *	Setup session caching
 	 */
@ -36,7 +36,7 @@ Last-Update: 2020-04-28
 		/*
 		 *	Create a unique context Id per EAP-TLS configuration.
 		 */
-@@ -3571,7 +3571,7 @@ fr_tls_server_conf_t *tls_server_conf_pa
+@@ -4757,7 +4757,7 @@ fr_tls_server_conf_t *tls_server_conf_pa
 		goto error;
 	}
 
--- a/net/freeradius3/patches/010-openssl-deprecated.patch
+++ b/net/freeradius3/patches/010-openssl-deprecated.patch
@ -18,15 +18,15 @@
 }
 --- a/src/main/tls.c
 +++ b/src/main/tls.c
-@@ -55,6 +55,7 @@ USES_APPLE_DEPRECATED_API	/* OpenSSL API
+@@ -60,6 +60,7 @@ USES_APPLE_DEPRECATED_API	/* OpenSSL API
 #    include <openssl/evp.h>
 #  endif
 #  include <openssl/ssl.h>
 +#  include <openssl/dh.h>
 
- #define LOG_PREFIX "tls"
- 
-@@ -2133,7 +2134,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
+ #if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ #  include <openssl/provider.h>
+@@ -2954,7 +2955,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
 	int		my_ok = ok;
 
 	ASN1_INTEGER	*sn = NULL;
@ -35,7 +35,7 @@
 	VALUE_PAIR	**certs;
 	char **identity;
 #ifdef HAVE_OPENSSL_OCSP_H
-@@ -2207,7 +2208,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
+@@ -3028,7 +3029,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
 	 *	Get the Expiration Date
 	 */
 	buf[0] = '\0';
@ -44,7 +44,7 @@
 	if (certs && (lookup <= 1) && asn_time &&
 	    (asn_time->length < (int) sizeof(buf))) {
 		memcpy(buf, (char*) asn_time->data, asn_time->length);
-@@ -2220,7 +2221,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
+@@ -3041,7 +3042,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
 	 *	Get the Valid Since Date
 	 */
 	buf[0] = '\0';
@ -53,7 +53,7 @@
 	if (certs && (lookup <= 1) && asn_time &&
 	    (asn_time->length < (int) sizeof(buf))) {
 		memcpy(buf, (char*) asn_time->data, asn_time->length);
-@@ -2690,10 +2691,12 @@ static int set_ecdh_curve(SSL_CTX *ctx,
+@@ -3592,10 +3593,12 @@ static int set_ecdh_curve(SSL_CTX *ctx,
  */
 int tls_global_init(bool spawn_flag, bool check)
 {
@ -66,7 +66,7 @@
 
 	/*
 	 *	Initialize the index for the certificates.
-@@ -2769,6 +2772,7 @@ int tls_global_version_check(char const
+@@ -3693,6 +3696,7 @@ int tls_global_version_check(char const
  */
 void tls_global_cleanup(void)
 {
@ -74,7 +74,7 @@
 #if OPENSSL_VERSION_NUMBER < 0x10000000L
 	ERR_remove_state(0);
 #elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-@@ -2781,6 +2785,7 @@ void tls_global_cleanup(void)
+@@ -3718,6 +3722,7 @@ void tls_global_cleanup(void)
 	ERR_free_strings();
 	EVP_cleanup();
 	CRYPTO_cleanup_all_ex_data();