Rebase to 3.0.18

Signed-off-by: Alexander Scheel <ascheel@redhat.com>
2019-03-06 13:07:44 -05:00 · 2019-03-06 13:07:44 -05:00 · 1180d7fadb
commit 1180d7fadb
parent c374e8c2b3
5 changed files with 36 additions and 30 deletions
--- a/.gitignore
+++ b/.gitignore
@ -21,3 +21,5 @@
 /freeradius-server-3.0.14.tar.bz2
 /freeradius-server-3.0.15.tar.bz2
 /freeradius-server-3.0.17.tar.bz2
+/freeradius-server-3.0.18.tar.gz
+/freeradius-server-3.0.18.tar.bz2
--- a/freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch
+++ b/freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch
@ -12,24 +12,24 @@ diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
 index 2621e183c..94494b2c6 100644
 --- a/raddb/mods-available/eap
 +++ b/raddb/mods-available/eap
-@@ -472,7 +472,7 @@ eap {
- 			#
+@@ -533,7 +533,7 @@
 			#  You should also delete all of the files
 			#  in the directory when the server starts.
-	#		tmpdir = /tmp/radiusd
-+	#		tmpdir = /var/run/radiusd/tmp
+ 			#
+-		#	tmpdir = /tmp/radiusd
+		#	tmpdir = /var/run/radiusd/tmp
 
 			#  The command used to verify the client cert.
 			#  We recommend using the OpenSSL command-line
-@@ -486,7 +486,7 @@ eap {
- 			#  in PEM format.  This file is automatically
+@@ -548,7 +548,7 @@
 			#  deleted by the server when the command
 			#  returns.
-	#		client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
-+	#		client = "/usr/bin/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
+ 			#
+-		#	client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
+		#	client = "/usr/bin/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
 		}
 
- 		#
+ 		#  OCSP Configuration
 diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
 index a83c1f687..e500cf97b 100644
 --- a/raddb/radiusd.conf.in
--- a/freeradius-Use-system-crypto-policy-by-default.patch
+++ b/freeradius-Use-system-crypto-policy-by-default.patch
@ -14,15 +14,15 @@ diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
 index 94494b2c6..9a8dc9327 100644
 --- a/raddb/mods-available/eap
 +++ b/raddb/mods-available/eap
-@@ -323,7 +323,7 @@ eap {
+@@ -912,7 +912,7 @@
+ 		#  Note - for OpenSSL 1.1.0 and above you may need
+ 		#  to add ":@SECLEVEL=0"
 		#
- 		# For EAP-FAST, use "ALL:!EXPORT:!eNULL:!SSLv2"
- 		#
-		cipher_list = "DEFAULT"
-+		cipher_list = "PROFILE=SYSTEM"
+-	#	cipher_list = "ALL:!EXPORT:!eNULL:!SSLv2"
+	#	cipher_list = "PROFILE=SYSTEM"
 
- 		# If enabled, OpenSSL will use server cipher list
- 		# (possibly defined by cipher_list option above)
+ 		#  PAC lifetime in seconds (default: seven days)
+ 		#
 diff --git a/raddb/mods-available/inner-eap b/raddb/mods-available/inner-eap
 index 2b4df6267..af9aa88cd 100644
 --- a/raddb/mods-available/inner-eap
--- a/freeradius.spec
+++ b/freeradius.spec
@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
-Version: 3.0.17
-Release: 6%{?dist}
+Version: 3.0.18
+Release: 1%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: http://www.freeradius.org/

@ -22,11 +22,11 @@ Source104: freeradius-tmpfiles.conf

 Patch1: freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch
 Patch2: freeradius-Use-system-crypto-policy-by-default.patch
-Patch3: freeradius-man-Fix-some-typos.patch
-Patch4: freeradius-Add-missing-option-descriptions.patch
-Patch5: freeradius-OpenSSL-HMAC-MD5.patch
-Patch6: freeradius-OpenSSL-HMAC-SHA1.patch
-Patch7: freeradius-python2-shebangs.patch
+# Patch3: freeradius-man-Fix-some-typos.patch
+# Patch4: freeradius-Add-missing-option-descriptions.patch
+# Patch5: freeradius-OpenSSL-HMAC-MD5.patch
+# Patch6: freeradius-OpenSSL-HMAC-SHA1.patch
+# Patch7: freeradius-python2-shebangs.patch

 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}

@ -193,11 +193,11 @@ This plugin provides the REST support for the FreeRADIUS server project.
 # mistakenly includes the backup files, especially problematic for raddb config files.
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
+# %patch3 -p1
+# %patch4 -p1
+# %patch5 -p1
+# %patch6 -p1
+# %patch7 -p1

 %build
 # Force compile/link options, extra security for network facing daemon
@ -537,6 +537,7 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/eap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/filter
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/operator-name
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/rfc7542


 # binaries
@ -790,10 +791,13 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest

 %changelog
+* Wed Mar 06 2019 Alexander Scheel <ascheel@redhat.com> - 3.0.18-1
+- Rebased to 3.0.18
+
 * Sun Feb 17 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 3.0.17-6
 - Rebuild for readline 8.0

-* Mon Feb 05 2019 Alexander Scheel <ascheel@redhat.com> - 3.0.17-5
+* Tue Feb 05 2019 Alexander Scheel <ascheel@redhat.com> - 3.0.17-5
 - Unit file generates certificates if not present.
  Resolves: bz#1672284

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (freeradius-server-3.0.17.tar.bz2) = f4510d8e77eb7c72a21fbfad851f13460ff4b5a35f0b7bea6102076ceb71188a63b277fb7e4fcd9c3033b396b63e1bf0e455cc03608d7ab1380d1662407cb399
+SHA512 (freeradius-server-3.0.18.tar.bz2) = 8083f217f77894cad057fc60edd586532a48c762ffabd5180cf075d7e9cc68871fea4c4335310da6be30a6bec58d133e0eea9f39406196d45038d54284d64584