From 1180d7fadb180e5cada1f1af6f1bd65fbd90822b Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Wed, 6 Mar 2019 13:07:44 -0500 Subject: [PATCH] Rebase to 3.0.18 Signed-off-by: Alexander Scheel --- .gitignore | 2 ++ ...nfiguration-to-fit-Red-Hat-specifics.patch | 18 +++++------ ...-Use-system-crypto-policy-by-default.patch | 14 ++++----- freeradius.spec | 30 +++++++++++-------- sources | 2 +- 5 files changed, 36 insertions(+), 30 deletions(-) diff --git a/.gitignore b/.gitignore index 28f9f6c..f52249f 100644 --- a/.gitignore +++ b/.gitignore @@ -21,3 +21,5 @@ /freeradius-server-3.0.14.tar.bz2 /freeradius-server-3.0.15.tar.bz2 /freeradius-server-3.0.17.tar.bz2 +/freeradius-server-3.0.18.tar.gz +/freeradius-server-3.0.18.tar.bz2 diff --git a/freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch b/freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch index ad51053..6b2329b 100644 --- a/freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch +++ b/freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch @@ -12,24 +12,24 @@ diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap index 2621e183c..94494b2c6 100644 --- a/raddb/mods-available/eap +++ b/raddb/mods-available/eap -@@ -472,7 +472,7 @@ eap { - # +@@ -533,7 +533,7 @@ # You should also delete all of the files # in the directory when the server starts. -- # tmpdir = /tmp/radiusd -+ # tmpdir = /var/run/radiusd/tmp + # +- # tmpdir = /tmp/radiusd ++ # tmpdir = /var/run/radiusd/tmp # The command used to verify the client cert. # We recommend using the OpenSSL command-line -@@ -486,7 +486,7 @@ eap { - # in PEM format. This file is automatically +@@ -548,7 +548,7 @@ # deleted by the server when the command # returns. -- # client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}" -+ # client = "/usr/bin/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}" + # +- # client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}" ++ # client = "/usr/bin/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}" } - # + # OCSP Configuration diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in index a83c1f687..e500cf97b 100644 --- a/raddb/radiusd.conf.in diff --git a/freeradius-Use-system-crypto-policy-by-default.patch b/freeradius-Use-system-crypto-policy-by-default.patch index 1664186..836a81a 100644 --- a/freeradius-Use-system-crypto-policy-by-default.patch +++ b/freeradius-Use-system-crypto-policy-by-default.patch @@ -14,15 +14,15 @@ diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap index 94494b2c6..9a8dc9327 100644 --- a/raddb/mods-available/eap +++ b/raddb/mods-available/eap -@@ -323,7 +323,7 @@ eap { +@@ -912,7 +912,7 @@ + # Note - for OpenSSL 1.1.0 and above you may need + # to add ":@SECLEVEL=0" # - # For EAP-FAST, use "ALL:!EXPORT:!eNULL:!SSLv2" - # -- cipher_list = "DEFAULT" -+ cipher_list = "PROFILE=SYSTEM" +- # cipher_list = "ALL:!EXPORT:!eNULL:!SSLv2" ++ # cipher_list = "PROFILE=SYSTEM" - # If enabled, OpenSSL will use server cipher list - # (possibly defined by cipher_list option above) + # PAC lifetime in seconds (default: seven days) + # diff --git a/raddb/mods-available/inner-eap b/raddb/mods-available/inner-eap index 2b4df6267..af9aa88cd 100644 --- a/raddb/mods-available/inner-eap diff --git a/freeradius.spec b/freeradius.spec index 94a0d1d..5a91232 100644 --- a/freeradius.spec +++ b/freeradius.spec @@ -1,7 +1,7 @@ Summary: High-performance and highly configurable free RADIUS server Name: freeradius -Version: 3.0.17 -Release: 6%{?dist} +Version: 3.0.18 +Release: 1%{?dist} License: GPLv2+ and LGPLv2+ URL: http://www.freeradius.org/ @@ -22,11 +22,11 @@ Source104: freeradius-tmpfiles.conf Patch1: freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch Patch2: freeradius-Use-system-crypto-policy-by-default.patch -Patch3: freeradius-man-Fix-some-typos.patch -Patch4: freeradius-Add-missing-option-descriptions.patch -Patch5: freeradius-OpenSSL-HMAC-MD5.patch -Patch6: freeradius-OpenSSL-HMAC-SHA1.patch -Patch7: freeradius-python2-shebangs.patch +# Patch3: freeradius-man-Fix-some-typos.patch +# Patch4: freeradius-Add-missing-option-descriptions.patch +# Patch5: freeradius-OpenSSL-HMAC-MD5.patch +# Patch6: freeradius-OpenSSL-HMAC-SHA1.patch +# Patch7: freeradius-python2-shebangs.patch %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} @@ -193,11 +193,11 @@ This plugin provides the REST support for the FreeRADIUS server project. # mistakenly includes the backup files, especially problematic for raddb config files. %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 +# %patch3 -p1 +# %patch4 -p1 +# %patch5 -p1 +# %patch6 -p1 +# %patch7 -p1 %build # Force compile/link options, extra security for network facing daemon @@ -537,6 +537,7 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/eap %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/filter %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/operator-name +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/rfc7542 # binaries @@ -790,10 +791,13 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest %changelog +* Wed Mar 06 2019 Alexander Scheel - 3.0.18-1 +- Rebased to 3.0.18 + * Sun Feb 17 2019 Igor Gnatenko - 3.0.17-6 - Rebuild for readline 8.0 -* Mon Feb 05 2019 Alexander Scheel - 3.0.17-5 +* Tue Feb 05 2019 Alexander Scheel - 3.0.17-5 - Unit file generates certificates if not present. Resolves: bz#1672284 diff --git a/sources b/sources index d4d7f35..05139aa 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (freeradius-server-3.0.17.tar.bz2) = f4510d8e77eb7c72a21fbfad851f13460ff4b5a35f0b7bea6102076ceb71188a63b277fb7e4fcd9c3033b396b63e1bf0e455cc03608d7ab1380d1662407cb399 +SHA512 (freeradius-server-3.0.18.tar.bz2) = 8083f217f77894cad057fc60edd586532a48c762ffabd5180cf075d7e9cc68871fea4c4335310da6be30a6bec58d133e0eea9f39406196d45038d54284d64584