Rebase to FreeRADIUS 3.2.5

Resolves: RHEL-46784
Signed-off-by: Antonio Torres <antorres@redhat.com>
This commit is contained in:
Antonio Torres 2024-07-09 17:06:09 +02:00
parent d8e14017e6
commit 58d6a6708a
No known key found for this signature in database
GPG Key ID: 359FAF777296F653
5 changed files with 1664 additions and 60 deletions

1
.gitignore vendored
View File

@ -42,3 +42,4 @@ freeradius-*.src.rpm
/freeradius-server-3.2.1.tar.bz2
/freeradius-server-3.2.2.tar.bz2
/freeradius-server-3.2.3.tar.bz2
/freeradius-server-3.2.5.tar.bz2

View File

@ -0,0 +1,55 @@
From: Antonio Torres <antorres@redhat.com>
Date: Wed, 10 Jul 2024
Subject: Remove OpenSSL Engine usage
Engine functionality from OpenSSL is deprecated and shouldn't be used.
Related: https://gitlab.com/redhat/centos-stream/rpms/openssl/-/merge_requests/144
Signed-off-by: Antonio Torres <antorres@redhat.com>
---
configure | 2 +-
configure.ac | 3 +--
src/include/tls-h | 3 ---
3 files changed, 2 insertions(+), 6 deletions(-)
diff --git a/configure b/configure
index 5041ca264f..5ccb061a4c 100755
--- a/configure
+++ b/configure
@@ -10515,7 +10515,7 @@ smart_prefix=
printf "%s\n" "#define HAVE_OPENSSL_SSL_H 1" >>confdefs.h
- for ac_header in openssl/asn1.h openssl/conf.h openssl/crypto.h openssl/err.h openssl/evp.h openssl/hmac.h openssl/md5.h openssl/md4.h openssl/rand.h openssl/sha.h openssl/ssl.h openssl/ocsp.h openssl/engine.h
+ for ac_header in openssl/asn1.h openssl/conf.h openssl/crypto.h openssl/err.h openssl/evp.h openssl/hmac.h openssl/md5.h openssl/md4.h openssl/rand.h openssl/sha.h openssl/ssl.h openssl/ocsp.h
do :
as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
diff --git a/configure.ac b/configure.ac
index a24a8061f6..f6074f694e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1446,8 +1446,7 @@ if test "x$WITH_OPENSSL" = xyes; then
openssl/rand.h \
openssl/sha.h \
openssl/ssl.h \
- openssl/ocsp.h \
- openssl/engine.h,
+ openssl/ocsp.h,
[ OPENSSL_CPPFLAGS="$smart_include" ],
[
AC_MSG_FAILURE([failed locating OpenSSL headers. Use --with-openssl-include-dir=<path>, or --with-openssl=no (builds without OpenSSL)])
diff --git a/src/include/tls-h b/src/include/tls-h
index 506fb19778..b195ec9fdb 100644
--- a/src/include/tls-h
+++ b/src/include/tls-h
@@ -37,9 +37,6 @@ RCSIDH(tls_h, "$Id$")
# define OPENSSL_NO_KRB5
#endif
#include <openssl/err.h>
-#ifdef HAVE_OPENSSL_ENGINE_H
-# include <openssl/engine.h>
-#endif
#include <openssl/ssl.h>
#ifdef __cplusplus

File diff suppressed because it is too large Load Diff

View File

@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server
Name: freeradius
Version: 3.2.3
Release: 7%{?dist}
Version: 3.2.5
Release: 1%{?dist}
License: GPL-2.0-or-later AND LGPL-2.0-or-later
URL: http://www.freeradius.org/
@ -31,6 +31,7 @@ Patch7: freeradius-ease-openssl-version-check.patch
Patch8: freeradius-configure-c99.patch
Patch9: freeradius-no-antora-docs.patch
Patch10: freeradius-no-sql-scripts.patch
Patch11: freeradius-disable-openssl-engine.patch
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
@ -217,6 +218,7 @@ This plugin provides the REST support for the FreeRADIUS server project.
%patch 8 -p1
%patch 9 -p1
%patch 10 -p1
%patch 11 -p1
%build
# Force compile/link options, extra security for network facing daemon
@ -225,6 +227,9 @@ This plugin provides the REST support for the FreeRADIUS server project.
# Enable FIPS support
%global build_cflags %{build_cflags} -DWITH_FIPS
# No OpenSSL Engine as it's deprecated
%global build_cflags %{build_cflags} -UHAVE_OPENSSL_ENGINE_H
%global build_ldflags %{build_ldflags} $(python3-config --embed --libs)
export PY3_LIB_DIR="$(python3-config --configdir)"
export PY3_INC_DIR="$(python3 -c 'import sysconfig; print(sysconfig.get_config_var("INCLUDEPY"))')"
@ -422,6 +427,7 @@ EOF
%config(noreplace) /etc/raddb/certs/Makefile
%config(noreplace) /etc/raddb/certs/passwords.mk
/etc/raddb/certs/README.md
/etc/raddb/certs/realms/README.md
%config(noreplace) /etc/raddb/certs/xpextensions
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/certs/*.cnf
%attr(750,root,radiusd) /etc/raddb/certs/bootstrap
@ -548,6 +554,7 @@ EOF
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/utf8
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/wimax
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/yubikey
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dpsk
# mods-enabled
# symlink: /etc/raddb/mods-enabled/xxx -> ../mods-available/xxx
@ -673,6 +680,8 @@ EOF
%{_libdir}/freeradius/rlm_utf8.so
%{_libdir}/freeradius/rlm_wimax.so
%{_libdir}/freeradius/rlm_yubikey.so
%{_libdir}/freeradius/rlm_dpsk.so
%{_libdir}/freeradius/rlm_eap_teap.so
# main man pages
%doc %{_mandir}/man5/clients.conf.5.gz
@ -903,6 +912,10 @@ EOF
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
%changelog
* Tue Jul 09 2024 Antonio Torres <antorres@redhat.com> - 3.2.5-1
- Rebase to release 3.2.5
Resolves: RHEL-46784
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.2.3-7
- Bump release for June 2024 mass rebuild

View File

@ -1 +1 @@
SHA512 (freeradius-server-3.2.3.tar.bz2) = 06767153e262a2baa2d0cc74099bc13c23b33c2316348b5dc8ec0f5834c028571bd09b8c01726a6eabeaab8fdc3050f40bfeba2d5b1c299585d1689abad365ce
SHA512 (freeradius-server-3.2.5.tar.bz2) = 55e653630674a957dcd52ae58e5fd7b5a510b84aaa80e0552bce8089221e02f652618b53753f438981472a5f47df7c8426b9a5ecda0b06ad9f4c25b23604c86b