rpms
/
freeradius
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Comment out unneeded options from mods-available/eap 

These options are lefotvers from before the OpenSSL3 support backport.
They do not harm FreeRADIUS functioning but print warnings on server
startup.

Resolves: RHEL-30830
Signed-off-by: Antonio Torres <antorres@redhat.com>
This commit is contained in:
Antonio Torres 2024-04-01 14:11:48 +02:00
parent 90f6cd6efb
commit 5e110dfcd8
No known key found for this signature in database
GPG Key ID: 359FAF777296F653
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
freeradius-Backport-OpenSSL3-fixes.patch
View File

@ -11,7 +11,9 @@ Signed-off-by: Antonio Torres <antorres@redhat.com>
to work on top of OpenSSL 3.0 when the system is in FIPS mode. We enable this macro on the specfile. to work on top of OpenSSL 3.0 when the system is in FIPS mode. We enable this macro on the specfile.
[antorres@redhat.com]: backported tls.c, tls-h changes from 3.2.x branch. [antorres@redhat.com]: backported tls.c, tls-h changes from 3.2.x branch.
[antorres@redhat.com]: the sites-available/tls file has been modified to add the fix_cert_order option. [antorres@redhat.com]: the sites-available/tls file has been modified to add the fix_cert_order option.
[antorres@redhat.com]: mods-available/eap has been modified to comment out 'disable_tlsv1' and 'dh_file' options.
--- ---
raddb/mods-available/eap | 6 +-
raddb/sites-available/tls | 8 + raddb/sites-available/tls | 8 +
share/dictionary.freeradius.internal | 54 +- share/dictionary.freeradius.internal | 54 +-
src/include/build.h | 25 +- src/include/build.h | 25 +-
@ -68,8 +70,32 @@ to work on top of OpenSSL 3.0 when the system is in FIPS mode. We enable this ma
src/modules/rlm_wimax/milenage.h | 128 ++ src/modules/rlm_wimax/milenage.h | 128 ++
src/modules/rlm_wimax/rlm_wimax.c | 429 ++++- src/modules/rlm_wimax/rlm_wimax.c | 429 ++++-
src/tests/keywords/md4 | 58 + src/tests/keywords/md4 | 58 +
56 files changed, 6029 insertions(+), 1196 deletions(-) 57 files changed, 6032 insertions(+), 1199 deletions(-)
diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
index a89a783663..bf73485e3c 100644
--- a/raddb/mods-available/eap
+++ b/raddb/mods-available/eap
@@ -281,7 +281,7 @@ eap {
#
# openssl dhparam -out certs/dh 2048
#
- dh_file = ${certdir}/dh
+ # dh_file = ${certdir}/dh
# If your system doesn't have /dev/urandom,
# you will need to create this file, and
@@ -392,8 +392,8 @@ eap {
# tls_max_version.
#
# disable_tlsv1_2 = no
- disable_tlsv1_1 = yes
- disable_tlsv1 = yes
+ # disable_tlsv1_1 = yes
+ # disable_tlsv1 = yes
# Set min / max TLS version. Mainly for Debian
# "trusty", which disables older versions of TLS, and
diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
index e2a3b080ca..25a10b6364 100644 index e2a3b080ca..25a10b6364 100644
--- a/raddb/sites-available/tls --- a/raddb/sites-available/tls

6
freeradius.spec
View File

@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server Summary: High-performance and highly configurable free RADIUS server
Name: freeradius Name: freeradius
Version: 3.0.21 Version: 3.0.21
Release: 39%{?dist} Release: 40%{?dist}
License: GPLv2+ and LGPLv2+ License: GPLv2+ and LGPLv2+
URL: http://www.freeradius.org/ URL: http://www.freeradius.org/
@ -864,6 +864,10 @@ EOF
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
%changelog %changelog
* Mon Apr 01 2024 Antonio Torres <antorres@redhat.com> - 3.0.21-40
- Comment out unneeded options from mods-available/eap
Resolves: RHEL-30830
* Mon Nov 06 2023 Antonio Torres <antorres@redhat.com> - 3.0.21-39 * Mon Nov 06 2023 Antonio Torres <antorres@redhat.com> - 3.0.21-39
- Fix Python3.8+ library name suffix - Fix Python3.8+ library name suffix
Resolves: #15503 Resolves: #15503