Update to upstream release v3.0.17
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
This commit is contained in:
parent
d99a39e697
commit
7960729fb9
1
.gitignore
vendored
1
.gitignore
vendored
@ -20,3 +20,4 @@
|
||||
/freeradius-server-3.0.13.tar.bz2
|
||||
/freeradius-server-3.0.14.tar.bz2
|
||||
/freeradius-server-3.0.15.tar.bz2
|
||||
/freeradius-server-3.0.17.tar.bz2
|
||||
|
68
freeradius-OpenSSL-HMAC-MD5.patch
Normal file
68
freeradius-OpenSSL-HMAC-MD5.patch
Normal file
@ -0,0 +1,68 @@
|
||||
From b93796b1890b35a0922bfba9cd08e8a1a5f956cf Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Fri, 28 Sep 2018 09:54:46 -0400
|
||||
Subject: [PATCH 1/2] Replace HMAC-MD5 implementation with OpenSSL's
|
||||
|
||||
If OpenSSL EVP is not found, fallback to internal implementation of
|
||||
HMAC-MD5.
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
src/lib/hmacmd5.c | 34 +++++++++++++++++++++++++++++++++-
|
||||
1 file changed, 33 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/lib/hmacmd5.c b/src/lib/hmacmd5.c
|
||||
index 2c662ff368..1cca00fa2a 100644
|
||||
--- a/src/lib/hmacmd5.c
|
||||
+++ b/src/lib/hmacmd5.c
|
||||
@@ -27,10 +27,41 @@
|
||||
|
||||
RCSID("$Id: 2c662ff368e46556edd2cfdf408bd0fca0ab5f18 $")
|
||||
|
||||
+#ifdef HAVE_OPENSSL_EVP_H
|
||||
+#include <openssl/hmac.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#endif
|
||||
+
|
||||
#include <freeradius-devel/libradius.h>
|
||||
#include <freeradius-devel/md5.h>
|
||||
|
||||
-/** Calculate HMAC using MD5
|
||||
+#ifdef HAVE_OPENSSL_EVP_H
|
||||
+/** Calculate HMAC using OpenSSL's MD5 implementation
|
||||
+ *
|
||||
+ * @param digest Caller digest to be filled in.
|
||||
+ * @param text Pointer to data stream.
|
||||
+ * @param text_len length of data stream.
|
||||
+ * @param key Pointer to authentication key.
|
||||
+ * @param key_len Length of authentication key.
|
||||
+ *
|
||||
+ */
|
||||
+void fr_hmac_md5(uint8_t digest[MD5_DIGEST_LENGTH], uint8_t const *text, size_t text_len,
|
||||
+ uint8_t const *key, size_t key_len)
|
||||
+{
|
||||
+ HMAC_CTX *ctx = HMAC_CTX_new();
|
||||
+
|
||||
+#ifdef EVP_MD_CTX_FLAG_NON_FIPS_ALLOW
|
||||
+ /* Since MD5 is not allowed by FIPS, explicitly allow it. */
|
||||
+ HMAC_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
|
||||
+#endif /* EVP_MD_CTX_FLAG_NON_FIPS_ALLOW */
|
||||
+
|
||||
+ HMAC_Init_ex(ctx, key, key_len, EVP_md5(), NULL);
|
||||
+ HMAC_Update(ctx, text, text_len);
|
||||
+ HMAC_Final(ctx, digest, NULL);
|
||||
+ HMAC_CTX_free(ctx);
|
||||
+}
|
||||
+#else
|
||||
+/** Calculate HMAC using internal MD5 implementation
|
||||
*
|
||||
* @param digest Caller digest to be filled in.
|
||||
* @param text Pointer to data stream.
|
||||
@@ -101,6 +132,7 @@
|
||||
* hash */
|
||||
fr_md5_final(digest, &context); /* finish up 2nd pass */
|
||||
}
|
||||
+#endif /* HAVE_OPENSSL_EVP_H */
|
||||
|
||||
/*
|
||||
Test Vectors (Trailing '\0' of a character string not included in test):
|
73
freeradius-OpenSSL-HMAC-SHA1.patch
Normal file
73
freeradius-OpenSSL-HMAC-SHA1.patch
Normal file
@ -0,0 +1,73 @@
|
||||
From 91f663ce1b46ecd99399023ad539f158419272e7 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Fri, 28 Sep 2018 11:03:52 -0400
|
||||
Subject: [PATCH 2/2] Replace HMAC-SHA1 implementation with OpenSSL's
|
||||
|
||||
If OpenSSL EVP is not found, fallback to internal implementation of
|
||||
HMAC-SHA1.
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
src/lib/hmacsha1.c | 29 ++++++++++++++++++++++++++++-
|
||||
1 file changed, 28 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/lib/hmacsha1.c b/src/lib/hmacsha1.c
|
||||
index c3cbd87a2c..211470ea35 100644
|
||||
--- a/src/lib/hmacsha1.c
|
||||
+++ b/src/lib/hmacsha1.c
|
||||
@@ -10,13 +10,19 @@
|
||||
|
||||
RCSID("$Id: c3cbd87a2c13c47da93fdb1bdfbf6da4c22aaac5 $")
|
||||
|
||||
+#ifdef HAVE_OPENSSL_EVP_H
|
||||
+#include <openssl/hmac.h>
|
||||
+#include <openssl/evp.h>
|
||||
+#endif
|
||||
+
|
||||
#include <freeradius-devel/libradius.h>
|
||||
|
||||
#ifdef HMAC_SHA1_DATA_PROBLEMS
|
||||
unsigned int sha1_data_problems = 0;
|
||||
#endif
|
||||
|
||||
-/** Calculate HMAC using SHA1
|
||||
+#ifdef HAVE_OPENSSL_EVP_H
|
||||
+/** Calculate HMAC using OpenSSL's SHA1 implementation
|
||||
*
|
||||
* @param digest Caller digest to be filled in.
|
||||
* @param text Pointer to data stream.
|
||||
@@ -28,6 +34,26 @@
|
||||
void fr_hmac_sha1(uint8_t digest[SHA1_DIGEST_LENGTH], uint8_t const *text, size_t text_len,
|
||||
uint8_t const *key, size_t key_len)
|
||||
{
|
||||
+ HMAC_CTX *ctx = HMAC_CTX_new();
|
||||
+ HMAC_Init_ex(ctx, key, key_len, EVP_sha1(), NULL);
|
||||
+ HMAC_Update(ctx, text, text_len);
|
||||
+ HMAC_Final(ctx, digest, NULL);
|
||||
+ HMAC_CTX_free(ctx);
|
||||
+}
|
||||
+
|
||||
+#else
|
||||
+
|
||||
+/** Calculate HMAC using internal SHA1 implementation
|
||||
+ *
|
||||
+ * @param digest Caller digest to be filled in.
|
||||
+ * @param text Pointer to data stream.
|
||||
+ * @param text_len length of data stream.
|
||||
+ * @param key Pointer to authentication key.
|
||||
+ * @param key_len Length of authentication key.
|
||||
+ */
|
||||
+void fr_hmac_sha1(uint8_t digest[SHA1_DIGEST_LENGTH], uint8_t const *text, size_t text_len,
|
||||
+ uint8_t const *key, size_t key_len)
|
||||
+{
|
||||
fr_sha1_ctx context;
|
||||
uint8_t k_ipad[65]; /* inner padding - key XORd with ipad */
|
||||
uint8_t k_opad[65]; /* outer padding - key XORd with opad */
|
||||
@@ -142,6 +168,7 @@
|
||||
}
|
||||
#endif
|
||||
}
|
||||
+#endif /* HAVE_OPENSSL_EVP_H */
|
||||
|
||||
/*
|
||||
Test Vectors (Trailing '\0' of a character string not included in test):
|
64
freeradius-python2-shebangs.patch
Normal file
64
freeradius-python2-shebangs.patch
Normal file
@ -0,0 +1,64 @@
|
||||
From b8a6ac05977845851f02151ca35c3a51e88bd534 Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Thu, 18 Oct 2018 12:40:53 -0400
|
||||
Subject: [PATCH] Clarify shebangs to be python2
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
scripts/radtee | 2 +-
|
||||
src/modules/rlm_python/example.py | 2 +-
|
||||
src/modules/rlm_python/prepaid.py | 2 +-
|
||||
src/modules/rlm_python/radiusd.py | 2 +-
|
||||
src/modules/rlm_python/radiusd_test.py | 2 +-
|
||||
5 files changed, 5 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/scripts/radtee b/scripts/radtee
|
||||
index 123769d244..78b4bcbe0b 100755
|
||||
--- a/scripts/radtee
|
||||
+++ b/scripts/radtee
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/bin/env python
|
||||
+#!/usr/bin/env python2
|
||||
from __future__ import with_statement
|
||||
|
||||
# RADIUS comparison tee v1.0
|
||||
diff --git a/src/modules/rlm_python/example.py b/src/modules/rlm_python/example.py
|
||||
index 5950a07678..eaf456e349 100644
|
||||
--- a/src/modules/rlm_python/example.py
|
||||
+++ b/src/modules/rlm_python/example.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#! /usr/bin/env python
|
||||
+#! /usr/bin/env python2
|
||||
#
|
||||
# Python module example file
|
||||
# Miguel A.L. Paraz <mparaz@mparaz.com>
|
||||
diff --git a/src/modules/rlm_python/prepaid.py b/src/modules/rlm_python/prepaid.py
|
||||
index c3cbf57b8f..3b1dc2e2e8 100644
|
||||
--- a/src/modules/rlm_python/prepaid.py
|
||||
+++ b/src/modules/rlm_python/prepaid.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#! /usr/bin/env python
|
||||
+#! /usr/bin/env python2
|
||||
#
|
||||
# Example Python module for prepaid usage using MySQL
|
||||
|
||||
diff --git a/src/modules/rlm_python/radiusd.py b/src/modules/rlm_python/radiusd.py
|
||||
index c535bb3caf..7129923994 100644
|
||||
--- a/src/modules/rlm_python/radiusd.py
|
||||
+++ b/src/modules/rlm_python/radiusd.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#! /usr/bin/env python
|
||||
+#! /usr/bin/env python2
|
||||
#
|
||||
# Definitions for RADIUS programs
|
||||
#
|
||||
diff --git a/src/modules/rlm_python/radiusd_test.py b/src/modules/rlm_python/radiusd_test.py
|
||||
index 13b7128b29..97b5b64f08 100644
|
||||
--- a/src/modules/rlm_python/radiusd_test.py
|
||||
+++ b/src/modules/rlm_python/radiusd_test.py
|
||||
@@ -1,4 +1,4 @@
|
||||
-#! /usr/bin/env python
|
||||
+#! /usr/bin/env python2
|
||||
#
|
||||
# Python module test
|
||||
# Miguel A.L. Paraz <mparaz@mparaz.com>
|
@ -1,7 +1,7 @@
|
||||
Summary: High-performance and highly configurable free RADIUS server
|
||||
Name: freeradius
|
||||
Version: 3.0.15
|
||||
Release: 18%{?dist}
|
||||
Version: 3.0.17
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+ and LGPLv2+
|
||||
Group: System Environment/Daemons
|
||||
URL: http://www.freeradius.org/
|
||||
@ -25,6 +25,9 @@ Patch1: freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch
|
||||
Patch2: freeradius-Use-system-crypto-policy-by-default.patch
|
||||
Patch3: freeradius-man-Fix-some-typos.patch
|
||||
Patch4: freeradius-Add-missing-option-descriptions.patch
|
||||
Patch5: freeradius-OpenSSL-HMAC-MD5.patch
|
||||
Patch6: freeradius-OpenSSL-HMAC-SHA1.patch
|
||||
Patch7: freeradius-python2-shebangs.patch
|
||||
|
||||
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
||||
|
||||
@ -205,6 +208,9 @@ This plugin provides the REST support for the FreeRADIUS server project.
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
|
||||
%build
|
||||
# Force compile/link options, extra security for network facing daemon
|
||||
@ -213,6 +219,7 @@ This plugin provides the REST support for the FreeRADIUS server project.
|
||||
%configure \
|
||||
--libdir=%{_libdir}/freeradius \
|
||||
--disable-openssl-version-check \
|
||||
--with-openssl \
|
||||
--with-udpfromto \
|
||||
--with-threads \
|
||||
--with-docdir=%{docdir} \
|
||||
@ -518,7 +525,6 @@ exit 0
|
||||
%config(missingok) /etc/raddb/mods-enabled/date
|
||||
%config(missingok) /etc/raddb/mods-enabled/detail
|
||||
%config(missingok) /etc/raddb/mods-enabled/detail.log
|
||||
%config(missingok) /etc/raddb/mods-enabled/dhcp
|
||||
%config(missingok) /etc/raddb/mods-enabled/digest
|
||||
%config(missingok) /etc/raddb/mods-enabled/dynamic_clients
|
||||
%config(missingok) /etc/raddb/mods-enabled/eap
|
||||
@ -765,7 +771,6 @@ exit 0
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/postgresql/schema.sql
|
||||
|
||||
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/postgresql/extras
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/postgresql/extras/update_radacct_group.sql
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/postgresql/extras/voip-postpaid.conf
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/postgresql/extras/cisco_h323_db_schema.sql
|
||||
|
||||
@ -808,6 +813,11 @@ exit 0
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
|
||||
|
||||
%changelog
|
||||
* Thu Oct 18 2018 Alexander Scheel <ascheel@redhat.com> - 3.0.17-1
|
||||
- Update to FreeRADIUS server version 3.0.17
|
||||
- Adds OpenSSL HMAC patches from upstream (unreleased)
|
||||
- Adds Python2 shebang patches from upstream (unreleased)
|
||||
|
||||
* Mon Sep 17 2018 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.15-18
|
||||
- Actually apply patches added previously.
|
||||
Related: Bug#1611286 Man page scan results for freeradius
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (freeradius-server-3.0.15.tar.bz2) = a2808f0b70b73f11c4c7d00edcb4a56a2ab8f73ce0ff74a9834c8b613ce5ed75ece372f852b0891f68c6a33f50c1bababb76d2eff9326a7fc29fe6b45ec9af88
|
||||
SHA512 (freeradius-server-3.0.17.tar.bz2) = f4510d8e77eb7c72a21fbfad851f13460ff4b5a35f0b7bea6102076ceb71188a63b277fb7e4fcd9c3033b396b63e1bf0e455cc03608d7ab1380d1662407cb399
|
||||
|
Loading…
Reference in New Issue
Block a user