Rebuild for OpenSSL rebase to 3.2.1

Comment out unneeded options from mods-available/eap
These options are lefotvers from before the OpenSSL3 support backport. They do not harm FreeRADIUS functioning but print warnings on server startup. Resolves: RHEL-30830 Signed-off-by: Antonio Torres <antorres@redhat.com>
2024-04-25 01:39:23 +00:00 · 2024-04-01 14:20:35 +02:00
3 changed files with 37 additions and 2 deletions
--- a/.freeradius.metadata
+++ b/.freeradius.metadata
@ -0,0 +1 @@
+3d90d63bf1452794cf9d0b04147745a254872c3f freeradius-server-3.0.21.tar.bz2
--- a/freeradius-Backport-OpenSSL3-fixes.patch
+++ b/freeradius-Backport-OpenSSL3-fixes.patch
@ -11,7 +11,9 @@ Signed-off-by: Antonio Torres <antorres@redhat.com>
 to work on top of OpenSSL 3.0 when the system is in FIPS mode. We enable this macro on the specfile.
 [antorres@redhat.com]: backported tls.c, tls-h changes from 3.2.x branch.
 [antorres@redhat.com]: the sites-available/tls file has been modified to add the fix_cert_order option.
+[antorres@redhat.com]: mods-available/eap has been modified to comment out 'disable_tlsv1' and 'dh_file' options.
 ---
+ raddb/mods-available/eap                           |    6 +-
 raddb/sites-available/tls                          |    8 +
 share/dictionary.freeradius.internal               |   54 +-
 src/include/build.h                                |   25 +-
@ -68,8 +70,32 @@ to work on top of OpenSSL 3.0 when the system is in FIPS mode. We enable this ma
 src/modules/rlm_wimax/milenage.h                   |  128 ++
 src/modules/rlm_wimax/rlm_wimax.c                  |  429 ++++-
 src/tests/keywords/md4                             |   58 +
- 56 files changed, 6029 insertions(+), 1196 deletions(-)
+ 57 files changed, 6032 insertions(+), 1199 deletions(-)

+diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
+index a89a783663..bf73485e3c 100644
+--- a/raddb/mods-available/eap
+++ b/raddb/mods-available/eap
+@@ -281,7 +281,7 @@ eap {
+ 		#
+ 		#    openssl dhparam -out certs/dh 2048
+ 		#
+-		dh_file = ${certdir}/dh
+	#	dh_file = ${certdir}/dh
+ 
+ 		#  If your system doesn't have /dev/urandom,
+ 		#  you will need to create this file, and
+@@ -392,8 +392,8 @@ eap {
+ 		#  tls_max_version.
+ 		#
+ 	#	disable_tlsv1_2 = no
+-		disable_tlsv1_1 = yes
+-		disable_tlsv1 = yes
+	#	disable_tlsv1_1 = yes
+	#	disable_tlsv1 = yes
+ 
+ 		#  Set min / max TLS version.  Mainly for Debian
+ 		#  "trusty", which disables older versions of TLS, and
 diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
 index e2a3b080ca..25a10b6364 100644
 --- a/raddb/sites-available/tls
--- a/freeradius.spec
+++ b/freeradius.spec
@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 3.0.21
-Release: 39%{?dist}
+Release: 41%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: http://www.freeradius.org/

@ -864,6 +864,14 @@ EOF
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest

 %changelog
+* Wed Apr 24 2024 Antonio Torres <antorres@redhat.com> - 3.0.21-41
+- Rebuild for OpenSSL rebase to 3.2.1
+  Resolves: RHEL-33857
+
+* Mon Apr 01 2024 Antonio Torres <antorres@redhat.com> - 3.0.21-40
+- Comment out unneeded options from mods-available/eap
+  Resolves: RHEL-30830
+
 * Mon Nov 06 2023 Antonio Torres <antorres@redhat.com> - 3.0.21-39
 - Fix Python3.8+ library name suffix
  Resolves: #15503
				`@ -0,0 +1 @@`
				`3d90d63bf1452794cf9d0b04147745a254872c3f freeradius-server-3.0.21.tar.bz2`