Rebuild for OpenSSL rebase to 3.2.1

Comment out unneeded options from mods-available/eap
These options are lefotvers from before the OpenSSL3 support backport. They do not harm FreeRADIUS functioning but print warnings on server startup. Resolves: RHEL-30830 Signed-off-by: Antonio Torres <antorres@redhat.com>
2024-04-25 01:39:23 +00:00 · 2024-04-01 14:20:35 +02:00
3 changed files with 37 additions and 2 deletions
--- a/.freeradius.metadata
+++ b/.freeradius.metadata
@ -0,0 +1 @@
 3d90d63bf1452794cf9d0b04147745a254872c3f freeradius-server-3.0.21.tar.bz2
--- a/freeradius-Backport-OpenSSL3-fixes.patch
+++ b/freeradius-Backport-OpenSSL3-fixes.patch
@ -11,7 +11,9 @@ Signed-off-by: Antonio Torres <antorres@redhat.com>
 to work on top of OpenSSL 3.0 when the system is in FIPS mode. We enable this macro on the specfile.
 [antorres@redhat.com]: backported tls.c, tls-h changes from 3.2.x branch.
 [antorres@redhat.com]: the sites-available/tls file has been modified to add the fix_cert_order option.
 [antorres@redhat.com]: mods-available/eap has been modified to comment out 'disable_tlsv1' and 'dh_file' options.
 ---
 raddb/mods-available/eap                           |    6 +-
 raddb/sites-available/tls                          |    8 +
 share/dictionary.freeradius.internal               |   54 +-
 src/include/build.h                                |   25 +-
@ -68,8 +70,32 @@ to work on top of OpenSSL 3.0 when the system is in FIPS mode. We enable this ma
 src/modules/rlm_wimax/milenage.h                   |  128 ++
 src/modules/rlm_wimax/rlm_wimax.c                  |  429 ++++-
 src/tests/keywords/md4                             |   58 +
- 56 files changed, 6029 insertions(+), 1196 deletions(-)
+ 57 files changed, 6032 insertions(+), 1199 deletions(-)
 diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
 index a89a783663..bf73485e3c 100644
 --- a/raddb/mods-available/eap
 +++ b/raddb/mods-available/eap
@@ -281,7 +281,7 @@ eap {
 		#
 		#    openssl dhparam -out certs/dh 2048
 		#
 -		dh_file = ${certdir}/dh
 +	#	dh_file = ${certdir}/dh
 		#  If your system doesn't have /dev/urandom,
 		#  you will need to create this file, and
@@ -392,8 +392,8 @@ eap {
 		#  tls_max_version.
 		#
 	#	disable_tlsv1_2 = no
 -		disable_tlsv1_1 = yes
 -		disable_tlsv1 = yes
 +	#	disable_tlsv1_1 = yes
 +	#	disable_tlsv1 = yes
 		#  Set min / max TLS version.  Mainly for Debian
 		#  "trusty", which disables older versions of TLS, and
 diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
 index e2a3b080ca..25a10b6364 100644
 --- a/raddb/sites-available/tls
--- a/freeradius.spec
+++ b/freeradius.spec
@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 3.0.21
-Release: 39%{?dist}
+Release: 41%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: http://www.freeradius.org/
@ -864,6 +864,14 @@ EOF
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
 %changelog
 * Wed Apr 24 2024 Antonio Torres <antorres@redhat.com> - 3.0.21-41
 - Rebuild for OpenSSL rebase to 3.2.1
  Resolves: RHEL-33857
 * Mon Apr 01 2024 Antonio Torres <antorres@redhat.com> - 3.0.21-40
 - Comment out unneeded options from mods-available/eap
  Resolves: RHEL-30830
 * Mon Nov 06 2023 Antonio Torres <antorres@redhat.com> - 3.0.21-39
 - Fix Python3.8+ library name suffix
  Resolves: #15503
		`@ -0,0 +1 @@`
							`3d90d63bf1452794cf9d0b04147745a254872c3f freeradius-server-3.0.21.tar.bz2`