update to freeradius-3.0.15
http://freeradius.org/security/fuzzer-2017.html
This commit is contained in:
sthen
parent
4d6ef80f0e
commit
6b6a119fb2
@ -1,4 +1,4 @@
|
||||
# $OpenBSD: Makefile,v 1.25 2017/05/31 08:08:17 espie Exp $
|
||||
# $OpenBSD: Makefile,v 1.26 2017/07/17 23:15:05 sthen Exp $
|
||||
|
||||
PORTROACH= limit:^3\.
|
||||
|
||||
@ -11,8 +11,9 @@ COMMENT-mysql= freeradius mysql rlm addon
|
||||
COMMENT-pgsql= freeradius pgsql rlm addon
|
||||
COMMENT-python= freeradius python rlm addon
|
||||
|
||||
V= 3.0.14
|
||||
V= 3.0.15
|
||||
DISTNAME= freeradius-server-$V
|
||||
EXTRACT_SUFX= .tar.bz2
|
||||
|
||||
PKGNAME-main= freeradius-$V
|
||||
PKGNAME-freetds= freeradius-freetds-$V
|
||||
@ -26,8 +27,8 @@ PKGNAME-python= freeradius-python-$V
|
||||
CATEGORIES= net security
|
||||
|
||||
MASTER_SITES= http://ftp.cc.uoc.gr/mirrors/ftp.freeradius.org/ \
|
||||
ftp://ftp.freeradius.org/pub/radius/ \
|
||||
ftp://ftp.freeradius.org/pub/radius/old/
|
||||
ftp://ftp.freeradius.org/pub/freeradius/ \
|
||||
ftp://ftp.freeradius.org/pub/freeradius/old/
|
||||
|
||||
HOMEPAGE= http://www.freeradius.org/
|
||||
|
||||
|
||||
@ -1,2 +1,2 @@
|
||||
SHA256 (freeradius-server-3.0.14.tar.gz) = /NYXTZhqlC23oN77zPb/tuaSJkqHkVZZSTq7RmwHWQk=
|
||||
SIZE (freeradius-server-3.0.14.tar.gz) = 4816144
|
||||
SHA256 (freeradius-server-3.0.15.tar.bz2) = IyZ9hQXnspCfW9vzk4ygd8H+EiKQ3JaTBNTztZT347o=
|
||||
SIZE (freeradius-server-3.0.15.tar.bz2) = 3038070
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
$OpenBSD: patch-configure,v 1.4 2017/05/23 14:35:04 sthen Exp $
|
||||
$OpenBSD: patch-configure,v 1.5 2017/07/17 23:15:05 sthen Exp $
|
||||
|
||||
Don't allow picking up collectdclient, freeradius autoconf's "smart"
|
||||
library detection doesn't offer a nice way to do it.
|
||||
@ -6,7 +6,7 @@ library detection doesn't offer a nice way to do it.
|
||||
Index: configure
|
||||
--- configure.orig
|
||||
+++ configure
|
||||
@@ -7002,7 +7002,7 @@ if test "x$smart_lib" != "x"; then
|
||||
@@ -7004,7 +7004,7 @@ if test "x$smart_lib" != "x"; then
|
||||
SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
|
||||
fi
|
||||
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-raddb_certs_bootstrap,v 1.1 2016/11/19 12:13:23 sthen Exp $
|
||||
--- raddb/certs/bootstrap.orig Sat Nov 19 11:56:33 2016
|
||||
+++ raddb/certs/bootstrap Sat Nov 19 12:03:02 2016
|
||||
@@ -32,7 +32,7 @@ fi
|
||||
# re-generate these commands.
|
||||
#
|
||||
if [ ! -f dh ]; then
|
||||
- openssl dhparam -out dh 1024 || exit 1
|
||||
+ openssl dhparam -out dh 2048 || exit 1
|
||||
if [ -e /dev/urandom ] ; then
|
||||
ln -sf /dev/urandom random
|
||||
else
|
||||
@ -1,6 +1,7 @@
|
||||
$OpenBSD: patch-raddb_radiusd_conf_in,v 1.2 2015/12/10 09:56:45 sthen Exp $
|
||||
--- raddb/radiusd.conf.in.orig Wed Apr 22 18:21:34 2015
|
||||
+++ raddb/radiusd.conf.in Thu Jun 25 16:41:33 2015
|
||||
$OpenBSD: patch-raddb_radiusd_conf_in,v 1.3 2017/07/17 23:15:05 sthen Exp $
|
||||
Index: raddb/radiusd.conf.in
|
||||
--- raddb/radiusd.conf.in.orig
|
||||
+++ raddb/radiusd.conf.in
|
||||
@@ -105,7 +105,7 @@ db_dir = ${raddbdir}
|
||||
# make
|
||||
# make install
|
||||
@ -10,7 +11,7 @@ $OpenBSD: patch-raddb_radiusd_conf_in,v 1.2 2015/12/10 09:56:45 sthen Exp $
|
||||
|
||||
# pidfile: Where to place the PID of the RADIUS server.
|
||||
#
|
||||
@@ -436,8 +436,8 @@ security {
|
||||
@@ -398,8 +398,8 @@ security {
|
||||
# member. This can allow for some finer-grained access
|
||||
# controls.
|
||||
#
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-scripts_jlibtool_c,v 1.2 2016/01/25 20:32:15 sthen Exp $
|
||||
--- scripts/jlibtool.c.orig Mon Jan 25 18:27:03 2016
|
||||
+++ scripts/jlibtool.c Mon Jan 25 20:10:16 2016
|
||||
@@ -79,7 +79,7 @@
|
||||
# define LD_LIBRARY_PATH_LOCAL "DYLD_FALLBACK_LIBRARY_PATH"
|
||||
#endif
|
||||
|
||||
-#if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || (defined(__sun) && defined(__GNUC__))
|
||||
+#if defined(__linux__) || defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__NetBSD__) || (defined(__sun) && defined(__GNUC__))
|
||||
# define SHELL_CMD "/bin/sh"
|
||||
# define DYNAMIC_LIB_EXT "so"
|
||||
# define MODULE_LIB_EXT "so"
|
||||
@ -1,28 +0,0 @@
|
||||
$OpenBSD: patch-src_lib_net_c,v 1.1.1.1 2015/11/12 12:59:37 sthen Exp $
|
||||
--- src/lib/net.c.orig Wed Nov 11 12:34:04 2015
|
||||
+++ src/lib/net.c Wed Nov 11 12:34:35 2015
|
||||
@@ -36,7 +36,9 @@ bool fr_link_layer_supported(int link_layer)
|
||||
case DLT_RAW:
|
||||
case DLT_NULL:
|
||||
case DLT_LOOP:
|
||||
+#ifdef DLT_LINUX_SLL
|
||||
case DLT_LINUX_SLL:
|
||||
+#endif
|
||||
case DLT_PFLOG:
|
||||
return true;
|
||||
|
||||
@@ -119,12 +121,14 @@ ssize_t fr_link_layer_offset(uint8_t const *data, size
|
||||
return -1;
|
||||
}
|
||||
|
||||
+#ifdef DLT_LINUX_SLL
|
||||
case DLT_LINUX_SLL:
|
||||
p += 16;
|
||||
if (((size_t)(p - data)) > len) {
|
||||
goto ood;
|
||||
}
|
||||
break;
|
||||
+#endif
|
||||
|
||||
case DLT_PFLOG:
|
||||
p += 28;
|
||||
@ -1,48 +0,0 @@
|
||||
$OpenBSD: patch-src_main_tls_c,v 1.2 2017/05/30 13:12:30 sthen Exp $
|
||||
Index: src/main/tls.c
|
||||
--- src/main/tls.c.orig
|
||||
+++ src/main/tls.c
|
||||
@@ -2031,7 +2031,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
|
||||
char cn_str[1024];
|
||||
char buf[64];
|
||||
X509 *client_cert;
|
||||
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
const STACK_OF(X509_EXTENSION) *ext_list;
|
||||
#else
|
||||
STACK_OF(X509_EXTENSION) *ext_list;
|
||||
@@ -3038,6 +3038,7 @@ post_ca:
|
||||
SSL_CTX_set_verify_depth(ctx, conf->verify_depth);
|
||||
}
|
||||
|
||||
+#ifndef LIBRESSL_VERSION_NUMBER
|
||||
/* Load randomness */
|
||||
if (conf->random_file) {
|
||||
if (!(RAND_load_file(conf->random_file, 1024*10))) {
|
||||
@@ -3045,6 +3046,7 @@ post_ca:
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
+#endif
|
||||
|
||||
/*
|
||||
* Set the cipher list if we were told to
|
||||
@@ -3166,6 +3168,7 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTI
|
||||
* Only check for certificate things if we don't have a
|
||||
* PSK query.
|
||||
*/
|
||||
+#ifdef PSK_MAX_IDENTITY_LEN
|
||||
if (conf->psk_identity) {
|
||||
if (conf->private_key_file) {
|
||||
WARN(LOG_PREFIX ": Ignoring private key file due to psk_identity being used");
|
||||
@@ -3175,7 +3178,9 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTI
|
||||
WARN(LOG_PREFIX ": Ignoring certificate file due to psk_identity being used");
|
||||
}
|
||||
|
||||
- } else {
|
||||
+ } else
|
||||
+#endif
|
||||
+ {
|
||||
if (!conf->private_key_file) {
|
||||
ERROR(LOG_PREFIX ": TLS Server requires a private key file");
|
||||
goto error;
|
||||
@ -1,9 +0,0 @@
|
||||
$OpenBSD: patch-src_tests_runtests_sh,v 1.1.1.1 2015/11/12 12:59:37 sthen Exp $
|
||||
--- src/tests/runtests.sh.orig Wed Apr 22 18:21:34 2015
|
||||
+++ src/tests/runtests.sh Thu Jun 25 16:37:42 2015
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/bin/bash
|
||||
+#!/bin/sh
|
||||
|
||||
: ${BIN_PATH=./}
|
||||
: ${PORT=12340}
|
||||
Loading…
Reference in New Issue
Block a user