update to freeradius-3.2.1

2022-10-04 11:10:27 +00:00 · 2022-10-04 11:10:27 +00:00 · 6c1df0eca5
commit 6c1df0eca5
parent 6dea72d242
7 changed files with 41 additions and 31 deletions
--- a/net/freeradius/Makefile
+++ b/net/freeradius/Makefile
@ -8,7 +8,7 @@ COMMENT-pgsql=	freeradius pgsql rlm addon
 COMMENT-python=	freeradius python rlm addon
 COMMENT-python3= freeradius python3 rlm addon (experimental)

-V=		3.2.0
+V=		3.2.1
 DISTNAME=	freeradius-server-$V
 EXTRACT_SUFX=	.tar.bz2

--- a/net/freeradius/distinfo
+++ b/net/freeradius/distinfo
@ -1,2 +1,2 @@
-SHA256 (freeradius-server-3.2.0.tar.bz2) = owcc14/8tHBiF1Ydgi7kx2Da6yd6Y/NqnxHUEsPDnlY=
-SIZE (freeradius-server-3.2.0.tar.bz2) = 3399380
+SHA256 (freeradius-server-3.2.1.tar.bz2) = Ms1OrjwkryiTql/v9kO8msB1U0Gyt+jdYixumiPp8lY=
+SIZE (freeradius-server-3.2.1.tar.bz2) = 3399164
--- a/net/freeradius/patches/patch-configure
+++ b/net/freeradius/patches/patch-configure
@ -4,12 +4,12 @@ library detection doesn't offer a nice way to do it.
 Index: configure
 --- configure.orig
 +++ configure
-@@ -8467,7 +8467,7 @@ if test "x$smart_lib" != "x"; then
+@@ -7370,7 +7370,7 @@ if test "x$smart_lib" != "x"; then
   SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
 fi
 
 -if test "x$ac_cv_lib_collectdclient_lcc_connect" != "xyes"; then
 +if true || test "x$ac_cv_lib_collectdclient_lcc_connect" != "xyes"; then
-   { printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: collectdclient library not found. Use --with-collectdclient-lib-dir=<path>." >&5
- printf "%s\n" "$as_me: WARNING: collectdclient library not found. Use --with-collectdclient-lib-dir=<path>." >&2;}
+   { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: collectdclient library not found. Use --with-collectdclient-lib-dir=<path>." >&5
+ $as_echo "$as_me: WARNING: collectdclient library not found. Use --with-collectdclient-lib-dir=<path>." >&2;}
 else
--- a/net/freeradius/patches/patch-scripts_libtool_mk
+++ b/net/freeradius/patches/patch-scripts_libtool_mk
@ -1,8 +1,9 @@
 Don't hide command lines.

--- scripts/libtool.mk.orig	Wed Nov 11 15:50:54 2015
-+++ scripts/libtool.mk	Wed Nov 11 15:51:19 2015
-@@ -69,11 +69,11 @@ clean: .libs_clean
+Index: scripts/libtool.mk
+--- scripts/libtool.mk.orig
+++ scripts/libtool.mk
+@@ -74,11 +74,11 @@ clean: .libs_clean
 # Re-define compilers and linkers
 #
 OBJ_EXT = lo
--- a/net/freeradius/patches/patch-src_main_tls_c
+++ b/net/freeradius/patches/patch-src_main_tls_c
@ -1,7 +1,7 @@
 Index: src/main/tls.c
 --- src/main/tls.c.orig
 +++ src/main/tls.c
-@@ -684,7 +684,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls
+@@ -688,7 +688,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls
 				/*
 				 * Swap empty store with the old one.
 				 */
@ -10,7 +10,7 @@ Index: src/main/tls.c
 				conf->old_x509_store = SSL_CTX_get_cert_store(conf->ctx);
 				/* Bump refcnt so the store is kept allocated till next store replacement */
 				X509_STORE_up_ref(conf->old_x509_store);
-@@ -1423,7 +1423,7 @@ void tls_session_information(tls_session_t *tls_sessio
+@@ -1427,7 +1427,7 @@ void tls_session_information(tls_session_t *tls_sessio
 					if ((SSL_version(tls_session->ssl) > tls_session->conf->max_version) &&
 					    (rad_debug_lvl > 0)) {
 						WARN("TLS 1.3 has been negotiated even though it was disabled.  This is an OpenSSL Bug.");
@ -19,7 +19,7 @@ Index: src/main/tls.c
 					}
 #endif
 					break;
-@@ -2024,7 +2024,7 @@ done:
+@@ -2034,7 +2034,7 @@ done:
 	return 0;
 }
 
@ -28,7 +28,7 @@ Index: src/main/tls.c
 static SSL_SESSION *cbtls_get_session(SSL *ssl, unsigned char *data, int len, int *copy)
 #else
 static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int len, int *copy)
-@@ -2408,7 +2408,7 @@ static int cbtls_cache_refresh(SSL *ssl, SSL_SESSION *
+@@ -2418,7 +2418,7 @@ static int cbtls_cache_refresh(SSL *ssl, SSL_SESSION *
 	return 0;
 }
 
@ -37,7 +37,7 @@ Index: src/main/tls.c
 static SSL_SESSION *cbtls_cache_load(SSL *ssl, unsigned char *data, int len, int *copy)
 #else
 static SSL_SESSION *cbtls_cache_load(SSL *ssl, const unsigned char *data, int len, int *copy)
-@@ -2944,7 +2944,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+@@ -2954,7 +2954,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 	char		cn_str[1024];
 	char		buf[64];
 	X509		*client_cert;
@ -46,7 +46,7 @@ Index: src/main/tls.c
 	const STACK_OF(X509_EXTENSION) *ext_list;
 #else
 	STACK_OF(X509_EXTENSION) *ext_list;
-@@ -3162,7 +3162,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+@@ -3182,7 +3182,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 	}
 
 	if (lookup == 0) {
@ -55,7 +55,7 @@ Index: src/main/tls.c
 		ext_list = X509_get0_extensions(client_cert);
 #else
 		X509_CINF	*client_inf;
-@@ -3215,7 +3215,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
+@@ -3235,7 +3235,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
 				value[0] = '0';
 				value[1] = 'x';
 				const unsigned char *srcp;
@ -64,7 +64,16 @@ Index: src/main/tls.c
 				const ASN1_STRING *srcasn1p;
 				srcasn1p = X509_EXTENSION_get_data(ext);
 				srcp = ASN1_STRING_get0_data(srcasn1p);
-@@ -4239,6 +4239,7 @@ post_ca:
+@@ -4253,7 +4253,7 @@ post_ca:
+ 		}
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
+#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER) /* SSL_CTX_set1_sigalgs_list */
+ 	if (conf->sigalgs_list) {
+ 		char *list;
+ 
+@@ -4272,6 +4272,7 @@ post_ca:
 	 *	Because saying "use TLS 1.1" isn't enough.  We have to
 	 *	send it flowers and cake.
 	 */
@ -72,7 +81,7 @@ Index: src/main/tls.c
 	if (min_version <= TLS1_1_VERSION) {
 #if OPENSSL_VERSION_NUMBER >= 0x10101000L
 		int seclevel = SSL_CTX_get_security_level(ctx);
-@@ -4264,6 +4265,7 @@ post_ca:
+@@ -4297,6 +4298,7 @@ post_ca:
 		}
 #endif
 	}
--- a/net/freeradius/patches/patch-src_modules_stable
+++ b/net/freeradius/patches/patch-src_modules_stable
@ -1,11 +0,0 @@
-Index: src/modules/stable
--- src/modules/stable.orig
-+++ src/modules/stable
-@@ -25,6 +25,7 @@ rlm_passwd
- rlm_perl
- rlm_preprocess
- rlm_python
-+rlm_python3
- rlm_radutmp
- rlm_realm
- rlm_rest
--- a/net/freeradius/pkg/PLIST-main
+++ b/net/freeradius/pkg/PLIST-main
@ -227,6 +227,7 @@ share/doc/freeradius/deployment/performance-testing
 share/doc/freeradius/deployment/supervise-radiusd.rst
 share/doc/freeradius/deployment/tuning_guide
 share/doc/freeradius/developer/
+share/doc/freeradius/developer/autotools.md
 share/doc/freeradius/developer/coding-methods.rst
 share/doc/freeradius/developer/contributing.rst
 share/doc/freeradius/developer/module_interface.rst
@ -554,6 +555,10 @@ share/examples/freeradius/mods-config/preprocess/hints
@sample ${FREERADIUS_ETC}/mods-config/preprocess/hints
 share/examples/freeradius/mods-config/preprocess/huntgroups
@sample ${FREERADIUS_ETC}/mods-config/preprocess/huntgroups
+share/examples/freeradius/mods-config/realm/
+@sample ${FREERADIUS_ETC}/mods-config/realm/
+share/examples/freeradius/mods-config/realm/freeradius-naptr-to-home-server.sh
+@sample ${FREERADIUS_ETC}/mods-config/realm/freeradius-naptr-to-home-server.sh
 share/examples/freeradius/mods-config/sql/
@sample ${FREERADIUS_ETC}/mods-config/sql/
 share/examples/freeradius/mods-config/sql/counter/
@ -614,8 +619,10 @@ share/examples/freeradius/mods-config/sql/main/
@comment @sample ${FREERADIUS_ETC}/mods-config/sql/main/mongo/queries.conf
 share/examples/freeradius/mods-config/sql/main/sqlite/
@sample ${FREERADIUS_ETC}/mods-config/sql/main/sqlite/
-share/examples/freeradius/mods-config/sql/main/sqlite/process-radacct-refresh.sh
-@sample ${FREERADIUS_ETC}/mods-config/sql/main/sqlite/process-radacct-refresh.sh
+share/examples/freeradius/mods-config/sql/main/sqlite/process-radacct-close-after-reload.pl
+@sample ${FREERADIUS_ETC}/mods-config/sql/main/sqlite/process-radacct-close-after-reload.pl
+share/examples/freeradius/mods-config/sql/main/sqlite/process-radacct-new-data-usage-period.sh
+@sample ${FREERADIUS_ETC}/mods-config/sql/main/sqlite/process-radacct-new-data-usage-period.sh
 share/examples/freeradius/mods-config/sql/main/sqlite/process-radacct-schema.sql
@sample ${FREERADIUS_ETC}/mods-config/sql/main/sqlite/process-radacct-schema.sql
 share/examples/freeradius/mods-config/sql/main/sqlite/queries.conf
@ -703,6 +710,8 @@ share/examples/freeradius/sites-available/abfab-tls
@sample ${FREERADIUS_ETC}/sites-available/abfab-tls
 share/examples/freeradius/sites-available/abfab-tr-idp
@sample ${FREERADIUS_ETC}/sites-available/abfab-tr-idp
+share/examples/freeradius/sites-available/aws-nlb
+@sample ${FREERADIUS_ETC}/sites-available/aws-nlb
 share/examples/freeradius/sites-available/buffered-sql
@sample ${FREERADIUS_ETC}/sites-available/buffered-sql
 share/examples/freeradius/sites-available/challenge
@ -813,6 +822,7 @@ share/freeradius/dictionary.camiant
 share/freeradius/dictionary.centec
 share/freeradius/dictionary.checkpoint
 share/freeradius/dictionary.chillispot
+share/freeradius/dictionary.ciena
 share/freeradius/dictionary.cisco
 share/freeradius/dictionary.cisco.asa
 share/freeradius/dictionary.cisco.bbsm
@ -894,6 +904,7 @@ share/freeradius/dictionary.netelastic
 share/freeradius/dictionary.netscreen
 share/freeradius/dictionary.networkphysics
 share/freeradius/dictionary.nexans
+share/freeradius/dictionary.nile
 share/freeradius/dictionary.nokia
 share/freeradius/dictionary.nokia.conflict
 share/freeradius/dictionary.nomadix