main/freeradius: upgrade to 3.0.13

author: William Pitcock <nenolod@dereferenced.org> 2017-03-29 18:55:58 +0000
committer: William Pitcock <nenolod@dereferenced.org> 2017-03-29 18:55:58 +0000
commit: 6b68ea0dba2ea365ca77a7d647349f8aaafad18c (patch)
tree: 790e87327e801f76cdd027d9b741ee31818e0f42 /main/freeradius
parent: 2aed0493a021749b0f496711305db46e576ed913 (diff)
download: aports-6b68ea0dba2ea365ca77a7d647349f8aaafad18c.tar.bz2
aports-6b68ea0dba2ea365ca77a7d647349f8aaafad18c.tar.xz
3 files changed, 53 insertions, 35 deletions
diff --git a/main/freeradius/APKBUILD b/main/freeradius/APKBUILD
index aa2da5a2f6..4d867070b1 100644
--- a/main/freeradius/APKBUILD
+++ b/main/freeradius/APKBUILD
@@ -4,8 +4,8 @@
 # Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
 pkgname=freeradius
 _realname=freeradius
-pkgver=3.0.12
-pkgrel=2
+pkgver=3.0.13
+pkgrel=0
 pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server"
 url="http://freeradius.org/"
 arch="all"
@@ -29,8 +29,9 @@ source="ftp://ftp.freeradius.org/pub/freeradius/$_realname-server-$pkgver.tar.gz
 	$pkgname.initd
 
 	musl-fix-headers.patch
-	freeradius-305-default-config.patch
 	fix-scopeid.patch
+	freeradius-313-default-config.patch
+	libressl.patch
 	"
 
 _builddir="$srcdir"/$_realname-server-$pkgver
@@ -291,21 +292,10 @@ redis() {
 		|| return 1
 }
 
-md5sums="823b28430792b66fb076fe9f3aefa849  freeradius-server-3.0.12.tar.gz
-fc6693f3df5a0694610110287a28568a  freeradius.confd
-e27f11a11fa167b5185d3e11de79d3bc  freeradius.initd
-d86558365a1deea4914ed139797805b0  musl-fix-headers.patch
-f8a7b00835f2108acc06af212cede16e  freeradius-305-default-config.patch
-5171fca6629baeb274a9b17e02683163  fix-scopeid.patch"
-sha256sums="4a5af6efcf7fef08ea9bb02979200131e1332a48341c529da73bea76d3b25da0  freeradius-server-3.0.12.tar.gz
-2d5b3e1af1299373182f2c8021bdf45c29db5d82b0a077b965a16ded32cb6292  freeradius.confd
-a5208f13420c28446b85dfc48cb9193a4651c994d15cc2c9b0bc43734c66e8f0  freeradius.initd
-872aaebf86a663f819460d98924a9dc1f3e428facac6930dc98d1e442df1633f  musl-fix-headers.patch
-02cad546ffaf3f9be531cb45b96c7fb31f83c717e40ece4ff28a73c86f921f33  freeradius-305-default-config.patch
-aad4796f06a5891b3d48d6ded926ffeb7b9fa84cc1c4a1f1be76bced02694023  fix-scopeid.patch"
-sha512sums="69258da3976f75aa74a9ceb24e08bd5ae0aac2398cd8051368dea7f26a1c969f613a1c94f507e9ec3213f22a60b0b9e194dc68fe7807de501e56880b2fa52604  freeradius-server-3.0.12.tar.gz
+sha512sums="b4cb6203ca34ec459ea0f4f7960b4c5039ecd1be3de005251213ab6a9254d11fa9534b96d222eb83e6b35966aaeb6081362fd103eb73e0d76c009a655a47277f  freeradius-server-3.0.13.tar.gz
 e248159c0a44f722e405c51c8015d9ad672e42ad0d38ca28f8a051ff911aa4d3e630b9bd4543e9d610940bc4ae50c022594e219ce341b36abe85c572acad418b  freeradius.confd
 ba3c424d4eabb147c7aa3e31575a87ddb26b6a792d2a8714e73d8763e07854326a03a83991a7420246ca06bf0b93d0a6f23ec198f5e48647f9d25b40067e852a  freeradius.initd
 c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d7940c5963aed664b85da28442b388c9fb8cc27873df03b2d  musl-fix-headers.patch
-b69b899da6f80dbdb7422847536e37461315ba587a07fedc1eee28b96be7d16993b758ccd34e3a271ce2937d72c6ddff878aec61a3a4c0750deaaa959d10ed5e  freeradius-305-default-config.patch
-41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234  fix-scopeid.patch"
+41d478c0e40ff82fc36232964037c1ab8ffca9fdbb7dca02ed49319906e751c133b5d7bc7773c645cec6d9d39d1de69cba25e8d59afa8d6662563dd17f35f234  fix-scopeid.patch
+666e15a3c3e5b98ff8c3168de85b341606af5e2790af379ddec46464e9d7de14a715876a34ba1eb7fa47ddead23f7134128d591db32309db0e4acbdb6f21ef5e  freeradius-313-default-config.patch
+b80664efeab55e36880df400021e2c958f65825e55f81d618e087cee5e98f56d149e898f3162744131d3d0bd6c600715e8ddc04a28f0e720c07cc8920ea80ed4  libressl.patch"
diff --git a/main/freeradius/freeradius-305-default-config.patch b/main/freeradius/freeradius-313-default-config.patch
index ab04ad9994..9d093493f0 100644
--- a/main/freeradius/freeradius-305-default-config.patch
+++ b/main/freeradius/freeradius-313-default-config.patch
@@ -1,5 +1,5 @@
---- a/raddb/radiusd.conf.in
-+++ b/raddb/radiusd.conf.in
+--- freeradius-server-3.0.13.orig/raddb/radiusd.conf.in
++++ freeradius-server-3.0.13/raddb/radiusd.conf.in
 @@ -436,8 +436,8 @@
  	#  member.  This can allow for some finer-grained access
  	#  controls.
@@ -11,22 +11,23 @@
  
  	#  Core dumps are a bad thing.  This should only be set to
  	#  'yes' if you're debugging a problem with the server.
---- a/raddb/sites-available/default
-+++ b/raddb/sites-available/default
-@@ -343,9 +343,9 @@
- 	#  for the many packets that go back and forth to set up TTLS
- 	#  or PEAP.  The load on those servers will therefore be reduced.
+--- freeradius-server-3.0.13.orig/raddb/sites-available/default
++++ freeradius-server-3.0.13/raddb/sites-available/default
+@@ -379,10 +379,10 @@
+ 	#  uncomment it as well; this will further reduce the number of
+ 	#  LDAP and/or SQL queries for TTLS or PEAP.
  	#
 -	eap {
 -		ok = return
--	}
 +#	eap {
 +#		ok = return
+ #		updated = return
+-	}
 +#	}
  
  	#
  	#  Pull crypt'd passwords from /etc/passwd or /etc/shadow,
-@@ -486,7 +486,7 @@
+@@ -529,7 +529,7 @@
  
  	#
  	#  Allow EAP authentication.
@@ -35,7 +36,7 @@
  
  	#
  	#  The older configurations sent a number of attributes in
-@@ -792,7 +792,7 @@
+@@ -846,7 +846,7 @@
  		# Insert EAP-Failure message if the request was
  		# rejected by policy instead of because of an
  		# authentication failure
@@ -44,7 +45,7 @@
  
  		#  Remove reply message if the response contains an EAP-Message
  		remove_reply_message_if_eap
-@@ -861,7 +861,7 @@
+@@ -924,7 +924,7 @@
  	#  hidden inside of the EAP packet, and the end server will
  	#  reject the EAP request.
  	#
@@ -53,9 +54,9 @@
  
  	#
  	#  If the server tries to proxy a request and fails, then the
---- a/raddb/sites-available/inner-tunnel
-+++ b/raddb/sites-available/inner-tunnel
-@@ -116,9 +116,9 @@
+--- freeradius-server-3.0.13.orig/raddb/sites-available/inner-tunnel
++++ freeradius-server-3.0.13/raddb/sites-available/inner-tunnel
+@@ -131,9 +131,9 @@
  	#  for the many packets that go back and forth to set up TTLS
  	#  or PEAP.  The load on those servers will therefore be reduced.
  	#
@@ -68,7 +69,7 @@
  
  	#
  	#  Read the 'users' file
-@@ -227,7 +227,7 @@
+@@ -247,7 +247,7 @@
  
  	#
  	#  Allow EAP authentication.
@@ -77,7 +78,7 @@
  }
  
  ######################################################################
-@@ -393,7 +393,7 @@
+@@ -426,7 +426,7 @@
  	#  hidden inside of the EAP packet, and the end server will
  	#  reject the EAP request.
  	#
@@ -85,4 +86,4 @@
 +#	eap
  }
  
- } # inner-tunnel server block 
+ } # inner-tunnel server block
diff --git a/main/freeradius/libressl.patch b/main/freeradius/libressl.patch
new file mode 100644
index 0000000000..ab5442a8d9
--- /dev/null
+++ b/main/freeradius/libressl.patch
@@ -0,0 +1,27 @@
+--- freeradius-server-3.0.13.orig/src/main/tls.c
++++ freeradius-server-3.0.13/src/main/tls.c
+@@ -2131,7 +2131,7 @@
+ 	}
+ 
+ 	if (lookup == 0) {
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && OPENSSL_VERSION_NUMBER < 0x20000000L
+ 		ext_list = X509_get0_extensions(client_cert);
+ #else
+ 		X509_CINF	*client_inf;
+@@ -2903,6 +2903,7 @@
+ 		SSL_CTX_set_verify_depth(ctx, conf->verify_depth);
+ 	}
+ 
++#if OPENSSL_VERSION_NUMBER < 0x20000000L
+ 	/* Load randomness */
+ 	if (conf->random_file) {
+ 		if (!(RAND_load_file(conf->random_file, 1024*10))) {
+@@ -2910,6 +2911,7 @@
+ 			return NULL;
+ 		}
+ 	}
++#endif
+ 
+ 	/*
+ 	 * Set the cipher list if we were told to
author	William Pitcock <nenolod@dereferenced.org>	2017-03-29 18:55:58 +0000
committer	William Pitcock <nenolod@dereferenced.org>	2017-03-29 18:55:58 +0000
commit	6b68ea0dba2ea365ca77a7d647349f8aaafad18c (patch)
tree	790e87327e801f76cdd027d9b741ee31818e0f42 /main/freeradius
parent	2aed0493a021749b0f496711305db46e576ed913 (diff)
download	aports-6b68ea0dba2ea365ca77a7d647349f8aaafad18c.tar.bz2 aports-6b68ea0dba2ea365ca77a7d647349f8aaafad18c.tar.xz