summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2023-11-01 14:56:57 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2023-11-01 14:56:57 +0000
commit0aa0028b56fe6c53e00c56412e396abf2df6b66f (patch)
tree6c94856a99f84f5928d7f971437597dc6f9b03b0
parentMerging upstream version 3.2.3+dfsg. (diff)
downloadfreeradius-0aa0028b56fe6c53e00c56412e396abf2df6b66f.tar.xz
freeradius-0aa0028b56fe6c53e00c56412e396abf2df6b66f.zip
Merging debian version 3.2.3+dfsg-1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/changelog18
-rw-r--r--debian/control3
-rw-r--r--debian/freeradius-config.postinst2
-rw-r--r--debian/freeradius-redis.install1
-rw-r--r--debian/patches/0009-dhcp-sqlipool-Comment-out-mysql.patch1
-rw-r--r--debian/patches/debian-local/0010-version.c-disable-openssl-version-check.patch1
-rw-r--r--debian/patches/disable-dhcp-bydefault.diff12
-rw-r--r--debian/patches/fix-intermediate-ca.patch33
-rw-r--r--debian/patches/fix-ttls-mschapv2.patch40
-rw-r--r--debian/patches/series3
-rw-r--r--debian/patches/snakeoil-certs.diff4
11 files changed, 25 insertions, 93 deletions
diff --git a/debian/changelog b/debian/changelog
index 7096a53..7736d04 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+freeradius (3.2.3+dfsg-1) unstable; urgency=medium
+
+ * New upstream version 3.2.3+dfsg (Closes: #1032572)
+ - Drop patches applied upstream
+ - d/freeradius-redis.install: Include new rlm_cache_redis module
+ - Unfuzz d/p/snakeoil-certs.diff
+ * Bump Standards-Version, no changes necessary
+ * Drop obsolete lsb-base dependency
+
+ -- Bernhard Schmidt <berni@debian.org> Fri, 23 Jun 2023 20:20:19 +0200
+
freeradius (3.2.2+dfsg-1~exp1~progress7+u1) graograman-backports; urgency=medium
* Initial upload to graograman-backports.
@@ -15,6 +26,13 @@ freeradius (3.2.2+dfsg-1~exp1) experimental; urgency=medium
-- Bernhard Schmidt <berni@debian.org> Sat, 11 Mar 2023 21:49:25 +0100
+freeradius (3.2.1+dfsg-4) unstable; urgency=medium
+
+ * Don't install symlink for cache_eap module no longer shipped
+ (Closes: #1035853)
+
+ -- Bernhard Schmidt <berni@debian.org> Tue, 16 May 2023 00:04:23 +0200
+
freeradius (3.2.1+dfsg-3) unstable; urgency=medium
* Cherry-pick upstream patch to fix partical CA support (Closes: #1032590)
diff --git a/debian/control b/debian/control
index 8b1f384..3201c8e 100644
--- a/debian/control
+++ b/debian/control
@@ -39,7 +39,7 @@ XSBC-Original-Uploaders: Mark Hymers <mhy@debian.org>,
Sam Hartman <hartmans@debian.org>,
Bernhard Schmidt <berni@debian.org>
Bugs: mailto:maintainers@lists.progress-linux.org
-Standards-Version: 4.4.1
+Standards-Version: 4.6.2
Homepage: http://www.freeradius.org/
Vcs-Browser: https://git.progress-linux.org/packages/graograman-backports/freeradius
Vcs-Git: https://git.progress-linux.org/packages/graograman-backports/freeradius
@@ -51,7 +51,6 @@ Architecture: any
Depends: freeradius-common,
freeradius-config,
libfreeradius3 (= ${binary:Version}),
- lsb-base,
${dist:Depends},
${misc:Depends},
${shlibs:Depends}
diff --git a/debian/freeradius-config.postinst b/debian/freeradius-config.postinst
index 2a8bc45..b230778 100644
--- a/debian/freeradius-config.postinst
+++ b/debian/freeradius-config.postinst
@@ -34,7 +34,7 @@ case "$1" in
ln -s ../sites-available/$site /etc/freeradius/3.0/sites-enabled/$site
fi
done
- for module in always attr_filter cache_eap chap detail detail.log \
+ for module in always attr_filter chap detail detail.log \
digest dynamic_clients eap echo exec expiration expr files \
linelog logintime mschap ntlm_auth pap passwd preprocess \
radutmp realm replicate soh sradutmp unix unpack utf8; do
diff --git a/debian/freeradius-redis.install b/debian/freeradius-redis.install
index 87c4ac5..7ae3dd0 100644
--- a/debian/freeradius-redis.install
+++ b/debian/freeradius-redis.install
@@ -1 +1,2 @@
usr/lib/freeradius/rlm_redis*.so
+usr/lib/freeradius/rlm_cache_redis*.so
diff --git a/debian/patches/0009-dhcp-sqlipool-Comment-out-mysql.patch b/debian/patches/0009-dhcp-sqlipool-Comment-out-mysql.patch
index 8e09238..c2ac785 100644
--- a/debian/patches/0009-dhcp-sqlipool-Comment-out-mysql.patch
+++ b/debian/patches/0009-dhcp-sqlipool-Comment-out-mysql.patch
@@ -2,6 +2,7 @@ From f39ef7f317a49c4e959bed7e9d954e473f49d602 Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@debian.org>
Date: Wed, 1 Oct 2014 16:38:16 -0400
Subject: dhcp sqlipool: Comment out mysql
+Forwarded: not-needed
So freeradius does not depend on freeradius-mysql
---
diff --git a/debian/patches/debian-local/0010-version.c-disable-openssl-version-check.patch b/debian/patches/debian-local/0010-version.c-disable-openssl-version-check.patch
index 82e8a9c..f983a9c 100644
--- a/debian/patches/debian-local/0010-version.c-disable-openssl-version-check.patch
+++ b/debian/patches/debian-local/0010-version.c-disable-openssl-version-check.patch
@@ -2,6 +2,7 @@ From 1b4e8e5751c417ba9d3788d264e76aba4f6baa12 Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@debian.org>
Date: Thu, 23 Oct 2014 21:44:03 -0400
Subject: version.c: disable openssl version check
+Forwarded: not-needed
For Debian we don't want to require that the built OpenSSL be the same
as the linked OpenSSL. Debian will be responsible for changing the
diff --git a/debian/patches/disable-dhcp-bydefault.diff b/debian/patches/disable-dhcp-bydefault.diff
deleted file mode 100644
index a76a085..0000000
--- a/debian/patches/disable-dhcp-bydefault.diff
+++ /dev/null
@@ -1,12 +0,0 @@
-diff a/raddb/all.mk b/raddb/all.mk
---- a/raddb/all.mk
-+++ b/raddb/all.mk
-@@ -8,7 +8,7 @@ DEFAULT_SITES := default inner-tunnel
- LOCAL_SITES := $(addprefix raddb/sites-enabled/,$(DEFAULT_SITES))
-
- DEFAULT_MODULES := always attr_filter cache_eap chap \
-- detail detail.log digest dhcp dynamic_clients eap \
-+ detail detail.log digest dynamic_clients eap \
- echo exec expiration expr files linelog logintime \
- mschap ntlm_auth pap passwd preprocess radutmp realm \
- replicate soh sradutmp unix unpack utf8
diff --git a/debian/patches/fix-intermediate-ca.patch b/debian/patches/fix-intermediate-ca.patch
deleted file mode 100644
index e4e1ffc..0000000
--- a/debian/patches/fix-intermediate-ca.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From aa5b642a3d6fed8663e5242d91884d25d14e9f53 Mon Sep 17 00:00:00 2001
-From: "Alan T. DeKok" <aland@freeradius.org>
-Date: Tue, 25 Oct 2022 08:59:53 -0400
-Subject: [PATCH] move partial chain set to after set cert store. Should fix
- #4753
-
----
- src/main/tls.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/main/tls.c b/src/main/tls.c
-index 118978b52a3f..8a6844f4939b 100644
---- a/src/main/tls.c
-+++ b/src/main/tls.c
-@@ -3987,14 +3987,15 @@ SSL_CTX *tls_init_ctx(fr_tls_server_conf_t *conf, int client, char const *chain_
- /*
- * Load the CAs we trust and configure CRL checks if needed
- */
--#if defined(X509_V_FLAG_PARTIAL_CHAIN)
-- X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), X509_V_FLAG_PARTIAL_CHAIN);
--#endif
- if (conf->ca_file || conf->ca_path) {
- if ((certstore = fr_init_x509_store(conf)) == NULL ) return NULL;
- SSL_CTX_set_cert_store(ctx, certstore);
- }
-
-+#if defined(X509_V_FLAG_PARTIAL_CHAIN)
-+ X509_STORE_set_flags(SSL_CTX_get_cert_store(ctx), X509_V_FLAG_PARTIAL_CHAIN);
-+#endif
-+
- if (conf->ca_file && *conf->ca_file) SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(conf->ca_file));
-
- conf->ca_path_last_reload = time(NULL);
diff --git a/debian/patches/fix-ttls-mschapv2.patch b/debian/patches/fix-ttls-mschapv2.patch
deleted file mode 100644
index 17581e4..0000000
--- a/debian/patches/fix-ttls-mschapv2.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 0812bc1768cedc420adc03e86893d798fa19e872 Mon Sep 17 00:00:00 2001
-From: "Alan T. DeKok" <aland@freeradius.org>
-Date: Wed, 1 Feb 2023 14:38:53 -0500
-Subject: [PATCH] be more careful about session established. Fixes #4878
-
----
- src/main/tls.c | 13 +++++++++----
- 1 file changed, 9 insertions(+), 4 deletions(-)
-
-diff --git a/src/main/tls.c b/src/main/tls.c
-index 5ca2f5fed250..4f34d70faccc 100644
---- a/src/main/tls.c
-+++ b/src/main/tls.c
-@@ -5338,7 +5338,13 @@ fr_tls_status_t tls_ack_handler(tls_session_t *ssn, REQUEST *request)
- return FR_TLS_FAIL;
-
- case handshake:
-- if ((ssn->is_init_finished) && (ssn->dirty_out.used == 0)) {
-+ if (ssn->dirty_out.used > 0) {
-+ RDEBUG2("(TLS) Peer ACKed our handshake fragment");
-+ /* Fragmentation handler, send next fragment */
-+ return FR_TLS_REQUEST;
-+ }
-+
-+ if (ssn->is_init_finished || SSL_is_init_finished(ssn->ssl)) {
- RDEBUG2("(TLS) Peer ACKed our handshake fragment. handshake is finished");
-
- /*
-@@ -5350,9 +5356,8 @@ fr_tls_status_t tls_ack_handler(tls_session_t *ssn, REQUEST *request)
- return FR_TLS_SUCCESS;
- } /* else more data to send */
-
-- RDEBUG2("(TLS) Peer ACKed our handshake fragment");
-- /* Fragmentation handler, send next fragment */
-- return FR_TLS_REQUEST;
-+ REDEBUG("(TLS) Cannot continue, as the peer is misbehaving.");
-+ return FR_TLS_FAIL;
-
- case application_data:
- RDEBUG2("(TLS) Peer ACKed our application data fragment");
diff --git a/debian/patches/series b/debian/patches/series
index 14a05e3..816e30a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,6 +5,3 @@ debian-local/0001-Rename-radius-to-freeradius.patch
debian-local/0010-version.c-disable-openssl-version-check.patch
dont-install-tests.diff
snakeoil-certs.diff
-#python_config_script_update.diff
-#fix-ttls-mschapv2.patch
-#fix-intermediate-ca.patch
diff --git a/debian/patches/snakeoil-certs.diff b/debian/patches/snakeoil-certs.diff
index 447b329..483527b 100644
--- a/debian/patches/snakeoil-certs.diff
+++ b/debian/patches/snakeoil-certs.diff
@@ -32,8 +32,8 @@ Forwarded: not-needed
- ca_file = ${cadir}/ca.pem
+ ca_file = /etc/ssl/certs/ca-certificates.crt
- # OpenSSL will automatically create certificate chains,
- # unless we tell it to not do that. The problem is that
+ #
+ # Directory where multiple CAs are stored. Both
--- a/raddb/mods-available/inner-eap
+++ b/raddb/mods-available/inner-eap
@@ -59,7 +59,7 @@