diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile index cd99a1e8e..85a1ae346 100644 --- a/net/freeradius3/Makefile +++ b/net/freeradius3/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=freeradius3 -PKG_VERSION:=release_3_0_20 -PKG_RELEASE:=4 +PKG_VERSION:=release_3_0_21 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive -PKG_HASH:=8177fe550af6685a040884dbe3df28431bdc5a8d3a48a9f4f88bdb49f2d0e90c +PKG_HASH:=b2014372948a92f86cfe2cf43c58ef47921c03af05666eb9d6416bdc6eeaedc2 PKG_MAINTAINER:= PKG_LICENSE:=GPL-2.0 @@ -77,9 +77,9 @@ define Package/freeradius3-default +freeradius3-mod-eap-md5 \ +freeradius3-mod-eap-mschapv2 \ +freeradius3-mod-eap-peap \ ++freeradius3-mod-eap-pwd \ +freeradius3-mod-eap-tls \ +freeradius3-mod-eap-ttls \ -+freeradius3-mod-eap-pwd \ +freeradius3-mod-exec \ +freeradius3-mod-expiration \ +freeradius3-mod-expr \ @@ -100,6 +100,39 @@ define Package/freeradius3-democerts TITLE:=Demo certificates to test the server endef +define Package/freeradius3-mod-always + $(call Package/freeradius3/Default) + DEPENDS:=freeradius3 + TITLE:=Always module +endef + +define Package/freeradius3-mod-always/conffiles +/etc/freeradius3/mods-available/always +/etc/freeradius3/mods-enabled/always +endef + +define Package/freeradius3-mod-attr-filter + $(call Package/freeradius3/Default) + DEPENDS:=freeradius3 + TITLE:=ATTR filter module +endef + +define Package/freeradius3-mod-attr-filter/conffiles +/etc/freeradius3/mods-available/attr_filter +/etc/freeradius3/mods-enabled/attr_filter +/etc/freeradius3/mods-config/attr_filter/access_challenge +/etc/freeradius3/mods-config/attr_filter/access_reject +/etc/freeradius3/mods-config/attr_filter/accounting_response +/etc/freeradius3/mods-config/attr_filter/post-proxy +/etc/freeradius3/mods-config/attr_filter/pre-proxy +endef + +define Package/freeradius3-mod-attr-rewrite + $(call Package/freeradius3/Default) + DEPENDS:=freeradius3 + TITLE:=ATTR rewrite module +endef + define Package/freeradius3-mod-chap $(call Package/freeradius3/Default) DEPENDS:=freeradius3 @@ -177,6 +210,12 @@ define Package/freeradius3-mod-eap-peap TITLE:=EAP/PEAP module endef +define Package/freeradius3-mod-eap-pwd + $(call Package/freeradius3/Default) + DEPENDS:=freeradius3-mod-eap @FREERADIUS3_OPENSSL + TITLE:=EAP/PWD module +endef + define Package/freeradius3-mod-eap-tls $(call Package/freeradius3/Default) DEPENDS:=freeradius3-mod-eap @FREERADIUS3_OPENSSL @@ -189,12 +228,6 @@ define Package/freeradius3-mod-eap-ttls TITLE:=EAP/TTLS module endef -define Package/freeradius3-mod-eap-pwd - $(call Package/freeradius3/Default) - DEPENDS:=freeradius3-mod-eap @FREERADIUS3_OPENSSL - TITLE:=EAP/PWD module -endef - define Package/freeradius3-mod-exec $(call Package/freeradius3/Default) DEPENDS:=freeradius3 @@ -217,17 +250,6 @@ define Package/freeradius3-mod-expiration/conffiles /etc/freeradius3/mods-enabled/expiration endef -define Package/freeradius3-mod-always - $(call Package/freeradius3/Default) - DEPENDS:=freeradius3 - TITLE:=Always module -endef - -define Package/freeradius3-mod-always/conffiles -/etc/freeradius3/mods-available/always -/etc/freeradius3/mods-enabled/always -endef - define Package/freeradius3-mod-expr $(call Package/freeradius3/Default) DEPENDS:=freeradius3 @@ -239,28 +261,6 @@ define Package/freeradius3-mod-expr/conffiles /etc/freeradius3/mods-enabled/expr endef -define Package/freeradius3-mod-attr-filter - $(call Package/freeradius3/Default) - DEPENDS:=freeradius3 - TITLE:=ATTR filter module -endef - -define Package/freeradius3-mod-attr-filter/conffiles -/etc/freeradius3/mods-available/attr_filter -/etc/freeradius3/mods-enabled/attr_filter -/etc/freeradius3/mods-config/attr_filter/access_challenge -/etc/freeradius3/mods-config/attr_filter/access_reject -/etc/freeradius3/mods-config/attr_filter/accounting_response -/etc/freeradius3/mods-config/attr_filter/post-proxy -/etc/freeradius3/mods-config/attr_filter/pre-proxy -endef - -define Package/freeradius3-mod-attr-rewrite - $(call Package/freeradius3/Default) - DEPENDS:=freeradius3 - TITLE:=ATTR rewrite module -endef - define Package/freeradius3-mod-files $(call Package/freeradius3/Default) DEPENDS:=freeradius3 @@ -275,17 +275,6 @@ define Package/freeradius3-mod-files/conffiles /etc/freeradius3/mods-config/files/pre-proxy endef -define Package/freeradius3-mod-passwd - $(call Package/freeradius3/Default) - DEPENDS:=freeradius3 - TITLE:=Rlm passwd module -endef - -define Package/freeradius3-mod-passwd/conffiles -/etc/freeradius3/mods-available/passwd -/etc/freeradius3/mods-enabled/passwd -endef - define Package/freeradius3-mod-ldap $(call Package/freeradius3/Default) DEPENDS:=freeradius3 +libopenldap @FREERADIUS3_OPENSSL @@ -329,6 +318,17 @@ define Package/freeradius3-mod-pap/conffiles /etc/freeradius3/mods-enabled/pap endef +define Package/freeradius3-mod-passwd + $(call Package/freeradius3/Default) + DEPENDS:=freeradius3 + TITLE:=Rlm passwd module +endef + +define Package/freeradius3-mod-passwd/conffiles +/etc/freeradius3/mods-available/passwd +/etc/freeradius3/mods-enabled/passwd +endef + define Package/freeradius3-mod-preprocess $(call Package/freeradius3/Default) DEPENDS:=freeradius3 @@ -352,6 +352,19 @@ define Package/freeradius3-mod-python3/conffiles /etc/freeradius3/mods-available/python3 endef +define Package/freeradius3-mod-radutmp + $(call Package/freeradius3/Default) + DEPENDS:=freeradius3 + TITLE:=Radius UTMP module +endef + +define Package/freeradius3-mod-radutmp/conffiles +/etc/freeradius3/mods-available/radutmp +/etc/freeradius3/mods-enabled/radutmp +/etc/freeradius3/mods-available/sradutmp +/etc/freeradius3/mods-enabled/sradutmp +endef + define Package/freeradius3-mod-realm $(call Package/freeradius3/Default) DEPENDS:=freeradius3 @@ -363,6 +376,16 @@ define Package/freeradius3-mod-realm/conffiles /etc/freeradius3/mods-enabled/realm endef +define Package/freeradius3-mod-rest + $(call Package/freeradius3/Default) + DEPENDS:=freeradius3 +libcurl +libjson-c + TITLE:=Radius REST module +endef + +define Package/freeradius3-mod-rest/conffiles +/etc/freeradius3/mods-available/rest +endef + define Package/freeradius3-mod-sql $(call Package/freeradius3/Default) DEPENDS:=freeradius3 @@ -433,19 +456,6 @@ define Package/freeradius3-mod-sqlippool/conffiles /etc/freeradius3/mods-available/sqlippool endef -define Package/freeradius3-mod-radutmp - $(call Package/freeradius3/Default) - DEPENDS:=freeradius3 - TITLE:=Radius UTMP module -endef - -define Package/freeradius3-mod-radutmp/conffiles -/etc/freeradius3/mods-available/radutmp -/etc/freeradius3/mods-enabled/radutmp -/etc/freeradius3/mods-available/sradutmp -/etc/freeradius3/mods-enabled/sradutmp -endef - define Package/freeradius3-mod-unix $(call Package/freeradius3/Default) DEPENDS:=freeradius3 @@ -457,16 +467,6 @@ define Package/freeradius3-mod-unix/conffiles /etc/freeradius3/mods-enabled/unix endef -define Package/freeradius3-mod-rest - $(call Package/freeradius3/Default) - DEPENDS:=freeradius3 +libcurl +libjson-c - TITLE:=Radius REST module -endef - -define Package/freeradius3-mod-rest/conffiles -/etc/freeradius3/mods-available/rest -endef - define Package/freeradius3-utils $(call Package/freeradius3/Default) DEPENDS:=+freeradius3-common @@ -547,6 +547,16 @@ else CONFIGURE_ARGS+= --without-rlm_eap_peap endif +ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-eap-pwd),) + CONFIGURE_ARGS+= \ + --with-rlm_eap_pwd \ + --with-rlm_eap_pwd-include-dir="$(STAGING_DIR)/usr/include" \ + --with-rlm_eap_pwd-lib-dir="$(STAGING_DIR)/usr/lib" + CONFIGURE_LIBS+= -lcrypto -lssl +else + CONFIGURE_ARGS+= --without-rlm_eap_pwd +endif + ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-eap-tls),) CONFIGURE_ARGS+= \ --with-rlm_eap_tls \ @@ -567,29 +577,35 @@ else CONFIGURE_ARGS+= --without-rlm_eap_ttls endif -ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-eap-pwd),) - CONFIGURE_ARGS+= \ - --with-rlm_eap_pwd \ - --with-rlm_eap_pwd-include-dir="$(STAGING_DIR)/usr/include" \ - --with-rlm_eap_pwd-lib-dir="$(STAGING_DIR)/usr/lib" - CONFIGURE_LIBS+= -lcrypto -lssl +ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-ldap),) + CONFIGURE_ARGS+= --with-rlm_ldap \ + --with-rlm_ldap-include-dir="$(STAGING_DIR)/usr/include" \ + --with-rlm_ldap-lib-dir="$(STAGING_DIR)/usr/lib" else - CONFIGURE_ARGS+= --without-rlm_eap_pwd + CONFIGURE_ARGS+= --without-rlm_ldap endif ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-python3),) CFLAGS+= -fPIC CONFIGURE_ARGS+= \ --with-modules="rlm_python3" \ - --with-rlm-python3-include-dir="$(PYTHON3_INC_DIR)" \ - --with-rlm-python3-lib-dir="$(PYTHON3_LIB_DIR)" - CONFIGURE_VARS+= \ - OPENWRTTARGET_PY3_PREFIX="$(PYTHON3_DIR)" \ - OPENWRTTARGET_PY3_SYS_VERSION="$(PYTHON3_VERSION)" + --with-rlm-python3-config-bin="$(STAGING_DIR)/host/bin/python$(PYTHON3_VERSION)-config" else CONFIGURE_ARGS+= --without-rlm_python3 endif +ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-radutmp),) + CONFIGURE_ARGS+= --with-rlm_radutmp +else + CONFIGURE_ARGS+= --without-rlm_radutmp +endif + +ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-rest),) + CONFIGURE_ARGS+= --with-rlm_rest +else + CONFIGURE_ARGS+= --without-rlm_rest +endif + ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-sql),) CONFIGURE_ARGS+= --with-rlm_sql else @@ -628,33 +644,12 @@ else CONFIGURE_ARGS+= --without-rlm_sqlippool endif -ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-radutmp),) - CONFIGURE_ARGS+= --with-rlm_radutmp -else - CONFIGURE_ARGS+= --without-rlm_radutmp -endif - ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-unix),) CONFIGURE_ARGS+= --with-rlm_unix else CONFIGURE_ARGS+= --without-rlm_unix endif -ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-rest),) - CONFIGURE_ARGS+= --with-rlm_rest -else - CONFIGURE_ARGS+= --without-rlm_rest -endif - - -ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-ldap),) - CONFIGURE_ARGS+= --with-rlm_ldap \ - --with-rlm_ldap-include-dir="$(STAGING_DIR)/usr/include" \ - --with-rlm_ldap-lib-dir="$(STAGING_DIR)/usr/lib" -else - CONFIGURE_ARGS+= --without-rlm_ldap -endif - ifeq ($(CONFIG_USE_GLIBC),y) TARGET_CFLAGS+= -DLIBBSD_OVERLAY -I$(STAGING_DIR)/usr/include/bsd \ -D_RPC_NETDB_H @@ -764,15 +759,15 @@ $(eval $(call BuildPlugin,freeradius3-mod-attr-filter,rlm_attr_filter,)) $(eval $(call BuildPlugin,freeradius3-mod-chap,rlm_chap,)) $(eval $(call BuildPlugin,freeradius3-mod-detail,rlm_detail,)) $(eval $(call BuildPlugin,freeradius3-mod-digest,rlm_digest,)) +$(eval $(call BuildPlugin,freeradius3-mod-eap,rlm_eap,)) $(eval $(call BuildPlugin,freeradius3-mod-eap-gtc,rlm_eap_gtc,)) $(eval $(call BuildPlugin,freeradius3-mod-eap-leap,rlm_eap_leap,)) $(eval $(call BuildPlugin,freeradius3-mod-eap-md5,rlm_eap_md5,)) $(eval $(call BuildPlugin,freeradius3-mod-eap-mschapv2,rlm_eap_mschapv2,)) $(eval $(call BuildPlugin,freeradius3-mod-eap-peap,rlm_eap_peap,)) -$(eval $(call BuildPlugin,freeradius3-mod-eap,rlm_eap,)) +$(eval $(call BuildPlugin,freeradius3-mod-eap-pwd,rlm_eap_pwd,)) $(eval $(call BuildPlugin,freeradius3-mod-eap-tls,rlm_eap_tls,)) $(eval $(call BuildPlugin,freeradius3-mod-eap-ttls,rlm_eap_ttls,)) -$(eval $(call BuildPlugin,freeradius3-mod-eap-pwd,rlm_eap_pwd,)) $(eval $(call BuildPlugin,freeradius3-mod-exec,rlm_exec,)) $(eval $(call BuildPlugin,freeradius3-mod-expiration,rlm_expiration,)) $(eval $(call BuildPlugin,freeradius3-mod-expr,rlm_expr,)) @@ -786,6 +781,7 @@ $(eval $(call BuildPlugin,freeradius3-mod-preprocess,rlm_preprocess,)) $(eval $(call BuildPlugin,freeradius3-mod-python3,rlm_python3,)) $(eval $(call BuildPlugin,freeradius3-mod-radutmp,rlm_radutmp,)) $(eval $(call BuildPlugin,freeradius3-mod-realm,rlm_realm,)) +$(eval $(call BuildPlugin,freeradius3-mod-rest,rlm_rest,)) $(eval $(call BuildPlugin,freeradius3-mod-sql,rlm_sql,)) $(eval $(call BuildPlugin,freeradius3-mod-sql-mysql,rlm_sql_mysql,)) $(eval $(call BuildPlugin,freeradius3-mod-sql-null,rlm_sql_null,)) @@ -794,5 +790,4 @@ $(eval $(call BuildPlugin,freeradius3-mod-sql-sqlite,rlm_sql_sqlite,)) $(eval $(call BuildPlugin,freeradius3-mod-sqlcounter,rlm_sqlcounter,)) $(eval $(call BuildPlugin,freeradius3-mod-sqlippool,rlm_sqlippool,)) $(eval $(call BuildPlugin,freeradius3-mod-unix,rlm_unix,)) -$(eval $(call BuildPlugin,freeradius3-mod-rest,rlm_rest,)) $(eval $(call BuildPackage,freeradius3-utils)) diff --git a/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch b/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch index a96964fec..559119ddc 100644 --- a/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch +++ b/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch @@ -3,7 +3,7 @@ Description: disable session caching in the server (as opposed to in the https://security-tracker.debian.org/tracker/CVE-2017-9148 Author: Michael Stapelberg Forwarded: not-needed -Last-Update: 2020-01-24 +Last-Update: 2020-04-28 --- @@ -18,7 +18,7 @@ Last-Update: 2020-01-24 return state; } -@@ -3292,7 +3292,7 @@ post_ca: +@@ -3332,7 +3332,7 @@ post_ca: /* * Callbacks, etc. for session resumption. */ @@ -27,7 +27,7 @@ Last-Update: 2020-01-24 /* * Cache sessions on disk if requested. */ -@@ -3362,7 +3362,7 @@ post_ca: +@@ -3402,7 +3402,7 @@ post_ca: /* * Setup session caching */ @@ -36,7 +36,7 @@ Last-Update: 2020-01-24 /* * Create a unique context Id per EAP-TLS configuration. */ -@@ -3531,7 +3531,7 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs) +@@ -3571,7 +3571,7 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs) goto error; } diff --git a/net/freeradius3/patches/004-fix-target-python-header-detection.patch b/net/freeradius3/patches/004-fix-target-python-header-detection.patch deleted file mode 100644 index c1f1c74f9..000000000 --- a/net/freeradius3/patches/004-fix-target-python-header-detection.patch +++ /dev/null @@ -1,40 +0,0 @@ ---- a/src/modules/rlm_python3/configure -+++ b/src/modules/rlm_python3/configure -@@ -2928,15 +2928,15 @@ fi - - - if test x$fail = x; then -- PY_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.prefix)'` -+ PY_PREFIX="$OPENWRTTARGET_PY3_PREFIX" - { $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.prefix \"${PY_PREFIX}\"" >&5 - $as_echo "$as_me: Python sys.prefix \"${PY_PREFIX}\"" >&6;} - -- PY_EXEC_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.exec_prefix)'` -+ PY_EXEC_PREFIX="$OPENWRTTARGET_PY3_PREFIX" - { $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"" >&5 - $as_echo "$as_me: Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"" >&6;} - -- PY_SYS_VERSION=`${PYTHON3_BIN} -c 'import sys ; print(sys.version[0:3])'` -+ PY_SYS_VERSION="$OPENWRTTARGET_PY3_SYS_VERSION" - { $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.version \"${PY_SYS_VERSION}\"" >&5 - $as_echo "$as_me: Python sys.version \"${PY_SYS_VERSION}\"" >&6;} - ---- a/src/modules/rlm_python3/configure.ac -+++ b/src/modules/rlm_python3/configure.ac -@@ -65,13 +65,13 @@ if test x$with_[]modname != xno; then - ) - - if test x$fail = x; then -- PY_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.prefix)'` -+ PY_PREFIX="$OPENWRTTARGET_PY3_PREFIX" - AC_MSG_NOTICE([Python sys.prefix \"${PY_PREFIX}\"]) - -- PY_EXEC_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.exec_prefix)'` -+ PY_EXEC_PREFIX="$OPENWRTTARGET_PY3_PREFIX" - AC_MSG_NOTICE([Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"]) - -- PY_SYS_VERSION=`${PYTHON3_BIN} -c 'import sys ; print(sys.version[[0:3]])'` -+ PY_SYS_VERSION="$OPENWRTTARGET_PY3_SYS_VERSION" - AC_MSG_NOTICE([Python sys.version \"${PY_SYS_VERSION}\"]) - - if test "x$PY_LIB_DIR" = "x"; then