The substring "release_" does not reflect the version number.
In addition, package names will be shorter.
(backported from commit 11aa0b9)
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
This meta-package contains only dependencies for modules needed in
FreeRADIUS default configuration.
This commit adds missing description and install sections.
(backported from commit 7737abf)
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
Canonical radtest start results in an error:
$ radtest bob hello localhost 0 testing123
/usr/bin/radtest: line 1: hostname: not found
(0) Error parsing "stdin": Failed to get value
hostname command is not present in OpenWrt.
Instead, hostname can be obtained from file /proc/sys/kernel/hostname.
added: 005-get-hostname-from-proc-in-radtest.patch
(backported from commit 8b2792a)
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
radtest utility is used in many manuals to check the operation of
radius server.
At the moment all parameters must be specified at startup, for example:
$ radtest bob hello localhost 0 testing123 0 localhost
(backported from commit 6480acd)
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
Config files
/etc/freeradius3/policy.d/accounting
/etc/freeradius3/policy.d/filter
/etc/freeradius3/proxy.conf
/etc/freeradius3/sites-available/default
and link
/etc/freeradius3/sites-enabled/default
are in the freeradius3 package and are mentioned in the main config file
/etc/freeradius3/radiusd.conf
Thus, they must be explicitly specified in the Makefile.
File
/etc/freeradius3/sites/default
is not included in the package, is not created during installation,
is not mentioned in the main config file and should therefore be excluded
from the Makefile.
Signed-off-by: Alexey Dobrovolsky <dobrovolskiy.alexey@gmail.com>
(cherry picked from commit f6974b8f3c)
This updates the include paths for python(3)-package.mk to be relative
to the package Makefile. If not, in certain cases this will print errors
like the following one:
ERROR: please fix feeds/openwrt/net/freeradius3/Makefile
- see logs/feeds/openwrt/net/freeradius3/dump.txt for details
In the dump.txt there is the following:
Makefile:42: /mylocalpath/feeds/packages/lang/python/python3-package.mk: No such file or directory
make[1]: *** No rule to make target '/mylocalpath/feeds/packages/lang/python/python3-package.mk'. Stop.
The relative path is used already in 19.07 for most of the packages, and
has been updated for the packages at hand in master as well:
302f4d17e3 ("libmraa,libupm: Disable default Python package build recipe")
1bc2f4f3c6 ("treewide: Remove Python variants for non-Python packages")
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
To use eap tls, 'tmpdir' must be created before server starts.
This 'tmpdir' is used to store and verify client certificate,
and therefore radiusd do 'chmod go-rwx'.
If 'tmpdir' does NOT exists, server failed to start and default
'tmpdir' is '/tmp/radiusd'. So init script MUST create default
'tmpdir' like other directories.
Signed-off-by: Eiji MATSUMOTO <toudaiman@gmail.com>
It was provided by both the freeradius3 and freeradius3-mod-realm packages.
Now provided by the freeradius3 package only.
Signed-off-by: Robby K <robbyke@gmail.com>
Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185).
Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius:
bf1a1eda23a3c46544b3
Signed-off-by: Robby K <robbyke@gmail.com>
This applies a patch from upstream that avoids a call to ENGINE_cleanup
when the openssl library was built without engine support.
A workaround for a missing header check was used to silence a warning
about the implicit definition of RAND_load_file. A proper fix has been
merged upstream as well.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
- Moves /etc/freeradius3/sites-{enabled,available}/inner-tunnel to be part of
the freeradius3-mod-eap package. This prevents conflicts between
freeradius3-mod-eap-peap and freeradius3-mod-eap-ttls which both included the
file before. This fixes LEDE bug FS#678.
- Change the demo cert validity to be 1 year instead of 60 days. Should keep the
cert valid for the duration of the LEDE release cycle (with some slack). This
fixes#4239.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
The lack of LDAP support was one of the things which prevented users
from migrating from freeradius2 to freeradius3.
Enable LDAP in freeradius3 so we can finally burry freeradius2.
Reported-by: Martin Mueller <mm@sig21.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
This fixes two issues with the freeradius package init scripts:
- The package installs libraries in /usr/lib/freeradius{2,3}, but the
musl dynamic linker won't find them there unless LD_LIBRARY_PATH is
set to include this directory. This adds an appropriate env statement
to the procd init setup.
- procd expects services to stay in the foreground, or it will be unable
to properly shut them down again. This adds the -f flag to radiusd to
achieve that.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
freeradius-server version 2.x has been marked End-Of-Life.
This commit adds freeradius-server version 3.0.11 in a new package.
This commit also introduces the option "freeradius3-default"
which activate all modules needed to run radiusd with its default
configuration.
- rlm_digest (HTTP Digest Authentication) has been added
- rlm_unix (System Authentication) has been added
- rlm_attr_rewrite has been deleted
Note that SQL and LDAP support has been disabled.
Signed-off-by: Lucile Quirion <lucile.quirion@savoirfairelinux.com>
