aboutsummaryrefslogtreecommitdiffstats
path: root/main/freeradius
diff options
context:
space:
mode:
Diffstat (limited to 'main/freeradius')
-rw-r--r--main/freeradius/APKBUILD169
-rw-r--r--main/freeradius/CVE-2014-2015.patch35
-rw-r--r--main/freeradius/freeradius.initd2
-rw-r--r--main/freeradius/freeradius.pre-install4
4 files changed, 152 insertions, 58 deletions
diff --git a/main/freeradius/APKBUILD b/main/freeradius/APKBUILD
index 0096c10311..0ebc281505 100644
--- a/main/freeradius/APKBUILD
+++ b/main/freeradius/APKBUILD
@@ -1,46 +1,55 @@
# Contributor: Natanael Copa <ncopa@alpinelinux.org>
# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
pkgname=freeradius
-pkgver=2.2.0
-pkgrel=7
+pkgver=2.2.3
+pkgrel=5
pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server"
url="http://freeradius.org/"
arch="all"
license="GPL"
-depends="freeradius-radclient"
-makedepends="openssl-dev pth-dev mysql-dev postgresql-dev gdbm-dev readline-dev
+depends="freeradius-radclient freeradius-lib"
+makedepends="openssl-dev mysql-dev postgresql-dev gdbm-dev readline-dev
bash libtool autoconf automake perl-dev python-dev openldap-dev
- unixodbc-dev linux-pam-dev"
-pkggroups="radiusd"
-pkgusers="radiusd"
+ unixodbc-dev linux-pam-dev sqlite-dev"
+pkggroups="radius"
+pkgusers="radius"
install="freeradius.pre-install"
-subpackages="$pkgname-doc $pkgname-dev $pkgname-ldap $pkgname-lib
- $pkgname-mssql $pkgname-mysql $pkgname-oracle $pkgname-perl
- $pkgname-postgresql $pkgname-python $pkgname-radclient
- $pkgname-unixodbc $pkgname-pam"
+subpackages="$pkgname-doc $pkgname-dev $pkgname-dbg $pkgname-ldap $pkgname-lib
+ $pkgname-mssql $pkgname-mysql $pkgname-oracle $pkgname-perl
+ $pkgname-postgresql $pkgname-python $pkgname-radclient $pkgname-sqlite
+ $pkgname-unixodbc $pkgname-pam $pkgname-webif $pkgname-webif-doc"
source="ftp://ftp.freeradius.org/pub/freeradius/$pkgname-server-$pkgver.tar.gz
freeradius.confd
freeradius.initd
+ CVE-2014-2015.patch
"
_builddir="$srcdir"/$pkgname-server-$pkgver
prepare() {
cd "$_builddir"
-# for i in ../*.patch; do
-# msg "Applying $i"
-# patch -p1 -i $i || return 1
-# done
-
+ for i in $source; do
+ case $i in
+ *.patch)
+ msg "Applying $i"
+ patch -p1 -i "$srcdir"/$i || return 1
+ ;;
+ esac
+ done
+ update_config_sub || return 1
+
# we dont have libnsl
sed -i 's/nsl, //g' configure.in || return 1
-
+
# Fix compilation with heimdal >= 1.3.1
sed -i 's/ -DKRB5_DEPRECATED//' src/modules/rlm_krb5/Makefile.in || return 1
# Fix default config
sed -i 's%run_dir = .*%run_dir = \$\{localstatedir\}/run/radius%' \
raddb/radiusd.conf.in || return 1
+ # disable directive that pulls in freeradius-mysql package
+ sed -i 's%$INCLUDE ${confdir}/sql/mysql/ippool-dhcp.conf%#$INCLUDE ${confdir}/sql/mysql/ippool-dhcp.conf%' \
+ raddb/modules/dhcp_sqlippool || return 1
rm -f libtool.m4
libtoolize --force -c || return 1
@@ -49,11 +58,14 @@ prepare() {
build() {
cd "$_builddir"
- ./configure --prefix=/usr \
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
--sysconfdir=/etc \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
- --localstatedir=/var \
+ --localstatedir=/var \
--libdir=/usr/lib/freeradius \
--disable-static \
--enable-shared \
@@ -61,26 +73,36 @@ build() {
--with-system-libtool \
--with-system-libltdl \
--with-udpfromto \
+ --with-experimental-modules \
+ --with-rlm_sql_sqlite \
+ --without-rlm_sql_oracle \
+ --without-rlm_sql_iodbc \
+ --without-rlm_sql_firebird \
+ --without-rlm_sql_db2 \
+ --without-rlm_ruby \
+ --without-rlm_rediswho \
+ --without-rlm_redis \
+ --without-rlm_krb5 \
|| return 1
# * workaround parallel build issue
# * add -lssl to fix:
# radiusd: symbol 'SSL_set_ex_data': can't resolve symbol in lib
# '/usr/lib/freeradius/libfreeradius-eap-2.1.10.so'.
- make LDFLAGS="$LDFLAGS -lssl" LIBTOOL="$PWD/libtool" -j1 || return 1
+ make LDFLAGS="$LDFLAGS -lssl" LIBTOOL="$PWD/libtool" || return 1
}
package() {
cd "$_builddir"
- install -d -m0750 -o root -g radiusd "$pkgdir"/etc/raddb
- install -d -m0770 -o root -g radiusd "$pkgdir"/var/run/radius
- install -d -m0750 -o root -g radiusd "$pkgdir"/var/log/radius
- install -d -m0750 -o root -g radiusd "$pkgdir"/var/log/radius/radacct
+ install -d -m0750 -o root -g radius "$pkgdir"/etc/raddb
+ install -d -m0750 -o radius -g radius "$pkgdir"/var/run/radius
+ install -d -m0750 -o radius -g radius "$pkgdir"/var/log/radius
+ install -d -m0750 -o radius -g radius "$pkgdir"/var/log/radius/radacct
make -j1 R="$pkgdir" LIBTOOL="$PWD/libtool" install
- sed -i -e 's:^#user *= *nobody:user = radiusd:;s:^#group *= *nobody:group = radiusd:' \
- "$pkgdir"/etc/raddb/radiusd.conf
- chown -R root:radiusd "$pkgdir"/etc/raddb/*
+ #sed -i -e 's:^#user *= *radius:user = radiusd:;s:^#group *= *radius:group = radiusd:' \
+ # "$pkgdir"/etc/raddb/radiusd.conf || exit 1
+ chown -R root:radius "$pkgdir"/etc/raddb/*
rm -f "$pkgdir/usr/sbin/rc.radiusd"
install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/radiusd
install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/radiusd
@@ -91,94 +113,131 @@ package() {
ldap() {
depends="freeradius"
mkdir -p $subpkgdir/etc/raddb
- mv $pkgdir/etc/raddb/ldap.attrmap $subpkgdir/etc/raddb
+ mv $pkgdir/etc/raddb/ldap.attrmap $subpkgdir/etc/raddb || exit 1
mkdir -p $subpkgdir/etc/raddb/modules
- mv $pkgdir/etc/raddb/modules/ldap $subpkgdir/etc/raddb/modules
+ mv $pkgdir/etc/raddb/modules/ldap $subpkgdir/etc/raddb/modules || exit 1
mkdir -p $subpkgdir/usr/lib/freeradius
- mv $pkgdir/usr/lib/freeradius/rlm_ldap* $subpkgdir/usr/lib/freeradius
+ mv $pkgdir/usr/lib/freeradius/rlm_ldap* $subpkgdir/usr/lib/freeradius || exit 1
}
lib() {
replaces="freeradius"
depends=""
mkdir -p $subpkgdir/usr/lib/freeradius $subpkgdir/etc/raddb \
- $subpkgdir/usr/share
- mv $pkgdir/usr/lib/freeradius/libfreeradius-radius-${pkgver}.so \
- $subpkgdir/usr/lib/freeradius
- mv $pkgdir/etc/raddb/dictionary $subpkgdir/etc/raddb/dictionary
- mv $pkgdir/usr/share/freeradius $subpkgdir/usr/share/freeradius
+ $subpkgdir/usr/share || exit 1
+ mv $pkgdir/usr/lib/freeradius/libfreeradius-*.so \
+ $subpkgdir/usr/lib/freeradius || exit 1
+ mv $pkgdir/etc/raddb/dictionary $subpkgdir/etc/raddb/dictionary || exit 1
+ mv $pkgdir/usr/share/freeradius $subpkgdir/usr/share/freeradius || exit 1
}
mysql() {
depends="freeradius"
mkdir -p $subpkgdir/etc/raddb/sql
- mv $pkgdir/etc/raddb/sql/mysql $subpkgdir/etc/raddb/sql
- mv $pkgdir/etc/raddb/sql/ndb $subpkgdir/etc/raddb/sql
+ mv $pkgdir/etc/raddb/sql/mysql $subpkgdir/etc/raddb/sql || exit 1
+ mv $pkgdir/etc/raddb/sql/ndb $subpkgdir/etc/raddb/sql || exit 1
mkdir -p $subpkgdir/usr/lib/freeradius
- mv $pkgdir/usr/lib/freeradius/rlm_sql_mysql* $subpkgdir/usr/lib/freeradius
+ mv $pkgdir/usr/lib/freeradius/rlm_sql_mysql* $subpkgdir/usr/lib/freeradius || exit 1
}
mssql() {
depends="freeradius"
arch="noarch"
mkdir -p $subpkgdir/etc/raddb/sql
- mv $pkgdir/etc/raddb/sql/mssql $subpkgdir/etc/raddb/sql
+ mv $pkgdir/etc/raddb/sql/mssql $subpkgdir/etc/raddb/sql || exit 1
}
oracle() {
depends="freeradius"
arch="noarch"
mkdir -p $subpkgdir/etc/raddb/sql
- mv $pkgdir/etc/raddb/sql/oracle $subpkgdir/etc/raddb/sql
+ mv $pkgdir/etc/raddb/sql/oracle $subpkgdir/etc/raddb/sql || exit 1
}
perl() {
depends="freeradius perl"
mkdir -p $subpkgdir/usr/lib/freeradius
- mv $pkgdir/usr/lib/freeradius/rlm_perl* $subpkgdir/usr/lib/freeradius
+ mv $pkgdir/usr/lib/freeradius/rlm_perl* $subpkgdir/usr/lib/freeradius || exit 1
mkdir -p $subpkgdir/usr/bin
- mv $pkgdir/usr/sbin/checkrad $subpkgdir/usr/bin/checkrad
+ mv $pkgdir/usr/sbin/checkrad $subpkgdir/usr/bin/checkrad || exit 1
mkdir -p $subpkgdir/etc/raddb/modules
- mv $pkgdir/etc/raddb/modules/perl $subpkgdir/etc/raddb/modules/perl
+ mv $pkgdir/etc/raddb/modules/perl $subpkgdir/etc/raddb/modules/perl || exit 1
}
postgresql() {
depends="freeradius"
mkdir -p $subpkgdir/etc/raddb/sql
- mv $pkgdir/etc/raddb/sql/postgresql $subpkgdir/etc/raddb/sql
+ mv $pkgdir/etc/raddb/sql/postgresql $subpkgdir/etc/raddb/sql || exit 1
mkdir -p $subpkgdir/usr/lib/freeradius
- mv $pkgdir/usr/lib/freeradius/rlm_sql_postgresql* $subpkgdir/usr/lib/freeradius
+ mv $pkgdir/usr/lib/freeradius/rlm_sql_postgresql* $subpkgdir/usr/lib/freeradius || exit 1
}
python() {
depends="freeradius python"
mkdir -p $subpkgdir/usr/lib/freeradius
- mv $pkgdir/usr/lib/freeradius/rlm_python* $subpkgdir/usr/lib/freeradius
+ mv $pkgdir/usr/lib/freeradius/rlm_python* $subpkgdir/usr/lib/freeradius || exit 1
}
radclient() {
depends=""
mkdir -p $subpkgdir/usr/bin
- mv $pkgdir/usr/bin/radclient $subpkgdir/usr/bin/radclient
+ mv $pkgdir/usr/bin/radclient $subpkgdir/usr/bin/radclient || exit 1
+}
+
+sqlite() {
+ depends="freeradius"
+ mkdir -p $subpkgdir/usr/lib/freeradius
+ mv $pkgdir/usr/lib/freeradius/rlm_sql_sqlite* $subpkgdir/usr/lib/freeradius || exit 1
}
unixodbc() {
depends="freeradius"
mkdir -p $subpkgdir/usr/lib/freeradius
- mv $pkgdir/usr/lib/freeradius/rlm_sql_unixodbc* $subpkgdir/usr/lib/freeradius
+ mv $pkgdir/usr/lib/freeradius/rlm_sql_unixodbc* $subpkgdir/usr/lib/freeradius || exit 1
}
pam() {
depends="freeradius"
mkdir -p $subpkgdir/usr/lib/freeradius
- mv $pkgdir/usr/lib/freeradius/rlm_pam* $subpkgdir/usr/lib/freeradius
+ mv $pkgdir/usr/lib/freeradius/rlm_pam* $subpkgdir/usr/lib/freeradius || exit 1
}
-md5sums="2e45d3c0d22ab14c560c7c3029893a8a freeradius-server-2.2.0.tar.gz
+
+webif() {
+ depends="php"
+ pkgdesc="Dialupadmin interface for FreeRADIUS"
+ arch="noarch"
+ mkdir -p $subpkgdir/usr/share/webapps/dialupadmin
+ mkdir -p $subpkgdir/usr/share/doc/freeradius/dialupadmin
+ mkdir -p $subpkgdir/etc/raddb/dialupadmin
+ for dir in bin htdocs html lib sql;
+ do
+ mv $_builddir/dialup_admin/$dir \
+ $subpkgdir/usr/share/webapps/dialupadmin || exit 1
+ done
+ mkdir -p $subpkgdir-doc/usr/share/doc/freeradius/dialupadmin
+ mv $_builddir/dialup_admin/doc/* \
+ $subpkgdir-doc/usr/share/doc/freeradius/dialupadmin || exit 1
+ mv $_builddir/dialup_admin/README \
+ $subpkgdir-doc/usr/share/doc/freeradius/dialupadmin || exit 1
+ mv $_builddir/dialup_admin/conf/* $subpkgdir/etc/raddb/dialupadmin || exit 1
+ for file in $(ls $subpkgdir/usr/share/webapps/dialupadmin/bin)
+ do
+ sed -i "s|/usr/local/dialup_admin/conf|/etc/raddb/dialupadmin|g" \
+ $subpkgdir/usr/share/webapps/dialupadmin/bin/$file
+ sed -i "s|/data/local/dialupadmin/conf|/etc/raddb/dialupadmin|g" \
+ $subpkgdir/usr/share/webapps/dialupadmin/bin/$file
+ done
+}
+
+md5sums="3186e75882c5aaed699da55be10511fe freeradius-server-2.2.3.tar.gz
fc6693f3df5a0694610110287a28568a freeradius.confd
-5d83f40bd5c3a5d4e4a5f43c29e7f0da freeradius.initd"
-sha256sums="ac22eefe7bd7c1c2b4de28613e628fd3e9ccae08a00a103e5f75aac0927bf009 freeradius-server-2.2.0.tar.gz
+b3eefdfc466d80c241cd1bb11face405 freeradius.initd
+7dd09b1b0631f6bf126517e737c5e576 CVE-2014-2015.patch"
+sha256sums="3be1e132f243ac53a7d35e0710bd116e8e126b64a1fc1198034195355072f593 freeradius-server-2.2.3.tar.gz
2d5b3e1af1299373182f2c8021bdf45c29db5d82b0a077b965a16ded32cb6292 freeradius.confd
-78b1de6399f99c16f761700024bcf171557a64060ef4801b04b65886fb2d365d freeradius.initd"
-sha512sums="8652d27a292c3a8627c13b0bf12b829d3f2c50d82ed85eb342d1ec5c84ceabf8963907d50464a5907d2934f1b069a491411b1d5129efaaecefe4a30251b2b607 freeradius-server-2.2.0.tar.gz
+719bbe4a44df60e76f68d327f7ee70d4dfd6a95e51f9cb01f850cd4ed153f9de freeradius.initd
+d70b898811cbbb9d77d9863a7ba9b243b9782bdc767b586e4e9b8787558f1072 CVE-2014-2015.patch"
+sha512sums="d51208d9926872292ef333bcf4e556a7fd06ac78def846c620422258c18ab77f98a22459a78bb92a35e684469d167a018ba2d47d894c32c7368a57e79fba9ede freeradius-server-2.2.3.tar.gz
e248159c0a44f722e405c51c8015d9ad672e42ad0d38ca28f8a051ff911aa4d3e630b9bd4543e9d610940bc4ae50c022594e219ce341b36abe85c572acad418b freeradius.confd
-34c98c4ccded62aaa4a7539a9139288f7c39dbd8b6ca816c92cf6b0ae7546f81aa6c529dea943af5d8958cac2aad3d368a90f455ceaef725fce9fe5ef0cee84d freeradius.initd"
+57f12f06ef9112817204dec4ab2591bcd4baf3c8a033afadb2376e115911f76045c70b7a2c80b294a83dac4e05b1ff22335a3bcc9af1c0760682622ab2cdbd31 freeradius.initd
+62d98d8316e147d57de9ac05c05c9703c08bd23e294b95827c58fe976cb3bc5ce040d9e310ada552cb2350dde9e9e2c97e2160210cc1ab5d1ce35889000d7951 CVE-2014-2015.patch"
diff --git a/main/freeradius/CVE-2014-2015.patch b/main/freeradius/CVE-2014-2015.patch
new file mode 100644
index 0000000000..fbd5ff0833
--- /dev/null
+++ b/main/freeradius/CVE-2014-2015.patch
@@ -0,0 +1,35 @@
+From 0d606cfc29ab2e91764854e733d4525e6c667eb9 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Thu, 13 Feb 2014 09:29:35 -0500
+Subject: [PATCH] Increase buffer size. Use output buffer size as limit for
+ hex2bin
+
+---
+ src/modules/rlm_pap/rlm_pap.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
+index 8ef2152..1492a44 100644
+--- a/src/modules/rlm_pap/rlm_pap.c
++++ b/src/modules/rlm_pap/rlm_pap.c
+@@ -247,7 +247,7 @@ static int base64_decode (const char *src, uint8_t *dst)
+ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
+ {
+ size_t decoded;
+- uint8_t buffer[64];
++ uint8_t buffer[256];
+
+ if (min_length >= sizeof(buffer)) return; /* paranoia */
+
+@@ -255,7 +255,7 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
+ * Hex encoding.
+ */
+ if (vp->length >= (2 * min_length)) {
+- decoded = fr_hex2bin(vp->vp_strvalue, buffer, vp->length >> 1);
++ decoded = fr_hex2bin(vp->vp_strvalue, buffer, sizeof(buffer));
+ if (decoded == (vp->length >> 1)) {
+ RDEBUG2("Normalizing %s from hex encoding", vp->name);
+ memcpy(vp->vp_octets, buffer, decoded);
+--
+1.8.5.5
+
diff --git a/main/freeradius/freeradius.initd b/main/freeradius/freeradius.initd
index 8f9bbaa33b..2fd6d55c2a 100644
--- a/main/freeradius/freeradius.initd
+++ b/main/freeradius/freeradius.initd
@@ -44,7 +44,7 @@ checkconfig() {
#radius.log is created before privileges drop; we need to set proper permissions on it
[ -f radius.log ] || touch radius.log || return 1
- chown -R "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" . /var/run/radiusd && \
+ chown -R "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" . /var/run/radius && \
chmod -R u+rwX,g+rX . /var/run/radius || return 1
}
diff --git a/main/freeradius/freeradius.pre-install b/main/freeradius/freeradius.pre-install
index 04c48bb3fe..30ff04814e 100644
--- a/main/freeradius/freeradius.pre-install
+++ b/main/freeradius/freeradius.pre-install
@@ -1,6 +1,6 @@
#!/bin/sh
-addgroup radiusd 2>/dev/null
-adduser -S -G radiusd -h /var/log/radius -s /bin/false -D radiusd 2>/dev/null
+addgroup radius 2>/dev/null
+adduser -S -G radius -h /var/log/radius -s /sbin/nologin -D radius 2>/dev/null
exit 0
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-23 09:16:22 +0000