From e99eecafd0a0305ff8e4eb4b16a3d03963104713 Mon Sep 17 00:00:00 2001 From: Leonardo Arena Date: Mon, 15 Dec 2014 10:45:11 +0000 Subject: main/freeradius3: upgrade to 3.0.5 --- main/freeradius3/APKBUILD | 30 +++-- main/freeradius3/disable-cert-generation.patch | 39 ++----- .../freeradius-fix-openssl-version-check.patch | 11 -- .../freeradius3-301-default-config.patch | 130 --------------------- .../freeradius3-305-default-config.patch | 88 ++++++++++++++ 5 files changed, 108 insertions(+), 190 deletions(-) delete mode 100644 main/freeradius3/freeradius-fix-openssl-version-check.patch delete mode 100644 main/freeradius3/freeradius3-301-default-config.patch create mode 100644 main/freeradius3/freeradius3-305-default-config.patch (limited to 'main/freeradius3') diff --git a/main/freeradius3/APKBUILD b/main/freeradius3/APKBUILD index 1806f4e910..413510a4b1 100644 --- a/main/freeradius3/APKBUILD +++ b/main/freeradius3/APKBUILD @@ -2,8 +2,8 @@ # Maintainer: Leonardo Arena pkgname=freeradius3 _realname=freeradius -pkgver=3.0.3 -pkgrel=6 +pkgver=3.0.5 +pkgrel=0 pkgdesc="RADIUS (Remote Authentication Dial-In User Service) server" url="http://freeradius.org/" arch="all" @@ -22,11 +22,10 @@ subpackages="$pkgname-doc $pkgname-dev $pkgname-dbg $pkgname-ldap $pkgname-lib source="ftp://ftp.freeradius.org/pub/freeradius/$_realname-server-$pkgver.tar.gz $pkgname.confd $pkgname.initd - freeradius3-301-default-config.patch musl-fix-headers.patch - disable-cert-generation.patch freeradius3-303-main-log-include.patch - freeradius-fix-openssl-version-check.patch + disable-cert-generation.patch + freeradius3-305-default-config.patch " conflict="freeradius freeradius-lib freeradius-radclient" @@ -231,27 +230,24 @@ pam() { || return 1 } -md5sums="f031cdf90b94957b05a12468c95172d9 freeradius-server-3.0.3.tar.gz +md5sums="eb9102c2cc710b72a79e2d549e9cfa47 freeradius-server-3.0.5.tar.gz fc6693f3df5a0694610110287a28568a freeradius3.confd 3a50b7f233e74daf3f87da63b3e9579d freeradius3.initd -d332a0c1fcbab07f50461ae887279df2 freeradius3-301-default-config.patch d86558365a1deea4914ed139797805b0 musl-fix-headers.patch -7097584dba2b344caf5c32475bf8da16 disable-cert-generation.patch b3f62ccbba7aab3e7c009767372d71ed freeradius3-303-main-log-include.patch -2d3b4abed4010105d734d51de3123db0 freeradius-fix-openssl-version-check.patch" -sha256sums="57e9932e5401670d0f0000080b942aee2cd6ca80422f76acd21f13a4be46335e freeradius-server-3.0.3.tar.gz +ecd9ecfba4cf86a203de6faf8398c44a disable-cert-generation.patch +13bc93b64d4d6517539a3ffc13a40872 freeradius3-305-default-config.patch" +sha256sums="c17ade31ac7e12cac7443f7e6b607069f59aff8d9aed9ff90b1e6f552fe89909 freeradius-server-3.0.5.tar.gz 2d5b3e1af1299373182f2c8021bdf45c29db5d82b0a077b965a16ded32cb6292 freeradius3.confd e173cce3b8a4c2ed4d1fdd58fff8ec21e9166f011ec052f5f4c01712493e72b3 freeradius3.initd -edde20a808ad4c589d456ccf9e693a8ee9922e75366b1187994f0b982e856021 freeradius3-301-default-config.patch 872aaebf86a663f819460d98924a9dc1f3e428facac6930dc98d1e442df1633f musl-fix-headers.patch -a72a0454f047bbbf258ffa90bd496e48cdfd95bc03a3863ab01750382ce566e3 disable-cert-generation.patch 37b3a67a9fe5a34d82fd6274b95732298561f19a0e7c81faf5ad0bf9a8f7874a freeradius3-303-main-log-include.patch -4f4bbe57f77cd16c5451dc6f29070508e665285ad889fc1bbfdf6146e4f19ede freeradius-fix-openssl-version-check.patch" -sha512sums="a4fbb0a19f5946182c0cac6d62270db378674e48350c7c3b8f7d8a2a1b16c95c9b205af8d7ed22009b6392d4ab7cb251694d2593a39d9e4efc8eec9ff736bd01 freeradius-server-3.0.3.tar.gz +008fa3a4da7b3c01df238bf492a8ccda4077289c02c553a60ad8f4439ec136a2 disable-cert-generation.patch +72235e434642950ebc3e6f31398a16dd7d4f17813f849d6b1114064b91bd0cab freeradius3-305-default-config.patch" +sha512sums="150ff270d87cd3a6ed29ef26a30ccb6149c95dedf76e61b9c429ae820602dd52ebbc8b159411793aebc91b87e78485b3a231fa448152264e1a5ebb7199cad918 freeradius-server-3.0.5.tar.gz e248159c0a44f722e405c51c8015d9ad672e42ad0d38ca28f8a051ff911aa4d3e630b9bd4543e9d610940bc4ae50c022594e219ce341b36abe85c572acad418b freeradius3.confd b29bf9090a2be7af77a3e104346a23024baf78a343e7f2fd6f6ddb02c223ac66d9b77c80d02b2cb26cbef2e64cb59c46462bb54b063b862e5a3a61c72653a63d freeradius3.initd -f32ca8fbd0d082f962c5e42c78742f7b099d2e518ee246003a7860c6d69bad745dcad974b2fb98f8e51ddecb78222f88bc778dd2f33efdb02b3f8e4298ea3e79 freeradius3-301-default-config.patch c49e5eec7497fccde5fd09dba1ea9b846e57bc88015bd81640aa531fb5c9b449f37136f42c85fe1d7940c5963aed664b85da28442b388c9fb8cc27873df03b2d musl-fix-headers.patch -d027627ac302c39de9342f5f97d2b44752e33d0def311aa5e140e9365b6a501cd5e4f311b1751d5efa3aa63666f07fc58bc222f95bba0a478a7828c6aea07770 disable-cert-generation.patch 1bf8587bfbf6109cfe8b34ffb4e3100d1d06be24678d9358c0cccc84e84e277822c01117bd4a038b11da35fcb86110588f5bd54177cbd632036977db3a53376d freeradius3-303-main-log-include.patch -4b6c7d55ef4a404a8cdc4117caa5f5ec9ba3079b2be1c69b4cc5500ea81f2f09fa7cce45d0bf52f262242a6519a722212628384d8c82af244bac1a381fce6c52 freeradius-fix-openssl-version-check.patch" +09b78c6baa992f82ab81c43aad6792536a4708d460170f0a373e242a5fafe8db10662dc7fcef99a966b828ed91fa7fe38567c961c938de9a447f1ee03aebb142 disable-cert-generation.patch +b2236d3484f31e5b21232c38b10e141e2cb243e82c7e89d5221c8db8c68f268038db0d1d2dfaf8456ea40a079d486d7685ccac98982359480566ede8277ffc16 freeradius3-305-default-config.patch" diff --git a/main/freeradius3/disable-cert-generation.patch b/main/freeradius3/disable-cert-generation.patch index 3606c911cd..69cc13b5c4 100644 --- a/main/freeradius3/disable-cert-generation.patch +++ b/main/freeradius3/disable-cert-generation.patch @@ -1,27 +1,3 @@ ---- a/Makefile -+++ b/Makefile -@@ -40,7 +40,6 @@ - # Only redirect STDOUT, which should contain details of why the test failed. - # Don't molest STDERR as this may be used to receive output from a debugger. - $(BUILD_DIR)/tests/radiusd-c: raddb/test.conf ${BUILD_DIR}/bin/radiusd | build.raddb -- @$(MAKE) -C raddb/certs - @printf "radiusd -C... " - @if ! ./build/make/jlibtool --mode=execute ./build/bin/radiusd -XCMd ./raddb -D ./share -n test > $(BUILD_DIR)/tests/radiusd.config.log; then \ - @rm -f raddb/test.conf; \ -@@ -224,13 +223,6 @@ - .PHONY: TAGS - TAGS: - etags `find src -type f -name '*.[ch]' -print` > $@ -- --# --# Make test certificates. --# --.PHONY: certs --certs: -- @$(MAKE) -C raddb/certs - - ###################################################################### - # --- a/raddb/all.mk +++ b/raddb/all.mk @@ -18,9 +18,6 @@ @@ -34,19 +10,18 @@ LEGACY_LINKS := $(addprefix $(R)$(raddbdir)/,users huntgroups hints) RADDB_DIRS := certs mods-available mods-enabled policy.d \ -@@ -111,15 +108,6 @@ - $(R)$(raddbdir)/users: $(R)$(modconfdir)/files/authorize - @[ -e $@ ] || echo LN-S $(patsubst $(R)$(raddbdir)/%,raddb/%,$@) +@@ -113,14 +110,7 @@ @[ -e $@ ] || ln -s $(patsubst $(R)$(raddbdir)/%,./%,$<) $@ -- + + ifeq ("$(PACKAGE)","") -$(LOCAL_CERT_PRODUCTS): - @echo BOOTSTRAP raddb/certs/ - @$(MAKE) -C $(R)$(raddbdir)/certs/ -- + -# Bootstrap is special -$(R)$(raddbdir)/certs/bootstrap: | raddb/certs/bootstrap $(LOCAL_CERT_PRODUCTS) - @echo INSTALL $(patsubst $(R)$(raddbdir)/%,raddb/%,$@) - @$(INSTALL) -m 750 $(patsubst $(R)$(raddbdir)/%,raddb/%,$@) $@ - - # List directories before the file targets. - # It's not clear why GNU Make doesn't deal well with this. + else + $(R)$(raddbdir)/certs/bootstrap: + @echo INSTALL $(patsubst $(R)$(raddbdir)/%,raddb/%,$@) diff --git a/main/freeradius3/freeradius-fix-openssl-version-check.patch b/main/freeradius3/freeradius-fix-openssl-version-check.patch deleted file mode 100644 index e694c51805..0000000000 --- a/main/freeradius3/freeradius-fix-openssl-version-check.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/main/version.c -+++ b/src/main/version.c -@@ -48,7 +48,7 @@ - - ssl_linked = SSLeay(); - -- if (ssl_linked != ssl_built) { -+ if (((ssl_linked >> 8) != (ssl_built >> 8)) || (ssl_linked < ssl_built)) { - ERROR("libssl version mismatch. built: %lx linked: %lx", - (unsigned long) ssl_built, - (unsigned long) ssl_linked); diff --git a/main/freeradius3/freeradius3-301-default-config.patch b/main/freeradius3/freeradius3-301-default-config.patch deleted file mode 100644 index dc30a6d436..0000000000 --- a/main/freeradius3/freeradius3-301-default-config.patch +++ /dev/null @@ -1,130 +0,0 @@ ---- a/raddb/policy.d/accounting -+++ b/raddb/policy.d/accounting -@@ -34,7 +34,7 @@ - # - if("%{string:Class}" =~ /${policy.class_value_prefix}([0-9a-f]{32})/i) { - update request { -- Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}" -+ &Acct-Unique-Session-Id := "%{md5:%{1},%{Acct-Session-ID}}" - } - } - -@@ -46,7 +46,7 @@ - # - else { - update request { -- Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}" -+ &Acct-Unique-Session-Id := "%{md5:%{User-Name},%{Acct-Session-ID},%{%{NAS-IPv6-Address}:-%{NAS-IP-Address}},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}" - } - } - } -@@ -65,8 +65,8 @@ - # - acct_counters64.preacct { - update request { -- Acct-Input-Octets64 = "%{expr:(%{%{Acct-Input-Gigawords}:-0} * 4294967296) + %{%{Acct-Input-Octets}:-0}}" -- Acct-Output-Octets64 = "%{expr:(%{%{Acct-Output-Gigawords}:-0} * 4294967296) + %{%{Acct-Output-Octets}:-0}}" -+ &Acct-Input-Octets64 = "%{expr:(%{%{Acct-Input-Gigawords}:-0} * 4294967296) + %{%{Acct-Input-Octets}:-0}}" -+ &Acct-Output-Octets64 = "%{expr:(%{%{Acct-Output-Gigawords}:-0} * 4294967296) + %{%{Acct-Output-Octets}:-0}}" - } - } - ---- a/raddb/policy.d/eap -+++ b/raddb/policy.d/eap -@@ -76,7 +76,7 @@ - remove_reply_message_if_eap { - if(reply:EAP-Message && reply:Reply-Message) { - update reply { -- Reply-Message !* ANY -+ &Reply-Message !* ANY - } - } - else { ---- a/raddb/radiusd.conf.in -+++ b/raddb/radiusd.conf.in -@@ -415,8 +415,8 @@ - # member. This can allow for some finer-grained access - # controls. - # --# user = radius --# group = radius -+ user = radius -+ group = radius - - # Core dumps are a bad thing. This should only be set to - # 'yes' if you're debugging a problem with the server. ---- a/raddb/sites-available/default -+++ b/raddb/sites-available/default -@@ -314,9 +314,9 @@ - # for the many packets that go back and forth to set up TTLS - # or PEAP. The load on those servers will therefore be reduced. - # -- eap { -- ok = return -- } -+# eap { -+# ok = return -+# } - - # - # Pull crypt'd passwords from /etc/passwd or /etc/shadow, -@@ -457,7 +457,7 @@ - - # - # Allow EAP authentication. -- eap -+# eap - - # - # The older configurations sent a number of attributes in -@@ -748,7 +748,7 @@ - # Insert EAP-Failure message if the request was - # rejected by policy instead of because of an - # authentication failure -- eap -+# eap - - # Remove reply message if the response contains an EAP-Message - remove_reply_message_if_eap -@@ -817,7 +817,7 @@ - # hidden inside of the EAP packet, and the end server will - # reject the EAP request. - # -- eap -+# eap - - # - # If the server tries to proxy a request and fails, then the ---- a/raddb/sites-available/inner-tunnel -+++ b/raddb/sites-available/inner-tunnel -@@ -116,9 +116,9 @@ - # for the many packets that go back and forth to set up TTLS - # or PEAP. The load on those servers will therefore be reduced. - # -- eap { -- ok = return -- } -+# eap { -+# ok = return -+# } - - # - # Read the 'users' file -@@ -227,7 +227,7 @@ - - # - # Allow EAP authentication. -- eap -+# eap - } - - ###################################################################### -@@ -380,7 +380,7 @@ - # hidden inside of the EAP packet, and the end server will - # reject the EAP request. - # -- eap -+# eap - - # - # If the server tries to proxy a request and fails, then the diff --git a/main/freeradius3/freeradius3-305-default-config.patch b/main/freeradius3/freeradius3-305-default-config.patch new file mode 100644 index 0000000000..c919737775 --- /dev/null +++ b/main/freeradius3/freeradius3-305-default-config.patch @@ -0,0 +1,88 @@ +--- a/raddb/radiusd.conf.in ++++ b/raddb/radiusd.conf.in +@@ -436,8 +436,8 @@ + # member. This can allow for some finer-grained access + # controls. + # +-# user = radius +-# group = radius ++ user = radius ++ group = radius + + # Core dumps are a bad thing. This should only be set to + # 'yes' if you're debugging a problem with the server. +--- a/raddb/sites-available/default ++++ b/raddb/sites-available/default +@@ -343,9 +343,9 @@ + # for the many packets that go back and forth to set up TTLS + # or PEAP. The load on those servers will therefore be reduced. + # +- eap { +- ok = return +- } ++# eap { ++# ok = return ++# } + + # + # Pull crypt'd passwords from /etc/passwd or /etc/shadow, +@@ -486,7 +486,7 @@ + + # + # Allow EAP authentication. +- eap ++# eap + + # + # The older configurations sent a number of attributes in +@@ -792,7 +792,7 @@ + # Insert EAP-Failure message if the request was + # rejected by policy instead of because of an + # authentication failure +- eap ++# eap + + # Remove reply message if the response contains an EAP-Message + remove_reply_message_if_eap +@@ -861,7 +861,7 @@ + # hidden inside of the EAP packet, and the end server will + # reject the EAP request. + # +- eap ++# eap + + # + # If the server tries to proxy a request and fails, then the +--- a/raddb/sites-available/inner-tunnel ++++ b/raddb/sites-available/inner-tunnel +@@ -116,9 +116,9 @@ + # for the many packets that go back and forth to set up TTLS + # or PEAP. The load on those servers will therefore be reduced. + # +- eap { +- ok = return +- } ++# eap { ++# ok = return ++# } + + # + # Read the 'users' file +@@ -227,7 +227,7 @@ + + # + # Allow EAP authentication. +- eap ++# eap + } + + ###################################################################### +@@ -367,7 +367,7 @@ + # hidden inside of the EAP packet, and the end server will + # reject the EAP request. + # +- eap ++# eap + + # + # If the server tries to proxy a request and fails, then the -- cgit v1.2.3