From b486f33989b6fa5fd31509219f0c1e55a2dc7db3 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 11:49:47 +0200 Subject: Adding debian version 3.2.1+dfsg-4+deb12u1. Signed-off-by: Daniel Baumann --- .../0001-Rename-radius-to-freeradius.patch | 152 +++++++++++++++++++++ ...0-version.c-disable-openssl-version-check.patch | 32 +++++ 2 files changed, 184 insertions(+) create mode 100644 debian/patches/debian-local/0001-Rename-radius-to-freeradius.patch create mode 100644 debian/patches/debian-local/0010-version.c-disable-openssl-version-check.patch (limited to 'debian/patches/debian-local') diff --git a/debian/patches/debian-local/0001-Rename-radius-to-freeradius.patch b/debian/patches/debian-local/0001-Rename-radius-to-freeradius.patch new file mode 100644 index 0000000..fda1cf0 --- /dev/null +++ b/debian/patches/debian-local/0001-Rename-radius-to-freeradius.patch @@ -0,0 +1,152 @@ +Author: Sam Hartman +Description: Rename radius to freeradius +Last-Updated: 2016-09-16 +Forwarded: not-needed + +--- + +--- a/Make.inc.in ++++ b/Make.inc.in +@@ -98,7 +98,7 @@ + + LOGDIR = ${logdir} + RADDBDIR = ${raddbdir} +-RUNDIR = ${localstatedir}/run/radiusd ++RUNDIR = ${localstatedir}/run/freeradius + SBINDIR = ${sbindir} + RADIR = ${radacctdir} + LIBRADIUS = $(top_builddir)/src/lib/$(LIBPREFIX)freeradius-radius.la $(TALLOC_LIBS) +--- a/raddb/radiusd.conf.in ++++ b/raddb/radiusd.conf.in +@@ -91,7 +91,7 @@ + + # + # name of the running server. See also the "-n" command-line option. +-name = radiusd ++name = freeradius + + # Location of config and logfiles. + confdir = ${raddbdir} +@@ -447,8 +447,8 @@ + # member. This can allow for some finer-grained access + # controls. + # +-# user = radius +-# group = radius ++ user = freerad ++ group = freerad + + # Core dumps are a bad thing. This should only be set to + # 'yes' if you're debugging a problem with the server. +--- a/scripts/monit/freeradius.monitrc ++++ b/scripts/monit/freeradius.monitrc +@@ -8,9 +8,9 @@ + # Totalmem limit should be lowered to 200.0 if none of the + # interpreted language modules or rlm_cache are being used. + # +-check process radiusd with pidfile /var/run/radiusd/radiusd.pid +- start program = "/etc/init.d/radiusd start" +- stop program = "/etc/init.d/radiusd stop" ++check process freeradius with pidfile /var/run/freeradius/freeradius.pid ++ start program = "/etc/init.d/freeradius start" ++ stop program = "/etc/init.d/freeradius stop" + if failed host 127.0.0.1 port 1812 type udp protocol radius secret testing123 then alert + if failed host 127.0.0.1 port 1813 type udp protocol radius secret testing123 then alert + if cpu > 95% for 2 cycles then alert +--- a/raddb/sites-available/control-socket ++++ b/raddb/sites-available/control-socket +@@ -72,12 +72,12 @@ + # + # Name of user that is allowed to connect to the control socket. + # +-# uid = radius ++# uid = freerad + + # + # Name of group that is allowed to connect to the control socket. + # +-# gid = radius ++# gid = freerad + + # + # Access mode. +--- a/src/main/radiusd.c ++++ b/src/main/radiusd.c +@@ -102,7 +102,6 @@ + bool display_version = false; + int flag = 0; + int from_child[2] = {-1, -1}; +- char *p; + fr_state_t *state = NULL; + + /* +@@ -137,13 +136,7 @@ + main_config.myip.af = AF_UNSPEC; + main_config.port = 0; + main_config.daemonize = true; +- +- p = strrchr(argv[0], FR_DIR_SEP); +- if (!p) { +- main_config.name = argv[0]; +- } else { +- main_config.name = p + 1; +- } ++ main_config.name = "radiusd"; + + /* + * Don't put output anywhere until we get told a little +@@ -697,7 +690,7 @@ + { + FILE *output = status?stderr:stdout; + +- fprintf(output, "Usage: %s [options]\n", main_config.name); ++ fprintf(output, "Usage: freeradius [options]\n"); + fprintf(output, "Options:\n"); + fprintf(output, " -C Check configuration and exit.\n"); + fprintf(stderr, " -d Set configuration directory (defaults to " RADDBDIR ").\n"); +--- a/man/man8/radiusd.8 ++++ b/man/man8/radiusd.8 +@@ -56,7 +56,7 @@ + for an informative list of which modules are checked for correct + configuration, and which modules are skipped, and therefore not checked. + .IP "\-d \fIconfig directory\fP" +-Defaults to \fI/etc/raddb\fP. \fBRadiusd\fP looks here for its configuration ++Defaults to \fI/etc/freeradius\fP. \fBRadiusd\fP looks here for its configuration + files such as the \fIdictionary\fP and the \fIusers\fP files. + .IP "\-D \fIdictionary directory\fP" + Set main dictionary directory. Defaults to \fI/usr/share/freeradius\fP. +@@ -80,7 +80,7 @@ + On SIGINT or SIGQUIT exit cleanly instead of immediately. + This is most useful for when running the server with "valgrind". + .IP "\-n \fIname\fP" +-Read \fIraddb/name.conf\fP instead of \fIraddb/radiusd.conf\fP. ++Read \fIfreeradius/name.conf\fP instead of \fIfreeradius/radiusd.conf\fP. + .IP "\-p \fIport\fP" + Defines which port is used for receiving authentication packets. + Accounting packets are received on "port + 1". +@@ -147,14 +147,14 @@ + SQL), then: + .PP + .in +0.3i +-a) Edit raddb/modules/foo ++a) Edit freeradius/modules/foo + .br + This file contains the default configuration for the module. It + contains comments describing what can be configured, and what those + configuration entries mean. + .br + .br +-b) Edit raddb/sites-available/default ++b) Edit freeradius/sites-available/default + .br + This file contains the default policy for the server. e.g. "enable + CHAP, MS-CHAP, and EAP authentication". Look in this file for all +@@ -163,7 +163,7 @@ + the module. + .br + .br +-c) Edit raddb/sites-available/inner-tunnel ++c) Edit freeradius/sites-available/inner-tunnel + .br + This file contains the default policy for the "tunneled" portion of + certain EAP methods. Perform the same kind of edits as above, for the diff --git a/debian/patches/debian-local/0010-version.c-disable-openssl-version-check.patch b/debian/patches/debian-local/0010-version.c-disable-openssl-version-check.patch new file mode 100644 index 0000000..82e8a9c --- /dev/null +++ b/debian/patches/debian-local/0010-version.c-disable-openssl-version-check.patch @@ -0,0 +1,32 @@ +From 1b4e8e5751c417ba9d3788d264e76aba4f6baa12 Mon Sep 17 00:00:00 2001 +From: Sam Hartman +Date: Thu, 23 Oct 2014 21:44:03 -0400 +Subject: version.c: disable openssl version check + +For Debian we don't want to require that the built OpenSSL be the same +as the linked OpenSSL. Debian will be responsible for changing the +soname if the ABI changes. The version check causes the freeradius +packages to fail whenever a new OpenSSL is built. + +Patch-Category: debian-local +--- + src/main/version.c | 45 +++++++-------------------------------------- + 1 file changed, 7 insertions(+), 38 deletions(-) + +--- a/src/main/radiusd.c ++++ b/src/main/radiusd.c +@@ -277,14 +277,6 @@ + + if (rad_check_lib_magic(RADIUSD_MAGIC_NUMBER) < 0) exit(EXIT_FAILURE); + +- /* +- * Mismatch between build time OpenSSL and linked SSL, better to die +- * here than segfault later. +- */ +-#ifdef HAVE_OPENSSL_CRYPTO_H +- if (ssl_check_consistency() < 0) exit(EXIT_FAILURE); +-#endif +- + if (flag && (flag != 0x03)) { + fprintf(stderr, "%s: The options -i and -p cannot be used individually.\n", + main_config.name); -- cgit v1.2.3