summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-26 10:42:36 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-26 10:42:36 +0000
commit470ddeffc29d81b2049994ecc7930ac70855fb9a (patch)
tree3f1ef54e62a4a9641625213deb4c024738f6104e
parentAdding debian version 3.2.5+dfsg-2. (diff)
downloadfreeradius-470ddeffc29d81b2049994ecc7930ac70855fb9a.tar.xz
freeradius-470ddeffc29d81b2049994ecc7930ac70855fb9a.zip
Adding debian version 3.2.5+dfsg-3.debian/3.2.5+dfsg-3debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/changelog8
-rw-r--r--debian/control2
-rw-r--r--debian/patches/replace-radsecret.patch38
-rw-r--r--debian/patches/series1
4 files changed, 47 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index c2b555a..e64e8c0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+freeradius (3.2.5+dfsg-3) unstable; urgency=medium
+
+ [ Andreas Hasenack ]
+ * Cherry-Pick from upstream: Replace radsecret with shell script to avoid
+ dependency on extra perl modules (Closes: #1076458)
+
+ -- Bernhard Schmidt <berni@debian.org> Wed, 17 Jul 2024 22:44:55 +0200
+
freeradius (3.2.5+dfsg-2) unstable; urgency=medium
* Fix parallel builds
diff --git a/debian/control b/debian/control
index 7e6523d..fb1ad6e 100644
--- a/debian/control
+++ b/debian/control
@@ -98,8 +98,6 @@ Conflicts: radiusd-livingston, yardradius
Depends: freeradius-common,
freeradius-config,
libfreeradius3 (= ${binary:Version}),
- libconvert-base32-perl,
- libcrypt-urandom-perl,
${dist:Depends},
${misc:Depends},
${perl:Depends},
diff --git a/debian/patches/replace-radsecret.patch b/debian/patches/replace-radsecret.patch
new file mode 100644
index 0000000..616f6ea
--- /dev/null
+++ b/debian/patches/replace-radsecret.patch
@@ -0,0 +1,38 @@
+Description: replace radsecret with a Bash variant
+ This avoids adding two perl dependencies which are in Universe, and trigger a
+ component mismatch in Ubuntu.
+ .
+ This patch is 3 changes put together:
+ https://github.com/FreeRADIUS/freeradius-server/commit/b77c4e295a55451efea4ff44029a2551c855386c
+ https://github.com/FreeRADIUS/freeradius-server/commit/3d568a74ed566089062ecca635bf0e89a1895346
+ And replacing random with urandom as commented in https://github.com/FreeRADIUS/freeradius-server/pull/5375#issuecomment-2233818142
+ .
+ Discussion in https://github.com/FreeRADIUS/freeradius-server/pull/5375
+Origin: upstream, https://github.com/FreeRADIUS/freeradius-server/commit/b77c4e295a55451efea4ff44029a2551c855386c and others, see description
+Bug-Debian: https://bugs.debian.org/1076458
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/2073269
+Last-Update: 2024-07-17
+
+Index: freeradius/src/main/radsecret
+===================================================================
+--- freeradius.orig/src/main/radsecret 2024-07-17 14:41:42.151818906 -0300
++++ freeradius/src/main/radsecret 2024-07-17 14:42:04.490103653 -0300
+@@ -1,7 +1,14 @@
+-#!/usr/bin/env perl
++#!/bin/sh
+ #
+ # A tool which generates strong shared secrets.
+ #
+-use Convert::Base32;
+-use Crypt::URandom();
+-print join('-', unpack("(A4)*", lc encode_base32(Crypt::URandom::urandom(12)))), "\n";
++openssl rand -base64 12 2>/dev/null && exit 0
++
++(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 2>/dev/null) && exit 0
++
++(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base32 2>/dev/null) && exit 0
++
++(dd if=/dev/urandom bs=1 count=12 2>/dev/null | hexdump -ve '/1 "%02x"';echo) && exit 0
++
++echo "Failed finding 'openssl', 'base64', 'base32', or 'hexdump' tools".
++exit 1
diff --git a/debian/patches/series b/debian/patches/series
index 5dfbaa2..b367578 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ debian-local/0010-version.c-disable-openssl-version-check.patch
dont-install-tests.diff
snakeoil-certs.diff
fix-parallel-build.patch
+replace-radsecret.patch