4 files changed, 47 insertions, 2 deletions

diff --git a/debian/changelog b/debian/changelog
index c2b555a..e64e8c0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+freeradius (3.2.5+dfsg-3) unstable; urgency=medium
+
+  [ Andreas Hasenack ]
+  * Cherry-Pick from upstream: Replace radsecret with shell script to avoid
+    dependency on extra perl modules (Closes: #1076458)
+
+ -- Bernhard Schmidt <berni@debian.org>  Wed, 17 Jul 2024 22:44:55 +0200
+
 freeradius (3.2.5+dfsg-2) unstable; urgency=medium
 
   * Fix parallel builds
diff --git a/debian/control b/debian/control
index 7e6523d..fb1ad6e 100644
--- a/debian/control
+++ b/debian/control
@@ -98,8 +98,6 @@ Conflicts: radiusd-livingston, yardradius
 Depends: freeradius-common,
          freeradius-config,
          libfreeradius3 (= ${binary:Version}),
-         libconvert-base32-perl,
-         libcrypt-urandom-perl,
          ${dist:Depends},
          ${misc:Depends},
          ${perl:Depends},
diff --git a/debian/patches/replace-radsecret.patch b/debian/patches/replace-radsecret.patch
new file mode 100644
index 0000000..616f6ea
--- /dev/null
+++ b/debian/patches/replace-radsecret.patch
@@ -0,0 +1,38 @@
+Description: replace radsecret with a Bash variant
+ This avoids adding two perl dependencies which are in Universe, and trigger a
+ component mismatch in Ubuntu.
+ .
+ This patch is 3 changes put together:
+ https://github.com/FreeRADIUS/freeradius-server/commit/b77c4e295a55451efea4ff44029a2551c855386c
+ https://github.com/FreeRADIUS/freeradius-server/commit/3d568a74ed566089062ecca635bf0e89a1895346
+ And replacing random with urandom as commented in https://github.com/FreeRADIUS/freeradius-server/pull/5375#issuecomment-2233818142
+ .
+ Discussion in https://github.com/FreeRADIUS/freeradius-server/pull/5375
+Origin: upstream, https://github.com/FreeRADIUS/freeradius-server/commit/b77c4e295a55451efea4ff44029a2551c855386c and others, see description
+Bug-Debian: https://bugs.debian.org/1076458
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/freeradius/+bug/2073269
+Last-Update: 2024-07-17
+
+Index: freeradius/src/main/radsecret
+===================================================================
+--- freeradius.orig/src/main/radsecret	2024-07-17 14:41:42.151818906 -0300
++++ freeradius/src/main/radsecret	2024-07-17 14:42:04.490103653 -0300
+@@ -1,7 +1,14 @@
+-#!/usr/bin/env perl
++#!/bin/sh
+ #
+ #  A tool which generates strong shared secrets.
+ #
+-use Convert::Base32;
+-use Crypt::URandom();
+-print join('-', unpack("(A4)*", lc encode_base32(Crypt::URandom::urandom(12)))), "\n";
++openssl rand -base64 12 2>/dev/null && exit 0
++
++(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base64 2>/dev/null) && exit 0
++
++(dd if=/dev/urandom bs=1 count=12 2>/dev/null | base32 2>/dev/null) && exit 0
++
++(dd if=/dev/urandom bs=1 count=12 2>/dev/null | hexdump -ve '/1 "%02x"';echo) && exit 0
++
++echo "Failed finding 'openssl', 'base64', 'base32', or 'hexdump' tools".
++exit 1
diff --git a/debian/patches/series b/debian/patches/series
index 5dfbaa2..b367578 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ debian-local/0010-version.c-disable-openssl-version-check.patch
 dont-install-tests.diff
 snakeoil-certs.diff
 fix-parallel-build.patch
+replace-radsecret.patch