summaryrefslogtreecommitdiffstats
path: root/debian/patches/debian-local
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/debian-local')
-rw-r--r--debian/patches/debian-local/0001-Rename-radius-to-freeradius.patch152
-rw-r--r--debian/patches/debian-local/0010-version.c-disable-openssl-version-check.patch33
2 files changed, 185 insertions, 0 deletions
diff --git a/debian/patches/debian-local/0001-Rename-radius-to-freeradius.patch b/debian/patches/debian-local/0001-Rename-radius-to-freeradius.patch
new file mode 100644
index 0000000..fda1cf0
--- /dev/null
+++ b/debian/patches/debian-local/0001-Rename-radius-to-freeradius.patch
@@ -0,0 +1,152 @@
+Author: Sam Hartman <hartmans@debian.org>
+Description: Rename radius to freeradius
+Last-Updated: 2016-09-16
+Forwarded: not-needed
+
+---
+
+--- a/Make.inc.in
++++ b/Make.inc.in
+@@ -98,7 +98,7 @@
+
+ LOGDIR = ${logdir}
+ RADDBDIR = ${raddbdir}
+-RUNDIR = ${localstatedir}/run/radiusd
++RUNDIR = ${localstatedir}/run/freeradius
+ SBINDIR = ${sbindir}
+ RADIR = ${radacctdir}
+ LIBRADIUS = $(top_builddir)/src/lib/$(LIBPREFIX)freeradius-radius.la $(TALLOC_LIBS)
+--- a/raddb/radiusd.conf.in
++++ b/raddb/radiusd.conf.in
+@@ -91,7 +91,7 @@
+
+ #
+ # name of the running server. See also the "-n" command-line option.
+-name = radiusd
++name = freeradius
+
+ # Location of config and logfiles.
+ confdir = ${raddbdir}
+@@ -447,8 +447,8 @@
+ # member. This can allow for some finer-grained access
+ # controls.
+ #
+-# user = radius
+-# group = radius
++ user = freerad
++ group = freerad
+
+ # Core dumps are a bad thing. This should only be set to
+ # 'yes' if you're debugging a problem with the server.
+--- a/scripts/monit/freeradius.monitrc
++++ b/scripts/monit/freeradius.monitrc
+@@ -8,9 +8,9 @@
+ # Totalmem limit should be lowered to 200.0 if none of the
+ # interpreted language modules or rlm_cache are being used.
+ #
+-check process radiusd with pidfile /var/run/radiusd/radiusd.pid
+- start program = "/etc/init.d/radiusd start"
+- stop program = "/etc/init.d/radiusd stop"
++check process freeradius with pidfile /var/run/freeradius/freeradius.pid
++ start program = "/etc/init.d/freeradius start"
++ stop program = "/etc/init.d/freeradius stop"
+ if failed host 127.0.0.1 port 1812 type udp protocol radius secret testing123 then alert
+ if failed host 127.0.0.1 port 1813 type udp protocol radius secret testing123 then alert
+ if cpu > 95% for 2 cycles then alert
+--- a/raddb/sites-available/control-socket
++++ b/raddb/sites-available/control-socket
+@@ -72,12 +72,12 @@
+ #
+ # Name of user that is allowed to connect to the control socket.
+ #
+-# uid = radius
++# uid = freerad
+
+ #
+ # Name of group that is allowed to connect to the control socket.
+ #
+-# gid = radius
++# gid = freerad
+
+ #
+ # Access mode.
+--- a/src/main/radiusd.c
++++ b/src/main/radiusd.c
+@@ -102,7 +102,6 @@
+ bool display_version = false;
+ int flag = 0;
+ int from_child[2] = {-1, -1};
+- char *p;
+ fr_state_t *state = NULL;
+
+ /*
+@@ -137,13 +136,7 @@
+ main_config.myip.af = AF_UNSPEC;
+ main_config.port = 0;
+ main_config.daemonize = true;
+-
+- p = strrchr(argv[0], FR_DIR_SEP);
+- if (!p) {
+- main_config.name = argv[0];
+- } else {
+- main_config.name = p + 1;
+- }
++ main_config.name = "radiusd";
+
+ /*
+ * Don't put output anywhere until we get told a little
+@@ -697,7 +690,7 @@
+ {
+ FILE *output = status?stderr:stdout;
+
+- fprintf(output, "Usage: %s [options]\n", main_config.name);
++ fprintf(output, "Usage: freeradius [options]\n");
+ fprintf(output, "Options:\n");
+ fprintf(output, " -C Check configuration and exit.\n");
+ fprintf(stderr, " -d <raddb> Set configuration directory (defaults to " RADDBDIR ").\n");
+--- a/man/man8/radiusd.8
++++ b/man/man8/radiusd.8
+@@ -56,7 +56,7 @@
+ for an informative list of which modules are checked for correct
+ configuration, and which modules are skipped, and therefore not checked.
+ .IP "\-d \fIconfig directory\fP"
+-Defaults to \fI/etc/raddb\fP. \fBRadiusd\fP looks here for its configuration
++Defaults to \fI/etc/freeradius\fP. \fBRadiusd\fP looks here for its configuration
+ files such as the \fIdictionary\fP and the \fIusers\fP files.
+ .IP "\-D \fIdictionary directory\fP"
+ Set main dictionary directory. Defaults to \fI/usr/share/freeradius\fP.
+@@ -80,7 +80,7 @@
+ On SIGINT or SIGQUIT exit cleanly instead of immediately.
+ This is most useful for when running the server with "valgrind".
+ .IP "\-n \fIname\fP"
+-Read \fIraddb/name.conf\fP instead of \fIraddb/radiusd.conf\fP.
++Read \fIfreeradius/name.conf\fP instead of \fIfreeradius/radiusd.conf\fP.
+ .IP "\-p \fIport\fP"
+ Defines which port is used for receiving authentication packets.
+ Accounting packets are received on "port + 1".
+@@ -147,14 +147,14 @@
+ SQL), then:
+ .PP
+ .in +0.3i
+-a) Edit raddb/modules/foo
++a) Edit freeradius/modules/foo
+ .br
+ This file contains the default configuration for the module. It
+ contains comments describing what can be configured, and what those
+ configuration entries mean.
+ .br
+ .br
+-b) Edit raddb/sites-available/default
++b) Edit freeradius/sites-available/default
+ .br
+ This file contains the default policy for the server. e.g. "enable
+ CHAP, MS-CHAP, and EAP authentication". Look in this file for all
+@@ -163,7 +163,7 @@
+ the module.
+ .br
+ .br
+-c) Edit raddb/sites-available/inner-tunnel
++c) Edit freeradius/sites-available/inner-tunnel
+ .br
+ This file contains the default policy for the "tunneled" portion of
+ certain EAP methods. Perform the same kind of edits as above, for the
diff --git a/debian/patches/debian-local/0010-version.c-disable-openssl-version-check.patch b/debian/patches/debian-local/0010-version.c-disable-openssl-version-check.patch
new file mode 100644
index 0000000..f983a9c
--- /dev/null
+++ b/debian/patches/debian-local/0010-version.c-disable-openssl-version-check.patch
@@ -0,0 +1,33 @@
+From 1b4e8e5751c417ba9d3788d264e76aba4f6baa12 Mon Sep 17 00:00:00 2001
+From: Sam Hartman <hartmans@debian.org>
+Date: Thu, 23 Oct 2014 21:44:03 -0400
+Subject: version.c: disable openssl version check
+Forwarded: not-needed
+
+For Debian we don't want to require that the built OpenSSL be the same
+as the linked OpenSSL. Debian will be responsible for changing the
+soname if the ABI changes. The version check causes the freeradius
+packages to fail whenever a new OpenSSL is built.
+
+Patch-Category: debian-local
+---
+ src/main/version.c | 45 +++++++--------------------------------------
+ 1 file changed, 7 insertions(+), 38 deletions(-)
+
+--- a/src/main/radiusd.c
++++ b/src/main/radiusd.c
+@@ -277,14 +277,6 @@
+
+ if (rad_check_lib_magic(RADIUSD_MAGIC_NUMBER) < 0) exit(EXIT_FAILURE);
+
+- /*
+- * Mismatch between build time OpenSSL and linked SSL, better to die
+- * here than segfault later.
+- */
+-#ifdef HAVE_OPENSSL_CRYPTO_H
+- if (ssl_check_consistency() < 0) exit(EXIT_FAILURE);
+-#endif
+-
+ if (flag && (flag != 0x03)) {
+ fprintf(stderr, "%s: The options -i and -p cannot be used individually.\n",
+ main_config.name);