Merge pull request #11982 from Robby-/master-freeradius3_update_3_0_21

freeradius3: Update to 3.0.21

net/freeradius3/Makefile

@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=freeradius3
-PKG_VERSION:=release_3_0_20
-PKG_RELEASE:=4
+PKG_VERSION:=release_3_0_21
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive
-PKG_HASH:=8177fe550af6685a040884dbe3df28431bdc5a8d3a48a9f4f88bdb49f2d0e90c
+PKG_HASH:=b2014372948a92f86cfe2cf43c58ef47921c03af05666eb9d6416bdc6eeaedc2
 
 PKG_MAINTAINER:=
 PKG_LICENSE:=GPL-2.0
@@ -77,9 +77,9 @@ define Package/freeradius3-default
 +freeradius3-mod-eap-md5 \
 +freeradius3-mod-eap-mschapv2 \
 +freeradius3-mod-eap-peap \
++freeradius3-mod-eap-pwd \
 +freeradius3-mod-eap-tls \
 +freeradius3-mod-eap-ttls \
-+freeradius3-mod-eap-pwd \
 +freeradius3-mod-exec \
 +freeradius3-mod-expiration \
 +freeradius3-mod-expr \
@@ -100,6 +100,39 @@ define Package/freeradius3-democerts
   TITLE:=Demo certificates to test the server
 endef
 
+define Package/freeradius3-mod-always
+  $(call Package/freeradius3/Default)
+  DEPENDS:=freeradius3
+  TITLE:=Always module
+endef
+
+define Package/freeradius3-mod-always/conffiles
+/etc/freeradius3/mods-available/always
+/etc/freeradius3/mods-enabled/always
+endef
+
+define Package/freeradius3-mod-attr-filter
+  $(call Package/freeradius3/Default)
+  DEPENDS:=freeradius3
+  TITLE:=ATTR filter module
+endef
+
+define Package/freeradius3-mod-attr-filter/conffiles
+/etc/freeradius3/mods-available/attr_filter
+/etc/freeradius3/mods-enabled/attr_filter
+/etc/freeradius3/mods-config/attr_filter/access_challenge
+/etc/freeradius3/mods-config/attr_filter/access_reject
+/etc/freeradius3/mods-config/attr_filter/accounting_response
+/etc/freeradius3/mods-config/attr_filter/post-proxy
+/etc/freeradius3/mods-config/attr_filter/pre-proxy
+endef
+
+define Package/freeradius3-mod-attr-rewrite
+  $(call Package/freeradius3/Default)
+  DEPENDS:=freeradius3
+  TITLE:=ATTR rewrite module
+endef
+
 define Package/freeradius3-mod-chap
   $(call Package/freeradius3/Default)
   DEPENDS:=freeradius3
@@ -177,6 +210,12 @@ define Package/freeradius3-mod-eap-peap
   TITLE:=EAP/PEAP module
 endef
 
+define Package/freeradius3-mod-eap-pwd
+  $(call Package/freeradius3/Default)
+  DEPENDS:=freeradius3-mod-eap @FREERADIUS3_OPENSSL
+  TITLE:=EAP/PWD module
+endef
+
 define Package/freeradius3-mod-eap-tls
   $(call Package/freeradius3/Default)
   DEPENDS:=freeradius3-mod-eap @FREERADIUS3_OPENSSL
@@ -189,12 +228,6 @@ define Package/freeradius3-mod-eap-ttls
   TITLE:=EAP/TTLS module
 endef
 
-define Package/freeradius3-mod-eap-pwd
-  $(call Package/freeradius3/Default)
-  DEPENDS:=freeradius3-mod-eap @FREERADIUS3_OPENSSL
-  TITLE:=EAP/PWD module
-endef
-
 define Package/freeradius3-mod-exec
   $(call Package/freeradius3/Default)
   DEPENDS:=freeradius3
@@ -217,17 +250,6 @@ define Package/freeradius3-mod-expiration/conffiles
 /etc/freeradius3/mods-enabled/expiration
 endef
 
-define Package/freeradius3-mod-always
-  $(call Package/freeradius3/Default)
-  DEPENDS:=freeradius3
-  TITLE:=Always module
-endef
-
-define Package/freeradius3-mod-always/conffiles
-/etc/freeradius3/mods-available/always
-/etc/freeradius3/mods-enabled/always
-endef
-
 define Package/freeradius3-mod-expr
   $(call Package/freeradius3/Default)
   DEPENDS:=freeradius3
@@ -239,28 +261,6 @@ define Package/freeradius3-mod-expr/conffiles
 /etc/freeradius3/mods-enabled/expr
 endef
 
-define Package/freeradius3-mod-attr-filter
-  $(call Package/freeradius3/Default)
-  DEPENDS:=freeradius3
-  TITLE:=ATTR filter module
-endef
-
-define Package/freeradius3-mod-attr-filter/conffiles
-/etc/freeradius3/mods-available/attr_filter
-/etc/freeradius3/mods-enabled/attr_filter
-/etc/freeradius3/mods-config/attr_filter/access_challenge
-/etc/freeradius3/mods-config/attr_filter/access_reject
-/etc/freeradius3/mods-config/attr_filter/accounting_response
-/etc/freeradius3/mods-config/attr_filter/post-proxy
-/etc/freeradius3/mods-config/attr_filter/pre-proxy
-endef
-
-define Package/freeradius3-mod-attr-rewrite
-  $(call Package/freeradius3/Default)
-  DEPENDS:=freeradius3
-  TITLE:=ATTR rewrite module
-endef
-
 define Package/freeradius3-mod-files
   $(call Package/freeradius3/Default)
   DEPENDS:=freeradius3
@@ -275,17 +275,6 @@ define Package/freeradius3-mod-files/conffiles
 /etc/freeradius3/mods-config/files/pre-proxy
 endef
 
-define Package/freeradius3-mod-passwd
-  $(call Package/freeradius3/Default)
-  DEPENDS:=freeradius3
-  TITLE:=Rlm passwd module
-endef
-
-define Package/freeradius3-mod-passwd/conffiles
-/etc/freeradius3/mods-available/passwd
-/etc/freeradius3/mods-enabled/passwd
-endef
-
 define Package/freeradius3-mod-ldap
   $(call Package/freeradius3/Default)
   DEPENDS:=freeradius3 +libopenldap @FREERADIUS3_OPENSSL
@@ -329,6 +318,17 @@ define Package/freeradius3-mod-pap/conffiles
 /etc/freeradius3/mods-enabled/pap
 endef
 
+define Package/freeradius3-mod-passwd
+  $(call Package/freeradius3/Default)
+  DEPENDS:=freeradius3
+  TITLE:=Rlm passwd module
+endef
+
+define Package/freeradius3-mod-passwd/conffiles
+/etc/freeradius3/mods-available/passwd
+/etc/freeradius3/mods-enabled/passwd
+endef
+
 define Package/freeradius3-mod-preprocess
   $(call Package/freeradius3/Default)
   DEPENDS:=freeradius3
@@ -352,6 +352,19 @@ define Package/freeradius3-mod-python3/conffiles
 /etc/freeradius3/mods-available/python3
 endef
 
+define Package/freeradius3-mod-radutmp
+  $(call Package/freeradius3/Default)
+  DEPENDS:=freeradius3
+  TITLE:=Radius UTMP module
+endef
+
+define Package/freeradius3-mod-radutmp/conffiles
+/etc/freeradius3/mods-available/radutmp
+/etc/freeradius3/mods-enabled/radutmp
+/etc/freeradius3/mods-available/sradutmp
+/etc/freeradius3/mods-enabled/sradutmp
+endef
+
 define Package/freeradius3-mod-realm
   $(call Package/freeradius3/Default)
   DEPENDS:=freeradius3
@@ -363,6 +376,16 @@ define Package/freeradius3-mod-realm/conffiles
 /etc/freeradius3/mods-enabled/realm
 endef
 
+define Package/freeradius3-mod-rest
+  $(call Package/freeradius3/Default)
+  DEPENDS:=freeradius3 +libcurl +libjson-c
+  TITLE:=Radius REST module
+endef
+
+define Package/freeradius3-mod-rest/conffiles
+/etc/freeradius3/mods-available/rest
+endef
+
 define Package/freeradius3-mod-sql
   $(call Package/freeradius3/Default)
   DEPENDS:=freeradius3
@@ -433,19 +456,6 @@ define Package/freeradius3-mod-sqlippool/conffiles
 /etc/freeradius3/mods-available/sqlippool
 endef
 
-define Package/freeradius3-mod-radutmp
-  $(call Package/freeradius3/Default)
-  DEPENDS:=freeradius3
-  TITLE:=Radius UTMP module
-endef
-
-define Package/freeradius3-mod-radutmp/conffiles
-/etc/freeradius3/mods-available/radutmp
-/etc/freeradius3/mods-enabled/radutmp
-/etc/freeradius3/mods-available/sradutmp
-/etc/freeradius3/mods-enabled/sradutmp
-endef
-
 define Package/freeradius3-mod-unix
   $(call Package/freeradius3/Default)
   DEPENDS:=freeradius3
@@ -457,16 +467,6 @@ define Package/freeradius3-mod-unix/conffiles
 /etc/freeradius3/mods-enabled/unix
 endef
 
-define Package/freeradius3-mod-rest
-  $(call Package/freeradius3/Default)
-  DEPENDS:=freeradius3 +libcurl +libjson-c
-  TITLE:=Radius REST module
-endef
-
-define Package/freeradius3-mod-rest/conffiles
-/etc/freeradius3/mods-available/rest
-endef
-
 define Package/freeradius3-utils
   $(call Package/freeradius3/Default)
   DEPENDS:=+freeradius3-common
@@ -547,6 +547,16 @@ else
   CONFIGURE_ARGS+= --without-rlm_eap_peap
 endif
 
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-eap-pwd),)
+  CONFIGURE_ARGS+= \
+		--with-rlm_eap_pwd \
+		--with-rlm_eap_pwd-include-dir="$(STAGING_DIR)/usr/include" \
+		--with-rlm_eap_pwd-lib-dir="$(STAGING_DIR)/usr/lib"
+  CONFIGURE_LIBS+= -lcrypto -lssl
+else
+  CONFIGURE_ARGS+= --without-rlm_eap_pwd
+endif
+
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-eap-tls),)
   CONFIGURE_ARGS+= \
 		--with-rlm_eap_tls \
@@ -567,29 +577,35 @@ else
   CONFIGURE_ARGS+= --without-rlm_eap_ttls
 endif
 
-ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-eap-pwd),)
-  CONFIGURE_ARGS+= \
-		--with-rlm_eap_pwd \
-		--with-rlm_eap_pwd-include-dir="$(STAGING_DIR)/usr/include" \
-		--with-rlm_eap_pwd-lib-dir="$(STAGING_DIR)/usr/lib"
-  CONFIGURE_LIBS+= -lcrypto -lssl
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-ldap),)
+  CONFIGURE_ARGS+= --with-rlm_ldap \
+		--with-rlm_ldap-include-dir="$(STAGING_DIR)/usr/include" \
+		--with-rlm_ldap-lib-dir="$(STAGING_DIR)/usr/lib"
 else
-  CONFIGURE_ARGS+= --without-rlm_eap_pwd
+  CONFIGURE_ARGS+= --without-rlm_ldap
 endif
 
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-python3),)
   CFLAGS+= -fPIC
   CONFIGURE_ARGS+= \
 		--with-modules="rlm_python3" \
-		--with-rlm-python3-include-dir="$(PYTHON3_INC_DIR)" \
-		--with-rlm-python3-lib-dir="$(PYTHON3_LIB_DIR)"
-  CONFIGURE_VARS+= \
-		OPENWRTTARGET_PY3_PREFIX="$(PYTHON3_DIR)" \
-		OPENWRTTARGET_PY3_SYS_VERSION="$(PYTHON3_VERSION)"
+		--with-rlm-python3-config-bin="$(STAGING_DIR)/host/bin/python$(PYTHON3_VERSION)-config"
 else
   CONFIGURE_ARGS+= --without-rlm_python3
 endif
 
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-radutmp),)
+  CONFIGURE_ARGS+= --with-rlm_radutmp
+else
+  CONFIGURE_ARGS+= --without-rlm_radutmp
+endif
+
+ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-rest),)
+  CONFIGURE_ARGS+= --with-rlm_rest
+else
+  CONFIGURE_ARGS+= --without-rlm_rest
+endif
+
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-sql),)
   CONFIGURE_ARGS+= --with-rlm_sql
 else
@@ -628,33 +644,12 @@ else
   CONFIGURE_ARGS+= --without-rlm_sqlippool
 endif
 
-ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-radutmp),)
-  CONFIGURE_ARGS+= --with-rlm_radutmp
-else
-  CONFIGURE_ARGS+= --without-rlm_radutmp
-endif
-
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-unix),)
   CONFIGURE_ARGS+= --with-rlm_unix
 else
   CONFIGURE_ARGS+= --without-rlm_unix
 endif
 
-ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-rest),)
-  CONFIGURE_ARGS+= --with-rlm_rest
-else
-  CONFIGURE_ARGS+= --without-rlm_rest
-endif
-
-
-ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-ldap),)
-  CONFIGURE_ARGS+= --with-rlm_ldap \
-		--with-rlm_ldap-include-dir="$(STAGING_DIR)/usr/include" \
-		--with-rlm_ldap-lib-dir="$(STAGING_DIR)/usr/lib"
-else
-  CONFIGURE_ARGS+= --without-rlm_ldap
-endif
-
 ifeq ($(CONFIG_USE_GLIBC),y)
   TARGET_CFLAGS+= -DLIBBSD_OVERLAY -I$(STAGING_DIR)/usr/include/bsd \
 	-D_RPC_NETDB_H
@@ -764,15 +759,15 @@ $(eval $(call BuildPlugin,freeradius3-mod-attr-filter,rlm_attr_filter,))
 $(eval $(call BuildPlugin,freeradius3-mod-chap,rlm_chap,))
 $(eval $(call BuildPlugin,freeradius3-mod-detail,rlm_detail,))
 $(eval $(call BuildPlugin,freeradius3-mod-digest,rlm_digest,))
+$(eval $(call BuildPlugin,freeradius3-mod-eap,rlm_eap,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-gtc,rlm_eap_gtc,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-leap,rlm_eap_leap,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-md5,rlm_eap_md5,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-mschapv2,rlm_eap_mschapv2,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-peap,rlm_eap_peap,))
-$(eval $(call BuildPlugin,freeradius3-mod-eap,rlm_eap,))
+$(eval $(call BuildPlugin,freeradius3-mod-eap-pwd,rlm_eap_pwd,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-tls,rlm_eap_tls,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-ttls,rlm_eap_ttls,))
-$(eval $(call BuildPlugin,freeradius3-mod-eap-pwd,rlm_eap_pwd,))
 $(eval $(call BuildPlugin,freeradius3-mod-exec,rlm_exec,))
 $(eval $(call BuildPlugin,freeradius3-mod-expiration,rlm_expiration,))
 $(eval $(call BuildPlugin,freeradius3-mod-expr,rlm_expr,))
@@ -786,6 +781,7 @@ $(eval $(call BuildPlugin,freeradius3-mod-preprocess,rlm_preprocess,))
 $(eval $(call BuildPlugin,freeradius3-mod-python3,rlm_python3,))
 $(eval $(call BuildPlugin,freeradius3-mod-radutmp,rlm_radutmp,))
 $(eval $(call BuildPlugin,freeradius3-mod-realm,rlm_realm,))
+$(eval $(call BuildPlugin,freeradius3-mod-rest,rlm_rest,))
 $(eval $(call BuildPlugin,freeradius3-mod-sql,rlm_sql,))
 $(eval $(call BuildPlugin,freeradius3-mod-sql-mysql,rlm_sql_mysql,))
 $(eval $(call BuildPlugin,freeradius3-mod-sql-null,rlm_sql_null,))
@@ -794,5 +790,4 @@ $(eval $(call BuildPlugin,freeradius3-mod-sql-sqlite,rlm_sql_sqlite,))
 $(eval $(call BuildPlugin,freeradius3-mod-sqlcounter,rlm_sqlcounter,))
 $(eval $(call BuildPlugin,freeradius3-mod-sqlippool,rlm_sqlippool,))
 $(eval $(call BuildPlugin,freeradius3-mod-unix,rlm_unix,))
-$(eval $(call BuildPlugin,freeradius3-mod-rest,rlm_rest,))
 $(eval $(call BuildPackage,freeradius3-utils))

net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch

@@ -3,7 +3,7 @@ Description: disable session caching in the server (as opposed to in the
  https://security-tracker.debian.org/tracker/CVE-2017-9148
 Author: Michael Stapelberg <stapelberg@debian.org>
 Forwarded: not-needed
-Last-Update: 2020-01-24
+Last-Update: 2020-04-28
 
 ---
 
@@ -18,7 +18,7 @@ Last-Update: 2020-01-24
  
  	return state;
  }
-@@ -3292,7 +3292,7 @@ post_ca:
+@@ -3332,7 +3332,7 @@ post_ca:
  	/*
  	 *	Callbacks, etc. for session resumption.
  	 */
@@ -27,7 +27,7 @@ Last-Update: 2020-01-24
  		/*
  		 *	Cache sessions on disk if requested.
  		 */
-@@ -3362,7 +3362,7 @@ post_ca:
+@@ -3402,7 +3402,7 @@ post_ca:
  	/*
  	 *	Setup session caching
  	 */
@@ -36,7 +36,7 @@ Last-Update: 2020-01-24
  		/*
  		 *	Create a unique context Id per EAP-TLS configuration.
  		 */
-@@ -3531,7 +3531,7 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs)
+@@ -3571,7 +3571,7 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs)
  		goto error;
  	}
  

net/freeradius3/patches/004-fix-target-python-header-detection.patch

@@ -1,40 +0,0 @@
---- a/src/modules/rlm_python3/configure
-+++ b/src/modules/rlm_python3/configure
-@@ -2928,15 +2928,15 @@ fi
- 
- 
- 	if test x$fail = x; then
--		PY_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.prefix)'`
-+		PY_PREFIX="$OPENWRTTARGET_PY3_PREFIX"
- 		{ $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.prefix \"${PY_PREFIX}\"" >&5
- $as_echo "$as_me: Python sys.prefix \"${PY_PREFIX}\"" >&6;}
- 
--		PY_EXEC_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.exec_prefix)'`
-+		PY_EXEC_PREFIX="$OPENWRTTARGET_PY3_PREFIX"
- 		{ $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"" >&5
- $as_echo "$as_me: Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"" >&6;}
- 
--		PY_SYS_VERSION=`${PYTHON3_BIN} -c 'import sys ; print(sys.version[0:3])'`
-+		PY_SYS_VERSION="$OPENWRTTARGET_PY3_SYS_VERSION"
- 		{ $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.version \"${PY_SYS_VERSION}\"" >&5
- $as_echo "$as_me: Python sys.version \"${PY_SYS_VERSION}\"" >&6;}
- 
---- a/src/modules/rlm_python3/configure.ac
-+++ b/src/modules/rlm_python3/configure.ac
-@@ -65,13 +65,13 @@ if test x$with_[]modname != xno; then
- 	)
- 
- 	if test x$fail = x; then
--		PY_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.prefix)'`
-+		PY_PREFIX="$OPENWRTTARGET_PY3_PREFIX"
- 		AC_MSG_NOTICE([Python sys.prefix \"${PY_PREFIX}\"])
- 
--		PY_EXEC_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.exec_prefix)'`
-+		PY_EXEC_PREFIX="$OPENWRTTARGET_PY3_PREFIX"
- 		AC_MSG_NOTICE([Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"])
- 
--		PY_SYS_VERSION=`${PYTHON3_BIN} -c 'import sys ; print(sys.version[[0:3]])'`
-+		PY_SYS_VERSION="$OPENWRTTARGET_PY3_SYS_VERSION"
- 		AC_MSG_NOTICE([Python sys.version \"${PY_SYS_VERSION}\"])
- 
- 		if test "x$PY_LIB_DIR" = "x"; then