To use eap tls, 'tmpdir' must be created before server starts.
This 'tmpdir' is used to store and verify client certificate,
and therefore radiusd do 'chmod go-rwx'.
If 'tmpdir' does NOT exists, server failed to start and default
'tmpdir' is '/tmp/radiusd'. So init script MUST create default
'tmpdir' like other directories.
Signed-off-by: Eiji MATSUMOTO <toudaiman@gmail.com>
This removes Python-related build variants, and adds
PYTHON3_PKG_BUILD:=0 and minor build adjustments (where appropriate),
for non-Python packages. There should be no changes to build output.
This also updates some include paths for python3-package.mk and/or
python3-host.mk to be relative to the package Makefile.
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
It was provided by both the freeradius3 and freeradius3-mod-realm packages.
Now provided by the freeradius3 package only.
Signed-off-by: Robby K <robbyke@gmail.com>
Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185).
Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius:
bf1a1eda23a3c46544b3
Signed-off-by: Robby K <robbyke@gmail.com>
This applies a patch from upstream that avoids a call to ENGINE_cleanup
when the openssl library was built without engine support.
A workaround for a missing header check was used to silence a warning
about the implicit definition of RAND_load_file. A proper fix has been
merged upstream as well.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
- Moves /etc/freeradius3/sites-{enabled,available}/inner-tunnel to be part of
the freeradius3-mod-eap package. This prevents conflicts between
freeradius3-mod-eap-peap and freeradius3-mod-eap-ttls which both included the
file before. This fixes LEDE bug FS#678.
- Change the demo cert validity to be 1 year instead of 60 days. Should keep the
cert valid for the duration of the LEDE release cycle (with some slack). This
fixes#4239.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
The lack of LDAP support was one of the things which prevented users
from migrating from freeradius2 to freeradius3.
Enable LDAP in freeradius3 so we can finally burry freeradius2.
Reported-by: Martin Mueller <mm@sig21.net>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
freeradius-server version 2.x has been marked End-Of-Life.
This commit adds freeradius-server version 3.0.11 in a new package.
This commit also introduces the option "freeradius3-default"
which activate all modules needed to run radiusd with its default
configuration.
- rlm_digest (HTTP Digest Authentication) has been added
- rlm_unix (System Authentication) has been added
- rlm_attr_rewrite has been deleted
Note that SQL and LDAP support has been disabled.
Signed-off-by: Lucile Quirion <lucile.quirion@savoirfairelinux.com>