See security bugs #553308 and #560994.
Also fixing version bump request #551246, init script bug #551246 and
missing dependency on sys-libs/talloc (#543302).
Package-Manager: portage-2.2.28
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
DIST freeradius-2.2.0-patches-4.tar.xz 3140 SHA256 9fd7b6f7e1501d63a073e6279b20eb6d8154e7898d81c85a5c548543ab33c1af SHA512 38ebd65d9ad8ce8f513f2f5c7fd9ff43b81cf468038a49f9eb7f4a54d13783e88866c3031e7abc0fc8b65d2aec4f347efa358b9e7e2aadb2d15567ce7e125d1d WHIRLPOOL a532444f6bfebe260a6b4bf43157fa1624ce9920a86635172ac94e0f757263904bac6ca6a472e12df73e32a8d25d6f7b094272bd743d13c566f23bfcbff6df27
DIST freeradius-server-2.2.5.tar.gz 4415950 SHA256 8c4c2a0b600a8d85d2235589a5e80d4fefd1f52317e9daf8193731566fa9d012 SHA512 511599b4f4f5906441d0cda61946341f2226b9aae69b6f68b03a19898b6385499a8221933c191232d50f736cab93f0f6f271e4defe4552e7738cb21e2415f053 WHIRLPOOL 629ac42749b736a7cd606c97fb149ea6f3b11d0e77bc5fc69785e4c7956f073131eb16420f276de5664e977a37a6784d0bbff08a15c1c23389f5369320a4cb12
+DIST freeradius-server-2.2.9.tar.gz 4424239 SHA256 e1b8fcdb7467719ecd760678b628a733b3d14e998dc240d8563c5093f98aacd3 SHA512 a631f68165fe96d030c7d15ebc72ed3885badf089ad155204a773686747f17f355181f087e389c76b96525affcd54f4c16e4a7788375968eef0899c6a416a27e WHIRLPOOL 14382f14a7fe0943733e445b8ea334745d5c01596bf2530ff0c8dd53c3cc3836f8895b95c1128dcc71db5b95361e9a5829a6abb136422cb819e98656ca8a2ca9
+DIST freeradius-server-3.0.11.tar.gz 4808234 SHA256 b97b72915315f2dcd34001af2c1737947f91ad9104a40408b92b030356e25d59 SHA512 451ba4052db68f9855aff96e12df282b31a98973361001f393dac23cb030274d9d9fb9ae85f7feef077e69d7d57152e427fb861892c8fd700b3e17e3389fea64 WHIRLPOOL 06a9e949b69d4244e1d02471e969032aa3ac5781d682c1b7bb87f7c87646fe7a217b6f477391e855e51bfb28214ded836a08acc3eb3e34f6626b1f9dc59d2f2e
DIST freeradius-server-3.0.3.tar.gz 4387083 SHA256 57e9932e5401670d0f0000080b942aee2cd6ca80422f76acd21f13a4be46335e SHA512 a4fbb0a19f5946182c0cac6d62270db378674e48350c7c3b8f7d8a2a1b16c95c9b205af8d7ed22009b6392d4ab7cb251694d2593a39d9e4efc8eec9ff736bd01 WHIRLPOOL 2f263e096e3ace00feb39f68662d5f3346ce35dfd7a451b23ebfffd5abef4a881ca2e7115eb274a8c10fef965c4e82a3d3144595c226307995703875d7133ef5
--- /dev/null
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+PYTHON_COMPAT=( python2_7 )
+inherit autotools eutils pam python-any-r1 user
+
+PATCHSET=4
+
+MY_P="${PN}-server-${PV}"
+
+DESCRIPTION="Highly configurable free RADIUS server"
+SRC_URI="
+ ftp://ftp.freeradius.org/pub/radius/${MY_P}.tar.gz
+ ftp://ftp.freeradius.org/pub/radius/old/${MY_P}.tar.gz
+ https://dev.gentoo.org/~flameeyes/${PN}/${PN}-2.2.0-patches-${PATCHSET}.tar.xz
+
+"
+HOMEPAGE="http://www.freeradius.org/"
+
+KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+LICENSE="GPL-2"
+SLOT="0"
+
+IUSE="
+ debug firebird iodbc kerberos ldap mysql odbc oracle pam pcap
+ postgres python readline sqlite ssl
+"
+RESTRICT="firebird? ( bindist )"
+
+RDEPEND="!net-dialup/cistronradius
+ !net-dialup/gnuradius
+ sys-devel/libtool
+ dev-lang/perl
+ sys-libs/gdbm
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:0= )
+ pcap? ( net-libs/libpcap )
+ mysql? ( virtual/mysql )
+ postgres? ( dev-db/postgresql:= )
+ firebird? ( dev-db/firebird )
+ pam? ( virtual/pam )
+ ssl? ( dev-libs/openssl:0= )
+ ldap? ( net-nds/openldap )
+ kerberos? ( virtual/krb5 )
+ sqlite? ( dev-db/sqlite:3 )
+ odbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc )
+ oracle? ( dev-db/oracle-instantclient-basic )"
+DEPEND="${RDEPEND}"
+
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+ enewgroup radius
+ enewuser radius -1 -1 /var/log/radius radius
+
+ python-any-r1_pkg_setup
+ export PYTHONBIN="${EPYTHON}"
+}
+
+src_prepare() {
+ eapply \
+ "${WORKDIR}"/patches/0002*patch \
+ "${WORKDIR}"/patches/0004*patch \
+ "${FILESDIR}"/${PN}-2.2.5-gentoo.patch
+
+ # most of the configuration options do not appear as ./configure
+ # switches. Instead it identifies the directories that are available
+ # and run through them. These might check for the presence of
+ # various libraries, in which case they are not built. To avoid
+ # automagic dependencies, we just remove all the modules that we're
+ # not interested in using.
+
+ use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
+ use ldap || { rm -r src/modules/rlm_ldap || die ; }
+ use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
+ use pam || { rm -r src/modules/rlm_pam || die ; }
+ use python || { rm -r src/modules/rlm_python || die ; }
+ # Do not install ruby rlm module, bug #483108
+ rm -r src/modules/rlm_ruby || die
+
+ # these are all things we don't have in portage/I don't want to deal
+ # with myself
+ rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die # requires TNCS library
+ rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die # requires libeap-ikev2
+ rm -r src/modules/rlm_opendirectory || die # requires some membership.h
+ rm -r src/modules/rlm_redis{,who} || die # requires redis
+ rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds,sybase} || die
+
+ # sql drivers that are not part of experimental are loaded from a
+ # file, so we have to remove them from the file itself when we
+ # remove them.
+ usesqldriver() {
+ local flag=$1
+ local driver=rlm_sql_${2:-${flag}}
+
+ if ! use ${flag}; then
+ rm -r src/modules/rlm_sql/drivers/${driver} || die
+ sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
+ fi
+ }
+
+ usesqldriver mysql
+ usesqldriver postgres postgresql
+ usesqldriver firebird
+ usesqldriver iodbc
+ usesqldriver odbc unixodbc
+ usesqldriver oracle
+ usesqldriver sqlite
+
+ # remove bundled ltdl to avoid conflicts
+ rm -r libltdl
+
+ default
+
+ eautoreconf
+}
+
+src_configure() {
+ # fix bug #77613
+ if has_version app-crypt/heimdal; then
+ myconf+=( --enable-heimdal-krb5 )
+ fi
+
+ use readline || export ac_cv_lib_readline=no
+ use pcap || export ac_cv_lib_pcap_pcap_open_live=no
+
+ # do not try to enable static with static-libs; upstream is a
+ # massacre of libtool best practices so you also have to make sure
+ # to --enable-shared explicitly.
+ econf \
+ --enable-shared --disable-static \
+ --disable-ltdl-install \
+ --with-system-libtool \
+ --with-system-libltdl \
+ --with-ascend-binary \
+ --with-udpfromto \
+ --with-dhcp \
+ --with-iodbc-include-dir=/usr/include/iodbc \
+ --with-experimental-modules \
+ --with-docdir=/usr/share/doc/${PF} \
+ --with-logdir=/var/log/radius \
+ $(use_enable debug developer) \
+ $(use_with ldap edir) \
+ $(use_with ssl openssl) \
+ ${myconf[@]}
+}
+
+src_compile() {
+ emake LIBTOOL=libtool
+}
+
+src_install() {
+ dodir /etc
+ diropts -m0750 -o root -g radius
+ dodir /etc/raddb
+ diropts -m0750 -o radius -g radius
+ dodir /var/log/radius
+ keepdir /var/log/radius/radacct
+ diropts
+
+ emake LIBTOOL=libtool R="${D}" install
+
+ fowners -R root:radius /etc/raddb
+
+ # Fixing pidfile location (#546482)
+ sed \
+ '/^run_dir =/s@${localstatedir}@@' \
+ -i "${D}"/etc/raddb/radiusd.conf || die
+
+ pamd_mimic_system radiusd auth account password session
+
+ dodoc CREDITS
+
+ rm "${D}/usr/sbin/rc.radiusd" || die
+
+ newinitd "${FILESDIR}/radius.init-r3" radiusd
+ newconfd "${FILESDIR}/radius.conf-r3" radiusd
+}
+
+pkg_config() {
+ if use ssl; then
+ cd "${ROOT}"/etc/raddb/certs
+ ./bootstrap
+ fi
+}
+
+pkg_preinst() {
+ if ! has_version ${CATEGORY}/${PN} && use ssl; then
+ elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
+ elog "to start the radiusd service."
+ fi
+}
--- /dev/null
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+PYTHON_COMPAT=( python2_7 )
+inherit autotools eutils pam python-any-r1 user
+
+#PATCHSET=4
+
+MY_P="${PN}-server-${PV}"
+
+DESCRIPTION="Highly configurable free RADIUS server"
+SRC_URI="
+ ftp://ftp.freeradius.org/pub/radius/${MY_P}.tar.gz
+ ftp://ftp.freeradius.org/pub/radius/old/${MY_P}.tar.gz
+"
+HOMEPAGE="http://www.freeradius.org/"
+
+KEYWORDS=""
+LICENSE="GPL-2"
+SLOT="0"
+
+IUSE="
+ debug firebird iodbc kerberos ldap mysql odbc oracle pam pcap
+ postgres python readline sqlite ssl
+"
+RESTRICT="test firebird? ( bindist )"
+
+RDEPEND="!net-dialup/cistronradius
+ !net-dialup/gnuradius
+ sys-devel/libtool
+ dev-lang/perl
+ sys-libs/gdbm
+ sys-libs/talloc
+ python? ( ${PYTHON_DEPS} )
+ readline? ( sys-libs/readline:0= )
+ pcap? ( net-libs/libpcap )
+ mysql? ( virtual/mysql )
+ postgres? ( dev-db/postgresql:= )
+ firebird? ( dev-db/firebird )
+ pam? ( virtual/pam )
+ ssl? ( dev-libs/openssl:0= )
+ ldap? ( net-nds/openldap )
+ kerberos? ( virtual/krb5 )
+ sqlite? ( dev-db/sqlite:3 )
+ odbc? ( dev-db/unixODBC )
+ iodbc? ( dev-db/libiodbc )
+ oracle? ( dev-db/oracle-instantclient-basic )"
+DEPEND="${RDEPEND}"
+
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+ enewgroup radius
+ enewuser radius -1 -1 /var/log/radius radius
+
+ python-any-r1_pkg_setup
+ export PYTHONBIN="${EPYTHON}"
+}
+
+src_prepare() {
+ # most of the configuration options do not appear as ./configure
+ # switches. Instead it identifies the directories that are available
+ # and run through them. These might check for the presence of
+ # various libraries, in which case they are not built. To avoid
+ # automagic dependencies, we just remove all the modules that we're
+ # not interested in using.
+
+ use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
+ use ldap || { rm -r src/modules/rlm_ldap || die ; }
+ use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
+ use pam || { rm -r src/modules/rlm_pam || die ; }
+ use python || { rm -r src/modules/rlm_python || die ; }
+ # Do not install ruby rlm module, bug #483108
+ rm -r src/modules/rlm_ruby || die
+
+ # these are all things we don't have in portage/I don't want to deal
+ # with myself
+ rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die # requires TNCS library
+ rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die # requires libeap-ikev2
+ rm -r src/modules/rlm_opendirectory || die # requires some membership.h
+ rm -r src/modules/rlm_redis{,who} || die # requires redis
+ rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die
+
+ # sql drivers that are not part of experimental are loaded from a
+ # file, so we have to remove them from the file itself when we
+ # remove them.
+ usesqldriver() {
+ local flag=$1
+ local driver=rlm_sql_${2:-${flag}}
+
+ if ! use ${flag}; then
+ rm -r src/modules/rlm_sql/drivers/${driver} || die
+ sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
+ fi
+ }
+
+ sed -i \
+ -e 's:/var/run/radiusd:/run/radiusd:g' \
+ -e '/^run_dir/s:${localstatedir}::g' \
+ raddb/radiusd.conf.in || die
+
+ # verbosity
+ # build shared libraries using jlibtool --shared
+ sed -i \
+ -e '/$(LIBTOOL)/s|--quiet ||g' \
+ -e 's:--mode=\(compile\|link\):& --shared:g' \
+ Make.inc.in || die
+
+ sed -i \
+ -e 's|--silent ||g' \
+ -e 's:--mode=\(compile\|link\):& --shared:g' \
+ scripts/libtool.mk || die
+
+ # crude measure to stop jlibtool from running ranlib and ar
+ sed -i \
+ -e '/LIBRARIAN/s|".*"|"true"|g' \
+ -e '/RANLIB/s|".*"|"true"|g' \
+ scripts/jlibtool.c || die
+
+ usesqldriver mysql
+ usesqldriver postgres postgresql
+ usesqldriver firebird
+ usesqldriver iodbc
+ usesqldriver odbc unixodbc
+ usesqldriver oracle
+ usesqldriver sqlite
+
+ default
+
+ eautoreconf
+}
+
+src_configure() {
+ # fix bug #77613
+ if has_version app-crypt/heimdal; then
+ myconf+=( --enable-heimdal-krb5 )
+ fi
+
+ use readline || export ac_cv_lib_readline=no
+ use pcap || export ac_cv_lib_pcap_pcap_open_live=no
+
+ # do not try to enable static with static-libs; upstream is a
+ # massacre of libtool best practices so you also have to make sure
+ # to --enable-shared explicitly.
+ econf \
+ --enable-shared \
+ --disable-static \
+ --disable-ltdl-install \
+ --with-system-libtool \
+ --with-system-libltdl \
+ --with-ascend-binary \
+ --with-udpfromto \
+ --with-dhcp \
+ --with-iodbc-include-dir=/usr/include/iodbc \
+ --with-experimental-modules \
+ --with-docdir=/usr/share/doc/${PF} \
+ --with-logdir=/var/log/radius \
+ $(use_enable debug developer) \
+ $(use_with ldap edir) \
+ $(use_with ssl openssl) \
+ ${myconf[@]}
+}
+
+src_compile() {
+ # verbose, do not generate certificates
+ emake \
+ Q='' ECHO=true \
+ LOCAL_CERT_PRODUCTS=''
+}
+
+src_install() {
+ dodir /etc
+ diropts -m0750 -o root -g radius
+ dodir /etc/raddb
+ diropts -m0750 -o radius -g radius
+ dodir /var/log/radius
+ keepdir /var/log/radius/radacct
+ diropts
+
+ # verbose, do not install certificates
+ emake -j1 \
+ Q='' ECHO=true \
+ LOCAL_CERT_PRODUCTS='' \
+ R="${D}" \
+ install
+
+ fowners -R root:radius /etc/raddb
+
+ pamd_mimic_system radiusd auth account password session
+
+ dodoc CREDITS
+
+ rm "${D}/usr/sbin/rc.radiusd" || die
+
+ newinitd "${FILESDIR}/radius.init-r3" radiusd
+ newconfd "${FILESDIR}/radius.conf-r3" radiusd
+
+ prune_libtool_files
+}
+
+pkg_config() {
+ if use ssl; then
+ cd "${ROOT}"/etc/raddb/certs
+ ./bootstrap
+ fi
+}
+
+pkg_preinst() {
+ if ! has_version ${CATEGORY}/${PN} && use ssl; then
+ elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
+ elog "to start the radiusd service."
+ fi
+}
projects / gentoo.git / commitdiff