From dc40c1af74c78346eaf6cc9ed7ed550fb53bca0062f834cb656c0381c1bde1ec Mon Sep 17 00:00:00 2001 From: Adam Majer Date: Tue, 24 Mar 2020 14:20:37 +0000 Subject: [PATCH] - update to 3.0.20 Feature Improvements * Added Force10 dictionary. * Update dictionary.hp with new attributes. #2690. * Update dictionary.aruba with new attributes. #2696. * Fix side-channel leak in EAP-PWD (bsc#1166858, CVE-2019-20510) * Relax OpenSSL version checks, now that their API is both public, and stable. * Note that tls_min_version/tls_max_version also support "1.3" Since there is no standard yet for EAP with TLS 1.3, it will not work. * Added tripplite dictionary from #2760. * Switch to the async interface for rlm_sql_postgresql so that we can enforce query_timeout. * Added new LDAP option 'allow_dangling_group_ref'. * Updated documentation and functionality for EAP session caching See "cache" section of mods-available/eap. * Tighten systemd unit file security. Fixes #2637. * Disable TLS 1.0 and TLS 1.1 support in the default configuration We STRONGLY recommend doing this for all installations. * Add expansions for *outgoing* Radsec connections "%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and TLS-Cert-* attributes. Fixes #2839. * Add %{listen:tls} which returns "yes" or "no" for TLS or non-TLS connections. * Update dictionary.lancom with new attributes. #2847. * Added rlm_sql_mongo. See raddb/mods-available/sql. Note that this module is experimental. * Added more documentation in sites-available/robust-proxy-accounting. * sqlippool now re-allocates unexpired leases, to prevent IP pool exhaustion when clients perform multiple reauthentication attempts * Add support to radmin keep the history in ~/.radmin_history. OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=133 --- freeradius-python3_patches.patch | 1720 ++++++++++++++++++++++++ freeradius-server-3.0.19.tar.bz2 | 3 - freeradius-server-3.0.19.tar.bz2.sig | Bin 591 -> 0 bytes freeradius-server-3.0.20.tar.bz2 | 3 + freeradius-server-3.0.20.tar.bz2.sig | Bin 0 -> 591 bytes freeradius-server-enable-python3.patch | 32 + freeradius-server-opensslversion.patch | 46 +- freeradius-server.changes | 90 ++ freeradius-server.spec | 108 +- 9 files changed, 1926 insertions(+), 76 deletions(-) create mode 100644 freeradius-python3_patches.patch delete mode 100644 freeradius-server-3.0.19.tar.bz2 delete mode 100644 freeradius-server-3.0.19.tar.bz2.sig create mode 100644 freeradius-server-3.0.20.tar.bz2 create mode 100644 freeradius-server-3.0.20.tar.bz2.sig create mode 100644 freeradius-server-enable-python3.patch diff --git a/freeradius-python3_patches.patch b/freeradius-python3_patches.patch new file mode 100644 index 0000000..9b2b182 --- /dev/null +++ b/freeradius-python3_patches.patch @@ -0,0 +1,1720 @@ +commit 9b949a0d8ae5b93743d406fd4b677cd99c8fbf80 +Author: Jorge Pereira +Date: Sun Feb 9 22:02:26 2020 -0300 + + Fix libpython3 cross platform load (#3284) + +commit a63b5a629137263996e1b97e9e299b5d1f7ec824 +Author: Jorge Pereira +Date: Thu Jan 16 20:57:32 2020 -0300 + + Just call Py_DECREF() (#3199) + +commit e5eb31ffde1b7543b4024bc32c1ec4f8978f1d24 +Author: Matthew Newton +Date: Mon Dec 16 11:50:10 2019 +0000 + + don't try and build rlm_python3 if we can't configure it + +commit 66e1e3bac4cd484dc7147fe3e101ee0d03c553ff +Author: Jorge Pereira +Date: Tue Dec 10 21:21:24 2019 -0300 + + Clean up (#3197) + +commit c6732a76d6f58880305208fca367cc0073da2216 +Author: Jorge Pereira +Date: Tue Dec 10 21:13:45 2019 -0300 + + Add missing 'ifdef WITH_PROXY' checks (#3198) + +commit 4a8abc24849a566bbaa2190f4c09edad75dc215a +Author: Jorge Pereira +Date: Tue Dec 10 21:11:16 2019 -0300 + + Fix Py_SetProgramName() use (#3196) + + As the documentation says, the use of Py_SetProgramName() with wchar_t* + should be only from Python >= 3.5.x + + References: + + Python <= 3.4.x https://docs.python.org/3.4/extending/embedding.html#very-high-level-embedding + Python >= 3.5.x https://docs.python.org/3.5/extending/embedding.html#very-high-level-embedding + +commit 63b978890b722be78e3fe4b1916d40e6f7bb8e3c +Author: Jorge Pereira +Date: Tue Dec 10 16:48:07 2019 -0300 + + Fix missing destroy for some statements + +commit 40725423d7932c50e9481a025831270e3876d898 +Author: Jorge Pereira +Date: Tue Dec 10 16:40:13 2019 -0300 + + Don't call if 'instantiate' and 'detach' are not declared. + + It's related to the discussion in #3185. + +commit 56347699e3ec348de0a62cd6853d992d1e7d639a +Author: Jorge Pereira +Date: Mon Dec 9 16:33:52 2019 -0300 + + Remove unnecessary src/modules/rlm_python3/radiusd_test.py + +commit d6fd6267fe7aa98b8b802b9ab933f421bee68c6d +Author: Jorge Pereira +Date: Thu Dec 5 19:49:30 2019 -0300 + + Backport from rlm_python (#3184) changes to rlm_python3 + + Brief: + + We should append the 'python_path' to sys.path #3180 + + we should append 'python_path' paths in 'sys.path', due to PySys_SetPath() + reset the entire python path causing problems to use the existing libraries + +commit 307678b268cf8898a65632147ecc40d37ea3f9d3 +Author: Jorge Pereira +Date: Thu Dec 5 16:02:18 2019 -0300 + + Fix rlm_python3 build + + Just backporting from the master branch. +Index: freeradius-server-3.0.20/src/include/conf.h +=================================================================== +--- freeradius-server-3.0.20.orig/src/include/conf.h ++++ freeradius-server-3.0.20/src/include/conf.h +@@ -13,3 +13,12 @@ + #define SRADUTMP LOGDIR "/sradutmp" + #define RADWTMP LOGDIR "/radwtmp" + #define SRADWTMP LOGDIR "/sradwtmp" ++ ++#ifdef __APPLE__ ++# define LT_SHREXT ".dylib" ++#elif defined (WIN32) ++# define LT_SHREXT ".dll" ++#else ++# define LT_SHREXT ".so" ++#endif ++ +Index: freeradius-server-3.0.20/src/main/modules.c +=================================================================== +--- freeradius-server-3.0.20.orig/src/main/modules.c ++++ freeradius-server-3.0.20/src/main/modules.c +@@ -95,14 +95,6 @@ const section_type_value_t section_type_ + #define RTLD_LOCAL (0) + #endif + +-#ifdef __APPLE__ +-# define LT_SHREXT ".dylib" +-#elif defined (WIN32) +-# define LT_SHREXT ".dll" +-#else +-# define LT_SHREXT ".so" +-#endif +- + /** Check if the magic number in the module matches the one in the library + * + * This is used to detect potential ABI issues caused by running with modules which +Index: freeradius-server-3.0.20/src/modules/rlm_python3/configure +=================================================================== +--- freeradius-server-3.0.20.orig/src/modules/rlm_python3/configure ++++ freeradius-server-3.0.20/src/modules/rlm_python3/configure +@@ -588,7 +588,7 @@ LIBOBJS + targetname + mod_cflags + mod_ldflags +-PYTHON3_BIN ++PYTHON3_CONFIG_BIN + CPP + OBJEXT + EXEEXT +@@ -638,9 +638,7 @@ SHELL' + ac_subst_files='' + ac_user_opts=' + enable_option_checking +-with_rlm_python3_bin +-with_rlm_python3_lib_dir +-with_rlm_python3_include_dir ++with_rlm_python3_config_bin + ' + ac_precious_vars='build_alias + host_alias +@@ -1257,9 +1255,7 @@ if test -n "$ac_init_help"; then + Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) +- --with-rlm-python3-bin=PATH Path to python3 binary +- --with-rlm-python3-lib-dir=DIR Directory for Python library files +- --with-rlm-python3-include-dir=DIR Directory for Python include files ++ --with-rlm-python3-config-bin=PATH Path to python-config3 binary + + Some influential environment variables: + CC C compiler command +@@ -1425,119 +1421,6 @@ fi + as_fn_set_status $ac_retval + + } # ac_fn_c_try_cpp +- +-# ac_fn_c_try_link LINENO +-# ----------------------- +-# Try to link conftest.$ac_ext, and return whether this succeeded. +-ac_fn_c_try_link () +-{ +- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack +- rm -f conftest.$ac_objext conftest$ac_exeext +- if { { ac_try="$ac_link" +-case "(($ac_try" in +- *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; +- *) ac_try_echo=$ac_try;; +-esac +-eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +-$as_echo "$ac_try_echo"; } >&5 +- (eval "$ac_link") 2>conftest.err +- ac_status=$? +- if test -s conftest.err; then +- grep -v '^ *+' conftest.err >conftest.er1 +- cat conftest.er1 >&5 +- mv -f conftest.er1 conftest.err +- fi +- $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 +- test $ac_status = 0; } && { +- test -z "$ac_c_werror_flag" || +- test ! -s conftest.err +- } && test -s conftest$ac_exeext && { +- test "$cross_compiling" = yes || +- test -x conftest$ac_exeext +- }; then : +- ac_retval=0 +-else +- $as_echo "$as_me: failed program was:" >&5 +-sed 's/^/| /' conftest.$ac_ext >&5 +- +- ac_retval=1 +-fi +- # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information +- # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would +- # interfere with the next link command; also delete a directory that is +- # left behind by Apple's compiler. We do this before executing the actions. +- rm -rf conftest.dSYM conftest_ipa8_conftest.oo +- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno +- as_fn_set_status $ac_retval +- +-} # ac_fn_c_try_link +- +-# ac_fn_c_check_func LINENO FUNC VAR +-# ---------------------------------- +-# Tests whether FUNC exists, setting the cache variable VAR accordingly +-ac_fn_c_check_func () +-{ +- as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +-$as_echo_n "checking for $2... " >&6; } +-if eval \${$3+:} false; then : +- $as_echo_n "(cached) " >&6 +-else +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-/* Define $2 to an innocuous variant, in case declares $2. +- For example, HP-UX 11i declares gettimeofday. */ +-#define $2 innocuous_$2 +- +-/* System header to define __stub macros and hopefully few prototypes, +- which can conflict with char $2 (); below. +- Prefer to if __STDC__ is defined, since +- exists even on freestanding compilers. */ +- +-#ifdef __STDC__ +-# include +-#else +-# include +-#endif +- +-#undef $2 +- +-/* Override any GCC internal prototype to avoid an error. +- Use char because int might match the return type of a GCC +- builtin and then its argument prototype would still apply. */ +-#ifdef __cplusplus +-extern "C" +-#endif +-char $2 (); +-/* The GNU C library defines this for functions which it implements +- to always fail with ENOSYS. Some functions are actually named +- something starting with __ and the normal name is an alias. */ +-#if defined __stub_$2 || defined __stub___$2 +-choke me +-#endif +- +-int +-main () +-{ +-return $2 (); +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_link "$LINENO"; then : +- eval "$3=yes" +-else +- eval "$3=no" +-fi +-rm -f core conftest.err conftest.$ac_objext \ +- conftest$ac_exeext conftest.$ac_ext +-fi +-eval ac_res=\$$3 +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +-$as_echo "$ac_res" >&6; } +- eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno +- +-} # ac_fn_c_check_func + cat >config.log <<_ACEOF + This file contains any messages produced by compilers while + running configure, to aid debugging if configure makes a mistake. +@@ -2822,36 +2705,36 @@ ac_link='$CC -o conftest$ac_exeext $CFLA + ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +- PYTHON3_BIN= ++ PYTHON3_CONFIG_BIN= + +-# Check whether --with-rlm-python3-bin was given. +-if test "${with_rlm_python3_bin+set}" = set; then : +- withval=$with_rlm_python3_bin; case "$withval" in ++# Check whether --with-rlm-python3-config-bin was given. ++if test "${with_rlm_python3_config_bin+set}" = set; then : ++ withval=$with_rlm_python3_config_bin; case "$withval" in + no) +- as_fn_error $? "Need rlm-python3-bin" "$LINENO" 5 ++ as_fn_error $? "Need rlm-python3-config-bin" "$LINENO" 5 + ;; + yes) + ;; + *) +- PYTHON3_BIN="$withval" ++ PYTHON3_CONFIG_BIN="$withval" + ;; + esac + + fi + + +- if test "x$PYTHON3_BIN" = x; then +- for ac_prog in python3 ++ if test "x$PYTHON3_CONFIG_BIN" = x; then ++ for ac_prog in python3-config + do + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 + $as_echo_n "checking for $ac_word... " >&6; } +-if ${ac_cv_prog_PYTHON3_BIN+:} false; then : ++if ${ac_cv_prog_PYTHON3_CONFIG_BIN+:} false; then : + $as_echo_n "(cached) " >&6 + else +- if test -n "$PYTHON3_BIN"; then +- ac_cv_prog_PYTHON3_BIN="$PYTHON3_BIN" # Let the user override the test. ++ if test -n "$PYTHON3_CONFIG_BIN"; then ++ ac_cv_prog_PYTHON3_CONFIG_BIN="$PYTHON3_CONFIG_BIN" # Let the user override the test. + else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR + as_dummy="${PATH}:/usr/bin:/usr/local/bin" +@@ -2861,7 +2744,7 @@ do + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then +- ac_cv_prog_PYTHON3_BIN="$ac_prog" ++ ac_cv_prog_PYTHON3_CONFIG_BIN="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +@@ -2871,716 +2754,63 @@ IFS=$as_save_IFS + + fi + fi +-PYTHON3_BIN=$ac_cv_prog_PYTHON3_BIN +-if test -n "$PYTHON3_BIN"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON3_BIN" >&5 +-$as_echo "$PYTHON3_BIN" >&6; } ++PYTHON3_CONFIG_BIN=$ac_cv_prog_PYTHON3_CONFIG_BIN ++if test -n "$PYTHON3_CONFIG_BIN"; then ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON3_CONFIG_BIN" >&5 ++$as_echo "$PYTHON3_CONFIG_BIN" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + $as_echo "no" >&6; } + fi + + +- test -n "$PYTHON3_BIN" && break ++ test -n "$PYTHON3_CONFIG_BIN" && break + done +-test -n "$PYTHON3_BIN" || PYTHON3_BIN="not-found" +- +- fi ++test -n "$PYTHON3_CONFIG_BIN" || PYTHON3_CONFIG_BIN="not-found" + +- if test "x$PYTHON3_BIN" = "xnot-found"; then +- fail="python-binary" + fi + +- PY_LIB_DIR= +- +-# Check whether --with-rlm-python3-lib-dir was given. +-if test "${with_rlm_python3_lib_dir+set}" = set; then : +- withval=$with_rlm_python3_lib_dir; case "$withval" in +- no) +- as_fn_error $? "Need rlm-python3-lib-dir" "$LINENO" 5 +- ;; +- yes) +- ;; +- *) +- PY_LIB_DIR="$withval" +- ;; +- esac +- +-fi +- +- +- PY_INC_DIR= +- +-# Check whether --with-rlm-python3-include-dir was given. +-if test "${with_rlm_python3_include_dir+set}" = set; then : +- withval=$with_rlm_python3_include_dir; case "$withval" in +- no) +- as_fn_error $? "Need rlm-python3-include-dir" "$LINENO" 5 +- ;; +- yes) +- ;; +- *) +- PY_INC_DIR="$withval" +- ;; +- esac +- +-fi +- +- +- if test x$fail = x; then +- PY_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.prefix)'` +- { $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.prefix \"${PY_PREFIX}\"" >&5 +-$as_echo "$as_me: Python sys.prefix \"${PY_PREFIX}\"" >&6;} +- +- PY_EXEC_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.exec_prefix)'` +- { $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"" >&5 +-$as_echo "$as_me: Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"" >&6;} +- +- PY_SYS_VERSION=`${PYTHON3_BIN} -c 'import sys ; print(sys.version[0:3])'` +- { $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.version \"${PY_SYS_VERSION}\"" >&5 +-$as_echo "$as_me: Python sys.version \"${PY_SYS_VERSION}\"" >&6;} +- +- if test "x$PY_LIB_DIR" = "x"; then +- PY_LIB_DIR="$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config" +- PY_LIB_LOC="-L$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config" +- fi +- +- PY_MAKEFILE="$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config/Makefile" +- if test -f ${PY_MAKEFILE}; then +- PY_LOCAL_MOD_LIBS=`sed -n -e 's/^LOCALMODLIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[:blank:]]/ /g;s/^ *//;s/ *$//'` +- { $as_echo "$as_me:${as_lineno-$LINENO}: Python local_mod_libs \"${PY_LOCAL_MOD_LIBS}\"" >&5 +-$as_echo "$as_me: Python local_mod_libs \"${PY_LOCAL_MOD_LIBS}\"" >&6;} +- +- PY_BASE_MOD_LIBS=`sed -n -e 's/^BASEMODLIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[:blank:]]/ /g;s/^ *//;s/ *$//'` +- { $as_echo "$as_me:${as_lineno-$LINENO}: Python base_mod_libs \"${PY_BASE_MOD_LIBS}\"" >&5 +-$as_echo "$as_me: Python base_mod_libs \"${PY_BASE_MOD_LIBS}\"" >&6;} +- +- PY_OTHER_LIBS=`sed -n -e 's/^LIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[:blank:]]/ /g;s/ / /g;s/^ *//;s/ *$//'` +- PY_OTHER_LDFLAGS=`sed -n -e 's/^LINKFORSHARED=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[:blank:]]/ /g;s/ / /g;s/^ *//;s/ *$//'` +- { $as_echo "$as_me:${as_lineno-$LINENO}: Python other_libs \"${PY_OTHER_LDFLAGS} ${PY_OTHER_LIBS}\"" >&5 +-$as_echo "$as_me: Python other_libs \"${PY_OTHER_LDFLAGS} ${PY_OTHER_LIBS}\"" >&6;} +- fi +- PY_EXTRA_LIBS="$PY_LOCALMODLIBS $PY_BASE_MOD_LIBS $PY_OTHER_LIBS" +- +- old_CFLAGS=$CFLAGS +- CFLAGS="$CFLAGS $PY_CFLAGS" +- smart_try_dir="$PY_PREFIX/include/python$PY_SYS_VERSION" +- +- +- +-ac_safe=`echo "Python.h" | sed 'y%./+-%__pm%'` +-old_CPPFLAGS="$CPPFLAGS" +-smart_include= +-smart_include_dir="/usr/local/include /opt/include" +- +-_smart_try_dir= +-_smart_include_dir= +- +-for _prefix in $smart_prefix ""; do +- for _dir in $smart_try_dir; do +- _smart_try_dir="${_smart_try_dir} ${_dir}/${_prefix}" +- done +- +- for _dir in $smart_include_dir; do +- _smart_include_dir="${_smart_include_dir} ${_dir}/${_prefix}" +- done +-done +- +-if test "x$_smart_try_dir" != "x"; then +- for try in $_smart_try_dir; do +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python.h in $try" >&5 +-$as_echo_n "checking for Python.h in $try... " >&6; } +- CPPFLAGS="-isystem $try $old_CPPFLAGS" +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +- +- #include +-int +-main () +-{ +-int a = 1; +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : +- +- smart_include="-isystem $try" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- break +- +-else +- +- smart_include= +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- +-fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +- done +- CPPFLAGS="$old_CPPFLAGS" +-fi +- +-if test "x$smart_include" = "x"; then +- for _prefix in $smart_prefix; do +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${_prefix}/Python.h" >&5 +-$as_echo_n "checking for ${_prefix}/Python.h... " >&6; } +- +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +- +- #include +-int +-main () +-{ +-int a = 1; +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : +- +- smart_include="-isystem ${_prefix}/" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- break +- +-else +- +- smart_include= +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- +-fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +- done +-fi +- +-if test "x$smart_include" = "x"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python.h" >&5 +-$as_echo_n "checking for Python.h... " >&6; } +- +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +- +- #include +-int +-main () +-{ +-int a = 1; +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : +- +- smart_include=" " +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- break +- +-else +- +- smart_include= +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- +-fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +-fi +- +-if test "x$smart_include" = "x"; then +- +- for prefix in $smart_prefix; do +- +- +-if test "x$LOCATE" != "x"; then +- DIRS= +- file="${_prefix}/${1}" +- +- for x in `${LOCATE} $file 2>/dev/null`; do +- base=`echo $x | sed "s%/${file}%%"` +- if test "x$x" = "x$base"; then +- continue; +- fi +- +- dir=`${DIRNAME} $x 2>/dev/null` +- exclude=`echo ${dir} | ${GREP} /home` +- if test "x$exclude" != "x"; then +- continue +- fi +- +- already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` +- if test "x$already" = "x"; then +- DIRS="$DIRS $dir" +- fi +- done +-fi +- +-eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" +- +- done +- +- +-if test "x$LOCATE" != "x"; then +- DIRS= +- file=Python.h +- +- for x in `${LOCATE} $file 2>/dev/null`; do +- base=`echo $x | sed "s%/${file}%%"` +- if test "x$x" = "x$base"; then +- continue; +- fi +- +- dir=`${DIRNAME} $x 2>/dev/null` +- exclude=`echo ${dir} | ${GREP} /home` +- if test "x$exclude" != "x"; then +- continue +- fi +- +- already=`echo \$_smart_include_dir ${DIRS} | ${GREP} ${dir}` +- if test "x$already" = "x"; then +- DIRS="$DIRS $dir" +- fi +- done +-fi +- +-eval "_smart_include_dir=\"\$_smart_include_dir $DIRS\"" +- +- +- for try in $_smart_include_dir; do +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Python.h in $try" >&5 +-$as_echo_n "checking for Python.h in $try... " >&6; } +- CPPFLAGS="-isystem $try $old_CPPFLAGS" +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +- +- #include +-int +-main () +-{ +-int a = 1; +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_compile "$LINENO"; then : +- +- smart_include="-isystem $try" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- break +- +-else +- +- smart_include= +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +- +-fi +-rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +- done +- CPPFLAGS="$old_CPPFLAGS" +-fi +- +-if test "x$smart_include" != "x"; then +- eval "ac_cv_header_$ac_safe=yes" +- CPPFLAGS="$smart_include $old_CPPFLAGS" +- SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" +-fi ++ if test "x$PYTHON3_CONFIG_BIN" = xnot-found; then ++ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: python3-config not found" >&5 ++$as_echo "$as_me: WARNING: python3-config not found" >&2;} ++ fail="$fail python3-config" ++ else ++ old_CFLAGS="$CFLAGS" ++ unset CFLAGS + +-smart_prefix= ++ python3_cflags=`${PYTHON3_CONFIG_BIN} --cflags` ++ { $as_echo "$as_me:${as_lineno-$LINENO}: ${PYTHON3_CONFIG_BIN}'s cflags were \"${python3_cflags}\"" >&5 ++$as_echo "$as_me: ${PYTHON3_CONFIG_BIN}'s cflags were \"${python3_cflags}\"" >&6;} ++ ++ mod_cflags=`echo $python3_cflags | sed -e '\ ++ s/-I/-isystem/g;\ ++ s/-isysroot[ =]\{0,1\}[^-]*//g;\ ++ s/-O[^[[:blank:]]]*//g;\ ++ s/-Wp,-D_FORTIFY_SOURCE=[[:digit:]]//g;\ ++ s/-g[^ ]*//g;\ ++ s/-W[^ ]*//g;\ ++ s/-DNDEBUG[[:blank:]]*//g; ++ '` ++ { $as_echo "$as_me:${as_lineno-$LINENO}: Sanitized cflags were \"${mod_cflags}\"" >&5 ++$as_echo "$as_me: Sanitized cflags were \"${mod_cflags}\"" >&6;} ++ ++ python3_ldflags=`${PYTHON3_CONFIG_BIN} --ldflags` ++ { $as_echo "$as_me:${as_lineno-$LINENO}: ${PYTHON3_CONFIG_BIN}'s ldflags were \"$python3_ldflags}\"" >&5 ++$as_echo "$as_me: ${PYTHON3_CONFIG_BIN}'s ldflags were \"$python3_ldflags}\"" >&6;} ++ ++ mod_ldflags=`echo $python3_ldflags | sed -e '\ ++ s/-Wl,-O[[:digit:]][[:blank:]]*//g;\ ++ s/-Wl,-Bsymbolic-functions[[:blank:]]*//g;\ ++ s/-Xlinker -export-dynamic//g;\ ++ s/-Wl,-stack_size,[[:digit:]]*[[:blank:]]//g; ++ '` ++ { $as_echo "$as_me:${as_lineno-$LINENO}: Sanitized ldflags were \"${mod_ldflags}\"" >&5 ++$as_echo "$as_me: Sanitized ldflags were \"${mod_ldflags}\"" >&6;} + + CFLAGS=$old_CFLAGS + +- if test "x$ac_cv_header_Python_h" = "xyes"; then +- mod_cflags="$SMART_CPPFLAGS" +- else +- fail="$fail Python.h" +- targetname= +- fi +- +- old_LIBS=$LIBS +- LIBS="$LIBS $PY_LIB_LOC $PY_EXTRA_LIBS -lm" +- smart_try_dir=$PY_LIB_DIR +- +- +-sm_lib_safe=`echo "python${PY_SYS_VERSION}" | sed 'y%./+-%__p_%'` +-sm_func_safe=`echo "Py_Initialize" | sed 'y%./+-%__p_%'` +- +-old_LIBS="$LIBS" +-old_CPPFLAGS="$CPPFLAGS" +-smart_lib= +-smart_ldflags= +-smart_lib_dir= +- +-if test "x$smart_try_dir" != "x"; then +- for try in $smart_try_dir; do +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Py_Initialize in -lpython${PY_SYS_VERSION} in $try" >&5 +-$as_echo_n "checking for Py_Initialize in -lpython${PY_SYS_VERSION} in $try... " >&6; } +- LIBS="-lpython${PY_SYS_VERSION} $old_LIBS" +- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-extern char Py_Initialize(); +-int +-main () +-{ +-Py_Initialize() +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_link "$LINENO"; then : +- +- smart_lib="-lpython${PY_SYS_VERSION}" +- smart_ldflags="-L$try -Wl,-rpath,$try" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- break +- +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +-rm -f core conftest.err conftest.$ac_objext \ +- conftest$ac_exeext conftest.$ac_ext +- done +- LIBS="$old_LIBS" +- CPPFLAGS="$old_CPPFLAGS" +-fi +- +-if test "x$smart_lib" = "x"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Py_Initialize in -lpython${PY_SYS_VERSION}" >&5 +-$as_echo_n "checking for Py_Initialize in -lpython${PY_SYS_VERSION}... " >&6; } +- LIBS="-lpython${PY_SYS_VERSION} $old_LIBS" +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-extern char Py_Initialize(); +-int +-main () +-{ +-Py_Initialize() +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_link "$LINENO"; then : +- +- smart_lib="-lpython${PY_SYS_VERSION}" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +-rm -f core conftest.err conftest.$ac_objext \ +- conftest$ac_exeext conftest.$ac_ext +- LIBS="$old_LIBS" +-fi +- +-if test "x$smart_lib" = "x"; then +- +- +-if test "x$LOCATE" != "x"; then +- DIRS= +- file=libpython${PY_SYS_VERSION}${libltdl_cv_shlibext} +- +- for x in `${LOCATE} $file 2>/dev/null`; do +- base=`echo $x | sed "s%/${file}%%"` +- if test "x$x" = "x$base"; then +- continue; +- fi +- +- dir=`${DIRNAME} $x 2>/dev/null` +- exclude=`echo ${dir} | ${GREP} /home` +- if test "x$exclude" != "x"; then +- continue +- fi +- +- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` +- if test "x$already" = "x"; then +- DIRS="$DIRS $dir" +- fi +- done +-fi +- +-eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" +- +- +- +-if test "x$LOCATE" != "x"; then +- DIRS= +- file=libpython${PY_SYS_VERSION}.a +- +- for x in `${LOCATE} $file 2>/dev/null`; do +- base=`echo $x | sed "s%/${file}%%"` +- if test "x$x" = "x$base"; then +- continue; +- fi +- +- dir=`${DIRNAME} $x 2>/dev/null` +- exclude=`echo ${dir} | ${GREP} /home` +- if test "x$exclude" != "x"; then +- continue +- fi +- +- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` +- if test "x$already" = "x"; then +- DIRS="$DIRS $dir" +- fi +- done +-fi +- +-eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" +- +- +- for try in $smart_lib_dir /usr/local/lib /opt/lib; do +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Py_Initialize in -lpython${PY_SYS_VERSION} in $try" >&5 +-$as_echo_n "checking for Py_Initialize in -lpython${PY_SYS_VERSION} in $try... " >&6; } +- LIBS="-lpython${PY_SYS_VERSION} $old_LIBS" +- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-extern char Py_Initialize(); +-int +-main () +-{ +-Py_Initialize() +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_link "$LINENO"; then : +- +- smart_lib="-lpython${PY_SYS_VERSION}" +- smart_ldflags="-L$try -Wl,-rpath,$try" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- break +- +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +-rm -f core conftest.err conftest.$ac_objext \ +- conftest$ac_exeext conftest.$ac_ext +- done +- LIBS="$old_LIBS" +- CPPFLAGS="$old_CPPFLAGS" +-fi +- +-if test "x$smart_lib" != "x"; then +- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_ldflags $smart_lib $old_LIBS" +- SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" +-fi +- +- LIBS=$old_LIBS +- +- eval t=\${ac_cv_lib_${sm_lib_safe}_${sm_func_safe}} +- if test "x$t" = "xyes"; then +- mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS $SMART_LIBS -lm" +- targetname=rlm_python3 +- else +- +- +-sm_lib_safe=`echo "python${PY_SYS_VERSION}m" | sed 'y%./+-%__p_%'` +-sm_func_safe=`echo "Py_Initialize" | sed 'y%./+-%__p_%'` +- +-old_LIBS="$LIBS" +-old_CPPFLAGS="$CPPFLAGS" +-smart_lib= +-smart_ldflags= +-smart_lib_dir= +- +-if test "x$smart_try_dir" != "x"; then +- for try in $smart_try_dir; do +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Py_Initialize in -lpython${PY_SYS_VERSION}m in $try" >&5 +-$as_echo_n "checking for Py_Initialize in -lpython${PY_SYS_VERSION}m in $try... " >&6; } +- LIBS="-lpython${PY_SYS_VERSION}m $old_LIBS" +- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-extern char Py_Initialize(); +-int +-main () +-{ +-Py_Initialize() +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_link "$LINENO"; then : +- +- smart_lib="-lpython${PY_SYS_VERSION}m" +- smart_ldflags="-L$try -Wl,-rpath,$try" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- break +- +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +-rm -f core conftest.err conftest.$ac_objext \ +- conftest$ac_exeext conftest.$ac_ext +- done +- LIBS="$old_LIBS" +- CPPFLAGS="$old_CPPFLAGS" +-fi +- +-if test "x$smart_lib" = "x"; then +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Py_Initialize in -lpython${PY_SYS_VERSION}m" >&5 +-$as_echo_n "checking for Py_Initialize in -lpython${PY_SYS_VERSION}m... " >&6; } +- LIBS="-lpython${PY_SYS_VERSION}m $old_LIBS" +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-extern char Py_Initialize(); +-int +-main () +-{ +-Py_Initialize() +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_link "$LINENO"; then : +- +- smart_lib="-lpython${PY_SYS_VERSION}m" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +-rm -f core conftest.err conftest.$ac_objext \ +- conftest$ac_exeext conftest.$ac_ext +- LIBS="$old_LIBS" +-fi +- +-if test "x$smart_lib" = "x"; then +- +- +-if test "x$LOCATE" != "x"; then +- DIRS= +- file=libpython${PY_SYS_VERSION}m${libltdl_cv_shlibext} +- +- for x in `${LOCATE} $file 2>/dev/null`; do +- base=`echo $x | sed "s%/${file}%%"` +- if test "x$x" = "x$base"; then +- continue; +- fi +- +- dir=`${DIRNAME} $x 2>/dev/null` +- exclude=`echo ${dir} | ${GREP} /home` +- if test "x$exclude" != "x"; then +- continue +- fi +- +- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` +- if test "x$already" = "x"; then +- DIRS="$DIRS $dir" +- fi +- done +-fi +- +-eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" +- +- +- +-if test "x$LOCATE" != "x"; then +- DIRS= +- file=libpython${PY_SYS_VERSION}m.a +- +- for x in `${LOCATE} $file 2>/dev/null`; do +- base=`echo $x | sed "s%/${file}%%"` +- if test "x$x" = "x$base"; then +- continue; +- fi +- +- dir=`${DIRNAME} $x 2>/dev/null` +- exclude=`echo ${dir} | ${GREP} /home` +- if test "x$exclude" != "x"; then +- continue +- fi +- +- already=`echo \$smart_lib_dir ${DIRS} | ${GREP} ${dir}` +- if test "x$already" = "x"; then +- DIRS="$DIRS $dir" +- fi +- done +-fi +- +-eval "smart_lib_dir=\"\$smart_lib_dir $DIRS\"" +- +- +- for try in $smart_lib_dir /usr/local/lib /opt/lib; do +- { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Py_Initialize in -lpython${PY_SYS_VERSION}m in $try" >&5 +-$as_echo_n "checking for Py_Initialize in -lpython${PY_SYS_VERSION}m in $try... " >&6; } +- LIBS="-lpython${PY_SYS_VERSION}m $old_LIBS" +- CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" +- cat confdefs.h - <<_ACEOF >conftest.$ac_ext +-/* end confdefs.h. */ +-extern char Py_Initialize(); +-int +-main () +-{ +-Py_Initialize() +- ; +- return 0; +-} +-_ACEOF +-if ac_fn_c_try_link "$LINENO"; then : +- +- smart_lib="-lpython${PY_SYS_VERSION}m" +- smart_ldflags="-L$try -Wl,-rpath,$try" +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +-$as_echo "yes" >&6; } +- break +- +-else +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +-$as_echo "no" >&6; } +-fi +-rm -f core conftest.err conftest.$ac_objext \ +- conftest$ac_exeext conftest.$ac_ext +- done +- LIBS="$old_LIBS" +- CPPFLAGS="$old_CPPFLAGS" +-fi +- +-if test "x$smart_lib" != "x"; then +- eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_ldflags $smart_lib $old_LIBS" +- SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" +-fi +- +- eval t=\${ac_cv_lib_${sm_lib_safe}_${sm_func_safe}} +- if test "x$t" = "xyes"; then +- mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS $SMART_LIBS -lm" +- targetname=rlm_python3 +- else +- targetname= +- fail="$fail libpython$PY_SYS_VERSION" +- fi +- fi ++ targetname="rlm_python3" + fi +- +- for ac_func in dl_iterate_phdr +-do : +- ac_fn_c_check_func "$LINENO" "dl_iterate_phdr" "ac_cv_func_dl_iterate_phdr" +-if test "x$ac_cv_func_dl_iterate_phdr" = xyes; then : +- cat >>confdefs.h <<_ACEOF +-#define HAVE_DL_ITERATE_PHDR 1 +-_ACEOF +- +-fi +-done +- + else + targetname= + echo \*\*\* module rlm_python3 is disabled. +Index: freeradius-server-3.0.20/src/modules/rlm_python3/configure.ac +=================================================================== +--- freeradius-server-3.0.20.orig/src/modules/rlm_python3/configure.ac ++++ freeradius-server-3.0.20/src/modules/rlm_python3/configure.ac +@@ -8,128 +8,75 @@ if test x$with_[]modname != xno; then + AC_PROG_CC + AC_PROG_CPP + +- dnl extra argument: --with-rlm-python3-bin +- PYTHON3_BIN= +- AC_ARG_WITH(rlm-python3-bin, +- [ --with-rlm-python3-bin=PATH Path to python3 binary []], ++ dnl extra argument: --with-rlm-python3-config-bin ++ PYTHON3_CONFIG_BIN= ++ AC_ARG_WITH(rlm-python3-config-bin, ++ [ --with-rlm-python3-config-bin=PATH Path to python-config3 binary []], + [ case "$withval" in + no) +- AC_MSG_ERROR(Need rlm-python3-bin) ++ AC_MSG_ERROR(Need rlm-python3-config-bin) + ;; + yes) + ;; + *) +- PYTHON3_BIN="$withval" ++ PYTHON3_CONFIG_BIN="$withval" + ;; + esac ] + ) + +- if test "x$PYTHON3_BIN" = x; then +- AC_CHECK_PROGS(PYTHON3_BIN, [ python3 ], not-found, [${PATH}:/usr/bin:/usr/local/bin]) ++ if test "x$PYTHON3_CONFIG_BIN" = x; then ++ AC_CHECK_PROGS(PYTHON3_CONFIG_BIN, [ python3-config ], not-found, [${PATH}:/usr/bin:/usr/local/bin]) + fi + +- if test "x$PYTHON3_BIN" = "xnot-found"; then +- fail="python-binary" +- fi +- +- dnl extra argument: --with-rlm-python3-lib-dir +- PY_LIB_DIR= +- AC_ARG_WITH(rlm-python3-lib-dir, +- [ --with-rlm-python3-lib-dir=DIR Directory for Python library files []], +- [ case "$withval" in +- no) +- AC_MSG_ERROR(Need rlm-python3-lib-dir) +- ;; +- yes) +- ;; +- *) +- PY_LIB_DIR="$withval" +- ;; +- esac ] +- ) ++ if test "x$PYTHON3_CONFIG_BIN" = xnot-found; then ++ fail="$fail python3-config" ++ else ++ dnl # ++ dnl # It is necessary due to a weird behavior with 'python3-config' ++ dnl # ++ old_CFLAGS="$CFLAGS" ++ unset CFLAGS ++ ++ python3_cflags=`${PYTHON3_CONFIG_BIN} --cflags` ++ AC_MSG_NOTICE([${PYTHON3_CONFIG_BIN}'s cflags were \"${python3_cflags}\"]) ++ ++ dnl # Convert -I to -isystem to get rid of warnings about issues in Python headers ++ dnl # Strip -systemroot ++ dnl # Strip optimisation flags (-O[0-9]?). We decide our optimisation level, not python. ++ dnl # -D_FORTIFY_SOURCE needs -O. ++ dnl # Strip debug symbol flags (-g[0-9]?). We decide on debugging symbols, not python ++ dnl # Strip -W*, we decide what warnings are important ++ dnl # Strip -DNDEBUG ++ mod_cflags=`echo $python3_cflags | sed -e '\ ++ s/-I/-isystem/g;\ ++ s/-isysroot[[ =]]\{0,1\}[[^-]]*//g;\ ++ s/-O[[^[[:blank:]]]]*//g;\ ++ s/-Wp,-D_FORTIFY_SOURCE=[[[:digit:]]]//g;\ ++ s/-g[[^ ]]*//g;\ ++ s/-W[[^ ]]*//g;\ ++ s/-DNDEBUG[[[:blank:]]]*//g; ++ '` ++ AC_MSG_NOTICE([Sanitized cflags were \"${mod_cflags}\"]) ++ ++ python3_ldflags=`${PYTHON3_CONFIG_BIN} --ldflags` ++ AC_MSG_NOTICE([${PYTHON3_CONFIG_BIN}'s ldflags were \"$python3_ldflags}\"]) ++ ++ dnl # Strip -Wl,-O1... Is -O even a valid linker flag?? ++ dnl # Strip -Wl,-Bsymbolic-functions as thats not always supported or required ++ dnl # Strip -Xlinker -export-dynamic as it causes weird linking issues on Linux ++ dnl # See: https://bugs.python.org/issue36508 ++ mod_ldflags=`echo $python3_ldflags | sed -e '\ ++ s/-Wl,-O[[[:digit:]]][[[:blank:]]]*//g;\ ++ s/-Wl,-Bsymbolic-functions[[[:blank:]]]*//g;\ ++ s/-Xlinker -export-dynamic//g;\ ++ s/-Wl,-stack_size,[[[:digit:]]]*[[[:blank:]]]//g; ++ '` ++ AC_MSG_NOTICE([Sanitized ldflags were \"${mod_ldflags}\"]) + +- dnl extra argument: --with-rlm-python3-include-dir +- PY_INC_DIR= +- AC_ARG_WITH(rlm-python3-include-dir, +- [ --with-rlm-python3-include-dir=DIR Directory for Python include files []], +- [ case "$withval" in +- no) +- AC_MSG_ERROR(Need rlm-python3-include-dir) +- ;; +- yes) +- ;; +- *) +- PY_INC_DIR="$withval" +- ;; +- esac ] +- ) +- +- if test x$fail = x; then +- PY_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.prefix)'` +- AC_MSG_NOTICE([Python sys.prefix \"${PY_PREFIX}\"]) +- +- PY_EXEC_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.exec_prefix)'` +- AC_MSG_NOTICE([Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"]) +- +- PY_SYS_VERSION=`${PYTHON3_BIN} -c 'import sys ; print(sys.version[[0:3]])'` +- AC_MSG_NOTICE([Python sys.version \"${PY_SYS_VERSION}\"]) +- +- if test "x$PY_LIB_DIR" = "x"; then +- PY_LIB_DIR="$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config" +- PY_LIB_LOC="-L$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config" +- fi +- +- PY_MAKEFILE="$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config/Makefile" +- if test -f ${PY_MAKEFILE}; then +- PY_LOCAL_MOD_LIBS=`sed -n -e 's/^LOCALMODLIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/^ *//;s/ *$//'` +- AC_MSG_NOTICE([Python local_mod_libs \"${PY_LOCAL_MOD_LIBS}\"]) +- +- PY_BASE_MOD_LIBS=`sed -n -e 's/^BASEMODLIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/^ *//;s/ *$//'` +- AC_MSG_NOTICE([Python base_mod_libs \"${PY_BASE_MOD_LIBS}\"]) +- +- PY_OTHER_LIBS=`sed -n -e 's/^LIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/ / /g;s/^ *//;s/ *$//'` +- PY_OTHER_LDFLAGS=`sed -n -e 's/^LINKFORSHARED=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/ / /g;s/^ *//;s/ *$//'` +- AC_MSG_NOTICE([Python other_libs \"${PY_OTHER_LDFLAGS} ${PY_OTHER_LIBS}\"]) +- fi +- PY_EXTRA_LIBS="$PY_LOCALMODLIBS $PY_BASE_MOD_LIBS $PY_OTHER_LIBS" +- +- old_CFLAGS=$CFLAGS +- CFLAGS="$CFLAGS $PY_CFLAGS" +- smart_try_dir="$PY_PREFIX/include/python$PY_SYS_VERSION" +- FR_SMART_CHECK_INCLUDE(Python.h) + CFLAGS=$old_CFLAGS + +- if test "x$ac_cv_header_Python_h" = "xyes"; then +- mod_cflags="$SMART_CPPFLAGS" +- else +- fail="$fail Python.h" +- targetname= +- fi +- +- old_LIBS=$LIBS +- LIBS="$LIBS $PY_LIB_LOC $PY_EXTRA_LIBS -lm" +- smart_try_dir=$PY_LIB_DIR +- FR_SMART_CHECK_LIB(python${PY_SYS_VERSION}, Py_Initialize) +- LIBS=$old_LIBS +- +- eval t=\${ac_cv_lib_${sm_lib_safe}_${sm_func_safe}} +- if test "x$t" = "xyes"; then +- mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS $SMART_LIBS -lm" +- targetname=modname +- else +- FR_SMART_CHECK_LIB(python${PY_SYS_VERSION}m, Py_Initialize) +- eval t=\${ac_cv_lib_${sm_lib_safe}_${sm_func_safe}} +- if test "x$t" = "xyes"; then +- mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS $SMART_LIBS -lm" +- targetname=modname +- else +- targetname= +- fail="$fail libpython$PY_SYS_VERSION" +- fi +- fi ++ targetname="rlm_python3" + fi +- +- AC_CHECK_FUNCS([dl_iterate_phdr]) + else + targetname= + echo \*\*\* module modname is disabled. +Index: freeradius-server-3.0.20/src/modules/rlm_python3/radiusd_test.py +=================================================================== +--- freeradius-server-3.0.20.orig/src/modules/rlm_python3/radiusd_test.py ++++ /dev/null +@@ -1,63 +0,0 @@ +-#! /usr/bin/env python3 +-# +-# Python module test +-# Miguel A.L. Paraz +-# +-# $Id: 8582716ccbf340be00ce081ecf5ab078e93d1183 $ +- +-import radiusd +- +-def instantiate(p): +- print "*** instantiate ***" +- print p +- +-def authorize(p): +- print "*** authorize ***" +- print +- radiusd.radlog(radiusd.L_INFO, '*** radlog call in authorize ***') +- print +- print p +- return radiusd.RLM_MODULE_OK +- +-def preacct(p): +- print "*** preacct ***" +- print p +- return radiusd.RLM_MODULE_OK +- +-def accounting(p): +- print "*** accounting ***" +- radiusd.radlog(radiusd.L_INFO, '*** radlog call in accounting (0) ***') +- print +- print p +- return radiusd.RLM_MODULE_OK +- +-def pre_proxy(p): +- print "*** pre_proxy ***" +- print p +- return radiusd.RLM_MODULE_OK +- +-def post_proxy(p): +- print "*** post_proxy ***" +- print p +- return radiusd.RLM_MODULE_OK +- +-def post_auth(p): +- print "*** post_auth ***" +- print p +- return radiusd.RLM_MODULE_OK +- +-def recv_coa(p): +- print "*** recv_coa ***" +- print p +- return radiusd.RLM_MODULE_OK +- +-def send_coa(p): +- print "*** send_coa ***" +- print p +- return radiusd.RLM_MODULE_OK +- +- +-def detach(): +- print "*** goodbye from radiusd_test.py ***" +- return radiusd.RLM_MODULE_OK +- +Index: freeradius-server-3.0.20/src/modules/rlm_python3/rlm_python3.c +=================================================================== +--- freeradius-server-3.0.20.orig/src/modules/rlm_python3/rlm_python3.c ++++ freeradius-server-3.0.20/src/modules/rlm_python3/rlm_python3.c +@@ -42,7 +42,7 @@ RCSID("$Id: 06187e4ffa2466ec10e888331f7d + #endif + + #define LIBPYTHON_LINKER_NAME \ +- "libpython" STRINGIFY(PY_MAJOR_VERSION) "." STRINGIFY(PY_MINOR_VERSION) "m.so" ++ "libpython" STRINGIFY(PY_MAJOR_VERSION) "." STRINGIFY(PY_MINOR_VERSION) "m" LT_SHREXT + + static uint32_t python_instances = 0; + static void *python_dlhandle; +@@ -67,8 +67,10 @@ static CONF_PARSER module_config[] = { + A(preacct) + A(accounting) + A(checksimul) ++#ifdef WITH_PROXY + A(pre_proxy) + A(post_proxy) ++#endif + A(post_auth) + #ifdef WITH_COA + A(recv_coa) +@@ -98,7 +100,9 @@ static struct { + A(L_AUTH) + A(L_INFO) + A(L_ERR) ++#ifdef WITH_PROXY + A(L_PROXY) ++#endif + A(L_ACCT) + A(L_DBG_WARN) + A(L_DBG_ERR) +@@ -186,18 +190,16 @@ static void python_error_log(void) + + if (!pExcType || !pExcValue) { + ERROR("%s:%d, Unknown error", __func__, __LINE__); +- if (pExcType) { +- Py_DecRef(pExcType); +- } +- if (pExcValue) { +- Py_DecRef(pExcValue); +- } ++ Py_XDECREF(pExcType); ++ Py_XDECREF(pExcValue); + return; + } + + if (((pStr1 = PyObject_Str(pExcType)) != NULL) && + ((pStr2 = PyObject_Str(pExcValue)) != NULL)) { + ERROR("%s:%d, Exception type: %s, Exception value: %s", __func__, __LINE__, PyUnicode_AsUTF8(pStr1), PyUnicode_AsUTF8(pStr2)); ++ Py_DECREF(pStr1); ++ Py_DECREF(pStr2); + } + + if (pExcTraceback) { +@@ -217,46 +219,23 @@ static void python_error_log(void) + char *str = PyBytes_AsString(pTraceString); + ERROR("%s:%d, full_backtrace: %s", __func__, __LINE__, str); + +- if (pyth_val) { +- Py_DecRef(pyth_val); +- } +- if (pystr) { +- Py_DecRef(pystr); +- } +- if (pTraceString) { +- Py_DecRef(pTraceString); +- } ++ Py_DECREF(pyth_val); ++ Py_DECREF(pystr); ++ Py_DECREF(pTraceString); ++ Py_DECREF(pyth_func); + } +- if (pyth_func) { +- Py_DecRef(pyth_func); +- } +- Py_DecRef(pyth_module); ++ Py_DECREF(pyth_module); + } else { + ERROR("%s:%d, py_module is null, name: %p", __func__, __LINE__, module_name); + } + +- if (module_name) { +- Py_DecRef(module_name); +- } +- +- Py_DecRef(pRepr); ++ Py_DECREF(module_name); ++ Py_DECREF(pRepr); ++ Py_DECREF(pExcTraceback); + } + +- if (pExcType) { +- Py_DecRef(pExcType); +- } +- if (pExcValue) { +- Py_DecRef(pExcValue); +- } +- if (pExcTraceback) { +- Py_DecRef(pExcTraceback); +- } +- if (pStr1) { +- Py_DecRef(pStr1); +- } +- if (pStr2) { +- Py_DecRef(pStr2); +- } ++ Py_DECREF(pExcType); ++ Py_DECREF(pExcValue); + } + + static void mod_vptuple(TALLOC_CTX *ctx, REQUEST *request, VALUE_PAIR **vps, PyObject *pValue, +@@ -510,6 +489,7 @@ static rlm_rcode_t do_python_single(REQU + goto finish; + } + ++#ifdef WITH_PROXY + /* fill proxy vps */ + if (request->proxy) { + if (!mod_populate_vps(pArgs, 4, request->proxy->vps)) { +@@ -517,10 +497,13 @@ static rlm_rcode_t do_python_single(REQU + ret = RLM_MODULE_FAIL; + goto finish; + } +- } else { ++ } else ++#endif ++ { + mod_populate_vps(pArgs, 4, NULL); + } + ++#ifdef WITH_PROXY + /* fill proxy_reply vps */ + if (request->proxy_reply) { + if (!mod_populate_vps(pArgs, 5, request->proxy_reply->vps)) { +@@ -528,7 +511,9 @@ static rlm_rcode_t do_python_single(REQU + ret = RLM_MODULE_FAIL; + goto finish; + } +- } else { ++ } else ++#endif ++ { + mod_populate_vps(pArgs, 5, NULL); + } + +@@ -550,9 +535,14 @@ static rlm_rcode_t do_python_single(REQU + PyDict_SetItemString(pDictInput, "request", PyTuple_GET_ITEM(pArgs, 0)) || + PyDict_SetItemString(pDictInput, "reply", PyTuple_GET_ITEM(pArgs, 1)) || + PyDict_SetItemString(pDictInput, "config", PyTuple_GET_ITEM(pArgs, 2)) || +- PyDict_SetItemString(pDictInput, "session-state", PyTuple_GET_ITEM(pArgs, 3)) || ++ PyDict_SetItemString(pDictInput, "session-state", PyTuple_GET_ITEM(pArgs, 3)) ++#ifdef WITH_PROXY ++ || + PyDict_SetItemString(pDictInput, "proxy-request", PyTuple_GET_ITEM(pArgs, 4)) || +- PyDict_SetItemString(pDictInput, "proxy-reply", PyTuple_GET_ITEM(pArgs, 5))) { ++ PyDict_SetItemString(pDictInput, "proxy-reply", PyTuple_GET_ITEM(pArgs, 5)) ++#endif ++ ) { ++ + ERROR("%s:%d, %s - PyDict_SetItemString failed", __func__, __LINE__, funcname); + ret = RLM_MODULE_FAIL; + goto finish; +@@ -819,8 +809,10 @@ MOD_FUNC(authorize) + MOD_FUNC(preacct) + MOD_FUNC(accounting) + MOD_FUNC(checksimul) ++#ifdef WITH_PROXY + MOD_FUNC(pre_proxy) + MOD_FUNC(post_proxy) ++#endif + MOD_FUNC(post_auth) + #ifdef WITH_COA + MOD_FUNC(recv_coa) +@@ -1102,7 +1094,7 @@ static int python_interpreter_init(rlm_p + python_dlhandle = dlopen_libpython(RTLD_NOW | RTLD_GLOBAL); + if (!python_dlhandle) WARN("Failed loading libpython symbols into global symbol table"); + +-#if PY_VERSION_HEX > 0x03050000 ++#if PY_VERSION_HEX >= 0x03050000 + { + wchar_t *name; + +@@ -1110,13 +1102,6 @@ static int python_interpreter_init(rlm_p + Py_SetProgramName(name); /* The value of argv[0] as a wide char string */ + PyMem_RawFree(name); + } +-#elif PY_VERSION_HEX > 0x0300000 +- { +- wchar_t *name; +- +- MEM(name = _Py_char2wchar(main_config.name, NULL)); +- Py_SetProgramName(inst->wide_name); /* The value of argv[0] as a wide char string */ +- } + #else + { + char *name; +@@ -1163,37 +1148,34 @@ static int python_interpreter_init(rlm_p + * the lifetime of the module. + */ + if (inst->python_path) { ++ char *p, *path; ++ PyObject *sys = PyImport_ImportModule("sys"); ++ PyObject *sys_path = PyObject_GetAttrString(sys, "path"); ++ ++ memcpy(&p, &inst->python_path, sizeof(path)); ++ ++ for (path = strtok(p, ":"); path != NULL; path = strtok(NULL, ":")) { + #if PY_VERSION_HEX > 0x03050000 +- { +- wchar_t *path; +- PyObject* sys = PyImport_ImportModule("sys"); +- PyObject* sys_path = PyObject_GetAttrString(sys,"path"); +- +- MEM(path = Py_DecodeLocale(inst->python_path, NULL)); +- PyList_Append(sys_path, PyUnicode_FromWideChar(path,-1)); +- PyObject_SetAttrString(sys,"path",sys_path); +- PyMem_RawFree(path); +- } ++ wchar_t *py_path; ++ ++ MEM(py_path = Py_DecodeLocale(path, NULL)); ++ PyList_Append(sys_path, PyUnicode_FromWideChar(py_path, -1)); ++ PyMem_RawFree(py_path); + #elif PY_VERSION_HEX > 0x03000000 +- { +- wchar_t *path; +- PyObject* sys = PyImport_ImportModule("sys"); +- PyObject* sys_path = PyObject_GetAttrString(sys,"path"); +- +- MEM(path = _Py_char2wchar(inst->python_path, NULL)); +- PyList_Append(sys_path, PyUnicode_FromWideChar(path,-1)); +- PyObject_SetAttrString(sys,"path",sys_path); +- } +-#else +- { +- char *path; ++ wchar_t *py_path; + +- memcpy(&path, &inst->python_path, sizeof(path)); +- Py_SetPath(path); +- } ++ MEM(py_path = _Py_char2wchar(path, NULL)); ++ PyList_Append(sys_path, PyUnicode_FromWideChar(py_path, -1)); ++ PyMem_RawFree(py_path); ++#else ++ PyList_Append(sys_path, PyLong_FromString(path)); + #endif +- } ++ } + ++ PyObject_SetAttrString(sys, "path", sys_path); ++ Py_DecRef(sys); ++ Py_DecRef(sys_path); ++ } + } else { + inst->module = main_module; + Py_IncRef(inst->module); +@@ -1220,7 +1202,7 @@ static int python_interpreter_init(rlm_p + static int mod_instantiate(CONF_SECTION *conf, void *instance) + { + rlm_python_t *inst = instance; +- int code = 0; ++ int code = RLM_MODULE_OK; + + inst->name = cf_section_name2(conf); + if (!inst->name) inst->name = cf_section_name1(conf); +@@ -1245,8 +1227,10 @@ static int mod_instantiate(CONF_SECTION + PYTHON_FUNC_LOAD(preacct); + PYTHON_FUNC_LOAD(accounting); + PYTHON_FUNC_LOAD(checksimul); ++#ifdef WITH_PROXY + PYTHON_FUNC_LOAD(pre_proxy); + PYTHON_FUNC_LOAD(post_proxy); ++#endif + PYTHON_FUNC_LOAD(post_auth); + #ifdef WITH_COA + PYTHON_FUNC_LOAD(recv_coa); +@@ -1257,12 +1241,14 @@ static int mod_instantiate(CONF_SECTION + /* + * Call the instantiate function. + */ +- code = do_python_single(NULL, inst->instantiate.function, "instantiate", inst->pass_all_vps, inst->pass_all_vps_dict); +- if (code < 0) { +- error: +- python_error_log(); /* Needs valid thread with GIL */ +- PyEval_SaveThread(); +- return -1; ++ if (inst->instantiate.function) { ++ code = do_python_single(NULL, inst->instantiate.function, "instantiate", inst->pass_all_vps, inst->pass_all_vps_dict); ++ if (code < 0) { ++ error: ++ python_error_log(); /* Needs valid thread with GIL */ ++ PyEval_SaveThread(); ++ return -1; ++ } + } + PyEval_SaveThread(); + +@@ -1272,22 +1258,31 @@ static int mod_instantiate(CONF_SECTION + static int mod_detach(void *instance) + { + rlm_python_t *inst = instance; +- int ret; ++ int ret = RLM_MODULE_OK; + + /* + * Call module destructor + */ + PyEval_RestoreThread(inst->sub_interpreter); + +- ret = do_python_single(NULL, inst->detach.function, "detach", inst->pass_all_vps, inst->pass_all_vps_dict); ++ if (inst->detach.function) ret = do_python_single(NULL, inst->detach.function, "detach", inst->pass_all_vps, inst->pass_all_vps_dict); + + #define PYTHON_FUNC_DESTROY(_x) python_function_destroy(&inst->_x) + PYTHON_FUNC_DESTROY(instantiate); +- PYTHON_FUNC_DESTROY(authorize); + PYTHON_FUNC_DESTROY(authenticate); ++ PYTHON_FUNC_DESTROY(authorize); + PYTHON_FUNC_DESTROY(preacct); + PYTHON_FUNC_DESTROY(accounting); + PYTHON_FUNC_DESTROY(checksimul); ++#ifdef WITH_PROXY ++ PYTHON_FUNC_DESTROY(pre_proxy); ++ PYTHON_FUNC_DESTROY(post_proxy); ++#endif ++ PYTHON_FUNC_DESTROY(post_auth); ++#ifdef WITH_COA ++ PYTHON_FUNC_DESTROY(recv_coa); ++ PYTHON_FUNC_DESTROY(send_coa); ++#endif + PYTHON_FUNC_DESTROY(detach); + + Py_DecRef(inst->pythonconf_dict); +@@ -1313,14 +1308,8 @@ static int mod_detach(void *instance) + PyThreadState_Swap(main_interpreter); /* Swap to the main thread */ + Py_Finalize(); + dlclose(python_dlhandle); +- +-#if PY_VERSION_HEX > 0x03050000 +- //if (inst->wide_name) PyMem_RawFree(inst->wide_name); +- //if (inst->wide_path) PyMem_RawFree(inst->wide_path); +-#endif + } + +- + return ret; + } + +@@ -1348,8 +1337,10 @@ module_t rlm_python3 = { + [MOD_PREACCT] = mod_preacct, + [MOD_ACCOUNTING] = mod_accounting, + [MOD_SESSION] = mod_checksimul, ++#ifdef WITH_PROXY + [MOD_PRE_PROXY] = mod_pre_proxy, + [MOD_POST_PROXY] = mod_post_proxy, ++#endif + [MOD_POST_AUTH] = mod_post_auth, + #ifdef WITH_COA + [MOD_RECV_COA] = mod_recv_coa, +Index: freeradius-server-3.0.20/raddb/mods-available/python3 +=================================================================== +--- freeradius-server-3.0.20.orig/raddb/mods-available/python3 ++++ freeradius-server-3.0.20/raddb/mods-available/python3 +@@ -13,7 +13,7 @@ python3 { + # item is GLOBAL TO THE SERVER. That is, you cannot have two + # instances of the python module, each with a different path. + # +-# python_path="/path/to/python/files:/another_path/to/python_files/" ++# python_path="${modconfdir}/${.:name}:/another_path/to/python_files" + + module = example + diff --git a/freeradius-server-3.0.19.tar.bz2 b/freeradius-server-3.0.19.tar.bz2 deleted file mode 100644 index 55d32c8..0000000 --- a/freeradius-server-3.0.19.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f457c356e07b6c3cce3e05231c68e23bdfba8452d0db479fe1c85e114e6283c9 -size 3127564 diff --git a/freeradius-server-3.0.19.tar.bz2.sig b/freeradius-server-3.0.19.tar.bz2.sig deleted file mode 100644 index 5db36a807f8a985cbf62296268e70918bf2a90314659c83c1ec4850e0a32e508..0000000000000000000000000000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 591 zcmV-V0{NMd#~;Ap8;y)S2uOigv*iI0ntM6}7$oE*36^bRW>4KO8!p#&1D| zY-ClwT89}|lJH6z8>5|dur?+}AM#7sIle0ru;;II_Fi$x(_)Sg!#mh5f;%5DN>aNm zJ*Yq7_A4;5CVwo7zqI)zZ|1O0d{U&~65TdNC8%gG?fL~Qq?Xl*a2RT)XoQMs^GB?5 z7YaM?qmM>AA@~K`JI0i;kuk7V%YZP}Q>91aUsXfJRh1av7n$x?FQ;}Ik0LvIe7a)D6H04)NO z@##$2))1Tc$WrLD7VsyrWQy&Ed^b#=r1S)lH!*ME&>3Q>qhq{$Lqptal5VPr)*}aq zdZT%k>|w2Q9|<+}fkr?osq5|6I{L;P*>A@8#Fkl)0I9>T(6X0+{@7etduruv&H}_i dD}s>4bnt=5m+6H>l~T zGe7XJAsHEv_|vRIQNQKJzS9q`8KGY@r#j8HN1vx%vf+a1eWBdCp#|NYbD#L*ltJrP zGy~Pa2r7(z*mimc!l)&o+qf-VOKE8Rx-PA7xSh3W>WyO=7%qZg;U{4Z#zzQV^*$|Q zZ0T0)v;fb`QYvy0Cv6`_IcZ~HG{M|MwZ`uJW;$QRT<~=cn#(RzHdDFa-E$X;Dg(@c z@tw7J&TFZ}s`;gC5^w>Xh3&u=E~8rrX}E3vVi#}6GdPP?zbDz~w`p}~<;2SnD4EdJ z$COF>ukaP@lJKA9m0Zx&m<(w3+ECmc2RS2xd|Q6-pw)1$VBO&=_w&nXq)NyWm9Y_9A(l1y6G>jk&jGp3iw zrz99^a_b(q{oII${540YqZ7n$GeoB(U#KzN2G*1yP#JxbBj?%Lpih`7Tk{An8xr +Index: freeradius-server-3.0.20/src/modules/rlm_python3/radiusd.py +=================================================================== +--- freeradius-server-3.0.20.orig/src/modules/rlm_python3/radiusd.py ++++ freeradius-server-3.0.20/src/modules/rlm_python3/radiusd.py +@@ -1,4 +1,4 @@ +-#! /usr/bin/env python3 ++#!/usr/bin/python3 + # + # Definitions for RADIUS programs + # diff --git a/freeradius-server-opensslversion.patch b/freeradius-server-opensslversion.patch index 392ffd3..ebac44e 100644 --- a/freeradius-server-opensslversion.patch +++ b/freeradius-server-opensslversion.patch @@ -2,45 +2,17 @@ Author: Adam Majer Summary: SUSE OpenSSL version scheme does not follow upstream. Relax, breathe, apply. -Index: freeradius-server-3.0.12/src/main/version.c +Index: freeradius-server-3.0.20/src/main/version.c =================================================================== ---- freeradius-server-3.0.12.orig/src/main/version.c -+++ freeradius-server-3.0.12/src/main/version.c -@@ -50,36 +50,7 @@ static long ssl_built = OPENSSL_VERSION_ +--- freeradius-server-3.0.20.orig/src/main/version.c ++++ freeradius-server-3.0.20/src/main/version.c +@@ -52,6 +52,9 @@ static long ssl_built = OPENSSL_VERSION_ */ int ssl_check_consistency(void) { -- long ssl_linked; -- -- ssl_linked = SSLeay(); -- -- /* -- * Status mismatch always triggers error. -- */ -- if ((ssl_linked & 0x0000000f) != (ssl_built & 0x0000000f)) { -- mismatch: -- ERROR("libssl version mismatch. built: %lx linked: %lx", -- (unsigned long) ssl_built, -- (unsigned long) ssl_linked); -- -- return -1; -- } -- -- /* -- * Use the OpenSSH approach and relax fix checks after version -- * 1.0.0 and only allow moving backwards within a patch -- * series. -- */ -- if (ssl_built & 0xf0000000) { -- if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000) || -- (ssl_built & 0x00000ff0) > (ssl_linked & 0x00000ff0)) goto mismatch; -- /* -- * Before 1.0.0 we require the same major minor and fix version -- * and ignore the patch number. -- */ -- } else if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000)) goto mismatch; -- -+ // noop, since ABI is compatible for SUSE OpenSSL - return 0; - } ++ // noop, since ABI is compatible for SUSE OpenSSL ++ return 0; ++ + long ssl_linked; + ssl_linked = SSLeay(); diff --git a/freeradius-server.changes b/freeradius-server.changes index 96e9d5f..c9938f0 100644 --- a/freeradius-server.changes +++ b/freeradius-server.changes @@ -1,3 +1,93 @@ +------------------------------------------------------------------- +Tue Mar 17 13:42:37 UTC 2020 - Adam Majer + +- update to 3.0.20 + +Feature Improvements + * Added Force10 dictionary. + * Update dictionary.hp with new attributes. #2690. + * Update dictionary.aruba with new attributes. #2696. + * Fix side-channel leak in EAP-PWD (bsc#1166858, CVE-2019-20510) + * Relax OpenSSL version checks, now that their API is both public, and stable. + * Note that tls_min_version/tls_max_version also support "1.3" + Since there is no standard yet for EAP with TLS 1.3, it will not work. + * Added tripplite dictionary from #2760. + * Switch to the async interface for rlm_sql_postgresql so that + we can enforce query_timeout. + * Added new LDAP option 'allow_dangling_group_ref'. + * Updated documentation and functionality for EAP session caching + See "cache" section of mods-available/eap. + * Tighten systemd unit file security. Fixes #2637. + * Disable TLS 1.0 and TLS 1.1 support in the default configuration + We STRONGLY recommend doing this for all installations. + * Add expansions for *outgoing* Radsec connections + "%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and + TLS-Cert-* attributes. Fixes #2839. + * Add %{listen:tls} which returns "yes" or "no" for + TLS or non-TLS connections. + * Update dictionary.lancom with new attributes. #2847. + * Added rlm_sql_mongo. See raddb/mods-available/sql. + Note that this module is experimental. + * Added more documentation in sites-available/robust-proxy-accounting. + * sqlippool now re-allocates unexpired leases, to prevent IP pool + exhaustion when clients perform multiple reauthentication attempts + * Add support to radmin keep the history in ~/.radmin_history. + * Add support for ENV and LD_PRELOAD in radiusd.conf. + See the new ENV sub-section of radiusd.conf. + * Update dictionary.aptilo. #3002. + * Update dictionary.airespace. #3039. + * Add sites-available/coa-relay, which makes CoA easier #3045. + * Add example stored procedure for IP Pools in MySQL + See mods-config/sql/ippool/mysql/procedure.sql + * Update dictionary.dhcp dictionary with the recent hardware types. + * Add experimental rlm_python3. This should largely work + the same as rlm_python, which was Python2 only. + * Add Dockerfiles for Debian10 and CentOS8. + * Add RPM spec file compatibility for RHEL/CentOS 8. + * Notes on certificate constraints. See raddb/certs/server.cnf. + * Add NAIRealm example to raddb/certs/server.cnf, for RFC 7585. + +Bug Fixes + + * Allow listen.ipaddr to reference an IPv6-only host. Fixes #2627 + * ERX-Acct-Request-Reason is "integer". Closes #2635. + * Fix a slow memory leak in the file management code. + * Try to fix file permissions if they get modified while + the server is running + * Fix slow memory leak with clients. + * Fix request and connection timeouts in rlm_rest. + * Fix systemd issues. + * Fixes from clang analyzer. + * Fix missing include for the dictionaries: + alcatel.esam, altiga,alvarion.wimax.v2_2,aptis,asn, + audiocodes,avaya,bristol, columbia_university,freedhcp,garderos, + infoblox,motorola.illegal, starent.vsa1, telkom, wimax.wichorus. + * Fix internal sanity check when running with "-Xx". + * Allow "inner-tunnel" virtual servers to work better + with "accept" and "reject" policies. + * Fix dictionary.huawei data types for + Huawei-DNS-Server-IPv6-address and Huawei-Framed-IPv6-Address. + * Framed-Interface-ID in postgresql/queries.conf is string, + not inet Fixes #2817. + * Fix rlm_cache to complain on unknown attributes in the "update" + section of its configuration. + * Add configure checks for -latomic. This helps on armel, + mips and mipsel. Fixes #2828. + * Add support to Oracle 19 and 18. Via #2857. + * Add support for decoding tags in rlm_rest. Fixes #2848. + * Use correct passwords when updating CRLs in raddb/certs/. + * Properly separate "originate-coa" packets when accounting + packets are read from the detail file reader. + * Use the correct virtual server for pre/post-proxy. + * radsqlrelay fixes backported from "master" branch + * Fix DoS issues due to multithreaded BN_CTX access + (bsc#1166847, CVE-2019-17185) + +- disable python2 for SLE15 and Factory +- freeradius-server-enable-python3.patch: enable Python3 module +- freeradius-python3_patches.patch: backport python3 fixes from upstream +- freeradius-server-opensslversion.patch: updated + ------------------------------------------------------------------- Wed Mar 11 13:18:37 UTC 2020 - Adam Majer diff --git a/freeradius-server.spec b/freeradius-server.spec index 1011020..8669e46 100644 --- a/freeradius-server.spec +++ b/freeradius-server.spec @@ -20,9 +20,15 @@ %define apxs2 apxs2-prefork %define apache2_sysconfdir %(%{_sbindir}/%{apxs2} -q SYSCONFDIR) Name: freeradius-server -Version: 3.0.19 +Version: 3.0.20 Release: 0 +%if 0%{?suse_version} >= 1500 +%bcond_with python2 +%else +%bcond_without python2 +%endif + %if 0%{?suse_version} > 1140 %bcond_without systemd %bcond_without libjson @@ -59,9 +65,11 @@ Source2: freeradius-tmpfiles.conf Patch1: freeradius-server-tmpfiles.patch Patch2: freeradius-server-radiusd-logrotate.patch Patch3: freeradius-server-rcradiusd.patch +Patch4: freeradius-python3_patches.patch Patch5: freeradius-server-rlm_sql_unixodbc-configure.patch Patch6: freeradius-server-radclient-init-error-buffer.patch Patch7: freeradius-server-opensslversion.patch +Patch8: freeradius-server-enable-python3.patch BuildRequires: apache2-devel BuildRequires: cyrus-sasl-devel BuildRequires: db-devel @@ -96,7 +104,10 @@ BuildRequires: openssl-devel > 1.0 BuildRequires: pam-devel BuildRequires: perl BuildRequires: postgresql-devel +%if 0%{with python2} BuildRequires: python-devel +%endif +BuildRequires: python3-devel BuildRequires: sqlite3-devel BuildRequires: unixODBC-devel %if 0%{?suse_version} > 1110 @@ -110,14 +121,12 @@ Requires: %insserv_prereq Requires: %{name}-libs = %{version} Requires: coreutils Requires: pwdutils -Requires: python Requires(pre): openssl Requires(pre): perl Recommends: logrotate Provides: freeradius = %{version} Provides: radiusd Obsoletes: freeradius < %{version} -BuildRoot: %{_tmppath}/%{name}-%{version}-build %{?libperl_requires} Conflicts: radiusd-livingston radiusd-cistron icradius %if %{with systemd} @@ -199,12 +208,19 @@ FreeRADIUS plugin providing Perl support. %package python Summary: Python support for freeradius Group: System/Daemons -BuildRequires: python-devel Requires: %{name} = %{version} %description python FreeRADIUS plugin providing Python support. +%package python3 +Summary: Python3 support for freeradius +Group: System/Daemons +Requires: %{name} = %{version} + +%description python3 +FreeRADIUS plugin providing Python3 support. + %package mysql Summary: MySQL support for freeradius Group: System/Daemons @@ -233,15 +249,10 @@ Requires: %{name} = %{version} FreeRADIUS plugin providing SQLite support. %prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 +%autosetup -p1 %build +./autogen.sh modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\"" @@ -251,6 +262,7 @@ export LDFLAGS="-pie" %configure \ --disable-static \ --libdir=%{_libdir}/freeradius \ + --with-unixodbc-dir=%{_prefix} \ --disable-ltdl-install \ --enable-strict-dependencies \ --with-edir \ @@ -269,6 +281,10 @@ export LDFLAGS="-pie" --without-rlm_rediswho \ --without-rlm_sql_oracle \ --without-rlm_securid \ +%if ! %{with python2} + --without-rlm_python \ +%endif + --with-rlm-python3-include-dir=%{_includedir}/python%{python3_version}%{py3_abiflags} \ %if ! %{with memcached} --without-rlm_cache_memcached \ %endif @@ -313,32 +329,38 @@ cp -al %{buildroot}%{_sbindir}/radiusd %{buildroot}%{_sbindir}/radrelay install -D -d -m 0710 %{buildroot}%{runpath}/radiusd mv -v doc/README doc/README.doc # remove unneeded stuff -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/*.crt -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/*.csr -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/*.der -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/*.key -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/*.pem -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/*.p12 -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/index.* -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/serial* -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/dh -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/random -rm -rf doc/00-OLD -rm -rf doc/.gitignore -rm -rf doc/source/.gitignore -rm -f %{buildroot}%{_sbindir}/rc.radiusd -rm -rf %{buildroot}%{_datadir}/doc/freeradius* -rm -rf %{buildroot}%{_libdir}/freeradius/*.*a -rm -f %{buildroot}%{_defaultdocdir}/%{name}/Makefile -rm -f %{buildroot}%{_defaultdocdir}/%{name}/examples/Makefile -rm -rf %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/main/mssql -rm -rf %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/ippool/oracle -rm -rf %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/oracle -rm -rf %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/main/oracle -rm -rf %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/postgresql +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.crl +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.crt +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.csr +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.der +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.key +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.pem +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.p12 +rm %{buildroot}%{_sysconfdir}/raddb/certs/index.* +rm %{buildroot}%{_sysconfdir}/raddb/certs/serial* +rm %{buildroot}%{_sysconfdir}/raddb/certs/dh +#rm -r doc/00-OLD +#rm -r doc/.gitignore +#rm -r doc/source/.gitignore +rm %{buildroot}%{_sbindir}/rc.radiusd +rm -r %{buildroot}%{_datadir}/doc/freeradius* +rm -r %{buildroot}%{_libdir}/freeradius/*.*a +# rm %{buildroot}%{_defaultdocdir}/%{name}/Makefile +# rm %{buildroot}%{_defaultdocdir}/%{name}/examples/Makefile +rm -r %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/main/mssql +rm -r %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/ippool/oracle +rm -r %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/oracle +rm -r %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/main/oracle +#rm -r %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/postgresql %if ! %{with json} rm %{buildroot}%{_sysconfdir}/raddb/mods-available/rest %endif +%if ! %{with python2} +rm %{buildroot}%{_sysconfdir}/raddb/mods-available/python +%endif +rm %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/ippool/mongo/queries.conf +rm %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/main/mongo/queries.conf +rm %{buildroot}%{_sysconfdir}/raddb/sites-available/coa-relay %pre getent group radiusd >/dev/null || %{_sbindir}/groupadd -r radiusd @@ -441,8 +463,8 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{unitname}.conf %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/* %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/preprocess/* -%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python -%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/python/radiusd.py +#%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python +#%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/python/radiusd.py %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool/postgresql @@ -535,7 +557,10 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{unitname}.conf %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/pap %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/passwd %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/preprocess +%if %{with python2} %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/python +%endif +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/python3 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/radutmp %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/realm %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/redis @@ -729,11 +754,21 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{unitname}.conf %{_libdir}/freeradius/rlm_perl.so +%if %{with python2} %files python %defattr(-,root,root) %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python +%attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python/radiusd.py %{_sysconfdir}/raddb/mods-config/python/example.py* %{_libdir}/freeradius/rlm_python.so +%endif + +%files python3 +%defattr(-,root,root) +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python3 +%attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python3/example.py +%attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python3/radiusd.py +%{_libdir}/freeradius/rlm_python3.so %files mysql %defattr(-,root,root) @@ -750,6 +785,7 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{unitname}.conf %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool/mysql %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool/mysql/queries.conf %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool/mysql/schema.sql +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool/mysql/procedure.sql %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf