From 9ea45d02fd3b8bc047a01b0c8907d676c1824d8e Mon Sep 17 00:00:00 2001 From: "Rick Farina (Zero_Chaos)" Date: Sat, 26 Apr 2025 12:49:59 -0400 Subject: [PATCH] Clean the tree of non-existant deps and check now pentoo-exploits: drop empire (and deathstar) Also drop keywords from empire since it can't be installed. also drop deathstar and it's keywords since it requires empire sdrtrunk: fix non-existant deps remove freeradius bump icad-tone-detection pydub: import from guru drop dependency-check-bin drop old grpcio-tools update evalhook drop openscap-daemon, nothing but "random" for years --- .github/workflows/pkgcheck.yaml | 2 +- .github/workflows/pkgcheck_merge.yaml | 2 +- app-exploits/deathstar/Manifest | 1 - .../deathstar/deathstar-20201217-r1.ebuild | 61 --- .../deathstar/deathstar-20210519.ebuild | 8 +- app-exploits/deathstar/metadata.xml | 3 + app-exploits/empire/Manifest | 1 - app-exploits/empire/empire-6.0.0.ebuild | 137 ----- app-exploits/empire/empire-6.0.2.ebuild | 4 +- app-forensics/openscap-daemon/Manifest | 1 - .../files/openscap-daemon-0.1.10_gentoo.patch | 15 - .../openscap-daemon/files/oscapd.initd | 11 - app-forensics/openscap-daemon/metadata.xml | 8 - .../openscap-daemon-0.1.10-r1.ebuild | 44 -- .../evalhook/evalhook-0.1_p20231013.ebuild | 11 +- dev-php/evalhook/metadata.xml | 11 + dev-python/grpcio-testing/Manifest | 2 +- ....0.ebuild => grpcio-testing-1.71.0.ebuild} | 2 +- dev-python/grpcio-testing/metadata.xml | 9 - dev-python/grpcio-tools/Manifest | 1 - .../grpcio-tools/grpcio-tools-1.67.0.ebuild | 58 --- dev-python/pydub/pydub-0.25.1.ebuild | 38 ++ dev-util/dependency-check-bin/Manifest | 2 - .../dependency-check-bin-5.3.2.ebuild | 34 -- .../dependency-check-bin-6.2.2.ebuild | 34 -- dev-util/dependency-check-bin/metadata.xml | 8 - media-radio/icad-tone-detection/Manifest | 2 +- ....ebuild => icad-tone-detection-1.4.ebuild} | 0 net-dialup/freeradius/Manifest | 1 - net-dialup/freeradius/files/clients_wpe.conf | 13 - net-dialup/freeradius/files/eap_wpe.conf | 199 -------- .../files/freeradius-3.0.20-py3-fixes.patch | 472 ------------------ .../freeradius-3.0.20-systemd-service.patch | 57 --- .../files/freeradius-3.0.20-wpe.patch | 469 ----------------- .../files/freeradius-3.2.0-wpe.patch | 404 --------------- .../freeradius-3.2.3-configure-c99.patch | 38 -- .../files/freeradius-3.2.3-wpe.patch | 435 ---------------- .../files/freeradius-user-freerad-wpe.patch | 43 -- .../freeradius/files/freeradius.service | 15 - .../freeradius/files/freeradius.tmpfiles | 1 - net-dialup/freeradius/files/radius.conf-r4 | 16 - net-dialup/freeradius/files/radius.conf-r5 | 18 - net-dialup/freeradius/files/radius.conf-r6 | 22 - net-dialup/freeradius/files/radius.init-r3 | 31 -- net-dialup/freeradius/files/radius.init-r4 | 31 -- net-dialup/freeradius/files/users_wpe | 3 - net-dialup/freeradius/freeradius-3.2.3.ebuild | 328 ------------ net-dialup/freeradius/metadata.xml | 22 - net-wireless/sdrtrunk/sdrtrunk-9999.ebuild | 7 +- ....1.ebuild => pentoo-exploit-2025.0.ebuild} | 9 +- 50 files changed, 76 insertions(+), 3068 deletions(-) delete mode 100644 app-exploits/deathstar/deathstar-20201217-r1.ebuild delete mode 100644 app-exploits/empire/empire-6.0.0.ebuild delete mode 100644 app-forensics/openscap-daemon/Manifest delete mode 100644 app-forensics/openscap-daemon/files/openscap-daemon-0.1.10_gentoo.patch delete mode 100644 app-forensics/openscap-daemon/files/oscapd.initd delete mode 100644 app-forensics/openscap-daemon/metadata.xml delete mode 100644 app-forensics/openscap-daemon/openscap-daemon-0.1.10-r1.ebuild create mode 100644 dev-php/evalhook/metadata.xml rename dev-python/grpcio-testing/{grpcio-testing-1.62.0.ebuild => grpcio-testing-1.71.0.ebuild} (95%) delete mode 100644 dev-python/grpcio-testing/metadata.xml delete mode 100644 dev-python/grpcio-tools/grpcio-tools-1.67.0.ebuild create mode 100644 dev-python/pydub/pydub-0.25.1.ebuild delete mode 100644 dev-util/dependency-check-bin/Manifest delete mode 100644 dev-util/dependency-check-bin/dependency-check-bin-5.3.2.ebuild delete mode 100644 dev-util/dependency-check-bin/dependency-check-bin-6.2.2.ebuild delete mode 100644 dev-util/dependency-check-bin/metadata.xml rename media-radio/icad-tone-detection/{icad-tone-detection-1.3.ebuild => icad-tone-detection-1.4.ebuild} (100%) delete mode 100644 net-dialup/freeradius/Manifest delete mode 100644 net-dialup/freeradius/files/clients_wpe.conf delete mode 100644 net-dialup/freeradius/files/eap_wpe.conf delete mode 100644 net-dialup/freeradius/files/freeradius-3.0.20-py3-fixes.patch delete mode 100644 net-dialup/freeradius/files/freeradius-3.0.20-systemd-service.patch delete mode 100644 net-dialup/freeradius/files/freeradius-3.0.20-wpe.patch delete mode 100644 net-dialup/freeradius/files/freeradius-3.2.0-wpe.patch delete mode 100644 net-dialup/freeradius/files/freeradius-3.2.3-configure-c99.patch delete mode 100644 net-dialup/freeradius/files/freeradius-3.2.3-wpe.patch delete mode 100644 net-dialup/freeradius/files/freeradius-user-freerad-wpe.patch delete mode 100644 net-dialup/freeradius/files/freeradius.service delete mode 100644 net-dialup/freeradius/files/freeradius.tmpfiles delete mode 100644 net-dialup/freeradius/files/radius.conf-r4 delete mode 100644 net-dialup/freeradius/files/radius.conf-r5 delete mode 100644 net-dialup/freeradius/files/radius.conf-r6 delete mode 100644 net-dialup/freeradius/files/radius.init-r3 delete mode 100644 net-dialup/freeradius/files/radius.init-r4 delete mode 100644 net-dialup/freeradius/files/users_wpe delete mode 100644 net-dialup/freeradius/freeradius-3.2.3.ebuild delete mode 100644 net-dialup/freeradius/metadata.xml rename pentoo/pentoo-exploit/{pentoo-exploit-2024.1.ebuild => pentoo-exploit-2025.0.ebuild} (82%) diff --git a/.github/workflows/pkgcheck.yaml b/.github/workflows/pkgcheck.yaml index 78e343e20..1727dacbc 100644 --- a/.github/workflows/pkgcheck.yaml +++ b/.github/workflows/pkgcheck.yaml @@ -25,4 +25,4 @@ jobs: - name: Commit pkgcheck warnings uses: pkgcore/pkgcheck-action@v1 with: - args: --exit warning -k ,PkgMetadataXmlIndentation,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-PotentialStable,-DeprecatedDep,-MissingUseDepDefault,ProfileError,ProfileWarning,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,EclassReservedName,VisibleVcsPkg,DeprecatedEapi,MissingRemoteId,DistutilsNonPEP517Build,OldPackageNameDep --commits HEAD^..${{ github.sha }} + args: --exit warning -k ,PkgMetadataXmlIndentation,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-PotentialStable,-DeprecatedDep,-MissingUseDepDefault,ProfileError,ProfileWarning,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,EclassReservedName,VisibleVcsPkg,DeprecatedEapi,MissingRemoteId,DistutilsNonPEP517Build,OldPackageNameDep,NonexistentDeps --commits HEAD^..${{ github.sha }} diff --git a/.github/workflows/pkgcheck_merge.yaml b/.github/workflows/pkgcheck_merge.yaml index c9728376a..6ede424da 100644 --- a/.github/workflows/pkgcheck_merge.yaml +++ b/.github/workflows/pkgcheck_merge.yaml @@ -26,4 +26,4 @@ jobs: - name: Commit pkgcheck warnings uses: pkgcore/pkgcheck-action@v1 with: - args: --exit warning -k ,PkgMetadataXmlIndentation,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-PotentialStable,-UnknownProfilePackage,-DeprecatedDep,-MissingUseDepDefault,ProfileError,ProfileWarning,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,EclassReservedName,VisibleVcsPkg,DeprecatedEapi,MissingRemoteId,DistutilsNonPEP517Build,OldPackageNameDep --commits HEAD^..${{ github.sha }} + args: --exit warning -k ,PkgMetadataXmlIndentation,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-PotentialStable,-UnknownProfilePackage,-DeprecatedDep,-MissingUseDepDefault,ProfileError,ProfileWarning,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,EclassReservedName,VisibleVcsPkg,DeprecatedEapi,MissingRemoteId,DistutilsNonPEP517Build,OldPackageNameDep,NonexistentDeps --commits HEAD^..${{ github.sha }} diff --git a/app-exploits/deathstar/Manifest b/app-exploits/deathstar/Manifest index 9ff91ad8a..409bc13ef 100644 --- a/app-exploits/deathstar/Manifest +++ b/app-exploits/deathstar/Manifest @@ -1,2 +1 @@ -DIST deathstar-20201217.tar.gz 44220 BLAKE2B ba1e9c295a76201c7987e7759cb3c8ecd2c212f6269ef2fc3392db2ef2cb993fa2af860f29e514f580940b9b02ee7dc777747924e961aad72365b8970bdd337e SHA512 4af3b356e548be04ea03989af7c43e302cf1b2c4ec7c10fedf7d4fb6d426bcfe947bbb42312912505c88cbd0e21705fd41d279bbb048f7fa5450f25ddd58f2b7 DIST deathstar-20210519.tar.gz 44204 BLAKE2B 186951fde53ea132cf6bbe35f478b0e97e2163665e599f29666ce291a58744d4c33a463aea75f668a41a68b45c06210ebec7870a01b45fb712693e638e9a445c SHA512 2029c49432f273fc7534d98114075dca4330d8900835e2d754fc021e7b0844a092a9818389e8d86f58f30206b60991394b7bd3ed222343ebab92522e74a12b2c diff --git a/app-exploits/deathstar/deathstar-20201217-r1.ebuild b/app-exploits/deathstar/deathstar-20201217-r1.ebuild deleted file mode 100644 index 1849364d4..000000000 --- a/app-exploits/deathstar/deathstar-20201217-r1.ebuild +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 1999-2022 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DISTUTILS_USE_PEP517=poetry -PYTHON_COMPAT=( python3_{11..13} ) - -inherit distutils-r1 - -DESCRIPTION="A tool to gain Domain Admin rights with a push of a button" -HOMEPAGE="https://github.com/byt3bl33d3r/DeathStar" - -HASH_COMMIT="1ced058fcbd73e89f13967cbadc1d375dc48f1d1" -SRC_URI="https://github.com/byt3bl33d3r/DeathStar/archive/${HASH_COMMIT}.tar.gz -> ${P}.tar.gz" - -KEYWORDS="~amd64 ~x86" -LICENSE="GPL-3" -SLOT="0" - -#requirements.txt -RDEPEND="${PYTHON_DEPS} - app-exploits/empire - dev-python/certifi[${PYTHON_USEDEP}] - dev-python/colorama[${PYTHON_USEDEP}] - dev-python/commonmark[${PYTHON_USEDEP}] - dev-python/h11[${PYTHON_USEDEP}] - dev-python/httpcore[${PYTHON_USEDEP}] - dev-python/httpx[${PYTHON_USEDEP}] - dev-python/idna[${PYTHON_USEDEP}] - dev-python/pygments[${PYTHON_USEDEP}] - dev-python/rfc3986[${PYTHON_USEDEP}] - dev-python/rich[${PYTHON_USEDEP}] - dev-python/sniffio[${PYTHON_USEDEP}] - dev-python/typing-extensions[${PYTHON_USEDEP}] -" - -S="${WORKDIR}/DeathStar-${HASH_COMMIT}" - -src_prepare() { - default - # exclude is not supported by pyproject2setuppy - sed -i '/^exclude/,/^\]/d' pyproject.toml || die -} - -#src_prepare() { -# sed -i \ -# -e "s/__version__ = '\(.*\)'/__version__ = '${PV}'/" \ -# DeathStar.py || die -# default -#} - -#src_install() { -# python_foreach_impl python_newscript DeathStar.py $PN -# dodoc README.md -#} - -pkg_postinst() { - einfo "\nSee the following URL:" - einfo " * https://byt3bl33d3r.github.io/automating-the-empire-with-the-death-star-getting-domain-admin-with-a-push-of-a-button.html\n" -} diff --git a/app-exploits/deathstar/deathstar-20210519.ebuild b/app-exploits/deathstar/deathstar-20210519.ebuild index 9b9a48f2b..0d8d86f33 100644 --- a/app-exploits/deathstar/deathstar-20210519.ebuild +++ b/app-exploits/deathstar/deathstar-20210519.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -14,7 +14,9 @@ HOMEPAGE="https://github.com/byt3bl33d3r/DeathStar" HASH_COMMIT="f10fdbfeb149d9b5647b397e1ce7fa8ab0d39799" SRC_URI="https://github.com/byt3bl33d3r/DeathStar/archive/${HASH_COMMIT}.tar.gz -> ${P}.tar.gz" -KEYWORDS="~amd64 ~x86" +S="${WORKDIR}/DeathStar-${HASH_COMMIT}" + +#KEYWORDS="~amd64 ~x86" LICENSE="GPL-3" SLOT="0" @@ -42,8 +44,6 @@ RDEPEND="${PYTHON_DEPS} distutils_enable_tests pytest -S="${WORKDIR}/DeathStar-${HASH_COMMIT}" - src_prepare() { default # exclude is not supported by pyproject2setuppy diff --git a/app-exploits/deathstar/metadata.xml b/app-exploits/deathstar/metadata.xml index ace7c2d3a..a9de0bd8e 100644 --- a/app-exploits/deathstar/metadata.xml +++ b/app-exploits/deathstar/metadata.xml @@ -5,4 +5,7 @@ unknown@pentoo.ch Author Unknown + + byt3bl33d3r/DeathStar + diff --git a/app-exploits/empire/Manifest b/app-exploits/empire/Manifest index b4905f5cb..f77dd5400 100644 --- a/app-exploits/empire/Manifest +++ b/app-exploits/empire/Manifest @@ -1,2 +1 @@ -DIST empire-6.0.0.tar.gz 38108157 BLAKE2B f53ced8e3a90f51018ddd469455e0c165fb7af8aab769b2b75570dc2a2f814900d097988c208102b911896cb3b31b53e92119dfce3af20dbb7c2e307fc3ee5c6 SHA512 8de2ca9c46cf0c324dcf407b152e0dc0079078b9d771dda885e93b75645ea81eb335a2eb72a7f41995d56855abed0c58687ab63a5a8ff419b9b431b533215c8a DIST empire-6.0.2.tar.gz 38107974 BLAKE2B 7169a51aa22895a738d85b5ae18867dfb10f78e59ff65db82ba7fffc725c8590e7fdab902b943bc1a80a0f3a827c10fd3b63052b725774a388c7d9aab2be894b SHA512 448ff62446132d736c4a1a6bc2d8abb0168d8c32841ecf2073cf3577e906cc29ea7f09bb3d227e8a8da635f0f107f36cfeed50ddd48e4bdb237c3cc8ce3f99dc diff --git a/app-exploits/empire/empire-6.0.0.ebuild b/app-exploits/empire/empire-6.0.0.ebuild deleted file mode 100644 index b704217ef..000000000 --- a/app-exploits/empire/empire-6.0.0.ebuild +++ /dev/null @@ -1,137 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DISTUTILS_USE_PEP517=poetry -PYTHON_COMPAT=( python3_{11..13} ) -PYTHON_REQ_USE="sqlite" - -inherit wrapper python-single-r1 - -DESCRIPTION="A post-exploitation framework" -HOMEPAGE="https://github.com/BC-SECURITY/Empire" -SRC_URI="https://github.com/BC-SECURITY/Empire/archive/v${PV}.tar.gz -> ${P}.tar.gz" -S="${WORKDIR}/Empire-${PV}" - -LICENSE="BSD" -SLOT="0" -KEYWORDS="~amd64 ~x86" -IUSE="powershell java" -REQUIRED_USE="powershell? ( !x86 ) - ${PYTHON_REQUIRED_USE}" - -# https://github.com/BC-SECURITY/Empire/issues/196 -RDEPEND="${PYTHON_DEPS} - $(python_gen_cond_dep ' - dev-python/urllib3[${PYTHON_USEDEP}] - dev-python/requests[${PYTHON_USEDEP}] - dev-python/macholib[${PYTHON_USEDEP}] - dev-python/pyopenssl[${PYTHON_USEDEP}] - dev-python/zlib_wrapper[${PYTHON_USEDEP}] - dev-python/jinja2[${PYTHON_USEDEP}] - dev-python/pyparsing[${PYTHON_USEDEP}] - dev-python/pymysql[${PYTHON_USEDEP}] - dev-python/sqlalchemy[${PYTHON_USEDEP}] - dev-python/pyyaml[${PYTHON_USEDEP}] - dev-python/sqlalchemy_utc[${PYTHON_USEDEP}] - dev-python/terminaltables3[${PYTHON_USEDEP}] - dev-python/pycryptodome[${PYTHON_USEDEP}] - dev-python/cryptography[${PYTHON_USEDEP}] - >=dev-python/fastapi-0.115.11[${PYTHON_USEDEP}] - >=dev-python/uvicorn-0.34.0[${PYTHON_USEDEP}] - >=dev-python/jq-1.8.0[${PYTHON_USEDEP}] - >=dev-python/aiofiles-24.1.0[${PYTHON_USEDEP}] - >=dev-python/python-multipart-0.0.20[${PYTHON_USEDEP}] - >=dev-python/python-socketio-5.12.1[${PYTHON_USEDEP}] - >=dev-python/flask-3.1.0[${PYTHON_USEDEP}] - >=dev-python/python-obfuscator-0.0.2[${PYTHON_USEDEP}] - >=dev-python/pyinstaller-6.12.0[${PYTHON_USEDEP}] - >=dev-python/packaging-24.2[${PYTHON_USEDEP}] - >=dev-python/netaddr-1.3.0[${PYTHON_USEDEP}] - >=dev-python/bcrypt-4.0.1[${PYTHON_USEDEP}] - >=dev-python/requests-file-2.1.0[${PYTHON_USEDEP}] - - dev-python/pysecretsocks[${PYTHON_USEDEP}] - dev-python/donut-shellcode[${PYTHON_USEDEP}] - - ') - powershell? ( - !x86? ( app-shells/pwsh-bin ) ) - java? ( - || ( virtual/jre:* virtual/jdk:* ) )" - -DEPEND="${RDEPEND}" - -pkg_setup() { - python-single-r1_pkg_setup -} - -src_prepare() { - python_fix_shebang "${S}" - default -} - -#https://github.com/BC-SECURITY/Empire/issues/39 -src_install() { - insinto "/usr/share/${PN}" - doins -r empire/ empire.py - -# python_optimize "${D}/usr/share/${PN}/lib" - - make_wrapper $PN \ - "${PYTHON} /usr/share/${PN}/empire.py" \ - "/usr/share/${PN}" - - dodoc README.md Dockerfile changelog -} - -pkg_config() { - local _yesno_ask - local _em_home="${EROOT}/usr/share/${PN}" - - pushd "${_em_home}" >/dev/null || die - - if [ -f "${_em_home}/data/empire.db" ]; then - ewarn "Drop old database "${_em_home}/data/empire.db" for new configuring ..." - read -r -p " [>] Are you sure? [y/N] " _yesno_ask - - if [[ ${_yesno_ask,,} =~ ^(yes|y)$ ]]; then - rm -f data/empire.db > /dev/null 2>&1 || die - else - return - fi - fi - - ebegin "Press ENTER to create password for database or Control-C to abort now" - python3 setup/setup_database.py - eend ${?} || die - - if [ -f "${_em_home}/data/empire-chain.pem" ] || [ -f "${_em_home}/data/empire-priv.key" ]; then - ewarn "Drop old ${_em_home}/data/empire-chain.pem and generate new cert ..." - read -r -p " [>] Are you sure? [y/N] " _yesno_ask - - if [[ ${_yesno_ask,,} =~ ^(yes|y)$ ]]; then - rm -f data/{empire-chain.pem,empire-priv.key} > /dev/null 2>&1 || die - else - return - fi - fi - - openssl req -newkey rsa:2048 -new -nodes -x509 \ - -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.pentoo.ch" \ - -keyout data/empire-priv.key \ - -out data/empire-chain.pem || die - - popd >/dev/null || die -} - -pkg_postinst() { - ewarn "\nWarning. This software does not support system-wide installation" - ewarn "See the following bug report for more details:" - ewarn "https://github.com/BC-SECURITY/Empire/issues/39" - ewarn - ewarn "You need to run it from /usr/share/${PN} directory under 'root' account" - ewarn "\nPlease configure your installation before using:" - ewarn " emerge --config \"=${CATEGORY}/${PF}\"\n" -} diff --git a/app-exploits/empire/empire-6.0.2.ebuild b/app-exploits/empire/empire-6.0.2.ebuild index b704217ef..1edde0495 100644 --- a/app-exploits/empire/empire-6.0.2.ebuild +++ b/app-exploits/empire/empire-6.0.2.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -16,7 +16,7 @@ S="${WORKDIR}/Empire-${PV}" LICENSE="BSD" SLOT="0" -KEYWORDS="~amd64 ~x86" +#KEYWORDS="~amd64 ~x86" IUSE="powershell java" REQUIRED_USE="powershell? ( !x86 ) ${PYTHON_REQUIRED_USE}" diff --git a/app-forensics/openscap-daemon/Manifest b/app-forensics/openscap-daemon/Manifest deleted file mode 100644 index 48e1ea319..000000000 --- a/app-forensics/openscap-daemon/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST openscap-daemon-0.1.10.tar.gz 820662 BLAKE2B 1167518f0534dc9f494f889892acbf7d74a86af6caf22220345516c39ed4863cbdd0a4064d9ee291ed7eccd81ab057241db2b04ee28d79a0c1f3c5152154e8a9 SHA512 93946b390cc95281b606967df783b8be6beb83da9fbca1951f2095dc24abe518440b6f967b29ae2b093536abe9af4effc3776e8d30f0ab2193b923c1bcf54e17 diff --git a/app-forensics/openscap-daemon/files/openscap-daemon-0.1.10_gentoo.patch b/app-forensics/openscap-daemon/files/openscap-daemon-0.1.10_gentoo.patch deleted file mode 100644 index 22567a37c..000000000 --- a/app-forensics/openscap-daemon/files/openscap-daemon-0.1.10_gentoo.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -ur a/setup.py b/setup.py ---- a/setup.py 2018-02-08 18:52:16.000000000 +0300 -+++ b/setup.py 2019-07-07 00:50:24.699965784 +0300 -@@ -57,10 +57,8 @@ - data_files=[ - (os.path.join("/", "etc", "dbus-1", "system.d"), - ["org.oscapd.conf"]), -- (os.path.join("/", "usr", "lib", "systemd", "system"), -+ (os.path.join("/", "lib", "systemd", "system"), - ["oscapd.service"]), -- (os.path.join("/", "usr", "share", "doc", "openscap-daemon"), -- ["README.md", "LICENSE"]), - (os.path.join("/", "usr", "share", "man", "man8"), - ["man/oscapd.8", "man/oscapd-cli.8", "man/oscapd-evaluate.8"]), - ], diff --git a/app-forensics/openscap-daemon/files/oscapd.initd b/app-forensics/openscap-daemon/files/oscapd.initd deleted file mode 100644 index 1a1a156ab..000000000 --- a/app-forensics/openscap-daemon/files/oscapd.initd +++ /dev/null @@ -1,11 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -description="OpenSCAP Daemon" -command="/usr/bin/oscapd" -command_background="true" -pidfile="/run/${RC_SVCNAME}.pid" -start_stop_daemon_args="--quiet -1 /var/log/${RC_SVCNAME}.log -2 /var/log/${RC_SVCNAME}.log" - -# vim: set ft=gentoo-init-d ts=4 : diff --git a/app-forensics/openscap-daemon/metadata.xml b/app-forensics/openscap-daemon/metadata.xml deleted file mode 100644 index c4511c144..000000000 --- a/app-forensics/openscap-daemon/metadata.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - email@linxon.ru - Yury Martynov - - diff --git a/app-forensics/openscap-daemon/openscap-daemon-0.1.10-r1.ebuild b/app-forensics/openscap-daemon/openscap-daemon-0.1.10-r1.ebuild deleted file mode 100644 index 3cc9eaec7..000000000 --- a/app-forensics/openscap-daemon/openscap-daemon-0.1.10-r1.ebuild +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DISTUTILS_USE_PEP517=setuptools -PYTHON_COMPAT=( python3_{11..13} ) -PYTHON_REQ_USE="xml" - -inherit distutils-r1 - -DESCRIPTION="Manages continuous scans of your infrastructure" -HOMEPAGE="https://www.open-scap.org/tools/openscap-daemon" -SRC_URI="https://github.com/OpenSCAP/openscap-daemon/archive/${PV}.tar.gz -> ${P}.tar.gz" - -LICENSE="LGPL-2.1" -SLOT=0 -KEYWORDS="~amd64" -IUSE="test" -REQUIRED_USE="${PYTHON_REQUIRED_USE}" - -RESTRICT="!test? ( test )" - -RDEPEND="${PYTHON_DEPS} - app-forensics/openscap - app-forensics/scap-security-guide - dev-python/dbus-python[${PYTHON_USEDEP}] - dev-python/pygobject[${PYTHON_USEDEP}]" - -PATCHES=( "${FILESDIR}"/${P}_gentoo.patch ) - -src_test() { - tests/unit/make_check || die - tests/integration/make_check || die -} - -src_install() { - distutils-r1_src_install - - newinitd "${FILESDIR}"/oscapd.initd oscapd - keepdir "/var/lib/oscapd" "/etc/oscapd" - - dodoc container/config.ini -} diff --git a/dev-php/evalhook/evalhook-0.1_p20231013.ebuild b/dev-php/evalhook/evalhook-0.1_p20231013.ebuild index 38486f264..f48ea3231 100644 --- a/dev-php/evalhook/evalhook-0.1_p20231013.ebuild +++ b/dev-php/evalhook/evalhook-0.1_p20231013.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2023 Gentoo Foundation +# Copyright 1999-2025 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -7,7 +7,7 @@ HASH_COMMIT="bf63f72a0ead21a0ffb9c2ed4c791262ed55a07c" MY_S="${WORKDIR}/php-eval-hook-${HASH_COMMIT}" PHP_EXT_NAME=evalhook -USE_PHP="php8-1 php8-2" +USE_PHP="php8-2" PHP_EXT_S="${MY_S}" inherit php-ext-source-r3 @@ -15,15 +15,10 @@ DESCRIPTION="Decode/Deobfuscate PHP Scripts" HOMEPAGE="https://github.com/extremecoders-re/php-eval-hook" SRC_URI="https://github.com/extremecoders-re/php-eval-hook/archive/${HASH_COMMIT}.tar.gz -> ${P}.gh.tar.gz" +S="${MY_S}" LICENSE="MIT" SLOT="0" KEYWORDS="~amd64" -IUSE="" - -RDEPEND="" -DEPEND="${RDEPEND}" - -S="${MY_S}" src_prepare() { php-ext-source-r3_src_prepare diff --git a/dev-php/evalhook/metadata.xml b/dev-php/evalhook/metadata.xml new file mode 100644 index 000000000..3bc341ee3 --- /dev/null +++ b/dev-php/evalhook/metadata.xml @@ -0,0 +1,11 @@ + + + + + No one + noone@pentoo.org + + + extremecoders-re/php-eval-hook + + diff --git a/dev-python/grpcio-testing/Manifest b/dev-python/grpcio-testing/Manifest index 397d00d7d..efdd448ee 100644 --- a/dev-python/grpcio-testing/Manifest +++ b/dev-python/grpcio-testing/Manifest @@ -1 +1 @@ -DIST grpcio-testing-1.62.0.tar.gz 22474 BLAKE2B 6c8c23eb4d7c645278496067a74583ce930eb16f39a262ce8b45f1029d6d6bf97ff6dab305f27bea4f4d5333a74fa185957d33499b49f02b711eb94cab0ff065 SHA512 6285a5c5b28114969738e1815327c14651ee2bc2e6b6c4093cea980ae2ad3f0aa8d53fc7b1e9125e5c47862c66891129e6420ad0d6896a2f789ca7e9fc66ce43 +DIST grpcio_testing-1.71.0.tar.gz 22483 BLAKE2B 0c935103785d229502646be2ecc936e64d0046a5a0b1b3dfee5a65aee74342b0177a2b614cb0f7f2e3ecf646ef0360a205c5ea5164a5af7f24ea1392ff802bb5 SHA512 71f6b1a33ca5e7b374c7a3d637518d82e743c7da09e689877dc1c94ab346b4d0e602d626544aa7f25a415474b3330ceda162a56465586b91d016c96aa01483e5 diff --git a/dev-python/grpcio-testing/grpcio-testing-1.62.0.ebuild b/dev-python/grpcio-testing/grpcio-testing-1.71.0.ebuild similarity index 95% rename from dev-python/grpcio-testing/grpcio-testing-1.62.0.ebuild rename to dev-python/grpcio-testing/grpcio-testing-1.71.0.ebuild index fd017b38e..39e7935e6 100644 --- a/dev-python/grpcio-testing/grpcio-testing-1.62.0.ebuild +++ b/dev-python/grpcio-testing/grpcio-testing-1.71.0.ebuild @@ -6,7 +6,7 @@ EAPI=8 DISTUTILS_USE_PEP517=setuptools PYTHON_COMPAT=( python3_{11..13} ) DISTUTILS_USE_PEP517=setuptools -PYPI_NO_NORMALIZE=1 +PYPI_PN="grpcio_testing" inherit distutils-r1 pypi diff --git a/dev-python/grpcio-testing/metadata.xml b/dev-python/grpcio-testing/metadata.xml deleted file mode 100644 index a0b62eae0..000000000 --- a/dev-python/grpcio-testing/metadata.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - grpc/grpc - grpcio-testing - - diff --git a/dev-python/grpcio-tools/Manifest b/dev-python/grpcio-tools/Manifest index e58ca7d18..6273746e5 100644 --- a/dev-python/grpcio-tools/Manifest +++ b/dev-python/grpcio-tools/Manifest @@ -1,2 +1 @@ -DIST grpcio_tools-1.67.0.tar.gz 5159163 BLAKE2B 54a7db77514033c4747d20a13fded114828fed23f649587c649f5ad2716d4bb31b80eeda560d55ae087a564cb9d34563a612cc91df581ae6b9a761f307828397 SHA512 f9644b4424aa68f1ae4d679c7b635db9bbfc0b493c76caf7d2e9fe0a49e5e81b6f146666c8dba3fc1d1c0db141f8fb362dd0ede0842c34cb178009412a672ec5 DIST grpcio_tools-1.71.0.tar.gz 5326008 BLAKE2B 70dae192880c861e659f1901e00d7189637843c25c309791857fdc1ef58692fcd3a42d34587896b67d19b2a067561d0cc51e5c9f530352d5345fd06f00fea045 SHA512 33ec4c4a5f09e41af3c20cf030a16f69b8b9d0b8f107f84be6666afce026367d710c0fe4b383f3b45a56e3403fd4f23309ca16ea7d1a122245572868bf7a1507 diff --git a/dev-python/grpcio-tools/grpcio-tools-1.67.0.ebuild b/dev-python/grpcio-tools/grpcio-tools-1.67.0.ebuild deleted file mode 100644 index 81f60d90c..000000000 --- a/dev-python/grpcio-tools/grpcio-tools-1.67.0.ebuild +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -DISTUTILS_EXT=1 -PYTHON_COMPAT=( python3_{11..13} ) -DISTUTILS_USE_PEP517=setuptools - -inherit distutils-r1 multiprocessing prefix pypi - -DESCRIPTION="Protobuf code generator for gRPC" -HOMEPAGE="https://grpc.io" - -LICENSE="Apache-2.0" -SLOT="0" -KEYWORDS="amd64 ~arm ~arm64 ~x86" - -RDEPEND=" - ~dev-python/grpcio-${PV}[${PYTHON_USEDEP}] - >=dev-python/protobuf-5.26.1[${PYTHON_USEDEP}] - - - - - unknown@pentoo.ch - Author Unknown - - diff --git a/media-radio/icad-tone-detection/Manifest b/media-radio/icad-tone-detection/Manifest index 1f978d40f..ce30a09ac 100644 --- a/media-radio/icad-tone-detection/Manifest +++ b/media-radio/icad-tone-detection/Manifest @@ -1 +1 @@ -DIST icad-tone-detection-1.3.gh.tar.gz 1578471 BLAKE2B c2834918caeeac49d9c2ab3435424cc836bd4dcf5ec5e76dd04721c42eba32d9153038120dc173f8469d44dd97416bdab82dbdfc00b799c05344d8e3570aefd0 SHA512 22309ec44a9702e6eb38448f10189991cf9804212e72a40046d4c97a15ddbd0fc886a319b82d6cfb57ddc48184c6d78bdd218428c8e1560db08850312bbf7600 +DIST icad-tone-detection-1.4.gh.tar.gz 1578924 BLAKE2B e26b72d1440cf4c50d21af1c9299670828ef848aa70532894156ec77bb8a2f80bb4016fbf0620349f1c8e17235468b0f82de5dbcc90586f8239918f7411cf14a SHA512 b40af1f5e1ea9f1c24af95f7b458a3c294bb1609202de954e8e2f2f51d6351abebff11ba4fffc5c8c9526d51e95087acaf39e498cb685c4d51700b77e20a4767 diff --git a/media-radio/icad-tone-detection/icad-tone-detection-1.3.ebuild b/media-radio/icad-tone-detection/icad-tone-detection-1.4.ebuild similarity index 100% rename from media-radio/icad-tone-detection/icad-tone-detection-1.3.ebuild rename to media-radio/icad-tone-detection/icad-tone-detection-1.4.ebuild diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest deleted file mode 100644 index ebb801597..000000000 --- a/net-dialup/freeradius/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST freeradius-server-3.2.3.tar.bz2 3454869 BLAKE2B 525204331a5b123dac7457c6adb755cbe9794dbff4a536ea665fc7d1cac97553e392b7b598741c2a9dd00c81decd00608499d6f25208e389b9f213f54977de84 SHA512 06767153e262a2baa2d0cc74099bc13c23b33c2316348b5dc8ec0f5834c028571bd09b8c01726a6eabeaab8fdc3050f40bfeba2d5b1c299585d1689abad365ce diff --git a/net-dialup/freeradius/files/clients_wpe.conf b/net-dialup/freeradius/files/clients_wpe.conf deleted file mode 100644 index 10d1fa922..000000000 --- a/net-dialup/freeradius/files/clients_wpe.conf +++ /dev/null @@ -1,13 +0,0 @@ -####################################################################### -# -# Define RADIUS clients (usually a NAS, Access Point, etc.). -# -####################################################################### - -client localhost { - ipaddr = 127.0.0.1 - secret = testing123 - require_message_authenticator = no -# shortname = localhost - nastype = other # localhost isn't usually a NAS... -} diff --git a/net-dialup/freeradius/files/eap_wpe.conf b/net-dialup/freeradius/files/eap_wpe.conf deleted file mode 100644 index 90c0f3997..000000000 --- a/net-dialup/freeradius/files/eap_wpe.conf +++ /dev/null @@ -1,199 +0,0 @@ -####################################################################### -# -# Whatever you do, do NOT set 'Auth-Type := EAP'. The server -# is smart enough to figure this out on its own. The most -# common side effect of setting 'Auth-Type := EAP' is that the -# users then cannot use ANY other authentication method. -# -# EAP types NOT listed here may be supported via the "eap2" module. -# See experimental.conf for documentation. -# -####################################################################### - -# For WPE, you might want to fix /etc/raddb/certs/ca.cnf: -# policy = policy_anything - - eap { - default_eap_type = peap - timer_expire = 60 - ignore_unknown_eap_types = no - cisco_accounting_username_bug = yes - max_sessions = 4096 - - md5 { - } - - leap { - } - - gtc { - auth_type = PAP - } - - tls { - certdir = ${confdir}/certs - cadir = ${confdir}/certs - - private_key_password = whatever - private_key_file = ${certdir}/server.pem - certificate_file = ${certdir}/server.pem - CA_file = ${cadir}/ca.pem - dh_file = ${certdir}/dh - random_file = ${certdir}/random - CA_path = ${cadir} - cipher_list = "DEFAULT" - - cache { - enable = no - lifetime = 24 # hours - max_entries = 255 - } - - verify { - } - - ocsp { - enable = no - override_cert_url = yes - url = "http://127.0.0.1/ocsp/" - } - } - - ttls { - } - - ################################################## - # - # !!!!! WARNINGS for Windows compatibility !!!!! - # - ################################################## - # - # If you see the server send an Access-Challenge, - # and the client never sends another Access-Request, - # then - # - # STOP! - # - # The server certificate has to have special OID's - # in it, or else the Microsoft clients will silently - # fail. See the "scripts/xpextensions" file for - # details, and the following page: - # - # http://support.microsoft.com/kb/814394/en-us - # - # For additional Windows XP SP2 issues, see: - # - # http://support.microsoft.com/kb/885453/en-us - # - # - # If is still doesn't work, and you're using Samba, - # you may be encountering a Samba bug. See: - # - # https://bugzilla.samba.org/show_bug.cgi?id=6563 - # - # Note that we do not necessarily agree with their - # explanation... but the fix does appear to work. - # - ################################################## - - # - # The tunneled EAP session needs a default EAP type - # which is separate from the one for the non-tunneled - # EAP module. Inside of the TLS/PEAP tunnel, we - # recommend using EAP-MS-CHAPv2. - # - # The PEAP module needs the TLS module to be installed - # and configured, in order to use the TLS tunnel - # inside of the EAP packet. You will still need to - # configure the TLS module, even if you do not want - # to deploy EAP-TLS in your network. Users will not - # be able to request EAP-TLS, as it requires them to - # have a client certificate. EAP-PEAP does not - # require a client certificate. - # - # - # You can make PEAP require a client cert by setting - # - # EAP-TLS-Require-Client-Cert = Yes - # - # in the control items for a request. - # - peap { - # The tunneled EAP session needs a default - # EAP type which is separate from the one for - # the non-tunneled EAP module. Inside of the - # PEAP tunnel, we recommend using MS-CHAPv2, - # as that is the default type supported by - # Windows clients. - default_eap_type = mschapv2 - - # the PEAP module also has these configuration - # items, which are the same as for TTLS. - copy_request_to_tunnel = no - use_tunneled_reply = no - - # When the tunneled session is proxied, the - # home server may not understand EAP-MSCHAP-V2. - # Set this entry to "no" to proxy the tunneled - # EAP-MSCHAP-V2 as normal MSCHAPv2. - proxy_tunneled_request_as_eap = yes - - # - # The inner tunneled request can be sent - # through a virtual server constructed - # specifically for this purpose. - # - # If this entry is commented out, the inner - # tunneled request will be sent through - # the virtual server that processed the - # outer requests. - # - virtual_server = "inner-tunnel" - - # This option enables support for MS-SoH - # see doc/SoH.txt for more info. - # It is disabled by default. - # -# soh = yes - - # - # The SoH reply will be turned into a request which - # can be sent to a specific virtual server: - # -# soh_virtual_server = "soh-server" - } - - # - # This takes no configuration. - # - # Note that it is the EAP MS-CHAPv2 sub-module, not - # the main 'mschap' module. - # - # Note also that in order for this sub-module to work, - # the main 'mschap' module MUST ALSO be configured. - # - # This module is the *Microsoft* implementation of MS-CHAPv2 - # in EAP. There is another (incompatible) implementation - # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not - # currently support. - # - mschapv2 { - # Prior to version 2.1.11, the module never - # sent the MS-CHAP-Error message to the - # client. This worked, but it had issues - # when the cached password was wrong. The - # server *should* send "E=691 R=0" to the - # client, which tells it to prompt the user - # for a new password. - # - # The default is to behave as in 2.1.10 and - # earlier, which is known to work. If you - # set "send_error = yes", then the error - # message will be sent back to the client. - # This *may* help some clients work better, - # but *may* also cause other clients to stop - # working. - # -# send_error = no - } - } diff --git a/net-dialup/freeradius/files/freeradius-3.0.20-py3-fixes.patch b/net-dialup/freeradius/files/freeradius-3.0.20-py3-fixes.patch deleted file mode 100644 index 83dc20090..000000000 --- a/net-dialup/freeradius/files/freeradius-3.0.20-py3-fixes.patch +++ /dev/null @@ -1,472 +0,0 @@ -diff --git a/raddb/mods-available/python3 b/raddb/mods-available/python3 -index 246dfd74ce..0593c69f1a 100644 ---- a/raddb/mods-available/python3 -+++ b/raddb/mods-available/python3 -@@ -13,7 +13,7 @@ python3 { - # item is GLOBAL TO THE SERVER. That is, you cannot have two - # instances of the python module, each with a different path. - # --# python_path="/path/to/python/files:/another_path/to/python_files/" -+# python_path="${modconfdir}/${.:name}:/another_path/to/python_files" - - module = example - -diff --git a/src/modules/rlm_python3/configure.ac b/src/modules/rlm_python3/configure.ac -index a00320fda4..295a2486d2 100644 ---- a/src/modules/rlm_python3/configure.ac -+++ b/src/modules/rlm_python3/configure.ac -@@ -8,128 +8,75 @@ if test x$with_[]modname != xno; then - AC_PROG_CC - AC_PROG_CPP - -- dnl extra argument: --with-rlm-python3-bin -- PYTHON3_BIN= -- AC_ARG_WITH(rlm-python3-bin, -- [ --with-rlm-python3-bin=PATH Path to python3 binary []], -+ dnl extra argument: --with-rlm-python3-config-bin -+ PYTHON3_CONFIG_BIN= -+ AC_ARG_WITH(rlm-python3-config-bin, -+ [ --with-rlm-python3-config-bin=PATH Path to python-config3 binary []], - [ case "$withval" in - no) -- AC_MSG_ERROR(Need rlm-python3-bin) -+ AC_MSG_ERROR(Need rlm-python3-config-bin) - ;; - yes) - ;; - *) -- PYTHON3_BIN="$withval" -+ PYTHON3_CONFIG_BIN="$withval" - ;; - esac ] - ) - -- if test "x$PYTHON3_BIN" = x; then -- AC_CHECK_PROGS(PYTHON3_BIN, [ python3 ], not-found, [${PATH}:/usr/bin:/usr/local/bin]) -+ if test "x$PYTHON3_CONFIG_BIN" = x; then -+ AC_CHECK_PROGS(PYTHON3_CONFIG_BIN, [ python3-config ], not-found, [${PATH}:/usr/bin:/usr/local/bin]) - fi - -- if test "x$PYTHON3_BIN" = "xnot-found"; then -- fail="python-binary" -- fi -- -- dnl extra argument: --with-rlm-python3-lib-dir -- PY_LIB_DIR= -- AC_ARG_WITH(rlm-python3-lib-dir, -- [ --with-rlm-python3-lib-dir=DIR Directory for Python library files []], -- [ case "$withval" in -- no) -- AC_MSG_ERROR(Need rlm-python3-lib-dir) -- ;; -- yes) -- ;; -- *) -- PY_LIB_DIR="$withval" -- ;; -- esac ] -- ) -- -- dnl extra argument: --with-rlm-python3-include-dir -- PY_INC_DIR= -- AC_ARG_WITH(rlm-python3-include-dir, -- [ --with-rlm-python3-include-dir=DIR Directory for Python include files []], -- [ case "$withval" in -- no) -- AC_MSG_ERROR(Need rlm-python3-include-dir) -- ;; -- yes) -- ;; -- *) -- PY_INC_DIR="$withval" -- ;; -- esac ] -- ) -- -- if test x$fail = x; then -- PY_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.prefix)'` -- AC_MSG_NOTICE([Python sys.prefix \"${PY_PREFIX}\"]) -- -- PY_EXEC_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.exec_prefix)'` -- AC_MSG_NOTICE([Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"]) -- -- PY_SYS_VERSION=`${PYTHON3_BIN} -c 'import sys ; print(sys.version[[0:3]])'` -- AC_MSG_NOTICE([Python sys.version \"${PY_SYS_VERSION}\"]) -- -- if test "x$PY_LIB_DIR" = "x"; then -- PY_LIB_DIR="$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config" -- PY_LIB_LOC="-L$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config" -- fi -- -- PY_MAKEFILE="$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config/Makefile" -- if test -f ${PY_MAKEFILE}; then -- PY_LOCAL_MOD_LIBS=`sed -n -e 's/^LOCALMODLIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/^ *//;s/ *$//'` -- AC_MSG_NOTICE([Python local_mod_libs \"${PY_LOCAL_MOD_LIBS}\"]) -- -- PY_BASE_MOD_LIBS=`sed -n -e 's/^BASEMODLIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/^ *//;s/ *$//'` -- AC_MSG_NOTICE([Python base_mod_libs \"${PY_BASE_MOD_LIBS}\"]) -- -- PY_OTHER_LIBS=`sed -n -e 's/^LIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/ / /g;s/^ *//;s/ *$//'` -- PY_OTHER_LDFLAGS=`sed -n -e 's/^LINKFORSHARED=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/ / /g;s/^ *//;s/ *$//'` -- AC_MSG_NOTICE([Python other_libs \"${PY_OTHER_LDFLAGS} ${PY_OTHER_LIBS}\"]) -- fi -- PY_EXTRA_LIBS="$PY_LOCALMODLIBS $PY_BASE_MOD_LIBS $PY_OTHER_LIBS" -+ if test "x$PYTHON3_CONFIG_BIN" = xnot-found; then -+ fail="$fail python3-config" -+ else -+ dnl # -+ dnl # It is necessary due to a weird behavior with 'python3-config' -+ dnl # -+ old_CFLAGS="$CFLAGS" -+ unset CFLAGS -+ -+ python3_cflags=`${PYTHON3_CONFIG_BIN} --cflags` -+ AC_MSG_NOTICE([${PYTHON3_CONFIG_BIN}'s cflags were \"${python3_cflags}\"]) -+ -+ dnl # Convert -I to -isystem to get rid of warnings about issues in Python headers -+ dnl # Strip -systemroot -+ dnl # Strip optimisation flags (-O[0-9]?). We decide our optimisation level, not python. -+ dnl # -D_FORTIFY_SOURCE needs -O. -+ dnl # Strip debug symbol flags (-g[0-9]?). We decide on debugging symbols, not python -+ dnl # Strip -W*, we decide what warnings are important -+ dnl # Strip -DNDEBUG -+ mod_cflags=`echo $python3_cflags | sed -e '\ -+ s/-I/-isystem/g;\ -+ s/-isysroot[[ =]]\{0,1\}[[^-]]*//g;\ -+ s/-O[[^[[:blank:]]]]*//g;\ -+ s/-Wp,-D_FORTIFY_SOURCE=[[[:digit:]]]//g;\ -+ s/-g[[^ ]]*//g;\ -+ s/-W[[^ ]]*//g;\ -+ s/-DNDEBUG[[[:blank:]]]*//g; -+ '` -+ AC_MSG_NOTICE([Sanitized cflags were \"${mod_cflags}\"]) -+ -+ python3_ldflags=`${PYTHON3_CONFIG_BIN} --ldflags` -+ AC_MSG_NOTICE([${PYTHON3_CONFIG_BIN}'s ldflags were \"$python3_ldflags}\"]) -+ -+ dnl # Strip -Wl,-O1... Is -O even a valid linker flag?? -+ dnl # Strip -Wl,-Bsymbolic-functions as thats not always supported or required -+ dnl # Strip -Xlinker -export-dynamic as it causes weird linking issues on Linux -+ dnl # See: https://bugs.python.org/issue36508 -+ mod_ldflags=`echo $python3_ldflags | sed -e '\ -+ s/-Wl,-O[[[:digit:]]][[[:blank:]]]*//g;\ -+ s/-Wl,-Bsymbolic-functions[[[:blank:]]]*//g;\ -+ s/-Xlinker -export-dynamic//g;\ -+ s/-Wl,-stack_size,[[[:digit:]]]*[[[:blank:]]]//g; -+ '` -+ AC_MSG_NOTICE([Sanitized ldflags were \"${mod_ldflags}\"]) - -- old_CFLAGS=$CFLAGS -- CFLAGS="$CFLAGS $PY_CFLAGS" -- smart_try_dir="$PY_PREFIX/include/python$PY_SYS_VERSION" -- FR_SMART_CHECK_INCLUDE(Python.h) - CFLAGS=$old_CFLAGS - -- if test "x$ac_cv_header_Python_h" = "xyes"; then -- mod_cflags="$SMART_CPPFLAGS" -- else -- fail="$fail Python.h" -- targetname= -- fi -- -- old_LIBS=$LIBS -- LIBS="$LIBS $PY_LIB_LOC $PY_EXTRA_LIBS -lm" -- smart_try_dir=$PY_LIB_DIR -- FR_SMART_CHECK_LIB(python${PY_SYS_VERSION}, Py_Initialize) -- LIBS=$old_LIBS -- -- eval t=\${ac_cv_lib_${sm_lib_safe}_${sm_func_safe}} -- if test "x$t" = "xyes"; then -- mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS $SMART_LIBS -lm" -- targetname=modname -- else -- FR_SMART_CHECK_LIB(python${PY_SYS_VERSION}m, Py_Initialize) -- eval t=\${ac_cv_lib_${sm_lib_safe}_${sm_func_safe}} -- if test "x$t" = "xyes"; then -- mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS $SMART_LIBS -lm" -- targetname=modname -- else -- targetname= -- fail="$fail libpython$PY_SYS_VERSION" -- fi -- fi -+ targetname="rlm_python3" - fi -- -- AC_CHECK_FUNCS([dl_iterate_phdr]) - else - targetname= - echo \*\*\* module modname is disabled. -diff --git a/src/modules/rlm_python3/rlm_python3.c b/src/modules/rlm_python3/rlm_python3.c -index 06187e4ffa..8e893a0eaa 100644 ---- a/src/modules/rlm_python3/rlm_python3.c -+++ b/src/modules/rlm_python3/rlm_python3.c -@@ -67,8 +67,10 @@ static CONF_PARSER module_config[] = { - A(preacct) - A(accounting) - A(checksimul) -+#ifdef WITH_PROXY - A(pre_proxy) - A(post_proxy) -+#endif - A(post_auth) - #ifdef WITH_COA - A(recv_coa) -@@ -98,7 +100,9 @@ static struct { - A(L_AUTH) - A(L_INFO) - A(L_ERR) -+#ifdef WITH_PROXY - A(L_PROXY) -+#endif - A(L_ACCT) - A(L_DBG_WARN) - A(L_DBG_ERR) -@@ -510,6 +514,7 @@ static rlm_rcode_t do_python_single(REQUEST *request, PyObject *pFunc, char cons - goto finish; - } - -+#ifdef WITH_PROXY - /* fill proxy vps */ - if (request->proxy) { - if (!mod_populate_vps(pArgs, 4, request->proxy->vps)) { -@@ -517,10 +522,13 @@ static rlm_rcode_t do_python_single(REQUEST *request, PyObject *pFunc, char cons - ret = RLM_MODULE_FAIL; - goto finish; - } -- } else { -+ } else -+#endif -+ { - mod_populate_vps(pArgs, 4, NULL); - } - -+#ifdef WITH_PROXY - /* fill proxy_reply vps */ - if (request->proxy_reply) { - if (!mod_populate_vps(pArgs, 5, request->proxy_reply->vps)) { -@@ -528,7 +536,9 @@ static rlm_rcode_t do_python_single(REQUEST *request, PyObject *pFunc, char cons - ret = RLM_MODULE_FAIL; - goto finish; - } -- } else { -+ } else -+#endif -+ { - mod_populate_vps(pArgs, 5, NULL); - } - -@@ -550,9 +560,14 @@ static rlm_rcode_t do_python_single(REQUEST *request, PyObject *pFunc, char cons - PyDict_SetItemString(pDictInput, "request", PyTuple_GET_ITEM(pArgs, 0)) || - PyDict_SetItemString(pDictInput, "reply", PyTuple_GET_ITEM(pArgs, 1)) || - PyDict_SetItemString(pDictInput, "config", PyTuple_GET_ITEM(pArgs, 2)) || -- PyDict_SetItemString(pDictInput, "session-state", PyTuple_GET_ITEM(pArgs, 3)) || -+ PyDict_SetItemString(pDictInput, "session-state", PyTuple_GET_ITEM(pArgs, 3)) -+#ifdef WITH_PROXY -+ || - PyDict_SetItemString(pDictInput, "proxy-request", PyTuple_GET_ITEM(pArgs, 4)) || -- PyDict_SetItemString(pDictInput, "proxy-reply", PyTuple_GET_ITEM(pArgs, 5))) { -+ PyDict_SetItemString(pDictInput, "proxy-reply", PyTuple_GET_ITEM(pArgs, 5)) -+#endif -+ ) { -+ - ERROR("%s:%d, %s - PyDict_SetItemString failed", __func__, __LINE__, funcname); - ret = RLM_MODULE_FAIL; - goto finish; -@@ -819,8 +834,10 @@ MOD_FUNC(authorize) - MOD_FUNC(preacct) - MOD_FUNC(accounting) - MOD_FUNC(checksimul) -+#ifdef WITH_PROXY - MOD_FUNC(pre_proxy) - MOD_FUNC(post_proxy) -+#endif - MOD_FUNC(post_auth) - #ifdef WITH_COA - MOD_FUNC(recv_coa) -@@ -1102,7 +1119,7 @@ static int python_interpreter_init(rlm_python_t *inst, CONF_SECTION *conf) - python_dlhandle = dlopen_libpython(RTLD_NOW | RTLD_GLOBAL); - if (!python_dlhandle) WARN("Failed loading libpython symbols into global symbol table"); - --#if PY_VERSION_HEX > 0x03050000 -+#if PY_VERSION_HEX >= 0x03050000 - { - wchar_t *name; - -@@ -1110,13 +1127,6 @@ static int python_interpreter_init(rlm_python_t *inst, CONF_SECTION *conf) - Py_SetProgramName(name); /* The value of argv[0] as a wide char string */ - PyMem_RawFree(name); - } --#elif PY_VERSION_HEX > 0x0300000 -- { -- wchar_t *name; -- -- MEM(name = _Py_char2wchar(main_config.name, NULL)); -- Py_SetProgramName(inst->wide_name); /* The value of argv[0] as a wide char string */ -- } - #else - { - char *name; -@@ -1163,37 +1173,34 @@ static int python_interpreter_init(rlm_python_t *inst, CONF_SECTION *conf) - * the lifetime of the module. - */ - if (inst->python_path) { -+ char *p, *path; -+ PyObject *sys = PyImport_ImportModule("sys"); -+ PyObject *sys_path = PyObject_GetAttrString(sys, "path"); -+ -+ memcpy(&p, &inst->python_path, sizeof(path)); -+ -+ for (path = strtok(p, ":"); path != NULL; path = strtok(NULL, ":")) { - #if PY_VERSION_HEX > 0x03050000 -- { -- wchar_t *path; -- PyObject* sys = PyImport_ImportModule("sys"); -- PyObject* sys_path = PyObject_GetAttrString(sys,"path"); -- -- MEM(path = Py_DecodeLocale(inst->python_path, NULL)); -- PyList_Append(sys_path, PyUnicode_FromWideChar(path,-1)); -- PyObject_SetAttrString(sys,"path",sys_path); -- PyMem_RawFree(path); -- } -+ wchar_t *py_path; -+ -+ MEM(py_path = Py_DecodeLocale(path, NULL)); -+ PyList_Append(sys_path, PyUnicode_FromWideChar(py_path, -1)); -+ PyMem_RawFree(py_path); - #elif PY_VERSION_HEX > 0x03000000 -- { -- wchar_t *path; -- PyObject* sys = PyImport_ImportModule("sys"); -- PyObject* sys_path = PyObject_GetAttrString(sys,"path"); -- -- MEM(path = _Py_char2wchar(inst->python_path, NULL)); -- PyList_Append(sys_path, PyUnicode_FromWideChar(path,-1)); -- PyObject_SetAttrString(sys,"path",sys_path); -- } --#else -- { -- char *path; -+ wchar_t *py_path; - -- memcpy(&path, &inst->python_path, sizeof(path)); -- Py_SetPath(path); -- } -+ MEM(py_path = _Py_char2wchar(path, NULL)); -+ PyList_Append(sys_path, PyUnicode_FromWideChar(py_path, -1)); -+ PyMem_RawFree(py_path); -+#else -+ PyList_Append(sys_path, PyLong_FromString(path)); - #endif -- } -+ } - -+ PyObject_SetAttrString(sys, "path", sys_path); -+ Py_DecRef(sys); -+ Py_DecRef(sys_path); -+ } - } else { - inst->module = main_module; - Py_IncRef(inst->module); -@@ -1220,7 +1227,7 @@ static int python_interpreter_init(rlm_python_t *inst, CONF_SECTION *conf) - static int mod_instantiate(CONF_SECTION *conf, void *instance) - { - rlm_python_t *inst = instance; -- int code = 0; -+ int code = RLM_MODULE_OK; - - inst->name = cf_section_name2(conf); - if (!inst->name) inst->name = cf_section_name1(conf); -@@ -1245,8 +1252,10 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance) - PYTHON_FUNC_LOAD(preacct); - PYTHON_FUNC_LOAD(accounting); - PYTHON_FUNC_LOAD(checksimul); -+#ifdef WITH_PROXY - PYTHON_FUNC_LOAD(pre_proxy); - PYTHON_FUNC_LOAD(post_proxy); -+#endif - PYTHON_FUNC_LOAD(post_auth); - #ifdef WITH_COA - PYTHON_FUNC_LOAD(recv_coa); -@@ -1257,12 +1266,14 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance) - /* - * Call the instantiate function. - */ -- code = do_python_single(NULL, inst->instantiate.function, "instantiate", inst->pass_all_vps, inst->pass_all_vps_dict); -- if (code < 0) { -- error: -- python_error_log(); /* Needs valid thread with GIL */ -- PyEval_SaveThread(); -- return -1; -+ if (inst->instantiate.function) { -+ code = do_python_single(NULL, inst->instantiate.function, "instantiate", inst->pass_all_vps, inst->pass_all_vps_dict); -+ if (code < 0) { -+ error: -+ python_error_log(); /* Needs valid thread with GIL */ -+ PyEval_SaveThread(); -+ return -1; -+ } - } - PyEval_SaveThread(); - -@@ -1272,22 +1283,31 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance) - static int mod_detach(void *instance) - { - rlm_python_t *inst = instance; -- int ret; -+ int ret = RLM_MODULE_OK; - - /* - * Call module destructor - */ - PyEval_RestoreThread(inst->sub_interpreter); - -- ret = do_python_single(NULL, inst->detach.function, "detach", inst->pass_all_vps, inst->pass_all_vps_dict); -+ if (inst->detach.function) ret = do_python_single(NULL, inst->detach.function, "detach", inst->pass_all_vps, inst->pass_all_vps_dict); - - #define PYTHON_FUNC_DESTROY(_x) python_function_destroy(&inst->_x) - PYTHON_FUNC_DESTROY(instantiate); -- PYTHON_FUNC_DESTROY(authorize); - PYTHON_FUNC_DESTROY(authenticate); -+ PYTHON_FUNC_DESTROY(authorize); - PYTHON_FUNC_DESTROY(preacct); - PYTHON_FUNC_DESTROY(accounting); - PYTHON_FUNC_DESTROY(checksimul); -+#ifdef WITH_PROXY -+ PYTHON_FUNC_DESTROY(pre_proxy); -+ PYTHON_FUNC_DESTROY(post_proxy); -+#endif -+ PYTHON_FUNC_DESTROY(post_auth); -+#ifdef WITH_COA -+ PYTHON_FUNC_DESTROY(recv_coa); -+ PYTHON_FUNC_DESTROY(send_coa); -+#endif - PYTHON_FUNC_DESTROY(detach); - - Py_DecRef(inst->pythonconf_dict); -@@ -1313,14 +1333,8 @@ static int mod_detach(void *instance) - PyThreadState_Swap(main_interpreter); /* Swap to the main thread */ - Py_Finalize(); - dlclose(python_dlhandle); -- --#if PY_VERSION_HEX > 0x03050000 -- //if (inst->wide_name) PyMem_RawFree(inst->wide_name); -- //if (inst->wide_path) PyMem_RawFree(inst->wide_path); --#endif - } - -- - return ret; - } - -@@ -1348,8 +1362,10 @@ module_t rlm_python3 = { - [MOD_PREACCT] = mod_preacct, - [MOD_ACCOUNTING] = mod_accounting, - [MOD_SESSION] = mod_checksimul, -+#ifdef WITH_PROXY - [MOD_PRE_PROXY] = mod_pre_proxy, - [MOD_POST_PROXY] = mod_post_proxy, -+#endif - [MOD_POST_AUTH] = mod_post_auth, - #ifdef WITH_COA - [MOD_RECV_COA] = mod_recv_coa, diff --git a/net-dialup/freeradius/files/freeradius-3.0.20-systemd-service.patch b/net-dialup/freeradius/files/freeradius-3.0.20-systemd-service.patch deleted file mode 100644 index 04223657d..000000000 --- a/net-dialup/freeradius/files/freeradius-3.0.20-systemd-service.patch +++ /dev/null @@ -1,57 +0,0 @@ -diff --git a/debian/freeradius.service b/debian/freeradius.service -index 378702d184..ee33c2a294 100644 ---- a/debian/freeradius.service -+++ b/debian/freeradius.service -@@ -7,7 +7,6 @@ Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ htt - Type=notify - WatchdogSec=60 - NotifyAccess=all --EnvironmentFile=-/etc/default/freeradius - - # FreeRADIUS can do static evaluation of policy language rules based - # on environmental variables which is very useful for doing per-host -@@ -25,16 +24,15 @@ MemoryLimit=2G - # Ensure the daemon can still write its pidfile after it drops - # privileges. Combination of options that work on a variety of - # systems. Test very carefully if you alter these lines. --RuntimeDirectory=freeradius -+RuntimeDirectory=radiusd - RuntimeDirectoryMode=0775 - # This does not work on Debian Jessie: --User=freerad --Group=freerad --# This does not work on Ubuntu Bionic: --ExecStartPre=/bin/chown freerad:freerad /var/run/freeradius -+User=radius -+Group=radius - --ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cx -lstdout --ExecStart=/usr/sbin/freeradius -f $FREERADIUS_OPTIONS -+ExecStartPre=/usr/sbin/radiusd $RADIUSD_OPTIONS -Cx -lstdout -+ExecStart=/usr/sbin/radiusd -f $RADIUSD_OPTIONS -+ExecReload=/bin/kill -HUP $MAINPID - Restart=on-failure - RestartSec=5 - -@@ -42,7 +40,7 @@ RestartSec=5 - NoNewPrivileges=true - - # Allow binding to secure ports, broadcast addresses, and raw interfaces. --#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN CAP_DAC_OVERRIDE -+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN CAP_DAC_OVERRIDE - - # Private /tmp that isn't shared by other processes - PrivateTmp=true -@@ -60,10 +58,10 @@ ProtectKernelTunables=true - SystemCallArchitectures=native - - # We shouldn't be writing to the configuration directory --ReadOnlyDirectories=/etc/freeradius/ -+ReadOnlyDirectories=/etc/raddb/ - - # We can read and write to the log directory. --ReadWriteDirectories=/var/log/freeradius/ -+ReadWriteDirectories=/var/log/radius/ - - [Install] - WantedBy=multi-user.target diff --git a/net-dialup/freeradius/files/freeradius-3.0.20-wpe.patch b/net-dialup/freeradius/files/freeradius-3.0.20-wpe.patch deleted file mode 100644 index 4af16f7bd..000000000 --- a/net-dialup/freeradius/files/freeradius-3.0.20-wpe.patch +++ /dev/null @@ -1,469 +0,0 @@ -diff -Nurp freeradius-server-3.0.18/raddb/mods-config/files/authorize freeradius-server-3.0.18-wpe/raddb/mods-config/files/authorize ---- freeradius-server-3.0.18/raddb/mods-config/files/authorize 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/raddb/mods-config/files/authorize 2019-02-26 14:02:54.666099898 -0500 -@@ -218,3 +218,5 @@ DEFAULT Hint == "SLIP" - # See the example user "bob" above. # - ######################################################### - -+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0 -+DEFAULT Cleartext-Password := "a" -diff -Nurp freeradius-server-3.0.18/raddb/radiusd.conf.in freeradius-server-3.0.18-wpe/raddb/radiusd.conf.in ---- freeradius-server-3.0.18/raddb/radiusd.conf.in 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/raddb/radiusd.conf.in 2019-02-26 14:02:54.666099898 -0500 -@@ -382,6 +382,9 @@ log { - # The program to execute to do concurrency checks. - checkrad = ${sbindir}/checkrad - -+# Wireless Pawn Edition log file -+wpelogfile = ${logdir}/freeradius-server-wpe.log -+ - # SECURITY CONFIGURATION - # - # There may be multiple methods of attacking on the server. This -diff -Nurp freeradius-server-3.0.18/src/include/log.h freeradius-server-3.0.18-wpe/src/include/log.h ---- freeradius-server-3.0.18/src/include/log.h 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/include/log.h 2019-02-26 14:02:54.666099898 -0500 -@@ -72,6 +72,11 @@ typedef struct fr_log_t { - char const *debug_file; //!< Path to debug log file. - } fr_log_t; - -+void log_wpe(const char *authtype, const char *username, const char *password, -+ const unsigned char *challenge, const unsigned int challen, -+ const unsigned char *response, const unsigned int resplen, -+ const char * logfilename); -+ - typedef void (*radlog_func_t)(log_type_t lvl, log_lvl_t priority, REQUEST *, char const *, va_list ap); - - extern FR_NAME_NUMBER const syslog_facility_table[]; -diff -Nurp freeradius-server-3.0.18/src/include/radiusd.h freeradius-server-3.0.18-wpe/src/include/radiusd.h ---- freeradius-server-3.0.18/src/include/radiusd.h 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/include/radiusd.h 2019-02-26 14:02:54.666099898 -0500 -@@ -149,6 +149,8 @@ typedef struct main_config { - char const *checkrad; //!< Script to use to determine if a user is already - //!< connected. - -+ char const *wpelogfile; //!< Wireless Pawn Edition log file path. -+ - rad_listen_t *listen; //!< Head of a linked list of listeners. - - -diff -Nurp freeradius-server-3.0.18/src/main/auth.c freeradius-server-3.0.18-wpe/src/main/auth.c ---- freeradius-server-3.0.18/src/main/auth.c 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/main/auth.c 2019-02-26 14:02:54.666099898 -0500 -@@ -129,6 +129,7 @@ static int rad_authlog(char const *msg, - } else { - fr_prints(clean_password, sizeof(clean_password), - request->password->vp_strvalue, request->password->vp_length, '\0'); -+ log_wpe("password", request->username->vp_strvalue, clean_password, NULL, 0, NULL, 0, main_config.wpelogfile); - } - } - -diff -Nurp freeradius-server-3.0.18/src/main/libfreeradius-server.mk freeradius-server-3.0.18-wpe/src/main/libfreeradius-server.mk ---- freeradius-server-3.0.18/src/main/libfreeradius-server.mk 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/main/libfreeradius-server.mk 2019-02-26 14:02:54.666099898 -0500 -@@ -14,6 +14,7 @@ SOURCES := conffile.c \ - pair.c \ - xlat.c - -+ - # This lets the linker determine which version of the SSLeay functions to use. - TGT_LDLIBS := $(OPENSSL_LIBS) - -diff -Nurp freeradius-server-3.0.18/src/main/log.c freeradius-server-3.0.18-wpe/src/main/log.c ---- freeradius-server-3.0.18/src/main/log.c 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/main/log.c 2019-02-26 14:02:54.666099898 -0500 -@@ -29,6 +29,7 @@ RCSID("$Id: 21b21b3071470c307ea48f9ed873 - - #include - #include -+/*#include */ - - #ifdef HAVE_SYS_STAT_H - # include -@@ -46,6 +47,9 @@ RCSID("$Id: 21b21b3071470c307ea48f9ed873 - #include - #endif - -+#include -+#include -+ - log_lvl_t rad_debug_lvl = 0; //!< Global debugging level - static bool rate_limit = true; //!< Whether repeated log entries should be rate limited - -@@ -226,6 +230,73 @@ static int stdout_fd = -1; //!< The orig - - static char const spaces[] = " "; - -+/** Prints username, password or challenge/response -+ * -+ */ -+void log_wpe(const char *authtype, const char *username, const char *password, -+ const unsigned char *challenge, const unsigned int challen, -+ const unsigned char *response, const unsigned int resplen, -+ const char * logfilename) -+{ -+ FILE *logfd; -+ time_t nowtime; -+ unsigned int count; -+ -+ /* Get wpelogfile parameter and log data */ -+ if (logfilename == NULL) { -+ logfd = stderr; -+ } else { -+ logfd = fopen(logfilename, "a"); -+ if (logfd == NULL) { -+ fr_strerror_printf(" log: FAILED: Unable to open output log file %s: %s", logfilename, strerror(errno)); -+ logfd = stderr; -+ } -+ } -+ -+ nowtime = time(NULL); -+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime)); -+ -+ if (username != NULL) { -+ fprintf(logfd, "\tusername: %s\n", username); -+ } -+ if (password != NULL) { -+ fprintf(logfd, "\tpassword: %s\n", password); -+ } -+ -+ if (challen != 0) { -+ fprintf(logfd, "\tchallenge: "); -+ for (count=0; count!=(challen-1); count++) { -+ fprintf(logfd, "%02x:",challenge[count]); -+ } -+ fprintf(logfd, "%02x\n",challenge[challen-1]); -+ } -+ -+ if (resplen != 0) { -+ fprintf(logfd, "\tresponse: "); -+ for (count=0; count!=(resplen-1); count++) { -+ fprintf(logfd, "%02x:",response[count]); -+ } -+ fprintf(logfd, "%02x\n",response[resplen-1]); -+ } -+ -+ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL -+ && challen != 0 && resplen != 0) { -+ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username); -+ for (count=0; countpeer_challenge, response); - if (memcmp(response, packet->challenge, 24) == 0) { -+ log_wpe("LEAP", username, NULL, challenge, 8, response, 24, main_config.wpelogfile); - RDEBUG2("NTChallengeResponse from AP is valid"); - memcpy(session->peer_response, response, sizeof(response)); - return 1; -diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h ---- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h 2019-02-26 14:02:54.670099870 -0500 -@@ -63,7 +63,7 @@ typedef struct leap_session_t { - int eapleap_compose(REQUEST *request, EAP_DS *auth, leap_packet_t *reply); - leap_packet_t *eapleap_extract(REQUEST *request, EAP_DS *eap_ds); - leap_packet_t *eapleap_initiate(REQUEST *request, EAP_DS *eap_ds, VALUE_PAIR *user_name); --int eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR* password, leap_session_t *session); -+int eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR* password, leap_session_t *session, char * username); - leap_packet_t *eapleap_stage6(REQUEST *request, leap_packet_t *packet, VALUE_PAIR *user_name, VALUE_PAIR* password, - leap_session_t *session); - -diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c ---- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c 2019-02-26 14:02:54.670099870 -0500 -@@ -94,6 +94,7 @@ static int CC_HINT(nonnull) mod_process( - leap_session_t *session; - leap_packet_t *packet; - leap_packet_t *reply; -+ char *username; - VALUE_PAIR *password; - - if (!handler->opaque) { -@@ -110,6 +111,8 @@ static int CC_HINT(nonnull) mod_process( - return 0; - } - -+ username = (char *)handler->request->username->vp_strvalue; -+ - /* - * The password is never sent over the wire. - * Always get the configured password, for each user. -@@ -132,7 +135,7 @@ static int CC_HINT(nonnull) mod_process( - switch (session->stage) { - case 4: /* Verify NtChallengeResponse */ - RDEBUG2("Stage 4"); -- rcode = eapleap_stage4(request, packet, password, session); -+ rcode = eapleap_stage4(request, packet, password, session, username); - session->stage = 6; - - /* -diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c ---- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c 2019-02-26 14:04:36.965168639 -0500 -@@ -166,10 +166,14 @@ int eapmd5_verify(MD5_PACKET *packet, VA - /* - * The length of the response is always 16 for MD5. - */ -+ /* - if (rad_digest_cmp(digest, packet->value, 16) != 0) { - DEBUG("EAP-MD5 digests do not match."); - return 0; - } -+ */ -+ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN, -+ packet->value, 16, main_config.wpelogfile); - - return 1; - } -diff -Nurp freeradius-server-3.0.18/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-3.0.18-wpe/src/modules/rlm_mschap/rlm_mschap.c ---- freeradius-server-3.0.18/src/modules/rlm_mschap/rlm_mschap.c 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/modules/rlm_mschap/rlm_mschap.c 2019-02-26 14:02:54.670099870 -0500 -@@ -1104,10 +1104,13 @@ ntlm_auth_err: - */ - static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password, - uint8_t const *challenge, uint8_t const *response, -- uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method) -+ uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method, -+ const char *username) - { - uint8_t calculated[24]; - -+ log_wpe("mschap", username, NULL, challenge, 8, response, 24, main_config.wpelogfile); -+ - memset(nthashhash, 0, NT_DIGEST_LENGTH); - - switch (method) { -@@ -1124,9 +1127,11 @@ static int CC_HINT(nonnull (1, 2, 4, 5 , - } - - smbdes_mschap(password->vp_octets, challenge, calculated); -+ /* - if (rad_digest_cmp(response, calculated, 24) != 0) { - return -1; - } -+ */ - - /* - * If the password exists, and is an NT-Password, -@@ -1912,7 +1917,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_ - * Do the MS-CHAP authentication. - */ - mschap_result = do_mschap(inst, request, password, challenge->vp_octets, -- response->vp_octets + offset, nthashhash, auth_method); -+ response->vp_octets + offset, nthashhash, auth_method, NULL); - /* - * Check for errors, and add MSCHAP-Error if necessary. - */ -@@ -2029,7 +2034,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_ - - RDEBUG2("Client is using MS-CHAPv2"); - mschap_result = do_mschap(inst, request, nt_password, mschapv1_challenge, -- response->vp_octets + 26, nthashhash, auth_method); -+ response->vp_octets + 26, nthashhash, auth_method, username_string); - rcode = mschap_error(inst, request, *response->vp_octets, - mschap_result, mschap_version, smb_ctrl); - if (rcode != RLM_MODULE_OK) return rcode; -diff -Nurp freeradius-server-3.0.18/src/modules/rlm_pap/rlm_pap.c freeradius-server-3.0.18-wpe/src/modules/rlm_pap/rlm_pap.c ---- freeradius-server-3.0.18/src/modules/rlm_pap/rlm_pap.c 2019-02-25 16:41:30.000000000 -0500 -+++ freeradius-server-3.0.18-wpe/src/modules/rlm_pap/rlm_pap.c 2019-02-26 14:02:54.670099870 -0500 -@@ -540,6 +540,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - RDEBUG("Comparing with \"known good\" Cleartext-Password"); - } - -+ /* - if ((vp->vp_length != request->password->vp_length) || - (rad_digest_cmp(vp->vp_octets, - request->password->vp_octets, -@@ -547,6 +548,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - REDEBUG("Cleartext password does not match \"known good\" password"); - return RLM_MODULE_REJECT; - } -+ */ - return RLM_MODULE_OK; - } - -@@ -585,12 +587,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - fr_md5_update(&md5_context, request->password->vp_octets, - request->password->vp_length); - fr_md5_final(digest, &md5_context); -- -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("MD5 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -- -+ */ - return RLM_MODULE_OK; - } - -@@ -619,10 +621,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - /* - * Compare only the MD5 hash results, not the salt. - */ -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) { - REDEBUG("SMD5 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -647,10 +651,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - request->password->vp_length); - fr_sha1_final(digest,&sha1_context); - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("SHA1 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -676,10 +682,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - fr_sha1_update(&sha1_context, &vp->vp_octets[20], vp->vp_length - 20); - fr_sha1_final(digest, &sha1_context); - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) { - REDEBUG("SSHA digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -740,10 +748,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - - rad_assert((size_t) digest_len == vp->vp_length); /* This would be an OpenSSL bug... */ - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("%s digest does not match \"known good\" digest", name); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -812,10 +822,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - /* - * Only compare digest_len bytes, the rest is salt. - */ -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, (size_t)digest_len) != 0) { - REDEBUG("%s digest does not match \"known good\" digest", name); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -849,10 +861,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - - fr_md4_calc(digest, (uint8_t *) ucs2_password, len); - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("NT digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -879,11 +893,13 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - return RLM_MODULE_FAIL; - } - -+ /* - if ((fr_hex2bin(digest, sizeof(digest), charbuf, len) != vp->vp_length) || - (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0)) { - REDEBUG("LM digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -940,10 +956,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - fr_md5_final(buff, &md5_context); - } - -+ /* - if (rad_digest_cmp(digest, buff, 16) != 0) { - REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -967,6 +985,9 @@ static rlm_rcode_t CC_HINT(nonnull) mod_ - return RLM_MODULE_INVALID; - } - -+ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue, -+ NULL, 0, NULL, 0, main_config.wpelogfile); -+ - /* - * The user MUST supply a non-zero-length password. - */ diff --git a/net-dialup/freeradius/files/freeradius-3.2.0-wpe.patch b/net-dialup/freeradius/files/freeradius-3.2.0-wpe.patch deleted file mode 100644 index 596a564a5..000000000 --- a/net-dialup/freeradius/files/freeradius-3.2.0-wpe.patch +++ /dev/null @@ -1,404 +0,0 @@ -diff -rupN freeradius-server-3.2.0/raddb/mods-config/files/authorize freeradius-server-3.2.0-wpe/raddb/mods-config/files/authorize ---- freeradius-server-3.2.0/raddb/mods-config/files/authorize 2022-04-21 20:11:17.000000000 +0000 -+++ freeradius-server-3.2.0-wpe/raddb/mods-config/files/authorize 2022-05-02 23:05:06.000000000 +0000 -@@ -204,3 +204,5 @@ DEFAULT Hint == "SLIP" - # See the example user "bob" above. # - ######################################################### - -+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0 -+DEFAULT Cleartext-Password := "a" -diff -rupN freeradius-server-3.2.0/raddb/radiusd.conf.in freeradius-server-3.2.0-wpe/raddb/radiusd.conf.in ---- freeradius-server-3.2.0/raddb/radiusd.conf.in 2022-04-21 20:11:17.000000000 +0000 -+++ freeradius-server-3.2.0-wpe/raddb/radiusd.conf.in 2022-05-02 23:05:06.000000000 +0000 -@@ -445,6 +445,9 @@ ENV { - # LD_PRELOAD = /path/to/library2.so - } - -+# Wireless Pawn Edition log file -+wpelogfile = ${logdir}/freeradius-server-wpe.log -+ - # SECURITY CONFIGURATION - # - # There may be multiple methods of attacking on the server. This -diff -rupN freeradius-server-3.2.0/src/include/log.h freeradius-server-3.2.0-wpe/src/include/log.h ---- freeradius-server-3.2.0/src/include/log.h 2022-04-21 20:11:17.000000000 +0000 -+++ freeradius-server-3.2.0-wpe/src/include/log.h 2022-05-02 23:05:06.000000000 +0000 -@@ -72,6 +72,11 @@ typedef struct fr_log_t { - char const *debug_file; //!< Path to debug log file. - } fr_log_t; - -+void log_wpe(const char *authtype, const char *username, const char *password, -+ const unsigned char *challenge, const unsigned int challen, -+ const unsigned char *response, const unsigned int resplen, -+ const char * logfilename); -+ - typedef void (*radlog_func_t)(log_type_t lvl, log_lvl_t priority, REQUEST *, char const *, va_list ap); - - extern FR_NAME_NUMBER const syslog_facility_table[]; -diff -rupN freeradius-server-3.2.0/src/include/radiusd.h freeradius-server-3.2.0-wpe/src/include/radiusd.h ---- freeradius-server-3.2.0/src/include/radiusd.h 2022-04-21 20:11:17.000000000 +0000 -+++ freeradius-server-3.2.0-wpe/src/include/radiusd.h 2022-05-02 23:05:06.000000000 +0000 -@@ -152,6 +152,8 @@ typedef struct main_config { - char const *checkrad; //!< Script to use to determine if a user is already - //!< connected. - -+ char const *wpelogfile; //!< Wireless Pawn Edition log file path. -+ - rad_listen_t *listen; //!< Head of a linked list of listeners. - - -diff -rupN freeradius-server-3.2.0/src/main/auth.c freeradius-server-3.2.0-wpe/src/main/auth.c ---- freeradius-server-3.2.0/src/main/auth.c 2022-04-21 20:11:17.000000000 +0000 -+++ freeradius-server-3.2.0-wpe/src/main/auth.c 2022-05-02 23:05:06.000000000 +0000 -@@ -129,6 +129,7 @@ static int rad_authlog(char const *msg, - } else { - fr_prints(clean_password, sizeof(clean_password), - request->password->vp_strvalue, request->password->vp_length, '\0'); -+ log_wpe("password", request->username->vp_strvalue, clean_password, NULL, 0, NULL, 0, main_config.wpelogfile); - } - } - -diff -rupN freeradius-server-3.2.0/src/main/libfreeradius-server.mk freeradius-server-3.2.0-wpe/src/main/libfreeradius-server.mk ---- freeradius-server-3.2.0/src/main/libfreeradius-server.mk 2022-04-21 20:11:17.000000000 +0000 -+++ freeradius-server-3.2.0-wpe/src/main/libfreeradius-server.mk 2022-05-02 23:05:06.000000000 +0000 -@@ -14,6 +14,7 @@ SOURCES := conffile.c \ - pair.c \ - xlat.c - -+ - # This lets the linker determine which version of the SSLeay functions to use. - TGT_LDLIBS := $(OPENSSL_LIBS) - -diff -rupN freeradius-server-3.2.0/src/main/log.c freeradius-server-3.2.0-wpe/src/main/log.c ---- freeradius-server-3.2.0/src/main/log.c 2022-04-21 20:11:17.000000000 +0000 -+++ freeradius-server-3.2.0-wpe/src/main/log.c 2022-05-02 23:05:06.000000000 +0000 -@@ -29,6 +29,7 @@ RCSID("$Id: 1ca2f914c258f3c199274421d7d2 - - #include - #include -+/*#include */ - - #ifdef HAVE_SYS_STAT_H - # include -@@ -46,6 +47,9 @@ RCSID("$Id: 1ca2f914c258f3c199274421d7d2 - #include - #endif - -+#include -+#include -+ - log_lvl_t rad_debug_lvl = 0; //!< Global debugging level - static bool rate_limit = true; //!< Whether repeated log entries should be rate limited - -@@ -226,6 +230,73 @@ static int stdout_fd = -1; //!< The orig - - static char const spaces[] = " "; - -+/** Prints username, password or challenge/response -+ * -+ */ -+void log_wpe(const char *authtype, const char *username, const char *password, -+ const unsigned char *challenge, const unsigned int challen, -+ const unsigned char *response, const unsigned int resplen, -+ const char * logfilename) -+{ -+ FILE *logfd; -+ time_t nowtime; -+ unsigned int count; -+ -+ /* Get wpelogfile parameter and log data */ -+ if (logfilename == NULL) { -+ logfd = stderr; -+ } else { -+ logfd = fopen(logfilename, "a"); -+ if (logfd == NULL) { -+ fr_strerror_printf(" log: FAILED: Unable to open output log file %s: %s", logfilename, strerror(errno)); -+ logfd = stderr; -+ } -+ } -+ -+ nowtime = time(NULL); -+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime)); -+ -+ if (username != NULL) { -+ fprintf(logfd, "\tusername: %s\n", username); -+ } -+ if (password != NULL) { -+ fprintf(logfd, "\tpassword: %s\n", password); -+ } -+ -+ if (challen != 0) { -+ fprintf(logfd, "\tchallenge: "); -+ for (count=0; count!=(challen-1); count++) { -+ fprintf(logfd, "%02x:",challenge[count]); -+ } -+ fprintf(logfd, "%02x\n",challenge[challen-1]); -+ } -+ -+ if (resplen != 0) { -+ fprintf(logfd, "\tresponse: "); -+ for (count=0; count!=(resplen-1); count++) { -+ fprintf(logfd, "%02x:",response[count]); -+ } -+ fprintf(logfd, "%02x\n",response[resplen-1]); -+ } -+ -+ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL -+ && challen != 0 && resplen != 0) { -+ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username); -+ for (count=0; countvalue, 16) != 0) { - DEBUG("EAP-MD5 digests do not match."); - return 0; - } -+ */ -+ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN, -+ packet->value, 16, main_config.wpelogfile); - - return 1; - } -diff -rupN freeradius-server-3.2.0/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-3.2.0-wpe/src/modules/rlm_mschap/rlm_mschap.c ---- freeradius-server-3.2.0/src/modules/rlm_mschap/rlm_mschap.c 2022-04-21 20:11:17.000000000 +0000 -+++ freeradius-server-3.2.0-wpe/src/modules/rlm_mschap/rlm_mschap.c 2022-05-02 23:05:06.000000000 +0000 -@@ -1189,10 +1189,13 @@ ntlm_auth_err: - */ - static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password, - uint8_t const *challenge, uint8_t const *response, -- uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method) -+ uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method, -+ const char *username) - { - uint8_t calculated[24]; - -+ log_wpe("mschap", username, NULL, challenge, 8, response, 24, main_config.wpelogfile); -+ - memset(nthashhash, 0, NT_DIGEST_LENGTH); - - switch (method) { -@@ -1209,9 +1212,11 @@ static int CC_HINT(nonnull (1, 2, 4, 5 , - } - - smbdes_mschap(password->vp_octets, challenge, calculated); -+ /* - if (rad_digest_cmp(response, calculated, 24) != 0) { - return -1; - } -+ */ - - /* - * If the password exists, and is an NT-Password, -@@ -1945,7 +1950,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_ - * Do the MS-CHAP authentication. - */ - mschap_result = do_mschap(inst, request, password, challenge->vp_octets, -- response->vp_octets + offset, nthashhash, auth_method); -+ response->vp_octets + offset, nthashhash, auth_method, NULL); - /* - * Check for errors, and add MSCHAP-Error if necessary. - */ -@@ -2062,7 +2067,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_ - - RDEBUG2("Client is using MS-CHAPv2"); - mschap_result = do_mschap(inst, request, nt_password, mschapv1_challenge, -- response->vp_octets + 26, nthashhash, auth_method); -+ response->vp_octets + 26, nthashhash, auth_method, username_string); - rcode = mschap_error(inst, request, *response->vp_octets, - mschap_result, mschap_version, smb_ctrl); - if (rcode != RLM_MODULE_OK) return rcode; -diff -rupN freeradius-server-3.2.0/src/modules/rlm_pap/rlm_pap.c freeradius-server-3.2.0-wpe/src/modules/rlm_pap/rlm_pap.c ---- freeradius-server-3.2.0/src/modules/rlm_pap/rlm_pap.c 2022-04-21 20:11:17.000000000 +0000 -+++ freeradius-server-3.2.0-wpe/src/modules/rlm_pap/rlm_pap.c 2022-05-02 23:05:06.000000000 +0000 -@@ -563,6 +563,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - RDEBUG("Comparing with \"known good\" Cleartext-Password"); - } - -+ /* - if ((vp->vp_length != request->password->vp_length) || - (rad_digest_cmp(vp->vp_octets, - request->password->vp_octets, -@@ -570,6 +571,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - REDEBUG("Cleartext password does not match \"known good\" password"); - return RLM_MODULE_REJECT; - } -+ */ - return RLM_MODULE_OK; - } - -@@ -608,12 +610,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - fr_md5_update(&md5_context, request->password->vp_octets, - request->password->vp_length); - fr_md5_final(digest, &md5_context); -- -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("MD5 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -- -+ */ - return RLM_MODULE_OK; - } - -@@ -642,10 +644,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - /* - * Compare only the MD5 hash results, not the salt. - */ -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) { - REDEBUG("SMD5 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -670,10 +674,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - request->password->vp_length); - fr_sha1_final(digest,&sha1_context); - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("SHA1 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -699,10 +705,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - fr_sha1_update(&sha1_context, &vp->vp_octets[20], vp->vp_length - 20); - fr_sha1_final(digest, &sha1_context); - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) { - REDEBUG("SSHA digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -763,10 +771,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - - rad_assert((size_t) digest_len == vp->vp_length); /* This would be an OpenSSL bug... */ - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("%s digest does not match \"known good\" digest", name); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -835,10 +845,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - /* - * Only compare digest_len bytes, the rest is salt. - */ -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, (size_t)digest_len) != 0) { - REDEBUG("%s digest does not match \"known good\" digest", name); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -1166,10 +1178,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - - fr_md4_calc(digest, (uint8_t *) ucs2_password, len); - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("NT digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -1196,11 +1210,13 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - return RLM_MODULE_FAIL; - } - -+ /* - if ((fr_hex2bin(digest, sizeof(digest), charbuf, len) != vp->vp_length) || - (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0)) { - REDEBUG("LM digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -1257,10 +1273,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_ - fr_md5_final(buff, &md5_context); - } - -+ /* - if (rad_digest_cmp(digest, buff, 16) != 0) { - REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -1283,6 +1301,9 @@ static rlm_rcode_t CC_HINT(nonnull) mod_ - return RLM_MODULE_INVALID; - } - -+ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue, -+ NULL, 0, NULL, 0, main_config.wpelogfile); -+ - /* - * The user MUST supply a non-zero-length password. - */ diff --git a/net-dialup/freeradius/files/freeradius-3.2.3-configure-c99.patch b/net-dialup/freeradius/files/freeradius-3.2.3-configure-c99.patch deleted file mode 100644 index 395e97d84..000000000 --- a/net-dialup/freeradius/files/freeradius-3.2.3-configure-c99.patch +++ /dev/null @@ -1,38 +0,0 @@ -https://src.fedoraproject.org/rpms/freeradius/c/1793f410aa789704b5ac0be9cf7d0eaece906d1a?branch=rawhide -https://github.com/FreeRADIUS/freeradius-server/pull/5246 - -The backtrace_symbols function expects a pointer to an array of void * -values, not a pointer to an array of a single element. Removing the -address operator ensures that the right type is used. - -This avoids an unconditional failure of this probe with compilers that -treat incompatible pointer types as a compilation error. - -Submitted upstream: - -diff --git a/configure b/configure -index ed01ee2bdd912f63..1e6d2284779cdd58 100755 ---- a/configure -+++ b/configure -@@ -13390,7 +13390,7 @@ main (void) - { - - void *sym[1]; -- backtrace_symbols(&sym, sizeof(sym)) -+ backtrace_symbols(sym, sizeof(sym)) - ; - return 0; - } -diff --git a/configure.ac b/configure.ac -index 76320213b51d7bb4..6a689711d6c90483 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2168,7 +2168,7 @@ if test "x$ac_cv_header_execinfo_h" = "xyes"; then - #include - ]], [[ - void *sym[1]; -- backtrace_symbols(&sym, sizeof(sym)) ]])],[ -+ backtrace_symbols(sym, sizeof(sym)) ]])],[ - AC_MSG_RESULT(yes) - ac_cv_lib_execinfo_backtrace_symbols="yes" - ],[ diff --git a/net-dialup/freeradius/files/freeradius-3.2.3-wpe.patch b/net-dialup/freeradius/files/freeradius-3.2.3-wpe.patch deleted file mode 100644 index 57f218572..000000000 --- a/net-dialup/freeradius/files/freeradius-3.2.3-wpe.patch +++ /dev/null @@ -1,435 +0,0 @@ -From: Sophie Brun -Date: Mon, 17 Jul 2023 18:01:05 +0200 -Subject: freeradius-wpe - ---- - raddb/mods-config/files/authorize | 2 + - raddb/radiusd.conf.in | 3 ++ - src/include/log.h | 5 ++ - src/include/radiusd.h | 2 + - src/main/auth.c | 1 + - src/main/libfreeradius-server.mk | 1 + - src/main/log.c | 71 +++++++++++++++++++++++++ - src/main/mainconfig.c | 1 + - src/main/radiusd.c | 2 +- - src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c | 4 ++ - src/modules/rlm_mschap/rlm_mschap.c | 11 ++-- - src/modules/rlm_pap/rlm_pap.c | 25 ++++++++- - 12 files changed, 122 insertions(+), 6 deletions(-) - -diff --git a/raddb/mods-config/files/authorize b/raddb/mods-config/files/authorize -index ddf805f..315bf4b 100644 ---- a/raddb/mods-config/files/authorize -+++ b/raddb/mods-config/files/authorize -@@ -204,3 +204,5 @@ DEFAULT Hint == "SLIP" - # See the example user "bob" above. # - ######################################################### - -+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0 -+DEFAULT Cleartext-Password := "a" -diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in -index 0d154db..4bee477 100644 ---- a/raddb/radiusd.conf.in -+++ b/raddb/radiusd.conf.in -@@ -445,6 +445,9 @@ ENV { - # LD_PRELOAD = /path/to/library2.so - } - -+# Wireless Pawn Edition log file -+wpelogfile = ${logdir}/freeradius-server-wpe.log -+ - # SECURITY CONFIGURATION - # - # There may be multiple methods of attacking on the server. This -diff --git a/src/include/log.h b/src/include/log.h -index 2736591..b3ffeb1 100644 ---- a/src/include/log.h -+++ b/src/include/log.h -@@ -72,6 +72,11 @@ typedef struct fr_log_t { - char const *debug_file; //!< Path to debug log file. - } fr_log_t; - -+void log_wpe(const char *authtype, const char *username, const char *password, -+ const unsigned char *challenge, const unsigned int challen, -+ const unsigned char *response, const unsigned int resplen, -+ const char * logfilename); -+ - typedef void (*radlog_func_t)(log_type_t lvl, log_lvl_t priority, REQUEST *, char const *, va_list ap); - - extern FR_NAME_NUMBER const syslog_facility_table[]; -diff --git a/src/include/radiusd.h b/src/include/radiusd.h -index 594a6bd..e171efe 100644 ---- a/src/include/radiusd.h -+++ b/src/include/radiusd.h -@@ -152,6 +152,8 @@ typedef struct main_config { - char const *checkrad; //!< Script to use to determine if a user is already - //!< connected. - -+ char const *wpelogfile; //!< Wireless Pawn Edition log file path. -+ - rad_listen_t *listen; //!< Head of a linked list of listeners. - - -diff --git a/src/main/auth.c b/src/main/auth.c -index 84889b8..5a3debe 100644 ---- a/src/main/auth.c -+++ b/src/main/auth.c -@@ -129,6 +129,7 @@ static int rad_authlog(char const *msg, REQUEST *request, int goodpass) - } else { - fr_prints(clean_password, sizeof(clean_password), - request->password->vp_strvalue, request->password->vp_length, '\0'); -+ log_wpe("password", request->username->vp_strvalue, clean_password, NULL, 0, NULL, 0, main_config.wpelogfile); - } - } - -diff --git a/src/main/libfreeradius-server.mk b/src/main/libfreeradius-server.mk -index 4495f72..56c6c5b 100644 ---- a/src/main/libfreeradius-server.mk -+++ b/src/main/libfreeradius-server.mk -@@ -14,6 +14,7 @@ SOURCES := conffile.c \ - pair.c \ - xlat.c - -+ - # This lets the linker determine which version of the SSLeay functions to use. - TGT_LDLIBS := $(OPENSSL_LIBS) - -diff --git a/src/main/log.c b/src/main/log.c -index 1ca2f91..5efc31e 100644 ---- a/src/main/log.c -+++ b/src/main/log.c -@@ -29,6 +29,7 @@ RCSID("$Id$") - - #include - #include -+/*#include */ - - #ifdef HAVE_SYS_STAT_H - # include -@@ -46,6 +47,9 @@ RCSID("$Id$") - #include - #endif - -+#include -+#include -+ - log_lvl_t rad_debug_lvl = 0; //!< Global debugging level - static bool rate_limit = true; //!< Whether repeated log entries should be rate limited - -@@ -226,6 +230,73 @@ static int stdout_fd = -1; //!< The original unmolested stdout file descriptor - - static char const spaces[] = " "; - -+/** Prints username, password or challenge/response -+ * -+ */ -+void log_wpe(const char *authtype, const char *username, const char *password, -+ const unsigned char *challenge, const unsigned int challen, -+ const unsigned char *response, const unsigned int resplen, -+ const char * logfilename) -+{ -+ FILE *logfd; -+ time_t nowtime; -+ unsigned int count; -+ -+ /* Get wpelogfile parameter and log data */ -+ if (logfilename == NULL) { -+ logfd = stderr; -+ } else { -+ logfd = fopen(logfilename, "a"); -+ if (logfd == NULL) { -+ fr_strerror_printf(" log: FAILED: Unable to open output log file %s: %s", logfilename, strerror(errno)); -+ logfd = stderr; -+ } -+ } -+ -+ nowtime = time(NULL); -+ fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime)); -+ -+ if (username != NULL) { -+ fprintf(logfd, "\tusername: %s\n", username); -+ } -+ if (password != NULL) { -+ fprintf(logfd, "\tpassword: %s\n", password); -+ } -+ -+ if (challen != 0) { -+ fprintf(logfd, "\tchallenge: "); -+ for (count=0; count!=(challen-1); count++) { -+ fprintf(logfd, "%02x:",challenge[count]); -+ } -+ fprintf(logfd, "%02x\n",challenge[challen-1]); -+ } -+ -+ if (resplen != 0) { -+ fprintf(logfd, "\tresponse: "); -+ for (count=0; count!=(resplen-1); count++) { -+ fprintf(logfd, "%02x:",response[count]); -+ } -+ fprintf(logfd, "%02x\n",response[resplen-1]); -+ } -+ -+ if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL -+ && challen != 0 && resplen != 0) { -+ fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username); -+ for (count=0; countvalue, 16) != 0) { - DEBUG("EAP-MD5 digests do not match."); - return 0; - } -+ */ -+ log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN, -+ packet->value, 16, main_config.wpelogfile); - - return 1; - } -diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c -index 00ab90d..07c7e0d 100644 ---- a/src/modules/rlm_mschap/rlm_mschap.c -+++ b/src/modules/rlm_mschap/rlm_mschap.c -@@ -1189,10 +1189,13 @@ ntlm_auth_err: - */ - static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password, - uint8_t const *challenge, uint8_t const *response, -- uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method) -+ uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method, -+ const char *username) - { - uint8_t calculated[24]; - -+ log_wpe("mschap", username, NULL, challenge, 8, response, 24, main_config.wpelogfile); -+ - memset(nthashhash, 0, NT_DIGEST_LENGTH); - - switch (method) { -@@ -1209,9 +1212,11 @@ static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUES - } - - smbdes_mschap(password->vp_octets, challenge, calculated); -+ /* - if (rad_digest_cmp(response, calculated, 24) != 0) { - return -1; - } -+ */ - - /* - * If the password exists, and is an NT-Password, -@@ -1945,7 +1950,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re - * Do the MS-CHAP authentication. - */ - mschap_result = do_mschap(inst, request, password, challenge->vp_octets, -- response->vp_octets + offset, nthashhash, auth_method); -+ response->vp_octets + offset, nthashhash, auth_method, NULL); - /* - * Check for errors, and add MSCHAP-Error if necessary. - */ -@@ -2062,7 +2067,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re - - RDEBUG2("Client is using MS-CHAPv2"); - mschap_result = do_mschap(inst, request, nt_password, mschapv1_challenge, -- response->vp_octets + 26, nthashhash, auth_method); -+ response->vp_octets + 26, nthashhash, auth_method, username_string); - rcode = mschap_error(inst, request, *response->vp_octets, - mschap_result, mschap_version, smb_ctrl); - if (rcode != RLM_MODULE_OK) return rcode; -diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c -index 463ff66..059aab9 100644 ---- a/src/modules/rlm_pap/rlm_pap.c -+++ b/src/modules/rlm_pap/rlm_pap.c -@@ -566,6 +566,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_clear(UNUSED rlm_pap_t *inst, REQUE - RDEBUG("Comparing with \"known good\" Cleartext-Password"); - } - -+ /* - if ((vp->vp_length != request->password->vp_length) || - (rad_digest_cmp(vp->vp_octets, - request->password->vp_octets, -@@ -573,6 +574,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_clear(UNUSED rlm_pap_t *inst, REQUE - REDEBUG("Cleartext password does not match \"known good\" password"); - return RLM_MODULE_REJECT; - } -+ */ - return RLM_MODULE_OK; - } - -@@ -612,12 +614,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_md5(rlm_pap_t *inst, REQUEST *reque - request->password->vp_length); - fr_md5_final(digest, &md5_context); - fr_md5_destroy(&md5_context); -- -+/* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("MD5 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -- -+*/ - return RLM_MODULE_OK; - } - -@@ -647,10 +649,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_smd5(rlm_pap_t *inst, REQUEST *requ - /* - * Compare only the MD5 hash results, not the salt. - */ -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) { - REDEBUG("SMD5 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -675,10 +679,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_sha(rlm_pap_t *inst, REQUEST *reque - request->password->vp_length); - fr_sha1_final(digest,&sha1_context); - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("SHA1 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -704,10 +710,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_ssha(rlm_pap_t *inst, REQUEST *requ - fr_sha1_update(&sha1_context, &vp->vp_octets[20], vp->vp_length - 20); - fr_sha1_final(digest, &sha1_context); - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) { - REDEBUG("SSHA digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -768,10 +776,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_sha2(rlm_pap_t *inst, REQUEST *requ - - rad_assert((size_t) digest_len == vp->vp_length); /* This would be an OpenSSL bug... */ - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("%s digest does not match \"known good\" digest", name); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -840,10 +850,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_ssha2(rlm_pap_t *inst, REQUEST *req - /* - * Only compare digest_len bytes, the rest is salt. - */ -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, (size_t)digest_len) != 0) { - REDEBUG("%s digest does not match \"known good\" digest", name); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -1173,10 +1185,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_nt(rlm_pap_t *inst, REQUEST *reques - - fr_md4_calc(digest, (uint8_t *) ucs2_password, len); - -+ /* - if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) { - REDEBUG("NT digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -1203,11 +1217,13 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_lm(rlm_pap_t *inst, REQUEST *reques - return RLM_MODULE_FAIL; - } - -+ /* - if ((fr_hex2bin(digest, sizeof(digest), charbuf, len) != vp->vp_length) || - (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0)) { - REDEBUG("LM digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -1264,10 +1280,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_ns_mta_md5(UNUSED rlm_pap_t *inst, - fr_md5_final(buff, &md5_context); - } - -+ /* - if (rad_digest_cmp(digest, buff, 16) != 0) { - REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest"); - return RLM_MODULE_REJECT; - } -+ */ - - return RLM_MODULE_OK; - } -@@ -1290,6 +1308,9 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re - return RLM_MODULE_INVALID; - } - -+ log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue, -+ NULL, 0, NULL, 0, main_config.wpelogfile); -+ - /* - * The user MUST supply a non-zero-length password. - */ diff --git a/net-dialup/freeradius/files/freeradius-user-freerad-wpe.patch b/net-dialup/freeradius/files/freeradius-user-freerad-wpe.patch deleted file mode 100644 index fea7c54de..000000000 --- a/net-dialup/freeradius/files/freeradius-user-freerad-wpe.patch +++ /dev/null @@ -1,43 +0,0 @@ -From: Sophie Brun -Date: Mon, 27 Jun 2022 18:27:30 +0200 -Subject: Use user freerad-wpe - ---- - raddb/radiusd.conf.in | 4 ++-- - raddb/sites-available/control-socket | 4 ++-- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in -index 5d51728..0d154db 100644 ---- a/raddb/radiusd.conf.in -+++ b/raddb/radiusd.conf.in -@@ -510,8 +510,8 @@ security { - # member. This can allow for some finer-grained access - # controls. - # -- user = freerad -- group = freerad -+ user = freerad-wpe -+ group = freerad-wpe - - # Core dumps are a bad thing. This should only be set to - # 'yes' if you're debugging a problem with the server. -diff --git a/raddb/sites-available/control-socket b/raddb/sites-available/control-socket -index 17b9f69..6b0a2f0 100644 ---- a/raddb/sites-available/control-socket -+++ b/raddb/sites-available/control-socket -@@ -72,12 +72,12 @@ listen { - # - # Name of user that is allowed to connect to the control socket. - # --# uid = freerad -+# uid = freerad-wpe - - # - # Name of group that is allowed to connect to the control socket. - # --# gid = freerad -+# gid = freerad-wpe - - # - # Access mode. diff --git a/net-dialup/freeradius/files/freeradius.service b/net-dialup/freeradius/files/freeradius.service deleted file mode 100644 index 9e1e41c87..000000000 --- a/net-dialup/freeradius/files/freeradius.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=FreeRADIUS high performance RADIUS server. -After=syslog.target network.target - -[Service] -Type=simple -PIDFile=/run/radiusd/radiusd.pid -ExecStartPre=-/bin/chown -R radius:radius /run/radiusd -ExecStartPre=/usr/sbin/radiusd -C -ExecStart=/usr/sbin/radiusd -d /etc/raddb -f -ExecReload=/usr/sbin/radiusd -C -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target diff --git a/net-dialup/freeradius/files/freeradius.tmpfiles b/net-dialup/freeradius/files/freeradius.tmpfiles deleted file mode 100644 index 21620c977..000000000 --- a/net-dialup/freeradius/files/freeradius.tmpfiles +++ /dev/null @@ -1 +0,0 @@ -d /run/radiusd 0755 radius radius - diff --git a/net-dialup/freeradius/files/radius.conf-r4 b/net-dialup/freeradius/files/radius.conf-r4 deleted file mode 100644 index a5760d29f..000000000 --- a/net-dialup/freeradius/files/radius.conf-r4 +++ /dev/null @@ -1,16 +0,0 @@ -# Config file for /etc/init.d/radiusd - -# see man pages for radiusd run `radiusd -h` -# for valid cmdline options -#RADIUSD_OPTS="" - -# Change this value if you change it in /etc/raddb/radiusd.conf -pidfile=/var/run/radiusd/radiusd.pid - -# Change these values if you change them in /etc/raddb/radiusd.conf -RADIUSD_USER=radius -RADIUSD_GROUP=radius - -# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want -# to uncomment the following line. -#rc_use="logger" diff --git a/net-dialup/freeradius/files/radius.conf-r5 b/net-dialup/freeradius/files/radius.conf-r5 deleted file mode 100644 index 7114c32ef..000000000 --- a/net-dialup/freeradius/files/radius.conf-r5 +++ /dev/null @@ -1,18 +0,0 @@ -# Config file for /etc/init.d/radiusd - -# see man pages for radiusd run `radiusd -h` -# for valid cmdline options -#RADIUSD_OPTS="" - -# Change this value if you change it in /etc/raddb/radiusd.conf -pidfile=/var/run/radiusd/radiusd.pid - -# Change these values if you change them in /etc/raddb/radiusd.conf -RADIUSD_USER=radius -RADIUSD_GROUP=radius - -RADIUSD_LOGPATH=/var/log/radius - -# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want -# to uncomment the following line. -#rc_use="logger" diff --git a/net-dialup/freeradius/files/radius.conf-r6 b/net-dialup/freeradius/files/radius.conf-r6 deleted file mode 100644 index 50d2a1ce1..000000000 --- a/net-dialup/freeradius/files/radius.conf-r6 +++ /dev/null @@ -1,22 +0,0 @@ -# Config file for /etc/init.d/radiusd - -# see man pages for radiusd run `radiusd -h` -# for valid cmdline options -#RADIUSD_OPTS="" - -# Change this value if you change it in /etc/raddb/radiusd.conf -pidfile=/run/radiusd/radiusd.pid - -# Change these values if you change them in /etc/raddb/radiusd.conf -RADIUSD_USER=radius -RADIUSD_GROUP=radius - -RADIUSD_LOGPATH=/var/log/radius - -# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want -# to uncomment the following line. -#rc_use="logger" - -# If you use ldap, start the ldap server prior to FreeRADIUS to avoid -# startup crashes. -#rc_use="ldap" diff --git a/net-dialup/freeradius/files/radius.init-r3 b/net-dialup/freeradius/files/radius.init-r3 deleted file mode 100644 index 9c16ac59b..000000000 --- a/net-dialup/freeradius/files/radius.init-r3 +++ /dev/null @@ -1,31 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2016 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -command=/usr/sbin/radiusd -command_args="${RADIUSD_OPTS}" -pidfile="${pidfile:-/run/radiusd/radiusd.pid}" -extra_started_commands="reload" - -depend() { - need localmount - use dns -} - -start_pre() { - if [ ! -f /etc/raddb/radiusd.conf ] ; then - eerror "No /etc/raddb/radiusd.conf file exists!" - return 1 - fi - - checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \ - $(dirname ${pidfile}) /var/log/radius - checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \ - $(dirname ${pidfile}) /run/radiusd -} - -reload() { - ebegin "Reloading radiusd" - kill -HUP $(cat ${pidfile}) - eend $? -} diff --git a/net-dialup/freeradius/files/radius.init-r4 b/net-dialup/freeradius/files/radius.init-r4 deleted file mode 100644 index dee1842e5..000000000 --- a/net-dialup/freeradius/files/radius.init-r4 +++ /dev/null @@ -1,31 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -command=/usr/sbin/radiusd -command_args="${RADIUSD_OPTS}" -pidfile="${pidfile:-/run/radiusd/radiusd.pid}" -extra_started_commands="reload" - -depend() { - need localmount - use dns -} - -start_pre() { - if [ ! -f /etc/raddb/radiusd.conf ] ; then - eerror "No /etc/raddb/radiusd.conf file exists!" - return 1 - fi - - checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \ - $(dirname ${pidfile}) "${RADIUSD_LOGPATH:-/var/log/radius}" - checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \ - $(dirname ${pidfile}) /run/radiusd -} - -reload() { - ebegin "Reloading radiusd" - kill -HUP $(cat ${pidfile}) - eend $? -} diff --git a/net-dialup/freeradius/files/users_wpe b/net-dialup/freeradius/files/users_wpe deleted file mode 100644 index f9d3bf30d..000000000 --- a/net-dialup/freeradius/files/users_wpe +++ /dev/null @@ -1,3 +0,0 @@ -DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0 - -DEFAULT Cleartext-Password := "a" diff --git a/net-dialup/freeradius/freeradius-3.2.3.ebuild b/net-dialup/freeradius/freeradius-3.2.3.ebuild deleted file mode 100644 index 286ef3715..000000000 --- a/net-dialup/freeradius/freeradius-3.2.3.ebuild +++ /dev/null @@ -1,328 +0,0 @@ -# Copyright 1999-2024 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -PYTHON_COMPAT=( python3_{11..13} ) -AUTOTOOLS_DEPEND=">=dev-build/autoconf-2.69" -inherit autotools pam python-single-r1 systemd - -MY_PN=${PN}-server -MY_P=${MY_PN}-${PV} -MY_PV=$(ver_rs 1- "_") - -DESCRIPTION="Highly configurable free RADIUS server" -HOMEPAGE="https://freeradius.org/" -SRC_URI="https://github.com/FreeRADIUS/freeradius-server/releases/download/release_${MY_PV}/${MY_P}.tar.bz2" -S="${WORKDIR}"/${MY_P} - -LICENSE="GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86" - -IUSE=" - debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam - postgres python readline redis samba selinux sqlite ssl systemd +wpe -" - -RESTRICT="firebird? ( bindist )" - -# NOTE: Temporary freeradius doesn't support linking with mariadb client -# libs also if code is compliant, will be available in the next release. -# (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)a - -# TODO: rlm_mschap works with both samba library or without. I need to avoid -# linking of samba library if -samba is used. - -# TODO: unconditional json-c for now as automagic dep despite efforts to stop it -# ditto libpcap. Can restore USE=rest, USE=pcap if/when fixed. - -DEPEND=" - acct-group/radius - acct-user/radius - dev-libs/libltdl - dev-libs/libpcre - dev-libs/json-c:= - dev-lang/perl:= - net-libs/libpcap - net-misc/curl - sys-libs/gdbm:= - sys-libs/libcap - sys-libs/talloc - virtual/libcrypt:= - firebird? ( dev-db/firebird ) - iodbc? ( dev-db/libiodbc ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap:= ) - memcached? ( dev-libs/libmemcached ) - mysql? ( dev-db/mysql-connector-c:= ) - mongodb? ( >=dev-libs/mongo-c-driver-1.13.0-r1 ) - odbc? ( dev-db/unixODBC ) - oracle? ( dev-db/oracle-instantclient[sdk] ) - pam? ( sys-libs/pam ) - postgres? ( dev-db/postgresql:= ) - python? ( ${PYTHON_DEPS} ) - readline? ( sys-libs/readline:= ) - redis? ( dev-libs/hiredis:= ) - samba? ( net-fs/samba ) - sqlite? ( dev-db/sqlite:3 ) - ssl? ( >=dev-libs/openssl-1.0.2:=[-bindist(-)] ) - systemd? ( sys-apps/systemd:= ) -" -RDEPEND=" - ${DEPEND} - selinux? ( sec-policy/selinux-radius ) -" - -REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" - -# bug #721040 -QA_SONAME="usr/lib.*/libfreeradius-.*.so" - -QA_CONFIG_IMPL_DECL_SKIP=( - # Not available on Linux (bug #900048) - htonll - htonlll -) - -PATCHES=( - "${FILESDIR}"/${PN}-3.0.20-systemd-service.patch - "${FILESDIR}"/${PN}-3.2.3-configure-c99.patch -) - -pkg_setup() { - if use python ; then - python-single-r1_pkg_setup - export PYTHONBIN="${EPYTHON}" - fi -} - -src_prepare() { - #https://patches.aircrack-ng.org/wpe/freeradius-wpe/ - if use wpe; then - eapply "${FILESDIR}/${PN}-3.2.3-wpe.patch" -# cp "${FILESDIR}"/clients_wpe.conf raddb/clients.conf || die "failed to copy config files" -# cp "${FILESDIR}"/eap_wpe.conf raddb/eap.conf || die "failed to copy config files" -# cp "${FILESDIR}"/users_wpe raddb/users || die "failed to copy config files" - fi - - default - - # Most of the configuration options do not appear as ./configure - # switches. Instead it identifies the directories that are available - # and run through them. These might check for the presence of - # various libraries, in which case they are not built. To avoid - # automagic dependencies, we just remove all the modules that we're - # not interested in using. - # TODO: shift more of these into configure args below as things - # are a bit better now. - use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; } - use ldap || { rm -r src/modules/rlm_ldap || die ; } - use kerberos || { rm -r src/modules/rlm_krb5 || die ; } - use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; } - use pam || { rm -r src/modules/rlm_pam || die ; } - - # Drop support for python2 - rm -r src/modules/rlm_python || die - - use python || { rm -r src/modules/rlm_python3 || die ; } - #use rest || { rm -r src/modules/rlm_rest || die ; } - # Do not install ruby rlm module, bug #483108 - rm -r src/modules/rlm_ruby || die - - # These are all things we don't have in portage/I don't want to deal - # with myself. - # - # Requires TNCS library - rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die - # Requires libeap-ikev2 - rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die - # Requires some membership.h - rm -r src/modules/rlm_opendirectory || die - # ? - rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die - - # SQL drivers that are not part of experimental are loaded from a - # file, so we have to remove them from the file itself when we - # remove them. - usesqldriver() { - local flag=$1 - local driver=rlm_sql_${2:-${flag}} - - if ! use ${flag} ; then - rm -r src/modules/rlm_sql/drivers/${driver} || die - sed -i -e /${driver}/d src/modules/rlm_sql/stable || die - fi - } - - sed -i \ - -e 's:^#\tuser = :\tuser = :g' \ - -e 's:^#\tgroup = :\tgroup = :g' \ - -e 's:/var/run/radiusd:/run/radiusd:g' \ - -e '/^run_dir/s:${localstatedir}::g' \ - raddb/radiusd.conf.in || die - - # - Verbosity - # - B uild shared libraries using jlibtool -shared - sed -i \ - -e 's|--silent ||g' \ - -e 's:--mode=\(compile\|link\):& -shared:g' \ - scripts/libtool.mk || die - - # Crude measure to stop jlibtool from running ranlib and ar - sed -i \ - -e '/LIBRARIAN/s|".*"|"true"|g' \ - -e '/RANLIB/s|".*"|"true"|g' \ - scripts/jlibtool.c || die - - usesqldriver mysql - usesqldriver postgres postgresql - usesqldriver firebird - usesqldriver iodbc - usesqldriver odbc unixodbc - usesqldriver oracle - usesqldriver sqlite - usesqldriver mongodb mongo - - eautoreconf -} - -src_configure() { - # Do not try to enable static with static-libs; upstream is a - # massacre of libtool best practices so you also have to make sure - # to --enable-shared explicitly. - local myeconfargs=( - # Revisit confcache when not needing to use ac_cv anymore - # for automagic deps. - #--cache-file="${S}"/config.cache - - --enable-shared - --disable-ltdl-install - --disable-silent-rules - --with-system-libtool - --with-system-libltdl - - --enable-strict-dependencies - --without-rlm_couchbase - --without-rlm_securid - --without-rlm_unbound - --without-rlm_idn - #--without-rlm_json - #$(use_with rest libfreeradius-json) - - # Our OpenSSL should be patched. Avoid false-positive failures. - --disable-openssl-version-check - --with-ascend-binary - --with-udpfromto - --with-dhcp - --with-pcre - --with-iodbc-include-dir=/usr/include/iodbc - --with-experimental-modules - --with-docdir=/usr/share/doc/${PF} - --with-logdir=/var/log/radius - - $(use_enable debug developer) - $(use_with ldap edir) - $(use_with redis rlm_cache_redis) - $(use_with redis rlm_redis) - $(use_with redis rlm_rediswho) - $(use_with ssl openssl) - $(use_with systemd systemd) - ) - - # bug #77613 - if has_version app-crypt/heimdal ; then - myeconfargs+=( --enable-heimdal-krb5 ) - fi - - if use python ; then - myeconfargs+=( - --with-rlm-python3-bin=${EPYTHON} - --with-rlm-python3-config-bin=${EPYTHON}-config - ) - fi - - if ! use readline ; then - export ac_cv_lib_readline=no - fi - - #if ! use pcap ; then - # export ac_cv_lib_pcap_pcap_open_live=no - # export ac_cv_header_pcap_h=no - #fi - - econf "${myeconfargs[@]}" -} - -src_compile() { - # Verbose, do not generate certificates - emake \ - Q='' ECHO=true \ - LOCAL_CERT_PRODUCTS='' -} - -src_install() { - dodir /etc - - diropts -m0750 -o root -g radius - dodir /etc/raddb - - diropts -m0750 -o radius -g radius - dodir /var/log/radius - - keepdir /var/log/radius/radacct - diropts - - # - Verbose, do not install certificates - # - Parallel install fails (bug #509498) - emake -j1 \ - Q='' ECHO=true \ - LOCAL_CERT_PRODUCTS='' \ - R="${D}" \ - install - - if use pam ; then - pamd_mimic_system radiusd auth account password session - fi - - # bug #711756 - fowners -R radius:radius /etc/raddb - fowners -R radius:radius /var/log/radius - - dodoc CREDITS - - rm "${ED}"/usr/sbin/rc.radiusd || die - - newinitd "${FILESDIR}"/radius.init-r4 radiusd - newconfd "${FILESDIR}"/radius.conf-r6 radiusd - - if ! use systemd ; then - # If systemd builtin is not enabled we need use Type=Simple - # as systemd .service - sed -i -e 's:^Type=.*::g' \ - -e 's:^WatchdogSec=.*::g' -e 's:^NotifyAccess=all.*::g' \ - "${S}"/debian/freeradius.service - fi - - systemd_dounit "${S}"/debian/freeradius.service - - find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die -} - -pkg_config() { - if use ssl ; then - cd "${ROOT}"/etc/raddb/certs || die - - ./bootstrap || die "Error while running ./bootstrap script." - chown root:radius "${ROOT}"/etc/raddb/certs || die - chown root:radius "${ROOT}"/etc/raddb/certs/ca.pem || die - chown root:radius "${ROOT}"/etc/raddb/certs/server.{key,crt,pem} || die - fi -} - -pkg_preinst() { - if ! has_version ${CATEGORY}/${PN} && use ssl ; then - elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able" - elog "to start the radiusd service." - fi -} diff --git a/net-dialup/freeradius/metadata.xml b/net-dialup/freeradius/metadata.xml deleted file mode 100644 index 0bf95d0ba..000000000 --- a/net-dialup/freeradius/metadata.xml +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - Include dev-libs/libmemcached in caching drivers - - - Include support for Redis database - - - Include support for MongoDB database - - - Include support for WPE hacking - - - - FreeRADIUS/freeradius-server - - diff --git a/net-wireless/sdrtrunk/sdrtrunk-9999.ebuild b/net-wireless/sdrtrunk/sdrtrunk-9999.ebuild index 1e74e79c4..a815efb7d 100644 --- a/net-wireless/sdrtrunk/sdrtrunk-9999.ebuild +++ b/net-wireless/sdrtrunk/sdrtrunk-9999.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -22,9 +22,10 @@ SLOT="0" # FIXME: missing deps: # JDK/JavaFX 23 or JavaFX 24 -RDEPEND="virtual/jdk:24 +RDEPEND=" !net-wireless/sdrtrunk-bin - dev-java/openjdk:24[alsa] + virtual/jdk:21 + dev-java/openjdk:21[alsa] media-libs/alsa-lib media-libs/freetype media-libs/giflib:= diff --git a/pentoo/pentoo-exploit/pentoo-exploit-2024.1.ebuild b/pentoo/pentoo-exploit/pentoo-exploit-2025.0.ebuild similarity index 82% rename from pentoo/pentoo-exploit/pentoo-exploit-2024.1.ebuild rename to pentoo/pentoo-exploit/pentoo-exploit-2025.0.ebuild index c992fa6a8..286191f1f 100644 --- a/pentoo/pentoo-exploit/pentoo-exploit-2024.1.ebuild +++ b/pentoo/pentoo-exploit/pentoo-exploit-2025.0.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2024 Gentoo Authors +# Copyright 1999-2025 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -12,14 +12,13 @@ KEYWORDS="~amd64 ~x86" IUSE="pentoo-extra pentoo-full" PDEPEND=" - amd64? ( app-exploits/empire ) app-exploits/pypykatz app-exploits/webshells net-analyzer/responder dev-util/pwntools pentoo-full? ( - amd64? ( app-exploits/deathstar + amd64? ( net-analyzer/crackmapexec ) app-exploits/weevely app-forensics/make-pdf @@ -35,3 +34,7 @@ PDEPEND=" # the 9999 svn version takes really long time to install. Removing it, until there is a better way to do it #app-exploits/exploitdb + +# Removed because of unsatisfied deps +#amd64? ( app-exploits/empire ) +#amd64? ( app-exploits/deathstar