freeradius3: bump to 3.0.20

2025-05-01 21:02:16 +08:00 · 2020-02-19 15:47:22 +08:00 · 2020-02-19 15:47:22 +08:00 · 36ca3db496
commit 36ca3db496
parent 15de7297b9
5 changed files with 337 additions and 32 deletions
--- a/net/freeradius3/Makefile
+++ b/net/freeradius3/Makefile
@ -1,5 +1,5 @@
 #
-# Copyright (C) 2008-2016 OpenWrt.org
+# Copyright (C) 2008-2020 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@ -8,16 +8,17 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=freeradius3
-PKG_VERSION:=release_3_0_11
+PKG_VERSION:=release_3_0_20
-PKG_RELEASE:=3
+PKG_RELEASE:=2
 PKG_SOURCE:=$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive
-PKG_HASH:=f0b32edb90368c3b9523e2baa792a1794d8bad662407f0d210a6c460541379b7
+PKG_HASH:=8177fe550af6685a040884dbe3df28431bdc5a8d3a48a9f4f88bdb49f2d0e90c
-PKG_MAINTAINER:=Lucile Quirion <lucile.quirion@savoirfairelinux.com>
+PKG_MAINTAINER:=
 PKG_LICENSE:=GPL-2.0
 PKG_LICENSE_FILES:=COPYRIGHT LICENSE
 PKG_CPE_ID:=cpe:/a:freeradius:freeradius
 PKG_BUILD_DIR:=$(BUILD_DIR)/freeradius-server-$(PKG_VERSION)
 PKG_FIXUP:=autoreconf
@ -26,7 +27,11 @@ PKG_CONFIG_DEPENDS := \
  FREERADIUS3_OPENSSL \
  FREERADIUS3_NOSSL
 CFLAGS += $(FPIC)
 include $(INCLUDE_DIR)/package.mk
 include $(TOPDIR)/feeds/packages/lang/python/python-package.mk
 include $(TOPDIR)/feeds/packages/lang/python/python3-package.mk
 define Package/freeradius3/config
  source "$(SOURCE)/Config.in"
@ -35,7 +40,7 @@ endef
 define Package/freeradius3/Default
  SECTION:=net
  CATEGORY:=Network
-  URL:=http://freeradius.org/
+  URL:=https://freeradius.org/
  SUBMENU:=FreeRADIUS (version 3)
 endef
@ -54,7 +59,7 @@ endef
 define Package/freeradius3-common
  $(call Package/freeradius3/Default)
  TITLE:=common files
-  DEPENDS:=+USE_GLIBC:libpthread +FREERADIUS3_OPENSSL:libopenssl +libcap +libpcap +libncurses +PACKAGE_libpcre:libpcre +libreadline +libtalloc
+  DEPENDS:=+USE_GLIBC:libpthread +FREERADIUS3_OPENSSL:libopenssl +libcap +libpcap +libncurses +libpcre +libreadline +libtalloc +libatomic
 endef
 define Package/freeradius3-default
@ -74,6 +79,7 @@ define Package/freeradius3-default
 +freeradius3-mod-eap-peap \
 +freeradius3-mod-eap-tls \
 +freeradius3-mod-eap-ttls \
 +freeradius3-mod-eap-pwd \
 +freeradius3-mod-exec \
 +freeradius3-mod-expiration \
 +freeradius3-mod-expr \
@ -183,6 +189,12 @@ define Package/freeradius3-mod-eap-ttls
  TITLE:=EAP/TTLS module
 endef
 define Package/freeradius3-mod-eap-pwd
  $(call Package/freeradius3/Default)
  DEPENDS:=freeradius3-mod-eap @FREERADIUS3_OPENSSL
  TITLE:=EAP/PWD module
 endef
 define Package/freeradius3-mod-exec
  $(call Package/freeradius3/Default)
  DEPENDS:=freeradius3
@ -330,6 +342,26 @@ define Package/freeradius3-mod-preprocess/conffiles
 /etc/freeradius3/mods-enabled/preprocess
 endef
 define Package/freeradius3-mod-python
  $(call Package/freeradius3/Default)
  DEPENDS:=freeradius3 +python
  TITLE:=Python module
 endef
 define Package/freeradius3-mod-python/conffiles
 /etc/freeradius3/mods-available/python
 endef
 define Package/freeradius3-mod-python3
  $(call Package/freeradius3/Default)
  DEPENDS:=freeradius3 +python3
  TITLE:=Python3 module
 endef
 define Package/freeradius3-mod-python3/conffiles
 /etc/freeradius3/mods-available/python3
 endef
 define Package/freeradius3-mod-realm
  $(call Package/freeradius3/Default)
  DEPENDS:=freeradius3
@ -337,12 +369,79 @@ define Package/freeradius3-mod-realm
 endef
 define Package/freeradius3-mod-realm/conffiles
 /etc/freeradius3/proxy.conf
 /etc/freeradius3/mods-available/realm
 /etc/freeradius3/mods-enabled/realm
 endef
-# SQL support has not been ported
+define Package/freeradius3-mod-sql
  $(call Package/freeradius3/Default)
  DEPENDS:=freeradius3
  TITLE:=Radius generic SQL front-end
 endef
 define Package/freeradius3-mod-sql/conffiles
 /etc/freeradius3/mods-available/sql
 endef
 define Package/freeradius3-mod-sql-mysql
  $(call Package/freeradius3/Default)
  DEPENDS:=freeradius3-mod-sql +libmysqlclient
  TITLE:=Radius MySQL back-end drivers
 endef
 define Package/freeradius3-mod-sql-mysql/conffiles
 /etc/freeradius3/mods-config/sql/main/mysql
 endef
 define Package/freeradius3-mod-sql-null
  $(call Package/freeradius3/Default)
  DEPENDS:=freeradius3-mod-sql
  TITLE:=Radius Dummy SQL back-end drivers
 endef
 define Package/freeradius3-mod-sql-postgresql
  $(call Package/freeradius3/Default)
  DEPENDS:=freeradius3-mod-sql +libpq
  TITLE:=Radius PostgreSQL back-end drivers
 endef
 define Package/freeradius3-mod-sql-postgresql/conffiles
 /etc/freeradius3/mods-config/sql/main/postgresql
 endef
 define Package/freeradius3-mod-sql-sqlite
  $(call Package/freeradius3/Default)
  DEPENDS:=freeradius3-mod-sql +libsqlite3
  TITLE:=Radius SQLite back-end drivers
 endef
 define Package/freeradius3-mod-sql-sqlite/conffiles
 /etc/freeradius3/mods-config/sql/main/sqlite
 endef
 define Package/freeradius3-mod-sqlcounter
  $(call Package/freeradius3/Default)
  DEPENDS:=+freeradius3-mod-sql
  TITLE:=Packet counter using accounting records written into an SQL database
 endef
 define Package/freeradius3-mod-sqlcounter/conffiles
 /etc/freeradius3/mods-config/sql/counter
 /etc/freeradius3/mods-available/sqlcounter
 endef
 define Package/freeradius3-mod-sqlippool
  $(call Package/freeradius3/Default)
  DEPENDS:=+freeradius3-mod-sql
  TITLE:=Radius SQL Based IP Pool module
 endef
 define Package/freeradius3-mod-sqlippool/conffiles
 /etc/freeradius3/mods-config/sql/ippool
 /etc/freeradius3/mods-config/sql/ippool-dhcp
 /etc/freeradius3/mods-available/dhcp_sqlippool
 /etc/freeradius3/mods-available/sqlippool
 endef
 define Package/freeradius3-mod-radutmp
  $(call Package/freeradius3/Default)
@ -374,6 +473,13 @@ define Package/freeradius3-utils
  TITLE:=Misc. client utilities
 endef
 # This is a workaround for a bug in configure.ac, that does not check
 # for the openss/rand.h header.  Setting the macro is safe for openwrt,
 # and faster than rebuilding configure.
 # This has been fixed upstream in the 3.0.x branch, and should not be
 # needed in a future release.
 EXTRA_CFLAGS+= -DHAVE_OPENSSL_RAND_H
 CONFIGURE_ARGS+= \
 	--libdir=/usr/lib/freeradius3 \
 	--libexecdir=/usr/lib/freeradius3 \
@ -397,7 +503,6 @@ CONFIGURE_ARGS+= \
 	--without-rlm_couchbase \
 	--without-rlm_counter \
 	--without-rlm_eap_ikev2 \
 	--without-rlm_eap_pwd \
 	--without-rlm_eap_sim \
 	--without-rlm_eap_tnc \
 	--without-rlm_example \
@ -407,29 +512,23 @@ CONFIGURE_ARGS+= \
 	--without-rlm_opendirectory \
 	--without-rlm_pam \
 	--without-rlm_perl \
 	--without-rlm_python \
 	--without-rlm_redis \
 	--without-rlm_rediswho \
 	--without-rlm_rest \
 	--without-rlm_ruby \
 	--without-rlm_securid \
 	--without-rlm_smsotp \
 	--without-rlm_sql \
 	--without-rlm_sql_db2 \
 	--without-rlm_sql_firebird \
 	--without-rlm_sql_freetds \
 	--without-rlm_sql_iodbc \
 	--without-rlm_sql_mysql \
 	--without-rlm_sql_oracle \
 	--without-rlm_sql_postgresql \
 	--without-rlm_sql_sqlite \
 	--without-rlm_sql_unixodbc \
 	--without-rlm_sqlcounter \
 	--without-rlm_sqlhpwippool \
 	--without-rlm_sqlippool \
 	--without-rlm_unbound \
 	--without-rlm_yubikey \
 CONFIGURE_LIBS+= -latomic
 PKG_DICTIONARIES:= \
 	compat \
 	freeradius freeradius.internal \
@ -468,6 +567,80 @@ else
  CONFIGURE_ARGS+= --without-rlm_eap_ttls
 endif
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-eap-pwd),)
  CONFIGURE_ARGS+= \
 		--with-rlm_eap_pwd \
 		--with-rlm_eap_pwd-include-dir="$(STAGING_DIR)/usr/include" \
 		--with-rlm_eap_pwd-lib-dir="$(STAGING_DIR)/usr/lib"
  CONFIGURE_LIBS+= -lcrypto -lssl
 else
  CONFIGURE_ARGS+= --without-rlm_eap_pwd
 endif
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-python),)
  CFLAGS+= -fPIC
  CONFIGURE_ARGS+= \
 		--with-rlm_python \
 		--with-rlm-python-include-dir="$(PYTHON_INC_DIR)" \
 		--with-rlm-python-lib-dir="$(PYTHON_LIB_DIR)"
  CONFIGURE_VARS+= \
 		OPENWRTTARGET_PY_PREFIX="$(PYTHON_DIR)" \
 		OPENWRTTARGET_PY_SYS_VERSION="$(PYTHON_VERSION)"
 else
  CONFIGURE_ARGS+= --without-rlm_python
 endif
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-python3),)
  CFLAGS+= -fPIC
  CONFIGURE_ARGS+= \
 		--with-modules="rlm_python3" \
 		--with-rlm-python3-include-dir="$(PYTHON3_INC_DIR)" \
 		--with-rlm-python3-lib-dir="$(PYTHON3_LIB_DIR)"
  CONFIGURE_VARS+= \
 		OPENWRTTARGET_PY3_PREFIX="$(PYTHON3_DIR)" \
 		OPENWRTTARGET_PY3_SYS_VERSION="$(PYTHON3_VERSION)"
 else
  CONFIGURE_ARGS+= --without-rlm_python3
 endif
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-sql),)
  CONFIGURE_ARGS+= --with-rlm_sql
 else
  CONFIGURE_ARGS+= --without-rlm_sql
 endif
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-sql-mysql),)
  CONFIGURE_ARGS+= \
 		--with-rlm_sql_mysql \
 		--with-mysql-include-dir="$(STAGING_DIR)/usr/include/mysql"
 else
  CONFIGURE_ARGS+= --without-rlm_sql_mysql
 endif
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-sql-postgresql),)
  CONFIGURE_ARGS+= --with-rlm_sql_postgresql
 else
  CONFIGURE_ARGS+= --without-rlm_sql_postgresql
 endif
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-sql-sqlite),)
  CONFIGURE_ARGS+= --with-rlm_sql_sqlite
 else
  CONFIGURE_ARGS+= --without-rlm_sql_sqlite
 endif
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-sqlcounter),)
  CONFIGURE_ARGS+= --with-rlm_sqlcounter
 else
  CONFIGURE_ARGS+= --without-rlm_sqlcounter
 endif
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-sqlippool),)
  CONFIGURE_ARGS+= --with-rlm_sqlippool
 else
  CONFIGURE_ARGS+= --without-rlm_sqlippool
 endif
 ifneq ($(SDK)$(CONFIG_PACKAGE_freeradius3-mod-radutmp),)
  CONFIGURE_ARGS+= --with-rlm_radutmp
 else
@ -488,6 +661,13 @@ else
  CONFIGURE_ARGS+= --without-rlm_ldap
 endif
 ifeq ($(CONFIG_USE_GLIBC),y)
  TARGET_CFLAGS+= -DLIBBSD_OVERLAY -I$(STAGING_DIR)/usr/include/bsd \
 	-D_RPC_NETDB_H
 	#^^^^^^^^^^^^^ avoid inclusion of librpc's netdb.h
  CONFIGURE_LIBS+= -Wl,--push-state,--as-needed -lbsd -Wl,--pop-state
 endif
 CONFIGURE_VARS+= \
 	LDFLAGS="$$$$LDFLAGS" \
 	LIBS="$(CONFIGURE_LIBS)" \
@ -598,6 +778,7 @@ $(eval $(call BuildPlugin,freeradius3-mod-eap-peap,rlm_eap_peap,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap,rlm_eap,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-tls,rlm_eap_tls,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-ttls,rlm_eap_ttls,))
 $(eval $(call BuildPlugin,freeradius3-mod-eap-pwd,rlm_eap_pwd,))
 $(eval $(call BuildPlugin,freeradius3-mod-exec,rlm_exec,))
 $(eval $(call BuildPlugin,freeradius3-mod-expiration,rlm_expiration,))
 $(eval $(call BuildPlugin,freeradius3-mod-expr,rlm_expr,))
@ -608,7 +789,18 @@ $(eval $(call BuildPlugin,freeradius3-mod-mschap,rlm_mschap,))
 $(eval $(call BuildPlugin,freeradius3-mod-pap,rlm_pap,))
 $(eval $(call BuildPlugin,freeradius3-mod-passwd,rlm_passwd,))
 $(eval $(call BuildPlugin,freeradius3-mod-preprocess,rlm_preprocess,))
 $(eval $(call PyPackage,freeradius3-mod-python))
 $(eval $(call BuildPlugin,freeradius3-mod-python,rlm_python,))
 $(eval $(call Py3Package,freeradius3-mod-python3))
 $(eval $(call BuildPlugin,freeradius3-mod-python3,rlm_python3,))
 $(eval $(call BuildPlugin,freeradius3-mod-radutmp,rlm_radutmp,))
 $(eval $(call BuildPlugin,freeradius3-mod-realm,rlm_realm,))
 $(eval $(call BuildPlugin,freeradius3-mod-sql,rlm_sql,))
 $(eval $(call BuildPlugin,freeradius3-mod-sql-mysql,rlm_sql_mysql,))
 $(eval $(call BuildPlugin,freeradius3-mod-sql-null,rlm_sql_null,))
 $(eval $(call BuildPlugin,freeradius3-mod-sql-postgresql,rlm_sql_postgresql,))
 $(eval $(call BuildPlugin,freeradius3-mod-sql-sqlite,rlm_sql_sqlite,))
 $(eval $(call BuildPlugin,freeradius3-mod-sqlcounter,rlm_sqlcounter,))
 $(eval $(call BuildPlugin,freeradius3-mod-sqlippool,rlm_sqlippool,))
 $(eval $(call BuildPlugin,freeradius3-mod-unix,rlm_unix,))
 $(eval $(call BuildPackage,freeradius3-utils))
--- a/net/freeradius3/files/radiusd.init
+++ b/net/freeradius3/files/radiusd.init
@ -19,7 +19,7 @@ start_service()
 	mkdir -p /var/db/radacct
 	procd_open_instance
-	procd_set_param command $PROG -f
+	procd_set_param command $PROG -s
 	procd_set_param env LD_LIBRARY_PATH=/usr/lib/freeradius3
 	[ -n "$IPADDR" ] && procd_append_param command -i $IPADDR
 	[ -n "$OPTIONS" ] && procd_append_param command $OPTIONS
--- a/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch
+++ b/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch
@ -3,22 +3,13 @@ Description: disable session caching in the server (as opposed to in the
 https://security-tracker.debian.org/tracker/CVE-2017-9148
 Author: Michael Stapelberg <stapelberg@debian.org>
 Forwarded: not-needed
-Last-Update: 2017-05-30
+Last-Update: 2020-01-24
 ---
 --- a/src/main/tls.c
 +++ b/src/main/tls.c
-@@ -369,7 +369,7 @@ tls_session_t *tls_new_session(TALLOC_CT
+@@ -675,7 +675,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU
 	 *
 	 *	FIXME: Also do it every N sessions?
 	 */
 -	if (conf->session_cache_enable &&
 +	if (/*conf->session_cache_enable*/0 &&
 	    ((conf->session_last_flushed + ((int)conf->session_timeout * 1800)) <= request->timestamp)){
 		RDEBUG2("Flushing SSL sessions (of #%ld)", SSL_CTX_sess_number(conf->ctx));
@@ -463,7 +463,7 @@ tls_session_t *tls_new_session(TALLOC_CT
 		state->mtu = vp->vp_integer;
 	}
@ -27,7 +18,7 @@ Last-Update: 2017-05-30
 	return state;
 }
-@@ -2675,7 +2675,7 @@ post_ca:
+@@ -3292,7 +3292,7 @@ post_ca:
 	/*
 	 *	Callbacks, etc. for session resumption.
 	 */
@ -36,7 +27,7 @@ Last-Update: 2017-05-30
 		/*
 		 *	Cache sessions on disk if requested.
 		 */
-@@ -2745,7 +2745,7 @@ post_ca:
+@@ -3362,7 +3362,7 @@ post_ca:
 	/*
 	 *	Setup session caching
 	 */
@ -45,3 +36,12 @@ Last-Update: 2017-05-30
 		/*
 		 *	Create a unique context Id per EAP-TLS configuration.
 		 */
@@ -3531,7 +3531,7 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs)
 		goto error;
 	}
 -	if (conf->session_cache_enable) {
 +	if (/*conf->session_cache_enable*/0) {
 		CONF_SECTION	*subcs;
 		CONF_ITEM	*ci;
--- a/net/freeradius3/patches/003-freeradius-fix-error-for-expansion-of-macro.patch
+++ b/net/freeradius3/patches/003-freeradius-fix-error-for-expansion-of-macro.patch
@ -0,0 +1,33 @@
 --- a/src/include/threads.h
 +++ b/src/include/threads.h
@@ -89,7 +89,7 @@ static _t __fr_thread_local_init_##_n(pt
 #  define fr_thread_local_get(_n) _n
 #elif defined(HAVE_PTHREAD_H)
 #  include <pthread.h>
 -#  define fr_thread_local_setup(_t, _n) \
 +#  define fr_thread_local_setup(_t, _n) static __thread _t _n;\
 static pthread_key_t __fr_thread_local_key_##_n;\
 static pthread_once_t __fr_thread_local_once_##_n = PTHREAD_ONCE_INIT;\
 static pthread_destructor_t __fr_thread_local_destructor_##_n = NULL;\
@@ -100,17 +100,17 @@ static void __fr_thread_local_destroy_##
 static void __fr_thread_local_key_init_##_n(void)\
 {\
 	(void) pthread_key_create(&__fr_thread_local_key_##_n, __fr_thread_local_destroy_##_n);\
 -	(void) pthread_setspecific(__fr_thread_local_key_##_n, &(_n));\
 }\
 static _t __fr_thread_local_init_##_n(pthread_destructor_t func)\
 {\
 	__fr_thread_local_destructor_##_n = func;\
 	if (_n) return _n; \
 	(void) pthread_once(&__fr_thread_local_once_##_n, __fr_thread_local_key_init_##_n);\
 +	(void) pthread_setspecific(__fr_thread_local_key_##_n, &(_n));\
 	return _n;\
 }
 -#  define fr_thread_local_init(_n, _f)			__fr_thread_local_init_##_n(_f)
 -#  define fr_thread_local_set(_n, _v)			__fr_thread_local_set_##_n(_v)
 -#  define fr_thread_local_get(_n)			__fr_thread_local_get_##_n()
 +#  define fr_thread_local_init(_n, _f)	__fr_thread_local_init_##_n(_f)
 +#  define fr_thread_local_set(_n, _v) ((int)!((_n = _v) || 1))
 +#  define fr_thread_local_get(_n) _n
 #endif
 #endif
--- a/net/freeradius3/patches/004-fix-target-python-header-detection.patch
+++ b/net/freeradius3/patches/004-fix-target-python-header-detection.patch
@ -0,0 +1,80 @@
 --- a/src/modules/rlm_python/configure
 +++ b/src/modules/rlm_python/configure
@@ -2928,15 +2928,15 @@ fi
 	if test x$fail = x; then
 -		PY_PREFIX=`${PYTHON_BIN} -c 'import sys ; print(sys.prefix)'`
 +		PY_PREFIX="$OPENWRTTARGET_PY_PREFIX"
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.prefix \"${PY_PREFIX}\"" >&5
 $as_echo "$as_me: Python sys.prefix \"${PY_PREFIX}\"" >&6;}
 -		PY_EXEC_PREFIX=`${PYTHON_BIN} -c 'import sys ; print(sys.exec_prefix)'`
 +		PY_EXEC_PREFIX="$OPENWRTTARGET_PY_PREFIX"
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"" >&5
 $as_echo "$as_me: Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"" >&6;}
 -		PY_SYS_VERSION=`${PYTHON_BIN} -c 'import sys ; print(sys.version[0:3])'`
 +		PY_SYS_VERSION="$OPENWRTTARGET_PY_SYS_VERSION"
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.version \"${PY_SYS_VERSION}\"" >&5
 $as_echo "$as_me: Python sys.version \"${PY_SYS_VERSION}\"" >&6;}
 --- a/src/modules/rlm_python/configure.ac
 +++ b/src/modules/rlm_python/configure.ac
@@ -65,13 +65,13 @@ if test x$with_[]modname != xno; then
 	)
 	if test x$fail = x; then
 -		PY_PREFIX=`${PYTHON_BIN} -c 'import sys ; print(sys.prefix)'`
 +		PY_PREFIX="$OPENWRTTARGET_PY_PREFIX"
 		AC_MSG_NOTICE([Python sys.prefix \"${PY_PREFIX}\"])
 -		PY_EXEC_PREFIX=`${PYTHON_BIN} -c 'import sys ; print(sys.exec_prefix)'`
 +		PY_EXEC_PREFIX="$OPENWRTTARGET_PY_PREFIX"
 		AC_MSG_NOTICE([Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"])
 -		PY_SYS_VERSION=`${PYTHON_BIN} -c 'import sys ; print(sys.version[[0:3]])'`
 +		PY_SYS_VERSION="$OPENWRTTARGET_PY_SYS_VERSION"
 		AC_MSG_NOTICE([Python sys.version \"${PY_SYS_VERSION}\"])
 		if test "x$PY_LIB_DIR" = "x"; then
 --- a/src/modules/rlm_python3/configure
 +++ b/src/modules/rlm_python3/configure
@@ -2928,15 +2928,15 @@ fi
 	if test x$fail = x; then
 -		PY_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.prefix)'`
 +		PY_PREFIX="$OPENWRTTARGET_PY3_PREFIX"
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.prefix \"${PY_PREFIX}\"" >&5
 $as_echo "$as_me: Python sys.prefix \"${PY_PREFIX}\"" >&6;}
 -		PY_EXEC_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.exec_prefix)'`
 +		PY_EXEC_PREFIX="$OPENWRTTARGET_PY3_PREFIX"
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"" >&5
 $as_echo "$as_me: Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"" >&6;}
 -		PY_SYS_VERSION=`${PYTHON3_BIN} -c 'import sys ; print(sys.version[0:3])'`
 +		PY_SYS_VERSION="$OPENWRTTARGET_PY3_SYS_VERSION"
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: Python sys.version \"${PY_SYS_VERSION}\"" >&5
 $as_echo "$as_me: Python sys.version \"${PY_SYS_VERSION}\"" >&6;}
 --- a/src/modules/rlm_python3/configure.ac
 +++ b/src/modules/rlm_python3/configure.ac
@@ -65,13 +65,13 @@ if test x$with_[]modname != xno; then
 	)
 	if test x$fail = x; then
 -		PY_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.prefix)'`
 +		PY_PREFIX="$OPENWRTTARGET_PY3_PREFIX"
 		AC_MSG_NOTICE([Python sys.prefix \"${PY_PREFIX}\"])
 -		PY_EXEC_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.exec_prefix)'`
 +		PY_EXEC_PREFIX="$OPENWRTTARGET_PY3_PREFIX"
 		AC_MSG_NOTICE([Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"])
 -		PY_SYS_VERSION=`${PYTHON3_BIN} -c 'import sys ; print(sys.version[[0:3]])'`
 +		PY_SYS_VERSION="$OPENWRTTARGET_PY3_SYS_VERSION"
 		AC_MSG_NOTICE([Python sys.version \"${PY_SYS_VERSION}\"])
 		if test "x$PY_LIB_DIR" = "x"; then