From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Jun 5 11:20:23 2006 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6C1C416A476 for ; Mon, 5 Jun 2006 11:20:23 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C801543D46 for ; Mon, 5 Jun 2006 11:20:22 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k55BKMbc014137 for ; Mon, 5 Jun 2006 11:20:22 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k55BKMJE014136; Mon, 5 Jun 2006 11:20:22 GMT (envelope-from gnats) Resent-Date: Mon, 5 Jun 2006 11:20:22 GMT Resent-Message-Id: <200606051120.k55BKMJE014136@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Dan Lukes Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3184A16A51D for ; Mon, 5 Jun 2006 11:14:02 +0000 (UTC) (envelope-from dan@kulesh.obluda.cz) Received: from smtp1.kolej.mff.cuni.cz (smtp1.kolej.mff.cuni.cz [195.113.24.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE30843D46 for ; Mon, 5 Jun 2006 11:14:01 +0000 (GMT) (envelope-from dan@kulesh.obluda.cz) Received: from kulesh.obluda.cz (openvpn.ms.mff.cuni.cz [195.113.20.87]) by smtp1.kolej.mff.cuni.cz (8.13.1/8.13.1) with ESMTP id k55BDvoI044156 for ; Mon, 5 Jun 2006 13:13:59 +0200 (CEST) (envelope-from dan@kulesh.obluda.cz) Received: from kulesh.obluda.cz (localhost.other [127.0.0.1] (may be forged)) by kulesh.obluda.cz (8.13.6/8.13.6) with ESMTP id k55BDvfg035892 for ; Mon, 5 Jun 2006 13:13:57 +0200 (CEST) (envelope-from dan@kulesh.obluda.cz) Received: (from root@localhost) by kulesh.obluda.cz (8.13.6/8.13.6/Submit) id k55BDu9r035891; Mon, 5 Jun 2006 13:13:56 +0200 (CEST) (envelope-from dan) Message-Id: <200606051113.k55BDu9r035891@kulesh.obluda.cz> Date: Mon, 5 Jun 2006 13:13:56 +0200 (CEST) From: Dan Lukes To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/98525: [ PATCH ] net/freeradius didn't use non BASE OpenSSL (from ports) X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dan Lukes List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Jun 2006 11:20:23 -0000 >Number: 98525 >Category: ports >Synopsis: [ PATCH ] net/freeradius didn't use non BASE OpenSSL (from ports) >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jun 05 11:20:21 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Dan Lukes >Release: FreeBSD >Organization: Obludarium >Environment: >Description: Lets OS contain OpenSSL installed from ports (in standard LOCALBASE location, e.g. /usr/local/...; the BASE OpenSSL is still present in apropriate directories). The freeradius configuration and compilation then use inconsistent mix of BASE components and PORT components. Configuration problems caused by this mix may cause the diferent parts of freeradius are compiled with different OpenSSL. Some of them may be compiled without OpenSSL support (where the configure fail during test of OpenSSL). The results may differ on different versions of FreeBSD (because of different differecies of BASE and PORTS OpenSSL) On FreeBSD 4.11, where I tried it, it result some unrunnable modules (because of unresolved symbols): Error: rlm_eap: Failed to link EAP-Type/tls: /usr/local/lib/rlm_eap_tls-1.1.2.so: Undefined symbol "cbtls_password" Error: radiusd.conf[9]: eap: Module instantiation failed. Error: radiusd.conf[1735] Unknown module "eap". Error: radiusd.conf[1682] Failed to parse authenticate section. It's because supporting library has been compiled without OpenSSL (because configure found it broken), but others part not. The problem seems to exist on FreeBSD 5 and FreeBSD 6 also, althought I didn't tried it personally. >How-To-Repeat: On system with both base and ports OpenSSL make FreeRadius and run it. Check /var/log/radius.log for errors >Fix: We need to use consistent set of include and librarises. Fortunatelly, the freeradius's configure has --with-openssl-includes --with-openssl-libraries options allowing operator to switch off the internal logic and supply the necesarry informations by hand. The FreeBSD build system has it's own detection which OpenSSL should be used. So I used it and passed the results (the ${OPENSSLINC} and ${OPENSSLLIB}) to the freeradius configure replacing configure's logic by FreeBSD's logic --- Makefile.ORIG Mon Jun 5 12:12:06 2006 +++ Makefile Mon Jun 5 12:26:34 2006 @@ -25,14 +25,6 @@ USE_GMAKE= yes USE_PERL5= yes USE_OPENSSL= yes -CONFIGURE_ARGS= --prefix=${PREFIX} --quiet --with-logdir=${LOGDIR} \ - --localstatedir=/var \ - --disable-ltdl-install \ - --with-ltdl-include=${LOCALBASE}/include \ - --with-ltdl-lib=${LOCALBASE}/lib \ - --with-large-files --without-rlm_sql_unixodbc \ - --without-rlm_sql_oracle --without-rlm_sql_iodbc \ - --without-rlm_sql_db2 MAKE_ARGS+= LDFLAGS="-L${LOCALBASE}/lib ${PTHREAD_LIBS}" PLIST_SUB= PORTVERSION=${PORTVERSION} @@ -47,6 +39,17 @@ .include +CONFIGURE_ARGS= --prefix=${PREFIX} --quiet --with-logdir=${LOGDIR} \ + --localstatedir=/var \ + --disable-ltdl-install \ + --with-ltdl-include=${LOCALBASE}/include \ + --with-ltdl-lib=${LOCALBASE}/lib \ + --with-large-files --without-rlm_sql_unixodbc \ + --without-rlm_sql_oracle --without-rlm_sql_iodbc \ + --without-rlm_sql_db2 \ + --with-openssl-includes=${OPENSSLINC} \ + --with-openssl-libraries=${OPENSSLLIB} + .if ${ARCH} == amd64 CONFIGURE_ARGS+= --with-pic .endif @@ -54,6 +57,7 @@ .if defined(WITH_HEIMDAL) && !defined(WITH_KERBEROS) WITH_KERBEROS= yes .endif + .ifdef(WITH_KERBEROS) .ifdef(WITH_HEIMDAL) >Release-Note: >Audit-Trail: >Unformatted: