Date: Thu, 9 Apr 2009 04:09:30 GMT From: David Wood <david@wood2.org.uk> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/133532: [maintainer update] update net/freeradius2 to 2.1.4 Message-ID: <200904090409.n3949UdB051405@www.freebsd.org> Resent-Message-ID: <200904090410.n394A2IJ034087@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 133532 >Category: ports >Synopsis: [maintainer update] update net/freeradius2 to 2.1.4 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Apr 09 04:10:02 UTC 2009 >Closed-Date: >Last-Modified: >Originator: David Wood >Release: 7.1-RELEASE amd64 >Organization: >Environment: FreeBSD manganese.wood2.org.uk 7.1-RELEASE-p4 FreeBSD 7.1-RELEASE-p4 #0: Tue Mar 24 19:09:50 GMT 2009 david@manganese.wood2.org.uk:/scratch/usr/obj/usr/src/sys/MANGANESE amd64 >Description: Update to FreeRADIUS 2.1.4. This patch has been ready for a little while, but I was holding back in the hope that the overdue FreeRADIUS 2.1.5 would be released, fixing a few problems. With the imminent ports freeze, I am submitting this patch now. FreeBSD notes ============= Mark MAKE_JOBS_UNSAFE. Patch raddb/certs/Makefile for the full path to the openssl binary (so that ports OpenSSL is used to bootstrap the server if it is installed). Use the pkg-install mechanism to update the libdir line in radiusd.conf automatically. In this version of FreeRADIUS, it appears that radmin is broken on FreeBSD if you have gid (and/or uid, presumably) set in raddb/sites-available/control-socket. In this event, the call to getpeereid(3) in line 2096 of src/main/command.c fails with ENOTCONN, radiusd segfaults and radmin goes into a loop using 100% CPU time on one core. I hope to look further into this, but that is a low priority task for me. If you are affected, you'll have to unset uid and gid in raddb/sites-available/control-socket and rely purely on the file permissions of /var/run/radiusd/radiusd.sock for security. In any event, radmin is not for production use - see the warnings on the man page for radmin(1). This really is version 2.1.4 - VERSION is mistakenly set to 2.1.5 (see http://preview.tinyurl.com/dcnbsz for more details). Release notes ============= Feature improvements * Permit multiple "-e" in radmin. * Add support for originating CoA-Request and Disconnect-Request. See raddb/sites-available/originate-coa. * Added "lifetime" and "max_queries" to raddb/sql.conf. This helps address the problem of hung SQL sockets. * Allow packets to be injected via radmin. See "inject help" in radmin. * Answer VMPS reconfirmation request. Patch from Hermann Lauer. * Sample logrotate script in scripts/logrotate.freeradius * Add configurable poll interval for "detail" listeners * New "raddebug" command. This prints debugging information from a running server. See "man raddebug. * Add "require_message_authenticator" configuration to home_server configuration. This makes the server add Message-Authenticator to all outgoing Access-Request packets. * Added smsotp module, as contributed by Siemens. * Enabled the administration socket in the default install. See raddb/sites-available/control-socket, and "man radmin" * Handle duplicate clients, such as with replicated or load-balanced SQL servers and "readclients = yes" Bug fixes * Clean up control sockets when they are closed, so that we don't leak memory. * Define SUN_LEN for systems that don't have it. * Correct some boundary conditions in the conditional checker ("if") in "unlang". Bug noted by Arran Cudbard-Bell. * Work around minor building issues in gmake. This should only have affected developers. * Change how we manage unprivileged user/group, so that we do not create control sockets owned by root. * Fixed more minor issues found by Coverity. * Allow raddb/certs/bootstrap to run when there is no "make" command installed. * In radiusd.conf, run_dir depends on the name of the program, and isn't hard-coded to "..../radiusd" * Check for EOF in more places in the "detail" file reader. * Added Freeswitch dictionary. * Chop ethernet frames in VMPS, rather than droppping packets. * Fix EAP-TLS bug. Patch from Arnaud Ebalard * Don't lose string for regex-compares in the "users" file. * Expose more functions in rlm_sql to rlm_sqlippool, which helps on systems where RTLD_GLOBAL is off. * Fix typos in MySQL schemas for ippools. * Remove macro that was causing build issues on some platforms. * Fixed issues with dead home servers. Bug noted by Chris Moules. * Fixed "access after free" with some dynamic clients. INSTRUCTIONS ============ No files have been been deleted. files/patch-version and files/patch-bootstrap have been added. >How-To-Repeat: >Fix: Patch attached with submission follows: Index: distinfo =================================================================== --- distinfo (.../branches/FreeBSD-ports-tree/freeradius2) (revision 249) +++ distinfo (.../trunk/freeradius2) (revision 249) @@ -1,3 +1,3 @@ -MD5 (freeradius-server-2.1.3.tar.bz2) = df7a23ec6303a89d014fcc43418ce5e5 -SHA256 (freeradius-server-2.1.3.tar.bz2) = 984cf7f3418de8f2abe1e599827264495cef1d234cce4abe05a06a4b6419db1a -SIZE (freeradius-server-2.1.3.tar.bz2) = 2380451 +MD5 (freeradius-server-2.1.4.tar.bz2) = ba1fd573222ed5c8bead1cce1383a7a9 +SHA256 (freeradius-server-2.1.4.tar.bz2) = d509191a2a0cd556f23639547d176c662c0fc0de09fc625e1afc62ed84cbd2de +SIZE (freeradius-server-2.1.4.tar.bz2) = 2405962 Index: files/patch-version =================================================================== --- files/patch-version (.../branches/FreeBSD-ports-tree/freeradius2) (revision 0) +++ files/patch-version (.../trunk/freeradius2) (revision 249) @@ -0,0 +1,5 @@ +--- VERSION 2009-03-19 13:59:05.000000000 +0000 ++++ VERSION 2009-03-19 13:59:14.000000000 +0000 +@@ -1 +1 @@ +-2.1.5 ++2.1.4 Index: files/patch-bootstrap =================================================================== --- files/patch-bootstrap (.../branches/FreeBSD-ports-tree/freeradius2) (revision 0) +++ files/patch-bootstrap (.../trunk/freeradius2) (revision 249) @@ -0,0 +1,11 @@ +--- raddb/certs/bootstrap 2009-03-18 20:20:41.000000000 +0000 ++++ raddb/certs/bootstrap 2009-03-18 21:20:25.000000000 +0000 +@@ -17,7 +17,7 @@ + # + # If that worked, exit. Otherwise, run the commands manually. + # +-if [ "$?" == "0" ] ++if [ $? -eq 0 ] + then + exit 0 + fi Index: files/pkg-install.in =================================================================== --- files/pkg-install.in (.../branches/FreeBSD-ports-tree/freeradius2) (revision 249) +++ files/pkg-install.in (.../trunk/freeradius2) (revision 249) @@ -15,6 +15,7 @@ radius_raddb_work="%%RADDB_WORK%%" radius_raddb="%%RADDB%%" radius_logdir="%%LOGDIR%%" +radius_libdir="%%LIBDIR%%" radius_run_as_user="%%RUN_AS_USER%%" @@ -145,6 +146,19 @@ fi done + # Update the libdir line in radiusd.conf + echo "===> Updating libdir in ${radius_raddb}/radiusd.conf" + if ! sed -i.update-libdir-original -Ee $( \ + echo -n 's:^(libdir[[:space:]=]+)(.*[[:space:]:]+)?' ; \ + echo -n $( echo ${radius_libdir} | \ + sed -Ee 's:^(.*)-[[:digit:].]+$:\1:' ) ; \ + echo -n '(-[[:digit:].]+)?([[:space:]:]+.*)?$' ; \ + echo -n ':\1\2'${radius_libdir}'\4:' \ + ) ${radius_raddb}/radiusd.conf; then + echo "Failed to update libdir in ${radius_raddb}/radius.conf" + exit 1 + fi + rm ${radius_raddb}/radiusd.conf.update-libdir-original ;; esac Index: pkg-plist =================================================================== --- pkg-plist (.../branches/FreeBSD-ports-tree/freeradius2) (revision 249) +++ pkg-plist (.../trunk/freeradius2) (revision 249) @@ -60,6 +60,7 @@ %%EXAMPLESDIR%%/raddb/modules/mac2ip %%EXAMPLESDIR%%/raddb/modules/mac2vlan %%EXAMPLESDIR%%/raddb/modules/mschap +%%EXAMPLESDIR%%/raddb/modules/otp %%EXAMPLESDIR%%/raddb/modules/pam %%EXAMPLESDIR%%/raddb/modules/pap %%EXAMPLESDIR%%/raddb/modules/passwd @@ -69,12 +70,12 @@ %%EXAMPLESDIR%%/raddb/modules/radutmp %%EXAMPLESDIR%%/raddb/modules/realm %%EXAMPLESDIR%%/raddb/modules/smbpasswd +%%EXAMPLESDIR%%/raddb/modules/smsotp %%EXAMPLESDIR%%/raddb/modules/sql_log %%EXAMPLESDIR%%/raddb/modules/sqlcounter_expire_on_login %%EXAMPLESDIR%%/raddb/modules/sradutmp %%EXAMPLESDIR%%/raddb/modules/unix %%EXAMPLESDIR%%/raddb/modules/wimax -%%EXAMPLESDIR%%/raddb/otp.conf %%EXAMPLESDIR%%/raddb/policy.conf %%EXAMPLESDIR%%/raddb/policy.txt %%EXAMPLESDIR%%/raddb/preproxy_users @@ -90,11 +91,13 @@ %%EXAMPLESDIR%%/raddb/sites-available/dynamic-clients %%EXAMPLESDIR%%/raddb/sites-available/example %%EXAMPLESDIR%%/raddb/sites-available/inner-tunnel +%%EXAMPLESDIR%%/raddb/sites-available/originate-coa %%EXAMPLESDIR%%/raddb/sites-available/proxy-inner-tunnel %%EXAMPLESDIR%%/raddb/sites-available/robust-proxy-accounting %%EXAMPLESDIR%%/raddb/sites-available/status %%EXAMPLESDIR%%/raddb/sites-available/virtual.example.com %%EXAMPLESDIR%%/raddb/sites-available/vmps +%%EXAMPLESDIR%%/raddb/sites-enabled/control-socket %%EXAMPLESDIR%%/raddb/sites-enabled/default %%EXAMPLESDIR%%/raddb/sites-enabled/inner-tunnel %%EXAMPLESDIR%%/raddb/sql.conf @@ -396,6 +399,11 @@ %%EXPM%%%%SMB%%%%LIBDIR%%/rlm_smb.a %%EXPM%%%%SMB%%%%LIBDIR%%/rlm_smb.la %%EXPM%%%%SMB%%%%LIBDIR%%/rlm_smb.so +%%EXPM%%%%LIBDIR%%/rlm_smsotp-%%PORTVERSION%%.la +%%EXPM%%%%LIBDIR%%/rlm_smsotp-%%PORTVERSION%%.so +%%EXPM%%%%LIBDIR%%/rlm_smsotp.a +%%EXPM%%%%LIBDIR%%/rlm_smsotp.la +%%EXPM%%%%LIBDIR%%/rlm_smsotp.so %%LIBDIR%%/rlm_sql-%%PORTVERSION%%.la %%LIBDIR%%/rlm_sql-%%PORTVERSION%%.so %%LIBDIR%%/rlm_sql.a @@ -448,6 +456,7 @@ %%EXPM%%%%LIBDIR%%/rlm_wimax.so @dirrm %%LIBDIR%% sbin/checkrad +sbin/raddebug sbin/radiusd sbin/radmin sbin/radwatch @@ -614,6 +623,7 @@ %%DATADIR%%/dictionary.foundry %%DATADIR%%/dictionary.freeradius %%DATADIR%%/dictionary.freeradius.internal +%%DATADIR%%/dictionary.freeswitch %%DATADIR%%/dictionary.gandalf %%DATADIR%%/dictionary.garderos %%DATADIR%%/dictionary.gemtek Index: Makefile =================================================================== --- Makefile (.../branches/FreeBSD-ports-tree/freeradius2) (revision 249) +++ Makefile (.../trunk/freeradius2) (revision 249) @@ -4,9 +4,11 @@ # # $FreeBSD: ports/net/freeradius2/Makefile,v 1.75 2009/03/17 05:20:28 linimon Exp $ # +# $Id$ +# PORTNAME= freeradius -DISTVERSION= 2.1.3 +DISTVERSION= 2.1.4 CATEGORIES= net MASTER_SITES= ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \ ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \ @@ -37,6 +39,7 @@ USE_PYTHON= yes MAKE_ARGS+= LDFLAGS="-L${LOCALBASE}/lib ${PTHREAD_LIBS}" CFLAGS+= -I${LOCALBASE}/include -L${LOCALBASE}/lib +MAKE_JOBS_UNSAFE= yes PLIST_SUB= PORTVERSION=${DISTVERSION} @@ -133,6 +136,7 @@ RADDB_WORK="${WRKSRC}/raddb" \ RADDB="${PREFIX}/etc/raddb" \ LOGDIR="${LOGDIR}" \ + LIBDIR="${PREFIX}/${FREERADIUS_LIBDIR}" \ RC_SUBR_SUFFIX="${RC_SUBR_SUFFIX}" SUB_FILES+= pkg-install pkg-deinstall pkg-message .ifdef(WITH_USER) @@ -260,8 +264,8 @@ rlm_detail.5 rlm_digest.5 rlm_expr.5 rlm_files.5 rlm_mschap.5 \ rlm_pap.5 rlm_passwd.5 rlm_policy.5 rlm_realm.5 rlm_sql.5 \ rlm_sql_log.5 rlm_unix.5 unlang.5 users.5 -MAN8= radiusd.8 radmin.8 radrelay.8 radsqlrelay.8 radwatch.8 \ - rlm_ippool_tool.8 +MAN8= radiusd.8 radmin.8 raddebug.8 radrelay.8 radsqlrelay.8 \ + radwatch.8 rlm_ippool_tool.8 SUB_LIST+= REQUIRE="${_REQUIRE}" @@ -275,13 +279,24 @@ # Patch raddb/certs/bootstrap to use gmake instead of make @${REINPLACE_CMD} -Ee "s:^make:${GMAKE}:" \ ${WRKSRC}/raddb/certs/bootstrap -# Clean up after the last operation (so as not to get unwanted files in raddb) - @${FIND} -E ${WRKSRC}/raddb/certs -regex '.*/bootstrap\.(orig|bak)$$' \ +# Patch raddb/certs/Makefile for the full path to the openssl binary (using +# ports OpenSSL if installed) + @${REINPLACE_CMD} -E \ + -e "s:^([[:space:]])+openssl:\1${OPENSSLBASE}/bin/openssl:g" \ + ${WRKSRC}/raddb/certs/Makefile +# Clean up after the last two operations (so as not to get unwanted files in +# raddb) + @${FIND} -E ${WRKSRC}/raddb/certs \ + -regex '.*/(bootstrap|Makefile)\.(orig|bak)$$' \ -delete # If EXPERIMENTAL (and therefore DHCP) is enabled, enable the DHCP dictionary .ifdef(WITH_EXPERIMENTAL) @${REINPLACE_CMD} -Ee 's:^#(.+ dictionary\.dhcp)$$:\1:g' \ ${WRKSRC}/share/dictionary +# Clean up (so as not to get an unwanted file in share) + @${FIND} -E ${WRKSRC}/share \ + -regex '.*/dictionary\.(orig|bak)$$' \ + -delete .endif # Patch scripts/Makefile not to install (unnecessary) rc.radiusd @${REINPLACE_CMD} -Ee 's:^(.+rc\.radiusd.+)$$:#\1:g' \ Property changes on: Makefile ___________________________________________________________________ Added: svn:keywords + Id >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904090409.n3949UdB051405>