Date: Wed, 29 Jun 2011 01:34:57 GMT From: Ryan Steinmetz <rpsfa@rit.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/158413: [maintainer-update] net/freeradius2 to 2.1.11 Message-ID: <201106290134.p5T1YvMb023382@red.freebsd.org> Resent-Message-ID: <201106290140.p5T1e8vh045246@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 158413
>Category: ports
>Synopsis: [maintainer-update] net/freeradius2 to 2.1.11
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Wed Jun 29 01:40:08 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Ryan Steinmetz
>Release: 8.2-RELEASE
>Organization:
Rochester Institute of Technology
>Environment:
>Description:
-Update to 2.1.11
-Add LICENSE
-Remove files/patch-src-modules-rlm_mschap-rlm_mschap.c
-Remove HAVE_LT_DLADVISE_INIT workaround
-Remove extra line return in pkg-descr
===========================================================
Feature improvements
Added doc/rfc/rfc6158.txt: RADIUS Design Guidelines. All vendors need to read it and follow its directions.
Microsoft SoH support for PEAP from Phil Mayers. See doc/SoH.txt
Certificate "bootstrap" script now checks for certificate expiry. See comments in raddb/eap.conf, and then "make_cert_command".
Support for dynamic expansion of EAP-GTC challenges. Patch from Alexander Clouter.
OCSP support from Alex Bergmann. See raddb/eap.conf, "ocsp" section.
Updated dictionary.huawei, dictionary.3gpp, dictionary.3gpp3.
Added dictionary.eltex, dictionary.motorola, and dictionary.ukerna.
Experimental redis support from Gabriel Blanchard. See raddb/modules/redis and raddb/modules/rediswho
Add "key" to rlm_fastusers. Closes bug #126.
Added scripts/radtee from original software at http://horde.net/~jwm/software/misc/comparison-tee
Updated radmin "man" page for new commands.
radsniff now prints the hex decoding of the packet (-x -x -x)
mschap module now reloads its configuration on HUP
Added experimental "replicate" module. See raddb/modules/replicate
Policy "foo" can now refer to module "foo". This lets you over-ride the behavior of a module.
Policy "foo.authorize" can now over-ride the behavior of module "foo", "authorize" method.
Produce errors in more situations when the configuration files have invalid syntax.
Bug fixes
Ignore pre/post-proxy sections if proxying is disabled.
Add configure checks for pcap_fopen*.
Fix call to otp_write in rlm_otp
Fix issue with Access-Challenge checking from 2.1.10, when the debug flag was set after server startup. Closes #116 and #117.
Fix typo in zombie period start time.
Fix leak in src/main/valuepair.c. Patch from James Ballantine.
Allow radtest to use spaces in shared secret. Patch from Cedric Carree.
Remove extra calls to HMAC_CTX_init() in rlm_wimax, fixing leak. Patch from James Ballantine.
Remove MN-FA key generation. The NAS does this, not AAA. Patch from Ben Weichman.
Include dictionary.mikrotik by default. Closes bug #121.
Add group membership query to MS-SQL examples. Closes bug #120.
Don't cast NAS-Port to integer in Postgresql queries. Closes bug #112.
Fixes for libtool and autoconf from Sam Hartman.
radsniff should read the dictionaries in more situations.
Use fnmatch to check for detail file reader==writer. Closes bug #128.
Check for short writes (i.e. disk full) in rlm_detail. Closes bug #130. Patches and testing from John Morrissey.
Fix typo in src/lib/token.c. Closes bug #124
Allow workstation trust accounts to use MS-CHAP. Closes bug #123.
Assigning foo=`/bin/echo hello` now produces a syntax error if it is done outside of an "update" section.
Fix "too many open file descriptors" problem when using "verify client" in eap.conf.
Many fixes to dialup_admin for PHP5, by Stefan Winter.
Allow preprocess module to have "hints = " and "huntgroups =", which allows them to be empty or non-existent.
Renamed "php3" files to "php" in dialup_admin/
Produce error when sub-TLVs are used in a dictionary. They are supported only in the "master" branch, and not in 2.1.x.
Minor fix in dictionary.redback. Closes bug #138.
Fixed MySQL "NULL" issues in ippool.conf. Closes bug #129.
Fix to Access-Challenge warning from Ken-ichirou Matsuzawa. Closes bug #118.
DHCP fixes to send unicast packets in more situations.
Fix to udpfromto, to enable it to work on IPv6 networks.
Fixes to the Oracle accounting_onoff_query.
When using both IPv4 and IPv6 home servers, ensure that we use the correct local socket for proxying. Closes bug #143.
Suppress messages when thread pool is nearly full, all threads are busy, and we can't create new threads.
IPv6 is now enabled for udpfromto. Closes bug #141
Make sqlippool query buffer the same size as sql module. Closes bug #139.
Make Coa / Disconnect proxying work again.
Configure scripts for rlm_caching from Nathaniel McCallum
src/lib/dhcp.c and src/include/libradius.h are LGPL, not GPL.
Updated password routines to use time-insensitive comparisons. This prevents timing attacks (though none are known).
Allow sqlite module to do normal SELECT queries.
rlm_wimax now has a configure script
Moved Ascend, USR, and Motorola "illegal" dictionaries to separate files. See share/dictionary for explanations.
Check for duplicate module definitions in the modules{} section, and refuse to start if duplicates are found.
Check for duplicate virtual servers, and refuse to start if duplicates are found.
Don't use udpfromto if source is INADDR_ANY. Closes bug #148.
Check pre-conditions before running radmin "inject file".
Don't over-ride "no match" with "match" for regexes. Closes bug #152.
Make retry and error message configurable in mschap. See raddb/modules/mschap
Allow EAP-MSCHAPv2 to send error message to client. This change allows some clients to prompt the user for a new password. See raddb/eap.conf, mschapv2 section, "send_error".
Load the default virtual server before any others. This matches what users expect, and reduces confusion.
Fix configure checks for udpfromto. Fixes Debian bug #606866
Definitive fix for bug #35, where the server could crash under certain loads. Changes src/lib/packet.c to use RB trees.
Updated "configure" checks to allow IPv6 udpfromto on Linux.
SQL module now returns NOOP if the accounting start/interim/stop queries don't do anything.
Allow %{outer.control: ... } in string expansions
home_server coa config now matches raddb/proxy.conf
Never send a reply to a DHCP Release.
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/net/freeradius2/Makefile,v
retrieving revision 1.94
diff -u -r1.94 Makefile
--- Makefile 11 Jan 2011 02:38:22 -0000 1.94
+++ Makefile 29 Jun 2011 01:25:12 -0000
@@ -8,8 +8,7 @@
#
PORTNAME= freeradius
-DISTVERSION= 2.1.10
-PORTREVISION= 2
+DISTVERSION= 2.1.11
CATEGORIES= net
MASTER_SITES= ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \
ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \
@@ -61,6 +60,8 @@
.include <bsd.port.options.mk>
+LICENSE= GPLv2
+
# Default requirements for rc script
_REQUIRE= NETWORKING SERVERS
@@ -156,8 +157,6 @@
USE_PERL5= yes
CONFIGURE_ARGS+=--with-rlm_perl
PLIST_SUB+= RLMPERL=""
-# temporary workaround for libtool issue until FR 2.2.x is released
-CFLAGS+= -DHAVE_LT_DLADVISE_INIT
.else
CONFIGURE_ARGS+=--without-perl --without-rlm_perl
PLIST_SUB+= RLMPERL="@comment "
@@ -168,8 +167,6 @@
CONFIGURE_ARGS+=--with-rlm_python \
--with-rlm-python-lib-dir=${PYTHON_LIBDIR} \
--with-rlm-python-include-dir=${PYTHON_INCLUDEDIR}
-# temporary workaround for libtool issue until FR 2.2.x is released
-CFLAGS+= -DHAVE_LT_DLADVISE_INIT
PLIST_SUB+= RLMPYTHON=""
.else
CONFIGURE_ARGS+=--without-rlm_python
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/net/freeradius2/distinfo,v
retrieving revision 1.33
diff -u -r1.33 distinfo
--- distinfo 20 Mar 2011 12:51:20 -0000 1.33
+++ distinfo 29 Jun 2011 01:25:12 -0000
@@ -1,2 +1,2 @@
-SHA256 (freeradius-server-2.1.10.tar.bz2) = 8c56356cec5fd33522d86118a1065e004cce6735f0889146526f9839261fee9e
-SIZE (freeradius-server-2.1.10.tar.bz2) = 2545578
+SHA256 (freeradius-server-2.1.11.tar.bz2) = c93ce0c419c5540cb044d5319c3beb995d2a91134bdc2ed5896c72413f95b9e7
+SIZE (freeradius-server-2.1.11.tar.bz2) = 2632549
Index: pkg-descr
===================================================================
RCS file: /home/ncvs/ports/net/freeradius2/pkg-descr,v
retrieving revision 1.6
diff -u -r1.6 pkg-descr
--- pkg-descr 18 Jan 2008 21:13:38 -0000 1.6
+++ pkg-descr 29 Jun 2011 01:25:12 -0000
@@ -4,5 +4,4 @@
community, including eduroam. The server is fast, feature-rich, modular, and
scalable.
-
WWW: http://www.freeradius.org/
Index: pkg-plist
===================================================================
RCS file: /home/ncvs/ports/net/freeradius2/pkg-plist,v
retrieving revision 1.43
diff -u -r1.43 pkg-plist
--- pkg-plist 21 Oct 2010 23:52:34 -0000 1.43
+++ pkg-plist 29 Jun 2011 01:25:12 -0000
@@ -74,8 +74,12 @@
%%EXAMPLESDIR%%/raddb/modules/preprocess
%%EXAMPLESDIR%%/raddb/modules/radutmp
%%EXAMPLESDIR%%/raddb/modules/realm
+%%EXAMPLESDIR%%/raddb/modules/redis
+%%EXAMPLESDIR%%/raddb/modules/rediswho
+%%EXAMPLESDIR%%/raddb/modules/replicate
%%EXAMPLESDIR%%/raddb/modules/smbpasswd
%%EXAMPLESDIR%%/raddb/modules/smsotp
+%%EXAMPLESDIR%%/raddb/modules/soh
%%EXAMPLESDIR%%/raddb/modules/sql_log
%%EXAMPLESDIR%%/raddb/modules/sqlcounter_expire_on_login
%%EXAMPLESDIR%%/raddb/modules/sradutmp
@@ -101,6 +105,7 @@
%%EXAMPLESDIR%%/raddb/sites-available/proxy-inner-tunnel
%%EXAMPLESDIR%%/raddb/sites-available/robust-proxy-accounting
%%EXAMPLESDIR%%/raddb/sites-available/status
+%%EXAMPLESDIR%%/raddb/sites-available/soh
%%EXAMPLESDIR%%/raddb/sites-available/virtual.example.com
%%EXAMPLESDIR%%/raddb/sites-available/vmps
%%EXAMPLESDIR%%/raddb/sites-enabled/control-socket
@@ -402,6 +407,16 @@
%%LIBDIR%%/rlm_realm.a
%%LIBDIR%%/rlm_realm.la
%%LIBDIR%%/rlm_realm.so
+%%LIBDIR%%/rlm_soh.so
+%%LIBDIR%%/rlm_soh-%%PORTVERSION%%.so
+%%LIBDIR%%/rlm_soh.la
+%%LIBDIR%%/rlm_soh.a
+%%LIBDIR%%/rlm_soh-%%PORTVERSION%%.la
+%%LIBDIR%%/rlm_replicate-%%PORTVERSION%%.so
+%%LIBDIR%%/rlm_replicate.so
+%%LIBDIR%%/rlm_replicate-%%PORTVERSION%%.la
+%%LIBDIR%%/rlm_replicate.la
+%%LIBDIR%%/rlm_replicate.a
%%EXPM%%%%RLMRUBY%%%%LIBDIR%%/rlm_ruby-%%PORTVERSION%%.la
%%EXPM%%%%RLMRUBY%%%%LIBDIR%%/rlm_ruby-%%PORTVERSION%%.so
%%EXPM%%%%RLMRUBY%%%%LIBDIR%%/rlm_ruby.a
@@ -594,6 +609,7 @@
%%PORTDOCS%%%%DOCSDIR%%/rfc/rfc5607.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc/rfc5904.txt
%%PORTDOCS%%%%DOCSDIR%%/rfc/rfc5997.txt
+%%PORTDOCS%%%%DOCSDIR%%/rfc/rfc6158.txt
%%PORTDOCS%%%%DOCSDIR%%/rlm_dbm
%%PORTDOCS%%%%DOCSDIR%%/rlm_eap
%%PORTDOCS%%%%DOCSDIR%%/rlm_expiration
@@ -609,6 +625,7 @@
%%PORTDOCS%%%%DOCSDIR%%/rlm_sqlcounter
%%PORTDOCS%%%%DOCSDIR%%/rlm_sqlippool
%%PORTDOCS%%%%DOCSDIR%%/snmp
+%%PORTDOCS%%%%DOCSDIR%%/SoH.txt
%%PORTDOCS%%%%DOCSDIR%%/tuning_guide
%%PORTDOCS%%%%DOCSDIR%%/Acct-Type.rst
%%PORTDOCS%%%%DOCSDIR%%/Autz-Type.rst
@@ -649,6 +666,7 @@
%%DATADIR%%/dictionary.aptis
%%DATADIR%%/dictionary.aruba
%%DATADIR%%/dictionary.ascend
+%%DATADIR%%/dictionary.ascend.illegal
%%DATADIR%%/dictionary.asn
%%DATADIR%%/dictionary.avaya
%%DATADIR%%/dictionary.azaire
@@ -671,6 +689,7 @@
%%DATADIR%%/dictionary.dhcp
%%DATADIR%%/dictionary.digium
%%DATADIR%%/dictionary.epygi
+%%DATADIR%%/dictionary.eltex
%%DATADIR%%/dictionary.ericsson
%%DATADIR%%/dictionary.erx
%%DATADIR%%/dictionary.extreme
@@ -702,6 +721,7 @@
%%DATADIR%%/dictionary.microsoft
%%DATADIR%%/dictionary.mikrotik
%%DATADIR%%/dictionary.motorola
+%%DATADIR%%/dictionary.motorola.illegal
%%DATADIR%%/dictionary.motorola.wimax
%%DATADIR%%/dictionary.navini
%%DATADIR%%/dictionary.netscreen
@@ -755,8 +775,10 @@
%%DATADIR%%/dictionary.telkom
%%DATADIR%%/dictionary.trapeze
%%DATADIR%%/dictionary.tropos
+%%DATADIR%%/dictionary.ukerna
%%DATADIR%%/dictionary.unix
%%DATADIR%%/dictionary.usr
+%%DATADIR%%/dictionary.usr.illegal
%%DATADIR%%/dictionary.utstarcom
%%DATADIR%%/dictionary.valemount
%%DATADIR%%/dictionary.versanet
@@ -771,6 +793,14 @@
%%DATADIR%%/dictionary.xylan
%%DATADIR%%/dictionary.zyxel
@dirrm %%DATADIR%%
+@dirrmtry share/freeradius
+@dirrmtry share/examples/freeradius/raddb/sites-available
+@dirrmtry share/examples/freeradius/raddb/modules
+@dirrmtry share/examples/freeradius/raddb
+@dirrmtry share/examples/freeradius
+@dirrmtry share/doc/freeradius/rfc
+@dirrmtry share/doc/freeradius
+@dirrmtry %%LIBDIR%%
@exec if [ ! -d /var/log/radacct ]; then mkdir -p /var/log/radacct; chmod -R go= /var/log/radacct; fi
@exec for i in /var/log/radius.log /var/log/radutmp /var/log/radwtmp; do if [ ! -f ${i} ]; then touch ${i}; chmod go= ${i}; fi; done
@exec mkdir -p /var/run/radiusd
Index: files/patch-rlm_sql_oracle
===================================================================
RCS file: /home/ncvs/ports/net/freeradius2/files/patch-rlm_sql_oracle,v
retrieving revision 1.1
diff -u -r1.1 patch-rlm_sql_oracle
--- files/patch-rlm_sql_oracle 21 Oct 2010 23:52:35 -0000 1.1
+++ files/patch-rlm_sql_oracle 29 Jun 2011 01:25:12 -0000
@@ -1,6 +1,6 @@
-diff -urN ../freeradius-server-2.1.10/src/modules/rlm_sql/drivers/rlm_sql_oracle/configure src/modules/rlm_sql/drivers/rlm_sql_oracle/configure
---- ../freeradius-server-2.1.10/src/modules/rlm_sql/drivers/rlm_sql_oracle/configure 2010-09-28 07:03:56.000000000 -0400
-+++ src/modules/rlm_sql/drivers/rlm_sql_oracle/configure 2010-05-24 01:40:58.000000000 -0400
+diff -urN src/modules/rlm_sql/drivers/rlm_sql_oracle/configure ./configure
+--- src/modules/rlm_sql/drivers/rlm_sql_oracle/configure 2011-06-20 10:57:14.000000000 -0400
++++ src/modules/rlm_sql/drivers/rlm_sql_oracle/configure 2011-06-21 15:18:44.000000000 -0400
@@ -1,5 +1,5 @@
#! /bin/sh
-# From configure.in Revision: 1.10 .
@@ -560,9 +560,9 @@
{ echo "$as_me:$LINENO: result: yes" >&5
echo "${ECHO_T}yes" >&6; }
fi
-diff -urN ../freeradius-server-2.1.10/src/modules/rlm_sql/drivers/rlm_sql_oracle/configure.in src/modules/rlm_sql/drivers/rlm_sql_oracle/configure.in
---- ../freeradius-server-2.1.10/src/modules/rlm_sql/drivers/rlm_sql_oracle/configure.in 2010-09-28 07:03:56.000000000 -0400
-+++ src/modules/rlm_sql/drivers/rlm_sql_oracle/configure.in 2010-05-24 01:40:58.000000000 -0400
+diff -urN src/modules/rlm_sql/drivers/rlm_sql_oracle/configure.in ./configure.in
+--- src/modules/rlm_sql/drivers/rlm_sql_oracle/configure.in 2011-06-20 10:57:14.000000000 -0400
++++ src/modules/rlm_sql/drivers/rlm_sql_oracle/configure.in 2011-06-21 15:18:44.000000000 -0400
@@ -1,5 +1,5 @@
AC_INIT(sql_oracle.c)
-AC_REVISION($Revision: 1.10 $)
@@ -570,7 +570,7 @@
AC_DEFUN(modname,[rlm_sql_oracle])
fail=
-@@ -18,120 +18,145 @@
+@@ -18,125 +18,145 @@
dnl # defined anyways.
dnl #
@@ -697,46 +697,49 @@
- if test "x$oracle_lib_dir" != "x" ; then
- ORACLE_LIBDIR_SWITCH="-L${oracle_lib_dir} "
- fi
-- LIBS="$old_LIBS $ORACLE_LIBDIR_SWITCH -lclntsh -lnnz10"
-- AC_TRY_LINK([#include <oci.h>
--
-- static OCIEnv *p_env;
-- static OCIError *p_err;
-- static OCISvcCtx *p_svc;
-- static OCIStmt *p_sql;
-- static OCIDefine *p_dfn = (OCIDefine *) 0;
-- static OCIBind *p_bnd = (OCIBind *) 0;
-- ],
-- [
-- int p_bvi;
-- char p_sli[20];
-- int rc;
-- char errbuf[100];
-- int errcode;
--
-- rc = OCIInitialize((ub4) OCI_DEFAULT, (dvoid *)0, /* Initialize OCI */
-- (dvoid * (*)(dvoid *, size_t)) 0,
-- (dvoid * (*)(dvoid *, dvoid *, size_t))0,
-- (void (*)(dvoid *, dvoid *)) 0 );
--
-- ],
-- ORACLE_LIBS="$ORACLE_LIBDIR_SWITCH -lclntsh -lnnz10",
-- ORACLE_LIBS=
-- )
+- for oracle_version in 10 11 9 ""; do
+- LIBS="$old_LIBS $ORACLE_LIBDIR_SWITCH -lclntsh -lnnz${oracle_version}"
+- AC_TRY_LINK([#include <oci.h>
+-
+- static OCIEnv *p_env;
+- static OCIError *p_err;
+- static OCISvcCtx *p_svc;
+- static OCIStmt *p_sql;
+- static OCIDefine *p_dfn = (OCIDefine *) 0;
+- static OCIBind *p_bnd = (OCIBind *) 0;
+- ],
+- [
+- int p_bvi;
+- char p_sli[20];
+- int rc;
+- char errbuf[100];
+- int errcode;
+-
+- rc = OCIInitialize((ub4) OCI_DEFAULT, (dvoid *)0, /* Initialize OCI */
+- (dvoid * (*)(dvoid *, size_t)) 0,
+- (dvoid * (*)(dvoid *, dvoid *, size_t))0,
+- (void (*)(dvoid *, dvoid *)) 0 );
+-
+- ],
+- ORACLE_LIBS="$ORACLE_LIBDIR_SWITCH -lclntsh -lnnz${oracle_version}",
+- ORACLE_LIBS=
+ FR_LOCATE_DIR(oracle_include_dir,oci.h)
-
-- LIBS="$old_LIBS"
++
+ for try in /usr/local/include/oracle /usr/local/oracle/include $oracle_include_dir; do
+ CFLAGS="$old_CFLAGS -I$try"
+ AC_TRY_COMPILE([#include <oci.h>],
+ [ int a = 1; ],
+ ORACLE_INCLUDE="-I$try",
+ ORACLE_INCLUDE=
-+ )
+ )
+- if test "x$ORACLE_LIBS" != "x"; then
+- break
+ if test "x$ORACLE_INCLUDE" != "x"; then
+ break;
-+ fi
-+ done
+ fi
+ done
+-
+- LIBS="$old_LIBS"
CFLAGS="$old_CFLAGS"
fi
@@ -795,7 +798,7 @@
+
if test "x$ORACLE_LIBS" = "x"; then
AC_MSG_WARN([oracle libraries not found. Use --with-oracle-lib-dir=<path>.])
-- fail="$fail libclntsh libnnz10"
+- fail="$fail libclntsh libnnz${oracle_version}"
+ fail="$fail liboracleclient"
else
- sql_oracle_ldflags="${sql_oracle_ldflags} $ORACLE_LIBS"
Index: files/patch-src-modules-rlm_mschap-rlm_mschap.c
===================================================================
RCS file: files/patch-src-modules-rlm_mschap-rlm_mschap.c
diff -N files/patch-src-modules-rlm_mschap-rlm_mschap.c
--- files/patch-src-modules-rlm_mschap-rlm_mschap.c 23 Dec 2010 09:09:27 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,14 +0,0 @@
---- src/modules/rlm_mschap/rlm_mschap.c.orig 2010-09-28 13:03:56.000000000 +0200
-+++ src/modules/rlm_mschap/rlm_mschap.c 2010-11-18 12:02:02.211071015 +0100
-@@ -1273,8 +1273,9 @@
- * return 'not found'.
- */
- if (((smb_ctrl->vp_integer & ACB_DISABLED) != 0) ||
-- ((smb_ctrl->vp_integer & ACB_NORMAL) == 0)) {
-- RDEBUG2("SMB-Account-Ctrl says that the account is disabled, or is not a normal account.");
-+ (((smb_ctrl->vp_integer & ACB_NORMAL) == 0) &&
-+ ((smb_ctrl->vp_integer & ACB_WSTRUST) == 0))) {
-+ RDEBUG2("SMB-Account-Ctrl says that the account is disabled, or is not a normal or workstation trust account.");
- mschap_add_reply(request, &request->reply->vps,
- *response->vp_octets,
- "MS-CHAP-Error", "E=691 R=1", 9);
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201106290134.p5T1YvMb023382>