From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Apr 12 23:00:11 2007 Return-Path: X-Original-To: freebsd-ports-bugs@hub.freebsd.org Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0D57516A406 for ; Thu, 12 Apr 2007 23:00:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id E1D7913C46C for ; Thu, 12 Apr 2007 23:00:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l3CN0AsX020804 for ; Thu, 12 Apr 2007 23:00:10 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l3CN0A0B020803; Thu, 12 Apr 2007 23:00:10 GMT (envelope-from gnats) Resent-Date: Thu, 12 Apr 2007 23:00:10 GMT Resent-Message-Id: <200704122300.l3CN0A0B020803@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, David Wood Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6429316A402 for ; Thu, 12 Apr 2007 22:59:59 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [69.147.83.33]) by mx1.freebsd.org (Postfix) with ESMTP id 53D3413C44C for ; Thu, 12 Apr 2007 22:59:59 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l3CMxxEb041796 for ; Thu, 12 Apr 2007 22:59:59 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id l3CMsvWj041080; Thu, 12 Apr 2007 22:54:57 GMT (envelope-from nobody) Message-Id: <200704122254.l3CMsvWj041080@www.freebsd.org> Date: Thu, 12 Apr 2007 22:54:57 GMT From: David Wood To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.0 Cc: Subject: ports/111521: [maintainer update] update net/freeradius to 1.1.6, including a security fix X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Apr 2007 23:00:11 -0000 >Number: 111521 >Category: ports >Synopsis: [maintainer update] update net/freeradius to 1.1.6, including a security fix >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Apr 12 23:00:09 GMT 2007 >Closed-Date: >Last-Modified: >Originator: David Wood >Release: 6.2-RELEASE >Organization: >Environment: FreeBSD titanium.wood2.org.uk 6.2-RELEASE-p2 FreeBSD 6.2-RELEASE-p2 #0: Thu Mar 1 01:27:35 GMT 2007 david@titanium.wood2.org.uk:/usr/obj/usr/src/sys/TITANIUM i386 >Description: Update to FreeRADIUS 1.1.6: Apart from bug fixes, the only additions are three new dictionaries. SECURITY ISSUE - There is a security issue fixed in 1.1.6, which is a potential DoS due to a memory leak in the EAP-TTLS code. Anyone using EAP-TTLS should upgrade to this version. More information at http://www.freeradius.org/security.html#1.1.5. (I do intend to submit a VuXML entry - but if anyone wants to do this for me, they're welcome!) Other changes in this version of the port: chmod -R g-w,o-rwx ${PREFIX}/etc/raddb on install - FreeRADIUS will probably complain if the configuration files in raddb don't have these permissions from version 1.1.5 onwards. Modify CONFLICTS to take account of the likelihood that FreeRADIUS 2 will be released reasonably soon. Move to handling NOPORTDOCS using the new --without-docdir option to configure. [1] Fix handling of (NO)PORTDOCS in pkg-plist. Unnecessary patches that add ${CFLAGS} to 'libtool --mode=link' steps deleted. [2] If anyone gives a good reason as to why ${CFLAGS} are needed in a link step, these patches may be considered for incorporation into FreeRADIUS - see http://lists.freeradius.org/pipermail/freeradius-users/2007-March/061372.html A further patch that fixed a Makefile bug is now redundant, as it's been fixed in the upstream release. [3] Remove unnecessary DICTS= and related code from Makefile (FreeRADIUS' install routine does the job perfectly well without this). General tidy up of post-patch and post-install targets in Makefile. I hope that the deleted patches will make future maintenance much easier! >How-To-Repeat: >Fix: Note: files/patch-raddb-Makefile-1.1.4_bug [3] files/patch-doc::Makefile [1] files/patch-src::module::rlm_sql::rules.mak [2] files/patch-src-main-Makefile.in [2] files/patch-src::module::rules.mak [2] are all deleted. Patch attached with submission follows: Index: freeradius/distinfo =================================================================== --- freeradius/distinfo (.../tags/1.1.5-FreeBSD-20070328) (revision 43) +++ freeradius/distinfo (.../trunk) (revision 43) @@ -1,3 +1,3 @@ -MD5 (freeradius-1.1.5.tar.bz2) = e90c7976a3dcd80368ff3ed2b768b3a4 -SHA256 (freeradius-1.1.5.tar.bz2) = 02afff2d76edff01d2d94dc62f1168d49746a158e16c257083d22e8440e7ee96 -SIZE (freeradius-1.1.5.tar.bz2) = 2028582 +MD5 (freeradius-1.1.6.tar.bz2) = 2c29ab90cc30aa3b92fbd78030ccc198 +SHA256 (freeradius-1.1.6.tar.bz2) = 942917ed1002e2bf4ac023f379daa70e517ca2510753955e3754eb8a2d0e76ce +SIZE (freeradius-1.1.6.tar.bz2) = 2059399 Index: freeradius/files/patch-raddb-Makefile-1.1.4_bug =================================================================== --- freeradius/files/patch-raddb-Makefile-1.1.4_bug (.../tags/1.1.5-FreeBSD-20070328) (revision 43) +++ freeradius/files/patch-raddb-Makefile-1.1.4_bug (.../trunk) (revision 43) @@ -1,11 +0,0 @@ ---- raddb/Makefile.orig Mon Apr 10 19:53:20 2006 -+++ raddb/Makefile Sun Jan 14 23:10:15 2007 -@@ -7,7 +7,7 @@ - experimental.conf hints huntgroups ldap.attrmap \ - mssql.conf naslist naspasswd oraclesql.conf postgresql.conf \ - preproxy_users proxy.conf radiusd.conf realms snmp.conf \ -- sql.conf sqlippool.conf users otp.conf otppasswd.sample -+ sql.conf sqlippool.conf users otp.conf - - all: - Index: freeradius/files/patch-doc::Makefile =================================================================== --- freeradius/files/patch-doc::Makefile (.../tags/1.1.5-FreeBSD-20070328) (revision 43) +++ freeradius/files/patch-doc::Makefile (.../trunk) (revision 43) @@ -1,18 +0,0 @@ ---- doc/Makefile.orig Sat Jul 15 18:16:51 2006 -+++ doc/Makefile Fri Oct 27 11:22:45 2006 -@@ -17,6 +17,7 @@ - @rm -f *~ - - install: -+#ifndef NOPORTDOCS - $(INSTALL) -d -m 755 $(R)$(docdir) - for file in *[!~]; do \ - if [ -f $$file -a $$file != Makefile ]; then \ -@@ -24,6 +25,7 @@ - fi; \ - done - @$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common -+#endif - - common: $(SUBDIRS) - Index: freeradius/files/patch-src::modules::rlm_sql::rules.mak =================================================================== --- freeradius/files/patch-src::modules::rlm_sql::rules.mak (.../tags/1.1.5-FreeBSD-20070328) (revision 43) +++ freeradius/files/patch-src::modules::rlm_sql::rules.mak (.../trunk) (revision 43) @@ -1,13 +0,0 @@ ---- src/modules/rlm_sql/drivers/rules.mak.orig Mon Mar 27 15:39:02 2006 -+++ src/modules/rlm_sql/drivers/rules.mak Mon Mar 27 15:39:29 2006 -@@ -100,8 +100,8 @@ - - $(TARGET).la: $(LT_OBJS) - $(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \ -- -module $(LINK_MODE) $(LDFLAGS) $(RLM_SQL_LDFLAGS) -o $@ \ -- -rpath $(libdir) $^ $(RLM_SQL_LIBS) -+ -module $(LINK_MODE) $(CFLAGS) $(RLM_SQL_LDFLAGS) -o $@ \ -+ -rpath $(libdir) $^ $(RLM_SQL_LIBS) $(LDFLAGS) - - ####################################################################### - # Index: freeradius/files/patch-src-main-Makefile.in =================================================================== --- freeradius/files/patch-src-main-Makefile.in (.../tags/1.1.5-FreeBSD-20070328) (revision 43) +++ freeradius/files/patch-src-main-Makefile.in (.../trunk) (revision 43) @@ -1,14 +0,0 @@ ---- src/main/Makefile.in.orig Wed Feb 14 15:44:23 2007 -+++ src/main/Makefile.in Mon Mar 12 13:20:32 2007 -@@ -61,9 +61,9 @@ - - radiusd: $(SERVER_OBJS) $(MODULE_OBJS) ../lib/libradius.la - $(LIBTOOL) --mode=link $(CC) -export-dynamic -dlopen self \ -- $(LDFLAGS) -pie $(LINK_MODE) -o $@ $(SERVER_OBJS) \ -+ $(CFLAGS) $(LDFLAGS) -pie $(LINK_MODE) -o $@ $(SERVER_OBJS) \ - $(MODULE_LIBS) $(LIBS) $(SNMP_LIBS) $(PTHREADLIB) \ - $(LIBLTDL) $(OPENSSL_LIBS) - - radiusd.lo: radiusd.c ../include/request_list.h ../include/modules.h ../include/modcall.h ../include/modpriv.h - $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) -c radiusd.c - Index: freeradius/files/patch-src::modules::rules.mak =================================================================== --- freeradius/files/patch-src::modules::rules.mak (.../tags/1.1.5-FreeBSD-20070328) (revision 43) +++ freeradius/files/patch-src::modules::rules.mak (.../trunk) (revision 43) @@ -1,11 +0,0 @@ ---- src/modules/rules.mak.orig Mon Mar 27 15:43:04 2006 -+++ src/modules/rules.mak Mon Mar 27 15:44:11 2006 -@@ -112,7 +112,7 @@ - - $(TARGET).la: $(LT_OBJS) - $(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \ -- -module $(LINK_MODE) $(LDFLAGS) $(RLM_LDFLAGS) -o $@ \ -+ -module $(LINK_MODE) $(CFLAGS) $(RLM_CFLAGS) $(LDFLAGS) $(RLM_LDFLAGS) -o $@ \ - -rpath $(libdir) $^ $(top_builddir)/src/lib/libradius.la \ - $(RLM_LIBS) $(LIBS) - Index: freeradius/pkg-plist =================================================================== --- freeradius/pkg-plist (.../tags/1.1.5-FreeBSD-20070328) (revision 43) +++ freeradius/pkg-plist (.../trunk) (revision 43) @@ -60,6 +60,7 @@ %%EXAMPLESDIR%%/raddb/users @exec for i in `find %D/%%EXAMPLESDIR%%/raddb/ -type d -mindepth 1 -print | sed -e 's:^%D/%%EXAMPLESDIR%%/raddb/::g'`; do if [ ! -d %D/etc/raddb/${i} ]; then mkdir -p %D/etc/raddb/${i}; fi; done @exec for i in `find %D/%%EXAMPLESDIR%%/raddb/ -type f -print | sed -e 's:^%D/%%EXAMPLESDIR%%/raddb/::g'`; do if [ ! -f %D/etc/raddb/${i} ]; then cp -p %D/%%EXAMPLESDIR%%/raddb/${i} %D/etc/raddb/${i}; fi; done +@exec chmod -R g-w,o-rwx %D/etc/raddb @dirrm %%EXAMPLESDIR%%/raddb/certs/demoCA @dirrm %%EXAMPLESDIR%%/raddb/certs @dirrm %%EXAMPLESDIR%%/raddb @@ -491,7 +492,10 @@ %%DATADIR%%/dictionary.rfc3162 %%DATADIR%%/dictionary.rfc3576 %%DATADIR%%/dictionary.rfc3580 +%%DATADIR%%/dictionary.rfc4372 %%DATADIR%%/dictionary.rfc4590 +%%DATADIR%%/dictionary.rfc4675 +%%DATADIR%%/dictionary.rfc4679 %%DATADIR%%/dictionary.riverstone %%DATADIR%%/dictionary.roaringpenguin %%DATADIR%%/dictionary.schulzrinne-sipping Index: freeradius/Makefile =================================================================== --- freeradius/Makefile (.../tags/1.1.5-FreeBSD-20070328) (revision 43) +++ freeradius/Makefile (.../trunk) (revision 43) @@ -6,7 +6,7 @@ # PORTNAME= freeradius -PORTVERSION?= 1.1.5 +PORTVERSION?= 1.1.6 PORTREVISION?= 0 CATEGORIES= net MASTER_SITES= ftp://ftp.freeradius.org/pub/radius/ \ @@ -30,10 +30,10 @@ CONFLICTS= gnu-radius-1.* openradius-0.* radiusd-cistron-1.* .ifdef(FREERADIUS_SLAVE_MYSQL) -CONFLICTS+= freeradius-1.* +CONFLICTS+= freeradius-[0-9].* freeradius-mysql-[02-9].* PKGNAMESUFFIX= -mysql .else -CONFLICTS+= freeradius-mysql-1.* +CONFLICTS+= freeradius-mysql-[0-9].* freeradius-[02-9].* .endif USE_RC_SUBR= radiusd.sh @@ -71,9 +71,15 @@ --prefix=${PREFIX} \ --localstatedir=/var \ --mandir=${PREFIX}/man \ - --with-system-libtool \ - --with-docdir=${DOCSDIR} \ - --with-logdir=${LOGDIR} \ + --with-system-libtool +.ifdef(NOPORTDOCS) +CONFIGURE_ARGS+=--without-docdir +PLIST_SUB+= PORTDOCS="@comment " +.else +CONFIGURE_ARGS+=--with-docdir=${DOCSDIR} +PLIST_SUB+= PORTDOCS="" +.endif +CONFIGURE_ARGS+=--with-logdir=${LOGDIR} \ --with-large-files \ --with-openssl-includes=${OPENSSLINC} \ --with-openssl-libraries=${OPENSSLLIB} \ @@ -193,10 +199,6 @@ PLIST_SUB+= RLMPERL="" .endif -.if defined(NOPORTDOCS) -MAKE_ENV+= NOPORTDOCS=yes -.endif - USE_LDCONFIG= yes MAN1= radclient.1 radeapclient.1 radlast.1 radtest.1 radwho.1 \ @@ -208,69 +210,38 @@ rlm_passwd.5 rlm_realm.5 rlm_sql.5 rlm_sql_log.5 rlm_unix.5 users.5 MAN8= radiusd.8 radrelay.8 radsqlrelay.8 radwatch.8 rlm_ippool_tool.8 -DICTS= dictionary.3com dictionary.3gpp dictionary.3gpp2 dictionary.acc \ - dictionary.airespace dictionary.alcatel dictionary.alteon \ - dictionary.altiga dictionary.alvarion dictionary.aptis \ - dictionary.aruba dictionary.ascend dictionary.asn dictionary.avaya \ - dictionary.bay dictionary.bintec dictionary.bristol \ - dictionary.cablelabs dictionary.cabletron dictionary.cisco \ - dictionary.cisco.bbsm dictionary.cisco.vpn3000 dictionary.cisco.vpn5000 \ - dictionary.colubris dictionary.columbia_university dictionary.compat \ - dictionary.cosine dictionary.digium dictionary.epygi \ - dictionary.ericsson dictionary.erx dictionary.extreme \ - dictionary.fortinet dictionary.foundry dictionary.freeradius \ - dictionary.freeradius.internal dictionary.gandalf dictionary.garderos \ - dictionary.gemtek dictionary.hp dictionary.ipunplugged dictionary.issanni \ - dictionary.itk dictionary.juniper dictionary.karlnet \ - dictionary.livingston dictionary.localweb dictionary.lucent \ - dictionary.merit dictionary.microsoft dictionary.mikrotik \ - dictionary.motorola dictionary.navini dictionary.netscreen \ - dictionary.nokia dictionary.nomadix dictionary.nortel dictionary.ntua \ - dictionary.packeteer dictionary.patton \ - dictionary.propel dictionary.quintum \ - dictionary.redback dictionary.redcreek \ - dictionary.rfc2865 dictionary.rfc2866 dictionary.rfc2867 \ - dictionary.rfc2868 dictionary.rfc2869 dictionary.rfc3162 \ - dictionary.rfc3576 dictionary.rfc3580 dictionary.rfc4590 \ - dictionary.riverstone dictionary.roaringpenguin \ - dictionary.schulzrinne-sipping dictionary.shasta dictionary.shiva \ - dictionary.sofaware dictionary.sonicwall \ - dictionary.springtide dictionary.starent dictionary.t_systems_nova \ - dictionary.telebit dictionary.trapeze dictionary.tropos \ - dictionary.unix dictionary.usr dictionary.valemount \ - dictionary.versanet dictionary.walabi dictionary.waverider \ - dictionary.wispr dictionary.xedia dictionary.xylan dictionary.zyxel - SUB_LIST+= REQUIRE="${_REQUIRE}" post-patch: -# Patch Makefile / Makefile.in throughout the source tree to install in EXAMPLESDIR not raddb - @for i in `${FIND} -E ${WRKSRC} -regex '.*Makefile(\.in)?$$' -print` ; do \ - ${REINPLACE_CMD} -e "s:\$$(R)\$$(raddbdir):${EXAMPLESDIR}/raddb:g" $${i}; \ - done - @for i in `${FIND} -E ${WRKSRC} -regex '.*Makefile(\.in)?\.(orig|bak)$$' -print` ; do \ - ${RM} $${i}; \ - done +# Patch Makefile / Makefile.in throughout the source tree to install raddb contents in +# ${EXAMPLESDIR}/raddb rather than the raddbdir from configure + @${FIND} -E ${WRKSRC} -regex '.*/Makefile(\.in)?$$' -exec \ + ${REINPLACE_CMD} -e "s:\$$(R)\$$(raddbdir):${EXAMPLESDIR}/raddb:g" {} \; +# Clean up after the last operation (so as not to get unwanted files when installing doc/) + @${FIND} -E ${WRKSRC} -regex '.*/Makefile(\.in)?\.(orig|bak)$$' -delete .if ${OSVERSION} < 500000 @${REINPLACE_CMD} -e 's/-DNO_OPENSSL//' ${WRKSRC}/configure .endif post-install: - @${MKDIR} ${PREFIX}/etc/raddb ${DATADIR} -.for dict in ${DICTS} - ${INSTALL_DATA} ${WRKSRC}/share/${dict} ${DATADIR}/${dict} -.endfor - for i in `${FIND} ${EXAMPLESDIR}/raddb/ -type d -mindepth 1 -print \ - | ${SED} -e 's:^${EXAMPLESDIR}/raddb/::g'`; do \ - if [ ! -d ${PREFIX}/etc/raddb/$${i} ]; then \ - ${MKDIR} ${PREFIX}/etc/raddb/$${i}; \ +# Create (if necessary) ${PREFIX}/etc/raddb and subdirectories using ${EXAMPLESDIR}/raddb +# as the model layout + @for i in `${FIND} ${EXAMPLESDIR}/raddb/ -type d -print \ + | ${SED} -e 's:^${EXAMPLESDIR}/raddb::g'`; do \ + if [ ! -d ${PREFIX}/etc/raddb$${i} ]; then \ + ${MKDIR} ${PREFIX}/etc/raddb$${i}; \ fi; \ done - for i in `${FIND} ${EXAMPLESDIR}/raddb/ -type f -print \ +# Copy all files from ${EXAMPLESDIR}/raddb to ${PREFIX}/etc/raddb if they don't already +# exist in the destination location + @for i in `${FIND} ${EXAMPLESDIR}/raddb/ -type f -print \ | ${SED} -e 's:^${EXAMPLESDIR}/raddb/::g'`; do \ if [ ! -f ${PREFIX}/etc/raddb/$${i} ]; then \ ${CP} -p ${EXAMPLESDIR}/raddb/$${i} ${PREFIX}/etc/raddb/$${i}; \ fi; \ done +# Set ${PREFIX}/etc/raddb and all the files and folders in it to g-w,o-rwx (FreeRADIUS +# will probably complain if this is not done) + @${CHMOD} -R g-w,o-rwx ${PREFIX}/etc/raddb .include >Release-Note: >Audit-Trail: >Unformatted: