ports/111521: [maintainer update] update net/freeradius to 1.1.6, including a security fix
David Wood
david at wood2.org.uk
Thu Apr 12 23:00:11 UTC 2007
>Number: 111521
>Category: ports
>Synopsis: [maintainer update] update net/freeradius to 1.1.6, including a security fix
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 12 23:00:09 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: David Wood
>Release: 6.2-RELEASE
>Organization:
>Environment:
FreeBSD titanium.wood2.org.uk 6.2-RELEASE-p2 FreeBSD 6.2-RELEASE-p2 #0: Thu Mar 1 01:27:35 GMT 2007 david at titanium.wood2.org.uk:/usr/obj/usr/src/sys/TITANIUM i386
>Description:
Update to FreeRADIUS 1.1.6:
Apart from bug fixes, the only additions are three new dictionaries.
SECURITY ISSUE - There is a security issue fixed in 1.1.6, which is a potential
DoS due to a memory leak in the EAP-TTLS code. Anyone using EAP-TTLS should
upgrade to this version.
More information at http://www.freeradius.org/security.html#1.1.5.
(I do intend to submit a VuXML entry - but if anyone wants to do this for me,
they're welcome!)
Other changes in this version of the port:
chmod -R g-w,o-rwx ${PREFIX}/etc/raddb on install - FreeRADIUS will probably
complain if the configuration files in raddb don't have these permissions
from version 1.1.5 onwards.
Modify CONFLICTS to take account of the likelihood that FreeRADIUS 2 will
be released reasonably soon.
Move to handling NOPORTDOCS using the new --without-docdir option to configure.
[1]
Fix handling of (NO)PORTDOCS in pkg-plist.
Unnecessary patches that add ${CFLAGS} to 'libtool --mode=link' steps deleted.
[2] If anyone gives a good reason as to why ${CFLAGS} are needed in a link
step, these patches may be considered for incorporation into FreeRADIUS - see
http://lists.freeradius.org/pipermail/freeradius-users/2007-March/061372.html
A further patch that fixed a Makefile bug is now redundant, as it's been fixed
in the upstream release. [3]
Remove unnecessary DICTS= and related code from Makefile (FreeRADIUS' install
routine does the job perfectly well without this).
General tidy up of post-patch and post-install targets in Makefile.
I hope that the deleted patches will make future maintenance much easier!
>How-To-Repeat:
>Fix:
Note:
files/patch-raddb-Makefile-1.1.4_bug [3]
files/patch-doc::Makefile [1]
files/patch-src::module::rlm_sql::rules.mak [2]
files/patch-src-main-Makefile.in [2]
files/patch-src::module::rules.mak [2]
are all deleted.
Patch attached with submission follows:
Index: freeradius/distinfo
===================================================================
--- freeradius/distinfo (.../tags/1.1.5-FreeBSD-20070328) (revision 43)
+++ freeradius/distinfo (.../trunk) (revision 43)
@@ -1,3 +1,3 @@
-MD5 (freeradius-1.1.5.tar.bz2) = e90c7976a3dcd80368ff3ed2b768b3a4
-SHA256 (freeradius-1.1.5.tar.bz2) = 02afff2d76edff01d2d94dc62f1168d49746a158e16c257083d22e8440e7ee96
-SIZE (freeradius-1.1.5.tar.bz2) = 2028582
+MD5 (freeradius-1.1.6.tar.bz2) = 2c29ab90cc30aa3b92fbd78030ccc198
+SHA256 (freeradius-1.1.6.tar.bz2) = 942917ed1002e2bf4ac023f379daa70e517ca2510753955e3754eb8a2d0e76ce
+SIZE (freeradius-1.1.6.tar.bz2) = 2059399
Index: freeradius/files/patch-raddb-Makefile-1.1.4_bug
===================================================================
--- freeradius/files/patch-raddb-Makefile-1.1.4_bug (.../tags/1.1.5-FreeBSD-20070328) (revision 43)
+++ freeradius/files/patch-raddb-Makefile-1.1.4_bug (.../trunk) (revision 43)
@@ -1,11 +0,0 @@
---- raddb/Makefile.orig Mon Apr 10 19:53:20 2006
-+++ raddb/Makefile Sun Jan 14 23:10:15 2007
-@@ -7,7 +7,7 @@
- experimental.conf hints huntgroups ldap.attrmap \
- mssql.conf naslist naspasswd oraclesql.conf postgresql.conf \
- preproxy_users proxy.conf radiusd.conf realms snmp.conf \
-- sql.conf sqlippool.conf users otp.conf otppasswd.sample
-+ sql.conf sqlippool.conf users otp.conf
-
- all:
-
Index: freeradius/files/patch-doc::Makefile
===================================================================
--- freeradius/files/patch-doc::Makefile (.../tags/1.1.5-FreeBSD-20070328) (revision 43)
+++ freeradius/files/patch-doc::Makefile (.../trunk) (revision 43)
@@ -1,18 +0,0 @@
---- doc/Makefile.orig Sat Jul 15 18:16:51 2006
-+++ doc/Makefile Fri Oct 27 11:22:45 2006
-@@ -17,6 +17,7 @@
- @rm -f *~
-
- install:
-+#ifndef NOPORTDOCS
- $(INSTALL) -d -m 755 $(R)$(docdir)
- for file in *[!~]; do \
- if [ -f $$file -a $$file != Makefile ]; then \
-@@ -24,6 +25,7 @@
- fi; \
- done
- @$(MAKE) $(MFLAGS) WHAT_TO_MAKE=$@ common
-+#endif
-
- common: $(SUBDIRS)
-
Index: freeradius/files/patch-src::modules::rlm_sql::rules.mak
===================================================================
--- freeradius/files/patch-src::modules::rlm_sql::rules.mak (.../tags/1.1.5-FreeBSD-20070328) (revision 43)
+++ freeradius/files/patch-src::modules::rlm_sql::rules.mak (.../trunk) (revision 43)
@@ -1,13 +0,0 @@
---- src/modules/rlm_sql/drivers/rules.mak.orig Mon Mar 27 15:39:02 2006
-+++ src/modules/rlm_sql/drivers/rules.mak Mon Mar 27 15:39:29 2006
-@@ -100,8 +100,8 @@
-
- $(TARGET).la: $(LT_OBJS)
- $(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \
-- -module $(LINK_MODE) $(LDFLAGS) $(RLM_SQL_LDFLAGS) -o $@ \
-- -rpath $(libdir) $^ $(RLM_SQL_LIBS)
-+ -module $(LINK_MODE) $(CFLAGS) $(RLM_SQL_LDFLAGS) -o $@ \
-+ -rpath $(libdir) $^ $(RLM_SQL_LIBS) $(LDFLAGS)
-
- #######################################################################
- #
Index: freeradius/files/patch-src-main-Makefile.in
===================================================================
--- freeradius/files/patch-src-main-Makefile.in (.../tags/1.1.5-FreeBSD-20070328) (revision 43)
+++ freeradius/files/patch-src-main-Makefile.in (.../trunk) (revision 43)
@@ -1,14 +0,0 @@
---- src/main/Makefile.in.orig Wed Feb 14 15:44:23 2007
-+++ src/main/Makefile.in Mon Mar 12 13:20:32 2007
-@@ -61,9 +61,9 @@
-
- radiusd: $(SERVER_OBJS) $(MODULE_OBJS) ../lib/libradius.la
- $(LIBTOOL) --mode=link $(CC) -export-dynamic -dlopen self \
-- $(LDFLAGS) -pie $(LINK_MODE) -o $@ $(SERVER_OBJS) \
-+ $(CFLAGS) $(LDFLAGS) -pie $(LINK_MODE) -o $@ $(SERVER_OBJS) \
- $(MODULE_LIBS) $(LIBS) $(SNMP_LIBS) $(PTHREADLIB) \
- $(LIBLTDL) $(OPENSSL_LIBS)
-
- radiusd.lo: radiusd.c ../include/request_list.h ../include/modules.h ../include/modcall.h ../include/modpriv.h
- $(LIBTOOL) --mode=compile $(CC) $(CFLAGS) -c radiusd.c
-
Index: freeradius/files/patch-src::modules::rules.mak
===================================================================
--- freeradius/files/patch-src::modules::rules.mak (.../tags/1.1.5-FreeBSD-20070328) (revision 43)
+++ freeradius/files/patch-src::modules::rules.mak (.../trunk) (revision 43)
@@ -1,11 +0,0 @@
---- src/modules/rules.mak.orig Mon Mar 27 15:43:04 2006
-+++ src/modules/rules.mak Mon Mar 27 15:44:11 2006
-@@ -112,7 +112,7 @@
-
- $(TARGET).la: $(LT_OBJS)
- $(LIBTOOL) --mode=link $(CC) -release $(RADIUSD_VERSION) \
-- -module $(LINK_MODE) $(LDFLAGS) $(RLM_LDFLAGS) -o $@ \
-+ -module $(LINK_MODE) $(CFLAGS) $(RLM_CFLAGS) $(LDFLAGS) $(RLM_LDFLAGS) -o $@ \
- -rpath $(libdir) $^ $(top_builddir)/src/lib/libradius.la \
- $(RLM_LIBS) $(LIBS)
-
Index: freeradius/pkg-plist
===================================================================
--- freeradius/pkg-plist (.../tags/1.1.5-FreeBSD-20070328) (revision 43)
+++ freeradius/pkg-plist (.../trunk) (revision 43)
@@ -60,6 +60,7 @@
%%EXAMPLESDIR%%/raddb/users
@exec for i in `find %D/%%EXAMPLESDIR%%/raddb/ -type d -mindepth 1 -print | sed -e 's:^%D/%%EXAMPLESDIR%%/raddb/::g'`; do if [ ! -d %D/etc/raddb/${i} ]; then mkdir -p %D/etc/raddb/${i}; fi; done
@exec for i in `find %D/%%EXAMPLESDIR%%/raddb/ -type f -print | sed -e 's:^%D/%%EXAMPLESDIR%%/raddb/::g'`; do if [ ! -f %D/etc/raddb/${i} ]; then cp -p %D/%%EXAMPLESDIR%%/raddb/${i} %D/etc/raddb/${i}; fi; done
+ at exec chmod -R g-w,o-rwx %D/etc/raddb
@dirrm %%EXAMPLESDIR%%/raddb/certs/demoCA
@dirrm %%EXAMPLESDIR%%/raddb/certs
@dirrm %%EXAMPLESDIR%%/raddb
@@ -491,7 +492,10 @@
%%DATADIR%%/dictionary.rfc3162
%%DATADIR%%/dictionary.rfc3576
%%DATADIR%%/dictionary.rfc3580
+%%DATADIR%%/dictionary.rfc4372
%%DATADIR%%/dictionary.rfc4590
+%%DATADIR%%/dictionary.rfc4675
+%%DATADIR%%/dictionary.rfc4679
%%DATADIR%%/dictionary.riverstone
%%DATADIR%%/dictionary.roaringpenguin
%%DATADIR%%/dictionary.schulzrinne-sipping
Index: freeradius/Makefile
===================================================================
--- freeradius/Makefile (.../tags/1.1.5-FreeBSD-20070328) (revision 43)
+++ freeradius/Makefile (.../trunk) (revision 43)
@@ -6,7 +6,7 @@
#
PORTNAME= freeradius
-PORTVERSION?= 1.1.5
+PORTVERSION?= 1.1.6
PORTREVISION?= 0
CATEGORIES= net
MASTER_SITES= ftp://ftp.freeradius.org/pub/radius/ \
@@ -30,10 +30,10 @@
CONFLICTS= gnu-radius-1.* openradius-0.* radiusd-cistron-1.*
.ifdef(FREERADIUS_SLAVE_MYSQL)
-CONFLICTS+= freeradius-1.*
+CONFLICTS+= freeradius-[0-9].* freeradius-mysql-[02-9].*
PKGNAMESUFFIX= -mysql
.else
-CONFLICTS+= freeradius-mysql-1.*
+CONFLICTS+= freeradius-mysql-[0-9].* freeradius-[02-9].*
.endif
USE_RC_SUBR= radiusd.sh
@@ -71,9 +71,15 @@
--prefix=${PREFIX} \
--localstatedir=/var \
--mandir=${PREFIX}/man \
- --with-system-libtool \
- --with-docdir=${DOCSDIR} \
- --with-logdir=${LOGDIR} \
+ --with-system-libtool
+.ifdef(NOPORTDOCS)
+CONFIGURE_ARGS+=--without-docdir
+PLIST_SUB+= PORTDOCS="@comment "
+.else
+CONFIGURE_ARGS+=--with-docdir=${DOCSDIR}
+PLIST_SUB+= PORTDOCS=""
+.endif
+CONFIGURE_ARGS+=--with-logdir=${LOGDIR} \
--with-large-files \
--with-openssl-includes=${OPENSSLINC} \
--with-openssl-libraries=${OPENSSLLIB} \
@@ -193,10 +199,6 @@
PLIST_SUB+= RLMPERL=""
.endif
-.if defined(NOPORTDOCS)
-MAKE_ENV+= NOPORTDOCS=yes
-.endif
-
USE_LDCONFIG= yes
MAN1= radclient.1 radeapclient.1 radlast.1 radtest.1 radwho.1 \
@@ -208,69 +210,38 @@
rlm_passwd.5 rlm_realm.5 rlm_sql.5 rlm_sql_log.5 rlm_unix.5 users.5
MAN8= radiusd.8 radrelay.8 radsqlrelay.8 radwatch.8 rlm_ippool_tool.8
-DICTS= dictionary.3com dictionary.3gpp dictionary.3gpp2 dictionary.acc \
- dictionary.airespace dictionary.alcatel dictionary.alteon \
- dictionary.altiga dictionary.alvarion dictionary.aptis \
- dictionary.aruba dictionary.ascend dictionary.asn dictionary.avaya \
- dictionary.bay dictionary.bintec dictionary.bristol \
- dictionary.cablelabs dictionary.cabletron dictionary.cisco \
- dictionary.cisco.bbsm dictionary.cisco.vpn3000 dictionary.cisco.vpn5000 \
- dictionary.colubris dictionary.columbia_university dictionary.compat \
- dictionary.cosine dictionary.digium dictionary.epygi \
- dictionary.ericsson dictionary.erx dictionary.extreme \
- dictionary.fortinet dictionary.foundry dictionary.freeradius \
- dictionary.freeradius.internal dictionary.gandalf dictionary.garderos \
- dictionary.gemtek dictionary.hp dictionary.ipunplugged dictionary.issanni \
- dictionary.itk dictionary.juniper dictionary.karlnet \
- dictionary.livingston dictionary.localweb dictionary.lucent \
- dictionary.merit dictionary.microsoft dictionary.mikrotik \
- dictionary.motorola dictionary.navini dictionary.netscreen \
- dictionary.nokia dictionary.nomadix dictionary.nortel dictionary.ntua \
- dictionary.packeteer dictionary.patton \
- dictionary.propel dictionary.quintum \
- dictionary.redback dictionary.redcreek \
- dictionary.rfc2865 dictionary.rfc2866 dictionary.rfc2867 \
- dictionary.rfc2868 dictionary.rfc2869 dictionary.rfc3162 \
- dictionary.rfc3576 dictionary.rfc3580 dictionary.rfc4590 \
- dictionary.riverstone dictionary.roaringpenguin \
- dictionary.schulzrinne-sipping dictionary.shasta dictionary.shiva \
- dictionary.sofaware dictionary.sonicwall \
- dictionary.springtide dictionary.starent dictionary.t_systems_nova \
- dictionary.telebit dictionary.trapeze dictionary.tropos \
- dictionary.unix dictionary.usr dictionary.valemount \
- dictionary.versanet dictionary.walabi dictionary.waverider \
- dictionary.wispr dictionary.xedia dictionary.xylan dictionary.zyxel
-
SUB_LIST+= REQUIRE="${_REQUIRE}"
post-patch:
-# Patch Makefile / Makefile.in throughout the source tree to install in EXAMPLESDIR not raddb
- @for i in `${FIND} -E ${WRKSRC} -regex '.*Makefile(\.in)?$$' -print` ; do \
- ${REINPLACE_CMD} -e "s:\$$(R)\$$(raddbdir):${EXAMPLESDIR}/raddb:g" $${i}; \
- done
- @for i in `${FIND} -E ${WRKSRC} -regex '.*Makefile(\.in)?\.(orig|bak)$$' -print` ; do \
- ${RM} $${i}; \
- done
+# Patch Makefile / Makefile.in throughout the source tree to install raddb contents in
+# ${EXAMPLESDIR}/raddb rather than the raddbdir from configure
+ @${FIND} -E ${WRKSRC} -regex '.*/Makefile(\.in)?$$' -exec \
+ ${REINPLACE_CMD} -e "s:\$$(R)\$$(raddbdir):${EXAMPLESDIR}/raddb:g" {} \;
+# Clean up after the last operation (so as not to get unwanted files when installing doc/)
+ @${FIND} -E ${WRKSRC} -regex '.*/Makefile(\.in)?\.(orig|bak)$$' -delete
.if ${OSVERSION} < 500000
@${REINPLACE_CMD} -e 's/-DNO_OPENSSL//' ${WRKSRC}/configure
.endif
post-install:
- @${MKDIR} ${PREFIX}/etc/raddb ${DATADIR}
-.for dict in ${DICTS}
- ${INSTALL_DATA} ${WRKSRC}/share/${dict} ${DATADIR}/${dict}
-.endfor
- for i in `${FIND} ${EXAMPLESDIR}/raddb/ -type d -mindepth 1 -print \
- | ${SED} -e 's:^${EXAMPLESDIR}/raddb/::g'`; do \
- if [ ! -d ${PREFIX}/etc/raddb/$${i} ]; then \
- ${MKDIR} ${PREFIX}/etc/raddb/$${i}; \
+# Create (if necessary) ${PREFIX}/etc/raddb and subdirectories using ${EXAMPLESDIR}/raddb
+# as the model layout
+ @for i in `${FIND} ${EXAMPLESDIR}/raddb/ -type d -print \
+ | ${SED} -e 's:^${EXAMPLESDIR}/raddb::g'`; do \
+ if [ ! -d ${PREFIX}/etc/raddb$${i} ]; then \
+ ${MKDIR} ${PREFIX}/etc/raddb$${i}; \
fi; \
done
- for i in `${FIND} ${EXAMPLESDIR}/raddb/ -type f -print \
+# Copy all files from ${EXAMPLESDIR}/raddb to ${PREFIX}/etc/raddb if they don't already
+# exist in the destination location
+ @for i in `${FIND} ${EXAMPLESDIR}/raddb/ -type f -print \
| ${SED} -e 's:^${EXAMPLESDIR}/raddb/::g'`; do \
if [ ! -f ${PREFIX}/etc/raddb/$${i} ]; then \
${CP} -p ${EXAMPLESDIR}/raddb/$${i} ${PREFIX}/etc/raddb/$${i}; \
fi; \
done
+# Set ${PREFIX}/etc/raddb and all the files and folders in it to g-w,o-rwx (FreeRADIUS
+# will probably complain if this is not done)
+ @${CHMOD} -R g-w,o-rwx ${PREFIX}/etc/raddb
.include <bsd.port.post.mk>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list