freeradius2: updated to 2.2.10

Version 2.2.10:
BUG FIXES
Fix multiple security issues. See http://freeradius.org/security/fuzzer-2017.html
FR-GV-207 Avoid zero-length malloc() in data2vp().
FR-GV-206 correct decoding of option 60.
FR-GV-205 check for "too long" WiMAX options.
FR-GV-204 free VP if decoding fails, so we don't leak memory.
FR-GV-203 fix memory leak when using decode_tlv().
FR-GV-202 check for "too long" attributes.
FR-GV-201 check input/output length in make_secret().
FR-AD-001 Use strncmp() instead of memcmp() for bounded data.
Disable in-memory TLS session caches due to OpenSSL API issues.
Allow issuer_cert to be empty.
Look for extensions using correct index.
Fix types.
Work around OpenSSL 1.0.2 problems, which cause failures in TLS-based EAP methods.
Revert RedHat contributed bug which removes run-time checks for OpenSSL consistency.
Allow OCSP responder URL to be later in the packet
Catch empty subject and non-existent issuer cert in OCSP
Allow non-FIPS for MD5

3 files changed, 67 insertions, 73 deletions

diff --git a/net/freeradius2/Makefile b/net/freeradius2/Makefile
index 95be09a6f17..c818c73521d 100644
--- a/net/freeradius2/Makefile
+++ b/net/freeradius2/Makefile
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.48 2018/08/22 09:45:52 wiz Exp $
+# $NetBSD: Makefile,v 1.49 2019/07/04 12:26:48 adam Exp $
 
-DISTNAME=	freeradius-server-${RADVER}
+DISTNAME=	freeradius-server-2.2.10
 PKGNAME=	${DISTNAME:S/-server//}
-PKGREVISION=	3
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.freeradius.org/pub/freeradius/
 EXTRACT_SUFX=	.tar.bz2
@@ -18,15 +17,12 @@ USE_TOOLS+=		gmake perl:run
 USE_LANGUAGES+=		c c++
 USE_LIBTOOL=		yes
 USE_OLD_DES_API=	yes
-MAKE_JOBS_SAFE=		no
 
 .include "../../mk/bsd.prefs.mk"
 
 BUILD_DEFS+=		VARBASE
 FILES_SUBST+=		RADIUS_USER=${RADIUS_USER}
 FILES_SUBST+=		RADIUS_GROUP=${RADIUS_GROUP}
-PLIST_SUBST+=		RADVER=${RADVER}
-PLIST_SUBST+=		RADVERALT=${RADVERALT}
 MESSAGE_SRC+=		${PKGDIR}/MESSAGE
 MESSAGE_SUBST+=		CHOWN=${CHOWN:Q} CHMOD=${CHMOD:Q} VARBASE=${VARBASE}
 MESSAGE_SUBST+=		RADIUS_USER=${RADIUS_USER} XARGS=${XARGS:Q}
@@ -47,8 +43,6 @@ OWN_DIRS_PERMS+=	${VARBASE}/log/radiusd \
 OWN_DIRS_PERMS+=	${VARBASE}/log/radiusd/radacct \
 			${RADIUS_USER} ${RADIUS_GROUP} 0750
 
-RADVER=			2.2.9
-RADVERALT=		020209
 EGDIR=			${PREFIX}/share/examples/freeradius
 
 BUILDLINK_API_DEPENDS.openssl+=	openssl>=0.9.7
@@ -159,8 +153,8 @@ post-install:
 .endfor
 	${INSTALL_DATA} ${WRKSRC}/src/modules/rlm_perl/example.pl ${DESTDIR}${EGDIR}
 
-.include "../../devel/libltdl/buildlink3.mk"
 .include "../../devel/libexecinfo/buildlink3.mk"
+.include "../../devel/libltdl/buildlink3.mk"
 .include "../../net/libpcap/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
diff --git a/net/freeradius2/PLIST b/net/freeradius2/PLIST
index fe95c28256f..7cb31bd814e 100644
--- a/net/freeradius2/PLIST
+++ b/net/freeradius2/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.17 2016/10/11 14:12:41 sevan Exp $
+@comment $NetBSD: PLIST,v 1.18 2019/07/04 12:26:48 adam Exp $
 bin/rad_counter
 bin/radclient
 bin/radconf2xml
@@ -45,119 +45,119 @@ include/freeradius/token.h
 include/freeradius/udpfromto.h
 include/freeradius/vmps.h
 include/freeradius/vqp.h
-lib/libfreeradius-eap-${RADVER}.la
+lib/libfreeradius-eap-${PKGVERSION}.la
 lib/libfreeradius-eap.la
-lib/libfreeradius-radius-${RADVERALT}.la
+lib/libfreeradius-radius-020210.la
 lib/libfreeradius-radius.la
-lib/rlm_acct_unique-${RADVER}.la
+lib/rlm_acct_unique-${PKGVERSION}.la
 lib/rlm_acct_unique.la
-lib/rlm_acctlog-${RADVER}.la
+lib/rlm_acctlog-${PKGVERSION}.la
 lib/rlm_acctlog.la
-lib/rlm_always-${RADVER}.la
+lib/rlm_always-${PKGVERSION}.la
 lib/rlm_always.la
-lib/rlm_attr_filter-${RADVER}.la
+lib/rlm_attr_filter-${PKGVERSION}.la
 lib/rlm_attr_filter.la
-lib/rlm_attr_rewrite-${RADVER}.la
+lib/rlm_attr_rewrite-${PKGVERSION}.la
 lib/rlm_attr_rewrite.la
-lib/rlm_cache-${RADVER}.la
+lib/rlm_cache-${PKGVERSION}.la
 lib/rlm_cache.la
-lib/rlm_chap-${RADVER}.la
+lib/rlm_chap-${PKGVERSION}.la
 lib/rlm_chap.la
-lib/rlm_checkval-${RADVER}.la
+lib/rlm_checkval-${PKGVERSION}.la
 lib/rlm_checkval.la
-lib/rlm_copy_packet-${RADVER}.la
+lib/rlm_copy_packet-${PKGVERSION}.la
 lib/rlm_copy_packet.la
-${PLIST.gdbm}lib/rlm_counter-${RADVER}.la
+${PLIST.gdbm}lib/rlm_counter-${PKGVERSION}.la
 ${PLIST.gdbm}lib/rlm_counter.la
-${PLIST.dbm}lib/rlm_dbm-${RADVER}.la
+${PLIST.dbm}lib/rlm_dbm-${PKGVERSION}.la
 ${PLIST.dbm}lib/rlm_dbm.la
-lib/rlm_detail-${RADVER}.la
+lib/rlm_detail-${PKGVERSION}.la
 lib/rlm_detail.la
-lib/rlm_digest-${RADVER}.la
+lib/rlm_digest-${PKGVERSION}.la
 lib/rlm_digest.la
-lib/rlm_dynamic_clients-${RADVER}.la
+lib/rlm_dynamic_clients-${PKGVERSION}.la
 lib/rlm_dynamic_clients.la
-lib/rlm_eap-${RADVER}.la
+lib/rlm_eap-${PKGVERSION}.la
 lib/rlm_eap.la
-lib/rlm_eap_gtc-${RADVER}.la
+lib/rlm_eap_gtc-${PKGVERSION}.la
 lib/rlm_eap_gtc.la
-lib/rlm_eap_leap-${RADVER}.la
+lib/rlm_eap_leap-${PKGVERSION}.la
 lib/rlm_eap_leap.la
-lib/rlm_eap_md5-${RADVER}.la
+lib/rlm_eap_md5-${PKGVERSION}.la
 lib/rlm_eap_md5.la
-lib/rlm_eap_mschapv2-${RADVER}.la
+lib/rlm_eap_mschapv2-${PKGVERSION}.la
 lib/rlm_eap_mschapv2.la
-lib/rlm_eap_peap-${RADVER}.la
+lib/rlm_eap_peap-${PKGVERSION}.la
 lib/rlm_eap_peap.la
-lib/rlm_eap_sim-${RADVER}.la
+lib/rlm_eap_sim-${PKGVERSION}.la
 lib/rlm_eap_sim.la
-lib/rlm_eap_tls-${RADVER}.la
+lib/rlm_eap_tls-${PKGVERSION}.la
 lib/rlm_eap_tls.la
-lib/rlm_eap_ttls-${RADVER}.la
+lib/rlm_eap_ttls-${PKGVERSION}.la
 lib/rlm_eap_ttls.la
-lib/rlm_exec-${RADVER}.la
+lib/rlm_exec-${PKGVERSION}.la
 lib/rlm_exec.la
-lib/rlm_expiration-${RADVER}.la
+lib/rlm_expiration-${PKGVERSION}.la
 lib/rlm_expiration.la
-lib/rlm_expr-${RADVER}.la
+lib/rlm_expr-${PKGVERSION}.la
 lib/rlm_expr.la
-lib/rlm_fastusers-${RADVER}.la
+lib/rlm_fastusers-${PKGVERSION}.la
 lib/rlm_fastusers.la
-lib/rlm_files-${RADVER}.la
+lib/rlm_files-${PKGVERSION}.la
 lib/rlm_files.la
-lib/rlm_ippool-${RADVER}.la
+lib/rlm_ippool-${PKGVERSION}.la
 lib/rlm_ippool.la
-${PLIST.kerberos}lib/rlm_krb5-${RADVER}.la
+${PLIST.kerberos}lib/rlm_krb5-${PKGVERSION}.la
 ${PLIST.kerberos}lib/rlm_krb5.la
-${PLIST.ldap}lib/rlm_ldap-${RADVER}.la
+${PLIST.ldap}lib/rlm_ldap-${PKGVERSION}.la
 ${PLIST.ldap}lib/rlm_ldap.la
-lib/rlm_linelog-${RADVER}.la
+lib/rlm_linelog-${PKGVERSION}.la
 lib/rlm_linelog.la
-lib/rlm_logintime-${RADVER}.la
+lib/rlm_logintime-${PKGVERSION}.la
 lib/rlm_logintime.la
-lib/rlm_mschap-${RADVER}.la
+lib/rlm_mschap-${PKGVERSION}.la
 lib/rlm_mschap.la
-lib/rlm_otp-${RADVER}.la
+lib/rlm_otp-${PKGVERSION}.la
 lib/rlm_otp.la
-${PLIST.pam}lib/rlm_pam-${RADVER}.la
+${PLIST.pam}lib/rlm_pam-${PKGVERSION}.la
 ${PLIST.pam}lib/rlm_pam.la
-lib/rlm_pap-${RADVER}.la
+lib/rlm_pap-${PKGVERSION}.la
 lib/rlm_pap.la
-lib/rlm_passwd-${RADVER}.la
+lib/rlm_passwd-${PKGVERSION}.la
 lib/rlm_passwd.la
-${PLIST.perl}lib/rlm_perl-${RADVER}.la
+${PLIST.perl}lib/rlm_perl-${PKGVERSION}.la
 ${PLIST.perl}lib/rlm_perl.la
-${PLIST.pgsql}lib/rlm_sql_postgresql-${RADVER}.la
-${PLIST.pgsql}lib/rlm_sql_postgresql.la
-lib/rlm_policy-${RADVER}.la
+lib/rlm_policy-${PKGVERSION}.la
 lib/rlm_policy.la
-lib/rlm_preprocess-${RADVER}.la
+lib/rlm_preprocess-${PKGVERSION}.la
 lib/rlm_preprocess.la
-lib/rlm_radutmp-${RADVER}.la
+lib/rlm_radutmp-${PKGVERSION}.la
 lib/rlm_radutmp.la
-lib/rlm_realm-${RADVER}.la
+lib/rlm_realm-${PKGVERSION}.la
 lib/rlm_realm.la
-lib/rlm_replicate-${RADVER}.la
+lib/rlm_replicate-${PKGVERSION}.la
 lib/rlm_replicate.la
-lib/rlm_soh-${RADVER}.la
+lib/rlm_soh-${PKGVERSION}.la
 lib/rlm_soh.la
-lib/rlm_sql-${RADVER}.la
+lib/rlm_sql-${PKGVERSION}.la
 lib/rlm_sql.la
-${PLIST.iodbc}lib/rlm_sql_iodbc-${RADVER}.la
+${PLIST.iodbc}lib/rlm_sql_iodbc-${PKGVERSION}.la
 ${PLIST.iodbc}lib/rlm_sql_iodbc.la
-lib/rlm_sql_log-${RADVER}.la
+lib/rlm_sql_log-${PKGVERSION}.la
 lib/rlm_sql_log.la
-${PLIST.mysql}lib/rlm_sql_mysql-${RADVER}.la
+${PLIST.mysql}lib/rlm_sql_mysql-${PKGVERSION}.la
 ${PLIST.mysql}lib/rlm_sql_mysql.la
-${PLIST.unixodbc}lib/rlm_sql_unixodbc-${RADVER}.la
+${PLIST.pgsql}lib/rlm_sql_postgresql-${PKGVERSION}.la
+${PLIST.pgsql}lib/rlm_sql_postgresql.la
+${PLIST.unixodbc}lib/rlm_sql_unixodbc-${PKGVERSION}.la
 ${PLIST.unixodbc}lib/rlm_sql_unixodbc.la
-lib/rlm_sqlcounter-${RADVER}.la
+lib/rlm_sqlcounter-${PKGVERSION}.la
 lib/rlm_sqlcounter.la
-lib/rlm_sqlippool-${RADVER}.la
+lib/rlm_sqlippool-${PKGVERSION}.la
 lib/rlm_sqlippool.la
-lib/rlm_unix-${RADVER}.la
+lib/rlm_unix-${PKGVERSION}.la
 lib/rlm_unix.la
-lib/rlm_wimax-${RADVER}.la
+lib/rlm_wimax-${PKGVERSION}.la
 lib/rlm_wimax.la
 man/man1/radclient.1
 man/man1/radeapclient.1
diff --git a/net/freeradius2/distinfo b/net/freeradius2/distinfo
index a062cd13cf6..9c5df716801 100644
--- a/net/freeradius2/distinfo
+++ b/net/freeradius2/distinfo
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.19 2017/03/23 17:06:57 joerg Exp $
+$NetBSD: distinfo,v 1.20 2019/07/04 12:26:48 adam Exp $
 
-SHA1 (freeradius-server-2.2.9.tar.bz2) = 730a5b681b375800a85c935cc2f34c5ba3aa951b
-RMD160 (freeradius-server-2.2.9.tar.bz2) = 4d3097e5d193a2268e81e3bde7cb6b75aed739c5
-SHA512 (freeradius-server-2.2.9.tar.bz2) = 6094e6c404c68cec2307c8d69980a057a09ee3fda49e7d5f5b6cf4a52432611cf2510786b98baf7e7d90e61caaf2ff45a9f63dbbc5c183cb8de4b1da72d946ac
-Size (freeradius-server-2.2.9.tar.bz2) = 2793005 bytes
+SHA1 (freeradius-server-2.2.10.tar.bz2) = 63ebd7b2b1526c0536a6754488e8b53b2e267e29
+RMD160 (freeradius-server-2.2.10.tar.bz2) = 65734eb9a9ab1671b4d64e0f12d60da4e35ce283
+SHA512 (freeradius-server-2.2.10.tar.bz2) = ef51722fbd586f3c85b276e99ae9adcd0d09293e380ffb94104d6256fc655d318fe71a220d3b14ef7559581b591a46fe69def322f41c87ffc43d1e4a321ee2b8
+Size (freeradius-server-2.2.10.tar.bz2) = 2794367 bytes
 SHA1 (patch-aa) = 07f28084b9d159a52014e31b5314827baaf07716
 SHA1 (patch-ab) = 306ee49b886d38341c2a94159ae033d2cff9c577
 SHA1 (patch-ac) = 689de3193b34f6ff169287a2512bda9691de6899