diff options
| author | jnemeth <jnemeth> | 2012-11-23 01:31:18 +0000 |
|---|---|---|
| committer | jnemeth <jnemeth> | 2012-11-23 01:31:18 +0000 |
| commit | 54b7b9b05c9d0ddf3d557638f0cacc17c6d58442 (patch) | |
| tree | af8ce86cdf402c8ee1bf746866be7ef7350fc796 /net/freeradius2 | |
| parent | afddbce0fe280b821cd5823f34f27c377053bed7 (diff) | |
| download | pkgsrc-54b7b9b05c9d0ddf3d557638f0cacc17c6d58442.tar.gz | |
Upgrade to freeradius 2.2.0:
FreeRADIUS 2.2.0 Mon 10 Sep 2012 12:00:00 CEST, urgency=medium
Feature improvements
* 100% configuration file compatible with 2.1.x.
The only fix needed is to disallow "hashsize=0" for rlm_passwd
* Update Aruba, Alcatel Lucent, APC, BT, PaloAlto, Pureware,
Redback, and Mikrotik dictionaries
* Switch to using SHA1 for certificate digests instead of MD5.
See raddb/certs/*.cnf
* Added copyright statements to the dictionaries, so that we know
when people are using them.
* Better documentation for radrelay and detail file writer.
See raddb/modules/radrelay and raddb/radrelay.conf
* Added TLS-Cert-Subject-Alt-Name-Email from patch by Luke Howard
* Added -F <file> to radwho
* Added query timeouts to MySQL driver. Patch from Brian De Wolf.
* Add /etc/default/freeradius to debian package.
Patch from Matthew Newton
* Finalize DHCP and DHCP relay code. It should now work everywhere.
See raddb/sites-available/dhcp, src_ipaddr and src_interface.
* DHCP capabilitiies are now compiled in by default.
It runs as a DHCP server ONLY when manually enabled.
* Added one letter expansions: %G - request minute and %I request
ID.
* Added script to convert ISC DHCP lease files to SQL pools.
See scripts/isc2ippool.pl
* Added rlm_cache to cache arbitrary attributes.
* Added max_use to rlm_ldap to force connection to be re-established
after a given number of queries.
* Added configtest option to Debian init scripts, and automatic
config test on restart.
* Added cache config item to rlm_krb5. When set to "no" ticket
caching is disabled which may increase performance.
Bug fixes
* Fix CVE-2012-3547. All users of 2.1.10, 2.1.11, 2.1.12,
and 802.1X should upgrade immediately.
* Fix typo in detail file writer, to skip writing if the packet
was read from this detail file.
* Free cached replies when closing resumed SSL sessions.
* Fix a number of issues found by Coverity.
* Fix memory leak and race condition in the EAP-TLS session cache.
Thanks to Phil Mayers for tracking down OpenSSL APIs.
* Restrict ATTRIBUTE names to character sets that make sense.
* Fix EAP-TLS session Id length so that OpenSSL doesn't get
excited.
* Fix SQL IPPool logic for non-timer attributes. Closes bug #181
* Change some informational messages to DEBUG rather than error.
* Portability fixes for FreeBSD. Closes bug #177
* A much better fix for the _lt__PROGRAM__LTX_preloaded_symbols
nonsense.
* Safely handle extremely long lines in conf file variable expansion
* Fix for Debian bug #606450
* Mutex lock around rlm_perl Clone routines. Patch from Eike Dehling
* The passwd module no longer permits "hashsize = 0". Setting that
is pointless for a host of reasons. It will also break the server.
* Fix proxied inner-tunnel packets sometimes having zero authentication
vector. Found by Brian Julin.
* Added $(EXEEXT) to Makefiles for portability. Closes bug #188.
* Fix minor build issue which would cause rlm_eap to be built twice.
* When using "status_check=request" for a home server, the username
and password must be specified, or the server will not start.
* EAP-SIM now calculates keys from the SIM identity, not from the
EAP-Identity. Changing the EAP type via NAK may result in
identities changing. Bug reported by Microsoft EAP team.
* Use home server src_ipaddr when sending Status-Server packets
* Decrypt encrypted ERX attributes in CoA packets.
* Fix registration of internal xlat's so %{mschap:...} doesn't
disappear after a HUP.
* Can now reference tagged attributes in expansions.
e.g. %{Tunnel-Type:1} and %{Tunnel-Type:1[0]} now work.
* Correct calculation of Message-Authenticator for CoA and Disconnect
replies. Patch from Jouni Malinen
* Install rad_counter, for managing rlm_counter files.
* Add unique index constraint to all SQL flavours so that alternate
queries work correctly.
* The TTLS diameter decoder is now more lenient. It ignores
unknown attributes, instead of rejecting the TTLS session.
* Use "globfree" in detail file reader. Prevents very slow leak.
Closes bug #207.
* Operator =~ shouldn't copy the attribute, like :=. It should
instead behave more like ==.
* Build main Debian package without SQL dependencies
* Use max_queue_size in threading code
* Update permissions in raddb/sql/postgresql/admin.sql
* Added OpenSSL_add_all_algorithms() to fix issues where OpenSSL
wouldn't use methods it knew about.
* Add more sanity checks in dynamic_clients code so the server won't
crash if it attempts to load a badly formated client definition.
Diffstat (limited to 'net/freeradius2')
| -rw-r--r-- | net/freeradius2/Makefile | 8 | ||||
| -rw-r--r-- | net/freeradius2/PLIST | 24 | ||||
| -rw-r--r-- | net/freeradius2/distinfo | 11 | ||||
| -rw-r--r-- | net/freeradius2/patches/patch-ai | 16 | ||||
| -rw-r--r-- | net/freeradius2/patches/patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls.c | 15 |
5 files changed, 35 insertions, 39 deletions
diff --git a/net/freeradius2/Makefile b/net/freeradius2/Makefile index f4057c63c5d..1a9618a0b4f 100644 --- a/net/freeradius2/Makefile +++ b/net/freeradius2/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.26 2012/10/23 17:18:21 asau Exp $ +# $NetBSD: Makefile,v 1.27 2012/11/23 01:31:18 jnemeth Exp $ DISTNAME= freeradius-server-${RADVER} PKGNAME= ${DISTNAME:S/-server//} -PKGREVISION= 5 CATEGORIES= net MASTER_SITES= ftp://ftp.freeradius.org/pub/freeradius/ EXTRACT_SUFX= .tar.bz2 @@ -45,7 +44,7 @@ OWN_DIRS_PERMS+= ${VARBASE}/log/radiusd \ OWN_DIRS_PERMS+= ${VARBASE}/log/radiusd/radacct \ ${RADIUS_USER} ${RADIUS_GROUP} 0750 -RADVER= 2.1.12 +RADVER= 2.2.0 EGDIR= ${PREFIX}/share/examples/freeradius BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.7 @@ -63,7 +62,8 @@ CONFIGURE_ARGS+= --without-rlm_sql_oracle CONFIGURE_ARGS+= --without-rlm_sql_unixodbc MAKE_ENV+= R=${DESTDIR} -REPLACE_PERL= scripts/radsqlrelay +REPLACE_PERL= src/modules/rlm_counter/rad_counter +REPLACE_PERL+= scripts/radsqlrelay SUBST_CLASSES+= make SUBST_STAGE.make= post-patch diff --git a/net/freeradius2/PLIST b/net/freeradius2/PLIST index a049b6d6a29..855ee69bb9c 100644 --- a/net/freeradius2/PLIST +++ b/net/freeradius2/PLIST @@ -1,4 +1,5 @@ -@comment $NetBSD: PLIST,v 1.14 2012/04/03 01:38:18 obache Exp $ +@comment $NetBSD: PLIST,v 1.15 2012/11/23 01:31:18 jnemeth Exp $ +bin/rad_counter bin/radclient bin/radconf2xml bin/radcrypt @@ -56,6 +57,8 @@ lib/rlm_attr_filter-${RADVER}.la lib/rlm_attr_filter.la lib/rlm_attr_rewrite-${RADVER}.la lib/rlm_attr_rewrite.la +lib/rlm_cache-${RADVER}.la +lib/rlm_cache.la lib/rlm_chap-${RADVER}.la lib/rlm_chap.la lib/rlm_checkval-${RADVER}.la @@ -112,8 +115,6 @@ lib/rlm_logintime-${RADVER}.la lib/rlm_logintime.la lib/rlm_mschap-${RADVER}.la lib/rlm_mschap.la -${PLIST.mysql}lib/rlm_sql_mysql-${RADVER}.la -${PLIST.mysql}lib/rlm_sql_mysql.la lib/rlm_otp-${RADVER}.la lib/rlm_otp.la ${PLIST.pam}lib/rlm_pam-${RADVER}.la @@ -144,6 +145,8 @@ ${PLIST.iodbc}lib/rlm_sql_iodbc-${RADVER}.la ${PLIST.iodbc}lib/rlm_sql_iodbc.la lib/rlm_sql_log-${RADVER}.la lib/rlm_sql_log.la +${PLIST.mysql}lib/rlm_sql_mysql-${RADVER}.la +${PLIST.mysql}lib/rlm_sql_mysql.la ${PLIST.unixodbc}lib/rlm_sql_unixodbc-${RADVER}.la ${PLIST.unixodbc}lib/rlm_sql_unixodbc.la lib/rlm_sqlcounter-${RADVER}.la @@ -152,6 +155,8 @@ lib/rlm_sqlippool-${RADVER}.la lib/rlm_sqlippool.la lib/rlm_unix-${RADVER}.la lib/rlm_unix.la +lib/rlm_wimax-${RADVER}.la +lib/rlm_wimax.la man/man1/radclient.1 man/man1/radeapclient.1 man/man1/radlast.1 @@ -195,7 +200,7 @@ man/man8/radsniff.8 man/man8/radsqlrelay.8 man/man8/radwatch.8 man/man8/rlm_dbm_cat.8 -man/man8/rlm_dbm_parse.8 +man/man8/rlm_dbm_parser.8 man/man8/rlm_ippool_tool.8 sbin/checkrad sbin/raddebug @@ -267,7 +272,6 @@ share/doc/freeradius/rfc/rfc2866.txt share/doc/freeradius/rfc/rfc2867.txt share/doc/freeradius/rfc/rfc2868.txt share/doc/freeradius/rfc/rfc2869.txt -share/doc/freeradius/rfc/rfc2882.txt share/doc/freeradius/rfc/rfc2924.txt share/doc/freeradius/rfc/rfc3079.txt share/doc/freeradius/rfc/rfc3162.txt @@ -276,6 +280,7 @@ share/doc/freeradius/rfc/rfc3576.txt share/doc/freeradius/rfc/rfc3579.txt share/doc/freeradius/rfc/rfc3580.txt share/doc/freeradius/rfc/rfc3748.txt +share/doc/freeradius/rfc/rfc4282.txt share/doc/freeradius/rfc/rfc4372.txt share/doc/freeradius/rfc/rfc4590.txt share/doc/freeradius/rfc/rfc4668.txt @@ -399,7 +404,6 @@ share/examples/freeradius/sites-available/robust-proxy-accounting share/examples/freeradius/sites-available/status share/examples/freeradius/sites-available/virtual.example.com share/examples/freeradius/sites-available/vmps -@pkgdir share/examples/freeradius/sites-enabled share/examples/freeradius/sql.conf share/examples/freeradius/sql/mssql/dialup.conf share/examples/freeradius/sql/mssql/schema.sql @@ -457,8 +461,10 @@ share/freeradius/dictionary.azaire share/freeradius/dictionary.bay share/freeradius/dictionary.bintec share/freeradius/dictionary.bristol +share/freeradius/dictionary.bt share/freeradius/dictionary.cablelabs share/freeradius/dictionary.cabletron +share/freeradius/dictionary.camiant share/freeradius/dictionary.chillispot share/freeradius/dictionary.cisco share/freeradius/dictionary.cisco.bbsm @@ -476,6 +482,7 @@ share/freeradius/dictionary.epygi share/freeradius/dictionary.ericsson share/freeradius/dictionary.erx share/freeradius/dictionary.extreme +share/freeradius/dictionary.f5 share/freeradius/dictionary.fortinet share/freeradius/dictionary.foundry share/freeradius/dictionary.freeradius @@ -517,9 +524,11 @@ share/freeradius/dictionary.nortel share/freeradius/dictionary.ntua share/freeradius/dictionary.openser share/freeradius/dictionary.packeteer +share/freeradius/dictionary.paloalto share/freeradius/dictionary.patton share/freeradius/dictionary.propel share/freeradius/dictionary.prosoft +share/freeradius/dictionary.purewave share/freeradius/dictionary.quiconnect share/freeradius/dictionary.quintum share/freeradius/dictionary.redback @@ -541,6 +550,7 @@ share/freeradius/dictionary.rfc4818 share/freeradius/dictionary.rfc4849 share/freeradius/dictionary.rfc5090 share/freeradius/dictionary.rfc5176 +share/freeradius/dictionary.rfc5447 share/freeradius/dictionary.rfc5580 share/freeradius/dictionary.rfc5607 share/freeradius/dictionary.rfc5904 @@ -559,6 +569,7 @@ share/freeradius/dictionary.symbol share/freeradius/dictionary.t_systems_nova share/freeradius/dictionary.telebit share/freeradius/dictionary.telkom +share/freeradius/dictionary.terena share/freeradius/dictionary.trapeze share/freeradius/dictionary.tropos share/freeradius/dictionary.ukerna @@ -578,3 +589,4 @@ share/freeradius/dictionary.wispr share/freeradius/dictionary.xedia share/freeradius/dictionary.xylan share/freeradius/dictionary.zyxel +@pkgdir share/examples/freeradius/sites-enabled diff --git a/net/freeradius2/distinfo b/net/freeradius2/distinfo index c5d91a61a34..3be76a8558a 100644 --- a/net/freeradius2/distinfo +++ b/net/freeradius2/distinfo @@ -1,15 +1,14 @@ -$NetBSD: distinfo,v 1.13 2012/09/12 18:37:09 bouyer Exp $ +$NetBSD: distinfo,v 1.14 2012/11/23 01:31:18 jnemeth Exp $ -SHA1 (freeradius-server-2.1.12.tar.bz2) = d80760f5ca854225e262954ce2505c22ef5fc6b2 -RMD160 (freeradius-server-2.1.12.tar.bz2) = f951119a54057d2948f6dc28faa4bb2434b416a1 -Size (freeradius-server-2.1.12.tar.bz2) = 2670611 bytes +SHA1 (freeradius-server-2.2.0.tar.bz2) = 8710b21972072241219f006d26f609cb58875cda +RMD160 (freeradius-server-2.2.0.tar.bz2) = 243569a7ad93b292439e6938be8102dba12b843d +Size (freeradius-server-2.2.0.tar.bz2) = 2703349 bytes SHA1 (patch-aa) = 90c0c676ea668e36851eeffc0f1703624d703339 SHA1 (patch-ab) = 7a23eb75a9818b073263fd36cbf17b692fa19a9f SHA1 (patch-ac) = b8219f72d43f3bc61aef2fd7731d53dfa4e555b5 SHA1 (patch-ae) = aa43b83ba991f510cee40cb65c3621e9d559d6dd -SHA1 (patch-ai) = b32fcb8a71f4c4437a47352e2b235d4c15554a01 +SHA1 (patch-ai) = d3baec3e140981bd0d793a10fb1162e201e565e0 SHA1 (patch-aj) = 865882e6e6e935276529b98616c9059c555272b9 SHA1 (patch-ak) = 751aba6a3f9716279f3a87871cf7008b7a921f9a SHA1 (patch-al) = 6d68e3e2d7dd50675f142be974b277da0f664c8b SHA1 (patch-man_man5_dictionary.5) = cc662beeb2351501c9761e4ce6fc8402c7907b30 -SHA1 (patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls.c) = 3e52710e8fa6276beb5ef59d1f6895d27374f3fc diff --git a/net/freeradius2/patches/patch-ai b/net/freeradius2/patches/patch-ai index c351fefc097..201c606202c 100644 --- a/net/freeradius2/patches/patch-ai +++ b/net/freeradius2/patches/patch-ai @@ -1,8 +1,8 @@ -$NetBSD: patch-ai,v 1.5 2009/10/11 09:18:25 adam Exp $ +$NetBSD: patch-ai,v 1.6 2012/11/23 01:31:18 jnemeth Exp $ ---- configure.orig 2009-09-14 16:43:29.000000000 +0200 +--- configure.orig 2012-09-10 11:51:34.000000000 +0000 +++ configure -@@ -20935,13 +20935,13 @@ fi +@@ -20961,13 +20961,13 @@ fi done @@ -19,16 +19,16 @@ $NetBSD: patch-ai,v 1.5 2009/10/11 09:18:25 adam Exp $ cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF -@@ -20998,7 +20998,7 @@ fi +@@ -21024,7 +21024,7 @@ fi echo "${ECHO_T}$ac_cv_lib_pthread_pthread_create" >&6; } if test $ac_cv_lib_pthread_pthread_create = yes; then CFLAGS="$CFLAGS -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS" -- LIBS="$LIBS -lpthread" -+ LIBS="$LIBS ${PTHREAD_LDFLAGS} ${PTHREAD_LIBS}" +- LIBS="-lpthread $LIBS" ++ LIBS="${PTHREAD_LDFLAGS} ${PTHREAD_LIBS} $LIBS" else { echo "$as_me:$LINENO: checking for pthread_create in -lc_r" >&5 echo $ECHO_N "checking for pthread_create in -lc_r... $ECHO_C" >&6; } -@@ -21466,7 +21466,7 @@ if test "${ac_cv_lib_ssl_SSL_new+set}" = +@@ -21493,7 +21493,7 @@ if test "${ac_cv_lib_ssl_SSL_new+set}" = echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS @@ -37,7 +37,7 @@ $NetBSD: patch-ai,v 1.5 2009/10/11 09:18:25 adam Exp $ cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF -@@ -25283,7 +25283,7 @@ gethostbyaddrrstyle="" +@@ -25556,7 +25556,7 @@ gethostbyaddrrstyle="" { echo "$as_me:$LINENO: checking gethostbyaddr_r() syntax" >&5 echo $ECHO_N "checking gethostbyaddr_r() syntax... $ECHO_C" >&6; } case "$host" in diff --git a/net/freeradius2/patches/patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls.c b/net/freeradius2/patches/patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls.c deleted file mode 100644 index e7247416e6e..00000000000 --- a/net/freeradius2/patches/patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls.c +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-src_modules_rlm_eap_types_rlm_eap_tls_rlm_eap_tls.c,v 1.1 2012/09/12 18:37:10 bouyer Exp $ -Fix CVE-2012-3547, from freerdius git repository: -https://github.com/alandekok/freeradius-server/commit/78e5aed56c36a9231bc91ea5f55b3edf88a9d2a4 - ---- src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c.orig 2012-09-12 20:17:15.000000000 +0200 -+++ src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 2012-09-12 20:17:18.000000000 +0200 -@@ -531,7 +531,7 @@ - */ - buf[0] = '\0'; - asn_time = X509_get_notAfter(client_cert); -- if ((lookup <= 1) && asn_time && (asn_time->length < MAX_STRING_LEN)) { -+ if ((lookup <= 1) && asn_time && (asn_time->length < sizeof(buf))) { - memcpy(buf, (char*) asn_time->data, asn_time->length); - buf[asn_time->length] = '\0'; - pairadd(&handler->certs, |