- Update to freeradius 1.0.4

- The security issues mentioned in this update were incorporated
  into patch-ak previously and a security advisory was already
  made in regards to this.
> FreeRADIUS 1.0.4 ; Date: 2005/06/11 22:46:52, urgency=medium
>
>         * Fix installation problem.
>         * Increase a buffer size, so radrelay doesn't truncate values.
>         * Updates in the documentation. Patches from Thor Spruyt.
>
> FreeRADIUS 1.0.3 ; Date: 2005/06/03 17:15:11, urgency=high
>         Security Fixes
>         * Always escape the strings in the SQL module.
>         * Check buffer bound when input character needs escaping in
>           the SQL module. Bug found by Primoz Bratanic.
>
>         Bug fixes
>         * Return EAP-Fail in Access-Reject, rather than an empty Access-Reject
>         * Don't send Proxy-State from home server in TTLS.
>         * Fixes for forking external programs, so the server doesn't
>           suddenly stop processing requests, or stop forking programs.
>         * radzap now works, but it's command-line options have changed
>           completely, and it's a shell script.
>         * radwho has updated command-line options, and no longer reads
>           Unix "utmp" files.
>         * Fix bug in calling checkrad script with NAS port > 9999999
>         * Fix long-standing bug when both crypt and pthreads are in use
>         * Don't SEGV when rlm_sql gets 'NULL' value from request.
>         * Re-arrange code in radrelay to not duplicate accounting packets.
>         * In rlm_attr_rewrite, change the value when the attribute type
>           is different from string.

4 files changed, 8 insertions, 100 deletions

diff --git a/net/freeradius/Makefile b/net/freeradius/Makefile
index beed546cfbd..4b33a358a6d 100644
--- a/net/freeradius/Makefile
+++ b/net/freeradius/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.29 2005/05/22 20:08:23 jlam Exp $
+# $NetBSD: Makefile,v 1.30 2005/07/09 17:25:00 adrianp Exp $
 
-DISTNAME=	freeradius-1.0.2
-PKGREVISION=	2
+DISTNAME=	freeradius-1.0.4
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.freeradius.org/pub/radius/ \
 		ftp://ftp.Awfulhak.org/pub/radius/
@@ -122,7 +121,6 @@ post-install:
 .	for f in ${EGFILES}
 		${INSTALL_DATA} ${WRKSRC}/raddb/${f} ${EGDIR}/${f}
 .	endfor
-.	undef f
 
 	@${MKDIR} ${PKG_SYSCONFDIR}/certs
 	@${MKDIR} ${PKG_SYSCONFDIR}/certs/demoCA
diff --git a/net/freeradius/PLIST b/net/freeradius/PLIST
index 8c71dde3cf2..d925b4b76ea 100644
--- a/net/freeradius/PLIST
+++ b/net/freeradius/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2005/05/02 20:34:02 reed Exp $
+@comment $NetBSD: PLIST,v 1.9 2005/07/09 17:25:00 adrianp Exp $
 bin/radclient
 bin/radeapclient
 bin/radlast
@@ -369,6 +369,7 @@ share/freeradius/dictionary.foundry
 share/freeradius/dictionary.freeradius
 share/freeradius/dictionary.gandalf
 share/freeradius/dictionary.garderos
+share/freeradius/dictionary.gemtek
 share/freeradius/dictionary.itk
 share/freeradius/dictionary.juniper
 share/freeradius/dictionary.karlnet
diff --git a/net/freeradius/distinfo b/net/freeradius/distinfo
index e906376846d..af3b4ecd173 100644
--- a/net/freeradius/distinfo
+++ b/net/freeradius/distinfo
@@ -1,9 +1,8 @@
-$NetBSD: distinfo,v 1.14 2005/05/18 21:58:45 adrianp Exp $
+$NetBSD: distinfo,v 1.15 2005/07/09 17:25:00 adrianp Exp $
 
-SHA1 (freeradius-1.0.2.tar.gz) = 5703fd8abb4f28c15d716bd1ec1e9cfe2e1e6c90
-RMD160 (freeradius-1.0.2.tar.gz) = 796da74e64da189d7d7520201c7c4139f9f478c4
-Size (freeradius-1.0.2.tar.gz) = 2208884 bytes
+SHA1 (freeradius-1.0.4.tar.gz) = f0c877ae80592609ada4875cf1b472c7742720fb
+RMD160 (freeradius-1.0.4.tar.gz) = b75a872ced9a461f3063f19d49546fc9ef86a225
+Size (freeradius-1.0.4.tar.gz) = 2209057 bytes
 SHA1 (patch-ae) = 0c1b6c79329f41c35e3a783e61cc205cb78a4773
 SHA1 (patch-ai) = bb4dafd3f6b961403caa955c9a09c271468ada36
 SHA1 (patch-aj) = 422c9dfbde08c26acf41a040c57508ab9725004e
-SHA1 (patch-ak) = ad272be635d6b27e5b986c3e9a06ef85484c1230
diff --git a/net/freeradius/patches/patch-ak b/net/freeradius/patches/patch-ak
deleted file mode 100644
index f5e80698007..00000000000
--- a/net/freeradius/patches/patch-ak
+++ /dev/null
@@ -1,90 +0,0 @@
-$NetBSD: patch-ak,v 1.3 2005/05/18 21:58:45 adrianp Exp $
-
---- src/modules/rlm_sql/rlm_sql.c.orig	2004-09-30 15:54:22.000000000 +0100
-+++ src/modules/rlm_sql/rlm_sql.c
-@@ -158,6 +158,7 @@ static int rlm_sql_init(void) {
-  */
- static int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username);
- static int generate_sql_clients(SQL_INST *inst);
-+static int sql_escape_func(char *out, int outlen, const char *in);
- 
- /*
-  *	sql xlat function. Right now only SELECTs are supported. Only
-@@ -184,7 +185,7 @@ static int sql_xlat(void *instance, REQU
- 	/*
- 	 * Do an xlat on the provided string (nice recursive operation).
- 	 */
--	if (!radius_xlat(querystr, sizeof(querystr), fmt, request, func)) {
-+	if (!radius_xlat(querystr, sizeof(querystr), fmt, request, sql_escape_func)) {
- 		radlog(L_ERR, "rlm_sql (%s): xlat failed.",
- 		       inst->config->xlat_name);
- 		return 0;
-@@ -409,18 +410,18 @@ static int sql_escape_func(char *out, in
- 
- 	while (in[0]) {
- 		/*
--		 *  Only one byte left.
--		 */
--		if (outlen <= 1) {
--			break;
--		}
--
--		/*
- 		 *	Non-printable characters get replaced with their
- 		 *	mime-encoded equivalents.
- 		 */
- 		if ((in[0] < 32) ||
- 		    strchr(allowed_chars, *in) == NULL) {
-+			/*
-+			 *	Only 3 or less bytes available.
-+			 */
-+			if (outlen <= 3) {
-+				break;
-+			}
-+
- 			snprintf(out, outlen, "=%02X", (unsigned char) in[0]);
- 			in++;
- 			out += 3;
-@@ -430,7 +431,14 @@ static int sql_escape_func(char *out, in
- 		}
- 
- 		/*
--		 *	Else it's a nice character.
-+		 *	Only one byte left.
-+		 */
-+		if (outlen <= 1) {
-+			break;
-+		}
-+
-+		/*
-+		 *	Allowed character.
- 		 */
- 		*out = *in;
- 		out++;
-@@ -517,7 +525,7 @@ static int sql_groupcmp(void *instance, 
- 	 */
- 	if (sql_set_user(inst, req, sqlusername, 0) < 0)
- 		return 1;
--	if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, NULL)){
-+	if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, sql_escape_func)){
- 		radlog(L_ERR, "rlm_sql (%s): xlat failed.",
- 		       inst->config->xlat_name);
- 		/* Remove the username we (maybe) added above */
-@@ -1149,7 +1157,7 @@ static int rlm_sql_checksimul(void *inst
- 	if(sql_set_user(inst, request, sqlusername, 0) <0)
- 		return RLM_MODULE_FAIL;
- 
--	radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, NULL);
-+	radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, sql_escape_func);
- 
- 	/* initialize the sql socket */
- 	sqlsocket = sql_get_socket(inst);
-@@ -1193,7 +1201,7 @@ static int rlm_sql_checksimul(void *inst
- 		return RLM_MODULE_OK;
- 	}
- 
--	radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, NULL);
-+	radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func);
- 	if(rlm_sql_select_query(sqlsocket, inst, querystr)) {
- 		radlog(L_ERR, "rlm_sql (%s): sql_checksimul: Database query error", inst->config->xlat_name);
- 		sql_release_socket(inst, sqlsocket);