pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc
Module Name: pkgsrc
Committed By: manu
Date: Wed Jul 24 14:28:06 UTC 2024
Modified Files:
pkgsrc/doc: CHANGES-2024
pkgsrc/net/freeradius: Makefile Makefile.common PLIST distinfo
pkgsrc/net/freeradius/patches: patch-src_main_listen.c
patch-src_main_util.c
Added Files:
pkgsrc/net/freeradius/patches: patch-src_main_stats.c
Log Message:
Update freeradius to 3.2.5, with mitigations for BlastRADIUS
FreeRADIUS 3.2.5 Tue 09 Jul 2024 12:00:00 UTC urgency=high
Configuration changes
* BlastRADIUS mitigations have been added to the "security"
section. See "require_message_authenticator" and also
"limit_proxy_state".
* BlastRADIUS mitigations have been added to radclient.
See "man radclient", and the "-b" option.
Feature improvements
* TOTP now supports TOTP-Time-Offset for tokens with times that
are out of sync. See mods-available/totp
* radclient now supports forcing the Request Authenticator and ID
for Access-Request packets.
* Update dictionary.3gpp.
* Update advice on shared secrets, including suggesting a secure
method for generating useful secrets.
Bug fixes
* Allow proxying by pool / home server name to work with auth+acct servers
* Fix OpenSSL API usage which sometimes caused crash in MS-CHAP
Previously it would either always crash immediately, or never crash.
* Fix packet statistics. Stop double counting some packets,
and track packet statistics even if a socket is closed.
* Reverted patch in TTLS which broke compatibility with some systems.
* Don't crash in debug mode when multiple intermediate certs are used
Patch from Alexander Chernikov.
To generate a diff of this commit:
cvs rdiff -u -r1.4597 -r1.4598 pkgsrc/doc/CHANGES-2024
cvs rdiff -u -r1.124 -r1.125 pkgsrc/net/freeradius/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/net/freeradius/Makefile.common
cvs rdiff -u -r1.39 -r1.40 pkgsrc/net/freeradius/PLIST
cvs rdiff -u -r1.49 -r1.50 pkgsrc/net/freeradius/distinfo
cvs rdiff -u -r1.2 -r1.3 \
pkgsrc/net/freeradius/patches/patch-src_main_listen.c
cvs rdiff -u -r0 -r1.1 pkgsrc/net/freeradius/patches/patch-src_main_stats.c
cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/freeradius/patches/patch-src_main_util.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/doc/CHANGES-2024
diff -u pkgsrc/doc/CHANGES-2024:1.4597 pkgsrc/doc/CHANGES-2024:1.4598
--- pkgsrc/doc/CHANGES-2024:1.4597 Wed Jul 24 13:51:12 2024
+++ pkgsrc/doc/CHANGES-2024 Wed Jul 24 14:28:05 2024
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES-2024,v 1.4597 2024/07/24 13:51:12 ktnb Exp $
+$NetBSD: CHANGES-2024,v 1.4598 2024/07/24 14:28:05 manu Exp $
Changes to the packages collection and infrastructure in 2024:
@@ -7277,3 +7277,4 @@ Changes to the packages collection and i
Updated devel/swagger-codegen to 3.0.59 [schmonz 2024-07-24]
Added lang/pnut version 0.0.20240724 [schmonz 2024-07-24]
Updated mail/aerc to 0.18.1 [ktnb 2024-07-24]
+ Updated net/freeradius to 3.2.5 [manu 2024-07-24]
Index: pkgsrc/net/freeradius/Makefile
diff -u pkgsrc/net/freeradius/Makefile:1.124 pkgsrc/net/freeradius/Makefile:1.125
--- pkgsrc/net/freeradius/Makefile:1.124 Wed Jun 19 08:46:33 2024
+++ pkgsrc/net/freeradius/Makefile Wed Jul 24 14:28:05 2024
@@ -1,5 +1,6 @@
-# $NetBSD: Makefile,v 1.124 2024/06/19 08:46:33 adam Exp $
+# $NetBSD: Makefile,v 1.125 2024/07/24 14:28:05 manu Exp $
+#PKGREVISION= 1
.include "Makefile.common"
PKGNAME= ${DISTNAME:S/-server//}
@@ -49,13 +50,18 @@ SUBST_MESSAGE.secconf= Substituting user
SUBST_FILES.secconf= raddb/radiusd.conf
SUBST_VARS.secconf= RADIUS_USER RADIUS_GROUP
+SUBST_CLASSES+= interp
+SUBST_MESSAGE.interp= Fixing interpreter.
+SUBST_STAGE.interp= pre-configure
+SUBST_FILES.interp= src/main/radsecret
+SUBST_SED.interp= -e 's,/usr/bin/env perl,${PERL5},'
+
FILES_SUBST+= RADIUS_USER=${RADIUS_USER} RADIUS_GROUP=${RADIUS_GROUP}
MESSAGE_SUBST+= BOOTSTRAP=${PKG_SYSCONFDIR}/certs/bootstrap
+REPLACE_PERL+= src/modules/rlm_counter/rad_counter
REPLACE_PERL+= scripts/sql/radsqlrelay
REPLACE_PERL+= scripts/sql/rlm_sqlippool_tool
-REPLACE_PERL+= src/main/radsecret
-REPLACE_PERL+= src/modules/rlm_counter/rad_counter
EGDIR= ${PREFIX}/share/examples/freeradius
Index: pkgsrc/net/freeradius/Makefile.common
diff -u pkgsrc/net/freeradius/Makefile.common:1.14 pkgsrc/net/freeradius/Makefile.common:1.15
--- pkgsrc/net/freeradius/Makefile.common:1.14 Wed Jun 19 08:46:33 2024
+++ pkgsrc/net/freeradius/Makefile.common Wed Jul 24 14:28:05 2024
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile.common,v 1.14 2024/06/19 08:46:33 adam Exp $
+# $NetBSD: Makefile.common,v 1.15 2024/07/24 14:28:05 manu Exp $
# used by net/freeradius/Makefile.module
-DISTNAME= freeradius-server-3.2.4
+DISTNAME= freeradius-server-3.2.5
CATEGORIES= net
MASTER_SITES= ftp://ftp.freeradius.org/pub/freeradius/
EXTRACT_SUFX= .tar.bz2
Index: pkgsrc/net/freeradius/PLIST
diff -u pkgsrc/net/freeradius/PLIST:1.39 pkgsrc/net/freeradius/PLIST:1.40
--- pkgsrc/net/freeradius/PLIST:1.39 Wed Jun 19 08:46:33 2024
+++ pkgsrc/net/freeradius/PLIST Wed Jul 24 14:28:05 2024
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.39 2024/06/19 08:46:33 adam Exp $
+@comment $NetBSD: PLIST,v 1.40 2024/07/24 14:28:05 manu Exp $
bin/dhcpclient
bin/map_unit
bin/rad_counter
Index: pkgsrc/net/freeradius/distinfo
diff -u pkgsrc/net/freeradius/distinfo:1.49 pkgsrc/net/freeradius/distinfo:1.50
--- pkgsrc/net/freeradius/distinfo:1.49 Wed Jun 19 08:46:33 2024
+++ pkgsrc/net/freeradius/distinfo Wed Jul 24 14:28:05 2024
@@ -1,12 +1,13 @@
-$NetBSD: distinfo,v 1.49 2024/06/19 08:46:33 adam Exp $
+$NetBSD: distinfo,v 1.50 2024/07/24 14:28:05 manu Exp $
-BLAKE2s (freeradius-server-3.2.4.tar.bz2) = 4f7e10f514d93110cf16e7ec3c1c9ee6d945bd0e84a1cc22367b114458a4fa12
-SHA512 (freeradius-server-3.2.4.tar.bz2) = f0a0ebec906d72e44740cf66069cd8d29d93703bfb976dbb1b7ce062eb86cc2977af167577b908677a8dd4a0d9ee708605d08eb2f0f77f6feb5a0b1a244833fb
-Size (freeradius-server-3.2.4.tar.bz2) = 3495607 bytes
+BLAKE2s (freeradius-server-3.2.5.tar.bz2) = 816ed77e5886f95bba6e31e2696e2bd899598d8ca46e5705e5d53362d898bfa2
+SHA512 (freeradius-server-3.2.5.tar.bz2) = 55e653630674a957dcd52ae58e5fd7b5a510b84aaa80e0552bce8089221e02f652618b53753f438981472a5f47df7c8426b9a5ecda0b06ad9f4c25b23604c86b
+Size (freeradius-server-3.2.5.tar.bz2) = 3498950 bytes
SHA1 (patch-configure) = ddafb5aafec43d2c9d2c81a824fa514224243ac0
SHA1 (patch-configure.ac) = ffec1f851d23f560797c12eba5092f2940e4d662
SHA1 (patch-raddb_radiusd.conf.in) = 353cbed35013777bf055a77cc610b50a637ae7b7
SHA1 (patch-src_lib_udpfromto.c) = 2457f0a7223b1f3ef86d0af020290b26380e6319
SHA1 (patch-src_main_command.c) = 1c79b29eb13df341906c710c8dd41860a27473dd
-SHA1 (patch-src_main_listen.c) = 6516ae11e82cc292f2b306f235b812fff317ba0b
-SHA1 (patch-src_main_util.c) = e8814255c32c8469e81d62f2c7092e8d42744e85
+SHA1 (patch-src_main_listen.c) = 73999cf056fa6458809eed17e1c7754763a67a94
+SHA1 (patch-src_main_stats.c) = 1647c8337660ac81ef78ee77db8ddc428f81c416
+SHA1 (patch-src_main_util.c) = 0262dd82992e21715f844e1ab50e2328aa10a471
Index: pkgsrc/net/freeradius/patches/patch-src_main_listen.c
diff -u pkgsrc/net/freeradius/patches/patch-src_main_listen.c:1.2 pkgsrc/net/freeradius/patches/patch-src_main_listen.c:1.3
--- pkgsrc/net/freeradius/patches/patch-src_main_listen.c:1.2 Wed Jun 19 08:46:33 2024
+++ pkgsrc/net/freeradius/patches/patch-src_main_listen.c Wed Jul 24 14:28:05 2024
@@ -1,15 +1,17 @@
-$NetBSD: patch-src_main_listen.c,v 1.2 2024/06/19 08:46:33 adam Exp $
+$NetBSD: patch-src_main_listen.c,v 1.3 2024/07/24 14:28:05 manu Exp $
Fix missing SOL_TCP for other platforms.
---- src/main/listen.c.orig 2024-05-29 16:18:18.000000000 +0000
-+++ src/main/listen.c
-@@ -55,7 +55,7 @@ RCSID("$Id: dbb2167e28189720df35cbf677ff
+--- src/main/listen.c.orig 2024-07-08 22:29:24.000000000 +0200
++++ src/main/listen.c 2024-07-19 15:39:10.917760544 +0200
+@@ -54,9 +54,9 @@
+
#ifdef WITH_TLS
#include <netinet/tcp.h>
-# if defined(__APPLE__) || defined(__FreeBSD__) || defined(__illumos__) || defined(__sun__)
-+# if defined(__APPLE__) || defined(__FreeBSD__) || defined(__illumos__) || defined(__sun__) || defined(__NetBSD__)
++# if defined(__APPLE__) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__illumos__) || defined(__sun__)
# if !defined(SOL_TCP) && defined(IPPROTO_TCP)
# define SOL_TCP IPPROTO_TCP
# endif
+ # endif
Index: pkgsrc/net/freeradius/patches/patch-src_main_util.c
diff -u pkgsrc/net/freeradius/patches/patch-src_main_util.c:1.1 pkgsrc/net/freeradius/patches/patch-src_main_util.c:1.2
--- pkgsrc/net/freeradius/patches/patch-src_main_util.c:1.1 Fri Jun 25 11:42:48 2021
+++ pkgsrc/net/freeradius/patches/patch-src_main_util.c Wed Jul 24 14:28:05 2024
@@ -1,10 +1,11 @@
-$NetBSD: patch-src_main_util.c,v 1.1 2021/06/25 11:42:48 adam Exp $
+$NetBSD: patch-src_main_util.c,v 1.2 2024/07/24 14:28:05 manu Exp $
O_DIRECTORY to open(2) is a Linuxism.
---- src/main/util.c.orig 2016-09-29 15:19:48.000000000 +0000
-+++ src/main/util.c
-@@ -31,6 +31,14 @@ RCSID("$Id: 22299f8c8d6bc98616fa025ee3da
+--- src/main/util.c.orig 2024-07-08 22:29:24.000000000 +0200
++++ src/main/util.c 2024-07-19 11:18:24.524415048 +0200
+@@ -30,8 +30,16 @@
+ #include <sys/stat.h>
#include <fcntl.h>
/*
@@ -19,3 +20,4 @@ O_DIRECTORY to open(2) is a Linuxism.
* The signal() function in Solaris 2.5.1 sets SA_NODEFER in
* sa_flags, which causes grief if signal() is called in the
* handler before the cause of the signal has been cleared.
+ * (Infinite recursion).
Added files:
Index: pkgsrc/net/freeradius/patches/patch-src_main_stats.c
diff -u /dev/null pkgsrc/net/freeradius/patches/patch-src_main_stats.c:1.1
--- /dev/null Wed Jul 24 14:28:06 2024
+++ pkgsrc/net/freeradius/patches/patch-src_main_stats.c Wed Jul 24 14:28:05 2024
@@ -0,0 +1,33 @@
+$NetBSD: patch-src_main_stats.c,v 1.1 2024/07/24 14:28:05 manu Exp $
+
+From upstream
+https://github.com/FreeRADIUS/freeradius-server/commit/3a9449539e4c5a74c85685cad6abe6edf412f701
+
+From 3a9449539e4c5a74c85685cad6abe6edf412f701 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland%freeradius.org@localhost>
+Date: Wed, 10 Jul 2024 09:29:39 -0400
+Subject: [PATCH] ignore home server "ping" packets. Fixes #5363
+
+---
+ src/main/stats.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/main/stats.c b/src/main/stats.c
+index 29f2c48f4b9c..64cbafea931f 100644
+--- ./src/main/stats.c.orig
++++ ./src/main/stats.c
+@@ -95,6 +95,14 @@ void request_stats_final(REQUEST *request)
+
+ if ((request->options & RAD_REQUEST_OPTION_STATS) != 0) return;
+
++ /*
++ * This packet was originated by the server, and not
++ * received from a client. It's a status-server or home
++ * server "ping" packet. So we ignore it for statistics
++ * purposes.
++ */
++ if (!request->packet) return;
++
+ /* don't count statistic requests */
+ if (request->packet->code == PW_CODE_STATUS_SERVER) {
+ return;
Home |
Main Index |
Thread Index |
Old Index