Attachment #207378 for bug #240382




# $FreeBSD$

PORTNAME=	radsecproxy
PORTVERSION=	1.8.0
CATEGORIES=	net
MASTER_SITES=	GH

MAINTAINER=	m.tsatsenko@gmail.com
COMMENT=	Radsecproxy is a generic RADIUS proxy

LICENSE=	BSD3CLAUSE
LICENSE_COMB=	dual

LIB_DEPENDS=	libnettle.so:security/nettle
CPE_VENDOR=	nordunet

USES=		cpe tar:tgz ssl autoreconf localbase:ldflags

GNU_CONFIGURE=	yes
USE_GITHUB=	yes
USE_RC_SUBR=	${PORTNAME}
CONFIGURE_ARGS=	--with-ssl=${OPENSSLBASE}
CPE_VENDOR=	switch

.include <bsd.port.pre.mk>

.if ${SSL_DEFAULT} == base
BROKEN_FreeBSD_12=	incomplete definition of type 'struct ssl_st'
BROKEN_FreeBSD_13=	incomplete definition of type 'struct ssl_st'
.endif

post-install:
	${MAKE} install-man -C ${WRKSRC} ${MAKE_ARGS}
	${INSTALL_DATA} ${WRKSRC}/radsecproxy.conf-example \

Lines 1-3 Link Here

(-)distinfo (-3 / +3 lines)
1	TIMESTAMP = 1498780490	1	TIMESTAMP = 1567862289
2	SHA256 (radsecproxy-1.6.8.tar.xz) = 823ebee37c88974db93485ab67c449bc9fcd45117683f57d83b36e6bf16b6a8f	2	SHA256 (radsecproxy-radsecproxy-1.8.0_GH0.tar.gz) = 6b0316055b76001743c8f2c94e878979c76aea4c9327199f26ba74abba354d37
3	SIZE (radsecproxy-1.6.8.tar.xz) = 159928	3	SIZE (radsecproxy-radsecproxy-1.8.0_GH0.tar.gz) = 109914

Line 0 Link Here

(-)files/patch-dtls.c (+11 lines)
	1	--- dtls.c.orig 2019-07-04 06:42:58 UTC
	2	+++ dtls.c
	3	@@ -491,7 +491,7 @@ void dtlslistener(void arg) {
	4	BIO_set_fd(SSL_get_rbio(conf->tlsconf->dtlssslprep), s, BIO_NOCLOSE);
	5	}
	6
	7	-#if OPENSSL_VERSION_NUMBER < 0x10100000
	8	+#if (OPENSSL_VERSION_NUMBER < 0x10100000) \|\| defined(LIBRESSL_VERSION_NUMBER)
	9	if(DTLSv1_listen(conf->tlsconf->dtlssslprep, &from) > 0) {
	10	#else
	11	if(DTLSv1_listen(conf->tlsconf->dtlssslprep, (BIO_ADDR *)&from) > 0) {




--- radsecproxy.conf-example.orig	2019-07-04 06:42:58 UTC
+++ radsecproxy.conf-example
@@ -1,4 +1,4 @@
-# Master config file, must be in /usr/local/etc/radsecproxy or specified with -c option
+# Master config file, /usr/local/etc/radsecproxy.conf or specified with -c option
 #	All possible config options are listed below
 
 # First you may define any global options, these are:
@@ -91,12 +91,12 @@
 tls default {
     # You must specify at least one of CACertificateFile or CACertificatePath
     # for TLS to work. We always verify peer certificate (client and server)
-    # CACertificateFile    /etc/cacerts/CA.pem
-    CACertificatePath	/etc/cacerts
+    # CACertificateFile    /usr/local/etc/ssl/CA.pem
+    CACertificatePath	/usr/local/etc/ssl/cacerts
 
     # You must specify the below for TLS, we always present our certificate
-    CertificateFile	/etc/hostcertkey/host.example.com.pem
-    CertificateKeyFile	/etc/hostcertkey/host.example.com.key.pem
+    CertificateFile	/usr/local/etc/ssl/host.example.com.pem
+    CertificateKeyFile	/usr/local/etc/ssl/host.example.com.key.pem
     # Optionally specify password if key is encrypted (not very secure)
     CertificateKeyPassword	"follow the white rabbit"
     # Optionally enable CRL checking

Line 0 Link Here

(-)files/patch-rewrite.c (+10 lines)
	1	--- rewrite.c.orig 2019-07-04 06:42:58 UTC
	2	+++ rewrite.c
	3	@@ -5,6 +5,7 @@
	4	#include <stdlib.h>
	5	#include <string.h>
	6	#include <regex.h>
	7	+#include <arpa/inet.h>
	8	#include "debug.h"
	9	#include "gconfig.h"
	10	#include "hash.h"

Lines 3-6 Link Here

(-)pkg-descr (-1 / +1 lines)
3	DTLS. The aim is for the proxy to have sufficient features to be flexible,	3	DTLS. The aim is for the proxy to have sufficient features to be flexible,
4	while at the same time to be small, efficient and easy to configure.	4	while at the same time to be small, efficient and easy to configure.
5		5
6	WWW: https://software.nordu.net/radsecproxy/	6	WWW: https://radsecproxy.github.io

Lines 1-4 Link Here

(-)pkg-plist (+1 lines)
1	bin/radsecproxy-conf	1	bin/radsecproxy-conf
		2	bin/radsecproxy-hash
2	etc/radsecproxy.conf-example	3	etc/radsecproxy.conf-example
3	man/man1/radsecproxy-hash.1.gz	4	man/man1/radsecproxy-hash.1.gz
4	man/man1/radsecproxy.1.gz	5	man/man1/radsecproxy.1.gz

Return to bug 240382

Lines 2-31 Link Here

(-)Makefile (-11 / +8 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= radsecproxy	4	PORTNAME= radsecproxy
5	PORTVERSION= 1.6.8	5	PORTVERSION= 1.8.0
6	CATEGORIES= net	6	CATEGORIES= net
7	MASTER_SITES= https://software.nordu.net/radsecproxy/	7	MASTER_SITES= GH
8		8
9	MAINTAINER= m.tsatsenko@gmail.com	9	MAINTAINER= m.tsatsenko@gmail.com
10	COMMENT= Radsecproxy is a generic RADIUS proxy	10	COMMENT= Radsecproxy is a generic RADIUS proxy
11		11
12	LICENSE= GPLv2 BSD3CLAUSE	12	LICENSE= BSD3CLAUSE
13	LICENSE_COMB= dual
14		13
15	USES= cpe tar:xz ssl	14	LIB_DEPENDS= libnettle.so:security/nettle
16	CPE_VENDOR= nordunet
17		15
		16	USES= cpe tar:tgz ssl autoreconf localbase:ldflags
		17
18	GNU_CONFIGURE= yes	18	GNU_CONFIGURE= yes
		19	USE_GITHUB= yes
19	USE_RC_SUBR= ${PORTNAME}	20	USE_RC_SUBR= ${PORTNAME}
20	CONFIGURE_ARGS= --with-ssl=${OPENSSLBASE}	21	CONFIGURE_ARGS= --with-ssl=${OPENSSLBASE}
		22	CPE_VENDOR= switch
21		23
22	.include <bsd.port.pre.mk>	24	.include <bsd.port.pre.mk>
23		25
24	.if ${SSL_DEFAULT} == base
25	BROKEN_FreeBSD_12= incomplete definition of type 'struct ssl_st'
26	BROKEN_FreeBSD_13= incomplete definition of type 'struct ssl_st'
27	.endif
28
29	post-install:	26	post-install:
30	${MAKE} install-man -C ${WRKSRC} ${MAKE_ARGS}	27	${MAKE} install-man -C ${WRKSRC} ${MAKE_ARGS}
31	${INSTALL_DATA} ${WRKSRC}/radsecproxy.conf-example \	28	${INSTALL_DATA} ${WRKSRC}/radsecproxy.conf-example \

Line 0 Link Here

(-)files/patch-radsecproxy.conf-example (+25 lines)
	1	--- radsecproxy.conf-example.orig 2019-07-04 06:42:58 UTC
	2	+++ radsecproxy.conf-example
	3	@@ -1,4 +1,4 @@
	4	-# Master config file, must be in /usr/local/etc/radsecproxy or specified with -c option
	5	+# Master config file, /usr/local/etc/radsecproxy.conf or specified with -c option
	6	# All possible config options are listed below
	7
	8	# First you may define any global options, these are:
	9	@@ -91,12 +91,12 @@
	10	tls default {
	11	# You must specify at least one of CACertificateFile or CACertificatePath
	12	# for TLS to work. We always verify peer certificate (client and server)
	13	- # CACertificateFile /etc/cacerts/CA.pem
	14	- CACertificatePath /etc/cacerts
	15	+ # CACertificateFile /usr/local/etc/ssl/CA.pem
	16	+ CACertificatePath /usr/local/etc/ssl/cacerts
	17
	18	# You must specify the below for TLS, we always present our certificate
	19	- CertificateFile /etc/hostcertkey/host.example.com.pem
	20	- CertificateKeyFile /etc/hostcertkey/host.example.com.key.pem
	21	+ CertificateFile /usr/local/etc/ssl/host.example.com.pem
	22	+ CertificateKeyFile /usr/local/etc/ssl/host.example.com.key.pem
	23	# Optionally specify password if key is encrypted (not very secure)
	24	CertificateKeyPassword "follow the white rabbit"
	25	# Optionally enable CRL checking