Bug 129996 - [maintainer update] update net/freeradius2 to 2.1.3, unbreak by working round autoconf 2.62 regression
Summary: [maintainer update] update net/freeradius2 to 2.1.3, unbreak by working round...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Martin Wilke
Depends on:
Reported: 2008-12-28 17:00 UTC by David Wood
Modified: 2008-12-28 18:00 UTC (History)
0 users

See Also:

file.diff (15.71 KB, patch)
2008-12-28 17:00 UTC, David Wood
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description David Wood 2008-12-28 17:00:03 UTC
Note: The port does not install dialup-admin, so
CVE-2008-4474, which is mentioned in the 2.1.2 release notes,
does not apply.

FreeBSD notes

Unbreak - whilst marked as broken only on 6.x, the port was
broken on all supported versions following the autoconf
2.61->2.62 upgrade.

autoconf is used for the main program and for many of the
modules via AC_CONFIG_SUBDIRS. The autoconf 2.61->2.62 upgrade
caused a regression with AC_CONFIG_SUBDIRS - $host is not set
when running configure in a subdirectory, as seen in
config.log, though $build is set.

s/$host/$build/g in files/patch-pthread works round this
problem and unbreaks the port. However, I regard this as a
bodge; $host is about the target system whilst $build is about
the (possibly unrelated) build system. Until the root cause of
the problem with autoconf is understood and fixed (I'm unclear
whether it is to do with the changes in autoconf 2.62 or the
FreeBSD autoconf 2.62 port), at least this makes the port

Now that radmin and the other 2.1.x changes have had time to
stabilise, it is time to upgrade the port to 2.1.x. The
obsolete and rather broken (especially on 64 bit machines)
SNMP support has been removed; radmin(8) takes its place.

There is experimental support for SNMP via a Perl program that
uses the radmin interface, but this program is not yet able to
daemonise. When daemon support is added, I will add an rc.d
script for the SNMP program.

The port no longer installs an unnecessary

Release notes


Feature improvements
* Clients may now be defined dynamically, based on IP address.
  See raddb/sites-available/dynamic-clients.
* SNMP support is now available through an experimental Perl
  script.  See scripts/snmp-proxy/README
* SNMP statistics are available through Status-Server packets.
  See raddb/sites-available/status
* Added more Microsoft attributes from bug #568.
* The "linelog" module has more functionality and flexibility.
  See raddb/modules/linelog.
* The debugging output has been sanitized.  It should be much
  more readable.
* Debug logs can now be turned on/off while the server is
  running, for a user, group, realm, etc.  See the "log" section
  of radiusd.conf.
* Added support for WiMAX Forum attributes.  The dynamic keys
  are not yet calculated.  See share/dictionary.wimax
* Added session resumption for PEAP and TTLS.
  See raddb/eap.conf, "cache" sub-section.
* Added "radmin" command-line tool for administering a running
  See "man radmin" and raddb/sites-available/control-socket.

Bug fixes
* Double escaping of '\\' in the "users" (and some other) files
  has been fixed.  If you have '\\' in the "users" file, your
* Parse "security" section in radiusd.conf.  This was
  accidentally deleted in 2.0.5.  Closes bug #566.	
* Bind to interface before IP, which allows DHCP sockets to
  listen on "*" for multiple interfaces.
* Fix handling of giaddr in DHCP responses.
* Corrected parsing of status_check in home_server so that it
* Fix hints so that "Puser" works again.
* Removed length restrictions on attribute names in the
* Update socket code to avoid C compiler optimizations.

Feature improvements
* Many more options and features in radmin.  See "man radmin" and
* Many more commands available via the control socket.  Connect
  via "radmin", and type "help" for more information.
* Added dictionary.networkphysics and dictionary.lancom.
* Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.

Bug fixes
* Fixed bug that made radmin not work
* Fixed Suse && Debian package scripts
* Fixed issues with dynamic clients
* Fixed configure checks for -lreadline
* rlm_sqlippool no longer needs to be linked to rlm_sql.
* Add statistics for detail file listeners.  This closes bug #593.
* Fixed printing of some WiMAX attributes.
* Fix double free on exit() in rlm_attr_filter
* Fixed build issues on Solaris.
* Fixed fast session resumption for EAP-TLS

Feature Improvements:
* Allow running with "user=radiusd" and binding to secure sockets.
* Start sending Status-Server "are you alive" messages earlier, which
  helps with proxying multiple realms to a home server.
* Removed thread pool code from rlm_perl.  It's not necessary.
* Added example Perl configuration to raddb/modules/perl
* Force OpenSSL to support certificates with SHA256. This seems to be
  necessary for WiMAX certs.

Bug fixes:
* Fix Debian patch to allow it to build.
* Fix potential NULL dereference in debugging mode on certain
  platforms for TTLS and PEAP inner tunnels.
* Fix uninitialized memory in handling of vendor definitions
* Fix parsing of quoted (but non-string) attributes in the "users" file.
* Initialize uknown NAS IP to, rather than
* use SUN_LEN in control socket, to avoid truncation on some platforms.
* Correct internal handling of "debug condition" to prevent it from
  being over-written.
* Check return code of regcomp in "unlang", so that invalid regular
  expressions are caught rather than mishandled.
* Make rlm_sql use <ltdl.h>.  Addresses bug #610.
* Document list "type = status" better.  Closes bug #580.
* Set "default days" for certificates, because OpenSSL won't do it.
  This closes bug #615.
* Reference correct list in example raddb/modules/ldap. Closes #596.
* Increase default schema size for Acct-Session-Id to 64. Closes #540.
* Fix use of temporary files in dialup-admin.  Closes #605 and
  addresses CVE-2008-4474.
* Addressed a number of minor issues found by Coverity.
* Added DHCP option 150 to the dictionary.  Closes #618.


2.1.3 is a repackaging of 2.1.2 with no other changes.


files/patch-config-security has been deleted.

No files have been added.

Fix: Patch attached with submission follows:
Comment 1 Martin Wilke freebsd_committer 2008-12-28 17:24:04 UTC
Responsible Changed
From-To: freebsd-ports-bugs->miwi

I'll take it.
Comment 2 Martin Wilke freebsd_committer 2008-12-28 17:56:11 UTC
State Changed
From-To: open->closed

Committed. Thanks!
Comment 3 dfilter service freebsd_committer 2008-12-28 17:56:12 UTC
miwi        2008-12-28 17:55:58 UTC

  FreeBSD ports repository

  Modified files:
    net/freeradius2      Makefile distinfo pkg-plist 
    net/freeradius2/files patch-pthread 
  Removed files:
    net/freeradius2/files patch-config-security 
  - Update to 2.1.3
  PR:             129996
  Submitted by:   David Wood <david@wood2.org.uk> (maintainer)
  Revision  Changes    Path
  1.74      +26 -10    ports/net/freeradius2/Makefile
  1.27      +3 -3      ports/net/freeradius2/distinfo
  1.2       +0 -11     ports/net/freeradius2/files/patch-config-security (dead)
  1.4       +8 -8      ports/net/freeradius2/files/patch-pthread
  1.37      +56 -18    ports/net/freeradius2/pkg-plist
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"