Bug 259332 - net/pyrad: Update to 2.4
Summary: net/pyrad: Update to 2.4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Kai Knoblich
URL: https://github.com/pyradius/pyrad/rel...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-10-21 09:10 UTC by Gian-Simon Purkert
Modified: 2021-11-05 21:43 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (steve)
kai: merge-quarterly+


Attachments
Update to 2.4 (1.23 KB, patch)
2021-10-21 09:10 UTC, Gian-Simon Purkert
no flags Details | Diff
Update to 2.4 (1.40 KB, patch)
2021-10-21 09:16 UTC, Gian-Simon Purkert
no flags Details | Diff
pyrad-2.4-revised.patch (1.88 KB, patch)
2021-11-05 08:01 UTC, Kai Knoblich
kai: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Gian-Simon Purkert 2021-10-21 09:10:23 UTC
Created attachment 228913 [details]
Update to 2.4

Removed the Example option since there is no example anymore in the package.

2.4

    Support poetry for for building this project

    Use secrets.SysRandom instead of random.SystemRandom if possible

    .get on Packets has an optional default parameter (to mimic dict.get())

    Fix: digestmod is not optional in python3.8 anymore

    Fix: authenticator was refreshed before the packet was generated

    Fix bug causing Message-Authenticator verification to fail if
    multiple instances of an attribute do not appear sequentially in
    the attributes list

    Fixed #140 VerifyReply broken when multiple instances of same attribute are
    not adjacent on reply

    Fixed #135 Missing send_packet for async Client

    Fixed #126 python3 support for SaltCrypt
    (was previously broken)

https://github.com/pyradius/pyrad/releases/tag/2.4
Comment 1 Gian-Simon Purkert 2021-10-21 09:16:11 UTC
Created attachment 228915 [details]
Update to 2.4

Add license BSD3CLAUSE:

https://pypi.org/project/pyrad/2.4/#history
License: BSD License (BSD)

https://github.com/pyradius/pyrad/blob/master/LICENSE.txt
Comment 2 Kai Knoblich freebsd_committer freebsd_triage 2021-10-21 18:10:40 UTC
Thank you for the patch, Gian-Simon!  A few items for review:

* The "setup.py" has "install_requires=['six', 'netaddr']", so "RUN_DEPENDS" needs to be added and set accordingly.  (Just loading the Python module via "import pyrad" doesn't cause any errors without those dependencies).

* Adding a "do-test" target will improve future QA and can catch issues with missing or incompatible dependencies.

* The examples files that are installed via the EXAMPLES options are still present in the upstream repository but aren't added to the sdist package. Switching to USE_GITHUB for a while until upstream re-add the examples to the sdist should fix this.  In that case LICENSE_FILE can be used as well, because the license file isn't available in the sdist, yet.


For the case, if the EXAMPLES option should stay (which I would prefer, IMHO):

* The install target for the EXAMPLES option can be modernized via "post-install-EXAMPLES-on".

* Add "concurrent" to "USE_PYTHON" to make the package concurrent safe, as it installs the example files to $PREFIX/share/examples/pyXX-pyrad" (= XX Python flavor) instead $PREFIX/share/examples/pyrad"


Would you like to update your patch and add the above items? If not, it's not a problem either, in this case I'd add the items before committing the update.
Comment 3 Kai Knoblich freebsd_committer freebsd_triage 2021-11-05 08:01:09 UTC
Created attachment 229284 [details]
pyrad-2.4-revised.patch

Attached is a revised patch is based on the original submitted patch and contains the items noted in comment #2.

We need to MFH the 2.4 release due two reasons:

- Releases prior 2.1 are vulnerable to two security issues.
- The 2.0 release which is currently in the Ports tree has missing dependencies (= devel/py-six).  This was discovered via the test suite.

Also setting the maintainer-approval flag to '+' due maintainer's timeout.
Comment 4 commit-hook freebsd_committer freebsd_triage 2021-11-05 08:38:08 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=81389bf63ec797a6797a05a10fab6a958a281da5

commit 81389bf63ec797a6797a05a10fab6a958a281da5
Author:     Kai Knoblich <kai@FreeBSD.org>
AuthorDate: 2021-11-05 08:17:59 +0000
Commit:     Kai Knoblich <kai@FreeBSD.org>
CommitDate: 2021-11-05 08:35:57 +0000

    net/pyrad: Update to 2.4 [1]

    While I'm here:

    * Switch to GitHub for a while to keep the EXAMPLES option as the
      useful examples aren't included with the sdist at the moment.

    * Make package concurrent safe due to the example files that are
      installed outside of Python's site-lib directory.

    * Convert to option helpers.

    * Add "do-test" target to make future QA easier.

    PR:             259332
    Reported by:    Gian-Simon Purkert [1]
    Approved by:    maintainer timeout (14+ days)
    MFH:            2021Q4
    Security:       17702e54-3da0-11ec-b7e0-3085a9a95629

 net/pyrad/Makefile | 28 +++++++++++++++++++---------
 net/pyrad/distinfo |  5 +++--
 2 files changed, 22 insertions(+), 11 deletions(-)
Comment 5 commit-hook freebsd_committer freebsd_triage 2021-11-05 08:38:09 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5966fe85979f7dfba254e49a747714c2c8f223af

commit 5966fe85979f7dfba254e49a747714c2c8f223af
Author:     Kai Knoblich <kai@FreeBSD.org>
AuthorDate: 2021-11-05 08:13:03 +0000
Commit:     Kai Knoblich <kai@FreeBSD.org>
CommitDate: 2021-11-05 08:35:56 +0000

    security/vuxml: Document net/pyrad security issues

    PR:             259332

 security/vuxml/vuln-2021.xml | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
Comment 6 commit-hook freebsd_committer freebsd_triage 2021-11-05 08:39:11 UTC
A commit in branch 2021Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=5c79c2115ff436077bd3d86f7ec5867481f73fa0

commit 5c79c2115ff436077bd3d86f7ec5867481f73fa0
Author:     Kai Knoblich <kai@FreeBSD.org>
AuthorDate: 2021-11-05 08:17:59 +0000
Commit:     Kai Knoblich <kai@FreeBSD.org>
CommitDate: 2021-11-05 08:38:30 +0000

    net/pyrad: Update to 2.4 [1]

    While I'm here:

    * Switch to GitHub for a while to keep the EXAMPLES option as the
      useful examples aren't included with the sdist at the moment.

    * Make package concurrent safe due to the example files that are
      installed outside of Python's site-lib directory.

    * Convert to option helpers.

    * Add "do-test" target to make future QA easier.

    PR:             259332
    Reported by:    Gian-Simon Purkert [1]
    Approved by:    maintainer timeout (14+ days)
    MFH:            2021Q4
    Security:       17702e54-3da0-11ec-b7e0-3085a9a95629

    (cherry picked from commit 81389bf63ec797a6797a05a10fab6a958a281da5)

 net/pyrad/Makefile | 28 +++++++++++++++++++---------
 net/pyrad/distinfo |  5 +++--
 2 files changed, 22 insertions(+), 11 deletions(-)
Comment 7 Kai Knoblich freebsd_committer freebsd_triage 2021-11-05 08:44:41 UTC
Committed and MFH'ed, all done!  Thank you, Gian-Simon, for the initial patches!
Comment 8 Gian-Simon Purkert 2021-11-05 21:43:57 UTC
(In reply to Kai Knoblich from comment #7)

Thank you Kai for the fixes and the fast commit.