Created attachment 228913 [details] Update to 2.4 Removed the Example option since there is no example anymore in the package. 2.4 Support poetry for for building this project Use secrets.SysRandom instead of random.SystemRandom if possible .get on Packets has an optional default parameter (to mimic dict.get()) Fix: digestmod is not optional in python3.8 anymore Fix: authenticator was refreshed before the packet was generated Fix bug causing Message-Authenticator verification to fail if multiple instances of an attribute do not appear sequentially in the attributes list Fixed #140 VerifyReply broken when multiple instances of same attribute are not adjacent on reply Fixed #135 Missing send_packet for async Client Fixed #126 python3 support for SaltCrypt (was previously broken) https://github.com/pyradius/pyrad/releases/tag/2.4
Created attachment 228915 [details] Update to 2.4 Add license BSD3CLAUSE: https://pypi.org/project/pyrad/2.4/#history License: BSD License (BSD) https://github.com/pyradius/pyrad/blob/master/LICENSE.txt
Thank you for the patch, Gian-Simon! A few items for review: * The "setup.py" has "install_requires=['six', 'netaddr']", so "RUN_DEPENDS" needs to be added and set accordingly. (Just loading the Python module via "import pyrad" doesn't cause any errors without those dependencies). * Adding a "do-test" target will improve future QA and can catch issues with missing or incompatible dependencies. * The examples files that are installed via the EXAMPLES options are still present in the upstream repository but aren't added to the sdist package. Switching to USE_GITHUB for a while until upstream re-add the examples to the sdist should fix this. In that case LICENSE_FILE can be used as well, because the license file isn't available in the sdist, yet. For the case, if the EXAMPLES option should stay (which I would prefer, IMHO): * The install target for the EXAMPLES option can be modernized via "post-install-EXAMPLES-on". * Add "concurrent" to "USE_PYTHON" to make the package concurrent safe, as it installs the example files to $PREFIX/share/examples/pyXX-pyrad" (= XX Python flavor) instead $PREFIX/share/examples/pyrad" Would you like to update your patch and add the above items? If not, it's not a problem either, in this case I'd add the items before committing the update.
Created attachment 229284 [details] pyrad-2.4-revised.patch Attached is a revised patch is based on the original submitted patch and contains the items noted in comment #2. We need to MFH the 2.4 release due two reasons: - Releases prior 2.1 are vulnerable to two security issues. - The 2.0 release which is currently in the Ports tree has missing dependencies (= devel/py-six). This was discovered via the test suite. Also setting the maintainer-approval flag to '+' due maintainer's timeout.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=81389bf63ec797a6797a05a10fab6a958a281da5 commit 81389bf63ec797a6797a05a10fab6a958a281da5 Author: Kai Knoblich <kai@FreeBSD.org> AuthorDate: 2021-11-05 08:17:59 +0000 Commit: Kai Knoblich <kai@FreeBSD.org> CommitDate: 2021-11-05 08:35:57 +0000 net/pyrad: Update to 2.4 [1] While I'm here: * Switch to GitHub for a while to keep the EXAMPLES option as the useful examples aren't included with the sdist at the moment. * Make package concurrent safe due to the example files that are installed outside of Python's site-lib directory. * Convert to option helpers. * Add "do-test" target to make future QA easier. PR: 259332 Reported by: Gian-Simon Purkert [1] Approved by: maintainer timeout (14+ days) MFH: 2021Q4 Security: 17702e54-3da0-11ec-b7e0-3085a9a95629 net/pyrad/Makefile | 28 +++++++++++++++++++--------- net/pyrad/distinfo | 5 +++-- 2 files changed, 22 insertions(+), 11 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=5966fe85979f7dfba254e49a747714c2c8f223af commit 5966fe85979f7dfba254e49a747714c2c8f223af Author: Kai Knoblich <kai@FreeBSD.org> AuthorDate: 2021-11-05 08:13:03 +0000 Commit: Kai Knoblich <kai@FreeBSD.org> CommitDate: 2021-11-05 08:35:56 +0000 security/vuxml: Document net/pyrad security issues PR: 259332 security/vuxml/vuln-2021.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+)
A commit in branch 2021Q4 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=5c79c2115ff436077bd3d86f7ec5867481f73fa0 commit 5c79c2115ff436077bd3d86f7ec5867481f73fa0 Author: Kai Knoblich <kai@FreeBSD.org> AuthorDate: 2021-11-05 08:17:59 +0000 Commit: Kai Knoblich <kai@FreeBSD.org> CommitDate: 2021-11-05 08:38:30 +0000 net/pyrad: Update to 2.4 [1] While I'm here: * Switch to GitHub for a while to keep the EXAMPLES option as the useful examples aren't included with the sdist at the moment. * Make package concurrent safe due to the example files that are installed outside of Python's site-lib directory. * Convert to option helpers. * Add "do-test" target to make future QA easier. PR: 259332 Reported by: Gian-Simon Purkert [1] Approved by: maintainer timeout (14+ days) MFH: 2021Q4 Security: 17702e54-3da0-11ec-b7e0-3085a9a95629 (cherry picked from commit 81389bf63ec797a6797a05a10fab6a958a281da5) net/pyrad/Makefile | 28 +++++++++++++++++++--------- net/pyrad/distinfo | 5 +++-- 2 files changed, 22 insertions(+), 11 deletions(-)
Committed and MFH'ed, all done! Thank you, Gian-Simon, for the initial patches!
(In reply to Kai Knoblich from comment #7) Thank you Kai for the fixes and the fast commit.