From 063c2679296aee9b1f7aa909b062e4b75684ee41 Mon Sep 17 00:00:00 2001 From: he Date: Wed, 11 Sep 2019 11:51:22 +0000 Subject: [PATCH] Update radsecproxy to version 1.8.0. Pkgsrc changes: * The hosting of radsecproxy has changed to github.com. * Add dependency on nettle. * Update LICENSE, now only modified-bsd. * Use gmake to build to avoid a couple of warnings. * Relinquish exclusive maintainership. Upstream changes: 20190704 1.8.0 New features: - Rewrite: supplement attribute (add attribute if not present) (#19) - Rewrite: modify vendor attribute - Rewrite whitelist mode - Autodetect status-server capability of servers - Minimalistic status-server - Explicit SubjectAltName:DNS and :IP match on certificates Misc: - No longer require docbook2x tools, but include plain manpages - Fail on startup if overlapping clients with different tls blocks Compile fixes: - Fix compile issues on bsd Bug fixes: - Handle %00 in config correctly (#31) - Fix server selection when udp were unreachable for long periods 2018-09-03 1.7.2 Misc: - Always copy proxy-state attributes in own responses - Authenticate own access-reject responses - Retry outstanding requests after connection reset Compile fixes: - Fix compile issues on some platforms (#14) - Fix compile issue when dtls disabled (#16) - Fix compile issue on Cygwin (#18) - Fix radsecproxy.conf manpage not installed when docbook2x not available Bug fixes: - Fix request might be dropped if udp client uses multiple source ports - Fix tls output might drop requests under high load - Check for IP literals in Certificate SubjectAltName:DNS records - Fix tls connection might hang during SSL_connect and SSL_accept 2018-07-05 1.7.1 License and copyright changes: - Copyright SWITCH - 3-clause BSD license only, no GPL. Enhancements: - Support the use of OpenSSL version 1.1 and 1.0 series (RADSECPROXY-66, RADSECPROXY-74). - Reload TLS certificate CRLs on SIGHUP (RADSECPROXY-78). - Make use of SO_KEEPALIVE for tcp sockets (RADSECPROXY-12). - Optionally include the thread-id in log messages - Allow hashing MAC addresses in the log (same as for F-Ticks) - Log certificate subject if rejected - Log own responses (RADSECPROXY-61) - Allow f-ticks prefix to be configured - radsecproxy-hash: allow MAC addresses to be passed on command line Misc: - libnettle is now an unconditional dependency. - FTicks support is now on by default and not optional. - Experimental code for dynamic discovery has been removed. - Replace several server status bits with a single state enum. (RADSECPROXY-71) - Use poll instead of select to allow > 1000 concurrent connections. - Implement locking for all SSL objects (openssl states it is not thread-safe) - Rework DTLS code. Bug fixes: - Detect the presence of docbook2x-man correctly. - Make clang less unhappy. - Don't use a smaller pthread stack size than what's allowed. - Avoid a deadlock situation with dynamic servers (RADSECPROXY-73). - Don't forget about good dynamically discovered (TLS) connections (RADSECPROXY-69). - Fix refcounting in error cases when loading configuration (RADSECPROXY-42) - Fix potential crash when rewriting malformed vendor attributes. - Properly cleanup expired requests from server output-queue. - Fix crash when dynamic discovered server doesn't resolve. --- net/radsecproxy/Makefile | 18 +++++++++++------- net/radsecproxy/PLIST | 3 ++- net/radsecproxy/distinfo | 10 +++++----- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/net/radsecproxy/Makefile b/net/radsecproxy/Makefile index c0b0262c43ea..c2277bf17102 100644 --- a/net/radsecproxy/Makefile +++ b/net/radsecproxy/Makefile @@ -1,14 +1,17 @@ -# $NetBSD: Makefile,v 1.5 2017/08/03 11:30:45 he Exp $ +# $NetBSD: Makefile,v 1.6 2019/09/11 11:51:22 he Exp $ -DISTNAME= radsecproxy-1.6.9 +VERSION= 1.8.0 +DISTNAME= radsecproxy-${VERSION} CATEGORIES= net -MASTER_SITES= https://software.nordu.net/radsecproxy/ +MASTER_SITES= ${MASTER_SITE_GITHUB:=radsecproxy/} -MAINTAINER= he@NetBSD.org +MAINTAINER= pkgsrc-users@NetBSD.org COMMENT= Secure radius proxy -HOMEPAGE= https://software.nordu.net/radsecproxy/download/ -EXTRACT_SUFX= .tar.xz -LICENSE= gnu-gpl-v2 OR modified-bsd +HOMEPAGE= https://radsecproxy.github.io/ +GITHUB_RELEASE= ${VERSION} +LICENSE= modified-bsd + +USE_TOOLS+= gmake GNU_CONFIGURE= YES CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASEDIR:Q} @@ -25,4 +28,5 @@ post-install: ${DESTDIR}${EGDIR}/${CONF} .include "../../security/openssl/buildlink3.mk" +.include "../../security/nettle/buildlink3.mk" .include "../../mk/bsd.pkg.mk" diff --git a/net/radsecproxy/PLIST b/net/radsecproxy/PLIST index 859a87487391..4519efe229a5 100644 --- a/net/radsecproxy/PLIST +++ b/net/radsecproxy/PLIST @@ -1,5 +1,6 @@ -@comment $NetBSD: PLIST,v 1.1 2015/01/20 08:17:09 he Exp $ +@comment $NetBSD: PLIST,v 1.2 2019/09/11 11:51:22 he Exp $ bin/radsecproxy-conf +bin/radsecproxy-hash man/man1/radsecproxy-hash.1 man/man1/radsecproxy.1 man/man5/radsecproxy.conf.5 diff --git a/net/radsecproxy/distinfo b/net/radsecproxy/distinfo index 51aad731b101..84008d411b46 100644 --- a/net/radsecproxy/distinfo +++ b/net/radsecproxy/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.3 2017/08/03 11:30:45 he Exp $ +$NetBSD: distinfo,v 1.4 2019/09/11 11:51:22 he Exp $ -SHA1 (radsecproxy-1.6.9.tar.xz) = 4b61c446a3dfc7220ad379cd1919dddb33a61a2a -RMD160 (radsecproxy-1.6.9.tar.xz) = 4a855970bbeb9262175c9d7a09be00b8da403761 -SHA512 (radsecproxy-1.6.9.tar.xz) = 89bb8d4903aa6525bc7e652809f9022643a58f9ca40277982c3cb2a08051f0ba9290432ca1e1fa4550b859913347ba6c45a256620cdce9869faa3cf5bd175951 -Size (radsecproxy-1.6.9.tar.xz) = 160336 bytes +SHA1 (radsecproxy-1.8.0.tar.gz) = c460e4f59d78264a364ca3810df0c0441f319de2 +RMD160 (radsecproxy-1.8.0.tar.gz) = 2cdfcf06a28362155c6ac4562f7bc004fbba907e +SHA512 (radsecproxy-1.8.0.tar.gz) = 91a3bb60cb3d03fac4a789eca9d4e87512ae36f44c7eeee35a3766b60d57b0425ecabade56db52696727d864986f88a9d8fa26ca0ea2ac699abecda53a1e6a1a +Size (radsecproxy-1.8.0.tar.gz) = 326176 bytes