Received: by mail.netbsd.org (Postfix, from userid 605) id 355C384D75; Wed, 11 Sep 2019 11:51:24 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id AEE3884D78 for ; Wed, 11 Sep 2019 11:51:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id PsVGL2ZnF3E6 for ; Wed, 11 Sep 2019 11:51:22 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id DE63684CE3 for ; Wed, 11 Sep 2019 11:51:22 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id D8FCFFBF4; Wed, 11 Sep 2019 11:51:22 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1568202682114810" MIME-Version: 1.0 Date: Wed, 11 Sep 2019 11:51:22 +0000 From: "Havard Eidnes" Subject: CVS commit: pkgsrc/net/radsecproxy To: pkgsrc-changes@NetBSD.org Reply-To: he@netbsd.org X-Mailer: log_accum Message-Id: <20190911115122.D8FCFFBF4@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1568202682114810 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: he Date: Wed Sep 11 11:51:22 UTC 2019 Modified Files: pkgsrc/net/radsecproxy: Makefile PLIST distinfo Log Message: Update radsecproxy to version 1.8.0. Pkgsrc changes: * The hosting of radsecproxy has changed to github.com. * Add dependency on nettle. * Update LICENSE, now only modified-bsd. * Use gmake to build to avoid a couple of warnings. * Relinquish exclusive maintainership. Upstream changes: 20190704 1.8.0 New features: - Rewrite: supplement attribute (add attribute if not present) (#19) - Rewrite: modify vendor attribute - Rewrite whitelist mode - Autodetect status-server capability of servers - Minimalistic status-server - Explicit SubjectAltName:DNS and :IP match on certificates Misc: - No longer require docbook2x tools, but include plain manpages - Fail on startup if overlapping clients with different tls blocks Compile fixes: - Fix compile issues on bsd Bug fixes: - Handle %00 in config correctly (#31) - Fix server selection when udp were unreachable for long periods 2018-09-03 1.7.2 Misc: - Always copy proxy-state attributes in own responses - Authenticate own access-reject responses - Retry outstanding requests after connection reset Compile fixes: - Fix compile issues on some platforms (#14) - Fix compile issue when dtls disabled (#16) - Fix compile issue on Cygwin (#18) - Fix radsecproxy.conf manpage not installed when docbook2x not available Bug fixes: - Fix request might be dropped if udp client uses multiple source ports - Fix tls output might drop requests under high load - Check for IP literals in Certificate SubjectAltName:DNS records - Fix tls connection might hang during SSL_connect and SSL_accept 2018-07-05 1.7.1 License and copyright changes: - Copyright SWITCH - 3-clause BSD license only, no GPL. Enhancements: - Support the use of OpenSSL version 1.1 and 1.0 series (RADSECPROXY-66, RADSECPROXY-74). - Reload TLS certificate CRLs on SIGHUP (RADSECPROXY-78). - Make use of SO_KEEPALIVE for tcp sockets (RADSECPROXY-12). - Optionally include the thread-id in log messages - Allow hashing MAC addresses in the log (same as for F-Ticks) - Log certificate subject if rejected - Log own responses (RADSECPROXY-61) - Allow f-ticks prefix to be configured - radsecproxy-hash: allow MAC addresses to be passed on command line Misc: - libnettle is now an unconditional dependency. - FTicks support is now on by default and not optional. - Experimental code for dynamic discovery has been removed. - Replace several server status bits with a single state enum. (RADSECPROXY-71) - Use poll instead of select to allow > 1000 concurrent connections. - Implement locking for all SSL objects (openssl states it is not thread-safe) - Rework DTLS code. Bug fixes: - Detect the presence of docbook2x-man correctly. - Make clang less unhappy. - Don't use a smaller pthread stack size than what's allowed. - Avoid a deadlock situation with dynamic servers (RADSECPROXY-73). - Don't forget about good dynamically discovered (TLS) connections (RADSECPROXY-69). - Fix refcounting in error cases when loading configuration (RADSECPROXY-42) - Fix potential crash when rewriting malformed vendor attributes. - Properly cleanup expired requests from server output-queue. - Fix crash when dynamic discovered server doesn't resolve. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/radsecproxy/Makefile cvs rdiff -u -r1.1 -r1.2 pkgsrc/net/radsecproxy/PLIST cvs rdiff -u -r1.3 -r1.4 pkgsrc/net/radsecproxy/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1568202682114810 Content-Disposition: inline Content-Length: 2798 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/net/radsecproxy/Makefile diff -u pkgsrc/net/radsecproxy/Makefile:1.5 pkgsrc/net/radsecproxy/Makefile:1.6 --- pkgsrc/net/radsecproxy/Makefile:1.5 Thu Aug 3 11:30:45 2017 +++ pkgsrc/net/radsecproxy/Makefile Wed Sep 11 11:51:22 2019 @@ -1,14 +1,17 @@ -# $NetBSD: Makefile,v 1.5 2017/08/03 11:30:45 he Exp $ +# $NetBSD: Makefile,v 1.6 2019/09/11 11:51:22 he Exp $ -DISTNAME= radsecproxy-1.6.9 +VERSION= 1.8.0 +DISTNAME= radsecproxy-${VERSION} CATEGORIES= net -MASTER_SITES= https://software.nordu.net/radsecproxy/ +MASTER_SITES= ${MASTER_SITE_GITHUB:=radsecproxy/} -MAINTAINER= he@NetBSD.org +MAINTAINER= pkgsrc-users@NetBSD.org COMMENT= Secure radius proxy -HOMEPAGE= https://software.nordu.net/radsecproxy/download/ -EXTRACT_SUFX= .tar.xz -LICENSE= gnu-gpl-v2 OR modified-bsd +HOMEPAGE= https://radsecproxy.github.io/ +GITHUB_RELEASE= ${VERSION} +LICENSE= modified-bsd + +USE_TOOLS+= gmake GNU_CONFIGURE= YES CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFBASEDIR:Q} @@ -25,4 +28,5 @@ post-install: ${DESTDIR}${EGDIR}/${CONF} .include "../../security/openssl/buildlink3.mk" +.include "../../security/nettle/buildlink3.mk" .include "../../mk/bsd.pkg.mk" Index: pkgsrc/net/radsecproxy/PLIST diff -u pkgsrc/net/radsecproxy/PLIST:1.1 pkgsrc/net/radsecproxy/PLIST:1.2 --- pkgsrc/net/radsecproxy/PLIST:1.1 Tue Jan 20 08:17:09 2015 +++ pkgsrc/net/radsecproxy/PLIST Wed Sep 11 11:51:22 2019 @@ -1,5 +1,6 @@ -@comment $NetBSD: PLIST,v 1.1 2015/01/20 08:17:09 he Exp $ +@comment $NetBSD: PLIST,v 1.2 2019/09/11 11:51:22 he Exp $ bin/radsecproxy-conf +bin/radsecproxy-hash man/man1/radsecproxy-hash.1 man/man1/radsecproxy.1 man/man5/radsecproxy.conf.5 Index: pkgsrc/net/radsecproxy/distinfo diff -u pkgsrc/net/radsecproxy/distinfo:1.3 pkgsrc/net/radsecproxy/distinfo:1.4 --- pkgsrc/net/radsecproxy/distinfo:1.3 Thu Aug 3 11:30:45 2017 +++ pkgsrc/net/radsecproxy/distinfo Wed Sep 11 11:51:22 2019 @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.3 2017/08/03 11:30:45 he Exp $ +$NetBSD: distinfo,v 1.4 2019/09/11 11:51:22 he Exp $ -SHA1 (radsecproxy-1.6.9.tar.xz) = 4b61c446a3dfc7220ad379cd1919dddb33a61a2a -RMD160 (radsecproxy-1.6.9.tar.xz) = 4a855970bbeb9262175c9d7a09be00b8da403761 -SHA512 (radsecproxy-1.6.9.tar.xz) = 89bb8d4903aa6525bc7e652809f9022643a58f9ca40277982c3cb2a08051f0ba9290432ca1e1fa4550b859913347ba6c45a256620cdce9869faa3cf5bd175951 -Size (radsecproxy-1.6.9.tar.xz) = 160336 bytes +SHA1 (radsecproxy-1.8.0.tar.gz) = c460e4f59d78264a364ca3810df0c0441f319de2 +RMD160 (radsecproxy-1.8.0.tar.gz) = 2cdfcf06a28362155c6ac4562f7bc004fbba907e +SHA512 (radsecproxy-1.8.0.tar.gz) = 91a3bb60cb3d03fac4a789eca9d4e87512ae36f44c7eeee35a3766b60d57b0425ecabade56db52696727d864986f88a9d8fa26ca0ea2ac699abecda53a1e6a1a +Size (radsecproxy-1.8.0.tar.gz) = 326176 bytes --_----------=_1568202682114810--