Revision: 6747
http://ipcop.svn.sourceforge.net/ipcop/?rev=6747&view=rev
Author: gespinasse
Date: 2012-08-05 07:55:13 +0000 (Sun, 05 Aug 2012)
Log Message:
-----------
Fix radiusplugin compilation that was not optimized, so fortify did not apply.
Add a batch of patches, one home made to have a better compilation log, the
other taken from CVS.
Not all are applied yet as some don't apply as is.
We have v2.1, a later v2.1abeta1 exist.
Unsure we should not switch to v2.1beta1 and apply any cvs patches from that
point.
There is no tag on CVS tree, commit log are often empty, so there is no much
fun here.
Modified Paths:
--------------
ipcop/trunk/lfs/radiusplugin
ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0
ipcop/trunk/updates/2.1.0/information.xml
Added Paths:
-----------
ipcop/trunk/src/patches/radiusplugin_cvs_Makefile.patch
ipcop/trunk/src/patches/radiusplugin_fix-fd-leak.patch
ipcop/trunk/src/patches/radiusplugin_libgcrypt-init.patch
ipcop/trunk/src/patches/radiusplugin_no-username.patch
ipcop/trunk/src/patches/radiusplugin_non-standard-port.patch
ipcop/trunk/src/patches/radiusplugin_unused.patch
Modified: ipcop/trunk/lfs/radiusplugin
===================================================================
--- ipcop/trunk/lfs/radiusplugin 2012-08-05 07:10:22 UTC (rev 6746)
+++ ipcop/trunk/lfs/radiusplugin 2012-08-05 07:55:13 UTC (rev 6747)
@@ -83,8 +83,21 @@
# unpacks into radiusplugin directory, not in radiusplugin_v2.1
@rm -rf $(DIR_SRC)/radiusplugin $(DIR_APP) && cd $(DIR_SRC) && tar zxf
$(DIR_DL)/$(DL_FILE)
mv $(DIR_SRC)/radiusplugin $(DIR_APP)
+ # debian package name is openvpn-auth-radius
http://patch-tracker.debian.org/package/openvpn-auth-radius
+ # Only had the fix-fd-leak.patch
- cd $(DIR_APP) && make
+ # To allow using defined CFLAGS as FORTIFY did not apply without
optimization, send upstream, will see
+ cd $(DIR_APP) && patch -p0 -i
$(DIR_PATCHES)/$(PKG_NAME)_cvs_Makefile.patch
+
+ # cherry-picked from CVS
+ cd $(DIR_APP) && patch -p0 -i
$(DIR_PATCHES)/$(PKG_NAME)_non-standard-port.patch # CVS 2010-11-11 21:48
+ cd $(DIR_APP) && patch -p1 -i
$(DIR_PATCHES)/$(PKG_NAME)_fix-fd-leak.patch # CVS 2010-12-16 21:11
+ # not yet
+ #cd $(DIR_APP) && patch -p0 -i
$(DIR_PATCHES)/$(PKG_NAME)_no-username.patch # CVS 2011-05-14 06:02
+ #cd $(DIR_APP) && patch -p0 -i
$(DIR_PATCHES)/$(PKG_NAME)_libgcrypt-init.patch # CVS 2011-09-24 19:21
+ #cd $(DIR_APP) && patch -p0 -i $(DIR_PATCHES)/$(PKG_NAME)_unused.patch
# CVS 2011-11-26 08:38
+
+ cd $(DIR_APP) && make V=1
install -m 0655 $(DIR_APP)/radiusplugin.so /usr/lib/radiusplugin.so
@rm -rf $(DIR_APP)
Added: ipcop/trunk/src/patches/radiusplugin_cvs_Makefile.patch
===================================================================
--- ipcop/trunk/src/patches/radiusplugin_cvs_Makefile.patch
(rev 0)
+++ ipcop/trunk/src/patches/radiusplugin_cvs_Makefile.patch 2012-08-05
07:55:13 UTC (rev 6747)
@@ -0,0 +1,64 @@
+? cvs_Makefile.patch
+Index: Makefile
+===================================================================
+RCS file: /sources/radiusplugin/radiusplugin/Makefile,v
+retrieving revision 1.6
+diff -u -r1.6 Makefile
+--- Makefile 2 Sep 2010 11:00:16 -0000 1.6
++++ Makefile 4 Aug 2012 10:02:28 -0000
+@@ -1,18 +1,10 @@
+-BLUE =\033[20;36m
+-GREEN =\033[32m
+-RED =\033[31m
+-ESC =\033[0m
+-OK =[$(GREEN) Ok $(ESC)]
+-FAILED =[$(RED) failed $(ESC)]
+-
+-CC=g++
+-
+-
++CXX ?=g++
+
+ INCL=
+-LDFLAGS=
++
+ LIBS=-lgcrypt -lpthread
+-CFLAGS=-Wall -shared -fPIC -DPIC
++CXXFLAGS ?= -O2 -g
++CXXFLAGS +=-Wall -shared -fPIC -DPIC
+
+
+ PLUGIN=radiusplugin.so
+@@ -37,18 +29,27 @@
+ UserPlugin.o \
+ Config.o
+
++ifeq ($(V),1)
++Q=
++NQ=true
++else
++Q=@
++NQ=echo
++endif
++
+ all: $(PLUGIN)
+
+ $(PLUGIN): $(OBJECTS)
+- @echo -e 'BIN: $(GREEN) $(PLUGIN) $(ESC)'
+- @$(CC) $(CFLAGS) $(OBJECTS) -o $(PLUGIN) $(LDFLAGS) $(LIBS)
++ @$(NQ) 'CXXLD $@'
++ $(Q)$(CXX) $(CXXFLAGS) $(OBJECTS) -o $(PLUGIN) $(LDFLAGS) $(LIBS)
+
+ %.o: %.cpp
+- @echo -e 'OBJ: $(GREEN) $@ $(ESC)'
+- @$(CC) $(INCL) $(CFLAGS) -o $@ -c $<
++ @$(NQ) 'CXX $@'
++ $(Q)$(CXX) $(INCL) $(CXXFLAGS) -o $@ -c $<
+
+ test: $(OBJECTS)
+- @$(CC) -Wall $(OBJECTS) -o main $(LDFLAGS) $(LIBS)
++ @$(NQ) 'CXX $@'
++ $(Q)$(CXX) -Wall $(OBJECTS) -o main $(LDFLAGS) $(LIBS)
+
+ clean:
+ -rm $(PLUGIN) *.o */*.o
Added: ipcop/trunk/src/patches/radiusplugin_fix-fd-leak.patch
===================================================================
--- ipcop/trunk/src/patches/radiusplugin_fix-fd-leak.patch
(rev 0)
+++ ipcop/trunk/src/patches/radiusplugin_fix-fd-leak.patch 2012-08-05
07:55:13 UTC (rev 6747)
@@ -0,0 +1,23 @@
+http://patch-tracker.debian.org/package/openvpn-auth-radius/2.1-4
+
+There is a file descriptor leak in an errors path in AccountingProcess.cpp.
+
+Index: openvpn-auth-radius/AccountingProcess.cpp
+===================================================================
+--- openvpn-auth-radius.orig/AccountingProcess.cpp 2010-12-16
17:34:41.000000000 +0100
++++ openvpn-auth-radius/AccountingProcess.cpp 2010-12-16 17:34:55.000000000
+0100
+@@ -478,12 +478,14 @@
+ string exe=string(context->conf.getVsaScript()) + " " +
string(context->conf.getVsaNamedPipe());
+ if (write (fd_fifo, buf, buflen) != buflen)
+ {
++ close(fd_fifo);
+ cerr << getTime() << "RADIUS-PLUGIN: Could not write in Pipe to
VSAScript!";
+ return -1;
+ }
+
+ if(system(exe.c_str())!=0)
+ {
++ close(fd_fifo);
+ cerr << getTime() << "RADIUS-PLUGIN: Error in VSAScript!";
+ return -1;
+ }
Added: ipcop/trunk/src/patches/radiusplugin_libgcrypt-init.patch
===================================================================
--- ipcop/trunk/src/patches/radiusplugin_libgcrypt-init.patch
(rev 0)
+++ ipcop/trunk/src/patches/radiusplugin_libgcrypt-init.patch 2012-08-05
07:55:13 UTC (rev 6747)
@@ -0,0 +1,42 @@
+http://lists.nongnu.org/archive/html/radiusplugin-devel/2012-07/msg00000.html
+
+Init libgcrypt
+
+Index: radiusplugin.cpp
+===================================================================
+RCS file: /sources/radiusplugin/radiusplugin/radiusplugin.cpp,v
+retrieving revision 1.22
+retrieving revision 1.23
+diff -u -r1.22 -r1.23
+--- radiusplugin.cpp 23 Sep 2011 13:51:21 -0000 1.22
++++ radiusplugin.cpp 24 Sep 2011 19:21:37 -0000 1.23
+@@ -22,7 +22,8 @@
+ //The callback functions of the plugin infrastructure.
+
+ #include "radiusplugin.h"
+-
++#define NEED_LIBGCRYPT_VERSION "1.2.0"
++GCRY_THREAD_OPTION_PTHREAD_IMPL;
+
+ //define extern "C", so the c++ compiler generate a shared library
+ //which is compatible with c programms
+@@ -828,6 +829,19 @@
+ string strtime;
+ ostringstream portnumber;
+ memset ( digest,0,16 );
++ if (!gcry_control (GCRYCTL_ANY_INITIALIZATION_P))
++ { /* No other library has already initialized libgcrypt. */
++
++ gcry_control(GCRYCTL_SET_THREAD_CBS,&gcry_threads_pthread);
++
++ if (!gcry_check_version (NEED_LIBGCRYPT_VERSION) )
++ {
++ cerr << "libgcrypt is too old (need " << NEED_LIBGCRYPT_VERSION <<
", have " << gcry_check_version (NULL) << ")\n";
++ }
++ /* Disable secure memory. */
++ gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
++ gcry_control (GCRYCTL_INITIALIZATION_FINISHED);
++ }
+ //build the hash
+ gcry_md_open ( &context, GCRY_MD_MD5, 0 );
+ gcry_md_write ( context, user->getCommonname().c_str(),
user->getCommonname().length() );
Added: ipcop/trunk/src/patches/radiusplugin_no-username.patch
===================================================================
--- ipcop/trunk/src/patches/radiusplugin_no-username.patch
(rev 0)
+++ ipcop/trunk/src/patches/radiusplugin_no-username.patch 2012-08-05
07:55:13 UTC (rev 6747)
@@ -0,0 +1,21 @@
+? Makefile.2
+? radiusplugin_no-username.patch
+Index: radiusplugin.cpp
+===================================================================
+RCS file: /sources/radiusplugin/radiusplugin/radiusplugin.cpp,v
+retrieving revision 1.19
+retrieving revision 1.20
+diff -u -r1.19 -r1.20
+--- radiusplugin.cpp 14 Nov 2010 11:37:20 -0000 1.19
++++ radiusplugin.cpp 14 May 2011 06:02:14 -0000 1.20
+@@ -1176,6 +1176,10 @@
+ {
+ user->setCommonname ( get_env ( "common_name", envp ) );
+ }
++ else if(context->conf.getClientCertNotRequired()==true) // if there is no
username, set it to UNDEF, this is what OPENVPN does
++ {
++ user->setCommonname ("UNDEF");
++ }
+
+ //rewrite the commonname if OpenVPN use the option username-as-comon-name
+ if ( context->conf.getUsernameAsCommonname() == true )
Added: ipcop/trunk/src/patches/radiusplugin_non-standard-port.patch
===================================================================
--- ipcop/trunk/src/patches/radiusplugin_non-standard-port.patch
(rev 0)
+++ ipcop/trunk/src/patches/radiusplugin_non-standard-port.patch
2012-08-05 07:55:13 UTC (rev 6747)
@@ -0,0 +1,31 @@
+http://lists.nongnu.org/archive/html/radiusplugin-users/2010-11/msg00019.html
+Hi,
+
+you are right, the plugin only considers the first four digits. It's fixed in
+the CVS version.
+
+Ralf
+
+
+Index: RadiusClass/RadiusConfig.cpp
+===================================================================
+RCS file: /sources/radiusplugin/radiusplugin/RadiusClass/RadiusConfig.cpp,v
+retrieving revision 1.3
+retrieving revision 1.4
+diff -u -r1.3 -r1.4
+--- RadiusClass/RadiusConfig.cpp 23 Nov 2008 15:41:14 -0000 1.3
++++ RadiusClass/RadiusConfig.cpp 11 Nov 2010 21:48:23 -0000 1.4
+@@ -149,11 +149,11 @@
+
+ if
(strncmp(line.c_str(),"authport=",9)==0)
+ {
+-
tmpServer->setAuthPort(atoi(line.substr(9,4).c_str()));
++
tmpServer->setAuthPort(atoi(line.substr(9,5).c_str()));
+ }
+ if
(strncmp(line.c_str(),"acctport=",9)==0)
+ {
+-
tmpServer->setAcctPort(atoi(line.substr(9,4).c_str()));
++
tmpServer->setAcctPort(atoi(line.substr(9,5).c_str()));
+ }
+ if (strncmp(line.c_str(),"name=",5)==0)
+ {
Added: ipcop/trunk/src/patches/radiusplugin_unused.patch
===================================================================
--- ipcop/trunk/src/patches/radiusplugin_unused.patch
(rev 0)
+++ ipcop/trunk/src/patches/radiusplugin_unused.patch 2012-08-05 07:55:13 UTC
(rev 6747)
@@ -0,0 +1,53 @@
+? Makefile.2
+Index: radiusplugin.cpp
+===================================================================
+RCS file: /sources/radiusplugin/radiusplugin/radiusplugin.cpp,v
+retrieving revision 1.23
+retrieving revision 1.24
+diff -u -r1.23 -r1.24
+--- radiusplugin.cpp 24 Sep 2011 19:21:37 -0000 1.23
++++ radiusplugin.cpp 26 Nov 2011 08:38:02 -0000 1.24
+@@ -693,21 +693,25 @@
+ waitpid ( context->getAcctPid(), NULL, 0 );
+
+ }
+- if (context->getStartThread()==false)
++ if (context->getStartThread()==false) //means the thread is running
+ {
+ if ( DEBUG ( context->getVerbosity() ) )
+ cerr << getTime() << "RADIUS-PLUGIN: FOREGROUND: Stop auth
thread .\n";
+- //stop the thread
++
++ //stop the thread
+ pthread_mutex_lock(context->getMutexSend());
+ context->setStopThread(true);
+ pthread_cond_signal( context->getCondSend( ));
+ pthread_mutex_unlock(context->getMutexSend());
+- //wait for the thread to exit
+- pthread_join(*context->getThread(),NULL);
+- pthread_cond_destroy(context->getCondSend( ));
+- pthread_cond_destroy(context->getCondRecv( ));
+- pthread_mutex_destroy(context->getMutexSend());
+- pthread_mutex_destroy(context->getMutexRecv());
++
++
++ //wait for the thread to exit
++ pthread_join(*context->getThread(),NULL);
++ pthread_cond_destroy(context->getCondSend( ));
++ pthread_cond_destroy(context->getCondRecv( ));
++ pthread_mutex_destroy(context->getMutexSend());
++ pthread_mutex_destroy(context->getMutexRecv());
++
+ }
+ else
+ {
+@@ -1128,9 +1132,7 @@
+ string getTime()
+ {
+ time_t rawtime;
+- struct tm * timeinfo;
+ time ( &rawtime );
+- timeinfo = localtime ( &rawtime );
+ string t(ctime(&rawtime));
+ t.replace(t.find("\n"),1," ");
+ size_t str_pos=t.find("\n");
Modified: ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0
===================================================================
--- ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0 2012-08-05 07:10:22 UTC
(rev 6746)
+++ ipcop/trunk/updates/2.1.0/ROOTFILES.i486-2.1.0 2012-08-05 07:55:13 UTC
(rev 6747)
@@ -688,6 +688,9 @@
/usr/bin/killall
/usr/bin/pstree
##
+## radiusplugin-2.1 optimized and patched
+/usr/lib/radiusplugin.so
+##
## rsyslog-5.8.12
/usr/lib/rsyslog/imklog.so
/usr/lib/rsyslog/imuxsock.so
Modified: ipcop/trunk/updates/2.1.0/information.xml
===================================================================
--- ipcop/trunk/updates/2.1.0/information.xml 2012-08-05 07:10:22 UTC (rev
6746)
+++ ipcop/trunk/updates/2.1.0/information.xml 2012-08-05 07:55:13 UTC (rev
6747)
@@ -3,7 +3,7 @@
<version>2.1.0</version>
<releasedate>2012-04-dd</releasedate>
<size>0</size>
- <description>httpd, iputils, gettext, setserial, pcmciautils, ppp
patched<br />
+ <description>httpd, iputils, gettext, setserial, pcmciautils, ppp,
openvpn radiusplugin patched<br />
cairo recompiled with -O3, isdn4k-utils with -Os
-fno-strict-aliasing<br />
Add URL filter, xz-5.0.4<br />
Language updates.<br />
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Ipcop-svn mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ipcop-svn
