From 6baab45bec6f3079b75a5e661eb1b0b28bceb917 Mon Sep 17 00:00:00 2001 From: zi Date: Tue, 4 Feb 2014 03:17:29 +0000 Subject: - Unbreak rlm_krb5 (pull in fix from upstream) - Unbreak UDP packet send when ipaddr is not INADDR_ANY (pull in fix from upstream) - Bump PORTREVISION --- net/freeradius3/Makefile | 1 + net/freeradius3/files/patch-rlm_krb5 | 894 +++++++++++++++++++++++++++++++ net/freeradius3/files/patch-udpfromtofix | 61 +++ 3 files changed, 956 insertions(+) create mode 100644 net/freeradius3/files/patch-rlm_krb5 create mode 100644 net/freeradius3/files/patch-udpfromtofix (limited to 'net') diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile index f209a3b1dd08..669fb04b0463 100644 --- a/net/freeradius3/Makefile +++ b/net/freeradius3/Makefile @@ -3,6 +3,7 @@ PORTNAME= freeradius DISTVERSION= 3.0.1 +PORTREVISION= 1 CATEGORIES= net MASTER_SITES= ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \ ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \ diff --git a/net/freeradius3/files/patch-rlm_krb5 b/net/freeradius3/files/patch-rlm_krb5 new file mode 100644 index 000000000000..21490abc6a8e --- /dev/null +++ b/net/freeradius3/files/patch-rlm_krb5 @@ -0,0 +1,894 @@ +--- ./src/modules/rlm_krb5/configure.orig 2014-01-13 20:13:56.000000000 -0500 ++++ ./src/modules/rlm_krb5/configure 2014-02-03 14:45:22.000000000 -0500 +@@ -1468,6 +1468,73 @@ + + } # ac_fn_c_try_link + ++# ac_fn_c_check_func LINENO FUNC VAR ++# ---------------------------------- ++# Tests whether FUNC exists, setting the cache variable VAR accordingly ++ac_fn_c_check_func () ++{ ++ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack ++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 ++$as_echo_n "checking for $2... " >&6; } ++if eval \${$3+:} false; then : ++ $as_echo_n "(cached) " >&6 ++else ++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext ++/* end confdefs.h. */ ++/* Define $2 to an innocuous variant, in case declares $2. ++ For example, HP-UX 11i declares gettimeofday. */ ++#define $2 innocuous_$2 ++ ++/* System header to define __stub macros and hopefully few prototypes, ++ which can conflict with char $2 (); below. ++ Prefer to if __STDC__ is defined, since ++ exists even on freestanding compilers. */ ++ ++#ifdef __STDC__ ++# include ++#else ++# include ++#endif ++ ++#undef $2 ++ ++/* Override any GCC internal prototype to avoid an error. ++ Use char because int might match the return type of a GCC ++ builtin and then its argument prototype would still apply. */ ++#ifdef __cplusplus ++extern "C" ++#endif ++char $2 (); ++/* The GNU C library defines this for functions which it implements ++ to always fail with ENOSYS. Some functions are actually named ++ something starting with __ and the normal name is an alias. */ ++#if defined __stub_$2 || defined __stub___$2 ++choke me ++#endif ++ ++int ++main () ++{ ++return $2 (); ++ ; ++ return 0; ++} ++_ACEOF ++if ac_fn_c_try_link "$LINENO"; then : ++ eval "$3=yes" ++else ++ eval "$3=no" ++fi ++rm -f core conftest.err conftest.$ac_objext \ ++ conftest$ac_exeext conftest.$ac_ext ++fi ++eval ac_res=\$$3 ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 ++$as_echo "$ac_res" >&6; } ++ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno ++ ++} # ac_fn_c_check_func ++ + # ac_fn_c_try_run LINENO + # ---------------------- + # Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +@@ -2856,10 +2923,10 @@ + if test "$krb5_config" != 'not-found'; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config CFLAGS" >&5 + $as_echo_n "checking krb5-config CFLAGS... " >&6; } +- SMART_CFLAGS=$($krb5_config --cflags) +- SMART_CFLAGS=$(echo "$SMART_CFLAGS" | sed 's/-I[ ]*/-isystem /g') +- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${SMART_CFLAGS}" >&5 +-$as_echo "${SMART_CFLAGS}" >&6; } ++ SMART_CPPFLAGS=$($krb5_config --cflags) ++ SMART_CPPFLAGS=$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g') ++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"$SMART_CPPFLAGS\"" >&5 ++$as_echo "\"$SMART_CPPFLAGS\"" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking krb5-config LDFLAGS" >&5 + $as_echo_n "checking krb5-config LDFLAGS... " >&6; } +@@ -2900,7 +2967,7 @@ + + + ac_safe=`echo "krb5.h" | sed 'y%./+-%__pm%'` +-old_CFLAGS="$CFLAGS" ++old_CPPFLAGS="$CPPFLAGS" + smart_include= + smart_include_dir= + +@@ -2908,7 +2975,7 @@ + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5 + $as_echo_n "checking for krb5.h in $try... " >&6; } +- CFLAGS="$old_CFLAGS -isystem $try" ++ CPPFLAGS="-isystem $try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -2937,7 +3004,7 @@ + fi + rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +- CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_include" = "x"; then +@@ -3003,7 +3070,7 @@ + for try in $smart_include_dir /usr/local/include /opt/include; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5.h in $try" >&5 + $as_echo_n "checking for krb5.h in $try... " >&6; } +- CFLAGS="$old_CFLAGS -isystem $try" ++ CPPFLAGS="-isystem $try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -3032,13 +3099,13 @@ + fi + rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +- CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_include" != "x"; then + eval "ac_cv_header_$ac_safe=yes" +- CFLAGS="$old_CFLAGS $smart_include" +- SMART_CFLAGS="$SMART_CFLAGS $smart_include" ++ CPPFLAGS="$smart_include $old_CPPFLAGS" ++ SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" + fi + + if test "$ac_cv_header_krb5_h" != "yes"; then +@@ -3053,14 +3120,17 @@ + sm_func_safe=`echo "krb5_encrypt_data" | sed 'y%./+-%__p_%'` + + old_LIBS="$LIBS" ++old_CPPFLAGS="$CPPFLAGS" + smart_lib= ++smart_ldflags= + smart_lib_dir= + + if test "x$smart_try_dir" != "x"; then + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5 + $as_echo_n "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; } +- LIBS="-L$try -lk5crypto $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lk5crypto $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_encrypt_data(); +@@ -3074,7 +3144,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lk5crypto -Wl,-rpath,$try" ++ smart_lib="-lk5crypto" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3087,6 +3158,7 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" = "x"; then +@@ -3178,7 +3250,8 @@ + for try in $smart_lib_dir /usr/local/lib /opt/lib; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_encrypt_data in -lk5crypto in $try" >&5 + $as_echo_n "checking for krb5_encrypt_data in -lk5crypto in $try... " >&6; } +- LIBS="-L$try -lk5crypto $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lk5crypto $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_encrypt_data(); +@@ -3192,7 +3265,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lk5crypto -Wl,-rpath,$try" ++ smart_lib="-lk5crypto" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3205,12 +3279,13 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" != "x"; then + eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_lib $old_LIBS" +- SMART_LIBS="$smart_lib $SMART_LIBS" ++ LIBS="$smart_ldflags $smart_lib $old_LIBS" ++ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" + fi + + if test "x$ac_cv_lib_k5crypto_krb5_encrypt_data" = xyes; then +@@ -3224,14 +3299,17 @@ + sm_func_safe=`echo "DH_new" | sed 'y%./+-%__p_%'` + + old_LIBS="$LIBS" ++old_CPPFLAGS="$CPPFLAGS" + smart_lib= ++smart_ldflags= + smart_lib_dir= + + if test "x$smart_try_dir" != "x"; then + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5 + $as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; } +- LIBS="-L$try -lcrypto $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lcrypto $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char DH_new(); +@@ -3245,7 +3323,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lcrypto -Wl,-rpath,$try" ++ smart_lib="-lcrypto" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3258,6 +3337,7 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" = "x"; then +@@ -3349,7 +3429,8 @@ + for try in $smart_lib_dir /usr/local/lib /opt/lib; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for DH_new in -lcrypto in $try" >&5 + $as_echo_n "checking for DH_new in -lcrypto in $try... " >&6; } +- LIBS="-L$try -lcrypto $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lcrypto $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char DH_new(); +@@ -3363,7 +3444,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lcrypto -Wl,-rpath,$try" ++ smart_lib="-lcrypto" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3376,12 +3458,13 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" != "x"; then + eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_lib $old_LIBS" +- SMART_LIBS="$smart_lib $SMART_LIBS" ++ LIBS="$smart_ldflags $smart_lib $old_LIBS" ++ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" + fi + + if test "x$ac_cv_lib_crypto_DH_new" = xyes; then +@@ -3400,14 +3483,17 @@ + sm_func_safe=`echo "set_com_err_hook" | sed 'y%./+-%__p_%'` + + old_LIBS="$LIBS" ++old_CPPFLAGS="$CPPFLAGS" + smart_lib= ++smart_ldflags= + smart_lib_dir= + + if test "x$smart_try_dir" != "x"; then + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5 + $as_echo_n "checking for set_com_err_hook in -lcom_err in $try... " >&6; } +- LIBS="-L$try -lcom_err $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lcom_err $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char set_com_err_hook(); +@@ -3421,7 +3507,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lcom_err -Wl,-rpath,$try" ++ smart_lib="-lcom_err" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3434,6 +3521,7 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" = "x"; then +@@ -3525,7 +3613,8 @@ + for try in $smart_lib_dir /usr/local/lib /opt/lib; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for set_com_err_hook in -lcom_err in $try" >&5 + $as_echo_n "checking for set_com_err_hook in -lcom_err in $try... " >&6; } +- LIBS="-L$try -lcom_err $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lcom_err $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char set_com_err_hook(); +@@ -3539,7 +3628,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lcom_err -Wl,-rpath,$try" ++ smart_lib="-lcom_err" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3552,12 +3642,13 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" != "x"; then + eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_lib $old_LIBS" +- SMART_LIBS="$smart_lib $SMART_LIBS" ++ LIBS="$smart_ldflags $smart_lib $old_LIBS" ++ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" + fi + + if test "x$ac_cv_lib_com_err_set_com_err_hook" != xyes; then +@@ -3571,14 +3662,17 @@ + sm_func_safe=`echo "krb5_verify_user_opt" | sed 'y%./+-%__p_%'` + + old_LIBS="$LIBS" ++old_CPPFLAGS="$CPPFLAGS" + smart_lib= ++smart_ldflags= + smart_lib_dir= + + if test "x$smart_try_dir" != "x"; then + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5 + $as_echo_n "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; } +- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lkrb5 $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_verify_user_opt(); +@@ -3592,7 +3686,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" ++ smart_lib="-lkrb5" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3605,6 +3700,7 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" = "x"; then +@@ -3696,7 +3792,8 @@ + for try in $smart_lib_dir /usr/local/lib /opt/lib; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_verify_user_opt in -lkrb5 in $try" >&5 + $as_echo_n "checking for krb5_verify_user_opt in -lkrb5 in $try... " >&6; } +- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lkrb5 $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_verify_user_opt(); +@@ -3710,7 +3807,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" ++ smart_lib="-lkrb5" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3723,12 +3821,13 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" != "x"; then + eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_lib $old_LIBS" +- SMART_LIBS="$smart_lib $SMART_LIBS" ++ LIBS="$smart_ldflags $smart_lib $old_LIBS" ++ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" + fi + + if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" == xyes; then +@@ -3742,14 +3841,17 @@ + sm_func_safe=`echo "krb5_get_init_creds_password" | sed 'y%./+-%__p_%'` + + old_LIBS="$LIBS" ++old_CPPFLAGS="$CPPFLAGS" + smart_lib= ++smart_ldflags= + smart_lib_dir= + + if test "x$smart_try_dir" != "x"; then + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5 + $as_echo_n "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; } +- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lkrb5 $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_get_init_creds_password(); +@@ -3763,7 +3865,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" ++ smart_lib="-lkrb5" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3776,6 +3879,7 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" = "x"; then +@@ -3867,7 +3971,8 @@ + for try in $smart_lib_dir /usr/local/lib /opt/lib; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_get_init_creds_password in -lkrb5 in $try" >&5 + $as_echo_n "checking for krb5_get_init_creds_password in -lkrb5 in $try... " >&6; } +- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lkrb5 $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_get_init_creds_password(); +@@ -3881,7 +3986,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" ++ smart_lib="-lkrb5" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3894,12 +4000,13 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" != "x"; then + eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_lib $old_LIBS" +- SMART_LIBS="$smart_lib $SMART_LIBS" ++ LIBS="$smart_ldflags $smart_lib $old_LIBS" ++ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" + fi + + if test "x$ac_cv_lib_krb5_krb5_get_init_creds_password" != xyes; then +@@ -3910,7 +4017,29 @@ + fi + + LDFLAGS="${LDFLAGS} ${SMART_LIBS}" +- CFLAGS="${CFLAGS} ${SMART_CFLAGS}" ++ CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}" ++ ++ for ac_func in krb5_get_error_message krb5_free_error_string krb5_free_error_message ++do : ++ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ++ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" ++if eval test \"x\$"$as_ac_var"\" = x"yes"; then : ++ cat >>confdefs.h <<_ACEOF ++#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 ++_ACEOF ++ ++fi ++done ++ ++ if test "x$ac_cv_func_krb5_get_error_message" == xyes; then ++ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_GET_ERROR_MESSAGE" ++ fi ++ if test "x$ac_cv_func_krb5_free_error_message" == xyes; then ++ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_MESSAGE" ++ fi ++ if test "x$ac_cv_func_krb5_free_error_string" == xyes; then ++ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_STRING" ++ fi + + if test "$krb5threadsafe" != "no"; then + krb5threadsafe= +@@ -3921,14 +4050,17 @@ + sm_func_safe=`echo "krb5_is_thread_safe" | sed 'y%./+-%__p_%'` + + old_LIBS="$LIBS" ++old_CPPFLAGS="$CPPFLAGS" + smart_lib= ++smart_ldflags= + smart_lib_dir= + + if test "x$smart_try_dir" != "x"; then + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5 + $as_echo_n "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; } +- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lkrb5 $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_is_thread_safe(); +@@ -3942,7 +4074,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" ++ smart_lib="-lkrb5" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -3955,6 +4088,7 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" = "x"; then +@@ -4046,7 +4180,8 @@ + for try in $smart_lib_dir /usr/local/lib /opt/lib; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for krb5_is_thread_safe in -lkrb5 in $try" >&5 + $as_echo_n "checking for krb5_is_thread_safe in -lkrb5 in $try... " >&6; } +- LIBS="-L$try -lkrb5 $old_LIBS -Wl,-rpath,$try" ++ LIBS="-lkrb5 $old_LIBS" ++ CPPFLAGS="-L$try -Wl,-rpath,$try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + extern char krb5_is_thread_safe(); +@@ -4060,7 +4195,8 @@ + _ACEOF + if ac_fn_c_try_link "$LINENO"; then : + +- smart_lib="-L$try -lkrb5 -Wl,-rpath,$try" ++ smart_lib="-lkrb5" ++ smart_ldflags="-L$try -Wl,-rpath,$try" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + $as_echo "yes" >&6; } + break +@@ -4073,12 +4209,13 @@ + conftest$ac_exeext conftest.$ac_ext + done + LIBS="$old_LIBS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_lib" != "x"; then + eval "ac_cv_lib_${sm_lib_safe}_${sm_func_safe}=yes" +- LIBS="$smart_lib $old_LIBS" +- SMART_LIBS="$smart_lib $SMART_LIBS" ++ LIBS="$smart_ldflags $smart_lib $old_LIBS" ++ SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS" + fi + + if test "x$ac_cv_lib_krb5_krb5_is_thread_safe" == xyes; then +@@ -4118,7 +4255,7 @@ + + + ac_safe=`echo "com_err.h" | sed 'y%./+-%__pm%'` +-old_CFLAGS="$CFLAGS" ++old_CPPFLAGS="$CPPFLAGS" + smart_include= + smart_include_dir= + +@@ -4126,7 +4263,7 @@ + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5 + $as_echo_n "checking for com_err.h in $try... " >&6; } +- CFLAGS="$old_CFLAGS -isystem $try" ++ CPPFLAGS="-isystem $try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -4155,7 +4292,7 @@ + fi + rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +- CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_include" = "x"; then +@@ -4221,7 +4358,7 @@ + for try in $smart_include_dir /usr/local/include /opt/include; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for com_err.h in $try" >&5 + $as_echo_n "checking for com_err.h in $try... " >&6; } +- CFLAGS="$old_CFLAGS -isystem $try" ++ CPPFLAGS="-isystem $try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -4250,20 +4387,20 @@ + fi + rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +- CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_include" != "x"; then + eval "ac_cv_header_$ac_safe=yes" +- CFLAGS="$old_CFLAGS $smart_include" +- SMART_CFLAGS="$SMART_CFLAGS $smart_include" ++ CPPFLAGS="$smart_include $old_CPPFLAGS" ++ SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" + fi + + if test "$ac_cv_header_com_err_h" != "yes"; then + + + ac_safe=`echo "et/com_err.h" | sed 'y%./+-%__pm%'` +-old_CFLAGS="$CFLAGS" ++old_CPPFLAGS="$CPPFLAGS" + smart_include= + smart_include_dir= + +@@ -4271,7 +4408,7 @@ + for try in $smart_try_dir; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5 + $as_echo_n "checking for et/com_err.h in $try... " >&6; } +- CFLAGS="$old_CFLAGS -isystem $try" ++ CPPFLAGS="-isystem $try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -4300,7 +4437,7 @@ + fi + rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +- CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_include" = "x"; then +@@ -4366,7 +4503,7 @@ + for try in $smart_include_dir /usr/local/include /opt/include; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for et/com_err.h in $try" >&5 + $as_echo_n "checking for et/com_err.h in $try... " >&6; } +- CFLAGS="$old_CFLAGS -isystem $try" ++ CPPFLAGS="-isystem $try $old_CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ + +@@ -4395,13 +4532,13 @@ + fi + rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +- CFLAGS="$old_CFLAGS" ++ CPPFLAGS="$old_CPPFLAGS" + fi + + if test "x$smart_include" != "x"; then + eval "ac_cv_header_$ac_safe=yes" +- CFLAGS="$old_CFLAGS $smart_include" +- SMART_CFLAGS="$SMART_CFLAGS $smart_include" ++ CPPFLAGS="$smart_include $old_CPPFLAGS" ++ SMART_CPPFLAGS="$smart_include $SMART_CPPFLAGS" + fi + + if test "$ac_cv_header_et_com_err_h" != "yes"; then +@@ -4431,8 +4568,8 @@ + fi + fi + +-mod_ldflags="${krb5mod_ldflags} ${krb5libcrypto} ${SMART_LIBS}" +-mod_cflags="${krb5mod_cflags} ${krb5threadsafe} ${SMART_CFLAGS}" ++mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS" ++mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS" + + + +--- ./src/modules/rlm_krb5/configure.ac.orig 2014-01-13 20:13:56.000000000 -0500 ++++ ./src/modules/rlm_krb5/configure.ac 2014-02-03 14:45:22.000000000 -0500 +@@ -31,9 +31,9 @@ + dnl # + if test "$krb5_config" != 'not-found'; then + AC_MSG_CHECKING([krb5-config CFLAGS]) +- SMART_CFLAGS=$($krb5_config --cflags) +- SMART_CFLAGS=[$(echo "$SMART_CFLAGS" | sed 's/-I[ ]*/-isystem /g')] +- AC_MSG_RESULT(${SMART_CFLAGS}) ++ SMART_CPPFLAGS=$($krb5_config --cflags) ++ SMART_CPPFLAGS=[$(echo "$SMART_CPPFLAGS" | sed 's/-I[ ]*/-isystem /g')] ++ AC_MSG_RESULT("$SMART_CPPFLAGS") + + AC_MSG_CHECKING([krb5-config LDFLAGS]) + SMART_LIBS=$($krb5_config --libs) +@@ -111,7 +111,21 @@ + dnl # Need to ensure the test program(s) link against the right library + dnl # + LDFLAGS="${LDFLAGS} ${SMART_LIBS}" +- CFLAGS="${CFLAGS} ${SMART_CFLAGS}" ++ CFLAGS="${CFLAGS} ${SMART_CPPFLAGS}" ++ ++ dnl # ++ dnl # Check how to free things returned by krb5_get_error_message ++ dnl # ++ AC_CHECK_FUNCS([krb5_get_error_message krb5_free_error_string krb5_free_error_message]) ++ if test "x$ac_cv_func_krb5_get_error_message" == xyes; then ++ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_GET_ERROR_MESSAGE" ++ fi ++ if test "x$ac_cv_func_krb5_free_error_message" == xyes; then ++ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_MESSAGE" ++ fi ++ if test "x$ac_cv_func_krb5_free_error_string" == xyes; then ++ krb5mod_cflags="${krb5mod_cflags} -D HAVE_KRB5_FREE_ERROR_STRING" ++ fi + + dnl # + dnl # Only check if version checks have not found kerberos to be thread unsafe +@@ -160,8 +174,8 @@ + fi + fi + +-mod_ldflags="${krb5mod_ldflags} ${krb5libcrypto} ${SMART_LIBS}" +-mod_cflags="${krb5mod_cflags} ${krb5threadsafe} ${SMART_CFLAGS}" ++mod_ldflags="$krb5mod_ldflags $krb5libcrypto $SMART_LIBS" ++mod_cflags="$krb5mod_cflags $krb5threadsafe $SMART_CPPFLAGS" + + AC_SUBST(mod_ldflags) + AC_SUBST(mod_cflags) +--- ./src/modules/rlm_krb5/krb5.c.orig 2014-01-13 20:13:56.000000000 -0500 ++++ ./src/modules/rlm_krb5/krb5.c 2014-02-03 14:47:32.000000000 -0500 +@@ -15,19 +15,19 @@ + */ + + /** +- * $Id: 81ed1d4bd3c41b41042141caa8e862d51f1f75df $ ++ * $Id: c830bff1cbb89a9e3faf56a3275b9ba00c5b57d0 $ + * @file krb5.h + * @brief Context management functions for rlm_krb5 + * + * @copyright 2013 The FreeRADIUS server project + * @copyright 2013 Arran Cudbard-Bell + */ +-RCSID("$Id: 81ed1d4bd3c41b41042141caa8e862d51f1f75df $") ++RCSID("$Id: c830bff1cbb89a9e3faf56a3275b9ba00c5b57d0 $") + + #include + #include "krb5.h" + +-#ifdef HEIMDAL_KRB5 ++#ifdef HAVE_KRB5_GET_ERROR_MESSAGE + # define KRB5_STRERROR_BUFSIZE (2048) + + fr_thread_local_setup(char *, krb5_error_buffer) /* macro */ +@@ -60,7 +60,7 @@ + + ret = fr_thread_local_set(krb5_error_buffer, buffer); + if (ret != 0) { +- ERROR("Failed setting up TLS for krb5 error buffer: %s", fr_syserror(ret)); ++ ERROR("Failed setting up TLS for krb5 error buffer."); + free(buffer); + return NULL; + } +@@ -69,7 +69,13 @@ + msg = krb5_get_error_message(context, code); + if (msg) { + strlcpy(buffer, msg, KRB5_STRERROR_BUFSIZE); ++#ifdef HAVE_KRB5_FREE_ERROR_MESSAGE + krb5_free_error_message(context, msg); ++#elif defined(HAVE_KRB5_FREE_ERROR_STRING) ++ krb5_free_error_string(context, msg); ++#else ++# error "No way to free error strings, missing krb5_free_error_message() and krb5_free_error_string()" ++#endif + } else { + strlcpy(buffer, "Unknown error", KRB5_STRERROR_BUFSIZE); + } +--- ./src/modules/rlm_krb5/krb5.h.orig 2014-01-13 20:13:56.000000000 -0500 ++++ ./src/modules/rlm_krb5/krb5.h 2014-02-03 14:45:22.000000000 -0500 +@@ -15,14 +15,14 @@ + */ + + /** +- * $Id: 37805a2a2d917fd3ecea904afa6b15958c235509 $ ++ * $Id: 59b1f8526e121f9de1c88dcd9cba4386255b722a $ + * @file krb5.h + * @brief types and function signatures for rlm_krb5. + * + * @copyright 2013 The FreeRADIUS server project + * @copyright 2013 Arran Cudbard-Bell + */ +-RCSIDH(krb5_h, "$Id: 37805a2a2d917fd3ecea904afa6b15958c235509 $") ++RCSIDH(krb5_h, "$Id: 59b1f8526e121f9de1c88dcd9cba4386255b722a $") + + #if defined(KRB5_IS_THREAD_SAFE) && !defined(HAVE_PTHREAD_H) + # undef KRB5_IS_THREAD_SAFE +@@ -79,7 +79,7 @@ + * MIT Kerberos uses comm_err, so the macro just expands to a call + * to error_message. + */ +-#ifndef HEIMDAL_KRB5 ++#ifndef HAVE_KRB5_GET_ERROR_MESSAGE + # ifdef ET_COMM_ERR + # include + # else +--- ./src/modules/rlm_krb5/rlm_krb5.c.orig 2014-01-13 20:13:56.000000000 -0500 ++++ ./src/modules/rlm_krb5/rlm_krb5.c 2014-02-03 14:45:22.000000000 -0500 +@@ -15,7 +15,7 @@ + */ + + /** +- * $Id: 4c96eb58baaf37c8bc7701ba772c09752ee0505c $ ++ * $Id: caf186e694151905d607447151fa65e429fb95e3 $ + * @file rlm_krb5.c + * @brief Authenticate users, retrieving their TGT from a Kerberos V5 TDC. + * +@@ -24,7 +24,7 @@ + * @copyright 2000 Nathan Neulinger + * @copyright 2000 Alan DeKok + */ +-RCSID("$Id: 4c96eb58baaf37c8bc7701ba772c09752ee0505c $") ++RCSID("$Id: caf186e694151905d607447151fa65e429fb95e3 $") + + #include + #include +@@ -84,7 +84,7 @@ + + #ifndef KRB5_IS_THREAD_SAFE + if (!krb5_is_thread_safe()) { +- DEBUGI("libkrb5 is not threadsafe, recompile it, and the server with thread support enabled"); ++ WDEBUG("libkrb5 is not threadsafe, recompile it, and the server with thread support enabled"); + WDEBUG("rlm_krb5 will run in single threaded mode, performance may be degraded"); + } else { + WDEBUG("Build time libkrb5 was not threadsafe, but run time library claims to be"); +@@ -331,8 +331,9 @@ + break; + + case KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN: +- RDEBUG("User not found: %s (%i)", ret, rlm_krb5_error(conn->context, ret)); ++ RDEBUG("User not found (%i): %s", ret, rlm_krb5_error(conn->context, ret)); + rcode = RLM_MODULE_NOTFOUND; ++ break; + + default: + REDEBUG("Error verifying credentials (%i): %s", ret, rlm_krb5_error(conn->context, ret)); diff --git a/net/freeradius3/files/patch-udpfromtofix b/net/freeradius3/files/patch-udpfromtofix new file mode 100644 index 000000000000..4511fee3c705 --- /dev/null +++ b/net/freeradius3/files/patch-udpfromtofix @@ -0,0 +1,61 @@ +From d51c75c1ce24dbbb1045b1e72a3c89729ca91016 Mon Sep 17 00:00:00 2001 +From: Arran Cudbard-Bell +Date: Tue, 28 Jan 2014 14:25:19 +0000 +Subject: [PATCH] Don't use IP_SENDSRCADDR (in sendfromto) if on FreeBSD and + the socket were using is bound to a specific IP + +FreeBSD is extra pedantic about the use of IP_SENDSRCADDR, and sendmsg will fail with EINVAL if IP_SENDSRCADDR is used with a socket which is bound to something other than INADDR_ANY. +--- + src/lib/udpfromto.c | 31 ++++++++++++++++++++++++++++++- + 1 file changed, 30 insertions(+), 1 deletion(-) + +diff --git a/src/lib/udpfromto.c b/src/lib/udpfromto.c +index 680e354..b022136 100644 +--- src/lib/udpfromto.c ++++ src/lib/udpfromto.c +@@ -292,12 +292,41 @@ int sendfromto(int s, void *buf, size_t len, int flags, + struct iovec iov; + char cbuf[256]; + +-#if !defined(IP_PKTINFO) && !defined(IP_SENDSRCADDR) && !defined(IPV6_PKTINFO) ++#ifdef __FreeBSD__ ++ /* ++ * FreeBSD is extra pedantic about the use of IP_SENDSRCADDR, ++ * and sendmsg will fail with EINVAL if IP_SENDSRCADDR is used ++ * with a socket which is bound to something other than ++ * INADDR_ANY ++ */ ++ struct sockaddr bound; ++ socklen_t bound_len = sizeof(bound); ++ ++ if (getsockname(s, &bound, &bound_len) < 0) { ++ return -1; ++ } ++ ++ switch (bound.sa_family) { ++ case AF_INET: ++ if (((struct sockaddr_in *) &bound)->sin_addr.s_addr != INADDR_ANY) { ++ from = NULL; ++ } ++ break; ++ ++ case AF_INET6: ++ if (!IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *) &bound)->sin6_addr)) { ++ from = NULL; ++ } ++ break; ++ } ++#else ++# if !defined(IP_PKTINFO) && !defined(IP_SENDSRCADDR) && !defined(IPV6_PKTINFO) + /* + * If the sendmsg() flags aren't defined, fall back to + * using sendto(). + */ + from = NULL; ++# endif + #endif + + /* +-- +1.8.5.1 + -- cgit