radsecproxy: update to 1.11.2

Changes since 1.9.1:
- Add TLS-PSK support and SSLKEYLOGFILE mechanism (1.11.0)
- Add options to require Message-Authenticator attribute (1.11.0)
- Add native dynamic discovery for NAPTR and SRV records (1.10.0)
- Add SNI support for outgoing TLS connections (1.10.0)
- Multiple TCP/TLS connection stability bug fixes (1.10.x)
- Reload complete TLS context on SIGHUP (1.11.0)
- Fix Message-Authenticator validation for Accounting-Response (1.11.2)

Update patch 200-logdest-on-foreground.patch for new code positions.

Signed-off-by: Alexandru Ardelean <redacted>

diff --git a/net/radsecproxy/Makefile b/net/radsecproxy/Makefile
index 8c72d40f8c979a0b568ef2665e5639d40c22010e..e800c2e41f63601591f49afe64586c057f28f4f5 100644 (file)
--- a/net/radsecproxy/Makefile
+++ b/net/radsecproxy/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=radsecproxy
-PKG_VERSION:=1.9.1
+PKG_VERSION:=1.11.2
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/radsecproxy/radsecproxy/releases/download/$(PKG_VERSION)/
-PKG_HASH:=e08e4e04d188deafd0b55b2f66b1e7fff9bdb553fb170846590317d02c9dc5db
+PKG_HASH:=1fe3f25a392b74db1fe62868e19e883acd1dc0e1f318715299920fcc5e166f97
 
 PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
 PKG_LICENSE:=BSD-3-CLAUSE

diff --git a/net/radsecproxy/patches/200-logdest-on-foreground.patch b/net/radsecproxy/patches/200-logdest-on-foreground.patch
index 54c18f35ad78afb9928919e2951cd1ef11bf22d9..c1aba626d92096950d705245bad10eac6fd35097 100644 (file)
--- a/net/radsecproxy/patches/200-logdest-on-foreground.patch
+++ b/net/radsecproxy/patches/200-logdest-on-foreground.patch
@@ -1,18 +1,19 @@
 --- a/radsecproxy.c
 +++ b/radsecproxy.c
-@@ -3075,15 +3075,13 @@ int radsecproxy_main(int argc, char **ar
-       options.loglevel = loglevel;
+@@ -3637,16 +3637,13 @@ int radsecproxy_main(int argc, char **ar
+         options.loglevel = loglevel;
      else if (options.loglevel)
-       debug_set_level(options.loglevel);
+         debug_set_level(options.loglevel);
 -    if (!foreground) {
--      debug_set_destination(options.logdestination
--                              ? options.logdestination
--                              : "x-syslog:///", LOG_TYPE_DEBUG);
--      if (options.ftickssyslogfacility) {
+-        debug_set_destination(options.logdestination
+-                                  ? options.logdestination
+-                                  : "x-syslog:///",
+-                              LOG_TYPE_DEBUG);
+-        if (options.ftickssyslogfacility) {
 -            debug_set_destination(options.ftickssyslogfacility,
 -                                  LOG_TYPE_FTICKS);
 -            free(options.ftickssyslogfacility);
--      }
+-        }
 +    debug_set_destination(options.logdestination
 +                          ? options.logdestination
 +                          : "x-syslog:///", LOG_TYPE_DEBUG);

diff --git a/net/radsecproxy/patches/300-uninit.patch b/net/radsecproxy/patches/300-uninit.patch
index 578c86826cdf96e8b82e8277153303f2b0521b22..5aeb0ac94d7923bb5b311f8e1e71eb6e3530da00 100644 (file)
--- a/net/radsecproxy/patches/300-uninit.patch
+++ b/net/radsecproxy/patches/300-uninit.patch
@@ -1,6 +1,6 @@
 --- a/gconfig.c
 +++ b/gconfig.c
-@@ -119,7 +119,7 @@ FILE *pushgconfpaths(struct gconffile **
+@@ -120,7 +120,7 @@ FILE *pushgconfpaths(struct gconffile **
      int i;
      FILE *f = NULL;
      glob_t globbuf;

diff --git a/net/radsecproxy/test.sh b/net/radsecproxy/test.sh
new file mode 100644 (file)
index 0000000..02bf470
--- /dev/null
+++ b/net/radsecproxy/test.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+[ "$1" = "radsecproxy" ] || exit 0
+
+# Write a minimal config with a client so radsecproxy starts up
+cat > /tmp/radsecproxy-test.conf << 'EOF'
+LogLevel 3
+LogDestination file:///tmp/radsecproxy-test.log
+ListenUDP localhost:11812
+
+client localhost {
+    type udp
+    secret testing123
+}
+EOF
+
+rm -f /tmp/radsecproxy-test.log
+timeout 2 radsecproxy -f -c /tmp/radsecproxy-test.conf 2>/dev/null || true
+
+# Verify radsecproxy wrote to the log (proves it started and parsed the config)
+[ -s /tmp/radsecproxy-test.log ] || {
+       echo "radsecproxy did not write to log file"
+       false
+}
+echo "radsecproxy started and logged OK"