On 04.02.2025 - 14:59:52, Klemens Nanni wrote: > 04.02.2025 16:23, Matthias Pitzl пишет: > > Hi! > > > > The current version of the Perl module contains a bug concerning the message > > authenticator calculation for ACCESS_CHALLENGE replies (this type is > > missing in > > the list of reply packet types). > > > > The following diff fixes the problem. > > I also reported the bug upstream, so hopefully there will be a new version > > of > > Data::Radius soon. > > > > Index: Makefile > > =================================================================== > > RCS file: /mount/cvsdev/openbsd/cvs/ports/net/p5-Data-Radius/Makefile,v > > diff -u -p -r1.1.1.1 Makefile > > --- Makefile 3 Feb 2025 17:43:21 -0000 1.1.1.1 > > +++ Makefile 4 Feb 2025 13:04:28 -0000 > > @@ -2,6 +2,8 @@ COMMENT = module to encode/decode RADIUS > > > > DISTNAME = Data-Radius-1.2.8 > > > > +REVISION = 1 > > Not an error, but REVISION starts at 0.
Fixed
>
> > +
> > CATEGORIES = net
> >
> > # Artistic 2.0
> > Index: patches/patch-lib_Data_Radius_Packet_pm
> > ===================================================================
> > RCS file: patches/patch-lib_Data_Radius_Packet_pm
> > diff -N patches/patch-lib_Data_Radius_Packet_pm
> > --- /dev/null 1 Jan 1970 00:00:00 -0000
> > +++ patches/patch-lib_Data_Radius_Packet_pm 4 Feb 2025 13:04:11 -0000
>
> Not required, but imho, a brief description and/or link to the upstream issue
> would help. Porters updating ports where patches change or got merged can
> use this context instead of checking everything all over again or searching
> commit messages for more information.
>
Added short comment with link to the CPAN bugreport.
> > @@ -0,0 +1,11 @@
> > +--- lib/Data/Radius/Packet.pm.orig Mon Jul 15 17:27:39 2024
> > ++++ lib/Data/Radius/Packet.pm Tue Feb 4 11:01:36 2025
> > +@@ -31,7 +31,7 @@ use constant {
> > + };
> > + use constant ATTR_MSG_AUTH_ZERO => pack('C C', ATTR_MSG_AUTH,
> > ATTR_MSG_AUTH_LEN) . ("\x0" x (ATTR_MSG_AUTH_LEN - 2));
> > +
> > +-my %IS_REPLY = map { $_ => 1 } (ACCESS_ACCEPT, ACCESS_REJECT,
> > DISCONNECT_ACCEPT, DISCONNECT_REJECT, COA_ACCEPT, COA_REJECT);
> > ++my %IS_REPLY = map { $_ => 1 } (ACCESS_ACCEPT, ACCESS_CHALLENGE,
> > ACCESS_REJECT, DISCONNECT_ACCEPT, DISCONNECT_REJECT, COA_ACCEPT,
> > COA_REJECT);
> > + my %IS_REQUEST = map { $_ => 1 } (ACCESS_REQUEST, ACCOUNTING_REQUEST,
> > DISCONNECT_REQUEST, COA_REQUEST);
> > +
> > + my %IS_ACCOUNTING = map { $_ => 1 } (ACCOUNTING_REQUEST,
> > ACCOUNTING_RESPONSE);
Updated diff:
Index: Makefile
===================================================================
RCS file: /mount/cvsdev/openbsd/cvs/ports/net/p5-Data-Radius/Makefile,v
diff -u -p -r1.1.1.1 Makefile
--- Makefile 3 Feb 2025 17:43:21 -0000 1.1.1.1
+++ Makefile 6 Feb 2025 08:43:24 -0000
@@ -2,6 +2,8 @@ COMMENT = module to encode/decode RADIUS
DISTNAME = Data-Radius-1.2.8
+REVISION = 0
+
CATEGORIES = net
# Artistic 2.0
Index: patches/patch-lib_Data_Radius_Packet_pm
===================================================================
RCS file: patches/patch-lib_Data_Radius_Packet_pm
diff -N patches/patch-lib_Data_Radius_Packet_pm
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-lib_Data_Radius_Packet_pm 6 Feb 2025 08:44:53 -0000
@@ -0,0 +1,15 @@
+ACCESS_CHALLENGE is a valid RADIUS reply.
+This also fixes the Message-Authenticator calculation for such packets.
+See also https://rt.cpan.org/Public/Bug/Display.html?id=158764
+
+--- lib/Data/Radius/Packet.pm.orig Mon Jul 15 17:27:39 2024
++++ lib/Data/Radius/Packet.pm Tue Feb 4 11:01:36 2025
+@@ -31,7 +31,7 @@ use constant {
+ };
+ use constant ATTR_MSG_AUTH_ZERO => pack('C C', ATTR_MSG_AUTH,
ATTR_MSG_AUTH_LEN) . ("\x0" x (ATTR_MSG_AUTH_LEN - 2));
+
+-my %IS_REPLY = map { $_ => 1 } (ACCESS_ACCEPT, ACCESS_REJECT,
DISCONNECT_ACCEPT, DISCONNECT_REJECT, COA_ACCEPT, COA_REJECT);
++my %IS_REPLY = map { $_ => 1 } (ACCESS_ACCEPT, ACCESS_CHALLENGE,
ACCESS_REJECT, DISCONNECT_ACCEPT, DISCONNECT_REJECT, COA_ACCEPT, COA_REJECT);
+ my %IS_REQUEST = map { $_ => 1 } (ACCESS_REQUEST, ACCOUNTING_REQUEST,
DISCONNECT_REQUEST, COA_REQUEST);
+
+ my %IS_ACCOUNTING = map { $_ => 1 } (ACCOUNTING_REQUEST, ACCOUNTING_RESPONSE);
smime.p7s
Description: S/MIME cryptographic signature
