Bug#993604: bullseye-pu: package freeradius/3.0.21+dfsg-2.2+deb11u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#993604: bullseye-pu: package freeradius/3.0.21+dfsg-2.2+deb11u1
From: Bernhard Schmidt <berni@debian.org>
Date: Fri, 03 Sep 2021 17:07:56 +0200
Message-id: <[🔎] 163068167693.148223.6233078570358095691.reportbug@BOTOX.krs8.birkenwald.de>
Reply-to: Bernhard Schmidt <berni@debian.org>, 993604@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu

[ Reason ]
This update will fix two bugs in the bullseye package by cherry-picking
two upstream commits

Bug#992207 is a missing line continuation in the default config for the
freeradius-postgresql binary package that causes FreeRADIUS to fail to start

Bug#992036 is a crash bug in certain situations due to non-threadsafe memory
allocation. It is apparently not happening often, but it effectively broke
FreeRADIUS 3.x for my employer for several years. The fixed version has been
working great for several weeks now.

[ Impact ]
Bug#992207 broken default config
Bug#992036 frequent crash 

[ Tests ]
Package in sid has these patches as well and has passed autopkgtest. Proposed
update backported to buster has been running on my employers server for several
weeks.

[ Risks ]
One-line and two-line patch taken from upstream git repo, first one is
obviously correct, second patch comes from the main developer and is working
well.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

[ Changes ]
see above

[ Other info ]
(Anything else the release team should know.)

diff -Nru freeradius-3.0.21+dfsg/debian/changelog freeradius-3.0.21+dfsg/debian/changelog
--- freeradius-3.0.21+dfsg/debian/changelog	2021-07-28 12:28:32.000000000 +0200
+++ freeradius-3.0.21+dfsg/debian/changelog	2021-09-03 16:47:35.000000000 +0200
@@ -1,3 +1,12 @@
+freeradius (3.0.21+dfsg-2.2+deb11u1) bullseye; urgency=medium
+
+  * Cherry-Pick upstream fix for a crash bug (Closes: #992036)
+  * Cherry-pick upstream fix to add missing continuation in postgresql
+    sample config (Closes: #992207)
+  * d/gbp.conf for the debian/bullseye branch
+
+ -- Bernhard Schmidt <berni@debian.org>  Fri, 03 Sep 2021 16:47:35 +0200
+
 freeradius (3.0.21+dfsg-2.2) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru freeradius-3.0.21+dfsg/debian/gbp.conf freeradius-3.0.21+dfsg/debian/gbp.conf
--- freeradius-3.0.21+dfsg/debian/gbp.conf	1970-01-01 01:00:00.000000000 +0100
+++ freeradius-3.0.21+dfsg/debian/gbp.conf	2021-09-03 16:47:35.000000000 +0200
@@ -0,0 +1,3 @@
+[DEFAULT]
+debian-branch = debian/bullseye
+
diff -Nru freeradius-3.0.21+dfsg/debian/patches/allocate-from-the-request.diff freeradius-3.0.21+dfsg/debian/patches/allocate-from-the-request.diff
--- freeradius-3.0.21+dfsg/debian/patches/allocate-from-the-request.diff	1970-01-01 01:00:00.000000000 +0100
+++ freeradius-3.0.21+dfsg/debian/patches/allocate-from-the-request.diff	2021-09-03 16:47:35.000000000 +0200
@@ -0,0 +1,34 @@
+From 7875ca06d1e312f55107c5e369097c7cb5369b53 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Thu, 5 Aug 2021 11:22:12 -0400
+Subject: [PATCH] allocate from the request, which is thread-safe.  Helps with
+ #3188
+
+The "check" item is taken from the "huntgroups" file.  It's in
+a statically allocated list which doesn't change, and shouldn't
+change during run-time.  Allocating memory in its context is
+not thread-safe, and can cause issues
+---
+ src/main/pair.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/main/pair.c b/src/main/pair.c
+index 2f736d74cf7..3725ba1e10b 100644
+--- a/src/main/pair.c
++++ b/src/main/pair.c
+@@ -84,13 +84,13 @@ int radius_compare_vps(UNUSED REQUEST *request, VALUE_PAIR *check, VALUE_PAIR *v
+ 		if (check->da->type == PW_TYPE_STRING) {
+ 			expr_p = check->vp_strvalue;
+ 		} else {
+-			expr_p = expr = vp_aprints_value(check, check, '\0');
++			expr_p = expr = vp_aprints_value(request, check, '\0');
+ 		}
+ 
+ 		if (vp->da->type == PW_TYPE_STRING) {
+ 			value_p = vp->vp_strvalue;
+ 		} else {
+-			value_p = value = vp_aprints_value(vp, vp, '\0');
++			value_p = value = vp_aprints_value(request, vp, '\0');
+ 		}
+ 
+ 		if (!expr_p || !value_p) {
diff -Nru freeradius-3.0.21+dfsg/debian/patches/fix-postgresql-sample-config.diff freeradius-3.0.21+dfsg/debian/patches/fix-postgresql-sample-config.diff
--- freeradius-3.0.21+dfsg/debian/patches/fix-postgresql-sample-config.diff	1970-01-01 01:00:00.000000000 +0100
+++ freeradius-3.0.21+dfsg/debian/patches/fix-postgresql-sample-config.diff	2021-09-03 16:47:35.000000000 +0200
@@ -0,0 +1,28 @@
+From eef366956e2e4a689ab33a0d1f265eb15f749d8d Mon Sep 17 00:00:00 2001
+From: Alejandro Perez <alex.perez-mendez@jisc.ac.uk>
+Date: Mon, 6 Apr 2020 15:52:38 +0200
+Subject: [PATCH] Add missing backslash that precluded server from starting
+
+Server did not start, because it found an unterminated string. Adding the previous-existing backslash fixed it.
+```
+including configuration file /etc/raddb/mods-config/sql/main/postgresql/queries.conf
+/etc/raddb/mods-config/sql/main/postgresql/queries.conf[505]: Parse error: Unterminated string
+Errors reading or parsing /etc/raddb/radiusd.conf
+```
+---
+ raddb/mods-config/sql/main/postgresql/queries.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/raddb/mods-config/sql/main/postgresql/queries.conf b/raddb/mods-config/sql/main/postgresql/queries.conf
+index da82467aea5..b868238306a 100644
+--- a/raddb/mods-config/sql/main/postgresql/queries.conf
++++ b/raddb/mods-config/sql/main/postgresql/queries.conf
+@@ -502,7 +502,7 @@ accounting {
+ 					FramedInterfaceId = NULLIF('%{Framed-Interface-Id}', ''), \
+ 					DelegatedIPv6Prefix = NULLIF('%{Delegated-IPv6-Prefix}', '')::inet, \
+ 					AcctUpdateTime = ${....event_timestamp}, \
+-					AcctSessionTime = COALESCE(%{%{Acct-Session-Time}:-NULL},
++					AcctSessionTime = COALESCE(%{%{Acct-Session-Time}:-NULL}, \
+ 						(${....event_timestamp_epoch} - EXTRACT(EPOCH FROM(AcctStartTime)))), \
+ 					AcctInputOctets = (('%{%{Acct-Input-Gigawords}:-0}'::bigint << 32) + \
+ 						'%{%{Acct-Input-Octets}:-0}'::bigint), \
diff -Nru freeradius-3.0.21+dfsg/debian/patches/series freeradius-3.0.21+dfsg/debian/patches/series
--- freeradius-3.0.21+dfsg/debian/patches/series	2021-07-27 23:50:27.000000000 +0200
+++ freeradius-3.0.21+dfsg/debian/patches/series	2021-09-03 16:47:35.000000000 +0200
@@ -8,3 +8,5 @@
 snakeoil-certs.diff
 python3.8-fix-1.diff
 python3.8-fix-2.diff
+allocate-from-the-request.diff
+fix-postgresql-sample-config.diff

Reply to:

Follow-Ups:
- Bug#993604: bullseye-pu: package freeradius/3.0.21+dfsg-2.2+deb11u1
  - From: Jonathan Wiltshire <jmw@debian.org>
- Processed: Re: Bug#993604: bullseye-pu: package freeradius/3.0.21+dfsg-2.2+deb11u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Processed: Re: Bug#993604: bullseye-pu: package freeradius/3.0.21+dfsg-2.2+deb11u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#993604: freeradius 3.0.21+dfsg-2.2+deb11u1 flagged for acceptance
  - From: Jonathan Wiltshire <jmw@debian.org>

Prev by Date: NEW changes in stable-new
Next by Date: NEW changes in stable-new
Previous by thread: Bug#993577: RM: gnome-shell-extension-remove-dropdown-arrows/-1 -- ROM; No longer needed in GNOME 40
Next by thread: Bug#993604: bullseye-pu: package freeradius/3.0.21+dfsg-2.2+deb11u1
Index(es):
- Date
- Thread