Debian Bug report logs - #600465
unblock: freeradius 2.1.10+dfsg-2

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Josip Rodin <joy@debbugs.entuzijast.net>

Date: Sun, 17 Oct 2010 12:00:01 UTC

Severity: normal

Tags: moreinfo

Done: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600465; Package release.debian.org. (Sun, 17 Oct 2010 12:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Josip Rodin <joy@debbugs.entuzijast.net>:
New Bug report received and forwarded. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 17 Oct 2010 12:00:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Josip Rodin <joy@debbugs.entuzijast.net>
To: submit@bugs.debian.org
Subject: unblock: freeradius 2.1.10+dfsg-1
Date: Sun, 17 Oct 2010 13:45:30 +0200
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi,

We had FreeRADIUS 2.0.4 in lenny, and this was an upstream point release
pretty much picked at random - it was what was happened to be packaged at
the time lenny froze. It wasn't nearly the last point release before the
cutoff date, I don't think.

People keep coming to the upstream freeradius-users mailing list asking for
help with 2.0.4, and they increasingly get funny looks because it's a
randomly ancient version, by the upstream people's standards.

Right now we have 2.1.8 in squeeze, and I sense the same scenario will
unfold, hence this request. This time at least we have roughly the last
upstream point release before the cutoff date, but at the same time:

* there is some packaging siliness that I really wouldn't want to become
  part of stable - though I have tested upgrades from all previous releases
  and they should all be working, thanks to a multitude of checks in
  postinst
* there's one long-standing bug that affected a significant portion of
  FreeRADIUS module functionality that was fixed just by applying the right
  new libtool functions.
* the last upstream release, 2.1.10, has a few fixes that the security folks
  thought matter - but that's mostly because someone went through the
  trouble of generating a CVE number for the bugs in question.
  I've seen stuff like that get fixed in FreeRADIUS without CVEs before.
  I've also seen it not get fixed, yet nobody would have paid attention.
* in general, the package is still pretty much standalone and shouldn't
  affect anything else.

So hopefully God won't kill any kittens if you just let this one through :)

If it doesn't go through, no kittens should get harmed either, but the
current scheme of automatically pointing users at lenny-backports will
become commonplace in case of squeeze sooner rather than later, and for
no obvious benefit.

The changelog entries between the version currently in squeeze and the
requested one are:

freeradius (2.1.10+dfsg-1) unstable; urgency=medium

   * New upstream version, closes a bunch of reproducible SNAFUs,
     including two tagged as security issues, CVE-2010-3696, CVE-2010-3697,
     closes: #600176.
   * Build-depend on newer Libtool because of lt_dladvise_init(), also
     upstream now has a configure check so we no longer need a patch,
     yet we still don't want the old behaviour. Noticed by John Morrissey,
     closes: #584151.
   * Added the /etc/default/freeradius file as suggested by
     Rudy Gevaert and Matthew Newton, closes: #564716.
   * Stop symlinking /dev/urandom into /etc/freeradius/certs/random,
     it breaks grep -r in /etc. Instead, replace it inside eap.conf,
     both in the new shipped conffile and in postinst.

 -- Josip Rodin <joy-packages@debian.org>  Thu, 14 Oct 2010 21:51:51 +0200

freeradius (2.1.9+dfsg-1) unstable; urgency=low

   * New upstream version.
     + radclient (radtest) should now use IPv4 by default, closes: #569614.
   * Depend on ca-certificates explicitly, closes: #569601.
   * I mistook ca.pem for the locally selected acceptable CA, whereas that
     actually just happens to mean DebConf.org CA, and we want the former
     by default. That in turn is in /etc/ssl/certs/ca-certificates.crt.
     Obviously later the users can trivially change this, but this looks
     like a reasonably reliable default that doesn't involve a lot of magic
     that can delay or break postinst invocations. In the future, eap.conf
     will become modules/eap and this will not be so critical.
   * The private_key_file = ${certdir}/server.pem default doesn't get along
     with snakeoil, or common sense really (why would you keep a secret key
     in the same file as the non-secret certificate?), and could have broken
     upgrades if people accepted the conffile prompt, so adjusted the
     default conffile too, and adjusted the postinst upgrade logic as well.
   * Enable HAVE_LT_DLADVISE_INIT as it fixes the module symbol lookup
     errors from additional libraries, closes: #416266.
   * Explicate source format as 1.0.
   * Add ${misc:Depends} to all binary packages.
   * Update standards version to 3.8.4, no changes necessary.

 -- Josip Rodin <joy-packages@debian.org>  Sun, 30 May 2010 12:48:55 +0200 

TIA.

-- 
     2. That which causes joy or happiness.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600465; Package release.debian.org. (Tue, 19 Oct 2010 19:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Tue, 19 Oct 2010 19:30:03 GMT) Full text and rfc822 format available.

Message #10 received at 600465@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Josip Rodin <joy@debbugs.entuzijast.net>, 600465@bugs.debian.org
Subject: Re: Bug#600465: unblock: freeradius 2.1.10+dfsg-1
Date: Tue, 19 Oct 2010 20:27:50 +0100
On Sun, 2010-10-17 at 13:45 +0200, Josip Rodin wrote: 
> Right now we have 2.1.8 in squeeze, and I sense the same scenario will
> unfold, hence this request. This time at least we have roughly the last
> upstream point release before the cutoff date, but at the same time:

fwiw, squeeze actually has 2.1.9, if that makes any difference.  (and
dhclient isn't the greatest name for a debugging tool, albeit one which
isn't shipped in the binary packages afaics).

Regards,

Adam





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600465; Package release.debian.org. (Tue, 19 Oct 2010 19:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Josip Rodin <joy@debbugs.entuzijast.net>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Tue, 19 Oct 2010 19:45:03 GMT) Full text and rfc822 format available.

Message #15 received at 600465@bugs.debian.org (full text, mbox):

From: Josip Rodin <joy@debbugs.entuzijast.net>
To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 600465@bugs.debian.org
Subject: Re: Bug#600465: unblock: freeradius 2.1.10+dfsg-1
Date: Tue, 19 Oct 2010 21:43:34 +0200
On Tue, Oct 19, 2010 at 08:27:50PM +0100, Adam D. Barratt wrote:
> On Sun, 2010-10-17 at 13:45 +0200, Josip Rodin wrote: 
> > Right now we have 2.1.8 in squeeze, and I sense the same scenario will
> > unfold, hence this request. This time at least we have roughly the last
> > upstream point release before the cutoff date, but at the same time:
> 
> fwiw, squeeze actually has 2.1.9, if that makes any difference.

Oh, sorry. Then from the standpoint of "no excess code changes" that's even
better. And it also elucidates my point about picking random upstream
releases to freeze with - the version in squeeze has this bug:
http://lists.freeradius.org/pipermail/freeradius-users/2010-June/msg00248.html
That made it useless for my own testing on lenny machines so I never did a
lenny backport - yet it accidentally propagated to squeeze.

> (and dhclient isn't the greatest name for a debugging tool, albeit one
> which isn't shipped in the binary packages afaics).

Sorry, what?

-- 
     2. That which causes joy or happiness.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600465; Package release.debian.org. (Tue, 19 Oct 2010 20:00:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Tue, 19 Oct 2010 20:00:06 GMT) Full text and rfc822 format available.

Message #20 received at 600465@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Josip Rodin <joy@debbugs.entuzijast.net>
Cc: 600465@bugs.debian.org
Subject: Re: Bug#600465: unblock: freeradius 2.1.10+dfsg-1
Date: Tue, 19 Oct 2010 20:58:22 +0100
On Tue, 2010-10-19 at 21:43 +0200, Josip Rodin wrote:
> On Tue, Oct 19, 2010 at 08:27:50PM +0100, Adam D. Barratt wrote:
> > On Sun, 2010-10-17 at 13:45 +0200, Josip Rodin wrote: 
> > > Right now we have 2.1.8 in squeeze, and I sense the same scenario will
> > > unfold, hence this request. This time at least we have roughly the last
> > > upstream point release before the cutoff date, but at the same time:
> > 
> > fwiw, squeeze actually has 2.1.9, if that makes any difference.
[...]
> > (and dhclient isn't the greatest name for a debugging tool, albeit one
> > which isn't shipped in the binary packages afaics).
> 
> Sorry, what?

Sorry, I should have been more verbose there.  While I was having an
initial look at the debdiff, I spotted the addition of:

 src/main/dhclient.c                                             |  444 ++

which as a stand-alone binary could have namespace issues.  So far as I
can see, the freeradius packages don't include such a binary, however.

Regards,

Adam





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600465; Package release.debian.org. (Sun, 24 Oct 2010 16:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 24 Oct 2010 16:15:03 GMT) Full text and rfc822 format available.

Message #25 received at 600465@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Josip Rodin <joy@debbugs.entuzijast.net>, 600465@bugs.debian.org
Subject: Re: Bug#600465: unblock: freeradius 2.1.10+dfsg-1
Date: Sun, 24 Oct 2010 17:10:58 +0100
On Sun, 2010-10-17 at 13:45 +0200, Josip Rodin wrote:
> People keep coming to the upstream freeradius-users mailing list asking for
> help with 2.0.4, and they increasingly get funny looks because it's a
> randomly ancient version, by the upstream people's standards.
> 
> Right now we have 2.1.8 in squeeze, and I sense the same scenario will
> unfold, hence this request. This time at least we have roughly the last
> upstream point release before the cutoff date, but at the same time:
[...]
> So hopefully God won't kill any kittens if you just let this one through :)

For a point release, that's not a small diff. :-/  I've tried reviewing
it and while some of it makes a fair amount of sense, I don't know the
product well enough to know whether the rest is fixing important bugs,
or just tinkering.

This, from main/events.c, looks obviously wrong, however:

+       home->zombie_period_start.tv_sec = home->last_packet;
+       home->zombie_period_start.tv_sec = USEC / 2;

Presumably the second tv_sec should be tv_usec.

Regards,

Adam





Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600465; Package release.debian.org. (Sun, 24 Oct 2010 19:15:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Josip Rodin <joy@debbugs.entuzijast.net>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 24 Oct 2010 19:15:05 GMT) Full text and rfc822 format available.

Message #30 received at 600465@bugs.debian.org (full text, mbox):

From: Josip Rodin <joy@debbugs.entuzijast.net>
To: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Cc: 600465@bugs.debian.org, Alan DeKok <aland@deployingradius.com>
Subject: Re: Bug#600465: unblock: freeradius 2.1.10+dfsg-1
Date: Sun, 24 Oct 2010 21:12:41 +0200
[For Alan: I requested for FreeRADIUS 2.1.10 to replace 2.1.9 in the future
Debian 6.0 release; the former came too late in our process to be accepted
automatically.]

On Sun, Oct 24, 2010 at 05:10:58PM +0100, Adam D. Barratt wrote:
> On Sun, 2010-10-17 at 13:45 +0200, Josip Rodin wrote:
> > People keep coming to the upstream freeradius-users mailing list asking for
> > help with 2.0.4, and they increasingly get funny looks because it's a
> > randomly ancient version, by the upstream people's standards.
> > 
> > Right now we have 2.1.8 in squeeze, and I sense the same scenario will
> > unfold, hence this request. This time at least we have roughly the last
> > upstream point release before the cutoff date, but at the same time:
> [...]
> > So hopefully God won't kill any kittens if you just let this one through :)
> 
> For a point release, that's not a small diff. :-/  I've tried reviewing
> it and while some of it makes a fair amount of sense, I don't know the
> product well enough to know whether the rest is fixing important bugs,
> or just tinkering.
> 
> This, from main/events.c, looks obviously wrong, however:
> 
> +       home->zombie_period_start.tv_sec = home->last_packet;
> +       home->zombie_period_start.tv_sec = USEC / 2;
> 
> Presumably the second tv_sec should be tv_usec.

Yeah, that sounds like it to me, too. That change came in this commit
http://github.com/alandekok/freeradius-server/commit/f8bcc0fe
which actually probably fixed a fatal crash (the assert call removed
because "Don't check home->ev due to race conditions."), so that's still
probably better than one randomized zombie period start (which can
get reset and/or ignored soon enough anyway) which is why nobody else
noticed.

Alan, is this correct?

-- 
     2. That which causes joy or happiness.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600465; Package release.debian.org. (Mon, 25 Oct 2010 10:48:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Alan DeKok <aland@deployingradius.com>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Mon, 25 Oct 2010 10:48:06 GMT) Full text and rfc822 format available.

Message #35 received at 600465@bugs.debian.org (full text, mbox):

From: Alan DeKok <aland@deployingradius.com>
To: Josip Rodin <joy@debbugs.entuzijast.net>
Cc: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 600465@bugs.debian.org
Subject: Re: Bug#600465: unblock: freeradius 2.1.10+dfsg-1
Date: Mon, 25 Oct 2010 12:35:38 +0200
Josip Rodin wrote:
> [For Alan: I requested for FreeRADIUS 2.1.10 to replace 2.1.9 in the future
> Debian 6.0 release; the former came too late in our process to be accepted
> automatically.]

  OK.

>> This, from main/events.c, looks obviously wrong, however:
>>
>> +       home->zombie_period_start.tv_sec = home->last_packet;
>> +       home->zombie_period_start.tv_sec = USEC / 2;
>>
>> Presumably the second tv_sec should be tv_usec.

  Yes, ouch.

> Yeah, that sounds like it to me, too. That change came in this commit
> http://github.com/alandekok/freeradius-server/commit/f8bcc0fe
> which actually probably fixed a fatal crash (the assert call removed
> because "Don't check home->ev due to race conditions."), so that's still
> probably better than one randomized zombie period start (which can
> get reset and/or ignored soon enough anyway) which is why nobody else
> noticed.
> 
> Alan, is this correct?

  Yes.  I'll commit a fix.

  Alan DeKok.




Added tag(s) moreinfo. Request was from Julien Cristau <jcristau@debian.org> to control@bugs.debian.org. (Tue, 02 Nov 2010 16:48:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600465; Package release.debian.org. (Tue, 02 Nov 2010 18:12:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Tue, 02 Nov 2010 18:12:10 GMT) Full text and rfc822 format available.

Message #42 received at 600465@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Alan DeKok <aland@deployingradius.com>
Cc: Josip Rodin <joy@debbugs.entuzijast.net>, "Adam D. Barratt" <adam@adam-barratt.org.uk>, 600465@bugs.debian.org
Subject: Re: Bug#600465: unblock: freeradius 2.1.10+dfsg-1
Date: Tue, 2 Nov 2010 19:09:26 +0100
On Mon, Oct 25, 2010 at 12:35:38PM +0200, Alan DeKok wrote:
> Josip Rodin wrote:
> > [For Alan: I requested for FreeRADIUS 2.1.10 to replace 2.1.9 in the future
> > Debian 6.0 release; the former came too late in our process to be accepted
> > automatically.]
> 
>   OK.
> 
> >> This, from main/events.c, looks obviously wrong, however:
> >>
> >> +       home->zombie_period_start.tv_sec = home->last_packet;
> >> +       home->zombie_period_start.tv_sec = USEC / 2;
> >>
> >> Presumably the second tv_sec should be tv_usec.
> 
>   Yes, ouch.
> 
> > Yeah, that sounds like it to me, too. That change came in this commit
> > http://github.com/alandekok/freeradius-server/commit/f8bcc0fe
> > which actually probably fixed a fatal crash (the assert call removed
> > because "Don't check home->ev due to race conditions."), so that's still
> > probably better than one randomized zombie period start (which can
> > get reset and/or ignored soon enough anyway) which is why nobody else
> > noticed.
> > 
> > Alan, is this correct?
> 
>   Yes.  I'll commit a fix.

Josip, Alan's fix has been commited:
http://github.com/alandekok/freeradius-server/commit/7b7dff7724721f8af5fd163f2292d427a869992d

Could you upload a fixed version?

Cheers,
        Moritz




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600465; Package release.debian.org. (Sat, 13 Nov 2010 15:15:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Josip Rodin <joy@debbugs.entuzijast.net>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 13 Nov 2010 15:15:03 GMT) Full text and rfc822 format available.

Message #47 received at 600465@bugs.debian.org (full text, mbox):

From: Josip Rodin <joy@debbugs.entuzijast.net>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Alan DeKok <aland@deployingradius.com>, "Adam D. Barratt" <adam@adam-barratt.org.uk>, 600465@bugs.debian.org
Subject: Re: Bug#600465: unblock: freeradius 2.1.10+dfsg-1
Date: Sat, 13 Nov 2010 16:11:40 +0100
On Tue, Nov 02, 2010 at 07:09:26PM +0100, Moritz Muehlenhoff wrote:
> On Mon, Oct 25, 2010 at 12:35:38PM +0200, Alan DeKok wrote:
> > Josip Rodin wrote:
> > > [For Alan: I requested for FreeRADIUS 2.1.10 to replace 2.1.9 in the future
> > > Debian 6.0 release; the former came too late in our process to be accepted
> > > automatically.]
> > 
> >   OK.
> > 
> > >> This, from main/events.c, looks obviously wrong, however:
> > >>
> > >> +       home->zombie_period_start.tv_sec = home->last_packet;
> > >> +       home->zombie_period_start.tv_sec = USEC / 2;
> > >>
> > >> Presumably the second tv_sec should be tv_usec.
> > 
> >   Yes, ouch.
> > 
> > > Yeah, that sounds like it to me, too. That change came in this commit
> > > http://github.com/alandekok/freeradius-server/commit/f8bcc0fe
> > > which actually probably fixed a fatal crash (the assert call removed
> > > because "Don't check home->ev due to race conditions."), so that's still
> > > probably better than one randomized zombie period start (which can
> > > get reset and/or ignored soon enough anyway) which is why nobody else
> > > noticed.
> > > 
> > > Alan, is this correct?
> > 
> >   Yes.  I'll commit a fix.
> 
> Josip, Alan's fix has been commited:
> http://github.com/alandekok/freeradius-server/commit/7b7dff7724721f8af5fd163f2292d427a869992d
> 
> Could you upload a fixed version?

I'll get to it today. It'll also fix another logging regression that got
reported in the meantime.

-- 
     2. That which causes joy or happiness.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600465; Package release.debian.org. (Sun, 14 Nov 2010 19:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Josip Rodin <joy@debbugs.entuzijast.net>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 14 Nov 2010 19:36:03 GMT) Full text and rfc822 format available.

Message #52 received at 600465@bugs.debian.org (full text, mbox):

From: Josip Rodin <joy@debbugs.entuzijast.net>
To: 600465@bugs.debian.org
Subject: Re: Bug#600465: unblock: freeradius 2.1.10+dfsg-1
Date: Sun, 14 Nov 2010 20:33:47 +0100
On Sat, Nov 13, 2010 at 04:11:39PM +0100, Josip Rodin wrote:
> On Tue, Nov 02, 2010 at 07:09:26PM +0100, Moritz Muehlenhoff wrote:
> > On Mon, Oct 25, 2010 at 12:35:38PM +0200, Alan DeKok wrote:
> > > Josip Rodin wrote:
> > > > [For Alan: I requested for FreeRADIUS 2.1.10 to replace 2.1.9 in the future
> > > > Debian 6.0 release; the former came too late in our process to be accepted
> > > > automatically.]
> > > 
> > >   OK.
> > > 
> > > >> This, from main/events.c, looks obviously wrong, however:
> > > >>
> > > >> +       home->zombie_period_start.tv_sec = home->last_packet;
> > > >> +       home->zombie_period_start.tv_sec = USEC / 2;
> > > >>
> > > >> Presumably the second tv_sec should be tv_usec.
> > > 
> > >   Yes, ouch.
> > > 
> > > > Yeah, that sounds like it to me, too. That change came in this commit
> > > > http://github.com/alandekok/freeradius-server/commit/f8bcc0fe
> > > > which actually probably fixed a fatal crash (the assert call removed
> > > > because "Don't check home->ev due to race conditions."), so that's still
> > > > probably better than one randomized zombie period start (which can
> > > > get reset and/or ignored soon enough anyway) which is why nobody else
> > > > noticed.
> > > > 
> > > > Alan, is this correct?
> > > 
> > >   Yes.  I'll commit a fix.
> > 
> > Josip, Alan's fix has been commited:
> > http://github.com/alandekok/freeradius-server/commit/7b7dff7724721f8af5fd163f2292d427a869992d
> > 
> > Could you upload a fixed version?
> 
> I'll get to it today. It'll also fix another logging regression that got
> reported in the meantime.

Argh, I just read the update, so I guess it's best to clarify, by pasting
the changelog entries of the new packages I've been testing and hashing out
for a while now:

  * The zombie period start time variable mistakenly got set to a random
    value because of an upstream typo. Cherry-picked upstream commit
    7b7dff7724721f8af5fd163f2292d427a869992d into a Debian patch,
    requested for squeeze in #600465.
  * Since 2.1.9, the daemon stopped reopening the default radius.log file
    constantly, which means the default logrotate setup breaks the default
    logging. D'oh. We now have to send SIGHUP to the daemon as a postrotate
    action, which makes it reopen log files and continue normally.
    * Added delaycompress to the logrotate options, just to be on the safe
      side.
    * Added a reload action into the init script accordingly, so that the
      right pidfile is picked up (one that can be overridden by the admin
      in /etc/default/freeradius, available since the last release).
    * Called reload from the postrotate section, closes: #602815.
    * However, the latter signal also makes the server re-read configuration
      files, but unlike the initial server start, this all happens under
      the unprivileged user. That in turn means that if by any chance there
      is any part of FR configuration that happens not to be readable by
      group freerad (or whatever non-default is configured), the reload
      will fail, effectively silently, as the log has been moved away. Gah.
      So we have to make an effort to ensure that the configuration files
      are still readable by that user, otherwise the reload fails and the
      aforementioned bug is not fixed. The files seem to revert to
      root:root upon conffile actions, at least that's what happened to me
      and I think that was the cause. So, on upgrade, try to re-apply the
      dpkg-statoverrides on our /etc/freeradius/* stuff, whatever they are,
      under the assumption they will let the freerad group read config files
      as is the initial setup. (I wish dpkg-statoverride --update $file
      just did the right thing, but it doesn't, so there's a new local
      function that does that.)
    * While doing the latter, noticed that we were checking for directories
      in dpkg-statoverride --list output with trailing slashes, but they
      get output without it, so it was a no-op. Fixed the check by removing
      the trailing slashes. Also then noticed that we were grepping --list
      output, but it takes an optional glob pattern, so saved us that
      pointless grep fork by using that facility, just as described in the 
      policy manual.
    * force-reload switches from restart to reload, per policy 9.3.2.  
  * lenny backport needed also libltdl-dev (2.2.x) to build properly, rather
    than libltdl3-dev, which is obsolete and doesn't make sense anyway.  

Oh, how I wish 2.1.8 had been left in squeeze as I imagined it originally...
if only that initial crash was filed as an RC bug in time to stop the
propagation. :/k

-- 
     2. That which causes joy or happiness.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#600465; Package release.debian.org. (Sun, 14 Nov 2010 20:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Josip Rodin <joy@debbugs.entuzijast.net>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sun, 14 Nov 2010 20:42:03 GMT) Full text and rfc822 format available.

Message #57 received at 600465@bugs.debian.org (full text, mbox):

From: Josip Rodin <joy@debbugs.entuzijast.net>
To: 600465@bugs.debian.org
Subject: Re: Bug#600465: unblock: freeradius 2.1.10+dfsg-1
Date: Sun, 14 Nov 2010 21:40:11 +0100
On Sun, Nov 14, 2010 at 08:33:47PM +0100, Josip Rodin wrote:
> > I'll get to it today. It'll also fix another logging regression that got
> > reported in the meantime.
> 
> Argh, I just read the update, so I guess it's best to clarify, by pasting
> the changelog entries of the new packages I've been testing and hashing out
> for a while now: [...]

I've completed my own basic regression testing, it looks good, and the
upgrade properly fixed a broken logging and permissions setup where I had
those issues (600 root:root radiusd.conf). I uploaded it just now.

This is at the cost of a bit of extra code (a lot of it copied and pasted
between analogous postinsts):

% diff -ruN freeradius-2.1.10+dfsg-[12] | diffstat
 changelog                        |   45 +++++++++++++++
 control                          |    6 +-
 freeradius-common.postinst       |   83 +++++++++++++++++++++++-----
 freeradius-common.prerm          |    4 -
 freeradius-mysql.postinst        |   42 ++++++++++++--
 freeradius-mysql.prerm           |    4 -
 freeradius-postgresql.postinst   |   43 ++++++++++++--
 freeradius-postgresql.prerm      |    4 -
 freeradius.init                  |   18 ++++--
 freeradius.logrotate             |    6 +-
 freeradius.postinst              |  115 +++++++++++++++++++++++++++------------
 freeradius.preinst               |    2 
 freeradius.prerm                 |    4 -
 patches/series                   |    1 
 patches/zombie_period_start.diff |   13 ++++
 15 files changed, 314 insertions(+), 76 deletions(-)

Full diff follows:

diff -ruN freeradius-2.1.10+dfsg-1/debian/changelog freeradius-2.1.10+dfsg-2/debian/changelog
--- freeradius-2.1.10+dfsg-1/debian/changelog	2010-11-14 21:34:49.000000000 +0100
+++ freeradius-2.1.10+dfsg-2/debian/changelog	2010-11-14 20:20:24.000000000 +0100
@@ -1,3 +1,48 @@
+freeradius (2.1.10+dfsg-2) unstable; urgency=medium
+
+  * The zombie period start time variable mistakenly got set to a random
+    value because of an upstream typo. Cherry-picked upstream commit
+    7b7dff7724721f8af5fd163f2292d427a869992d into a Debian patch,
+    requested for squeeze in #600465.
+  * Since 2.1.9, the daemon stopped reopening the default radius.log file
+    constantly, which means the default logrotate setup breaks the default
+    logging. D'oh. We now have to send SIGHUP to the daemon as a postrotate
+    action, which makes it reopen log files and continue normally.
+    * Added delaycompress to the logrotate options, just to be on the safe
+      side.
+    * Added a reload action into the init script accordingly, so that the
+      right pidfile is picked up (one that can be overridden by the admin
+      in /etc/default/freeradius, available since the last release).
+    * Called reload from the postrotate section, closes: #602815.
+    * However, the latter signal also makes the server re-read configuration
+      files, but unlike the initial server start, this all happens under
+      the unprivileged user. That in turn means that if by any chance there
+      is any part of FR configuration that happens not to be readable by
+      group freerad (or whatever non-default is configured), the reload
+      will fail, effectively silently, as the log has been moved away. Gah.
+      So we have to make an effort to ensure that the configuration files
+      are still readable by that user, otherwise the reload fails and the
+      aforementioned bug is not fixed. The files seem to revert to
+      root:root upon conffile actions, at least that's what happened to me
+      and I think that was the cause. So, on upgrade, try to re-apply the
+      dpkg-statoverrides on our /etc/freeradius/* stuff, whatever they are,
+      under the assumption they will let the freerad group read config files
+      as is the initial setup. (I wish dpkg-statoverride --update $file
+      just did the right thing, but it doesn't, so there's a new local
+      function that does that.)
+    * While doing the latter, noticed that we were checking for directories
+      in dpkg-statoverride --list output with trailing slashes, but they
+      get output without it, so it was a no-op. Fixed the check by removing
+      the trailing slashes. Also then noticed that we were grepping --list
+      output, but it takes an optional glob pattern, so saved us that
+      pointless grep fork by using that facility, just as described in the
+      policy manual.
+    * force-reload switches from restart to reload, per policy 9.3.2.
+  * lenny backport needed also libltdl-dev (2.2.x) to build properly, rather
+    than libltdl3-dev, which is obsolete and doesn't make sense anyway.
+
+ -- Josip Rodin <joy-packages@debian.org>  Sat, 13 Nov 2010 15:21:30 +0100
+
 freeradius (2.1.10+dfsg-1) unstable; urgency=medium
 
   * New upstream version, closes a bunch of reproducible SNAFUs,
diff -ruN freeradius-2.1.10+dfsg-1/debian/control freeradius-2.1.10+dfsg-2/debian/control
--- freeradius-2.1.10+dfsg-1/debian/control	2010-11-14 21:34:49.000000000 +0100
+++ freeradius-2.1.10+dfsg-2/debian/control	2010-11-13 16:01:24.000000000 +0100
@@ -4,7 +4,8 @@
  dpkg-dev (>= 1.13.19),
  autotools-dev,
  libtool (>= 2.2),
- libltdl3-dev,
+ libltdl-dev (>= 2.2),
+ libssl-dev,
  libpam0g-dev,
  libmysqlclient-dev,
  libgdbm-dev,
@@ -16,8 +17,7 @@
  libpcap-dev,
  python-dev,
  libsnmp-dev,
- libpq-dev,
- libssl-dev
+ libpq-dev
 Section: net
 Priority: optional
 Maintainer: Josip Rodin <joy-packages@debian.org>
diff -ruN freeradius-2.1.10+dfsg-1/debian/freeradius-common.postinst freeradius-2.1.10+dfsg-2/debian/freeradius-common.postinst
--- freeradius-2.1.10+dfsg-1/debian/freeradius-common.postinst	2010-09-28 13:03:56.000000000 +0200
+++ freeradius-2.1.10+dfsg-2/debian/freeradius-common.postinst	2010-11-14 20:35:29.000000000 +0100
@@ -2,6 +2,73 @@
 
 set -e
 
+update_fs_from_statoverride() {
+  # I wish a simple dpkg-statoverride --update $file just did
+  # the right thing, but it doesn't, so we have to do it manually.
+  type=$1
+  user=$2
+  group=$3
+  mode=$4
+  file=$5
+  if [ -n "$type" -a -n "$group" -a -n "$mode" -a -n "$file" ]; then
+    if [ "$(find $file -maxdepth 0 -type $type -group $group -perm $mode)" = "" -a -$type $file ]; then
+      chgrp $group $file
+      chmod $mode $file
+    fi
+  fi
+}
+
+handle_config_files() {
+  runmode=$1
+
+  set +e
+  so=$(dpkg-statoverride --list /etc/freeradius)
+  ret=$?
+  set -e
+  case "$runmode" in
+    initial)
+      if [ $ret != 0 ]; then
+        dpkg-statoverride --add --update freerad freerad 2751 /etc/freeradius
+      fi
+      ;;
+    upgrade)
+      update_fs_from_statoverride d $so
+      ;;
+  esac
+
+  set +e
+  so=$(dpkg-statoverride --list /etc/freeradius/radiusd.conf)
+  ret=$?
+  set -e
+  case "$runmode" in
+    initial)
+      if [ $ret != 0 ]; then
+        dpkg-statoverride --add --update root freerad 0640 /etc/freeradius/radiusd.conf 
+      fi
+      ;;
+    upgrade)
+      update_fs_from_statoverride f $so
+      ;;
+  esac
+
+  # Relax permissions on local dictionary - allows radclient to run and should
+  # not contain secrets.  At any rate, only do it on fresh install
+  set +e
+  so=$(dpkg-statoverride --list /etc/freeradius/dictionary)
+  ret=$?
+  set -e
+  case "$runmode" in
+    initial)
+      if [ $ret != 0 ]; then
+        dpkg-statoverride --add --update root freerad 0644 /etc/freeradius/dictionary
+      fi
+      ;;
+    upgrade)
+      update_fs_from_statoverride f $so
+      ;;
+  esac
+}
+
 case "$1" in
   configure)
         if [ -z "$2" ]; then
@@ -13,20 +80,10 @@
           # group if authenticating by another mechanism
           adduser --quiet freerad shadow
 
-          if ! dpkg-statoverride --list | grep -qw /etc/freeradius$; then
-            dpkg-statoverride --add --update freerad freerad 2751 /etc/freeradius
-          fi
-
-          if ! dpkg-statoverride --list | grep -qw /etc/freeradius/radiusd.conf$; then
-            dpkg-statoverride --add --update root freerad 0640 /etc/freeradius/radiusd.conf 
-          fi
-
-          # Relax permissions on local dictionary - allows radclient to run and should
-          # not contain secrets.  At any rate, only do it on fresh install
-          if ! dpkg-statoverride --list | grep -qw /etc/freeradius/dictionary$; then
-            dpkg-statoverride --add --update root freerad 0644 /etc/freeradius/dictionary
-          fi
+          handle_config_files initial
 
+        else
+          handle_config_files upgrade
         fi
         ;;
 esac
diff -ruN freeradius-2.1.10+dfsg-1/debian/freeradius-common.prerm freeradius-2.1.10+dfsg-2/debian/freeradius-common.prerm
--- freeradius-2.1.10+dfsg-1/debian/freeradius-common.prerm	2010-09-28 13:03:56.000000000 +0200
+++ freeradius-2.1.10+dfsg-2/debian/freeradius-common.prerm	2010-11-14 18:11:37.000000000 +0100
@@ -5,12 +5,12 @@
 case "$1" in
   remove)
         for file in /etc/freeradius/radiusd.conf /etc/freeradius/dictionary; do
-          if dpkg-statoverride --list | grep -qw $file$; then
+          if dpkg-statoverride --list $file >/dev/null; then
             dpkg-statoverride --remove $file
           fi
         done
 
-        if dpkg-statoverride --list | grep -qw /etc/freeradius$; then
+        if dpkg-statoverride --list /etc/freeradius >/dev/null; then
           dpkg-statoverride --remove /etc/freeradius
         fi
         ;;
diff -ruN freeradius-2.1.10+dfsg-1/debian/freeradius-mysql.postinst freeradius-2.1.10+dfsg-2/debian/freeradius-mysql.postinst
--- freeradius-2.1.10+dfsg-1/debian/freeradius-mysql.postinst	2010-09-28 13:03:56.000000000 +0200
+++ freeradius-2.1.10+dfsg-2/debian/freeradius-mysql.postinst	2010-11-14 20:35:45.000000000 +0100
@@ -2,6 +2,22 @@
 
 set -e
 
+update_fs_from_statoverride() {
+  # I wish a simple dpkg-statoverride --update $file just did
+  # the right thing, but it doesn't, so we have to do it manually.
+  type=$1
+  user=$2
+  group=$3
+  mode=$4
+  file=$5
+  if [ -n "$type" -a -n "$group" -a -n "$mode" -a -n "$file" ]; then
+    if [ "$(find $file -maxdepth 0 -type $type -group $group -perm $mode)" = "" -a -$type $file ]; then
+      chgrp $group $file
+      chmod $mode $file
+    fi
+  fi
+}
+
 case "$1" in
   configure)
         for file in /etc/freeradius/sql/mysql/counter.conf \
@@ -11,16 +27,32 @@
           /etc/freeradius/sql/mysql/nas.sql \
           /etc/freeradius/sql/mysql/schema.sql
         do
-          if ! dpkg-statoverride --list | grep -qw $file$; then
-            dpkg-statoverride --add --update root freerad 0640 $file
+          set +e
+          so=$(dpkg-statoverride --list $file)
+          ret=$?
+          set -e
+          if [ -z "$2" ]; then
+            if [ $ret != 0 ]; then
+              dpkg-statoverride --add --update root freerad 0640 $file
+            fi
+          else
+            update_fs_from_statoverride f $so
           fi
         done
 
         for dir in /etc/freeradius/sql \
           /etc/freeradius/sql/mysql
         do
-          if ! dpkg-statoverride --list | grep -qw $dir$; then
-            dpkg-statoverride --add --update root freerad 2751 $dir
+          set +e
+          so=$(dpkg-statoverride --list $dir)
+          ret=$?
+          set -e
+          if [ -z "$2" ]; then
+            if [ $ret != 0 ]; then
+              dpkg-statoverride --add --update root freerad 2751 $dir
+            fi
+          else
+            update_fs_from_statoverride d $so
           fi
         done
 
@@ -35,5 +67,3 @@
 #DEBHELPER#
 
 exit 0
-
-
diff -ruN freeradius-2.1.10+dfsg-1/debian/freeradius-mysql.prerm freeradius-2.1.10+dfsg-2/debian/freeradius-mysql.prerm
--- freeradius-2.1.10+dfsg-1/debian/freeradius-mysql.prerm	2010-09-28 13:03:56.000000000 +0200
+++ freeradius-2.1.10+dfsg-2/debian/freeradius-mysql.prerm	2010-11-14 18:12:50.000000000 +0100
@@ -11,7 +11,7 @@
           /etc/freeradius/sql/mysql/nas.sql \
           /etc/freeradius/sql/mysql/schema.sql
         do
-          if dpkg-statoverride --list | grep -qw $file$; then
+          if dpkg-statoverride --list $file >/dev/null; then
             dpkg-statoverride --remove $file
           fi
         done
@@ -19,7 +19,7 @@
         for dir in /etc/freeradius/sql \
           /etc/freeradius/sql/mysql
         do
-          if dpkg-statoverride --list | grep -qw $dir$; then
+          if dpkg-statoverride --list $dir >/dev/null; then
             dpkg-statoverride --remove $dir
           fi
         done
diff -ruN freeradius-2.1.10+dfsg-1/debian/freeradius-postgresql.postinst freeradius-2.1.10+dfsg-2/debian/freeradius-postgresql.postinst
--- freeradius-2.1.10+dfsg-1/debian/freeradius-postgresql.postinst	2010-09-28 13:03:56.000000000 +0200
+++ freeradius-2.1.10+dfsg-2/debian/freeradius-postgresql.postinst	2010-11-14 20:36:00.000000000 +0100
@@ -2,6 +2,22 @@
 
 set -e
 
+update_fs_from_statoverride() {
+  # I wish a simple dpkg-statoverride --update $file just did
+  # the right thing, but it doesn't, so we have to do it manually.
+  type=$1
+  user=$2
+  group=$3
+  mode=$4
+  file=$5
+  if [ -n "$type" -a -n "$group" -a -n "$mode" -a -n "$file" ]; then
+    if [ "$(find $file -maxdepth 0 -type $type -group $group -perm $mode)" = "" -a -$type $file ]; then
+      chgrp $group $file
+      chmod $mode $file
+    fi
+  fi
+}
+
 case "$1" in
   configure)
         for file in /etc/freeradius/sql/postgresql/cisco_h323_db_schema.sql \
@@ -14,16 +30,32 @@
           /etc/freeradius/sql/postgresql/update_radacct_group_trigger.sql \
           /etc/freeradius/sql/postgresql/voip-postpaid.conf
         do
-          if ! dpkg-statoverride --list | grep -qw $file$; then
-            dpkg-statoverride --add --update root freerad 0640 $file
+          set +e
+          so=$(dpkg-statoverride --list $file)
+          ret=$?
+          set -e
+          if [ -z "$2" ]; then
+            if [ $ret != 0 ]; then
+              dpkg-statoverride --add --update root freerad 0640 $file
+            fi
+          else
+            update_fs_from_statoverride f $so
           fi
         done
 
         for dir in /etc/freeradius/sql \
           /etc/freeradius/sql/postgresql
         do
-          if ! dpkg-statoverride --list | grep -qw $dir$; then
-            dpkg-statoverride --add --update root freerad 2751 $dir
+          set +e
+          so=$(dpkg-statoverride --list $dir)
+          ret=$?
+          set -e
+          if [ -z "$2" ]; then
+            if [ $ret != 0 ]; then
+              dpkg-statoverride --add --update root freerad 2751 $dir
+            fi
+          else
+            update_fs_from_statoverride d $so
           fi
         done
 
@@ -38,6 +70,3 @@
 #DEBHELPER#
 
 exit 0
-
-
-
diff -ruN freeradius-2.1.10+dfsg-1/debian/freeradius-postgresql.prerm freeradius-2.1.10+dfsg-2/debian/freeradius-postgresql.prerm
--- freeradius-2.1.10+dfsg-1/debian/freeradius-postgresql.prerm	2010-09-28 13:03:56.000000000 +0200
+++ freeradius-2.1.10+dfsg-2/debian/freeradius-postgresql.prerm	2010-11-14 18:13:09.000000000 +0100
@@ -14,7 +14,7 @@
           /etc/freeradius/sql/postgresql/update_radacct_group_trigger.sql \
           /etc/freeradius/sql/postgresql/voip-postpaid.conf
         do
-          if dpkg-statoverride --list | grep -qw $file$; then
+          if dpkg-statoverride --list $file >/dev/null; then
             dpkg-statoverride --remove $file
           fi
         done
@@ -22,7 +22,7 @@
         for dir in /etc/freeradius/sql \
           /etc/freeradius/sql/postgresql
         do
-          if dpkg-statoverride --list | grep -qw $dir$; then
+          if dpkg-statoverride --list $dir >/dev/null; then
             dpkg-statoverride --remove $dir
           fi
         done
diff -ruN freeradius-2.1.10+dfsg-1/debian/freeradius.init freeradius-2.1.10+dfsg-2/debian/freeradius.init
--- freeradius-2.1.10+dfsg-1/debian/freeradius.init	2010-11-14 21:34:49.000000000 +0100
+++ freeradius-2.1.10+dfsg-2/debian/freeradius.init	2010-11-13 15:51:51.000000000 +0100
@@ -48,18 +48,28 @@
                 log_daemon_msg "Stopping $DESCR" "$PROG"
                 if [ -f "$PIDFILE" ] ; then
                   start-stop-daemon --stop --retry=TERM/30/KILL/5 --quiet --pidfile $PIDFILE || ret=$?
-                  log_end_msg $ret
                 else 
                   log_action_cont_msg "$PIDFILE not found"
-                  log_end_msg 0
+                  ret=0
                 fi
+                log_end_msg $ret
                 ;;
-        restart|force-reload)
+        restart)
                 $0 stop
                 $0 start
                 ;;
+        reload|force-reload)
+                log_daemon_msg "Reloading $DESCR" "$PROG"
+                if [ -f "$PIDFILE" ] ; then
+                  start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE || ret=$?
+                else 
+                  log_action_cont_msg "$PIDFILE not found"
+                  ret=0
+                fi
+                log_end_msg $ret
+                ;;
         *)
-                echo "Usage: $0 start|stop|restart|force-reload"
+                echo "Usage: $0 start|stop|restart|force-reload|reload"
                 exit 1 
                 ;;
 esac
diff -ruN freeradius-2.1.10+dfsg-1/debian/freeradius.logrotate freeradius-2.1.10+dfsg-2/debian/freeradius.logrotate
--- freeradius-2.1.10+dfsg-1/debian/freeradius.logrotate	2010-09-28 13:03:56.000000000 +0200
+++ freeradius-2.1.10+dfsg-2/debian/freeradius.logrotate	2010-11-13 17:15:54.000000000 +0100
@@ -2,6 +2,10 @@
         weekly
         rotate 52
         compress
+        delaycompress
         notifempty
+        missingok
+        postrotate
+                /etc/init.d/freeradius reload > /dev/null
+        endscript
 }
-
diff -ruN freeradius-2.1.10+dfsg-1/debian/freeradius.postinst freeradius-2.1.10+dfsg-2/debian/freeradius.postinst
--- freeradius-2.1.10+dfsg-1/debian/freeradius.postinst	2010-11-14 21:34:49.000000000 +0100
+++ freeradius-2.1.10+dfsg-2/debian/freeradius.postinst	2010-11-14 20:11:53.000000000 +0100
@@ -2,9 +2,84 @@
 
 set -e
 
+update_fs_from_statoverride() {
+  # I wish a simple dpkg-statoverride --update $file just did
+  # the right thing, but it doesn't, so we have to do it manually.
+  type=$1
+  user=$2
+  group=$3
+  mode=$4
+  file=$5
+  if [ -n "$type" -a -n "$group" -a -n "$mode" -a -n "$file" ]; then
+    if [ "$(find $file -maxdepth 0 -type $type -group $group -perm $mode)" = "" -a -$type $file ]; then
+      chgrp $group $file
+      chmod $mode $file
+    fi
+  fi
+}
+
+handle_config_files() {
+  runmode=$1
+
+  for file in /etc/freeradius/preproxy_users \
+              /etc/freeradius/policy.conf \
+              /etc/freeradius/eap.conf \
+              /etc/freeradius/experimental.conf \
+              /etc/freeradius/huntgroups \
+              /etc/freeradius/proxy.conf \
+              /etc/freeradius/attrs.pre-proxy \
+              /etc/freeradius/hints \
+              /etc/freeradius/sql.conf \
+              /etc/freeradius/ldap.attrmap \
+              /etc/freeradius/attrs \
+              /etc/freeradius/policy.txt \
+              /etc/freeradius/attrs.accounting_response \
+              /etc/freeradius/attrs.access_reject \
+              /etc/freeradius/attrs.access_challenge \
+              /etc/freeradius/clients.conf \
+              /etc/freeradius/acct_users
+  do
+    set +e
+    so=$(dpkg-statoverride --list $file)
+    ret=$?
+    set -e
+    case "$runmode" in
+      initial)
+        if [ $ret != 0 ]; then
+          dpkg-statoverride --add --update root freerad 0640 $file
+        fi
+        ;;
+      upgrade)
+        update_fs_from_statoverride f $so
+        ;;
+    esac
+  done
+
+  for dir in /etc/freeradius/certs \
+             /etc/freeradius/sites-available \
+             /etc/freeradius/sites-enabled
+  do
+    set +e
+    so=$(dpkg-statoverride --list $dir)
+    ret=$?
+    set -e
+    case "$runmode" in
+      initial)
+        if [ $ret != 0 ]; then
+          dpkg-statoverride --add --update freerad freerad 2751 $dir
+        fi
+        ;;
+      upgrade)
+        update_fs_from_statoverride d $so
+        ;;
+    esac
+  done
+}
+
 case "$1" in
   configure)
         if [ -z "$2" ]; then
+
           # Changed in 1.1.5-1 for new installs (we used to start at S50
           # and stop at K50)  We now start at S50 and stop at K19 so we
           # start after services which may be used and stop before them.
@@ -12,11 +87,11 @@
 
           # Set up initial permissions on all the freeradius directories
 
-          if ! dpkg-statoverride --list | grep -q /var/run/freeradius$; then
+          if ! dpkg-statoverride --list /var/run/freeradius >/dev/null; then
             dpkg-statoverride --add --update freerad freerad 0755 /var/run/freeradius
           fi
 
-          if ! dpkg-statoverride --list | grep -q /var/log/freeradius$; then
+          if ! dpkg-statoverride --list /var/log/freeradius >/dev/null; then
             dpkg-statoverride --add --update freerad freerad 0750 /var/log/freeradius
           fi
 
@@ -24,41 +99,15 @@
             [ ! -f "/var/log/freeradius/${file}" ] && install -o freerad -g freerad -m 644 /dev/null /var/log/freeradius/${file}
           done
 
-          for file in /etc/freeradius/preproxy_users \
-            /etc/freeradius/policy.conf \
-            /etc/freeradius/eap.conf \
-            /etc/freeradius/experimental.conf \
-            /etc/freeradius/huntgroups \
-            /etc/freeradius/proxy.conf \
-            /etc/freeradius/attrs.pre-proxy \
-            /etc/freeradius/hints \
-            /etc/freeradius/sql.conf \
-            /etc/freeradius/ldap.attrmap \
-            /etc/freeradius/attrs \
-            /etc/freeradius/policy.txt \
-            /etc/freeradius/attrs.accounting_response \
-            /etc/freeradius/attrs.access_reject \
-            /etc/freeradius/attrs.access_challenge \
-            /etc/freeradius/clients.conf \
-            /etc/freeradius/acct_users
-          do
-            if ! dpkg-statoverride --list | grep -qw $file$; then
-              dpkg-statoverride --add --update root freerad 0640 $file
-            fi
-          done
-
-          for dir in /etc/freeradius/certs/ \
-            /etc/freeradius/sites-available/ \
-            /etc/freeradius/sites-enabled/
-          do
-            if ! dpkg-statoverride --list | grep -qw $dir$; then
-              dpkg-statoverride --add --update freerad freerad 2751 $dir
-            fi
-          done
+          handle_config_files initial
 
           action="start"
+
         else
+
+          handle_config_files upgrade
           action="restart"
+
         fi
 
         # Create links for default sites, but only if this is an initial
diff -ruN freeradius-2.1.10+dfsg-1/debian/freeradius.preinst freeradius-2.1.10+dfsg-2/debian/freeradius.preinst
--- freeradius-2.1.10+dfsg-1/debian/freeradius.preinst	2010-09-28 13:03:56.000000000 +0200
+++ freeradius-2.1.10+dfsg-2/debian/freeradius.preinst	2010-11-14 18:12:00.000000000 +0100
@@ -76,7 +76,7 @@
           rm_conffile "$file"
 
           # must get rid of the overrides otherwise they corrupt the database
-          if dpkg-statoverride --list | grep -qw $file$; then
+          if dpkg-statoverride --list $file >/dev/null; then
             dpkg-statoverride --remove $file
           fi
 
diff -ruN freeradius-2.1.10+dfsg-1/debian/freeradius.prerm freeradius-2.1.10+dfsg-2/debian/freeradius.prerm
--- freeradius-2.1.10+dfsg-1/debian/freeradius.prerm	2010-09-28 13:03:56.000000000 +0200
+++ freeradius-2.1.10+dfsg-2/debian/freeradius.prerm	2010-11-14 18:12:31.000000000 +0100
@@ -28,7 +28,7 @@
           /etc/freeradius/clients.conf \
           /etc/freeradius/acct_users
         do
-          if dpkg-statoverride --list | grep -qw $file$; then
+          if dpkg-statoverride --list $file >/dev/null; then
             dpkg-statoverride --remove $file
           fi
         done
@@ -39,7 +39,7 @@
           /var/run/freeradius \
           /var/log/freeradius
         do
-          if dpkg-statoverride --list | grep -qw $dir$; then
+          if dpkg-statoverride --list $dir >/dev/null; then
             dpkg-statoverride --remove $dir
           fi
         done
diff -ruN freeradius-2.1.10+dfsg-1/debian/patches/series freeradius-2.1.10+dfsg-2/debian/patches/series
--- freeradius-2.1.10+dfsg-1/debian/patches/series	2010-11-14 21:34:49.000000000 +0100
+++ freeradius-2.1.10+dfsg-2/debian/patches/series	2010-11-13 15:47:32.000000000 +0100
@@ -4,3 +4,4 @@
 rlm_sql.libs.diff
 eap.server.key.diff
 eap.random_file.diff
+zombie_period_start.diff
diff -ruN freeradius-2.1.10+dfsg-1/debian/patches/zombie_period_start.diff freeradius-2.1.10+dfsg-2/debian/patches/zombie_period_start.diff
--- freeradius-2.1.10+dfsg-1/debian/patches/zombie_period_start.diff	1970-01-01 01:00:00.000000000 +0100
+++ freeradius-2.1.10+dfsg-2/debian/patches/zombie_period_start.diff	2010-11-13 15:47:22.000000000 +0100
@@ -0,0 +1,13 @@
+diff --git a/src/main/event.c b/src/main/event.c
+index 6ec1de9..fb51708 100644
+--- a/src/main/event.c
++++ b/src/main/event.c
+@@ -1122,7 +1122,7 @@ static void no_response_to_proxied_request(void *ctx)
+ 	home->state = HOME_STATE_ZOMBIE;
+ 	
+ 	home->zombie_period_start.tv_sec = home->last_packet;
+-	home->zombie_period_start.tv_sec = USEC / 2;
++	home->zombie_period_start.tv_usec = USEC / 2;
+ 	
+ 	fr_event_delete(el, &home->ev);
+ 	home->currently_outstanding = 0;

-- 
     2. That which causes joy or happiness.




Changed Bug title to 'unblock: freeradius 2.1.10+dfsg-2' from 'unblock: freeradius 2.1.10+dfsg-1' Request was from Josip Rodin <joy@debbugs.entuzijast.net> to control@bugs.debian.org. (Tue, 16 Nov 2010 11:12:05 GMT) Full text and rfc822 format available.

Reply sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
You have taken responsibility. (Wed, 17 Nov 2010 20:57:11 GMT) Full text and rfc822 format available.

Notification sent to Josip Rodin <joy@debbugs.entuzijast.net>:
Bug acknowledged by developer. (Wed, 17 Nov 2010 20:57:11 GMT) Full text and rfc822 format available.

Message #64 received at 600465-done@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Josip Rodin <joy@debbugs.entuzijast.net>, 600465-done@bugs.debian.org
Subject: Re: Bug#600465: unblock: freeradius 2.1.10+dfsg-1
Date: Wed, 17 Nov 2010 20:53:38 +0000
On Sun, 2010-11-14 at 21:40 +0100, Josip Rodin wrote:
> On Sun, Nov 14, 2010 at 08:33:47PM +0100, Josip Rodin wrote:
> > > I'll get to it today. It'll also fix another logging regression that got
> > > reported in the meantime.
> > 
> > Argh, I just read the update, so I guess it's best to clarify, by pasting
> > the changelog entries of the new packages I've been testing and hashing out
> > for a while now: [...]
> 
> I've completed my own basic regression testing, it looks good, and the
> upgrade properly fixed a broken logging and permissions setup where I had
> those issues (600 root:root radiusd.conf). I uploaded it just now.

2.1.10+dfsg-2 unblocked; thanks for your work.

Regards,

Adam





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 16 Dec 2010 07:33:23 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 20:57:20 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.