updated mpd5

net/mpd/Makefile

@@ -2,12 +2,11 @@
 # $Id$
 #
 PORTNAME=	mpd
-DISTVERSION=	5.8
+DISTVERSION=	5.9
 CATEGORIES=	net
 MASTER_SITES=	SF/${PORTNAME}/Mpd5/Mpd-${PORTVERSION}
 DIST_SUBDIR=	mpd5
 
-
 MAINTAINER=	onborodin@gmail.com
 COMMENT=	Multi-link PPP daemon based on netgraph(4)
 
@@ -19,16 +18,22 @@ HAS_CONFIGURE=	yes
 CONFIGURE_WRKSRC=	${WRKSRC}/src
 MAKE_ENV+= LC_ALL=C
 
+CONFIGURE_ENV+=	USE_NG_IPACCT=no
+MAKE_ARGS+=	USE_NG_IPACCT=no
+CONFIGURE_ENV+=	USE_RADIUS=no
+MAKE_ARGS+=	USE_RADIUS=no
+
+
 #DOCSDIR=	share/doc/${PORTNAME}
 MAKE_ENV+= DOCSDIR=${PREFIX}/${DOCSDIR}
 SUB_LIST+= DOCSDIR=${DOCSDIR}
 
-CONFIGURE_ENV+=	USE_NG_IPACCT=no
-EXTRA_PATCHES+=	${FILESDIR}/extra-patch-no-ng_ipacct
+#CONFIGURE_ENV+=	USE_NG_IPACCT=no
+#EXTRA_PATCHES+=	${FILESDIR}/extra-patch-no-ng_ipacct
 
 
 MANCOMPRESSED=	maybe
-USE_RC_SUBR+= mpd.sh
+USE_RC_SUBR+= mpd5
 
 pre-install:
 	${MKDIR} ${STAGEDIR}${PREFIX}/sbin

net/mpd/distinfo

@@ -1,2 +1,3 @@
-SHA256 (mpd5/mpd-5.8.tar.gz) = 8c59e01c79c5d35ecfd0d540ddf37dd1eed8da9c980fa4c5b01ed50bb53e7665
-SIZE (mpd5/mpd-5.8.tar.gz) = 597043
+TIMESTAMP = 1646041272
+SHA256 (mpd5/mpd-5.9.tar.gz) = 1f2cda9b3e610713f94e90f3826bbb0d638c6fb678986b1eaa9cd9930b0d66ba
+SIZE (mpd5/mpd-5.9.tar.gz) = 627566

net/mpd/files/mpd.sh.in

@@ -1,34 +0,0 @@
-#!/bin/sh
-#
-# PROVIDE: mpd
-# REQUIRE: SERVERS
-# BEFORE: DAEMON
-# KEYWORD: shutdown
-#
-. /etc/rc.subr
-
-name="mpd"
-rcvar="mpd_enable"
-
-load_rc_config ${name}
-
-: ${mpd_enable="NO"}
-#: ${mpd_flags="-b"}
-
-pidfile="/var/run/${name}.pid"
-command="%%PREFIX%%/sbin/${name}"
-required_files="%%PREFIX%%/etc/${name}/mpd.conf"
-
-case "${mpd_flags}" in
-*-p\ *)
-        echo "ERROR: \$mpd_flags includes -p option." \
-                "PID file is already set to $pidfile."
-        exit 1
-        ;;
-*)
-        command_args="-b -p ${pidfile} ${mpd_flags}"
-        ;;
-esac
-
-run_rc_command "$1"
-#EOF

net/mpd/files/mpd5.in

@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# PROVIDE: mpd5
+# REQUIRE: netif
+# BEFORE: routing
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf to enable mpd5:
+# mpd_enable (bool):	Set to "NO" by default.
+#			Set it to "YES" to enable mpd5.
+# mpd_flags (string):	Set to "-b" by default.
+#			Extra flags passed to start command.
+#
+# See mpd5(8) for flags.
+
+. /etc/rc.subr
+
+name="mpd5"
+rcvar=mpd_enable
+
+load_rc_config ${name}
+
+: ${mpd_enable="NO"}
+: ${mpd_flags="-b"}
+
+pidfile="/var/run/${name}.pid"
+command="%%PREFIX%%/sbin/${name}"
+
+case "${mpd_flags}" in
+*-p\ *)
+        echo "ERROR: \$mpd_flags includes -p option." \
+                "PID file is already set to $pidfile."
+        exit 1
+        ;;
+*)
+        command_args="-p ${pidfile} ${mpd_flags}"
+        ;;
+esac
+
+run_rc_command "$1"

net/mpd/files/patch-l2tp-ctrl-c.diff

@@ -0,0 +1,71 @@
+Index: src/l2tp_ctrl.c
+===================================================================
+--- src/l2tp_ctrl.c	(revision 2409)
++++ src/l2tp_ctrl.c	(revision 2411)
+@@ -244,7 +244,8 @@ Notes
+ ************************************************************************/
+ 
+ static int	ppp_l2tp_ctrl_setup_1(struct ppp_l2tp_ctrl *ctrl,
+-			struct ppp_l2tp_avp_ptrs *ptrs);
++			struct ppp_l2tp_avp_ptrs *ptrs,
++			struct ppp_l2tp_avp_list *avps);
+ static int	ppp_l2tp_ctrl_setup_2(struct ppp_l2tp_ctrl *ctrl,
+ 			struct ppp_l2tp_avp_ptrs *ptrs);
+ static void	ppp_l2tp_ctrl_send(struct ppp_l2tp_ctrl *ctrl,
+@@ -1031,7 +1032,8 @@ ppp_l2tp_sess_hooked(struct ppp_l2tp_sess *sess) {
+  */
+ static int
+ ppp_l2tp_ctrl_setup_1(struct ppp_l2tp_ctrl *ctrl,
+-	struct ppp_l2tp_avp_ptrs *ptrs)
++	struct ppp_l2tp_avp_ptrs *ptrs,
++	struct ppp_l2tp_avp_list *avps)
+ {
+ 	/* Log */
+ 	Log(LOG_INFO, ("L2TP: connected to \"%s\", version=%u.%u",
+@@ -1092,7 +1094,7 @@ ppp_l2tp_ctrl_setup_1(struct ppp_l2tp_ctrl *ctrl,
+ 		MD5_Update(&md5ctx, &ptrs->challenge->value, ptrs->challenge->length);
+ 		MD5_Final(hash, &md5ctx);
+ 
+-		if (ppp_l2tp_avp_list_append(ctrl->avps, 0,
++		if (ppp_l2tp_avp_list_append(avps, 0,
+ 		    0, AVP_CHALLENGE_RESPONSE, hash, sizeof(hash)) == -1)
+ 		return (0);
+ 	}
+@@ -2085,7 +2087,7 @@ ppp_l2tp_handle_SCCRQ(struct ppp_l2tp_ctrl *ctrl,
+ 
+ ok:
+ 	/* Do control connection setup */
+-	if (ppp_l2tp_ctrl_setup_1(ctrl, ptrs) == -1)
++	if (ppp_l2tp_ctrl_setup_1(ctrl, ptrs, ctrl->avps) == -1)
+ 		return (-1);
+ 
+ 	/* Send response and update state */
+@@ -2098,18 +2100,24 @@ static int
+ ppp_l2tp_handle_SCCRP(struct ppp_l2tp_ctrl *ctrl,
+ 	const struct ppp_l2tp_avp_list *avps, struct ppp_l2tp_avp_ptrs *ptrs)
+ {
++	struct ppp_l2tp_avp_list *avps0;
++
+ 	(void)avps;
++	avps0 = ppp_l2tp_avp_list_create();
++
+ 	/* Do control connection setup */
+-	if (ppp_l2tp_ctrl_setup_1(ctrl, ptrs) == -1)
++	if ((ppp_l2tp_ctrl_setup_1(ctrl, ptrs, avps0) == -1) ||
++	    (ppp_l2tp_ctrl_setup_2(ctrl, ptrs) == -1)) {
++		ppp_l2tp_avp_list_destroy(&avps0);
+ 		return (-1);
+-	if (ppp_l2tp_ctrl_setup_2(ctrl, ptrs) == -1)
+-		return (-1);
++	}
+ 
+ 	/* Send response and update state */
+ 	ctrl->state = CS_ESTABLISHED;
+-	ppp_l2tp_ctrl_send(ctrl, 0, SCCCN, ctrl->avps);
++	ppp_l2tp_ctrl_send(ctrl, 0, SCCCN, avps0);
+ 	if (*ctrl->cb->ctrl_connected != NULL)
+ 	    (*ctrl->cb->ctrl_connected)(ctrl);
++	ppp_l2tp_avp_list_destroy(&avps0);
+ 	return (0);
+ }
+ 

net/mpd/files/patch-l2tp-multihomed

@@ -0,0 +1,161 @@
+Index: src/util.c
+===================================================================
+--- src/util.c	(revision 2436)
++++ src/util.c	(working copy)
+@@ -16,8 +16,9 @@
+ #include <netdb.h>
+ #include <tcpd.h>
+ #include <sys/limits.h>
+-#include <sys/wait.h>
++#include <sys/socket.h>
+ #include <sys/sysctl.h>
++#include <sys/wait.h>
+ #include <net/route.h>
+ #include <netinet/if_ether.h>
+ #include <net/ethernet.h>
+@@ -1545,4 +1546,52 @@ IfaceSetFlag(const char *ifname, int value)
+ 	}
+ 	close(s);
+ 	return (0);
++}
++
++/*
++ * Obtain some data, peer (source) and destination addresses of SOCK_DGRAM IPv4 UDP request.
++ */
++ssize_t GetDataAddrs(int sock, void *dbuf, size_t dbufsize,
++			  struct sockaddr_storage *peer, socklen_t peer_len,
++			  struct u_addr *addr)
++{
++	struct {
++		struct  msghdr msg;
++		struct	iovec iov;
++	} b;
++	union {	/* ensure correct alignment for space */
++		struct cmsghdr cm;
++		char space[CMSG_SPACE(sizeof(struct in_addr))];
++	} buf;
++
++	struct	cmsghdr *p;
++	ssize_t	size;
++
++	/* Sanity check */
++	if (addr->family != AF_INET) {
++		errno = EAFNOSUPPORT;
++		return (-1);
++	}
++
++	b.msg.msg_name = peer;
++	b.msg.msg_namelen = peer_len;
++	b.msg.msg_iov = &b.iov;
++	b.msg.msg_iovlen = 1;
++	b.msg.msg_control = &buf;
++	b.msg.msg_controllen = sizeof(buf);
++	b.msg.msg_flags = 0;
++
++	b.iov.iov_base = dbuf;
++	b.iov.iov_len = dbufsize;
++
++	if ((size = recvmsg(sock, &b.msg, 0)) < 0) {
++		Perror("%s: recvmsg: %s", __FUNCTION__, strerror(errno));
++		return (size);
++	}
++
++	p = CMSG_FIRSTHDR(&b.msg);
++	if (p && p->cmsg_level == IPPROTO_IP && p->cmsg_type == IP_RECVDSTADDR)
++		memcpy(&addr->u.ip4, CMSG_DATA(p), sizeof(addr->u.ip4));
++
++	return (size);
+ }
+Index: src/util.h
+===================================================================
+--- src/util.h	(revision 2436)
++++ src/util.h	(working copy)
+@@ -101,6 +101,10 @@ extern int GetPeerEther(struct u_addr *addr, struct so
+ extern void ppp_util_ascify(char *buf, size_t max, const char *bytes, size_t len);
+ extern int IfaceSetFlag(const char *ifname, int value);
+ 
++ssize_t GetDataAddrs(int sock, void *dbuf, size_t dbufsize,
++			  struct sockaddr_storage *peer, socklen_t peer_len,
++			  struct u_addr *addr);
++
+ #ifndef	HAVE_NTOA_R
+ extern char *ether_ntoa_r(const struct ether_addr *n, char *a);
+ #endif
+Index: src/l2tp.c
+===================================================================
+--- src/l2tp.c	(revision 2436)
++++ src/l2tp.c	(working copy)
+@@ -1374,6 +1374,7 @@ L2tpServerEvent(int type, void *arg)
+ 	struct ngm_mkpeer mkpeer;
+ 	struct sockaddr_storage peer_sas;
+ 	struct sockaddr_storage sas;
++	struct u_addr server_addr;
+ 	const size_t bufsize = 8192;
+ 	u_int16_t *buf = NULL;
+ 	char hook[NG_HOOKSIZ];
+@@ -1393,9 +1394,18 @@ L2tpServerEvent(int type, void *arg)
+ 	/* Allocate buffer */
+ 	buf = Malloc(MB_PHYS, bufsize);
+ 
++	u_addrcopy(&s->self_addr, &server_addr);
++	
+ 	/* Read packet */
+ 	sas_len = sizeof(peer_sas);
+-	if ((len = recvfrom(s->sock, buf, bufsize, 0,
++
++	if (u_addrempty(&s->self_addr)) {
++	    if ((len = GetDataAddrs(s->sock, buf, bufsize,
++	    		&peer_sas, sas_len, &server_addr)) == -1) {
++		Perror("L2TP: GetDataAddrs");
++	    	goto fail;
++	    }
++	} else if ((len = recvfrom(s->sock, buf, bufsize, 0,
+ 	    (struct sockaddr *)&peer_sas, &sas_len)) == -1) {
+ 		Perror("L2TP: recvfrom");
+ 		goto fail;
+@@ -1415,9 +1425,23 @@ L2tpServerEvent(int type, void *arg)
+ 	tun->self_port = s->self_port;
+ 	tun->alive = 1;
+ 
+-	Log(LG_PHYS, ("Incoming L2TP packet from %s %d", 
+-		u_addrtoa(&tun->peer_addr, namebuf, sizeof(namebuf)), tun->peer_port));
++	if (u_addrempty(&tun->self_addr))
++		u_addrcopy(&server_addr, &tun->self_addr);
+ 
++	if (u_addrempty(&tun->self_addr))
++		Log(LG_PHYS, ("Incoming L2TP packet from %s %d",
++		    u_addrtoa(&tun->peer_addr, namebuf, sizeof(namebuf)),
++		    tun->peer_port));
++	else {
++	    char buf3[INET_ADDRSTRLEN];
++
++	    Log(LG_PHYS, ("Incoming L2TP packet from %s %d to %s %d",
++		u_addrtoa(&tun->peer_addr, namebuf, sizeof(namebuf)),
++		tun->peer_port,
++		u_addrtoa(&tun->self_addr, buf3, sizeof(buf3)),
++		tun->self_port));
++	}
++
+ 	/* Examine all L2TP links to get best possible fit tunnel parameters. */
+ 	for (k = 0; k < gNumLinks; k++) {
+ 		Link l2;
+@@ -1552,7 +1576,7 @@ L2tpServerEvent(int type, void *arg)
+ 	}
+ 
+ 	/* Bind socket to a new port */
+-	u_addrtosockaddr(&s->self_addr,s->self_port,&sas);
++	u_addrtosockaddr(&tun->self_addr,tun->self_port,&sas);
+ 	if (NgSendMsg(csock, namebuf, NGM_KSOCKET_COOKIE,
+ 	    NGM_KSOCKET_BIND, &sas, sas.ss_len) == -1) {
+ 		Perror("L2TP: bind");
+@@ -1649,6 +1673,10 @@ L2tpListen(Link l)
+ 	    SO_REUSEPORT, &one, sizeof(one)) == -1) {
+ 		Perror("L2TP: setsockopt");
+ 		goto fail;
++	}
++	if (u_addrempty(&s->self_addr)) {
++		int on = 1;
++		setsockopt(s->sock, IPPROTO_IP, IP_RECVDSTADDR, &on, sizeof(on));
+ 	}
+ 	u_addrtosockaddr(&s->self_addr, s->self_port, &sa);
+ 	if (bind(s->sock, (struct sockaddr *)&sa, sa.ss_len) == -1) {

net/mpd/files/patch-nat.c

@@ -0,0 +1,13 @@
+Index: src/nat.c
+===================================================================
+--- src/nat.c	(revision 2445)
++++ src/nat.c	(revision 2446)
+@@ -192,7 +192,7 @@ NatSetCommand(Context ctx, int ac, const char *const a
+ 	  if (!inet_aton (av[5], &r_addr))
+ 	    Error("bad remote IP address \"%s\"", av[5]);
+ 	  rp = atoi(av[6]);
+-	  if (rp <= 0 || rp > 65535)
++	  if (rp < 0 || rp > 65535)
+ 	    Error("Incorrect remote port number \"%s\"", av[6]);
+ 	}
+ 	/* OK */

net/mpd/files/patch-noradius

@@ -0,0 +1,588 @@
+Index: src/Makefile
+===================================================================
+--- src/Makefile	(revision 2417)
++++ src/Makefile	(working copy)
+@@ -60,6 +60,7 @@ USE_TCP_WRAP=		yes
+ #USE_AUTH_OPIE=		yes
+ USE_AUTH_PAM=		yes
+ USE_AUTH_SYSTEM=	yes
++USE_RADIUS?=		yes
+ 
+ # Build without builtin web server.
+ #NOWEB=			yes
+@@ -108,8 +109,10 @@ CFLAGS+=	-DUSE_SYSTEM
+ LDADD+=		-lnetgraph -lutil
+ DPADD+=		${LIBNETGRAPH}
+ 
++.if defined ( USE_RADIUS ) && ( ${USE_RADIUS} == yes )
+ LDADD+=		-L/usr/lib -lradius
+ DPADD+=		${LIBRADIUS}
++.endif
+ 
+ # Obtained from bsd.port.mk
+ .if !defined ( OSVERSION )
+@@ -152,8 +155,12 @@ CFLAGS+=	-DSYSLOG_FACILITY='"${SYSLOG_FACILITY}"'
+ STDSRCS=        assert.c auth.c bund.c rep.c ccp.c chap.c \
+ 		console.c command.c ecp.c event.c fsm.c iface.c input.c \
+ 		ip.c ipcp.c ipv6cp.c lcp.c link.c log.c main.c mbuf.c mp.c \
+-		msg.c ngfunc.c pap.c phys.c proto.c radius.c radsrv.c timer.c \
+-		util.c vars.c eap.c msoft.c ippool.c
++		msg.c ngfunc.c pap.c phys.c proto.c timer.c \
++		util.c vars.c msoft.c ippool.c
++
++.if defined ( USE_RADIUS ) && ( ${USE_RADIUS} == yes )
++STDSRCS+=	eap.c radius.c radsrv.c
++.endif
+ 
+ .if defined ( NOWEB )
+ CFLAGS+=	-DNOWEB
+Index: src/auth.c
+===================================================================
+--- src/auth.c	(revision 2411)
++++ src/auth.c	(working copy)
+@@ -188,10 +188,12 @@ void 
+ authparamsInit(struct authparams *ap)
+ {
+ 	memset(ap, 0, sizeof(struct authparams));
++#ifdef USE_RADIUS
+ 	ap->eapmsg = NULL;
+ 	ap->state = NULL;
+ 	ap->class = NULL;
+ 	ap->filter_id = NULL;
++#endif
+ 	ap->msdomain = NULL;
+ #ifdef SIOCSIFDESCR
+ 	ap->ifdescr = NULL;
+@@ -208,10 +210,12 @@ authparamsDestroy(struct authparams *ap)
+ 	int i;
+ #endif
+ 
++#ifdef USE_RADIUS
+ 	Freee(ap->eapmsg);
+ 	Freee(ap->state);
+ 	Freee(ap->class);
+ 	Freee(ap->filter_id);
++#endif
+ 
+ #ifdef USE_IPFW
+ 	ACLDestroy(ap->acl_rule);
+@@ -252,6 +256,7 @@ authparamsCopy(struct authparams *src, struct authpara
+ 
+ 	memcpy(dst, src, sizeof(struct authparams));
+ 
++#ifdef USE_RADIUS
+ 	if (src->eapmsg)
+ 		dst->eapmsg = Mdup(MB_AUTH, src->eapmsg, src->eapmsg_len);
+ 	if (src->state)
+@@ -260,6 +265,7 @@ authparamsCopy(struct authparams *src, struct authpara
+ 		dst->class = Mdup(MB_AUTH, src->class, src->class_len);
+ 	if (src->filter_id)
+ 		dst->filter_id = Mstrdup(MB_AUTH, src->filter_id);
++#endif
+ 
+ #ifdef USE_IPFW
+ 	ACLCopy(src->acl_rule, &dst->acl_rule);
+@@ -308,8 +314,10 @@ AuthInit(Link l)
+ 	Enable(&ac->options, AUTH_CONF_INTERNAL);
+ 	Enable(&ac->options, AUTH_CONF_ACCT_MANDATORY);
+ 
++#ifdef USE_RADIUS
+ 	EapInit(l);
+ 	RadiusInit(l);
++#endif
+ }
+ 
+ /*
+@@ -420,9 +428,11 @@ AuthStart(Link l)
+ 	case PROTO_CHAP:
+ 		ChapStart(l, AUTH_SELF_TO_PEER);
+ 		break;
++#ifdef USE_RADIUS
+ 	case PROTO_EAP:
+ 		EapStart(l, AUTH_SELF_TO_PEER);
+ 		break;
++#endif
+ 	default:
+ 		assert(0);
+ 	}
+@@ -437,9 +447,11 @@ AuthStart(Link l)
+ 	case PROTO_CHAP:
+ 		ChapStart(l, AUTH_PEER_TO_SELF);
+ 		break;
++#ifdef USE_RADIUS
+ 	case PROTO_EAP:
+ 		EapStart(l, AUTH_PEER_TO_SELF);
+ 		break;
++#endif
+ 	default:
+ 		assert(0);
+ 	}
+@@ -449,6 +461,7 @@ AuthStart(Link l)
+  * AuthInput()
+  *
+  * Deal with PAP/CHAP/EAP packet
++ * But cannot be called for EAP packet if RADIUS support is not compiled in.
+  */
+ 
+ void
+@@ -494,15 +507,16 @@ AuthInput(Link l, int proto, Mbuf bp)
+ 	len -= sizeof(fsmh);
+ 	pkt = MBDATA(bp);
+ 
++#ifdef USE_RADIUS
+ 	if (proto == PROTO_EAP && bp) {
+ 		Log(LG_AUTH, ("[%s] %s: rec'd %s #%d len: %hu, type: %s", l->name,
+ 		    ProtoName(proto), AuthCode(proto, fsmh.code, buf, sizeof(buf)), fsmh.id,
+ 		    fsmh_len, EapType(pkt[0])));
+-	} else {
++	} else
++#endif
+ 		Log(LG_AUTH, ("[%s] %s: rec'd %s #%d len: %hu", l->name,
+ 		    ProtoName(proto), AuthCode(proto, fsmh.code, buf, sizeof(buf)), fsmh.id,
+ 		    fsmh_len));
+-	}
+ 
+ 	auth = AuthDataNew(l);
+ 	auth->proto = proto;
+@@ -518,9 +532,11 @@ AuthInput(Link l, int proto, Mbuf bp)
+ 	case PROTO_CHAP:
+ 		ChapInput(l, auth, pkt, len);
+ 		break;
++#ifdef USE_RADIUS
+ 	case PROTO_EAP:
+ 		EapInput(l, auth, pkt, len);
+ 		break;
++#endif
+ 	default:
+ 		assert(0);
+ 	}
+@@ -563,13 +579,14 @@ AuthOutput(Link l, int proto, u_int code, u_int id, co
+ 	}
+ 	bp = mbcopyback(bp, MBLEN(bp), ptr, len);
+ 
++#ifdef USE_RADIUS
+ 	if (proto == PROTO_EAP) {
+ 		Log(LG_AUTH, ("[%s] %s: sending %s #%d len: %d, type: %s", l->name,
+ 		    ProtoName(proto), AuthCode(proto, code, buf, sizeof(buf)), id, plen, EapType(eap_type)));
+-	} else {
++	} else
++#endif
+ 		Log(LG_AUTH, ("[%s] %s: sending %s #%d len: %d", l->name,
+ 		    ProtoName(proto), AuthCode(proto, code, buf, sizeof(buf)), id, plen));
+-	}
+ 
+ 	/* Send it out */
+ 	NgFuncWritePppFrameLink(l, proto, bp);
+@@ -718,7 +735,9 @@ AuthStop(Link l)
+ 	TimerStop(&a->timer);
+ 	PapStop(&a->pap);
+ 	ChapStop(&a->chap);
++#ifdef USE_RADIUS
+ 	EapStop(&a->eap);
++#endif
+ 	paction_cancel(&a->thread);
+ }
+ 
+@@ -979,8 +998,10 @@ AuthAccount(void *arg)
+ 
+ 	Log(LG_AUTH2, ("[%s] ACCT: Thread started", auth->info.lnkname));
+ 
++#ifdef USE_RADIUS
+ 	if (Enabled(&auth->conf.options, AUTH_CONF_RADIUS_ACCT))
+ 		err |= RadiusAccount(auth);
++#endif
+ #ifdef USE_PAM
+ 	if (Enabled(&auth->conf.options, AUTH_CONF_PAM_ACCT))
+ 		err |= AuthPAMAcct(auth);
+@@ -1020,8 +1041,10 @@ AuthAccountFinish(void *arg, int was_canceled)
+ 		    auth->info.lnkname));
+ 	}
+ 
++#ifdef USE_RADIUS
+ 	/* Cleanup */
+ 	RadiusClose(auth);
++#endif
+ 
+ 	if (was_canceled) {
+ 		AuthDataDestroy(auth);
+@@ -1188,6 +1211,7 @@ AuthAsync(void *arg)
+ 				return;
+ 		}
+ 	}
++#ifdef USE_RADIUS
+ 	if (auth->proto == PROTO_EAP && auth->eap_radius) {
+ 		auth->params.authentic = AUTH_CONF_RADIUS_AUTH;
+ 		RadiusEapProxy(auth);
+@@ -1205,6 +1229,7 @@ AuthAsync(void *arg)
+ 				return;
+ 		}
+ 	}
++#endif
+ #ifdef USE_PAM
+ 	if (Enabled(&auth->conf.options, AUTH_CONF_PAM_AUTH)) {
+ 		auth->params.authentic = AUTH_CONF_PAM_AUTH;
+@@ -1274,8 +1299,10 @@ AuthAsyncFinish(void *arg, int was_canceled)
+ 	if (was_canceled)
+ 		Log(LG_AUTH2, ("[%s] AUTH: Thread was canceled", auth->info.lnkname));
+ 
++#ifdef USE_RADIUS
+ 	/* cleanup */
+ 	RadiusClose(auth);
++#endif
+ 
+ 	if (was_canceled) {
+ 		AuthDataDestroy(auth);
+@@ -1948,9 +1975,11 @@ static const char *
+ AuthCode(int proto, u_char code, char *buf, size_t len)
+ {
+ 	switch (proto) {
++#ifdef USE_RADIUS
+ 	case PROTO_EAP:
+ 		return EapCode(code, buf, len);
+ 
++#endif
+ 	case PROTO_CHAP:
+ 		return ChapCode(code, buf, len);
+ 
+Index: src/auth.h
+===================================================================
+--- src/auth.h	(revision 2411)
++++ src/auth.h	(working copy)
+@@ -113,6 +113,7 @@ struct authparams {
+ 	struct in_addr peer_dns[2];	/* DNS servers for peer to use */
+ 	struct in_addr peer_nbns[2];	/* NBNS servers for peer to use */
+ 
++#ifdef USE_RADIUS
+ 	char   *eapmsg;			/* EAP Msg for forwarding to RADIUS
+ 					 * server */
+ 	int	eapmsg_len;
+@@ -125,6 +126,7 @@ struct authparams {
+ 
+ 	char   *filter_id;		/* RADIUS Framed-Filter-Id attribute */
+ 
++#endif
+ 	char	action[8 + LINK_MAX_NAME];
+ 
+ #ifdef USE_IPFW
+@@ -204,7 +206,9 @@ struct authparams {
+ };
+ 
+ struct authconf {
++#ifdef	USE_RADIUS
+ 	struct radiusconf radius;	/* RADIUS configuration */
++#endif
+ 	char	authname[AUTH_MAX_AUTHNAME];	/* Configured username */
+ 	char	password[AUTH_MAX_PASSWORD];	/* Configured password */
+ 	u_int	acct_update;
+@@ -231,7 +235,9 @@ struct auth {
+ 	struct pppTimer acct_timer;	/* Timer for accounting updates */
+ 	struct papinfo pap;		/* PAP state */
+ 	struct chapinfo chap;		/* CHAP state */
++#ifdef USE_RADIUS
+ 	struct eapinfo eap;		/* EAP state */
++#endif
+ 	struct paction *thread;		/* async auth thread */
+ 	struct paction *acct_thread;	/* async accounting auth thread */
+ 	struct authconf conf;		/* Auth backends, RADIUS, etc. */
+@@ -253,7 +259,9 @@ struct authdata {
+ 	u_int	code;			/* Proto specific code */
+ 	u_char	acct_type;		/* Accounting type, Start, Stop,
+ 					 * Update */
++#ifdef USE_RADIUS
+ 	u_char	eap_radius;
++#endif
+ 	u_char	status;
+ 	u_char	why_fail;
+ 	char   *reply_message;		/* Text wich may displayed to the user */
+@@ -261,10 +269,13 @@ struct authdata {
+ 	char   *mschapv2resp;		/* Response String for MSCHAPv2 */
+ 	void    (*finish) (Link l, struct authdata *auth);	/* Finish handler */
+ 	int	drop_user;		/* RAD_MPD_DROP_USER value sent by
+-					 * RADIUS server */
++					 * RADIUS server or external acct script */
++#ifdef USE_RADIUS
+ 	struct {
+ 		struct rad_handle *handle;	/* the RADIUS handle */
+ 	}	radius;
++#endif
++
+ #ifdef USE_OPIE
+ 	struct {
+ 		struct opie data;
+Index: src/command.c
+===================================================================
+--- src/command.c	(revision 2411)
++++ src/command.c	(working copy)
+@@ -223,8 +223,10 @@
+ #endif
+     { "ecp",				"ECP status",
+ 	EcpStat, AdmitBund, 0, NULL },
++#ifdef USE_RADIUS
+     { "eap",				"EAP status",
+ 	EapStat, AdmitLink, 0, NULL },
++#endif
+     { "events",				"Current events",
+ 	ShowEvents, NULL, 0, NULL },
+     { "ipcp",				"IPCP status",
+@@ -253,8 +255,10 @@
+ 	LinkStat, AdmitLink, 0, NULL },
+     { "auth",				"Auth status",
+ 	AuthStat, AdmitLink, 0, NULL },
++#ifdef USE_RADIUS
+     { "radius",				"RADIUS status",
+ 	RadStat, AdmitLink, 0, NULL },
++#endif
+ #ifdef RAD_COA_REQUEST
+     { "radsrv",				"RADIUS server status",
+ 	RadsrvStat, NULL, 0, NULL },
+@@ -293,8 +297,10 @@
+   };
+ 
+   static const struct cmdtab UnSetCommands[] = {
++#ifdef USE_RADIUS
+    { "radius ...",			"RADIUS specific stuff",
+ 	CMD_SUBMENU, AdmitLink, 2, RadiusUnSetCmds },
++#endif
+ #ifdef NG_NAT_DESC_LENGTH
+    { "nat ...",			"NAT specific stuff",
+ 	CMD_SUBMENU, AdmitBund, 2, NatUnSetCmds },
+@@ -303,6 +309,8 @@
+   };
+   
+   static const struct cmdtab SetCommands[] = {
++    { "auth ...",			"Auth specific stuff",
++	CMD_SUBMENU, AdmitLink, 2, AuthSetCmds },
+     { "bundle ...",			"Bundle specific stuff",
+ 	CMD_SUBMENU, AdmitBund, 2, BundSetCmds },
+     { "link ...",			"Link specific stuff",
+@@ -323,15 +331,15 @@
+ #endif
+     { "ecp ...",			"ECP specific stuff",
+ 	CMD_SUBMENU, AdmitBund, 2, EcpSetCmds },
++#ifdef USE_RADIUS
+     { "eap ...",			"EAP specific stuff",
+ 	CMD_SUBMENU, AdmitLink, 2, EapSetCmds },
+-    { "auth ...",			"Auth specific stuff",
+-	CMD_SUBMENU, AdmitLink, 2, AuthSetCmds },
+     { "radius ...",			"RADIUS specific stuff",
+ 	CMD_SUBMENU, AdmitLink, 2, RadiusSetCmds },
+ #ifdef RAD_COA_REQUEST
+     { "radsrv ...",			"RADIUS server specific stuff",
+ 	CMD_SUBMENU, NULL, 2, RadsrvSetCmds },
++#endif
+ #endif
+     { "console ...",			"Console specific stuff",
+ 	CMD_SUBMENU, NULL, 0, ConsoleSetCmds },
+Index: src/configure
+===================================================================
+--- src/configure	(revision 2411)
++++ src/configure	(working copy)
+@@ -122,6 +122,13 @@ else
+     echo " not found."
+ fi
+ 
++echo -n "Looking for radius support ..."
++if [ "$USE_RADIUS" = no ]; then
++    echo " disabled."
++else if [ -e /usr/include/radlib.h ]
++then
++    echo " found."
++    echo "#define	HAVE_RADIUS	1" >> $CONFIG
+ 
+ echo -n "Looking for rad_bind_to() ..."
+ if /usr/bin/grep rad_bind_to /usr/include/radlib.h >/dev/null 2>&1
+@@ -140,6 +147,8 @@ then
+ else
+     echo " not found."
+ fi
++fi
++fi # RADIUS support
+ 
+ echo -n "Looking for ether_ntoa_r() ..."
+ if /usr/bin/grep ether_ntoa_r /usr/include/net/ethernet.h >/dev/null 2>&1
+Index: src/defs.h
+===================================================================
+--- src/defs.h	(revision 2411)
++++ src/defs.h	(working copy)
+@@ -55,6 +55,9 @@
+ #ifndef HAVE_IPFW
+   #undef USE_IPFW
+ #endif
++#ifdef HAVE_RADIUS
++  #define USE_RADIUS
++#endif
+ #ifndef HAVE_RAD_BIND
+   #undef HAVE_RAD_BIND
+ #endif
+Index: src/eap.h
+===================================================================
+--- src/eap.h	(revision 2411)
++++ src/eap.h	(working copy)
+@@ -77,6 +77,7 @@
+     EAP_TYPE_FAST		/* EAP-FAST */
+   };
+ 
++#ifdef USE_RADIUS
+   extern const	struct cmdtab EapSetCmds[];
+ 
+   /* Configuration for a link */
+@@ -109,5 +110,6 @@
+   extern const	char *EapType(u_char type);
+   extern int	EapStat(Context ctx, int ac, const char *const av[], const void *arg);
+ 
++#endif /* USE_RADIUS */
+ #endif
+ 
+Index: src/iface.c
+===================================================================
+--- src/iface.c	(revision 2416)
++++ src/iface.c	(working copy)
+@@ -1110,7 +1110,10 @@ IfaceIpIfaceUp(Bund b, int ready)
+     	    u_addrtoa(&iface->peer_addr, peerbuf, sizeof(peerbuf)), 
+     	    *b->params.authname ? b->params.authname : "-", 
+     	    ns1buf, ns2buf, *b->params.peeraddr ? b->params.peeraddr : "-",
+-    	    b->params.filter_id ? b->params.filter_id : "-");
++#ifdef USE_RADIUS
++    	    b->params.filter_id ? b->params.filter_id :
++#endif
++    	    "-");
+ 	if (res != 0) {
+ 	    FsmFailure(&b->ipcp.fsm, FAIL_NEGOT_FAILURE);
+ 	    return (-1);
+@@ -1142,7 +1145,10 @@ IfaceIpIfaceDown(Bund b)
+     	    u_addrtoa(&iface->peer_addr, peerbuf, sizeof(peerbuf)), 
+     	    *b->params.authname ? b->params.authname : "-",
+     	    *b->params.peeraddr ? b->params.peeraddr : "-",
+-    	    b->params.filter_id ? b->params.filter_id : "-");
++#ifdef USE_RADIUS
++    	    b->params.filter_id ? b->params.filter_id :
++#endif
++    	    "-");
+     }
+ 
+     /* Delete dynamic routes */
+@@ -1254,7 +1260,10 @@ IfaceIpv6IfaceUp(Bund b, int ready)
+     	    u_addrtoa(&iface->peer_ipv6_addr, peerbuf, sizeof(peerbuf)), iface->ifname, 
+     	    *b->params.authname ? b->params.authname : "-",
+     	    *b->params.peeraddr ? b->params.peeraddr : "-",
+-    	    b->params.filter_id ? b->params.filter_id : "-");
++#ifdef USE_RADIUS
++    	    b->params.filter_id ? b->params.filter_id :
++#endif
++    	    "-");
+ 	if (res != 0) {
+ 	    FsmFailure(&b->ipv6cp.fsm, FAIL_NEGOT_FAILURE);
+ 	    return (-1);
+@@ -1287,7 +1296,10 @@ IfaceIpv6IfaceDown(Bund b)
+     	    u_addrtoa(&iface->peer_ipv6_addr, peerbuf, sizeof(peerbuf)), iface->ifname, 
+     	    *b->params.authname ? b->params.authname : "-",
+     	    *b->params.peeraddr ? b->params.peeraddr : "-",
+-    	    b->params.filter_id ? b->params.filter_id : "-");
++#ifdef USE_RADIUS
++    	    b->params.filter_id ? b->params.filter_id :
++#endif
++    	    "-");
+     }
+ 
+     /* Delete dynamic routes */
+Index: src/input.c
+===================================================================
+--- src/input.c	(revision 2411)
++++ src/input.c	(working copy)
+@@ -101,9 +101,16 @@ InputDispatch(Bund b, Link l, int proto, Mbuf bp)
+             return(0);
+         case PROTO_PAP:
+         case PROTO_CHAP:
++            AuthInput(l, proto, bp);
++            return(0);
+         case PROTO_EAP:
++#ifdef USE_RADIUS
+             AuthInput(l, proto, bp);
+             return(0);
++#else
++	    reject = 1;
++	    goto done;
++#endif
+ 	case PROTO_MP:
+     	    if (!Enabled(&l->conf.options, LINK_CONF_MULTILINK))
+ 		reject = 1;
+Index: src/main.c
+===================================================================
+--- src/main.c	(revision 2411)
++++ src/main.c	(working copy)
+@@ -97,7 +97,9 @@
+ #ifndef NOWEB
+   struct web		gWeb;
+ #endif
++#ifdef USE_RADIUS
+   struct radsrv		gRadsrv;
++#endif
+   int			gBackground = FALSE;
+   int			gShutdownInProgress = FALSE;
+   int			gOverload = 0;
+Index: src/ppp.h
+===================================================================
+--- src/ppp.h	(revision 2414)
++++ src/ppp.h	(working copy)
+@@ -203,7 +203,9 @@
+   extern int		gNumBundles;		/* Total number of bundles */
+   extern struct console	gConsole;
+   extern struct web	gWeb;
++#ifdef USE_RADIUS
+   extern struct radsrv	gRadsrv;
++#endif
+   extern int		gBackground;
+   extern int		gShutdownInProgress;
+   extern int		gOverload;
+Index: src/radius.h
+===================================================================
+--- src/radius.h	(revision 2411)
++++ src/radius.h	(working copy)
+@@ -5,6 +5,13 @@
+  *
+  */
+ 
++#ifndef _RADIUS_H_
++#define _RADIUS_H_
++
++#include "defs.h"
++
++#ifdef USE_RADIUS
++
+ #ifdef CCP_MPPC
+ #include <netgraph/ng_mppc.h>
+ #endif
+@@ -15,8 +22,6 @@
+ 
+ #include "iface.h"
+ 
+-#ifndef _RADIUS_H_
+-#define _RADIUS_H_
+ 
+ /*
+  * DEFINITIONS
+@@ -189,4 +194,5 @@ extern void RadiusClose(struct authdata *auth);
+ extern void RadiusEapProxy(void *arg);
+ extern int RadStat(Context ctx, int ac, const char *const av[], const void *arg);
+ 
++#endif /* USE_RADIUS */
+ #endif
+Index: src/radsrv.h
+===================================================================
+--- src/radsrv.h	(revision 2411)
++++ src/radsrv.h	(working copy)
+@@ -9,6 +9,8 @@
+ #define	_RADSRV_H_
+ 
+ #include "defs.h"
++
++#ifdef USE_RADIUS
+ #include <radlib.h>
+ 
+ /*
+@@ -57,4 +59,5 @@ extern int RadsrvOpen(Radsrv c);
+ extern int RadsrvClose(Radsrv c);
+ extern int RadsrvStat(Context ctx, int ac, const char *const av[], const void *arg);
+ 
++#endif /* USE_RADIUS */
+ #endif

net/mpd/files/patch-ppp.h

@@ -0,0 +1,27 @@
+Index: src/ppp.h
+===================================================================
+--- src/ppp.h	(revision 2411)
++++ src/ppp.h	(working copy)
+@@ -69,20 +69,15 @@
+   #define assert(e)	((e) ? (void)0 : DoAssert(__FILE__, __LINE__, #e))
+ 
+ #ifdef __clang__
+-
++#ifndef NO_THREAD_SAFETY_ANALYSIS
+ #ifndef THREAD_ANNOTATION_ATTRIBUTE__
+   #define THREAD_ANNOTATION_ATTRIBUTE__(x)   __attribute__((x))
+-#else
+-  #define THREAD_ANNOTATION_ATTRIBUTE__(x)
+ #endif
+-
+-#ifndef NO_THREAD_SAFETY_ANALYSIS
+   #define NO_THREAD_SAFETY_ANALYSIS \
+ 	THREAD_ANNOTATION_ATTRIBUTE__(no_thread_safety_analysis)
++#endif
+ #else
+   #define NO_THREAD_SAFETY_ANALYSIS
+-#endif
+-
+ #endif /* __clang__ */
+ 
+   /* Giant Mutex handling */

net/mpd/files/patch-pppoe.c

@@ -0,0 +1,34 @@
+Index: src/pppoe.c
+===================================================================
+--- src/pppoe.c	(revision 2420)
++++ src/pppoe.c	(revision 2423)
+@@ -1257,6 +1257,8 @@ PppoeListenEvent(int type, void *arg)
+ 	const struct pppoe_hdr	*ph;
+ 	const struct pppoe_tag  *tag;
+ 
++	u_int16_t		length;
++
+ 	union {
+ 	    u_char buf[sizeof(struct ngpppoe_init_data) + MAX_SESSION];
+ 	    struct ngpppoe_init_data poeid;
+@@ -1288,6 +1290,20 @@ PppoeListenEvent(int type, void *arg)
+ 
+ 	wh = (struct pppoe_full_hdr *)response;
+ 	ph = &wh->ph;
++
++	/* Sanity check */
++	length = ntohs(ph->length);
++	if (length > (size_t)sz - sizeof(struct pppoe_full_hdr)) {
++		Log(LG_PHYS, ("Ignored incoming PPPoE connection request "
++		    "via %s for service \"%s\" from %s "
++		    "due to bad length %hu > %u",
++		    PIf->ifnodepath, session,
++		    ether_ntoa((const struct ether_addr *)&wh->eh.ether_shost),
++		    length,
++		    (unsigned)((size_t)sz - sizeof(struct pppoe_full_hdr))));
++		return;
++	}
++
+ 	if ((tag = get_tag(ph, PTT_SRV_NAME))) {
+ 	    size_t len = ntohs(tag->tag_len);
+ 	    if (len >= sizeof(real_session))

net/mpd/pkg-plist

@@ -1,5 +1,5 @@
-sbin/mpd
-man/man8/mpd.8.gz
+sbin/mpd5
+man/man8/mpd5.8.gz