diff --git a/.freeradius.metadata b/.freeradius.metadata index 557e2e0..1bde044 100644 --- a/.freeradius.metadata +++ b/.freeradius.metadata @@ -1 +1 @@ -b0e20f66117fded369174dd60132bbac139bebed SOURCES/freeradius-server-3.0.0.tar.bz2 +3115f18fbe550460617f5a3402017e9b675a8726 SOURCES/freeradius-server-3.0.1.tar.bz2 diff --git a/SOURCES/freeradius-bool-config.patch b/SOURCES/freeradius-bool-config.patch deleted file mode 100644 index 19080fd..0000000 --- a/SOURCES/freeradius-bool-config.patch +++ /dev/null @@ -1,73 +0,0 @@ -From 3e038dd2b6ddc77eb27205d04252378f6038abcb Mon Sep 17 00:00:00 2001 -From: John Dennis -Date: Wed, 13 Nov 2013 18:23:43 -0500 -Subject: [PATCH] PW_TYPE_BOOLEAN config item should be declared int, not bool -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 8bit - -PW_TYPE_BOOLEAN config items are treated as int by the config -parser in conffile.c. bools and ints are not the same size, -on many architectures sizeof(bool) == 1 and sizeof(int) == 4 - -Manifestation of the problem - - # Loaded module rlm_exec - # Instantiating module "echo" from file /etc/raddb/mods-enabled/echo - exec echo { - wait = yes - program = "/bin/echo %{User-Name}" - input_pairs = "request" - output_pairs = "reply" - shell_escape = yes - } -Error: /etc/raddb/mods-enabled/echo[34]: Cannot read output pairs if wait = no -Error: /etc/raddb/mods-enabled/echo[34]: Instantiation failed for module "echo" - -In rlm_exec.c: - - if (!inst->wait && - (inst->output != NULL)) { - cf_log_err_cs(conf, "Cannot read output pairs if wait = no"); - return -1; - } - -wait = yes in the config file and is parsed as TRUE which writes a 1 -into an integer but inst->wait is read as a byte so the test is not -performed correctly. ---- - src/modules/rlm_exec/rlm_exec.c | 2 +- - src/modules/rlm_pap/rlm_pap.c | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/modules/rlm_exec/rlm_exec.c b/src/modules/rlm_exec/rlm_exec.c -index 0d8149d..4770359 100644 ---- a/src/modules/rlm_exec/rlm_exec.c -+++ b/src/modules/rlm_exec/rlm_exec.c -@@ -33,7 +33,7 @@ RCSID("$Id$") - typedef struct rlm_exec_t { - char const *xlat_name; - int bare; -- bool wait; -+ int wait; - char *program; - char *input; - char *output; -diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c -index 7ebcedf..8ec63dc 100644 ---- a/src/modules/rlm_pap/rlm_pap.c -+++ b/src/modules/rlm_pap/rlm_pap.c -@@ -42,9 +42,9 @@ RCSID("$Id$") - */ - typedef struct rlm_pap_t { - char const *name; /* CONF_SECTION->name, not strdup'd */ -- bool auto_header; -+ int auto_header; - int auth_type; -- bool normify; -+ int normify; - } rlm_pap_t; - - /* --- -1.8.1.4 - diff --git a/SOURCES/freeradius-imacros.patch b/SOURCES/freeradius-imacros.patch new file mode 100644 index 0000000..0a4be7e --- /dev/null +++ b/SOURCES/freeradius-imacros.patch @@ -0,0 +1,13 @@ +diff -r -u freeradius-server-3.0.1.bak/Make.inc.in freeradius-server-3.0.1/Make.inc.in +--- freeradius-server-3.0.1.bak/Make.inc.in 2014-01-17 11:20:48.599733053 -0500 ++++ freeradius-server-3.0.1/Make.inc.in 2014-01-17 14:37:33.739853796 -0500 +@@ -47,7 +47,7 @@ + + CC = @CC@ + RANLIB = @RANLIB@ +-IMACROS = -imacros ${top_srcdir}/src/freeradius-devel/build.h -imacros ${top_srcdir}/src/freeradius-devel/autoconf.h -imacros ${top_srcdir}/src/freeradius-devel/features.h ++IMACROS = -include ${top_srcdir}/src/freeradius-devel/build.h -include ${top_srcdir}/src/freeradius-devel/autoconf.h -include ${top_srcdir}/src/freeradius-devel/features.h + INCLUDE = -I${top_srcdir} -I${top_srcdir}/src + CFLAGS = $(IMACROS) $(INCLUDE) -std=c99 -fno-strict-aliasing @CFLAGS@ + CPPFLAGS = @CPPFLAGS@ +Only in freeradius-server-3.0.1: Make.inc.in~ diff --git a/SOURCES/freeradius-ippool.patch b/SOURCES/freeradius-ippool.patch new file mode 100644 index 0000000..383982a --- /dev/null +++ b/SOURCES/freeradius-ippool.patch @@ -0,0 +1,109 @@ +diff -r -u freeradius-server-3.0.1.bak/raddb/mods-available/ippool freeradius-server-3.0.1/raddb/mods-available/ippool +--- freeradius-server-3.0.1.bak/raddb/mods-available/ippool 2014-01-17 11:20:48.609733064 -0500 ++++ freeradius-server-3.0.1/raddb/mods-available/ippool 2014-01-17 12:33:11.884537885 -0500 +@@ -1,6 +1,6 @@ + # -*- text -*- + # +-# $Id: d52dc9b385dec10e970ba9af070af612f25d596d $ ++# $Id: 1d3305ba45ec71336f55f8f1db05f183772e1b82 $ + + # Do server side ip pool management. Should be added in + # post-auth and accounting sections. +@@ -22,54 +22,45 @@ + # DEFAULT Group == teachers, Pool-Name := "teachers" + # DEFAULT Group == other, Pool-Name := "DEFAULT" + # +-# ********* IF YOU CHANGE THE RANGE PARAMETERS YOU MUST ********* +-# ********* THEN ERASE THE DB FILES ********* ++# Note: If you change the range parameters you must then erase the ++# db files. + # + ippool main_pool { ++ # The main db file used to allocate addresses. ++ filename = ${db_dir}/db.ippool + +- # range-start,range-stop: +- # The start and end ip addresses for this pool. ++ # The start and end ip addresses for this pool. + range_start = 192.0.2.1 + range_stop = 192.0.2.254 + +- # netmask: +- # The network mask used for this pool. ++ # The network mask used for this pool. + netmask = 255.255.255.0 + +- # cache_size: +- # The gdbm cache size for the db files. Should +- # be equal to the number of ip's available in +- # the ip pool ++ # The gdbm cache size for the db files. Should ++ # be equal to the number of ip's available in ++ # the ip pool + cache_size = 800 + +- # session-db: +- # The main db file used to allocate addresses. +- session_db = ${db_dir}/db.ippool +- +- # ip-index: +- # Helper db index file used in multilink ++ # Helper db index file used in multilink + ip_index = ${db_dir}/db.ipindex + +- # override: +- # If set, the Framed-IP-Address already in the +- # reply (if any) will be discarded, and replaced +- # with a Framed-IP-Address assigned here. ++ # If set, the Framed-IP-Address already in the ++ # reply (if any) will be discarded, and replaced ++ # ith a Framed-IP-Address assigned here. + override = no + +- # maximum-timeout: +- # Specifies the maximum time in seconds that an +- # entry may be active. If set to zero, means +- # "no timeout". The default value is 0 ++ # Specifies the maximum time in seconds that an ++ # entry may be active. If set to zero, means ++ # "no timeout". The default value is 0 + maximum_timeout = 0 + +- # key: +- # The key to use for the session database (which +- # holds the allocated ip's) normally it should +- # just be the nas ip/port (which is the default). ++ # The key to use for the session database (which ++ # holds the allocated ip's) normally it should ++ # just be the nas ip/port (which is the default). + # +- # If your NAS sends the same value of NAS-Port +- # all requests, the key should be based on some +- # other attribute that is in ALL requests, AND +- # is unique to each machine needing an IP address. +- #key = "%{NAS-IP-Address} %{NAS-Port}" ++ # If your NAS sends the same value of NAS-Port ++ # all requests, the key should be based on some ++ # other attribute that is in ALL requests, AND ++ # is unique to each machine needing an IP address. ++# key = "%{NAS-IP-Address} %{NAS-Port}" + } +commit 82d3d851e03fdc403c6694d5470905c489acb1b5 +Author: Alan T. DeKok +Date: Sat Jan 18 15:58:28 2014 -0500 + + Set the default length for the attributes + +diff --git a/src/lib/valuepair.c b/src/lib/valuepair.c +index d1d1fca..ac955ad 100644 +--- a/src/lib/valuepair.c ++++ b/src/lib/valuepair.c +@@ -109,6 +109,8 @@ VALUE_PAIR *pairalloc(TALLOC_CTX *ctx, DICT_ATTR const *da) + vp->op = T_OP_EQ; + vp->type = VT_NONE; + ++ vp->length = da->flags.length; ++ + talloc_set_destructor(vp, _pairfree); + + return vp; diff --git a/SOURCES/freeradius-mysql-schema.patch b/SOURCES/freeradius-mysql-schema.patch new file mode 100644 index 0000000..a91aa69 --- /dev/null +++ b/SOURCES/freeradius-mysql-schema.patch @@ -0,0 +1,12 @@ +diff -r -u freeradius-server-3.0.1.orig/raddb/mods-config/sql/main/mysql/schema.sql freeradius-server-3.0.1/raddb/mods-config/sql/main/mysql/schema.sql +--- freeradius-server-3.0.1.orig/raddb/mods-config/sql/main/mysql/schema.sql 2014-01-13 20:13:56.000000000 -0500 ++++ freeradius-server-3.0.1/raddb/mods-config/sql/main/mysql/schema.sql 2014-01-21 12:37:29.349480066 -0500 +@@ -28,7 +28,7 @@ + acctupdatetime datetime NULL default NULL, + acctstoptime datetime NULL default NULL, + acctinterval int(12) default NULL, +- acctsessiontime unsigned int(12) default NULL, ++ acctsessiontime int(12) unsigned default NULL, + acctauthentic varchar(32) default NULL, + connectinfo_start varchar(50) default NULL, + connectinfo_stop varchar(50) default NULL, diff --git a/SOURCES/freeradius-perl.patch b/SOURCES/freeradius-perl.patch new file mode 100644 index 0000000..bdac7fb --- /dev/null +++ b/SOURCES/freeradius-perl.patch @@ -0,0 +1,19 @@ +commit 57d0db0e1dfa3fc25d0bfc146fec1c89a446a9ea +Author: Alan T. DeKok +Date: Wed Jan 22 15:11:33 2014 -0500 + + Use size out output buffer, not size of output pointer + +diff --git a/src/lib/print.c b/src/lib/print.c +index a6e5391..5bc5e02 100644 +--- a/src/lib/print.c ++++ b/src/lib/print.c +@@ -266,7 +266,7 @@ size_t vp_prints_value(char *out, size_t outlen, VALUE_PAIR const *vp, int8_t qu + return strlen(out); + } + +- return fr_print_string(vp->vp_strvalue, vp->length, out, sizeof(out)); ++ return fr_print_string(vp->vp_strvalue, vp->length, out, outlen); + + case PW_TYPE_INTEGER: + if (vp->da->flags.has_tag) { diff --git a/SOURCES/freeradius-postgres-sql.patch b/SOURCES/freeradius-postgres-sql.patch new file mode 100644 index 0000000..33235b7 --- /dev/null +++ b/SOURCES/freeradius-postgres-sql.patch @@ -0,0 +1,10 @@ +--- freeradius-server-3.0.0.orig/raddb/mods-config/sql/main/postgresql/setup.sql 2013-10-07 15:49:47.000000000 -0400 ++++ freeradius-server-3.0.0/raddb/mods-config/sql/main/postgresql/setup.sql 2013-12-13 12:58:38.261559789 -0500 +@@ -29,4 +29,7 @@ + * The server can write to the accounting and post-auth logging table. + */ + GRANT SELECT, INSERT, UPDATE on radacct TO radius; ++GRANT SELECT, USAGE on radacct_radacctid_seq TO radius; ++ + GRANT SELECT, INSERT, UPDATE on radpostauth TO radius; ++GRANT SELECT, USAGE on radpostauth_id_seq TO radius; diff --git a/SOURCES/freeradius-redhat-config.patch b/SOURCES/freeradius-redhat-config.patch index 6b3ce4e..3a7e428 100644 --- a/SOURCES/freeradius-redhat-config.patch +++ b/SOURCES/freeradius-redhat-config.patch @@ -1,14 +1,35 @@ +diff -r -u freeradius-server-3.0.0.orig/raddb/mods-available/eap freeradius-server-3.0.0/raddb/mods-available/eap +--- freeradius-server-3.0.0.orig/raddb/mods-available/eap 2013-10-07 15:49:47.000000000 -0400 ++++ freeradius-server-3.0.0/raddb/mods-available/eap 2013-11-26 17:48:56.081183431 -0500 +@@ -435,7 +435,7 @@ + # + # You should also delete all of the files + # in the directory when the server starts. +- # tmpdir = /tmp/radiusd ++ # tmpdir = /var/run/radiusd/tmp + + # The command used to verify the client cert. + # We recommend using the OpenSSL command-line +@@ -449,7 +449,7 @@ + # in PEM format. This file is automatically + # deleted by the server when the command + # returns. +- # client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}" ++ # client = "/usr/bin/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}" + } + + # diff -r -u freeradius-server-3.0.0.orig/raddb/radiusd.conf.in freeradius-server-3.0.0/raddb/radiusd.conf.in --- freeradius-server-3.0.0.orig/raddb/radiusd.conf.in 2013-10-07 15:49:47.000000000 -0400 -+++ freeradius-server-3.0.0/raddb/radiusd.conf.in 2013-10-09 14:10:18.595543308 -0400 ++++ freeradius-server-3.0.0/raddb/radiusd.conf.in 2013-11-26 17:24:52.263467793 -0500 @@ -71,8 +71,7 @@ cadir = ${confdir}/certs run_dir = ${localstatedir}/run/${name} - + -# Should likely be ${localstatedir}/lib/radiusd -db_dir = ${raddbdir} +db_dir = ${localstatedir}/lib/radiusd - + # # libdir: Where to find the rlm_* modules. @@ -376,8 +375,8 @@ @@ -19,7 +40,6 @@ diff -r -u freeradius-server-3.0.0.orig/raddb/radiusd.conf.in freeradius-server- -# group = radius + user = radiusd + group = radiusd - + # Core dumps are a bad thing. This should only be set to # 'yes' if you're debugging a problem with the server. -Only in freeradius-server-3.0.0/raddb: radiusd.conf.in~ diff --git a/SOURCES/freeradius-rlm_pap-overflow.patch b/SOURCES/freeradius-rlm_pap-overflow.patch new file mode 100644 index 0000000..a1ae93a --- /dev/null +++ b/SOURCES/freeradius-rlm_pap-overflow.patch @@ -0,0 +1,48 @@ +From ff5147c9e5088c7cf5c0b6ec6bfdd3a9d2042a28 Mon Sep 17 00:00:00 2001 +From: Arran Cudbard-Bell +Date: Thu, 13 Feb 2014 13:49:54 +0000 +Subject: [PATCH 1/1] Fix potential crash with SSHA and salts > 44bytes + +--- + src/modules/rlm_pap/rlm_pap.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c +index 689acf0..1bf6d4e 100644 +--- a/src/modules/rlm_pap/rlm_pap.c ++++ b/src/modules/rlm_pap/rlm_pap.c +@@ -123,7 +123,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance) + static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + { + +- uint8_t buffer[64]; ++ uint8_t buffer[256]; + + if (min_length >= sizeof(buffer)) return; /* paranoia */ + +@@ -132,9 +132,10 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + */ + if (vp->length >= (2 * min_length)) { + size_t decoded; +- decoded = fr_hex2bin(buffer, vp->vp_strvalue, vp->length >> 1); ++ decoded = fr_hex2bin(buffer, vp->vp_strvalue, sizeof(buffer)); + if (decoded == (vp->length >> 1)) { +- RDEBUG2("Normalizing %s from hex encoding", vp->da->name); ++ RDEBUG2("Normalizing %s from hex encoding, %zu bytes -> %zu bytes", ++ vp->da->name, vp->length, decoded); + pairmemcpy(vp, buffer, decoded); + return; + } +@@ -150,7 +151,8 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length) + sizeof(buffer)); + if (decoded < 0) return; + if (decoded >= (ssize_t) min_length) { +- RDEBUG2("Normalizing %s from base64 encoding", vp->da->name); ++ RDEBUG2("Normalizing %s from base64 encoding, %zu bytes -> %zu bytes", ++ vp->da->name, vp->length, decoded); + pairmemcpy(vp, buffer, decoded); + return; + } +-- +1.8.5.3 + diff --git a/SPECS/freeradius.spec b/SPECS/freeradius.spec index f9a5283..f2e2dcf 100644 --- a/SPECS/freeradius.spec +++ b/SPECS/freeradius.spec @@ -1,19 +1,19 @@ Summary: High-performance and highly configurable free RADIUS server Name: freeradius -Version: 3.0.0 -Release: 3%{?dist} +Version: 3.0.1 +Release: 6%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Daemons URL: http://www.freeradius.org/ # Is elliptic curve cryptography supported? -%if 0%{?rhel} >= 7 +%if 0%{?rhel} >= 7 || 0%{?fedora} >= 20 %global HAVE_EC_CRYPTO 1 %else %global HAVE_EC_CRYPTO 0 %endif -%global dist_base freeradius-server-3.0.0 +%global dist_base freeradius-server-%{version} Source0: ftp://ftp.freeradius.org/pub/radius/%{dist_base}.tar.bz2 Source100: radiusd.service @@ -22,7 +22,12 @@ Source103: freeradius-pam-conf Source104: freeradius-tmpfiles.conf Patch1: freeradius-redhat-config.patch -Patch2: freeradius-bool-config.patch +Patch2: freeradius-postgres-sql.patch +Patch3: freeradius-ippool.patch +Patch4: freeradius-imacros.patch +Patch5: freeradius-mysql-schema.patch +Patch6: freeradius-perl.patch +Patch7: freeradius-rlm_pap-overflow.patch %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} @@ -177,8 +182,15 @@ This plugin provides the unixODBC support for the FreeRADIUS server project. %prep %setup -q -n %{dist_base} -%patch1 -p1 -b .redhat-config -%patch2 -p1 -b .bool-config +# Note: We explicitly do not make patch backup files because 'make install' +# mistakenly includes the backup files, especially problematic for raddb config files. +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 %build # Force compile/link options, extra security for network facing daemon @@ -219,6 +231,7 @@ install -D -m 644 %{SOURCE103} $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/radiusd mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d mkdir -p %{buildroot}%{_localstatedir}/run/ install -d -m 0710 %{buildroot}%{_localstatedir}/run/radiusd/ +install -d -m 0700 %{buildroot}%{_localstatedir}/run/radiusd/tmp install -m 0644 %{SOURCE104} %{buildroot}%{_sysconfdir}/tmpfiles.d/radiusd.conf # remove unneeded stuff @@ -233,6 +246,8 @@ rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/serial* rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/dh rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/random +rm -f $RPM_BUILD_ROOT/%{_mandir}/man1/radeapclient.1 + rm -f $RPM_BUILD_ROOT/usr/sbin/rc.radiusd rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.a rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.la @@ -314,6 +329,7 @@ exit 0 %{_unitdir}/radiusd.service %config %{_sysconfdir}/tmpfiles.d/radiusd.conf %dir %attr(710,radiusd,radiusd) %{_localstatedir}/run/radiusd +%dir %attr(700,radiusd,radiusd) %{_localstatedir}/run/radiusd/tmp %dir %attr(755,radiusd,radiusd) %{_localstatedir}/lib/radiusd # configs (raddb) @@ -403,6 +419,7 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/chap %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/counter %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cui +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/date %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/detail %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/detail.example.com %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/detail.log @@ -444,6 +461,7 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/soh %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sometimes %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sql +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sqlcounter %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sqlippool %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sradutmp %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unix @@ -526,6 +544,7 @@ exit 0 %{_libdir}/freeradius/rlm_chap.so %{_libdir}/freeradius/rlm_counter.so %{_libdir}/freeradius/rlm_cram.so +%{_libdir}/freeradius/rlm_date.so %{_libdir}/freeradius/rlm_detail.so %{_libdir}/freeradius/rlm_dhcp.so %{_libdir}/freeradius/rlm_digest.so @@ -570,10 +589,6 @@ exit 0 %{_libdir}/freeradius/rlm_wimax.so %{_libdir}/freeradius/rlm_yubikey.so -%files doc - -%doc %{docdir}/ - # main man pages %doc %{_mandir}/man5/clients.conf.5.gz %doc %{_mandir}/man5/dictionary.5.gz @@ -601,9 +616,16 @@ exit 0 %doc %{_mandir}/man8/radmin.8.gz %doc %{_mandir}/man8/radrelay.8.gz +%files doc + +%doc %{docdir}/ + + +%files utils +/usr/bin/* + # utils man pages %doc %{_mandir}/man1/radclient.1.gz -%doc %{_mandir}/man1/radeapclient.1.gz %doc %{_mandir}/man1/radlast.1.gz %doc %{_mandir}/man1/radtest.1.gz %doc %{_mandir}/man1/radwho.1.gz @@ -616,10 +638,6 @@ exit 0 %doc %{_mandir}/man8/radsqlrelay.8.gz %doc %{_mandir}/man8/rlm_ippool_tool.8.gz - -%files utils -/usr/bin/* - %files devel /usr/include/freeradius @@ -642,7 +660,10 @@ exit 0 %files mysql %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/mysql -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/queries.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/cui/mysql %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/mysql/queries.conf @@ -674,7 +695,10 @@ exit 0 %files postgresql %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/postgresql -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/queries.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/dailycounter.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/expire_on_login.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/monthlycounter.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/noresetcounter.conf %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/cui/postgresql %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/postgresql/queries.conf @@ -697,6 +721,12 @@ exit 0 %{_libdir}/freeradius/rlm_sql_postgresql.so %files sqlite +%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/sqlite +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/dailycounter.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/expire_on_login.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/monthlycounter.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/noresetcounter.conf + %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/cui/sqlite %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/sqlite/queries.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/sqlite/schema.sql @@ -722,6 +752,53 @@ exit 0 %{_libdir}/freeradius/rlm_sql_unixodbc.so %changelog +* Thu Feb 27 2014 Nikolai Kondrashov - 3.0.1-6 +- Fix CVE-2014-2015 "freeradius: stack-based buffer overflow flaw in rlm_pap + module" +- resolves: bug#1066984 (fedora 1066763) + +* Thu Feb 27 2014 John Dennis - 3.0.1-5 +- resolves: bug#1068798 (fedora 1068795) + rlm_perl attribute values truncated + +* Fri Jan 24 2014 Daniel Mach - 3.0.1-4 +- Mass rebuild 2014-01-24 + +* Sun Jan 19 2014 John Dennis - 3.0.1-3 +- resolves: bug#1055073 (fedora 1055072) + rlm_ippool; bad config file attribute and fails to send reply attributes +- resolves: bug#1055567 (fedora 1056227) + bad mysql sql syntax +- change CFLAGS -imacros to -include to address gcc/gdb bug 1004526 + where gdb will not display source information, only + +* Wed Jan 15 2014 Honza Horak - 3.0.1-2 +- Rebuild for mariadb-libs + Related: #1045013 + +* Tue Jan 14 2014 John Dennis - 3.0.1-1 +- Upgrade to upstream 3.0.1 release, full config compatible with 3.0.0. + This is a roll-up of all upstream bugs fixes found in 3.0.0 + See upstream ChangeLog for details (in freeradius-doc subpackage) +- resolves: bug#1052450 (fedora 1053020) +- resolves: bug#1044748 (fedora 1044747) +- resolves: bug#1048475 (fedora 1048474) +- resolves: bug#1043037 (fedora 1043036) + +* Fri Dec 27 2013 Daniel Mach - 3.0.0-5 +- Mass rebuild 2013-12-27 + +* Tue Nov 26 2013 John Dennis - 3.0.0-4 +- resolves: bug#1031035 + remove radeapclient man page, + upstream no longer supports radeapclient, use eapol_test instead +- resolves: bug#1031061 + rlm_eap_leap memory corruption, see freeradius-rlm_leap.patch +- move man pages for utils into utils subpackage from doc subpackage +- fix HAVE_EC_CRYPTO test to include f20 +- add new directory /var/run/radiusd/tmp + update mods-available/eap so tls-common.verify.tmpdir to point to it + * Wed Nov 13 2013 John Dennis - 3.0.0-3 - resolves: bug#1029941 PW_TYPE_BOOLEAN config item should be declared int, not bool