From 06780e53ab5af9e4cf426983c4686d47ee387a8cfda989530e8e30540d42172c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADt=C4=9Bzslav=20=C4=8C=C3=AD=C5=BEek?= Date: Thu, 23 Apr 2015 14:30:13 +0000 Subject: [PATCH] Accepting request 298810 from home:vitezslav_cizek:branches:network - minor adjustments/cleanup of spec and changes - update to 3.0.8 * for a detailed list of changes look at: /usr/share/doc/packages/freeradius-server/ChangeLog - new set of consolidated patch files: deleted: * freeradius-server-2.1.1-logrotate_su.patch * freeradius-server-2.1.6-rcradiusd.patch * freeradius-server-initscript-pidfile.patch * freeradius-server-radius-reload-logrotate.patch * freeradius-server-var_run.patch added: * freeradius-server-radiusd-logrotate.patch * freeradius-server-rcradiusd.patch * freeradius-server-tmpfiles.patch OBS-URL: https://build.opensuse.org/request/show/298810 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=72 --- freeradius-server.changes | 212 ++++---------------------------------- freeradius-server.spec | 4 +- 2 files changed, 21 insertions(+), 195 deletions(-) diff --git a/freeradius-server.changes b/freeradius-server.changes index a4c2f88..c4b3711 100644 --- a/freeradius-server.changes +++ b/freeradius-server.changes @@ -1,201 +1,25 @@ +------------------------------------------------------------------- +Thu Apr 23 14:22:17 UTC 2015 - vcizek@suse.com + +- minor adjustments/cleanup of spec and changes + ------------------------------------------------------------------- Wed Apr 22 20:31:44 UTC 2015 - michael@stroeder.com - update to 3.0.8 -- new set of consolidated patch files - -FreeRADIUS 3.0.8 Wed 22 Apr 2015 13:30:00 EDT urgency=medium - Feature improvements - * Allow syslog_severity to be set in rlm_linelog. - * Allow defaults to be set for bulk clients in LDAP and couchbase. - * Updates to dhcpclient. Patches from Nicolas C. - * rlm_mschap now supports direct connections to winbind, which - is faster than ntlm_auth. See raddb/mods-available/mschap. - Patch from Matthew Newton. - * Recommend /dev/urandom for TLS randomness, instead of - ${certdir}/random - * Allow TLSv1 to be disabled via "disable_tlsv1" in tls{}. - * Allow Expanded EAP types where vendor is 0 (IETF) and - type is normal EAP type. Supplicants sending Expanded - EAP types like this are broken. - * Add support for server side sort controls when searching for - user objects in rlm_ldap. - - Bug fixes - * Don't complain about "authorize" in "server {}" blocks, but - only if there's no "server" block. - * Fix cosmetic issue where debug from the first packet read by - a detail reader thread would be emited during config parsing. - * Fix ASSERT on truncated detail packets. - * Don't use main server log functions from within panic_action, - as in the case of syslog this would cause deadlocks if the - fault was triggered from within a malloc. - * Fix issue in "switch" when "correct_escapes = false". - Fixes #911. - * Fix sqlcounter configuration to use "%%b" instead of "%b", - otherwise the new syntax validation will fail. - * Allow forward references in configuration items. Modules - aren't always loaded in a sane order. - * Fix more escaping issues. Closes #912. - * Decode MAC addresses correctly for VMPS. - * Fix memory leak with TLS connections. - * Fix state machine threading issues for conflicting packets. - * Fix copy_request_to_tunnel issues for tagged attributes. - * Allow "ok" to over-ride "updated" inside of Auth-Type sections. - * Update state machine so that post-proxy is run though child - threads for performance, instead of blocking the main thread. - * Allow "netmask" to work again in client definitions. - * Relax restrictions on SQL group queries. - * track outgoing proxy sockets and clean them up more aggressively. - * track proxy statistics, including CoA and Disconnect. - * If radmin has a connection failure when running a command, - it re-connects and runs the command again. - * mark home servers "unknown" less aggressively. - * Fix potential SEGV in PostgreSQL driver on error. - * Fix issue where fields like nas_type would not be accessible via - the %{client:} xlat, for dynamic clients. - * Set default busy_timeout (of 200ms) in the sqlite driver, so writes - don't cause selects to fail in multithreaded mode. This is user - configurable, and may be increased if required. - * Convert Password-With-Header attributes to binary (from hex or - base64), in the authorize method of rlm_pap. - * Fix invalid assert in state.c, that could cause abort in - post-auth. - * Fix double free when -m flag is used, and connection pools are - referenced by multiple modules. - * RADIUS over TLS accounting uses the same port as authentication. - * Regularized return codes from radmin commands. - * Fix RHEL spec file so it works correctly for Centos7 which uses - systemd, and didn't like the SystemV init script. - * radwho and radlast now have a -D option to load dictionaries - * DHCP packets are no longer checked for duplicates. - * Don't crash in sql module group comparisons in corner case. - * Calculate MPPE keys correctly when using TLS 1.2. - * Fix load-balance sections. Closes #945 - * TLS certificates are available again in the post-auth section. - They are not available for session resumption. - * radclient encodes CHAP-Password properly when using -c. - Closes #955. - * Fix issue in rlm_cache_memcached driver that caused variable - length values to be truncated. - * Fix track functionality in detail reader, so it no longer - fails with a "Failed marking detail request as done: Bad file - descriptor" error. - * Actually add the peer identity (as User-Name) to the inner - tunnel in EAP-PWD requests, so it's available for lookups. - * Fixes to PostfreSQL queries. Patches from Santiago Gimeno. - -FreeRADIUS 3.0.7 Thu 19 Feb 2015 12:00:00 EDT urgency=medium - Feature improvements - * Allow coa home_servers to be derived from client - sections if a coa_server section is provided. - * Automatically determine the correct port if no port is - provided for a home server. - * Allow foreach to operate over lists. - * Add compile time features to ${feature.*} and versions - of core libraries to ${version.*}. Feature and version - names match output of radiud -xv. %v is now deprecated. - * Add support for PATCH method in rlm_rest. - * Validate more module xlats on startup, and warn if an - xlat expansion is found in a double quoted config item - which will not be expanded. - * Add support for sub-second timeouts in rlm_rest. - * Add support for connection timeouts in rlm_rest. - * Add %{jsonquote:} xlat to escape strings for insertion - into json documents. - * Add %{ldapquote:} xlat to escape strings for insertion - into ldap DNs. - * Add %{explode:&ref }, splits value of &ref on - and creates new &ref type attributes with the - fragments. - * Allow rlm_ldap to use attribute references for base_dn and - filter config items. The attribute references are not - escaped, allowing DNs and filters to be created dynamically. - * Add %{nexttime:[]h|d|w|y} to calculate the number of - seconds before the next hour(s), day(s), week(s), - or year(s). - * Allow the left side of update sections to be xlat expansions. - The result of the expansion is then used to reference the - attribute to be modified. - * Added %{lpad:&Attribute-Name 7 x} and rpad. These produce - fixed-width output strings, with padding to the left (lpad) - or the right (rpad). - * For some SQL drivers (MySQL, sqlite) distinguish between - constraints violations (on insert), invalid queries, and - server errors, and return noop, invalid, and error respectively. - * Call SHOW WARNINGS in the MySQL driver and write them to - the request log, if libmysqlclient indicates warnings are - available on the server. - * Forbid the creation of Vendor-Specific for non-standard - VSAs. Use Attr-26 = 0x... instead. - * Make dhcpclient work with raw sockets and various other - improvements - Contributed by nchaigne - * Add support for SSHA2 - Contributed by PDD. - * Add perle dictionary - Contributed by Hachmer - * Modernise init scripts for RHEL, SUSE and Debian. - * radmin now tracks the return code of commands, and exits - with status "1" if any command failed to execute. - * radmin now sends error messages from the server to - stderr, instead of to stdout. - * radmin now looks for sockets matching it's UID and GID, - rather than just always using the first one it finds. - * radmin can how delete clients which are tied to a listener. - * Moved RADIUS attribute definitions to src/include/rfc*.h - * Move to talloc pools for requests. For in-memory tests - (default config, 'users' file), performance increases by 30%. - * In rlm_ldap allow sasl_mech to be specified for admin and - user binds. Only non-interactive mechs (like EXTERNAL) - are currently supported. - * Remove support for ephemeral RSA keys. They were "export only", - and should not be used by anyone. - * Syntax errors in the "users" file now produce better - error messages. - - Bug fixes - * Fix issues parsing LDAP hostnames with non-standard ports. - * Fix issues with realms containing regular expressions. - * Allow unary negation before parantheses in rlm_expr. - * Fix infinite loop in kevent event loop code. Issue only - presented on FreeBSD. - * Be more careful to define Auth-Types before loading modules. - * Link libfreeradius-radius against OpenSSL too, to avoid - multi-version symbols in SSL libraries. - * When rlm_ldap rebinds a connection, it should use bind - credentials from the module that created the connection - pool, not credentials from the module referencing it. - * Empty server config pairs should be allowed in rlm_ldap - instances that reference another module's connection pool. - * Mark rlm_always as huppable, so its rcode can be changed - via radmin (allows policy toggles). - * Emit warnings when ignoring user configured pool values. - * Fix issue that would cause radclient to complain - intermittently about differing numbers of filters and - requests. - * Fix cosmetic issues in connection pool logging, that made - it appear as if the same connection was being opened - multiple times. - * Fix threadsafety issues in SQL drivers, where a static - buffer was used to store error messages. - * Log RERROR, RWARN, RINFO to the global log if request - logging is not enabled. - * Link to libldap instead of libldap_r. libldap_r - is not supported for use by projects outside of OpenLDAP. - * Set connection timeout correctly in rlm_sql_mysql. - * Build with older versions of libcurl, and use CFLAGS from - curl-config. - * Honour Packet-Src-Port and Packet-Src-IP-address in radclient. - * Initialise ldapai_info_version field, so libldap will report - its vendor and version. - * Fix log rotation scripts by using the copyrotate option. - * Fix issue that caused opening control sockets to always - fail on non-Linux systems, if a user or group was set. - * Save Session-State after proxying. - * Additional fixes for reading CoA/DM requests from detail - files. - * Create dynamic clients if the dynamic clients virtual server - returns ok *or* updated. Emit useful messages for other codes. - * Compile bare "authorize" statements, and issue errors saying - using them isn't a good idea. + * for a detailed list of changes look at: + /usr/share/doc/packages/freeradius-server/ChangeLog +- new set of consolidated patch files: + deleted: + * freeradius-server-2.1.1-logrotate_su.patch + * freeradius-server-2.1.6-rcradiusd.patch + * freeradius-server-initscript-pidfile.patch + * freeradius-server-radius-reload-logrotate.patch + * freeradius-server-var_run.patch + added: + * freeradius-server-radiusd-logrotate.patch + * freeradius-server-rcradiusd.patch + * freeradius-server-tmpfiles.patch ------------------------------------------------------------------- Wed Jan 14 13:10:11 UTC 2015 - tchvatal@suse.com diff --git a/freeradius-server.spec b/freeradius-server.spec index c34df9b..ddb026e 100644 --- a/freeradius-server.spec +++ b/freeradius-server.spec @@ -1,7 +1,7 @@ # # spec file for package freeradius-server # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,6 +33,7 @@ Source2: freeradius-tmpfiles.conf Patch1: freeradius-server-tmpfiles.patch Patch2: freeradius-server-radiusd-logrotate.patch Patch3: freeradius-server-rcradiusd.patch +Patch4: freeradius-server-fix-cert-bootstrap.patch BuildRequires: apache2-devel BuildRequires: cyrus-sasl-devel BuildRequires: db-devel @@ -188,6 +189,7 @@ This plugin provides the SQLite support for the FreeRADIUS server project. %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 %build modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")"