OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=14

2009-02-10 17:49:14 +00:00 · 2009-02-10 17:49:14 +00:00 · 2faa385271
commit 2faa385271
parent a535d7c783
11 changed files with 123 additions and 138 deletions
--- a/freeradius-server-2.1.1-CVE-2008-4474.patch
+++ b/freeradius-server-2.1.1-CVE-2008-4474.patch
@ -1,123 +0,0 @@
--- dialup_admin/bin/clean_radacct
-+++ dialup_admin/bin/clean_radacct
-@@ -5,6 +5,7 @@
- # Works with mysql and postgresql
- #
- use POSIX;
-+use File::Temp;
- 
- $conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
- $back_days = 35;
-@@ -42,11 +43,10 @@
- 
- $query = "DELETE FROM $sql_accounting_table WHERE AcctStopTime IS NULL AND AcctStartTime < '$date';";
- print "$query\n";
-open TMP, ">/tmp/clean_radacct.query"
-        or die "Could not open tmp file\n";
-print TMP $query;
-close TMP;
-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/clean_radacct.query" if ($sql_type eq 'mysql');
-$command = "$sqlcmd  -U $sql_username -f /tmp/clean_radacct.query $sql_database" if ($sql_type eq 'pg');
-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/clean_radacct.query" if ($sql_type eq 'sqlrelay');
-+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
-+print $fh $query;
-+close $fh;
-+$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
-+$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
-+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
- `$command`;
--- dialup_admin/bin/monthly_tot_stats
-+++ dialup_admin/bin/monthly_tot_stats
-@@ -1,5 +1,6 @@
- #!/usr/bin/perl
- use POSIX;
-+use File::Temp;
- 
- # Log in the mtotacct table aggregated accounting information for
- # each user spaning in one month period.
-@@ -51,14 +52,13 @@
- 	AcctDate <= '$date_end' GROUP BY UserName,NASIPAddress;";
- print "$query1\n";
- print "$query2\n";
-open TMP, ">/tmp/tot_stats.query"
-	or die "Could not open tmp file\n";
-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
-print TMP $query1;
-print TMP $query2;
-close TMP;
-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
-$command = "$sqlcmd  -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
-+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
-+print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
-+print $fh $query1;
-+print $fh $query2;
-+close $fh;
-+$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
-+$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
- $command = "$sqlcmd  $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
-+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
- `$command`;
--- dialup_admin/bin/tot_stats
-+++ dialup_admin/bin/tot_stats
-@@ -1,5 +1,6 @@
- #!/usr/bin/perl
- use POSIX;
-+use File::Temp;
- 
- # Log in the totacct table aggregated daily accounting information for
- # each user.
-@@ -48,14 +49,13 @@
- 	AcctStopTime < '$date_end' GROUP BY UserName,NASIPAddress;";
- print "$query1\n";
- print "$query2\n";
-open TMP, ">/tmp/tot_stats.query"
-	or die "Could not open tmp file\n";
-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
-print TMP $query1;
-print TMP $query2;
-close TMP;
-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
-$command = "$sqlcmd  -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
-+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
-+print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
-+print $fh $query1;
-+print $fh $query2;
-+close $fh;
-+$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
-+$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
- $command = "$sqlcmd  $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
-+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
- `$command`;
--- dialup_admin/bin/truncate_radacct
-+++ dialup_admin/bin/truncate_radacct
-@@ -5,6 +5,7 @@
- # Works with mysql and postgresql
- #
- use POSIX;
-+use File::Temp;
- 
- $conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
- $back_days = 90;
-@@ -44,13 +45,12 @@
- $query .= "DELETE FROM $sql_accounting_table WHERE AcctStopTime < '$date' AND AcctStopTime IS NOT NULL ;";
- $query .= "UNLOCK TABLES;" if ($sql_type eq 'mysql');
- print "$query\n";
-open TMP, ">/tmp/truncate_radacct.query"
-        or die "Could not open tmp file\n";
-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
-print TMP $query;
-close TMP;
-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/truncate_radacct.query" if ($sql_type eq 'mysql');
-$command = "$sqlcmd  -U $sql_username -f /tmp/truncate_radacct.query $sql_database" if ($sql_type eq 'pg');
-+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
-+print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
-+print $fh $query;
-+close $fh;
-+$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
-+$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
- $command = "$sqlcmd  $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/truncate_radacct.query" if ($sql_type eq 'sqlrelay');
-+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
- `$command`;
--- a/freeradius-server-2.1.1.tar.bz2
+++ b/freeradius-server-2.1.1.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d675601c0bde53d0f2f32d5280d8271ae7a546dcc251fb94ae6d5168fd04adfe
-size 2366923
--- a/freeradius-server-2.1.3-codecleanup.patch
+++ b/freeradius-server-2.1.3-codecleanup.patch
--- a/freeradius-server-2.1.3-dialup_admin.patch
+++ b/freeradius-server-2.1.3-dialup_admin.patch
@ -17,9 +17,9 @@
 +`/usr/bin/gzip -9 $backup_directory/$date3`;
 --- dialup_admin/bin/clean_radacct
 +++ dialup_admin/bin/clean_radacct
-@@ -6,7 +6,7 @@
- #
+@@ -7,7 +7,7 @@
 use POSIX;
+ use File::Temp;
 
 -$conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
 +$conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
@ -52,7 +52,7 @@
 +15 0 1 * * /usr/share/dialup_admin/bin/clean_radacct >/dev/null 2>&1
 --- dialup_admin/bin/log_badlogins
 +++ dialup_admin/bin/log_badlogins
-@@ -17,7 +17,7 @@
+@@ -18,7 +18,7 @@
 $|=1;
 
 $file=shift||'none';
@ -63,7 +63,7 @@
 # Uncomment to force inserts even if there are sql errors. That can
 --- dialup_admin/bin/monthly_tot_stats
 +++ dialup_admin/bin/monthly_tot_stats
-@@ -8,7 +8,7 @@
+@@ -9,7 +9,7 @@
 # Works only with mysql and postgresql
 #
 
@ -96,7 +96,7 @@
 while(<CONF>){
 --- dialup_admin/bin/tot_stats
 +++ dialup_admin/bin/tot_stats
-@@ -7,7 +7,7 @@
+@@ -8,7 +8,7 @@
 # Works with mysql and postgresql
 #
 
@ -107,9 +107,9 @@
 open CONF, "<$conf"
 --- dialup_admin/bin/truncate_radacct
 +++ dialup_admin/bin/truncate_radacct
-@@ -6,7 +6,7 @@
- #
+@@ -7,7 +7,7 @@
 use POSIX;
+ use File::Temp;
 
 -$conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
 +$conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
--- a/freeradius-server-2.1.3-edir-64bit.patch
+++ b/freeradius-server-2.1.3-edir-64bit.patch
@ -0,0 +1,11 @@
+--- src/modules/rlm_ldap/rlm_ldap.c
+++ src/modules/rlm_ldap/rlm_ldap.c
+@@ -1849,7 +1849,7 @@
+ 		LDAP_CONN       *conn1;
+ 		int auth_state = -1;
+ 		char            *challenge = NULL;
+-		int             challenge_len = MAX_CHALLENGE_LEN;
+		size_t          challenge_len = MAX_CHALLENGE_LEN;
+ 		char            *state = NULL;
+ 
+ 		dattr = dict_attrbyname("eDir-APC");
--- a/freeradius-server-2.1.3-ltdl.patch
+++ b/freeradius-server-2.1.3-ltdl.patch
@ -30,7 +30,7 @@
 		       eaptype_name, lt_dlerror());
 --- src/modules/rlm_sql/rlm_sql.c
 +++ src/modules/rlm_sql/rlm_sql.c
-@@ -821,7 +821,11 @@
+@@ -830,7 +830,11 @@
 		return -1;
 	}
 
--- a/freeradius-server-2.1.3-overflow.patch
+++ b/freeradius-server-2.1.3-overflow.patch
@ -0,0 +1,11 @@
+--- src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c
+++ src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c
+@@ -771,7 +771,7 @@
+ 
+ 			nasip.s_addr = vp->vp_ipaddr;
+ 			strncpy(nasipstr, inet_ntoa(nasip), sizeof(nasipstr) - 1);
+-			nasipstr[sizeof(nasipstr)] = 0;
+			nasipstr[sizeof(nasipstr) - 1] = 0;
+ 
+ 			if (!nvp_query(__LINE__, data, sqlsock,
+ 			    "UPDATE `%s`.`ips`, `radacct` "
--- a/freeradius-server-2.1.3-rcradiusd.patch
+++ b/freeradius-server-2.1.3-rcradiusd.patch
--- a/freeradius-server-2.1.3.tar.bz2
+++ b/freeradius-server-2.1.3.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:984cf7f3418de8f2abe1e599827264495cef1d234cce4abe05a06a4b6419db1a
+size 2380451
--- a/freeradius-server.changes
+++ b/freeradius-server.changes
@ -1,3 +1,49 @@
+-------------------------------------------------------------------
+Tue Feb 10 10:38:27 CET 2009 - prusnak@suse.cz
+
+- updated to 2.1.3
+  o Feature Improvements
+    * Allow running with user=radiusd and binding to secure sockets.
+    * Start sending Status-Server "are you alive" messages earlier,
+      which helps with proxying multiple realms to a home server.
+    * Removed thread pool code from rlm_perl. It's not necessary.
+    * Added example Perl configuration to raddb/modules/perl
+    * Force OpenSSL to support certificates with SHA256. This seems
+      to be necessary for WiMAX certs.
+  o Bug Fixes
+    * Fix Debian patch to allow it to build.
+    * Fix potential NULL dereference in debugging mode on certain
+      platforms for TTLS and PEAP inner tunnels.
+    * Fix uninitialized memory in handling of vendor definitions
+    * Fix parsing of quoted (but non-string) attributes in
+      the users< file.
+    * Initialize unknown NAS IP to 255.255.255.255, rather than 0.0.0.0
+    * use SUN_LEN in control socket, to avoid truncation on some platforms.
+    * Correct internal handling of debug condition to prevent it
+      from being over-written.
+    * Check return code of regcomp in unlang, so that invalid regular
+      expressions are caught rather than mishandled.
+    * Make rlm_sql use <ltdl.h>. Addresses bug #610.
+    * Document list "type = status" better. Closes bug #580.
+    * Set "default days" for certificates, because OpenSSL won't do it.
+      This closes bug #615.
+    * Reference correct list in example raddb/modules/ldap. Closes #596.
+    * Increase default schema size for Acct-Session-Id to 64. Closes #540.
+    * Fix use of temporary files in dialup-admin. Closes #605
+      and addresses CVE-2008-4474.
+    * Addressed a number of minor issues found by Coverity.
+    * Added DHCP option 150 to the dictionary. Closes #618.
+
+- removed CVE-2008-4474.patch (included in update)
+
+- fixed buffer overflow (overflow.patch)
+
+-------------------------------------------------------------------
+Tue Feb 10 10:19:32 CET 2009 - prusnak@suse.cz
+
+- fixed eDirectory bug on 64bit architectures (edir-64bit.patch)
+  [bnc#474006]
+
 -------------------------------------------------------------------
 Fri Feb  6 15:19:04 CET 2009 - prusnak@suse.cz

--- a/freeradius-server.spec
+++ b/freeradius-server.spec
@ -1,5 +1,5 @@
 #
-# spec file for package freeradius-server (Version 2.1.1)
+# spec file for package freeradius-server (Version 2.1.3)
 #
 # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@ -18,8 +18,8 @@


 Name:           freeradius-server
-Version:        2.1.1
-Release:        6
+Version:        2.1.3
+Release:        1
 License:        GPL v2 only; LGPL v2.1 only
 Group:          Productivity/Networking/Radius/Servers
 Provides:       radiusd
@ -33,7 +33,8 @@ Patch0:         %{name}-%{version}-ltdl.patch
 Patch1:         %{name}-%{version}-dialup_admin.patch
 Patch2:         %{name}-%{version}-rcradiusd.patch
 Patch3:         %{name}-%{version}-codecleanup.patch
-Patch4:         %{name}-%{version}-CVE-2008-4474.patch
+Patch4:         %{name}-%{version}-edir-64bit.patch
+Patch5:         %{name}-%{version}-overflow.patch
 PreReq:         perl openssl pwdutils coreutils
 PreReq:         %insserv_prereq %fillup_prereq
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@ -210,6 +211,7 @@ Authors:
 %patch2
 %patch3
 %patch4
+%patch5

 %build
 #export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -fPIC -DPIC"
@ -435,6 +437,44 @@ rm -rf $RPM_BUILD_ROOT
 %attr(644,root,root) %{_includedir}/freeradius/*.h

 %changelog
+* Tue Feb 10 2009 prusnak@suse.cz
+- updated to 2.1.3
+  o Feature Improvements
+  * Allow running with user=radiusd and binding to secure sockets.
+  * Start sending Status-Server "are you alive" messages earlier,
+  which helps with proxying multiple realms to a home server.
+  * Removed thread pool code from rlm_perl. It's not necessary.
+  * Added example Perl configuration to raddb/modules/perl
+  * Force OpenSSL to support certificates with SHA256. This seems
+  to be necessary for WiMAX certs.
+  o Bug Fixes
+  * Fix Debian patch to allow it to build.
+  * Fix potential NULL dereference in debugging mode on certain
+  platforms for TTLS and PEAP inner tunnels.
+  * Fix uninitialized memory in handling of vendor definitions
+  * Fix parsing of quoted (but non-string) attributes in
+  the users< file.
+  * Initialize unknown NAS IP to 255.255.255.255, rather than 0.0.0.0
+  * use SUN_LEN in control socket, to avoid truncation on some platforms.
+  * Correct internal handling of debug condition to prevent it
+  from being over-written.
+  * Check return code of regcomp in unlang, so that invalid regular
+  expressions are caught rather than mishandled.
+  * Make rlm_sql use <ltdl.h>. Addresses bug #610.
+  * Document list "type = status" better. Closes bug #580.
+  * Set "default days" for certificates, because OpenSSL won't do it.
+  This closes bug #615.
+  * Reference correct list in example raddb/modules/ldap. Closes #596.
+  * Increase default schema size for Acct-Session-Id to 64. Closes #540.
+  * Fix use of temporary files in dialup-admin. Closes #605
+  and addresses CVE-2008-4474.
+  * Addressed a number of minor issues found by Coverity.
+  * Added DHCP option 150 to the dictionary. Closes #618.
+- removed CVE-2008-4474.patch (included in update)
+- fixed buffer overflow (overflow.patch)
+* Tue Feb 10 2009 prusnak@suse.cz
+- fixed eDirectory bug on 64bit architectures (edir-64bit.patch)
+  [bnc#474006]
 * Fri Feb 06 2009 prusnak@suse.cz
 - moved manpages from section 1 to utils subpackage [bnc#469682]
 * Fri Jan 09 2009 prusnak@suse.cz