Accepting request 499628 from home:adamm:branches:network
- update to 3.0.14 (still FATE#322416) Feature improvements * Enforce TLS client certificate expiration on session resumption, and Session-Timeout. See CVE-2017-9148 (bnc#1041445) * Updated dictionary.cisco.vpn3000, dictionary.patton * Added dictionary.dellemc * Lowered the log output for failed PEAP sessions. * ALlow utc in rlm_date. * The internal OpenSSL session cache has been disabled. Please see mods-available/eap * Update detail reader documentation. * Make outgoing RadSec connections non-blocking. * Add SQL backing to Moonshot-*-TargetedId generation. Bug Fixes * radtest uses Cleartext-Password for EAP, not User-Password. * Update documentation for mods-enabled/ linking. * Enhanced checks for moonshot salt. * Allow session resumption for RadSec connections. * Update "huntgroups" file to note that port ranges are not supported * Fix OpenSSL permissions issues on default key files. * Certificates are not required when PSK is used. * Allow SubjectAltName as first extension in cert. * Fixed talloc issue with TLS session resumption. * "&Attr-26 := 0x01" now produces useful error messages. * Handle connection error in rlm_ldap_cacheable_groupobj. * Fix endian issues in DHCP. * Multiple minor fixes for Coverity complaints. * Handle unexpected regex. * Fix minor issues in dictionaries. * Fix typos and grammar. Patches from Alan Buxey. * Fix erroneous VP creation in rlm_preproces. * Fix MIB. Patch from Jeff Gehlbach. * Trust router updates from Alejandro Perez. * Allow build with LibreSSL. * Use correct packet for channel bindings. * Many fixes found by PVS-Studio. Thanks to PVS-Studio for giving us a test license. Please see the git commit history for more info. * Fix incorrect length check in EAP-PWD. This may be exploitable. * Stop rotating session database files (radutmp, radwtmp) since these are not logfiles. - freeradius-server-radiusd-logrotate.patch: updated OBS-URL: https://build.opensuse.org/request/show/499628 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=98
This commit is contained in:
parent
2e31162933
commit
44d1db1d6e
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:b3be0d8849878c31af0a5375d20b7b20c9d1c1572e89dc3f22992824cefffb84
|
|
||||||
size 3031744
|
|
Binary file not shown.
3
freeradius-server-3.0.14.tar.bz2
Normal file
3
freeradius-server-3.0.14.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:2771f6ecd6c816ac4d52b66bb8ae6781ca20e1e4984c5804fc4e67de3a807c59
|
||||||
|
size 3037721
|
BIN
freeradius-server-3.0.14.tar.bz2.sig
Normal file
BIN
freeradius-server-3.0.14.tar.bz2.sig
Normal file
Binary file not shown.
@ -1,6 +1,8 @@
|
|||||||
--- freeradius-server-3.0.8.orig/suse/radiusd-logrotate 2015-04-22 19:21:34.000000000 +0200
|
Index: freeradius-server-3.0.14/suse/radiusd-logrotate
|
||||||
+++ freeradius-server-3.0.8.suse/suse/radiusd-logrotate 2015-04-23 10:15:52.847179845 +0200
|
===================================================================
|
||||||
@@ -16,13 +16,18 @@
|
--- freeradius-server-3.0.14.orig/suse/radiusd-logrotate
|
||||||
|
+++ freeradius-server-3.0.14/suse/radiusd-logrotate
|
||||||
|
@@ -16,13 +16,18 @@ notifempty
|
||||||
# The main server log
|
# The main server log
|
||||||
#
|
#
|
||||||
/var/log/radius/radius.log {
|
/var/log/radius/radius.log {
|
||||||
@ -19,15 +21,7 @@
|
|||||||
nocreate
|
nocreate
|
||||||
size=+1024k
|
size=+1024k
|
||||||
}
|
}
|
||||||
@@ -31,6 +36,7 @@
|
@@ -31,6 +36,7 @@ notifempty
|
||||||
# Session database modules
|
|
||||||
#
|
|
||||||
/var/log/radius/radutmp /var/log/radius/radwtmp {
|
|
||||||
+ su radiusd radiusd
|
|
||||||
nocreate
|
|
||||||
size=+2048k
|
|
||||||
}
|
|
||||||
@@ -39,6 +45,7 @@
|
|
||||||
# SQL log files
|
# SQL log files
|
||||||
#
|
#
|
||||||
/var/log/radius/sqllog.sql {
|
/var/log/radius/sqllog.sql {
|
||||||
@ -35,7 +29,7 @@
|
|||||||
nocreate
|
nocreate
|
||||||
size=+2048k
|
size=+2048k
|
||||||
}
|
}
|
||||||
@@ -51,6 +58,7 @@
|
@@ -43,6 +49,7 @@ notifempty
|
||||||
# second technique, you will need another cron job that removes old
|
# second technique, you will need another cron job that removes old
|
||||||
# detail files. You do not need to comment out the below for method #2.
|
# detail files. You do not need to comment out the below for method #2.
|
||||||
/var/log/radius/radacct/*/detail {
|
/var/log/radius/radacct/*/detail {
|
||||||
|
@ -1,3 +1,51 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 29 12:40:52 UTC 2017 - adam.majer@suse.de
|
||||||
|
|
||||||
|
- update to 3.0.14 (still FATE#322416)
|
||||||
|
|
||||||
|
Feature improvements
|
||||||
|
* Enforce TLS client certificate expiration on session resumption,
|
||||||
|
and Session-Timeout. See CVE-2017-9148 (bnc#1041445)
|
||||||
|
* Updated dictionary.cisco.vpn3000, dictionary.patton
|
||||||
|
* Added dictionary.dellemc
|
||||||
|
* Lowered the log output for failed PEAP sessions.
|
||||||
|
* ALlow utc in rlm_date.
|
||||||
|
* The internal OpenSSL session cache has been disabled.
|
||||||
|
Please see mods-available/eap
|
||||||
|
* Update detail reader documentation.
|
||||||
|
* Make outgoing RadSec connections non-blocking.
|
||||||
|
* Add SQL backing to Moonshot-*-TargetedId generation.
|
||||||
|
|
||||||
|
Bug Fixes
|
||||||
|
* radtest uses Cleartext-Password for EAP, not User-Password.
|
||||||
|
* Update documentation for mods-enabled/ linking.
|
||||||
|
* Enhanced checks for moonshot salt.
|
||||||
|
* Allow session resumption for RadSec connections.
|
||||||
|
* Update "huntgroups" file to note that port ranges are not supported
|
||||||
|
* Fix OpenSSL permissions issues on default key files.
|
||||||
|
* Certificates are not required when PSK is used.
|
||||||
|
* Allow SubjectAltName as first extension in cert.
|
||||||
|
* Fixed talloc issue with TLS session resumption.
|
||||||
|
* "&Attr-26 := 0x01" now produces useful error messages.
|
||||||
|
* Handle connection error in rlm_ldap_cacheable_groupobj.
|
||||||
|
* Fix endian issues in DHCP.
|
||||||
|
* Multiple minor fixes for Coverity complaints.
|
||||||
|
* Handle unexpected regex.
|
||||||
|
* Fix minor issues in dictionaries.
|
||||||
|
* Fix typos and grammar. Patches from Alan Buxey.
|
||||||
|
* Fix erroneous VP creation in rlm_preproces.
|
||||||
|
* Fix MIB. Patch from Jeff Gehlbach.
|
||||||
|
* Trust router updates from Alejandro Perez.
|
||||||
|
* Allow build with LibreSSL.
|
||||||
|
* Use correct packet for channel bindings.
|
||||||
|
* Many fixes found by PVS-Studio. Thanks to PVS-Studio for giving us
|
||||||
|
a test license. Please see the git commit history for more info.
|
||||||
|
* Fix incorrect length check in EAP-PWD. This may be exploitable.
|
||||||
|
* Stop rotating session database files (radutmp, radwtmp) since
|
||||||
|
these are not logfiles.
|
||||||
|
|
||||||
|
- freeradius-server-radiusd-logrotate.patch: updated
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Mar 6 23:07:21 UTC 2017 - michael@stroeder.com
|
Mon Mar 6 23:07:21 UTC 2017 - michael@stroeder.com
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
%define apxs2 apxs2-prefork
|
%define apxs2 apxs2-prefork
|
||||||
%define apache2_sysconfdir %(%{_sbindir}/%{apxs2} -q SYSCONFDIR)
|
%define apache2_sysconfdir %(%{_sbindir}/%{apxs2} -q SYSCONFDIR)
|
||||||
Name: freeradius-server
|
Name: freeradius-server
|
||||||
Version: 3.0.13
|
Version: 3.0.14
|
||||||
Release: 0
|
Release: 0
|
||||||
|
|
||||||
%if 0%{?suse_version} > 1140
|
%if 0%{?suse_version} > 1140
|
||||||
@ -431,6 +431,8 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{unitname}.conf
|
|||||||
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/files
|
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/files
|
||||||
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/files/*
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/files/*
|
||||||
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/preprocess
|
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/preprocess
|
||||||
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/*
|
||||||
|
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids
|
||||||
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/preprocess/*
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/preprocess/*
|
||||||
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python
|
%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python
|
||||||
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/python/radiusd.py
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/python/radiusd.py
|
||||||
@ -515,6 +517,7 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{unitname}.conf
|
|||||||
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/logintime
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/logintime
|
||||||
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/mac2ip
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/mac2ip
|
||||||
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/mac2vlan
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/mac2vlan
|
||||||
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/moonshot-targeted-ids
|
||||||
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/mschap
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/mschap
|
||||||
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/ntlm_auth
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/ntlm_auth
|
||||||
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/opendirectory
|
%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/opendirectory
|
||||||
|
Loading…
Reference in New Issue
Block a user