pool/freeradius-server
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=10

Browse Source
This commit is contained in:
OBS User unknown 2008-10-09 10:18:30 +00:00 committed by Git OBS Bridge
parent 93f55145bf
commit 679d1a9c1f
9 changed files with 425 additions and 250 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
freeradius-server-2.1.0.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:03e950b1de76a0753ef6b387bcdf1d618552e32ea78abbf97b6158c64df54928
size 2333292

123
freeradius-server-2.1.1-CVE-2008-4474.patch Normal file
View File

@ -0,0 +1,123 @@
--- dialup_admin/bin/clean_radacct
+++ dialup_admin/bin/clean_radacct
@@ -5,6 +5,7 @@
# Works with mysql and postgresql
#
use POSIX;
+use File::Temp;
$conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
$back_days = 35;
@@ -42,11 +43,10 @@
$query = "DELETE FROM $sql_accounting_table WHERE AcctStopTime IS NULL AND AcctStartTime < '$date';";
print "$query\n";
-open TMP, ">/tmp/clean_radacct.query"
- or die "Could not open tmp file\n";
-print TMP $query;
-close TMP;
-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/clean_radacct.query" if ($sql_type eq 'mysql');
-$command = "$sqlcmd -U $sql_username -f /tmp/clean_radacct.query $sql_database" if ($sql_type eq 'pg');
-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/clean_radacct.query" if ($sql_type eq 'sqlrelay');
+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
+print $fh $query;
+close $fh;
+$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
+$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg');
+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
`$command`;
--- dialup_admin/bin/monthly_tot_stats
+++ dialup_admin/bin/monthly_tot_stats
@@ -1,5 +1,6 @@
#!/usr/bin/perl
use POSIX;
+use File::Temp;
# Log in the mtotacct table aggregated accounting information for
# each user spaning in one month period.
@@ -51,14 +52,13 @@
AcctDate <= '$date_end' GROUP BY UserName,NASIPAddress;";
print "$query1\n";
print "$query2\n";
-open TMP, ">/tmp/tot_stats.query"
- or die "Could not open tmp file\n";
-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
-print TMP $query1;
-print TMP $query2;
-close TMP;
-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
-$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
+print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+print $fh $query1;
+print $fh $query2;
+close $fh;
+$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
+$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg');
$command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
`$command`;
--- dialup_admin/bin/tot_stats
+++ dialup_admin/bin/tot_stats
@@ -1,5 +1,6 @@
#!/usr/bin/perl
use POSIX;
+use File::Temp;
# Log in the totacct table aggregated daily accounting information for
# each user.
@@ -48,14 +49,13 @@
AcctStopTime < '$date_end' GROUP BY UserName,NASIPAddress;";
print "$query1\n";
print "$query2\n";
-open TMP, ">/tmp/tot_stats.query"
- or die "Could not open tmp file\n";
-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
-print TMP $query1;
-print TMP $query2;
-close TMP;
-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
-$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
+print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+print $fh $query1;
+print $fh $query2;
+close $fh;
+$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
+$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg');
$command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
`$command`;
--- dialup_admin/bin/truncate_radacct
+++ dialup_admin/bin/truncate_radacct
@@ -5,6 +5,7 @@
# Works with mysql and postgresql
#
use POSIX;
+use File::Temp;
$conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
$back_days = 90;
@@ -44,13 +45,12 @@
$query .= "DELETE FROM $sql_accounting_table WHERE AcctStopTime < '$date' AND AcctStopTime IS NOT NULL ;";
$query .= "UNLOCK TABLES;" if ($sql_type eq 'mysql');
print "$query\n";
-open TMP, ">/tmp/truncate_radacct.query"
- or die "Could not open tmp file\n";
-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
-print TMP $query;
-close TMP;
-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/truncate_radacct.query" if ($sql_type eq 'mysql');
-$command = "$sqlcmd -U $sql_username -f /tmp/truncate_radacct.query $sql_database" if ($sql_type eq 'pg');
+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
+print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+print $fh $query;
+close $fh;
+$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
+$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg');
$command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/truncate_radacct.query" if ($sql_type eq 'sqlrelay');
+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
`$command`;

0
freeradius-server-2.1.0-codecleanup.patch → freeradius-server-2.1.1-codecleanup.patch
View File

0
freeradius-server-2.1.0-dialup_admin.patch → freeradius-server-2.1.1-dialup_admin.patch
View File

0
freeradius-server-2.1.0-ltdl.patch → freeradius-server-2.1.1-ltdl.patch
View File

0
freeradius-server-2.1.0-rcradiusd.patch → freeradius-server-2.1.1-rcradiusd.patch
View File

3
freeradius-server-2.1.1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d675601c0bde53d0f2f32d5280d8271ae7a546dcc251fb94ae6d5168fd04adfe
size 2366923

516
freeradius-server.changes
View File

@ -1,7 +1,35 @@
-------------------------------------------------------------------
Thu Oct 9 11:41:06 CEST 2008 - prusnak@suse.cz
- fixed CVE-2008-4474 [bnc#433762]
-------------------------------------------------------------------
Thu Oct 9 11:37:04 CEST 2008 - prusnak@suse.cz
- updated to 2.1.1
o Feature Improvements
* Many more options and features are available via radmin.
See man radmin and raddb/sites-available/control-socket.
* Many more commands available via the control socket.
Connect via radmin, and type help for more information.
* Added dictionary.networkphysics and dictionary.lancom.
* Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.
o Bug Fixes
* Fixed bug that made radmin not work.
* Fixed Suse && Debian package scripts.
* Fixed issues with dynamic clients.
* Fixed configure checks for -lreadline
* rlm_sqlippool no longer needs to be linked to rlm_sql.
* Add statistics for detail file listeners. This closes bug #593.
* Fixed printing of some WiMAX attributes.
* Fixed double free on exit() in rlm_attr_filter.
* Fixed build issues on Solaris.
* Fixed fast session resumption for EAP-TLS.
-------------------------------------------------------------------
Mon Sep 15 12:37:31 CEST 2008 - ro@suse.de
- make radrelay a hardlink to radiusday (instead of identical copy)
- make radrelay a hardlink to radiusday (instead of identical copy)
-------------------------------------------------------------------
Tue Sep 9 19:49:08 CEST 2008 - prusnak@suse.cz
@ -55,72 +83,72 @@ Tue Aug 26 12:01:12 CEST 2008 - pth@suse.de
Wed Jul 23 11:06:13 CEST 2008 - prusnak@suse.cz
- updated to 2.0.5
Feature improvements
* Permit SQL authorize_reply_query to be empty.
* Allow setting response packet type in Post-Proxy-Type Fail
handler.
* Added install-chown target to set correct permission and ownership
make RADMIN=radmin RGROUP=radius install-chown
* Support for LDAP-Group and other dynamic comparison attributes
in unlang. Developed from a patch by Jason Alderfer.
* Added chroot support. See radiusd.conf for comments.
* Allow clients of 0/0. We do not recommend using this, though.
* Moved many module configurations into raddb/modules/*
Bug fixes
* Allow proxying to virtual servers for accounting packets, too.
* Added "num fields" function to PostgreSQL client.
* Updated proxy fallback mechanism to validate fallback servers,
and to process fallback requests in a child thread.
* rlm_realm returns "ok" for LOCAL realms, not "noop".
* Fixed some DHCP code handling. The examples should now work.
Feature improvements
* Permit SQL authorize_reply_query to be empty.
* Allow setting response packet type in Post-Proxy-Type Fail
handler.
* Added install-chown target to set correct permission and ownership
make RADMIN=radmin RGROUP=radius install-chown
* Support for LDAP-Group and other dynamic comparison attributes
in unlang. Developed from a patch by Jason Alderfer.
* Added chroot support. See radiusd.conf for comments.
* Allow clients of 0/0. We do not recommend using this, though.
* Moved many module configurations into raddb/modules/*
Bug fixes
* Allow proxying to virtual servers for accounting packets, too.
* Added "num fields" function to PostgreSQL client.
* Updated proxy fallback mechanism to validate fallback servers,
and to process fallback requests in a child thread.
* rlm_realm returns "ok" for LOCAL realms, not "noop".
* Fixed some DHCP code handling. The examples should now work.
- updated to 2.0.4
Feature improvements
* Allow "virtual_server" in "realm" and "home_server" sections.
See raddb/proxy.conf and raddb/sites-available/virtual.example.com.
* Allow "passwd" module to be listed in "accounting" and "post-auth".
* Added "fallback" to "home_server_pool" configuration, to handle
the case of all home servers being dead. See raddb/proxy.conf.
* Added sample text to raddb/sites-available/inner-tunnel which
can simplify debugging of inner tunnel configurations.
* Added regular expression matching in realm names. See
raddb/proxy.conf for examples.
* Added simple DHCP server functionality. For comments, see
raddb/sites-available/dhcp.
* Added file globbing capabilities to detail file reader
* Added sample raddb/sites-available/robust-proxy-accounting
* Clients in SQL can now refer to a virtual server.
Patch from Michael Bretterklieber.
* Added some examples of creating RADIUS administrator in SQL,
and assigning appropriate access rights.
Bug fixes
* Install all files in raddb/sites-available
* Allow non-threaded builds.
* Don't treat '0x' as special for known attributes that are not
of type "octets".
* Fix log error in rlm_pap.
* Remove documentation about non-existent functionality.
* Updated warning messages in debug output.
* Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
This fix was supposed to go into 2.0.3, but did not make it.
* Fix event handling in debug mode for failed proxy requests.
* Fix memleak in fifos. Closes #537.
* Fix memleak on blocked threads. Closes #538.
* Perform additional checks on NULL realms. Closes #541.
* Fix handling of "clients" in "listen" section.
* When detail file cannot process a packet, sleep for longer
to let the rest of the server do something.
* Add missing table to raddb/sql/mssql/schema.sql. Closes #545.
* Updated rlm_sql_postgresql to build with PostgreSQL 7.x.
Closes #533.
* Fix "postauth" of rlm_ldap to look for LDAP-UserDn in the
correct place.
* Update rlm_attr_filter for some corner cases. Closes #543.
* Fixed memory leak in libfreeradius event handler.
* In the SQL Accounting on/off queries, remove the restriction
that the session time had to be zero.
Feature improvements
* Allow "virtual_server" in "realm" and "home_server" sections.
See raddb/proxy.conf and raddb/sites-available/virtual.example.com.
* Allow "passwd" module to be listed in "accounting" and "post-auth".
* Added "fallback" to "home_server_pool" configuration, to handle
the case of all home servers being dead. See raddb/proxy.conf.
* Added sample text to raddb/sites-available/inner-tunnel which
can simplify debugging of inner tunnel configurations.
* Added regular expression matching in realm names. See
raddb/proxy.conf for examples.
* Added simple DHCP server functionality. For comments, see
raddb/sites-available/dhcp.
* Added file globbing capabilities to detail file reader
* Added sample raddb/sites-available/robust-proxy-accounting
* Clients in SQL can now refer to a virtual server.
Patch from Michael Bretterklieber.
* Added some examples of creating RADIUS administrator in SQL,
and assigning appropriate access rights.
Bug fixes
* Install all files in raddb/sites-available
* Allow non-threaded builds.
* Don't treat '0x' as special for known attributes that are not
of type "octets".
* Fix log error in rlm_pap.
* Remove documentation about non-existent functionality.
* Updated warning messages in debug output.
* Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
This fix was supposed to go into 2.0.3, but did not make it.
* Fix event handling in debug mode for failed proxy requests.
* Fix memleak in fifos. Closes #537.
* Fix memleak on blocked threads. Closes #538.
* Perform additional checks on NULL realms. Closes #541.
* Fix handling of "clients" in "listen" section.
* When detail file cannot process a packet, sleep for longer
to let the rest of the server do something.
* Add missing table to raddb/sql/mssql/schema.sql. Closes #545.
* Updated rlm_sql_postgresql to build with PostgreSQL 7.x.
Closes #533.
* Fix "postauth" of rlm_ldap to look for LDAP-UserDn in the
correct place.
* Update rlm_attr_filter for some corner cases. Closes #543.
* Fixed memory leak in libfreeradius event handler.
* In the SQL Accounting on/off queries, remove the restriction
that the session time had to be zero.
- dropped obsoleted patches
* event-fifo-threads.patch (included in update)
@ -142,73 +170,73 @@ Mon May 5 15:02:10 CEST 2008 - pth@suse.de
Wed Mar 19 17:23:48 CET 2008 - prusnak@suse.cz
- updated to 2.0.3
Feature improvements
* Updated raddb/certs/ca.cnf with extensions to allow ca.der
to be imported as a CA on Symbian and Windows Mobile devices.
Closes bug #524
* Enable multiple matches in "hints" via Fall-Through = Yes.
Closes bug #477
* Added preliminary SQLite driver, contibuted by Apple.
Untested, with no sample configuration. This address bug #470.
* Updated logging sub-system so that log messages from libfreeradius
can go to the log file, and not stdout.
* Added dictionary.rfc5176
* EAP module now checks for instance name, and uses that for
authentication. This avoids the need to set Auth-Type when
there are multiple instances of the EAP module.
* Added Module-Return-Code attribute, which contains the value
returned by the previous module (ok/fail/update/etc.)
Bug fixes
* Corrected typos in rlm_dbm. Closes bugs #521 and #522.
* Detail file "listen" sections now work much better.
* Don't allow old "log_*" to over-ride new format. Closes bug #525
* Initialize allocated memory in Oracle SQL driver. This fixes
occasional crashes on some systems. Closes bug #518
* Call correct function in rlm_protocol_filter. This enables the
module to build. Closes bug #512.
* Added deprecated flag to build for rlm_krb5. This allows it to
run on 64-bit systems. Closes bug #491
* Corrected error message when parsing invalid configurations
so it doesn't crash. Closes bug #527
* Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
* Handle $INCLUDE's in "instantiate" section. Closes #528.
* Format updates to "man" pages from Stephen Gran.
Feature improvements
* Updated raddb/certs/ca.cnf with extensions to allow ca.der
to be imported as a CA on Symbian and Windows Mobile devices.
Closes bug #524
* Enable multiple matches in "hints" via Fall-Through = Yes.
Closes bug #477
* Added preliminary SQLite driver, contibuted by Apple.
Untested, with no sample configuration. This address bug #470.
* Updated logging sub-system so that log messages from libfreeradius
can go to the log file, and not stdout.
* Added dictionary.rfc5176
* EAP module now checks for instance name, and uses that for
authentication. This avoids the need to set Auth-Type when
there are multiple instances of the EAP module.
* Added Module-Return-Code attribute, which contains the value
returned by the previous module (ok/fail/update/etc.)
Bug fixes
* Corrected typos in rlm_dbm. Closes bugs #521 and #522.
* Detail file "listen" sections now work much better.
* Don't allow old "log_*" to over-ride new format. Closes bug #525
* Initialize allocated memory in Oracle SQL driver. This fixes
occasional crashes on some systems. Closes bug #518
* Call correct function in rlm_protocol_filter. This enables the
module to build. Closes bug #512.
* Added deprecated flag to build for rlm_krb5. This allows it to
run on 64-bit systems. Closes bug #491
* Corrected error message when parsing invalid configurations
so it doesn't crash. Closes bug #527
* Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
* Handle $INCLUDE's in "instantiate" section. Closes #528.
* Format updates to "man" pages from Stephen Gran.
- updated to 2.0.2
Feature improvements
* Added notes on how to debug the server in radiusd.conf
* Moved all "log_*" in radiusd.conf to log{} section.
The old configurations are still accepted, though.
* Added ca.der target in raddb/certs/Makefile. This is
needed for importing CA certs into Windows.
* Added ability send raw attributes via "Raw-Attribute = 0x0102..."
This is available only debug builds. It can be used
to create invalid packets! Use it with care.
* Permit "unlang" policies inside of Auth-Type{} sub-sections
of the authenticate{} section. This makes some policies easier
to implement.
* "listen" sections can now have "type = proxy". This lets you
control which IP is used for sending proxied requests.
* Added note on SSL performance to raddb/certs/README
Bug fixes
* Fixed reading of "detail" files.
* Allow inner EAP tunneled sessions to be proxied.
* Corrected MySQL schemas
* syslog now works in log{} section.
* Corrected typo in raddb/certs/client.cnf
* Updated raddb/sites-available/proxy-inner-tunnel to
permit authentication to work.
* Ignore zero-length attributes in received packets.
* Correct memcpy when dealing with unknown attributes.
* Corrected debugging messages in attr_rewrite.
* Corrected generation of State attribute in EAP. This
fixes the "failed to remember handler" issues.
* Fall back to DEFAULT realm if no realm was found.
Based on a patch from Vincent Magnin.
* Updated example raddb/sites-available/proxy-inner-tunnel
* Corrected behavior of attr_filter to match documentation.
This is NOT backwards compatible with previous versions!
See "man rlm_attr_filter" for details.
Feature improvements
* Added notes on how to debug the server in radiusd.conf
* Moved all "log_*" in radiusd.conf to log{} section.
The old configurations are still accepted, though.
* Added ca.der target in raddb/certs/Makefile. This is
needed for importing CA certs into Windows.
* Added ability send raw attributes via "Raw-Attribute = 0x0102..."
This is available only debug builds. It can be used
to create invalid packets! Use it with care.
* Permit "unlang" policies inside of Auth-Type{} sub-sections
of the authenticate{} section. This makes some policies easier
to implement.
* "listen" sections can now have "type = proxy". This lets you
control which IP is used for sending proxied requests.
* Added note on SSL performance to raddb/certs/README
Bug fixes
* Fixed reading of "detail" files.
* Allow inner EAP tunneled sessions to be proxied.
* Corrected MySQL schemas
* syslog now works in log{} section.
* Corrected typo in raddb/certs/client.cnf
* Updated raddb/sites-available/proxy-inner-tunnel to
permit authentication to work.
* Ignore zero-length attributes in received packets.
* Correct memcpy when dealing with unknown attributes.
* Corrected debugging messages in attr_rewrite.
* Corrected generation of State attribute in EAP. This
fixes the "failed to remember handler" issues.
* Fall back to DEFAULT realm if no realm was found.
Based on a patch from Vincent Magnin.
* Updated example raddb/sites-available/proxy-inner-tunnel
* Corrected behavior of attr_filter to match documentation.
This is NOT backwards compatible with previous versions!
See "man rlm_attr_filter" for details.
- dropped patches:
* conf_read.patch (included in update)
@ -295,83 +323,83 @@ Tue Nov 6 13:16:58 CET 2007 - prusnak@suse.cz
Fri Apr 20 15:10:28 CEST 2007 - pth@suse.de
- Update to 1.1.6. Changes since 1.1.3:
Feature improvements
* Added dictionary.rfc4372 (Chargeable User Identity)
* Added dictionary.rfc4675 (VLAN and Priority)
* Added dictionary.rfc4679 (ADSL Forum)
NOTE some name differences from the RFC, due to dictionary.redback
* Updated rlm_python to something usable
* Added experimental sql "HPW" IPPools.
* Added more dictionaries
* Dictionary files now MUST NOT be globally writable.
* Configuration files now MUST NOT be globally readable,
or globally writable.
* Be more aggressive about freeing memory on clean exit.
This helps track down run-time leaks.
* Updated rlm_python to something usable
* Added experimental sql "HPW" IPPools.
* Major enhancements to rlm_pap, that make "encryption_scheme"
a thing of the past. See "man rlm_pap" for details.
* Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use
work-arounds that enable Windows Vista clients to work.
* Added preliminary code to support Firebird.
Use at your own risk!
* Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more
platforms.
* Add a new "reply-name" directive in rlm_sqlcounter to define the
name of the reply attribute.
* Added more dictionaries and attributes
* Print ntlm_auth failure reason in Module-Failure-Message
* radsqlrelay is able to get the DB password from a file instead
of command line.
Feature improvements
* Added dictionary.rfc4372 (Chargeable User Identity)
* Added dictionary.rfc4675 (VLAN and Priority)
* Added dictionary.rfc4679 (ADSL Forum)
NOTE some name differences from the RFC, due to dictionary.redback
* Updated rlm_python to something usable
* Added experimental sql "HPW" IPPools.
* Added more dictionaries
* Dictionary files now MUST NOT be globally writable.
* Configuration files now MUST NOT be globally readable,
or globally writable.
* Be more aggressive about freeing memory on clean exit.
This helps track down run-time leaks.
* Updated rlm_python to something usable
* Added experimental sql "HPW" IPPools.
* Major enhancements to rlm_pap, that make "encryption_scheme"
a thing of the past. See "man rlm_pap" for details.
* Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use
work-arounds that enable Windows Vista clients to work.
* Added preliminary code to support Firebird.
Use at your own risk!
* Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more
platforms.
* Add a new "reply-name" directive in rlm_sqlcounter to define the
name of the reply attribute.
* Added more dictionaries and attributes
* Print ntlm_auth failure reason in Module-Failure-Message
* radsqlrelay is able to get the DB password from a file instead
of command line.
Bug fixes
* Corrected typo in rlm_pap.c
* Corrected typo in src/main/auth.c
* Suppress SSL error messages if error is zero.
* Don't complain about "Error in read client certificate A"
if we expect to read it in the next packet. Fix based on patch
by Dan Lukes.
* Corrected nearly 30 bugs found by Coverity
See also http://scan.coverity.com
* Don't die on HUP. Instead leak memory (sorry). After a few
hundred HUP's, the server will have leaked a few megabytes of
memory, and you should probably re-start it. It's ugly, but
better than dying.
* Corrected a few double free's
* Corrected typo in radrelay, which prevented it from working
* Made Firebird module build
* Fixed bug in PostgreSQL module that caused server crash.
* Fixed bug in SQL module that could cause server to crash.
* Corrected base64 decoding in rlm_pap
* Don't retransmit accounting packets. The NAS should do this.
* Handle Client-Error in EAP-SIM.
* Port OpenSSL locking fixes from CVS head. This makes PEAP
more stable on some systems.
* Require Message-Authenticator in Status-Server packets
* Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868
* Be more aggressibe about freeing memory on clean exit.
This isn't strictly a bug fix, but it makes it easier to
find memory leaks
* Increase buffer size for dynamic expansion, which allows
longer SQL qeuries.
* Use correct line number when there's a parse error in one
of the configuration sections.
* Terminate SSL sessions in EAP on error, rather than continuing
in some cases.
* Increase buffer size to allow parsing of long octet strings
* Fix string termination on xlat in rlm_perl
* Fix a parse error in the digest module, where malformed
digest requests would result in the user being accepted. Oops...
* VALUEs can only be defined for 'integer', to catch mistakes
with setting VALUEs for type 'string'.
* Better parsing of VALUE names, so that values starting with
a digit work correctly.
* Check return from malloc.
* Fix a double free() in rlm_eap_tls.c
* Check return code of malloc() during initialization.
* Fix a corner case where the proxy port isn't set either in
radiusd.conf or in proxy.conf.
Bug fixes
* Corrected typo in rlm_pap.c
* Corrected typo in src/main/auth.c
* Suppress SSL error messages if error is zero.
* Don't complain about "Error in read client certificate A"
if we expect to read it in the next packet. Fix based on patch
by Dan Lukes.
* Corrected nearly 30 bugs found by Coverity
See also http://scan.coverity.com
* Don't die on HUP. Instead leak memory (sorry). After a few
hundred HUP's, the server will have leaked a few megabytes of
memory, and you should probably re-start it. It's ugly, but
better than dying.
* Corrected a few double free's
* Corrected typo in radrelay, which prevented it from working
* Made Firebird module build
* Fixed bug in PostgreSQL module that caused server crash.
* Fixed bug in SQL module that could cause server to crash.
* Corrected base64 decoding in rlm_pap
* Don't retransmit accounting packets. The NAS should do this.
* Handle Client-Error in EAP-SIM.
* Port OpenSSL locking fixes from CVS head. This makes PEAP
more stable on some systems.
* Require Message-Authenticator in Status-Server packets
* Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868
* Be more aggressibe about freeing memory on clean exit.
This isn't strictly a bug fix, but it makes it easier to
find memory leaks
* Increase buffer size for dynamic expansion, which allows
longer SQL qeuries.
* Use correct line number when there's a parse error in one
of the configuration sections.
* Terminate SSL sessions in EAP on error, rather than continuing
in some cases.
* Increase buffer size to allow parsing of long octet strings
* Fix string termination on xlat in rlm_perl
* Fix a parse error in the digest module, where malformed
digest requests would result in the user being accepted. Oops...
* VALUEs can only be defined for 'integer', to catch mistakes
with setting VALUEs for type 'string'.
* Better parsing of VALUE names, so that values starting with
a digit work correctly.
* Check return from malloc.
* Fix a double free() in rlm_eap_tls.c
* Check return code of malloc() during initialization.
* Fix a corner case where the proxy port isn't set either in
radiusd.conf or in proxy.conf.
-------------------------------------------------------------------
Mon Mar 26 12:45:29 CEST 2007 - rguenther@suse.de
@ -381,12 +409,12 @@ Mon Mar 26 12:45:29 CEST 2007 - rguenther@suse.de
-------------------------------------------------------------------
Sun Feb 11 18:33:47 CET 2007 - ro@suse.de
- one oversight in last change, build tested
- one oversight in last change, build tested
-------------------------------------------------------------------
Sun Feb 11 12:00:25 CET 2007 - ro@suse.de
- fix build as non-root
- fix build as non-root
-------------------------------------------------------------------
Mon Sep 4 11:18:59 CEST 2006 - kukuk@suse.de
@ -434,7 +462,7 @@ Tue Mar 28 20:22:34 CEST 2006 - stark@suse.de
-------------------------------------------------------------------
Mon Mar 27 14:32:09 CEST 2006 - ro@suse.de
- also use fPIC on s390*
- also use fPIC on s390*
-------------------------------------------------------------------
Thu Mar 23 20:39:02 CET 2006 - stark@suse.de
@ -454,7 +482,7 @@ Fri Jan 20 18:19:32 CET 2006 - stark@suse.de
-------------------------------------------------------------------
Thu Jan 19 01:23:36 CET 2006 - ro@suse.de
- changed php requires to generic ones (for php5)
- changed php requires to generic ones (for php5)
-------------------------------------------------------------------
Sat Jan 14 16:40:53 CET 2006 - stark@suse.de
@ -480,13 +508,13 @@ Wed Dec 21 10:14:01 CET 2005 - stark@suse.de
-------------------------------------------------------------------
Tue Nov 15 21:49:18 CET 2005 - stark@suse.de
- moved dialup_admin to subpackage and integrate it into
- moved dialup_admin to subpackage and integrate it into
Apache 2 configuration
-------------------------------------------------------------------
Mon Sep 26 01:35:29 CEST 2005 - ro@suse.de
- added LDAP_DEPRECATED to CFLAGS
- added LDAP_DEPRECATED to CFLAGS
-------------------------------------------------------------------
Fri Sep 23 06:09:08 CEST 2005 - stark@suse.de
@ -497,7 +525,7 @@ Fri Sep 23 06:09:08 CEST 2005 - stark@suse.de
-------------------------------------------------------------------
Fri Sep 23 01:38:53 CEST 2005 - ro@suse.de
- fix build-dir references in .la files
- fix build-dir references in .la files
-------------------------------------------------------------------
Tue Aug 30 12:50:30 CEST 2005 - stark@suse.de
@ -524,7 +552,7 @@ Sun Jun 5 00:36:51 CEST 2005 - stark@suse.de
-------------------------------------------------------------------
Mon Apr 11 11:29:05 CEST 2005 - stark@suse.de
- start daemon correctly (#75979)
- start daemon correctly (#75979)
- fixed packaging on x86-64 (#75979)
-------------------------------------------------------------------
@ -541,7 +569,7 @@ Fri Feb 18 11:05:35 CET 2005 - stark@suse.de
-------------------------------------------------------------------
Thu Feb 17 08:34:12 CET 2005 - stark@suse.de
- update to 1.0.2
- update to 1.0.2
-------------------------------------------------------------------
Sat Nov 27 13:44:09 CET 2004 - stark@suse.de
@ -577,12 +605,12 @@ Tue Aug 17 23:55:38 CEST 2004 - sndirsch@suse.de
-------------------------------------------------------------------
Fri Aug 13 07:10:34 CEST 2004 - stark@suse.de
- added some sample scripts to documentation
- added some sample scripts to documentation
-------------------------------------------------------------------
Tue Aug 10 09:35:03 CEST 2004 - stark@suse.de
- update to 1.0.0
- update to 1.0.0
-------------------------------------------------------------------
Thu Jun 24 00:03:59 CEST 2004 - ro@suse.de
@ -607,7 +635,7 @@ Mon Jan 12 10:26:25 CET 2004 - adrian@suse.de
-------------------------------------------------------------------
Fri Nov 28 06:56:46 CET 2003 - stark@suse.de
- security update to 0.9.3
- security update to 0.9.3
* Fix a remote DoS and possible exploit due to mis-handling
of tagged attributes, and Tunnel-Password attribute.
@ -625,7 +653,7 @@ Fri Aug 1 16:02:14 CEST 2003 - ro@suse.de
-------------------------------------------------------------------
Thu Jul 31 06:18:03 CEST 2003 - stark@suse.de
- use stop/restart macros
- use stop/restart macros
-------------------------------------------------------------------
Wed Jul 23 10:53:20 CEST 2003 - stark@suse.de
@ -639,7 +667,7 @@ Wed Jul 23 10:53:20 CEST 2003 - stark@suse.de
Mon Jul 21 08:56:54 CEST 2003 - stark@suse.de
- update to 0.9.0
- build against libiodbc to enable iodbc module
- build against libiodbc to enable iodbc module
-------------------------------------------------------------------
Wed Jun 4 19:47:02 CEST 2003 - schwab@suse.de
@ -652,7 +680,7 @@ Wed Jun 4 19:47:02 CEST 2003 - schwab@suse.de
-------------------------------------------------------------------
Tue Apr 15 23:46:08 CEST 2003 - ro@suse.de
- fixed neededforbuild
- fixed neededforbuild
-------------------------------------------------------------------
Mon Mar 3 18:20:50 CET 2003 - kukuk@suse.de
@ -667,7 +695,7 @@ Fri Feb 7 13:31:05 CET 2003 - kukuk@suse.de
-------------------------------------------------------------------
Wed Jan 15 15:53:21 CET 2003 - ro@suse.de
- use sasl2
- use sasl2
-------------------------------------------------------------------
Tue Jan 14 11:42:24 CET 2003 - nadvornik@suse.cz
@ -678,17 +706,17 @@ Tue Jan 14 11:42:24 CET 2003 - nadvornik@suse.cz
Thu Dec 12 10:28:13 CET 2002 - stark@suse.de
- update to 0.8.1
* minor bugfixes
* minor bugfixes
-------------------------------------------------------------------
Mon Dec 2 07:20:10 CET 2002 - stark@suse.de
- removed radwatch from package
- removed radwatch from package
-------------------------------------------------------------------
Tue Nov 19 08:33:36 CET 2002 - stark@suse.de
- update to 0.8
- update to 0.8
* Support for Status-Server packets
* Fixed memory leak when proxying
* Round-robin load balancing when proxying
@ -699,22 +727,22 @@ Tue Nov 19 08:33:36 CET 2002 - stark@suse.de
-------------------------------------------------------------------
Mon Aug 19 00:06:38 CEST 2002 - ro@suse.de
- don't overwrite README's with each other
- don't overwrite README's with each other
-------------------------------------------------------------------
Fri Aug 16 09:06:03 CEST 2002 - stark@suse.de
- added PreReq (Bug #17838)
- added PreReq (Bug #17838)
-------------------------------------------------------------------
Thu Jun 20 01:06:41 CEST 2002 - ro@suse.de
- hack ltconfig for ppc64
- hack ltconfig for ppc64
-------------------------------------------------------------------
Mon Apr 8 11:11:56 CEST 2002 - stark@suse.de
- fixed packaging on 64bit platforms
- fixed packaging on 64bit platforms
- added logrotate config
- added some sample scripts to doc-dir
@ -726,7 +754,7 @@ Fri Mar 22 15:01:10 CET 2002 - stark@suse.de
* EAP/MD5 and experimental EAP/TLS,
* Experimental PHP web administration interface,
* Fixes for *BSD,
* Configurable database queries, executed per packet
* Configurable database queries, executed per packet
(e.g. %{ldap:ldap:///dc=company,dc=com?uid?sub?uid=%u}),
* Fix logic bug which would cause occasional server crashes,
* Server-side quenching of DoS attacks,
@ -737,49 +765,49 @@ Fri Mar 22 15:01:10 CET 2002 - stark@suse.de
-------------------------------------------------------------------
Mon Feb 25 16:19:26 CET 2002 - stark@suse.de
- moved *.la back to main-package as it is needed for
- moved *.la back to main-package as it is needed for
dynamic loading of modules
-------------------------------------------------------------------
Mon Feb 25 07:44:11 CET 2002 - stark@suse.de
- added patch to work with heimdal-krb5
- added patch to work with heimdal-krb5
- moved *.so to -devel package
-------------------------------------------------------------------
Fri Feb 8 14:24:51 CET 2002 - stark@suse.de
- deactivated kerberos support
(seems to be not compatible with heimdal :-()
(seems to be not compatible with heimdal :-()
-------------------------------------------------------------------
Thu Feb 7 13:27:47 CET 2002 - stark@suse.de
- changed heimdal libdir
- changed heimdal libdir
-------------------------------------------------------------------
Thu Dec 13 07:33:45 CET 2001 - stark@suse.de
- update to 0.4
- better use of fillup_and_insserv
- better use of fillup_and_insserv
-------------------------------------------------------------------
Mon Dec 3 11:42:15 CET 2001 - stark@suse.de
- don't use START_RADIUSD anymore
- make use of new fillup_and_insserv macro
- make use of new fillup_and_insserv macro
-------------------------------------------------------------------
Fri Oct 12 07:03:07 CEST 2001 - stark@suse.de
- update to version 0.3
- packed source-archive as bz2
- packed source-archive as bz2
- branched package -> devel
-------------------------------------------------------------------
Fri Aug 3 07:53:54 CEST 2001 - stark@suse.de
- removed use of watcher-script
- removed use of watcher-script
- removed config-check (-C) in init script
(it's not supported in freeradius)
@ -787,12 +815,12 @@ Fri Aug 3 07:53:54 CEST 2001 - stark@suse.de
Thu Aug 2 12:22:00 CEST 2001 - stark@suse.de
- status fix in init script
- renamed pam-configfile: radius -> radiusd
- renamed pam-configfile: radius -> radiusd
-------------------------------------------------------------------
Wed Aug 1 09:57:53 CEST 2001 - stark@suse.de
- updated to 0.2
- updated to 0.2
-------------------------------------------------------------------
Thu Jul 26 10:06:01 CEST 2001 - kukuk@suse.de
@ -812,7 +840,7 @@ Sat Jun 23 20:52:07 CEST 2001 - schwab@suse.de
-------------------------------------------------------------------
Mon Jun 18 07:58:08 CEST 2001 - stark@suse.de
- removed absolute paths from pam-config
- removed absolute paths from pam-config
-------------------------------------------------------------------
Wed May 23 13:32:20 CEST 2001 - stark@suse.de
@ -822,7 +850,7 @@ Wed May 23 13:32:20 CEST 2001 - stark@suse.de
-------------------------------------------------------------------
Wed Mar 21 13:11:34 CET 2001 - stark@suse.de
- new snapshot 20010321 (pre-BETA)
- new snapshot 20010321 (pre-BETA)
- replaced start- and killproc to avoid problems with Kernel 2.4
using the radwatch shell-script
- added built of LDAP and MySQL modules
@ -830,7 +858,7 @@ Wed Mar 21 13:11:34 CET 2001 - stark@suse.de
-------------------------------------------------------------------
Mon Jan 29 09:58:23 CET 2001 - stark@suse.de
- %files: /etc/raddb/bay.vendor -> /etc/raddb/dictionary.bay
- %files: /etc/raddb/bay.vendor -> /etc/raddb/dictionary.bay
-------------------------------------------------------------------
Mon Jan 15 10:52:42 CET 2001 - stark@suse.de
@ -841,5 +869,5 @@ Mon Jan 15 10:52:42 CET 2001 - stark@suse.de
-------------------------------------------------------------------
Thu Jan 4 13:32:26 CET 2001 - stark@suse.de
- CVS snapshot 20010104
- CVS snapshot 20010104

30
freeradius-server.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package freeradius-server (Version 2.1.0)
# spec file for package freeradius-server (Version 2.1.1)
#
# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -18,8 +18,8 @@
Name: freeradius-server
Version: 2.1.0
Release: 4
Version: 2.1.1
Release: 1
License: GPL v2 only; LGPL v2.1 only
Group: Productivity/Networking/Radius/Servers
Provides: radiusd
@ -33,6 +33,7 @@ Patch0: %{name}-%{version}-ltdl.patch
Patch1: %{name}-%{version}-dialup_admin.patch
Patch2: %{name}-%{version}-rcradiusd.patch
Patch3: %{name}-%{version}-codecleanup.patch
Patch4: %{name}-%{version}-CVE-2008-4474.patch
PreReq: %{_sbindir}/useradd %{_sbindir}/groupadd
PreReq: perl
PreReq: %insserv_prereq %fillup_prereq
@ -209,6 +210,7 @@ Authors:
%patch1
%patch2
%patch3
%patch4
%build
#export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -fstack-protector"
@ -433,6 +435,28 @@ rm -rf $RPM_BUILD_ROOT
%attr(644,root,root) %{_includedir}/freeradius/*.h
%changelog
* Thu Oct 09 2008 prusnak@suse.cz
- fixed CVE-2008-4474 [bnc#433762]
* Thu Oct 09 2008 prusnak@suse.cz
- updated to 2.1.1
o Feature Improvements
* Many more options and features are available via radmin.
See man radmin and raddb/sites-available/control-socket.
* Many more commands available via the control socket.
Connect via radmin, and type help for more information.
* Added dictionary.networkphysics and dictionary.lancom.
* Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.
o Bug Fixes
* Fixed bug that made radmin not work.
* Fixed Suse && Debian package scripts.
* Fixed issues with dynamic clients.
* Fixed configure checks for -lreadline
* rlm_sqlippool no longer needs to be linked to rlm_sql.
* Add statistics for detail file listeners. This closes bug #593.
* Fixed printing of some WiMAX attributes.
* Fixed double free on exit() in rlm_attr_filter.
* Fixed build issues on Solaris.
* Fixed fast session resumption for EAP-TLS.
* Mon Sep 15 2008 ro@suse.de
- make radrelay a hardlink to radiusday (instead of identical copy)
* Tue Sep 09 2008 prusnak@suse.cz