OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=10

2008-10-09 10:18:30 +00:00
parent 93f55145bf
commit 679d1a9c1f
9 changed files with 425 additions and 250 deletions
--- a/freeradius-server-2.1.0.tar.bz2
+++ b/freeradius-server-2.1.0.tar.bz2
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:03e950b1de76a0753ef6b387bcdf1d618552e32ea78abbf97b6158c64df54928
-size 2333292
--- a/freeradius-server-2.1.1-CVE-2008-4474.patch
+++ b/freeradius-server-2.1.1-CVE-2008-4474.patch
@@ -0,0 +1,123 @@
+--- dialup_admin/bin/clean_radacct
+++ dialup_admin/bin/clean_radacct
+@@ -5,6 +5,7 @@
+ # Works with mysql and postgresql
+ #
+ use POSIX;
+use File::Temp;
+ 
+ $conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
+ $back_days = 35;
+@@ -42,11 +43,10 @@
+ 
+ $query = "DELETE FROM $sql_accounting_table WHERE AcctStopTime IS NULL AND AcctStartTime < '$date';";
+ print "$query\n";
+-open TMP, ">/tmp/clean_radacct.query"
+-        or die "Could not open tmp file\n";
+-print TMP $query;
+-close TMP;
+-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/clean_radacct.query" if ($sql_type eq 'mysql');
+-$command = "$sqlcmd  -U $sql_username -f /tmp/clean_radacct.query $sql_database" if ($sql_type eq 'pg');
+-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/clean_radacct.query" if ($sql_type eq 'sqlrelay');
+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
+print $fh $query;
+close $fh;
+$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
+$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
+ `$command`;
+--- dialup_admin/bin/monthly_tot_stats
+++ dialup_admin/bin/monthly_tot_stats
+@@ -1,5 +1,6 @@
+ #!/usr/bin/perl
+ use POSIX;
+use File::Temp;
+ 
+ # Log in the mtotacct table aggregated accounting information for
+ # each user spaning in one month period.
+@@ -51,14 +52,13 @@
+ 	AcctDate <= '$date_end' GROUP BY UserName,NASIPAddress;";
+ print "$query1\n";
+ print "$query2\n";
+-open TMP, ">/tmp/tot_stats.query"
+-	or die "Could not open tmp file\n";
+-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+-print TMP $query1;
+-print TMP $query2;
+-close TMP;
+-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
+-$command = "$sqlcmd  -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
+print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+print $fh $query1;
+print $fh $query2;
+close $fh;
+$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
+$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
+ $command = "$sqlcmd  $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
+-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
+ `$command`;
+--- dialup_admin/bin/tot_stats
+++ dialup_admin/bin/tot_stats
+@@ -1,5 +1,6 @@
+ #!/usr/bin/perl
+ use POSIX;
+use File::Temp;
+ 
+ # Log in the totacct table aggregated daily accounting information for
+ # each user.
+@@ -48,14 +49,13 @@
+ 	AcctStopTime < '$date_end' GROUP BY UserName,NASIPAddress;";
+ print "$query1\n";
+ print "$query2\n";
+-open TMP, ">/tmp/tot_stats.query"
+-	or die "Could not open tmp file\n";
+-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+-print TMP $query1;
+-print TMP $query2;
+-close TMP;
+-$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql');
+-$command = "$sqlcmd  -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg');
+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
+print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+print $fh $query1;
+print $fh $query2;
+close $fh;
+$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
+$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
+ $command = "$sqlcmd  $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
+-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay');
+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
+ `$command`;
+--- dialup_admin/bin/truncate_radacct
+++ dialup_admin/bin/truncate_radacct
+@@ -5,6 +5,7 @@
+ # Works with mysql and postgresql
+ #
+ use POSIX;
+use File::Temp;
+ 
+ $conf=shift||'/usr/share/dialup_admin/conf/admin.conf';
+ $back_days = 90;
+@@ -44,13 +45,12 @@
+ $query .= "DELETE FROM $sql_accounting_table WHERE AcctStopTime < '$date' AND AcctStopTime IS NOT NULL ;";
+ $query .= "UNLOCK TABLES;" if ($sql_type eq 'mysql');
+ print "$query\n";
+-open TMP, ">/tmp/truncate_radacct.query"
+-        or die "Could not open tmp file\n";
+-print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+-print TMP $query;
+-close TMP;
+-$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/truncate_radacct.query" if ($sql_type eq 'mysql');
+-$command = "$sqlcmd  -U $sql_username -f /tmp/truncate_radacct.query $sql_database" if ($sql_type eq 'pg');
+my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n";
+print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle');
+print $fh $query;
+close $fh;
+$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql');
+$command = "$sqlcmd  -U $sql_username -f  $tmp_filename $sql_database" if ($sql_type eq 'pg');
+ $command = "$sqlcmd  $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle');
+-$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/truncate_radacct.query" if ($sql_type eq 'sqlrelay');
+$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay');
+ `$command`;
--- a/freeradius-server-2.1.1-codecleanup.patch
+++ b/freeradius-server-2.1.1-codecleanup.patch
--- a/freeradius-server-2.1.1-dialup_admin.patch
+++ b/freeradius-server-2.1.1-dialup_admin.patch
--- a/freeradius-server-2.1.1-ltdl.patch
+++ b/freeradius-server-2.1.1-ltdl.patch
--- a/freeradius-server-2.1.1-rcradiusd.patch
+++ b/freeradius-server-2.1.1-rcradiusd.patch
--- a/freeradius-server-2.1.1.tar.bz2
+++ b/freeradius-server-2.1.1.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d675601c0bde53d0f2f32d5280d8271ae7a546dcc251fb94ae6d5168fd04adfe
+size 2366923
--- a/freeradius-server.changes
+++ b/freeradius-server.changes
@@ -1,3 +1,31 @@
+-------------------------------------------------------------------
+Thu Oct  9 11:41:06 CEST 2008 - prusnak@suse.cz
+
+- fixed CVE-2008-4474 [bnc#433762]
+
+-------------------------------------------------------------------
+Thu Oct  9 11:37:04 CEST 2008 - prusnak@suse.cz
+
+- updated to 2.1.1
+  o Feature Improvements
+    * Many more options and features are available via radmin.
+      See man radmin and raddb/sites-available/control-socket.
+    * Many more commands available via the control socket.
+      Connect via radmin, and type help for more information.
+    * Added dictionary.networkphysics and dictionary.lancom.
+    * Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.
+  o Bug Fixes
+    * Fixed bug that made radmin not work.
+    * Fixed Suse && Debian package scripts.
+    * Fixed issues with dynamic clients.
+    * Fixed configure checks for -lreadline
+    * rlm_sqlippool no longer needs to be linked to rlm_sql.
+    * Add statistics for detail file listeners. This closes bug #593.
+    * Fixed printing of some WiMAX attributes.
+    * Fixed double free on exit() in rlm_attr_filter.
+    * Fixed build issues on Solaris.
+    * Fixed fast session resumption for EAP-TLS.
+
 -------------------------------------------------------------------
 Mon Sep 15 12:37:31 CEST 2008 - ro@suse.de

--- a/freeradius-server.spec
+++ b/freeradius-server.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package freeradius-server (Version 2.1.0)
+# spec file for package freeradius-server (Version 2.1.1)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -18,8 +18,8 @@


 Name:           freeradius-server
-Version:        2.1.0
-Release:        4
+Version:        2.1.1
+Release:        1
 License:        GPL v2 only; LGPL v2.1 only
 Group:          Productivity/Networking/Radius/Servers
 Provides:       radiusd
@@ -33,6 +33,7 @@ Patch0:         %{name}-%{version}-ltdl.patch
 Patch1:         %{name}-%{version}-dialup_admin.patch
 Patch2:         %{name}-%{version}-rcradiusd.patch
 Patch3:         %{name}-%{version}-codecleanup.patch
+Patch4:         %{name}-%{version}-CVE-2008-4474.patch
 PreReq:         %{_sbindir}/useradd %{_sbindir}/groupadd
 PreReq:         perl
 PreReq:         %insserv_prereq %fillup_prereq
@@ -209,6 +210,7 @@ Authors:
 %patch1
 %patch2
 %patch3
+%patch4

 %build
 #export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -fstack-protector"
@@ -433,6 +435,28 @@ rm -rf $RPM_BUILD_ROOT
 %attr(644,root,root) %{_includedir}/freeradius/*.h

 %changelog
+* Thu Oct 09 2008 prusnak@suse.cz
+- fixed CVE-2008-4474 [bnc#433762]
+* Thu Oct 09 2008 prusnak@suse.cz
+- updated to 2.1.1
+  o Feature Improvements
+  * Many more options and features are available via radmin.
+  See man radmin and raddb/sites-available/control-socket.
+  * Many more commands available via the control socket.
+  Connect via radmin, and type help for more information.
+  * Added dictionary.networkphysics and dictionary.lancom.
+  * Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.
+  o Bug Fixes
+  * Fixed bug that made radmin not work.
+  * Fixed Suse && Debian package scripts.
+  * Fixed issues with dynamic clients.
+  * Fixed configure checks for -lreadline
+  * rlm_sqlippool no longer needs to be linked to rlm_sql.
+  * Add statistics for detail file listeners. This closes bug #593.
+  * Fixed printing of some WiMAX attributes.
+  * Fixed double free on exit() in rlm_attr_filter.
+  * Fixed build issues on Solaris.
+  * Fixed fast session resumption for EAP-TLS.
 * Mon Sep 15 2008 ro@suse.de
 - make radrelay a hardlink to radiusday (instead of identical copy)
 * Tue Sep 09 2008 prusnak@suse.cz