freeradius-server/freeradius-server-radiusd-logrotate.patch

Index: freeradius-server-3.0.14/suse/radiusd-logrotate
===================================================================
--- freeradius-server-3.0.14.orig/suse/radiusd-logrotate
+++ freeradius-server-3.0.14/suse/radiusd-logrotate
@@ -16,13 +16,18 @@ notifempty
 #  The main server log
 #
 /var/log/radius/radius.log {
+	su radiusd radiusd
 	copytruncate
+	postrotate
+			kill -HUP `cat /run/radiusd/radiusd.pid` || :
+	endscript
 }
 
 #
 #  Session monitoring utilities
 #
 /var/log/radius/checkrad.log /var/log/radius/radwatch.log {
+	su radiusd radiusd
 	nocreate
 	size=+1024k
 }
@@ -31,6 +36,7 @@ notifempty
 #  SQL log files
 #
 /var/log/radius/sqllog.sql {
+	su radiusd radiusd
 	nocreate
 	size=+2048k
 }
@@ -43,6 +49,7 @@ notifempty
 # second technique, you will need another cron job that removes old
 # detail files.  You do not need to comment out the below for method #2.
 /var/log/radius/radacct/*/detail {
+	su radiusd radiusd
 	nocreate
 }
Accepting request 499628 from home:adamm:branches:network - update to 3.0.14 (still FATE#322416) Feature improvements * Enforce TLS client certificate expiration on session resumption, and Session-Timeout. See CVE-2017-9148 (bnc#1041445) * Updated dictionary.cisco.vpn3000, dictionary.patton * Added dictionary.dellemc * Lowered the log output for failed PEAP sessions. * ALlow utc in rlm_date. * The internal OpenSSL session cache has been disabled. Please see mods-available/eap * Update detail reader documentation. * Make outgoing RadSec connections non-blocking. * Add SQL backing to Moonshot--TargetedId generation. Bug Fixes radtest uses Cleartext-Password for EAP, not User-Password. * Update documentation for mods-enabled/ linking. * Enhanced checks for moonshot salt. * Allow session resumption for RadSec connections. * Update "huntgroups" file to note that port ranges are not supported * Fix OpenSSL permissions issues on default key files. * Certificates are not required when PSK is used. * Allow SubjectAltName as first extension in cert. * Fixed talloc issue with TLS session resumption. * "&Attr-26 := 0x01" now produces useful error messages. * Handle connection error in rlm_ldap_cacheable_groupobj. * Fix endian issues in DHCP. * Multiple minor fixes for Coverity complaints. * Handle unexpected regex. * Fix minor issues in dictionaries. * Fix typos and grammar. Patches from Alan Buxey. * Fix erroneous VP creation in rlm_preproces. * Fix MIB. Patch from Jeff Gehlbach. * Trust router updates from Alejandro Perez. * Allow build with LibreSSL. * Use correct packet for channel bindings. * Many fixes found by PVS-Studio. Thanks to PVS-Studio for giving us a test license. Please see the git commit history for more info. * Fix incorrect length check in EAP-PWD. This may be exploitable. * Stop rotating session database files (radutmp, radwtmp) since these are not logfiles. - freeradius-server-radiusd-logrotate.patch: updated OBS-URL: https://build.opensuse.org/request/show/499628 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=98 2017-05-30 11:15:48 +02:00			`Index: freeradius-server-3.0.14/suse/radiusd-logrotate`
			`===================================================================`
			`--- freeradius-server-3.0.14.orig/suse/radiusd-logrotate`
			`+++ freeradius-server-3.0.14/suse/radiusd-logrotate`
			`@@ -16,13 +16,18 @@ notifempty`
Accepting request 298796 from home:stroeder:branches:network Update to 3.0.8, tested running on openSUSE Tumbleweed x86_64. Please adjust things (e.g. longish changelog) as needed by you. Thanks. OBS-URL: https://build.opensuse.org/request/show/298796 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=71 2015-04-23 14:34:02 +02:00			`# The main server log`
			`#`
			`/var/log/radius/radius.log {`
			`+ su radiusd radiusd`
			`copytruncate`
			`+ postrotate`
			+ kill -HUP `cat /run/radiusd/radiusd.pid` \|\| :
			`+ endscript`
			`}`

			`#`
			`# Session monitoring utilities`
			`#`
			`/var/log/radius/checkrad.log /var/log/radius/radwatch.log {`
			`+ su radiusd radiusd`
			`nocreate`
			`size=+1024k`
			`}`
Accepting request 499628 from home:adamm:branches:network - update to 3.0.14 (still FATE#322416) Feature improvements * Enforce TLS client certificate expiration on session resumption, and Session-Timeout. See CVE-2017-9148 (bnc#1041445) * Updated dictionary.cisco.vpn3000, dictionary.patton * Added dictionary.dellemc * Lowered the log output for failed PEAP sessions. * ALlow utc in rlm_date. * The internal OpenSSL session cache has been disabled. Please see mods-available/eap * Update detail reader documentation. * Make outgoing RadSec connections non-blocking. * Add SQL backing to Moonshot--TargetedId generation. Bug Fixes radtest uses Cleartext-Password for EAP, not User-Password. * Update documentation for mods-enabled/ linking. * Enhanced checks for moonshot salt. * Allow session resumption for RadSec connections. * Update "huntgroups" file to note that port ranges are not supported * Fix OpenSSL permissions issues on default key files. * Certificates are not required when PSK is used. * Allow SubjectAltName as first extension in cert. * Fixed talloc issue with TLS session resumption. * "&Attr-26 := 0x01" now produces useful error messages. * Handle connection error in rlm_ldap_cacheable_groupobj. * Fix endian issues in DHCP. * Multiple minor fixes for Coverity complaints. * Handle unexpected regex. * Fix minor issues in dictionaries. * Fix typos and grammar. Patches from Alan Buxey. * Fix erroneous VP creation in rlm_preproces. * Fix MIB. Patch from Jeff Gehlbach. * Trust router updates from Alejandro Perez. * Allow build with LibreSSL. * Use correct packet for channel bindings. * Many fixes found by PVS-Studio. Thanks to PVS-Studio for giving us a test license. Please see the git commit history for more info. * Fix incorrect length check in EAP-PWD. This may be exploitable. * Stop rotating session database files (radutmp, radwtmp) since these are not logfiles. - freeradius-server-radiusd-logrotate.patch: updated OBS-URL: https://build.opensuse.org/request/show/499628 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=98 2017-05-30 11:15:48 +02:00			`@@ -31,6 +36,7 @@ notifempty`
Accepting request 298796 from home:stroeder:branches:network Update to 3.0.8, tested running on openSUSE Tumbleweed x86_64. Please adjust things (e.g. longish changelog) as needed by you. Thanks. OBS-URL: https://build.opensuse.org/request/show/298796 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=71 2015-04-23 14:34:02 +02:00			`# SQL log files`
			`#`
			`/var/log/radius/sqllog.sql {`
			`+ su radiusd radiusd`
			`nocreate`
			`size=+2048k`
			`}`
Accepting request 499628 from home:adamm:branches:network - update to 3.0.14 (still FATE#322416) Feature improvements * Enforce TLS client certificate expiration on session resumption, and Session-Timeout. See CVE-2017-9148 (bnc#1041445) * Updated dictionary.cisco.vpn3000, dictionary.patton * Added dictionary.dellemc * Lowered the log output for failed PEAP sessions. * ALlow utc in rlm_date. * The internal OpenSSL session cache has been disabled. Please see mods-available/eap * Update detail reader documentation. * Make outgoing RadSec connections non-blocking. * Add SQL backing to Moonshot--TargetedId generation. Bug Fixes radtest uses Cleartext-Password for EAP, not User-Password. * Update documentation for mods-enabled/ linking. * Enhanced checks for moonshot salt. * Allow session resumption for RadSec connections. * Update "huntgroups" file to note that port ranges are not supported * Fix OpenSSL permissions issues on default key files. * Certificates are not required when PSK is used. * Allow SubjectAltName as first extension in cert. * Fixed talloc issue with TLS session resumption. * "&Attr-26 := 0x01" now produces useful error messages. * Handle connection error in rlm_ldap_cacheable_groupobj. * Fix endian issues in DHCP. * Multiple minor fixes for Coverity complaints. * Handle unexpected regex. * Fix minor issues in dictionaries. * Fix typos and grammar. Patches from Alan Buxey. * Fix erroneous VP creation in rlm_preproces. * Fix MIB. Patch from Jeff Gehlbach. * Trust router updates from Alejandro Perez. * Allow build with LibreSSL. * Use correct packet for channel bindings. * Many fixes found by PVS-Studio. Thanks to PVS-Studio for giving us a test license. Please see the git commit history for more info. * Fix incorrect length check in EAP-PWD. This may be exploitable. * Stop rotating session database files (radutmp, radwtmp) since these are not logfiles. - freeradius-server-radiusd-logrotate.patch: updated OBS-URL: https://build.opensuse.org/request/show/499628 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=98 2017-05-30 11:15:48 +02:00			`@@ -43,6 +49,7 @@ notifempty`
Accepting request 298796 from home:stroeder:branches:network Update to 3.0.8, tested running on openSUSE Tumbleweed x86_64. Please adjust things (e.g. longish changelog) as needed by you. Thanks. OBS-URL: https://build.opensuse.org/request/show/298796 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=71 2015-04-23 14:34:02 +02:00			`# second technique, you will need another cron job that removes old`
			`# detail files. You do not need to comment out the below for method #2.`
			`/var/log/radius/radacct/*/detail {`
			`+ su radiusd radiusd`
			`nocreate`
			`}`