1
0

Accepting request 298810 from home:vitezslav_cizek:branches:network

- minor adjustments/cleanup of spec and changes

- update to 3.0.8
  * for a detailed list of changes look at:
    /usr/share/doc/packages/freeradius-server/ChangeLog
- new set of consolidated patch files:
  deleted:
  * freeradius-server-2.1.1-logrotate_su.patch
  * freeradius-server-2.1.6-rcradiusd.patch
  * freeradius-server-initscript-pidfile.patch
  * freeradius-server-radius-reload-logrotate.patch
  * freeradius-server-var_run.patch
  added:
  * freeradius-server-radiusd-logrotate.patch
  * freeradius-server-rcradiusd.patch
  * freeradius-server-tmpfiles.patch

OBS-URL: https://build.opensuse.org/request/show/298810
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=72
This commit is contained in:
Vítězslav Čížek 2015-04-23 14:30:13 +00:00 committed by Git OBS Bridge
parent 8c9ca09252
commit 06780e53ab
2 changed files with 21 additions and 195 deletions

View File

@ -1,201 +1,25 @@
-------------------------------------------------------------------
Thu Apr 23 14:22:17 UTC 2015 - vcizek@suse.com
- minor adjustments/cleanup of spec and changes
-------------------------------------------------------------------
Wed Apr 22 20:31:44 UTC 2015 - michael@stroeder.com
- update to 3.0.8
- new set of consolidated patch files
FreeRADIUS 3.0.8 Wed 22 Apr 2015 13:30:00 EDT urgency=medium
Feature improvements
* Allow syslog_severity to be set in rlm_linelog.
* Allow defaults to be set for bulk clients in LDAP and couchbase.
* Updates to dhcpclient. Patches from Nicolas C.
* rlm_mschap now supports direct connections to winbind, which
is faster than ntlm_auth. See raddb/mods-available/mschap.
Patch from Matthew Newton.
* Recommend /dev/urandom for TLS randomness, instead of
${certdir}/random
* Allow TLSv1 to be disabled via "disable_tlsv1" in tls{}.
* Allow Expanded EAP types where vendor is 0 (IETF) and
type is normal EAP type. Supplicants sending Expanded
EAP types like this are broken.
* Add support for server side sort controls when searching for
user objects in rlm_ldap.
Bug fixes
* Don't complain about "authorize" in "server {}" blocks, but
only if there's no "server" block.
* Fix cosmetic issue where debug from the first packet read by
a detail reader thread would be emited during config parsing.
* Fix ASSERT on truncated detail packets.
* Don't use main server log functions from within panic_action,
as in the case of syslog this would cause deadlocks if the
fault was triggered from within a malloc.
* Fix issue in "switch" when "correct_escapes = false".
Fixes #911.
* Fix sqlcounter configuration to use "%%b" instead of "%b",
otherwise the new syntax validation will fail.
* Allow forward references in configuration items. Modules
aren't always loaded in a sane order.
* Fix more escaping issues. Closes #912.
* Decode MAC addresses correctly for VMPS.
* Fix memory leak with TLS connections.
* Fix state machine threading issues for conflicting packets.
* Fix copy_request_to_tunnel issues for tagged attributes.
* Allow "ok" to over-ride "updated" inside of Auth-Type sections.
* Update state machine so that post-proxy is run though child
threads for performance, instead of blocking the main thread.
* Allow "netmask" to work again in client definitions.
* Relax restrictions on SQL group queries.
* track outgoing proxy sockets and clean them up more aggressively.
* track proxy statistics, including CoA and Disconnect.
* If radmin has a connection failure when running a command,
it re-connects and runs the command again.
* mark home servers "unknown" less aggressively.
* Fix potential SEGV in PostgreSQL driver on error.
* Fix issue where fields like nas_type would not be accessible via
the %{client:} xlat, for dynamic clients.
* Set default busy_timeout (of 200ms) in the sqlite driver, so writes
don't cause selects to fail in multithreaded mode. This is user
configurable, and may be increased if required.
* Convert Password-With-Header attributes to binary (from hex or
base64), in the authorize method of rlm_pap.
* Fix invalid assert in state.c, that could cause abort in
post-auth.
* Fix double free when -m flag is used, and connection pools are
referenced by multiple modules.
* RADIUS over TLS accounting uses the same port as authentication.
* Regularized return codes from radmin commands.
* Fix RHEL spec file so it works correctly for Centos7 which uses
systemd, and didn't like the SystemV init script.
* radwho and radlast now have a -D option to load dictionaries
* DHCP packets are no longer checked for duplicates.
* Don't crash in sql module group comparisons in corner case.
* Calculate MPPE keys correctly when using TLS 1.2.
* Fix load-balance sections. Closes #945
* TLS certificates are available again in the post-auth section.
They are not available for session resumption.
* radclient encodes CHAP-Password properly when using -c.
Closes #955.
* Fix issue in rlm_cache_memcached driver that caused variable
length values to be truncated.
* Fix track functionality in detail reader, so it no longer
fails with a "Failed marking detail request as done: Bad file
descriptor" error.
* Actually add the peer identity (as User-Name) to the inner
tunnel in EAP-PWD requests, so it's available for lookups.
* Fixes to PostfreSQL queries. Patches from Santiago Gimeno.
FreeRADIUS 3.0.7 Thu 19 Feb 2015 12:00:00 EDT urgency=medium
Feature improvements
* Allow coa home_servers to be derived from client
sections if a coa_server section is provided.
* Automatically determine the correct port if no port is
provided for a home server.
* Allow foreach to operate over lists.
* Add compile time features to ${feature.*} and versions
of core libraries to ${version.*}. Feature and version
names match output of radiud -xv. %v is now deprecated.
* Add support for PATCH method in rlm_rest.
* Validate more module xlats on startup, and warn if an
xlat expansion is found in a double quoted config item
which will not be expanded.
* Add support for sub-second timeouts in rlm_rest.
* Add support for connection timeouts in rlm_rest.
* Add %{jsonquote:<str>} xlat to escape strings for insertion
into json documents.
* Add %{ldapquote:<str>} xlat to escape strings for insertion
into ldap DNs.
* Add %{explode:&ref <char>}, splits value of &ref on
<char> and creates new &ref type attributes with the
fragments.
* Allow rlm_ldap to use attribute references for base_dn and
filter config items. The attribute references are not
escaped, allowing DNs and filters to be created dynamically.
* Add %{nexttime:[<int>]h|d|w|y} to calculate the number of
seconds before the next <int> hour(s), day(s), week(s),
or year(s).
* Allow the left side of update sections to be xlat expansions.
The result of the expansion is then used to reference the
attribute to be modified.
* Added %{lpad:&Attribute-Name 7 x} and rpad. These produce
fixed-width output strings, with padding to the left (lpad)
or the right (rpad).
* For some SQL drivers (MySQL, sqlite) distinguish between
constraints violations (on insert), invalid queries, and
server errors, and return noop, invalid, and error respectively.
* Call SHOW WARNINGS in the MySQL driver and write them to
the request log, if libmysqlclient indicates warnings are
available on the server.
* Forbid the creation of Vendor-Specific for non-standard
VSAs. Use Attr-26 = 0x... instead.
* Make dhcpclient work with raw sockets and various other
improvements - Contributed by nchaigne
* Add support for SSHA2 - Contributed by PDD.
* Add perle dictionary - Contributed by Hachmer
* Modernise init scripts for RHEL, SUSE and Debian.
* radmin now tracks the return code of commands, and exits
with status "1" if any command failed to execute.
* radmin now sends error messages from the server to
stderr, instead of to stdout.
* radmin now looks for sockets matching it's UID and GID,
rather than just always using the first one it finds.
* radmin can how delete clients which are tied to a listener.
* Moved RADIUS attribute definitions to src/include/rfc*.h
* Move to talloc pools for requests. For in-memory tests
(default config, 'users' file), performance increases by 30%.
* In rlm_ldap allow sasl_mech to be specified for admin and
user binds. Only non-interactive mechs (like EXTERNAL)
are currently supported.
* Remove support for ephemeral RSA keys. They were "export only",
and should not be used by anyone.
* Syntax errors in the "users" file now produce better
error messages.
Bug fixes
* Fix issues parsing LDAP hostnames with non-standard ports.
* Fix issues with realms containing regular expressions.
* Allow unary negation before parantheses in rlm_expr.
* Fix infinite loop in kevent event loop code. Issue only
presented on FreeBSD.
* Be more careful to define Auth-Types before loading modules.
* Link libfreeradius-radius against OpenSSL too, to avoid
multi-version symbols in SSL libraries.
* When rlm_ldap rebinds a connection, it should use bind
credentials from the module that created the connection
pool, not credentials from the module referencing it.
* Empty server config pairs should be allowed in rlm_ldap
instances that reference another module's connection pool.
* Mark rlm_always as huppable, so its rcode can be changed
via radmin (allows policy toggles).
* Emit warnings when ignoring user configured pool values.
* Fix issue that would cause radclient to complain
intermittently about differing numbers of filters and
requests.
* Fix cosmetic issues in connection pool logging, that made
it appear as if the same connection was being opened
multiple times.
* Fix threadsafety issues in SQL drivers, where a static
buffer was used to store error messages.
* Log RERROR, RWARN, RINFO to the global log if request
logging is not enabled.
* Link to libldap instead of libldap_r. libldap_r
is not supported for use by projects outside of OpenLDAP.
* Set connection timeout correctly in rlm_sql_mysql.
* Build with older versions of libcurl, and use CFLAGS from
curl-config.
* Honour Packet-Src-Port and Packet-Src-IP-address in radclient.
* Initialise ldapai_info_version field, so libldap will report
its vendor and version.
* Fix log rotation scripts by using the copyrotate option.
* Fix issue that caused opening control sockets to always
fail on non-Linux systems, if a user or group was set.
* Save Session-State after proxying.
* Additional fixes for reading CoA/DM requests from detail
files.
* Create dynamic clients if the dynamic clients virtual server
returns ok *or* updated. Emit useful messages for other codes.
* Compile bare "authorize" statements, and issue errors saying
using them isn't a good idea.
* for a detailed list of changes look at:
/usr/share/doc/packages/freeradius-server/ChangeLog
- new set of consolidated patch files:
deleted:
* freeradius-server-2.1.1-logrotate_su.patch
* freeradius-server-2.1.6-rcradiusd.patch
* freeradius-server-initscript-pidfile.patch
* freeradius-server-radius-reload-logrotate.patch
* freeradius-server-var_run.patch
added:
* freeradius-server-radiusd-logrotate.patch
* freeradius-server-rcradiusd.patch
* freeradius-server-tmpfiles.patch
-------------------------------------------------------------------
Wed Jan 14 13:10:11 UTC 2015 - tchvatal@suse.com

View File

@ -1,7 +1,7 @@
#
# spec file for package freeradius-server
#
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -33,6 +33,7 @@ Source2: freeradius-tmpfiles.conf
Patch1: freeradius-server-tmpfiles.patch
Patch2: freeradius-server-radiusd-logrotate.patch
Patch3: freeradius-server-rcradiusd.patch
Patch4: freeradius-server-fix-cert-bootstrap.patch
BuildRequires: apache2-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: db-devel
@ -188,6 +189,7 @@ This plugin provides the SQLite support for the FreeRADIUS server project.
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%build
modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")"