From 2faa385271d091f06f253fc64f155cdfd35dbbc763513629f94a43e1c89e9da6 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Tue, 10 Feb 2009 17:49:14 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=14 --- freeradius-server-2.1.1-CVE-2008-4474.patch | 123 ------------------ freeradius-server-2.1.1.tar.bz2 | 3 - ... freeradius-server-2.1.3-codecleanup.patch | 0 ...freeradius-server-2.1.3-dialup_admin.patch | 14 +- freeradius-server-2.1.3-edir-64bit.patch | 11 ++ ...atch => freeradius-server-2.1.3-ltdl.patch | 2 +- freeradius-server-2.1.3-overflow.patch | 11 ++ ...=> freeradius-server-2.1.3-rcradiusd.patch | 0 freeradius-server-2.1.3.tar.bz2 | 3 + freeradius-server.changes | 46 +++++++ freeradius-server.spec | 48 ++++++- 11 files changed, 123 insertions(+), 138 deletions(-) delete mode 100644 freeradius-server-2.1.1-CVE-2008-4474.patch delete mode 100644 freeradius-server-2.1.1.tar.bz2 rename freeradius-server-2.1.1-codecleanup.patch => freeradius-server-2.1.3-codecleanup.patch (100%) rename freeradius-server-2.1.1-dialup_admin.patch => freeradius-server-2.1.3-dialup_admin.patch (98%) create mode 100644 freeradius-server-2.1.3-edir-64bit.patch rename freeradius-server-2.1.1-ltdl.patch => freeradius-server-2.1.3-ltdl.patch (98%) create mode 100644 freeradius-server-2.1.3-overflow.patch rename freeradius-server-2.1.1-rcradiusd.patch => freeradius-server-2.1.3-rcradiusd.patch (100%) create mode 100644 freeradius-server-2.1.3.tar.bz2 diff --git a/freeradius-server-2.1.1-CVE-2008-4474.patch b/freeradius-server-2.1.1-CVE-2008-4474.patch deleted file mode 100644 index 8fe05e8..0000000 --- a/freeradius-server-2.1.1-CVE-2008-4474.patch +++ /dev/null @@ -1,123 +0,0 @@ ---- dialup_admin/bin/clean_radacct -+++ dialup_admin/bin/clean_radacct -@@ -5,6 +5,7 @@ - # Works with mysql and postgresql - # - use POSIX; -+use File::Temp; - - $conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; - $back_days = 35; -@@ -42,11 +43,10 @@ - - $query = "DELETE FROM $sql_accounting_table WHERE AcctStopTime IS NULL AND AcctStartTime < '$date';"; - print "$query\n"; --open TMP, ">/tmp/clean_radacct.query" -- or die "Could not open tmp file\n"; --print TMP $query; --close TMP; --$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database /tmp/tot_stats.query" -- or die "Could not open tmp file\n"; --print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); --print TMP $query1; --print TMP $query2; --close TMP; --$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database /tmp/tot_stats.query" -- or die "Could not open tmp file\n"; --print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); --print TMP $query1; --print TMP $query2; --close TMP; --$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database /tmp/truncate_radacct.query" -- or die "Could not open tmp file\n"; --print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); --print TMP $query; --close TMP; --$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database /dev/null 2>&1 --- dialup_admin/bin/log_badlogins +++ dialup_admin/bin/log_badlogins -@@ -17,7 +17,7 @@ +@@ -18,7 +18,7 @@ $|=1; $file=shift||'none'; @@ -63,7 +63,7 @@ # Uncomment to force inserts even if there are sql errors. That can --- dialup_admin/bin/monthly_tot_stats +++ dialup_admin/bin/monthly_tot_stats -@@ -8,7 +8,7 @@ +@@ -9,7 +9,7 @@ # Works only with mysql and postgresql # @@ -96,7 +96,7 @@ while(){ --- dialup_admin/bin/tot_stats +++ dialup_admin/bin/tot_stats -@@ -7,7 +7,7 @@ +@@ -8,7 +8,7 @@ # Works with mysql and postgresql # @@ -107,9 +107,9 @@ open CONF, "<$conf" --- dialup_admin/bin/truncate_radacct +++ dialup_admin/bin/truncate_radacct -@@ -6,7 +6,7 @@ - # +@@ -7,7 +7,7 @@ use POSIX; + use File::Temp; -$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; +$conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; diff --git a/freeradius-server-2.1.3-edir-64bit.patch b/freeradius-server-2.1.3-edir-64bit.patch new file mode 100644 index 0000000..f0c85ec --- /dev/null +++ b/freeradius-server-2.1.3-edir-64bit.patch @@ -0,0 +1,11 @@ +--- src/modules/rlm_ldap/rlm_ldap.c ++++ src/modules/rlm_ldap/rlm_ldap.c +@@ -1849,7 +1849,7 @@ + LDAP_CONN *conn1; + int auth_state = -1; + char *challenge = NULL; +- int challenge_len = MAX_CHALLENGE_LEN; ++ size_t challenge_len = MAX_CHALLENGE_LEN; + char *state = NULL; + + dattr = dict_attrbyname("eDir-APC"); diff --git a/freeradius-server-2.1.1-ltdl.patch b/freeradius-server-2.1.3-ltdl.patch similarity index 98% rename from freeradius-server-2.1.1-ltdl.patch rename to freeradius-server-2.1.3-ltdl.patch index a6007a5..59d3516 100644 --- a/freeradius-server-2.1.1-ltdl.patch +++ b/freeradius-server-2.1.3-ltdl.patch @@ -30,7 +30,7 @@ eaptype_name, lt_dlerror()); --- src/modules/rlm_sql/rlm_sql.c +++ src/modules/rlm_sql/rlm_sql.c -@@ -821,7 +821,11 @@ +@@ -830,7 +830,11 @@ return -1; } diff --git a/freeradius-server-2.1.3-overflow.patch b/freeradius-server-2.1.3-overflow.patch new file mode 100644 index 0000000..fec7ce2 --- /dev/null +++ b/freeradius-server-2.1.3-overflow.patch @@ -0,0 +1,11 @@ +--- src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c ++++ src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c +@@ -771,7 +771,7 @@ + + nasip.s_addr = vp->vp_ipaddr; + strncpy(nasipstr, inet_ntoa(nasip), sizeof(nasipstr) - 1); +- nasipstr[sizeof(nasipstr)] = 0; ++ nasipstr[sizeof(nasipstr) - 1] = 0; + + if (!nvp_query(__LINE__, data, sqlsock, + "UPDATE `%s`.`ips`, `radacct` " diff --git a/freeradius-server-2.1.1-rcradiusd.patch b/freeradius-server-2.1.3-rcradiusd.patch similarity index 100% rename from freeradius-server-2.1.1-rcradiusd.patch rename to freeradius-server-2.1.3-rcradiusd.patch diff --git a/freeradius-server-2.1.3.tar.bz2 b/freeradius-server-2.1.3.tar.bz2 new file mode 100644 index 0000000..3f0d468 --- /dev/null +++ b/freeradius-server-2.1.3.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:984cf7f3418de8f2abe1e599827264495cef1d234cce4abe05a06a4b6419db1a +size 2380451 diff --git a/freeradius-server.changes b/freeradius-server.changes index 32a9da7..80ad24c 100644 --- a/freeradius-server.changes +++ b/freeradius-server.changes @@ -1,3 +1,49 @@ +------------------------------------------------------------------- +Tue Feb 10 10:38:27 CET 2009 - prusnak@suse.cz + +- updated to 2.1.3 + o Feature Improvements + * Allow running with user=radiusd and binding to secure sockets. + * Start sending Status-Server "are you alive" messages earlier, + which helps with proxying multiple realms to a home server. + * Removed thread pool code from rlm_perl. It's not necessary. + * Added example Perl configuration to raddb/modules/perl + * Force OpenSSL to support certificates with SHA256. This seems + to be necessary for WiMAX certs. + o Bug Fixes + * Fix Debian patch to allow it to build. + * Fix potential NULL dereference in debugging mode on certain + platforms for TTLS and PEAP inner tunnels. + * Fix uninitialized memory in handling of vendor definitions + * Fix parsing of quoted (but non-string) attributes in + the users< file. + * Initialize unknown NAS IP to 255.255.255.255, rather than 0.0.0.0 + * use SUN_LEN in control socket, to avoid truncation on some platforms. + * Correct internal handling of debug condition to prevent it + from being over-written. + * Check return code of regcomp in unlang, so that invalid regular + expressions are caught rather than mishandled. + * Make rlm_sql use . Addresses bug #610. + * Document list "type = status" better. Closes bug #580. + * Set "default days" for certificates, because OpenSSL won't do it. + This closes bug #615. + * Reference correct list in example raddb/modules/ldap. Closes #596. + * Increase default schema size for Acct-Session-Id to 64. Closes #540. + * Fix use of temporary files in dialup-admin. Closes #605 + and addresses CVE-2008-4474. + * Addressed a number of minor issues found by Coverity. + * Added DHCP option 150 to the dictionary. Closes #618. + +- removed CVE-2008-4474.patch (included in update) + +- fixed buffer overflow (overflow.patch) + +------------------------------------------------------------------- +Tue Feb 10 10:19:32 CET 2009 - prusnak@suse.cz + +- fixed eDirectory bug on 64bit architectures (edir-64bit.patch) + [bnc#474006] + ------------------------------------------------------------------- Fri Feb 6 15:19:04 CET 2009 - prusnak@suse.cz diff --git a/freeradius-server.spec b/freeradius-server.spec index 139f68e..7501504 100644 --- a/freeradius-server.spec +++ b/freeradius-server.spec @@ -1,5 +1,5 @@ # -# spec file for package freeradius-server (Version 2.1.1) +# spec file for package freeradius-server (Version 2.1.3) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -18,8 +18,8 @@ Name: freeradius-server -Version: 2.1.1 -Release: 6 +Version: 2.1.3 +Release: 1 License: GPL v2 only; LGPL v2.1 only Group: Productivity/Networking/Radius/Servers Provides: radiusd @@ -33,7 +33,8 @@ Patch0: %{name}-%{version}-ltdl.patch Patch1: %{name}-%{version}-dialup_admin.patch Patch2: %{name}-%{version}-rcradiusd.patch Patch3: %{name}-%{version}-codecleanup.patch -Patch4: %{name}-%{version}-CVE-2008-4474.patch +Patch4: %{name}-%{version}-edir-64bit.patch +Patch5: %{name}-%{version}-overflow.patch PreReq: perl openssl pwdutils coreutils PreReq: %insserv_prereq %fillup_prereq BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -210,6 +211,7 @@ Authors: %patch2 %patch3 %patch4 +%patch5 %build #export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED -fPIC -DPIC" @@ -435,6 +437,44 @@ rm -rf $RPM_BUILD_ROOT %attr(644,root,root) %{_includedir}/freeradius/*.h %changelog +* Tue Feb 10 2009 prusnak@suse.cz +- updated to 2.1.3 + o Feature Improvements + * Allow running with user=radiusd and binding to secure sockets. + * Start sending Status-Server "are you alive" messages earlier, + which helps with proxying multiple realms to a home server. + * Removed thread pool code from rlm_perl. It's not necessary. + * Added example Perl configuration to raddb/modules/perl + * Force OpenSSL to support certificates with SHA256. This seems + to be necessary for WiMAX certs. + o Bug Fixes + * Fix Debian patch to allow it to build. + * Fix potential NULL dereference in debugging mode on certain + platforms for TTLS and PEAP inner tunnels. + * Fix uninitialized memory in handling of vendor definitions + * Fix parsing of quoted (but non-string) attributes in + the users< file. + * Initialize unknown NAS IP to 255.255.255.255, rather than 0.0.0.0 + * use SUN_LEN in control socket, to avoid truncation on some platforms. + * Correct internal handling of debug condition to prevent it + from being over-written. + * Check return code of regcomp in unlang, so that invalid regular + expressions are caught rather than mishandled. + * Make rlm_sql use . Addresses bug #610. + * Document list "type = status" better. Closes bug #580. + * Set "default days" for certificates, because OpenSSL won't do it. + This closes bug #615. + * Reference correct list in example raddb/modules/ldap. Closes #596. + * Increase default schema size for Acct-Session-Id to 64. Closes #540. + * Fix use of temporary files in dialup-admin. Closes #605 + and addresses CVE-2008-4474. + * Addressed a number of minor issues found by Coverity. + * Added DHCP option 150 to the dictionary. Closes #618. +- removed CVE-2008-4474.patch (included in update) +- fixed buffer overflow (overflow.patch) +* Tue Feb 10 2009 prusnak@suse.cz +- fixed eDirectory bug on 64bit architectures (edir-64bit.patch) + [bnc#474006] * Fri Feb 06 2009 prusnak@suse.cz - moved manpages from section 1 to utils subpackage [bnc#469682] * Fri Jan 09 2009 prusnak@suse.cz