From b20155dc26e74baca9911e51aed365b5234fee5701b6fe0aca97405c3d04f540 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 11 Sep 2012 09:31:52 +0000 Subject: [PATCH] Accepting request 133519 from home:vitezslav_cizek:branches:network - update to 2.2.0 - see /usr/share/doc/packages/freeradius-server/ChangeLog for complete list of changes in this release - fixes CVE-2012-3547 (bnc#777834) - dropped freeradius-server-2.1.6-overflow.patch (upstream) - dropped freeradius-server-sha1-default.patch (upstream) - refreshed freeradius-server-fix-cert-bootstrap.patch OBS-URL: https://build.opensuse.org/request/show/133519 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=43 --- freeradius-server-2.1.12.tar.bz2 | 3 -- freeradius-server-2.1.6-overflow.patch | 13 -------- freeradius-server-2.2.0.tar.bz2 | 3 ++ freeradius-server-fix-cert-bootstrap.patch | 18 +++++----- freeradius-server-sha1-default.patch | 39 ---------------------- freeradius-server.changes | 11 ++++++ freeradius-server.spec | 7 ++-- 7 files changed, 25 insertions(+), 69 deletions(-) delete mode 100644 freeradius-server-2.1.12.tar.bz2 delete mode 100644 freeradius-server-2.1.6-overflow.patch create mode 100644 freeradius-server-2.2.0.tar.bz2 delete mode 100644 freeradius-server-sha1-default.patch diff --git a/freeradius-server-2.1.12.tar.bz2 b/freeradius-server-2.1.12.tar.bz2 deleted file mode 100644 index a93904e..0000000 --- a/freeradius-server-2.1.12.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b66bb2935b656e19f2b725df1162e7ac160537e8ef8266c2447779bb7d113172 -size 2670611 diff --git a/freeradius-server-2.1.6-overflow.patch b/freeradius-server-2.1.6-overflow.patch deleted file mode 100644 index 180f9c9..0000000 --- a/freeradius-server-2.1.6-overflow.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c -=================================================================== ---- src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c.orig 2010-06-21 21:15:56.000000000 +0200 -+++ src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c 2010-06-21 21:16:15.000000000 +0200 -@@ -771,7 +771,7 @@ static int sqlhpwippool_accounting(void - - nasip.s_addr = vp->vp_ipaddr; - strncpy(nasipstr, inet_ntoa(nasip), sizeof(nasipstr) - 1); -- nasipstr[sizeof(nasipstr)] = 0; -+ nasipstr[sizeof(nasipstr) - 1] = 0; - - if (!nvp_query(__LINE__, data, sqlsock, - "UPDATE `%s`.`ips`, `radacct` " diff --git a/freeradius-server-2.2.0.tar.bz2 b/freeradius-server-2.2.0.tar.bz2 new file mode 100644 index 0000000..1e1868b --- /dev/null +++ b/freeradius-server-2.2.0.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ad3e58fe2a723cbaafb8ca87677382a84bfb16e81b24f0d9ded71355a0218d35 +size 2703349 diff --git a/freeradius-server-fix-cert-bootstrap.patch b/freeradius-server-fix-cert-bootstrap.patch index 8312698..03e093d 100644 --- a/freeradius-server-fix-cert-bootstrap.patch +++ b/freeradius-server-fix-cert-bootstrap.patch @@ -1,13 +1,13 @@ -Index: freeradius-server-2.1.10/raddb/certs/Makefile +Index: freeradius-server-2.2.0/raddb/certs/Makefile =================================================================== ---- freeradius-server-2.1.10.orig/raddb/certs/Makefile -+++ freeradius-server-2.1.10/raddb/certs/Makefile +--- freeradius-server-2.2.0.orig/raddb/certs/Makefile 2012-09-10 13:51:34.000000000 +0200 ++++ freeradius-server-2.2.0/raddb/certs/Makefile 2012-09-10 15:46:54.505208498 +0200 @@ -51,7 +51,7 @@ dh: # Create a new self-signed CA certificate # ###################################################################### --ca.key ca.pem: ca.cnf -+ca.key ca.pem: +-ca.key ca.pem: ca.cnf index.txt serial ++ca.key ca.pem: index.txt serial openssl req -new -x509 -keyout ca.key -out ca.pem \ -days $(CA_DEFAULT_DAYS) -config ./ca.cnf @@ -29,10 +29,10 @@ Index: freeradius-server-2.1.10/raddb/certs/Makefile openssl req -new -out client.csr -keyout client.key -config ./client.cnf client.crt: client.csr ca.pem ca.key -Index: freeradius-server-2.1.10/raddb/certs/bootstrap +Index: freeradius-server-2.2.0/raddb/certs/bootstrap =================================================================== ---- freeradius-server-2.1.10.orig/raddb/certs/bootstrap -+++ freeradius-server-2.1.10/raddb/certs/bootstrap +--- freeradius-server-2.2.0.orig/raddb/certs/bootstrap 2012-09-10 13:51:34.000000000 +0200 ++++ freeradius-server-2.2.0/raddb/certs/bootstrap 2012-11-10 15:34:07.926849849 +0100 @@ -21,7 +21,9 @@ make -h > /dev/null 2>&1 # if [ "$?" = "0" ]; then @@ -44,7 +44,7 @@ Index: freeradius-server-2.1.10/raddb/certs/bootstrap fi # -@@ -79,3 +81,5 @@ fi +@@ -80,3 +82,5 @@ fi if [ ! -f client.crt ]; then openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf fi diff --git a/freeradius-server-sha1-default.patch b/freeradius-server-sha1-default.patch deleted file mode 100644 index e86b5d9..0000000 --- a/freeradius-server-sha1-default.patch +++ /dev/null @@ -1,39 +0,0 @@ -Index: freeradius-server-2.1.6/raddb/certs/ca.cnf -=================================================================== ---- freeradius-server-2.1.6.orig/raddb/certs/ca.cnf 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/raddb/certs/ca.cnf 2009-10-12 13:47:40.000000000 +0200 -@@ -16,7 +16,7 @@ name_opt = ca_default - cert_opt = ca_default - default_days = 365 - default_crl_days = 30 --default_md = md5 -+default_md = sha1 - preserve = no - policy = policy_match - -Index: freeradius-server-2.1.6/raddb/certs/client.cnf -=================================================================== ---- freeradius-server-2.1.6.orig/raddb/certs/client.cnf 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/raddb/certs/client.cnf 2009-10-12 13:47:45.000000000 +0200 -@@ -16,7 +16,7 @@ name_opt = ca_default - cert_opt = ca_default - default_days = 365 - default_crl_days = 30 --default_md = md5 -+default_md = sha1 - preserve = no - policy = policy_match - -Index: freeradius-server-2.1.6/raddb/certs/server.cnf -=================================================================== ---- freeradius-server-2.1.6.orig/raddb/certs/server.cnf 2009-05-18 13:13:55.000000000 +0200 -+++ freeradius-server-2.1.6/raddb/certs/server.cnf 2009-10-12 13:47:50.000000000 +0200 -@@ -16,7 +16,7 @@ name_opt = ca_default - cert_opt = ca_default - default_days = 365 - default_crl_days = 30 --default_md = md5 -+default_md = sha1 - preserve = no - policy = policy_match - diff --git a/freeradius-server.changes b/freeradius-server.changes index 569e7e2..e40b5ed 100644 --- a/freeradius-server.changes +++ b/freeradius-server.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Sat Sep 10 14:20:57 UTC 2012 - vcizek@suse.com + +- update to 2.2.0 + - see /usr/share/doc/packages/freeradius-server/ChangeLog + for complete list of changes in this release + - fixes CVE-2012-3547 (bnc#777834) + - dropped freeradius-server-2.1.6-overflow.patch (upstream) + - dropped freeradius-server-sha1-default.patch (upstream) + - refreshed freeradius-server-fix-cert-bootstrap.patch + ------------------------------------------------------------------- Mon May 28 11:47:32 UTC 2012 - vcizek@suse.com diff --git a/freeradius-server.spec b/freeradius-server.spec index 77d79ce..a00878c 100644 --- a/freeradius-server.spec +++ b/freeradius-server.spec @@ -17,7 +17,7 @@ Name: freeradius-server -Version: 2.1.12 +Version: 2.2.0 Release: 0 Summary: Very Highly Configurable Radius Server License: GPL-2.0 ; LGPL-2.1 @@ -27,8 +27,6 @@ Source: %{name}-%{version}.tar.bz2 Patch1: freeradius-server-2.1.6-dialup_admin.patch Patch2: freeradius-server-2.1.6-rcradiusd.patch Patch3: freeradius-server-2.1.6-codecleanup.patch -Patch5: freeradius-server-2.1.6-overflow.patch -Patch6: freeradius-server-sha1-default.patch Patch7: freeradius-server-fix-cert-bootstrap.patch Patch8: freeradius-server-initscript-pidfile.patch Patch9: freeradius-server-radius-reload-logrotate.patch @@ -179,8 +177,6 @@ This package contains FreeRADIUS Documentation %patch1 %patch2 %patch3 -%patch5 -%patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 @@ -210,6 +206,7 @@ export LDFLAGS="-pie" --with-experimental-modules \ --with-gnu-ld \ --with-system-libtool \ + --with-system-libltdl \ --with-udpfromto \ --without-rlm_eap_ikev2 \ --without-rlm_eap_tnc \