Upgrade to upstream 3.0.2 release
This commit is contained in:
Nikolai Kondrashov
parent
e49b2b8b75
commit
40fe27cec8
1
.gitignore
vendored
1
.gitignore
vendored
@ -7,3 +7,4 @@
|
||||
/freeradius-server-release_3_0_0_rc1.tar.gz
|
||||
/freeradius-server-3.0.0.tar.bz2
|
||||
/freeradius-server-3.0.1.tar.bz2
|
||||
/freeradius-server-3.0.2.tar.bz2
|
||||
|
||||
@ -1,13 +0,0 @@
|
||||
diff -r -u freeradius-server-3.0.1.bak/Make.inc.in freeradius-server-3.0.1/Make.inc.in
|
||||
--- freeradius-server-3.0.1.bak/Make.inc.in 2014-01-17 11:20:48.599733053 -0500
|
||||
+++ freeradius-server-3.0.1/Make.inc.in 2014-01-17 14:37:33.739853796 -0500
|
||||
@@ -47,7 +47,7 @@
|
||||
|
||||
CC = @CC@
|
||||
RANLIB = @RANLIB@
|
||||
-IMACROS = -imacros ${top_srcdir}/src/freeradius-devel/build.h -imacros ${top_srcdir}/src/freeradius-devel/autoconf.h -imacros ${top_srcdir}/src/freeradius-devel/features.h
|
||||
+IMACROS = -include ${top_srcdir}/src/freeradius-devel/build.h -include ${top_srcdir}/src/freeradius-devel/autoconf.h -include ${top_srcdir}/src/freeradius-devel/features.h
|
||||
INCLUDE = -I${top_srcdir} -I${top_srcdir}/src
|
||||
CFLAGS = $(IMACROS) $(INCLUDE) -std=c99 -fno-strict-aliasing @CFLAGS@
|
||||
CPPFLAGS = @CPPFLAGS@
|
||||
Only in freeradius-server-3.0.1: Make.inc.in~
|
||||
@ -1,109 +0,0 @@
|
||||
diff -r -u freeradius-server-3.0.1.bak/raddb/mods-available/ippool freeradius-server-3.0.1/raddb/mods-available/ippool
|
||||
--- freeradius-server-3.0.1.bak/raddb/mods-available/ippool 2014-01-17 11:20:48.609733064 -0500
|
||||
+++ freeradius-server-3.0.1/raddb/mods-available/ippool 2014-01-17 12:33:11.884537885 -0500
|
||||
@@ -1,6 +1,6 @@
|
||||
# -*- text -*-
|
||||
#
|
||||
-# $Id: d52dc9b385dec10e970ba9af070af612f25d596d $
|
||||
+# $Id: 1d3305ba45ec71336f55f8f1db05f183772e1b82 $
|
||||
|
||||
# Do server side ip pool management. Should be added in
|
||||
# post-auth and accounting sections.
|
||||
@@ -22,54 +22,45 @@
|
||||
# DEFAULT Group == teachers, Pool-Name := "teachers"
|
||||
# DEFAULT Group == other, Pool-Name := "DEFAULT"
|
||||
#
|
||||
-# ********* IF YOU CHANGE THE RANGE PARAMETERS YOU MUST *********
|
||||
-# ********* THEN ERASE THE DB FILES *********
|
||||
+# Note: If you change the range parameters you must then erase the
|
||||
+# db files.
|
||||
#
|
||||
ippool main_pool {
|
||||
+ # The main db file used to allocate addresses.
|
||||
+ filename = ${db_dir}/db.ippool
|
||||
|
||||
- # range-start,range-stop:
|
||||
- # The start and end ip addresses for this pool.
|
||||
+ # The start and end ip addresses for this pool.
|
||||
range_start = 192.0.2.1
|
||||
range_stop = 192.0.2.254
|
||||
|
||||
- # netmask:
|
||||
- # The network mask used for this pool.
|
||||
+ # The network mask used for this pool.
|
||||
netmask = 255.255.255.0
|
||||
|
||||
- # cache_size:
|
||||
- # The gdbm cache size for the db files. Should
|
||||
- # be equal to the number of ip's available in
|
||||
- # the ip pool
|
||||
+ # The gdbm cache size for the db files. Should
|
||||
+ # be equal to the number of ip's available in
|
||||
+ # the ip pool
|
||||
cache_size = 800
|
||||
|
||||
- # session-db:
|
||||
- # The main db file used to allocate addresses.
|
||||
- session_db = ${db_dir}/db.ippool
|
||||
-
|
||||
- # ip-index:
|
||||
- # Helper db index file used in multilink
|
||||
+ # Helper db index file used in multilink
|
||||
ip_index = ${db_dir}/db.ipindex
|
||||
|
||||
- # override:
|
||||
- # If set, the Framed-IP-Address already in the
|
||||
- # reply (if any) will be discarded, and replaced
|
||||
- # with a Framed-IP-Address assigned here.
|
||||
+ # If set, the Framed-IP-Address already in the
|
||||
+ # reply (if any) will be discarded, and replaced
|
||||
+ # ith a Framed-IP-Address assigned here.
|
||||
override = no
|
||||
|
||||
- # maximum-timeout:
|
||||
- # Specifies the maximum time in seconds that an
|
||||
- # entry may be active. If set to zero, means
|
||||
- # "no timeout". The default value is 0
|
||||
+ # Specifies the maximum time in seconds that an
|
||||
+ # entry may be active. If set to zero, means
|
||||
+ # "no timeout". The default value is 0
|
||||
maximum_timeout = 0
|
||||
|
||||
- # key:
|
||||
- # The key to use for the session database (which
|
||||
- # holds the allocated ip's) normally it should
|
||||
- # just be the nas ip/port (which is the default).
|
||||
+ # The key to use for the session database (which
|
||||
+ # holds the allocated ip's) normally it should
|
||||
+ # just be the nas ip/port (which is the default).
|
||||
#
|
||||
- # If your NAS sends the same value of NAS-Port
|
||||
- # all requests, the key should be based on some
|
||||
- # other attribute that is in ALL requests, AND
|
||||
- # is unique to each machine needing an IP address.
|
||||
- #key = "%{NAS-IP-Address} %{NAS-Port}"
|
||||
+ # If your NAS sends the same value of NAS-Port
|
||||
+ # all requests, the key should be based on some
|
||||
+ # other attribute that is in ALL requests, AND
|
||||
+ # is unique to each machine needing an IP address.
|
||||
+# key = "%{NAS-IP-Address} %{NAS-Port}"
|
||||
}
|
||||
commit 82d3d851e03fdc403c6694d5470905c489acb1b5
|
||||
Author: Alan T. DeKok <aland@freeradius.org>
|
||||
Date: Sat Jan 18 15:58:28 2014 -0500
|
||||
|
||||
Set the default length for the attributes
|
||||
|
||||
diff --git a/src/lib/valuepair.c b/src/lib/valuepair.c
|
||||
index d1d1fca..ac955ad 100644
|
||||
--- a/src/lib/valuepair.c
|
||||
+++ b/src/lib/valuepair.c
|
||||
@@ -109,6 +109,8 @@ VALUE_PAIR *pairalloc(TALLOC_CTX *ctx, DICT_ATTR const *da)
|
||||
vp->op = T_OP_EQ;
|
||||
vp->type = VT_NONE;
|
||||
|
||||
+ vp->length = da->flags.length;
|
||||
+
|
||||
talloc_set_destructor(vp, _pairfree);
|
||||
|
||||
return vp;
|
||||
@ -1,12 +0,0 @@
|
||||
diff -r -u freeradius-server-3.0.1.orig/raddb/mods-config/sql/main/mysql/schema.sql freeradius-server-3.0.1/raddb/mods-config/sql/main/mysql/schema.sql
|
||||
--- freeradius-server-3.0.1.orig/raddb/mods-config/sql/main/mysql/schema.sql 2014-01-13 20:13:56.000000000 -0500
|
||||
+++ freeradius-server-3.0.1/raddb/mods-config/sql/main/mysql/schema.sql 2014-01-21 12:37:29.349480066 -0500
|
||||
@@ -28,7 +28,7 @@
|
||||
acctupdatetime datetime NULL default NULL,
|
||||
acctstoptime datetime NULL default NULL,
|
||||
acctinterval int(12) default NULL,
|
||||
- acctsessiontime unsigned int(12) default NULL,
|
||||
+ acctsessiontime int(12) unsigned default NULL,
|
||||
acctauthentic varchar(32) default NULL,
|
||||
connectinfo_start varchar(50) default NULL,
|
||||
connectinfo_stop varchar(50) default NULL,
|
||||
@ -1,19 +0,0 @@
|
||||
commit 57d0db0e1dfa3fc25d0bfc146fec1c89a446a9ea
|
||||
Author: Alan T. DeKok <aland@freeradius.org>
|
||||
Date: Wed Jan 22 15:11:33 2014 -0500
|
||||
|
||||
Use size out output buffer, not size of output pointer
|
||||
|
||||
diff --git a/src/lib/print.c b/src/lib/print.c
|
||||
index a6e5391..5bc5e02 100644
|
||||
--- a/src/lib/print.c
|
||||
+++ b/src/lib/print.c
|
||||
@@ -266,7 +266,7 @@ size_t vp_prints_value(char *out, size_t outlen, VALUE_PAIR const *vp, int8_t qu
|
||||
return strlen(out);
|
||||
}
|
||||
|
||||
- return fr_print_string(vp->vp_strvalue, vp->length, out, sizeof(out));
|
||||
+ return fr_print_string(vp->vp_strvalue, vp->length, out, outlen);
|
||||
|
||||
case PW_TYPE_INTEGER:
|
||||
if (vp->da->flags.has_tag) {
|
||||
@ -1,48 +0,0 @@
|
||||
From ff5147c9e5088c7cf5c0b6ec6bfdd3a9d2042a28 Mon Sep 17 00:00:00 2001
|
||||
From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
|
||||
Date: Thu, 13 Feb 2014 13:49:54 +0000
|
||||
Subject: [PATCH 1/1] Fix potential crash with SSHA and salts > 44bytes
|
||||
|
||||
---
|
||||
src/modules/rlm_pap/rlm_pap.c | 10 ++++++----
|
||||
1 file changed, 6 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
|
||||
index 689acf0..1bf6d4e 100644
|
||||
--- a/src/modules/rlm_pap/rlm_pap.c
|
||||
+++ b/src/modules/rlm_pap/rlm_pap.c
|
||||
@@ -123,7 +123,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
|
||||
static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
|
||||
{
|
||||
|
||||
- uint8_t buffer[64];
|
||||
+ uint8_t buffer[256];
|
||||
|
||||
if (min_length >= sizeof(buffer)) return; /* paranoia */
|
||||
|
||||
@@ -132,9 +132,10 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
|
||||
*/
|
||||
if (vp->length >= (2 * min_length)) {
|
||||
size_t decoded;
|
||||
- decoded = fr_hex2bin(buffer, vp->vp_strvalue, vp->length >> 1);
|
||||
+ decoded = fr_hex2bin(buffer, vp->vp_strvalue, sizeof(buffer));
|
||||
if (decoded == (vp->length >> 1)) {
|
||||
- RDEBUG2("Normalizing %s from hex encoding", vp->da->name);
|
||||
+ RDEBUG2("Normalizing %s from hex encoding, %zu bytes -> %zu bytes",
|
||||
+ vp->da->name, vp->length, decoded);
|
||||
pairmemcpy(vp, buffer, decoded);
|
||||
return;
|
||||
}
|
||||
@@ -150,7 +151,8 @@ static void normify(REQUEST *request, VALUE_PAIR *vp, size_t min_length)
|
||||
sizeof(buffer));
|
||||
if (decoded < 0) return;
|
||||
if (decoded >= (ssize_t) min_length) {
|
||||
- RDEBUG2("Normalizing %s from base64 encoding", vp->da->name);
|
||||
+ RDEBUG2("Normalizing %s from base64 encoding, %zu bytes -> %zu bytes",
|
||||
+ vp->da->name, vp->length, decoded);
|
||||
pairmemcpy(vp, buffer, decoded);
|
||||
return;
|
||||
}
|
||||
--
|
||||
1.8.5.3
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: High-performance and highly configurable free RADIUS server
|
||||
Name: freeradius
|
||||
Version: 3.0.1
|
||||
Release: 4%{?dist}
|
||||
Version: 3.0.2
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+ and LGPLv2+
|
||||
Group: System Environment/Daemons
|
||||
URL: http://www.freeradius.org/
|
||||
@ -23,11 +23,6 @@ Source104: freeradius-tmpfiles.conf
|
||||
|
||||
Patch1: freeradius-redhat-config.patch
|
||||
Patch2: freeradius-postgres-sql.patch
|
||||
Patch3: freeradius-ippool.patch
|
||||
Patch4: freeradius-imacros.patch
|
||||
Patch5: freeradius-mysql-schema.patch
|
||||
Patch6: freeradius-perl.patch
|
||||
Patch7: freeradius-rlm_pap-overflow.patch
|
||||
|
||||
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
||||
|
||||
@ -186,11 +181,6 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
|
||||
# mistakenly includes the backup files, especially problematic for raddb config files.
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
|
||||
%build
|
||||
# Force compile/link options, extra security for network facing daemon
|
||||
@ -255,6 +245,7 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.la
|
||||
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/mssql
|
||||
|
||||
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/ippool/oracle
|
||||
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/ippool-dhcp/oracle
|
||||
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/oracle
|
||||
|
||||
|
||||
@ -336,6 +327,8 @@ exit 0
|
||||
%dir %attr(755,root,radiusd) /etc/raddb
|
||||
%defattr(-,root,radiusd)
|
||||
/etc/raddb/README.rst
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/panic.gdb
|
||||
|
||||
%attr(644,root,radiusd) %config(noreplace) /etc/raddb/dictionary
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/clients.conf
|
||||
|
||||
@ -465,6 +458,7 @@ exit 0
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sqlippool
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sradutmp
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unix
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unpack
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/utf8
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/wimax
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/yubikey
|
||||
@ -500,6 +494,7 @@ exit 0
|
||||
%config(missingok) /etc/raddb/mods-enabled/soh
|
||||
%config(missingok) /etc/raddb/mods-enabled/sradutmp
|
||||
%config(missingok) /etc/raddb/mods-enabled/unix
|
||||
%config(missingok) /etc/raddb/mods-enabled/unpack
|
||||
%config(missingok) /etc/raddb/mods-enabled/utf8
|
||||
|
||||
# policy
|
||||
@ -585,6 +580,7 @@ exit 0
|
||||
%{_libdir}/freeradius/rlm_sqlippool.so
|
||||
%{_libdir}/freeradius/rlm_sql_null.so
|
||||
%{_libdir}/freeradius/rlm_unix.so
|
||||
%{_libdir}/freeradius/rlm_unpack.so
|
||||
%{_libdir}/freeradius/rlm_utf8.so
|
||||
%{_libdir}/freeradius/rlm_wimax.so
|
||||
%{_libdir}/freeradius/rlm_yubikey.so
|
||||
@ -737,6 +733,7 @@ exit 0
|
||||
|
||||
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite/schema.sql
|
||||
|
||||
%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/sqlite
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/queries.conf
|
||||
@ -752,6 +749,11 @@ exit 0
|
||||
%{_libdir}/freeradius/rlm_sql_unixodbc.so
|
||||
|
||||
%changelog
|
||||
* Wed May 7 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.2-1
|
||||
- Upgrade to upstream 3.0.2 release, configuration compatible with 3.0.1.
|
||||
See upstream ChangeLog for details (in freeradius-doc subpackage)
|
||||
- Fixes bugs 1058884 1061408 1070447 1079500
|
||||
|
||||
* Mon Feb 24 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.1-4
|
||||
- Fix CVE-2014-2015 "freeradius: stack-based buffer overflow flaw in rlm_pap
|
||||
module"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user