diff --git a/.gitignore b/.gitignore index 1939ae4..49c9a03 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ freeradius-server-2.1.9.tar.bz2 /freeradius-server-2.1.10.tar.bz2 +/freeradius-server-2.1.11.tar.bz2 diff --git a/freeradius-cert-config.patch b/freeradius-cert-config.patch index 8390beb..03110ae 100644 --- a/freeradius-cert-config.patch +++ b/freeradius-cert-config.patch @@ -1,6 +1,6 @@ -diff -r -u freeradius-server-2.1.8.orig/raddb/certs/ca.cnf freeradius-server-2.1.8/raddb/certs/ca.cnf ---- freeradius-server-2.1.8.orig/raddb/certs/ca.cnf 2009-12-30 10:44:35.000000000 -0500 -+++ freeradius-server-2.1.8/raddb/certs/ca.cnf 2010-01-08 12:35:23.000000000 -0500 +diff -u -r freeradius-server-2.1.11.orig/raddb/certs/ca.cnf freeradius-server-2.1.11/raddb/certs/ca.cnf +--- freeradius-server-2.1.11.orig/raddb/certs/ca.cnf 2011-06-20 10:57:14.000000000 -0400 ++++ freeradius-server-2.1.11/raddb/certs/ca.cnf 2011-06-21 18:42:02.000000000 -0400 @@ -14,9 +14,9 @@ RANDFILE = $dir/.rand name_opt = ca_default @@ -13,10 +13,9 @@ diff -r -u freeradius-server-2.1.8.orig/raddb/certs/ca.cnf freeradius-server-2.1 preserve = no policy = policy_match -Only in freeradius-server-2.1.8/raddb/certs: ca.cnf~ -diff -r -u freeradius-server-2.1.8.orig/raddb/certs/client.cnf freeradius-server-2.1.8/raddb/certs/client.cnf ---- freeradius-server-2.1.8.orig/raddb/certs/client.cnf 2009-12-30 10:44:35.000000000 -0500 -+++ freeradius-server-2.1.8/raddb/certs/client.cnf 2010-01-08 12:35:37.000000000 -0500 +diff -u -r freeradius-server-2.1.11.orig/raddb/certs/client.cnf freeradius-server-2.1.11/raddb/certs/client.cnf +--- freeradius-server-2.1.11.orig/raddb/certs/client.cnf 2011-06-20 10:57:14.000000000 -0400 ++++ freeradius-server-2.1.11/raddb/certs/client.cnf 2011-06-21 18:42:02.000000000 -0400 @@ -14,9 +14,9 @@ RANDFILE = $dir/.rand name_opt = ca_default @@ -29,10 +28,9 @@ diff -r -u freeradius-server-2.1.8.orig/raddb/certs/client.cnf freeradius-server preserve = no policy = policy_match -Only in freeradius-server-2.1.8/raddb/certs: client.cnf~ -diff -r -u freeradius-server-2.1.8.orig/raddb/certs/server.cnf freeradius-server-2.1.8/raddb/certs/server.cnf ---- freeradius-server-2.1.8.orig/raddb/certs/server.cnf 2009-12-30 10:44:35.000000000 -0500 -+++ freeradius-server-2.1.8/raddb/certs/server.cnf 2010-01-08 12:35:05.000000000 -0500 +diff -u -r freeradius-server-2.1.11.orig/raddb/certs/server.cnf freeradius-server-2.1.11/raddb/certs/server.cnf +--- freeradius-server-2.1.11.orig/raddb/certs/server.cnf 2011-06-20 10:57:14.000000000 -0400 ++++ freeradius-server-2.1.11/raddb/certs/server.cnf 2011-06-21 18:42:02.000000000 -0400 @@ -14,9 +14,9 @@ RANDFILE = $dir/.rand name_opt = ca_default @@ -45,24 +43,19 @@ diff -r -u freeradius-server-2.1.8.orig/raddb/certs/server.cnf freeradius-server preserve = no policy = policy_match -Only in freeradius-server-2.1.8/raddb/certs: server.cnf~ -diff -r -u freeradius-server-2.1.8.orig/raddb/eap.conf freeradius-server-2.1.8/raddb/eap.conf ---- freeradius-server-2.1.8.orig/raddb/eap.conf 2009-12-30 10:44:35.000000000 -0500 -+++ freeradius-server-2.1.8/raddb/eap.conf 2010-01-08 12:36:04.000000000 -0500 -@@ -251,15 +251,6 @@ - cipher_list = "DEFAULT" - +diff -u -r freeradius-server-2.1.11.orig/raddb/eap.conf freeradius-server-2.1.11/raddb/eap.conf +--- freeradius-server-2.1.11.orig/raddb/eap.conf 2011-06-20 10:57:14.000000000 -0400 ++++ freeradius-server-2.1.11/raddb/eap.conf 2011-06-22 10:40:42.000000000 -0400 +@@ -281,7 +281,11 @@ + # for the server to print out an error message, + # and refuse to start. # -- -- # This configuration entry should be deleted -- # once the server is running in a normal -- # configuration. It is here ONLY to make -- # initial deployments easier. -- # - make_cert_command = "${certdir}/bootstrap" -- -- # - # Session resumption / fast reauthentication - # cache. ++ # Redhat RPM's run the bootstrap certificate creation ++ # as part of the RPM install (not upgrade), therefore ++ # the make_cert_command is commented out. ++ # ++ #make_cert_command = "${certdir}/bootstrap" + # -Only in freeradius-server-2.1.8/raddb: eap.conf~ + # Session resumption / fast reauthentication diff --git a/freeradius-lt-dladvise.patch b/freeradius-lt-dladvise.patch deleted file mode 100644 index 7eb4db1..0000000 --- a/freeradius-lt-dladvise.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -r -u freeradius-server-2.1.10.orig/autogen.sh freeradius-server-2.1.10/autogen.sh ---- freeradius-server-2.1.10.orig/autogen.sh 2010-09-28 07:03:56.000000000 -0400 -+++ freeradius-server-2.1.10/autogen.sh 2011-03-24 10:36:26.000000000 -0400 -@@ -16,6 +16,6 @@ - for F in $mysubdirs - do - echo "Configuring in $F..." -- (cd $F && grep "^AC_CONFIG_HEADER" configure.in > /dev/null && autoheader -I$parentdir) -+ (cd $F && grep "^AC_CONFIG_HEADER" configure.in > /dev/null || exit 0; autoheader -I$parentdir) - (cd $F && autoconf -I$parentdir) - done -Only in freeradius-server-2.1.10: autogen.sh~ -diff -r -u freeradius-server-2.1.10.orig/configure freeradius-server-2.1.10/configure ---- freeradius-server-2.1.10.orig/configure 2010-09-28 07:03:56.000000000 -0400 -+++ freeradius-server-2.1.10/configure 2011-03-23 18:09:45.000000000 -0400 -@@ -25121,7 +25121,7 @@ - if test $ac_cv_func_lt_dladvise_init = yes; then - - cat >>confdefs.h <<\_ACEOF --#define HAVE_HAVE_LT_DLADVISE_INIT -+#define HAVE_LT_DLADVISE_INIT - _ACEOF - - fi -Only in freeradius-server-2.1.10: configure~ -diff -r -u freeradius-server-2.1.10.orig/configure.in freeradius-server-2.1.10/configure.in ---- freeradius-server-2.1.10.orig/configure.in 2010-09-28 07:03:56.000000000 -0400 -+++ freeradius-server-2.1.10/configure.in 2011-03-23 18:09:33.000000000 -0400 -@@ -936,7 +936,7 @@ - - old_LIBS="$LIBS" - LIBS="$LIBS $LIBLTDL" --AC_CHECK_FUNC(lt_dladvise_init, AC_DEFINE(HAVE_HAVE_LT_DLADVISE_INIT, [], [Do we have the lt_dladvise_init function])) -+AC_CHECK_FUNC(lt_dladvise_init, AC_DEFINE(HAVE_LT_DLADVISE_INIT, [], [Do we have the lt_dladvise_init function])) - LIBS="$old_LIBS" - - dnl Check for libcrypt -Only in freeradius-server-2.1.10: configure.in~ diff --git a/freeradius-radtest-ipv6.patch b/freeradius-radtest-ipv6.patch deleted file mode 100644 index d2baf3d..0000000 --- a/freeradius-radtest-ipv6.patch +++ /dev/null @@ -1,61 +0,0 @@ ---- freeradius-server-2.1.10/src/main/radtest.in.orig 2011-02-14 16:19:05.000000000 -0500 -+++ freeradius-server-2.1.10/src/main/radtest.in 2011-02-14 16:24:18.000000000 -0500 -@@ -16,6 +16,8 @@ - echo " -t Set authentication method" >&2 - echo " type can be pap, chap, mschap, or eap-md5" >&2 - echo " -x Enable debug output" >&2 -+ echo " -4 Use IPv4 address family for the NAS (default)" >&2 -+ echo " -6 Use IPv6 address family for the NAS" >&2 - exit 1 - } - -@@ -30,6 +32,7 @@ - - OPTIONS= - PASSWORD="User-Password" -+family="IPv4" - - # We need at LEAST these many options - if [ $# -lt 5 ] -@@ -41,6 +44,14 @@ - while [ `echo "$1" | cut -c 1` = "-" ] - do - case "$1" in -+ -4) -+ family="IPv4" -+ shift -+ ;; -+ -6) -+ family="IPv6" -+ shift -+ ;; - -d) - OPTIONS="$OPTIONS -d $2" - shift;shift -@@ -97,10 +108,25 @@ - nas=`hostname` - fi - -+# Set the address family -+case "$family" in -+ IPv4) -+ OPTIONS="$OPTIONS -4" -+ NAS_ADDR_ATTR="NAS-IP-Address" -+ ;; -+ IPv6) -+ OPTIONS="$OPTIONS -6" -+ NAS_ADDR_ATTR="NAS-IPv6-Address" -+ ;; -+ *) -+ echo "ERROR: unknown address family ($family)" >&2 -+ usage -+esac -+ - ( - echo "User-Name = \"$1\"" - echo "$PASSWORD = \"$2\"" -- echo "NAS-IP-Address = $nas" -+ echo "$NAS_ADDR_ATTR = $nas" - echo "NAS-Port = $4" - if [ "$radclient" = "$radeapclient" ] - then diff --git a/freeradius.spec b/freeradius.spec index 19932b1..0edf6bc 100644 --- a/freeradius.spec +++ b/freeradius.spec @@ -1,7 +1,7 @@ Summary: High-performance and highly configurable free RADIUS server Name: freeradius -Version: 2.1.10 -Release: 8%{?dist} +Version: 2.1.11 +Release: 1%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Daemons URL: http://www.freeradius.org/ @@ -12,14 +12,6 @@ Source102: freeradius-logrotate Source103: freeradius-pam-conf Patch1: freeradius-cert-config.patch -Patch2: freeradius-radtest-ipv6.patch -# WARNING, when the lt-dladvise patch is removed the autogen.sh in the -# prep section should be removed as well, it's only necessary because -# upstream did not regenerate headers via autoheader which caused the -# newly added HAVE_LT_DLADVISE_INIT conditional to be omitted which is -# necessary to turn on the lt_dladvise* functions which is necessary -# to address bz #689045, (unresolved link errors for perl & python) -Patch3: freeradius-lt-dladvise.patch Obsoletes: freeradius-devel Obsoletes: freeradius-libs @@ -150,11 +142,8 @@ This plugin provides the unixODBC support for the FreeRADIUS server project. %prep %setup -q -n freeradius-server-%{version} %patch1 -p1 -b .cert-config -%patch2 -p1 -b .radtest-ipv6 -%patch3 -p1 -b .lt-dladvise # Some source files mistakenly have execute permissions set find $RPM_BUILD_DIR/freeradius-server-%{version} \( -name '*.c' -o -name '*.h' \) -a -perm /0111 -exec chmod a-x {} + -./autogen.sh %build %ifarch s390 s390x @@ -367,8 +356,12 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/preprocess %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/radutmp %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/realm +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/redis +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/rediswho +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/replicate %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/smbpasswd %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/smsotp +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/soh %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/sql_log %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/sqlcounter_expire_on_login %attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/sradutmp @@ -505,6 +498,10 @@ exit 0 %{_libdir}/freeradius/rlm_radutmp-%{version}.so %{_libdir}/freeradius/rlm_realm.so %{_libdir}/freeradius/rlm_realm-%{version}.so +%{_libdir}/freeradius/rlm_replicate.so +%{_libdir}/freeradius/rlm_replicate-%{version}.so +%{_libdir}/freeradius/rlm_soh.so +%{_libdir}/freeradius/rlm_soh-%{version}.so %{_libdir}/freeradius/rlm_sql.so %{_libdir}/freeradius/rlm_sql-%{version}.so %{_libdir}/freeradius/rlm_sql_log.so @@ -576,6 +573,126 @@ exit 0 %{_libdir}/freeradius/rlm_sql_unixodbc-%{version}.so %changelog +* Wed Jun 22 2011 John Dennis - 2.1.11-1 +- Upgrade to latest upstream release: 2.1.11 +- Remove the following two patches as upstream has incorporated them: + freeradius-radtest-ipv6.patch + freeradius-lt-dladvise.patch +- Upstream changelog for 2.1.11: + Feature improvements + * Added doc/rfc/rfc6158.txt: RADIUS Design Guidelines. + All vendors need to read it and follow its directions. + * Microsoft SoH support for PEAP from Phil Mayers. + See doc/SoH.txt + * Certificate "bootstrap" script now checks for certificate expiry. + See comments in raddb/eap.conf, and then "make_cert_command". + * Support for dynamic expansion of EAP-GTC challenges. + Patch from Alexander Clouter. + * OCSP support from Alex Bergmann. See raddb/eap.conf, "ocsp" + section. + * Updated dictionary.huawei, dictionary.3gpp, dictionary.3gpp3. + * Added dictionary.eltex, dictionary.motorola, and dictionary.ukerna. + * Experimental redis support from Gabriel Blanchard. + See raddb/modules/redis and raddb/modules/rediswho + * Add "key" to rlm_fastusers. Closes bug #126. + * Added scripts/radtee from original software at + http://horde.net/~jwm/software/misc/comparison-tee + * Updated radmin "man" page for new commands. + * radsniff now prints the hex decoding of the packet (-x -x -x) + * mschap module now reloads its configuration on HUP + * Added experimental "replicate" module. See raddb/modules/replicate + * Policy "foo" can now refer to module "foo". This lets you + over-ride the behavior of a module. + * Policy "foo.authorize" can now over-ride the behavior of module + "foo", "authorize" method. + * Produce errors in more situations when the configuration files + have invalid syntax. + + Bug fixes + * Ignore pre/post-proxy sections if proxying is disabled + * Add configure checks for pcap_fopen*. + * Fix call to otp_write in rlm_otp + * Fix issue with Access-Challenge checking from 2.1.10, when the + debug flag was set after server startup. Closes #116 and #117. + * Fix typo in zombie period start time. + * Fix leak in src/main/valuepair.c. Patch from James Ballantine. + * Allow radtest to use spaces in shared secret. + Patch from Cedric Carree. + * Remove extra calls to HMAC_CTX_init() in rlm_wimax, fixing leak. + Patch from James Ballantine. + * Remove MN-FA key generation. The NAS does this, not AAA. + Patch from Ben Weichman. + * Include dictionary.mikrotik by default. Closes bug #121. + * Add group membership query to MS-SQL examples. Closes bug #120. + * Don't cast NAS-Port to integer in Postgresql queries. + Closes bug #112. + * Fixes for libtool and autoconf from Sam Hartman. + * radsniff should read the dictionaries in more situations. + * Use fnmatch to check for detail file reader==writer. + Closes bug #128. + * Check for short writes (i.e. disk full) in rlm_detail. + Closes bug #130. Patches and testing from John Morrissey. + * Fix typo in src/lib/token.c. Closes bug #124 + * Allow workstation trust accounts to use MS-CHAP. + Closes bug #123. + * Assigning foo=`/bin/echo hello` now produces a syntax error + if it is done outside of an "update" section. + * Fix "too many open file descriptors" problem when using + "verify client" in eap.conf. + * Many fixes to dialup_admin for PHP5, by Stefan Winter. + * Allow preprocess module to have "hints = " and "huntgroups =", + which allows them to be empty or non-existent. + * Renamed "php3" files to "php" in dialup_admin/ + * Produce error when sub-TLVs are used in a dictionary. They are + supported only in the "master" branch, and not in 2.1.x. + * Minor fix in dictionary.redback. Closes bug #138. + * Fixed MySQL "NULL" issues in ippool.conf. Closes bug #129. + * Fix to Access-Challenge warning from Ken-ichirou Matsuzawa. + Closes bug #118. + * DHCP fixes to send unicast packets in more situations. + * Fix to udpfromto, to enable it to work on IPv6 networks. + * Fixes to the Oracle accounting_onoff_query. + * When using both IPv4 and IPv6 home servers, ensure that we use the + correct local socket for proxying. Closes bug #143. + * Suppress messages when thread pool is nearly full, all threads + are busy, and we can't create new threads. + * IPv6 is now enabled for udpfromto. Closes bug #141 + * Make sqlippool query buffer the same size as sql module. + Closes bug #139. + * Make Coa / Disconnect proxying work again. + * Configure scripts for rlm_caching from Nathaniel McCallum + * src/lib/dhcp.c and src/include/libradius.h are LGPL, not GPL. + * Updated password routines to use time-insensitive comparisons. + This prevents timing attacks (though none are known). + * Allow sqlite module to do normal SELECT queries. + * rlm_wimax now has a configure script + * Moved Ascend, USR, and Motorola "illegal" dictionaries to separate + files. See share/dictionary for explanations. + * Check for duplicate module definitions in the modules{} section, + and refuse to start if duplicates are found. + * Check for duplicate virtual servers, and refuse to start if + duplicates are found. + * Don't use udpfromto if source is INADDR_ANY. Closes bug #148. + * Check pre-conditions before running radmin "inject file". + * Don't over-ride "no match" with "match" for regexes. + Closes bug #152. + * Make retry and error message configurable in mschap. + See raddb/modules/mschap + * Allow EAP-MSCHAPv2 to send error message to client. This change + allows some clients to prompt the user for a new password. + See raddb/eap.conf, mschapv2 section, "send_error". + * Load the default virtual server before any others. + This matches what users expect, and reduces confusion. + * Fix configure checks for udpfromto. Fixes Debian bug #606866 + * Definitive fix for bug #35, where the server could crash under + certain loads. Changes src/lib/packet.c to use RB trees. + * Updated "configure" checks to allow IPv6 udpfromto on Linux. + * SQL module now returns NOOP if the accounting start/interim/stop + queries don't do anything. + * Allow %%{outer.control: ... } in string expansions + * home_server coa config now matches raddb/proxy.conf + * Never send a reply to a DHCP Release. + * Thu Jun 16 2011 Marcela Mašláňová - 2.1.10-8 - Perl mass rebuild diff --git a/sources b/sources index 9f6ab2e..98c709e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8ea2bd39460a06212decf2c14fdf3fb8 freeradius-server-2.1.10.tar.bz2 +96b21a95117d8ebde689c4c13c028d30 freeradius-server-2.1.11.tar.bz2