diff --git a/freeradius-disable-jit-if-pcre-cant-allocate-memory.patch b/freeradius-disable-jit-if-pcre-cant-allocate-memory.patch new file mode 100644 index 0000000..1f9e6d0 --- /dev/null +++ b/freeradius-disable-jit-if-pcre-cant-allocate-memory.patch @@ -0,0 +1,48 @@ +From 35a226a33aa8a18b892c0ee1c46ea9f69b42b411 Mon Sep 17 00:00:00 2001 +From: "Alan T. DeKok" +Date: Fri, 22 Aug 2025 07:13:26 -0400 +Subject: [PATCH] run-time disable JIT if PCRE can't allocate executable + memory. + +[antorres@redhat.com]: This patch will be included in FreeRADIUS 3.2.9. +[antorres@redhat.com]: This patch has been modified to include the typo fix from 52fc9cd0b71848503fd3a3cdcb81d5440b890e09. +--- + src/lib/regex.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/src/lib/regex.c b/src/lib/regex.c +index 67fd16b2b680..f4d631471bcb 100644 +--- a/src/lib/regex.c ++++ b/src/lib/regex.c +@@ -152,11 +152,21 @@ ssize_t regex_compile(TALLOC_CTX *ctx, regex_t **out, char const *pattern, size_ + * expressions that are going to be + * evaluated repeatedly. + */ +- if (do_jit) { ++ if (do_jit) do { + ret = pcre2_jit_compile(preg->compiled, PCRE2_JIT_COMPLETE); + if (ret < 0) { + PCRE2_UCHAR errbuff[128]; + ++ /* ++ * PCRE can do JIT, but this UID ++ * cannot allocate executable ++ * memory. Stop trying to JIT things. ++ */ ++ if (ret == PCRE2_ERROR_NOMEMORY) { ++ do_jit = false; ++ break; ++ } ++ + pcre2_get_error_message(ret, errbuff, sizeof(errbuff)); + fr_strerror_printf("Pattern JIT failed: %s", (char *)errbuff); + talloc_free(preg); +@@ -164,7 +174,7 @@ ssize_t regex_compile(TALLOC_CTX *ctx, regex_t **out, char const *pattern, size_ + return 0; + } + preg->jitd = true; +- } ++ } while (0); + #endif + } + diff --git a/freeradius.spec b/freeradius.spec index 1e9a558..a410bd2 100644 --- a/freeradius.spec +++ b/freeradius.spec @@ -1,7 +1,7 @@ Summary: High-performance and highly configurable free RADIUS server Name: freeradius Version: 3.2.8 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL-2.0-or-later AND LGPL-2.0-or-later URL: http://www.freeradius.org/ @@ -32,6 +32,7 @@ Patch8: freeradius-configure-c99.patch Patch10: freeradius-no-sql-scripts.patch Patch11: freeradius-disable-openssl-engine.patch Patch12: freeradius-disable-perl-script.patch +Patch13: freeradius-disable-jit-if-pcre-cant-allocate-memory.patch %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} @@ -219,6 +220,7 @@ This plugin provides the REST support for the FreeRADIUS server project. %patch 10 -p1 %patch 11 -p1 %patch 12 -p1 +%patch 13 -p1 %build # Force compile/link options, extra security for network facing daemon @@ -920,6 +922,11 @@ EOF %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest %changelog +* Wed Sep 24 2025 Antonio Torres - 3.2.8-2 +- Disable JIT if PCRE can't allocate executable memory +- Fix warnings from service file + Resolves: RHEL-116594 + * Tue Sep 02 2025 Antonio Torres - 3.2.8-1 - Rebase to release 3.2.8 Resolves: RHEL-107671 diff --git a/radiusd.service b/radiusd.service index f545280..0f80f3f 100644 --- a/radiusd.service +++ b/radiusd.service @@ -4,8 +4,8 @@ After=syslog.target network-online.target ipa.service dirsrv.target krb5kdc.serv [Service] Type=forking -PIDFile=/var/run/radiusd/radiusd.pid -ExecStartPre=-/bin/chown -R radiusd.radiusd /var/run/radiusd +PIDFile=/run/radiusd/radiusd.pid +ExecStartPre=-/bin/chown -R radiusd:radiusd /run/radiusd ExecStartPre=/usr/sbin/radiusd -C ExecStart=/usr/sbin/radiusd -d /etc/raddb ExecReload=/usr/sbin/radiusd -C