diff --git a/SOURCES/freeradius-Fix-unterminated-strings-in-SQL-queries.patch b/SOURCES/freeradius-Fix-unterminated-strings-in-SQL-queries.patch new file mode 100644 index 0000000..76b0a59 --- /dev/null +++ b/SOURCES/freeradius-Fix-unterminated-strings-in-SQL-queries.patch @@ -0,0 +1,41 @@ +From 3fd832baf898fe6d6f974cd2d36d1c5206bc2209 Mon Sep 17 00:00:00 2001 +From: Antonio Torres +Date: Fri, 12 Nov 2021 16:23:05 +0100 +Subject: [PATCH] Fix unterminated strings in SQL queries + +Resolves: bz#2021247 +Signed-off-by: Antonio Torres +--- + raddb/mods-config/sql/ippool/mysql/queries.conf | 2 +- + raddb/mods-config/sql/ippool/sqlite/queries.conf | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/raddb/mods-config/sql/ippool/mysql/queries.conf b/raddb/mods-config/sql/ippool/mysql/queries.conf +index 2dfc6574dd..444812a047 100644 +--- a/raddb/mods-config/sql/ippool/mysql/queries.conf ++++ b/raddb/mods-config/sql/ippool/mysql/queries.conf +@@ -114,7 +114,7 @@ allocate_update = "\ + nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool_key}', \ + callingstationid = '%{Calling-Station-Id}', \ + username = '%{User-Name}', expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \ +- WHERE framedipaddress = '%I' ++ WHERE framedipaddress = '%I'" + + # + # Use a stored procedure to find AND allocate the address. Read and customise +diff --git a/raddb/mods-config/sql/ippool/sqlite/queries.conf b/raddb/mods-config/sql/ippool/sqlite/queries.conf +index 31a5df3659..e92466108b 100644 +--- a/raddb/mods-config/sql/ippool/sqlite/queries.conf ++++ b/raddb/mods-config/sql/ippool/sqlite/queries.conf +@@ -89,7 +89,7 @@ allocate_update = "\ + callingstationid = '%{Calling-Station-Id}', \ + username = '%{User-Name}', \ + expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \ +- WHERE framedipaddress = '%I' ++ WHERE framedipaddress = '%I'" + + # + # This series of queries frees an IP number when an accounting START record arrives +-- +2.31.1 + diff --git a/SPECS/freeradius.spec b/SPECS/freeradius.spec index 5212f84..05f2f9e 100644 --- a/SPECS/freeradius.spec +++ b/SPECS/freeradius.spec @@ -9,7 +9,7 @@ Summary: High-performance and highly configurable free RADIUS server Name: freeradius Version: 3.0.20 -Release: 9%{?dist} +Release: 10%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Daemons URL: http://www.freeradius.org/ @@ -42,6 +42,7 @@ Patch9: freeradius-man-Fix-some-typos.patch Patch10: freeradius-Fix-resource-hard-limit-error.patch Patch11: freeradius-FIPS-exit-if-md5-not-allowed.patch Patch12: freeradius-bootstrap-run-only-once.patch +Patch13: freeradius-Fix-unterminated-strings-in-SQL-queries.patch %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} @@ -242,6 +243,7 @@ This plugin provides the REST support for the FreeRADIUS server project. %patch10 -p1 %patch11 -p1 %patch12 -p1 +%patch13 -p1 # Add fixed dhparam file to the source to ensure `make tests` can run. cp %{SOURCE105} raddb/certs/rfc3526-group-18-8192.dhparam @@ -892,6 +894,10 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest %changelog +* Tue Nov 23 2021 Antonio Torres - 3.0.20-10 +- Fix unterminated strings in SQL queries + Resolves: bz#2025888 + * Tue Aug 03 2021 Antonio Torres - 3.0.20-9 - radiusd.service: don't fail if bootstrap script is not present Resolves: bz#1954521