From 8f703895f50ee69c91cf4257b34095f7c98f63a8 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 29 Mar 2022 06:59:41 -0400
Subject: [PATCH] import freeradius-3.0.20-12.module+el8.6.0+13617+542eca26

---
 ...ix-segfault-when-home_server-is-null.patch | 51 +++++++++++++++++++
 ...-unterminated-strings-in-SQL-queries.patch | 41 +++++++++++++++
 SPECS/freeradius.spec                         | 18 ++++++-
 3 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/freeradius-Fix-segfault-when-home_server-is-null.patch
 create mode 100644 SOURCES/freeradius-Fix-unterminated-strings-in-SQL-queries.patch

diff --git a/SOURCES/freeradius-Fix-segfault-when-home_server-is-null.patch b/SOURCES/freeradius-Fix-segfault-when-home_server-is-null.patch
new file mode 100644
index 0000000..bd482f7
--- /dev/null
+++ b/SOURCES/freeradius-Fix-segfault-when-home_server-is-null.patch
@@ -0,0 +1,51 @@
+From e2de6fab148e800380f1929fe4ea88a38de42053 Mon Sep 17 00:00:00 2001
+From: "Alan T. DeKok" <aland@freeradius.org>
+Date: Wed, 20 Nov 2019 13:59:54 -0500
+Subject: [PATCH] a better fix for commit 30ffd21
+
+Which still runs post-proxy-type fail if all of the home servers
+are dead
+
+[antorres@redhat.com: solved in FR 3.0.21, resolves bz#2030173]
+[antorres@redhat.com: removed first hunk of commit, already present]
+---
+ src/main/process.c | 9 +++------
+ 1 file changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/src/main/process.c b/src/main/process.c
+index c8b3af24e2..1a48517d43 100644
+--- a/src/main/process.c
++++ b/src/main/process.c
+@@ -2475,13 +2474,12 @@ static int process_proxy_reply(REQUEST *request, RADIUS_PACKET *reply)
+ 	}
+ 
+ 	old_server = request->server;
+-	rad_assert(request->home_server != NULL);
+ 
+ 	/*
+ 	 *	If the home server is virtual, just run pre_proxy from
+ 	 *	that section.
+ 	 */
+-	if (request->home_server->server) {
++	if (request->home_server && request->home_server->server) {
+ 		request->server = request->home_server->server;
+ 
+ 	} else {
+@@ -3182,13 +3180,12 @@ do_home:
+ 	}
+ 
+ 	old_server = request->server;
+-	rad_assert(request->home_server != NULL);
+ 
+ 	/*
+ 	 *	If the home server is virtual, just run pre_proxy from
+ 	 *	that section.
+ 	 */
+-	if (request->home_server->server) {
++	if (request->home_server && request->home_server->server) {
+ 		request->server = request->home_server->server;
+ 
+ 	} else {
+-- 
+2.31.1
+
diff --git a/SOURCES/freeradius-Fix-unterminated-strings-in-SQL-queries.patch b/SOURCES/freeradius-Fix-unterminated-strings-in-SQL-queries.patch
new file mode 100644
index 0000000..76b0a59
--- /dev/null
+++ b/SOURCES/freeradius-Fix-unterminated-strings-in-SQL-queries.patch
@@ -0,0 +1,41 @@
+From 3fd832baf898fe6d6f974cd2d36d1c5206bc2209 Mon Sep 17 00:00:00 2001
+From: Antonio Torres <antorres@redhat.com>
+Date: Fri, 12 Nov 2021 16:23:05 +0100
+Subject: [PATCH] Fix unterminated strings in SQL queries
+
+Resolves: bz#2021247
+Signed-off-by: Antonio Torres <antorres@redhat.com>
+---
+ raddb/mods-config/sql/ippool/mysql/queries.conf  | 2 +-
+ raddb/mods-config/sql/ippool/sqlite/queries.conf | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/raddb/mods-config/sql/ippool/mysql/queries.conf b/raddb/mods-config/sql/ippool/mysql/queries.conf
+index 2dfc6574dd..444812a047 100644
+--- a/raddb/mods-config/sql/ippool/mysql/queries.conf
++++ b/raddb/mods-config/sql/ippool/mysql/queries.conf
+@@ -114,7 +114,7 @@ allocate_update = "\
+ 		nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool_key}', \
+ 		callingstationid = '%{Calling-Station-Id}', \
+ 		username = '%{User-Name}', expiry_time = NOW() + INTERVAL ${lease_duration} SECOND \
+-	WHERE framedipaddress = '%I'
++	WHERE framedipaddress = '%I'"
+ 
+ #
+ #  Use a stored procedure to find AND allocate the address. Read and customise
+diff --git a/raddb/mods-config/sql/ippool/sqlite/queries.conf b/raddb/mods-config/sql/ippool/sqlite/queries.conf
+index 31a5df3659..e92466108b 100644
+--- a/raddb/mods-config/sql/ippool/sqlite/queries.conf
++++ b/raddb/mods-config/sql/ippool/sqlite/queries.conf
+@@ -89,7 +89,7 @@ allocate_update = "\
+ 		callingstationid = '%{Calling-Station-Id}', \
+ 		username = '%{User-Name}', \
+ 		expiry_time = datetime(strftime('%%s', 'now') + ${lease_duration}, 'unixepoch') \
+-	WHERE framedipaddress = '%I'
++	WHERE framedipaddress = '%I'"
+ 
+ #
+ #  This series of queries frees an IP number when an accounting START record arrives
+-- 
+2.31.1
+
diff --git a/SPECS/freeradius.spec b/SPECS/freeradius.spec
index 5212f84..154f7a0 100644
--- a/SPECS/freeradius.spec
+++ b/SPECS/freeradius.spec
@@ -9,7 +9,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 3.0.20
-Release: 9%{?dist}
+Release: 12%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Daemons
 URL: http://www.freeradius.org/
@@ -42,6 +42,8 @@ Patch9: freeradius-man-Fix-some-typos.patch
 Patch10: freeradius-Fix-resource-hard-limit-error.patch
 Patch11: freeradius-FIPS-exit-if-md5-not-allowed.patch
 Patch12: freeradius-bootstrap-run-only-once.patch
+Patch13: freeradius-Fix-unterminated-strings-in-SQL-queries.patch
+Patch14: freeradius-Fix-segfault-when-home_server-is-null.patch
 
 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
 
@@ -242,6 +244,8 @@ This plugin provides the REST support for the FreeRADIUS server project.
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
+%patch13 -p1
+%patch14 -p1
 
 # Add fixed dhparam file to the source to ensure `make tests` can run.
 cp %{SOURCE105} raddb/certs/rfc3526-group-18-8192.dhparam
@@ -892,6 +896,18 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
 
 %changelog
+* Thu Dec 9 2021 Antonio Torres <antorres@redhat.com> - 3.0.20-12
+- Fix segfault when home_server is null
+  Resolves: bz#2030173
+
+* Thu Nov 18 2021 Antonio Torres <antorres@redhat.com> - 3.0.20-11
+- Fix unterminated strings in SQL queries
+  Resolves: bz#2021247
+
+* Fri Nov 12 2021 Antonio Torres <antorres@redhat.com> - 3.0.20-10
+- Rebuild to pick up latest json-c
+  Resolves: bz#2021818
+
 * Tue Aug 03 2021 Antonio Torres <antorres@redhat.com> - 3.0.20-9
 - radiusd.service: don't fail if bootstrap script is not present
   Resolves: bz#1954521