Upgrade to upstream v3.0.14 release
This commit is contained in:
parent
e824373dca
commit
9bca231714
1
.gitignore
vendored
1
.gitignore
vendored
@ -18,3 +18,4 @@
|
||||
/freeradius-server-3.0.11.tar.bz2
|
||||
/freeradius-server-3.0.12.tar.bz2
|
||||
/freeradius-server-3.0.13.tar.bz2
|
||||
/freeradius-server-3.0.14.tar.bz2
|
||||
|
@ -1,262 +0,0 @@
|
||||
From 7024d6ce061d57af65fe3a068803212581552f96 Mon Sep 17 00:00:00 2001
|
||||
From: "Alan T. DeKok" <aland@freeradius.org>
|
||||
Date: Fri, 10 Mar 2017 09:11:03 -0500
|
||||
Subject: [PATCH] Fix some issues found with static analyzers
|
||||
|
||||
Fix some issues found with static analyzers. Includes the following.
|
||||
|
||||
Coverity. Closes #1937
|
||||
|
||||
(cherry picked from commit 521e2a9bd3b1b49555bcd9fb90b03c456f616070)
|
||||
|
||||
Allo session resumption for RadSec connectins. Closes #1936
|
||||
|
||||
(cherry picked from commit 43efa4321d7cd9fca1184f999e1cadeff3afda02)
|
||||
|
||||
request->packet cannot be NULL. Helps with #1935
|
||||
|
||||
(cherry picked from commit 7f22c30476be495438d5bc4dbec2f618f09c0b15)
|
||||
|
||||
remove unused variable
|
||||
|
||||
(cherry picked from commit d9bfc70efbf575258425d2ca86160490e0c36a45)
|
||||
|
||||
close open FDs on error, and use error path in more situations
|
||||
|
||||
(cherry picked from commit e51af914bc5fdf879f821e6a1ecfe700bff937ca)
|
||||
|
||||
return RLM_MODULE_FAIL for default switch statement
|
||||
|
||||
(cherry picked from commit cdfa6e15065a4a616c96af516936117124a1c293)
|
||||
|
||||
Remove always-false condition in rlm_eap_fast
|
||||
|
||||
(cherry picked from commit 96d7a5e2bb393b4fd1b6cb6e0a6858e6c18eb96a)
|
||||
|
||||
Remove always-false condition from cf_item_parse
|
||||
|
||||
(cherry picked from commit 92624adf8170fb133b330fe02d8940a8bac86189)
|
||||
|
||||
Ensure that error is always initialized
|
||||
|
||||
(cherry picked from commit c483d8456e44747621334b318483c3a33752aaac)
|
||||
---
|
||||
src/main/command.c | 15 ++++++++-------
|
||||
src/main/conffile.c | 2 --
|
||||
src/main/process.c | 5 +++--
|
||||
src/main/tls.c | 12 ++++++------
|
||||
src/main/xlat.c | 6 +++++-
|
||||
src/modules/rlm_cache/rlm_cache.c | 3 ++-
|
||||
src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c | 3 ---
|
||||
src/modules/rlm_mschap/rlm_mschap.c | 2 +-
|
||||
8 files changed, 25 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/src/main/command.c b/src/main/command.c
|
||||
index d3b729f9a..34c5268d7 100644
|
||||
--- a/src/main/command.c
|
||||
+++ b/src/main/command.c
|
||||
@@ -345,7 +345,7 @@ static int fr_server_domain_socket_perm(UNUSED char const *path, UNUSED uid_t ui
|
||||
*/
|
||||
static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
|
||||
{
|
||||
- int dir_fd = -1, path_fd = -1, sock_fd = -1, parent_fd = -1;
|
||||
+ int dir_fd = -1, sock_fd = -1, parent_fd = -1;
|
||||
char const *name;
|
||||
char *buff = NULL, *dir = NULL, *p;
|
||||
|
||||
@@ -392,8 +392,9 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
|
||||
fr_strerror_printf("Failed determining parent directory");
|
||||
error:
|
||||
talloc_free(dir);
|
||||
- close(dir_fd);
|
||||
- close(path_fd);
|
||||
+ if (sock_fd >= 0) close(sock_fd);
|
||||
+ if (dir_fd >= 0) close(dir_fd);
|
||||
+ if (parent_fd >= 0) close(parent_fd);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -459,7 +460,7 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
|
||||
if (ret < 0) {
|
||||
fr_strerror_printf("Failed changing ownership of control socket directory: %s",
|
||||
fr_syserror(errno));
|
||||
- return -1;
|
||||
+ goto error;
|
||||
}
|
||||
/*
|
||||
* Control socket dir already exists, but we still need to
|
||||
@@ -527,7 +528,7 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
|
||||
if (client_fd >= 0) {
|
||||
fr_strerror_printf("Control socket '%s' is already in use", path);
|
||||
close(client_fd);
|
||||
- return -1;
|
||||
+ goto error;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -676,8 +677,8 @@ static int fr_server_domain_socket_perm(char const *path, uid_t uid, gid_t gid)
|
||||
if (uid != (uid_t)-1) rad_seuid(euid);
|
||||
if (gid != (gid_t)-1) rad_segid(egid);
|
||||
|
||||
- close(dir_fd);
|
||||
- close(path_fd);
|
||||
+ if (dir_fd >= 0) close(dir_fd);
|
||||
+ if (parent_fd >= 0) close(parent_fd);
|
||||
|
||||
return sock_fd;
|
||||
}
|
||||
diff --git a/src/main/conffile.c b/src/main/conffile.c
|
||||
index df78184bd..10c029a0e 100644
|
||||
--- a/src/main/conffile.c
|
||||
+++ b/src/main/conffile.c
|
||||
@@ -1474,7 +1474,6 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *d
|
||||
|
||||
if (!value) {
|
||||
if (required) {
|
||||
- is_required:
|
||||
cf_log_err(c_item, "Configuration item \"%s\" must have a value", name);
|
||||
|
||||
return -1;
|
||||
@@ -1620,7 +1619,6 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, unsigned int type, void *d
|
||||
}
|
||||
}
|
||||
|
||||
- if (required && !value) goto is_required;
|
||||
if (cant_be_empty && (value[0] == '\0')) goto cant_be_empty;
|
||||
|
||||
if (attribute) {
|
||||
diff --git a/src/main/process.c b/src/main/process.c
|
||||
index c5a690672..c3856c7a1 100644
|
||||
--- a/src/main/process.c
|
||||
+++ b/src/main/process.c
|
||||
@@ -2122,8 +2122,9 @@ static void remove_from_proxy_hash_nl(REQUEST *request, bool yank)
|
||||
}
|
||||
|
||||
#ifdef WITH_TCP
|
||||
- rad_assert(request->proxy_listener != NULL);
|
||||
- request->proxy_listener->count--;
|
||||
+ if (request->proxy_listener) {
|
||||
+ request->proxy_listener->count--;
|
||||
+ }
|
||||
#endif
|
||||
request->proxy_listener = NULL;
|
||||
|
||||
diff --git a/src/main/tls.c b/src/main/tls.c
|
||||
index caa7e62ed..a72be2b63 100644
|
||||
--- a/src/main/tls.c
|
||||
+++ b/src/main/tls.c
|
||||
@@ -1360,7 +1360,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
|
||||
blob_len = i2d_SSL_SESSION(sess, NULL);
|
||||
if (blob_len < 1) {
|
||||
/* something went wrong */
|
||||
- RWDEBUG("Session serialisation failed, couldn't determine required buffer length");
|
||||
+ if (request) RWDEBUG("Session serialisation failed, couldn't determine required buffer length");
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -1375,7 +1375,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
|
||||
p = sess_blob;
|
||||
rv = i2d_SSL_SESSION(sess, &p);
|
||||
if (rv != blob_len) {
|
||||
- RWDEBUG("Session serialisation failed");
|
||||
+ if (request) RWDEBUG("Session serialisation failed");
|
||||
goto error;
|
||||
}
|
||||
|
||||
@@ -1384,8 +1384,8 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
|
||||
conf->session_cache_path, FR_DIR_SEP, buffer);
|
||||
fd = open(filename, O_RDWR|O_CREAT|O_EXCL, 0600);
|
||||
if (fd < 0) {
|
||||
- RERROR("Session serialisation failed, failed opening session file %s: %s",
|
||||
- filename, fr_syserror(errno));
|
||||
+ if (request) RERROR("Session serialisation failed, failed opening session file %s: %s",
|
||||
+ filename, fr_syserror(errno));
|
||||
goto error;
|
||||
}
|
||||
|
||||
@@ -1409,7 +1409,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
|
||||
while (todo > 0) {
|
||||
rv = write(fd, p, todo);
|
||||
if (rv < 1) {
|
||||
- RWDEBUG("Failed writing session: %s", fr_syserror(errno));
|
||||
+ if (request) RWDEBUG("Failed writing session: %s", fr_syserror(errno));
|
||||
close(fd);
|
||||
goto error;
|
||||
}
|
||||
@@ -1417,7 +1417,7 @@ static int cbtls_new_session(SSL *ssl, SSL_SESSION *sess)
|
||||
todo -= rv;
|
||||
}
|
||||
close(fd);
|
||||
- RWDEBUG("Wrote session %s to %s (%d bytes)", buffer, filename, blob_len);
|
||||
+ if (request) RWDEBUG("Wrote session %s to %s (%d bytes)", buffer, filename, blob_len);
|
||||
}
|
||||
|
||||
error:
|
||||
diff --git a/src/main/xlat.c b/src/main/xlat.c
|
||||
index 31987289c..aeac3a4c3 100644
|
||||
--- a/src/main/xlat.c
|
||||
+++ b/src/main/xlat.c
|
||||
@@ -1787,7 +1787,10 @@ static ssize_t xlat_tokenize_request(REQUEST *request, char const *fmt, xlat_exp
|
||||
* much faster.
|
||||
*/
|
||||
tokens = talloc_typed_strdup(request, fmt);
|
||||
- if (!tokens) return -1;
|
||||
+ if (!tokens) {
|
||||
+ error = "Out of memory";
|
||||
+ return -1;
|
||||
+ }
|
||||
|
||||
slen = xlat_tokenize_literal(request, tokens, head, false, &error);
|
||||
|
||||
@@ -1806,6 +1809,7 @@ static ssize_t xlat_tokenize_request(REQUEST *request, char const *fmt, xlat_exp
|
||||
*/
|
||||
if (slen < 0) {
|
||||
talloc_free(tokens);
|
||||
+
|
||||
rad_assert(error != NULL);
|
||||
|
||||
REMARKER(fmt, -slen, error);
|
||||
diff --git a/src/modules/rlm_cache/rlm_cache.c b/src/modules/rlm_cache/rlm_cache.c
|
||||
index 248de8bf9..54449747f 100644
|
||||
--- a/src/modules/rlm_cache/rlm_cache.c
|
||||
+++ b/src/modules/rlm_cache/rlm_cache.c
|
||||
@@ -126,7 +126,8 @@ static void CC_HINT(nonnull) cache_merge(rlm_cache_t *inst, REQUEST *request, rl
|
||||
|
||||
RDEBUG2("Merging cache entry into request");
|
||||
|
||||
- if (c->packet && request->packet) {
|
||||
+ if (c->packet) {
|
||||
+ rad_assert(request->packet != NULL);
|
||||
rdebug_pair_list(L_DBG_LVL_2, request, c->packet, "&request:");
|
||||
radius_pairmove(request, &request->packet->vps, fr_pair_list_copy(request->packet, c->packet), false);
|
||||
}
|
||||
diff --git a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
|
||||
index dba2c1462..95e521718 100644
|
||||
--- a/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
|
||||
+++ b/src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
|
||||
@@ -1235,9 +1235,6 @@ PW_CODE eap_fast_process(eap_handler_t *eap_session, tls_session_t *tls_session)
|
||||
|
||||
eap_fast_append_result(tls_session, code);
|
||||
|
||||
- if (code == PW_CODE_ACCESS_REJECT)
|
||||
- break;
|
||||
-
|
||||
if (t->pac.send) {
|
||||
RDEBUG("Peer requires new PAC");
|
||||
eap_fast_send_pac_tunnel(request, tls_session);
|
||||
diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
|
||||
index aba15f826..c702f1b45 100644
|
||||
--- a/src/modules/rlm_mschap/rlm_mschap.c
|
||||
+++ b/src/modules/rlm_mschap/rlm_mschap.c
|
||||
@@ -1471,7 +1471,7 @@ static rlm_rcode_t mschap_error(rlm_mschap_t *inst, REQUEST *request, unsigned c
|
||||
break;
|
||||
|
||||
default:
|
||||
- rad_assert(0);
|
||||
+ return RLM_MODULE_FAIL;
|
||||
}
|
||||
mschap_add_reply(request, ident, "MS-CHAP-Error", buffer, strlen(buffer));
|
||||
|
||||
--
|
||||
2.11.0
|
||||
|
@ -1,30 +0,0 @@
|
||||
From bd67f9fc09690f0b3ac195cb9c57d51bd7a7dc23 Mon Sep 17 00:00:00 2001
|
||||
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
||||
Date: Wed, 29 Mar 2017 10:43:14 +0300
|
||||
Subject: [PATCH] Handle connection error in rlm_ldap_cacheable_groupobj
|
||||
|
||||
Closes #1951
|
||||
|
||||
(cherry picked from commit 208681c80e1149de888affdb87f34de0c371db50)
|
||||
---
|
||||
src/modules/rlm_ldap/groups.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/modules/rlm_ldap/groups.c b/src/modules/rlm_ldap/groups.c
|
||||
index 12f34da2a..5e0a1819e 100644
|
||||
--- a/src/modules/rlm_ldap/groups.c
|
||||
+++ b/src/modules/rlm_ldap/groups.c
|
||||
@@ -461,8 +461,10 @@ rlm_rcode_t rlm_ldap_cacheable_groupobj(rlm_ldap_t const *inst, REQUEST *request
|
||||
|
||||
case LDAP_PROC_NO_RESULT:
|
||||
RDEBUG2("No cacheable group memberships found in group objects");
|
||||
+ goto finish;
|
||||
|
||||
default:
|
||||
+ rcode = RLM_MODULE_FAIL;
|
||||
goto finish;
|
||||
}
|
||||
|
||||
--
|
||||
2.11.0
|
||||
|
@ -1,68 +0,0 @@
|
||||
From 5a83dc7697eb354b2a75ed36c6a39446cf020b87 Mon Sep 17 00:00:00 2001
|
||||
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
||||
Date: Tue, 14 Mar 2017 14:55:57 +0200
|
||||
Subject: [PATCH] Relax OpenSSL permissions for default key files
|
||||
|
||||
Recent versions of OpenSSL appear to create keys with owner-only
|
||||
permissions. Allow owning group to read the created default key files
|
||||
in raddb/certs, so that they stay the same as with older OpenSSL, and
|
||||
that the server can read its key.
|
||||
|
||||
(cherry picked from commit 29add135c8d1f1f7ccc6ab6ca25af87b48575a5b)
|
||||
---
|
||||
raddb/certs/Makefile | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/raddb/certs/Makefile b/raddb/certs/Makefile
|
||||
index 8141ae2b2..ef243c9b3 100644
|
||||
--- a/raddb/certs/Makefile
|
||||
+++ b/raddb/certs/Makefile
|
||||
@@ -62,6 +62,7 @@ ca.key ca.pem: ca.cnf
|
||||
@[ -f serial ] || $(MAKE) serial
|
||||
$(OPENSSL) req -new -x509 -keyout ca.key -out ca.pem \
|
||||
-days $(CA_DEFAULT_DAYS) -config ./ca.cnf
|
||||
+ chmod g+r ca.key
|
||||
|
||||
ca.der: ca.pem
|
||||
$(OPENSSL) x509 -inform PEM -outform DER -in ca.pem -out ca.der
|
||||
@@ -73,15 +74,18 @@ ca.der: ca.pem
|
||||
######################################################################
|
||||
server.csr server.key: server.cnf
|
||||
$(OPENSSL) req -new -out server.csr -keyout server.key -config ./server.cnf
|
||||
+ chmod g+r server.key
|
||||
|
||||
server.crt: server.csr ca.key ca.pem
|
||||
$(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key $(PASSWORD_CA) -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf
|
||||
|
||||
server.p12: server.crt
|
||||
$(OPENSSL) pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
|
||||
+ chmod g+r server.p12
|
||||
|
||||
server.pem: server.p12
|
||||
$(OPENSSL) pkcs12 -in server.p12 -out server.pem -passin pass:$(PASSWORD_SERVER) -passout pass:$(PASSWORD_SERVER)
|
||||
+ chmod g+r server.pem
|
||||
|
||||
.PHONY: server.vrfy
|
||||
server.vrfy: ca.pem
|
||||
@@ -95,15 +99,18 @@ server.vrfy: ca.pem
|
||||
######################################################################
|
||||
client.csr client.key: client.cnf
|
||||
$(OPENSSL) req -new -out client.csr -keyout client.key -config ./client.cnf
|
||||
+ chmod g+r client.key
|
||||
|
||||
client.crt: client.csr ca.pem ca.key
|
||||
$(OPENSSL) ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key $(PASSWORD_CA) -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf
|
||||
|
||||
client.p12: client.crt
|
||||
$(OPENSSL) pkcs12 -export -in client.crt -inkey client.key -out client.p12 -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
|
||||
+ chmod g+r client.p12
|
||||
|
||||
client.pem: client.p12
|
||||
$(OPENSSL) pkcs12 -in client.p12 -out client.pem -passin pass:$(PASSWORD_CLIENT) -passout pass:$(PASSWORD_CLIENT)
|
||||
+ chmod g+r client.pem
|
||||
cp client.pem $(USER_NAME).pem
|
||||
|
||||
.PHONY: client.vrfy
|
||||
--
|
||||
2.11.0
|
||||
|
@ -1,39 +0,0 @@
|
||||
From 362533a64646cce89799ba0759d4304b8de1e917 Mon Sep 17 00:00:00 2001
|
||||
From: "Alan T. DeKok" <aland@freeradius.org>
|
||||
Date: Tue, 7 Mar 2017 09:22:10 -0500
|
||||
Subject: [PATCH] radtest should use Cleartext-Password for EAP
|
||||
|
||||
(cherry picked from commit 0251c6c9d049f06c8f10974f9e67ef8142b17047)
|
||||
---
|
||||
src/main/radtest.in | 2 +-
|
||||
src/modules/rlm_eap/radeapclient.c | 1 +
|
||||
2 files changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/main/radtest.in b/src/main/radtest.in
|
||||
index 7f009ae68..38b1ba9a0 100644
|
||||
--- a/src/main/radtest.in
|
||||
+++ b/src/main/radtest.in
|
||||
@@ -81,7 +81,7 @@ do
|
||||
PASSWORD="MS-CHAP-Password"
|
||||
;;
|
||||
eap-md5)
|
||||
- PASSWORD="User-Password"
|
||||
+ PASSWORD="Cleartext-Password"
|
||||
if [ ! -x "$radeapclient" ]
|
||||
then
|
||||
echo "radtest: No 'radeapclient' program was found. Cannot perform EAP-MD5." >&1
|
||||
diff --git a/src/modules/rlm_eap/radeapclient.c b/src/modules/rlm_eap/radeapclient.c
|
||||
index 020d252f1..ff69361e4 100644
|
||||
--- a/src/modules/rlm_eap/radeapclient.c
|
||||
+++ b/src/modules/rlm_eap/radeapclient.c
|
||||
@@ -468,6 +468,7 @@ static int rc_init_packet(rc_transaction_t *trans)
|
||||
/*
|
||||
* Keep a copy of the the password attribute.
|
||||
*/
|
||||
+ case PW_CLEARTEXT_PASSWORD:
|
||||
case PW_USER_PASSWORD:
|
||||
case PW_CHAP_PASSWORD:
|
||||
case PW_MS_CHAP_PASSWORD:
|
||||
--
|
||||
2.11.0
|
||||
|
@ -1,7 +1,7 @@
|
||||
Summary: High-performance and highly configurable free RADIUS server
|
||||
Name: freeradius
|
||||
Version: 3.0.13
|
||||
Release: 3%{?dist}
|
||||
Version: 3.0.14
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+ and LGPLv2+
|
||||
Group: System Environment/Daemons
|
||||
URL: http://www.freeradius.org/
|
||||
@ -23,10 +23,6 @@ Source104: freeradius-tmpfiles.conf
|
||||
|
||||
Patch1: freeradius-redhat-config.patch
|
||||
Patch2: freeradius-Use-system-crypto-policy-by-default.patch
|
||||
Patch3: freeradius-Relax-OpenSSL-permissions-for-default-key-files.patch
|
||||
Patch4: freeradius-Fix-some-issues-found-with-static-analyzers.patch
|
||||
Patch5: freeradius-Handle-connection-error-in-rlm_ldap_cacheable_groupo.patch
|
||||
Patch6: freeradius-radtest-should-use-Cleartext-Password-for-EAP.patch
|
||||
|
||||
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
|
||||
|
||||
@ -196,10 +192,6 @@ This plugin provides the REST support for the FreeRADIUS server project.
|
||||
# mistakenly includes the backup files, especially problematic for raddb config files.
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
|
||||
%build
|
||||
# Force compile/link options, extra security for network facing daemon
|
||||
@ -275,11 +267,13 @@ rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/mssql
|
||||
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/ippool/oracle
|
||||
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/ippool-dhcp/oracle
|
||||
rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/oracle
|
||||
rm -r $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/moonshot-targeted-ids
|
||||
|
||||
rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-available/unbound
|
||||
rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-config/unbound/default.conf
|
||||
rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-available/couchbase
|
||||
rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-available/abfab*
|
||||
rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-available/moonshot-targeted-ids
|
||||
rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/policy.d/abfab*
|
||||
rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/policy.d/moonshot-targeted-ids
|
||||
rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/sites-available/abfab*
|
||||
@ -802,6 +796,11 @@ exit 0
|
||||
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
|
||||
|
||||
%changelog
|
||||
* Tue May 30 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.14-1
|
||||
- Upgrade to upstream v3.0.14 release.
|
||||
See upstream ChangeLog for details (in freeradius-doc subpackage).
|
||||
- Fix TLS resumption authentication bypass (CVE-2017-9148)
|
||||
|
||||
* Wed Mar 29 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-3
|
||||
- Explicitly disable rlm_cache_memcached to avoid error when the module's
|
||||
dependencies are installed, and it is built, but not packaged.
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (freeradius-server-3.0.13.tar.bz2) = 3184eb19e70a217706fceb22675be0e51f713f60d7341e7ee6e4e87d58e7efb948192d6206433d76de6b440633b31f4f897839751597370fe9c784d7c3eef30b
|
||||
SHA512 (freeradius-server-3.0.14.tar.bz2) = 8d42b7a5fd7ed0491c01ed9ed5f9994598c9ff2fd45eb3960abdfffffdf8084fe59bfc6eda84c3ef22bb045206b5f8f3dc7de47310d0582961796440ef4a1301
|
||||
|
Loading…
Reference in New Issue
Block a user