- resolves: bug#1031035

remove radeapclient man page,
  upstream no longer supports radeapclient, use eapol_test instead
- resolves: bug#1031061
  rlm_eap_leap memory corruption, see freeradius-rlm_leap.patch
- move man pages for utils into utils subpackage from doc subpackage
- fix HAVE_EC_CRYPTO test to include f20
- add new directory /var/run/radiusd/tmp
  update mods-available/eap so tls-common.verify.tmpdir to point to it

freeradius-redhat-config.patch

@@ -1,6 +1,27 @@
+diff -r -u freeradius-server-3.0.0.orig/raddb/mods-available/eap freeradius-server-3.0.0/raddb/mods-available/eap
+--- freeradius-server-3.0.0.orig/raddb/mods-available/eap	2013-10-07 15:49:47.000000000 -0400
++++ freeradius-server-3.0.0/raddb/mods-available/eap	2013-11-26 17:48:56.081183431 -0500
+@@ -435,7 +435,7 @@
+ 			#
+ 			#  You should also delete all of the files
+ 			#  in the directory when the server starts.
+-	#     		tmpdir = /tmp/radiusd
++	#     		tmpdir = /var/run/radiusd/tmp
+
+ 			#  The command used to verify the client cert.
+ 			#  We recommend using the OpenSSL command-line
+@@ -449,7 +449,7 @@
+ 			#  in PEM format.  This file is automatically
+ 			#  deleted by the server when the command
+ 			#  returns.
+-	#    		client = "/path/to/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
++	#    		client = "/usr/bin/openssl verify -CApath ${..ca_path} %{TLS-Client-Cert-Filename}"
+ 		}
+
+ 		#
 diff -r -u freeradius-server-3.0.0.orig/raddb/radiusd.conf.in freeradius-server-3.0.0/raddb/radiusd.conf.in
 --- freeradius-server-3.0.0.orig/raddb/radiusd.conf.in	2013-10-07 15:49:47.000000000 -0400
-+++ freeradius-server-3.0.0/raddb/radiusd.conf.in	2013-10-09 14:10:18.595543308 -0400
++++ freeradius-server-3.0.0/raddb/radiusd.conf.in	2013-11-26 17:24:52.263467793 -0500
 @@ -71,8 +71,7 @@
  cadir   = ${confdir}/certs
  run_dir = ${localstatedir}/run/${name}
@@ -22,4 +43,3 @@ diff -r -u freeradius-server-3.0.0.orig/raddb/radiusd.conf.in freeradius-server-
 
  	#  Core dumps are a bad thing.  This should only be set to
  	#  'yes' if you're debugging a problem with the server.
-Only in freeradius-server-3.0.0/raddb: radiusd.conf.in~

freeradius-rlm_leap.patch

@@ -0,0 +1,88 @@
+This patch is the collective application of the following 3
+upstream git commits for the v3.0.x branch.
+
+d8f91f97 Missed PAD macro
+4203125 Proper fix for calculating encoded session-key length
+e96eeea Increase size of LEAP session key buffer
+457beab Sanity checks for leap
+
+These are fixes for the following bugs:
+1031061 1031052
+
+diff -r -u freeradius-server-3.0.0.pre-patch/src/include/libradius.h freeradius-server-3.0.0/src/include/libradius.h
+--- freeradius-server-3.0.0.pre-patch/src/include/libradius.h	2013-11-26 12:33:38.894517298 -0500
++++ freeradius-server-3.0.0/src/include/libradius.h	2013-11-26 13:22:48.215581799 -0500
+@@ -103,6 +103,8 @@
+ #define TAG_ANY			-128	/* minimum signed char */
+ #define TAG_UNUSED		0
+
++#define PAD(_x, _y)		(_y - ((_x) % _y))
++
+ #if defined(__GNUC__)
+ # define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
+ # define NEVER_RETURNS __attribute__ ((noreturn))
+@@ -424,6 +426,8 @@
+ 			     uint8_t const *vector);
+ int		rad_pwdecode(char *encpw, size_t len, char const *secret,
+ 			     uint8_t const *vector);
++
++#define	FR_TUNNEL_PW_ENC_LENGTH(_x) (2 + 1 + _x + PAD(_x + 1, 16))
+ int		rad_tunnel_pwencode(char *encpw, size_t *len, char const *secret,
+ 				    uint8_t const *vector);
+ int		rad_tunnel_pwdecode(uint8_t *encpw, size_t *len,
+diff -r -u freeradius-server-3.0.0.pre-patch/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c freeradius-server-3.0.0/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c
+--- freeradius-server-3.0.0.pre-patch/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c	2013-11-26 12:33:38.645517611 -0500
++++ freeradius-server-3.0.0/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c	2013-11-26 13:22:44.218580815 -0500
+@@ -324,7 +324,7 @@
+ 	 */
+ 	fr_md5_calc(hash, buffer, 16 + 8 + 24 + 8 + 24);
+
+-	q = talloc_array(vp, char, 16 + sizeof("leap:session-key="));
++	q = talloc_array(vp, char, FR_TUNNEL_PW_ENC_LENGTH(16) + sizeof("leap:session-key="));
+ 	strcpy(q, "leap:session-key=");
+
+ 	memcpy(q + 17, hash, 16);
+@@ -395,6 +395,9 @@
+ {
+ 	leap_packet_raw_t *data;
+
++	rad_assert(eap_ds->request);
++	rad_assert(reply);
++
+ 	/*
+ 	 *  We need the name and the challenge.
+ 	 */
+diff -r -u freeradius-server-3.0.0.pre-patch/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-3.0.0/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h
+--- freeradius-server-3.0.0.pre-patch/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h	2013-11-26 12:33:38.645517611 -0500
++++ freeradius-server-3.0.0/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h	2013-11-26 13:22:36.311578784 -0500
+@@ -41,10 +41,10 @@
+ typedef struct leap_packet {
+ 	unsigned char	code;
+ 	unsigned char	id;
+-	int		length;
++	size_t		length;
+ 	int		count;
+ 	unsigned char	*challenge;
+-	int		name_len;
++	size_t		name_len;
+ 	char		*name;
+ } leap_packet_t;
+
+diff -r -u freeradius-server-3.0.0.pre-patch/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-3.0.0/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c
+--- freeradius-server-3.0.0.pre-patch/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c	2013-11-26 12:33:38.645517611 -0500
++++ freeradius-server-3.0.0/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c	2013-11-26 13:22:36.312578784 -0500
+@@ -96,11 +96,13 @@
+ 	leap_packet_t	*reply;
+ 	VALUE_PAIR	*password;
+
++	rad_assert(request);
++
+ 	if (!handler->opaque) {
+ 		REDEBUG("Cannot authenticate without LEAP history");
+ 		return 0;
+ 	}
+-	session = (leap_session_t *) handler->opaque;
++	session = talloc_get_type_abort(handler->opaque, leap_session_t);
+ 	reply = NULL;
+
+ 	/*

freeradius.spec

@@ -1,13 +1,13 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 3.0.0
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Daemons
 URL: http://www.freeradius.org/
 
 # Is elliptic curve cryptography supported?
-%if 0%{?rhel} >= 7
+%if 0%{?rhel} >= 7 || 0%{fedora} >= 20
 %global HAVE_EC_CRYPTO 1
 %else
 %global HAVE_EC_CRYPTO 0
@@ -23,6 +23,7 @@ Source104: freeradius-tmpfiles.conf
 
 Patch1: freeradius-redhat-config.patch
 Patch2: freeradius-bool-config.patch
+Patch3: freeradius-rlm_leap.patch
 
 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
 
@@ -177,8 +178,9 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
 
 %prep
 %setup -q -n %{dist_base}
-%patch1 -p1 -b .redhat-config
+%patch1 -p1
-%patch2 -p1 -b .bool-config
+%patch2 -p1
+%patch3 -p1
 
 %build
 # Force compile/link options, extra security for network facing daemon
@@ -219,6 +221,7 @@ install -D -m 644 %{SOURCE103} $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/radiusd
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d
 mkdir -p %{buildroot}%{_localstatedir}/run/
 install -d -m 0710 %{buildroot}%{_localstatedir}/run/radiusd/
+install -d -m 0700 %{buildroot}%{_localstatedir}/run/radiusd/tmp
 install -m 0644 %{SOURCE104} %{buildroot}%{_sysconfdir}/tmpfiles.d/radiusd.conf
 
 # remove unneeded stuff
@@ -233,6 +236,8 @@ rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/serial*
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/dh
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/random
 
+rm -f $RPM_BUILD_ROOT/%{_mandir}/man1/radeapclient.1
+
 rm -f $RPM_BUILD_ROOT/usr/sbin/rc.radiusd
 rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.a
 rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.la
@@ -314,6 +319,7 @@ exit 0
 %{_unitdir}/radiusd.service
 %config %{_sysconfdir}/tmpfiles.d/radiusd.conf
 %dir %attr(710,radiusd,radiusd) %{_localstatedir}/run/radiusd
+%dir %attr(700,radiusd,radiusd) %{_localstatedir}/run/radiusd/tmp
 %dir %attr(755,radiusd,radiusd) %{_localstatedir}/lib/radiusd
 
 # configs (raddb)
@@ -570,10 +576,6 @@ exit 0
 %{_libdir}/freeradius/rlm_wimax.so
 %{_libdir}/freeradius/rlm_yubikey.so
 
-%files doc
-
-%doc %{docdir}/
-
 # main man pages
 %doc %{_mandir}/man5/clients.conf.5.gz
 %doc %{_mandir}/man5/dictionary.5.gz
@@ -601,9 +603,16 @@ exit 0
 %doc %{_mandir}/man8/radmin.8.gz
 %doc %{_mandir}/man8/radrelay.8.gz
 
+%files doc
+
+%doc %{docdir}/
+
+
+%files utils
+/usr/bin/*
+
 # utils man pages
 %doc %{_mandir}/man1/radclient.1.gz
-%doc %{_mandir}/man1/radeapclient.1.gz
 %doc %{_mandir}/man1/radlast.1.gz
 %doc %{_mandir}/man1/radtest.1.gz
 %doc %{_mandir}/man1/radwho.1.gz
@@ -616,10 +625,6 @@ exit 0
 %doc %{_mandir}/man8/radsqlrelay.8.gz
 %doc %{_mandir}/man8/rlm_ippool_tool.8.gz
 
-
-%files utils
-/usr/bin/*
-
 %files devel
 /usr/include/freeradius
 
@@ -722,6 +727,17 @@ exit 0
 %{_libdir}/freeradius/rlm_sql_unixodbc.so
 
 %changelog
+* Tue Nov 26 2013 John Dennis <jdennis@redhat.com> - 3.0.0-4
+- resolves: bug#1031035
+  remove radeapclient man page,
+  upstream no longer supports radeapclient, use eapol_test instead
+- resolves: bug#1031061
+  rlm_eap_leap memory corruption, see freeradius-rlm_leap.patch
+- move man pages for utils into utils subpackage from doc subpackage
+- fix HAVE_EC_CRYPTO test to include f20
+- add new directory /var/run/radiusd/tmp
+  update mods-available/eap so tls-common.verify.tmpdir to point to it
+
 * Wed Nov 13 2013 John Dennis <jdennis@redhat.com> - 3.0.0-3
 - resolves: bug#1029941
   PW_TYPE_BOOLEAN config item should be declared int, not bool