Upgrade to upstream 3.0.1 release, full config compatible with 3.0.0.

This is a roll-up of all upstream bugs fixes found in 3.0.0
See upstream ChangeLog for details (in freeradius-doc subpackage)
fixes bugs 1053020 1044747 1048474 1043036

.gitignore

@@ -6,3 +6,4 @@
 /freeradius-server-release_3_0_0_rc0.tar.gz
 /freeradius-server-release_3_0_0_rc1.tar.gz
 /freeradius-server-3.0.0.tar.bz2
+/freeradius-server-3.0.1.tar.bz2

freeradius-bool-config.patch

@@ -1,73 +0,0 @@
-From 3e038dd2b6ddc77eb27205d04252378f6038abcb Mon Sep 17 00:00:00 2001
-From: John Dennis <jdennis@redhat.com>
-Date: Wed, 13 Nov 2013 18:23:43 -0500
-Subject: [PATCH] PW_TYPE_BOOLEAN config item should be declared int, not bool
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-PW_TYPE_BOOLEAN config items are treated as int by the config
-parser in conffile.c. bools and ints are not the same size,
-on many architectures sizeof(bool) == 1 and sizeof(int) == 4
-
-Manifestation of the problem
-
-  # Loaded module rlm_exec
-  # Instantiating module "echo" from file /etc/raddb/mods-enabled/echo
-  exec echo {
-  	wait = yes
-  	program = "/bin/echo %{User-Name}"
-  	input_pairs = "request"
-  	output_pairs = "reply"
-  	shell_escape = yes
-  }
-Error: /etc/raddb/mods-enabled/echo[34]: Cannot read output pairs if wait = no
-Error: /etc/raddb/mods-enabled/echo[34]: Instantiation failed for module "echo"
-
-In rlm_exec.c:
-
-	if (!inst->wait &&
-	    (inst->output != NULL)) {
-		cf_log_err_cs(conf, "Cannot read output pairs if wait = no");
-		return -1;
-	}
-
-wait = yes in the config file and is parsed as TRUE which writes a 1
-into an integer but inst->wait is read as a byte so the test is not
-performed correctly.
----
- src/modules/rlm_exec/rlm_exec.c | 2 +-
- src/modules/rlm_pap/rlm_pap.c   | 4 ++--
- 2 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/modules/rlm_exec/rlm_exec.c b/src/modules/rlm_exec/rlm_exec.c
-index 0d8149d..4770359 100644
---- a/src/modules/rlm_exec/rlm_exec.c
-+++ b/src/modules/rlm_exec/rlm_exec.c
-@@ -33,7 +33,7 @@ RCSID("$Id$")
- typedef struct rlm_exec_t {
- 	char const	*xlat_name;
- 	int		bare;
--	bool		wait;
-+	int		wait;
- 	char		*program;
- 	char		*input;
- 	char		*output;
-diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
-index 7ebcedf..8ec63dc 100644
---- a/src/modules/rlm_pap/rlm_pap.c
-+++ b/src/modules/rlm_pap/rlm_pap.c
-@@ -42,9 +42,9 @@ RCSID("$Id$")
-  */
- typedef struct rlm_pap_t {
- 	char const *name;	/* CONF_SECTION->name, not strdup'd */
--	bool auto_header;
-+	int auto_header;
- 	int auth_type;
--	bool normify;
-+	int normify;
- } rlm_pap_t;
- 
- /*
--- 
-1.8.1.4
-

freeradius-postgres-sql.patch

@@ -0,0 +1,10 @@
+--- freeradius-server-3.0.0.orig/raddb/mods-config/sql/main/postgresql/setup.sql	2013-10-07 15:49:47.000000000 -0400
++++ freeradius-server-3.0.0/raddb/mods-config/sql/main/postgresql/setup.sql	2013-12-13 12:58:38.261559789 -0500
+@@ -29,4 +29,7 @@
+  * The server can write to the accounting and post-auth logging table.
+  */
+ GRANT SELECT, INSERT, UPDATE on radacct TO radius;
++GRANT SELECT, USAGE on radacct_radacctid_seq TO radius;
++
+ GRANT SELECT, INSERT, UPDATE on radpostauth TO radius;
++GRANT SELECT, USAGE on radpostauth_id_seq TO radius;

freeradius-rlm_leap.patch

@@ -1,88 +0,0 @@
-This patch is the collective application of the following 3
-upstream git commits for the v3.0.x branch.
-
-d8f91f97 Missed PAD macro
-4203125 Proper fix for calculating encoded session-key length
-e96eeea Increase size of LEAP session key buffer
-457beab Sanity checks for leap
-
-These are fixes for the following bugs:
-1031061 1031052
-
-diff -r -u freeradius-server-3.0.0.pre-patch/src/include/libradius.h freeradius-server-3.0.0/src/include/libradius.h
---- freeradius-server-3.0.0.pre-patch/src/include/libradius.h	2013-11-26 12:33:38.894517298 -0500
-+++ freeradius-server-3.0.0/src/include/libradius.h	2013-11-26 13:22:48.215581799 -0500
-@@ -103,6 +103,8 @@
- #define TAG_ANY			-128	/* minimum signed char */
- #define TAG_UNUSED		0
-
-+#define PAD(_x, _y)		(_y - ((_x) % _y))
-+
- #if defined(__GNUC__)
- # define PRINTF_LIKE(n) __attribute__ ((format(printf, n, n+1)))
- # define NEVER_RETURNS __attribute__ ((noreturn))
-@@ -424,6 +426,8 @@
- 			     uint8_t const *vector);
- int		rad_pwdecode(char *encpw, size_t len, char const *secret,
- 			     uint8_t const *vector);
-+
-+#define	FR_TUNNEL_PW_ENC_LENGTH(_x) (2 + 1 + _x + PAD(_x + 1, 16))
- int		rad_tunnel_pwencode(char *encpw, size_t *len, char const *secret,
- 				    uint8_t const *vector);
- int		rad_tunnel_pwdecode(uint8_t *encpw, size_t *len,
-diff -r -u freeradius-server-3.0.0.pre-patch/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c freeradius-server-3.0.0/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c
---- freeradius-server-3.0.0.pre-patch/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c	2013-11-26 12:33:38.645517611 -0500
-+++ freeradius-server-3.0.0/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c	2013-11-26 13:22:44.218580815 -0500
-@@ -324,7 +324,7 @@
- 	 */
- 	fr_md5_calc(hash, buffer, 16 + 8 + 24 + 8 + 24);
-
--	q = talloc_array(vp, char, 16 + sizeof("leap:session-key="));
-+	q = talloc_array(vp, char, FR_TUNNEL_PW_ENC_LENGTH(16) + sizeof("leap:session-key="));
- 	strcpy(q, "leap:session-key=");
-
- 	memcpy(q + 17, hash, 16);
-@@ -395,6 +395,9 @@
- {
- 	leap_packet_raw_t *data;
-
-+	rad_assert(eap_ds->request);
-+	rad_assert(reply);
-+
- 	/*
- 	 *  We need the name and the challenge.
- 	 */
-diff -r -u freeradius-server-3.0.0.pre-patch/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-3.0.0/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h
---- freeradius-server-3.0.0.pre-patch/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h	2013-11-26 12:33:38.645517611 -0500
-+++ freeradius-server-3.0.0/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h	2013-11-26 13:22:36.311578784 -0500
-@@ -41,10 +41,10 @@
- typedef struct leap_packet {
- 	unsigned char	code;
- 	unsigned char	id;
--	int		length;
-+	size_t		length;
- 	int		count;
- 	unsigned char	*challenge;
--	int		name_len;
-+	size_t		name_len;
- 	char		*name;
- } leap_packet_t;
-
-diff -r -u freeradius-server-3.0.0.pre-patch/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-3.0.0/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c
---- freeradius-server-3.0.0.pre-patch/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c	2013-11-26 12:33:38.645517611 -0500
-+++ freeradius-server-3.0.0/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c	2013-11-26 13:22:36.312578784 -0500
-@@ -96,11 +96,13 @@
- 	leap_packet_t	*reply;
- 	VALUE_PAIR	*password;
-
-+	rad_assert(request);
-+
- 	if (!handler->opaque) {
- 		REDEBUG("Cannot authenticate without LEAP history");
- 		return 0;
- 	}
--	session = (leap_session_t *) handler->opaque;
-+	session = talloc_get_type_abort(handler->opaque, leap_session_t);
- 	reply = NULL;
-
- 	/*

freeradius.spec

@@ -1,19 +1,19 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
-Version: 3.0.0
+Version: 3.0.1
-Release: 4%{?dist}
+Release: 1%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Daemons
 URL: http://www.freeradius.org/
 
 # Is elliptic curve cryptography supported?
-%if 0%{?rhel} >= 7 || 0%{fedora} >= 20
+%if 0%{?rhel} >= 7 || 0%{?fedora} >= 20
 %global HAVE_EC_CRYPTO 1
 %else
 %global HAVE_EC_CRYPTO 0
 %endif
 
-%global dist_base freeradius-server-3.0.0
+%global dist_base freeradius-server-%{version}
 
 Source0: ftp://ftp.freeradius.org/pub/radius/%{dist_base}.tar.bz2
 Source100: radiusd.service
@@ -22,8 +22,7 @@ Source103: freeradius-pam-conf
 Source104: freeradius-tmpfiles.conf
 
 Patch1: freeradius-redhat-config.patch
-Patch2: freeradius-bool-config.patch
+Patch2: freeradius-postgres-sql.patch
-Patch3: freeradius-rlm_leap.patch
 
 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
 
@@ -178,9 +177,10 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
 
 %prep
 %setup -q -n %{dist_base}
+# Note: We explicitly do not make patch backup files because the build
+# mistakenly include these files, especially problematic for raddb config files.
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
 
 %build
 # Force compile/link options, extra security for network facing daemon
@@ -409,6 +409,7 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/chap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/counter
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cui
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/date
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/detail
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/detail.example.com
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/detail.log
@@ -450,6 +451,7 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/soh
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sometimes
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sql
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sqlcounter
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sqlippool
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sradutmp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unix
@@ -532,6 +534,7 @@ exit 0
 %{_libdir}/freeradius/rlm_chap.so
 %{_libdir}/freeradius/rlm_counter.so
 %{_libdir}/freeradius/rlm_cram.so
+%{_libdir}/freeradius/rlm_date.so
 %{_libdir}/freeradius/rlm_detail.so
 %{_libdir}/freeradius/rlm_dhcp.so
 %{_libdir}/freeradius/rlm_digest.so
@@ -647,7 +650,10 @@ exit 0
 
 %files mysql
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/mysql
-%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/queries.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf
 
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/cui/mysql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/mysql/queries.conf
@@ -679,7 +685,10 @@ exit 0
 
 %files postgresql
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/postgresql
-%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/queries.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/dailycounter.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/expire_on_login.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/monthlycounter.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/noresetcounter.conf
 
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/cui/postgresql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/postgresql/queries.conf
@@ -702,6 +711,12 @@ exit 0
 %{_libdir}/freeradius/rlm_sql_postgresql.so
 
 %files sqlite
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/sqlite
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/dailycounter.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/expire_on_login.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/monthlycounter.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/noresetcounter.conf
+
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/cui/sqlite
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/sqlite/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/sqlite/schema.sql
@@ -727,6 +742,12 @@ exit 0
 %{_libdir}/freeradius/rlm_sql_unixodbc.so
 
 %changelog
+* Tue Jan 14 2014 John Dennis <jdennis@redhat.com> - 3.0.1-1
+- Upgrade to upstream 3.0.1 release, full config compatible with 3.0.0.
+  This is a roll-up of all upstream bugs fixes found in 3.0.0
+  See upstream ChangeLog for details (in freeradius-doc subpackage)
+- fixes bugs 1053020 1044747 1048474 1043036
+
 * Tue Nov 26 2013 John Dennis <jdennis@redhat.com> - 3.0.0-4
 - resolves: bug#1031035
   remove radeapclient man page,

sources

@@ -1 +1 @@
-e805282ff8fc2b273c23e44967322002  freeradius-server-3.0.0.tar.bz2
+40b7533582c3f870af117213e8905958  freeradius-server-3.0.1.tar.bz2