Commit Graph

245 Commits

Author SHA1 Message Date
Nikolai Kondrashov
eaf19fc666 Upgrade to upstream v3.0.10 release
Upgrade to upstream v3.0.10 release, removing rlm_eap_tnc support as
tncfhh was retired.
Related: Bug#1133959
2015-12-10 15:47:05 +02:00
Nikolai Kondrashov
2fbcdb04d7 Mention bug 1133959 and changes in 3.0.9-1 changelog entry 2015-08-20 14:41:49 +03:00
Nikolai Kondrashov
ac256b1f9e Upgrade to upstream v3.0.9 release 2015-08-20 14:40:27 +03:00
Dennis Gilmore
14c0060acf - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 06:42:25 +00:00
Jitka Plesnikova
31a2e1f322 Perl 5.22 rebuild 2015-06-05 11:23:05 +02:00
Nikolai Kondrashov
89982523ab Add the new challenge site to the package
Related: Bug#1133959
2015-04-28 13:54:19 +03:00
Nikolai Kondrashov
ca58f5f6ac Remove freeradius-postgres-sql.patch as upstreamed
Related: Bug#1133959
2015-04-28 13:08:16 +03:00
Nikolai Kondrashov
2f1b9c4406 Add v3.0.8 tarball
Related: Bug#1133959
2015-04-28 12:54:43 +03:00
Nikolai Kondrashov
1bb86b1eb8 Add freeradius-rest subpackage
Resolves: Bug#1196276
2015-03-31 16:08:30 +03:00
Nikolai Kondrashov
9bf49420c8 Upgrade to upstream v3.0.7 release
Resolves: Bug#1133959
2015-03-31 16:08:30 +03:00
Nikolai Kondrashov
6ba73827f1 Move SNMP MIB installation out of cleanup chunk 2015-03-31 14:58:02 +03:00
Nikolai Kondrashov
aa41c2c44d Bump release number to catch up with Fedora 21. 2015-02-13 12:51:30 +01:00
Nikolai Kondrashov
f6201f6c98 Bump release number 2015-01-19 18:41:31 +02:00
Nikolai Kondrashov
2376f330f3 Fix OpenSSL version check issues
Resolves: Bug#1173821
2015-01-19 18:41:28 +02:00
Nikolai Kondrashov
c9fec23c45 raddb: Comment on ipaddr/ipv4addr/ipv6addr use
Describe combined ipaddr/ipv4addr/ipv6addr use in
raddb/sites-available/default.

Resolves: Bug#1168247
2015-01-19 17:52:26 +02:00
Nikolai Kondrashov
ba9071d76e Fix ipaddr fallback onto ipv6
Resolves: Bug#1168868
2015-01-19 17:52:26 +02:00
Nikolai Kondrashov
94d784ece8 raddb: Move trigger.conf INCLUDE before modules
Move "$INCLUDE trigger.conf" chunk before module section in
"radiusd.conf.in". This makes it possible to reference "snmptrap" and
related trigger variables under "pool.trigger" in module configurations,
simplifying them.

Resolves: Bug#1155961
2015-01-19 17:52:26 +02:00
Nikolai Kondrashov
7eb2ab3d96 Improve dhcpclient and rad_counter online help
Resolves: Bug:#1146966
2015-01-19 17:52:26 +02:00
Nikolai Kondrashov
11209699e6 valuepair: Don't remove unknown backslash
Don't remove backslash from unkown escape sequences in pairparsevalue,
adhering to behavior common to most other programs dealing with
backslash escape sequences.

Resolves: Bug#1173526
2015-01-19 17:52:26 +02:00
Nikolai Kondrashov
46c7f7b947 Update clients(5) man page
Remove attribute description from clients.conf(5) source as it is
outdated, lists just a few attributes and wasn't updated for more than a
year. Refer to clients.conf file itself, instead.

Remove references to non-existent naslist and clients manpages as they
are confusing.

Resolves: bug#1147464
2015-01-19 17:52:26 +02:00
Nikolai Kondrashov
f683c66d9f Don't install rbmonkey
Remove rbmonkey from installation as it is a test tool and is only
useful to upstream developers.

Related: Bug#1146966
2015-01-19 17:52:26 +02:00
Nikolai Kondrashov
9f95b2d211 Add -D option support to dhcpclient
Add support for -D option to radclient. The option allows overriding the
main dictionary directory location. This fixes the inability to fully
override dictionary locations introduced with
"freeradius-fix-dhcp-dictionary-loading.patch".

Related: Bug#1146939
2015-01-19 17:52:26 +02:00
Nikolai Kondrashov
34d5060c31 Disable rlm_rest building explicitly
Resolves: Bug#1162156
2015-01-19 17:52:26 +02:00
Nikolai Kondrashov
12ea0067d5 Fix PW_TYPE_FILE_INPUT handling in cf_item_parse
This fixes the following Coverity issues:

    Error: DEADCODE (CWE-561):
    freeradius-server-3.0.4/src/main/conffile.c:1002: assignment: Assigning: "type" &= "255".
    freeradius-server-3.0.4/src/main/conffile.c:1041: between: When switching on "type", the value of "type" must be between 0 and 255.
    freeradius-server-3.0.4/src/main/conffile.c:1167: dead_error_condition: The switch value "type" cannot be "16385".
    freeradius-server-3.0.4/src/main/conffile.c:1167: dead_error_line: Execution cannot reach this statement: "case 16385:".

    Error: DEADCODE (CWE-561):
    freeradius-server-3.0.4/src/main/conffile.c:1002: assignment: Assigning: "type" &= "255".
    freeradius-server-3.0.4/src/main/conffile.c:1041: between: When switching on "type", the value of "type" must be between 0 and 255.
    freeradius-server-3.0.4/src/main/conffile.c:1168: dead_error_condition: The switch value "type" cannot be "32769".
    freeradius-server-3.0.4/src/main/conffile.c:1168: dead_error_begin: Execution cannot reach this statement: "case 32769:".

Resolves: Bug#1120234
2015-01-19 17:52:25 +02:00
Nikolai Kondrashov
2c2e39afa9 Don't return stack memory in fr_getgrnam
This fixes the following Coverity issue:

    Error: RETURN_LOCAL (CWE-562):
    freeradius-server-3.0.4/src/modules/rlm_unix/rlm_unix.c:87: local_ptr_identity_local: "getgrnam_r(name, &my_group, group_buffer, group_size, &grp)" stores "&my_group" (address of local variable "my_group") into "grp".
    freeradius-server-3.0.4/src/modules/rlm_unix/rlm_unix.c:99: return_local_addr_alias: Returning pointer "grp" which points to local variable "my_group".

Resolves: Bug#1120234
2015-01-19 17:52:25 +02:00
Nikolai Kondrashov
d3ba025501 Fix triggers
Resolves: Bug#1110407
Resolves: Bug#1110414
Resolves: Bug#1110186
Resolves: Bug#1109164
2015-01-19 17:52:25 +02:00
Nikolai Kondrashov
aba3ebe6cb Fix radtest manpage patch order
Resolves: Bug#1146898
Resolves: Bug#1114669
2015-01-19 17:52:25 +02:00
Nikolai Kondrashov
808cec9332 man: Mention eap-md5 in radtest synopsis
Resolves: Bug#1146898
2015-01-19 17:52:25 +02:00
Nikolai Kondrashov
2df4c752f4 man: Add -P option to radtest synopsis
Resolves: Bug#1114669
2015-01-19 17:52:25 +02:00
Nikolai Kondrashov
5309cc43a0 Remove OpenSSL version checking
Resolves: Bug#1155070
2015-01-19 17:52:25 +02:00
Nikolai Kondrashov
d2cf93dd4f Fix five issues 2014-10-14 15:33:44 +03:00
Nikolai Kondrashov
4004751c5f Upgrade to upstream 3.0.4 release
Resolves Bug#1099620.
2014-09-15 15:55:02 +03:00
Nikolai Kondrashov
535989e72f Package radeapclient manpage 2014-09-15 11:31:25 +03:00
Jitka Plesnikova
e25b8f7df0 Perl 5.20 mass 2014-09-09 11:18:31 +02:00
Nikolai Kondrashov
29de2eaf88 Upgrade to upstream 3.0.4rc2 release
Resolves Bug#1133959.
2014-09-08 14:49:03 +03:00
Jitka Plesnikova
9bfd6e3a48 Perl 5.20 rebuild 2014-08-27 00:06:31 +02:00
Peter Robinson
b93b3eff69 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-16 13:10:52 +00:00
Nikolai Kondrashov
ceecb0dd0f Install SNMP MIB files
Install SNMP MIB files. Resolves Bug#1109159.
2014-07-17 21:14:26 +03:00
Petr Písař
b94e9eabee Remove second %changelog macro
This typo is fatal with current rpmbuild.
2014-07-04 12:52:13 +02:00
Dennis Gilmore
79f321758c - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 07:50:41 -05:00
Nikolai Kondrashov
e529cbbf6e Require OpenSSL with patched heartbleed 2014-06-03 14:37:59 +03:00
Nikolai Kondrashov
72d1fd0ce9 Upgrade to upstream 3.0.3 release 2014-05-24 16:50:57 +03:00
Nikolai Kondrashov
40fe27cec8 Upgrade to upstream 3.0.2 release 2014-05-07 17:57:01 +03:00
Nikolai Kondrashov
e49b2b8b75 Fix CVE-2014-2015 stack-based overflow in rlm_pap
Fix CVE-2014-2015 "freeradius: stack-based buffer overflow flaw in
rlm_pap module"
2014-02-26 17:28:40 +02:00
John Dennis
700c3a939c resolves: bug#1068798 (fedora 1068795)
rlm_perl attribute values truncated
2014-02-21 17:21:47 -05:00
John Dennis
695482aab2 - resolves: bug#1055073 (fedora 1055072)
rlm_ippool; bad config file attribute and fails to send reply attributes
- resolves: bug#1055567 (fedora 1056227)
  bad mysql sql syntax
- change CFLAGS -imacros to -include to address gcc/gdb bug 1004526
  where gdb will not display source information, only <command-line>
2014-01-21 13:50:00 -05:00
John Dennis
bf50edada9 Upgrade to upstream 3.0.1 release, full config compatible with 3.0.0.
This is a roll-up of all upstream bugs fixes found in 3.0.0
See upstream ChangeLog for details (in freeradius-doc subpackage)
fixes bugs 1053020 1044747 1048474 1043036
2014-01-14 16:45:03 -05:00
John Dennis
b70e15694d - resolves: bug#1031035
remove radeapclient man page,
  upstream no longer supports radeapclient, use eapol_test instead
- resolves: bug#1031061
  rlm_eap_leap memory corruption, see freeradius-rlm_leap.patch
- move man pages for utils into utils subpackage from doc subpackage
- fix HAVE_EC_CRYPTO test to include f20
- add new directory /var/run/radiusd/tmp
  update mods-available/eap so tls-common.verify.tmpdir to point to it
2013-11-26 18:33:56 -05:00
John Dennis
5a03d53029 resolves: bug#1029941
PW_TYPE_BOOLEAN config item should be declared int, not bool
2013-11-13 18:59:04 -05:00
John Dennis
e79fcfae3e - Offical 3.0 gold release from upstream
- resolves: bug#1016873
- resolves: bug#891297
2013-10-13 10:18:09 -04:00
John Dennis
f350608ec6 add mising changelog entry in spec file 2013-09-08 08:55:34 -04:00
John Dennis
edb1c66e07 Upgrade to second 3.0 release candidate rc1. 2013-09-08 08:44:42 -04:00
John Dennis
676058b3fa add missingok config attribute to /etc/raddb/sites-enabled/* symlinks 2013-08-26 10:26:30 -04:00
Petr Písař
e166319454 Perl 5.18 rebuild 2013-08-03 15:20:10 +02:00
Ville Skyttä
180a0f9b55 Install docs to %{_pkgdocdir} where available. 2013-07-26 22:58:43 +03:00
John Dennis
3a6372f03e make HAVE_EC_CRYPTO flag be dependent on rhel version (>= 7) 2013-07-26 10:27:18 -04:00
John Dennis
dab27e1b50 Move all documentation into doc sub-package. 2013-07-23 12:36:20 -04:00
John Dennis
e67ff3478a fix release tag, it did not follow the guidelines in
https://fedoraproject.org/wiki/Packaging:NamingGuidelines?rd=Packaging/NamingGuidelines#Pre-Release_packages
exchange the position of the .0 and .rc0 fields
2013-07-23 10:34:24 -04:00
John Dennis
c98f5f2c63 Merge branch 'master' of ssh://pkgs.fedoraproject.org/freeradius
Conflicts:
	freeradius.spec
2013-07-22 19:05:00 -04:00
John Dennis
7e11ad3d44 Upgrade to upstream major new version 3.0 (pre-release rc0) 2013-07-22 18:52:14 -04:00
Petr Písař
e57796e0e2 Perl 5.18 rebuild 2013-07-17 15:42:10 +02:00
Dennis Gilmore
3ea30fb14e - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild 2013-02-13 16:00:33 -06:00
John Dennis
fe6c73bf2d resolves: bug#850119 - Introduce new systemd-rpm macros (>= F18) 2012-12-14 19:13:47 -05:00
John Dennis
ee04dacd73 - add compile option -fno-strict-aliasing 2012-12-13 18:28:30 -05:00
John Dennis
4f7fa609b4 - specify homedir (/var/lib/radiusd) for radiusd user in useradd,
do not permit useradd to default the homedir.
2012-12-13 12:11:47 -05:00
John Dennis
9758ebeea8 - add security options to compiler/linker 2012-12-12 20:08:48 -05:00
John Dennis
7d799aba5f - fix build issue
- use upstream version of freeradius-exclude-config-file.patch
2012-12-10 18:27:28 -05:00
John Dennis
30eb81d451 resolves: bug#876564 - fails to start without freeradius-mysql 2012-12-10 16:00:01 -05:00
John Dennis
a042850900 Merge branch 'master' of ssh://pkgs.fedoraproject.org/freeradius
Conflicts:
	freeradius.spec
2012-10-03 15:23:48 -04:00
John Dennis
eee86a133e - Add new patch to avoid reading .rpmnew, .rpmsave and other invalid
files when loading config files
- Upgrade to new 2.2.0 upstream release
2012-10-03 15:19:41 -04:00
Dennis Gilmore
8765fdcc14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-18 22:15:33 -05:00
Petr Písař
cab08678e1 Perl 5.16 rebuild 2012-06-08 16:32:19 +02:00
John Dennis
f106651b97 resolves: bug#821407 - openssl dependency 2012-05-15 16:27:31 -04:00
John Dennis
03c55b0eab resolves: bug#810605 Segfault with freeradius-perl threading 2012-04-14 14:13:37 -04:00
John Dennis
75432c6005 Fixing bugs in RHEL6 rebase, applying fixes here as well
resolves: bug#700870 freeradius not compiled with --with-udpfromto
resolves: bug#753764 shadow password expiration does not work
resolves: bug#712803 radtest script is not working with eap-md5 option
resolves: bug#690756 errors in raddb/sql/postgresql/admin.sql template
2012-02-28 14:06:15 -05:00
John Dennis
2e5155583e resolves: bug#781877 (from RHEL5) rlm_dbm_parse man page misspelled
resolves: bug#760193 (from RHEL5) radtest PPPhint option is not parsed properly
2012-02-07 15:58:06 -05:00
John Dennis
05e34fe1d0 resolves: bug#781744
systemd service file incorrectly listed pid file as
/var/run/radiusd/radiusd which it should have been
/var/run/radiusd/radiusd.pid
2012-01-15 15:45:41 -05:00
Dennis Gilmore
70bf600900 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-12 20:43:44 -06:00
John Dennis
063c06395e - rename /etc/tmpfiles.d/freeradius.conf to /etc/tmpfiles.d/radiusd.conf
remove config(noreplace) because it must match files section and
  permissions differ between versions.
- fixup macro usage for /var/run & /var/lib
2011-10-31 18:59:12 -04:00
John Dennis
1bf8728923 Upgrade to latest upstream release, 2.1.12 2011-10-03 15:04:20 -04:00
Tom "spot" Callaway
b7cc6d96e8 restore defattr customization in the main package 2011-09-21 16:43:57 -04:00
Tom "spot" Callaway
ae46b032fd fix systemd scriptlets 2011-09-09 12:14:32 -04:00
Tom "spot" Callaway
a755be0e23 convert to systemd 2011-09-08 14:45:31 -04:00
Petr Sabata
89dc2a3d9c Perl mass rebuild 2011-07-21 18:35:17 +02:00
Petr Sabata
dee00d4b6e Perl mass rebuild 2011-07-20 11:47:53 +02:00
John Dennis
631dd12294 reload the server (i.e. HUP) after logrotate 2011-06-23 20:57:03 -04:00
John Dennis
41c10f6ada Upgrade to latest upstream release: 2.1.11 2011-06-22 12:32:18 -04:00
Marcela Mašláňová
de15959b09 Perl mass rebuild 2011-06-16 13:33:36 +02:00
John Dennis
f1e2286b0e Resolves: #689045 Using rlm_perl cause radiusd failed to start
Fix configure typo which caused lt_dladvise_* functions to be skipped.
run autogen.sh because HAVE_LT_DLADVISE_INIT isn't in src/main/autogen.h
Implemented by: freeradius-lt-dladvise.patch
2011-03-25 10:50:39 -04:00
John Dennis
efd9eca8b1 Resolves: #599528 - make radtest IPv6 compatible 2011-03-23 18:28:10 -04:00
Dan Horák
b7092d9f3e rebuilt for mysql 5.5.10 (soname bump in libmysqlclient) 2011-03-23 19:13:33 +01:00
Dennis Gilmore
7bec371ab4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-08 15:40:01 -06:00
John Dennis
c46a6ee6e1 Add LINK_MODE=-pie 2011-01-18 09:45:49 -05:00
John Dennis
2a7bcb1190 bug 666589 - removing freeradius from system does not delete the user "radiusd"
fix scriptlet argument testing, simplify always exiting with zero
2011-01-01 08:32:24 -05:00
John Dennis
06930f2692 rebuild for new MySQL libs 2010-12-30 09:52:32 -05:00
John Dennis
9090233167 Upgrade to latest upstream release (2.1.10). See Changelog. 2010-10-19 15:05:08 -04:00
Orcan Ogetbil
933e584931 * Sat Jul 31 2010 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 2.1.9-3
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
2010-07-31 00:57:04 -04:00
Marcela Mašláňová
9f41d5cde2 - Mass rebuild with perl-5.12.0 2010-06-01 15:07:10 +00:00
John Dennis
794dc72aa5 - update to latest upstream, mainly bug fix release Feature improvements
Add radmin command "stats detail <file>" to see what is going on inside of
    a detail file reader.
Added documentation for CoA. See raddb/sites-available/coa
Add sub-option support for Option 82. See dictionary.dhcp
Add "server" field to default SQL NAS table, and documented it.
Bug fixes
Reset "received ping" counter for Status-Server checks. In some corner
    cases it was not getting reset.
Handle large VMPS attributes.
Count accounting responses from a home server in SNMP / statistics code.
Set EAP-Session-Resumed = Yes, not "No" when session is resumed.
radmin packet counter statistics are now unsigned, for numbers
2^31..2^32. After that they roll over to zero.
Be more careful about expanding data in PAP and MS-CHAP modules. This
    prevents login failures when passwords contain '{'.
Clean up zombie children if there were many "exec" modules being run for
    one packet, all with "wait = no".
re-open log file after HUP. Closes bug #63.
Fix "no response to proxied packet" complaint for Coa / Disconnect packets.
    It shouldn't ignore replies to packets it sent.
Calculate IPv6 netmasks correctly. Closes bug #69.
Fix SQL module to re-open sockets if they unexpectedly close.
Track scope for IPv6 addresses. This lets us use link-local addresses
    properly. Closes bug #70.
Updated Makefiles to no longer use the shell for recursing into subdirs.
    "make -j 2" should now work.
Updated raddb/sql/mysql/ippool.conf to use "= NULL". Closes bug #75.
Updated Makefiles so that "make reconfig" no longer uses the shell for
    recursing into subdirs, and re-builds all "configure" files.
Used above method to regenerate all configure scripts. Closes bug #34.
"". This means the same as it being NULL.
Fixed regex realm example. Create Realm attribute with value of realm from
    User-Name, not from regex. Closes bug #40.
If processing a DHCP Discover returns "fail / reject", ignore the packet
    rather than sending a NAK.
Allow '%' to be escaped in sqlcounter module.
Fix typo internal hash table.
For PEAP and TTLS, the tunneled reply is added to the reply, rather than
    integrated via the operators. This allows multiple VSAs to be added,
    where they would previously be discarded.
Make request number unsigned. This changes nothing other than the debug
    output when the server receives more than 2^31 packets.
Don't block when reading child output in 'exec wait'. This means that
    blocked children get killed, instead of blocking the server.
Enabled building without any proxy functionality
radclient now prefers IPv4, to match the default server config.
Print useful error when a realm regex is invalid
relaxed rules for preprocess module "with_cisco_vsa_hack". The attributes
    can now be integer, ipaddr, etc. (i.e. non-string)
Allow rlm_ldap to build if ldap_set_rebind_proc() has only
2 arguments.
Update configure script for rlm_python to avoid dynamic linking problems on
    some platforms.
Work-around for bug #35
Do suid to "user" when running in debug mode as root
Make "allow_core_dumps" work in more situations.
In detail file reader, treat bad records as EOF. This allows it to continue
    working when the disk is full.
Fix Oracle default accounting queries to work when there are no gigawords
    attributes. Other databases already had the fix.
Fix rlm_sql to show when it opens and closes sockets. It already says when
    it cannot connect, so it should say when it can connect.
"chmod -x" for a few C source files.
Pull update spec files, etc. from RedHat into the redhat/ directory.
Allow spaces when parsing integer values. This helps people who put "too
    much" into an SQL value field.
2010-05-24 14:53:15 +00:00
John Dennis
19b7b49d75 - resolves: bug #526559 initial install should run bootstrap to create
certificates running radiusd in debug mode to generate inital temporary
    certificates is no longer necessary, the /etc/raddb/certs/bootstrap is
    invoked on initial rpm install (not upgrade) if there is no existing
    /etc/raddb/certs/server.pem file
- resolves: bug #528493 use sha1 algorithm instead of md5 during cert
    generation the certificate configuration
    (/etc/raddb/certs/{ca,server,client}.cnf) files were modifed to use
    sha1 instead of md5 and the validity reduced from 1 year to 2 months
2010-01-08 17:55:23 +00:00