Hello community, here is the log from the commit of package freeradius-server.1216 for openSUSE:12.2:Update checked in at 2013-01-21 14:07:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/freeradius-server.1216 (Old) and /work/SRC/openSUSE:12.2:Update/.freeradius-server.1216.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "freeradius-server.1216", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-01-09 19:40:42.352580873 +0100 +++ /work/SRC/openSUSE:12.2:Update/.freeradius-server.1216.new/freeradius-server.changes 2013-01-21 14:07:17.000000000 +0100 @@ -0,0 +1,1199 @@ +------------------------------------------------------------------- +Wed Jan 9 12:21:33 UTC 2013 - vci...@suse.com + +- fix for CVE-2011-4966 (bnc#797313) + (freeradius-server-CVE-2011-4966.patch) + +------------------------------------------------------------------- +Tue Jan 8 17:28:50 UTC 2013 - vci...@suse.com + +- fixed a bug in the logrotate script (bnc#797292) + +------------------------------------------------------------------- +Mon Oct 1 10:55:38 UTC 2012 - vci...@suse.com + +- files in sites-available/ are now %config(noreplace) [bnc#781756] + +------------------------------------------------------------------- +Thu Aug 30 13:02:02 UTC 2012 - vci...@suse.com + +- fixed CVE-2012-3547 (bnc#777834) + +------------------------------------------------------------------- +Mon May 28 11:47:32 UTC 2012 - vci...@suse.com + +- Use the new 'su' logrotate option (bnc#677335) + +------------------------------------------------------------------- +Mon May 14 21:47:20 UTC 2012 - joop.boo...@opensuse.org + +- Enable the same CFLAGS as for other hardware + +------------------------------------------------------------------- +Wed Oct 19 13:55:27 UTC 2011 - vci...@suse.com + +- update to 2.1.12 + Feature improvements + * Updates to dictionary.erx, dictionary.siemens, dictionary.starent, + dictionary.starent.vsa1, dictionary.zyxel, added dictionary.symbol + * Added support for PCRE from Phil Mayers + * Configurable file permission in rlm_linelog + * Added "relaxed" option to rlm_attr_filter. This copies attributes + if at least one match occurred. + * Added documentation on dynamic clients. + See raddb/modules/dynamic_clients. + * Added support for elliptical curve cryptography. + See ecdh_curve in raddb/eap.conf. + * Added support for 802.1X MIBs in checkrad + * Added support for %{rand:...}, which generates a uniformly + distributed number between 0 and the number you specify. + * Created "man" pages for all installed commands, and documented + options for all commands. Patch from John Dennis. + * Allow radsniff to decode encrypted VSAs and CoA packets. + Patch from Bjorn Mork. + * Always send Message-Authenticator in radtest. Patch from John Dennis. + radclient continues to be more flexible. + * Updated Oracle schema and queries + * Added SecurID module. See src/modules/rlm_securid/README + Bug fixes + * Fix memory leak in rlm_detail + * Fix "failed to insert event" + * Allow virtual servers to be reloaded on HUP. + It no longer complains about duplicate virtual servers. + * Fix %{string:...} expansion + * Fix "server closed socket" loop in radmin + * Set ownership of control socket when starting up + * Always allow root to connect to control socket, even if + "uid" is set. They're root. They can already do anything. + * Save all attributes in Access-Accept when proxying inner-tunnel + EAP-MSCHAPv2 + * Fixes for DHCP relaying. + * Check certificate validity when using OCSP. + * Updated Oracle "configure" script + * Fixed typos in dictionary.alvarion + * WARNING on potential proxy loop. + * Be more aggressive about clearing old requests from the + internal queue + * Don't open network sockets when using -C +- freeradius-server-snprintf-overflow.patch merged in upstream + +------------------------------------------------------------------- +Tue Sep 27 13:05:59 UTC 2011 - vci...@suse.com + +- fixed interaction with eDirectory (bnc#720620) + +------------------------------------------------------------------- +Fri Jun 24 09:18:52 UTC 2011 - pu...@novell.com + +- update to 2.1.11 + - see /usr/share/doc/packages/freeradius-server/ChangeLog + for complete list of changes in this release +- add freeradius-server-snprintf-overflow.patch +- use spec-cleaner + +------------------------------------------------------------------- +Tue May 24 19:18:44 UTC 2011 - crrodrig...@opensuse.org + +- Supress timestamps in binaries, breaks build-compare. + +------------------------------------------------------------------- +Mon Oct 4 10:54:23 UTC 2010 - pu...@novell.com + +- update to 2.1.10 + - see /usr/share/doc/packages/freeradius-server/ChangeLog + for complete list of changes in this release +- drop freeradius-server-2.1.6-edir-64bit.patch (fixed upstream) + +------------------------------------------------------------------- +Thu Sep 16 14:22:15 CEST 2010 - pgaj...@suse.cz + +- radiusd reload after logrotate [bnc#634445] + +------------------------------------------------------------------- +Mon Jun 21 19:24:08 UTC 2010 - pu...@novell.com + +- update to 2.1.9 (bnc#615699) + - bugfix release, for list of changes please see + /usr/share/doc/packages/freeradius-server/ChangeLog + +------------------------------------------------------------------- +Mon May 3 13:50:08 UTC 2010 - pu...@novell.com + +- add freeradius-server-initscript-pidfile.patch + - handle /var/run on tmpfs + +------------------------------------------------------------------- +Sun Mar 21 08:43:58 UTC 2010 - pu...@novell.com + +- specfile cleanup + +------------------------------------------------------------------- +Thu Mar 11 12:44:18 UTC 2010 - pu...@novell.com + +- drop freeradius-server-2.1.6-ltdl.patch - not needed anymore +- clean up specfile +- remove bind-libs, zlib-devel from BuildRequires - not needed + +------------------------------------------------------------------- +Tue Mar 9 15:01:46 UTC 2010 - pu...@novell.com + +- update to 2.1.8 + - for full list of changes, please see + /usr/share/doc/packages/freeradius-server/ChangeLog +- drop freeradius-server-no-default-case.patch: fixed upstream + +------------------------------------------------------------------- +Thu Dec 17 15:50:19 UTC 2009 - pu...@novell.com + +- update to 2.1.7 + - for full list of changes, please see + /usr/share/doc/packages/freeradius-server/ChangeLog + +------------------------------------------------------------------- +Thu Oct 22 09:05:35 UTC 2009 - pu...@novell.com + +- freeradius-server-no-default-case.patch (bnc#527742) + +------------------------------------------------------------------- +Thu Oct 15 09:05:18 UTC 2009 - pu...@novell.com + +- freeradius-server-sha1-default.patch (bnc#546042) +- freeradius-server-fix-cert-bootstrap.patch (bnc#546041) + +------------------------------------------------------------------- +Fri Jun 19 10:35:46 CEST 2009 - co...@novell.com + +- disable as-needed for this package as it fails to build with it + +------------------------------------------------------------------- +Tue Jun 2 15:50:59 CEST 2009 - pu...@suse.cz + +- updated to 2.1.6 + o Feature improvements + * radclient exits with 0 on successful (accept / ack), and 1 + otherwise (no response / reject) + * Added support for %{sql:UPDATE ..}, and insert/delete + Patch from Arran Cudbard-Bell + * Added sample "do not respond" policy. See raddb/policy.conf + and raddb/sites-available/do_not_respond + * Cleanups to Suse spec file from Norbert Wegener + * New VSAs for Juniper from Bjorn Mork + * Include more RFC dictionaries in the default install + * More documentation for the WiMAX module + * Added "chase_referrals" and "rebind" configuration to rlm_ldap. + This helps with Active Directory. See raddb/modules/ldap + * Don't load pre/post-proxy if proxying is disabled. + * Added %{md5:...}, which returns MD5 hash in hex. + * Added configurable "retry_interval" and "poll_interval" + for "detail" listeners. + * Added "delete_mppe_keys" configuration option to rlm_wimax. + Apparently some WiMAX clients misbehave when they see those keys. + * Added experimental rlm_ruby from + http://github.com/Antti/freeradius-server/tree/master + * Add Tunnel attributes to ldap.attrmap + * Enable virtual servers to be reloaded on HUP. For now, only + the "authorize", "authenticate", etc. processing sections are + reloaded. Clients and "listen" sections are NOT reloaded. + * Updated "radwatch" script to be more robust. See scripts/radwatch ++++ 1002 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.freeradius-server.1216.new/freeradius-server.changes New: ---- freeradius-server-2.1.1-edirectory.patch freeradius-server-2.1.1-logrotate_su.patch freeradius-server-2.1.10-CVE-2012-3547.patch freeradius-server-2.1.12.tar.bz2 freeradius-server-2.1.6-codecleanup.patch freeradius-server-2.1.6-dialup_admin.patch freeradius-server-2.1.6-overflow.patch freeradius-server-2.1.6-rcradiusd.patch freeradius-server-CVE-2011-4966.patch freeradius-server-fix-cert-bootstrap.patch freeradius-server-initscript-pidfile.patch freeradius-server-radius-reload-logrotate.patch freeradius-server-sha1-default.patch freeradius-server.changes freeradius-server.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ freeradius-server.spec ++++++ # # spec file for package freeradius-server # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: freeradius-server Version: 2.1.12 Release: 0 Summary: Very Highly Configurable Radius Server License: GPL-2.0 and LGPL-2.1 Group: Productivity/Networking/Radius/Servers Url: http://www.freeradius.org/ Source: %{name}-%{version}.tar.bz2 Patch1: freeradius-server-2.1.6-dialup_admin.patch Patch2: freeradius-server-2.1.6-rcradiusd.patch Patch3: freeradius-server-2.1.6-codecleanup.patch Patch5: freeradius-server-2.1.6-overflow.patch Patch6: freeradius-server-sha1-default.patch Patch7: freeradius-server-fix-cert-bootstrap.patch Patch8: freeradius-server-initscript-pidfile.patch Patch9: freeradius-server-radius-reload-logrotate.patch # PATCH-FIX-UPSTREAM edirectory ldap extensions (bnc#720620) Patch11: freeradius-server-2.1.1-edirectory.patch # PATCH-FIX-SUSE use 'su' logrotate option (bnc#677335) Patch12: freeradius-server-2.1.1-logrotate_su.patch Patch13: freeradius-server-2.1.10-CVE-2012-3547.patch Patch14: freeradius-server-CVE-2011-4966.patch BuildRequires: apache2-devel BuildRequires: cyrus-sasl-devel BuildRequires: db-devel BuildRequires: gcc-c++ BuildRequires: gdbm-devel BuildRequires: gettext-devel BuildRequires: glibc-devel BuildRequires: krb5-devel BuildRequires: libcom_err-devel BuildRequires: libmysqlclient-devel BuildRequires: libpcap-devel BuildRequires: libtool BuildRequires: ncurses-devel BuildRequires: net-snmp-devel BuildRequires: openldap2-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: perl BuildRequires: postgresql-devel BuildRequires: python-devel BuildRequires: sqlite3-devel BuildRequires: unixODBC-devel BuildRequires: pkgconfig(apr-1) PreReq: %fillup_prereq PreReq: %insserv_prereq PreReq: coreutils PreReq: openssl PreReq: perl PreReq: pwdutils %define _oracle_support 0 %define apxs2 apxs2-prefork %define apache2_sysconfdir %(%{_sbindir}/%{apxs2} -q SYSCONFDIR) Requires: %{name}-libs = %{version} Requires: python Recommends: logrotate Provides: freeradius = %{version} Provides: radiusd Obsoletes: freeradius < %{version} BuildRoot: %{_tmppath}/%{name}-%{version}-build Conflicts: radiusd-livingston radiusd-cistron icradius %description The FreeRADIUS server has a number of features found in other servers and additional features not found in any other server. The server's features are: * Support for RFC and VSA attributes * Additional server configuration attributes * Selection of a particular configuration * Authentication methods * Accounting methods %if %_oracle_support == 1 %package oracle Summary: FreeRADIUS Oracle database support Group: Productivity/Networking/Radius/Servers BuildRequires: oracle-instantclient-basic BuildRequires: oracle-instantclient-devel Requires: %{name} = %{version} Requires: %{name}-libs = %{version} Requires: oracle-instantclient-basic %description oracle The FreeRADIUS server has a number of features found in other servers, and additional features not found in any other server. Rather than doing a feature by feature comparison, we will simply list the features of the server, and let you decide if they satisfy your needs. Support for RFC and VSA Attributes Additional server configuration attributes Selecting a particular configuration Authentication methods %endif %package libs Summary: FreeRADIUS shared library Group: Productivity/Networking/Radius/Servers %description libs The FreeRADIUS shared library %package utils Summary: FreeRADIUS Clients Group: Productivity/Networking/Radius/Clients Requires: %{name}-libs = %{version} %description utils The FreeRADIUS server has a number of features found in other servers and additional features not found in any other server. The server's features are: * Support for RFC and VSA attributes * Additional server configuration attributes * Selection of a particular configuration * Authentication methods * Accounting methods %package dialupadmin Summary: Web management for FreeRADIUS Group: Productivity/Networking/Radius/Servers Requires: http_daemon Requires: mod_php_any Requires: perl-Date-Manip Requires: php Requires: php-ldap Requires: php-mysql Requires: php-pgsql Requires: php-session %description dialupadmin Dialup Admin supports users either in SQL (MySQL or PostgreSQL are supported) or in LDAP. Apart from the web pages, it also includes a number of scripts to make the administrator's life a lot easier. %package devel Summary: FreeRADIUS Development Files (static libs) Group: Development/Libraries/C and C++ Requires: %{name}-libs = %{version} %description devel These are the static libraries for the FreeRADIUS package. %package doc Summary: FreeRADIUS Documentation Group: Productivity/Networking/Radius/Servers Requires: %{name} %description doc This package contains FreeRADIUS Documentation %prep %setup -q %patch1 %patch2 %patch3 %patch5 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %patch11 -p0 %patch12 -p1 %patch13 -p1 %patch14 -p1 %build modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\"" find . -type f -regex ".*\.c\|.*\.cpp\|.*\.h" -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} + # This package failed when testing with -Wl,-as-needed being default. # So we disable it here, if you want to retest, just delete this comment and the line below. export SUSE_ASNEEDED=0 export CFLAGS="%{optflags} -DLDAP_DEPRECATED -fstack-protector" %ifarch x86_64 ppc ppc64 s390 s390x %arm export CFLAGS="$CFLAGS -fPIC -DPIC" %endif export LDFLAGS="-pie" %configure \ --disable-static \ --with-pic \ --libdir=%{_libdir}/freeradius \ --disable-ltdl-install \ --enable-strict-dependencies \ --with-edir \ --with-experimental-modules \ --with-gnu-ld \ --with-system-libtool \ --with-udpfromto \ --without-rlm_eap_ikev2 \ --without-rlm_eap_tnc \ --with-rlm-krb5-lib-dir=%{_libdir} \ --without-rlm_opendirectory \ --without-rlm_sql_db2 \ --without-rlm_sql_firebird \ --without-rlm_sql_iodbc \ --without-rlm_ruby \ --without-rlm_redis \ --without-rlm_rediswho \ %if %{_oracle_support} == 1 --with-rlm_sql_oracle \ --with-oracle-lib-dir=%{_libdir}/oracle/10.1.0.3/client/lib/ %else --without-rlm_sql_oracle %endif # no parallel build possible make %install mkdir -p %{buildroot}%{_localstatedir}/lib/radiusd make install R=%{buildroot} INSTALLSTRIP= # modify default configuration RADDB=%{buildroot}%{_sysconfdir}/raddb perl -i -pe 's/^#user =.*$/user = radiusd/' $RADDB/radiusd.conf perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radiusd.conf perl -i -pe 's/^#user =.*$/user = radiusd/' $RADDB/radrelay.conf perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radrelay.conf /sbin/ldconfig -n %{buildroot}%{_libdir}/freeradius # logs touch %{buildroot}%{_localstatedir}/log/radius/radutmp touch %{buildroot}%{_localstatedir}/log/radius/radius.log # SuSE install -d %{buildroot}%{_sysconfdir}/pam.d install -d %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 suse/radiusd-pam %{buildroot}%{_sysconfdir}/pam.d/radiusd install -m 644 suse/radiusd-logrotate %{buildroot}%{_sysconfdir}/logrotate.d/radiusd install -d -m 755 %{buildroot}%{_sysconfdir}/init.d install -m 744 suse/rcradiusd %{buildroot}%{_sysconfdir}/init.d/freeradius ln -sf ../..%{_sysconfdir}/init.d/freeradius %{buildroot}%{_sbindir}/rcfreeradius cp -al %{buildroot}%{_sbindir}/radiusd %{buildroot}%{_sbindir}/radrelay install -m 744 suse/rcradius-relayd %{buildroot}%{_sysconfdir}/init.d/freeradius-relay ln -sf ../..%{_sysconfdir}/init.d/freeradius-relay %{buildroot}%{_sbindir}/rcfreeradius-relay mv -v doc/README doc/README.doc # install dialup_admin DIALUPADMIN=%{buildroot}%{_datadir}/dialup_admin mkdir -p $DIALUPADMIN cp -r dialup_admin/* %{buildroot}%{_datadir}/dialup_admin # apache2 config install -d -m 755 %{buildroot}%{apache2_sysconfdir}/conf.d install -m 644 suse/admin-httpd.conf %{buildroot}%{apache2_sysconfdir}/conf.d/radius.conf # remove unneeded stuff rm -rf doc/00-OLD rm -f %{buildroot}%{_sbindir}/rc.radiusd rm -rf %{buildroot}%{_datadir}/doc/freeradius* rm -rf %{buildroot}%{_libdir}/freeradius/*.*a rm -f %{buildroot}%{_datadir}/dialup_admin/Makefile rm -f %{buildroot}%{_defaultdocdir}/%{name}/Makefile rm -f %{buildroot}%{_defaultdocdir}/%{name}/examples/Makefile %pre %{_sbindir}/groupadd -r radiusd 2> /dev/null || : %{_sbindir}/useradd -r -g radiusd -s /bin/false -c "Radius daemon" -d \ %{_localstatedir}/lib/radiusd radiusd 2> /dev/null || : %post # Generate default certificates if [ $1 -eq 1 ]; then /etc/raddb/certs/bootstrap fi chgrp radiusd /etc/raddb/certs/* %{fillup_and_insserv freeradius} %preun %stop_on_removal freeradius %postun %restart_on_update freeradius %{insserv_cleanup} %clean rm -rf %{buildroot} %files doc %defattr(-,root,root) %doc doc/* %files %defattr(-,root,root) # doc %doc suse/README.SuSE %doc COPYRIGHT CREDITS LICENSE README doc/ChangeLog # SuSE %{_sysconfdir}/init.d/freeradius %{_sysconfdir}/init.d/freeradius-relay %config %{_sysconfdir}/pam.d/radiusd %config %{_sysconfdir}/logrotate.d/radiusd %{_sbindir}/rcfreeradius %{_sbindir}/rcfreeradius-relay %dir %attr(755,radiusd,radiusd) %{_localstatedir}/lib/radiusd # configs %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb %defattr(-,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/dictionary %config(noreplace) %{_sysconfdir}/raddb/acct_users %config(noreplace) %{_sysconfdir}/raddb/attrs %config(noreplace) %{_sysconfdir}/raddb/attrs.access_reject %config(noreplace) %{_sysconfdir}/raddb/attrs.accounting_response %config(noreplace) %{_sysconfdir}/raddb/attrs.pre-proxy %config(noreplace) %{_sysconfdir}/raddb/attrs.access_challenge %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/clients.conf %config(noreplace) %{_sysconfdir}/raddb/hints %config(noreplace) %{_sysconfdir}/raddb/huntgroups %config(noreplace) %{_sysconfdir}/raddb/ldap.attrmap %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sqlippool.conf %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/preproxy_users %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/proxy.conf %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/radiusd.conf %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sql.conf %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/modules %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/modules/* %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql/mssql %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql/mysql %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql/oracle %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql/postgresql %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sql/ndb %{_sysconfdir}/raddb/sql/ndb/README %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sql/*/*.conf %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sql/*/*.sql %{_sysconfdir}/raddb/sql/oracle/msqlippool.txt %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/users %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/experimental.conf %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/certs %{_sysconfdir}/raddb/certs/Makefile %{_sysconfdir}/raddb/certs/README %{_sysconfdir}/raddb/certs/xpextensions %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/certs/*.cnf %attr(750,root,radiusd) %{_sysconfdir}/raddb/certs/bootstrap %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sites-available %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/* %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sites-enabled %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-enabled/* %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/eap.conf %attr(640,root,radiusd) %{_sysconfdir}/raddb/example.pl %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/policy.conf %{_sysconfdir}/raddb/policy.txt %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/templates.conf %attr(700,radiusd,radiusd) %dir %ghost %{_localstatedir}/run/radiusd/ # binaries %defattr(-,root,root) %{_sbindir}/checkrad %{_sbindir}/radiusd %{_sbindir}/radmin %{_sbindir}/radrelay %{_sbindir}/radwatch %{_sbindir}/raddebug # man-pages %doc %{_mandir}/man5/* %doc %{_mandir}/man8/* # dictionaries %attr(755,root,root) %dir %{_datadir}/freeradius %{_datadir}/freeradius/* # logs %attr(700,radiusd,radiusd) %dir %{_localstatedir}/log/radius/ %attr(700,radiusd,radiusd) %dir %{_localstatedir}/log/radius/radacct/ %attr(644,radiusd,radiusd) %{_localstatedir}/log/radius/radutmp %config(noreplace) %attr(600,radiusd,radiusd) %{_localstatedir}/log/radius/radius.log # RADIUS Loadable Modules %attr(755,root,root) %dir %{_libdir}/freeradius %attr(755,root,root) %{_libdir}/freeradius/rlm_*.so* %files utils %defattr(-,root,root) %doc %{_mandir}/man1/* %{_bindir}/* %files libs %defattr(-,root,root) # RADIUS shared libs %attr(755,root,root) %dir %{_libdir}/freeradius %attr(755,root,root) %{_libdir}/freeradius/lib*.so* %if %{_oracle_support} == 1 %files oracle %defattr(-,radiusd,radiusd) %attr(755,root,root) %dir %{_libdir}/freeradius %attr(755,root,root) %{_libdir}/freeradius/rlm_sql_oracle*.so* %endif %files dialupadmin %defattr(-,root,root) %dir %{_datadir}/dialup_admin/ %{_datadir}/dialup_admin/bin/ %{_datadir}/dialup_admin/doc/ %{_datadir}/dialup_admin/htdocs/ %{_datadir}/dialup_admin/html/ %{_datadir}/dialup_admin/lib/ %{_datadir}/dialup_admin/sql/ %dir %{_datadir}/dialup_admin/conf/ %config(noreplace) %{_datadir}/dialup_admin/conf/* %config(noreplace) %{apache2_sysconfdir}/conf.d/radius.conf %{_datadir}/dialup_admin/Changelog %{_datadir}/dialup_admin/README %files devel %defattr(-,root,root) %dir %attr(755,root,root) %{_includedir}/freeradius %attr(644,root,root) %{_includedir}/freeradius/*.h %changelog ++++++ freeradius-server-2.1.1-edirectory.patch ++++++ Index: src/modules/rlm_ldap/edir_ldapext.c =================================================================== --- src/modules/rlm_ldap/edir_ldapext.c.orig 2011-06-20 16:57:14.000000000 +0200 +++ src/modules/rlm_ldap/edir_ldapext.c 2011-09-27 15:05:37.913323658 +0200 @@ -84,11 +84,11 @@ BerElement *requestBer = NULL; char * utf8ObjPtr = NULL; - int utf8ObjSize = 0; + ber_len_t utf8ObjSize = 0; char * utf8PwdPtr = NULL; - int utf8PwdSize = 0; + ber_len_t utf8PwdSize = 0; char * utf8Pwd2Ptr = NULL; - int utf8Pwd2Size = 0; + ber_len_t utf8Pwd2Size = 0; utf8ObjSize = strlen(objectDN)+1; @@ -142,7 +142,7 @@ /* * Convert the BER we just built to a berval that we'll send with the extended request. */ - if(ber_flatten(requestBer, requestBV) == LBER_ERROR) + if(ber_flatten(requestBer, requestBV) == -1) { err = NMAS_E_FRAG_FAILURE; goto Cleanup; @@ -172,16 +172,17 @@ * buffer was supplied, tries to decode the the return data and length * * ------------------------------------------------------------------------ */ -int berDecodeLoginData( +ber_int_t berDecodeLoginData( struct berval *replyBV, - int *serverVersion, - size_t *retDataLen, + ber_int_t *serverVersion, + ber_len_t *retDataLen, void *retData ) { - int rc=0, err = 0; + int rc=0; + ber_int_t err = 0; BerElement *replyBer = NULL; char *retOctStr = NULL; - size_t retOctStrLen = 0; + ber_len_t retOctStrLen = 0; if((replyBer = ber_init(replyBV)) == NULL) { @@ -258,14 +259,14 @@ size_t *pwdSize, // in bytes char *pwd ) { - int err = 0; + ber_int_t err = 0; struct berval *requestBV = NULL; char *replyOID = NULL; struct berval *replyBV = NULL; - int serverVersion; + ber_int_t serverVersion; char *pwdBuf; - size_t pwdBufLen, bufferLen; + ber_len_t pwdBufLen, bufferLen; #ifdef NOT_N_PLAT_NLM int currentThreadGroupID; @@ -390,29 +391,29 @@ * and BER encodes the data into the BER value * * ------------------------------------------------------------------------ */ -int berEncodeAuthData( +static int berEncodeAuthData( struct berval **requestBV, char *objectDN, char *pwd, char *sequence, char *NasIP, char *state, - int *auth_state) + ber_int_t *auth_state) { int err = 0, rc=0; BerElement *requestBer = NULL; char * utf8ObjPtr = NULL; - int utf8ObjSize = 0; + ber_len_t utf8ObjSize = 0; char * utf8PwdPtr = NULL; - int utf8PwdSize = 0; + ber_len_t utf8PwdSize = 0; char * utf8NasIPPtr = NULL; - int utf8NasIPSize = 0; + ber_len_t utf8NasIPSize = 0; char * utf8StatePtr = NULL; - int utf8StateSize = 0; + ber_len_t utf8StateSize = 0; char * utf8SeqPtr = NULL; - int utf8SeqSize = 0; - int state_present = 0; + ber_len_t utf8SeqSize = 0; + ber_int_t state_present = 0; utf8ObjSize = strlen(objectDN)+1; utf8ObjPtr = objectDN; @@ -494,12 +495,12 @@ * buffer was supplied, tries to decode the the return data and length * * ------------------------------------------------------------------------ */ -int berDecodeAuthData( +static int berDecodeAuthData( struct berval *replyBV, - int *errCode, - size_t *retDataLen, + ber_int_t *errCode, + ber_len_t *retDataLen, char *retData, - int *auth_state ) + ber_int_t *auth_state ) { int rc=0, err = 0; BerElement *replyBer = NULL; @@ -563,9 +564,9 @@ struct berval *requestBV = NULL; char *replyOID = NULL; struct berval *replyBV = NULL; - int errCode; + ber_int_t errCode; char *challenge; - size_t challengesize; + ber_len_t challengesize; challengesize = *statesize; challenge = (char *)malloc(challengesize+2); ++++++ freeradius-server-2.1.1-logrotate_su.patch ++++++ Index: freeradius-server-2.1.12/suse/radiusd-logrotate =================================================================== --- freeradius-server-2.1.12.orig/suse/radiusd-logrotate 2013-01-08 18:25:29.358157621 +0100 +++ freeradius-server-2.1.12/suse/radiusd-logrotate 2013-01-08 18:28:38.487684634 +0100 @@ -6,6 +6,7 @@ # second technique, you will need another cron job that removes old # detail files. You do not need to comment out the below for method #2. /var/log/radius/radacct/*/detail { + su radiusd radiusd compress dateext maxage 365 @@ -16,6 +17,7 @@ } /var/log/radius/radius.log { + su radiusd radiusd compress dateext maxage 365 @@ -25,10 +27,12 @@ missingok create postrotate - kill -HUP `cat /var/run/radiusd/radiusd.pid` + kill -HUP `cat /var/run/radiusd/radiusd.pid` || : + endscript } /var/log/radius/radwatch.log { + su radiusd radiusd compress dateext maxage 365 @@ -40,6 +44,7 @@ } /var/log/radius/radwtmp { + su radiusd radiusd compress dateext maxage 365 @@ -54,6 +59,7 @@ } /var/log/radius/sqltrace.sql { + su radiusd radiusd compress dateext maxage 365 ++++++ freeradius-server-2.1.10-CVE-2012-3547.patch ++++++ Index: freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c =================================================================== --- freeradius-server-2.1.12.orig/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 2011-09-30 16:12:07.000000000 +0200 +++ freeradius-server-2.1.12/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c 2012-08-30 16:14:46.047660669 +0200 @@ -531,7 +531,7 @@ static int cbtls_verify(int ok, X509_STO */ buf[0] = '\0'; asn_time = X509_get_notAfter(client_cert); - if ((lookup <= 1) && asn_time && (asn_time->length < MAX_STRING_LEN)) { + if ((lookup <= 1) && asn_time && (asn_time->length < sizeof(buf))) { memcpy(buf, (char*) asn_time->data, asn_time->length); buf[asn_time->length] = '\0'; pairadd(&handler->certs, ++++++ freeradius-server-2.1.6-codecleanup.patch ++++++ Index: src/modules/rlm_smb/rfcnb-util.c =================================================================== --- src/modules/rlm_smb/rfcnb-util.c.orig 2010-06-21 21:15:56.000000000 +0200 +++ src/modules/rlm_smb/rfcnb-util.c 2010-06-21 21:16:06.000000000 +0200 @@ -208,7 +208,7 @@ struct RFCNB_Pkt *RFCNB_Alloc_Pkt(int n) /* Free up a packet */ -int RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt) +void RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt) { struct RFCNB_Pkt *pkt_next; char *data_ptr; Index: src/modules/rlm_smb/rfcnb-util.h =================================================================== --- src/modules/rlm_smb/rfcnb-util.h.orig 2010-06-21 21:15:56.000000000 +0200 +++ src/modules/rlm_smb/rfcnb-util.h 2010-06-21 21:16:06.000000000 +0200 @@ -52,3 +52,4 @@ int RFCNB_Session_Req(struct RFCNB_Con * struct in_addr *Dest_IP, int * port); +void RFCNB_Free_Pkt(struct RFCNB_Pkt *pkt); Index: src/modules/rlm_smb/session.c =================================================================== --- src/modules/rlm_smb/session.c.orig 2010-06-21 21:15:56.000000000 +0200 +++ src/modules/rlm_smb/session.c 2010-06-21 21:16:06.000000000 +0200 @@ -41,6 +41,7 @@ int RFCNB_saved_errno = 0; #include "rfcnb-priv.h" #include "rfcnb-util.h" +#include "rfcnb-io.h" int RFCNB_Stats[RFCNB_MAX_STATS]; @@ -315,7 +316,7 @@ int RFCNB_Set_Sock_NoDelay(struct RFCNB_ void *RFCNB_Listen() { - + return NULL; } /* Pick up the last error response as a string, hmmm, this routine should */ @@ -357,7 +358,7 @@ int RFCNB_Get_Last_Errno() /* Pick up the last error response and return in string ... */ -int RFCNB_Get_Error_Msg(int code, char *msg_buf, int len) +void RFCNB_Get_Error_Msg(int code, char *msg_buf, int len) { Index: src/modules/rlm_smb/smbencrypt.c =================================================================== --- src/modules/rlm_smb/smbencrypt.c.orig 2010-06-21 21:15:56.000000000 +0200 +++ src/modules/rlm_smb/smbencrypt.c 2010-06-21 21:16:06.000000000 +0200 @@ -25,6 +25,7 @@ RCSID("$Id$") #include <string.h> +#include <ctype.h> #ifdef HAVE_SYS_VFS_H #include <sys/vfs.h> #endif ++++++ freeradius-server-2.1.6-dialup_admin.patch ++++++ Index: dialup_admin/bin/backup_radacct =================================================================== --- dialup_admin/bin/backup_radacct.orig 2010-06-21 21:15:56.000000000 +0200 +++ dialup_admin/bin/backup_radacct 2010-06-21 21:15:57.000000000 +0200 @@ -2,7 +2,7 @@ use POSIX; use File::Temp; -$conf=shift||'/data/local/dialupadmin/conf/admin.conf'; +$conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; $back_days = 80; $backup_directory = "/logs/radiusd/accounting"; @@ -48,4 +48,4 @@ $comm = "$sqlcmd -U $sql_username -f $t $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); $command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename >$backup_directory/$date3" if ($sql_type eq 'sqlrelay'); `$comm`; -`/usr/local/bin/gzip -9 $backup_directory/$date3`; +`/usr/bin/gzip -9 $backup_directory/$date3`; Index: dialup_admin/bin/clean_radacct =================================================================== --- dialup_admin/bin/clean_radacct.orig 2010-06-21 21:15:56.000000000 +0200 +++ dialup_admin/bin/clean_radacct 2010-06-21 21:15:57.000000000 +0200 @@ -7,7 +7,7 @@ use POSIX; use File::Temp; -$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; +$conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; $back_days = 35; Index: dialup_admin/bin/clearsession =================================================================== --- dialup_admin/bin/clearsession.orig 2010-06-21 21:15:56.000000000 +0200 +++ dialup_admin/bin/clearsession 2010-06-21 21:15:57.000000000 +0200 @@ -49,8 +49,8 @@ if ($nastype eq 'cisco' && $type eq 'tel } if ($nastype eq 'cisco' && $type eq 'snmp'){ - $SNMPGET="/usr/local/bin/snmpget"; - $SNMPSET="/usr/local/bin/snmpset"; + $SNMPGET="/usr/bin/snmpget"; + $SNMPSET="/usr/bin/snmpset"; die "Could not find snmpwalk binary. Please make sure that the \$SNMPGET variable points to the right location\n" if (! -x $SNMPGET); die "Could not find snmpset binary. Please make sure that the \$SNMPSET variable points to the right location\n" if (! -x $SNMPSET); Index: dialup_admin/bin/dialup_admin.cron =================================================================== --- dialup_admin/bin/dialup_admin.cron.orig 2010-06-21 21:15:56.000000000 +0200 +++ dialup_admin/bin/dialup_admin.cron 2010-06-21 21:15:57.000000000 +0200 @@ -1,4 +1,4 @@ -1 0 * * * /usr/local/dialup_admin/bin/tot_stats >/dev/null 2>&1 -5 0 * * * /usr/local/dialup_admin/bin/monthly_tot_stats >/dev/null 2>&1 -10 0 1 * * /usr/local/dialup_admin/bin/truncate_radacct >/dev/null 2>&1 -15 0 1 * * /usr/local/dialup_admin/bin/clean_radacct >/dev/null 2>&1 +1 0 * * * /usr/share/dialup_admin/bin/tot_stats >/dev/null 2>&1 +5 0 * * * /usr/share/dialup_admin/bin/monthly_tot_stats >/dev/null 2>&1 +10 0 1 * * /usr/share/dialup_admin/bin/truncate_radacct >/dev/null 2>&1 +15 0 1 * * /usr/share/dialup_admin/bin/clean_radacct >/dev/null 2>&1 Index: dialup_admin/bin/log_badlogins =================================================================== --- dialup_admin/bin/log_badlogins.orig 2010-06-21 21:15:56.000000000 +0200 +++ dialup_admin/bin/log_badlogins 2010-06-21 21:15:57.000000000 +0200 @@ -18,7 +18,7 @@ use File::Temp; $|=1; $file=shift||'none'; -$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; +$conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; $all_file=shift||'no'; # # Uncomment to force inserts even if there are sql errors. That can Index: dialup_admin/bin/monthly_tot_stats =================================================================== --- dialup_admin/bin/monthly_tot_stats.orig 2010-06-21 21:15:56.000000000 +0200 +++ dialup_admin/bin/monthly_tot_stats 2010-06-21 21:15:57.000000000 +0200 @@ -9,7 +9,7 @@ use File::Temp; # Works only with mysql and postgresql # -$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; +$conf=shift||'/usr/sharel/dialup_admin/conf/admin.conf'; open CONF, "<$conf" Index: dialup_admin/bin/showmodem =================================================================== --- dialup_admin/bin/showmodem.orig 2010-06-21 21:15:56.000000000 +0200 +++ dialup_admin/bin/showmodem 2010-06-21 21:15:57.000000000 +0200 @@ -7,7 +7,7 @@ $user=shift; $comm=shift || "public"; $type=shift|| "xml"; -$conf='/usr/local/dialup_admin/conf/admin.conf'; +$conf='/usr/share/dialup_admin/conf/admin.conf'; open CONF, "<$conf" or die "Could not open configuration file\n"; while(<CONF>){ Index: dialup_admin/bin/snmpfinger =================================================================== --- dialup_admin/bin/snmpfinger.orig 2010-06-21 21:15:56.000000000 +0200 +++ dialup_admin/bin/snmpfinger 2010-06-21 21:15:57.000000000 +0200 @@ -6,7 +6,7 @@ $host=shift; $comm=shift || 'public'; $type=shift || 'cisco'; -$conf='/usr/local/dialup_admin/conf/admin.conf'; +$conf='/usr/share/dialup_admin/conf/admin.conf'; open CONF, "<$conf" or die "Could not open configuration file\n"; while(<CONF>){ Index: dialup_admin/bin/tot_stats =================================================================== --- dialup_admin/bin/tot_stats.orig 2010-06-21 21:15:56.000000000 +0200 +++ dialup_admin/bin/tot_stats 2010-06-21 21:15:57.000000000 +0200 @@ -8,7 +8,7 @@ use File::Temp; # Works with mysql and postgresql # -$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; +$conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; open CONF, "<$conf" Index: dialup_admin/bin/truncate_radacct =================================================================== --- dialup_admin/bin/truncate_radacct.orig 2010-06-21 21:15:56.000000000 +0200 +++ dialup_admin/bin/truncate_radacct 2010-06-21 21:15:57.000000000 +0200 @@ -7,7 +7,7 @@ use POSIX; use File::Temp; -$conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; +$conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; $back_days = 90; Index: dialup_admin/conf/admin.conf =================================================================== --- dialup_admin/conf/admin.conf.orig 2010-06-21 21:15:56.000000000 +0200 +++ dialup_admin/conf/admin.conf 2010-06-21 21:15:57.000000000 +0200 @@ -19,11 +19,11 @@ general_charset: iso-8859-1 # # The directory where dialupadmin is installed # -general_base_dir: /usr/local/dialup_admin +general_base_dir: /usr/share/dialup_admin # # The base directory of the freeradius radius installation # -general_radiusd_base_dir: /usr/local/radiusd +general_radiusd_base_dir: / general_domain: company.com # # Set it to yes to use sessions and cache the various mappings @@ -66,8 +66,8 @@ general_show_user_password: yes general_raddb_dir: %{general_radiusd_base_dir}/etc/raddb general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap # Need to fix admin.conf file parser -#general_clients_conf: %{general_raddb_dir}/clients.conf -general_clients_conf: /usr/local/etc/raddb/clients.conf +general_clients_conf: %{general_raddb_dir}/clients.conf +#general_clients_conf: /usr/local/etc/raddb/clients.conf general_sql_attrmap: %{general_base_dir}/conf/sql.attrmap general_accounting_attrs_file: %{general_base_dir}/conf/accounting.attrs general_extra_ldap_attrmap: %{general_base_dir}/conf/extra.ldap-attrmap @@ -260,7 +260,7 @@ sql_show_all_groups: true # This variable is used by the scripts in the bin folder # It should contain the path to the sql binary used to run # sql commands (mysql, psql, oracle and sqlrelay are only supported for now) -sql_command: /usr/local/bin/mysql +sql_command: /usr/bin/mysql #sql_command: /usr/bin/psql #sql_command: /usr/bin/sqlplus # @@ -269,12 +269,12 @@ sql_command: /usr/local/bin/mysql # used to run snmp commands. # (ucd = UCD-Snmp and net = Net-Snmp are only supported for now) general_snmp_type: net -general_snmpwalk_command: /usr/local/bin/snmpwalk -general_snmpget_command: /usr/local/bin/snmpget +general_snmpwalk_command: /usr/bin/snmpwalk +general_snmpget_command: /usr/bin/snmpget # # Uncomment to enable sql debug # -sql_debug: true +#sql_debug: true # # If set to yes then the HTTP credentials (http authentication) # will be used to connect to the sql server instead of sql_username ++++++ freeradius-server-2.1.6-overflow.patch ++++++ Index: src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c =================================================================== --- src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c.orig 2010-06-21 21:15:56.000000000 +0200 +++ src/modules/rlm_sqlhpwippool/rlm_sqlhpwippool.c 2010-06-21 21:16:15.000000000 +0200 @@ -771,7 +771,7 @@ static int sqlhpwippool_accounting(void nasip.s_addr = vp->vp_ipaddr; strncpy(nasipstr, inet_ntoa(nasip), sizeof(nasipstr) - 1); - nasipstr[sizeof(nasipstr)] = 0; + nasipstr[sizeof(nasipstr) - 1] = 0; if (!nvp_query(__LINE__, data, sqlsock, "UPDATE `%s`.`ips`, `radacct` " ++++++ freeradius-server-2.1.6-rcradiusd.patch ++++++ Index: suse/rcradius-relayd =================================================================== --- suse/rcradius-relayd.orig 2010-06-21 21:15:56.000000000 +0200 +++ suse/rcradius-relayd 2010-06-21 21:16:03.000000000 +0200 @@ -12,8 +12,8 @@ # ### BEGIN INIT INFO # Provides: radius-relayd -# Required-Start: $network $syslog $remotefs -# Required-Stop: +# Required-Start: $network $syslog $remote_fs +# Required-Stop: $network $syslog $remote_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: RADIUS Relay Server Index: suse/rcradiusd =================================================================== --- suse/rcradiusd.orig 2010-06-21 21:15:56.000000000 +0200 +++ suse/rcradiusd 2010-06-21 21:16:03.000000000 +0200 @@ -12,8 +12,8 @@ # ### BEGIN INIT INFO # Provides: radiusd -# Required-Start: $network $syslog $remotefs -# Required-Stop: +# Required-Start: $network $syslog $remote_fs +# Required-Stop: $network $syslog $remote_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Short-Description: RADIUS-Server ++++++ freeradius-server-CVE-2011-4966.patch ++++++ >From 1b1ec5ce75e224bd1755650c18ccdaa6dc53e605 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" <al...@freeradius.org> Date: Tue, 7 Feb 2012 20:58:52 +0100 Subject: [PATCH 2/2] heck for account and password expiration --- src/modules/rlm_unix/rlm_unix.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c index 5c0fe0f..abec68c 100644 --- a/src/modules/rlm_unix/rlm_unix.c +++ b/src/modules/rlm_unix/rlm_unix.c @@ -272,9 +272,17 @@ static int unix_getpw(UNUSED void *instance, REQUEST *request, /* * Check if password has expired. */ + if (spwd && spwd->sp_lstchg > 0 && spwd->sp_max >= 0 && + (request->timestamp / 86400) > (spwd->sp_lstchg + spwd->sp_max)) { + radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name); + return RLM_MODULE_REJECT; + } + /* + * Check if account has expired. + */ if (spwd && spwd->sp_expire > 0 && (request->timestamp / 86400) > spwd->sp_expire) { - radlog_request(L_AUTH, 0, request, "[%s]: password has expired", name); + radlog_request(L_AUTH, 0, request, "[%s]: account has expired", name); return RLM_MODULE_REJECT; } #endif -- 1.7.10.4 ++++++ freeradius-server-fix-cert-bootstrap.patch ++++++ Index: freeradius-server-2.1.10/raddb/certs/Makefile =================================================================== --- freeradius-server-2.1.10.orig/raddb/certs/Makefile +++ freeradius-server-2.1.10/raddb/certs/Makefile @@ -51,7 +51,7 @@ dh: # Create a new self-signed CA certificate # ###################################################################### -ca.key ca.pem: ca.cnf +ca.key ca.pem: openssl req -new -x509 -keyout ca.key -out ca.pem \ -days $(CA_DEFAULT_DAYS) -config ./ca.cnf @@ -63,7 +63,7 @@ ca.der: ca.pem # Create a new server certificate, signed by the above CA. # ###################################################################### -server.csr server.key: server.cnf +server.csr server.key: openssl req -new -out server.csr -keyout server.key -config ./server.cnf server.crt: server.csr ca.key ca.pem @@ -85,7 +85,7 @@ server.vrfy: ca.pem # certificate. # ###################################################################### -client.csr client.key: client.cnf +client.csr client.key: openssl req -new -out client.csr -keyout client.key -config ./client.cnf client.crt: client.csr ca.pem ca.key Index: freeradius-server-2.1.10/raddb/certs/bootstrap =================================================================== --- freeradius-server-2.1.10.orig/raddb/certs/bootstrap +++ freeradius-server-2.1.10/raddb/certs/bootstrap @@ -21,7 +21,9 @@ make -h > /dev/null 2>&1 # if [ "$?" = "0" ]; then make all - exit $? + ret=$? + chgrp radiusd * + exit $ret fi # @@ -79,3 +81,5 @@ fi if [ ! -f client.crt ]; then openssl ca -batch -keyfile ca.key -cert ca.pem -in client.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf fi + +chgrp radiusd * ++++++ freeradius-server-initscript-pidfile.patch ++++++ Index: freeradius-server-2.1.8/suse/rcradiusd =================================================================== --- freeradius-server-2.1.8.orig/suse/rcradiusd 2010-05-03 15:37:35.000000000 +0200 +++ freeradius-server-2.1.8/suse/rcradiusd 2010-05-03 15:38:08.000000000 +0200 @@ -31,6 +31,10 @@ rc_reset case "$1" in start) echo -n "Starting RADIUS daemon " + # /var/run might be on tmpfs, create runtime directory if needed + if [ ! -d /var/run/radiusd ]; then + install -d -m 0700 -g radiusd -o radiusd /var/run/radiusd + fi startproc $RADIUSD_BIN >/dev/null rc_status -v ;; Index: freeradius-server-2.1.8/suse/rcradius-relayd =================================================================== --- freeradius-server-2.1.8.orig/suse/rcradius-relayd 2010-05-03 15:37:35.000000000 +0200 +++ freeradius-server-2.1.8/suse/rcradius-relayd 2010-05-03 15:38:58.000000000 +0200 @@ -31,6 +31,10 @@ rc_reset case "$1" in start) echo -n "Starting RADIUS Relay daemon " + # /var/run might be on tmpfs, create runtime directory if needed + if [ ! -d /var/run/radiusd ]; then + install -d -m 0700 -g radiusd -o radiusd /var/run/radiusd + fi startproc $RADIUSD_BIN -s -n radrelay >/dev/null rc_status -v ;; ++++++ freeradius-server-radius-reload-logrotate.patch ++++++ Index: freeradius-server-2.1.12/suse/radiusd-logrotate =================================================================== --- freeradius-server-2.1.12.orig/suse/radiusd-logrotate 2011-09-30 16:12:07.000000000 +0200 +++ freeradius-server-2.1.12/suse/radiusd-logrotate 2011-10-19 16:01:36.781656862 +0200 @@ -47,6 +47,9 @@ size=+2048k notifempty missingok + postrotate + /etc/init.d/freeradius reload >/dev/null + endscript create } ++++++ freeradius-server-sha1-default.patch ++++++ Index: freeradius-server-2.1.6/raddb/certs/ca.cnf =================================================================== --- freeradius-server-2.1.6.orig/raddb/certs/ca.cnf 2009-05-18 13:13:55.000000000 +0200 +++ freeradius-server-2.1.6/raddb/certs/ca.cnf 2009-10-12 13:47:40.000000000 +0200 @@ -16,7 +16,7 @@ name_opt = ca_default cert_opt = ca_default default_days = 365 default_crl_days = 30 -default_md = md5 +default_md = sha1 preserve = no policy = policy_match Index: freeradius-server-2.1.6/raddb/certs/client.cnf =================================================================== --- freeradius-server-2.1.6.orig/raddb/certs/client.cnf 2009-05-18 13:13:55.000000000 +0200 +++ freeradius-server-2.1.6/raddb/certs/client.cnf 2009-10-12 13:47:45.000000000 +0200 @@ -16,7 +16,7 @@ name_opt = ca_default cert_opt = ca_default default_days = 365 default_crl_days = 30 -default_md = md5 +default_md = sha1 preserve = no policy = policy_match Index: freeradius-server-2.1.6/raddb/certs/server.cnf =================================================================== --- freeradius-server-2.1.6.orig/raddb/certs/server.cnf 2009-05-18 13:13:55.000000000 +0200 +++ freeradius-server-2.1.6/raddb/certs/server.cnf 2009-10-12 13:47:50.000000000 +0200 @@ -16,7 +16,7 @@ name_opt = ca_default cert_opt = ca_default default_days = 365 default_crl_days = 30 -default_md = md5 +default_md = sha1 preserve = no policy = policy_match -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org