Hello community, here is the log from the commit of package freeradius checked in at Fri May 4 00:24:54 CEST 2007. -------- --- freeradius/freeradius.changes 2007-03-26 12:45:38.000000000 +0200 +++ /mounts/work_src_done/STABLE/freeradius/freeradius.changes 2007-05-03 13:55:46.192074000 +0200 @@ -1,0 +2,82 @@ +Fri Apr 20 15:10:28 CEST 2007 - pth@suse.de + +- Update to 1.1.6. Changes since 1.1.3: + Feature improvements + * Added dictionary.rfc4372 (Chargeable User Identity) + * Added dictionary.rfc4675 (VLAN and Priority) + * Added dictionary.rfc4679 (ADSL Forum) + NOTE some name differences from the RFC, due to dictionary.redback + * Updated rlm_python to something usable + * Added experimental sql "HPW" IPPools. + * Added more dictionaries + * Dictionary files now MUST NOT be globally writable. + * Configuration files now MUST NOT be globally readable, + or globally writable. + * Be more aggressive about freeing memory on clean exit. + This helps track down run-time leaks. + * Updated rlm_python to something usable + * Added experimental sql "HPW" IPPools. + * Major enhancements to rlm_pap, that make "encryption_scheme" + a thing of the past. See "man rlm_pap" for details. + * Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use + work-arounds that enable Windows Vista clients to work. + * Added preliminary code to support Firebird. + Use at your own risk! + * Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more + platforms. + * Add a new "reply-name" directive in rlm_sqlcounter to define the + name of the reply attribute. + * Added more dictionaries and attributes + * Print ntlm_auth failure reason in Module-Failure-Message + * radsqlrelay is able to get the DB password from a file instead + of command line. + + Bug fixes + * Corrected typo in rlm_pap.c + * Corrected typo in src/main/auth.c + * Suppress SSL error messages if error is zero. + * Don't complain about "Error in read client certificate A" + if we expect to read it in the next packet. Fix based on patch + by Dan Lukes. + * Corrected nearly 30 bugs found by Coverity + See also http://scan.coverity.com + * Don't die on HUP. Instead leak memory (sorry). After a few + hundred HUP's, the server will have leaked a few megabytes of + memory, and you should probably re-start it. It's ugly, but + better than dying. + * Corrected a few double free's + * Corrected typo in radrelay, which prevented it from working + * Made Firebird module build + * Fixed bug in PostgreSQL module that caused server crash. + * Fixed bug in SQL module that could cause server to crash. + * Corrected base64 decoding in rlm_pap + * Don't retransmit accounting packets. The NAS should do this. + * Handle Client-Error in EAP-SIM. + * Port OpenSSL locking fixes from CVS head. This makes PEAP + more stable on some systems. + * Require Message-Authenticator in Status-Server packets + * Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868 + * Be more aggressibe about freeing memory on clean exit. + This isn't strictly a bug fix, but it makes it easier to + find memory leaks + * Increase buffer size for dynamic expansion, which allows + longer SQL qeuries. + * Use correct line number when there's a parse error in one + of the configuration sections. + * Terminate SSL sessions in EAP on error, rather than continuing + in some cases. + * Increase buffer size to allow parsing of long octet strings + * Fix string termination on xlat in rlm_perl + * Fix a parse error in the digest module, where malformed + digest requests would result in the user being accepted. Oops... + * VALUEs can only be defined for 'integer', to catch mistakes + with setting VALUEs for type 'string'. + * Better parsing of VALUE names, so that values starting with + a digit work correctly. + * Check return from malloc. + * Fix a double free() in rlm_eap_tls.c + * Check return code of malloc() during initialization. + * Fix a corner case where the proxy port isn't set either in + radiusd.conf or in proxy.conf. + +------------------------------------------------------------------- Old: ---- edir.patch freeradius-1.1.3.tar.bz2 lib64.patch pie.patch radiusd-pamd.diff New: ---- freeradius-1.1.6.tar.bz2 freeradius-fix_type_punning.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ freeradius.spec ++++++ --- /var/tmp/diff_new_pack.r19641/_old 2007-05-04 00:24:08.000000000 +0200 +++ /var/tmp/diff_new_pack.r19641/_new 2007-05-04 00:24:08.000000000 +0200 @@ -1,5 +1,5 @@ # -# spec file for package freeradius (Version 1.1.3) +# spec file for package freeradius (Version 1.1.6) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -15,8 +15,8 @@ Group: Productivity/Networking/Radius/Servers Provides: radiusd Conflicts: radiusd-livingston radiusd-cistron icradius -Version: 1.1.3 -Release: 45 +Version: 1.1.6 +Release: 1 URL: http://www.freeradius.org/ Summary: Very Highly Configurable Radius Server Source0: %{name}-%{version}.tar.bz2 @@ -25,12 +25,9 @@ Source3: radqkstart.pdf Source4: radadmin.pdf Source5: admin-httpd.conf -Patch: edir.patch -Patch1: pie.patch -Patch2: lib64.patch -Patch3: ltdl.patch -Patch4: dialup_admin.patch -Patch5: radiusd-pamd.diff +Patch0: ltdl.patch +Patch1: dialup_admin.patch +Patch2: freeradius-fix_type_punning.patch %if %suse_version > 800 PreReq: /usr/sbin/useradd /usr/sbin/groupadd PreReq: %insserv_prereq %fillup_prereq @@ -104,22 +101,16 @@ %prep %setup -q -%patch -%if %suse_version > 930 +%patch0 %patch1 -%endif -%ifarch x86_64 s390x -#%patch2 -%endif -%patch3 -%patch4 -%patch5 +%patch2 rm -rf `find . -name CVS` mkdir novell cp -f %{SOURCE3} %{SOURCE4} novell/ %build -export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -DLDAP_DEPRECATED" +#export CFLAGS="%{optflags} -fno-strict-aliasing -DLDAP_DEPRECATED" +export CFLAGS="%{optflags} -DLDAP_DEPRECATED" %ifarch x86_64 ppc ppc64 s390 s390x export CFLAGS="$CFLAGS -fPIC" %endif @@ -220,98 +211,98 @@ %doc scripts/cryptpasswd scripts/exec-program-wait scripts/radiusd2ldif.pl %doc novell/ # SuSE -%config /etc/init.d/radiusd -%config /etc/pam.d/radiusd -%config /etc/logrotate.d/radiusd -/usr/sbin/rcradiusd +%config %{_sysconfdir}/init.d/radiusd +%config %{_sysconfdir}/pam.d/radiusd +%config %{_sysconfdir}/logrotate.d/radiusd +%{_sbindir}/rcradiusd %dir %attr(755,radiusd,radiusd) /var/lib/radiusd # configs -%dir /etc/raddb +%dir %{_sysconfdir}/raddb %defattr(-,root,radiusd) -%config /etc/raddb/dictionary -%config(noreplace) /etc/raddb/acct_users -%config(noreplace) /etc/raddb/attrs -%attr(640,root,radiusd) %ghost %config(noreplace) /etc/raddb/clients -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/clients.conf -%config(noreplace) /etc/raddb/hints -%config(noreplace) /etc/raddb/huntgroups -%config(noreplace) /etc/raddb/ldap.attrmap -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mssql.conf -%ghost %config(noreplace) /etc/raddb/naslist -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/naspasswd -%attr(640,root,radiusd) %ghost %config(noreplace) /etc/raddb/oraclesql.conf -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/postgresql.conf -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/preproxy_users -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/proxy.conf -%config(noreplace) /etc/raddb/radiusd.conf -%ghost %config(noreplace) /etc/raddb/realms -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/snmp.conf -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sql.conf -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sqlippool.conf -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/users -%config(noreplace) /etc/raddb/otp.conf -%attr(640,root,radiusd) /etc/raddb/otppasswd.sample +%config %{_sysconfdir}/raddb/dictionary +%config(noreplace) %{_sysconfdir}/raddb/acct_users +%config(noreplace) %{_sysconfdir}/raddb/attrs +%attr(640,root,radiusd) %ghost %config(noreplace) %{_sysconfdir}/raddb/clients +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/clients.conf +%config(noreplace) %{_sysconfdir}/raddb/hints +%config(noreplace) %{_sysconfdir}/raddb/huntgroups +%config(noreplace) %{_sysconfdir}/raddb/ldap.attrmap +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mssql.conf +%ghost %config(noreplace) %{_sysconfdir}/raddb/naslist +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/naspasswd +%attr(640,root,radiusd) %ghost %config(noreplace) %{_sysconfdir}/raddb/oraclesql.conf +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/postgresql.conf +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/preproxy_users +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/proxy.conf +%config(noreplace) %{_sysconfdir}/raddb/radiusd.conf +%ghost %config(noreplace) %{_sysconfdir}/raddb/realms +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/snmp.conf +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sql.conf +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sqlippool.conf +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/users +%config(noreplace) %{_sysconfdir}/raddb/otp.conf +#%attr(640,root,radiusd) %{_sysconfdir}/raddb/otppasswd.sample %defattr(640,root,radiusd,750) -%config(noreplace) /etc/raddb/certs/ -%config(noreplace) /etc/raddb/eap.conf -/etc/raddb/example.pl +%config(noreplace) %{_sysconfdir}/raddb/certs/ +%config(noreplace) %{_sysconfdir}/raddb/eap.conf +%{_sysconfdir}/raddb/example.pl %attr(700,radiusd,radiusd) %dir /var/run/radiusd/ # binaries %defattr(-,root,root) -/usr/bin/* -/usr/sbin/check-radiusd-config -/usr/sbin/checkrad -/usr/sbin/radiusd +%{_bindir}/* +%{_sbindir}/check-radiusd-config +%{_sbindir}/checkrad +%{_sbindir}/radiusd # shared libs %attr(755,root,root) %dir /usr/lib/freeradius -#%attr(755,root,root) /usr/lib/freeradius/*.so* -/usr/lib/freeradius/libeap*.so -/usr/lib/freeradius/libradius*.so -/usr/lib/freeradius/rlm_acct_unique*.so -/usr/lib/freeradius/rlm_always*.so -/usr/lib/freeradius/rlm_attr_filter*.so -/usr/lib/freeradius/rlm_attr_rewrite*.so -/usr/lib/freeradius/rlm_chap*.so -/usr/lib/freeradius/rlm_checkval*.so -/usr/lib/freeradius/rlm_counter*.so -/usr/lib/freeradius/rlm_dbm*.so -/usr/lib/freeradius/rlm_detail*.so -/usr/lib/freeradius/rlm_digest*.so -/usr/lib/freeradius/rlm_eap-*.so -/usr/lib/freeradius/rlm_eap.so -/usr/lib/freeradius/rlm_eap_gtc*.so -/usr/lib/freeradius/rlm_eap_leap*.so -/usr/lib/freeradius/rlm_eap_md5*.so -/usr/lib/freeradius/rlm_eap_mschapv2*.so -/usr/lib/freeradius/rlm_eap_peap*.so -/usr/lib/freeradius/rlm_eap_sim*.so -/usr/lib/freeradius/rlm_eap_tls*.so -/usr/lib/freeradius/rlm_eap_ttls*.so -/usr/lib/freeradius/rlm_exec*.so -/usr/lib/freeradius/rlm_expr*.so -/usr/lib/freeradius/rlm_fastusers*.so -/usr/lib/freeradius/rlm_files*.so -/usr/lib/freeradius/rlm_ippool*.so -/usr/lib/freeradius/rlm_krb5*.so -/usr/lib/freeradius/rlm_ldap*.so -/usr/lib/freeradius/rlm_mschap*.so -/usr/lib/freeradius/rlm_ns_mta_md5*.so -/usr/lib/freeradius/rlm_pam*.so -/usr/lib/freeradius/rlm_pap*.so -/usr/lib/freeradius/rlm_passwd*.so -/usr/lib/freeradius/rlm_perl*.so -/usr/lib/freeradius/rlm_preprocess*.so -/usr/lib/freeradius/rlm_radutmp*.so -/usr/lib/freeradius/rlm_realm*.so -/usr/lib/freeradius/rlm_sql-*.so -/usr/lib/freeradius/rlm_sql.so -/usr/lib/freeradius/rlm_sqlcounter*.so -/usr/lib/freeradius/rlm_sql_log*.so -/usr/lib/freeradius/rlm_sql_mysql*.so -/usr/lib/freeradius/rlm_sql_postgresql*.so -/usr/lib/freeradius/rlm_sql_unixodbc*.so -/usr/lib/freeradius/rlm_unix*.so -/usr/lib/freeradius/rlm_otp*.so +#%attr(755,root,root) %{_prefix}/lib/freeradius/*.so* +%{_prefix}/lib/freeradius/libeap*.so +%{_prefix}/lib/freeradius/libradius*.so +%{_prefix}/lib/freeradius/rlm_acct_unique*.so +%{_prefix}/lib/freeradius/rlm_always*.so +%{_prefix}/lib/freeradius/rlm_attr_filter*.so +%{_prefix}/lib/freeradius/rlm_attr_rewrite*.so +%{_prefix}/lib/freeradius/rlm_chap*.so +%{_prefix}/lib/freeradius/rlm_checkval*.so +%{_prefix}/lib/freeradius/rlm_counter*.so +%{_prefix}/lib/freeradius/rlm_dbm*.so +%{_prefix}/lib/freeradius/rlm_detail*.so +%{_prefix}/lib/freeradius/rlm_digest*.so +%{_prefix}/lib/freeradius/rlm_eap-*.so +%{_prefix}/lib/freeradius/rlm_eap.so +%{_prefix}/lib/freeradius/rlm_eap_gtc*.so +%{_prefix}/lib/freeradius/rlm_eap_leap*.so +%{_prefix}/lib/freeradius/rlm_eap_md5*.so +%{_prefix}/lib/freeradius/rlm_eap_mschapv2*.so +%{_prefix}/lib/freeradius/rlm_eap_peap*.so +%{_prefix}/lib/freeradius/rlm_eap_sim*.so +%{_prefix}/lib/freeradius/rlm_eap_tls*.so +%{_prefix}/lib/freeradius/rlm_eap_ttls*.so +%{_prefix}/lib/freeradius/rlm_exec*.so +%{_prefix}/lib/freeradius/rlm_expr*.so +%{_prefix}/lib/freeradius/rlm_fastusers*.so +%{_prefix}/lib/freeradius/rlm_files*.so +%{_prefix}/lib/freeradius/rlm_ippool*.so +%{_prefix}/lib/freeradius/rlm_krb5*.so +%{_prefix}/lib/freeradius/rlm_ldap*.so +%{_prefix}/lib/freeradius/rlm_mschap*.so +%{_prefix}/lib/freeradius/rlm_ns_mta_md5*.so +%{_prefix}/lib/freeradius/rlm_pam*.so +%{_prefix}/lib/freeradius/rlm_pap*.so +%{_prefix}/lib/freeradius/rlm_passwd*.so +%{_prefix}/lib/freeradius/rlm_perl*.so +%{_prefix}/lib/freeradius/rlm_preprocess*.so +%{_prefix}/lib/freeradius/rlm_radutmp*.so +%{_prefix}/lib/freeradius/rlm_realm*.so +%{_prefix}/lib/freeradius/rlm_sql-*.so +%{_prefix}/lib/freeradius/rlm_sql.so +%{_prefix}/lib/freeradius/rlm_sqlcounter*.so +%{_prefix}/lib/freeradius/rlm_sql_log*.so +%{_prefix}/lib/freeradius/rlm_sql_mysql*.so +%{_prefix}/lib/freeradius/rlm_sql_postgresql*.so +%{_prefix}/lib/freeradius/rlm_sql_unixodbc*.so +%{_prefix}/lib/freeradius/rlm_unix*.so +%{_prefix}/lib/freeradius/rlm_otp*.so # man-pages %doc %{_mandir}/man1/* %doc %{_mandir}/man5/* @@ -341,10 +332,88 @@ %files devel %defattr(-,root,root) -/usr/lib/freeradius/*.a +%{_prefix}/lib/freeradius/*.a #%attr(644,root,root) /usr/lib/freeradius/*.la %changelog +* Fri Apr 20 2007 - pth@suse.de +- Update to 1.1.6. Changes since 1.1.3: + Feature improvements + * Added dictionary.rfc4372 (Chargeable User Identity) + * Added dictionary.rfc4675 (VLAN and Priority) + * Added dictionary.rfc4679 (ADSL Forum) + NOTE some name differences from the RFC, due to dictionary.redback + * Updated rlm_python to something usable + * Added experimental sql "HPW" IPPools. + * Added more dictionaries + * Dictionary files now MUST NOT be globally writable. + * Configuration files now MUST NOT be globally readable, + or globally writable. + * Be more aggressive about freeing memory on clean exit. + This helps track down run-time leaks. + * Updated rlm_python to something usable + * Added experimental sql "HPW" IPPools. + * Major enhancements to rlm_pap, that make "encryption_scheme" + a thing of the past. See "man rlm_pap" for details. + * Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use + work-arounds that enable Windows Vista clients to work. + * Added preliminary code to support Firebird. + Use at your own risk! + * Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more + platforms. + * Add a new "reply-name" directive in rlm_sqlcounter to define the + name of the reply attribute. + * Added more dictionaries and attributes + * Print ntlm_auth failure reason in Module-Failure-Message + * radsqlrelay is able to get the DB password from a file instead + of command line. + Bug fixes + * Corrected typo in rlm_pap.c + * Corrected typo in src/main/auth.c + * Suppress SSL error messages if error is zero. + * Don't complain about "Error in read client certificate A" + if we expect to read it in the next packet. Fix based on patch + by Dan Lukes. + * Corrected nearly 30 bugs found by Coverity + See also http://scan.coverity.com + * Don't die on HUP. Instead leak memory (sorry). After a few + hundred HUP's, the server will have leaked a few megabytes of + memory, and you should probably re-start it. It's ugly, but + better than dying. + * Corrected a few double free's + * Corrected typo in radrelay, which prevented it from working + * Made Firebird module build + * Fixed bug in PostgreSQL module that caused server crash. + * Fixed bug in SQL module that could cause server to crash. + * Corrected base64 decoding in rlm_pap + * Don't retransmit accounting packets. The NAS should do this. + * Handle Client-Error in EAP-SIM. + * Port OpenSSL locking fixes from CVS head. This makes PEAP + more stable on some systems. + * Require Message-Authenticator in Status-Server packets + * Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868 + * Be more aggressibe about freeing memory on clean exit. + This isn't strictly a bug fix, but it makes it easier to + find memory leaks + * Increase buffer size for dynamic expansion, which allows + longer SQL qeuries. + * Use correct line number when there's a parse error in one + of the configuration sections. + * Terminate SSL sessions in EAP on error, rather than continuing + in some cases. + * Increase buffer size to allow parsing of long octet strings + * Fix string termination on xlat in rlm_perl + * Fix a parse error in the digest module, where malformed + digest requests would result in the user being accepted. Oops... + * VALUEs can only be defined for 'integer', to catch mistakes + with setting VALUEs for type 'string'. + * Better parsing of VALUE names, so that values starting with + a digit work correctly. + * Check return from malloc. + * Fix a double free() in rlm_eap_tls.c + * Check return code of malloc() during initialization. + * Fix a corner case where the proxy port isn't set either in + radiusd.conf or in proxy.conf. * Mon Mar 26 2007 - rguenther@suse.de - add gdbm-devel BuildRequires * Sun Feb 11 2007 - ro@suse.de ++++++ freeradius-1.1.3.tar.bz2 -> freeradius-1.1.6.tar.bz2 ++++++ ++++ 36050 lines of diff (skipped) ++++++ freeradius-fix_type_punning.patch ++++++ --- src/lib/valuepair.c +++ src/lib/valuepair.c @@ -725,13 +725,17 @@ break; case PW_TYPE_DATE: - if (gettime(value, (time_t *)&vp->lvalue) < 0) { + { + union{uint32_t *lvp; time_t *tp;}pun = { &vp->lvalue }; + + if (gettime(value, pun.tp) < 0) { librad_log("failed to parse time string " "\"%s\"", value); return NULL; } vp->length = 4; break; + } case PW_TYPE_ABINARY: #ifdef ASCEND_BINARY if (strncasecmp(value, "0x", 2) == 0) { --- src/modules/rlm_sql/drivers/rlm_sql_unixodbc/sql_unixodbc.c +++ src/modules/rlm_sql/drivers/rlm_sql_unixodbc/sql_unixodbc.c @@ -215,13 +215,13 @@ static int sql_num_fields(SQLSOCK *sqlsocket, SQL_CONFIG *config) { rlm_sql_unixodbc_sock *unixodbc_sock = sqlsocket->conn; long err_handle; - int num_fields = 0; + union{int num_fields;SQLSMALLINT sqlsi; }pun = {0}; - err_handle = SQLNumResultCols(unixodbc_sock->stmt_handle,(SQLSMALLINT *)&num_fields); + err_handle = SQLNumResultCols(unixodbc_sock->stmt_handle,&pun.sqlsi); if (sql_state(err_handle, sqlsocket, config)) return -1; - return num_fields; + return pun.num_fields; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org