Hello community, here is the log from the commit of package freeradius-server for openSUSE:Factory checked in at 2017-05-31 12:19:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/freeradius-server (Old) and /work/SRC/openSUSE:Factory/.freeradius-server.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "freeradius-server" Wed May 31 12:19:49 2017 rev:68 rq:499629 version:3.0.14 Changes: -------- --- /work/SRC/openSUSE:Factory/freeradius-server/freeradius-server.changes 2017-03-20 17:09:16.460314018 +0100 +++ /work/SRC/openSUSE:Factory/.freeradius-server.new/freeradius-server.changes 2017-05-31 12:20:22.731007992 +0200 @@ -1,0 +2,48 @@ +Mon May 29 12:40:52 UTC 2017 - [email protected] + +- update to 3.0.14 (still FATE#322416) + + Feature improvements + * Enforce TLS client certificate expiration on session resumption, + and Session-Timeout. See CVE-2017-9148 (bnc#1041445) + * Updated dictionary.cisco.vpn3000, dictionary.patton + * Added dictionary.dellemc + * Lowered the log output for failed PEAP sessions. + * ALlow utc in rlm_date. + * The internal OpenSSL session cache has been disabled. + Please see mods-available/eap + * Update detail reader documentation. + * Make outgoing RadSec connections non-blocking. + * Add SQL backing to Moonshot-*-TargetedId generation. + + Bug Fixes + * radtest uses Cleartext-Password for EAP, not User-Password. + * Update documentation for mods-enabled/ linking. + * Enhanced checks for moonshot salt. + * Allow session resumption for RadSec connections. + * Update "huntgroups" file to note that port ranges are not supported + * Fix OpenSSL permissions issues on default key files. + * Certificates are not required when PSK is used. + * Allow SubjectAltName as first extension in cert. + * Fixed talloc issue with TLS session resumption. + * "&Attr-26 := 0x01" now produces useful error messages. + * Handle connection error in rlm_ldap_cacheable_groupobj. + * Fix endian issues in DHCP. + * Multiple minor fixes for Coverity complaints. + * Handle unexpected regex. + * Fix minor issues in dictionaries. + * Fix typos and grammar. Patches from Alan Buxey. + * Fix erroneous VP creation in rlm_preproces. + * Fix MIB. Patch from Jeff Gehlbach. + * Trust router updates from Alejandro Perez. + * Allow build with LibreSSL. + * Use correct packet for channel bindings. + * Many fixes found by PVS-Studio. Thanks to PVS-Studio for giving us + a test license. Please see the git commit history for more info. + * Fix incorrect length check in EAP-PWD. This may be exploitable. + * Stop rotating session database files (radutmp, radwtmp) since + these are not logfiles. + +- freeradius-server-radiusd-logrotate.patch: updated + +------------------------------------------------------------------- Old: ---- freeradius-server-3.0.13.tar.bz2 freeradius-server-3.0.13.tar.bz2.sig New: ---- freeradius-server-3.0.14.tar.bz2 freeradius-server-3.0.14.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ freeradius-server.spec ++++++ --- /var/tmp/diff_new_pack.hKoiPX/_old 2017-05-31 12:20:23.514897334 +0200 +++ /var/tmp/diff_new_pack.hKoiPX/_new 2017-05-31 12:20:23.518896770 +0200 @@ -20,7 +20,7 @@ %define apxs2 apxs2-prefork %define apache2_sysconfdir %(%{_sbindir}/%{apxs2} -q SYSCONFDIR) Name: freeradius-server -Version: 3.0.13 +Version: 3.0.14 Release: 0 %if 0%{?suse_version} > 1140 @@ -431,6 +431,8 @@ %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/files %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/files/* %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/preprocess +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/* +%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/preprocess/* %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/python/radiusd.py @@ -515,6 +517,7 @@ %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/logintime %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/mac2ip %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/mac2vlan +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/moonshot-targeted-ids %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/mschap %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/ntlm_auth %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/opendirectory ++++++ freeradius-server-3.0.13.tar.bz2 -> freeradius-server-3.0.14.tar.bz2 ++++++ ++++ 4077 lines of diff (skipped) ++++++ freeradius-server-radiusd-logrotate.patch ++++++ --- /var/tmp/diff_new_pack.hKoiPX/_old 2017-05-31 12:20:26.006545600 +0200 +++ /var/tmp/diff_new_pack.hKoiPX/_new 2017-05-31 12:20:26.006545600 +0200 @@ -1,6 +1,8 @@ ---- freeradius-server-3.0.8.orig/suse/radiusd-logrotate 2015-04-22 19:21:34.000000000 +0200 -+++ freeradius-server-3.0.8.suse/suse/radiusd-logrotate 2015-04-23 10:15:52.847179845 +0200 -@@ -16,13 +16,18 @@ +Index: freeradius-server-3.0.14/suse/radiusd-logrotate +=================================================================== +--- freeradius-server-3.0.14.orig/suse/radiusd-logrotate ++++ freeradius-server-3.0.14/suse/radiusd-logrotate +@@ -16,13 +16,18 @@ notifempty # The main server log # /var/log/radius/radius.log { @@ -19,15 +21,7 @@ nocreate size=+1024k } -@@ -31,6 +36,7 @@ - # Session database modules - # - /var/log/radius/radutmp /var/log/radius/radwtmp { -+ su radiusd radiusd - nocreate - size=+2048k - } -@@ -39,6 +45,7 @@ +@@ -31,6 +36,7 @@ notifempty # SQL log files # /var/log/radius/sqllog.sql { @@ -35,7 +29,7 @@ nocreate size=+2048k } -@@ -51,6 +58,7 @@ +@@ -43,6 +49,7 @@ notifempty # second technique, you will need another cron job that removes old # detail files. You do not need to comment out the below for method #2. /var/log/radius/radacct/*/detail {
