Hello community, here is the log from the commit of package freeradius-server for openSUSE:Leap:15.2 checked in at 2020-03-27 16:44:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/freeradius-server (Old) and /work/SRC/openSUSE:Leap:15.2/.freeradius-server.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "freeradius-server" Fri Mar 27 16:44:37 2020 rev:15 rq:788626 version:3.0.21 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/freeradius-server/freeradius-server.changes 2020-01-15 14:55:52.529603306 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.freeradius-server.new.3160/freeradius-server.changes 2020-03-27 16:47:10.447899836 +0100 @@ -2 +2 @@ -Tue Apr 16 10:09:45 UTC 2019 - Adam Majer <[email protected]> +Tue Mar 24 15:31:22 UTC 2020 - Adam Majer <[email protected]> @@ -4,4 +4,323 @@ -- CVE-2019-11235.patch: fixes authentication bypass vulnerability - in the EAP-PWD module via invalid curve attack or a reflection - attack vector. (CVE-2019-11235, CVE-2019-11234, bsc#1132549, - bsc#1132664) +- update to 3.0.21 (jsc#SLE-11896) + +Feature Improvements + + * New stored procedure for allocating IPs with PostgreSQL + Rates of 1500 IPs per second are now possible + See raddb/mods-config/sql/ippool/postgresql/procedure.sql + * Add SQL IP pool support for Microsoft SQL Server + See raddb/mods-config/sql/ippool/mssql/ + * Added RCNTEC dictionary. Closes #3168. + * Added Pica8 dictionary. Closes #3179. + * Add TLS-Client-Cert-Valid-Since attribute holding not + Before date Patch from Boris Lytochkin. Fixes #3157. + * Generate attributes containing unknown OIDs See raddb/sites-available/tls + * Update the WiMAX dictionary. + * Added ability to rlm_python(Python2) show a stacktrace + from errors. #2979. + * Add WiFi Alliance Policy OIDs. + See raddb/certs/xpextensions + * radmin now shows coa stats, too. + * Sample schema extensions for summarizing data in SQL + See mods-config/sql/main/*/process-radacct.sql + * Update dictionary.aerohive, dictionary.fortinet, + dictionary.arista and dictionary.erx. + * Added VAS Experts dictionary. + * Many updates to RPM and jenkins builds from Matthew Newton. + * Added %C (time now in seconds) and %c (microsecond component of now) + back-ported from the "master" branch. + * Add reload capability to systemd unit file in Debian and RedHat. + * Increase timestamp precision in postauth to maximum supported by each + database and simplify (and make more consistent between drivers) + the timestamps in SQL queries by using expansions. + * Option to set dictionary path in raduat script. + +Bug Fixes + + * Various fixes found by PVS-Studio. + * Set permissions of certificates in bootstrap shell script Fixes #3132. + * Increase the 'nasportid' SQL field for 'varchar(32)'. #3141. + * Skip processing proxy reply if there are no home servers available. + * Update SQLite IPPool queries. Fixes #3177 + * rlm_sql_unixodbc fixes. Fixes #2822. + * Fixes when building with LibreSSL. + * Fix the rlm_python3 build. Note that this module is experimental. #3183. + * The rlm_python should append the 'python_path' paths in 'sys.path'. + It fixes the expected behavior to use the existing Python modules + Fixes #3180. + * Fix rlm_python to print the script errors properly. + * Bound total query time for PostgreSQL. Fixes #3253. + * Many fixes to Oracle sqlippool. It now does 500 IPs per second + without any tuning. Fixes #3270. + * Reference sqlippool by it's correct name. Fixes #3272. + * Revert 3.0.20 patch which caused crashes on duplicate clients. + * Update WiMAX-MSK attribute. Fixes #3280. + * Fix crash when trying to access non-existant regex capture group. + * Use timestamps (request or server) rather than SQL NOW() + in accounting queries so that these are stable when replayed + from a file buffer. + +- freeradius-python3_patches.patch: upstreamed + +------------------------------------------------------------------- +Tue Mar 17 13:42:37 UTC 2020 - Adam Majer <[email protected]> + +- update to 3.0.20 (bsc#1146848) + +Feature Improvements + * Added Force10 dictionary. + * Update dictionary.hp with new attributes. #2690. + * Update dictionary.aruba with new attributes. #2696. + * Fix side-channel leak in EAP-PWD (bsc#1144524, CVE-2019-13456) + * Relax OpenSSL version checks, now that their API is both public, and stable. + * Note that tls_min_version/tls_max_version also support "1.3" + Since there is no standard yet for EAP with TLS 1.3, it will not work. + * Added tripplite dictionary from #2760. + * Switch to the async interface for rlm_sql_postgresql so that + we can enforce query_timeout. + * Added new LDAP option 'allow_dangling_group_ref'. + * Updated documentation and functionality for EAP session caching + See "cache" section of mods-available/eap. + * Tighten systemd unit file security. Fixes #2637. + * Disable TLS 1.0 and TLS 1.1 support in the default configuration + We STRONGLY recommend doing this for all installations. + * Add expansions for *outgoing* Radsec connections + "%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and + TLS-Cert-* attributes. Fixes #2839. + * Add %{listen:tls} which returns "yes" or "no" for + TLS or non-TLS connections. + * Update dictionary.lancom with new attributes. #2847. + * Added rlm_sql_mongo. See raddb/mods-available/sql. + Note that this module is experimental. + * Added more documentation in sites-available/robust-proxy-accounting. + * sqlippool now re-allocates unexpired leases, to prevent IP pool + exhaustion when clients perform multiple reauthentication attempts + * Add support to radmin keep the history in ~/.radmin_history. + * Add support for ENV and LD_PRELOAD in radiusd.conf. + See the new ENV sub-section of radiusd.conf. + * Update dictionary.aptilo. #3002. + * Update dictionary.airespace. #3039. + * Add sites-available/coa-relay, which makes CoA easier #3045. + * Add example stored procedure for IP Pools in MySQL + See mods-config/sql/ippool/mysql/procedure.sql + * Update dictionary.dhcp dictionary with the recent hardware types. + * Add experimental rlm_python3. This should largely work + the same as rlm_python, which was Python2 only. + * Add Dockerfiles for Debian10 and CentOS8. + * Add RPM spec file compatibility for RHEL/CentOS 8. + * Notes on certificate constraints. See raddb/certs/server.cnf. + * Add NAIRealm example to raddb/certs/server.cnf, for RFC 7585. + +Bug Fixes + + * Allow listen.ipaddr to reference an IPv6-only host. Fixes #2627 + * ERX-Acct-Request-Reason is "integer". Closes #2635. + * Fix a slow memory leak in the file management code. + * Try to fix file permissions if they get modified while + the server is running + * Fix slow memory leak with clients. + * Fix request and connection timeouts in rlm_rest. + * Fix systemd issues. + * Fixes from clang analyzer. + * Fix missing include for the dictionaries: + alcatel.esam, altiga,alvarion.wimax.v2_2,aptis,asn, + audiocodes,avaya,bristol, columbia_university,freedhcp,garderos, + infoblox,motorola.illegal, starent.vsa1, telkom, wimax.wichorus. + * Fix internal sanity check when running with "-Xx". + * Allow "inner-tunnel" virtual servers to work better + with "accept" and "reject" policies. + * Fix dictionary.huawei data types for + Huawei-DNS-Server-IPv6-address and Huawei-Framed-IPv6-Address. + * Framed-Interface-ID in postgresql/queries.conf is string, + not inet Fixes #2817. + * Fix rlm_cache to complain on unknown attributes in the "update" + section of its configuration. + * Add configure checks for -latomic. This helps on armel, + mips and mipsel. Fixes #2828. + * Add support to Oracle 19 and 18. Via #2857. + * Add support for decoding tags in rlm_rest. Fixes #2848. + * Use correct passwords when updating CRLs in raddb/certs/. + * Properly separate "originate-coa" packets when accounting + packets are read from the detail file reader. + * Use the correct virtual server for pre/post-proxy. + * radsqlrelay fixes backported from "master" branch + * Fix DoS issues due to multithreaded BN_CTX access + (bsc#1166847, CVE-2019-17185) + +- disable python2 for SLE15 and Factory +- freeradius-server-enable-python3.patch: enable Python3 module +- freeradius-python3_patches.patch: backport python3 fixes from upstream +- freeradius-server-opensslversion.patch: updated + +------------------------------------------------------------------- +Wed Mar 11 13:18:37 UTC 2020 - Adam Majer <[email protected]> + +- Enable memcached driver on SLE15 + +------------------------------------------------------------------- +Mon Dec 23 15:06:54 UTC 2019 - Johannes Engel <[email protected]> + +- Add missing BuildRequire on samba-core-devel required for windbind + support in rlm_mschap. + +------------------------------------------------------------------- +Wed Apr 10 17:01:55 UTC 2019 - Michael Ströder <[email protected]> + +- update to 3.0.19 (jira#SLE-5890) + +Feature improvements + * Update dictionary.cisco + * Update sqlippool to allow for stored procedures with + PostgreSQL. This increases performance substantially. + Patch from Nathan Ward. Fixes #2540. + * Re-added "show client config" command to radmin. + * Cleaned up mods-available/sql example so that it is + easier to understand. + * Added pfSense dictionary. Closes #2581 + * Update dictionary.h3c Closes #2592 + * Update elasticsearch/logstash config for v6.7.0. + * EAP-PWD security fixes from Mathy Vanhoef. See + http://freeradius.org/security/ + (CVE-2019-11234, CVE-2019-11235, bsc#1132549, bsc#1132664) + +Bug fixes + * Update dynamic_client module and server core so that + the functionality works. This has been broken since + at least v2. + * Fix crash in sqlippool due to escaping changes. + Patch from Nathan Ward. Fixes #2532, #2533. + * Fix systemd notify, watchdog and unit files. + Fixes #2541, #2499. ++++ 198 more lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/freeradius-server/freeradius-server.changes ++++ and /work/SRC/openSUSE:Leap:15.2/.freeradius-server.new.3160/freeradius-server.changes Old: ---- CVE-2019-11235.patch freeradius-server-3.0.16.tar.bz2 freeradius-server-3.0.16.tar.bz2.sig New: ---- freeradius-server-3.0.21.tar.bz2 freeradius-server-3.0.21.tar.bz2.sig freeradius-server-enable-python3.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ freeradius-server.spec ++++++ --- /var/tmp/diff_new_pack.43cN2d/_old 2020-03-27 16:47:11.079900207 +0100 +++ /var/tmp/diff_new_pack.43cN2d/_new 2020-03-27 16:47:11.083900209 +0100 @@ -1,7 +1,7 @@ # # spec file for package freeradius-server # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -20,9 +20,15 @@ %define apxs2 apxs2-prefork %define apache2_sysconfdir %(%{_sbindir}/%{apxs2} -q SYSCONFDIR) Name: freeradius-server -Version: 3.0.16 +Version: 3.0.21 Release: 0 +%if 0%{?suse_version} >= 1500 +%bcond_with python2 +%else +%bcond_without python2 +%endif + %if 0%{?suse_version} > 1140 %bcond_without systemd %bcond_without libjson @@ -40,7 +46,7 @@ %bcond_with freetds %endif -%if 0%{?is_opensuse} +%if 0%{?suse_version} > 1330 || 0%{?is_opensuse} %bcond_without memcached %else %bcond_with memcached @@ -62,7 +68,7 @@ Patch5: freeradius-server-rlm_sql_unixodbc-configure.patch Patch6: freeradius-server-radclient-init-error-buffer.patch Patch7: freeradius-server-opensslversion.patch -Patch8: CVE-2019-11235.patch +Patch8: freeradius-server-enable-python3.patch BuildRequires: apache2-devel BuildRequires: cyrus-sasl-devel BuildRequires: db-devel @@ -97,7 +103,10 @@ BuildRequires: pam-devel BuildRequires: perl BuildRequires: postgresql-devel +%if 0%{with python2} BuildRequires: python-devel +%endif +BuildRequires: python3-devel BuildRequires: sqlite3-devel BuildRequires: unixODBC-devel %if 0%{?suse_version} > 1110 @@ -111,14 +120,12 @@ Requires: %{name}-libs = %{version} Requires: coreutils Requires: pwdutils -Requires: python Requires(pre): openssl Requires(pre): perl Recommends: logrotate Provides: freeradius = %{version} Provides: radiusd Obsoletes: freeradius < %{version} -BuildRoot: %{_tmppath}/%{name}-%{version}-build %{?libperl_requires} Conflicts: radiusd-livingston radiusd-cistron icradius %if %{with systemd} @@ -128,6 +135,7 @@ #bsc#1055679 - freeradius-server does not provide winbind/AD auth BuildRequires: libwbclient-devel +BuildRequires: samba-core-devel %description Remote Authentication Dial-In User Service (RADIUS) is a networking @@ -199,12 +207,19 @@ %package python Summary: Python support for freeradius Group: System/Daemons -BuildRequires: python-devel Requires: %{name} = %{version} %description python FreeRADIUS plugin providing Python support. +%package python3 +Summary: Python3 support for freeradius +Group: System/Daemons +Requires: %{name} = %{version} + +%description python3 +FreeRADIUS plugin providing Python3 support. + %package mysql Summary: MySQL support for freeradius Group: System/Daemons @@ -233,16 +248,10 @@ FreeRADIUS plugin providing SQLite support. %prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 +%autosetup -p1 %build +./autogen.sh modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\"" @@ -252,6 +261,7 @@ %configure \ --disable-static \ --libdir=%{_libdir}/freeradius \ + --with-unixodbc-dir=%{_prefix} \ --disable-ltdl-install \ --enable-strict-dependencies \ --with-edir \ @@ -270,6 +280,10 @@ --without-rlm_rediswho \ --without-rlm_sql_oracle \ --without-rlm_securid \ +%if ! %{with python2} + --without-rlm_python \ +%endif + --with-rlm-python3-include-dir=%{_includedir}/python%{python3_version}%{py3_abiflags} \ %if ! %{with memcached} --without-rlm_cache_memcached \ %endif @@ -281,11 +295,11 @@ %endif --disable-silent-rules \ --disable-openssl-version-check -make %{?_smp_mflags} VERBOSE=1 +make %{?_smp_mflags} %install mkdir -p %{buildroot}%{_localstatedir}/lib/radiusd -make install R=%{buildroot} INSTALLSTRIP= VERBOSE=1 +make install R=%{buildroot} INSTALLSTRIP= # modify default configuration RADDB=%{buildroot}%{_sysconfdir}/raddb perl -i -pe 's/^#user =.*$/user = radiusd/' $RADDB/radiusd.conf @@ -314,31 +328,37 @@ install -D -d -m 0710 %{buildroot}%{runpath}/radiusd mv -v doc/README doc/README.doc # remove unneeded stuff -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/*.crt -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/*.csr -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/*.der -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/*.key -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/*.pem -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/*.p12 -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/index.* -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/serial* -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/dh -rm -f %{buildroot}%{_sysconfdir}/raddb/certs/random -rm -rf doc/00-OLD -rm -rf doc/.gitignore -rm -rf doc/source/.gitignore -rm -f %{buildroot}%{_sbindir}/rc.radiusd -rm -rf %{buildroot}%{_datadir}/doc/freeradius* -rm -rf %{buildroot}%{_libdir}/freeradius/*.*a -rm -f %{buildroot}%{_defaultdocdir}/%{name}/Makefile -rm -f %{buildroot}%{_defaultdocdir}/%{name}/examples/Makefile -rm -rf %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/main/mssql -rm -rf %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/ippool/oracle -rm -rf %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/oracle -rm -rf %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/main/oracle +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.crl +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.crt +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.csr +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.der +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.key +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.pem +rm %{buildroot}%{_sysconfdir}/raddb/certs/*.p12 +rm %{buildroot}%{_sysconfdir}/raddb/certs/index.* +rm %{buildroot}%{_sysconfdir}/raddb/certs/serial* +rm %{buildroot}%{_sysconfdir}/raddb/certs/dh +rm doc/source/.gitignore +rm %{buildroot}%{_sbindir}/rc.radiusd +rm -r %{buildroot}%{_datadir}/doc/freeradius* +rm -r %{buildroot}%{_libdir}/freeradius/*.*a +# rm %{buildroot}%{_defaultdocdir}/%{name}/Makefile +# rm %{buildroot}%{_defaultdocdir}/%{name}/examples/Makefile +rm -r %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/main/mssql +rm -r %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/ippool/mssql +rm -r %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/ippool/oracle +rm -r %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/oracle +rm -r %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/main/oracle +#rm -r %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/postgresql %if ! %{with json} rm %{buildroot}%{_sysconfdir}/raddb/mods-available/rest %endif +%if ! %{with python2} +rm %{buildroot}%{_sysconfdir}/raddb/mods-available/python +%endif +rm %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/ippool/mongo/queries.conf +rm %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/main/mongo/queries.conf +rm %{buildroot}%{_sysconfdir}/raddb/sites-available/coa-relay %pre getent group radiusd >/dev/null || %{_sbindir}/groupadd -r radiusd @@ -441,10 +461,12 @@ %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/* %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/preprocess/* -%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python -%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/python/radiusd.py +#%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python +#%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/python/radiusd.py %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool/postgresql +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool/postgresql/procedure.sql %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/counter @@ -452,9 +474,10 @@ %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main -#%%attr(640,root,radiusd) %%{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/oracle/queries.conf -#%%attr(640,root,radiusd) %%{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/oracle/schema.sql +#%attr(640,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/oracle/queries.conf +#%attr(640,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/oracle/schema.sql %attr(640,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/sqlite/schema.sql + %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/unbound %attr(640,root,radiusd) %{_sysconfdir}/raddb/mods-config/unbound/default.conf @@ -487,7 +510,7 @@ %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/challenge # sites-enabled -# symlink: %%{_sysconfdir}/raddb/sites-enabled/xxx -> ../sites-available/xxx +# symlink: %{_sysconfdir}/raddb/sites-enabled/xxx -> ../sites-available/xxx %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sites-enabled %config(missingok) %{_sysconfdir}/raddb/sites-enabled/inner-tunnel %config(missingok) %{_sysconfdir}/raddb/sites-enabled/default @@ -533,7 +556,10 @@ %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/pap %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/passwd %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/preprocess +%if %{with python2} %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/python +%endif +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/python3 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/radutmp %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/realm %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/redis @@ -560,7 +586,7 @@ %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/couchbase # mods-enabled -# symlink: %%{_sysconfdir}/raddb/mods-enabled/xxx -> ../mods-available/xxx +# symlink: %{_sysconfdir}/raddb/mods-enabled/xxx -> ../mods-available/xxx %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-enabled %config(missingok) %{_sysconfdir}/raddb/mods-enabled/always %config(missingok) %{_sysconfdir}/raddb/mods-enabled/attr_filter @@ -606,6 +632,7 @@ %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/policy.d/operator-name %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/policy.d/abfab-tr %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/policy.d/debug +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/policy.d/rfc7542 %config(noreplace) %{_sysconfdir}/raddb/users %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/templates.conf @@ -726,11 +753,21 @@ %{_libdir}/freeradius/rlm_perl.so +%if %{with python2} %files python %defattr(-,root,root) %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python +%attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python/radiusd.py %{_sysconfdir}/raddb/mods-config/python/example.py* %{_libdir}/freeradius/rlm_python.so +%endif + +%files python3 +%defattr(-,root,root) +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python3 +%attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python3/example.py +%attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python3/radiusd.py +%{_libdir}/freeradius/rlm_python3.so %files mysql %defattr(-,root,root) @@ -747,11 +784,13 @@ %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool/mysql %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool/mysql/queries.conf %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool/mysql/schema.sql +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool/mysql/procedure.sql %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/mysql +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/mysql/process-radacct.sql %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/mysql/setup.sql %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/mysql/queries.conf %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/mysql/schema.sql @@ -785,6 +824,7 @@ %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool/postgresql/schema.sql %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/postgresql +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/postgresql/process-radacct.sql %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/postgresql/setup.sql %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/postgresql/queries.conf %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/postgresql/schema.sql @@ -815,6 +855,8 @@ %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/process-radacct-refresh.sh +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/process-radacct-schema.sql %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/queries.conf %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/schema.sql ++++++ freeradius-server-3.0.16.tar.bz2 -> freeradius-server-3.0.21.tar.bz2 ++++++ ++++ 51440 lines of diff (skipped) ++++++ freeradius-server-enable-python3.patch ++++++ Index: freeradius-server-3.0.20/src/modules/stable =================================================================== --- freeradius-server-3.0.20.orig/src/modules/stable +++ freeradius-server-3.0.20/src/modules/stable @@ -25,6 +25,7 @@ rlm_passwd rlm_perl rlm_preprocess rlm_python +rlm_python3 rlm_radutmp rlm_realm rlm_rest Index: freeradius-server-3.0.20/src/modules/rlm_python3/example.py =================================================================== --- freeradius-server-3.0.20.orig/src/modules/rlm_python3/example.py +++ freeradius-server-3.0.20/src/modules/rlm_python3/example.py @@ -1,4 +1,4 @@ -#! /usr/bin/env python3 +#!/usr/bin/python3 # # Python module example file # Miguel A.L. Paraz <[email protected]> Index: freeradius-server-3.0.20/src/modules/rlm_python3/radiusd.py =================================================================== --- freeradius-server-3.0.20.orig/src/modules/rlm_python3/radiusd.py +++ freeradius-server-3.0.20/src/modules/rlm_python3/radiusd.py @@ -1,4 +1,4 @@ -#! /usr/bin/env python3 +#!/usr/bin/python3 # # Definitions for RADIUS programs # ++++++ freeradius-server-opensslversion.patch ++++++ --- /var/tmp/diff_new_pack.43cN2d/_old 2020-03-27 16:47:13.307901516 +0100 +++ /var/tmp/diff_new_pack.43cN2d/_new 2020-03-27 16:47:13.311901518 +0100 @@ -2,45 +2,17 @@ Summary: SUSE OpenSSL version scheme does not follow upstream. Relax, breathe, apply. -Index: freeradius-server-3.0.12/src/main/version.c +Index: freeradius-server-3.0.20/src/main/version.c =================================================================== ---- freeradius-server-3.0.12.orig/src/main/version.c -+++ freeradius-server-3.0.12/src/main/version.c -@@ -50,36 +50,7 @@ static long ssl_built = OPENSSL_VERSION_ +--- freeradius-server-3.0.20.orig/src/main/version.c ++++ freeradius-server-3.0.20/src/main/version.c +@@ -52,6 +52,9 @@ static long ssl_built = OPENSSL_VERSION_ */ int ssl_check_consistency(void) { -- long ssl_linked; -- -- ssl_linked = SSLeay(); -- -- /* -- * Status mismatch always triggers error. -- */ -- if ((ssl_linked & 0x0000000f) != (ssl_built & 0x0000000f)) { -- mismatch: -- ERROR("libssl version mismatch. built: %lx linked: %lx", -- (unsigned long) ssl_built, -- (unsigned long) ssl_linked); -- -- return -1; -- } -- -- /* -- * Use the OpenSSH approach and relax fix checks after version -- * 1.0.0 and only allow moving backwards within a patch -- * series. -- */ -- if (ssl_built & 0xf0000000) { -- if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000) || -- (ssl_built & 0x00000ff0) > (ssl_linked & 0x00000ff0)) goto mismatch; -- /* -- * Before 1.0.0 we require the same major minor and fix version -- * and ignore the patch number. -- */ -- } else if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000)) goto mismatch; -- -+ // noop, since ABI is compatible for SUSE OpenSSL - return 0; - } ++ // noop, since ABI is compatible for SUSE OpenSSL ++ return 0; ++ + long ssl_linked; + ssl_linked = SSLeay(); ++++++ radiusd.service ++++++ --- /var/tmp/diff_new_pack.43cN2d/_old 2020-03-27 16:47:13.347901540 +0100 +++ /var/tmp/diff_new_pack.43cN2d/_new 2020-03-27 16:47:13.347901540 +0100 @@ -5,7 +5,7 @@ [Service] Type=forking PIDFile=/run/radiusd/radiusd.pid -ExecStartPre=-/bin/chown -R radiusd.radiusd /run/radiusd +ExecStartPre=-/bin/chown -R radiusd.radiusd /run/radiusd /var/log/radius ExecStartPre=/usr/sbin/radiusd -C ExecStart=/usr/sbin/radiusd -d /etc/raddb ExecReload=/usr/sbin/radiusd -C
