[freeradius/f18] - fix CVE-2012-3547 freeradius: Stack-based buffer overflow by processing - Add new patch to avoid r
John Dennis
jdennis at fedoraproject.org
Wed Oct 3 21:04:06 UTC 2012
commit f0abc6aa302e0d1b579f557e9ee33e391d7bb393
Author: John Dennis <jdennis at redhat.com>
Date: Wed Oct 3 17:03:21 2012 -0400
- fix CVE-2012-3547 freeradius: Stack-based buffer overflow by processing
- Add new patch to avoid reading .rpmnew, .rpmsave and other invalid
files when loading config files
- Upgrade to new 2.2.0 upstream release
.gitignore | 1 +
freeradius-cert-config.patch | 46 ++---
freeradius-exclude-config-file.patch | 310 ++++++++++++++++++++++++++++++++++
freeradius-man.patch | 260 ----------------------------
freeradius-perl.patch | 65 -------
freeradius-postgres-sql.patch | 11 --
freeradius-unix-passwd-expire.patch | 39 -----
freeradius.spec | 118 ++++++++++++--
sources | 1 +
9 files changed, 436 insertions(+), 415 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 97a00d0..55510b1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@ freeradius-server-2.1.9.tar.bz2
/freeradius-server-2.1.10.tar.bz2
/freeradius-server-2.1.11.tar.bz2
/freeradius-server-2.1.12.tar.bz2
+/freeradius-server-2.2.0.tar.bz2
diff --git a/freeradius-cert-config.patch b/freeradius-cert-config.patch
index 9967a15..93d3950 100644
--- a/freeradius-cert-config.patch
+++ b/freeradius-cert-config.patch
@@ -1,51 +1,42 @@
-diff -r -u freeradius-server-2.1.12.orig/raddb/certs/ca.cnf freeradius-server-2.1.12/raddb/certs/ca.cnf
---- freeradius-server-2.1.12.orig/raddb/certs/ca.cnf 2011-09-07 06:59:21.000000000 -0400
-+++ freeradius-server-2.1.12/raddb/certs/ca.cnf 2011-09-07 10:28:28.000000000 -0400
-@@ -14,9 +14,9 @@
+diff -r -u freeradius-server-2.2.0.orig/raddb/certs/ca.cnf freeradius-server-2.2.0.work/raddb/certs/ca.cnf
+--- freeradius-server-2.2.0.orig/raddb/certs/ca.cnf 2012-09-10 07:51:34.000000000 -0400
++++ freeradius-server-2.2.0.work/raddb/certs/ca.cnf 2012-09-25 15:29:08.792013636 -0400
+@@ -14,7 +14,7 @@
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 365
+default_days = 60
default_crl_days = 30
--default_md = md5
-+default_md = sha1
+ default_md = sha1
preserve = no
- policy = policy_match
-
-diff -r -u freeradius-server-2.1.12.orig/raddb/certs/client.cnf freeradius-server-2.1.12/raddb/certs/client.cnf
---- freeradius-server-2.1.12.orig/raddb/certs/client.cnf 2011-09-07 06:59:21.000000000 -0400
-+++ freeradius-server-2.1.12/raddb/certs/client.cnf 2011-09-07 10:28:28.000000000 -0400
-@@ -14,9 +14,9 @@
+diff -r -u freeradius-server-2.2.0.orig/raddb/certs/client.cnf freeradius-server-2.2.0.work/raddb/certs/client.cnf
+--- freeradius-server-2.2.0.orig/raddb/certs/client.cnf 2012-09-10 07:51:34.000000000 -0400
++++ freeradius-server-2.2.0.work/raddb/certs/client.cnf 2012-09-25 15:29:19.046932303 -0400
+@@ -14,7 +14,7 @@
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 365
+default_days = 60
default_crl_days = 30
--default_md = md5
-+default_md = sha1
+ default_md = sha1
preserve = no
- policy = policy_match
-
-diff -r -u freeradius-server-2.1.12.orig/raddb/certs/server.cnf freeradius-server-2.1.12/raddb/certs/server.cnf
---- freeradius-server-2.1.12.orig/raddb/certs/server.cnf 2011-09-07 06:59:21.000000000 -0400
-+++ freeradius-server-2.1.12/raddb/certs/server.cnf 2011-09-07 10:28:28.000000000 -0400
-@@ -14,9 +14,9 @@
+diff -r -u freeradius-server-2.2.0.orig/raddb/certs/server.cnf freeradius-server-2.2.0.work/raddb/certs/server.cnf
+--- freeradius-server-2.2.0.orig/raddb/certs/server.cnf 2012-09-10 07:51:34.000000000 -0400
++++ freeradius-server-2.2.0.work/raddb/certs/server.cnf 2012-09-25 15:29:26.118877959 -0400
+@@ -14,7 +14,7 @@
RANDFILE = $dir/.rand
name_opt = ca_default
cert_opt = ca_default
-default_days = 365
+default_days = 60
default_crl_days = 30
--default_md = md5
-+default_md = sha1
+ default_md = sha1
preserve = no
- policy = policy_match
-
-diff -r -u freeradius-server-2.1.12.orig/raddb/eap.conf freeradius-server-2.1.12/raddb/eap.conf
---- freeradius-server-2.1.12.orig/raddb/eap.conf 2011-09-07 06:59:21.000000000 -0400
-+++ freeradius-server-2.1.12/raddb/eap.conf 2011-09-07 10:28:28.000000000 -0400
+diff -r -u freeradius-server-2.2.0.orig/raddb/eap.conf freeradius-server-2.2.0.work/raddb/eap.conf
+--- freeradius-server-2.2.0.orig/raddb/eap.conf 2012-09-10 07:51:34.000000000 -0400
++++ freeradius-server-2.2.0.work/raddb/eap.conf 2012-09-25 15:31:17.623971648 -0400
@@ -281,7 +281,11 @@
# for the server to print out an error message,
# and refuse to start.
@@ -59,4 +50,3 @@ diff -r -u freeradius-server-2.1.12.orig/raddb/eap.conf freeradius-server-2.1.12
#
# Elliptical cryptography configuration
-Only in freeradius-server-2.1.12/raddb: eap.conf.orig
diff --git a/freeradius-exclude-config-file.patch b/freeradius-exclude-config-file.patch
new file mode 100644
index 0000000..2710349
--- /dev/null
+++ b/freeradius-exclude-config-file.patch
@@ -0,0 +1,310 @@
+diff -u -r freeradius-server-2.2.0.orig/src/include/libradius.h freeradius-server-2.2.0.configfile/src/include/libradius.h
+--- freeradius-server-2.2.0.orig/src/include/libradius.h 2012-09-10 07:51:34.000000000 -0400
++++ freeradius-server-2.2.0.configfile/src/include/libradius.h 2012-10-03 15:45:13.002106110 -0400
+@@ -416,6 +416,17 @@
+ int fr_sockaddr2ipaddr(const struct sockaddr_storage *sa, socklen_t salen,
+ fr_ipaddr_t *ipaddr, int * port);
+
++int
++str_starts_with(const char *subject, const char *pattern);
++int
++strn_starts_with(const char *subject, const char *pattern, size_t sbj_len, size_t pat_len);
++int
++str_ends_with(const char *subject, const char *pattern);
++int
++strn_ends_with(const char *subject, const char *pattern, size_t sbj_len, size_t pat_len);
++int
++fr_exclude_config_file(const char *basename);
++
+
+ #ifdef ASCEND_BINARY
+ /* filters.c */
+diff -u -r freeradius-server-2.2.0.orig/src/lib/misc.c freeradius-server-2.2.0.configfile/src/lib/misc.c
+--- freeradius-server-2.2.0.orig/src/lib/misc.c 2012-09-10 07:51:34.000000000 -0400
++++ freeradius-server-2.2.0.configfile/src/lib/misc.c 2012-10-03 15:50:27.717357782 -0400
+@@ -28,6 +28,7 @@
+ #include <ctype.h>
+ #include <sys/file.h>
+ #include <fcntl.h>
++#include <string.h>
+
+ int fr_dns_lookups = 0;
+ int fr_debug_flag = 0;
+@@ -650,3 +651,162 @@
+
+ return 1;
+ }
++
++
++/*
++ * Return true if subject starts with pattern, false otherwise.
++ * subject and pattern are NULL terminated strings.
++ */
++int
++str_starts_with(const char *subject, const char *pattern)
++{
++ size_t sbj_len;
++ size_t pat_len;
++
++ pat_len = strlen(pattern);
++ sbj_len = strlen(subject);
++
++ return strn_starts_with(subject, pattern, sbj_len, pat_len);
++}
++
++/*
++ * Return true if subject starts with pattern, false otherwise.
++ * subject and pattern are terminated by their respective length parameters.
++ */
++int
++strn_starts_with(const char *subject, const char *pattern, size_t sbj_len, size_t pat_len)
++{
++ const char *s = NULL;
++ const char *p = NULL;
++ const char *pat_end = NULL;
++
++ if (subject == NULL || pattern == NULL) return 0;
++
++ if (pat_len > sbj_len) return 0;
++
++ pat_end = pattern + pat_len;
++
++ for (p = pattern, s = subject; p < pat_end; p++, s++) {
++ if (*p != *s) return 0;
++ }
++ return 1;
++
++}
++
++/*
++ * Return true if subject starts with pattern, false otherwise.
++ * subject and pattern are NULL terminated strings.
++ */
++int
++str_ends_with(const char *subject, const char *pattern)
++{
++ size_t sbj_len;
++ size_t pat_len;
++
++ pat_len = strlen(pattern);
++ sbj_len = strlen(subject);
++
++ return strn_ends_with(subject, pattern, sbj_len, pat_len);
++}
++
++/*
++ * Return true if subject ends with pattern, false otherwise.
++ * subject and pattern are terminated by their respective length parameters.
++ */
++int
++strn_ends_with(const char *subject, const char *pattern, size_t sbj_len, size_t pat_len)
++{
++ const char *s = NULL;
++ const char *sbj_end = NULL;
++ const char *p = NULL;
++ const char *pat_end = NULL;
++
++ if (subject == NULL || pattern == NULL) return 0;
++
++ if (pat_len > sbj_len) return 0;
++
++ pat_end = pattern + pat_len - 1;
++ sbj_end = subject + sbj_len - 1;
++
++ for (p = pat_end, s = sbj_end; p >= pattern; p--, s--) {
++ if (*p != *s) return 0;
++ }
++ return 1;
++
++}
++
++/*
++ * Tests to see if the basename of a file found in a config directory
++ * should be excluded from being read because it is not a valid config
++ * file. The function returns true if the file basename should be
++ * excluded.
++ *
++ * The following basename's are excluded:
++ *
++ * Any basename beginning with a dot (.)
++ * Any basename beginning with a hash (i.e. pound sign, octothorp) (#)
++ * Any basename ending with a tilde (~)
++ * Any basename ending with the substring ".rpmsave"
++ * Any basename ending with the substring ".rpmnew"
++ * Any basename ending with the substring ".bak"
++ */
++
++#ifdef HAVE_REGEX_H
++#include <regex.h>
++
++/*
++ * Performs test with a regular expression. The regexp is compiled on
++ * first use and then saved in a static variable for future use.
++ */
++
++int
++fr_exclude_config_file(const char *basename)
++{
++ char *pattern = "^\\.|^#|~$|\\.rpmsave$|\\.rpmnew$|\\.bak$";
++ //char *pattern = "*";
++ int status;
++ static regex_t re;
++ static int compiled = 0;
++
++ if (!compiled) {
++ if ((status = regcomp(&re, pattern, REG_NOSUB | REG_EXTENDED)) != 0) {
++ char error_buf[256];
++
++ regerror(status, &re, error_buf, sizeof(error_buf));
++ fprintf(stderr, "fr_exclude_config_file: failed to compile regular expression \"%s\": %s",
++ pattern, error_buf);
++
++ return(0); /* Since we can't perform test, accept all files */
++ }
++ compiled = 1;
++ }
++ status = regexec(&re, basename, (size_t) 0, NULL, 0);
++
++ if (status == 0) {
++ return 1;
++ } else {
++ return 0;
++ }
++}
++
++#else
++
++/*
++ * Performs the test with starts_with and ends_with string utilities.
++ */
++
++int
++fr_exclude_config_file(const char *basename)
++{
++ if (str_starts_with(basename, ".")) return 1;
++ if (str_starts_with(basename, "#")) return 1;
++
++ if (str_ends_with(basename, "~")) return 1;
++ if (str_ends_with(basename, ".rpmsave")) return 1;
++ if (str_ends_with(basename, ".rpmnew")) return 1;
++ if (str_ends_with(basename, ".bak")) return 1;
++
++ return 0;
++}
++
++#endif
+diff -u -r freeradius-server-2.2.0.orig/src/main/client.c freeradius-server-2.2.0.configfile/src/main/client.c
+--- freeradius-server-2.2.0.orig/src/main/client.c 2012-09-10 07:51:34.000000000 -0400
++++ freeradius-server-2.2.0.configfile/src/main/client.c 2012-10-03 15:52:35.351241760 -0400
+@@ -845,13 +845,24 @@
+ }
+
+ /*
+- * Read the directory, ignoring "." files.
++ * Read the directory, ignoring invalid files.
+ */
+ while ((dp = readdir(dir)) != NULL) {
+ const char *p;
+ RADCLIENT *dc;
+
+- if (dp->d_name[0] == '.') continue;
++ /*
++ * Check for invalid file names
++ */
++ if (fr_exclude_config_file(dp->d_name)) {
++ if (!(strcmp(dp->d_name, ".") == 0 ||
++ strcmp(dp->d_name, "..") == 0)) {
++ cf_log_info(cs,
++ "skipping client file, invalid name \"%s/%s\"",
++ value, dp->d_name);
++ }
++ continue;
++ }
+
+ /*
+ * Check for valid characters
+@@ -863,7 +874,12 @@
+ (*p == '.')) continue;
+ break;
+ }
+- if (*p != '\0') continue;
++ if (*p != '\0') {
++ cf_log_info(cs,
++ "skipping client file, invalid characters in name \"%s/%s\"",
++ value, dp->d_name);
++ continue;
++ }
+
+ snprintf(buf2, sizeof(buf2), "%s/%s",
+ value, dp->d_name);
+diff -u -r freeradius-server-2.2.0.orig/src/main/conffile.c freeradius-server-2.2.0.configfile/src/main/conffile.c
+--- freeradius-server-2.2.0.orig/src/main/conffile.c 2012-09-10 07:51:34.000000000 -0400
++++ freeradius-server-2.2.0.configfile/src/main/conffile.c 2012-10-03 15:54:17.465348844 -0400
+@@ -1512,12 +1512,23 @@
+ }
+
+ /*
+- * Read the directory, ignoring "." files.
++ * Read the directory, ignoring invalid files.
+ */
+ while ((dp = readdir(dir)) != NULL) {
+ const char *p;
+
+- if (dp->d_name[0] == '.') continue;
++ /*
++ * Check for invalid file names
++ */
++ if (fr_exclude_config_file(dp->d_name)) {
++ if (!(strcmp(dp->d_name, ".") == 0 ||
++ strcmp(dp->d_name, "..") == 0)) {
++ radlog(L_INFO, "skipping config file, invalid name \"%s%s\"",
++ value, dp->d_name);
++ }
++ continue;
++ }
++
+
+ /*
+ * Check for valid characters
+@@ -1530,7 +1541,11 @@
+ (*p == '.')) continue;
+ break;
+ }
+- if (*p != '\0') continue;
++ if (*p != '\0') {
++ radlog(L_INFO, "skipping config file, invalid characters in name \"%s%s\"",
++ value, dp->d_name);
++ continue;
++ }
+
+ snprintf(buf2, sizeof(buf2), "%s%s",
+ value, dp->d_name);
+diff -u -r freeradius-server-2.2.0.orig/src/modules/rlm_policy/parse.c freeradius-server-2.2.0.configfile/src/modules/rlm_policy/parse.c
+--- freeradius-server-2.2.0.orig/src/modules/rlm_policy/parse.c 2012-09-10 07:51:34.000000000 -0400
++++ freeradius-server-2.2.0.configfile/src/modules/rlm_policy/parse.c 2012-10-03 15:55:29.736715648 -0400
+@@ -1584,13 +1584,22 @@
+ }
+
+ /*
+- * Read the directory, ignoring "." files.
++ * Read the directory, ignoring invalid files.
+ */
+ while ((dp = readdir(dir)) != NULL) {
+ struct stat buf;
+
+- if (dp->d_name[0] == '.') continue;
+- if (strchr(dp->d_name, '~') != NULL) continue;
++ /*
++ * Check for invalid file names
++ */
++ if (fr_exclude_config_file(dp->d_name)) {
++ if (!(strcmp(dp->d_name, ".") == 0 ||
++ strcmp(dp->d_name, "..") == 0)) {
++ fprintf(stderr, "skipping policy file, invalid name \"%s%s\"",
++ buffer, dp->d_name);
++ }
++ continue;
++ }
+
+ strlcpy(p, dp->d_name,
+ sizeof(buffer) - (p - buffer));
diff --git a/freeradius.spec b/freeradius.spec
index 1f18038..8d86511 100644
--- a/freeradius.spec
+++ b/freeradius.spec
@@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server
Name: freeradius
-Version: 2.1.12
-Release: 10%{?dist}
+Version: 2.2.0
+Release: 0%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Daemons
URL: http://www.freeradius.org/
@@ -14,11 +14,8 @@ Source104: %{name}-tmpfiles.conf
Patch1: freeradius-cert-config.patch
Patch2: freeradius-radtest.patch
-Patch3: freeradius-man.patch
-Patch4: freeradius-unix-passwd-expire.patch
-Patch5: freeradius-radeapclient-ipv6.patch
-Patch6: freeradius-postgres-sql.patch
-Patch7: freeradius-perl.patch
+Patch3: freeradius-radeapclient-ipv6.patch
+Patch4: freeradius-exclude-config-file.patch
Obsoletes: freeradius-devel
Obsoletes: freeradius-libs
@@ -152,11 +149,8 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
%setup -q -n freeradius-server-%{version}
%patch1 -p1 -b .cert-config
%patch2 -p1 -b .radtest
-%patch3 -p1 -b .man
-%patch4 -p1 -b unix-passwd-expire
-%patch5 -p1 -b radeapclient-ipv6
-%patch6 -p1 -b postgres-sql
-%patch7 -p1 -b perl
+%patch3 -p1 -b radeapclient-ipv6
+%patch4 -p1 -b exclude-config-file
# Some source files mistakenly have execute permissions set
find $RPM_BUILD_DIR/freeradius-server-%{version} \( -name '*.c' -o -name '*.h' \) -a -perm /0111 -exec chmod a-x {} +
@@ -171,6 +165,7 @@ export CFLAGS="$RPM_OPT_FLAGS -fpic"
%configure \
--libdir=%{_libdir}/freeradius \
--with-system-libtool \
+ --with-system-libltdl \
--disable-ltdl-install \
--with-udpfromto \
--with-gnu-ld \
@@ -353,6 +348,7 @@ exit 0
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/always
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/attr_filter
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/attr_rewrite
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/cache
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/chap
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/checkval
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/counter
@@ -360,6 +356,7 @@ exit 0
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/detail
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/detail.example.com
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/detail.log
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/dhcp_sqlippool
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/digest
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/dynamic_clients
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/echo
@@ -384,6 +381,7 @@ exit 0
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/passwd
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/policy
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/preprocess
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/radrelay
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/radutmp
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/realm
%attr(640,root,radiusd) %config(noreplace) /etc/raddb/modules/redis
@@ -459,6 +457,8 @@ exit 0
%{_libdir}/freeradius/rlm_attr_filter-%{version}.so
%{_libdir}/freeradius/rlm_attr_rewrite.so
%{_libdir}/freeradius/rlm_attr_rewrite-%{version}.so
+%{_libdir}/freeradius/rlm_cache.so
+%{_libdir}/freeradius/rlm_cache-%{version}.so
%{_libdir}/freeradius/rlm_chap.so
%{_libdir}/freeradius/rlm_chap-%{version}.so
%{_libdir}/freeradius/rlm_checkval.so
@@ -601,6 +601,100 @@ exit 0
%{_libdir}/freeradius/rlm_sql_unixodbc-%{version}.so
%changelog
+* Wed Oct 3 2012 John Dennis <jdennis at redhat.com> - 2.2.0-0
+- fix CVE-2012-3547 freeradius: Stack-based buffer overflow by processing
+- Add new patch to avoid reading .rpmnew, .rpmsave and other invalid
+ files when loading config files
+- Upgrade to new 2.2.0 upstream release
+- Upstream changelog for 2.1.12:
+ Feature improvements
+ * 100% configuration file compatible with 2.1.x.
+ The only fix needed is to disallow "hashsize=0" for rlm_passwd
+ * Update Aruba, Alcatel Lucent, APC, BT, PaloAlto, Pureware,
+ Redback, and Mikrotik dictionaries
+ * Switch to using SHA1 for certificate digests instead of MD5.
+ See raddb/certs/*.cnf
+ * Added copyright statements to the dictionaries, so that we know
+ when people are using them.
+ * Better documentation for radrelay and detail file writer.
+ See raddb/modules/radrelay and raddb/radrelay.conf
+ * Added TLS-Cert-Subject-Alt-Name-Email from patch by Luke Howard
+ * Added -F <file> to radwho
+ * Added query timeouts to MySQL driver. Patch from Brian De Wolf.
+ * Add /etc/default/freeradius to debian package.
+ Patch from Matthew Newton
+ * Finalize DHCP and DHCP relay code. It should now work everywhere.
+ See raddb/sites-available/dhcp, src_ipaddr and src_interface.
+ * DHCP capabilitiies are now compiled in by default.
+ It runs as a DHCP server ONLY when manually enabled.
+ * Added one letter expansions: %G - request minute and %I request
+ ID.
+ * Added script to convert ISC DHCP lease files to SQL pools.
+ See scripts/isc2ippool.pl
+ * Added rlm_cache to cache arbitrary attributes.
+ * Added max_use to rlm_ldap to force connection to be re-established
+ after a given number of queries.
+ * Added configtest option to Debian init scripts, and automatic
+ config test on restart.
+ * Added cache config item to rlm_krb5. When set to "no" ticket
+ caching is disabled which may increase performance.
+
+ Bug fixes
+ * Fix CVE-2012-3547. All users of 2.1.10, 2.1.11, 2.1.12,
+ and 802.1X should upgrade immediately.
+ * Fix typo in detail file writer, to skip writing if the packet
+ was read from this detail file.
+ * Free cached replies when closing resumed SSL sessions.
+ * Fix a number of issues found by Coverity.
+ * Fix memory leak and race condition in the EAP-TLS session cache.
+ Thanks to Phil Mayers for tracking down OpenSSL APIs.
+ * Restrict ATTRIBUTE names to character sets that make sense.
+ * Fix EAP-TLS session Id length so that OpenSSL doesn't get
+ excited.
+ * Fix SQL IPPool logic for non-timer attributes. Closes bug #181
+ * Change some informational messages to DEBUG rather than error.
+ * Portability fixes for FreeBSD. Closes bug #177
+ * A much better fix for the _lt__PROGRAM__LTX_preloaded_symbols
+ nonsense.
+ * Safely handle extremely long lines in conf file variable expansion
+ * Fix for Debian bug #606450
+ * Mutex lock around rlm_perl Clone routines. Patch from Eike Dehling
+ * The passwd module no longer permits "hashsize = 0". Setting that
+ is pointless for a host of reasons. It will also break the server.
+ * Fix proxied inner-tunnel packets sometimes having zero authentication
+ vector. Found by Brian Julin.
+ * Added $(EXEEXT) to Makefiles for portability. Closes bug #188.
+ * Fix minor build issue which would cause rlm_eap to be built twice.
+ * When using "status_check=request" for a home server, the username
+ and password must be specified, or the server will not start.
+ * EAP-SIM now calculates keys from the SIM identity, not from the
+ EAP-Identity. Changing the EAP type via NAK may result in
+ identities changing. Bug reported by Microsoft EAP team.
+ * Use home server src_ipaddr when sending Status-Server packets
+ * Decrypt encrypted ERX attributes in CoA packets.
+ * Fix registration of internal xlat's so %{mschap:...} doesn't
+ disappear after a HUP.
+ * Can now reference tagged attributes in expansions.
+ e.g. %{Tunnel-Type:1} and %{Tunnel-Type:1[0]} now work.
+ * Correct calculation of Message-Authenticator for CoA and Disconnect
+ replies. Patch from Jouni Malinen
+ * Install rad_counter, for managing rlm_counter files.
+ * Add unique index constraint to all SQL flavours so that alternate
+ queries work correctly.
+ * The TTLS diameter decoder is now more lenient. It ignores
+ unknown attributes, instead of rejecting the TTLS session.
+ * Use "globfree" in detail file reader. Prevents very slow leak.
+ Closes bug #207.
+ * Operator =~ shouldn't copy the attribute, like :=. It should
+ instead behave more like ==.
+ * Build main Debian package without SQL dependencies
+ * Use max_queue_size in threading code
+ * Update permissions in raddb/sql/postgresql/admin.sql
+ * Added OpenSSL_add_all_algorithms() to fix issues where OpenSSL
+ wouldn't use methods it knew about.
+ * Add more sanity checks in dynamic_clients code so the server won't
+ crash if it attempts to load a badly formated client definition.
+
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1.12-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
diff --git a/sources b/sources
index c9b2a89..032f707 100644
--- a/sources
+++ b/sources
@@ -1 +1,2 @@
862d3a2c11011e61890ba84fa636ed8c freeradius-server-2.1.12.tar.bz2
+0fb333fe6a64eb2b1dd6ef67f7bca119 freeradius-server-2.2.0.tar.bz2
More information about the scm-commits
mailing list