From 9bf49420c8a8321f4d5c7fc81877b1b8c70d14eb Mon Sep 17 00:00:00 2001 From: Nikolai Kondrashov Date: Mar 31 2015 13:08:30 +0000 Subject: Upgrade to upstream v3.0.7 release Resolves: Bug#1133959 --- diff --git a/.gitignore b/.gitignore index 1761974..e93fd66 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ /freeradius-server-3.0.3.tar.bz2 /freeradius-server-3.0.4rc2.tar.bz2 /freeradius-server-3.0.4.tar.bz2 +/freeradius-server-3.0.7.tar.bz2 diff --git a/freeradius-Don-t-overwrite-ip_hton-af-prefix-in-fr_pton4-6.patch b/freeradius-Don-t-overwrite-ip_hton-af-prefix-in-fr_pton4-6.patch deleted file mode 100644 index 71ac3bf..0000000 --- a/freeradius-Don-t-overwrite-ip_hton-af-prefix-in-fr_pton4-6.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 64ee0b30df59857bce8f0efea019d065cf48c54c Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Thu, 18 Dec 2014 22:05:35 +0200 -Subject: [PATCH 2/2] Don't overwrite ip_hton af/prefix in fr_pton4/6 - -Don't overwrite address family and prefix set by ip_hton (which can fall -back onto other address family) with AF_INET/32 and AF_INET6/128, in -fr_pton4 and fr_pton6 respectively. - -This fixes radiusd listening on wrong address data when falling back to -another address family. ---- - src/lib/misc.c | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/lib/misc.c b/src/lib/misc.c -index ad27057..cf49917 100644 ---- a/src/lib/misc.c -+++ b/src/lib/misc.c -@@ -238,6 +238,9 @@ int fr_pton4(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo - * 192.0.2.2 is parsed as if it was /32 - */ - if (!p) { -+ out->prefix = 32; -+ out->af = AF_INET; -+ - /* - * Allow '*' as the wildcard address usually 0.0.0.0 - */ -@@ -258,9 +261,6 @@ int fr_pton4(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo - } - } else if (ip_hton(out, AF_INET, value, fallback) < 0) return -1; - -- out->prefix = 32; -- out->af = AF_INET; -- - return 0; - } - -@@ -338,6 +338,9 @@ int fr_pton6(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo - - p = strchr(value, '/'); - if (!p) { -+ out->prefix = 128; -+ out->af = AF_INET6; -+ - /* - * Allow '*' as the wildcard address - */ -@@ -350,9 +353,6 @@ int fr_pton6(fr_ipaddr_t *out, char const *value, size_t inlen, bool resolve, bo - } - } else if (ip_hton(out, AF_INET6, value, fallback) < 0) return -1; - -- out->prefix = 128; -- out->af = AF_INET6; -- - return 0; - } - --- -2.1.3 - diff --git a/freeradius-Fix-OpenSSL-version-check-issues.patch b/freeradius-Fix-OpenSSL-version-check-issues.patch deleted file mode 100644 index 1f59545..0000000 --- a/freeradius-Fix-OpenSSL-version-check-issues.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 6d296f2c4f3c58742543cc0508642c6d06747aea Mon Sep 17 00:00:00 2001 -From: Arran Cudbard-Bell -Date: Thu, 16 Oct 2014 11:16:57 -0400 -Subject: [PATCH 1/1] Fix OpenSSL version check issues - ---- - src/include/radiusd.h | 4 ++-- - src/main/version.c | 40 ++++++++++++++++++++-------------------- - 2 files changed, 22 insertions(+), 22 deletions(-) - -diff --git a/src/include/radiusd.h b/src/include/radiusd.h -index 53a1f3e..1bf15d7 100644 ---- a/src/include/radiusd.h -+++ b/src/include/radiusd.h -@@ -598,8 +598,8 @@ void pairlist_free(PAIR_LIST **); - /* version.c */ - int rad_check_lib_magic(uint64_t magic); - int ssl_check_consistency(void); --char const *ssl_version_by_num(uint64_t version); --char const *ssl_version_range(uint64_t low, uint64_t high); -+char const *ssl_version_by_num(uint32_t version); -+char const *ssl_version_range(uint32_t low, uint32_t high); - char const *ssl_version(void); - void version(void); - -diff --git a/src/main/version.c b/src/main/version.c -index 8b56ffa..fd97970 100644 ---- a/src/main/version.c -+++ b/src/main/version.c -@@ -38,7 +38,7 @@ static long ssl_built = OPENSSL_VERSION_NUMBER; - /** Check built and linked versions of OpenSSL match - * - * OpenSSL version number consists of: -- * MMNNFFPPS: major minor fix patch status -+ * MNNFFPPS: major minor fix patch status - * - * Where status >= 0 && < 10 means beta, and status 10 means release. - * -@@ -56,11 +56,11 @@ int ssl_check_consistency(void) - /* - * Status mismatch always triggers error. - */ -- if ((ssl_linked & 0x00000000f) != (ssl_built & 0x00000000f)) { -+ if ((ssl_linked & 0x0000000f) != (ssl_built & 0x0000000f)) { - mismatch: - ERROR("libssl version mismatch. built: %lx linked: %lx", -- (unsigned long) ssl_built, -- (unsigned long) ssl_linked); -+ (unsigned long) ssl_built, -+ (unsigned long) ssl_linked); - - return -1; - } -@@ -70,14 +70,14 @@ int ssl_check_consistency(void) - * 1.0.0 and only allow moving backwards within a patch - * series. - */ -- if (ssl_built & 0xff) { -- if ((ssl_built & 0xffff) != (ssl_linked & 0xffff) || -- (ssl_built & 0x0000ff) > (ssl_linked & 0x0000ff)) goto mismatch; -+ if (ssl_built & 0xf00000000) { -+ if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000) || -+ (ssl_built & 0x00000ff0) > (ssl_linked & 0x00000ff0)) goto mismatch; - /* - * Before 1.0.0 we require the same major minor and fix version - * and ignore the patch number. - */ -- } else if ((ssl_built & 0xffffff) != (ssl_linked & 0xffffff)) goto mismatch; -+ } else if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000)) goto mismatch; - - return 0; - } -@@ -89,22 +89,22 @@ int ssl_check_consistency(void) - * @param v version to convert. - * @return pointer to a static buffer containing the version string. - */ --char const *ssl_version_by_num(uint64_t v) -+char const *ssl_version_by_num(uint32_t v) - { - /* 2 (%s) + 1 (.) + 2 (%i) + 1 (.) + 2 (%i) + 1 (c) + 1 (-) + 2 (%i) + \0 */ - static char buffer[13]; - char *p = buffer; - -- p += sprintf(p, "%i.%i.%i", -- (int) ((0xff0000000 & v) >> 28), -- (int) ((0x00ff00000 & v) >> 20), -- (int) ((0x0000ff000 & v) >> 12)); -+ p += sprintf(p, "%u.%u.%u", -+ (0xf0000000 & v) >> 28, -+ (0x0ff00000 & v) >> 20, -+ (0x000ff000 & v) >> 12); - -- if ((0x000000ff0 & v) >> 4) { -- *p++ = (char) (0x60 + ((0x000000ff0 & v) >> 4)); -+ if ((0x00000ff0 & v) >> 4) { -+ *p++ = (char) (0x60 + ((0x00000ff0 & v) >> 4)); - } - -- sprintf(p, "-%i", (int) (0x00000000f & v)); -+ sprintf(p, "%x", 0x0000000f & v); - - return buffer; - } -@@ -117,7 +117,7 @@ char const *ssl_version_by_num(uint64_t v) - * @param high version to convert. - * @return pointer to a static buffer containing the version range string. - */ --char const *ssl_version_range(uint64_t low, uint64_t high) -+char const *ssl_version_range(uint32_t low, uint32_t high) - { - /* 12 (version) + 3 ( - ) + 12 (version) */ - static char buffer[28]; -@@ -141,12 +141,12 @@ char const *ssl_version(void) - { - static char buffer[256]; - -- uint64_t v = (uint64_t) SSLeay(); -+ uint32_t v = SSLeay(); - -- snprintf(buffer, sizeof(buffer), "%s 0x%.9" PRIx64 " (%s)", -+ snprintf(buffer, sizeof(buffer), "%s 0x%.8x (%s)", - SSLeay_version(SSLEAY_VERSION), /* Not all builds include a useful version number */ - v, -- ssl_version_by_num((uint64_t) v)); -+ ssl_version_by_num(v)); - - return buffer; - } --- -2.1.4 - diff --git a/freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch b/freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch deleted file mode 100644 index 3faba7a..0000000 --- a/freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch +++ /dev/null @@ -1,64 +0,0 @@ -From a23dbf402ad466bf41c95da82e58dedc7b615f99 Mon Sep 17 00:00:00 2001 -From: Arran Cudbard-Bell -Date: Mon, 1 Dec 2014 14:15:45 -0500 -Subject: [PATCH 1/2] Resolve to all families on ip_hton fallback - -If we're doing fallback resolution we need to set the address family to -AF_UNSPEC to get both IPv6 and IPv4 addresses - -The af that was passed in, is then used to set the preference ---- - src/lib/misc.c | 25 +++++++++++++------------ - 1 file changed, 13 insertions(+), 12 deletions(-) - -diff --git a/src/lib/misc.c b/src/lib/misc.c -index d0ccd6c..ad27057 100644 ---- a/src/lib/misc.c -+++ b/src/lib/misc.c -@@ -845,7 +845,15 @@ int ip_hton(fr_ipaddr_t *out, int af, char const *hostname, bool fallback) - int rcode; - struct addrinfo hints, *ai = NULL, *alt = NULL, *res = NULL; - -+ /* -+ * Avoid malloc for IP addresses. This helps us debug -+ * memory errors when using talloc. -+ */ -+#ifdef TALLOC_DEBUG -+ if (true) { -+#else - if (!fr_hostname_lookups) { -+#endif - #ifdef HAVE_STRUCT_SOCKADDR_IN6 - if (af == AF_UNSPEC) { - char const *p; -@@ -872,22 +880,15 @@ int ip_hton(fr_ipaddr_t *out, int af, char const *hostname, bool fallback) - } - - memset(&hints, 0, sizeof(hints)); -- hints.ai_family = af; - --#ifdef TALLOC_DEBUG - /* -- * Avoid malloc for IP addresses. This helps us debug -- * memory errors when using talloc. -+ * If we're falling back we need both IPv4 and IPv6 records - */ -- if (af == AF_INET) { -- /* -- * If it's all numeric, avoid getaddrinfo() -- */ -- if (inet_pton(af, hostname, &out->ipaddr.ip4addr) == 1) { -- return 0; -- } -+ if (fallback) { -+ hints.ai_family = AF_UNSPEC; -+ } else { -+ hints.ai_family = af; - } --#endif - - if ((rcode = getaddrinfo(hostname, NULL, &hints, &res)) != 0) { - fr_strerror_printf("ip_hton: %s", gai_strerror(rcode)); --- -2.1.3 - diff --git a/freeradius-access-union-consistently.patch b/freeradius-access-union-consistently.patch deleted file mode 100644 index 5e65d6e..0000000 --- a/freeradius-access-union-consistently.patch +++ /dev/null @@ -1,401 +0,0 @@ -From 5e8a69d547461c757abe2870ecbff2aa7a1fea55 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Wed, 1 Oct 2014 11:51:51 -0400 -Subject: [PATCH 2/4] Access union value_data members consistently - -Use the same, appropriate union value_data member for each access of -BOOLEAN, BYTE and SHORT PW_TYPEs, without assuming they're -interchangeable with "integer", as that is only true on little-endian -architectures. - -This fixes at least this wimax unit test failure on s390x and ppc64: - - Mismatch in line 11 of src/tests/unit/wimax.txt, got: 1a 0c 00 00 60 b5 01 06 00 02 03 00 expected: 1a 0c 00 00 60 b5 01 06 00 02 03 01 ---- - src/lib/print.c | 56 ++++++++++++------ - src/lib/radius.c | 8 +-- - src/lib/valuepair.c | 83 +++++++++++++++++++-------- - src/main/evaluate.c | 4 +- - src/main/valuepair.c | 4 ++ - src/main/xlat.c | 4 +- - src/modules/rlm_couchbase/mod.c | 17 +++++- - src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c | 4 +- - 8 files changed, 128 insertions(+), 52 deletions(-) - -diff --git a/src/lib/print.c b/src/lib/print.c -index 67263bc..fc1ae42 100644 ---- a/src/lib/print.c -+++ b/src/lib/print.c -@@ -314,6 +314,7 @@ size_t vp_data_prints_value(char *out, size_t outlen, - char const *a = NULL; - time_t t; - struct tm s_tm; -+ unsigned int i; - - size_t len = 0, freespace = outlen; - -@@ -365,15 +366,24 @@ size_t vp_data_prints_value(char *out, size_t outlen, - return fr_print_string(data->strvalue, data_len, out, outlen); - - case PW_TYPE_INTEGER: -- case PW_TYPE_BYTE: -+ i = data->integer; -+ goto print_int; -+ - case PW_TYPE_SHORT: -+ i = data->ushort; -+ goto print_int; -+ -+ case PW_TYPE_BYTE: -+ i = data->byte; -+ -+print_int: - /* Normal, non-tagged attribute */ -- if ((v = dict_valbyattr(da->attr, da->vendor, data->integer)) != NULL) { -+ if ((v = dict_valbyattr(da->attr, da->vendor, i)) != NULL) { - a = v->name; - len = strlen(a); - } else { - /* should never be truncated */ -- len = snprintf(buf, sizeof(buf), "%u", data->integer); -+ len = snprintf(buf, sizeof(buf), "%u", i); - a = buf; - } - break; -@@ -590,12 +600,20 @@ size_t vp_prints_value_json(char *out, size_t outlen, VALUE_PAIR const *vp) - if (!vp->da->flags.has_tag) { - switch (vp->da->type) { - case PW_TYPE_INTEGER: -- case PW_TYPE_BYTE: -- case PW_TYPE_SHORT: - if (vp->da->flags.has_value) break; - - return snprintf(out, freespace, "%u", vp->vp_integer); - -+ case PW_TYPE_SHORT: -+ if (vp->da->flags.has_value) break; -+ -+ return snprintf(out, freespace, "%u", (unsigned int) vp->vp_short); -+ -+ case PW_TYPE_BYTE: -+ if (vp->da->flags.has_value) break; -+ -+ return snprintf(out, freespace, "%u", (unsigned int) vp->vp_byte); -+ - case PW_TYPE_SIGNED: - return snprintf(out, freespace, "%d", vp->vp_signed); - -@@ -834,6 +852,8 @@ void vp_printlist(FILE *fp, VALUE_PAIR const *vp) - char *vp_aprint_value(TALLOC_CTX *ctx, VALUE_PAIR const *vp, bool escape) - { - char *p; -+ unsigned int i; -+ DICT_VALUE const *dv; - - switch (vp->da->type) { - case PW_TYPE_STRING: -@@ -860,19 +880,23 @@ char *vp_aprint_value(TALLOC_CTX *ctx, VALUE_PAIR const *vp, bool escape) - break; - } - -- case PW_TYPE_BYTE: -- case PW_TYPE_SHORT: - case PW_TYPE_INTEGER: -- { -- DICT_VALUE *dv; -+ i = vp->vp_integer; -+ goto print_int; - -- dv = dict_valbyattr(vp->da->attr, vp->da->vendor, -- vp->vp_integer); -- if (dv) { -- p = talloc_typed_strdup(ctx, dv->name); -- } else { -- p = talloc_typed_asprintf(ctx, "%u", vp->vp_integer); -- } -+ case PW_TYPE_SHORT: -+ i = vp->vp_short; -+ goto print_int; -+ -+ case PW_TYPE_BYTE: -+ i = vp->vp_byte; -+ -+ print_int: -+ dv = dict_valbyattr(vp->da->attr, vp->da->vendor, i); -+ if (dv) { -+ p = talloc_typed_strdup(ctx, dv->name); -+ } else { -+ p = talloc_typed_asprintf(ctx, "%u", i); - } - break; - -diff --git a/src/lib/radius.c b/src/lib/radius.c -index 0a40682..aabc545 100644 ---- a/src/lib/radius.c -+++ b/src/lib/radius.c -@@ -3984,18 +3984,18 @@ ssize_t rad_vp2data(uint8_t const **out, VALUE_PAIR const *vp) - } - - case PW_TYPE_BOOLEAN: -- buffer[0] = vp->vp_integer & 0x01; -+ buffer[0] = vp->vp_byte & 0x01; - *out = buffer; - break; - - case PW_TYPE_BYTE: -- buffer[0] = vp->vp_integer & 0xff; -+ buffer[0] = vp->vp_byte & 0xff; - *out = buffer; - break; - - case PW_TYPE_SHORT: -- buffer[0] = (vp->vp_integer >> 8) & 0xff; -- buffer[1] = vp->vp_integer & 0xff; -+ buffer[0] = (vp->vp_short >> 8) & 0xff; -+ buffer[1] = vp->vp_short & 0xff; - *out = buffer; - break; - -diff --git a/src/lib/valuepair.c b/src/lib/valuepair.c -index 9dcae70..7d6ee88 100644 ---- a/src/lib/valuepair.c -+++ b/src/lib/valuepair.c -@@ -1369,65 +1369,100 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value, size_t inlen) - case PW_TYPE_BYTE: - { - char *p; -- vp->length = 1; -+ unsigned int i; - - /* - * Note that ALL integers are unsigned! - */ -- vp->vp_integer = fr_strtoul(value, &p); -- if (!*p) { -- if (vp->vp_integer > 255) { -+ i = fr_strtoul(value, &p); -+ -+ /* -+ * Look for the named value for the given -+ * attribute. -+ */ -+ if (*p && !is_whitespace(p)) { -+ if ((dval = dict_valbyname(vp->da->attr, vp->da->vendor, value)) == NULL) { -+ fr_strerror_printf("Unknown value '%s' for attribute '%s'", value, vp->da->name); -+ return -1; -+ } -+ -+ vp->vp_byte = dval->value; -+ } else { -+ if (i > 255) { - fr_strerror_printf("Byte value \"%s\" is larger than 255", value); - return -1; - } -- break; -+ -+ vp->vp_byte = i; - } -- if (is_whitespace(p)) break; -+ -+ vp->length = 1; -+ break; - } -- goto check_for_value; - - case PW_TYPE_SHORT: - { - char *p; -+ unsigned int i; - - /* - * Note that ALL integers are unsigned! - */ -- vp->vp_integer = fr_strtoul(value, &p); -- vp->length = 2; -- if (!*p) { -- if (vp->vp_integer > 65535) { -- fr_strerror_printf("Byte value \"%s\" is larger than 65535", value); -+ i = fr_strtoul(value, &p); -+ -+ /* -+ * Look for the named value for the given -+ * attribute. -+ */ -+ if (*p && !is_whitespace(p)) { -+ if ((dval = dict_valbyname(vp->da->attr, vp->da->vendor, value)) == NULL) { -+ fr_strerror_printf("Unknown value '%s' for attribute '%s'", value, vp->da->name); - return -1; - } -- break; -+ -+ vp->vp_short = dval->value; -+ } else { -+ if (i > 65535) { -+ fr_strerror_printf("Short value \"%s\" is larger than 65535", value); -+ return -1; -+ } -+ -+ vp->vp_short = i; - } -- if (is_whitespace(p)) break; -+ -+ vp->length = 2; -+ break; - } -- goto check_for_value; - - case PW_TYPE_INTEGER: - { - char *p; -+ unsigned int i; - - /* - * Note that ALL integers are unsigned! - */ -- vp->vp_integer = fr_strtoul(value, &p); -- vp->length = 4; -- if (!*p) break; -- if (is_whitespace(p)) break; -+ i = fr_strtoul(value, &p); - -- check_for_value: - /* - * Look for the named value for the given - * attribute. - */ -- if ((dval = dict_valbyname(vp->da->attr, vp->da->vendor, value)) == NULL) { -- fr_strerror_printf("Unknown value '%s' for attribute '%s'", value, vp->da->name); -- return -1; -+ if (*p && !is_whitespace(p)) { -+ if ((dval = dict_valbyname(vp->da->attr, vp->da->vendor, value)) == NULL) { -+ fr_strerror_printf("Unknown value '%s' for attribute '%s'", value, vp->da->name); -+ return -1; -+ } -+ -+ vp->vp_integer = dval->value; -+ } else { -+ /* -+ * Value is always within the limits -+ */ -+ vp->vp_integer = i; - } -- vp->vp_integer = dval->value; -+ -+ vp->length = 4; - } - break; - -diff --git a/src/main/evaluate.c b/src/main/evaluate.c -index 5cf597d..a100c70 100644 ---- a/src/main/evaluate.c -+++ b/src/main/evaluate.c -@@ -485,11 +485,11 @@ static int do_cast_copy(VALUE_PAIR *dst, VALUE_PAIR const *src) - break; - - case PW_TYPE_SHORT: -- dst->vp_integer = ntohs(*(uint16_t const *) src->vp_octets); -+ dst->vp_short = ntohs(*(uint16_t const *) src->vp_octets); - break; - - case PW_TYPE_BYTE: -- dst->vp_integer = src->vp_octets[0]; -+ dst->vp_byte = src->vp_octets[0]; - break; - - default: -diff --git a/src/main/valuepair.c b/src/main/valuepair.c -index dc2bfc7..2dd517a 100644 ---- a/src/main/valuepair.c -+++ b/src/main/valuepair.c -@@ -180,7 +180,11 @@ int radius_compare_vps(UNUSED REQUEST *request, VALUE_PAIR *check, VALUE_PAIR *v - break; - - case PW_TYPE_BYTE: -+ ret = vp->vp_byte - check->vp_byte; -+ break; - case PW_TYPE_SHORT: -+ ret = vp->vp_short - check->vp_short; -+ break; - case PW_TYPE_INTEGER: - ret = vp->vp_integer - check->vp_integer; - break; -diff --git a/src/main/xlat.c b/src/main/xlat.c -index f2c8aff..a069919 100644 ---- a/src/main/xlat.c -+++ b/src/main/xlat.c -@@ -177,9 +177,11 @@ static ssize_t xlat_integer(UNUSED void *instance, REQUEST *request, - - case PW_TYPE_INTEGER: - case PW_TYPE_DATE: -+ return snprintf(out, outlen, "%u", vp->vp_integer); - case PW_TYPE_BYTE: -+ return snprintf(out, outlen, "%u", (unsigned int) vp->vp_byte); - case PW_TYPE_SHORT: -- return snprintf(out, outlen, "%u", vp->vp_integer); -+ return snprintf(out, outlen, "%u", (unsigned int) vp->vp_short); - - /* - * Ethernet is weird... It's network related, so we assume to it should be -diff --git a/src/modules/rlm_couchbase/mod.c b/src/modules/rlm_couchbase/mod.c -index cc14677..36406a0 100644 ---- a/src/modules/rlm_couchbase/mod.c -+++ b/src/modules/rlm_couchbase/mod.c -@@ -296,22 +296,33 @@ json_object *mod_value_pair_to_json_object(REQUEST *request, VALUE_PAIR *vp) - - /* add this attribute/value pair to our json output */ - if (!vp->da->flags.has_tag) { -+ unsigned int i; -+ - switch (vp->da->type) { - case PW_TYPE_INTEGER: -- case PW_TYPE_BYTE: -+ i = vp->vp_integer; -+ goto print_int; -+ - case PW_TYPE_SHORT: -+ i = vp->vp_short; -+ goto print_int; -+ -+ case PW_TYPE_BYTE: -+ i = vp->vp_byte; -+ -+ print_int: - /* skip if we have flags */ - if (vp->da->flags.has_value) break; - #ifdef HAVE_JSON_OBJECT_NEW_INT64 - /* debug */ - RDEBUG3("creating new int64 for unsigned 32 bit int/byte/short '%s'", vp->da->name); - /* return as 64 bit int - JSON spec does not support unsigned ints */ -- return json_object_new_int64(vp->vp_integer); -+ return json_object_new_int64(i); - #else - /* debug */ - RDEBUG3("creating new int for unsigned 32 bit int/byte/short '%s'", vp->da->name); - /* return as 64 bit int - JSON spec does not support unsigned ints */ -- return json_object_new_int(vp->vp_integer); -+ return json_object_new_int(i); - #endif - break; - case PW_TYPE_SIGNED: -diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c -index 152f4ca..55e8e14 100644 ---- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c -+++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c -@@ -325,12 +325,12 @@ static VALUE_PAIR *diameter2vp(REQUEST *request, REQUEST *fake, SSL *ssl, - - case PW_TYPE_BYTE: - if (size != vp->length) goto raw; -- vp->vp_integer = data[0]; -+ vp->vp_byte = data[0]; - break; - - case PW_TYPE_SHORT: - if (size != vp->length) goto raw; -- vp->vp_integer = (data[0] * 256) + data[1]; -+ vp->vp_short = (data[0] * 256) + data[1]; - break; - - case PW_TYPE_SIGNED: --- -2.1.0 - diff --git a/freeradius-add-P-option-to-radtest-synopsis.patch b/freeradius-add-P-option-to-radtest-synopsis.patch deleted file mode 100644 index eadcf33..0000000 --- a/freeradius-add-P-option-to-radtest-synopsis.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 50d13805262202627e0a8494508202d21a86c18b Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Mon, 27 Oct 2014 16:24:09 +0200 -Subject: [PATCH 2/2] man: Add -P option to radtest synopsis - -Add "-P" option to radtest's manpage SYNOPSIS to make it match the -OPTIONS section. ---- - man/man1/radtest.1 | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/man/man1/radtest.1 b/man/man1/radtest.1 -index 587870c..b318477 100644 ---- a/man/man1/radtest.1 -+++ b/man/man1/radtest.1 -@@ -5,6 +5,8 @@ radtest - send packets to a RADIUS server, show reply - .B radtest - .RB [ \-d - .IR raddb_directory ] -+.RB [ \-P -+.IR tcp/udp ] - .RB [ \-t - .IR pap/chap/mschap/eap-md5 ] - .RB [ \-x --- -2.1.1 - diff --git a/freeradius-add-disable-openssl-version-check.patch b/freeradius-add-disable-openssl-version-check.patch deleted file mode 100644 index ec5a92e..0000000 --- a/freeradius-add-disable-openssl-version-check.patch +++ /dev/null @@ -1,258 +0,0 @@ -From 10636fbfd51320c8ca8b40651bf3e959211ca921 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Tue, 21 Oct 2014 18:30:05 +0300 -Subject: [PATCH 1/1] Add --disable-openssl-version-check option - -Add "--disable-openssl-version-check" configure option, which removes -checking for vulnerable OpenSSL versions. It is supposed to be used by -downstream packagers and distributions who have other means to ensure -vulnerabilities are fixed, such as versioned package dependencies and -vulnerability handling processes. - -This avoids the necessity of editing radiusd.conf on package upgrade to -make sure it keeps working. At the same time, it provides safe default -to those installing FreeRADIUS from source. ---- - configure | 30 ++++++++++++++++++++++++++++++ - configure.ac | 26 ++++++++++++++++++++++++++ - raddb/radiusd.conf.in | 10 +--------- - src/include/autoconf.h.in | 3 +++ - src/include/radiusd.h | 2 ++ - src/include/tls-h | 2 ++ - src/main/mainconfig.c | 2 ++ - src/main/radiusd.c | 2 ++ - src/main/tls.c | 4 ++++ - 9 files changed, 72 insertions(+), 9 deletions(-) - -diff --git a/configure b/configure -index 1b54efd..addfeba 100755 ---- a/configure -+++ b/configure -@@ -652,6 +652,7 @@ RUSERS - SNMPWALK - SNMPGET - PERL -+openssl_version_check_config - modconfdir - dictdir - raddbdir -@@ -754,6 +755,7 @@ with_rlm_FOO_include_dir - with_openssl - with_openssl_lib_dir - with_openssl_include_dir -+enable_openssl_version_check - with_talloc_lib_dir - with_talloc_include_dir - with_pcap_lib_dir -@@ -1396,6 +1398,9 @@ Optional Features: - --disable-largefile omit support for large files - --enable-strict-dependencies fail configure on lack of module dependancy. - --enable-werror causes the build to fail if any warnings are generated. -+ --disable-openssl-version-check -+ disable vulnerable OpenSSL version check -+ - - Optional Packages: - --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] -@@ -5430,6 +5435,31 @@ if test "${with_openssl_include_dir+set}" = set; then : - fi - - -+# Check whether --enable-openssl-version-check was given. -+if test "${enable_openssl_version_check+set}" = set; then : -+ enableval=$enable_openssl_version_check; -+fi -+ -+if test "x$enable_openssl_version_check" != "xno"; then -+ -+$as_echo "#define ENABLE_OPENSSL_VERSION_CHECK 1" >>confdefs.h -+ -+ openssl_version_check_config="\ -+ # -+ # allow_vulnerable_openssl: Allow the server to start with -+ # versions of OpenSSL known to have critical vulnerabilities. -+ # -+ # This check is based on the version number reported by libssl -+ # and may not reflect patches applied to libssl by -+ # distribution maintainers. -+ # -+ allow_vulnerable_openssl = no" -+else -+ openssl_version_check_config= -+fi -+ -+ -+ - - CHECKRAD=checkrad - # Extract the first word of "perl", so it can be a program name with args. -diff --git a/configure.ac b/configure.ac -index 30b226b..b223505 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -576,6 +576,32 @@ AC_ARG_WITH(openssl-include-dir, - esac ] - ) - -+dnl # -+dnl # extra argument: --disable-openssl-version-check -+dnl # -+AC_ARG_ENABLE(openssl-version-check, -+[AS_HELP_STRING([--disable-openssl-version-check], -+ [disable vulnerable OpenSSL version check])] -+) -+if test "x$enable_openssl_version_check" != "xno"; then -+ AC_DEFINE(ENABLE_OPENSSL_VERSION_CHECK, [1], -+ [Define to 1 to have OpenSSL version check enabled]) -+ openssl_version_check_config="\ -+ # -+ # allow_vulnerable_openssl: Allow the server to start with -+ # versions of OpenSSL known to have critical vulnerabilities. -+ # -+ # This check is based on the version number reported by libssl -+ # and may not reflect patches applied to libssl by -+ # distribution maintainers. -+ # -+ allow_vulnerable_openssl = no" -+else -+ openssl_version_check_config= -+fi -+AC_SUBST([openssl_version_check_config]) -+ -+ - dnl ############################################################# - dnl # - dnl # 1. Checks for programs -diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in -index 307ae10..0e1ff46 100644 ---- a/raddb/radiusd.conf.in -+++ b/raddb/radiusd.conf.in -@@ -475,15 +475,7 @@ security { - # - status_server = yes - -- # -- # allow_vulnerable_openssl: Allow the server to start with -- # versions of OpenSSL known to have critical vulnerabilities. -- # -- # This check is based on the version number reported by libssl -- # and may not reflect patches applied to libssl by -- # distribution maintainers. -- # -- allow_vulnerable_openssl = no -+@openssl_version_check_config@ - } - - # PROXY CONFIGURATION -diff --git a/src/include/autoconf.h.in b/src/include/autoconf.h.in -index c313bca..f500049 100644 ---- a/src/include/autoconf.h.in -+++ b/src/include/autoconf.h.in -@@ -9,6 +9,9 @@ - /* style of ctime_r function */ - #undef CTIMERSTYLE - -+/* Define to 1 to have OpenSSL version check enabled */ -+#undef ENABLE_OPENSSL_VERSION_CHECK -+ - /* style of gethostbyaddr_r functions */ - #undef GETHOSTBYADDRRSTYLE - -diff --git a/src/include/radiusd.h b/src/include/radiusd.h -index ebe3a21..1ec6959 100644 ---- a/src/include/radiusd.h -+++ b/src/include/radiusd.h -@@ -437,7 +437,9 @@ typedef struct main_config_t { - #endif - uint32_t reject_delay; - bool status_server; -+#ifdef ENABLE_OPENSSL_VERSION_CHECK - char const *allow_vulnerable_openssl; -+#endif - - uint32_t max_request_time; - uint32_t cleanup_delay; -diff --git a/src/include/tls-h b/src/include/tls-h -index ade93d5..1418ea2 100644 ---- a/src/include/tls-h -+++ b/src/include/tls-h -@@ -295,7 +295,9 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx); - - /* TLS */ - void tls_global_init(void); -+#ifdef ENABLE_OPENSSL_VERSION_CHECK - int tls_global_version_check(char const *acknowledged); -+#endif - void tls_global_cleanup(void); - tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQUEST *request, bool client_cert); - tls_session_t *tls_new_client_session(fr_tls_server_conf_t *conf, int fd); -diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c -index cf1eea5..76979ad 100644 ---- a/src/main/mainconfig.c -+++ b/src/main/mainconfig.c -@@ -99,7 +99,9 @@ static const CONF_PARSER security_config[] = { - { "max_attributes", FR_CONF_POINTER(PW_TYPE_INTEGER, &fr_max_attributes), STRINGIFY(0) }, - { "reject_delay", FR_CONF_POINTER(PW_TYPE_INTEGER, &main_config.reject_delay), STRINGIFY(0) }, - { "status_server", FR_CONF_POINTER(PW_TYPE_BOOLEAN, &main_config.status_server), "no"}, -+#ifdef ENABLE_OPENSSL_VERSION_CHECK - { "allow_vulnerable_openssl", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.allow_vulnerable_openssl), "no"}, -+#endif - { NULL, -1, 0, NULL, NULL } - }; - -diff --git a/src/main/radiusd.c b/src/main/radiusd.c -index 620d7d4..fe8057d 100644 ---- a/src/main/radiusd.c -+++ b/src/main/radiusd.c -@@ -359,10 +359,12 @@ int main(int argc, char *argv[]) - - /* Check for vulnerabilities in the version of libssl were linked against */ - #ifdef HAVE_OPENSSL_CRYPTO_H -+#ifdef ENABLE_OPENSSL_VERSION_CHECK - if (tls_global_version_check(main_config.allow_vulnerable_openssl) < 0) { - exit(EXIT_FAILURE); - } - #endif -+#endif - - /* - * Load the modules -diff --git a/src/main/tls.c b/src/main/tls.c -index 542ce69..42b538c 100644 ---- a/src/main/tls.c -+++ b/src/main/tls.c -@@ -51,6 +51,7 @@ USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */ - #include - #endif - -+#ifdef ENABLE_OPENSSL_VERSION_CHECK - typedef struct libssl_defect { - uint64_t high; - uint64_t low; -@@ -71,6 +72,7 @@ static libssl_defect_t libssl_defects[] = - .comment = "For more information see http://heartbleed.com" - } - }; -+#endif - - /* record */ - static void record_init(record_t *buf); -@@ -2063,6 +2065,7 @@ void tls_global_init(void) - OPENSSL_config(NULL); - } - -+#ifdef ENABLE_OPENSSL_VERSION_CHECK - /** Check for vulnerable versions of libssl - * - * @param acknowledged The highest CVE number a user has confirmed is not present in the system's libssl. -@@ -2101,6 +2104,7 @@ int tls_global_version_check(char const *acknowledged) - - return 0; - } -+#endif - - /** Free any memory alloced by libssl - * --- -2.1.1 - diff --git a/freeradius-added-D-option-to-mirror-radclient.patch b/freeradius-added-D-option-to-mirror-radclient.patch deleted file mode 100644 index 1e14f15..0000000 --- a/freeradius-added-D-option-to-mirror-radclient.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 08700ea8b1f3a1ace01d294548f3ba2391cc06ab Mon Sep 17 00:00:00 2001 -From: "Alan T. DeKok" -Date: Sun, 2 Nov 2014 14:44:32 -0500 -Subject: [PATCH 1/1] Added -D option to mirror radclient - ---- - src/modules/proto_dhcp/dhcpclient.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/src/modules/proto_dhcp/dhcpclient.c b/src/modules/proto_dhcp/dhcpclient.c -index ac52ffd..3bce4b3 100644 ---- a/src/modules/proto_dhcp/dhcpclient.c -+++ b/src/modules/proto_dhcp/dhcpclient.c -@@ -73,6 +73,7 @@ static void NEVER_RETURNS usage(void) - - fprintf(stderr, " One of discover, request, offer, decline, release, inform.\n"); - fprintf(stderr, " -d Set the directory where the dictionaries are stored (defaults to " RADDBDIR ").\n"); -+ fprintf(stderr, " -D Set main dictionary directory (defaults to " DICTDIR ").\n"); - fprintf(stderr, " -f Read packets from file, not stdin.\n"); - fprintf(stderr, " -t Wait 'timeout' seconds for a reply (may be a floating point number).\n"); - fprintf(stderr, " -v Show program version information.\n"); -@@ -270,7 +271,11 @@ int main(int argc, char **argv) - - fr_debug_flag = 0; - -- while ((c = getopt(argc, argv, "d:f:hr:t:vx")) != EOF) switch(c) { -+ while ((c = getopt(argc, argv, "d:D:f:hr:t:vx")) != EOF) switch(c) { -+ case 'D': -+ dict_dir = optarg; -+ break; -+ - case 'd': - radius_dir = optarg; - break; --- -2.1.3 - diff --git a/freeradius-connection-fall-through-to-global-module-triggers.patch b/freeradius-connection-fall-through-to-global-module-triggers.patch deleted file mode 100644 index a2c1156..0000000 --- a/freeradius-connection-fall-through-to-global-module-triggers.patch +++ /dev/null @@ -1,280 +0,0 @@ -From 132992fe92d53d62499d8c4672feafe210efc573 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Fri, 24 Oct 2014 14:37:11 +0300 -Subject: [PATCH 4/4] connection: Fall through to global module triggers - -Make module connection pool triggers use global module trigger -configuration, if there is no "trigger" section in the pool section. - -Use fully-qualified module-specific trigger names for module-specific -connection pools in connection.c. - -E.g. trigger "modules.ldap.open", instead of just "open" for pools -initialized with fr_connection_pool_module_init, being passed "ldap" -config section. - -Send triggers even if the pool has no "trigger" section. - -This makes exec_trigger fall through to global module triggers, if the -pool configuration doesn't have the "trigger" section. ---- - src/include/connection.h | 3 +- - src/main/connection.c | 81 ++++++++++++++++++++++++++++++------------------ - 2 files changed, 53 insertions(+), 31 deletions(-) - -diff --git a/src/include/connection.h b/src/include/connection.h -index e3752d5..eaf44e8 100644 ---- a/src/include/connection.h -+++ b/src/include/connection.h -@@ -81,7 +81,8 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent, - void *opaque, - fr_connection_create_t c, - fr_connection_alive_t a, -- char const *prefix); -+ char const *log_prefix, -+ char const *trigger_prefix); - void fr_connection_pool_delete(fr_connection_pool_t *pool); - - void *fr_connection_get(fr_connection_pool_t *pool); -diff --git a/src/main/connection.c b/src/main/connection.c -index 5f0c8f6..aec4f9d 100644 ---- a/src/main/connection.c -+++ b/src/main/connection.c -@@ -110,10 +110,6 @@ struct fr_connection_pool_t { - uint32_t idle_timeout; //!< How long a connection can be idle - //!< before being closed. - -- bool trigger; //!< If true execute connection triggers -- //!< associated with the connection -- //!< pool. -- - bool spread; //!< If true requests will be spread - //!< across all connections, instead of - //!< re-using the most recently used -@@ -158,6 +154,11 @@ struct fr_connection_pool_t { - //!< messages created by the connection - //!< pool code. - -+ char const *trigger_prefix; //!< Prefix to prepend to -+ //!< names of all triggers -+ //!< fired by the connection -+ //!< pool code. -+ - fr_connection_create_t create; //!< Function used to create new - //!< connections. - fr_connection_alive_t alive; //!< Function used to check status -@@ -271,6 +272,20 @@ static void fr_connection_link_tail(fr_connection_pool_t *pool, - } - } - -+/** Send a connection pool trigger. -+ * -+ * @param[in] pool to send trigger for. -+ * @param[in] name_suffix trigger name suffix. -+ */ -+static void fr_connection_exec_trigger(fr_connection_pool_t *pool, -+ char const *name_suffix) -+{ -+ char name[64]; -+ rad_assert(pool != NULL); -+ rad_assert(name_suffix != NULL); -+ snprintf(name, sizeof(name), "%s%s", pool->trigger_prefix, name_suffix); -+ exec_trigger(NULL, pool->cs, name, true); -+} - - /** Spawns a new connection - * -@@ -403,7 +418,7 @@ static fr_connection_t *fr_connection_spawn(fr_connection_pool_t *pool, - - pthread_mutex_unlock(&pool->mutex); - -- if (pool->trigger) exec_trigger(NULL, pool->cs, "open", true); -+ fr_connection_exec_trigger(pool, "open"); - - return this; - } -@@ -436,7 +451,7 @@ static void fr_connection_close(fr_connection_pool_t *pool, - pool->active--; - } - -- if (pool->trigger) exec_trigger(NULL, pool->cs, "close", true); -+ fr_connection_exec_trigger(pool, "close"); - - fr_connection_unlink(pool, this); - rad_assert(pool->num > 0); -@@ -542,7 +557,7 @@ void fr_connection_pool_delete(fr_connection_pool_t *pool) - fr_connection_close(pool, this); - } - -- if (pool->trigger) exec_trigger(NULL, pool->cs, "stop", true); -+ fr_connection_exec_trigger(pool, "stop"); - - rad_assert(pool->head == NULL); - rad_assert(pool->tail == NULL); -@@ -559,33 +574,36 @@ void fr_connection_pool_delete(fr_connection_pool_t *pool) - * @param[in] opaque data pointer to pass to callbacks. - * @param[in] c Callback to create new connections. - * @param[in] a Callback to check the status of connections. -- * @param[in] prefix override, if NULL will be set automatically from the module CONF_SECTION. -+ * @param[in] log_prefix override, if NULL will be set automatically from the module CONF_SECTION. - * @return A new connection pool or NULL on error. - */ - fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, - void *opaque, - fr_connection_create_t c, - fr_connection_alive_t a, -- char const *prefix) -+ char const *log_prefix) - { - CONF_SECTION *cs, *mycs; - char buff[128]; -+ char trigger_prefix[64]; - - fr_connection_pool_t *pool; -+ char const *cs_name1, *cs_name2; - - int ret; - - #define CONNECTION_POOL_CF_KEY "connection_pool" - #define parent_name(_x) cf_section_name(cf_item_parent(cf_sectiontoitem(_x))) - -- if (!prefix) { -- char const *cs_name1, *cs_name2; -- cs_name1 = cf_section_name1(module); -- cs_name2 = cf_section_name2(module); -- if (!cs_name2) cs_name2 = cs_name1; -+ cs_name1 = cf_section_name1(module); -+ cs_name2 = cf_section_name2(module); -+ if (!cs_name2) cs_name2 = cs_name1; -+ -+ snprintf(trigger_prefix, sizeof(trigger_prefix), "modules.%s.", cs_name1); - -+ if (!log_prefix) { - snprintf(buff, sizeof(buff), "rlm_%s (%s)", cs_name1, cs_name2); -- prefix = buff; -+ log_prefix = buff; - } - - /* -@@ -597,11 +615,11 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, - return NULL; - - case 1: -- DEBUG4("%s: Using pool section from \"%s\"", prefix, parent_name(cs)); -+ DEBUG4("%s: Using pool section from \"%s\"", log_prefix, parent_name(cs)); - break; - - case 0: -- DEBUG4("%s: Using local pool section", prefix); -+ DEBUG4("%s: Using local pool section", log_prefix); - break; - } - -@@ -610,7 +628,7 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, - */ - mycs = cf_section_sub_find(module, "pool"); - if (!mycs) { -- DEBUG4("%s: Adding pool section to \"%s\" to store pool references", prefix, -+ DEBUG4("%s: Adding pool section to \"%s\" to store pool references", log_prefix, - cf_section_name(module)); - - mycs = cf_section_alloc(module, "pool", NULL); -@@ -622,7 +640,7 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, - * Use our own local pool. - */ - if (!cs) { -- DEBUG4("%s: \"%s.pool\" section not found, using \"%s.pool\"", prefix, -+ DEBUG4("%s: \"%s.pool\" section not found, using \"%s.pool\"", log_prefix, - parent_name(cs), parent_name(mycs)); - cs = mycs; - } -@@ -636,16 +654,16 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, - */ - pool = cf_data_find(cs, CONNECTION_POOL_CF_KEY); - if (!pool) { -- DEBUG4("%s: No pool reference found in \"%s.pool\"", prefix, parent_name(cs)); -- pool = fr_connection_pool_init(module, cs, opaque, c, a, prefix); -+ DEBUG4("%s: No pool reference found in \"%s.pool\"", log_prefix, parent_name(cs)); -+ pool = fr_connection_pool_init(module, cs, opaque, c, a, log_prefix, trigger_prefix); - if (!pool) return NULL; - -- DEBUG4("%s: Adding pool reference %p to \"%s.pool\"", prefix, pool, parent_name(cs)); -+ DEBUG4("%s: Adding pool reference %p to \"%s.pool\"", log_prefix, pool, parent_name(cs)); - cf_data_add(cs, CONNECTION_POOL_CF_KEY, pool, NULL); - return pool; - } - -- DEBUG4("%s: Found pool reference %p in \"%s.pool\"", prefix, pool, parent_name(cs)); -+ DEBUG4("%s: Found pool reference %p in \"%s.pool\"", log_prefix, pool, parent_name(cs)); - - /* - * We're reusing pool data add it to our local config -@@ -653,7 +671,7 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, - * re-use a pool through this module. - */ - if (mycs != cs) { -- DEBUG4("%s: Copying pool reference %p from \"%s.pool\" to \"%s.pool\"", prefix, pool, -+ DEBUG4("%s: Copying pool reference %p from \"%s.pool\" to \"%s.pool\"", log_prefix, pool, - parent_name(cs), parent_name(mycs)); - cf_data_add(mycs, CONNECTION_POOL_CF_KEY, pool, NULL); - } -@@ -676,7 +694,8 @@ fr_connection_pool_t *fr_connection_pool_module_init(CONF_SECTION *module, - * @param[in] opaque data pointer to pass to callbacks. - * @param[in] c Callback to create new connections. - * @param[in] a Callback to check the status of connections. -- * @param[in] prefix to prepend to all log messages. -+ * @param[in] log_prefix prefix to prepend to all log messages. -+ * @param[in] trigger_prefix prefix to prepend to all trigger names. - * @return A new connection pool or NULL on error. - */ - fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent, -@@ -684,7 +703,8 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent, - void *opaque, - fr_connection_create_t c, - fr_connection_alive_t a, -- char const *prefix) -+ char const *log_prefix, -+ char const *trigger_prefix) - { - uint32_t i; - fr_connection_pool_t *pool; -@@ -720,7 +740,9 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent, - - pool->head = pool->tail = NULL; - -- pool->log_prefix = prefix ? talloc_typed_strdup(pool, prefix) : "core"; -+ pool->log_prefix = log_prefix ? talloc_typed_strdup(pool, log_prefix) : "core"; -+ pool->trigger_prefix = trigger_prefix ? -+ talloc_typed_strdup(pool, trigger_prefix) : ""; - - #ifdef HAVE_PTHREAD_H - pthread_mutex_init(&pool->mutex, NULL); -@@ -729,7 +751,6 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent, - DEBUG("%s: Initialising connection pool", pool->log_prefix); - - if (cf_section_parse(cs, pool, connection_config) < 0) goto error; -- if (cf_section_sub_find(cs, "trigger")) pool->trigger = true; - - /* - * Some simple limits -@@ -780,7 +801,7 @@ fr_connection_pool_t *fr_connection_pool_init(CONF_SECTION *parent, - } - } - -- if (pool->trigger) exec_trigger(NULL, pool->cs, "start", true); -+ fr_connection_exec_trigger(pool, "start"); - - return pool; - } -@@ -1222,7 +1243,7 @@ void *fr_connection_reconnect(fr_connection_pool_t *pool, void *conn) - return NULL; - } - -- if (pool->trigger) exec_trigger(NULL, pool->cs, "close", true); -+ fr_connection_exec_trigger(pool, "close"); - this->connection = new_conn; - pthread_mutex_unlock(&pool->mutex); - --- -2.1.1 - diff --git a/freeradius-dhcpclient-Add-a-short-description-to-help-output.patch b/freeradius-dhcpclient-Add-a-short-description-to-help-output.patch deleted file mode 100644 index 379c590..0000000 --- a/freeradius-dhcpclient-Add-a-short-description-to-help-output.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 313d551547efa8493741ef1344e0629aab04dd70 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Fri, 5 Dec 2014 15:07:59 +0200 -Subject: [PATCH 3/3] dhcpclient: Add a short description to help output - -Add a short description of the program's function to the help output of -dhcpclient. ---- - src/modules/proto_dhcp/dhcpclient.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/modules/proto_dhcp/dhcpclient.c b/src/modules/proto_dhcp/dhcpclient.c -index 64debfe..5677588 100644 ---- a/src/modules/proto_dhcp/dhcpclient.c -+++ b/src/modules/proto_dhcp/dhcpclient.c -@@ -70,6 +70,7 @@ char const *dhcpclient_version = "dhcpclient version " RADIUSD_VERSION_STRING - static void NEVER_RETURNS usage(void) - { - fprintf(stderr, "Usage: dhcpclient [options] server[:port] \n"); -+ fprintf(stderr, "Send a DHCP request with provided RADIUS attrs and output response.\n"); - - fprintf(stderr, " One of discover, request, offer, decline, release, inform.\n"); - fprintf(stderr, " -d Set the directory where the dictionaries are stored (defaults to " RADDBDIR ").\n"); --- -2.1.3 - diff --git a/freeradius-dont-detach-after-perl_parse.patch b/freeradius-dont-detach-after-perl_parse.patch deleted file mode 100644 index f793945..0000000 --- a/freeradius-dont-detach-after-perl_parse.patch +++ /dev/null @@ -1,50 +0,0 @@ -From fa9b2cd01fb5dbe583f5063f611a45c9d033a54a Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Tue, 30 Sep 2014 16:19:47 +0300 -Subject: [PATCH 1/1] perl: Don't call detach after failed perl_parse - -Don't call "detach" callback in rlm_perl, if perl_parse of the Perl -module failed. - -This fixes segfault when the module file cannot be read: - - Can't open perl script "/etc/raddb/mods-config/perl/example.pl": Permission denied - rlm_perl: perl_parse failed: /etc/raddb/mods-config/perl/example.pl not found or has syntax errors. - /etc/raddb/mods-enabled/perl[7]: Instantiation failed for module "perl" - Segmentation fault ---- - src/modules/rlm_perl/rlm_perl.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/modules/rlm_perl/rlm_perl.c b/src/modules/rlm_perl/rlm_perl.c -index d423524..039d7c8 100644 ---- a/src/modules/rlm_perl/rlm_perl.c -+++ b/src/modules/rlm_perl/rlm_perl.c -@@ -73,6 +73,7 @@ typedef struct rlm_perl_t { - char const *xlat_name; - char const *perl_flags; - PerlInterpreter *perl; -+ bool perl_parsed; - pthread_key_t *thread_key; - - #ifdef USE_ITHREADS -@@ -538,6 +539,7 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance) - PL_endav = (AV *)NULL; - - if(!exitstatus) { -+ inst->perl_parsed = true; - perl_run(inst->perl); - } else { - ERROR("rlm_perl: perl_parse failed: %s not found or has syntax errors. \n", inst->module); -@@ -1012,7 +1014,7 @@ static int mod_detach(void *instance) - } - #endif - -- if (inst->func_detach) { -+ if (inst->perl_parsed && inst->func_detach) { - dTHXa(inst->perl); - PERL_SET_CONTEXT(inst->perl); - { --- -2.1.0 - diff --git a/freeradius-dont-swap-uint128-printing-on-be.patch b/freeradius-dont-swap-uint128-printing-on-be.patch deleted file mode 100644 index ba3c670..0000000 --- a/freeradius-dont-swap-uint128-printing-on-be.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 168275c3f4ffe9d0e09ed7a3789b45b440416f73 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Wed, 1 Oct 2014 16:32:11 +0300 -Subject: [PATCH 4/4] Don't assume little-endian in fr_prints_uint128 - -Add handling of big-endian architectures to fr_prints_uint128. ---- - src/lib/misc.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/src/lib/misc.c b/src/lib/misc.c -index 66171ff..d0ccd6c 100644 ---- a/src/lib/misc.c -+++ b/src/lib/misc.c -@@ -1366,6 +1366,13 @@ size_t fr_prints_uint128(char *out, size_t outlen, uint128_t const num) - uint64_t n[2]; - char *p = buff; - int i; -+#ifdef RADIUS_LITTLE_ENDIAN -+ const size_t l = 0; -+ const size_t h = 1; -+#else -+ const size_t l = 1; -+ const size_t h = 0; -+#endif - - memset(buff, '0', sizeof(buff) - 1); - buff[sizeof(buff) - 1] = '\0'; -@@ -1376,11 +1383,11 @@ size_t fr_prints_uint128(char *out, size_t outlen, uint128_t const num) - ssize_t j; - int carry; - -- carry = (n[1] >= 0x8000000000000000); -+ carry = (n[h] >= 0x8000000000000000); - - // Shift n[] left, doubling it -- n[1] = ((n[1] << 1) & 0xffffffffffffffff) + (n[0] >= 0x8000000000000000); -- n[0] = ((n[0] << 1) & 0xffffffffffffffff); -+ n[h] = ((n[h] << 1) & 0xffffffffffffffff) + (n[l] >= 0x8000000000000000); -+ n[l] = ((n[l] << 1) & 0xffffffffffffffff); - - // Add s[] to itself in decimal, doubling it - for (j = sizeof(buff) - 2; j >= 0; j--) { --- -2.1.0 - diff --git a/freeradius-dont-truncate-uint64.patch b/freeradius-dont-truncate-uint64.patch deleted file mode 100644 index d64a47c..0000000 --- a/freeradius-dont-truncate-uint64.patch +++ /dev/null @@ -1,27 +0,0 @@ -From de77beacf1c0bd64335f0f949af9da71437d3ba5 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Tue, 30 Sep 2014 22:27:36 +0300 -Subject: [PATCH 1/4] Don't truncate 64-bit integers in do_cast_copy - -Assign converted octets to vp_integer64, instead of vp_integer to avoid -truncation in do_cast_copy. ---- - src/main/evaluate.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/main/evaluate.c b/src/main/evaluate.c -index f91d482..5cf597d 100644 ---- a/src/main/evaluate.c -+++ b/src/main/evaluate.c -@@ -475,7 +475,7 @@ static int do_cast_copy(VALUE_PAIR *dst, VALUE_PAIR const *src) - do_octets: - switch (dst->da->type) { - case PW_TYPE_INTEGER64: -- dst->vp_integer = ntohll(*(uint64_t const *) src->vp_octets); -+ dst->vp_integer64 = ntohll(*(uint64_t const *) src->vp_octets); - break; - - case PW_TYPE_INTEGER: --- -2.1.0 - diff --git a/freeradius-exec-dont-assume-request-presence-when-logging.patch b/freeradius-exec-dont-assume-request-presence-when-logging.patch deleted file mode 100644 index 2c0ee52..0000000 --- a/freeradius-exec-dont-assume-request-presence-when-logging.patch +++ /dev/null @@ -1,139 +0,0 @@ -From 13c5c908548c29ab30ae2e274a5d2baa96eadae4 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Wed, 15 Oct 2014 20:03:11 +0300 -Subject: [PATCH 1/4] exec: Don't assume request presence when logging - -Use DEBUG* macros for logging, instead of RDEBUG* macros in -radius_start_program and radius_readfrom_program as these are not -guaranteed to be invoked with a valid request. - -For example, not from most of the exec_trigger invocations. ---- - src/include/radiusd.h | 2 +- - src/main/exec.c | 22 +++++++++++----------- - src/modules/rlm_mschap/rlm_mschap.c | 2 +- - 3 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/src/include/radiusd.h b/src/include/radiusd.h -index 21d510b..ebe3a21 100644 ---- a/src/include/radiusd.h -+++ b/src/include/radiusd.h -@@ -606,7 +606,7 @@ int rad_virtual_server(REQUEST *); - pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, - int *input_fd, int *output_fd, - VALUE_PAIR *input_pairs, bool shell_escape); --int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout, -+int radius_readfrom_program(int fd, pid_t pid, int timeout, - char *answer, int left); - int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool shell_escape, - char *user_msg, size_t msg_len, int timeout, -diff --git a/src/main/exec.c b/src/main/exec.c -index b421053..1188d0a 100644 ---- a/src/main/exec.c -+++ b/src/main/exec.c -@@ -103,16 +103,16 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, - - argc = rad_expand_xlat(request, cmd, MAX_ARGV, argv, true, sizeof(argv_buf), argv_buf); - if (argc <= 0) { -- RDEBUG("invalid command line '%s'.", cmd); -+ DEBUG("invalid command line '%s'.", cmd); - return -1; - } - - - #ifndef NDEBUG - if (debug_flag > 2) { -- RDEBUG3("executing cmd %s", cmd); -+ DEBUG3("executing cmd %s", cmd); - for (i = 0; i < argc; i++) { -- RDEBUG3("\t[%d] %s", i, argv[i]); -+ DEBUG3("\t[%d] %s", i, argv[i]); - } - } - #endif -@@ -124,13 +124,13 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, - if (exec_wait) { - if (input_fd) { - if (pipe(to_child) != 0) { -- RDEBUG("Couldn't open pipe to child: %s", fr_syserror(errno)); -+ DEBUG("Couldn't open pipe to child: %s", fr_syserror(errno)); - return -1; - } - } - if (output_fd) { - if (pipe(from_child) != 0) { -- RDEBUG("Couldn't open pipe from child: %s", fr_syserror(errno)); -+ DEBUG("Couldn't open pipe from child: %s", fr_syserror(errno)); - /* safe because these either need closing or are == -1 */ - close(to_child[0]); - close(to_child[1]); -@@ -206,7 +206,7 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, - */ - devnull = open("/dev/null", O_RDWR); - if (devnull < 0) { -- RDEBUG("Failed opening /dev/null: %s\n", fr_syserror(errno)); -+ DEBUG("Failed opening /dev/null: %s\n", fr_syserror(errno)); - - /* - * Where the status code is interpreted as a module rcode -@@ -287,7 +287,7 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, - * Parent process. - */ - if (pid < 0) { -- RDEBUG("Couldn't fork %s: %s", argv[0], fr_syserror(errno)); -+ DEBUG("Couldn't fork %s: %s", argv[0], fr_syserror(errno)); - if (exec_wait) { - /* safe because these either need closing or are == -1 */ - close(to_child[0]); -@@ -320,7 +320,7 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, - return pid; - #else - if (exec_wait) { -- RDEBUG("Wait is not supported"); -+ DEBUG("Wait is not supported"); - return -1; - } - -@@ -366,7 +366,7 @@ pid_t radius_start_program(char const *cmd, REQUEST *request, bool exec_wait, - * @param left length of buffer. - * @return -1 on error, or length of output. - */ --int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout, -+int radius_readfrom_program(int fd, pid_t pid, int timeout, - char *answer, int left) - { - int done = 0; -@@ -422,7 +422,7 @@ int radius_readfrom_program(REQUEST *request, int fd, pid_t pid, int timeout, - rcode = select(fd + 1, &fds, NULL, NULL, &wake); - if (rcode == 0) { - too_long: -- RDEBUG("Child PID %u is taking too much time: forcing failure and killing child.", pid); -+ DEBUG("Child PID %u is taking too much time: forcing failure and killing child.", pid); - kill(pid, SIGTERM); - close(fd); /* should give SIGPIPE to child, too */ - -@@ -536,7 +536,7 @@ int radius_exec_program(REQUEST *request, char const *cmd, bool exec_wait, bool - } - - #ifndef __MINGW32__ -- len = radius_readfrom_program(request, from_child, pid, timeout, answer, sizeof(answer)); -+ len = radius_readfrom_program(from_child, pid, timeout, answer, sizeof(answer)); - if (len < 0) { - /* - * Failure - radius_readfrom_program will -diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c -index 0101ddf..03f94a9 100644 ---- a/src/modules/rlm_mschap/rlm_mschap.c -+++ b/src/modules/rlm_mschap/rlm_mschap.c -@@ -794,7 +794,7 @@ static int CC_HINT(nonnull (1, 2, 4, 5)) do_mschap_cpw(rlm_mschap_t *inst, - /* - * Read from the child - */ -- len = radius_readfrom_program(request, from_child, pid, 10, buf, sizeof(buf)); -+ len = radius_readfrom_program(from_child, pid, 10, buf, sizeof(buf)); - if (len < 0) { - /* radius_readfrom_program will have closed from_child for us */ - REDEBUG("Failure reading from child"); --- -2.1.1 - diff --git a/freeradius-fix-checks-for-PW_TYPE_FILE_INPUT.patch b/freeradius-fix-checks-for-PW_TYPE_FILE_INPUT.patch deleted file mode 100644 index e42dd5d..0000000 --- a/freeradius-fix-checks-for-PW_TYPE_FILE_INPUT.patch +++ /dev/null @@ -1,85 +0,0 @@ -From bae8305c7c1f35f853d9ffe520983c90f2a927a8 Mon Sep 17 00:00:00 2001 -From: "Alan T. DeKok" -Date: Sun, 5 Oct 2014 17:31:34 -0400 -Subject: [PATCH 1/1] Fix checks for PW_TYPE_FILE_INPUT - ---- - src/main/conffile.c | 45 +++++++-------------------------------------- - 1 file changed, 7 insertions(+), 38 deletions(-) - -diff --git a/src/main/conffile.c b/src/main/conffile.c -index 37c8aba..a221dcd 100644 ---- a/src/main/conffile.c -+++ b/src/main/conffile.c -@@ -985,7 +985,7 @@ static inline int fr_item_validate_ipaddr(CONF_SECTION *cs, char const *name, PW - int cf_item_parse(CONF_SECTION *cs, char const *name, int type, void *data, char const *dflt) - { - int rcode; -- bool deprecated, required, attribute, secret; -+ bool deprecated, required, attribute, secret, input; - char **q; - char const *value; - CONF_PAIR const *cp = NULL; -@@ -998,6 +998,7 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, int type, void *data, char - required = (type & PW_TYPE_REQUIRED); - attribute = (type & PW_TYPE_ATTRIBUTE); - secret = (type & PW_TYPE_SECRET); -+ input = (type == PW_TYPE_FILE_INPUT); /* check, not and */ - - type &= 0xff; /* normal types are small */ - rcode = 0; -@@ -1157,46 +1158,14 @@ int cf_item_parse(CONF_SECTION *cs, char const *name, int type, void *data, char - cs->depth, parse_spaces, name, value ? value : "(null)"); - } - *q = value ? talloc_typed_strdup(cs, value) : NULL; -- break; -- -- /* -- * This is the same as PW_TYPE_STRING, -- * except that we also "stat" the file, and -- * cache the result. -- */ -- case PW_TYPE_FILE_INPUT: -- case PW_TYPE_FILE_OUTPUT: -- q = (char **) data; -- if (*q != NULL) { -- free(*q); -- } -- -- /* -- * Expand variables which haven't already been -- * expanded automagically when the configuration -- * file was read. -- */ -- if ((value == dflt) && cs) { -- int lineno = 0; -- -- value = cf_expand_variables("?", -- &lineno, -- cs, buffer, sizeof(buffer), -- value); -- if (!value) return -1; -- } -- -- if (required && (!value || !*value)) goto is_required; -- -- cf_log_info(cs, "%.*s\t%s = \"%s\"", -- cs->depth, parse_spaces, name, value); -- *q = value ? talloc_typed_strdup(cs, value) : NULL; - - /* -- * If the filename exists and we're supposed to -- * read it, check it. -+ * If there's data AND it's an input file, check -+ * that we can read it. This check allows errors -+ * to be caught as early as possible, during -+ * server startup. - */ -- if (*q && (type == PW_TYPE_FILE_INPUT)) { -+ if (*q && input) { - struct stat buf; - - if (stat(*q, &buf) < 0) { --- -2.1.1 - diff --git a/freeradius-fix-dhcp-dictionary-loading.patch b/freeradius-fix-dhcp-dictionary-loading.patch deleted file mode 100644 index 7cde423..0000000 --- a/freeradius-fix-dhcp-dictionary-loading.patch +++ /dev/null @@ -1,40 +0,0 @@ -From dda57af171687d60e21e8e2620e87b25939d0c29 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Mon, 6 Oct 2014 17:00:25 +0300 -Subject: [PATCH 1/1] dhcpclient: Load dictionary.dhcp from DICTDIR. - -Load dictionary.dhcp from DICTDIR instead of RADDBDIR in dhcpclient.c, -as it is found only in the former. - -This fixes the following error printed when invoking dhcpclient: - - Failed reading dictionary.dhcp: dict_init: Couldn't open dictionary - "/etc/raddb/dictionary.dhcp": No such file or directory ---- - src/modules/proto_dhcp/dhcpclient.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/modules/proto_dhcp/dhcpclient.c b/src/modules/proto_dhcp/dhcpclient.c -index b29b9a2..ac52ffd 100644 ---- a/src/modules/proto_dhcp/dhcpclient.c -+++ b/src/modules/proto_dhcp/dhcpclient.c -@@ -264,6 +264,7 @@ int main(int argc, char **argv) - char *p; - int c; - char const *radius_dir = RADDBDIR; -+ char const *dict_dir = DICTDIR; - char const *filename = NULL; - DICT_ATTR const *da; - -@@ -315,7 +316,7 @@ int main(int argc, char **argv) - */ - da = dict_attrbyname("DHCP-Message-Type"); - if (!da) { -- if (dict_read(radius_dir, "dictionary.dhcp") < 0) { -+ if (dict_read(dict_dir, "dictionary.dhcp") < 0) { - fprintf(stderr, "Failed reading dictionary.dhcp: %s", - fr_strerror()); - return -1; --- -2.1.1 - diff --git a/freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch b/freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch deleted file mode 100644 index daefbb4..0000000 --- a/freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch +++ /dev/null @@ -1,59 +0,0 @@ -From b5b92669c32b50b2f96a3ae53d4222d6cb3d1287 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Tue, 28 Oct 2014 15:57:56 +0200 -Subject: [PATCH 1/1] Ignore SIGTERM when firing stop and signal.term - -Move firing "server.stop" and "server.signal.term" triggers beyond -setting SIGTERM action to SIG_IGN in main(). - -This way handler commands for these triggers don't receive SIGTERM with -the rest of the process group and don't possibly terminate before doing -their work. E.g. snmptrap manages to send the notifications. ---- - src/main/process.c | 1 - - src/main/radiusd.c | 10 ++++++++-- - 2 files changed, 8 insertions(+), 3 deletions(-) - -diff --git a/src/main/process.c b/src/main/process.c -index 7e1a51e..f427205 100644 ---- a/src/main/process.c -+++ b/src/main/process.c -@@ -4536,7 +4536,6 @@ static void handle_signal_self(int flag) - fr_event_loop_exit(el, 1); - } else { - INFO("Signalled to terminate"); -- exec_trigger(NULL, NULL, "server.signal.term", true); - fr_event_loop_exit(el, 2); - } - -diff --git a/src/main/radiusd.c b/src/main/radiusd.c -index 620d7d4..86c7013 100644 ---- a/src/main/radiusd.c -+++ b/src/main/radiusd.c -@@ -592,8 +592,6 @@ int main(int argc, char *argv[]) - INFO("Exiting normally"); - } - -- exec_trigger(NULL, NULL, "server.stop", false); -- - /* - * Ignore the TERM signal: we're - * about to die. -@@ -601,6 +599,14 @@ int main(int argc, char *argv[]) - signal(SIGTERM, SIG_IGN); - - /* -+ * Fire signal and stop triggers after ignoring SIGTERM, so handlers are -+ * not killed with the rest of the process group, below. -+ */ -+ if (status == 2) -+ exec_trigger(NULL, NULL, "server.signal.term", true); -+ exec_trigger(NULL, NULL, "server.stop", false); -+ -+ /* - * Send a TERM signal to all - * associated processes - * (including us, which gets --- -2.1.1 - diff --git a/freeradius-make-grp-tallo-c-too.patch b/freeradius-make-grp-tallo-c-too.patch deleted file mode 100644 index ad7d192..0000000 --- a/freeradius-make-grp-tallo-c-too.patch +++ /dev/null @@ -1,53 +0,0 @@ -From d51daa8f56f5c55f2effdb308ef4a14016118753 Mon Sep 17 00:00:00 2001 -From: "Alan T. DeKok" -Date: Sun, 5 Oct 2014 17:22:26 -0400 -Subject: [PATCH 1/1] Make grp tallo'c, too - ---- - src/modules/rlm_unix/rlm_unix.c | 14 +++++++++----- - 1 file changed, 9 insertions(+), 5 deletions(-) - -diff --git a/src/modules/rlm_unix/rlm_unix.c b/src/modules/rlm_unix/rlm_unix.c -index 0a01074..9e55c26 100644 ---- a/src/modules/rlm_unix/rlm_unix.c -+++ b/src/modules/rlm_unix/rlm_unix.c -@@ -75,20 +75,20 @@ static const CONF_PARSER module_config[] = { - #else - static struct group *fr_getgrnam(TALLOC_CTX *ctx, char const *name) - { -- struct group *grp, my_group; -+ struct group *grp, *result; - char *group_buffer; - size_t group_size = 1024; - -- grp = NULL; -- group_buffer = talloc_array(ctx, char, group_size); -+ grp = talloc(ctx, struct group); -+ group_buffer = talloc_array(grp, char, group_size); - while (group_buffer) { - int err; - -- err = getgrnam_r(name, &my_group, group_buffer, group_size, &grp); -+ err = getgrnam_r(name, grp, group_buffer, group_size, &result); - if (err == ERANGE) { - group_size *= 2; - talloc_free(group_buffer); -- group_buffer = talloc_array(ctx, char, group_size); -+ group_buffer = talloc_array(grp, char, group_size); - continue; - } - -@@ -145,6 +145,10 @@ static int groupcmp(UNUSED void *instance, REQUEST *req, UNUSED VALUE_PAIR *requ - } - } - -+#ifdef HAVE_GETGRNAM_R -+ talloc_free(grp); -+#endif -+ - return retval; - } - --- -2.1.1 - diff --git a/freeradius-man-remove-client-attribute-description.patch b/freeradius-man-remove-client-attribute-description.patch deleted file mode 100644 index 8acb7b2..0000000 --- a/freeradius-man-remove-client-attribute-description.patch +++ /dev/null @@ -1,100 +0,0 @@ -From ca2eedaad0bc27dd6a540e61c583f0b745641a84 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Tue, 2 Dec 2014 16:39:28 +0200 -Subject: [PATCH 1/2] man: Remove client attribute description - -Remove attribute description from clients.conf(5) source as it is -outdated, lists just a few attributes and wasn't updated for more than a -year. Refer to clients.conf file itself, instead. ---- - man/man5/clients.conf.5 | 74 +++---------------------------------------------- - 1 file changed, 4 insertions(+), 70 deletions(-) - -diff --git a/man/man5/clients.conf.5 b/man/man5/clients.conf.5 -index 9af246a..f9207d1 100644 ---- a/man/man5/clients.conf.5 -+++ b/man/man5/clients.conf.5 -@@ -26,76 +26,10 @@ client { - = - } - .fi --.SH ATTRIBUTES --The attributes that can appear in a --.B client --section are listed below. Required attributes are labelled as --such. All other attributes are optional. --.TP 0.5i --.B ipaddr [Required] --The IP address of the client. For IPv6, use "ipv6addr" --.TP 0.5i --.B secret [Required] --The RADIUS shared secret used for communication between the client/NAS --and the RADIUS server. --.TP 0.5i --.B shortname [optional] --A short alias that can be used in place of the IP address or fully --qualified hostname provided in the first line of the section. --.TP 0.5i --.B nas_type --The nas_type attribute is used to tell the --.BR checkrad.pl --script which NAS-specific method it should use when checking --simultaneous use. -- --The following values are currently recognized: --.nf --cisco --computone --livingston --max40xx --multitech --netserver --pathras --patton --portslave --tc --usrhiper --other --.fi --.TP 0.5i --.B login --Reserved for future use. --.TP 0.5i --.B password --Reserved for future use. --.SH EXAMPLES --.IP --.nf --client localhost { -- ipaddr = 127.0.0.1 -- secret = testing123 -- shortname = localhost -- nas_type = other --} --.fi --.LP --This adds a client for the loopback address. This is useful in testing --the --server locally, for example with --.BR radclient (1). --.IP --.nf --client private-network-1 { -- ipaddr = 192.0.2.0 -- netmask = 24 -- secret = testing123-1 -- shortname = private-network-1 --} --.fi --.LP --This entry represents any client from the 192.0.2.0/24 network. -+.PP -+Clients have many configuration parameters. Most are documented in the file -+itself as comments. This page documents only the format of the file. Please -+read the \fBclients.conf\fP file itself for more information. - - The old-style format from 1.x is still accepted by the server, but - that form is deprecated. --- -2.1.3 - diff --git a/freeradius-man-remove-references-to-naslist-and-clients.patch b/freeradius-man-remove-references-to-naslist-and-clients.patch deleted file mode 100644 index df2ba67..0000000 --- a/freeradius-man-remove-references-to-naslist-and-clients.patch +++ /dev/null @@ -1,67 +0,0 @@ -From 55a489a7885608158f66823686d89eb7cf54d5a9 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Tue, 2 Dec 2014 16:43:49 +0200 -Subject: [PATCH 2/2] man: Remove references to naslist and clients - -Remove references to non-existent naslist and clients manpages as they -are confusing. ---- - man/man5/clients.conf.5 | 8 +++----- - man/man5/dictionary.5 | 1 - - man/man5/users.5 | 1 - - 3 files changed, 3 insertions(+), 7 deletions(-) - -diff --git a/man/man5/clients.conf.5 b/man/man5/clients.conf.5 -index f9207d1..6c6b3ee 100644 ---- a/man/man5/clients.conf.5 -+++ b/man/man5/clients.conf.5 -@@ -8,9 +8,9 @@ file contains definitions of RADIUS clients. - .PP - The information in this file overrides any information provided in - the deprecated --.BR clients (5) -+.BR clients - and --.BR naslist (5) -+.BR naslist - files. - .PP - The file format is the same as that used for -@@ -39,9 +39,7 @@ that form is deprecated. - .I /etc/raddb/radiusd.conf - .SH "SEE ALSO" - .BR radiusd (8), --.BR radiusd.conf (5), --.BR clients (5), --.BR naslist (5) -+.BR radiusd.conf (5) - - .SH AUTHOR - FreeRADIUS is authored by the FreeRADIUS team. -diff --git a/man/man5/dictionary.5 b/man/man5/dictionary.5 -index 6b60602..d685081 100644 ---- a/man/man5/dictionary.5 -+++ b/man/man5/dictionary.5 -@@ -176,7 +176,6 @@ the attribute number should be used instead. - .I /usr/share/freeradius/dictionary.* - .SH "SEE ALSO" - .BR radiusd (8), --.BR naslist (5), - .BR RFC2865, - .BR RFC2866, - .BR RFC2868 -diff --git a/man/man5/users.5 b/man/man5/users.5 -index ed8f471..c9aef82 100644 ---- a/man/man5/users.5 -+++ b/man/man5/users.5 -@@ -243,7 +243,6 @@ entries that set reply attributes. - .BR radclient (1), - .BR radiusd (8), - .BR dictionary (5), --.BR naslist (5) - - .SH AUTHOR - The FreeRADIUS team. --- -2.1.3 - diff --git a/freeradius-mention-eap-md5-in-radtest-synopsis.patch b/freeradius-mention-eap-md5-in-radtest-synopsis.patch deleted file mode 100644 index 20baad1..0000000 --- a/freeradius-mention-eap-md5-in-radtest-synopsis.patch +++ /dev/null @@ -1,27 +0,0 @@ -From b00d9a63963c4d5dec72d8c4671a72cde5c4ca69 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Mon, 27 Oct 2014 16:14:35 +0200 -Subject: [PATCH 1/2] man: Mention eap-md5 in radtest synopsis - -Add "eap-md5" to the possible values of -t option in radtest's manpage -SYNOPSIS to match the detailed description in the OPTIONS. ---- - man/man1/radtest.1 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/man/man1/radtest.1 b/man/man1/radtest.1 -index f4fdba3..587870c 100644 ---- a/man/man1/radtest.1 -+++ b/man/man1/radtest.1 -@@ -6,7 +6,7 @@ radtest - send packets to a RADIUS server, show reply - .RB [ \-d - .IR raddb_directory ] - .RB [ \-t --.IR pap/chap/mschap ] -+.IR pap/chap/mschap/eap-md5 ] - .RB [ \-x - .IR ] - .RB [ \-4 --- -2.1.1 - diff --git a/freeradius-prefix-endian-macros.patch b/freeradius-prefix-endian-macros.patch deleted file mode 100644 index 80e3924..0000000 --- a/freeradius-prefix-endian-macros.patch +++ /dev/null @@ -1,168 +0,0 @@ -From 4a906c702ac31da5977eba6698fa5435474cb47f Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Wed, 1 Oct 2014 15:11:12 +0300 -Subject: [PATCH 3/4] Prefix *_ENDIAN macros with RADIUS_ - -Rename LITTLE_ENDIAN and BIG_ENDIAN macros to RADIUS_LITTLE_ENDIAN and -RADIUS_BIG_ENDIAN respectively to avoid clashes with -/usr/include/endian.h defines, which result in always assuming -little-endian architecture. ---- - configure | 4 ++-- - configure.ac | 4 ++-- - src/include/autoconf.h.in | 16 ++++++++-------- - src/include/build.h | 6 +++--- - src/include/missing-h | 4 ++-- - src/lib/missing.c | 2 +- - src/main/version.c | 4 ++-- - 7 files changed, 20 insertions(+), 20 deletions(-) - -diff --git a/configure b/configure -index f15072d..1b54efd 100755 ---- a/configure -+++ b/configure -@@ -4771,11 +4771,11 @@ $as_echo "$ac_cv_c_bigendian" >&6; } - case $ac_cv_c_bigendian in #( - yes) - --$as_echo "#define BIG_ENDIAN 1" >>confdefs.h -+$as_echo "#define RADIUS_BIG_ENDIAN 1" >>confdefs.h - ;; #( - no) - --$as_echo "#define LITTLE_ENDIAN 1" >>confdefs.h -+$as_echo "#define RADIUS_LITTLE_ENDIAN 1" >>confdefs.h - - ;; #( - universal) -diff --git a/configure.ac b/configure.ac -index 76466ec..30b226b 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -167,8 +167,8 @@ dnl # check for system bytesex - dnl # AC_DEFINES WORDS_BIGENDIAN - dnl # - AC_C_BIGENDIAN( -- [AC_DEFINE(BIG_ENDIAN, 1, [Define if your processor stores words with the most significant byte first])], -- [AC_DEFINE(LITTLE_ENDIAN, 1, [Define if your processor stores words with the least significant byte first])] -+ [AC_DEFINE(RADIUS_BIG_ENDIAN, 1, [Define if your processor stores words with the most significant byte first])], -+ [AC_DEFINE(RADIUS_LITTLE_ENDIAN, 1, [Define if your processor stores words with the least significant byte first])] - ) - - dnl # -diff --git a/src/include/autoconf.h.in b/src/include/autoconf.h.in -index 6e6e355..c313bca 100644 ---- a/src/include/autoconf.h.in -+++ b/src/include/autoconf.h.in -@@ -3,10 +3,6 @@ - /* Define if building universal (internal helper macro) */ - #undef AC_APPLE_UNIVERSAL_BUILD - --/* Define if your processor stores words with the most significant byte first -- */ --#undef BIG_ENDIAN -- - /* BSD-Style get*byaddr_r */ - #undef BSDSTYLE - -@@ -443,10 +439,6 @@ - /* compiler specific 128 bit unsigned integer */ - #undef HAVE___UINT128_T - --/* Define if your processor stores words with the least significant byte first -- */ --#undef LITTLE_ENDIAN -- - /* define if you have OSFC2 authentication */ - #undef OSFC2 - -@@ -483,6 +475,14 @@ - /* Raw version string from VERSION file */ - #undef RADIUSD_VERSION_STRING - -+/* Define if your processor stores words with the most significant byte first -+ */ -+#undef RADIUS_BIG_ENDIAN -+ -+/* Define if your processor stores words with the least significant byte first -+ */ -+#undef RADIUS_LITTLE_ENDIAN -+ - /* Define as the return type of signal handlers (`int' or `void'). */ - #undef RETSIGTYPE - -diff --git a/src/include/build.h b/src/include/build.h -index 66c3087..4c1bf1a 100644 ---- a/src/include/build.h -+++ b/src/include/build.h -@@ -105,13 +105,13 @@ extern "C" { - * Here at least the endianess can be set explicitly with - * -DLITTLE_ENDIAN or -DBIG_ENDIAN. - */ --#if !defined(LITTLE_ENDIAN) && !defined(BIG_ENDIAN) -+#if !defined(RADIUS_LITTLE_ENDIAN) && !defined(RADIUS_BIG_ENDIAN) - # if defined(__LITTLE_ENDIAN__) || \ - (defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) --# define LITTLE_ENDIAN 1 -+# define RADIUS_LITTLE_ENDIAN 1 - # elif defined(__BIG_ENDIAN__) || \ - (defined(__BYTE_ORDER__) && (__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__)) --# define BIG_ENDIAN 1 -+# define RADIUS_BIG_ENDIAN 1 - # else - # error Failed determining endianness of system - # endif -diff --git a/src/include/missing-h b/src/include/missing-h -index 3f286a4..7136172 100644 ---- a/src/include/missing-h -+++ b/src/include/missing-h -@@ -424,7 +424,7 @@ typedef struct int128_t { uint8_t v[16]; } int128_t; - - /* abcd efgh -> dcba hgfe -> hgfe dcba */ - #ifndef HAVE_HTON_LL --# ifdef LITTLE_ENDIAN -+# ifdef RADIUS_LITTLE_ENDIAN - # ifdef HAVE_BUILTIN_BSWAP64 - # define ntohll(x) __builtin_bswap64(x) - # else -@@ -437,7 +437,7 @@ typedef struct int128_t { uint8_t v[16]; } int128_t; - #endif - - #ifndef HAVE_HTON_LLL --# ifdef LITTLE_ENDIAN -+# ifdef RADIUS_LITTLE_ENDIAN - # ifdef HAVE_128BIT_INTEGERS - # define ntohlll(x) (((uint128_t)ntohll((uint64_t)(x >> 64))) | (((uint128_t)ntohll(((uint64_t) x)) << 64))) - # else -diff --git a/src/lib/missing.c b/src/lib/missing.c -index 4598c8f..efd5461 100644 ---- a/src/lib/missing.c -+++ b/src/lib/missing.c -@@ -273,7 +273,7 @@ ntp2timeval(struct timeval *tv, char const *ntp) - tv->tv_usec = usec / 4295; /* close enough */ - } - --#if !defined(HAVE_128BIT_INTEGERS) && defined(LITTLE_ENDIAN) -+#if !defined(HAVE_128BIT_INTEGERS) && defined(RADIUS_LITTLE_ENDIAN) - /** Swap byte order of 128 bit integer - * - * @param num 128bit integer to swap. -diff --git a/src/main/version.c b/src/main/version.c -index 0aba383..8b56ffa 100644 ---- a/src/main/version.c -+++ b/src/main/version.c -@@ -276,9 +276,9 @@ void version(void) - DEBUG3(" 0x%llx", (unsigned long long) libmagic); - - DEBUG3("Endianess:"); --#if defined(LITTLE_ENDIAN) -+#if defined(RADIUS_LITTLE_ENDIAN) - DEBUG3(" little"); --#elif defined(BIG_ENDIAN) -+#elif defined(RADIUS_BIG_ENDIAN) - DEBUG3(" big"); - #else - DEBUG3(" unknown"); --- -2.1.0 - diff --git a/freeradius-rad_counter-Refine-help-message.patch b/freeradius-rad_counter-Refine-help-message.patch deleted file mode 100644 index 40d9b0c..0000000 --- a/freeradius-rad_counter-Refine-help-message.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 68b1b158029501208d1c6a60aa2794d9589c2a08 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Fri, 5 Dec 2014 12:24:37 +0200 -Subject: [PATCH 2/3] rad_counter: Refine help message - -Refine rad_counter help message: - -* use executable name without path, -* add program purpose, -* shorten usage summary line for clarity, -* separate arguments and options, -* add full stops to sentences, -* wrap a long line. ---- - src/modules/rlm_counter/rad_counter | 24 +++++++++++++++--------- - 1 file changed, 15 insertions(+), 9 deletions(-) - -diff --git a/src/modules/rlm_counter/rad_counter b/src/modules/rlm_counter/rad_counter -index b6c1159..1beef29 100755 ---- a/src/modules/rlm_counter/rad_counter -+++ b/src/modules/rlm_counter/rad_counter -@@ -6,6 +6,7 @@ use warnings ; - use GDBM_File ; - use Fcntl ; - use Getopt::Long; -+use File::Basename; - - my $user = ''; - my $divisor = 1; -@@ -19,17 +20,22 @@ my $help = 0; - $filename = ''; - - sub show_help { -- print <<"EOF"; --Usage: $0 --file= [--reset=] [--match=] --[--user=] [--help] [--hours|--minutes|--seconds] -+ my $progname = basename($0); -+ print < [OPTION...] -+Query and maintain FreeRADIUS rlm_counter DB file. - ----user= Information for specific user ----file= Counter db filename ----match= Information for matching users -+Arguments: -+--file= Counter DB filename. -+ -+Options: -+--user= Information for specific user. -+--match= Information for matching users. - --reset= Reset counter to . -- If divisor is set use it, else means seconds ----help Show this help screen ----(hours|minutes|seconds) Specify information divisor -+ If divisor is set use it, -+ else means seconds. -+--help Show this help screen. -+--(hours|minutes|seconds) Specify information divisor. - EOF - exit 0; - } --- -2.1.3 - diff --git a/freeradius-rad_counter-use-heredoc-for-help-message.patch b/freeradius-rad_counter-use-heredoc-for-help-message.patch deleted file mode 100644 index d18fea7..0000000 --- a/freeradius-rad_counter-use-heredoc-for-help-message.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 70686e8d2b400a804277ba0cdc664e71dd393dd5 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Fri, 5 Dec 2014 12:12:19 +0200 -Subject: [PATCH 1/3] rad_counter: Use heredoc for help message - -Use Perl's here document syntax for rad_counter's help message and -replace tab escape sequences with spaces to make the source more -readable and easier to modify. ---- - src/modules/rlm_counter/rad_counter | 21 ++++++++++++--------- - 1 file changed, 12 insertions(+), 9 deletions(-) - -diff --git a/src/modules/rlm_counter/rad_counter b/src/modules/rlm_counter/rad_counter -index be0a33a..b6c1159 100755 ---- a/src/modules/rlm_counter/rad_counter -+++ b/src/modules/rlm_counter/rad_counter -@@ -19,15 +19,18 @@ my $help = 0; - $filename = ''; - - sub show_help { -- print "Usage: $0 --file= [--reset=] [--match=]\n"; -- print "[--user=] [--help] [--hours|--minutes|--seconds]\n\n"; -- print "--user=", "\t\t", "Information for specific user\n"; -- print "--file=", "\t\t", "Counter db filename\n"; -- print "--match=", "\t\t", "Information for matching users\n"; -- print "--reset=", "\t\t", "Reset counter to .\n"; -- print "\t\t\t\t", "If divisor is set use it, else means seconds\n"; -- print "--help", "\t\t\t\t", "Show this help screen\n"; -- print "--(hours|minutes|seconds)", "\t", "Specify information divisor\n"; -+ print <<"EOF"; -+Usage: $0 --file= [--reset=] [--match=] -+[--user=] [--help] [--hours|--minutes|--seconds] -+ -+--user= Information for specific user -+--file= Counter db filename -+--match= Information for matching users -+--reset= Reset counter to . -+ If divisor is set use it, else means seconds -+--help Show this help screen -+--(hours|minutes|seconds) Specify information divisor -+EOF - exit 0; - } - --- -2.1.3 - diff --git a/freeradius-raddb-Comment-on-ipaddr-ipv4addr-ipv6addr-use.patch b/freeradius-raddb-Comment-on-ipaddr-ipv4addr-ipv6addr-use.patch deleted file mode 100644 index 5f36338..0000000 --- a/freeradius-raddb-Comment-on-ipaddr-ipv4addr-ipv6addr-use.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 40537a80edeba25853df745e969f1b0bd5bc71bf Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Thu, 18 Dec 2014 16:13:58 +0200 -Subject: [PATCH 1/1] raddb: Comment on ipaddr/ipv4addr/ipv6addr use - -Describe combined ipaddr/ipv4addr/ipv6addr use in -raddb/sites-available/default. ---- - raddb/sites-available/default | 21 +++++++++++++-------- - 1 file changed, 13 insertions(+), 8 deletions(-) - -diff --git a/raddb/sites-available/default b/raddb/sites-available/default -index 77c271c..77602e4 100644 ---- a/raddb/sites-available/default -+++ b/raddb/sites-available/default -@@ -84,17 +84,22 @@ listen { - # source IP address for packets sent to a home server, the - # proxy listeners are automatically created. - -- # IP address on which to listen. -+ # ipaddr/ipv4addr/ipv6addr - IP address on which to listen. -+ # Out of several options the first one will be used. -+ # - # Allowed values are: -- # dotted quad (1.2.3.4) -- # hostname (radius.example.com) -- # wildcard (*) -+ # IPv4 address (e.g. 1.2.3.4, for ipv4addr/ipaddr) -+ # IPv6 address (e.g. 2001:db8::1, for ipv6addr/ipaddr) -+ # hostname (radius.example.com, -+ # A record for ipv4addr, -+ # AAAA record for ipv6addr, -+ # A or AAAA record for ipaddr) -+ # wildcard (*) -+ # -+ # ipv4addr = * -+ # ipv6addr = * - ipaddr = * - -- # OR, you can use an IPv6 address, but not both -- # at the same time. --# ipv6addr = :: # any. ::1 == localhost -- - # Port on which to listen. - # Allowed values are: - # integer port number (1812) --- -2.1.3 - diff --git a/freeradius-raddb-Move-trigger.conf-INCLUDE-before-modules.patch b/freeradius-raddb-Move-trigger.conf-INCLUDE-before-modules.patch deleted file mode 100644 index 994dda0..0000000 --- a/freeradius-raddb-Move-trigger.conf-INCLUDE-before-modules.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 1b32a0e398871f0f5b7b41d200b1b9db371e84d5 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Mon, 15 Dec 2014 16:48:26 +0200 -Subject: [PATCH 1/1] raddb: Move trigger.conf INCLUDE before modules - -Move "$INCLUDE trigger.conf" chunk before module section in -"radiusd.conf.in". This makes it possible to reference "snmptrap" and -related trigger variables under "pool.trigger" in module configurations, -simplifying them. - -E.g. like this (in raddb/mods-enabled/ldap): - -ldap ldap_instance { - pool { - trigger { - args = "radiusdModuleName s '${...:name}' radiusdModuleInstance s '${...:instance}'" - open = "${snmptrap}::serverModuleConnectionUp ${args}" - close = "${snmptrap}::serverModuleConnectionDown ${args}" - } - } -} ---- - raddb/radiusd.conf.in | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in -index c6d5834..fb7d1bd 100644 ---- a/raddb/radiusd.conf.in -+++ b/raddb/radiusd.conf.in -@@ -648,6 +648,14 @@ thread pool { - auto_limit_acct = no - } - -+###################################################################### -+# -+# SNMP notifications. Uncomment the following line to enable -+# snmptraps. Note that you MUST also configure the full path -+# to the "snmptrap" command in the "trigger.conf" file. -+# -+#$INCLUDE trigger.conf -+ - # MODULE CONFIGURATION - # - # The names and configuration of each module is located in this section. -@@ -780,14 +788,6 @@ policy { - - ###################################################################### - # --# SNMP notifications. Uncomment the following line to enable --# snmptraps. Note that you MUST also configure the full path --# to the "snmptrap" command in the "trigger.conf" file. --# --#$INCLUDE trigger.conf -- --###################################################################### --# - # Load virtual servers. - # - # This next $INCLUDE line loads files in the directory that --- -2.1.3 - diff --git a/freeradius-raddb-remove-extra-apostrophe-from-trigger.conf.patch b/freeradius-raddb-remove-extra-apostrophe-from-trigger.conf.patch deleted file mode 100644 index 99592c4..0000000 --- a/freeradius-raddb-remove-extra-apostrophe-from-trigger.conf.patch +++ /dev/null @@ -1,30 +0,0 @@ -From e37dbd2dd0f20ff255ddc934296afa67e59695c6 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Thu, 16 Oct 2014 13:48:32 +0300 -Subject: [PATCH 2/4] raddb: Remove extra apostrophe from trigger.conf - -Remove a spurious apostrophe from trigger.conf's trigger.modules.args. - -This fixes module triggers, otherwise producing this error: - - rad_expand_xlat: Invalid string passed as argument ---- - raddb/trigger.conf | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/raddb/trigger.conf b/raddb/trigger.conf -index aa846c3..b80089c 100644 ---- a/raddb/trigger.conf -+++ b/raddb/trigger.conf -@@ -194,7 +194,7 @@ trigger { - # "trigger" subsection in the module configuration. - modules { - # Common arguments -- args = "radiusdModuleName s ldap' radiusdModuleInstance s ''" -+ args = "radiusdModuleName s ldap radiusdModuleInstance s ''" - - # The files module - files { --- -2.1.1 - diff --git a/freeradius-raddb-update-triggers-in-trigger.conf.patch b/freeradius-raddb-update-triggers-in-trigger.conf.patch deleted file mode 100644 index 58bd9bc..0000000 --- a/freeradius-raddb-update-triggers-in-trigger.conf.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 7162088ec80add0e83d1073b67001546be3d0d8d Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Thu, 23 Oct 2014 13:56:46 +0300 -Subject: [PATCH 1/1] raddb: Update triggers in trigger.conf - -Update trigger.conf's available triggers and comments to correspond to -actual code. ---- - raddb/trigger.conf | 23 ++++++++++++----------- - 1 file changed, 12 insertions(+), 11 deletions(-) - -diff --git a/raddb/trigger.conf b/raddb/trigger.conf -index 44f9f36..413a182 100644 ---- a/raddb/trigger.conf -+++ b/raddb/trigger.conf -@@ -222,11 +222,8 @@ trigger { - # A connection to the DB has been closed - close = "${snmptrap}::serverModuleConnectionDown ${args}" - -- # Failed to open a new connection to the DB -- fail = "${snmptrap}::serverModuleConnectionFail ${args}" -- -- # There are no DB handles available. -- none = "${snmptrap}::serverModuleConnectionNone ${args}" -+ # The module has been HUP'd via radmin -+ hup = "${snmptrap}::serverModuleHup ${args}" - } - - # The SQL module -@@ -243,12 +240,13 @@ trigger { - # Failed to open a new connection to the DB - fail = "${snmptrap}::serverModuleConnectionFail ${args}" - -- # There are no DB handles available. -- none = "${snmptrap}::serverModuleConnectionNone ${args}" -+ # The module has been HUP'd via radmin -+ hup = "${snmptrap}::serverModuleHup ${args}" - } - -- # You can use the same opn / close / fail / none triggers for -- # any module which uses the "pool" directive. -+ # You can also use connection pool's start/stop/open/close triggers -+ # for any module which uses the "pool" section, here and under -+ # pool.trigger in module configuration. - } - } - -@@ -267,10 +265,9 @@ trigger { - # home_server_pool.fallback - # home_server_pool.normal - # modules.*.hup --# modules.ldap.fail -+# modules.ldap.timeout - # modules.sql.close - # modules.sql.fail --# modules.sql.none - # modules.sql.open - # server.client.add - # server.max_requests -@@ -278,3 +275,7 @@ trigger { - # server.signal.term - # server.start - # server.stop -+# server.thread.max_threads -+# server.thread.start -+# server.thread.stop -+# server.thread.unresponsive --- -2.1.1 - diff --git a/freeradius-raddb-use-appropriate-module-names-in-traps.patch b/freeradius-raddb-use-appropriate-module-names-in-traps.patch deleted file mode 100644 index 0455dbb..0000000 --- a/freeradius-raddb-use-appropriate-module-names-in-traps.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 039f85dfe9a09478c9581b87113e73e2205abd53 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Thu, 16 Oct 2014 13:59:51 +0300 -Subject: [PATCH 3/4] raddb: Use appropriate module names in traps - -Specify appropriate module names for all module traps in trigger.conf, -instead of using "ldap" for all. ---- - raddb/trigger.conf | 29 +++++++++++++++++++---------- - 1 file changed, 19 insertions(+), 10 deletions(-) - -diff --git a/raddb/trigger.conf b/raddb/trigger.conf -index b80089c..44f9f36 100644 ---- a/raddb/trigger.conf -+++ b/raddb/trigger.conf -@@ -194,12 +194,15 @@ trigger { - # "trigger" subsection in the module configuration. - modules { - # Common arguments -- args = "radiusdModuleName s ldap radiusdModuleInstance s ''" -+ args = "radiusdModuleInstance s ''" - - # The files module - files { -+ # Common arguments -+ args = "radiusdModuleName s files ${..args}" -+ - # The module has been HUP'd via radmin -- hup = "${snmptrap}::serverModuleHup ${..args}" -+ hup = "${snmptrap}::serverModuleHup ${args}" - - # Note that "hup" can be used for every module - # which can be HUP'd via radmin -@@ -210,32 +213,38 @@ trigger { - # an LDAP connection ofr every "bind as user". Be aware that - # this will likely produce a lot of triggers. - ldap { -+ # Common arguments -+ args = "radiusdModuleName s ldap ${..args}" -+ - # A new connection to the DB has been opened -- open = "${snmptrap}::serverModuleConnectionUp ${..args}" -+ open = "${snmptrap}::serverModuleConnectionUp ${args}" - - # A connection to the DB has been closed -- close = "${snmptrap}::serverModuleConnectionDown ${..args}" -+ close = "${snmptrap}::serverModuleConnectionDown ${args}" - - # Failed to open a new connection to the DB -- fail = "${snmptrap}::serverModuleConnectionFail ${..args}" -+ fail = "${snmptrap}::serverModuleConnectionFail ${args}" - - # There are no DB handles available. -- none = "${snmptrap}::serverModuleConnectionNone ${..args}" -+ none = "${snmptrap}::serverModuleConnectionNone ${args}" - } - - # The SQL module - sql { -+ # Common arguments -+ args = "radiusdModuleName s sql ${..args}" -+ - # A new connection to the DB has been opened -- open = "${snmptrap}::serverModuleConnectionUp ${..args}" -+ open = "${snmptrap}::serverModuleConnectionUp ${args}" - - # A connection to the DB has been closed -- close = "${snmptrap}::serverModuleConnectionDown ${..args}" -+ close = "${snmptrap}::serverModuleConnectionDown ${args}" - - # Failed to open a new connection to the DB -- fail = "${snmptrap}::serverModuleConnectionFail ${..args}" -+ fail = "${snmptrap}::serverModuleConnectionFail ${args}" - - # There are no DB handles available. -- none = "${snmptrap}::serverModuleConnectionNone ${..args}" -+ none = "${snmptrap}::serverModuleConnectionNone ${args}" - } - - # You can use the same opn / close / fail / none triggers for --- -2.1.1 - diff --git a/freeradius-talloc-dummy-request.patch b/freeradius-talloc-dummy-request.patch deleted file mode 100644 index e84111f..0000000 --- a/freeradius-talloc-dummy-request.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 03c5915208234255484ece4c233c9e252776e3a3 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Mon, 29 Sep 2014 17:40:10 +0300 -Subject: [PATCH 1/1] process: Talloc home_trigger dummy request - -Allocate the dummy request in home_trigger with talloc, instead of -allocating it on the stack, as the rest of the code expects it to be a -valid talloc context. - -This fixes a talloc_abort resulting from xlat_tokenize_request invoking -talloc_typed_strdup with the dummy request as the talloc context. ---- - src/main/process.c | 17 +++++++++-------- - 1 file changed, 9 insertions(+), 8 deletions(-) - -diff --git a/src/main/process.c b/src/main/process.c -index 76ce4ea..7e1a51e 100644 ---- a/src/main/process.c -+++ b/src/main/process.c -@@ -3212,16 +3212,17 @@ static void ping_home_server(void *ctx) - - static void home_trigger(home_server_t *home, char const *trigger) - { -- REQUEST my_request; -- RADIUS_PACKET my_packet; -+ REQUEST *my_request; -+ RADIUS_PACKET *my_packet; - -- memset(&my_request, 0, sizeof(my_request)); -- memset(&my_packet, 0, sizeof(my_packet)); -- my_request.proxy = &my_packet; -- my_packet.dst_ipaddr = home->ipaddr; -- my_packet.src_ipaddr = home->src_ipaddr; -+ my_request = talloc_zero(NULL, REQUEST); -+ my_packet = talloc_zero(my_request, RADIUS_PACKET); -+ my_request->proxy = my_packet; -+ my_packet->dst_ipaddr = home->ipaddr; -+ my_packet->src_ipaddr = home->src_ipaddr; - -- exec_trigger(&my_request, home->cs, trigger, false); -+ exec_trigger(my_request, home->cs, trigger, false); -+ talloc_free(my_request); - } - - static void mark_home_server_zombie(home_server_t *home, struct timeval *now, struct timeval *response_window) --- -2.1.0 - diff --git a/freeradius-valuepair-don-t-remove-unkown-backslash.patch b/freeradius-valuepair-don-t-remove-unkown-backslash.patch deleted file mode 100644 index 2607c54..0000000 --- a/freeradius-valuepair-don-t-remove-unkown-backslash.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 90b5b46341dbba78d8cd98d55d1b9321544c7887 Mon Sep 17 00:00:00 2001 -From: Nikolai Kondrashov -Date: Mon, 15 Dec 2014 14:42:56 +0200 -Subject: [PATCH 1/1] valuepair: Don't remove unknown backslash - -Don't remove backslash from unknown escape sequences in pairparsevalue, -adhering to behavior common to most other programs dealing with -backslash escape sequences. ---- - src/lib/valuepair.c | 14 ++++++++------ - 1 file changed, 8 insertions(+), 6 deletions(-) - -diff --git a/src/lib/valuepair.c b/src/lib/valuepair.c -index 7d6ee88..7742b81 100644 ---- a/src/lib/valuepair.c -+++ b/src/lib/valuepair.c -@@ -1176,12 +1176,14 @@ int pairparsevalue(VALUE_PAIR *vp, char const *value, size_t inlen) - c = x; - cp += 3; - -- } else if (cp[0]) { -- /* -- * \p --> p -- */ -- c = *cp++; -- } /* else at EOL \ --> \ */ -+ } -+ -+ /* -+ * Else It's not a recognised escape sequence DON'T -+ * consume the backslash. This is identical -+ * behaviour to bash and most other things that -+ * use backslash escaping. -+ */ - } - *p++ = c; - vp_len++; --- -2.1.3 - diff --git a/freeradius.spec b/freeradius.spec index 00062af..676ca4e 100644 --- a/freeradius.spec +++ b/freeradius.spec @@ -1,7 +1,7 @@ Summary: High-performance and highly configurable free RADIUS server Name: freeradius -Version: 3.0.4 -Release: 4%{?dist} +Version: 3.0.7 +Release: 1%{?dist} License: GPLv2+ and LGPLv2+ Group: System Environment/Daemons URL: http://www.freeradius.org/ @@ -23,36 +23,6 @@ Source104: freeradius-tmpfiles.conf Patch1: freeradius-redhat-config.patch Patch2: freeradius-postgres-sql.patch -Patch3: freeradius-add-disable-openssl-version-check.patch -Patch4: freeradius-talloc-dummy-request.patch -Patch5: freeradius-dont-detach-after-perl_parse.patch -Patch6: freeradius-access-union-consistently.patch -Patch7: freeradius-dont-truncate-uint64.patch -Patch8: freeradius-prefix-endian-macros.patch -Patch9: freeradius-dont-swap-uint128-printing-on-be.patch -Patch10: freeradius-fix-dhcp-dictionary-loading.patch -Patch11: freeradius-mention-eap-md5-in-radtest-synopsis.patch -Patch12: freeradius-add-P-option-to-radtest-synopsis.patch -Patch13: freeradius-exec-dont-assume-request-presence-when-logging.patch -Patch14: freeradius-raddb-remove-extra-apostrophe-from-trigger.conf.patch -Patch15: freeradius-raddb-use-appropriate-module-names-in-traps.patch -Patch16: freeradius-connection-fall-through-to-global-module-triggers.patch -Patch17: freeradius-ignore-SIGTERM-when-firing-stop-and-signal.term.patch -Patch18: freeradius-raddb-update-triggers-in-trigger.conf.patch -Patch19: freeradius-make-grp-tallo-c-too.patch -Patch20: freeradius-fix-checks-for-PW_TYPE_FILE_INPUT.patch -Patch21: freeradius-added-D-option-to-mirror-radclient.patch -Patch22: freeradius-man-remove-client-attribute-description.patch -Patch23: freeradius-man-remove-references-to-naslist-and-clients.patch -Patch24: freeradius-valuepair-don-t-remove-unkown-backslash.patch -Patch25: freeradius-rad_counter-use-heredoc-for-help-message.patch -Patch26: freeradius-rad_counter-Refine-help-message.patch -Patch27: freeradius-dhcpclient-Add-a-short-description-to-help-output.patch -Patch28: freeradius-raddb-Move-trigger.conf-INCLUDE-before-modules.patch -Patch29: freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch -Patch30: freeradius-Don-t-overwrite-ip_hton-af-prefix-in-fr_pton4-6.patch -Patch31: freeradius-raddb-Comment-on-ipaddr-ipv4addr-ipv6addr-use.patch -Patch32: freeradius-Fix-OpenSSL-version-check-issues.patch %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} @@ -211,35 +181,6 @@ This plugin provides the unixODBC support for the FreeRADIUS server project. # mistakenly includes the backup files, especially problematic for raddb config files. %patch1 -p1 %patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -%patch25 -p1 -%patch26 -p1 -%patch27 -p1 -%patch28 -p1 -%patch29 -p1 -%patch30 -p1 -%patch31 -p1 %build # Force compile/link options, extra security for network facing daemon @@ -316,6 +257,11 @@ rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/oracle rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-available/unbound rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-config/unbound/default.conf rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-available/couchbase +rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-available/abfab* +rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/policy.d/abfab* +rm $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/sites-available/abfab* + +rm $RPM_BUILD_ROOT/%{_libdir}/freeradius/rlm_test.so # remove unsupported config files rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/experimental.conf @@ -418,6 +364,7 @@ exit 0 # certs %dir %attr(770,root,radiusd) /etc/raddb/certs %config(noreplace) /etc/raddb/certs/Makefile +%config(noreplace) /etc/raddb/certs/passwords.mk /etc/raddb/certs/README %config(noreplace) /etc/raddb/certs/xpextensions %attr(640,root,radiusd) %config(noreplace) /etc/raddb/certs/*.cnf @@ -606,6 +553,7 @@ exit 0 %{_libdir}/freeradius/rlm_always.so %{_libdir}/freeradius/rlm_attr_filter.so %{_libdir}/freeradius/rlm_cache.so +%{_libdir}/freeradius/rlm_cache_rbtree.so %{_libdir}/freeradius/rlm_chap.so %{_libdir}/freeradius/rlm_counter.so %{_libdir}/freeradius/rlm_cram.so @@ -824,6 +772,11 @@ exit 0 %{_libdir}/freeradius/rlm_sql_unixodbc.so %changelog +* Thu Mar 19 2015 Nikolai Kondrashov - 3.0.7-1 +- Upgrade to upstream v3.0.7 release. + See upstream ChangeLog for details (in freeradius-doc subpackage). + Resolves: Bug#1133959 + * Fri Feb 13 2015 Nikolai Kondrashov - 3.0.4-4 - Bump release number to catch up with Fedora 21. diff --git a/sources b/sources index f6fef59..c3aceec 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5457f10d006767e77541b87049f0a7d2 freeradius-server-3.0.4.tar.bz2 +50db3dec6341c3b644cc651263a0971e freeradius-server-3.0.7.tar.bz2