diff options
author | adrianp <adrianp> | 2005-07-09 17:25:00 +0000 |
---|---|---|
committer | adrianp <adrianp> | 2005-07-09 17:25:00 +0000 |
commit | 4f8fcc79315fb841828b1819bc69293a6ad71e92 (patch) | |
tree | 9a006e12a5829a0291c02110e7e3889b4ed54596 /net/freeradius | |
parent | 16ac790dfe63689574d98dfc9a86fdc96408a873 (diff) | |
download | pkgsrc-4f8fcc79315fb841828b1819bc69293a6ad71e92.tar.gz |
- Update to freeradius 1.0.4
- The security issues mentioned in this update were incorporated
into patch-ak previously and a security advisory was already
made in regards to this.
> FreeRADIUS 1.0.4 ; Date: 2005/06/11 22:46:52, urgency=medium
>
> * Fix installation problem.
> * Increase a buffer size, so radrelay doesn't truncate values.
> * Updates in the documentation. Patches from Thor Spruyt.
>
> FreeRADIUS 1.0.3 ; Date: 2005/06/03 17:15:11, urgency=high
> Security Fixes
> * Always escape the strings in the SQL module.
> * Check buffer bound when input character needs escaping in
> the SQL module. Bug found by Primoz Bratanic.
>
> Bug fixes
> * Return EAP-Fail in Access-Reject, rather than an empty Access-Reject
> * Don't send Proxy-State from home server in TTLS.
> * Fixes for forking external programs, so the server doesn't
> suddenly stop processing requests, or stop forking programs.
> * radzap now works, but it's command-line options have changed
> completely, and it's a shell script.
> * radwho has updated command-line options, and no longer reads
> Unix "utmp" files.
> * Fix bug in calling checkrad script with NAS port > 9999999
> * Fix long-standing bug when both crypt and pthreads are in use
> * Don't SEGV when rlm_sql gets 'NULL' value from request.
> * Re-arrange code in radrelay to not duplicate accounting packets.
> * In rlm_attr_rewrite, change the value when the attribute type
> is different from string.
Diffstat (limited to 'net/freeradius')
-rw-r--r-- | net/freeradius/Makefile | 6 | ||||
-rw-r--r-- | net/freeradius/PLIST | 3 | ||||
-rw-r--r-- | net/freeradius/distinfo | 9 | ||||
-rw-r--r-- | net/freeradius/patches/patch-ak | 90 |
4 files changed, 8 insertions, 100 deletions
diff --git a/net/freeradius/Makefile b/net/freeradius/Makefile index beed546cfbd..4b33a358a6d 100644 --- a/net/freeradius/Makefile +++ b/net/freeradius/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.29 2005/05/22 20:08:23 jlam Exp $ +# $NetBSD: Makefile,v 1.30 2005/07/09 17:25:00 adrianp Exp $ -DISTNAME= freeradius-1.0.2 -PKGREVISION= 2 +DISTNAME= freeradius-1.0.4 CATEGORIES= net MASTER_SITES= ftp://ftp.freeradius.org/pub/radius/ \ ftp://ftp.Awfulhak.org/pub/radius/ @@ -122,7 +121,6 @@ post-install: . for f in ${EGFILES} ${INSTALL_DATA} ${WRKSRC}/raddb/${f} ${EGDIR}/${f} . endfor -. undef f @${MKDIR} ${PKG_SYSCONFDIR}/certs @${MKDIR} ${PKG_SYSCONFDIR}/certs/demoCA diff --git a/net/freeradius/PLIST b/net/freeradius/PLIST index 8c71dde3cf2..d925b4b76ea 100644 --- a/net/freeradius/PLIST +++ b/net/freeradius/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.8 2005/05/02 20:34:02 reed Exp $ +@comment $NetBSD: PLIST,v 1.9 2005/07/09 17:25:00 adrianp Exp $ bin/radclient bin/radeapclient bin/radlast @@ -369,6 +369,7 @@ share/freeradius/dictionary.foundry share/freeradius/dictionary.freeradius share/freeradius/dictionary.gandalf share/freeradius/dictionary.garderos +share/freeradius/dictionary.gemtek share/freeradius/dictionary.itk share/freeradius/dictionary.juniper share/freeradius/dictionary.karlnet diff --git a/net/freeradius/distinfo b/net/freeradius/distinfo index e906376846d..af3b4ecd173 100644 --- a/net/freeradius/distinfo +++ b/net/freeradius/distinfo @@ -1,9 +1,8 @@ -$NetBSD: distinfo,v 1.14 2005/05/18 21:58:45 adrianp Exp $ +$NetBSD: distinfo,v 1.15 2005/07/09 17:25:00 adrianp Exp $ -SHA1 (freeradius-1.0.2.tar.gz) = 5703fd8abb4f28c15d716bd1ec1e9cfe2e1e6c90 -RMD160 (freeradius-1.0.2.tar.gz) = 796da74e64da189d7d7520201c7c4139f9f478c4 -Size (freeradius-1.0.2.tar.gz) = 2208884 bytes +SHA1 (freeradius-1.0.4.tar.gz) = f0c877ae80592609ada4875cf1b472c7742720fb +RMD160 (freeradius-1.0.4.tar.gz) = b75a872ced9a461f3063f19d49546fc9ef86a225 +Size (freeradius-1.0.4.tar.gz) = 2209057 bytes SHA1 (patch-ae) = 0c1b6c79329f41c35e3a783e61cc205cb78a4773 SHA1 (patch-ai) = bb4dafd3f6b961403caa955c9a09c271468ada36 SHA1 (patch-aj) = 422c9dfbde08c26acf41a040c57508ab9725004e -SHA1 (patch-ak) = ad272be635d6b27e5b986c3e9a06ef85484c1230 diff --git a/net/freeradius/patches/patch-ak b/net/freeradius/patches/patch-ak deleted file mode 100644 index f5e80698007..00000000000 --- a/net/freeradius/patches/patch-ak +++ /dev/null @@ -1,90 +0,0 @@ -$NetBSD: patch-ak,v 1.3 2005/05/18 21:58:45 adrianp Exp $ - ---- src/modules/rlm_sql/rlm_sql.c.orig 2004-09-30 15:54:22.000000000 +0100 -+++ src/modules/rlm_sql/rlm_sql.c -@@ -158,6 +158,7 @@ static int rlm_sql_init(void) { - */ - static int sql_set_user(SQL_INST *inst, REQUEST *request, char *sqlusername, const char *username); - static int generate_sql_clients(SQL_INST *inst); -+static int sql_escape_func(char *out, int outlen, const char *in); - - /* - * sql xlat function. Right now only SELECTs are supported. Only -@@ -184,7 +185,7 @@ static int sql_xlat(void *instance, REQU - /* - * Do an xlat on the provided string (nice recursive operation). - */ -- if (!radius_xlat(querystr, sizeof(querystr), fmt, request, func)) { -+ if (!radius_xlat(querystr, sizeof(querystr), fmt, request, sql_escape_func)) { - radlog(L_ERR, "rlm_sql (%s): xlat failed.", - inst->config->xlat_name); - return 0; -@@ -409,18 +410,18 @@ static int sql_escape_func(char *out, in - - while (in[0]) { - /* -- * Only one byte left. -- */ -- if (outlen <= 1) { -- break; -- } -- -- /* - * Non-printable characters get replaced with their - * mime-encoded equivalents. - */ - if ((in[0] < 32) || - strchr(allowed_chars, *in) == NULL) { -+ /* -+ * Only 3 or less bytes available. -+ */ -+ if (outlen <= 3) { -+ break; -+ } -+ - snprintf(out, outlen, "=%02X", (unsigned char) in[0]); - in++; - out += 3; -@@ -430,7 +431,14 @@ static int sql_escape_func(char *out, in - } - - /* -- * Else it's a nice character. -+ * Only one byte left. -+ */ -+ if (outlen <= 1) { -+ break; -+ } -+ -+ /* -+ * Allowed character. - */ - *out = *in; - out++; -@@ -517,7 +525,7 @@ static int sql_groupcmp(void *instance, - */ - if (sql_set_user(inst, req, sqlusername, 0) < 0) - return 1; -- if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, NULL)){ -+ if (!radius_xlat(querystr, sizeof(querystr), inst->config->groupmemb_query, req, sql_escape_func)){ - radlog(L_ERR, "rlm_sql (%s): xlat failed.", - inst->config->xlat_name); - /* Remove the username we (maybe) added above */ -@@ -1149,7 +1157,7 @@ static int rlm_sql_checksimul(void *inst - if(sql_set_user(inst, request, sqlusername, 0) <0) - return RLM_MODULE_FAIL; - -- radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, NULL); -+ radius_xlat(querystr, sizeof(querystr), inst->config->simul_count_query, request, sql_escape_func); - - /* initialize the sql socket */ - sqlsocket = sql_get_socket(inst); -@@ -1193,7 +1201,7 @@ static int rlm_sql_checksimul(void *inst - return RLM_MODULE_OK; - } - -- radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, NULL); -+ radius_xlat(querystr, sizeof(querystr), inst->config->simul_verify_query, request, sql_escape_func); - if(rlm_sql_select_query(sqlsocket, inst, querystr)) { - radlog(L_ERR, "rlm_sql (%s): sql_checksimul: Database query error", inst->config->xlat_name); - sql_release_socket(inst, sqlsocket); |