X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=freeradius-server.spec;h=1838edb5f290607dcd1b6fe75fdbd1714854c0f7;hb=41d9555669cdfa299e456b6813b09035d3e53004;hp=a48448ca5187235ef13fe9b4e9e1c101f498b8d5;hpb=f4f8b6ac2edb4119e636705800f8be98c43914f5;p=freeradius.git

diff --git a/freeradius-server.spec b/freeradius-server.spec
old mode 100755
new mode 100644
index a48448c..1838edb
--- a/freeradius-server.spec
+++ b/freeradius-server.spec
@@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
-Version: 3.0.1
-Release: moonshot4%{?dist}
+Version: 3.0.10
+Release: 0%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Daemons
 URL: http://www.freeradius.org/
@@ -15,29 +15,21 @@ URL: http://www.freeradius.org/
 
 %global dist_base freeradius-server
 
-
-Source0: freeradius-server.tar.gz
+#Source0: ftp://ftp.freeradius.org/pub/radius/%{dist_base}.tar.bz2
+Source0: %{dist_base}.tar.gz
 Source100: freeradius-radiusd-init
 Source102: freeradius-logrotate
 Source103: freeradius-pam-conf
 Source104: freeradius-tmpfiles.conf
 
 Patch1: freeradius-redhat-config.patch
-Patch2: freeradius-postgres-sql.patch
-Patch3: freeradius-ippool-tr.patch
-Patch4: freeradius-imacros.patch
-Patch5: freeradius-mysql-schema.patch
-Patch6: freeradius-perl.patch
-Patch7: freeradius-rlm_pap-overflow.patch
-# These patches are temporary - fixing SQLite V2 API and attr_filter issues
-Patch8: freeradius-rlm_sql_sqlite-v2api.patch
-Patch9: freeradius-rlm_attr_filter-fix.patch
 
 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
 %define initddir %{?_initddir:%{_initddir}}%{!?_initddir:%{_initrddir}}
 
 BuildRequires: autoconf
 BuildRequires: gdbm-devel
+BuildRequires: chrpath
 BuildRequires: openssl
 BuildRequires: openssl-devel
 BuildRequires: pam-devel
@@ -48,7 +40,6 @@ BuildRequires: readline-devel
 BuildRequires: libpcap-devel
 BuildRequires: libtalloc-devel
 BuildRequires: pcre-devel
-BuildRequires: trust_router-devel >= 1.2
 
 %if ! 0%{?rhel}
 BuildRequires: libyubikey-devel
@@ -56,14 +47,16 @@ BuildRequires: tncfhh-devel
 BuildRequires: ykclient-devel
 %endif
 
-Requires: openssl trust_router
+# Moonshot Dependencies
+BuildRequires: trust_router-devel
+Requires: trust_router-libs
+
+Requires: openssl >= 1.0.1e-16.el6_5.7
 Requires(pre): shadow-utils glibc-common
 Requires(post): /sbin/chkconfig
 Requires(preun): /sbin/chkconfig
 
 %description
-FreeRADIUS + Moonshot extensions
-
 The FreeRADIUS Server Project is a high performance and highly configurable
 GPL'd free RADIUS server. The server is similar in some respects to
 Livingston's 2.0 server.  While FreeRADIUS started as a variant of the
@@ -78,6 +71,16 @@ more.  Using RADIUS allows authentication and authorization for a network to
 be centralized, and minimizes the amount of re-configuration which has to be
 done when adding or deleting new users.
 
+%package abfab
+Group: System Environment/Daemons
+Summary: FreeRADIUS ABFAb Configuration
+Requires: %{name} = %{version}-%{release}
+Requires: freeradius-sqlite
+
+%description abfab
+This package provides configuration required by an ABFAB (RFC 7055)
+identity provider or RP proxy.
+
 %package doc
 Group: Documentation
 Summary: FreeRADIUS documentation
@@ -166,6 +169,16 @@ BuildRequires: postgresql-devel
 %description postgresql
 This plugin provides the postgresql support for the FreeRADIUS server project.
 
+%package rest
+Summary: REST support for freeradius
+Group: System Environment/Daemons
+Requires: %{name} = %{version}-%{release}
+BuildRequires: libcurl-devel
+BuildRequires: json-c-devel
+
+%description rest
+This plugin provides the REST support for the FreeRADIUS server project.
+
 %package sqlite
 Summary: SQLite support for freeradius
 Group: System Environment/Daemons
@@ -190,14 +203,6 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
 # Note: We explicitly do not make patch backup files because 'make install'
 # mistakenly includes the backup files, especially problematic for raddb config files.
 %patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
 
 %build
 # Force compile/link options, extra security for network facing daemon
@@ -215,18 +220,28 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
         --with-unixodbc-lib-dir=%{_libdir} \
         --with-rlm-dbm-lib-dir=%{_libdir} \
         --with-rlm-krb5-include-dir=/usr/kerberos/include \
+        --without-rlm_couchbase \
         --without-rlm_eap_ikev2 \
+        --without-rlm_example \
+        --without-rlm_idn \
+        --without-rlm_smsotp \
+        --without-rlm_sqlhpwippool \
         --without-rlm_sql_iodbc \
         --without-rlm_sql_firebird \
         --without-rlm_sql_db2 \
-        --without-rlm_sql_oracle \
-        --without-rlm_example
+        --without-rlm_sql_oracle
 
 make
 
 %install
 mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/lib/radiusd
 make install R=$RPM_BUILD_ROOT
+for foo in abfab-tr-idp abfab-tls channel_bindings ; do
+    test -e $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/sites-enabled/$foo || ln -s ../sites-available/$foo $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/sites-enabled
+    done
+for foo in abfab_psk_sql ; do
+    test -e $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-enabled/$foo || ln -s ../mods-available/$foo $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/mods-enabled
+    done
 
 # logs
 mkdir -p $RPM_BUILD_ROOT/var/log/radius/radacct
@@ -254,21 +269,28 @@ rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/serial*
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/dh
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/certs/random
 
+
 rm -f $RPM_BUILD_ROOT/%{_mandir}/man1/radeapclient.1
 
 rm -f $RPM_BUILD_ROOT/usr/sbin/rc.radiusd
 rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.a
 rm -rf $RPM_BUILD_ROOT/%{_libdir}/freeradius/*.la
 
+chrpath --delete $RPM_BUILD_ROOT/%{_libdir}/freeradius/rlm_sql_unixodbc.so
+chrpath --delete $RPM_BUILD_ROOT/%{_libdir}/freeradius/rlm_sql_postgresql.so
+
+rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-available/couchbase
+
 rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/mssql
+rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-available/eap.orig
 
 rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/ippool/oracle
+rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/ippool-dhcp/oracle
 rm -rf $RPM_BUILD_ROOT/etc/raddb/mods-config/sql/main/oracle
 
 
 # remove unsupported config files
 rm -f $RPM_BUILD_ROOT/%{_sysconfdir}/raddb/experimental.conf
-
 # install doc files omitted by standard install
 for f in COPYRIGHT CREDITS INSTALL.rst README.rst VERSION; do
     cp $f $RPM_BUILD_ROOT/%{docdir}
@@ -347,6 +369,8 @@ exit 0
 %dir %attr(755,root,radiusd) /etc/raddb
 %defattr(-,root,radiusd)
 /etc/raddb/README.rst
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/panic.gdb
+
 %attr(644,root,radiusd) %config(noreplace) /etc/raddb/dictionary
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/clients.conf
 
@@ -371,6 +395,7 @@ exit 0
 /etc/raddb/certs/README
 %config(noreplace) /etc/raddb/certs/xpextensions
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/certs/*.cnf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/certs/passwords.mk
 %attr(750,root,radiusd) /etc/raddb/certs/bootstrap
 
 # mods-config
@@ -390,10 +415,17 @@ exit 0
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main
 
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/unbound
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/unbound/default.conf
+
 # sites-available
 %dir %attr(750,root,radiusd) /etc/raddb/sites-available
 /etc/raddb/sites-available/README
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/abfab-tr-idp
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/abfab-tls
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/control-socket
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/challenge
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/channel_bindings
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/decoupled-accounting
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/robust-proxy-accounting
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/soh
@@ -401,7 +433,6 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/example
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/inner-tunnel
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/dhcp
-%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/chbind
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/check-eap-tls
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/status
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/dhcp.relay
@@ -418,17 +449,20 @@ exit 0
 # sites-enabled
 # symlink: /etc/raddb/sites-enabled/xxx -> ../sites-available/xxx
 %dir %attr(750,root,radiusd) /etc/raddb/sites-enabled
+%config(missingok) /etc/raddb/sites-enabled/channel_bindings
 %config(missingok) /etc/raddb/sites-enabled/inner-tunnel
 %config(missingok) /etc/raddb/sites-enabled/default
 
 # mods-available
 %dir %attr(750,root,radiusd) /etc/raddb/mods-available
 /etc/raddb/mods-available/README.rst
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/abfab_psk_sql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/always
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/attr_filter
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cache
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cache_eap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/chap
+#%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/couchbase
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/counter
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cui
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/date
@@ -467,7 +501,6 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/redis
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rediswho
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/replicate
-%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/smbpasswd
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/smsotp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/soh
@@ -477,6 +510,8 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sqlippool
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sradutmp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unix
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unpack
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unbound
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/utf8
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/wimax
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/yubikey
@@ -512,14 +547,17 @@ exit 0
 %config(missingok) /etc/raddb/mods-enabled/soh
 %config(missingok) /etc/raddb/mods-enabled/sradutmp
 %config(missingok) /etc/raddb/mods-enabled/unix
+%config(missingok) /etc/raddb/mods-enabled/unpack
 %config(missingok) /etc/raddb/mods-enabled/utf8
 
 # policy
 %dir %attr(750,root,radiusd) /etc/raddb/policy.d
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/abfab-tr
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/accounting
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/canonicalization
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/control
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/cui
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/debug
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/dhcp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/eap
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/policy.d/filter
@@ -553,6 +591,8 @@ exit 0
 %{_libdir}/freeradius/rlm_always.so
 %{_libdir}/freeradius/rlm_attr_filter.so
 %{_libdir}/freeradius/rlm_cache.so
+%{_libdir}/freeradius/rlm_cache_rbtree.so
+%{_libdir}/freeradius/rlm_cache_memcached.so
 %{_libdir}/freeradius/rlm_chap.so
 %{_libdir}/freeradius/rlm_counter.so
 %{_libdir}/freeradius/rlm_cram.so
@@ -578,7 +618,6 @@ exit 0
 %{_libdir}/freeradius/rlm_expiration.so
 %{_libdir}/freeradius/rlm_expr.so
 %{_libdir}/freeradius/rlm_files.so
-%{_libdir}/freeradius/rlm_idn.so
 %{_libdir}/freeradius/rlm_ippool.so
 %{_libdir}/freeradius/rlm_linelog.so
 %{_libdir}/freeradius/rlm_logintime.so
@@ -590,17 +629,16 @@ exit 0
 %{_libdir}/freeradius/rlm_preprocess.so
 %{_libdir}/freeradius/rlm_radutmp.so
 %{_libdir}/freeradius/rlm_realm.so
-%{_libdir}/freeradius/rlm_rest.so
 %{_libdir}/freeradius/rlm_replicate.so
-%{_libdir}/freeradius/rlm_smsotp.so
 %{_libdir}/freeradius/rlm_soh.so
 %{_libdir}/freeradius/rlm_sometimes.so
 %{_libdir}/freeradius/rlm_sql.so
 %{_libdir}/freeradius/rlm_sqlcounter.so
-%{_libdir}/freeradius/rlm_sqlhpwippool.so
 %{_libdir}/freeradius/rlm_sqlippool.so
 %{_libdir}/freeradius/rlm_sql_null.so
+%{_libdir}/freeradius/rlm_test.so
 %{_libdir}/freeradius/rlm_unix.so
+%{_libdir}/freeradius/rlm_unpack.so
 %{_libdir}/freeradius/rlm_utf8.so
 %{_libdir}/freeradius/rlm_wimax.so
 %{_libdir}/freeradius/rlm_yubikey.so
@@ -632,6 +670,14 @@ exit 0
 %doc %{_mandir}/man8/radmin.8.gz
 %doc %{_mandir}/man8/radrelay.8.gz
 
+%files abfab
+%dir %attr(750,root,radiusd) /etc/raddb/sites-enabled
+%config(missingok) /etc/raddb/sites-enabled/abfab-tr-idp
+%config(missingok) /etc/raddb/sites-enabled/abfab-tls
+%dir %attr(750,root,radiusd) /etc/raddb/mods-enabled
+%config(missingok) /etc/raddb/mods-enabled/abfab_psk_sql
+
+
 %files doc
 
 %doc %{docdir}/
@@ -648,7 +694,6 @@ exit 0
 %doc %{_mandir}/man1/radzap.1.gz
 %doc %{_mandir}/man1/smbencrypt.1.gz
 %doc %{_mandir}/man5/checkrad.5.gz
-%doc %{_mandir}/man8/radconf2xml.8.gz
 %doc %{_mandir}/man8/radcrypt.8.gz
 %doc %{_mandir}/man8/radsniff.8.gz
 %doc %{_mandir}/man8/radsqlrelay.8.gz
@@ -672,6 +717,7 @@ exit 0
 %files python
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/python
 /etc/raddb/mods-config/python/example.py*
+/etc/raddb/mods-config/python/radiusd.py*
 %{_libdir}/freeradius/rlm_python.so
 
 %files mysql
@@ -691,7 +737,7 @@ exit 0
 
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/mysql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf
-
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/mysql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/setup.sql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/queries.conf
@@ -753,6 +799,7 @@ exit 0
 
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/sqlite/schema.sql
 
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/sqlite
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/queries.conf
@@ -764,17 +811,36 @@ exit 0
 %{_libdir}/freeradius/rlm_ldap.so
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/ldap
 
+%files rest
+%{_libdir}/freeradius/rlm_rest.so
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
+
 %files unixODBC
 %{_libdir}/freeradius/rlm_sql_unixodbc.so
 
 %changelog
-* Thu Mar 13 2014 Stefan Paetow <stefan.paetow@diamond.ac.uk> - 3.0.1-5
-- Inclusion of a patch to fix a comparison bug in rlm_attr_filter
-
-* Tue Mar  4 2014 Stefan Paetow <stefan.paetow@diamond.ac.uk> - 3.0.1-4
-- Inclusion of a SQLite 3 patch to unbreak SQLite support in FreeRADIUS 3.0.1
-- Backported to CentOS 6.4
-- Integration of Moonshot Trust Router v1.0.1 with FreeRADIUS
+* Thu Jul 10 2014 Stefan Paetow <stefan.paetow@ja.net> - 3.0.4-1
+- Upgrade to upstream 3.0.4 release, configuration compatible with 3.0.1.
+- Backported to CentOS 6.5
+
+* Wed May 14 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.3-1
+- Upgrade to upstream 3.0.3 release.
+  See upstream ChangeLog for details (in freeradius-doc subpackage).
+- Minor configuration parsing change: "Double-escaping of characters in Perl,
+  and octal characters has been fixed. If your configuration has text like
+  "\\000", you will need to remove one backslash."
+- Additionally includes post-release fixes for:
+  * case-insensitive matching in compiled regular expressions not working,
+  * upstream issue #634 "3.0.3 SIGSEGV on config parse",
+  * upstream issue #635 "3.0.x - rlm_perl - strings are still
+    escaped when passed to perl from FreeRADIUS",
+  * upstream issue #639 "foreach may cause ABORT".
+- Fixes bugs 1097266 1070447
+
+* Wed May  7 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.2-1
+- Upgrade to upstream 3.0.2 release, configuration compatible with 3.0.1.
+  See upstream ChangeLog for details (in freeradius-doc subpackage)
+- Fixes bugs 1058884 1061408 1070447 1079500
 
 * Mon Feb 24 2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.1-4
 - Fix CVE-2014-2015 "freeradius: stack-based buffer overflow flaw in rlm_pap