Version 3.0.15 and 2.2.10 have been released.
Nikolai Kondrashov
Nikolai.Kondrashov at redhat.com
Tue Jul 18 14:59:26 CEST 2017
On 07/18/2017 02:26 PM, Alan DeKok wrote:
> On Jul 18, 2017, at 3:46 AM, Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com> wrote:
>> Thanks a lot for your work on handling these vulnerabilities.
>>
>> I'm working on rebasing Fedora to 3.0.15 and noticed one thing: the contents
>> of the tarball doesn't match the tag in Git. Have you forgotten to push a
>> commit per chance?
>
> It matches for me. It's the same commit locally as on github.
>
> The problem is likely that "git tar" produces different results on different platforms.
Hmm, I was comparing the contents of archives, not archives themselves.
I retried that from scratch and got the same results, below:
---:<---
nkondras at bard:~$ cd tmp/
nkondras at bard:~/tmp$ mkdir freeradius-cmp
nkondras at bard:~/tmp$ cd freeradius-cmp/
nkondras at bard:~/tmp/freeradius-cmp$ git clone -q git at github.com:FreeRADIUS/freeradius-server.git
nkondras at bard:~/tmp/freeradius-cmp$ cd freeradius-server/
nkondras at bard:~/tmp/freeradius-cmp/freeradius-server$ git archive --prefix=freeradius-server-3.0.15-git/ -o ../freeradius-server-3.0.15-git.tar.gz release_3_0_15
nkondras at bard:~/tmp/freeradius-cmp/freeradius-server$ cd ..
nkondras at bard:~/tmp/freeradius-cmp$ wget -q ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-3.0.15.tar.bz2
nkondras at bard:~/tmp/freeradius-cmp$ tar xf freeradius-server-3.0.15.tar.bz2
nkondras at bard:~/tmp/freeradius-cmp$ tar xf freeradius-server-3.0.15-git.tar.gz
nkondras at bard:~/tmp/freeradius-cmp$ diff -rqu freeradius-server-3.0.15-git freeradius-server-3.0.15
Files freeradius-server-3.0.15-git/doc/ChangeLog and freeradius-server-3.0.15/doc/ChangeLog differ
Files freeradius-server-3.0.15-git/src/modules/rlm_python/rlm_python.c and freeradius-server-3.0.15/src/modules/rlm_python/rlm_python.c differ
Files freeradius-server-3.0.15-git/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c and freeradius-server-3.0.15/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c differ
nkondras at bard:~/tmp/freeradius-cmp$
nkondras at bard:~/tmp/freeradius-cmp$
nkondras at bard:~/tmp/freeradius-cmp$ diff -ru freeradius-server-3.0.15-git freeradius-server-3.0.15
diff -ru freeradius-server-3.0.15-git/doc/ChangeLog freeradius-server-3.0.15/doc/ChangeLog
--- freeradius-server-3.0.15-git/doc/ChangeLog 2017-07-17 15:52:16.000000000 +0300
+++ freeradius-server-3.0.15/doc/ChangeLog 2017-07-17 15:43:00.000000000 +0300
@@ -26,10 +26,6 @@
FR-GV-305
* use strncmp() instead of memcmp() for bounded data
FR-AD-001
- * Bind the lifetime of program name and python path to the module
- FR-AD-002
- * Pass correct statement length into sqlite3_prepare[_v2]
- FR-AD-003
* print messages when we see deprecated configuration
items
* show reasons why we couldn't parse a certificate
diff -ru freeradius-server-3.0.15-git/src/modules/rlm_python/rlm_python.c freeradius-server-3.0.15/src/modules/rlm_python/rlm_python.c
--- freeradius-server-3.0.15-git/src/modules/rlm_python/rlm_python.c 2017-07-17 15:52:16.000000000 +0300
+++ freeradius-server-3.0.15/src/modules/rlm_python/rlm_python.c 2017-07-17 15:43:00.000000000 +0300
@@ -15,7 +15,7 @@
*/
/**
- * $Id: 8261cfd7a34b0a7d59bba8ec7de3f3a5b42e6688 $
+ * $Id: c52cec52c76a4036e4739b2bb33252c9d425ce88 $
* @file rlm_python.c
* @brief Translates requests between the server an a python interpreter.
*
@@ -25,7 +25,7 @@
* @copyright 2002 Miguel A.L. Paraz <mparaz at mparaz.com>
* @copyright 2002 Imperium Technology, Inc.
*/
-RCSID("$Id: 8261cfd7a34b0a7d59bba8ec7de3f3a5b42e6688 $")
+RCSID("$Id: c52cec52c76a4036e4739b2bb33252c9d425ce88 $")
#define LOG_PREFIX "rlm_python - "
@@ -67,11 +67,6 @@
char const *name; //!< Name of the module instance
PyThreadState *sub_interpreter; //!< The main interpreter/thread used for this instance.
char const *python_path; //!< Path to search for python files in.
-
-#if PY_VERSION_HEX > 0x03050000
- wchar_t *wide_name; //!< Special wide char encoding of radiusd name.
- wchar_t *wide_path; //!< Special wide char encoding of radiusd path.
-#endif
PyObject *module; //!< Local, interpreter specific module, containing
//!< FreeRADIUS functions.
bool cext_compat; //!< Whether or not to create sub-interpreters per module
@@ -860,15 +855,19 @@
#if PY_VERSION_HEX > 0x03050000
{
- inst->wide_name = Py_DecodeLocale(main_config.name, strlen(main_config.name));
+ wchar_t *name;
+
+ wide_name = Py_DecodeLocale(main_config.name, strlen(main_config.name));
Py_SetProgramName(name); /* The value of argv[0] as a wide char string */
+ PyMem_RawFree(name);
}
#else
{
char *name;
- memcpy(&name, &main_config.name, sizeof(name));
+ name = talloc_strdup(NULL, main_config.name);
Py_SetProgramName(name); /* The value of argv[0] as a wide char string */
+ talloc_free(name);
}
#endif
@@ -904,23 +903,23 @@
/*
* Set the python search path
- *
- * The path buffer does not appear to be dup'd
- * so its lifetime should really be bound to
- * the lifetime of the module.
*/
if (inst->python_path) {
#if PY_VERSION_HEX > 0x03050000
{
- inst->wide_path = Py_DecodeLocale(inst->python_path, strlen(inst->python_path));
+ wchar_t *name;
+
+ path = Py_DecodeLocale(inst->python_path, strlen(inst->python_path));
PySys_SetPath(path);
+ PyMem_RawFree(path);
}
#else
{
char *path;
- memcpy(&path, inst->python_path, sizeof(path));
+ path = talloc_strdup(NULL, inst->python_path);
PySys_SetPath(path);
+ talloc_free(path);
}
#endif
}
@@ -1088,14 +1087,8 @@
PyThreadState_Swap(main_interpreter); /* Swap to the main thread */
Py_Finalize();
dlclose(python_dlhandle);
-
-#if PY_VERSION_HEX > 0x03050000
- if (inst->wide_name) PyMem_RawFree(inst->wide_name);
- if (inst->wide_path) PyMem_RawFree(inst->wide_path);
-#endif
}
-
return ret;
}
diff -ru freeradius-server-3.0.15-git/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c freeradius-server-3.0.15/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c
--- freeradius-server-3.0.15-git/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c 2017-07-17 15:52:16.000000000 +0300
+++ freeradius-server-3.0.15/src/modules/rlm_sql/drivers/rlm_sql_sqlite/rlm_sql_sqlite.c 2017-07-17 15:43:00.000000000 +0300
@@ -15,14 +15,14 @@
*/
/**
- * $Id: 9cf1aff604053f2e70ad4c6a930f16e409e8bd71 $
+ * $Id: c94831da322fefbcfaa20bbe9b0ea345ab616026 $
* @file rlm_sql_sqlite.c
* @brief SQLite driver.
*
* @copyright 2013 Network RADIUS SARL <info at networkradius.com>
* @copyright 2007 Apple Inc.
*/
-RCSID("$Id: 9cf1aff604053f2e70ad4c6a930f16e409e8bd71 $")
+RCSID("$Id: c94831da322fefbcfaa20bbe9b0ea345ab616026 $")
#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/rad_assert.h>
@@ -233,7 +233,7 @@
ssize_t len;
int statement_cnt = 0;
char *buffer;
- char *p, *q;
+ char *p, *q, *s;
int cl;
FILE *f;
struct stat finfo;
@@ -321,18 +321,20 @@
/*
* Statement delimiter is ;\n
*/
- p = buffer;
+ s = p = buffer;
while ((q = strchr(p, ';'))) {
- if ((q[1] != '\n') && (q[1] != '\0')) {
+ if (q[1] != '\n') {
p = q + 1;
statement_cnt++;
continue;
}
+ *q = '\0';
+
#ifdef HAVE_SQLITE3_PREPARE_V2
- status = sqlite3_prepare_v2(db, p, q - p, &statement, &z_tail);
+ status = sqlite3_prepare_v2(db, s, len, &statement, &z_tail);
#else
- status = sqlite3_prepare(db, p, q - p, &statement, &z_tail);
+ status = sqlite3_prepare(db, s, len, &statement, &z_tail);
#endif
if (sql_check_error(db, status) != RLM_SQL_OK) {
@@ -357,7 +359,7 @@
}
statement_cnt++;
- p = q + 1;
+ p = s = q + 1;
}
talloc_free(buffer);
nkondras at bard:~/tmp/freeradius-cmp$
--->:---
Nick
More information about the Freeradius-Users
mailing list