------------------------------------------------------------------- Tue May 13 18:25:19 CEST 2008 - prusnak@suse.cz - fix crashes in events, fifo and threads (event-fifo-threads.patch) ------------------------------------------------------------------- Mon May 5 15:02:10 CEST 2008 - pth@suse.de - Fix coding errors that made the package fail to build. ------------------------------------------------------------------- Wed Mar 19 17:23:48 CET 2008 - prusnak@suse.cz - updated to 2.0.3 Feature improvements * Updated raddb/certs/ca.cnf with extensions to allow ca.der to be imported as a CA on Symbian and Windows Mobile devices. Closes bug #524 * Enable multiple matches in "hints" via Fall-Through = Yes. Closes bug #477 * Added preliminary SQLite driver, contibuted by Apple. Untested, with no sample configuration. This address bug #470. * Updated logging sub-system so that log messages from libfreeradius can go to the log file, and not stdout. * Added dictionary.rfc5176 * EAP module now checks for instance name, and uses that for authentication. This avoids the need to set Auth-Type when there are multiple instances of the EAP module. * Added Module-Return-Code attribute, which contains the value returned by the previous module (ok/fail/update/etc.) Bug fixes * Corrected typos in rlm_dbm. Closes bugs #521 and #522. * Detail file "listen" sections now work much better. * Don't allow old "log_*" to over-ride new format. Closes bug #525 * Initialize allocated memory in Oracle SQL driver. This fixes occasional crashes on some systems. Closes bug #518 * Call correct function in rlm_protocol_filter. This enables the module to build. Closes bug #512. * Added deprecated flag to build for rlm_krb5. This allows it to run on 64-bit systems. Closes bug #491 * Corrected error message when parsing invalid configurations so it doesn't crash. Closes bug #527 * Fix handling of timeouts in rlm_ldap that affected 64-bit systems. * Handle $INCLUDE's in "instantiate" section. Closes #528. * Format updates to "man" pages from Stephen Gran. - updated to 2.0.2 Feature improvements * Added notes on how to debug the server in radiusd.conf * Moved all "log_*" in radiusd.conf to log{} section. The old configurations are still accepted, though. * Added ca.der target in raddb/certs/Makefile. This is needed for importing CA certs into Windows. * Added ability send raw attributes via "Raw-Attribute = 0x0102..." This is available only debug builds. It can be used to create invalid packets! Use it with care. * Permit "unlang" policies inside of Auth-Type{} sub-sections of the authenticate{} section. This makes some policies easier to implement. * "listen" sections can now have "type = proxy". This lets you control which IP is used for sending proxied requests. * Added note on SSL performance to raddb/certs/README Bug fixes * Fixed reading of "detail" files. * Allow inner EAP tunneled sessions to be proxied. * Corrected MySQL schemas * syslog now works in log{} section. * Corrected typo in raddb/certs/client.cnf * Updated raddb/sites-available/proxy-inner-tunnel to permit authentication to work. * Ignore zero-length attributes in received packets. * Correct memcpy when dealing with unknown attributes. * Corrected debugging messages in attr_rewrite. * Corrected generation of State attribute in EAP. This fixes the "failed to remember handler" issues. * Fall back to DEFAULT realm if no realm was found. Based on a patch from Vincent Magnin. * Updated example raddb/sites-available/proxy-inner-tunnel * Corrected behavior of attr_filter to match documentation. This is NOT backwards compatible with previous versions! See "man rlm_attr_filter" for details. - dropped patches: * conf_read.patch (included in update) * strncat.patch (obsoleted by update) ------------------------------------------------------------------- Tue Jan 29 14:33:35 CET 2008 - prusnak@suse.cz - replace obsoleted call to conf_read with cf_file_read (conf_read.patch) - split off -doc subpackage ------------------------------------------------------------------- Thu Jan 24 16:39:37 CET 2008 - prusnak@suse.cz - fix strncat usage (strncat.patch) ------------------------------------------------------------------- Tue Jan 22 16:23:12 CET 2008 - prusnak@suse.cz - updated to 2.0.1 * improve unlang * update acct_module * fix parsing of syslog logging * minor fixes over 2.0.0 ------------------------------------------------------------------- Tue Jan 22 13:58:25 CET 2008 - prusnak@suse.cz - renamed to freeradius-server (to follow upstream change) - updated to 2.0.0: o Feature improvements * Debugging mode is much clearer and easier to read. * A new policy language makes many configurations trivial. See "man unlang" for a complete description. * Virtual servers are now supported. This permits clear separation of policies. See raddb/sites-available/README * EAP-TLS (PEAP, EAP-TTLS) and OpenSSL certificates "just work". See raddb/certs/README for details. * Proxying is much more configurable than before. See proxy.conf for documentation on pools, and new config items. * Full support for IPv6. * Much more complete support for the RADIUS SNMP MIBs. * HUP now works. Only some modules are re-loaded, and the server configuation is *not* reloaded. * "check config" option now works. See "man radiusd" * radrelay functionality is now included in the server core. See raddb/sites-available/copy-acct-to-home-server * VMPS support. It is minimal, but functional. * Cleaned up internal API's and names, including library names. o Bug fixes * Many. - removed obsolete patch: * type_punning.patch ------------------------------------------------------------------- Tue Dec 4 18:08:41 CET 2007 - prusnak@suse.cz - remove openldap2 from BuildRequires ------------------------------------------------------------------- Tue Nov 6 13:16:58 CET 2007 - prusnak@suse.cz - updated to 1.1.7 Feature Improvements * Updated LDAP documentation. * Added note on DH parameters in eap.conf, and debugging messages which complain if DH is used, but not configured properly. * Updated the Mikrotik dictionary. Added a note that the sample dictionary they supply is broken. * Output more information on blocked threads, which should help narrow down which modules is causing the problem. * Added more eDirectory support. * rlm_ldap now prints out attributes in the standard format * Enabled server-side handling of procedures in MySQL Bug Fixes * Added NT-Hash support for mschap_xlat. * Corrected documentation to point to correct location of files. * Checks for more recent FreeBSD versions. * uses -DLDAP_DEPRECATED to avoid OpenLDAP crashes. * Use correct value for authentication name in rlm_mschap. * Fix over-ride for usernames when use_tunneled_reply = yes. ------------------------------------------------------------------- Fri Apr 20 15:10:28 CEST 2007 - pth@suse.de - Update to 1.1.6. Changes since 1.1.3: Feature improvements * Added dictionary.rfc4372 (Chargeable User Identity) * Added dictionary.rfc4675 (VLAN and Priority) * Added dictionary.rfc4679 (ADSL Forum) NOTE some name differences from the RFC, due to dictionary.redback * Updated rlm_python to something usable * Added experimental sql "HPW" IPPools. * Added more dictionaries * Dictionary files now MUST NOT be globally writable. * Configuration files now MUST NOT be globally readable, or globally writable. * Be more aggressive about freeing memory on clean exit. This helps track down run-time leaks. * Updated rlm_python to something usable * Added experimental sql "HPW" IPPools. * Major enhancements to rlm_pap, that make "encryption_scheme" a thing of the past. See "man rlm_pap" for details. * Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use work-arounds that enable Windows Vista clients to work. * Added preliminary code to support Firebird. Use at your own risk! * Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more platforms. * Add a new "reply-name" directive in rlm_sqlcounter to define the name of the reply attribute. * Added more dictionaries and attributes * Print ntlm_auth failure reason in Module-Failure-Message * radsqlrelay is able to get the DB password from a file instead of command line. Bug fixes * Corrected typo in rlm_pap.c * Corrected typo in src/main/auth.c * Suppress SSL error messages if error is zero. * Don't complain about "Error in read client certificate A" if we expect to read it in the next packet. Fix based on patch by Dan Lukes. * Corrected nearly 30 bugs found by Coverity See also http://scan.coverity.com * Don't die on HUP. Instead leak memory (sorry). After a few hundred HUP's, the server will have leaked a few megabytes of memory, and you should probably re-start it. It's ugly, but better than dying. * Corrected a few double free's * Corrected typo in radrelay, which prevented it from working * Made Firebird module build * Fixed bug in PostgreSQL module that caused server crash. * Fixed bug in SQL module that could cause server to crash. * Corrected base64 decoding in rlm_pap * Don't retransmit accounting packets. The NAS should do this. * Handle Client-Error in EAP-SIM. * Port OpenSSL locking fixes from CVS head. This makes PEAP more stable on some systems. * Require Message-Authenticator in Status-Server packets * Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868 * Be more aggressibe about freeing memory on clean exit. This isn't strictly a bug fix, but it makes it easier to find memory leaks * Increase buffer size for dynamic expansion, which allows longer SQL qeuries. * Use correct line number when there's a parse error in one of the configuration sections. * Terminate SSL sessions in EAP on error, rather than continuing in some cases. * Increase buffer size to allow parsing of long octet strings * Fix string termination on xlat in rlm_perl * Fix a parse error in the digest module, where malformed digest requests would result in the user being accepted. Oops... * VALUEs can only be defined for 'integer', to catch mistakes with setting VALUEs for type 'string'. * Better parsing of VALUE names, so that values starting with a digit work correctly. * Check return from malloc. * Fix a double free() in rlm_eap_tls.c * Check return code of malloc() during initialization. * Fix a corner case where the proxy port isn't set either in radiusd.conf or in proxy.conf. ------------------------------------------------------------------- Mon Mar 26 12:45:29 CEST 2007 - rguenther@suse.de - add gdbm-devel BuildRequires ------------------------------------------------------------------- Sun Feb 11 18:33:47 CET 2007 - ro@suse.de - one oversight in last change, build tested ------------------------------------------------------------------- Sun Feb 11 12:00:25 CET 2007 - ro@suse.de - fix build as non-root ------------------------------------------------------------------- Mon Sep 4 11:18:59 CEST 2006 - kukuk@suse.de - Make sure that pam_nologin.so will always be executed. ------------------------------------------------------------------- Wed Aug 23 20:34:55 CEST 2006 - stark@suse.de - update to version 1.1.3 * autoconf updates * More dictionary updates * Security and portability fixes to rlm_otp * Miscellaneous bug fixes ------------------------------------------------------------------- Mon Jun 5 22:31:04 CEST 2006 - stark@suse.de - update to version 1.1.2 * Allow tagged VSA's for Juniper. * Allow Ascend "abinary" format to be specified as octets, (e.g. Ascend-Data-Filter = 0x010203...) * Added "cipher_list" configuration to the EAP-TLS module. See "eap.conf" and "man 1 cipher" for details. * Added "check_cert_issuer" configuration to the EAP-TLS module. See "eap.conf" for details. * Added "suppress" configuration entry to rlm_detail, to suppress certain attributes (e.g. User-Password). * Write SSL errors to log file, rather than stderr. * Allow a core dump on uid change on Linux * Bugfixes ------------------------------------------------------------------- Wed May 24 15:58:41 CEST 2006 - schwab@suse.de - Don't strip binaries. ------------------------------------------------------------------- Tue Mar 28 20:22:34 CEST 2006 - stark@suse.de - fixed an error on x86_64 machines when reading dictionaries (#161503) - make "use_tunneled_reply" work properly for PEAP ------------------------------------------------------------------- Mon Mar 27 14:32:09 CEST 2006 - ro@suse.de - also use fPIC on s390* ------------------------------------------------------------------- Thu Mar 23 20:39:02 CET 2006 - stark@suse.de - fixed validation issue with the EAP-MSCHAPv2 module (#160249) ------------------------------------------------------------------- Wed Jan 25 21:36:01 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Fri Jan 20 18:19:32 CET 2006 - stark@suse.de - fixed directory permissions (#141153) ------------------------------------------------------------------- Thu Jan 19 01:23:36 CET 2006 - ro@suse.de - changed php requires to generic ones (for php5) ------------------------------------------------------------------- Sat Jan 14 16:40:53 CET 2006 - stark@suse.de - use --with-udpfromto useful for systems with multiple addresses ------------------------------------------------------------------- Thu Jan 12 22:48:30 CET 2006 - stark@suse.de - update to version 1.1.0 ------------------------------------------------------------------- Wed Jan 11 16:03:44 CET 2006 - stark@suse.de - adding stack-protector to CFLAGS - don't package *.la files for now (#141207) ------------------------------------------------------------------- Wed Dec 21 10:14:01 CET 2005 - stark@suse.de - fixed realloc() in rlm_pam ------------------------------------------------------------------- Tue Nov 15 21:49:18 CET 2005 - stark@suse.de - moved dialup_admin to subpackage and integrate it into Apache 2 configuration ------------------------------------------------------------------- Mon Sep 26 01:35:29 CEST 2005 - ro@suse.de - added LDAP_DEPRECATED to CFLAGS ------------------------------------------------------------------- Fri Sep 23 06:09:08 CEST 2005 - stark@suse.de - update to version 1.0.5 - updated eDirectory integration documentation ------------------------------------------------------------------- Fri Sep 23 01:38:53 CEST 2005 - ro@suse.de - fix build-dir references in .la files ------------------------------------------------------------------- Tue Aug 30 12:50:30 CEST 2005 - stark@suse.de - fixed some issues from security audit (#104195) (is already upstream for 1.0.5 release) ------------------------------------------------------------------- Mon Aug 15 19:34:18 CEST 2005 - stark@suse.de - fix mysql creation script (#104752) ------------------------------------------------------------------- Sat Jun 18 19:37:56 CEST 2005 - stark@suse.de - update to version 1.0.4 ------------------------------------------------------------------- Sun Jun 5 00:36:51 CEST 2005 - stark@suse.de - update to version 1.0.3 - link radiusd with -pie ------------------------------------------------------------------- Mon Apr 11 11:29:05 CEST 2005 - stark@suse.de - start daemon correctly (#75979) - fixed packaging on x86-64 (#75979) ------------------------------------------------------------------- Wed Mar 2 07:19:27 CET 2005 - stark@suse.de - com_err.h patch not needed anymore - modified spec-file to work with older distributions ------------------------------------------------------------------- Fri Feb 18 11:05:35 CET 2005 - stark@suse.de - enabled eDirectory support and added documentation ------------------------------------------------------------------- Thu Feb 17 08:34:12 CET 2005 - stark@suse.de - update to 1.0.2 ------------------------------------------------------------------- Sat Nov 27 13:44:09 CET 2004 - stark@suse.de - fixed installation of radeapclient (#48549) ------------------------------------------------------------------- Sat Nov 20 12:57:22 CET 2004 - stark@suse.de - don't use heimdal for distributions newer than 9.2 ------------------------------------------------------------------- Mon Nov 15 14:53:25 CET 2004 - kukuk@suse.de - Use common-* PAM configuration ------------------------------------------------------------------- Sat Oct 23 20:53:51 CEST 2004 - stark@suse.de - update to version 1.0.1 - moved *.la files to devel package ------------------------------------------------------------------- Sat Aug 28 13:33:35 CEST 2004 - stark@suse.de - modify logrotate config (#44436) ------------------------------------------------------------------- Tue Aug 17 23:55:38 CEST 2004 - sndirsch@suse.de - fixed syntax error (Typo?) in init script ------------------------------------------------------------------- Fri Aug 13 07:10:34 CEST 2004 - stark@suse.de - added some sample scripts to documentation ------------------------------------------------------------------- Tue Aug 10 09:35:03 CEST 2004 - stark@suse.de - update to 1.0.0 ------------------------------------------------------------------- Thu Jun 24 00:03:59 CEST 2004 - ro@suse.de - update to 1.0.0pre3 (version set as 0.9.9) ------------------------------------------------------------------- Thu Feb 5 13:36:54 CET 2004 - stark@suse.de - disabled rlm_sql_iodbc and enabled rlm_sql_unixodb ------------------------------------------------------------------- Fri Jan 16 13:38:13 CET 2004 - kukuk@suse.de - Add pam-devel to neededforbuild ------------------------------------------------------------------- Mon Jan 12 10:26:25 CET 2004 - adrian@suse.de - add %defattr ------------------------------------------------------------------- Fri Nov 28 06:56:46 CET 2003 - stark@suse.de - security update to 0.9.3 * Fix a remote DoS and possible exploit due to mis-handling of tagged attributes, and Tunnel-Password attribute. ------------------------------------------------------------------- Thu Oct 16 09:02:57 CEST 2003 - stark@suse.de - update to 0.9.2 (see /usr/share/doc/packages/freeradius/ChangeLog) ------------------------------------------------------------------- Fri Aug 1 16:02:14 CEST 2003 - ro@suse.de - fix include path for com_err.h ------------------------------------------------------------------- Thu Jul 31 06:18:03 CEST 2003 - stark@suse.de - use stop/restart macros ------------------------------------------------------------------- Wed Jul 23 10:53:20 CEST 2003 - stark@suse.de - use special user for running radiusd - modify default configuration to work without changes (Auth-Type = Local) - added README.SuSE explaining about radiusd user ------------------------------------------------------------------- Mon Jul 21 08:56:54 CEST 2003 - stark@suse.de - update to 0.9.0 - build against libiodbc to enable iodbc module ------------------------------------------------------------------- Wed Jun 4 19:47:02 CEST 2003 - schwab@suse.de - Add db-devel to neededforbuild. - Don't use system libtool. - Fix use of sort. - Avoid running autoconf. ------------------------------------------------------------------- Tue Apr 15 23:46:08 CEST 2003 - ro@suse.de - fixed neededforbuild ------------------------------------------------------------------- Mon Mar 3 18:20:50 CET 2003 - kukuk@suse.de - removed %ghost stuff from filelist ------------------------------------------------------------------- Fri Feb 7 13:31:05 CET 2003 - kukuk@suse.de - Use pam_unix2.so instead of pam_unix.so ------------------------------------------------------------------- Wed Jan 15 15:53:21 CET 2003 - ro@suse.de - use sasl2 ------------------------------------------------------------------- Tue Jan 14 11:42:24 CET 2003 - nadvornik@suse.cz - fixed multi-line string literals ------------------------------------------------------------------- Thu Dec 12 10:28:13 CET 2002 - stark@suse.de - update to 0.8.1 * minor bugfixes ------------------------------------------------------------------- Mon Dec 2 07:20:10 CET 2002 - stark@suse.de - removed radwatch from package ------------------------------------------------------------------- Tue Nov 19 08:33:36 CET 2002 - stark@suse.de - update to 0.8 * Support for Status-Server packets * Fixed memory leak when proxying * Round-robin load balancing when proxying * Many bug fixes * (/usr/share/doc/packages/ChangeLog) - moved modules to /usr/lib/freeradius ------------------------------------------------------------------- Mon Aug 19 00:06:38 CEST 2002 - ro@suse.de - don't overwrite README's with each other ------------------------------------------------------------------- Fri Aug 16 09:06:03 CEST 2002 - stark@suse.de - added PreReq (Bug #17838) ------------------------------------------------------------------- Thu Jun 20 01:06:41 CEST 2002 - ro@suse.de - hack ltconfig for ppc64 ------------------------------------------------------------------- Mon Apr 8 11:11:56 CEST 2002 - stark@suse.de - fixed packaging on 64bit platforms - added logrotate config - added some sample scripts to doc-dir ------------------------------------------------------------------- Fri Mar 22 15:01:10 CET 2002 - stark@suse.de - update to 0.5 * MS-CHAP and MS-CHAPv2 MPPE support, * EAP/MD5 and experimental EAP/TLS, * Experimental PHP web administration interface, * Fixes for *BSD, * Configurable database queries, executed per packet (e.g. %{ldap:ldap:///dc=company,dc=com?uid?sub?uid=%u}), * Fix logic bug which would cause occasional server crashes, * Server-side quenching of DoS attacks, * Experimental Python module, * Aptis, Quintum, and Foundry dictionaries, * Limited support for IPv6. ------------------------------------------------------------------- Mon Feb 25 16:19:26 CET 2002 - stark@suse.de - moved *.la back to main-package as it is needed for dynamic loading of modules ------------------------------------------------------------------- Mon Feb 25 07:44:11 CET 2002 - stark@suse.de - added patch to work with heimdal-krb5 - moved *.so to -devel package ------------------------------------------------------------------- Fri Feb 8 14:24:51 CET 2002 - stark@suse.de - deactivated kerberos support (seems to be not compatible with heimdal :-() ------------------------------------------------------------------- Thu Feb 7 13:27:47 CET 2002 - stark@suse.de - changed heimdal libdir ------------------------------------------------------------------- Thu Dec 13 07:33:45 CET 2001 - stark@suse.de - update to 0.4 - better use of fillup_and_insserv ------------------------------------------------------------------- Mon Dec 3 11:42:15 CET 2001 - stark@suse.de - don't use START_RADIUSD anymore - make use of new fillup_and_insserv macro ------------------------------------------------------------------- Fri Oct 12 07:03:07 CEST 2001 - stark@suse.de - update to version 0.3 - packed source-archive as bz2 - branched package -> devel ------------------------------------------------------------------- Fri Aug 3 07:53:54 CEST 2001 - stark@suse.de - removed use of watcher-script - removed config-check (-C) in init script (it's not supported in freeradius) ------------------------------------------------------------------- Thu Aug 2 12:22:00 CEST 2001 - stark@suse.de - status fix in init script - renamed pam-configfile: radius -> radiusd ------------------------------------------------------------------- Wed Aug 1 09:57:53 CEST 2001 - stark@suse.de - updated to 0.2 ------------------------------------------------------------------- Thu Jul 26 10:06:01 CEST 2001 - kukuk@suse.de - Fix needed for build ------------------------------------------------------------------- Tue Jul 10 15:05:52 CEST 2001 - stark@suse.de - added %{suse_update_config} ------------------------------------------------------------------- Sat Jun 23 20:52:07 CEST 2001 - schwab@suse.de - Fix preprocessor directives inside macro arguments. ------------------------------------------------------------------- Mon Jun 18 07:58:08 CEST 2001 - stark@suse.de - removed absolute paths from pam-config ------------------------------------------------------------------- Wed May 23 13:32:20 CEST 2001 - stark@suse.de - first official beta-version 0.1 ------------------------------------------------------------------- Wed Mar 21 13:11:34 CET 2001 - stark@suse.de - new snapshot 20010321 (pre-BETA) - replaced start- and killproc to avoid problems with Kernel 2.4 using the radwatch shell-script - added built of LDAP and MySQL modules ------------------------------------------------------------------- Mon Jan 29 09:58:23 CET 2001 - stark@suse.de - %files: /etc/raddb/bay.vendor -> /etc/raddb/dictionary.bay ------------------------------------------------------------------- Mon Jan 15 10:52:42 CET 2001 - stark@suse.de - new snapshot 20010115 - initial BETA package (sources are ALPHA!) ------------------------------------------------------------------- Thu Jan 4 13:32:26 CET 2001 - stark@suse.de - CVS snapshot 20010104