freeradius-server/freeradius-server.changes

706 lines
25 KiB
Plaintext

-------------------------------------------------------------------
Wed Mar 19 17:23:48 CET 2008 - prusnak@suse.cz
- updated to 2.0.3
Feature improvements
* Updated raddb/certs/ca.cnf with extensions to allow ca.der
to be imported as a CA on Symbian and Windows Mobile devices.
Closes bug #524
* Enable multiple matches in "hints" via Fall-Through = Yes.
Closes bug #477
* Added preliminary SQLite driver, contibuted by Apple.
Untested, with no sample configuration. This address bug #470.
* Updated logging sub-system so that log messages from libfreeradius
can go to the log file, and not stdout.
* Added dictionary.rfc5176
* EAP module now checks for instance name, and uses that for
authentication. This avoids the need to set Auth-Type when
there are multiple instances of the EAP module.
* Added Module-Return-Code attribute, which contains the value
returned by the previous module (ok/fail/update/etc.)
Bug fixes
* Corrected typos in rlm_dbm. Closes bugs #521 and #522.
* Detail file "listen" sections now work much better.
* Don't allow old "log_*" to over-ride new format. Closes bug #525
* Initialize allocated memory in Oracle SQL driver. This fixes
occasional crashes on some systems. Closes bug #518
* Call correct function in rlm_protocol_filter. This enables the
module to build. Closes bug #512.
* Added deprecated flag to build for rlm_krb5. This allows it to
run on 64-bit systems. Closes bug #491
* Corrected error message when parsing invalid configurations
so it doesn't crash. Closes bug #527
* Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
* Handle $INCLUDE's in "instantiate" section. Closes #528.
* Format updates to "man" pages from Stephen Gran.
- updated to 2.0.2
Feature improvements
* Added notes on how to debug the server in radiusd.conf
* Moved all "log_*" in radiusd.conf to log{} section.
The old configurations are still accepted, though.
* Added ca.der target in raddb/certs/Makefile. This is
needed for importing CA certs into Windows.
* Added ability send raw attributes via "Raw-Attribute = 0x0102..."
This is available only debug builds. It can be used
to create invalid packets! Use it with care.
* Permit "unlang" policies inside of Auth-Type{} sub-sections
of the authenticate{} section. This makes some policies easier
to implement.
* "listen" sections can now have "type = proxy". This lets you
control which IP is used for sending proxied requests.
* Added note on SSL performance to raddb/certs/README
Bug fixes
* Fixed reading of "detail" files.
* Allow inner EAP tunneled sessions to be proxied.
* Corrected MySQL schemas
* syslog now works in log{} section.
* Corrected typo in raddb/certs/client.cnf
* Updated raddb/sites-available/proxy-inner-tunnel to
permit authentication to work.
* Ignore zero-length attributes in received packets.
* Correct memcpy when dealing with unknown attributes.
* Corrected debugging messages in attr_rewrite.
* Corrected generation of State attribute in EAP. This
fixes the "failed to remember handler" issues.
* Fall back to DEFAULT realm if no realm was found.
Based on a patch from Vincent Magnin.
* Updated example raddb/sites-available/proxy-inner-tunnel
* Corrected behavior of attr_filter to match documentation.
This is NOT backwards compatible with previous versions!
See "man rlm_attr_filter" for details.
- dropped patches:
* conf_read.patch (included in update)
* strncat.patch (obsoleted by update)
-------------------------------------------------------------------
Tue Jan 29 14:33:35 CET 2008 - prusnak@suse.cz
- replace obsoleted call to conf_read with cf_file_read (conf_read.patch)
- split off -doc subpackage
-------------------------------------------------------------------
Thu Jan 24 16:39:37 CET 2008 - prusnak@suse.cz
- fix strncat usage (strncat.patch)
-------------------------------------------------------------------
Tue Jan 22 16:23:12 CET 2008 - prusnak@suse.cz
- updated to 2.0.1
* improve unlang
* update acct_module
* fix parsing of syslog logging
* minor fixes over 2.0.0
-------------------------------------------------------------------
Tue Jan 22 13:58:25 CET 2008 - prusnak@suse.cz
- renamed to freeradius-server (to follow upstream change)
- updated to 2.0.0:
o Feature improvements
* Debugging mode is much clearer and easier to read.
* A new policy language makes many configurations trivial.
See "man unlang" for a complete description.
* Virtual servers are now supported. This permits clear separation
of policies. See raddb/sites-available/README
* EAP-TLS (PEAP, EAP-TTLS) and OpenSSL certificates "just work".
See raddb/certs/README for details.
* Proxying is much more configurable than before.
See proxy.conf for documentation on pools, and new config items.
* Full support for IPv6.
* Much more complete support for the RADIUS SNMP MIBs.
* HUP now works. Only some modules are re-loaded,
and the server configuation is *not* reloaded.
* "check config" option now works. See "man radiusd"
* radrelay functionality is now included in the server core.
See raddb/sites-available/copy-acct-to-home-server
* VMPS support. It is minimal, but functional.
* Cleaned up internal API's and names, including library names.
o Bug fixes
* Many.
- removed obsolete patch:
* type_punning.patch
-------------------------------------------------------------------
Tue Dec 4 18:08:41 CET 2007 - prusnak@suse.cz
- remove openldap2 from BuildRequires
-------------------------------------------------------------------
Tue Nov 6 13:16:58 CET 2007 - prusnak@suse.cz
- updated to 1.1.7
Feature Improvements
* Updated LDAP documentation.
* Added note on DH parameters in eap.conf, and debugging messages
which complain if DH is used, but not configured properly.
* Updated the Mikrotik dictionary. Added a note that the sample
dictionary they supply is broken.
* Output more information on blocked threads, which should help
narrow down which modules is causing the problem.
* Added more eDirectory support.
* rlm_ldap now prints out attributes in the standard format
* Enabled server-side handling of procedures in MySQL
Bug Fixes
* Added NT-Hash support for mschap_xlat.
* Corrected documentation to point to correct location of files.
* Checks for more recent FreeBSD versions.
* uses -DLDAP_DEPRECATED to avoid OpenLDAP crashes.
* Use correct value for authentication name in rlm_mschap.
* Fix over-ride for usernames when use_tunneled_reply = yes.
-------------------------------------------------------------------
Fri Apr 20 15:10:28 CEST 2007 - pth@suse.de
- Update to 1.1.6. Changes since 1.1.3:
Feature improvements
* Added dictionary.rfc4372 (Chargeable User Identity)
* Added dictionary.rfc4675 (VLAN and Priority)
* Added dictionary.rfc4679 (ADSL Forum)
NOTE some name differences from the RFC, due to dictionary.redback
* Updated rlm_python to something usable
* Added experimental sql "HPW" IPPools.
* Added more dictionaries
* Dictionary files now MUST NOT be globally writable.
* Configuration files now MUST NOT be globally readable,
or globally writable.
* Be more aggressive about freeing memory on clean exit.
This helps track down run-time leaks.
* Updated rlm_python to something usable
* Added experimental sql "HPW" IPPools.
* Major enhancements to rlm_pap, that make "encryption_scheme"
a thing of the past. See "man rlm_pap" for details.
* Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use
work-arounds that enable Windows Vista clients to work.
* Added preliminary code to support Firebird.
Use at your own risk!
* Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more
platforms.
* Add a new "reply-name" directive in rlm_sqlcounter to define the
name of the reply attribute.
* Added more dictionaries and attributes
* Print ntlm_auth failure reason in Module-Failure-Message
* radsqlrelay is able to get the DB password from a file instead
of command line.
Bug fixes
* Corrected typo in rlm_pap.c
* Corrected typo in src/main/auth.c
* Suppress SSL error messages if error is zero.
* Don't complain about "Error in read client certificate A"
if we expect to read it in the next packet. Fix based on patch
by Dan Lukes.
* Corrected nearly 30 bugs found by Coverity
See also http://scan.coverity.com
* Don't die on HUP. Instead leak memory (sorry). After a few
hundred HUP's, the server will have leaked a few megabytes of
memory, and you should probably re-start it. It's ugly, but
better than dying.
* Corrected a few double free's
* Corrected typo in radrelay, which prevented it from working
* Made Firebird module build
* Fixed bug in PostgreSQL module that caused server crash.
* Fixed bug in SQL module that could cause server to crash.
* Corrected base64 decoding in rlm_pap
* Don't retransmit accounting packets. The NAS should do this.
* Handle Client-Error in EAP-SIM.
* Port OpenSSL locking fixes from CVS head. This makes PEAP
more stable on some systems.
* Require Message-Authenticator in Status-Server packets
* Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868
* Be more aggressibe about freeing memory on clean exit.
This isn't strictly a bug fix, but it makes it easier to
find memory leaks
* Increase buffer size for dynamic expansion, which allows
longer SQL qeuries.
* Use correct line number when there's a parse error in one
of the configuration sections.
* Terminate SSL sessions in EAP on error, rather than continuing
in some cases.
* Increase buffer size to allow parsing of long octet strings
* Fix string termination on xlat in rlm_perl
* Fix a parse error in the digest module, where malformed
digest requests would result in the user being accepted. Oops...
* VALUEs can only be defined for 'integer', to catch mistakes
with setting VALUEs for type 'string'.
* Better parsing of VALUE names, so that values starting with
a digit work correctly.
* Check return from malloc.
* Fix a double free() in rlm_eap_tls.c
* Check return code of malloc() during initialization.
* Fix a corner case where the proxy port isn't set either in
radiusd.conf or in proxy.conf.
-------------------------------------------------------------------
Mon Mar 26 12:45:29 CEST 2007 - rguenther@suse.de
- add gdbm-devel BuildRequires
-------------------------------------------------------------------
Sun Feb 11 18:33:47 CET 2007 - ro@suse.de
- one oversight in last change, build tested
-------------------------------------------------------------------
Sun Feb 11 12:00:25 CET 2007 - ro@suse.de
- fix build as non-root
-------------------------------------------------------------------
Mon Sep 4 11:18:59 CEST 2006 - kukuk@suse.de
- Make sure that pam_nologin.so will always be executed.
-------------------------------------------------------------------
Wed Aug 23 20:34:55 CEST 2006 - stark@suse.de
- update to version 1.1.3
* autoconf updates
* More dictionary updates
* Security and portability fixes to rlm_otp
* Miscellaneous bug fixes
-------------------------------------------------------------------
Mon Jun 5 22:31:04 CEST 2006 - stark@suse.de
- update to version 1.1.2
* Allow tagged VSA's for Juniper.
* Allow Ascend "abinary" format to be specified as octets,
(e.g. Ascend-Data-Filter = 0x010203...)
* Added "cipher_list" configuration to the EAP-TLS module.
See "eap.conf" and "man 1 cipher" for details.
* Added "check_cert_issuer" configuration to the EAP-TLS module.
See "eap.conf" for details.
* Added "suppress" configuration entry to rlm_detail,
to suppress certain attributes (e.g. User-Password).
* Write SSL errors to log file, rather than stderr.
* Allow a core dump on uid change on Linux
* Bugfixes
-------------------------------------------------------------------
Wed May 24 15:58:41 CEST 2006 - schwab@suse.de
- Don't strip binaries.
-------------------------------------------------------------------
Tue Mar 28 20:22:34 CEST 2006 - stark@suse.de
- fixed an error on x86_64 machines when reading dictionaries
(#161503)
- make "use_tunneled_reply" work properly for PEAP
-------------------------------------------------------------------
Mon Mar 27 14:32:09 CEST 2006 - ro@suse.de
- also use fPIC on s390*
-------------------------------------------------------------------
Thu Mar 23 20:39:02 CET 2006 - stark@suse.de
- fixed validation issue with the EAP-MSCHAPv2 module (#160249)
-------------------------------------------------------------------
Wed Jan 25 21:36:01 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Fri Jan 20 18:19:32 CET 2006 - stark@suse.de
- fixed directory permissions (#141153)
-------------------------------------------------------------------
Thu Jan 19 01:23:36 CET 2006 - ro@suse.de
- changed php requires to generic ones (for php5)
-------------------------------------------------------------------
Sat Jan 14 16:40:53 CET 2006 - stark@suse.de
- use --with-udpfromto useful for systems with multiple addresses
-------------------------------------------------------------------
Thu Jan 12 22:48:30 CET 2006 - stark@suse.de
- update to version 1.1.0
-------------------------------------------------------------------
Wed Jan 11 16:03:44 CET 2006 - stark@suse.de
- adding stack-protector to CFLAGS
- don't package *.la files for now (#141207)
-------------------------------------------------------------------
Wed Dec 21 10:14:01 CET 2005 - stark@suse.de
- fixed realloc() in rlm_pam
-------------------------------------------------------------------
Tue Nov 15 21:49:18 CET 2005 - stark@suse.de
- moved dialup_admin to subpackage and integrate it into
Apache 2 configuration
-------------------------------------------------------------------
Mon Sep 26 01:35:29 CEST 2005 - ro@suse.de
- added LDAP_DEPRECATED to CFLAGS
-------------------------------------------------------------------
Fri Sep 23 06:09:08 CEST 2005 - stark@suse.de
- update to version 1.0.5
- updated eDirectory integration documentation
-------------------------------------------------------------------
Fri Sep 23 01:38:53 CEST 2005 - ro@suse.de
- fix build-dir references in .la files
-------------------------------------------------------------------
Tue Aug 30 12:50:30 CEST 2005 - stark@suse.de
- fixed some issues from security audit (#104195)
(is already upstream for 1.0.5 release)
-------------------------------------------------------------------
Mon Aug 15 19:34:18 CEST 2005 - stark@suse.de
- fix mysql creation script (#104752)
-------------------------------------------------------------------
Sat Jun 18 19:37:56 CEST 2005 - stark@suse.de
- update to version 1.0.4
-------------------------------------------------------------------
Sun Jun 5 00:36:51 CEST 2005 - stark@suse.de
- update to version 1.0.3
- link radiusd with -pie
-------------------------------------------------------------------
Mon Apr 11 11:29:05 CEST 2005 - stark@suse.de
- start daemon correctly (#75979)
- fixed packaging on x86-64 (#75979)
-------------------------------------------------------------------
Wed Mar 2 07:19:27 CET 2005 - stark@suse.de
- com_err.h patch not needed anymore
- modified spec-file to work with older distributions
-------------------------------------------------------------------
Fri Feb 18 11:05:35 CET 2005 - stark@suse.de
- enabled eDirectory support and added documentation
-------------------------------------------------------------------
Thu Feb 17 08:34:12 CET 2005 - stark@suse.de
- update to 1.0.2
-------------------------------------------------------------------
Sat Nov 27 13:44:09 CET 2004 - stark@suse.de
- fixed installation of radeapclient (#48549)
-------------------------------------------------------------------
Sat Nov 20 12:57:22 CET 2004 - stark@suse.de
- don't use heimdal for distributions newer than 9.2
-------------------------------------------------------------------
Mon Nov 15 14:53:25 CET 2004 - kukuk@suse.de
- Use common-* PAM configuration
-------------------------------------------------------------------
Sat Oct 23 20:53:51 CEST 2004 - stark@suse.de
- update to version 1.0.1
- moved *.la files to devel package
-------------------------------------------------------------------
Sat Aug 28 13:33:35 CEST 2004 - stark@suse.de
- modify logrotate config (#44436)
-------------------------------------------------------------------
Tue Aug 17 23:55:38 CEST 2004 - sndirsch@suse.de
- fixed syntax error (Typo?) in init script
-------------------------------------------------------------------
Fri Aug 13 07:10:34 CEST 2004 - stark@suse.de
- added some sample scripts to documentation
-------------------------------------------------------------------
Tue Aug 10 09:35:03 CEST 2004 - stark@suse.de
- update to 1.0.0
-------------------------------------------------------------------
Thu Jun 24 00:03:59 CEST 2004 - ro@suse.de
- update to 1.0.0pre3 (version set as 0.9.9)
-------------------------------------------------------------------
Thu Feb 5 13:36:54 CET 2004 - stark@suse.de
- disabled rlm_sql_iodbc and enabled rlm_sql_unixodb
-------------------------------------------------------------------
Fri Jan 16 13:38:13 CET 2004 - kukuk@suse.de
- Add pam-devel to neededforbuild
-------------------------------------------------------------------
Mon Jan 12 10:26:25 CET 2004 - adrian@suse.de
- add %defattr
-------------------------------------------------------------------
Fri Nov 28 06:56:46 CET 2003 - stark@suse.de
- security update to 0.9.3
* Fix a remote DoS and possible exploit due to mis-handling
of tagged attributes, and Tunnel-Password attribute.
-------------------------------------------------------------------
Thu Oct 16 09:02:57 CEST 2003 - stark@suse.de
- update to 0.9.2
(see /usr/share/doc/packages/freeradius/ChangeLog)
-------------------------------------------------------------------
Fri Aug 1 16:02:14 CEST 2003 - ro@suse.de
- fix include path for com_err.h
-------------------------------------------------------------------
Thu Jul 31 06:18:03 CEST 2003 - stark@suse.de
- use stop/restart macros
-------------------------------------------------------------------
Wed Jul 23 10:53:20 CEST 2003 - stark@suse.de
- use special user for running radiusd
- modify default configuration to work without changes
(Auth-Type = Local)
- added README.SuSE explaining about radiusd user
-------------------------------------------------------------------
Mon Jul 21 08:56:54 CEST 2003 - stark@suse.de
- update to 0.9.0
- build against libiodbc to enable iodbc module
-------------------------------------------------------------------
Wed Jun 4 19:47:02 CEST 2003 - schwab@suse.de
- Add db-devel to neededforbuild.
- Don't use system libtool.
- Fix use of sort.
- Avoid running autoconf.
-------------------------------------------------------------------
Tue Apr 15 23:46:08 CEST 2003 - ro@suse.de
- fixed neededforbuild
-------------------------------------------------------------------
Mon Mar 3 18:20:50 CET 2003 - kukuk@suse.de
- removed %ghost stuff from filelist
-------------------------------------------------------------------
Fri Feb 7 13:31:05 CET 2003 - kukuk@suse.de
- Use pam_unix2.so instead of pam_unix.so
-------------------------------------------------------------------
Wed Jan 15 15:53:21 CET 2003 - ro@suse.de
- use sasl2
-------------------------------------------------------------------
Tue Jan 14 11:42:24 CET 2003 - nadvornik@suse.cz
- fixed multi-line string literals
-------------------------------------------------------------------
Thu Dec 12 10:28:13 CET 2002 - stark@suse.de
- update to 0.8.1
* minor bugfixes
-------------------------------------------------------------------
Mon Dec 2 07:20:10 CET 2002 - stark@suse.de
- removed radwatch from package
-------------------------------------------------------------------
Tue Nov 19 08:33:36 CET 2002 - stark@suse.de
- update to 0.8
* Support for Status-Server packets
* Fixed memory leak when proxying
* Round-robin load balancing when proxying
* Many bug fixes
* (/usr/share/doc/packages/ChangeLog)
- moved modules to /usr/lib/freeradius
-------------------------------------------------------------------
Mon Aug 19 00:06:38 CEST 2002 - ro@suse.de
- don't overwrite README's with each other
-------------------------------------------------------------------
Fri Aug 16 09:06:03 CEST 2002 - stark@suse.de
- added PreReq (Bug #17838)
-------------------------------------------------------------------
Thu Jun 20 01:06:41 CEST 2002 - ro@suse.de
- hack ltconfig for ppc64
-------------------------------------------------------------------
Mon Apr 8 11:11:56 CEST 2002 - stark@suse.de
- fixed packaging on 64bit platforms
- added logrotate config
- added some sample scripts to doc-dir
-------------------------------------------------------------------
Fri Mar 22 15:01:10 CET 2002 - stark@suse.de
- update to 0.5
* MS-CHAP and MS-CHAPv2 MPPE support,
* EAP/MD5 and experimental EAP/TLS,
* Experimental PHP web administration interface,
* Fixes for *BSD,
* Configurable database queries, executed per packet
(e.g. %{ldap:ldap:///dc=company,dc=com?uid?sub?uid=%u}),
* Fix logic bug which would cause occasional server crashes,
* Server-side quenching of DoS attacks,
* Experimental Python module,
* Aptis, Quintum, and Foundry dictionaries,
* Limited support for IPv6.
-------------------------------------------------------------------
Mon Feb 25 16:19:26 CET 2002 - stark@suse.de
- moved *.la back to main-package as it is needed for
dynamic loading of modules
-------------------------------------------------------------------
Mon Feb 25 07:44:11 CET 2002 - stark@suse.de
- added patch to work with heimdal-krb5
- moved *.so to -devel package
-------------------------------------------------------------------
Fri Feb 8 14:24:51 CET 2002 - stark@suse.de
- deactivated kerberos support
(seems to be not compatible with heimdal :-()
-------------------------------------------------------------------
Thu Feb 7 13:27:47 CET 2002 - stark@suse.de
- changed heimdal libdir
-------------------------------------------------------------------
Thu Dec 13 07:33:45 CET 2001 - stark@suse.de
- update to 0.4
- better use of fillup_and_insserv
-------------------------------------------------------------------
Mon Dec 3 11:42:15 CET 2001 - stark@suse.de
- don't use START_RADIUSD anymore
- make use of new fillup_and_insserv macro
-------------------------------------------------------------------
Fri Oct 12 07:03:07 CEST 2001 - stark@suse.de
- update to version 0.3
- packed source-archive as bz2
- branched package -> devel
-------------------------------------------------------------------
Fri Aug 3 07:53:54 CEST 2001 - stark@suse.de
- removed use of watcher-script
- removed config-check (-C) in init script
(it's not supported in freeradius)
-------------------------------------------------------------------
Thu Aug 2 12:22:00 CEST 2001 - stark@suse.de
- status fix in init script
- renamed pam-configfile: radius -> radiusd
-------------------------------------------------------------------
Wed Aug 1 09:57:53 CEST 2001 - stark@suse.de
- updated to 0.2
-------------------------------------------------------------------
Thu Jul 26 10:06:01 CEST 2001 - kukuk@suse.de
- Fix needed for build
-------------------------------------------------------------------
Tue Jul 10 15:05:52 CEST 2001 - stark@suse.de
- added %{suse_update_config}
-------------------------------------------------------------------
Sat Jun 23 20:52:07 CEST 2001 - schwab@suse.de
- Fix preprocessor directives inside macro arguments.
-------------------------------------------------------------------
Mon Jun 18 07:58:08 CEST 2001 - stark@suse.de
- removed absolute paths from pam-config
-------------------------------------------------------------------
Wed May 23 13:32:20 CEST 2001 - stark@suse.de
- first official beta-version 0.1
-------------------------------------------------------------------
Wed Mar 21 13:11:34 CET 2001 - stark@suse.de
- new snapshot 20010321 (pre-BETA)
- replaced start- and killproc to avoid problems with Kernel 2.4
using the radwatch shell-script
- added built of LDAP and MySQL modules
-------------------------------------------------------------------
Mon Jan 29 09:58:23 CET 2001 - stark@suse.de
- %files: /etc/raddb/bay.vendor -> /etc/raddb/dictionary.bay
-------------------------------------------------------------------
Mon Jan 15 10:52:42 CET 2001 - stark@suse.de
- new snapshot 20010115
- initial BETA package (sources are ALPHA!)
-------------------------------------------------------------------
Thu Jan 4 13:32:26 CET 2001 - stark@suse.de
- CVS snapshot 20010104