forked from pool/freeradius-server
Accepting request 298810 from home:vitezslav_cizek:branches:network
- minor adjustments/cleanup of spec and changes - update to 3.0.8 * for a detailed list of changes look at: /usr/share/doc/packages/freeradius-server/ChangeLog - new set of consolidated patch files: deleted: * freeradius-server-2.1.1-logrotate_su.patch * freeradius-server-2.1.6-rcradiusd.patch * freeradius-server-initscript-pidfile.patch * freeradius-server-radius-reload-logrotate.patch * freeradius-server-var_run.patch added: * freeradius-server-radiusd-logrotate.patch * freeradius-server-rcradiusd.patch * freeradius-server-tmpfiles.patch OBS-URL: https://build.opensuse.org/request/show/298810 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=72
This commit is contained in:
parent
8c9ca09252
commit
06780e53ab
@ -1,201 +1,25 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 23 14:22:17 UTC 2015 - vcizek@suse.com
|
||||
|
||||
- minor adjustments/cleanup of spec and changes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 22 20:31:44 UTC 2015 - michael@stroeder.com
|
||||
|
||||
- update to 3.0.8
|
||||
- new set of consolidated patch files
|
||||
|
||||
FreeRADIUS 3.0.8 Wed 22 Apr 2015 13:30:00 EDT urgency=medium
|
||||
Feature improvements
|
||||
* Allow syslog_severity to be set in rlm_linelog.
|
||||
* Allow defaults to be set for bulk clients in LDAP and couchbase.
|
||||
* Updates to dhcpclient. Patches from Nicolas C.
|
||||
* rlm_mschap now supports direct connections to winbind, which
|
||||
is faster than ntlm_auth. See raddb/mods-available/mschap.
|
||||
Patch from Matthew Newton.
|
||||
* Recommend /dev/urandom for TLS randomness, instead of
|
||||
${certdir}/random
|
||||
* Allow TLSv1 to be disabled via "disable_tlsv1" in tls{}.
|
||||
* Allow Expanded EAP types where vendor is 0 (IETF) and
|
||||
type is normal EAP type. Supplicants sending Expanded
|
||||
EAP types like this are broken.
|
||||
* Add support for server side sort controls when searching for
|
||||
user objects in rlm_ldap.
|
||||
|
||||
Bug fixes
|
||||
* Don't complain about "authorize" in "server {}" blocks, but
|
||||
only if there's no "server" block.
|
||||
* Fix cosmetic issue where debug from the first packet read by
|
||||
a detail reader thread would be emited during config parsing.
|
||||
* Fix ASSERT on truncated detail packets.
|
||||
* Don't use main server log functions from within panic_action,
|
||||
as in the case of syslog this would cause deadlocks if the
|
||||
fault was triggered from within a malloc.
|
||||
* Fix issue in "switch" when "correct_escapes = false".
|
||||
Fixes #911.
|
||||
* Fix sqlcounter configuration to use "%%b" instead of "%b",
|
||||
otherwise the new syntax validation will fail.
|
||||
* Allow forward references in configuration items. Modules
|
||||
aren't always loaded in a sane order.
|
||||
* Fix more escaping issues. Closes #912.
|
||||
* Decode MAC addresses correctly for VMPS.
|
||||
* Fix memory leak with TLS connections.
|
||||
* Fix state machine threading issues for conflicting packets.
|
||||
* Fix copy_request_to_tunnel issues for tagged attributes.
|
||||
* Allow "ok" to over-ride "updated" inside of Auth-Type sections.
|
||||
* Update state machine so that post-proxy is run though child
|
||||
threads for performance, instead of blocking the main thread.
|
||||
* Allow "netmask" to work again in client definitions.
|
||||
* Relax restrictions on SQL group queries.
|
||||
* track outgoing proxy sockets and clean them up more aggressively.
|
||||
* track proxy statistics, including CoA and Disconnect.
|
||||
* If radmin has a connection failure when running a command,
|
||||
it re-connects and runs the command again.
|
||||
* mark home servers "unknown" less aggressively.
|
||||
* Fix potential SEGV in PostgreSQL driver on error.
|
||||
* Fix issue where fields like nas_type would not be accessible via
|
||||
the %{client:} xlat, for dynamic clients.
|
||||
* Set default busy_timeout (of 200ms) in the sqlite driver, so writes
|
||||
don't cause selects to fail in multithreaded mode. This is user
|
||||
configurable, and may be increased if required.
|
||||
* Convert Password-With-Header attributes to binary (from hex or
|
||||
base64), in the authorize method of rlm_pap.
|
||||
* Fix invalid assert in state.c, that could cause abort in
|
||||
post-auth.
|
||||
* Fix double free when -m flag is used, and connection pools are
|
||||
referenced by multiple modules.
|
||||
* RADIUS over TLS accounting uses the same port as authentication.
|
||||
* Regularized return codes from radmin commands.
|
||||
* Fix RHEL spec file so it works correctly for Centos7 which uses
|
||||
systemd, and didn't like the SystemV init script.
|
||||
* radwho and radlast now have a -D option to load dictionaries
|
||||
* DHCP packets are no longer checked for duplicates.
|
||||
* Don't crash in sql module group comparisons in corner case.
|
||||
* Calculate MPPE keys correctly when using TLS 1.2.
|
||||
* Fix load-balance sections. Closes #945
|
||||
* TLS certificates are available again in the post-auth section.
|
||||
They are not available for session resumption.
|
||||
* radclient encodes CHAP-Password properly when using -c.
|
||||
Closes #955.
|
||||
* Fix issue in rlm_cache_memcached driver that caused variable
|
||||
length values to be truncated.
|
||||
* Fix track functionality in detail reader, so it no longer
|
||||
fails with a "Failed marking detail request as done: Bad file
|
||||
descriptor" error.
|
||||
* Actually add the peer identity (as User-Name) to the inner
|
||||
tunnel in EAP-PWD requests, so it's available for lookups.
|
||||
* Fixes to PostfreSQL queries. Patches from Santiago Gimeno.
|
||||
|
||||
FreeRADIUS 3.0.7 Thu 19 Feb 2015 12:00:00 EDT urgency=medium
|
||||
Feature improvements
|
||||
* Allow coa home_servers to be derived from client
|
||||
sections if a coa_server section is provided.
|
||||
* Automatically determine the correct port if no port is
|
||||
provided for a home server.
|
||||
* Allow foreach to operate over lists.
|
||||
* Add compile time features to ${feature.*} and versions
|
||||
of core libraries to ${version.*}. Feature and version
|
||||
names match output of radiud -xv. %v is now deprecated.
|
||||
* Add support for PATCH method in rlm_rest.
|
||||
* Validate more module xlats on startup, and warn if an
|
||||
xlat expansion is found in a double quoted config item
|
||||
which will not be expanded.
|
||||
* Add support for sub-second timeouts in rlm_rest.
|
||||
* Add support for connection timeouts in rlm_rest.
|
||||
* Add %{jsonquote:<str>} xlat to escape strings for insertion
|
||||
into json documents.
|
||||
* Add %{ldapquote:<str>} xlat to escape strings for insertion
|
||||
into ldap DNs.
|
||||
* Add %{explode:&ref <char>}, splits value of &ref on
|
||||
<char> and creates new &ref type attributes with the
|
||||
fragments.
|
||||
* Allow rlm_ldap to use attribute references for base_dn and
|
||||
filter config items. The attribute references are not
|
||||
escaped, allowing DNs and filters to be created dynamically.
|
||||
* Add %{nexttime:[<int>]h|d|w|y} to calculate the number of
|
||||
seconds before the next <int> hour(s), day(s), week(s),
|
||||
or year(s).
|
||||
* Allow the left side of update sections to be xlat expansions.
|
||||
The result of the expansion is then used to reference the
|
||||
attribute to be modified.
|
||||
* Added %{lpad:&Attribute-Name 7 x} and rpad. These produce
|
||||
fixed-width output strings, with padding to the left (lpad)
|
||||
or the right (rpad).
|
||||
* For some SQL drivers (MySQL, sqlite) distinguish between
|
||||
constraints violations (on insert), invalid queries, and
|
||||
server errors, and return noop, invalid, and error respectively.
|
||||
* Call SHOW WARNINGS in the MySQL driver and write them to
|
||||
the request log, if libmysqlclient indicates warnings are
|
||||
available on the server.
|
||||
* Forbid the creation of Vendor-Specific for non-standard
|
||||
VSAs. Use Attr-26 = 0x... instead.
|
||||
* Make dhcpclient work with raw sockets and various other
|
||||
improvements - Contributed by nchaigne
|
||||
* Add support for SSHA2 - Contributed by PDD.
|
||||
* Add perle dictionary - Contributed by Hachmer
|
||||
* Modernise init scripts for RHEL, SUSE and Debian.
|
||||
* radmin now tracks the return code of commands, and exits
|
||||
with status "1" if any command failed to execute.
|
||||
* radmin now sends error messages from the server to
|
||||
stderr, instead of to stdout.
|
||||
* radmin now looks for sockets matching it's UID and GID,
|
||||
rather than just always using the first one it finds.
|
||||
* radmin can how delete clients which are tied to a listener.
|
||||
* Moved RADIUS attribute definitions to src/include/rfc*.h
|
||||
* Move to talloc pools for requests. For in-memory tests
|
||||
(default config, 'users' file), performance increases by 30%.
|
||||
* In rlm_ldap allow sasl_mech to be specified for admin and
|
||||
user binds. Only non-interactive mechs (like EXTERNAL)
|
||||
are currently supported.
|
||||
* Remove support for ephemeral RSA keys. They were "export only",
|
||||
and should not be used by anyone.
|
||||
* Syntax errors in the "users" file now produce better
|
||||
error messages.
|
||||
|
||||
Bug fixes
|
||||
* Fix issues parsing LDAP hostnames with non-standard ports.
|
||||
* Fix issues with realms containing regular expressions.
|
||||
* Allow unary negation before parantheses in rlm_expr.
|
||||
* Fix infinite loop in kevent event loop code. Issue only
|
||||
presented on FreeBSD.
|
||||
* Be more careful to define Auth-Types before loading modules.
|
||||
* Link libfreeradius-radius against OpenSSL too, to avoid
|
||||
multi-version symbols in SSL libraries.
|
||||
* When rlm_ldap rebinds a connection, it should use bind
|
||||
credentials from the module that created the connection
|
||||
pool, not credentials from the module referencing it.
|
||||
* Empty server config pairs should be allowed in rlm_ldap
|
||||
instances that reference another module's connection pool.
|
||||
* Mark rlm_always as huppable, so its rcode can be changed
|
||||
via radmin (allows policy toggles).
|
||||
* Emit warnings when ignoring user configured pool values.
|
||||
* Fix issue that would cause radclient to complain
|
||||
intermittently about differing numbers of filters and
|
||||
requests.
|
||||
* Fix cosmetic issues in connection pool logging, that made
|
||||
it appear as if the same connection was being opened
|
||||
multiple times.
|
||||
* Fix threadsafety issues in SQL drivers, where a static
|
||||
buffer was used to store error messages.
|
||||
* Log RERROR, RWARN, RINFO to the global log if request
|
||||
logging is not enabled.
|
||||
* Link to libldap instead of libldap_r. libldap_r
|
||||
is not supported for use by projects outside of OpenLDAP.
|
||||
* Set connection timeout correctly in rlm_sql_mysql.
|
||||
* Build with older versions of libcurl, and use CFLAGS from
|
||||
curl-config.
|
||||
* Honour Packet-Src-Port and Packet-Src-IP-address in radclient.
|
||||
* Initialise ldapai_info_version field, so libldap will report
|
||||
its vendor and version.
|
||||
* Fix log rotation scripts by using the copyrotate option.
|
||||
* Fix issue that caused opening control sockets to always
|
||||
fail on non-Linux systems, if a user or group was set.
|
||||
* Save Session-State after proxying.
|
||||
* Additional fixes for reading CoA/DM requests from detail
|
||||
files.
|
||||
* Create dynamic clients if the dynamic clients virtual server
|
||||
returns ok *or* updated. Emit useful messages for other codes.
|
||||
* Compile bare "authorize" statements, and issue errors saying
|
||||
using them isn't a good idea.
|
||||
* for a detailed list of changes look at:
|
||||
/usr/share/doc/packages/freeradius-server/ChangeLog
|
||||
- new set of consolidated patch files:
|
||||
deleted:
|
||||
* freeradius-server-2.1.1-logrotate_su.patch
|
||||
* freeradius-server-2.1.6-rcradiusd.patch
|
||||
* freeradius-server-initscript-pidfile.patch
|
||||
* freeradius-server-radius-reload-logrotate.patch
|
||||
* freeradius-server-var_run.patch
|
||||
added:
|
||||
* freeradius-server-radiusd-logrotate.patch
|
||||
* freeradius-server-rcradiusd.patch
|
||||
* freeradius-server-tmpfiles.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 14 13:10:11 UTC 2015 - tchvatal@suse.com
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package freeradius-server
|
||||
#
|
||||
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -33,6 +33,7 @@ Source2: freeradius-tmpfiles.conf
|
||||
Patch1: freeradius-server-tmpfiles.patch
|
||||
Patch2: freeradius-server-radiusd-logrotate.patch
|
||||
Patch3: freeradius-server-rcradiusd.patch
|
||||
Patch4: freeradius-server-fix-cert-bootstrap.patch
|
||||
BuildRequires: apache2-devel
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
BuildRequires: db-devel
|
||||
@ -188,6 +189,7 @@ This plugin provides the SQLite support for the FreeRADIUS server project.
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
|
||||
%build
|
||||
modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{_sourcedir}/%{name}.changes")"
|
||||
|
Loading…
Reference in New Issue
Block a user