forked from pool/freeradius-server
Accepting request 22431 from network
Copy from network/freeradius-server based on submit request 22431 from user puzel OBS-URL: https://build.opensuse.org/request/show/22431 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=19
This commit is contained in:
parent
f07eaa1826
commit
6b04953d85
48
freeradius-server-fix-cert-bootstrap.patch
Normal file
48
freeradius-server-fix-cert-bootstrap.patch
Normal file
@ -0,0 +1,48 @@
|
||||
Index: freeradius-server-2.1.6/raddb/certs/Makefile
|
||||
===================================================================
|
||||
--- freeradius-server-2.1.6.orig/raddb/certs/Makefile 2009-05-18 13:13:55.000000000 +0200
|
||||
+++ freeradius-server-2.1.6/raddb/certs/Makefile 2009-10-15 10:46:28.000000000 +0200
|
||||
@@ -51,7 +51,7 @@ dh:
|
||||
# Create a new self-signed CA certificate
|
||||
#
|
||||
######################################################################
|
||||
-ca.key ca.pem: ca.cnf
|
||||
+ca.key ca.pem:
|
||||
openssl req -new -x509 -keyout ca.key -out ca.pem \
|
||||
-days $(CA_DEFAULT_DAYS) -config ./ca.cnf
|
||||
|
||||
@@ -64,7 +64,7 @@ ca.der: ca.pem
|
||||
# Create a new server certificate, signed by the above CA.
|
||||
#
|
||||
######################################################################
|
||||
-server.csr server.key: server.cnf
|
||||
+server.csr server.key:
|
||||
openssl req -new -out server.csr -keyout server.key -config ./server.cnf
|
||||
|
||||
server.crt: server.csr ca.key ca.pem index.txt serial
|
||||
@@ -86,7 +86,7 @@ server.vrfy: ca.pem
|
||||
# certificate.
|
||||
#
|
||||
######################################################################
|
||||
-client.csr client.key: client.cnf
|
||||
+client.csr client.key:
|
||||
openssl req -new -out client.csr -keyout client.key -config ./client.cnf
|
||||
|
||||
client.crt: client.csr server.crt server.key index.txt serial
|
||||
Index: freeradius-server-2.1.6/raddb/certs/bootstrap
|
||||
===================================================================
|
||||
--- freeradius-server-2.1.6.orig/raddb/certs/bootstrap 2009-05-18 13:13:55.000000000 +0200
|
||||
+++ freeradius-server-2.1.6/raddb/certs/bootstrap 2009-10-15 10:47:34.000000000 +0200
|
||||
@@ -19,6 +19,7 @@ make all
|
||||
#
|
||||
if [ "$?" = "0" ]
|
||||
then
|
||||
+ chgrp radiusd *
|
||||
exit 0
|
||||
fi
|
||||
|
||||
@@ -44,3 +45,4 @@ openssl ca -batch -keyfile ca.key -cert
|
||||
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
|
||||
openssl pkcs12 -in server.p12 -out server.pem -passin pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -passout pass:`grep output_password server.cnf | sed 's/.*=//;s/^ *//'` || exit 1
|
||||
openssl x509 -inform PEM -outform DER -in ca.pem -out ca.der || exit 1
|
||||
+chgrp radiusd *
|
39
freeradius-server-sha1-default.patch
Normal file
39
freeradius-server-sha1-default.patch
Normal file
@ -0,0 +1,39 @@
|
||||
Index: freeradius-server-2.1.6/raddb/certs/ca.cnf
|
||||
===================================================================
|
||||
--- freeradius-server-2.1.6.orig/raddb/certs/ca.cnf 2009-05-18 13:13:55.000000000 +0200
|
||||
+++ freeradius-server-2.1.6/raddb/certs/ca.cnf 2009-10-12 13:47:40.000000000 +0200
|
||||
@@ -16,7 +16,7 @@ name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 365
|
||||
default_crl_days = 30
|
||||
-default_md = md5
|
||||
+default_md = sha1
|
||||
preserve = no
|
||||
policy = policy_match
|
||||
|
||||
Index: freeradius-server-2.1.6/raddb/certs/client.cnf
|
||||
===================================================================
|
||||
--- freeradius-server-2.1.6.orig/raddb/certs/client.cnf 2009-05-18 13:13:55.000000000 +0200
|
||||
+++ freeradius-server-2.1.6/raddb/certs/client.cnf 2009-10-12 13:47:45.000000000 +0200
|
||||
@@ -16,7 +16,7 @@ name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 365
|
||||
default_crl_days = 30
|
||||
-default_md = md5
|
||||
+default_md = sha1
|
||||
preserve = no
|
||||
policy = policy_match
|
||||
|
||||
Index: freeradius-server-2.1.6/raddb/certs/server.cnf
|
||||
===================================================================
|
||||
--- freeradius-server-2.1.6.orig/raddb/certs/server.cnf 2009-05-18 13:13:55.000000000 +0200
|
||||
+++ freeradius-server-2.1.6/raddb/certs/server.cnf 2009-10-12 13:47:50.000000000 +0200
|
||||
@@ -16,7 +16,7 @@ name_opt = ca_default
|
||||
cert_opt = ca_default
|
||||
default_days = 365
|
||||
default_crl_days = 30
|
||||
-default_md = md5
|
||||
+default_md = sha1
|
||||
preserve = no
|
||||
policy = policy_match
|
||||
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 15 09:05:18 UTC 2009 - puzel@novell.com
|
||||
|
||||
- freeradius-server-sha1-default.patch (bnc#546042)
|
||||
- freeradius-server-fix-cert-bootstrap.patch (bnc#546041)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 19 10:35:46 CEST 2009 - coolo@novell.com
|
||||
|
||||
|
@ -19,7 +19,7 @@
|
||||
|
||||
Name: freeradius-server
|
||||
Version: 2.1.6
|
||||
Release: 2
|
||||
Release: 3
|
||||
License: GPL v2 only ; LGPL v2.1 only
|
||||
Group: Productivity/Networking/Radius/Servers
|
||||
Provides: radiusd
|
||||
@ -35,6 +35,8 @@ Patch2: %{name}-%{version}-rcradiusd.patch
|
||||
Patch3: %{name}-%{version}-codecleanup.patch
|
||||
Patch4: %{name}-%{version}-edir-64bit.patch
|
||||
Patch5: %{name}-%{version}-overflow.patch
|
||||
Patch6: freeradius-server-sha1-default.patch
|
||||
Patch7: freeradius-server-fix-cert-bootstrap.patch
|
||||
PreReq: perl openssl pwdutils coreutils
|
||||
PreReq: %insserv_prereq %fillup_prereq
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
@ -212,6 +214,8 @@ Authors:
|
||||
%patch3
|
||||
%patch4
|
||||
%patch5
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
|
||||
%build
|
||||
# This package failed when testing with -Wl,-as-needed being default.
|
||||
@ -297,7 +301,9 @@ rm -f $RPM_BUILD_ROOT%{_defaultdocdir}/%{name}/examples/Makefile
|
||||
|
||||
%post
|
||||
# Generate default certificates
|
||||
/etc/raddb/certs/bootstrap
|
||||
if [ $1 -eq 1 ]; then
|
||||
/etc/raddb/certs/bootstrap
|
||||
fi
|
||||
chgrp radiusd /etc/raddb/certs/*
|
||||
%{fillup_and_insserv freeradius}
|
||||
|
||||
@ -440,718 +446,3 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%attr(644,root,root) %{_includedir}/freeradius/*.h
|
||||
|
||||
%changelog
|
||||
* Fri Jun 19 2009 coolo@novell.com
|
||||
- disable as-needed for this package as it fails to build with it
|
||||
* Tue Jun 02 2009 puzel@suse.cz
|
||||
- updated to 2.1.6
|
||||
o Feature improvements
|
||||
* radclient exits with 0 on successful (accept / ack), and 1
|
||||
otherwise (no response / reject)
|
||||
* Added support for %%{sql:UPDATE ..}, and insert/delete
|
||||
Patch from Arran Cudbard-Bell
|
||||
* Added sample "do not respond" policy. See raddb/policy.conf
|
||||
and raddb/sites-available/do_not_respond
|
||||
* Cleanups to Suse spec file from Norbert Wegener
|
||||
* New VSAs for Juniper from Bjorn Mork
|
||||
* Include more RFC dictionaries in the default install
|
||||
* More documentation for the WiMAX module
|
||||
* Added "chase_referrals" and "rebind" configuration to rlm_ldap.
|
||||
This helps with Active Directory. See raddb/modules/ldap
|
||||
* Don't load pre/post-proxy if proxying is disabled.
|
||||
* Added %%{md5:...}, which returns MD5 hash in hex.
|
||||
* Added configurable "retry_interval" and "poll_interval"
|
||||
for "detail" listeners.
|
||||
* Added "delete_mppe_keys" configuration option to rlm_wimax.
|
||||
Apparently some WiMAX clients misbehave when they see those keys.
|
||||
* Added experimental rlm_ruby from
|
||||
http://github.com/Antti/freeradius-server/tree/master
|
||||
* Add Tunnel attributes to ldap.attrmap
|
||||
* Enable virtual servers to be reloaded on HUP. For now, only
|
||||
the "authorize", "authenticate", etc. processing sections are
|
||||
reloaded. Clients and "listen" sections are NOT reloaded.
|
||||
* Updated "radwatch" script to be more robust. See scripts/radwatch
|
||||
* Added certificate compatibility notes in raddb/certs/README,
|
||||
for compatibility with different operating systems. (i.e. Windows)
|
||||
o Bug fixes
|
||||
* Minor changes to allow building without VQP.
|
||||
* Minor fixes from John Center
|
||||
* Fixed raddebug example
|
||||
* Don't crash when deleting attributes via unlang
|
||||
* Be friendlier to very fast clients
|
||||
* Updated the "detail" listener so that it only polls once,
|
||||
and not many times in a row, leaking memory each time...
|
||||
* Update comparison for Packet-Src-IP-Address (etc.) so that
|
||||
the operators other than '==' work.
|
||||
* Did autoconf magic to work around weird libtool bug
|
||||
* Make rlm_perl keep tags for tagged attributes in more situations
|
||||
* Update UID checking for radmin
|
||||
* Added "include_length" field for TTLS. It's needed for RFC
|
||||
compliance, but not (apparently) for interoperability.
|
||||
- FreeRADIUS 2.1.5
|
||||
* Release number skipped due to procedural issues.
|
||||
- FreeRADIUS 2.1.4
|
||||
o Feature improvements
|
||||
* Permit multiple "-e" in radmin.
|
||||
* Add support for originating CoA-Request and Disconnect-Request.
|
||||
See raddb/sites-available/originate-coa.
|
||||
* Added "lifetime" and "max_queries" to raddb/sql.conf.
|
||||
This helps address the problem of hung SQL sockets.
|
||||
* Allow packets to be injected via radmin. See "inject help"
|
||||
in radmin.
|
||||
* Answer VMPS reconfirmation request. Patch from Hermann Lauer.
|
||||
* Sample logrotate script in scripts/logrotate.freeradius
|
||||
* Add configurable poll interval for "detail" listeners
|
||||
* New "raddebug" command. This prints debugging information from
|
||||
a running server. See "man raddebug.
|
||||
* Add "require_message_authenticator" configuration to home_server
|
||||
configuration. This makes the server add Message-Authenticator
|
||||
to all outgoing Access-Request packets.
|
||||
* Added smsotp module, as contributed by Siemens.
|
||||
* Enabled the administration socket in the default install.
|
||||
See raddb/sites-available/control-socket, and "man radmin"
|
||||
* Handle duplicate clients, such as with replicated or
|
||||
load-balanced SQL servers and "readclients = yes"
|
||||
o Bug fixes
|
||||
* Clean up control sockets when they are closed, so that we don't
|
||||
leak memory.
|
||||
* Define SUN_LEN for systems that don't have it.
|
||||
* Correct some boundary conditions in the conditional checker ("if")
|
||||
in "unlang". Bug noted by Arran Cudbard-Bell.
|
||||
* Work around minor building issues in gmake. This should only
|
||||
have affected developers.
|
||||
* Change how we manage unprivileged user/group, so that we do not
|
||||
create control sockets owned by root.
|
||||
* Fixed more minor issues found by Coverity.
|
||||
* Allow raddb/certs/bootstrap to run when there is no "make"
|
||||
command installed.
|
||||
* In radiusd.conf, run_dir depends on the name of the program,
|
||||
and isn't hard-coded to "..../radiusd"
|
||||
* Check for EOF in more places in the "detail" file reader.
|
||||
* Added Freeswitch dictionary.
|
||||
* Chop ethernet frames in VMPS, rather than droppping packets.
|
||||
* Fix EAP-TLS bug. Patch from Arnaud Ebalard
|
||||
* Don't lose string for regex-compares in the "users" file.
|
||||
* Expose more functions in rlm_sql to rlm_sqlippool, which
|
||||
helps on systems where RTLD_GLOBAL is off.
|
||||
* Fix typos in MySQL schemas for ippools.
|
||||
* Remove macro that was causing build issues on some platforms.
|
||||
* Fixed issues with dead home servers. Bug noted by Chris Moules.
|
||||
* Fixed "access after free" with some dynamic clients.
|
||||
* Thu Mar 26 2009 crrodriguez@suse.de
|
||||
- do not ship static modules
|
||||
* Tue Feb 10 2009 prusnak@suse.cz
|
||||
- updated to 2.1.3
|
||||
o Feature Improvements
|
||||
* Allow running with user=radiusd and binding to secure sockets.
|
||||
* Start sending Status-Server "are you alive" messages earlier,
|
||||
which helps with proxying multiple realms to a home server.
|
||||
* Removed thread pool code from rlm_perl. It's not necessary.
|
||||
* Added example Perl configuration to raddb/modules/perl
|
||||
* Force OpenSSL to support certificates with SHA256. This seems
|
||||
to be necessary for WiMAX certs.
|
||||
o Bug Fixes
|
||||
* Fix Debian patch to allow it to build.
|
||||
* Fix potential NULL dereference in debugging mode on certain
|
||||
platforms for TTLS and PEAP inner tunnels.
|
||||
* Fix uninitialized memory in handling of vendor definitions
|
||||
* Fix parsing of quoted (but non-string) attributes in
|
||||
the users< file.
|
||||
* Initialize unknown NAS IP to 255.255.255.255, rather than 0.0.0.0
|
||||
* use SUN_LEN in control socket, to avoid truncation on some platforms.
|
||||
* Correct internal handling of debug condition to prevent it
|
||||
from being over-written.
|
||||
* Check return code of regcomp in unlang, so that invalid regular
|
||||
expressions are caught rather than mishandled.
|
||||
* Make rlm_sql use <ltdl.h>. Addresses bug #610.
|
||||
* Document list "type = status" better. Closes bug #580.
|
||||
* Set "default days" for certificates, because OpenSSL won't do it.
|
||||
This closes bug #615.
|
||||
* Reference correct list in example raddb/modules/ldap. Closes #596.
|
||||
* Increase default schema size for Acct-Session-Id to 64. Closes #540.
|
||||
* Fix use of temporary files in dialup-admin. Closes #605
|
||||
and addresses CVE-2008-4474.
|
||||
* Addressed a number of minor issues found by Coverity.
|
||||
* Added DHCP option 150 to the dictionary. Closes #618.
|
||||
- removed CVE-2008-4474.patch (included in update)
|
||||
- fixed buffer overflow (overflow.patch)
|
||||
* Tue Feb 10 2009 prusnak@suse.cz
|
||||
- fixed eDirectory bug on 64bit architectures (edir-64bit.patch)
|
||||
[bnc#474006]
|
||||
* Fri Feb 06 2009 prusnak@suse.cz
|
||||
- moved manpages from section 1 to utils subpackage [bnc#469682]
|
||||
* Fri Jan 09 2009 prusnak@suse.cz
|
||||
- fixed bootstraping of certificates in %%post [bnc#461998]
|
||||
* Thu Oct 09 2008 prusnak@suse.cz
|
||||
- fixed CVE-2008-4474 [bnc#433762]
|
||||
* Thu Oct 09 2008 prusnak@suse.cz
|
||||
- updated to 2.1.1
|
||||
o Feature Improvements
|
||||
* Many more options and features are available via radmin.
|
||||
See man radmin and raddb/sites-available/control-socket.
|
||||
* Many more commands available via the control socket.
|
||||
Connect via radmin, and type help for more information.
|
||||
* Added dictionary.networkphysics and dictionary.lancom.
|
||||
* Calculate WiMAX MIP keys, and added sample WiMAX SQL tables.
|
||||
o Bug Fixes
|
||||
* Fixed bug that made radmin not work.
|
||||
* Fixed Suse && Debian package scripts.
|
||||
* Fixed issues with dynamic clients.
|
||||
* Fixed configure checks for -lreadline
|
||||
* rlm_sqlippool no longer needs to be linked to rlm_sql.
|
||||
* Add statistics for detail file listeners. This closes bug #593.
|
||||
* Fixed printing of some WiMAX attributes.
|
||||
* Fixed double free on exit() in rlm_attr_filter.
|
||||
* Fixed build issues on Solaris.
|
||||
* Fixed fast session resumption for EAP-TLS.
|
||||
* Mon Sep 15 2008 ro@suse.de
|
||||
- make radrelay a hardlink to radiusday (instead of identical copy)
|
||||
* Tue Sep 09 2008 prusnak@suse.cz
|
||||
- updated to 2.1.0
|
||||
o Feature Improvements
|
||||
* Clients may now be defined dynamically, based on IP address.
|
||||
See raddb/sites-available/dynamic-clients.
|
||||
* SNMP support is now available through an experimental Perl script.
|
||||
See scripts/snmp-proxy/README
|
||||
* SNMP statistics are also available through Status-Server packets.
|
||||
See raddb/sites-available/status
|
||||
* Added more Microsoft attributes from bug #568.
|
||||
* The linelog module has more functionality and flexibility.
|
||||
See raddb/modules/linelog.
|
||||
* The debugging output has been sanitized. It should be much more
|
||||
readable.
|
||||
* Debug logs can now be turned on/off while the server is running,
|
||||
for a user, group, realm, etc. See the log section of raddb/radiusd.conf.
|
||||
* Added support for WiMAX Forum attributes. The dynamic keys are
|
||||
not yet calculated. See share/dictionary.wimax
|
||||
* Added session resumption for PEAP and TTLS.
|
||||
See raddb/eap.conf, and the cache sub-section.
|
||||
* Added radmin command-line tool for administering a running server.
|
||||
See man radmin and raddb/sites-available/control-socket.
|
||||
o Bug Fixes
|
||||
* Double escaping of '\\' in the users (and some other) files
|
||||
has been fixed. If you have '\\' in the users file, your
|
||||
configuration will need to be checked, and fixed!
|
||||
* Parse security section of radiusd.conf. This was accidentally
|
||||
deleted in 2.0.5. Closes bug #566.
|
||||
* Bind to interface before IP, which allows DHCP sockets to listen
|
||||
on "*" for multiple interfaces.
|
||||
* Fix handling of giaddr in DHCP responses.
|
||||
* Corrected parsing of status_check in home_server so that it works.
|
||||
* Fix hints so that "Puser" works again.
|
||||
* Removed length restrictions on attribute names in the dictionaries.
|
||||
* Update socket code to avoid C compiler optimizations.
|
||||
* Thu Aug 28 2008 ro@suse.de
|
||||
- remove deprecated startvar from fillup_and_insserv call
|
||||
* Tue Aug 26 2008 pth@suse.de
|
||||
- Fix Required-Stop in init scripts.
|
||||
* Wed Jul 23 2008 prusnak@suse.cz
|
||||
- updated to 2.0.5
|
||||
Feature improvements
|
||||
* Permit SQL authorize_reply_query to be empty.
|
||||
* Allow setting response packet type in Post-Proxy-Type Fail
|
||||
handler.
|
||||
* Added install-chown target to set correct permission and ownership
|
||||
make RADMIN=radmin RGROUP=radius install-chown
|
||||
* Support for LDAP-Group and other dynamic comparison attributes
|
||||
in unlang. Developed from a patch by Jason Alderfer.
|
||||
* Added chroot support. See radiusd.conf for comments.
|
||||
* Allow clients of 0/0. We do not recommend using this, though.
|
||||
* Moved many module configurations into raddb/modules/*
|
||||
Bug fixes
|
||||
* Allow proxying to virtual servers for accounting packets, too.
|
||||
* Added "num fields" function to PostgreSQL client.
|
||||
* Updated proxy fallback mechanism to validate fallback servers,
|
||||
and to process fallback requests in a child thread.
|
||||
* rlm_realm returns "ok" for LOCAL realms, not "noop".
|
||||
* Fixed some DHCP code handling. The examples should now work.
|
||||
- updated to 2.0.4
|
||||
Feature improvements
|
||||
* Allow "virtual_server" in "realm" and "home_server" sections.
|
||||
See raddb/proxy.conf and raddb/sites-available/virtual.example.com.
|
||||
* Allow "passwd" module to be listed in "accounting" and "post-auth".
|
||||
* Added "fallback" to "home_server_pool" configuration, to handle
|
||||
the case of all home servers being dead. See raddb/proxy.conf.
|
||||
* Added sample text to raddb/sites-available/inner-tunnel which
|
||||
can simplify debugging of inner tunnel configurations.
|
||||
* Added regular expression matching in realm names. See
|
||||
raddb/proxy.conf for examples.
|
||||
* Added simple DHCP server functionality. For comments, see
|
||||
raddb/sites-available/dhcp.
|
||||
* Added file globbing capabilities to detail file reader
|
||||
* Added sample raddb/sites-available/robust-proxy-accounting
|
||||
* Clients in SQL can now refer to a virtual server.
|
||||
Patch from Michael Bretterklieber.
|
||||
* Added some examples of creating RADIUS administrator in SQL,
|
||||
and assigning appropriate access rights.
|
||||
Bug fixes
|
||||
* Install all files in raddb/sites-available
|
||||
* Allow non-threaded builds.
|
||||
* Don't treat '0x' as special for known attributes that are not
|
||||
of type "octets".
|
||||
* Fix log error in rlm_pap.
|
||||
* Remove documentation about non-existent functionality.
|
||||
* Updated warning messages in debug output.
|
||||
* Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
|
||||
This fix was supposed to go into 2.0.3, but did not make it.
|
||||
* Fix event handling in debug mode for failed proxy requests.
|
||||
* Fix memleak in fifos. Closes #537.
|
||||
* Fix memleak on blocked threads. Closes #538.
|
||||
* Perform additional checks on NULL realms. Closes #541.
|
||||
* Fix handling of "clients" in "listen" section.
|
||||
* When detail file cannot process a packet, sleep for longer
|
||||
to let the rest of the server do something.
|
||||
* Add missing table to raddb/sql/mssql/schema.sql. Closes #545.
|
||||
* Updated rlm_sql_postgresql to build with PostgreSQL 7.x.
|
||||
Closes #533.
|
||||
* Fix "postauth" of rlm_ldap to look for LDAP-UserDn in the
|
||||
correct place.
|
||||
* Update rlm_attr_filter for some corner cases. Closes #543.
|
||||
* Fixed memory leak in libfreeradius event handler.
|
||||
* In the SQL Accounting on/off queries, remove the restriction
|
||||
that the session time had to be zero.
|
||||
- dropped obsoleted patches
|
||||
* event-fifo-threads.patch (included in update)
|
||||
* raddb.patch (no longer needed)
|
||||
- added logrotate to Recommends
|
||||
* Tue May 13 2008 prusnak@suse.cz
|
||||
- fix crashes in events, fifo and threads (event-fifo-threads.patch)
|
||||
* Mon May 05 2008 pth@suse.de
|
||||
- Fix coding errors that made the package fail to build.
|
||||
* Wed Mar 19 2008 prusnak@suse.cz
|
||||
- updated to 2.0.3
|
||||
Feature improvements
|
||||
* Updated raddb/certs/ca.cnf with extensions to allow ca.der
|
||||
to be imported as a CA on Symbian and Windows Mobile devices.
|
||||
Closes bug #524
|
||||
* Enable multiple matches in "hints" via Fall-Through = Yes.
|
||||
Closes bug #477
|
||||
* Added preliminary SQLite driver, contibuted by Apple.
|
||||
Untested, with no sample configuration. This address bug #470.
|
||||
* Updated logging sub-system so that log messages from libfreeradius
|
||||
can go to the log file, and not stdout.
|
||||
* Added dictionary.rfc5176
|
||||
* EAP module now checks for instance name, and uses that for
|
||||
authentication. This avoids the need to set Auth-Type when
|
||||
there are multiple instances of the EAP module.
|
||||
* Added Module-Return-Code attribute, which contains the value
|
||||
returned by the previous module (ok/fail/update/etc.)
|
||||
Bug fixes
|
||||
* Corrected typos in rlm_dbm. Closes bugs #521 and #522.
|
||||
* Detail file "listen" sections now work much better.
|
||||
* Don't allow old "log_*" to over-ride new format. Closes bug #525
|
||||
* Initialize allocated memory in Oracle SQL driver. This fixes
|
||||
occasional crashes on some systems. Closes bug #518
|
||||
* Call correct function in rlm_protocol_filter. This enables the
|
||||
module to build. Closes bug #512.
|
||||
* Added deprecated flag to build for rlm_krb5. This allows it to
|
||||
run on 64-bit systems. Closes bug #491
|
||||
* Corrected error message when parsing invalid configurations
|
||||
so it doesn't crash. Closes bug #527
|
||||
* Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
|
||||
* Handle $INCLUDE's in "instantiate" section. Closes #528.
|
||||
* Format updates to "man" pages from Stephen Gran.
|
||||
- updated to 2.0.2
|
||||
Feature improvements
|
||||
* Added notes on how to debug the server in radiusd.conf
|
||||
* Moved all "log_*" in radiusd.conf to log{} section.
|
||||
The old configurations are still accepted, though.
|
||||
* Added ca.der target in raddb/certs/Makefile. This is
|
||||
needed for importing CA certs into Windows.
|
||||
* Added ability send raw attributes via "Raw-Attribute = 0x0102..."
|
||||
This is available only debug builds. It can be used
|
||||
to create invalid packets! Use it with care.
|
||||
* Permit "unlang" policies inside of Auth-Type{} sub-sections
|
||||
of the authenticate{} section. This makes some policies easier
|
||||
to implement.
|
||||
* "listen" sections can now have "type = proxy". This lets you
|
||||
control which IP is used for sending proxied requests.
|
||||
* Added note on SSL performance to raddb/certs/README
|
||||
Bug fixes
|
||||
* Fixed reading of "detail" files.
|
||||
* Allow inner EAP tunneled sessions to be proxied.
|
||||
* Corrected MySQL schemas
|
||||
* syslog now works in log{} section.
|
||||
* Corrected typo in raddb/certs/client.cnf
|
||||
* Updated raddb/sites-available/proxy-inner-tunnel to
|
||||
permit authentication to work.
|
||||
* Ignore zero-length attributes in received packets.
|
||||
* Correct memcpy when dealing with unknown attributes.
|
||||
* Corrected debugging messages in attr_rewrite.
|
||||
* Corrected generation of State attribute in EAP. This
|
||||
fixes the "failed to remember handler" issues.
|
||||
* Fall back to DEFAULT realm if no realm was found.
|
||||
Based on a patch from Vincent Magnin.
|
||||
* Updated example raddb/sites-available/proxy-inner-tunnel
|
||||
* Corrected behavior of attr_filter to match documentation.
|
||||
This is NOT backwards compatible with previous versions!
|
||||
See "man rlm_attr_filter" for details.
|
||||
- dropped patches:
|
||||
* conf_read.patch (included in update)
|
||||
* strncat.patch (obsoleted by update)
|
||||
* Tue Jan 29 2008 prusnak@suse.cz
|
||||
- replace obsoleted call to conf_read with cf_file_read (conf_read.patch)
|
||||
- split off -doc subpackage
|
||||
* Thu Jan 24 2008 prusnak@suse.cz
|
||||
- fix strncat usage (strncat.patch)
|
||||
* Tue Jan 22 2008 prusnak@suse.cz
|
||||
- updated to 2.0.1
|
||||
* improve unlang
|
||||
* update acct_module
|
||||
* fix parsing of syslog logging
|
||||
* minor fixes over 2.0.0
|
||||
* Tue Jan 22 2008 prusnak@suse.cz
|
||||
- renamed to freeradius-server (to follow upstream change)
|
||||
- updated to 2.0.0:
|
||||
o Feature improvements
|
||||
* Debugging mode is much clearer and easier to read.
|
||||
* A new policy language makes many configurations trivial.
|
||||
See "man unlang" for a complete description.
|
||||
* Virtual servers are now supported. This permits clear separation
|
||||
of policies. See raddb/sites-available/README
|
||||
* EAP-TLS (PEAP, EAP-TTLS) and OpenSSL certificates "just work".
|
||||
See raddb/certs/README for details.
|
||||
* Proxying is much more configurable than before.
|
||||
See proxy.conf for documentation on pools, and new config items.
|
||||
* Full support for IPv6.
|
||||
* Much more complete support for the RADIUS SNMP MIBs.
|
||||
* HUP now works. Only some modules are re-loaded,
|
||||
and the server configuation is *not* reloaded.
|
||||
* "check config" option now works. See "man radiusd"
|
||||
* radrelay functionality is now included in the server core.
|
||||
See raddb/sites-available/copy-acct-to-home-server
|
||||
* VMPS support. It is minimal, but functional.
|
||||
* Cleaned up internal API's and names, including library names.
|
||||
o Bug fixes
|
||||
* Many.
|
||||
- removed obsolete patch:
|
||||
* type_punning.patch
|
||||
* Tue Dec 04 2007 prusnak@suse.cz
|
||||
- remove openldap2 from BuildRequires
|
||||
* Tue Nov 06 2007 prusnak@suse.cz
|
||||
- updated to 1.1.7
|
||||
Feature Improvements
|
||||
* Updated LDAP documentation.
|
||||
* Added note on DH parameters in eap.conf, and debugging messages
|
||||
which complain if DH is used, but not configured properly.
|
||||
* Updated the Mikrotik dictionary. Added a note that the sample
|
||||
dictionary they supply is broken.
|
||||
* Output more information on blocked threads, which should help
|
||||
narrow down which modules is causing the problem.
|
||||
* Added more eDirectory support.
|
||||
* rlm_ldap now prints out attributes in the standard format
|
||||
* Enabled server-side handling of procedures in MySQL
|
||||
Bug Fixes
|
||||
* Added NT-Hash support for mschap_xlat.
|
||||
* Corrected documentation to point to correct location of files.
|
||||
* Checks for more recent FreeBSD versions.
|
||||
* uses -DLDAP_DEPRECATED to avoid OpenLDAP crashes.
|
||||
* Use correct value for authentication name in rlm_mschap.
|
||||
* Fix over-ride for usernames when use_tunneled_reply = yes.
|
||||
* Fri Apr 20 2007 pth@suse.de
|
||||
- Update to 1.1.6. Changes since 1.1.3:
|
||||
Feature improvements
|
||||
* Added dictionary.rfc4372 (Chargeable User Identity)
|
||||
* Added dictionary.rfc4675 (VLAN and Priority)
|
||||
* Added dictionary.rfc4679 (ADSL Forum)
|
||||
NOTE some name differences from the RFC, due to dictionary.redback
|
||||
* Updated rlm_python to something usable
|
||||
* Added experimental sql "HPW" IPPools.
|
||||
* Added more dictionaries
|
||||
* Dictionary files now MUST NOT be globally writable.
|
||||
* Configuration files now MUST NOT be globally readable,
|
||||
or globally writable.
|
||||
* Be more aggressive about freeing memory on clean exit.
|
||||
This helps track down run-time leaks.
|
||||
* Updated rlm_python to something usable
|
||||
* Added experimental sql "HPW" IPPools.
|
||||
* Major enhancements to rlm_pap, that make "encryption_scheme"
|
||||
a thing of the past. See "man rlm_pap" for details.
|
||||
* Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use
|
||||
work-arounds that enable Windows Vista clients to work.
|
||||
* Added preliminary code to support Firebird.
|
||||
Use at your own risk!
|
||||
* Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more
|
||||
platforms.
|
||||
* Add a new "reply-name" directive in rlm_sqlcounter to define the
|
||||
name of the reply attribute.
|
||||
* Added more dictionaries and attributes
|
||||
* Print ntlm_auth failure reason in Module-Failure-Message
|
||||
* radsqlrelay is able to get the DB password from a file instead
|
||||
of command line.
|
||||
Bug fixes
|
||||
* Corrected typo in rlm_pap.c
|
||||
* Corrected typo in src/main/auth.c
|
||||
* Suppress SSL error messages if error is zero.
|
||||
* Don't complain about "Error in read client certificate A"
|
||||
if we expect to read it in the next packet. Fix based on patch
|
||||
by Dan Lukes.
|
||||
* Corrected nearly 30 bugs found by Coverity
|
||||
See also http://scan.coverity.com
|
||||
* Don't die on HUP. Instead leak memory (sorry). After a few
|
||||
hundred HUP's, the server will have leaked a few megabytes of
|
||||
memory, and you should probably re-start it. It's ugly, but
|
||||
better than dying.
|
||||
* Corrected a few double free's
|
||||
* Corrected typo in radrelay, which prevented it from working
|
||||
* Made Firebird module build
|
||||
* Fixed bug in PostgreSQL module that caused server crash.
|
||||
* Fixed bug in SQL module that could cause server to crash.
|
||||
* Corrected base64 decoding in rlm_pap
|
||||
* Don't retransmit accounting packets. The NAS should do this.
|
||||
* Handle Client-Error in EAP-SIM.
|
||||
* Port OpenSSL locking fixes from CVS head. This makes PEAP
|
||||
more stable on some systems.
|
||||
* Require Message-Authenticator in Status-Server packets
|
||||
* Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868
|
||||
* Be more aggressibe about freeing memory on clean exit.
|
||||
This isn't strictly a bug fix, but it makes it easier to
|
||||
find memory leaks
|
||||
* Increase buffer size for dynamic expansion, which allows
|
||||
longer SQL qeuries.
|
||||
* Use correct line number when there's a parse error in one
|
||||
of the configuration sections.
|
||||
* Terminate SSL sessions in EAP on error, rather than continuing
|
||||
in some cases.
|
||||
* Increase buffer size to allow parsing of long octet strings
|
||||
* Fix string termination on xlat in rlm_perl
|
||||
* Fix a parse error in the digest module, where malformed
|
||||
digest requests would result in the user being accepted. Oops...
|
||||
* VALUEs can only be defined for 'integer', to catch mistakes
|
||||
with setting VALUEs for type 'string'.
|
||||
* Better parsing of VALUE names, so that values starting with
|
||||
a digit work correctly.
|
||||
* Check return from malloc.
|
||||
* Fix a double free() in rlm_eap_tls.c
|
||||
* Check return code of malloc() during initialization.
|
||||
* Fix a corner case where the proxy port isn't set either in
|
||||
radiusd.conf or in proxy.conf.
|
||||
* Mon Mar 26 2007 rguenther@suse.de
|
||||
- add gdbm-devel BuildRequires
|
||||
* Sun Feb 11 2007 ro@suse.de
|
||||
- one oversight in last change, build tested
|
||||
* Sun Feb 11 2007 ro@suse.de
|
||||
- fix build as non-root
|
||||
* Mon Sep 04 2006 kukuk@suse.de
|
||||
- Make sure that pam_nologin.so will always be executed.
|
||||
* Wed Aug 23 2006 stark@suse.de
|
||||
- update to version 1.1.3
|
||||
* autoconf updates
|
||||
* More dictionary updates
|
||||
* Security and portability fixes to rlm_otp
|
||||
* Miscellaneous bug fixes
|
||||
* Mon Jun 05 2006 stark@suse.de
|
||||
- update to version 1.1.2
|
||||
* Allow tagged VSA's for Juniper.
|
||||
* Allow Ascend "abinary" format to be specified as octets,
|
||||
(e.g. Ascend-Data-Filter = 0x010203...)
|
||||
* Added "cipher_list" configuration to the EAP-TLS module.
|
||||
See "eap.conf" and "man 1 cipher" for details.
|
||||
* Added "check_cert_issuer" configuration to the EAP-TLS module.
|
||||
See "eap.conf" for details.
|
||||
* Added "suppress" configuration entry to rlm_detail,
|
||||
to suppress certain attributes (e.g. User-Password).
|
||||
* Write SSL errors to log file, rather than stderr.
|
||||
* Allow a core dump on uid change on Linux
|
||||
* Bugfixes
|
||||
* Wed May 24 2006 schwab@suse.de
|
||||
- Don't strip binaries.
|
||||
* Tue Mar 28 2006 stark@suse.de
|
||||
- fixed an error on x86_64 machines when reading dictionaries
|
||||
(#161503)
|
||||
- make "use_tunneled_reply" work properly for PEAP
|
||||
* Mon Mar 27 2006 ro@suse.de
|
||||
- also use fPIC on s390*
|
||||
* Thu Mar 23 2006 stark@suse.de
|
||||
- fixed validation issue with the EAP-MSCHAPv2 module (#160249)
|
||||
* Wed Jan 25 2006 mls@suse.de
|
||||
- converted neededforbuild to BuildRequires
|
||||
* Fri Jan 20 2006 stark@suse.de
|
||||
- fixed directory permissions (#141153)
|
||||
* Thu Jan 19 2006 ro@suse.de
|
||||
- changed php requires to generic ones (for php5)
|
||||
* Sat Jan 14 2006 stark@suse.de
|
||||
- use --with-udpfromto useful for systems with multiple addresses
|
||||
* Thu Jan 12 2006 stark@suse.de
|
||||
- update to version 1.1.0
|
||||
* Wed Jan 11 2006 stark@suse.de
|
||||
- adding stack-protector to CFLAGS
|
||||
- don't package *.la files for now (#141207)
|
||||
* Wed Dec 21 2005 stark@suse.de
|
||||
- fixed realloc() in rlm_pam
|
||||
* Tue Nov 15 2005 stark@suse.de
|
||||
- moved dialup_admin to subpackage and integrate it into
|
||||
Apache 2 configuration
|
||||
* Mon Sep 26 2005 ro@suse.de
|
||||
- added LDAP_DEPRECATED to CFLAGS
|
||||
* Fri Sep 23 2005 stark@suse.de
|
||||
- update to version 1.0.5
|
||||
- updated eDirectory integration documentation
|
||||
* Fri Sep 23 2005 ro@suse.de
|
||||
- fix build-dir references in .la files
|
||||
* Tue Aug 30 2005 stark@suse.de
|
||||
- fixed some issues from security audit (#104195)
|
||||
(is already upstream for 1.0.5 release)
|
||||
* Mon Aug 15 2005 stark@suse.de
|
||||
- fix mysql creation script (#104752)
|
||||
* Sat Jun 18 2005 stark@suse.de
|
||||
- update to version 1.0.4
|
||||
* Sun Jun 05 2005 stark@suse.de
|
||||
- update to version 1.0.3
|
||||
- link radiusd with -pie
|
||||
* Mon Apr 11 2005 stark@suse.de
|
||||
- start daemon correctly (#75979)
|
||||
- fixed packaging on x86-64 (#75979)
|
||||
* Wed Mar 02 2005 stark@suse.de
|
||||
- com_err.h patch not needed anymore
|
||||
- modified spec-file to work with older distributions
|
||||
* Fri Feb 18 2005 stark@suse.de
|
||||
- enabled eDirectory support and added documentation
|
||||
* Thu Feb 17 2005 stark@suse.de
|
||||
- update to 1.0.2
|
||||
* Sat Nov 27 2004 stark@suse.de
|
||||
- fixed installation of radeapclient (#48549)
|
||||
* Sat Nov 20 2004 stark@suse.de
|
||||
- don't use heimdal for distributions newer than 9.2
|
||||
* Mon Nov 15 2004 kukuk@suse.de
|
||||
- Use common-* PAM configuration
|
||||
* Sat Oct 23 2004 stark@suse.de
|
||||
- update to version 1.0.1
|
||||
- moved *.la files to devel package
|
||||
* Sat Aug 28 2004 stark@suse.de
|
||||
- modify logrotate config (#44436)
|
||||
* Tue Aug 17 2004 sndirsch@suse.de
|
||||
- fixed syntax error (Typo?) in init script
|
||||
* Fri Aug 13 2004 stark@suse.de
|
||||
- added some sample scripts to documentation
|
||||
* Tue Aug 10 2004 stark@suse.de
|
||||
- update to 1.0.0
|
||||
* Thu Jun 24 2004 ro@suse.de
|
||||
- update to 1.0.0pre3 (version set as 0.9.9)
|
||||
* Thu Feb 05 2004 stark@suse.de
|
||||
- disabled rlm_sql_iodbc and enabled rlm_sql_unixodb
|
||||
* Fri Jan 16 2004 kukuk@suse.de
|
||||
- Add pam-devel to neededforbuild
|
||||
* Mon Jan 12 2004 adrian@suse.de
|
||||
- add %%defattr
|
||||
* Fri Nov 28 2003 stark@suse.de
|
||||
- security update to 0.9.3
|
||||
* Fix a remote DoS and possible exploit due to mis-handling
|
||||
of tagged attributes, and Tunnel-Password attribute.
|
||||
* Thu Oct 16 2003 stark@suse.de
|
||||
- update to 0.9.2
|
||||
(see /usr/share/doc/packages/freeradius/ChangeLog)
|
||||
* Fri Aug 01 2003 ro@suse.de
|
||||
- fix include path for com_err.h
|
||||
* Thu Jul 31 2003 stark@suse.de
|
||||
- use stop/restart macros
|
||||
* Wed Jul 23 2003 stark@suse.de
|
||||
- use special user for running radiusd
|
||||
- modify default configuration to work without changes
|
||||
(Auth-Type = Local)
|
||||
- added README.SuSE explaining about radiusd user
|
||||
* Mon Jul 21 2003 stark@suse.de
|
||||
- update to 0.9.0
|
||||
- build against libiodbc to enable iodbc module
|
||||
* Wed Jun 04 2003 schwab@suse.de
|
||||
- Add db-devel to neededforbuild.
|
||||
- Don't use system libtool.
|
||||
- Fix use of sort.
|
||||
- Avoid running autoconf.
|
||||
* Tue Apr 15 2003 ro@suse.de
|
||||
- fixed neededforbuild
|
||||
* Mon Mar 03 2003 kukuk@suse.de
|
||||
- removed %%ghost stuff from filelist
|
||||
* Fri Feb 07 2003 kukuk@suse.de
|
||||
- Use pam_unix2.so instead of pam_unix.so
|
||||
* Wed Jan 15 2003 ro@suse.de
|
||||
- use sasl2
|
||||
* Tue Jan 14 2003 nadvornik@suse.cz
|
||||
- fixed multi-line string literals
|
||||
* Thu Dec 12 2002 stark@suse.de
|
||||
- update to 0.8.1
|
||||
* minor bugfixes
|
||||
* Mon Dec 02 2002 stark@suse.de
|
||||
- removed radwatch from package
|
||||
* Tue Nov 19 2002 stark@suse.de
|
||||
- update to 0.8
|
||||
* Support for Status-Server packets
|
||||
* Fixed memory leak when proxying
|
||||
* Round-robin load balancing when proxying
|
||||
* Many bug fixes
|
||||
* (/usr/share/doc/packages/ChangeLog)
|
||||
- moved modules to /usr/lib/freeradius
|
||||
* Mon Aug 19 2002 ro@suse.de
|
||||
- don't overwrite README's with each other
|
||||
* Fri Aug 16 2002 stark@suse.de
|
||||
- added PreReq (Bug #17838)
|
||||
* Thu Jun 20 2002 ro@suse.de
|
||||
- hack ltconfig for ppc64
|
||||
* Mon Apr 08 2002 stark@suse.de
|
||||
- fixed packaging on 64bit platforms
|
||||
- added logrotate config
|
||||
- added some sample scripts to doc-dir
|
||||
* Fri Mar 22 2002 stark@suse.de
|
||||
- update to 0.5
|
||||
* MS-CHAP and MS-CHAPv2 MPPE support,
|
||||
* EAP/MD5 and experimental EAP/TLS,
|
||||
* Experimental PHP web administration interface,
|
||||
* Fixes for *BSD,
|
||||
* Configurable database queries, executed per packet
|
||||
(e.g. %%{ldap:ldap:///dc=company,dc=com?uid?sub?uid=%%u}),
|
||||
* Fix logic bug which would cause occasional server crashes,
|
||||
* Server-side quenching of DoS attacks,
|
||||
* Experimental Python module,
|
||||
* Aptis, Quintum, and Foundry dictionaries,
|
||||
* Limited support for IPv6.
|
||||
* Mon Feb 25 2002 stark@suse.de
|
||||
- moved *.la back to main-package as it is needed for
|
||||
dynamic loading of modules
|
||||
* Mon Feb 25 2002 stark@suse.de
|
||||
- added patch to work with heimdal-krb5
|
||||
- moved *.so to -devel package
|
||||
* Fri Feb 08 2002 stark@suse.de
|
||||
- deactivated kerberos support
|
||||
(seems to be not compatible with heimdal :-()
|
||||
* Thu Feb 07 2002 stark@suse.de
|
||||
- changed heimdal libdir
|
||||
* Thu Dec 13 2001 stark@suse.de
|
||||
- update to 0.4
|
||||
- better use of fillup_and_insserv
|
||||
* Mon Dec 03 2001 stark@suse.de
|
||||
- don't use START_RADIUSD anymore
|
||||
- make use of new fillup_and_insserv macro
|
||||
* Fri Oct 12 2001 stark@suse.de
|
||||
- update to version 0.3
|
||||
- packed source-archive as bz2
|
||||
- branched package -> devel
|
||||
* Fri Aug 03 2001 stark@suse.de
|
||||
- removed use of watcher-script
|
||||
- removed config-check (-C) in init script
|
||||
(it's not supported in freeradius)
|
||||
* Thu Aug 02 2001 stark@suse.de
|
||||
- status fix in init script
|
||||
- renamed pam-configfile: radius -> radiusd
|
||||
* Wed Aug 01 2001 stark@suse.de
|
||||
- updated to 0.2
|
||||
* Thu Jul 26 2001 kukuk@suse.de
|
||||
- Fix needed for build
|
||||
* Tue Jul 10 2001 stark@suse.de
|
||||
- added %%{suse_update_config}
|
||||
* Sat Jun 23 2001 schwab@suse.de
|
||||
- Fix preprocessor directives inside macro arguments.
|
||||
* Mon Jun 18 2001 stark@suse.de
|
||||
- removed absolute paths from pam-config
|
||||
* Wed May 23 2001 stark@suse.de
|
||||
- first official beta-version 0.1
|
||||
* Wed Mar 21 2001 stark@suse.de
|
||||
- new snapshot 20010321 (pre-BETA)
|
||||
- replaced start- and killproc to avoid problems with Kernel 2.4
|
||||
using the radwatch shell-script
|
||||
- added built of LDAP and MySQL modules
|
||||
* Mon Jan 29 2001 stark@suse.de
|
||||
- %%files: /etc/raddb/bay.vendor -> /etc/raddb/dictionary.bay
|
||||
* Mon Jan 15 2001 stark@suse.de
|
||||
- new snapshot 20010115
|
||||
- initial BETA package (sources are ALPHA!)
|
||||
* Thu Jan 04 2001 stark@suse.de
|
||||
- CVS snapshot 20010104
|
||||
|
Loading…
Reference in New Issue
Block a user