| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This version has been released to fix build issues in 1.1.2. The build
tools (autoconf, libtool, libltld) have been upgraded to a recent version,
and the server now builds "out of the box" on more platforms. Other fixes
include:
* More dictionary updates
* Oracle support for radsqlrelay
* Security and portability fixes to rlm_otp
* Experimental module to store IP's in an SQL table.
* Miscellaneous bug fixes
|
|
PAM support.
From discussions with John Nemeth.
|
|
bump to nb2
|
|
Fix mySQL PLIST
Fix all PLISTs to avoid a nightmare when the nb number is changed
Bump to nb1
|
|
* Updated dictionaries (as always),
* Extended Ascend "abinary" support for Juniper,
* Configurable "cipher_list" for EAP methods that use TLS,
* Additional checks on cert issuer validation for EAP methods that use TLS,
* SQL IODBC bug fixes,
* Updates to the LDAP module,
* Better catching of errors in the config files,
* Miscellaneous other fixes
In addition to this add an extra option to options.mk which is
"freeradius-simul-use". This will enable Simultaneous-Use and is
enabled by default. If you disable it freeradius can be built without
depending on the net-snmp package. Original idea from John Nemeth.
|
|
Add kerberos support - Patch from Kevin Sullivan in PR #33732
Bump to nb4
|
|
set OVERRIDE_DIRDEPTH to find any libtool scripts deeper in the WRKSRC
tree unless they're named something other than "libtool".
SHLIBTOOL_OVERRIDE generally doesn't need to be specified either -- just
define it to the empty list and shlibtool-override will look for libtool
scripts.
|
|
Bump revision.
|
|
RECOMMENDED is removed. It becomes ABI_DEPENDS.
BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo.
BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo.
BUILDLINK_DEPENDS does not change.
IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS
which defaults to "yes".
Added to obsolete.mk checking for IGNORE_RECOMMENDED.
I did not manually go through and fix any aesthetic tab/spacing issues.
I have tested the above patch on DragonFly building and packaging
subversion and pkglint and their many dependencies.
I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I
have used IGNORE_RECOMMENDED for a long time). I have been an active user
of IGNORE_RECOMMENDED since it was available.
As suggested, I removed the documentation sentences suggesting bumping for
"security" issues.
As discussed on tech-pkg.
I will commit to revbump, pkglint, pkg_install, createbuildlink separately.
Note that if you use wip, it will fail! I will commit to pkgsrc-wip
later (within day).
|
|
for libtool archives, remove the .a and .so entries. Bump revision.
Add DragonFly detection for shared libraries. Always try to find -lssl
with -lcrypto, unbreaking the test at least on DragonFly, but should
not harm elsewhere.
|
|
Issue found by Wolfgang Solfrank.
|
|
Use our libtool
Update to 1.1.1
Fixes security issue (DoS):
http://secunia.com/advisories/19300/
> Security fixes
> * Additional state checking in the EAP-MSCHAPv2 module.
> Bug found by Steffen Schuster.
>
> Feature improvements
> * More dictionary updates
> * Additional tests and fixes for Digest module from Phillipe Sultan.
> * Add new "phone" response mode to rlm_otp/cryptocard.
> * Put the eap sessions into a tree, so that looking them up is very
> fast, and no longer O(n) in the number of sessions.
> * Install the schema examples for a set of backends with the rest
> of the documentation.
> * Add support for xlat expansion of attributes from LDAP.
>
> Bug fixes
> * Fix rlm_perl crash. (closes: #348)
> * Fix handling of CoA-Request packets (close #344). Also correct
> name of CoA packets.
> * Fix an error on x86_64 machines when reading dictionaries.
> (closes: #312)
> * Fix compilation errors on FreeBSD and NetBSD because of rlm_otp
> module. (closes: #314 #328)
> * Workaround Cisco bug in State attribute handling in rlm_otp.
> * Support LP64 for async mode in rlm_otp.
> * Fix libtool problems on Debian with rlm_eap_peap and rlm_eap_ttls
> modules. (closes: #75)
> * Make "use_tunneled_reply" work properly for PEAP.
> * Copy the whole string when getting a one-to-one-mapped attribute
> from LDAP (closes: #261)
> * Fix net-snmp's ucd-snmp compatibility mode.
|
|
|
|
> FreeRADIUS 1.1.0 ; $Date: 2006/01/04 05:55:19 $, urgency=low
> Feature improvements
> * rlm_ldap has "set_auth_type" configuration option, which should
> address some configuration problems when using it.
> * Fix MIT Kerberos bug
> * Modules can be load balanced, both in isolation and redundantly.
> See doc/load-balance.txt for more information.
> * rlm_perl is now marked "stable"
> * N-tier certificate patch from Mohammed Petiwala.
> * Copied dictionaries from the CVS head (many, many, more vendors)
> * Enabled support for weird VSA formats, like Lucent and Starent.
> * Support encrypted IP address and integers, for Juniper clients.
> * Add PEAP machine authentication support in module "rlm_mschap".
> * Support User-Password field encryption in digest mode.
> * rlm_x99_token has become rlm_otp (with lots of changes).
> * Add rlm_sqlcounter to the list of stable modules.
> * Read MySQL specific options in sections [freeradius] and [client]
> from file "my.cnf".
> * Support the ${Cisco-AVPair[n]} syntax.
> * Execute modules in {Pre,Post}-Proxy-Type stanzas.
> * Add new options to radclient to run stress tests on the server.
> * New module "rlm_sql_log" to postpone the storage of accounting data
> in a SQL database. See rlm_sql_log(5) manpage.
> * New program "radsqlrelay" which sends the SQL logfile according to
> the SQL server's capabilities.
>
> Bug fixes
> * 306 (HUP when built with threads, but executed with -s)
> * 285 (more attributes in dictionary.cisco.vpn3000)
> * rlm_digest has a number of bug fixes to authentication types.
> * Don't leak memory in module "rlm_sql".
> * Update the dictionaries, so that VALUEs with the same name,
> but different numbers, aren't allowed.
> * Queue the request before looking for available threads.
> * Don't free the check items after we received the proxy reply.
> * Expand config variables in included files, too.
> * Check the return value of accounting modules and don't proxy
> invalid requests.
> * In rlm_passwd, don't close a file stream more than once.
> * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic.
> * Walk the whole string in when escaping strings in rlm_ldap.
> * Include crypt.h if it is available so we get a prototype for crypt(),
> spotted by Konstantin Kubatkin.
> * Removed (for almost all uses) length restrictions on vendor names
> and VALUE names.
> * Don't leak memory when proxying an Access-Challenge response.
> * Make the sleep time user-defined, so radrelay can send more than
> 7 requests/s.
> * Fix a memory leak in rlm_checkval.
> * radclient doesn't resend countless times packets with invalid
> signature.
> * Fix segfault and mem leak in rlm_pam.
|
|
pkg has been changed to 5.x). Reminded by wiz... thanks.
|
|
automatically detects whether we want the pkginstall machinery to be
used by the package Makefile.
|
|
CONFIGURE_ARGS.
|
|
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
|
|
Add -fPIC for amd64 platform to fix build. Reported in PR 31225 by Eric Radman
|
|
Bump to nb2
|
|
Bump to nb1
|
|
> Security Fixes
> * SQL injection attack in the module "rlm_sqlcounter".
> * Buffer overflows in the module "rlm_sqlcounter".
> * Expansion of variable %t may write 26 bytes beyond the buffer
> bound. Primoz Bratanic is credited with the discovery of these
> three bugs.
>
> Bug fixes
> * Don't de-reference a NULL pointer if the auth-type is unknown
> in the function rad_check_password().
> * Escape more characters in the LDAP queries.
> Bug found by Suse engineers.
> * In rlm_sql_unixodbc, don't call rad_malloc from sql_error(),
> it leaks memory.
> * Fix an off-by-one error in the module rlm_sql_unixodbc.
> Bug found by Suse engineers.
> * In rlm_sql, resize the buffer for the value of SQL-User-Name.
> * Initialize memory for a new SQL socket in the module rlm_sql.
> * Don't add too many attributes after running an external program.
> Bug found by Suse engineers.
> * Fix an off-by-one error in the function getthing().
> * snprintf() and vsnprintf() replacements were not compiled if
> the autoconf tests didn't find the functions.
> * Don't use vsprintf() anymore, but the replacement for vsnprintf()
> in libradius instead.
> * The function decode_attribute() may write beyond buffer bounds.
> Bug found by Suse engineers.
> * Fix a memset() in the function request_enqueue() which was
> begining at the wrong address. Bug found by Matthias Ruttman.
> * Fix an off-by-one error in the function xlat_copy().
> Bug found by Primoz Bratanic.
> * Fix other off-by-one errors in module "rlm_unix", too.
> Bug found by Allan Bazinet.
> * Fix a 2-byte over-run read in function rad_decode().
> * Update thread pool queue properly.
> * Autonconf tests try first any user-specified directory,
> otherwise they may pick up the wrong version.
> * Delete the autoconf tests for the libldap dependancies.
> * Install all the regular files under the "doc" directory.
> * Distinguish between exit code <0 (failure) and >0 (reject)
> in Exec-Program-Wait. Patch from Thor Spruyt.
> * Make Expiration work.
> * Clean up the code for opening a proxy socket.
> * When finding a realm to proxy to, if all are dead, wake them
> if wake_all_if_all_dead is true.
> * In radwho, print the NAS-Port as unsigned int.
> * Use extended regex instead of basic regex in rlm_attr_filter.
> * Catch the case where someone deletes a directory that rlm_detail
> is using.
> * Use the variable $(LDFLAGS) when linking a module.
> * Ignore the Stripped-User-Name when a realm has the "nostrip"
> directive.
> * Add support for NT-Password in rlm_pap.
> * In rlm_sqlcounter, use the time left to the next reset if it's
> inferior to the time left in the counter.
> * Calculate Message-Authenticator correctly for Accounting-Request
> and Accounting-Response. Bug found by Paolo Rotela.
> * Build on MAC OS X. Still need --disable-shared, though.
> * Fix bug #255 (crash with expired CRL's, etc.)
> * Fix quote removal of the values from a SQL database.
> * Reap the zombie process after a command run from "Exec-Program".
> * Allow to cancel proxy of accounting with "Proxy-To-Realm := LOCAL".
> * Don't copy VSA's to an Access-Reject packet.
|
|
a builtin Berkeley DB 1.8x can now be used with option "bdb -gdbm"; no
dbm support at all can be selected with "-gdbm".)
- Specify --with/--without exactly once per option.
- Merge postgresql support to a single option (pgsql), and correspondingly
use pgsql.buildlink3.mk to pick the builder's desired implementation.
This aligns freeradius with the rest of pkgsrc, wrt pgsql support.
|
|
Bump PKGREVISION
|
|
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
|
|
- The security issues mentioned in this update were incorporated
into patch-ak previously and a security advisory was already
made in regards to this.
> FreeRADIUS 1.0.4 ; Date: 2005/06/11 22:46:52, urgency=medium
>
> * Fix installation problem.
> * Increase a buffer size, so radrelay doesn't truncate values.
> * Updates in the documentation. Patches from Thor Spruyt.
>
> FreeRADIUS 1.0.3 ; Date: 2005/06/03 17:15:11, urgency=high
> Security Fixes
> * Always escape the strings in the SQL module.
> * Check buffer bound when input character needs escaping in
> the SQL module. Bug found by Primoz Bratanic.
>
> Bug fixes
> * Return EAP-Fail in Access-Reject, rather than an empty Access-Reject
> * Don't send Proxy-State from home server in TTLS.
> * Fixes for forking external programs, so the server doesn't
> suddenly stop processing requests, or stop forking programs.
> * radzap now works, but it's command-line options have changed
> completely, and it's a shell script.
> * radwho has updated command-line options, and no longer reads
> Unix "utmp" files.
> * Fix bug in calling checkrad script with NAS port > 9999999
> * Fix long-standing bug when both crypt and pthreads are in use
> * Don't SEGV when rlm_sql gets 'NULL' value from request.
> * Re-arrange code in radrelay to not duplicate accounting packets.
> * In rlm_attr_rewrite, change the value when the attribute type
> is different from string.
|
|
USE_GNU_TOOLS -> USE_TOOLS
awk -> gawk
m4 -> gm4
make -> gmake
sed -> gsed
yacc -> bison
|
|
|
|
|
|
|
|
- Better handling of OpenSSL using USE_OLD_DES_API
- Fix builds on 1.6.2
- Bump to nb1
|
|
- Fix for PR #29437 opened by luiszuccolo(at)ciudad.com.ar, thanks for the PR !
> FreeRADIUS 1.0.2 ; $Date: 2005/02/13 01:03:20 $, urgency=medium
> * Novell eDirectoty support. Patch from Novell.
> * localweb & Trapeze dictionary updates.
> * EAP-SIM fixes.
> * Make "Strip-User-Name = No" work.
> * Don't declare zero-length arrays in rlm_passwd
> * Bug fix to make udpfromto code work
> * radrelay shouldn't dump core if it can't read a VP from the
> detail file.
> * Only initialize the random pool once.
> * In rlm_sql, don't escape characters twice.
> * Fix MD4 calculation on big-endian machines.
> * In rlm_ldap, only claim Auth-Type if a plain text password is present.
> * Treat Quintium VSAs like Cisco VSAs
> * Locking fixes in threading code
> * rlm_krb5 includes /usr/include/et for Fedora Core
> * Fix post-auth REJECT stanza processing for rejections from external
> processes or home RADIUS servers
> * Fix building on gcc-4.0 by not trying to access static auth_port from
> other files.
> * Fix building SNMP support on Solaris 9, which needs -lkstat
|
|
Fix the rc.d script: add rcvar definition and no need to source /etc/rc.subr
twice.
Bump PKGREVISION to 7.
|
|
under share/examples/rc.d. The variable name already was named
RCD_SCRIPTS_EXAMPLEDIR.
This is from ideas from Greg Woods and others.
Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism
(as requested by wiz).
|
|
root:wheel in the startup script.
- Again thanks to kbrand (at) dplanet.ch for the suggestion.
|
|
reboot.
- Issue spotted and patch sent to me from kbrand (at) dplanet.ch, thanks.
- Bumped PKGREVISION
|
|
|
|
- Fix builds with LDAP support
- Bump PKGREVISION
Thanks to Dave.Tyson (at) liverpool.ac.uk for testing a lot of these patches
on the 1.6 branch.
|
|
|
|
- Add a fix for crashes when processing EAP-PEAP requests
PR 28095 Konstantin.Kabassanov (at) lip6.fr
- Fix pthreads enabled builds on NetBSD systems < 2.0
- Replace patch-ai, patch-aj and patch-ak with SUBST_* (suggested by juan@)
|
|
|
|
in the process. (More information on tech-pkg.)
Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.
Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
|
|
- Move to options.mk framework to support SNMP, OpenLDAP, PostgreSQL and
mySQL modules
- Add patches/patch-aj and patches/patch-ak for OpenLDAP and PostgreSQL builds
- Add extra PLIST's for OpenLDAP, PostgreSQL and mySQL modules
|
|
- Fix builds on 1.6 and 2.0_BETA
- ok'ed wiz@
- Addresses PR 26987 opened by Rui Paulo, thanks.
- Fix startup script using the wrong options
- Lots of changes including
- Denial-of-Service Security Fix.
- Make IPv6 support work better.
- Many, many minor bug fixes and feature enhancements.
- EAP-module feature improvements.
|
|
in private email.
|
|
|
|
|
|
|
|
pthread.buildlink2.mk, and certainly not using output of 'uname'.
|
|
- Install all configuration files under the examples directory.
- Copy configuration files to PKG_SYSCONFDIR using CONF_FILES.
- Honour PKG_SYSCONFDIR.
- Use OWN_DIRS to handle the /var/run/radiusd status directory.
- Use RCD_SCRIPTS to handle the rc.d script automatically.
As a result, bump PKGREVISION to 3.
|
