Subject: CVS commit: pkgsrc/net/freeradius
To: None <>
From: Adrian Portelli <>
List: pkgsrc-changes
Date: 09/11/2005 12:57:34
Module Name:	pkgsrc
Committed By:	adrianp
Date:		Sun Sep 11 12:57:34 UTC 2005

Modified Files:
	pkgsrc/net/freeradius: Makefile PLIST distinfo

Log Message:
Update to 1.0.5
>         Security Fixes
>         * SQL injection attack in the module "rlm_sqlcounter".
>         * Buffer overflows in the module "rlm_sqlcounter".
>         * Expansion of variable %t may write 26 bytes beyond the buffer
>           bound. Primoz Bratanic is credited with the discovery of these
>           three bugs.
>         Bug fixes
>         * Don't de-reference a NULL pointer if the auth-type is unknown
>           in the function rad_check_password().
>         * Escape more characters in the LDAP queries.
>           Bug found by Suse engineers.
>         * In rlm_sql_unixodbc, don't call rad_malloc from sql_error(),
>           it leaks memory.
>         * Fix an off-by-one error in the module rlm_sql_unixodbc.
>           Bug found by Suse engineers.
>         * In rlm_sql, resize the buffer for the value of SQL-User-Name.
>         * Initialize memory for a new SQL socket in the module rlm_sql.
>         * Don't add too many attributes after running an external program.
>           Bug found by Suse engineers.
>         * Fix an off-by-one error in the function getthing().
>         * snprintf() and vsnprintf() replacements were not compiled if
>           the autoconf tests didn't find the functions.
>         * Don't use vsprintf() anymore, but the replacement for vsnprintf()
>           in libradius instead.
>         * The function decode_attribute() may write beyond buffer bounds.
>           Bug found by Suse engineers.
>         * Fix a memset() in the function request_enqueue() which was
>           begining at the wrong address. Bug found by Matthias Ruttman.
>         * Fix an off-by-one error in the function xlat_copy().
>           Bug found by Primoz Bratanic.
>         * Fix other off-by-one errors in module "rlm_unix", too.
>           Bug found by Allan Bazinet.
>         * Fix a 2-byte over-run read in function rad_decode().
>         * Update thread pool queue properly.
>         * Autonconf tests try first any user-specified directory,
>           otherwise they may pick up the wrong version.
>         * Delete the autoconf tests for the libldap dependancies.
>         * Install all the regular files under the "doc" directory.
>         * Distinguish between exit code <0 (failure) and >0 (reject)
>           in Exec-Program-Wait. Patch from Thor Spruyt.
>         * Make Expiration work.
>         * Clean up the code for opening a proxy socket.
>         * When finding a realm to proxy to, if all are dead, wake them
>           if wake_all_if_all_dead is true.
>         * In radwho, print the NAS-Port as unsigned int.
>         * Use extended regex instead of basic regex in rlm_attr_filter.
>         * Catch the case where someone deletes a directory that rlm_detail
>           is using.
>         * Use the variable $(LDFLAGS) when linking a module.
>         * Ignore the Stripped-User-Name when a realm has the "nostrip"
>           directive.
>         * Add support for NT-Password in rlm_pap.
>         * In rlm_sqlcounter, use the time left to the next reset if it's
>           inferior to the time left in the counter.
>         * Calculate Message-Authenticator correctly for Accounting-Request
>           and Accounting-Response.  Bug found by Paolo Rotela.
>         * Build on MAC OS X.  Still need --disable-shared, though.
>         * Fix bug #255 (crash with expired CRL's, etc.)
>         * Fix quote removal of the values from a SQL database.
>         * Reap the zombie process after a command run from "Exec-Program".
>         * Allow to cancel proxy of accounting with "Proxy-To-Realm := LOCAL".
>         * Don't copy VSA's to an Access-Reject packet.

To generate a diff of this commit:
cvs rdiff -r1.33 -r1.34 pkgsrc/net/freeradius/Makefile
cvs rdiff -r1.11 -r1.12 pkgsrc/net/freeradius/PLIST
cvs rdiff -r1.15 -r1.16 pkgsrc/net/freeradius/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.