pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/net/freeradius2

Module Name:    pkgsrc
Committed By:   jnemeth
Date:           Fri Nov 23 01:31:18 UTC 2012

Modified Files:
        pkgsrc/net/freeradius2: Makefile PLIST distinfo
        pkgsrc/net/freeradius2/patches: patch-ai
Removed Files:

Log Message:
Upgrade to freeradius 2.2.0:

FreeRADIUS 2.2.0 Mon 10 Sep 2012 12:00:00 CEST, urgency=medium
        Feature improvements
        * 100% configuration file compatible with 2.1.x.
          The only fix needed is to disallow "hashsize=0" for rlm_passwd
        * Update Aruba, Alcatel Lucent, APC, BT, PaloAlto, Pureware,
          Redback, and Mikrotik dictionaries
        * Switch to using SHA1 for certificate digests instead of MD5.
          See raddb/certs/*.cnf
        * Added copyright statements to the dictionaries, so that we know
          when people are using them.
        * Better documentation for radrelay and detail file writer.
          See raddb/modules/radrelay and raddb/radrelay.conf
        * Added TLS-Cert-Subject-Alt-Name-Email from patch by Luke Howard
        * Added -F <file> to radwho
        * Added query timeouts to MySQL driver.  Patch from Brian De Wolf.
        * Add /etc/default/freeradius to debian package.
          Patch from Matthew Newton
        * Finalize DHCP and DHCP relay code.  It should now work everywhere.
          See raddb/sites-available/dhcp, src_ipaddr and src_interface.
        * DHCP capabilitiies are now compiled in by default.
          It runs as a DHCP server ONLY when manually enabled.
        * Added one letter expansions: %G - request minute and %I request
        * Added script to convert ISC DHCP lease files to SQL pools.
          See scripts/
        * Added rlm_cache to cache arbitrary attributes.
        * Added max_use to rlm_ldap to force connection to be re-established
          after a given number of queries.
        * Added configtest option to Debian init scripts, and automatic
          config test on restart.
        * Added cache config item to rlm_krb5. When set to "no" ticket
          caching is disabled which may increase performance.

        Bug fixes
        * Fix CVE-2012-3547.  All users of 2.1.10, 2.1.11, 2.1.12,
          and 802.1X should upgrade immediately.
        * Fix typo in detail file writer, to skip writing if the packet
          was read from this detail file.
        * Free cached replies when closing resumed SSL sessions.
        * Fix a number of issues found by Coverity.
        * Fix memory leak and race condition in the EAP-TLS session cache.
          Thanks to Phil Mayers for tracking down OpenSSL APIs.
        * Restrict ATTRIBUTE names to character sets that make sense.
        * Fix EAP-TLS session Id length so that OpenSSL doesn't get
        * Fix SQL IPPool logic for non-timer attributes.  Closes bug #181
        * Change some informational messages to DEBUG rather than error.
        * Portability fixes for FreeBSD.  Closes bug #177
        * A much better fix for the _lt__PROGRAM__LTX_preloaded_symbols
        * Safely handle extremely long lines in conf file variable expansion
        * Fix for Debian bug #606450
        * Mutex lock around rlm_perl Clone routines. Patch from Eike Dehling
        * The passwd module no longer permits "hashsize = 0".  Setting that
          is pointless for a host of reasons.  It will also break the server.
        * Fix proxied inner-tunnel packets sometimes having zero authentication
          vector.  Found by Brian Julin.
        * Added $(EXEEXT) to Makefiles for portability.  Closes bug #188.
        * Fix minor build issue which would cause rlm_eap to be built twice.
        * When using "status_check=request" for a home server, the username
          and password must be specified, or the server will not start.
        * EAP-SIM now calculates keys from the SIM identity, not from the
          EAP-Identity.  Changing the EAP type via NAK may result in
          identities changing.  Bug reported by Microsoft EAP team.
        * Use home server src_ipaddr when sending Status-Server packets
        * Decrypt encrypted ERX attributes in CoA packets.
        * Fix registration of internal xlat's so %{mschap:...} doesn't
          disappear after a HUP.
        * Can now reference tagged attributes in expansions.
          e.g. %{Tunnel-Type:1} and %{Tunnel-Type:1[0]} now work.
        * Correct calculation of Message-Authenticator for CoA and Disconnect
          replies.  Patch from Jouni Malinen
        * Install rad_counter, for managing rlm_counter files.
        * Add unique index constraint to all SQL flavours so that alternate
          queries work correctly.
        * The TTLS diameter decoder is now more lenient.  It ignores
          unknown attributes, instead of rejecting the TTLS session.
        * Use "globfree" in detail file reader.  Prevents very slow leak.
          Closes bug #207.
        * Operator =~ shouldn't copy the attribute, like :=.  It should
          instead behave more like ==.
        * Build main Debian package without SQL dependencies
        * Use max_queue_size in threading code
        * Update permissions in raddb/sql/postgresql/admin.sql
        * Added OpenSSL_add_all_algorithms() to fix issues where OpenSSL
          wouldn't use methods it knew about.
        * Add more sanity checks in dynamic_clients code so the server won't
          crash if it attempts to load a badly formated client definition.

To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 pkgsrc/net/freeradius2/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/net/freeradius2/PLIST
cvs rdiff -u -r1.13 -r1.14 pkgsrc/net/freeradius2/distinfo
cvs rdiff -u -r1.5 -r1.6 pkgsrc/net/freeradius2/patches/patch-ai
cvs rdiff -u -r1.1 -r0 \

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index