pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/freeradius freeradius: Updated to 3.0.16



details:   https://anonhg.NetBSD.org/pkgsrc/rev/9416e9109053
branches:  trunk
changeset: 378606:9416e9109053
user:      nonaka <nonaka%pkgsrc.org@localhost>
date:      Thu Apr 12 01:21:07 2018 +0000

description:
freeradius: Updated to 3.0.16

2018.01.11 Version 3.0.16 has been released.
The focus of this release is stability.

Feature Improvements
* rlm_python now supports multiple lists. From #2031.
* Add trust router re-keying. From #2007.
* Add support for Samba / AD LDAP schema See doc/schemas/ldap/samba/README.txt
  and doc/schemas/ldap/samba/.
* Add "tls_min_version" and "tls_max_version" to EAP module for Debian OpenSSL
  issues.
* Better documentation for client certificates in PEAP and TTLS: it usually
  doesn't work. Fixes #2068.
* Distinguish login failure from AD unavailable. Fixes #2069.
* Update RH spec files. Fixes #2070.
* Run Post-Proxy-Type if all home servers are dead Fixes #2072.
* Print offending IP addresses when EAP sessions come from two upstream home
  servers, and rate-limit the messages.
* Minor packaging updates.
* Better documentation for rlm_rest.
* EAP-FAST now has it's own "cipher_list", so that it is easier to configure.
* EAP-FAST now forcibly disables TLS1.2, until such time as we implement
  the new keying mechanism from TLS1.2.
* Add documentation for allow_expired_crl.
* Update Debian logrotation. #2093 and #2101.
* DHCP relay can now drop responses. #2095.
* rlm_sqlippool can now assign Delegated-IPv6-Prefix It also now can assign
  any IPv4 or IPv6 address Based on patches from maximumG. #2094 See
  raddb/mods-available/sqlippool for changes.
* radeapclient can now use EAP-SIM-Ki to dynamically create the necessary
  triplets.
* Explain why many LDAP connections are closed Fixes #1969.
* Debian build / package issues fixed by Matthew Newton.
* dictionary.patton updates from Brice Schaffner. Fixes #2137.
* Added scripts to build "inner-server.pem", and updated mods-config/inner-eap
  and certs/README to match.
* Added provisions for using an external CA. See raddb/certs/.
* Include dhcpclient binary in freeradius-dhcp debian packge.

Bug Fixes
* Bind the lifetime of program name and python path to the module FR-AD-002
  (redone).
* Pass correct statement length into sqlite3_prepare[_v2] FR-AD-003 (redone).
* Allow 100-Continue responses with additional headers in rlm_rest.
* fix corner case where detail files were not being locked correctly.
* Fix (SQL-Group == "%{...}") checks, and same for LDAP-Group Fixes #1947.
* Clean up exfile code. Which should help to avoid issues with reading / writing
  100's of detail files.
* Fix build for winbind. Patch from Alex Clouter.
* Fix checkrad for Mikrotik. Patch from Muchael Ducharme.
* Fix home server stats lookup. Patch from Phil Mayers.
* Add libjson-c3 as an optional dependency.
* Require LTB OpenLDAP on CentOS / Redhat, to avoid linking against NSS,
  which breaks the server. Fixes #2040.
* rlm_python fixes. Fixes #2041.
* Typos in "man" pages. Fixes #2045.
* Expand "next" in %{%{...}:-%{...}}. Fixes #2048.
* Don't add TLS attributes twice. Fixes #2050.
* Fix memory allocation in rlm_rest. Fixes #2051.
* Update trustrouter for new API. Fixes #2059.
* Fix SQLite issues on FreeBSD. Fixes #2060.
* Don't do debug logging of bad passwords. Fixes #2064.
* More graceful handling of "die" in rlm_perl. Fixes #2073.
* Fix occasional crash when using cisco_accounting_username_bug = yes.
* EAP-FAST fixes from Isaac Boukris #2078, #2076, and #2082, #2126.
* DHCP fixes, relay, #2092, add run-time check, #2028.
* Decode multiple RADIUS packets at a time in highly loaded RadSec connections. Patch from Jan Tomasek. #2106.
* TunnelPassword is not "single value" in LDAP schema Fixes #2061.
* sql log now opens the expanded filename, not the input one This was
  a regression introduced in 3.0.15.
* Remove unnecessary UNIQUE constrain in Oracle schemas.
* Fix SSL thread and locking issues when modules also use SSL Fixes #2125 and
  #2129.
* Re-add dhcpclient "raw packet" changes. Patches from Nicolas Chaigne and
  Matthew Newton. Fixes #2155.

diffstat:

 net/freeradius/DEINSTALL                           |   4 +-
 net/freeradius/INSTALL                             |   4 +-
 net/freeradius/Makefile                            |  11 ++--
 net/freeradius/Makefile.common                     |   4 +-
 net/freeradius/PLIST                               |  11 +++-
 net/freeradius/distinfo                            |  17 +++----
 net/freeradius/patches/patch-ai                    |  38 +----------------
 net/freeradius/patches/patch-configure.ac          |  38 +----------------
 net/freeradius/patches/patch-rlm_krb5_configure    |  50 ----------------------
 net/freeradius/patches/patch-rlm_perl_configure    |  24 ----------
 net/freeradius/patches/patch-rlm_yubikey_configure |  15 ------
 11 files changed, 28 insertions(+), 188 deletions(-)

diffs (truncated from 369 to 300 lines):

diff -r 78af6874f3c3 -r 9416e9109053 net/freeradius/DEINSTALL
--- a/net/freeradius/DEINSTALL  Wed Apr 11 19:56:28 2018 +0000
+++ b/net/freeradius/DEINSTALL  Thu Apr 12 01:21:07 2018 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: DEINSTALL,v 1.1 2017/08/26 10:07:27 fhajny Exp $
+# $NetBSD: DEINSTALL,v 1.2 2018/04/12 01:21:07 nonaka Exp $
 #
 # Remove default symlinks in ${PKG_SYSCONFDIR} for enabled modules/sites
 #
 
 SITES_ENABLED="default inner-tunnel"
 MODS_ENABLED="always attr_filter cache_eap chap date detail detail.log
-             dhcp digest dynamic_clients eap echo exec expiration expr
+             digest dynamic_clients eap echo exec expiration expr
              files linelog logintime mschap ntlm_auth pap passwd preprocess
              radutmp realm replicate soh sradutmp unix unpack utf8"
 
diff -r 78af6874f3c3 -r 9416e9109053 net/freeradius/INSTALL
--- a/net/freeradius/INSTALL    Wed Apr 11 19:56:28 2018 +0000
+++ b/net/freeradius/INSTALL    Thu Apr 12 01:21:07 2018 +0000
@@ -1,11 +1,11 @@
-# $NetBSD: INSTALL,v 1.1 2017/08/26 10:07:27 fhajny Exp $
+# $NetBSD: INSTALL,v 1.2 2018/04/12 01:21:07 nonaka Exp $
 #
 # Create default symlinks in ${PKG_SYSCONFDIR} for enabled modules/sites
 #
 
 SITES_ENABLED="default inner-tunnel"
 MODS_ENABLED="always attr_filter cache_eap chap date detail detail.log
-             dhcp digest dynamic_clients eap echo exec expiration expr
+             digest dynamic_clients eap echo exec expiration expr
              files linelog logintime mschap ntlm_auth pap passwd preprocess
              radutmp realm replicate soh sradutmp unix unpack utf8"
 
diff -r 78af6874f3c3 -r 9416e9109053 net/freeradius/Makefile
--- a/net/freeradius/Makefile   Wed Apr 11 19:56:28 2018 +0000
+++ b/net/freeradius/Makefile   Thu Apr 12 01:21:07 2018 +0000
@@ -1,6 +1,5 @@
-# $NetBSD: Makefile,v 1.94 2018/01/28 20:10:58 wiz Exp $
+# $NetBSD: Makefile,v 1.95 2018/04/12 01:21:07 nonaka Exp $
 
-PKGREVISION= 1
 .include "Makefile.common"
 
 PKGNAME=               ${DISTNAME:S/-server//}
@@ -30,6 +29,7 @@
 CONFIGURE_ARGS+=       --without-rlm_sql_postgresql
 CONFIGURE_ARGS+=       --without-rlm_sql_unixodbc
 
+RCD_SCRIPTS=           radiusd
 RADIUS_GROUP?=         radiusd
 RADIUS_USER?=          radiusd
 PKG_GROUPS=            ${RADIUS_GROUP}
@@ -53,10 +53,10 @@
 
 EGDIR=                 ${PREFIX}/share/examples/freeradius
 
-EGFILES=               certs/ca.cnf certs/client.cnf certs/Makefile \
-                       certs/README certs/server.cnf certs/xpextensions \
+EGFILES=               certs/ca.cnf certs/client.cnf certs/inner-server.cnf \
+                       certs/Makefile certs/README certs/server.cnf \
+                       certs/xpextensions \
                        clients.conf dictionary experimental.conf \
-                       hints huntgroups \
                        mods-available/abfab_psk_sql mods-available/always \
                        mods-available/attr_filter mods-available/cache \
                        mods-available/cache_eap mods-available/chap \
@@ -147,7 +147,6 @@
                        mods-config/sql/main/oracle/queries.conf \
                        mods-config/sql/main/oracle/schema.sql \
                        mods-config/sql/main/postgresql/extras/cisco_h323_db_schema.sql \
-                       mods-config/sql/main/postgresql/extras/update_radacct_group.sql \
                        mods-config/sql/main/postgresql/extras/voip-postpaid.conf \
                        mods-config/sql/main/postgresql/queries.conf \
                        mods-config/sql/main/postgresql/schema.sql \
diff -r 78af6874f3c3 -r 9416e9109053 net/freeradius/Makefile.common
--- a/net/freeradius/Makefile.common    Wed Apr 11 19:56:28 2018 +0000
+++ b/net/freeradius/Makefile.common    Thu Apr 12 01:21:07 2018 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile.common,v 1.1 2017/08/26 10:07:28 fhajny Exp $
+# $NetBSD: Makefile.common,v 1.2 2018/04/12 01:21:07 nonaka Exp $
 # used by net/freeradius/Makefile.module
 
-DISTNAME=              freeradius-server-3.0.15
+DISTNAME=              freeradius-server-3.0.16
 CATEGORIES=            net
 MASTER_SITES=          ftp://ftp.freeradius.org/pub/freeradius/
 EXTRACT_SUFX=          .tar.bz2
diff -r 78af6874f3c3 -r 9416e9109053 net/freeradius/PLIST
--- a/net/freeradius/PLIST      Wed Apr 11 19:56:28 2018 +0000
+++ b/net/freeradius/PLIST      Thu Apr 12 01:21:07 2018 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.28 2018/01/23 15:31:23 jperkin Exp $
+@comment $NetBSD: PLIST,v 1.29 2018/04/12 01:21:07 nonaka Exp $
 bin/dhcpclient
 bin/map_unit
 bin/rad_counter
@@ -303,6 +303,12 @@
 share/doc/freeradius/schemas/ldap/openldap/freeradius-clients.schema
 share/doc/freeradius/schemas/ldap/openldap/freeradius.ldif
 share/doc/freeradius/schemas/ldap/openldap/freeradius.schema
+share/doc/freeradius/schemas/ldap/samba/README.txt
+share/doc/freeradius/schemas/ldap/samba/freeradius-attrs.ldif
+share/doc/freeradius/schemas/ldap/samba/freeradius-classes.ldif
+share/doc/freeradius/schemas/ldap/samba/freeradius-clients-attrs.ldif
+share/doc/freeradius/schemas/ldap/samba/freeradius-clients-classes.ldif
+share/doc/freeradius/schemas/ldap/samba/freeradius-user.ldif
 share/doc/freeradius/schemas/logstash/README
 share/doc/freeradius/schemas/logstash/kibana4-dashboard.json
 share/doc/freeradius/schemas/logstash/log-courier.conf
@@ -319,6 +325,7 @@
 share/examples/freeradius/certs/bootstrap
 share/examples/freeradius/certs/ca.cnf
 share/examples/freeradius/certs/client.cnf
+share/examples/freeradius/certs/inner-server.cnf
 share/examples/freeradius/certs/server.cnf
 share/examples/freeradius/certs/xpextensions
 share/examples/freeradius/clients.conf
@@ -449,7 +456,6 @@
 share/examples/freeradius/mods-config/sql/main/oracle/queries.conf
 share/examples/freeradius/mods-config/sql/main/oracle/schema.sql
 share/examples/freeradius/mods-config/sql/main/postgresql/extras/cisco_h323_db_schema.sql
-share/examples/freeradius/mods-config/sql/main/postgresql/extras/update_radacct_group.sql
 share/examples/freeradius/mods-config/sql/main/postgresql/extras/voip-postpaid.conf
 share/examples/freeradius/mods-config/sql/main/postgresql/queries.conf
 share/examples/freeradius/mods-config/sql/main/postgresql/schema.sql
@@ -470,7 +476,6 @@
 share/examples/freeradius/mods-enabled/date
 share/examples/freeradius/mods-enabled/detail
 share/examples/freeradius/mods-enabled/detail.log
-share/examples/freeradius/mods-enabled/dhcp
 share/examples/freeradius/mods-enabled/digest
 share/examples/freeradius/mods-enabled/dynamic_clients
 share/examples/freeradius/mods-enabled/eap
diff -r 78af6874f3c3 -r 9416e9109053 net/freeradius/distinfo
--- a/net/freeradius/distinfo   Wed Apr 11 19:56:28 2018 +0000
+++ b/net/freeradius/distinfo   Thu Apr 12 01:21:07 2018 +0000
@@ -1,14 +1,11 @@
-$NetBSD: distinfo,v 1.34 2018/03/31 20:10:49 joerg Exp $
+$NetBSD: distinfo,v 1.35 2018/04/12 01:21:07 nonaka Exp $
 
-SHA1 (freeradius-server-3.0.15.tar.bz2) = f651142a31b514fc80d888fe8ab5040cbfdd546e
-RMD160 (freeradius-server-3.0.15.tar.bz2) = 46d2d491b71516c6db7659e46e1ec44c7fbf9d1f
-SHA512 (freeradius-server-3.0.15.tar.bz2) = a2808f0b70b73f11c4c7d00edcb4a56a2ab8f73ce0ff74a9834c8b613ce5ed75ece372f852b0891f68c6a33f50c1bababb76d2eff9326a7fc29fe6b45ec9af88
-Size (freeradius-server-3.0.15.tar.bz2) = 3038070 bytes
-SHA1 (patch-ai) = 834fea0886410de30ed489fa39be066fa3fb3186
-SHA1 (patch-configure.ac) = 2e1a979f51122f4c214f11574116a9a7695387d0
+SHA1 (freeradius-server-3.0.16.tar.bz2) = a7d1a88e112ce41ad08bd8beb66a5bdf36cac755
+RMD160 (freeradius-server-3.0.16.tar.bz2) = 0acbc54bc135ac18dc22c09f492b57eef8160a7b
+SHA512 (freeradius-server-3.0.16.tar.bz2) = fc26e8655e8155ad8b3d4e796a43fa9954f413195f0210e7e94c6b67e0b43d765e7886d9835fe56de0a70d13bba47868dd274f9e8a5669fdb2478a269b48ed10
+Size (freeradius-server-3.0.16.tar.bz2) = 3054887 bytes
+SHA1 (patch-ai) = e32ffd24b93e2cef2e72ef9a8ea59d49e1571dc0
+SHA1 (patch-configure.ac) = ffec1f851d23f560797c12eba5092f2940e4d662
 SHA1 (patch-main_command.c) = 1c79b29eb13df341906c710c8dd41860a27473dd
 SHA1 (patch-main_util.c) = b9cefdb9bc30df0906184e8c0bb883e5258767c3
-SHA1 (patch-rlm_krb5_configure) = e97f0efe85c449d3b8a9aa450b6b7d1d0e4c6b89
-SHA1 (patch-rlm_perl_configure) = 577d6f0df7322ee12a99aafcdcc2d0b40e89eb69
-SHA1 (patch-rlm_yubikey_configure) = ea62cc0e87da014befbd0ad79f68dc852dc0f254
 SHA1 (patch-src_lib_udpfromto.c) = c8fce29e2b481820f1cc2196577f7d38bb549e1c
diff -r 78af6874f3c3 -r 9416e9109053 net/freeradius/patches/patch-ai
--- a/net/freeradius/patches/patch-ai   Wed Apr 11 19:56:28 2018 +0000
+++ b/net/freeradius/patches/patch-ai   Thu Apr 12 01:21:07 2018 +0000
@@ -1,36 +1,9 @@
-$NetBSD: patch-ai,v 1.12 2017/09/09 22:46:57 joerg Exp $
+$NetBSD: patch-ai,v 1.13 2018/04/12 01:21:07 nonaka Exp $
 
 Portable test syntax
 
 --- configure.orig     2017-07-17 12:43:00.000000000 +0000
 +++ configure
-@@ -9047,7 +9047,7 @@ fi
- 
- smart_prefix=
- 
--  if test "x$ac_cv_header_pcap_h" == "xyes"; then
-+  if test "x$ac_cv_header_pcap_h" = "xyes"; then
- 
- $as_echo "#define HAVE_PCAP_H 1" >>confdefs.h
- 
-@@ -9290,7 +9290,7 @@ fi
- 
- smart_prefix=
- 
--  if test "x$ac_cv_header_collectd_client_h" == "xyes"; then
-+  if test "x$ac_cv_header_collectd_client_h" = "xyes"; then
- 
- $as_echo "#define HAVE_COLLECTDC_H 1" >>confdefs.h
- 
-@@ -9533,7 +9533,7 @@ fi
- 
- smart_prefix=
- 
--  if test "x$ac_cv_header_sys_capability_h" == "xyes"; then
-+  if test "x$ac_cv_header_sys_capability_h" = "xyes"; then
- 
- $as_echo "#define HAVE_CAPABILITY_H 1" >>confdefs.h
- 
 @@ -10133,7 +10133,49 @@ $as_echo "no" >&6; }
      eval "ac_cv_type_${ac_safe_type}_has_ipi_addr="
   fi
@@ -82,12 +55,3 @@
  
  $as_echo "#define HAVE_IP_PKTINFO /**/" >>confdefs.h
  
-@@ -12656,7 +12698,7 @@ subdirs="$subdirs $mysubdirs"
- 
- 
- 
--if test "x$werror" == "xyes"; then
-+if test "x$werror" = "xyes"; then
-   CFLAGS="-Werror $CFLAGS"
- fi
- 
diff -r 78af6874f3c3 -r 9416e9109053 net/freeradius/patches/patch-configure.ac
--- a/net/freeradius/patches/patch-configure.ac Wed Apr 11 19:56:28 2018 +0000
+++ b/net/freeradius/patches/patch-configure.ac Thu Apr 12 01:21:07 2018 +0000
@@ -1,37 +1,10 @@
-$NetBSD: patch-configure.ac,v 1.1 2017/09/09 22:46:57 joerg Exp $
+$NetBSD: patch-configure.ac,v 1.2 2018/04/12 01:21:07 nonaka Exp $
 
 Check if in_pkt_info has ipi_spec_dst before trying to use (NetBSD 8 doesn't).
 Fix test syntax.
 
 --- configure.ac.orig  2017-07-17 12:43:00.000000000 +0000
 +++ configure.ac
-@@ -1213,7 +1213,7 @@ else
-   dnl #
-   smart_try_dir="$pcap_include_dir"
-   FR_SMART_CHECK_INCLUDE([pcap.h])
--  if test "x$ac_cv_header_pcap_h" == "xyes"; then
-+  if test "x$ac_cv_header_pcap_h" = "xyes"; then
-     AC_DEFINE(HAVE_PCAP_H, 1, [Define to 1 if you have the <pcap.h> header file.])
-     AC_SUBST(PCAP_LIBS)
-     AC_SUBST(PCAP_LDFLAGS)
-@@ -1231,7 +1231,7 @@ else
-   dnl #
-   smart_try_dir="$collectdclient_include_dir"
-   FR_SMART_CHECK_INCLUDE([collectd/client.h])
--  if test "x$ac_cv_header_collectd_client_h" == "xyes"; then
-+  if test "x$ac_cv_header_collectd_client_h" = "xyes"; then
-     AC_DEFINE(HAVE_COLLECTDC_H, 1, [Define to 1 if you have the `collectdclient' library (-lcollectdclient).])
-     AC_SUBST(COLLECTDC_LIBS)
-     AC_SUBST(COLLECTDC_LDFLAGS)
-@@ -1251,7 +1251,7 @@ else
-   dnl #
-   smart_try_dir="$cap_include_dir"
-   FR_SMART_CHECK_INCLUDE([sys/capability.h])
--  if test "x$ac_cv_header_sys_capability_h" == "xyes"; then
-+  if test "x$ac_cv_header_sys_capability_h" = "xyes"; then
-     AC_DEFINE(HAVE_CAPABILITY_H, 1, [Define to 1 if you have the <sys/capability.h> header file.])
-   else
-     AC_MSG_WARN([cap headers not found, will not perform debugger checks. Use --with-cap-include-dir=<path>.])
 @@ -1511,7 +1511,8 @@ dnl #
  dnl #  struct ip_pktinfo
  dnl #
@@ -42,12 +15,3 @@
    AC_DEFINE(HAVE_IP_PKTINFO, [], [define if you have IP_PKTINFO (Linux)])
  fi
  
-@@ -2217,7 +2218,7 @@ dnl #  Add -Werror last, so it doesn't i
- dnl #  test programs.
- dnl #
- dnl #############################################################
--if test "x$werror" == "xyes"; then
-+if test "x$werror" = "xyes"; then
-   CFLAGS="-Werror $CFLAGS"
- fi
- 
diff -r 78af6874f3c3 -r 9416e9109053 net/freeradius/patches/patch-rlm_krb5_configure
--- a/net/freeradius/patches/patch-rlm_krb5_configure   Wed Apr 11 19:56:28 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,50 +0,0 @@
-$NetBSD: patch-rlm_krb5_configure,v 1.1 2017/08/26 10:07:28 fhajny Exp $
-
-Portable test syntax
-
---- src/modules/rlm_krb5/configure.orig        2016-09-29 15:19:48.000000000 +0000
-+++ src/modules/rlm_krb5/configure
-@@ -3913,7 +3913,7 @@ if test "x$smart_lib" != "x"; then
-   SMART_LIBS="$smart_ldflags $smart_lib $SMART_LIBS"
- fi
- 
--              if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" == xyes; then
-+              if test "x$ac_cv_lib_krb5_krb5_verify_user_opt" = xyes; then
-                       krb5_api_type='heimdal'
-               else
-                       krb5_api_type='mit'
-@@ -4114,13 +4114,13 @@ _ACEOF
- fi
- done
- 
--      if test "x$ac_cv_func_krb5_get_error_message" == xyes; then
-+      if test "x$ac_cv_func_krb5_get_error_message" = xyes; then
-               krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_GET_ERROR_MESSAGE"
-       fi
--      if test "x$ac_cv_func_krb5_free_error_message" == xyes; then
-+      if test "x$ac_cv_func_krb5_free_error_message" = xyes; then
-               krb5mod_cflags="${krb5mod_cflags} -DHAVE_KRB5_FREE_ERROR_MESSAGE"
-       fi
--      if test "x$ac_cv_func_krb5_free_error_string" == xyes; then



Home | Main Index | Thread Index | Old Index