FreeBSD enhancements ==================== A new USER option has been added to run FreeRADIUS as the freeradius user and freeradius group. Running as root is not recommended from a security point of view. This option makes it easy to secure your FreeRADIUS server 'out of the box'. Some unnecessary code has been removed from the patch to rlm_python in files/patch-pthread. Release notes ============= 2.0.2: Feature improvements * Added notes on how to debug the server in radiusd.conf * Moved all "log_*" in radiusd.conf to log{} section. The old configurations are still accepted, though. * Added ca.der target in raddb/certs/Makefile. This is needed for importing CA certs into Windows. * Added ability send raw attributes via "Raw-Attribute = 0x0102..." This is available only debug builds. It can be used to create invalid packets! Use it with care. * Permit "unlang" policies inside of Auth-Type{} sub-sections of the authenticate{} section. This makes some policies easier to implement. * "listen" sections can now have "type = proxy". This lets you control which IP is used for sending proxied requests. * Added note on SSL performance to raddb/certs/README Bug fixes * Fixed reading of "detail" files. * Allow inner EAP tunneled sessions to be proxied. * Corrected MySQL schemas * syslog now works in log{} section. * Corrected typo in raddb/certs/client.cnf * Updated raddb/sites-available/proxy-inner-tunnel to permit authentication to work. * Ignore zero-length attributes in received packets. * Correct memcpy when dealing with unknown attributes. * Corrected debugging messages in attr_rewrite. * Corrected generation of State attribute in EAP. This fixes the "failed to remember handler" issues. * Fall back to DEFAULT realm if no realm was found. Based on a patch from Vincent Magnin. * Updated example raddb/sites-available/proxy-inner-tunnel * Corrected behavior of attr_filter to match documentation. This is NOT backwards compatible with previous versions! See "man rlm_attr_filter" for details. 2.0.3: Feature improvements * Updated raddb/certs/ca.cnf with extensions to allow ca.der to be imported as a CA on Symbian and Windows Mobile devices. Closes bug #524 * Enable multiple matches in "hints" via Fall-Through = Yes. Closes bug #477 * Added preliminary SQLite driver, contibuted by Apple. Untested, with no sample configuration. This address bug #470. * Updated logging sub-system so that log messages from libfreeradius can go to the log file, and not stdout. * Added dictionary.rfc5176 * EAP module now checks for instance name, and uses that for authentication. This avoids the need to set Auth-Type when there are multiple instances of the EAP module. * Added Module-Return-Code attribute, which contains the value returned by the previous module (ok/fail/update/etc.) Bug fixes * Corrected typos in rlm_dbm. Closes bugs #521 and #522. * Detail file "listen" sections now work much better. * Don't allow old "log_*" to over-ride new format. Closes bug #525 * Initialize allocated memory in Oracle SQL driver. This fixes occasional crashes on some systems. Closes bug #518 * Call correct function in rlm_protocol_filter. This enables the module to build. Closes bug #512. * Added deprecated flag to build for rlm_krb5. This allows it to run on 64-bit systems. Closes bug #491 * Corrected error message when parsing invalid configurations so it doesn't crash. Closes bug #527 * Fix handling of timeouts in rlm_ldap that affected 64-bit systems. * Handle $INCLUDE's in "instantiate" section. Closes #528. * Format updates to "man" pages from Stephen Gran. Fix: Files added: files/patch-sites-available, files/pkg-deinstall.in, files/pkg-install.in Files deleted: <none> Add the following line to /usr/ports/UIDs: freeradius:*:133:133:FreeRADIUS Daemon:/nonexistent:/usr/sbin/nologin Add the following line to /usr/ports/GIDs: freeradius:*:133: (if UID / GID 133 have been taken by the time this is committed, use the next free UID / GID) Patch attached with submission follows:
Responsible Changed From-To: freebsd-ports-bugs->mm I'll take it.
mm 2008-04-02 12:55:40 UTC FreeBSD ports repository Modified files: . GIDs UIDs Log: - Add GID and UID for net/freeradius2 PR: ports/122097 Submitted by: David Wood <david@wood2.org.uk> (maintainer) Revision Changes Path 1.55 +2 -1 ports/GIDs 1.64 +2 -1 ports/UIDs _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
mm 2008-04-02 13:07:01 UTC FreeBSD ports repository Modified files: net/freeradius2 Makefile distinfo pkg-plist net/freeradius2/files patch-pthread radiusd.sh.in Added files: net/freeradius2/files patch-sites-available pkg-deinstall.in pkg-install.in Log: - Update to 2.0.3 - Create own user and group - Fix and update patches PR: ports/122097 Submitted by: David Wood <david@wood2.org.uk> (maintainer) Revision Changes Path 1.68 +51 -2 ports/net/freeradius2/Makefile 1.25 +3 -3 ports/net/freeradius2/distinfo 1.3 +4 -14 ports/net/freeradius2/files/patch-pthread 1.1 +31 -0 ports/net/freeradius2/files/patch-sites-available (new) 1.1 +32 -0 ports/net/freeradius2/files/pkg-deinstall.in (new) 1.1 +158 -0 ports/net/freeradius2/files/pkg-install.in (new) 1.4 +3 -2 ports/net/freeradius2/files/radiusd.sh.in 1.35 +10 -2 ports/net/freeradius2/pkg-plist _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed, with minor changes. Thanks!