-Update to 2.1.10 2010.09.28 Version 2.1.10 (sig) has been released. The focus of this release is stability. Feature improvements * Install the "radcrypt" program. * Enable radclient to send requests containing MS-CHAPv1 Send packets with: MS-CHAP-Password = "password". It will be automatically converted to the correct MS-CHAP attributes. * Added "-t" command-line option to radtest. You can use "-t pap", "-t chap", "-t mschap", or "-t eap-md5". The default is "-t pap" * Make the "inner-tunnel" virtual server listen on 127.0.0.1:18120 This change and the previous one makes PEAP testing much easier. * Added more documentation and examples for the "passwd" module. * Added dictionaries for RFC 5607 and RFC 5904. * Added note in proxy.conf that we recommend setting "require_message_authenticator = yes" for all home servers. * Added example of second "files" configuration, with documentation. This shows how and where to use two instances of a module. * Updated radsniff to have it write pcap files, too. See '-w'. * Print out large WARNING message if we send an Access-Challenge for EAP, and receive no follow-up messages from the client. * Added Cached-Session-Policy for EAP session resumption. See raddb/eap.conf. * Added support for TLS-Cert-* attributes. For details, see raddb/sites-available/default, "post-auth" section. * Added sample raddb/modules/{opendirectory,dynamic_clients} * Updated Cisco and Huawei, HP, Redback, and ERX dictionaries. * Added RFCs 5607, 5904, and 5997. * For EAP-TLS, client certificates can now be validated using an external command. See eap.conf, "validate" subsection of "tls". * Made rlm_pap aware of {nthash} prefix, for compatibility with legacy RADIUS systems. * Add Module-Failure-Message for mschap module (ntlm_auth) * made rlm_sql_sqlite database configurable. Use "filename" in sql{} section. * Added %{tolower: ...string ... }, which returns the lowercase version of the string. Also added %{toupper: ... } for uppercase. Bug fixes * Fix endless loop when there are multiple sub-options for DHCP option 82. * More debug output when sending / receiving DHCP packets. * EAP-MSCHAPv2 should return the MPPE keys when used outside of a TLS tunnel. This is needed for IKE. * Added SSL "no ticket" option to prevent SSL from creating sessions without IDs. We need the IDs, so this option should be set. * Fix proxying of packets from inside a TTLS/PEAP tunnel. Closes bug #25. * Allow IPv6 address attributes to be created from domain names Closes bug #82. * Set the string length to the correct value when parsing double quotes. Closes bug #88. * No longer look users up in /etc/passwd in the default configuration. This can be reverted by enabling "unix" in the "authorize" section. * More #ifdef's to enable building on systems without certain features. * Fixed SQL-Group comparison to register only if the group query is defined. * Fixed SQL-Group comparison to register -SQL-Group, just like rlm_ldap. This lets you have multiple SQL group checks. * Fix scanning of octal numbers in "unlang". Closes bug #89. * Be less aggressive about freeing "stuck" requests. Closes bug #35. * Fix example in "originate-coa" to refer to the correct packet. * Change default timeout for dynamic clients to 1 hour, not 1 day. * Allow passwd module to map IP addresses, too. * Allow passwd module to be used for CoA packets * Put boot filename into DHCP header when DHCP-Boot-Filename is specified. * raddb/certs/Makefile no longer has certs depend on index.txt and serial. Closes bug #64. * Ignore NULL errorcode in PostgreSQL client. Closes bug #39 * Made Exec-Program and Exec-Program-Wait work in accounting section again. See sites-available/default. * Fix long-standing memory leak in esoteric conditions. Found by Jerry Nichols. * Added "Password-With-Header == userPassword" to raddb/ldap.attrmap This will automatically convert more passwords. * Updated rlm_pap to decode Password-With-Header, if it was base64 encoded, and to treat the contents as potentially binary data. * Fix Novell eDir code to use the right function parameters. Closes bug #86. * Allow spaces to be escaped when executing external programs. Closes bug #93. * Be less restrictive about checking permissions on control socket. If we're root, allow connecting to a non-root socket. * Remove control socket on normal server exit. If the server isn't running, the control socket should not exist. * Use MS-CHAP-User-Name as Name field from EAP-MSCHAPv2 for MS-CHAP calculations. It *MAY* be different (upper / lower case) from the User-Name attribute. Closes bug #17. * If the EAP-TLS methods have problems, more SSL errors are now available in the Module-Failure-Message attribute. * Update Oracle configure scripts. Closes bug #57. * Added text to DESC fields of doc/examples/openldap.schema * Updated more documentation to use "Restructured Text" format. Thanks to James Lockie. * Fixed typos in raddb/sql/mssql/dialup.conf. Closes bug #11. * Return error for potential proxy loops when using "-XC" * Produce better error messages when slow databases block the server. * Added notes on DHCP broadcast packets for FreeBSD. * Fixed crash when parsing some date strings. Closes bug #98 * Improperly formatted Attributes are now printed as "Attr-##". If they are not correct, they should not use the dictionary name. * Fix rlm_digest to be check the format of the Digest attributes, and return "noop" rather than "fail" if they're not right. * Enable "digest" in raddb/sites-available/default. This change enables digest authentication to work "out of the box". * Be less aggressive about marking home servers as zombie. If they are responding to some packets, they are still alive. * Added Packet-Transmit-Counter, to track detail file retransmits. Closes bug #13. * Added configure check for lt_dladvise_init(). If it exists, then using it solves some issues related to libraries loading libraries. * Added indexes to the MySQL IP Pool schema. * Print WARNING message if too many attributes are put into a packet. * Include dhcp test client (not built by default) * Added checks for LDAP constraint violation. Closes bug #18. * Change default raddebug timeout to 60 seconds. * Made error / warning messages more consistent. * Correct back-slash handling in variable expansion. Closes bug #46. You SHOULD check your configuration for backslash expansion! * Fix typo in "configure" script (--enable-libltdl-install) * Use local libltdl in more situations. This helps to avoid * compile issues complaining about lt__PROGRAM__LTX_preloaded_symbols. Fix hang on startup when multiple home servers were defined with src_ipaddr field. * Fix 32/64 bit issue in rlm_ldap. Closes bug #105. * If the first "listen" section defines 127.0.0.1, don't use that as a source IP for proxying. It won't work. * When Proxy-To-Realm is set to a non-existent realm, the EAP module should handle the request, rather than expecting it to be proxied. * Fix IPv4 issues with udpfromto. Closes bug #110. * Clean up child processes of raddebug. Closes bug #108 and bug #109 * retry OTP if the OTP daemon fails. Closes bug #58. * Multiple calls to ber_printf seem to work better. Closes bug #106. * Fix "unlang" so that "attribute not found" is treated as a "false" comparison, rather than a syntax error in the configuration. * Fix issue with "Group" attribute. Fix: Patch attached with submission follows:
Class Changed From-To: change-request->maintainer-update Fix category (submitter is maintainer) (via the GNATS Auto Assign Tool)
Responsible Changed From-To: freebsd-ports-bugs->wxs I'll take it.
wxs 2010-10-21 23:52:35 UTC FreeBSD ports repository Modified files: net/freeradius2 Makefile distinfo pkg-plist Added files: net/freeradius2/files patch-rlm_sql_oracle Log: Update to 2.1.10 PR: ports/151537 Submitted by: Ryan Steinmetz <rpsfa@rit.edu> (maintainer) Revision Changes Path 1.90 +3 -2 ports/net/freeradius2/Makefile 1.32 +3 -3 ports/net/freeradius2/distinfo 1.1 +805 -0 ports/net/freeradius2/files/patch-rlm_sql_oracle (new) 1.43 +31 -17 ports/net/freeradius2/pkg-plist _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!