Bug 158413

Summary: [maintainer-update] net/freeradius2 to 2.1.11
Product: Ports & Packages Reporter: Ryan Steinmetz <rpsfa>
Component: Individual Port(s)Assignee: Frederic Culot <culot>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Latest   
Hardware: Any   
OS: Any   
Description Flags
file.diff none

Description Ryan Steinmetz 2011-06-29 02:40:08 UTC
-Update to 2.1.11
-Remove files/patch-src-modules-rlm_mschap-rlm_mschap.c
-Remove HAVE_LT_DLADVISE_INIT workaround
-Remove extra line return in pkg-descr


Feature improvements

    Added doc/rfc/rfc6158.txt: RADIUS Design Guidelines. All vendors need to read it and follow its directions.
    Microsoft SoH support for PEAP from Phil Mayers. See doc/SoH.txt
    Certificate "bootstrap" script now checks for certificate expiry. See comments in raddb/eap.conf, and then "make_cert_command".
    Support for dynamic expansion of EAP-GTC challenges. Patch from Alexander Clouter.
    OCSP support from Alex Bergmann. See raddb/eap.conf, "ocsp" section.
    Updated dictionary.huawei, dictionary.3gpp, dictionary.3gpp3.
    Added dictionary.eltex, dictionary.motorola, and dictionary.ukerna.
    Experimental redis support from Gabriel Blanchard. See raddb/modules/redis and raddb/modules/rediswho
    Add "key" to rlm_fastusers. Closes bug #126.
    Added scripts/radtee from original software at http://horde.net/~jwm/software/misc/comparison-tee
    Updated radmin "man" page for new commands.
    radsniff now prints the hex decoding of the packet (-x -x -x)
    mschap module now reloads its configuration on HUP
    Added experimental "replicate" module. See raddb/modules/replicate
    Policy "foo" can now refer to module "foo". This lets you over-ride the behavior of a module.
    Policy "foo.authorize" can now over-ride the behavior of module "foo", "authorize" method.
    Produce errors in more situations when the configuration files have invalid syntax.

Bug fixes

    Ignore pre/post-proxy sections if proxying is disabled.
    Add configure checks for pcap_fopen*.
    Fix call to otp_write in rlm_otp
    Fix issue with Access-Challenge checking from 2.1.10, when the debug flag was set after server startup. Closes #116 and #117.
    Fix typo in zombie period start time.
    Fix leak in src/main/valuepair.c. Patch from James Ballantine.
    Allow radtest to use spaces in shared secret. Patch from Cedric Carree.
    Remove extra calls to HMAC_CTX_init() in rlm_wimax, fixing leak. Patch from James Ballantine.
    Remove MN-FA key generation. The NAS does this, not AAA. Patch from Ben Weichman.
    Include dictionary.mikrotik by default. Closes bug #121.
    Add group membership query to MS-SQL examples. Closes bug #120.
    Don't cast NAS-Port to integer in Postgresql queries. Closes bug #112.
    Fixes for libtool and autoconf from Sam Hartman.
    radsniff should read the dictionaries in more situations.
    Use fnmatch to check for detail file reader==writer. Closes bug #128.
    Check for short writes (i.e. disk full) in rlm_detail. Closes bug #130. Patches and testing from John Morrissey.
    Fix typo in src/lib/token.c. Closes bug #124
    Allow workstation trust accounts to use MS-CHAP. Closes bug #123.
    Assigning foo=`/bin/echo hello` now produces a syntax error if it is done outside of an "update" section.
    Fix "too many open file descriptors" problem when using "verify client" in eap.conf.
    Many fixes to dialup_admin for PHP5, by Stefan Winter.
    Allow preprocess module to have "hints = " and "huntgroups =", which allows them to be empty or non-existent.
    Renamed "php3" files to "php" in dialup_admin/
    Produce error when sub-TLVs are used in a dictionary. They are supported only in the "master" branch, and not in 2.1.x.
    Minor fix in dictionary.redback. Closes bug #138.
    Fixed MySQL "NULL" issues in ippool.conf. Closes bug #129.
    Fix to Access-Challenge warning from Ken-ichirou Matsuzawa. Closes bug #118.
    DHCP fixes to send unicast packets in more situations.
    Fix to udpfromto, to enable it to work on IPv6 networks.
    Fixes to the Oracle accounting_onoff_query.
    When using both IPv4 and IPv6 home servers, ensure that we use the correct local socket for proxying. Closes bug #143.
    Suppress messages when thread pool is nearly full, all threads are busy, and we can't create new threads.
    IPv6 is now enabled for udpfromto. Closes bug #141
    Make sqlippool query buffer the same size as sql module. Closes bug #139.
    Make Coa / Disconnect proxying work again.
    Configure scripts for rlm_caching from Nathaniel McCallum
    src/lib/dhcp.c and src/include/libradius.h are LGPL, not GPL.
    Updated password routines to use time-insensitive comparisons. This prevents timing attacks (though none are known).
    Allow sqlite module to do normal SELECT queries.
    rlm_wimax now has a configure script
    Moved Ascend, USR, and Motorola "illegal" dictionaries to separate files. See share/dictionary for explanations.
    Check for duplicate module definitions in the modules{} section, and refuse to start if duplicates are found.
    Check for duplicate virtual servers, and refuse to start if duplicates are found.
    Don't use udpfromto if source is INADDR_ANY. Closes bug #148.
    Check pre-conditions before running radmin "inject file".
    Don't over-ride "no match" with "match" for regexes. Closes bug #152.
    Make retry and error message configurable in mschap. See raddb/modules/mschap
    Allow EAP-MSCHAPv2 to send error message to client. This change allows some clients to prompt the user for a new password. See raddb/eap.conf, mschapv2 section, "send_error".
    Load the default virtual server before any others. This matches what users expect, and reduces confusion.
    Fix configure checks for udpfromto. Fixes Debian bug #606866
    Definitive fix for bug #35, where the server could crash under certain loads. Changes src/lib/packet.c to use RB trees.
    Updated "configure" checks to allow IPv6 udpfromto on Linux.
    SQL module now returns NOOP if the accounting start/interim/stop queries don't do anything.
    Allow %{outer.control: ... } in string expansions
    home_server coa config now matches raddb/proxy.conf
    Never send a reply to a DHCP Release.

Fix: Patch attached with submission follows:
Comment 1 Frederic Culot freebsd_committer 2011-06-29 07:23:10 UTC
Responsible Changed
From-To: freebsd-ports-bugs->culot

I'll take it.
Comment 2 dfilter service freebsd_committer 2011-06-29 08:24:06 UTC
culot       2011-06-29 07:23:53 UTC

  FreeBSD ports repository

  Modified files:
    net/freeradius2      Makefile distinfo pkg-descr pkg-plist 
    net/freeradius2/files patch-rlm_sql_oracle 
  Removed files:
  - Update to 2.1.11
  - Add LICENSE (GPLv2)
  - Remove HAVE_LT_DLADVISE_INIT workaround
  PR:             ports/158413
  Submitted by:   Ryan Steinmetz <rpsfa@rit.edu> (maintainer)
  Revision  Changes    Path
  1.95      +3 -6      ports/net/freeradius2/Makefile
  1.34      +2 -2      ports/net/freeradius2/distinfo
  1.2       +42 -39    ports/net/freeradius2/files/patch-rlm_sql_oracle
  1.2       +0 -14     ports/net/freeradius2/files/patch-src-modules-rlm_mschap-rlm_mschap.c (dead)
  1.7       +0 -1      ports/net/freeradius2/pkg-descr
  1.44      +30 -0     ports/net/freeradius2/pkg-plist
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Frederic Culot freebsd_committer 2011-06-29 08:24:11 UTC
State Changed
From-To: open->closed

Committed. Thanks!