Bug 122097 - net/freeradius2 - update to 2.0.3
Summary: net/freeradius2 - update to 2.0.3
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Martin Matuska
Depends on:
Reported: 2008-03-25 23:30 UTC by David Wood
Modified: 2008-04-02 14:12 UTC (History)
0 users

See Also:

file.diff (13.70 KB, patch)
2008-03-25 23:30 UTC, David Wood
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description David Wood 2008-03-25 23:30:00 UTC
FreeBSD enhancements

A new USER option has been added to run FreeRADIUS as the freeradius user and
freeradius group. Running as root is not recommended from a security point of
view. This option makes it easy to secure your FreeRADIUS server 'out of the

Some unnecessary code has been removed from the patch to rlm_python in

Release notes


	Feature improvements
	* Added notes on how to debug the server in radiusd.conf
	* Moved all "log_*" in radiusd.conf to log{} section.
	  The old configurations are still accepted, though.
	* Added ca.der target in raddb/certs/Makefile.  This is
	  needed for importing CA certs into Windows.
	* Added ability send raw attributes via
		"Raw-Attribute = 0x0102..."
	  This is available only debug builds.  It can be used
	  to create invalid packets! Use it with care.
	* Permit "unlang" policies inside of Auth-Type{} sub-sections
	  of the authenticate{} section.  This makes some policies
	  easier to implement.
	* "listen" sections can now have "type = proxy".  This lets you
	  control which IP is used for sending proxied requests.
	* Added note on SSL performance to raddb/certs/README

	Bug fixes
	* Fixed reading of "detail" files.
	* Allow inner EAP tunneled sessions to be proxied.
	* Corrected MySQL schemas
	* syslog now works in log{} section.
	* Corrected typo in raddb/certs/client.cnf
	* Updated raddb/sites-available/proxy-inner-tunnel to
	  permit authentication to work.
	* Ignore zero-length attributes in received packets.
	* Correct memcpy when dealing with unknown attributes.
	* Corrected debugging messages in attr_rewrite.
	* Corrected generation of State attribute in EAP.  This
	  fixes the "failed to remember handler" issues.
	* Fall back to DEFAULT realm if no realm was found.
	  Based on a patch from Vincent Magnin.
	* Updated example raddb/sites-available/proxy-inner-tunnel
	* Corrected behavior of attr_filter to match documentation.
	  This is NOT backwards compatible with previous versions!
	  See "man rlm_attr_filter" for details.


        Feature improvements
        * Updated raddb/certs/ca.cnf with extensions to allow ca.der
          to be imported as a CA on Symbian and Windows Mobile devices.
          Closes bug #524
        * Enable multiple matches in "hints" via Fall-Through = Yes.
          Closes bug #477
        * Added preliminary SQLite driver, contibuted by Apple.
          Untested, with no sample configuration.  This address bug #470.
        * Updated logging sub-system so that log messages from libfreeradius
          can go to the log file, and not stdout.
        * Added dictionary.rfc5176
        * EAP module now checks for instance name, and uses that for
          authentication.  This avoids the need to set Auth-Type when
          there are multiple instances of the EAP module.
        * Added Module-Return-Code attribute, which contains the value
          returned by the previous module (ok/fail/update/etc.)

        Bug fixes
        * Corrected typos in rlm_dbm.  Closes bugs #521 and #522.
        * Detail file "listen" sections now work much better.
        * Don't allow old "log_*" to over-ride new format.  Closes bug #525
        * Initialize allocated memory in Oracle SQL driver.  This fixes
          occasional crashes on some systems.  Closes bug #518
        * Call correct function in rlm_protocol_filter.  This enables the
          module to build.  Closes bug #512.
        * Added deprecated flag to build for rlm_krb5.  This allows it to
          run on 64-bit systems.  Closes bug #491
        * Corrected error message when parsing invalid configurations
          so it doesn't crash.  Closes bug #527
        * Fix handling of timeouts in rlm_ldap that affected 64-bit systems.
        * Handle $INCLUDE's in "instantiate" section.  Closes #528.
        * Format updates to "man" pages from Stephen Gran.

Fix: Files added: files/patch-sites-available, files/pkg-deinstall.in, files/pkg-install.in
Files deleted: <none>

Add the following line to /usr/ports/UIDs:
freeradius:*:133:133:FreeRADIUS Daemon:/nonexistent:/usr/sbin/nologin

Add the following line to /usr/ports/GIDs:

(if UID / GID 133 have been taken by the time this is committed, use the next
free UID / GID)

Patch attached with submission follows:
Comment 1 Martin Matuska freebsd_committer 2008-04-02 11:40:57 UTC
Responsible Changed
From-To: freebsd-ports-bugs->mm

I'll take it.
Comment 2 dfilter service freebsd_committer 2008-04-02 13:55:47 UTC
mm          2008-04-02 12:55:40 UTC

  FreeBSD ports repository

  Modified files:
    .                    GIDs UIDs 
  - Add GID and UID for net/freeradius2
  PR:             ports/122097
  Submitted by:   David Wood <david@wood2.org.uk> (maintainer)
  Revision  Changes    Path
  1.55      +2 -1      ports/GIDs
  1.64      +2 -1      ports/UIDs
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 dfilter service freebsd_committer 2008-04-02 14:07:06 UTC
mm          2008-04-02 13:07:01 UTC

  FreeBSD ports repository

  Modified files:
    net/freeradius2      Makefile distinfo pkg-plist 
    net/freeradius2/files patch-pthread radiusd.sh.in 
  Added files:
    net/freeradius2/files patch-sites-available pkg-deinstall.in 
  - Update to 2.0.3
  - Create own user and group
  - Fix and update patches
  PR:             ports/122097
  Submitted by:   David Wood <david@wood2.org.uk> (maintainer)
  Revision  Changes    Path
  1.68      +51 -2     ports/net/freeradius2/Makefile
  1.25      +3 -3      ports/net/freeradius2/distinfo
  1.3       +4 -14     ports/net/freeradius2/files/patch-pthread
  1.1       +31 -0     ports/net/freeradius2/files/patch-sites-available (new)
  1.1       +32 -0     ports/net/freeradius2/files/pkg-deinstall.in (new)
  1.1       +158 -0    ports/net/freeradius2/files/pkg-install.in (new)
  1.4       +3 -2      ports/net/freeradius2/files/radiusd.sh.in
  1.35      +10 -2     ports/net/freeradius2/pkg-plist
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Martin Matuska freebsd_committer 2008-04-02 14:11:59 UTC
State Changed
From-To: open->closed

Committed, with minor changes. Thanks!