Bug 151537 - [maintainer update] net/freeradius2 update to 2.1.10
Summary: [maintainer update] net/freeradius2 update to 2.1.10
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Wesley Shields
Depends on:
Reported: 2010-10-18 16:00 UTC by Ryan Steinmetz
Modified: 2010-10-22 01:00 UTC (History)
0 users

See Also:

file.diff (29.45 KB, patch)
2010-10-18 16:00 UTC, Ryan Steinmetz
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan Steinmetz 2010-10-18 16:00:25 UTC
-Update to 2.1.10

2010.09.28 Version 2.1.10 (sig) has been released. The focus of this release is stability.
Feature improvements

    * Install the "radcrypt" program.
    * Enable radclient to send requests containing MS-CHAPv1 Send packets with: MS-CHAP-Password = "password". It will be automatically converted to the correct MS-CHAP attributes.
    * Added "-t" command-line option to radtest. You can use "-t pap", "-t chap", "-t mschap", or "-t eap-md5". The default is "-t pap"
    * Make the "inner-tunnel" virtual server listen on This change and the previous one makes PEAP testing much easier.
    * Added more documentation and examples for the "passwd" module.
    * Added dictionaries for RFC 5607 and RFC 5904.
    * Added note in proxy.conf that we recommend setting "require_message_authenticator = yes" for all home servers.
    * Added example of second "files" configuration, with documentation. This shows how and where to use two instances of a module.
    * Updated radsniff to have it write pcap files, too. See '-w'.
    * Print out large WARNING message if we send an Access-Challenge for EAP, and receive no follow-up messages from the client.
    * Added Cached-Session-Policy for EAP session resumption. See raddb/eap.conf.
    * Added support for TLS-Cert-* attributes. For details, see raddb/sites-available/default, "post-auth" section.
    * Added sample raddb/modules/{opendirectory,dynamic_clients}
    * Updated Cisco and Huawei, HP, Redback, and ERX dictionaries.
    * Added RFCs 5607, 5904, and 5997.
    * For EAP-TLS, client certificates can now be validated using an external command. See eap.conf, "validate" subsection of "tls".
    * Made rlm_pap aware of {nthash} prefix, for compatibility with legacy RADIUS systems.
    * Add Module-Failure-Message for mschap module (ntlm_auth)
    * made rlm_sql_sqlite database configurable. Use "filename" in sql{} section.
    * Added %{tolower: ...string ... }, which returns the lowercase version of the string. Also added %{toupper: ... } for uppercase.

Bug fixes

    * Fix endless loop when there are multiple sub-options for DHCP option 82.
    * More debug output when sending / receiving DHCP packets.
    * EAP-MSCHAPv2 should return the MPPE keys when used outside of a TLS tunnel. This is needed for IKE.
    * Added SSL "no ticket" option to prevent SSL from creating sessions without IDs. We need the IDs, so this option should be set.
    * Fix proxying of packets from inside a TTLS/PEAP tunnel. Closes bug #25.
    * Allow IPv6 address attributes to be created from domain names Closes bug #82.
    * Set the string length to the correct value when parsing double quotes. Closes bug #88.
    * No longer look users up in /etc/passwd in the default configuration. This can be reverted by enabling "unix" in the "authorize" section.
    * More #ifdef's to enable building on systems without certain features.
    * Fixed SQL-Group comparison to register only if the group query is defined.
    * Fixed SQL-Group comparison to register -SQL-Group, just like rlm_ldap. This lets you have multiple SQL group checks.
    * Fix scanning of octal numbers in "unlang". Closes bug #89.
    * Be less aggressive about freeing "stuck" requests. Closes bug #35.
    * Fix example in "originate-coa" to refer to the correct packet.
    * Change default timeout for dynamic clients to 1 hour, not 1 day.
    * Allow passwd module to map IP addresses, too.
    * Allow passwd module to be used for CoA packets
    * Put boot filename into DHCP header when DHCP-Boot-Filename is specified.
    * raddb/certs/Makefile no longer has certs depend on index.txt and serial. Closes bug #64.
    * Ignore NULL errorcode in PostgreSQL client. Closes bug #39
    * Made Exec-Program and Exec-Program-Wait work in accounting section again. See sites-available/default.
    * Fix long-standing memory leak in esoteric conditions. Found by Jerry Nichols.
    * Added "Password-With-Header == userPassword" to raddb/ldap.attrmap This will automatically convert more passwords.
    * Updated rlm_pap to decode Password-With-Header, if it was base64 encoded, and to treat the contents as potentially binary data.
    * Fix Novell eDir code to use the right function parameters. Closes bug #86.
    * Allow spaces to be escaped when executing external programs. Closes bug #93.
    * Be less restrictive about checking permissions on control socket. If we're root, allow connecting to a non-root socket.
    * Remove control socket on normal server exit. If the server isn't running, the control socket should not exist.
    * Use MS-CHAP-User-Name as Name field from EAP-MSCHAPv2 for MS-CHAP calculations. It *MAY* be different (upper / lower case) from the User-Name attribute. Closes bug #17.
    * If the EAP-TLS methods have problems, more SSL errors are now available in the Module-Failure-Message attribute.
    * Update Oracle configure scripts. Closes bug #57.
    * Added text to DESC fields of doc/examples/openldap.schema
    * Updated more documentation to use "Restructured Text" format. Thanks to James Lockie.
    * Fixed typos in raddb/sql/mssql/dialup.conf. Closes bug #11.
    * Return error for potential proxy loops when using "-XC"
    * Produce better error messages when slow databases block the server.
    * Added notes on DHCP broadcast packets for FreeBSD.
    * Fixed crash when parsing some date strings. Closes bug #98
    * Improperly formatted Attributes are now printed as "Attr-##". If they are not correct, they should not use the dictionary name.
    * Fix rlm_digest to be check the format of the Digest attributes, and return "noop" rather than "fail" if they're not right.
    * Enable "digest" in raddb/sites-available/default. This change enables digest authentication to work "out of the box".
    * Be less aggressive about marking home servers as zombie. If they are responding to some packets, they are still alive.
    * Added Packet-Transmit-Counter, to track detail file retransmits. Closes bug #13.
    * Added configure check for lt_dladvise_init(). If it exists, then using it solves some issues related to libraries loading libraries.
    * Added indexes to the MySQL IP Pool schema.
    * Print WARNING message if too many attributes are put into a packet.
    * Include dhcp test client (not built by default)
    * Added checks for LDAP constraint violation. Closes bug #18.
    * Change default raddebug timeout to 60 seconds.
    * Made error / warning messages more consistent.
    * Correct back-slash handling in variable expansion. Closes bug #46. You SHOULD check your configuration for backslash expansion!
    * Fix typo in "configure" script (--enable-libltdl-install)
    * Use local libltdl in more situations. This helps to avoid
    * compile issues complaining about lt__PROGRAM__LTX_preloaded_symbols. Fix hang on startup when multiple home servers were defined with src_ipaddr field.
    * Fix 32/64 bit issue in rlm_ldap. Closes bug #105.
    * If the first "listen" section defines, don't use that as a source IP for proxying. It won't work.
    * When Proxy-To-Realm is set to a non-existent realm, the EAP module should handle the request, rather than expecting it to be proxied.
    * Fix IPv4 issues with udpfromto. Closes bug #110.
    * Clean up child processes of raddebug. Closes bug #108 and bug #109
    * retry OTP if the OTP daemon fails. Closes bug #58.
    * Multiple calls to ber_printf seem to work better. Closes bug #106.
    * Fix "unlang" so that "attribute not found" is treated as a "false" comparison, rather than a syntax error in the configuration.
    * Fix issue with "Group" attribute.

Fix: Patch attached with submission follows:
Comment 1 Edwin Groothuis freebsd_committer 2010-10-18 16:00:40 UTC
Class Changed
From-To: change-request->maintainer-update

Fix category (submitter is maintainer) (via the GNATS Auto Assign Tool)
Comment 2 Wesley Shields freebsd_committer 2010-10-18 16:14:41 UTC
Responsible Changed
From-To: freebsd-ports-bugs->wxs

I'll take it.
Comment 3 dfilter service freebsd_committer 2010-10-22 00:52:40 UTC
wxs         2010-10-21 23:52:35 UTC

  FreeBSD ports repository

  Modified files:
    net/freeradius2      Makefile distinfo pkg-plist 
  Added files:
    net/freeradius2/files patch-rlm_sql_oracle 
  Update to 2.1.10
  PR:             ports/151537
  Submitted by:   Ryan Steinmetz <rpsfa@rit.edu> (maintainer)
  Revision  Changes    Path
  1.90      +3 -2      ports/net/freeradius2/Makefile
  1.32      +3 -3      ports/net/freeradius2/distinfo
  1.1       +805 -0    ports/net/freeradius2/files/patch-rlm_sql_oracle (new)
  1.43      +31 -17    ports/net/freeradius2/pkg-plist
cvs-all@freebsd.org mailing list
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Wesley Shields freebsd_committer 2010-10-22 00:52:47 UTC
State Changed
From-To: open->closed

Committed. Thanks!