SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for freeradius-server-3.0.3-3.1.x86_64.rpm :
Sun Aug 3 14:00:00 2014 sfalkenAATTopensuse.org
- added patch to changelog to fix factory-auto failure (Req #242825)
added:
freeradius-server-var_run.patch

Mon Jul 28 14:00:00 2014 vcizekAATTsuse.com
- fixed SUSE spelling in a filename (bnc#889034)

* don\'t install suse/README.SuSE
- remove old tarball and signature file

Tue Jul 22 14:00:00 2014 vcizekAATTsuse.com
- spec run through spec-cleaner
- don\'t install files to /var/run

Fri May 16 14:00:00 2014 vcizekAATTsuse.com
- update to 3.0.3
Many bugfixes
Feature improvements

* Everything now builds with no warnings from the C compiler,
clang static analyzer, or cppcheck.

* rlm_ldap now supports defining the LDAP attribute name via
backticked expansion (i.e. shell command) in
RADIUS <-> LDAP mappings.

* rlm_ldap now supports older style generic attributes.

* dynamic expansions (e.g. \"%{expr:1 + 2}\" are now parsed
when the server starts. Syntax errors in the strings
are caught, and a descriptive error is printed.

* Static regular expressions (e.g. /a
*b/) are now parsed
when the server starts. Syntax errors in the strings
are caught, and a descriptive error is printed.

* dynamic expansions are cached after being parsed. They are
no longer re-parsed at run-time for every request.

* regular expressions are now parsed and cached when the server
starts.

* Added the %{rest:} expansion to rlm_rest, which will send
a GET request to the URL passed as the format string.
Any body text will be written to the expansion buffer.

* rlm_rest now available as a debian package.

* When an \'if\' condition statically evaluates to true/false,
unlang does more static optimization. For examples, see
src/tests/keywords/if-skip

* All modules are marked as safe for \'-C\', which lets the
dynamic expansion checks work in more situations.

* Added \'none\' and \'custom\' rlm_rest body types. \'custom\'
allows sending of arbitrary expanded text and content-type
headers.

* Added \"config\" section to Perl. See mods-available/perl

* Added \'%v\' which expands to the server version - Patch
from Alan Buxey.

* more mis-matched casts are caught in \"if\" conditions,
and descriptive errors are printed.

* Support basic response validation in radclient. This allows
administrators to write local test cases for their
site-specific configurations.

* Removed radconf2xml and radmin \"show client config\" and
\"show home_server config\".

* Forbid running with vulnerable versions of OpenSSL.
See \"allow_vulnerable_openssl\" in the \"security\"
subsection of \"radiusd.conf\"

* Catch underlying \"heartbleed\" problem, so that nothing bad
happens even when using a vulnerable version of OpenSSL.

* Add locking API for sql_null, linelog, and detail modules,
which should improve performance and work around issues
on platforms with bad file locking.

* Allow DHCP NAKs to be delayed, via setting
reply:FreeRADIUS-Response-Delay = 1

* Allow tag and array references anywhere attributes
are allowed in \"unlang\".

* many enhancements to radsniff, including output
to collectd, ipv6 support and packet loss statistics.

* Many dictionary updates (ZTE, Brocade, Motorola).

* rlm_yubikey now automatically splits passwords from OTP
strings.

* The detail file reader is now threaded by default.
This should improve performance reading the files.
- dropped freeradius-server-CVE-2014-2015.patch (upstream)

Fri Feb 28 13:00:00 2014 vcizekAATTsuse.com
- fix for CVE-2014-2015 (bnc#864576)

* denial of service in rlm_pap hash processing

* added freeradius-server-CVE-2014-2015.patch

Wed Jan 29 13:00:00 2014 vcizekAATTsuse.com
- remove the old 3.0.0 sources

Sat Jan 25 13:00:00 2014 mardnhAATTgmx.de
- update to 3.0.1
Feature improvements

* Add \"timeout\" to exec, and \"ntlm_auth_timeout\" to mschap.
So that run-away child processes are caught earlier.

* Allow TLS clients to use \"proto = tls\", in which case
TLS is required. The shared secret is then set to \"radsec\".

* More documentation in the tls virtual server.

* Add \"date\" module for date formatting.
See raddb/mods-available/date.

* Added unit test suite for internal server functionality

* When loading \"update\" sections, check if the RHS is a literal
value. If so, syntax check it immediately.

* Update LDAP module documentation and functionality.
The generic attribute can now update lists.

* Updated dictionary.extreme.

* Update sqlippool to do clears as a separate transaction,
and at most once per second. This should help MySQL.

* Respect control:Response-Packet-Type for all types of
requests.

* Add support for SSL encryption to the MySQL driver.

* Allow arbitrary connection parameters to be used with the
PostgreSQL driver.

* Changes to the OpenLDAP schema to fully expose functionality
of the new LDAP module.

* Update debian packaging to include a freeradius-config
package. This package may be provided as a site local
package to avoid fighting with the preinstalled config
files.
Bug fixes

* Use correct field for ARP setting in DHCP.

* Fix crash on debug condition (#454).

* Fix a number of minor issues caught by the clang
analyzer.

* Set WARNING messages to yellow instead of normal text.

* Correct debug colorise logic. Patch from Phil Mayers.

* Encode attributes of type \"ethernet\". No one uses them,
but it makes sense.

* Work around regex initialization issues.

* Fix build when linking against OpenSSL.

* Print IDs as positive numbers, which helps for large DHCP
XIDs.

* Fix issue with sql_ippool.

* sqlcounter now uses 64-bit counters, to deal with 4G overflow.

* Fix issues with DHCP subsystem.

* Don\'t build / install disabled modules, or their config
files.

* Fix build for OSX Mavericks, which hid the header files
in a magical place.

* Fix LEAP buffer issue. You should still avoid LEAP.

* Mark \"unknown\" WiMAX attributes as being WiMAX.

* Fix typo in packet decoder for fragmented extended attrs

* RPM spec fixes.

* Fix rlm_perl build issues when not using threads.

* Enable %{Response-Packet-Type} again.

* Update configuration file parser to handle \"bool\"
consistently.

* Update declarations of global boolean variables to use
\"bool\" consistently. This fixes an issue where some
modules were instantiated in \"config check\" mode and
did not work correctly.

* Make more messages debug instead of info, to avoid
polluting the logs with messages that can\'t be fixed.

* Set operator in internal unlang code to suppress spurious
warning messages.

* Fix debian packaging.

* Added \"status\" to Debian init script.

* Fix \"update outer.request\" to update the outer request.

* Don\'t print TLS debugging messages when not in debug mode.

* Correctly manage counters for \"limit\" sections of TCP / TLS
\"listen\" sockets.

* Fix libldap debug output.

* Fix rlm_ldap tls functionality.

* Initialise OpenSSL globals early to avoid issues with the
PostgreSQL library.

* Fix typo in sqlcounter expansion code. Fixes #463

* Overwrite previous instances of SQL-User-Name when adding
it to the request.

* Work around bugs in both MIT and heimdal versions of
krb5_copy_context(), which caused segfaults in
multithreaded mode.

* Provide meaningful error messages if Heimdal krb5 is used.

* Fix attribute supression in rlm_detail.

* Exit with error code if child fails to complete server
initialisation after forking. This allows init scripts to
correctly report whether the server started ok.

Mon Oct 21 14:00:00 2013 vcizekAATTsuse.com
- don\'t build with experimental modules
- fix packaging bugs:

* install init scripts only on <= 11.4

* install systemd unit

* add %defattr for submodules

Tue Oct 15 14:00:00 2013 vcizekAATTsuse.com
- update to 3.0.0

* new feature release

* see /usr/share/doc/packages/freeradius-server/ChangeLog
for complete list of changes in this release

* documentation for upgrading from 2.x is in /etc/raddb/README.rst
- drop oracle support (wasn\'t built anyway)
- dropped patches (obsolete):

* freeradius-server-2.1.6-codecleanup.patch

* freeradius-server-2.1.6-dialup_admin.patch

* freeradius-server-2.1.1-edirectory.patch
- added systemd service unit

* radiusd.service
- added systemd-tmpfile for /var/run/radiusd

* freeradius-tmpfiles.conf
- added gpg-offline verification

* freeradius-server.keyring

Thu Sep 5 14:00:00 2013 mlsAATTsuse.de
- add libperl_requires, as we link against libperl and thus
need a specific version of perl

Thu Mar 14 13:00:00 2013 vcizekAATTsuse.com
- fixed a bug in the logrotate script (bnc#797292)

Mon Oct 1 14:00:00 2012 vcizekAATTsuse.com
- files in sites-available/ are now %config(noreplace) [bnc#781756]

Mon Sep 10 14:00:00 2012 vcizekAATTsuse.com
- update to 2.2.0
- see /usr/share/doc/packages/freeradius-server/ChangeLog
for complete list of changes in this release
- fixes CVE-2012-3547 (bnc#777834)
- dropped freeradius-server-2.1.6-overflow.patch (upstream)
- dropped freeradius-server-sha1-default.patch (upstream)
- refreshed freeradius-server-fix-cert-bootstrap.patch

Mon May 28 14:00:00 2012 vcizekAATTsuse.com
- Use the new \'su\' logrotate option (bnc#677335)

Mon May 14 14:00:00 2012 joop.boonenAATTopensuse.org
- Enable the same CFLAGS as for other hardware

Wed Oct 19 14:00:00 2011 vcizekAATTsuse.com
- update to 2.1.12
Feature improvements

* Updates to dictionary.erx, dictionary.siemens, dictionary.starent,
dictionary.starent.vsa1, dictionary.zyxel, added dictionary.symbol

* Added support for PCRE from Phil Mayers

* Configurable file permission in rlm_linelog

* Added \"relaxed\" option to rlm_attr_filter. This copies attributes
if at least one match occurred.

* Added documentation on dynamic clients.
See raddb/modules/dynamic_clients.

* Added support for elliptical curve cryptography.
See ecdh_curve in raddb/eap.conf.

* Added support for 802.1X MIBs in checkrad

* Added support for %{rand:...}, which generates a uniformly
distributed number between 0 and the number you specify.

* Created \"man\" pages for all installed commands, and documented
options for all commands. Patch from John Dennis.

* Allow radsniff to decode encrypted VSAs and CoA packets.
Patch from Bjorn Mork.

* Always send Message-Authenticator in radtest. Patch from John Dennis.
radclient continues to be more flexible.

* Updated Oracle schema and queries

* Added SecurID module. See src/modules/rlm_securid/README
Bug fixes

* Fix memory leak in rlm_detail

* Fix \"failed to insert event\"

* Allow virtual servers to be reloaded on HUP.
It no longer complains about duplicate virtual servers.

* Fix %{string:...} expansion

* Fix \"server closed socket\" loop in radmin

* Set ownership of control socket when starting up

* Always allow root to connect to control socket, even if
\"uid\" is set. They\'re root. They can already do anything.

* Save all attributes in Access-Accept when proxying inner-tunnel
EAP-MSCHAPv2

* Fixes for DHCP relaying.

* Check certificate validity when using OCSP.

* Updated Oracle \"configure\" script

* Fixed typos in dictionary.alvarion

* WARNING on potential proxy loop.

* Be more aggressive about clearing old requests from the
internal queue

* Don\'t open network sockets when using -C
- freeradius-server-snprintf-overflow.patch merged in upstream

Tue Sep 27 14:00:00 2011 vcizekAATTsuse.com
- fixed interaction with eDirectory (bnc#720620)

Fri Jun 24 14:00:00 2011 puzelAATTnovell.com
- update to 2.1.11
- see /usr/share/doc/packages/freeradius-server/ChangeLog
for complete list of changes in this release
- add freeradius-server-snprintf-overflow.patch
- use spec-cleaner

Tue May 24 14:00:00 2011 crrodriguezAATTopensuse.org
- Supress timestamps in binaries, breaks build-compare.

Mon Oct 4 14:00:00 2010 puzelAATTnovell.com
- update to 2.1.10
- see /usr/share/doc/packages/freeradius-server/ChangeLog
for complete list of changes in this release
- drop freeradius-server-2.1.6-edir-64bit.patch (fixed upstream)

Thu Sep 16 14:00:00 2010 pgajdosAATTsuse.cz
- radiusd reload after logrotate [bnc#634445]

Mon Jun 21 14:00:00 2010 puzelAATTnovell.com
- update to 2.1.9 (bnc#615699)
- bugfix release, for list of changes please see
/usr/share/doc/packages/freeradius-server/ChangeLog

Mon May 3 14:00:00 2010 puzelAATTnovell.com
- add freeradius-server-initscript-pidfile.patch
- handle /var/run on tmpfs

Sun Mar 21 13:00:00 2010 puzelAATTnovell.com
- specfile cleanup

Thu Mar 11 13:00:00 2010 puzelAATTnovell.com
- drop freeradius-server-2.1.6-ltdl.patch - not needed anymore
- clean up specfile
- remove bind-libs, zlib-devel from BuildRequires - not needed

Tue Mar 9 13:00:00 2010 puzelAATTnovell.com
- update to 2.1.8
- for full list of changes, please see
/usr/share/doc/packages/freeradius-server/ChangeLog
- drop freeradius-server-no-default-case.patch: fixed upstream

Thu Dec 17 13:00:00 2009 puzelAATTnovell.com
- update to 2.1.7
- for full list of changes, please see
/usr/share/doc/packages/freeradius-server/ChangeLog

Thu Oct 22 14:00:00 2009 puzelAATTnovell.com
- freeradius-server-no-default-case.patch (bnc#527742)

Thu Oct 15 14:00:00 2009 puzelAATTnovell.com
- freeradius-server-sha1-default.patch (bnc#546042)
- freeradius-server-fix-cert-bootstrap.patch (bnc#546041)

Fri Jun 19 14:00:00 2009 cooloAATTnovell.com
- disable as-needed for this package as it fails to build with it

Tue Jun 2 14:00:00 2009 puzelAATTsuse.cz
- updated to 2.1.6
o Feature improvements

* radclient exits with 0 on successful (accept / ack), and 1
otherwise (no response / reject)

* Added support for %{sql:UPDATE ..}, and insert/delete
Patch from Arran Cudbard-Bell

* Added sample \"do not respond\" policy. See raddb/policy.conf
and raddb/sites-available/do_not_respond

* Cleanups to Suse spec file from Norbert Wegener

* New VSAs for Juniper from Bjorn Mork

* Include more RFC dictionaries in the default install

* More documentation for the WiMAX module

* Added \"chase_referrals\" and \"rebind\" configuration to rlm_ldap.
This helps with Active Directory. See raddb/modules/ldap

* Don\'t load pre/post-proxy if proxying is disabled.

* Added %{md5:...}, which returns MD5 hash in hex.

* Added configurable \"retry_interval\" and \"poll_interval\"
for \"detail\" listeners.

* Added \"delete_mppe_keys\" configuration option to rlm_wimax.
Apparently some WiMAX clients misbehave when they see those keys.

* Added experimental rlm_ruby from
http://github.com/Antti/freeradius-server/tree/master

* Add Tunnel attributes to ldap.attrmap

* Enable virtual servers to be reloaded on HUP. For now, only
the \"authorize\", \"authenticate\", etc. processing sections are
reloaded. Clients and \"listen\" sections are NOT reloaded.

* Updated \"radwatch\" script to be more robust. See scripts/radwatch

* Added certificate compatibility notes in raddb/certs/README,
for compatibility with different operating systems. (i.e. Windows)
o Bug fixes

* Minor changes to allow building without VQP.

* Minor fixes from John Center

* Fixed raddebug example

* Don\'t crash when deleting attributes via unlang

* Be friendlier to very fast clients

* Updated the \"detail\" listener so that it only polls once,
and not many times in a row, leaking memory each time...

* Update comparison for Packet-Src-IP-Address (etc.) so that
the operators other than \'==\' work.

* Did autoconf magic to work around weird libtool bug

* Make rlm_perl keep tags for tagged attributes in more situations

* Update UID checking for radmin

* Added \"include_length\" field for TTLS. It\'s needed for RFC
compliance, but not (apparently) for interoperability.
- FreeRADIUS 2.1.5

* Release number skipped due to procedural issues.
- FreeRADIUS 2.1.4
o Feature improvements

* Permit multiple \"-e\" in radmin.

* Add support for originating CoA-Request and Disconnect-Request.
See raddb/sites-available/originate-coa.

* Added \"lifetime\" and \"max_queries\" to raddb/sql.conf.
This helps address the problem of hung SQL sockets.

* Allow packets to be injected via radmin. See \"inject help\"
in radmin.

* Answer VMPS reconfirmation request. Patch from Hermann Lauer.

* Sample logrotate script in scripts/logrotate.freeradius

* Add configurable poll interval for \"detail\" listeners

* New \"raddebug\" command. This prints debugging information from
a running server. See \"man raddebug.

* Add \"require_message_authenticator\" configuration to home_server
configuration. This makes the server add Message-Authenticator
to all outgoing Access-Request packets.

* Added smsotp module, as contributed by Siemens.

* Enabled the administration socket in the default install.
See raddb/sites-available/control-socket, and \"man radmin\"

* Handle duplicate clients, such as with replicated or
load-balanced SQL servers and \"readclients = yes\"
o Bug fixes

* Clean up control sockets when they are closed, so that we don\'t
leak memory.

* Define SUN_LEN for systems that don\'t have it.

* Correct some boundary conditions in the conditional checker (\"if\")
in \"unlang\". Bug noted by Arran Cudbard-Bell.

* Work around minor building issues in gmake. This should only
have affected developers.

* Change how we manage unprivileged user/group, so that we do not
create control sockets owned by root.

* Fixed more minor issues found by Coverity.

* Allow raddb/certs/bootstrap to run when there is no \"make\"
command installed.

* In radiusd.conf, run_dir depends on the name of the program,
and isn\'t hard-coded to \"..../radiusd\"

* Check for EOF in more places in the \"detail\" file reader.

* Added Freeswitch dictionary.

* Chop ethernet frames in VMPS, rather than droppping packets.

* Fix EAP-TLS bug. Patch from Arnaud Ebalard

* Don\'t lose string for regex-compares in the \"users\" file.

* Expose more functions in rlm_sql to rlm_sqlippool, which
helps on systems where RTLD_GLOBAL is off.

* Fix typos in MySQL schemas for ippools.

* Remove macro that was causing build issues on some platforms.

* Fixed issues with dead home servers. Bug noted by Chris Moules.

* Fixed \"access after free\" with some dynamic clients.

Thu Mar 26 13:00:00 2009 crrodriguezAATTsuse.de
- do not ship static modules


  
ICM