Changelog for
freeradius-server-ldap-3.0.3-3.1.x86_64.rpm :
Sun Aug 3 14:00:00 2014 sfalkenAATTopensuse.org
- added patch to changelog to fix factory-auto failure (Req #242825)
added:
freeradius-server-var_run.patch
Mon Jul 28 14:00:00 2014 vcizekAATTsuse.com
- fixed SUSE spelling in a filename (bnc#889034)
* don\'t install suse/README.SuSE
- remove old tarball and signature file
Tue Jul 22 14:00:00 2014 vcizekAATTsuse.com
- spec run through spec-cleaner
- don\'t install files to /var/run
Fri May 16 14:00:00 2014 vcizekAATTsuse.com
- update to 3.0.3
Many bugfixes
Feature improvements
* Everything now builds with no warnings from the C compiler,
clang static analyzer, or cppcheck.
* rlm_ldap now supports defining the LDAP attribute name via
backticked expansion (i.e. shell command) in
RADIUS <-> LDAP mappings.
* rlm_ldap now supports older style generic attributes.
* dynamic expansions (e.g. \"%{expr:1 + 2}\" are now parsed
when the server starts. Syntax errors in the strings
are caught, and a descriptive error is printed.
* Static regular expressions (e.g. /a
*b/) are now parsed
when the server starts. Syntax errors in the strings
are caught, and a descriptive error is printed.
* dynamic expansions are cached after being parsed. They are
no longer re-parsed at run-time for every request.
* regular expressions are now parsed and cached when the server
starts.
* Added the %{rest:} expansion to rlm_rest, which will send
a GET request to the URL passed as the format string.
Any body text will be written to the expansion buffer.
* rlm_rest now available as a debian package.
* When an \'if\' condition statically evaluates to true/false,
unlang does more static optimization. For examples, see
src/tests/keywords/if-skip
* All modules are marked as safe for \'-C\', which lets the
dynamic expansion checks work in more situations.
* Added \'none\' and \'custom\' rlm_rest body types. \'custom\'
allows sending of arbitrary expanded text and content-type
headers.
* Added \"config\" section to Perl. See mods-available/perl
* Added \'%v\' which expands to the server version - Patch
from Alan Buxey.
* more mis-matched casts are caught in \"if\" conditions,
and descriptive errors are printed.
* Support basic response validation in radclient. This allows
administrators to write local test cases for their
site-specific configurations.
* Removed radconf2xml and radmin \"show client config\" and
\"show home_server config\".
* Forbid running with vulnerable versions of OpenSSL.
See \"allow_vulnerable_openssl\" in the \"security\"
subsection of \"radiusd.conf\"
* Catch underlying \"heartbleed\" problem, so that nothing bad
happens even when using a vulnerable version of OpenSSL.
* Add locking API for sql_null, linelog, and detail modules,
which should improve performance and work around issues
on platforms with bad file locking.
* Allow DHCP NAKs to be delayed, via setting
reply:FreeRADIUS-Response-Delay = 1
* Allow tag and array references anywhere attributes
are allowed in \"unlang\".
* many enhancements to radsniff, including output
to collectd, ipv6 support and packet loss statistics.
* Many dictionary updates (ZTE, Brocade, Motorola).
* rlm_yubikey now automatically splits passwords from OTP
strings.
* The detail file reader is now threaded by default.
This should improve performance reading the files.
- dropped freeradius-server-CVE-2014-2015.patch (upstream)
Fri Feb 28 13:00:00 2014 vcizekAATTsuse.com
- fix for CVE-2014-2015 (bnc#864576)
* denial of service in rlm_pap hash processing
* added freeradius-server-CVE-2014-2015.patch
Wed Jan 29 13:00:00 2014 vcizekAATTsuse.com
- remove the old 3.0.0 sources
Sat Jan 25 13:00:00 2014 mardnhAATTgmx.de
- update to 3.0.1
Feature improvements
* Add \"timeout\" to exec, and \"ntlm_auth_timeout\" to mschap.
So that run-away child processes are caught earlier.
* Allow TLS clients to use \"proto = tls\", in which case
TLS is required. The shared secret is then set to \"radsec\".
* More documentation in the tls virtual server.
* Add \"date\" module for date formatting.
See raddb/mods-available/date.
* Added unit test suite for internal server functionality
* When loading \"update\" sections, check if the RHS is a literal
value. If so, syntax check it immediately.
* Update LDAP module documentation and functionality.
The generic attribute can now update lists.
* Updated dictionary.extreme.
* Update sqlippool to do clears as a separate transaction,
and at most once per second. This should help MySQL.
* Respect control:Response-Packet-Type for all types of
requests.
* Add support for SSL encryption to the MySQL driver.
* Allow arbitrary connection parameters to be used with the
PostgreSQL driver.
* Changes to the OpenLDAP schema to fully expose functionality
of the new LDAP module.
* Update debian packaging to include a freeradius-config
package. This package may be provided as a site local
package to avoid fighting with the preinstalled config
files.
Bug fixes
* Use correct field for ARP setting in DHCP.
* Fix crash on debug condition (#454).
* Fix a number of minor issues caught by the clang
analyzer.
* Set WARNING messages to yellow instead of normal text.
* Correct debug colorise logic. Patch from Phil Mayers.
* Encode attributes of type \"ethernet\". No one uses them,
but it makes sense.
* Work around regex initialization issues.
* Fix build when linking against OpenSSL.
* Print IDs as positive numbers, which helps for large DHCP
XIDs.
* Fix issue with sql_ippool.
* sqlcounter now uses 64-bit counters, to deal with 4G overflow.
* Fix issues with DHCP subsystem.
* Don\'t build / install disabled modules, or their config
files.
* Fix build for OSX Mavericks, which hid the header files
in a magical place.
* Fix LEAP buffer issue. You should still avoid LEAP.
* Mark \"unknown\" WiMAX attributes as being WiMAX.
* Fix typo in packet decoder for fragmented extended attrs
* RPM spec fixes.
* Fix rlm_perl build issues when not using threads.
* Enable %{Response-Packet-Type} again.
* Update configuration file parser to handle \"bool\"
consistently.
* Update declarations of global boolean variables to use
\"bool\" consistently. This fixes an issue where some
modules were instantiated in \"config check\" mode and
did not work correctly.
* Make more messages debug instead of info, to avoid
polluting the logs with messages that can\'t be fixed.
* Set operator in internal unlang code to suppress spurious
warning messages.
* Fix debian packaging.
* Added \"status\" to Debian init script.
* Fix \"update outer.request\" to update the outer request.
* Don\'t print TLS debugging messages when not in debug mode.
* Correctly manage counters for \"limit\" sections of TCP / TLS
\"listen\" sockets.
* Fix libldap debug output.
* Fix rlm_ldap tls functionality.
* Initialise OpenSSL globals early to avoid issues with the
PostgreSQL library.
* Fix typo in sqlcounter expansion code. Fixes #463
* Overwrite previous instances of SQL-User-Name when adding
it to the request.
* Work around bugs in both MIT and heimdal versions of
krb5_copy_context(), which caused segfaults in
multithreaded mode.
* Provide meaningful error messages if Heimdal krb5 is used.
* Fix attribute supression in rlm_detail.
* Exit with error code if child fails to complete server
initialisation after forking. This allows init scripts to
correctly report whether the server started ok.
Mon Oct 21 14:00:00 2013 vcizekAATTsuse.com
- don\'t build with experimental modules
- fix packaging bugs:
* install init scripts only on <= 11.4
* install systemd unit
* add %defattr for submodules
Tue Oct 15 14:00:00 2013 vcizekAATTsuse.com
- update to 3.0.0
* new feature release
* see /usr/share/doc/packages/freeradius-server/ChangeLog
for complete list of changes in this release
* documentation for upgrading from 2.x is in /etc/raddb/README.rst
- drop oracle support (wasn\'t built anyway)
- dropped patches (obsolete):
* freeradius-server-2.1.6-codecleanup.patch
* freeradius-server-2.1.6-dialup_admin.patch
* freeradius-server-2.1.1-edirectory.patch
- added systemd service unit
* radiusd.service
- added systemd-tmpfile for /var/run/radiusd
* freeradius-tmpfiles.conf
- added gpg-offline verification
* freeradius-server.keyring
Thu Sep 5 14:00:00 2013 mlsAATTsuse.de
- add libperl_requires, as we link against libperl and thus
need a specific version of perl
Thu Mar 14 13:00:00 2013 vcizekAATTsuse.com
- fixed a bug in the logrotate script (bnc#797292)
Mon Oct 1 14:00:00 2012 vcizekAATTsuse.com
- files in sites-available/ are now %config(noreplace) [bnc#781756]
Mon Sep 10 14:00:00 2012 vcizekAATTsuse.com
- update to 2.2.0
- see /usr/share/doc/packages/freeradius-server/ChangeLog
for complete list of changes in this release
- fixes CVE-2012-3547 (bnc#777834)
- dropped freeradius-server-2.1.6-overflow.patch (upstream)
- dropped freeradius-server-sha1-default.patch (upstream)
- refreshed freeradius-server-fix-cert-bootstrap.patch
Mon May 28 14:00:00 2012 vcizekAATTsuse.com
- Use the new \'su\' logrotate option (bnc#677335)
Mon May 14 14:00:00 2012 joop.boonenAATTopensuse.org
- Enable the same CFLAGS as for other hardware
Wed Oct 19 14:00:00 2011 vcizekAATTsuse.com
- update to 2.1.12
Feature improvements
* Updates to dictionary.erx, dictionary.siemens, dictionary.starent,
dictionary.starent.vsa1, dictionary.zyxel, added dictionary.symbol
* Added support for PCRE from Phil Mayers
* Configurable file permission in rlm_linelog
* Added \"relaxed\" option to rlm_attr_filter. This copies attributes
if at least one match occurred.
* Added documentation on dynamic clients.
See raddb/modules/dynamic_clients.
* Added support for elliptical curve cryptography.
See ecdh_curve in raddb/eap.conf.
* Added support for 802.1X MIBs in checkrad
* Added support for %{rand:...}, which generates a uniformly
distributed number between 0 and the number you specify.
* Created \"man\" pages for all installed commands, and documented
options for all commands. Patch from John Dennis.
* Allow radsniff to decode encrypted VSAs and CoA packets.
Patch from Bjorn Mork.
* Always send Message-Authenticator in radtest. Patch from John Dennis.
radclient continues to be more flexible.
* Updated Oracle schema and queries
* Added SecurID module. See src/modules/rlm_securid/README
Bug fixes
* Fix memory leak in rlm_detail
* Fix \"failed to insert event\"
* Allow virtual servers to be reloaded on HUP.
It no longer complains about duplicate virtual servers.
* Fix %{string:...} expansion
* Fix \"server closed socket\" loop in radmin
* Set ownership of control socket when starting up
* Always allow root to connect to control socket, even if
\"uid\" is set. They\'re root. They can already do anything.
* Save all attributes in Access-Accept when proxying inner-tunnel
EAP-MSCHAPv2
* Fixes for DHCP relaying.
* Check certificate validity when using OCSP.
* Updated Oracle \"configure\" script
* Fixed typos in dictionary.alvarion
* WARNING on potential proxy loop.
* Be more aggressive about clearing old requests from the
internal queue
* Don\'t open network sockets when using -C
- freeradius-server-snprintf-overflow.patch merged in upstream
Tue Sep 27 14:00:00 2011 vcizekAATTsuse.com
- fixed interaction with eDirectory (bnc#720620)
Fri Jun 24 14:00:00 2011 puzelAATTnovell.com
- update to 2.1.11
- see /usr/share/doc/packages/freeradius-server/ChangeLog
for complete list of changes in this release
- add freeradius-server-snprintf-overflow.patch
- use spec-cleaner
Tue May 24 14:00:00 2011 crrodriguezAATTopensuse.org
- Supress timestamps in binaries, breaks build-compare.
Mon Oct 4 14:00:00 2010 puzelAATTnovell.com
- update to 2.1.10
- see /usr/share/doc/packages/freeradius-server/ChangeLog
for complete list of changes in this release
- drop freeradius-server-2.1.6-edir-64bit.patch (fixed upstream)
Thu Sep 16 14:00:00 2010 pgajdosAATTsuse.cz
- radiusd reload after logrotate [bnc#634445]
Mon Jun 21 14:00:00 2010 puzelAATTnovell.com
- update to 2.1.9 (bnc#615699)
- bugfix release, for list of changes please see
/usr/share/doc/packages/freeradius-server/ChangeLog
Mon May 3 14:00:00 2010 puzelAATTnovell.com
- add freeradius-server-initscript-pidfile.patch
- handle /var/run on tmpfs
Sun Mar 21 13:00:00 2010 puzelAATTnovell.com
- specfile cleanup
Thu Mar 11 13:00:00 2010 puzelAATTnovell.com
- drop freeradius-server-2.1.6-ltdl.patch - not needed anymore
- clean up specfile
- remove bind-libs, zlib-devel from BuildRequires - not needed
Tue Mar 9 13:00:00 2010 puzelAATTnovell.com
- update to 2.1.8
- for full list of changes, please see
/usr/share/doc/packages/freeradius-server/ChangeLog
- drop freeradius-server-no-default-case.patch: fixed upstream
Thu Dec 17 13:00:00 2009 puzelAATTnovell.com
- update to 2.1.7
- for full list of changes, please see
/usr/share/doc/packages/freeradius-server/ChangeLog
Thu Oct 22 14:00:00 2009 puzelAATTnovell.com
- freeradius-server-no-default-case.patch (bnc#527742)
Thu Oct 15 14:00:00 2009 puzelAATTnovell.com
- freeradius-server-sha1-default.patch (bnc#546042)
- freeradius-server-fix-cert-bootstrap.patch (bnc#546041)
Fri Jun 19 14:00:00 2009 cooloAATTnovell.com
- disable as-needed for this package as it fails to build with it
Tue Jun 2 14:00:00 2009 puzelAATTsuse.cz
- updated to 2.1.6
o Feature improvements
* radclient exits with 0 on successful (accept / ack), and 1
otherwise (no response / reject)
* Added support for %{sql:UPDATE ..}, and insert/delete
Patch from Arran Cudbard-Bell
* Added sample \"do not respond\" policy. See raddb/policy.conf
and raddb/sites-available/do_not_respond
* Cleanups to Suse spec file from Norbert Wegener
* New VSAs for Juniper from Bjorn Mork
* Include more RFC dictionaries in the default install
* More documentation for the WiMAX module
* Added \"chase_referrals\" and \"rebind\" configuration to rlm_ldap.
This helps with Active Directory. See raddb/modules/ldap
* Don\'t load pre/post-proxy if proxying is disabled.
* Added %{md5:...}, which returns MD5 hash in hex.
* Added configurable \"retry_interval\" and \"poll_interval\"
for \"detail\" listeners.
* Added \"delete_mppe_keys\" configuration option to rlm_wimax.
Apparently some WiMAX clients misbehave when they see those keys.
* Added experimental rlm_ruby from
http://github.com/Antti/freeradius-server/tree/master
* Add Tunnel attributes to ldap.attrmap
* Enable virtual servers to be reloaded on HUP. For now, only
the \"authorize\", \"authenticate\", etc. processing sections are
reloaded. Clients and \"listen\" sections are NOT reloaded.
* Updated \"radwatch\" script to be more robust. See scripts/radwatch
* Added certificate compatibility notes in raddb/certs/README,
for compatibility with different operating systems. (i.e. Windows)
o Bug fixes
* Minor changes to allow building without VQP.
* Minor fixes from John Center
* Fixed raddebug example
* Don\'t crash when deleting attributes via unlang
* Be friendlier to very fast clients
* Updated the \"detail\" listener so that it only polls once,
and not many times in a row, leaking memory each time...
* Update comparison for Packet-Src-IP-Address (etc.) so that
the operators other than \'==\' work.
* Did autoconf magic to work around weird libtool bug
* Make rlm_perl keep tags for tagged attributes in more situations
* Update UID checking for radmin
* Added \"include_length\" field for TTLS. It\'s needed for RFC
compliance, but not (apparently) for interoperability.
- FreeRADIUS 2.1.5
* Release number skipped due to procedural issues.
- FreeRADIUS 2.1.4
o Feature improvements
* Permit multiple \"-e\" in radmin.
* Add support for originating CoA-Request and Disconnect-Request.
See raddb/sites-available/originate-coa.
* Added \"lifetime\" and \"max_queries\" to raddb/sql.conf.
This helps address the problem of hung SQL sockets.
* Allow packets to be injected via radmin. See \"inject help\"
in radmin.
* Answer VMPS reconfirmation request. Patch from Hermann Lauer.
* Sample logrotate script in scripts/logrotate.freeradius
* Add configurable poll interval for \"detail\" listeners
* New \"raddebug\" command. This prints debugging information from
a running server. See \"man raddebug.
* Add \"require_message_authenticator\" configuration to home_server
configuration. This makes the server add Message-Authenticator
to all outgoing Access-Request packets.
* Added smsotp module, as contributed by Siemens.
* Enabled the administration socket in the default install.
See raddb/sites-available/control-socket, and \"man radmin\"
* Handle duplicate clients, such as with replicated or
load-balanced SQL servers and \"readclients = yes\"
o Bug fixes
* Clean up control sockets when they are closed, so that we don\'t
leak memory.
* Define SUN_LEN for systems that don\'t have it.
* Correct some boundary conditions in the conditional checker (\"if\")
in \"unlang\". Bug noted by Arran Cudbard-Bell.
* Work around minor building issues in gmake. This should only
have affected developers.
* Change how we manage unprivileged user/group, so that we do not
create control sockets owned by root.
* Fixed more minor issues found by Coverity.
* Allow raddb/certs/bootstrap to run when there is no \"make\"
command installed.
* In radiusd.conf, run_dir depends on the name of the program,
and isn\'t hard-coded to \"..../radiusd\"
* Check for EOF in more places in the \"detail\" file reader.
* Added Freeswitch dictionary.
* Chop ethernet frames in VMPS, rather than droppping packets.
* Fix EAP-TLS bug. Patch from Arnaud Ebalard
* Don\'t lose string for regex-compares in the \"users\" file.
* Expose more functions in rlm_sql to rlm_sqlippool, which
helps on systems where RTLD_GLOBAL is off.
* Fix typos in MySQL schemas for ippools.
* Remove macro that was causing build issues on some platforms.
* Fixed issues with dead home servers. Bug noted by Chris Moules.
* Fixed \"access after free\" with some dynamic clients.
Thu Mar 26 13:00:00 2009 crrodriguezAATTsuse.de
- do not ship static modules