[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Fedora 9 Update: freeradius-2.1.6-2.fc9



--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-6466
2009-06-15 22:08:41
--------------------------------------------------------------------------------

Name        : freeradius
Product     : Fedora 9
Version     : 2.1.6
Release     : 2.fc9
URL         : http://www.freeradius.org/
Summary     : High-performance and highly configurable free RADIUS server
Description :
The FreeRADIUS Server Project is a high performance and highly configurable
GPL'd free RADIUS server. The server is similar in some respects to
Livingston's 2.0 server.  While FreeRADIUS started as a variant of the
Cistron RADIUS server, they don't share a lot in common any more. It now has
many more features than Cistron or Livingston, and is much more configurable.

FreeRADIUS is an Internet authentication daemon, which implements the RADIUS
protocol, as defined in RFC 2865 (and others). It allows Network Access
Servers (NAS boxes) to perform authentication for dial-up users. There are
also RADIUS clients available for Web servers, firewalls, Unix logins, and
more.  Using RADIUS allows authentication and authorization for a network to
be centralized, and minimizes the amount of re-configuration which has to be
done when adding or deleting new users.

--------------------------------------------------------------------------------
Update Information:

make /etc/raddb/sites-available/* be config(noreplace)   - update to latest
upstream release, from upstream Changelog:      Feature improvements        *
radclient exits with 0 on successful (accept / ack), and 1          otherwise
(no response / reject)        * Added support for %%{sql:UPDATE ..}, and
insert/delete          Patch from Arran Cudbard-Bell        * Added sample "do
not respond" policy.  See raddb/policy.conf          and raddb/sites-
available/do_not_respond        * Cleanups to Suse spec file from Norbert
Wegener        * New VSAs for Juniper from Bjorn Mork        * Include more RFC
dictionaries in the default install        * More documentation for the WiMAX
module        * Added "chase_referrals" and "rebind" configuration to rlm_ldap.
This helps with Active Directory.  See raddb/modules/ldap        * Don't load
pre/post-proxy if proxying is disabled.        * Added %%{md5:...}, which
returns MD5 hash in hex.        * Added configurable "retry_interval" and
"poll_interval"          for "detail" listeners.        * Added
"delete_mppe_keys" configuration option to rlm_wimax.          Apparently some
WiMAX clients misbehave when they see those keys.        * Added experimental
rlm_ruby from          http://github.com/Antti/freeradius-server/tree/master
* Add Tunnel attributes to ldap.attrmap        * Enable virtual servers to be
reloaded on HUP.  For now, only          the "authorize", "authenticate", etc.
processing sections are          reloaded.  Clients and "listen" sections are
NOT reloaded.        * Updated "radwatch" script to be more robust.  See
scripts/radwatch        * Added certificate compatibility notes in
raddb/certs/README,          for compatibility with different operating systems.
(i.e. Windows)        * Permit multiple "-e" in radmin.        * Add support for
originating CoA-Request and Disconnect-Request.          See raddb/sites-
available/originate-coa.        * Added "lifetime" and "max_queries" to
raddb/sql.conf.          This helps address the problem of hung SQL sockets.
* Allow packets to be injected via radmin.  See "inject help"          in
radmin.        * Answer VMPS reconfirmation request.  Patch from Hermann Lauer.
* Sample logrotate script in scripts/logrotate.freeradius        * Add
configurable poll interval for "detail" listeners        * New "raddebug"
command.  This prints debugging information from          a running server.  See
"man raddebug.        * Add "require_message_authenticator" configuration to
home_server          configuration.  This makes the server add Message-
Authenticator          to all outgoing Access-Request packets.        * Added
smsotp module, as contributed by Siemens.        * Enabled the administration
socket in the default install.          See raddb/sites-available/control-
socket, and "man radmin"        * Handle duplicate clients, such as with
replicated or          load-balanced SQL servers and "readclients = yes"
Bug fixes        * Minor changes to allow building without VQP.        * Minor
fixes from John Center        * Fixed raddebug example        * Don't crash when
deleting attributes via unlang        * Be friendlier to very fast clients
* Updated the "detail" listener so that it only polls once,          and not
many times in a row, leaking memory each time...        * Update comparison for
Packet-Src-IP-Address (etc.) so that          the operators other than '=='
work.        * Did autoconf magic to work around weird libtool bug        * Make
rlm_perl keep tags for tagged attributes in more situations        * Update UID
checking for radmin        * Added "include_length" field for TTLS.  It's needed
for RFC          compliance, but not (apparently) for interoperability.        *
Clean up control sockets when they are closed, so that we don't          leak
memory.        * Define SUN_LEN for systems that don't have it.        * Correct
some boundary conditions in the conditional checker ("if")          in "unlang".
Bug noted by Arran Cudbard-Bell.        * Work around minor building issues in
gmake.  This should only          have affected developers.        * Change how
we manage unprivileged user/group, so that we do not          create control
sockets owned by root.        * Fixed more minor issues found by Coverity.
* Allow raddb/certs/bootstrap to run when there is no "make"          command
installed.        * In radiusd.conf, run_dir depends on the name of the program,
and isn't hard-coded to "..../radiusd"        * Check for EOF in more places in
the "detail" file reader.        * Added Freeswitch dictionary.        * Chop
ethernet frames in VMPS, rather than droppping packets.        * Fix EAP-TLS
bug.  Patch from Arnaud Ebalard        * Don't lose string for regex-compares in
the "users" file.        * Expose more functions in rlm_sql to rlm_sqlippool,
which           helps on systems where RTLD_GLOBAL is off.        * Fix typos in
MySQL schemas for ippools.        * Remove macro that was causing build issues
on some platforms.        * Fixed issues with dead home servers.  Bug noted by
Chris Moules.        * Fixed "access after free" with some dynamic clients.    -
fix packaging bug, some directories missing execute permission
/etc/raddb/dictionary now readable by all.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun  2 2009 John Dennis <jdennis redhat com> - 2.1.6-2
- make /etc/raddb/sites-available/* be config(noreplace)
* Mon May 18 2009 John Dennis <jdennis redhat com> - 2.1.6-1
- update to latest upstream release, from upstream Changelog:
    Feature improvements
      * radclient exits with 0 on successful (accept / ack), and 1
        otherwise (no response / reject)
      * Added support for %{sql:UPDATE ..}, and insert/delete
        Patch from Arran Cudbard-Bell
      * Added sample "do not respond" policy.  See raddb/policy.conf
        and raddb/sites-available/do_not_respond
      * Cleanups to Suse spec file from Norbert Wegener
      * New VSAs for Juniper from Bjorn Mork
      * Include more RFC dictionaries in the default install
      * More documentation for the WiMAX module
      * Added "chase_referrals" and "rebind" configuration to rlm_ldap.
        This helps with Active Directory.  See raddb/modules/ldap
      * Don't load pre/post-proxy if proxying is disabled.
      * Added %{md5:...}, which returns MD5 hash in hex.
      * Added configurable "retry_interval" and "poll_interval"
        for "detail" listeners.
      * Added "delete_mppe_keys" configuration option to rlm_wimax.
        Apparently some WiMAX clients misbehave when they see those keys.
      * Added experimental rlm_ruby from
        http://github.com/Antti/freeradius-server/tree/master
      * Add Tunnel attributes to ldap.attrmap
      * Enable virtual servers to be reloaded on HUP.  For now, only
        the "authorize", "authenticate", etc. processing sections are
        reloaded.  Clients and "listen" sections are NOT reloaded.
      * Updated "radwatch" script to be more robust.  See scripts/radwatch
      * Added certificate compatibility notes in raddb/certs/README,
        for compatibility with different operating systems. (i.e. Windows)
      * Permit multiple "-e" in radmin.
      * Add support for originating CoA-Request and Disconnect-Request.
        See raddb/sites-available/originate-coa.
      * Added "lifetime" and "max_queries" to raddb/sql.conf.
        This helps address the problem of hung SQL sockets.
      * Allow packets to be injected via radmin.  See "inject help"
        in radmin.
      * Answer VMPS reconfirmation request.  Patch from Hermann Lauer.
      * Sample logrotate script in scripts/logrotate.freeradius
      * Add configurable poll interval for "detail" listeners
      * New "raddebug" command.  This prints debugging information from
        a running server.  See "man raddebug.
      * Add "require_message_authenticator" configuration to home_server
        configuration.  This makes the server add Message-Authenticator
        to all outgoing Access-Request packets.
      * Added smsotp module, as contributed by Siemens.
      * Enabled the administration socket in the default install.
        See raddb/sites-available/control-socket, and "man radmin"
      * Handle duplicate clients, such as with replicated or
        load-balanced SQL servers and "readclients = yes"

    Bug fixes
      * Minor changes to allow building without VQP.
      * Minor fixes from John Center
      * Fixed raddebug example
      * Don't crash when deleting attributes via unlang
      * Be friendlier to very fast clients
      * Updated the "detail" listener so that it only polls once,
        and not many times in a row, leaking memory each time...
      * Update comparison for Packet-Src-IP-Address (etc.) so that
        the operators other than '==' work.
      * Did autoconf magic to work around weird libtool bug
      * Make rlm_perl keep tags for tagged attributes in more situations
      * Update UID checking for radmin
      * Added "include_length" field for TTLS.  It's needed for RFC
        compliance, but not (apparently) for interoperability.
      * Clean up control sockets when they are closed, so that we don't
        leak memory.
      * Define SUN_LEN for systems that don't have it.
      * Correct some boundary conditions in the conditional checker ("if")
        in "unlang".  Bug noted by Arran Cudbard-Bell.
      * Work around minor building issues in gmake.  This should only
        have affected developers.
      * Change how we manage unprivileged user/group, so that we do not
        create control sockets owned by root.
      * Fixed more minor issues found by Coverity.
      * Allow raddb/certs/bootstrap to run when there is no "make"
        command installed.
      * In radiusd.conf, run_dir depends on the name of the program,
        and isn't hard-coded to "..../radiusd"
      * Check for EOF in more places in the "detail" file reader.
      * Added Freeswitch dictionary.
      * Chop ethernet frames in VMPS, rather than droppping packets.
      * Fix EAP-TLS bug.  Patch from Arnaud Ebalard
      * Don't lose string for regex-compares in the "users" file.
      * Expose more functions in rlm_sql to rlm_sqlippool, which 
        helps on systems where RTLD_GLOBAL is off.
      * Fix typos in MySQL schemas for ippools.
      * Remove macro that was causing build issues on some platforms.
      * Fixed issues with dead home servers.  Bug noted by Chris Moules.
      * Fixed "access after free" with some dynamic clients.

- fix packaging bug, some directories missing execute permission
  /etc/raddb/dictionary now readable by all.
* Tue Feb 24 2009 John Dennis <jdennis redhat com> - 2.1.3-4
- fix type usage in unixodbc to match new type usage in unixodbc API
* Thu Feb 19 2009 John Dennis <jdennis redhat com> - 2.1.3-3
- add pointer to Red Hat documentation in docdir
* Sat Jan 24 2009 Caolán McNamara <caolanm redhat com> - 2.1.3-2
- rebuild for dependencies
* Thu Dec  4 2008 John Dennis <jdennis redhat com> - 2.1.3-1
- upgrade to latest upstream release, upstream summary follows:
  The focus of this release is stability.
  Feature Improvements:
    * Allow running with "user=radiusd" and binding to secure sockets.
    * Start sending Status-Server "are you alive" messages earlier, which
      helps with proxying multiple realms to a home server.
    * Removed thread pool code from rlm_perl.  It's not necessary.
    * Added example Perl configuration to raddb/modules/perl
    * Force OpenSSL to support certificates with SHA256. This seems to be
      necessary for WiMAX certs.
  Bug fixes:
    * Fix Debian patch to allow it to build.
    * Fix potential NULL dereference in debugging mode on certain
      platforms for TTLS and PEAP inner tunnels.
    * Fix uninitialized memory in handling of vendor definitions
    * Fix parsing of quoted (but non-string) attributes in the "users" file.
    * Initialize uknown NAS IP to 255.255.255.255, rather than 0.0.0.0
    * use SUN_LEN in control socket, to avoid truncation on some platforms.
    * Correct internal handling of "debug condition" to prevent it from
      being over-written.
    * Check return code of regcomp in "unlang", so that invalid regular
      expressions are caught rather than mishandled.
    * Make rlm_sql use <ltdl.h>.  Addresses bug #610.
    * Document list "type = status" better.  Closes bug #580.
    * Set "default days" for certificates, because OpenSSL won't do it.
      This closes bug #615.
    * Reference correct list in example raddb/modules/ldap. Closes #596.
    * Increase default schema size for Acct-Session-Id to 64. Closes #540.
    * Fix use of temporary files in dialup-admin.  Closes #605 and
      addresses CVE-2008-4474.
    * Addressed a number of minor issues found by Coverity.
    * Added DHCP option 150 to the dictionary.  Closes #618.
* Wed Dec  3 2008 John Dennis <jdennis redhat com> - 2.1.1-8
- add --with-system-libtool to configure as a workaround for
undefined reference to lt__PROGRAM__LTX_preloaded_symbols
* Mon Dec  1 2008 John Dennis <jdennis redhat com> - 2.1.1-7
- add obsoletes tag for dialupadmin subpackages which were removed
* Mon Dec  1 2008 John Dennis <jdennis redhat com> - 2.1.1-5
- add readline-devel BuildRequires
* Fri Nov 21 2008 John Dennis <jdennis redhat com> - 2.1.1-3
- make spec file buildable on RHEL5.2 by making perl-devel a fedora only dependency.
- remove diaupadmin packages, it's not well supported and there are problems with it.
* Fri Sep 26 2008 John Dennis <jdennis redhat com> - 2.1.1-1
- Resolves: bug #464119 bootstrap code could not create initial certs in /etc/raddb/certs because
  permissions were 750, radiusd running as euid radiusd could not write there, permissions now 770
* Thu Sep 25 2008 John Dennis <jdennis redhat com> - 2.1.1-1
- upgrade to new upstream 2.1.1 release
* Wed Jul 30 2008 John Dennis <jdennis redhat com> - 2.0.5-2
- Resolves: bug #453761: FreeRADIUS %post should not include chown -R
  specify file attributes for /etc/raddb/ldap.attrmap
  fix consistent use of tabs/spaces (rpmlint warning)
* Mon Jun  9 2008 John Dennis <jdennis redhat com> - 2.0.5-1
- upgrade to latest upstream, see Changelog for details,
  upstream now has more complete fix for bug #447545, local patch removed
* Wed May 28 2008 John Dennis <jdennis redhat com> - 2.0.4-1
- upgrade to latest upstream, see Changelog for details
- resolves: bug #447545: freeradius missing /etc/raddb/sites-available/inner-tunnel
* Fri May 16 2008 <jdennis redhat com> - 2.0.3-3
- # Temporary fix for bug #446864, turn off optimization
* Fri Apr 18 2008 John Dennis <jdennis redhat com> - 2.0.3-2
- remove support for radrelay, it's different now
- turn off default inclusion of SQL config files in radiusd.conf since SQL
  is an optional RPM install
- remove mssql config files
* Thu Apr 17 2008 John Dennis <jdennis redhat com> - 2.0.3-1
- Upgrade to current upstream 2.0.3 release
- Many thanks to Enrico Scholz for his spec file suggestions incorporated here
- Resolve: bug #438665: Contains files owned by buildsystem
- Add dialupadmin-mysql, dialupadmin-postgresql, dialupadmin-ldap subpackages
  to further partition external dependencies.
- Clean up some unnecessary requires dependencies
- Add versioned requires between subpackages
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update freeradius' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]