![[BACK]](/icons/back.gif){kind=icon}
Up to [NetBSD + pkgsrc-wip] / pkgsrc / net / freeradius
Request diff between arbitrary revisions - Display revisions graphically
Keyword substitution: kv
Default branch: MAIN
Recursive dependency bump for databases/gdbm ABI_DEPENDS change.
Recursive bump from gdbm shlib bump.
Follow HTTP redirects to new HOMEPAGEs and/or MASTER_SITES.
Changes 1.1.8: Bug fixes: Fix crash (memcpy with length -1) when invalid Tunnel-Password attributes are received.
Pullup previous changes on HEAD to pkgsrc-2010Q2 branch to fix branching error, and to sync with reality.
DESTDIR support
Properly link libradius.
Recursive PKGREVISION bump for jpeg update to 8.
Bump revisions for libltdl update.
Give up MAINTAINER
Mark packages as MAKE_JOBS_SAFE=no that failed in a bulk build with MAKE_JOBS=2 and worked without.
Add CONFLICTS for upcoming freeradius 2.x import
Per the process outlined in revbump(1), perform a recursive revbump on packages that are affected by the switch from the openssl 0.9.7 branch to the 0.9.8 branch. ok jlam@
Remove Ex-MASTER_SITE. From Zafer Aydogan.
Fix builds on Solaris using the SunPRO compiler. This should fix PR# 36186. Also do some pkglintification while we are here.
Update to 1.1.7 Feature Improvements * Updated LDAP documentation. * Added note on DH parameters in eap.conf, and debugging messages which complain if DH is used, but not configured properly. * Updated the Mikrotik dictionary. Added a note that the sample dictionary they supply is broken. * Output more information on blocked threads, which should help narrow down which modules is causing the problem. * Added more eDirectory support. * rlm_ldap now prints out attributes in the standard format * Enabled server-side handling of procedures in MySQL Bug Fixes * Added NT-Hash support for mschap_xlat. * Corrected documentation to point to correct location of files. * Checks for more recent FreeBSD versions. * uses -DLDAP_DEPRECATED to avoid OpenLDAP crashes. * Use correct value for authentication name in rlm_mschap. * Fix over-ride for usernames when use_tunneled_reply = yes.
Make it easier to build and install packages "unprivileged", where
the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
Update to 1.1.6 Feature Improvements * Added more dictionaries Bug Fixes * Corrected typo in rlm_pap.c (closes #440) * Corrected typo in src/main/auth.c (closes #437) * Suppress SSL error messages if error is zero. (closes #436) * Don't complain about "Error in read client certificate A" if we expect to read it in the next packet. Fix based on patch by Dan Lukes. * Corrected nearly 30 bugs found by Coverity See also http://scan.coverity.com * Don't die on HUP. Instead leak memory (sorry). After a few hundred HUP's, the server will have leaked a few megabytes of memory, and you should probably re-start it. It's ugly, but better than dying. (Closes #426) * Corrected a few double free's * Corrected typo in radrelay, which prevented it from working * Made Firebird module build * Fixed bug in PostgreSQL module that caused server crash. * Fixed bug in SQL module that could cause server to crash.
Update to 1.1.5 2006.03.05 Version 1.1.5 has been released. The focus of this release is stability. Feature Improvements * Added more dictionaries * Dictionary files now MUST NOT be globally writable. * Configuration files now MUST NOT be globally writable. * Be more aggressive about freeing memory on clean exit. * Updated rlm_python. * Added another experimental SQL IP Pool module Bug Fixes * Corrected base64 decoding in rlm_pap * Don't retransmit accounting packets. The NAS should do this. * Handle Client-Error in EAP-SIM. (Closes #419) * Port OpenSSL locking fixes from CVS head. This makes PEAP more stable on i some systems. * Require Message-Authenticator in Status-Server packets. * Correct Tunnel-Medium-Type VALUEs in dictionary.rfc2868. * Increase buffer size for dynamic expansion, which allows longer SQL queries. (Closes #405) * Use correct line number when there's a parse error in one of the configuration sections. (Closes #421) * Terminate SSL sessions in EAP on error, rather than continuing in some cases. * Increase buffer size to allow parsing of long octet strings, * Fix string termination on xlat in rlm_perl.
Whitespace cleanup, courtesy of pkglint. Patch provided by Sergey Svishchev in private mail.
Update to 1.1.4 * Major enhancements to rlm_pap, that make "encryption_scheme" a think of the past. See "man rlm_pap" for details. * Added SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS flag to use work-arounds that enable Windows Vista clients to work. * Added preliminary code to support Firebird. Use at your own risk! * Send MS-CHAP2-Success, which makes EAP-TTLS/MSCHAP work on more platforms. * Add a new "reply-name" directive in rlm_sqlcounter to define the name of the reply attribute. * Added more dictionaries and attributes * Print ntlm_auth failure reason in Module-Failure-Message * radsqlrelay is able to get the DB password from a file instead of command line. Bug fixes * Fix a parse error in the digest module, where malformed digest requests would result in the user being accepted. Oops... * VALUEs can only be defined for 'integer', to catch mistakes with setting VALUEs for type 'string'. * Better parsing of VALUE names, so that values starting with a digit work correctly. * Check return from malloc * Fix a double free() in rlm_eap_tls.c * Check return code of malloc() during initialization. * Fix a corner case where the proxy port isn't set either in radiusd.conf or in proxy.conf.
Update to 1.1.3: This version has been released to fix build issues in 1.1.2. The build tools (autoconf, libtool, libltld) have been upgraded to a recent version, and the server now builds "out of the box" on more platforms. Other fixes include: * More dictionary updates * Oracle support for radsqlrelay * Security and portability fixes to rlm_otp * Experimental module to store IP's in an SQL table. * Miscellaneous bug fixes
Add an extra MESSAGE if the user has selected to compile freeradius with PAM support. From discussions with John Nemeth.
Default to running radiusd as a non-root user bump to nb2
Add in PAM support Fix mySQL PLIST Fix all PLISTs to avoid a nightmare when the nb number is changed Bump to nb1
Update to 1.1.2 * Updated dictionaries (as always), * Extended Ascend "abinary" support for Juniper, * Configurable "cipher_list" for EAP methods that use TLS, * Additional checks on cert issuer validation for EAP methods that use TLS, * SQL IODBC bug fixes, * Updates to the LDAP module, * Better catching of errors in the config files, * Miscellaneous other fixes In addition to this add an extra option to options.mk which is "freeradius-simul-use". This will enable Simultaneous-Use and is enabled by default. If you disable it freeradius can be built without depending on the net-snmp package. Original idea from John Nemeth.
pkglintification Add kerberos support - Patch from Kevin Sullivan in PR #33732 Bump to nb4
LIBTOOL_OVERRIDE generally doesn't need to be specified anymore... just set OVERRIDE_DIRDEPTH to find any libtool scripts deeper in the WRKSRC tree unless they're named something other than "libtool". SHLIBTOOL_OVERRIDE generally doesn't need to be specified either -- just define it to the empty list and shlibtool-override will look for libtool scripts.
Add missing files to PLIST. Fix interpreter path in bin/radsqlrelay. Bump revision.
Over 1200 files touched but no revisions bumped :) RECOMMENDED is removed. It becomes ABI_DEPENDS. BUILDLINK_RECOMMENDED.foo becomes BUILDLINK_ABI_DEPENDS.foo. BUILDLINK_DEPENDS.foo becomes BUILDLINK_API_DEPENDS.foo. BUILDLINK_DEPENDS does not change. IGNORE_RECOMMENDED (which defaulted to "no") becomes USE_ABI_DEPENDS which defaults to "yes". Added to obsolete.mk checking for IGNORE_RECOMMENDED. I did not manually go through and fix any aesthetic tab/spacing issues. I have tested the above patch on DragonFly building and packaging subversion and pkglint and their many dependencies. I have also tested USE_ABI_DEPENDS=no on my NetBSD workstation (where I have used IGNORE_RECOMMENDED for a long time). I have been an active user of IGNORE_RECOMMENDED since it was available. As suggested, I removed the documentation sentences suggesting bumping for "security" issues. As discussed on tech-pkg. I will commit to revbump, pkglint, pkg_install, createbuildlink separately. Note that if you use wip, it will fail! I will commit to pkgsrc-wip later (within day).
Use libtool PLIST handling, it works now. Add some missing symlinks for libtool archives, remove the .a and .so entries. Bump revision. Add DragonFly detection for shared libraries. Always try to find -lssl with -lcrypto, unbreaking the test at least on DragonFly, but should not harm elsewhere.
Fix typo which resulted in a failed install. Issue found by Wolfgang Solfrank.
Remove some old hacks that are no longer needed Use our libtool Update to 1.1.1 Fixes security issue (DoS): http://secunia.com/advisories/19300/ > Security fixes > * Additional state checking in the EAP-MSCHAPv2 module. > Bug found by Steffen Schuster. > > Feature improvements > * More dictionary updates > * Additional tests and fixes for Digest module from Phillipe Sultan. > * Add new "phone" response mode to rlm_otp/cryptocard. > * Put the eap sessions into a tree, so that looking them up is very > fast, and no longer O(n) in the number of sessions. > * Install the schema examples for a set of backends with the rest > of the documentation. > * Add support for xlat expansion of attributes from LDAP. > > Bug fixes > * Fix rlm_perl crash. (closes: #348) > * Fix handling of CoA-Request packets (close #344). Also correct > name of CoA packets. > * Fix an error on x86_64 machines when reading dictionaries. > (closes: #312) > * Fix compilation errors on FreeBSD and NetBSD because of rlm_otp > module. (closes: #314 #328) > * Workaround Cisco bug in State attribute handling in rlm_otp. > * Support LP64 for async mode in rlm_otp. > * Fix libtool problems on Debian with rlm_eap_peap and rlm_eap_ttls > modules. (closes: #75) > * Make "use_tunneled_reply" work properly for PEAP. > * Copy the whole string when getting a one-to-one-mapped attribute > from LDAP (closes: #261) > * Fix net-snmp's ucd-snmp compatibility mode.
Recursive revision bump / recommended bump for gettext ABI change.
Update to 1.1.0
> FreeRADIUS 1.1.0 ; $Date: 2006/01/04 05:55:19 $, urgency=low
> Feature improvements
> * rlm_ldap has "set_auth_type" configuration option, which should
> address some configuration problems when using it.
> * Fix MIT Kerberos bug
> * Modules can be load balanced, both in isolation and redundantly.
> See doc/load-balance.txt for more information.
> * rlm_perl is now marked "stable"
> * N-tier certificate patch from Mohammed Petiwala.
> * Copied dictionaries from the CVS head (many, many, more vendors)
> * Enabled support for weird VSA formats, like Lucent and Starent.
> * Support encrypted IP address and integers, for Juniper clients.
> * Add PEAP machine authentication support in module "rlm_mschap".
> * Support User-Password field encryption in digest mode.
> * rlm_x99_token has become rlm_otp (with lots of changes).
> * Add rlm_sqlcounter to the list of stable modules.
> * Read MySQL specific options in sections [freeradius] and [client]
> from file "my.cnf".
> * Support the ${Cisco-AVPair[n]} syntax.
> * Execute modules in {Pre,Post}-Proxy-Type stanzas.
> * Add new options to radclient to run stress tests on the server.
> * New module "rlm_sql_log" to postpone the storage of accounting data
> in a SQL database. See rlm_sql_log(5) manpage.
> * New program "radsqlrelay" which sends the SQL logfile according to
> the SQL server's capabilities.
>
> Bug fixes
> * 306 (HUP when built with threads, but executed with -s)
> * 285 (more attributes in dictionary.cisco.vpn3000)
> * rlm_digest has a number of bug fixes to authentication types.
> * Don't leak memory in module "rlm_sql".
> * Update the dictionaries, so that VALUEs with the same name,
> but different numbers, aren't allowed.
> * Queue the request before looking for available threads.
> * Don't free the check items after we received the proxy reply.
> * Expand config variables in included files, too.
> * Check the return value of accounting modules and don't proxy
> invalid requests.
> * In rlm_passwd, don't close a file stream more than once.
> * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic.
> * Walk the whole string in when escaping strings in rlm_ldap.
> * Include crypt.h if it is available so we get a prototype for crypt(),
> spotted by Konstantin Kubatkin.
> * Removed (for almost all uses) length restrictions on vendor names
> and VALUE names.
> * Don't leak memory when proxying an Access-Challenge response.
> * Make the sleep time user-defined, so radrelay can send more than
> 7 requests/s.
> * Fix a memory leak in rlm_checkval.
> * radclient doesn't resend countless times packets with invalid
> signature.
> * Fix segfault and mem leak in rlm_pam.
Bump PKGREVISION due to mysql.buildlink3.mk changes (default mysql pkg has been changed to 5.x). Reminded by wiz... thanks.
Remove USE_PKGINSTALL from pkgsrc now that mk/install/pkginstall.mk automatically detects whether we want the pkginstall machinery to be used by the package Makefile.
Ran "pkglint --autofix", which corrected some of the quoting issues in CONFIGURE_ARGS.
Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in
http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
Remove unneeded undef Add -fPIC for amd64 platform to fix build. Reported in PR 31225 by Eric Radman
PLIST fixes pointed out by bulk builds Bump to nb2
Add logging fix from FreeRADIUS CVS pointed out by aland (at) ox.org Bump to nb1
Update to 1.0.5 > Security Fixes > * SQL injection attack in the module "rlm_sqlcounter". > * Buffer overflows in the module "rlm_sqlcounter". > * Expansion of variable %t may write 26 bytes beyond the buffer > bound. Primoz Bratanic is credited with the discovery of these > three bugs. > > Bug fixes > * Don't de-reference a NULL pointer if the auth-type is unknown > in the function rad_check_password(). > * Escape more characters in the LDAP queries. > Bug found by Suse engineers. > * In rlm_sql_unixodbc, don't call rad_malloc from sql_error(), > it leaks memory. > * Fix an off-by-one error in the module rlm_sql_unixodbc. > Bug found by Suse engineers. > * In rlm_sql, resize the buffer for the value of SQL-User-Name. > * Initialize memory for a new SQL socket in the module rlm_sql. > * Don't add too many attributes after running an external program. > Bug found by Suse engineers. > * Fix an off-by-one error in the function getthing(). > * snprintf() and vsnprintf() replacements were not compiled if > the autoconf tests didn't find the functions. > * Don't use vsprintf() anymore, but the replacement for vsnprintf() > in libradius instead. > * The function decode_attribute() may write beyond buffer bounds. > Bug found by Suse engineers. > * Fix a memset() in the function request_enqueue() which was > begining at the wrong address. Bug found by Matthias Ruttman. > * Fix an off-by-one error in the function xlat_copy(). > Bug found by Primoz Bratanic. > * Fix other off-by-one errors in module "rlm_unix", too. > Bug found by Allan Bazinet. > * Fix a 2-byte over-run read in function rad_decode(). > * Update thread pool queue properly. > * Autonconf tests try first any user-specified directory, > otherwise they may pick up the wrong version. > * Delete the autoconf tests for the libldap dependancies. > * Install all the regular files under the "doc" directory. > * Distinguish between exit code <0 (failure) and >0 (reject) > in Exec-Program-Wait. Patch from Thor Spruyt. > * Make Expiration work. > * Clean up the code for opening a proxy socket. > * When finding a realm to proxy to, if all are dead, wake them > if wake_all_if_all_dead is true. > * In radwho, print the NAS-Port as unsigned int. > * Use extended regex instead of basic regex in rlm_attr_filter. > * Catch the case where someone deletes a directory that rlm_detail > is using. > * Use the variable $(LDFLAGS) when linking a module. > * Ignore the Stripped-User-Name when a realm has the "nostrip" > directive. > * Add support for NT-Password in rlm_pap. > * In rlm_sqlcounter, use the time left to the next reset if it's > inferior to the time left in the counter. > * Calculate Message-Authenticator correctly for Accounting-Request > and Accounting-Response. Bug found by Paolo Rotela. > * Build on MAC OS X. Still need --disable-shared, though. > * Fix bug #255 (crash with expired CRL's, etc.) > * Fix quote removal of the values from a SQL database. > * Reap the zombie process after a command run from "Exec-Program". > * Allow to cancel proxy of accounting with "Proxy-To-Realm := LOCAL". > * Don't copy VSA's to an Access-Reject packet.
- Make gdbm optional, but keep it as default. (Partial dbm support using a builtin Berkeley DB 1.8x can now be used with option "bdb -gdbm"; no dbm support at all can be selected with "-gdbm".) - Specify --with/--without exactly once per option. - Merge postgresql support to a single option (pgsql), and correspondingly use pgsql.buildlink3.mk to pick the builder's desired implementation. This aligns freeradius with the rest of pkgsrc, wrt pgsql support.
PLIST fix as pointed out by Krister on pkgsrc-bulk@ Bump PKGREVISION
Get rid of USE_PERL5. The new way to express needing the Perl executable around at either build-time or at run-time is: USE_TOOLS+= perl # build-time USE_TOOLS+= perl:run # run-time Also remove some places where perl5/buildlink3.mk was being included by a package Makefile, but all that the package wanted was the Perl executable.
- Update to freeradius 1.0.4 - The security issues mentioned in this update were incorporated into patch-ak previously and a security advisory was already made in regards to this. > FreeRADIUS 1.0.4 ; Date: 2005/06/11 22:46:52, urgency=medium > > * Fix installation problem. > * Increase a buffer size, so radrelay doesn't truncate values. > * Updates in the documentation. Patches from Thor Spruyt. > > FreeRADIUS 1.0.3 ; Date: 2005/06/03 17:15:11, urgency=high > Security Fixes > * Always escape the strings in the SQL module. > * Check buffer bound when input character needs escaping in > the SQL module. Bug found by Primoz Bratanic. > > Bug fixes > * Return EAP-Fail in Access-Reject, rather than an empty Access-Reject > * Don't send Proxy-State from home server in TTLS. > * Fixes for forking external programs, so the server doesn't > suddenly stop processing requests, or stop forking programs. > * radzap now works, but it's command-line options have changed > completely, and it's a shell script. > * radwho has updated command-line options, and no longer reads > Unix "utmp" files. > * Fix bug in calling checkrad script with NAS port > 9999999 > * Fix long-standing bug when both crypt and pthreads are in use > * Don't SEGV when rlm_sql gets 'NULL' value from request. > * Re-arrange code in radrelay to not duplicate accounting packets. > * In rlm_attr_rewrite, change the value when the attribute type > is different from string.
Remove USE_GNU_TOOLS and replace with the correct USE_TOOLS definitions: USE_GNU_TOOLS -> USE_TOOLS awk -> gawk m4 -> gm4 make -> gmake sed -> gsed yacc -> bison
Pullup ticket 510 - requested by Adrian Portelli security fix for freeradius Revisions pulled up: - pkgsrc/net/freeradius/Makefile 1.28 - pkgsrc/net/freeradius/distinfo 1.14 - pkgsrc/net/freeradius/patches/patch-ak 1.3 Module Name: pkgsrc Committed By: adrianp Date: Wed May 18 21:58:45 UTC 2005 Modified Files: pkgsrc/net/freeradius: Makefile distinfo Added Files: pkgsrc/net/freeradius/patches: patch-ak Log Message: - Add fix for recent security issue
- Add fix for recent security issue
Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used.
- Grab maintainership
- Whitespace police - Better handling of OpenSSL using USE_OLD_DES_API - Fix builds on 1.6.2 - Bump to nb1
- Update freeradius to 1.0.2 - Fix for PR #29437 opened by luiszuccolo(at)ciudad.com.ar, thanks for the PR ! > FreeRADIUS 1.0.2 ; $Date: 2005/02/13 01:03:20 $, urgency=medium > * Novell eDirectoty support. Patch from Novell. > * localweb & Trapeze dictionary updates. > * EAP-SIM fixes. > * Make "Strip-User-Name = No" work. > * Don't declare zero-length arrays in rlm_passwd > * Bug fix to make udpfromto code work > * radrelay shouldn't dump core if it can't read a VP from the > detail file. > * Only initialize the random pool once. > * In rlm_sql, don't escape characters twice. > * Fix MD4 calculation on big-endian machines. > * In rlm_ldap, only claim Auth-Type if a plain text password is present. > * Treat Quintium VSAs like Cisco VSAs > * Locking fixes in threading code > * rlm_krb5 includes /usr/include/et for Fedora Core > * Fix post-auth REJECT stanza processing for rejections from external > processes or home RADIUS servers > * Fix building on gcc-4.0 by not trying to access static auth_port from > other files. > * Fix building SNMP support on Solaris 9, which needs -lkstat
Obey PKG_SYSCONFBASEDIR. Fix the rc.d script: add rcvar definition and no need to source /etc/rc.subr twice. Bump PKGREVISION to 7.
The default location of the pkgsrc-installed rc.d scripts is now under share/examples/rc.d. The variable name already was named RCD_SCRIPTS_EXAMPLEDIR. This is from ideas from Greg Woods and others. Also bumped PKGREVISION for all packages using RCD_SCRIPTS mechanism (as requested by wiz).
Pullup ticket 175 - requested by Adrian Portelli
usability fixes for freeradius
Module Name: pkgsrc
Committed By: adrianp
Date: Tue Dec 21 22:16:01 UTC 2004
Modified Files:
pkgsrc/net/freeradius: Makefile
pkgsrc/net/freeradius/files: radiusd.sh
Log Message:
- Fix freeradius not starting because of missing directory cleaned
out at reboot.
- Issue spotted and patch sent to me from kbrand (at) dplanet.ch,
thanks.
- Bumped PKGREVISION
---
Module Name: pkgsrc
Committed By: adrianp
Date: Wed Dec 22 10:07:21 UTC 2004
Modified Files:
pkgsrc/net/freeradius: Makefile
pkgsrc/net/freeradius/files: radiusd.sh
Log Message:
- Portability fix, use @ROOT_USER@:@ROOT_GROUP@ as opposed to
hardcoding root:wheel in the startup script.
- Again thanks to kbrand (at) dplanet.ch for the suggestion.
- Portability fix, use @ROOT_USER@:@ROOT_GROUP@ as opposed to hardcoding root:wheel in the startup script. - Again thanks to kbrand (at) dplanet.ch for the suggestion.
- Fix freeradius not starting because of missing directory cleaned out at reboot. - Issue spotted and patch sent to me from kbrand (at) dplanet.ch, thanks. - Bumped PKGREVISION
Move buildlink3.mk files ahead of make targets as per doc/Makefile-example.
- Fix pthread issues on 1.6.x - Fix builds with LDAP support - Bump PKGREVISION Thanks to Dave.Tyson (at) liverpool.ac.uk for testing a lot of these patches on the 1.6 branch.
- Fix incorrect ./configure syntax for non-threaded builds
- Update options.mk because of mySQL buildlink changes - Add a fix for crashes when processing EAP-PEAP requests PR 28095 Konstantin.Kabassanov (at) lip6.fr - Fix pthreads enabled builds on NetBSD systems < 2.0 - Replace patch-ai, patch-aj and patch-ak with SUBST_* (suggested by juan@)
Pullup ticket 118 - requested by Adrian Portelli build and security fixes for freeradius Based on patches provided by Adrian.
Update linkage to libltdl, now in its own package.
Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10 in the process. (More information on tech-pkg.) Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and installing .la files. Bump PKGREVISION (only) of all packages depending directly on the above via a buildlink3 include.
- Bump package to 1.0.1nb1 - Move to options.mk framework to support SNMP, OpenLDAP, PostgreSQL and mySQL modules - Add patches/patch-aj and patches/patch-ak for OpenLDAP and PostgreSQL builds - Add extra PLIST's for OpenLDAP, PostgreSQL and mySQL modules
- Update freeradius to 1.0.1 - Fix builds on 1.6 and 2.0_BETA - ok'ed wiz@ - Addresses PR 26987 opened by Rui Paulo, thanks. - Fix startup script using the wrong options - Lots of changes including - Denial-of-Service Security Fix. - Make IPv6 support work better. - Many, many minor bug fixes and feature enhancements. - EAP-module feature improvements.
Assign maintainership to tech-pkg@, requested by David Ferlier in private email.
Convert to buildlink3.
Update FreeRadius to 0.9.3
replace deprecated USE_GMAKE with USE_GNU_TOOLS+=make.
Perform the pthread test the pkgsrc way: using info from pthread.buildlink2.mk, and certainly not using output of 'uname'.
Convert to the bsd.pkg.install.mk framework: - Install all configuration files under the examples directory. - Copy configuration files to PKG_SYSCONFDIR using CONF_FILES. - Honour PKG_SYSCONFDIR. - Use OWN_DIRS to handle the /var/run/radiusd status directory. - Use RCD_SCRIPTS to handle the rc.d script automatically. As a result, bump PKGREVISION to 3.
Use multiple lines to set CONFIGURE_ARGS, as usual. Fix indentation for USE_LIBTOOL line.
Dependency bumps, needed because of devel/pth's major bump, and related dependency bumps.
Remove the installation of libltdl and make this use the already installed one that libtool-base puts down. Also, fix one place in the freeradius code where a config.h should have been emitted but wasn't. Also, for NetBSD < 1.6N disable threads as this requires threads and the posix semaphore headers which pth/etc don't provide and didn't appear until 1.6N
Replace some absolute paths (including one that was a typo anyway) with variables. Added CONLICTS line to show conflict with radius-cistern. I will also add a CONFLICTS line to radius-cistern although I will send a PR to have this situation fixed so that both can coexist.
Adding freeradius package. Thanks to David Ferlier <david@netbsd-fr.org>
for putting this package together. Closes PR pkg/20013.
I had originally requested this package even though we already had the
Cistern RADIUS package because some terminal servers won't work with
one or the other of these packages. This increases the number of terminal
servers that can work with NetBSD.
from the DESCR file:
All code in this server was written from scratch.
The server is mostly compatible with livingston radiusd-2.01
(no menus or s/key support though) but with more feautures, such as:
o Can limit max. number of simultaneous logins on a per-user basis!
o Multiple DEFAULT entries, that can optionally fall-through.
o In fact, every entry can fall-through
o Deny/permit access based on huntgroup users dials into
o Set certain parameters (such as static IP address) based on huntgroup
o Extra "hints" file that can select SLIP/PPP/rlogin based on
username pattern (Puser or user.ppp is PPP, plain "user" is rlogin etc).
o Can execute an external program when user has authenticated (for example
to run a sendmail queue).
o Can use `$INCLUDE filename' in radiusd.conf, users, and dictionary files
o Can act as a proxy server, relaying requests to a remote server
o Supports Vendor-Specific attributes
o No good documentation at all, just like the original radiusd 1.16!
Then of course for general RADIUS questions, especially if you are using
Livingston / Lucent RABU equipment, there is the portmaster-radius mailing
list. Send mail to portmaster-radius-request@livingston.com to find
out how to subscribe.