Up to [cvs.NetBSD.org] / pkgsrc / net / freeradius
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Update net/freeradius to 3.0.15. Based on a PR from @coyhile (https://github.com/joyent/pkgsrc/issues/18). Splits modules with external dependencies into separate packages. The 1.1.x branch was EOL'd in 2008. No upgrade guide from 1.1.x to 3.0.x seem to exist. Summary of improvements in 3.x: - Moved configuration entries in radiusd.conf to make more sense. - Added the "integer64" and "ipv4prefix" data types. - Added RADIUS over TLS (i.e. RadSec). See raddb/sites-available/tls. - Updated internal API to support new attributes and formats. - Added code to send SNMP Traps. See raddb/trigger.conf. - Added preliminary support for Apple's Grand Central Dispatch. - Added provisions for raddb/dictionary.local, for local changes See raddb/dictionary for more details. - Added packet/s tracking. See max_pps in the "listen" section. - The %{} expansions and "unlang" conditions are now parsed at server start. Descriptive errors are produced for syntax and format errors. - Casting is now supported for "unlang" comparisons. See "man unlang" e.g. <ipaddr>127.0.0.1 == Framed-IP-Address. - Direct comparison of attribute references is now supported e.g. &Foo == &Bar. This avoids stringification of the attributes. - Direct assignment of attributes is now supported e.g. Foo := &Bar. It also works for "octets" data types. - Comparisons of IPv4 and IPv6 prefixes are now supported The "<" operator means "within the prefix" for comparisons. - New sha1 xlat expansion (thanks to Alan Buxey). - Colourised log messages when logging to stdout. Look for yellow warnings and red errors. Doing this will save you a LOT of grief. - If the PCRE library is available, use it (insted of the POSIX functions) to process regular expressions (thanks to Phil Mayers). - -xv now displays all the features the server was built with, and the versions of the core libraries (libtalloc, libssl). Summary of improvements in 2.x: - simple policy language (see "man unlang") - virtual servers ("raddb/sites-available/README") - IPv6 support - better proxy support ("raddb/proxy.conf") - More EAP types - Debugging output should be <em>much</em> easier to understand - VMPS support - More modules have been moved to "stable" status (python, etc.) - SQL configuration has been cleaned up (see "raddb/sql/*") - limited support for HUP. (The configuration for some modules is re-loaded on HUP. Nothing else is reloaded.) - check configuration and exit ("radiusd -C") - Server core is now event based (simpler, more powerful)
fixes unusual usage of PLIST_SRC and MESSAGE_SRC.
Whitespace cleanup, courtesy of pkglint. Patch provided by Sergey Svishchev in private mail.
Add an extra MESSAGE if the user has selected to compile freeradius with PAM support. From discussions with John Nemeth.
Add in PAM support Fix mySQL PLIST Fix all PLISTs to avoid a nightmare when the nb number is changed Bump to nb1
Update to 1.1.2 * Updated dictionaries (as always), * Extended Ascend "abinary" support for Juniper, * Configurable "cipher_list" for EAP methods that use TLS, * Additional checks on cert issuer validation for EAP methods that use TLS, * SQL IODBC bug fixes, * Updates to the LDAP module, * Better catching of errors in the config files, * Miscellaneous other fixes In addition to this add an extra option to options.mk which is "freeradius-simul-use". This will enable Simultaneous-Use and is enabled by default. If you disable it freeradius can be built without depending on the net-snmp package. Original idea from John Nemeth.
pkglintification Add kerberos support - Patch from Kevin Sullivan in PR #33732 Bump to nb4
The databases/openldap package has been split in -client and -server component packages. Convert LDAP-based applications to depend on openldap-client, and bump PKGREVISION for those that depend on it by default.
Update to 1.1.0 > FreeRADIUS 1.1.0 ; $Date: 2006/01/04 05:55:19 $, urgency=low > Feature improvements > * rlm_ldap has "set_auth_type" configuration option, which should > address some configuration problems when using it. > * Fix MIT Kerberos bug > * Modules can be load balanced, both in isolation and redundantly. > See doc/load-balance.txt for more information. > * rlm_perl is now marked "stable" > * N-tier certificate patch from Mohammed Petiwala. > * Copied dictionaries from the CVS head (many, many, more vendors) > * Enabled support for weird VSA formats, like Lucent and Starent. > * Support encrypted IP address and integers, for Juniper clients. > * Add PEAP machine authentication support in module "rlm_mschap". > * Support User-Password field encryption in digest mode. > * rlm_x99_token has become rlm_otp (with lots of changes). > * Add rlm_sqlcounter to the list of stable modules. > * Read MySQL specific options in sections [freeradius] and [client] > from file "my.cnf". > * Support the ${Cisco-AVPair[n]} syntax. > * Execute modules in {Pre,Post}-Proxy-Type stanzas. > * Add new options to radclient to run stress tests on the server. > * New module "rlm_sql_log" to postpone the storage of accounting data > in a SQL database. See rlm_sql_log(5) manpage. > * New program "radsqlrelay" which sends the SQL logfile according to > the SQL server's capabilities. > > Bug fixes > * 306 (HUP when built with threads, but executed with -s) > * 285 (more attributes in dictionary.cisco.vpn3000) > * rlm_digest has a number of bug fixes to authentication types. > * Don't leak memory in module "rlm_sql". > * Update the dictionaries, so that VALUEs with the same name, > but different numbers, aren't allowed. > * Queue the request before looking for available threads. > * Don't free the check items after we received the proxy reply. > * Expand config variables in included files, too. > * Check the return value of accounting modules and don't proxy > invalid requests. > * In rlm_passwd, don't close a file stream more than once. > * Fix format string errors in rlm_sql.c, spotted by Primoz Bratanic. > * Walk the whole string in when escaping strings in rlm_ldap. > * Include crypt.h if it is available so we get a prototype for crypt(), > spotted by Konstantin Kubatkin. > * Removed (for almost all uses) length restrictions on vendor names > and VALUE names. > * Don't leak memory when proxying an Access-Challenge response. > * Make the sleep time user-defined, so radrelay can send more than > 7 requests/s. > * Fix a memory leak in rlm_checkval. > * radclient doesn't resend countless times packets with invalid > signature. > * Fix segfault and mem leak in rlm_pam.
Convert to PKG_OPTIONS_GROUP syntax.
- Make gdbm optional, but keep it as default. (Partial dbm support using a builtin Berkeley DB 1.8x can now be used with option "bdb -gdbm"; no dbm support at all can be selected with "-gdbm".) - Specify --with/--without exactly once per option. - Merge postgresql support to a single option (pgsql), and correspondingly use pgsql.buildlink3.mk to pick the builder's desired implementation. This aligns freeradius with the rest of pkgsrc, wrt pgsql support.
- Whitespace police - Better handling of OpenSSL using USE_OLD_DES_API - Fix builds on 1.6.2 - Bump to nb1
- Update options.mk because of mySQL buildlink changes - Add a fix for crashes when processing EAP-PEAP requests PR 28095 Konstantin.Kabassanov (at) lip6.fr - Fix pthreads enabled builds on NetBSD systems < 2.0 - Replace patch-ai, patch-aj and patch-ak with SUBST_* (suggested by juan@)
Use mk/mysql.buildlink3.mk instead of databases/mysql-client/buildlink3.mk, so that we'd not force dependance on specific MySQL version, and instead pick the currently installed mysql*-client (or install the default if there is no mysql-client package installed yet) this makes package buildable with arbitrary MySQL version, such as 3.23.x, 4.0.x or 4.1.x
Pullup ticket 118 - requested by Adrian Portelli build and security fixes for freeradius Based on patches provided by Adrian.
file options.mk was added on branch pkgsrc-2004Q3 on 2004-10-02 12:06:03 +0000
- Bump package to 1.0.1nb1 - Move to options.mk framework to support SNMP, OpenLDAP, PostgreSQL and mySQL modules - Add patches/patch-aj and patches/patch-ak for OpenLDAP and PostgreSQL builds - Add extra PLIST's for OpenLDAP, PostgreSQL and mySQL modules