Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

freeradius-server-3.0.12-2.6.1 RPM for armv7hl

From OpenSuSE 42.2 updates for armv7hl

Name: freeradius-server Distribution: openSUSE Leap 42.2
Version: 3.0.12 Vendor: openSUSE
Release: 2.6.1 Build date: Mon Aug 28 14:40:00 2017
Group: Productivity/Networking/Radius/Servers Build host: armbuild04
Size: 2875685 Source RPM: freeradius-server-3.0.12-2.6.1.src.rpm
Summary: RADIUS Server
Remote Authentication Dial-In User Service (RADIUS) is a networking
protocol that provides centralized Authentication, Authorization, and
Accounting (AAA or Triple A) management for users who connect and
use a network service.

FreeRADIUS is a modular, high performance free RADIUS implementation.




GPL-2.0 and LGPL-2.1


* Fri Aug 25 2017
  - bsc#1055679 - freeradius-server does not provide winbind/AD auth
    Added libwbclient-devel as buildrequires
* Mon May 29 2017
  - CVE-2017-9148.patch: (bnc#1041445, CVE-2017-9148)
    Disable OpenSSL's internal session cache to mitigate
    authentication bypass.
* Thu Sep 29 2016
  - update to 3.0.12
    * for a detailed list of changes look at:
* Fri Sep 02 2016
  - use %{with} macro for conditional inclusions instead of hardcoding
    version numbers
  - improved package descriptions
  - fixed builds on SLE12 and SLE11SP4
* Mon Jan 25 2016
  - removed installation of experimental module
  - update to 3.0.11
    * for a detailed list of changes look at:
* Mon Oct 05 2015
  - update to 3.0.10
    * for a detailed list of changes look at:
* Fri Aug 07 2015
  - Fix boo#912714: freeradius can't use ntlm_auth
    * Create winbind group
    * Add radiusd to winbind group
* Wed Jul 08 2015
  - update to 3.0.9
    * for a detailed list of changes look at:
  - freeradius-server-rlm_sql_unixodbc-configure.patch removes
    hard-coded directory in configure script of rlm_sql_unixodbc
  - install new module
* Thu Apr 23 2015
  - minor adjustments/cleanup of spec and changes
* Wed Apr 22 2015
  - update to 3.0.8
    * for a detailed list of changes look at:
  - new set of consolidated patch files:
    * freeradius-server-2.1.1-logrotate_su.patch
    * freeradius-server-2.1.6-rcradiusd.patch
    * freeradius-server-initscript-pidfile.patch
    * freeradius-server-radius-reload-logrotate.patch
    * freeradius-server-var_run.patch
    * freeradius-server-radiusd-logrotate.patch
    * freeradius-server-rcradiusd.patch
    * freeradius-server-tmpfiles.patch
* Wed Jan 14 2015
  - Do not disable as-needed build
  - Remove the with_sysconfig switch and just stick with versions
* Tue Jan 13 2015
  - update to 3.0.6
    - fixes a segmentation fault in PEAP module (bnc#912588)
    Feature improvements:
    * radmin / raddebug conditional errors are printed to the output, instead of being discarded.
    * raddebug will exit if condition set with -c was invalid.
    * radmin auto-reconnects if the connection to the server has gone away.
    * rlm_cache now has submodule support. See raddb/mods-available/cache
    * New memcached driver for rlm_cache. See raddb/mods-available/cache
    * Add support for &Attribute-Name[*] in conditions. See "man unlang" for details.
    * Add &Attribute-Name[n] which gets the last instance of an attribute e.g. Module-Failure-Message[n].
    * Allow for redundant string expansions. See the "instantiate" section of radiusd.conf.
    * When checking IP addresses in conditions, make the right side be parsed as an IP prefix.
    * Support JIT compilation of compiled regular expressions when built with libpcre.
    * Support named capture groups with "%{regex:<name>}" when built with libpcre.
    * Increase regular expression capture groups from 8 to 32.
    * Emit error markers for badly formed regular expressions.
    * Allow 'm' flag to enable multiline mode in regular expressions.
    * Support limited implicit attribute conversion in update sections.
    * Support casting between IPv6 and IPv4 where the IPv6 address has the v4/v6 mapping prefix (::ffff:).
* Mon Dec 22 2014
  - Drop .keyring and .sig file: freeradius-server still uses MD5
    signatures, which are no longer validated/accepted by GPG 2.1.
* Wed Dec 03 2014
  - update to 3.0.5
    Some of the new features:
    * Allow LDAP to specify arbitrary attributes for dynamic
    * Allow one level of backslashes (finally).  See radiusd.conf,
      "correct_escapes" setting.
    * When supported by OpenSSL, allow TLS 1.1 and TLS 1.2
      in EAP methods.
    * Allow multiple new connections to be spawned simultaneously
      in the connection pool, to cope with spikes in traffic.
    * Use kqueue on systems which support it.  This allows for
      better scaling when using many sockets.
    * Home server "response_window" can now take fractions of a
      second.  See proxy.conf.
    * radmin now supports "show module status", as thee counterpart
      to "set module status"
    * "ipaddr" will now use v6 if no v4 address is present.  You should
      use "ipv4addr" or "ipv6addr" to force v4/v6 addresses.
    * "client" sections will allow "ipaddr = 192.192.0/24".  The old
      "netmask" is still accepted, but the new format is preferred.
    * Allow custom HTTP headers to be set for rlm_rest requests using
      control:REST-HTTP-Header (attributes consumed after use).
    * Extend format of %{rest:} expansion to allow HTTP method and POST
      data to be specified
      and urlquoting.
    * Add support for aliases in rlm_ldap.
    * Add support for connection pool sharing to all modules that use
      the connection pool (pool = <instance>).
    * "tls" sections now have a "psk_query" configuration item, for dynamic
      queries to discover a key from a PSK identity.
    * Preliminary support for EAP channel bindings.
    * Foundational work for dynamic home servers.  They do not yet work,
      but this is now only a matter of updating the "realm" module in
      a future release.
    * Support &attr[*] syntax to copy all instances of an attribute when
      used with the += operator in an update section. May be qualified with
      a tag.
    * The logintime and expiration modules can now be listed in the
      post-auth section.  This makes some configurations simpler.
    * rlm_sqlippool is now IPV6 capable.  Set "ipv6 = yes" to get
      Framed-IPv6-Prefix returned.  The SQL queries have NOT been updated.
      Please submit patches.
    and numerous; bugfixes
  - remove gpg-offline
  - create /run/radiusd after install
  - drop freeradius-server-opensslversion.patch (upstream)
* Mon Dec 01 2014
  - freeradius-server-opensslversion.patch: do not check the minor
    version of openssl, minor versions are supposed to be compatible.
* Sun Aug 03 2014
  - added patch to changelog to fix factory-auto failure (Req #242825)
* Mon Jul 28 2014
  - fixed SUSE spelling in a filename (bnc#889034)
    * don't install suse/README.SuSE
  - remove old tarball and signature file
* Tue Jul 22 2014
  - spec run through spec-cleaner
  - don't install files to /var/run
* Fri May 16 2014
  - update to 3.0.3
    Many bugfixes
    Feature improvements
    * Everything now builds with no warnings from the C compiler,
    clang static analyzer, or cppcheck.
    * rlm_ldap now supports defining the LDAP attribute name via
    backticked expansion (i.e. shell command) in
    RADIUS <-> LDAP mappings.
    * rlm_ldap now supports older style generic attributes.
    * dynamic expansions (e.g. "%{expr:1 + 2}" are now parsed
    when the server starts.  Syntax errors in the strings
    are caught, and a descriptive error is printed.
    * Static regular expressions (e.g. /a*b/) are now parsed
    when the server starts.  Syntax errors in the strings
    are caught, and a descriptive error is printed.
    * dynamic expansions are cached after being parsed.  They are
    no longer re-parsed at run-time for every request.
    * regular expressions are now parsed and cached when the server
    * Added the %{rest:} expansion to rlm_rest, which will send
    a GET request to the URL passed as the format string.
    Any body text will be written to the expansion buffer.
    * rlm_rest now available as a debian package.
    * When an 'if' condition statically evaluates to true/false,
    unlang does more static optimization.  For examples, see
    * All modules are marked as safe for '-C', which lets the
    dynamic expansion checks work in more situations.
    * Added 'none' and 'custom' rlm_rest body types. 'custom'
    allows sending of arbitrary expanded text and content-type
    * Added "config" section to Perl.  See mods-available/perl
    * Added '%v' which expands to the server version - Patch
    from Alan Buxey.
    * more mis-matched casts are caught in "if" conditions,
    and descriptive errors are printed.
    * Support basic response validation in radclient. This allows
    administrators to write local test cases for their
    site-specific configurations.
    * Removed radconf2xml and radmin "show client config" and
    "show home_server config".
    * Forbid running with vulnerable versions of OpenSSL.
    See "allow_vulnerable_openssl" in the "security"
    subsection of "radiusd.conf"
    * Catch underlying "heartbleed" problem, so that nothing bad
    happens even when using a vulnerable version of OpenSSL.
    * Add locking API for sql_null, linelog, and detail modules,
    which should improve performance and work around issues
    on platforms with bad file locking.
    * Allow DHCP NAKs to be delayed, via setting
    reply:FreeRADIUS-Response-Delay = 1
    * Allow tag and array references anywhere attributes
    are allowed in "unlang".
    * many enhancements to radsniff, including output
    to collectd, ipv6 support and packet loss statistics.
    * Many dictionary updates (ZTE, Brocade, Motorola).
    * rlm_yubikey now automatically splits passwords from OTP
    * The detail file reader is now threaded by default.
    This should improve performance reading the files.
  - dropped freeradius-server-CVE-2014-2015.patch (upstream)
* Fri Feb 28 2014
  - fix for CVE-2014-2015 (bnc#864576)
    * denial of service in rlm_pap hash processing
    * added freeradius-server-CVE-2014-2015.patch
* Wed Jan 29 2014
  - remove the old 3.0.0 sources
* Sat Jan 25 2014
  - update to 3.0.1
      Feature improvements
    * Add "timeout" to exec, and "ntlm_auth_timeout" to mschap.
      So that run-away child processes are caught earlier.
    * Allow TLS clients to use "proto = tls", in which case
      TLS is required.  The shared secret is then set to "radsec".
    * More documentation in the tls virtual server.
    * Add "date" module for date formatting.
      See raddb/mods-available/date.
    * Added unit test suite for internal server functionality
    * When loading "update" sections, check if the RHS is a literal
      value.  If so, syntax check it immediately.
    * Update LDAP module documentation and functionality.
      The generic attribute can now update lists.
    * Updated dictionary.extreme.
    * Update sqlippool to do clears as a separate transaction,
      and at most once per second.  This should help MySQL.
    * Respect control:Response-Packet-Type for all types of
    * Add support for SSL encryption to the MySQL driver.
    * Allow arbitrary connection parameters to be used with the
      PostgreSQL driver.
    * Changes to the OpenLDAP schema to fully expose functionality
      of the new LDAP module.
    * Update debian packaging to include a freeradius-config
      package. This package may be provided as a site local
      package to avoid fighting with the preinstalled config
      Bug fixes
    * Use correct field for ARP setting in DHCP.
    * Fix crash on debug condition (#454).
    * Fix a number of minor issues caught by the clang
    * Set WARNING messages to yellow instead of normal text.
    * Correct debug colorise logic.  Patch from Phil Mayers.
    * Encode attributes of type "ethernet".  No one uses them,
      but it makes sense.
    * Work around regex initialization issues.
    * Fix build when linking against OpenSSL.
    * Print IDs as positive numbers, which helps for large DHCP
    * Fix issue with sql_ippool.
    * sqlcounter now uses 64-bit counters, to deal with 4G overflow.
    * Fix issues with DHCP subsystem.
    * Don't build / install disabled modules, or their config
    * Fix build for OSX Mavericks, which hid the header files
      in a magical place.
    * Fix LEAP buffer issue.  You should still avoid LEAP.
    * Mark "unknown" WiMAX attributes as being WiMAX.
    * Fix typo in packet decoder for fragmented extended attrs
    * RPM spec fixes.
    * Fix rlm_perl build issues when not using threads.
    * Enable %{Response-Packet-Type} again.
    * Update configuration file parser to handle "bool"
    * Update declarations of global boolean variables to use
      "bool" consistently. This fixes an issue where some
      modules were instantiated in "config check" mode and
      did not work correctly.
    * Make more messages debug instead of info, to avoid
      polluting the logs with messages that can't be fixed.
    * Set operator in internal unlang code to suppress spurious
      warning messages.
    * Fix debian packaging.
    * Added "status" to Debian init script.
    * Fix "update outer.request" to update the outer request.
    * Don't print TLS debugging messages when not in debug mode.
    * Correctly manage counters for "limit" sections of TCP / TLS
      "listen" sockets.
    * Fix libldap debug output.
    * Fix rlm_ldap tls functionality.
    * Initialise OpenSSL globals early to avoid issues with the
      PostgreSQL library.
    * Fix typo in sqlcounter expansion code.  Fixes #463
    * Overwrite previous instances of SQL-User-Name when adding
      it to the request.
    * Work around bugs in both MIT and heimdal versions of
      krb5_copy_context(), which caused segfaults in
      multithreaded mode.
    * Provide meaningful error messages if Heimdal krb5 is used.
    * Fix attribute supression in rlm_detail.
    * Exit with error code if child fails to complete server
      initialisation after forking.  This allows init scripts to
      correctly report whether the server started ok.
* Mon Oct 21 2013
  - don't build with experimental modules
  - fix packaging bugs:
    * install init scripts only on <= 11.4
    * install systemd unit
    * add %defattr for submodules
* Tue Oct 15 2013
  - update to 3.0.0
    * new feature release
    * see /usr/share/doc/packages/freeradius-server/ChangeLog
      for complete list of changes in this release
    * documentation for upgrading from 2.x is in /etc/raddb/README.rst
  - drop oracle support (wasn't built anyway)
  - dropped patches (obsolete):
    * freeradius-server-2.1.6-codecleanup.patch
    * freeradius-server-2.1.6-dialup_admin.patch
    * freeradius-server-2.1.1-edirectory.patch
  - added systemd service unit
    * radiusd.service
  - added systemd-tmpfile for /var/run/radiusd
    * freeradius-tmpfiles.conf
  - added gpg-offline verification
    * freeradius-server.keyring
* Thu Sep 05 2013
  - add libperl_requires, as we link against libperl and thus
    need a specific version of perl
* Thu Mar 14 2013
  - fixed a bug in the logrotate script (bnc#797292)
* Mon Oct 01 2012
  - files in sites-available/ are now %config(noreplace) [bnc#781756]
* Mon Sep 10 2012
  - update to 2.2.0
    - see /usr/share/doc/packages/freeradius-server/ChangeLog
      for complete list of changes in this release
    - fixes CVE-2012-3547 (bnc#777834)
    - dropped freeradius-server-2.1.6-overflow.patch (upstream)
    - dropped freeradius-server-sha1-default.patch (upstream)
    - refreshed freeradius-server-fix-cert-bootstrap.patch
* Mon May 28 2012
  - Use the new 'su' logrotate option (bnc#677335)
* Mon May 14 2012
  - Enable the same CFLAGS as for other hardware
* Wed Oct 19 2011
  - update to 2.1.12
      Feature improvements
    * Updates to dictionary.erx, dictionary.siemens, dictionary.starent,
    dictionary.starent.vsa1, dictionary.zyxel, added dictionary.symbol
    * Added support for PCRE from Phil Mayers
    * Configurable file permission in rlm_linelog
    * Added "relaxed" option to rlm_attr_filter.  This copies attributes
    if at least one match occurred.
    * Added documentation on dynamic clients.
    See raddb/modules/dynamic_clients.
    * Added support for elliptical curve cryptography.
    See ecdh_curve in raddb/eap.conf.
    * Added support for 802.1X MIBs in checkrad
    * Added support for %{rand:...}, which generates a uniformly
    distributed number between 0 and the number you specify.
    * Created "man" pages for all installed commands, and documented
    options for all commands.  Patch from John Dennis.
    * Allow radsniff to decode encrypted VSAs and CoA packets.
    Patch from Bjorn Mork.
    * Always send Message-Authenticator in radtest. Patch from John Dennis.
    radclient continues to be more flexible.
    * Updated Oracle schema and queries
    * Added SecurID module.  See src/modules/rlm_securid/README
      Bug fixes
    * Fix memory leak in rlm_detail
    * Fix "failed to insert event"
    * Allow virtual servers to be reloaded on HUP.
    It no longer complains about duplicate virtual servers.
    * Fix %{string:...} expansion
    * Fix "server closed socket" loop in radmin
    * Set ownership of control socket when starting up
    * Always allow root to connect to control socket, even if
    "uid" is set.  They're root.  They can already do anything.
    * Save all attributes in Access-Accept when proxying inner-tunnel
    * Fixes for DHCP relaying.
    * Check certificate validity when using OCSP.
    * Updated Oracle "configure" script
    * Fixed typos in dictionary.alvarion
    * WARNING on potential proxy loop.
    * Be more aggressive about clearing old requests from the
    internal queue
    * Don't open network sockets when using -C
  - freeradius-server-snprintf-overflow.patch merged in upstream
* Tue Sep 27 2011
  - fixed interaction with eDirectory (bnc#720620)
* Fri Jun 24 2011
  - update to 2.1.11
    - see /usr/share/doc/packages/freeradius-server/ChangeLog
      for complete list of changes in this release
  - add freeradius-server-snprintf-overflow.patch
  - use spec-cleaner
* Tue May 24 2011
  - Supress timestamps in binaries, breaks build-compare.
* Mon Oct 04 2010
  - update to 2.1.10
    - see /usr/share/doc/packages/freeradius-server/ChangeLog
      for complete list of changes in this release
  - drop freeradius-server-2.1.6-edir-64bit.patch (fixed upstream)
* Thu Sep 16 2010
  - radiusd reload after logrotate [bnc#634445]
* Mon Jun 21 2010
  - update to 2.1.9 (bnc#615699)
    - bugfix release, for list of changes please see
* Mon May 03 2010
  - add freeradius-server-initscript-pidfile.patch
    - handle /var/run on tmpfs
* Sun Mar 21 2010
  - specfile cleanup
* Thu Mar 11 2010
  - drop freeradius-server-2.1.6-ltdl.patch - not needed anymore
  - clean up specfile
  - remove bind-libs, zlib-devel from BuildRequires - not needed
* Tue Mar 09 2010
  - update to 2.1.8
    - for full list of changes, please see
  - drop freeradius-server-no-default-case.patch: fixed upstream
* Thu Dec 17 2009
  - update to 2.1.7
    - for full list of changes, please see
* Thu Oct 22 2009
  - freeradius-server-no-default-case.patch (bnc#527742)
* Thu Oct 15 2009
  - freeradius-server-sha1-default.patch (bnc#546042)
  - freeradius-server-fix-cert-bootstrap.patch (bnc#546041)
* Fri Jun 19 2009
  - disable as-needed for this package as it fails to build with it
* Tue Jun 02 2009
  - updated to 2.1.6
    o Feature improvements
    * radclient exits with 0 on successful (accept / ack), and 1
    otherwise (no response / reject)
    * Added support for %{sql:UPDATE ..}, and insert/delete
    Patch from Arran Cudbard-Bell
    * Added sample "do not respond" policy.  See raddb/policy.conf
    and raddb/sites-available/do_not_respond
    * Cleanups to Suse spec file from Norbert Wegener
    * New VSAs for Juniper from Bjorn Mork
    * Include more RFC dictionaries in the default install
    * More documentation for the WiMAX module
    * Added "chase_referrals" and "rebind" configuration to rlm_ldap.
    This helps with Active Directory.  See raddb/modules/ldap
    * Don't load pre/post-proxy if proxying is disabled.
    * Added %{md5:...}, which returns MD5 hash in hex.
    * Added configurable "retry_interval" and "poll_interval"
    for "detail" listeners.
    * Added "delete_mppe_keys" configuration option to rlm_wimax.
    Apparently some WiMAX clients misbehave when they see those keys.
    * Added experimental rlm_ruby from
    * Add Tunnel attributes to ldap.attrmap
    * Enable virtual servers to be reloaded on HUP.  For now, only
    the "authorize", "authenticate", etc. processing sections are
    reloaded.  Clients and "listen" sections are NOT reloaded.
    * Updated "radwatch" script to be more robust.  See scripts/radwatch
    * Added certificate compatibility notes in raddb/certs/README,
    for compatibility with different operating systems. (i.e. Windows)
    o Bug fixes
    * Minor changes to allow building without VQP.
    * Minor fixes from John Center
    * Fixed raddebug example
    * Don't crash when deleting attributes via unlang
    * Be friendlier to very fast clients
    * Updated the "detail" listener so that it only polls once,
    and not many times in a row, leaking memory each time...
    * Update comparison for Packet-Src-IP-Address (etc.) so that
    the operators other than '==' work.
    * Did autoconf magic to work around weird libtool bug
    * Make rlm_perl keep tags for tagged attributes in more situations
    * Update UID checking for radmin
    * Added "include_length" field for TTLS.  It's needed for RFC
    compliance, but not (apparently) for interoperability.
    - FreeRADIUS 2.1.5
    * Release number skipped due to procedural issues.
    - FreeRADIUS 2.1.4
    o	Feature improvements
    * Permit multiple "-e" in radmin.
    * Add support for originating CoA-Request and Disconnect-Request.
    See raddb/sites-available/originate-coa.
    * Added "lifetime" and "max_queries" to raddb/sql.conf.
    This helps address the problem of hung SQL sockets.
    * Allow packets to be injected via radmin.  See "inject help"
    in radmin.
    * Answer VMPS reconfirmation request.  Patch from Hermann Lauer.
    * Sample logrotate script in scripts/logrotate.freeradius
    * Add configurable poll interval for "detail" listeners
    * New "raddebug" command.  This prints debugging information from
    a running server.  See "man raddebug.
    * Add "require_message_authenticator" configuration to home_server
    configuration.  This makes the server add Message-Authenticator
    to all outgoing Access-Request packets.
    * Added smsotp module, as contributed by Siemens.
    * Enabled the administration socket in the default install.
    See raddb/sites-available/control-socket, and "man radmin"
    * Handle duplicate clients, such as with replicated or
    load-balanced SQL servers and "readclients = yes"
    o Bug fixes
    * Clean up control sockets when they are closed, so that we don't
    leak memory.
    * Define SUN_LEN for systems that don't have it.
    * Correct some boundary conditions in the conditional checker ("if")
    in "unlang".  Bug noted by Arran Cudbard-Bell.
    * Work around minor building issues in gmake.  This should only
    have affected developers.
    * Change how we manage unprivileged user/group, so that we do not
    create control sockets owned by root.
    * Fixed more minor issues found by Coverity.
    * Allow raddb/certs/bootstrap to run when there is no "make"
    command installed.
    * In radiusd.conf, run_dir depends on the name of the program,
    and isn't hard-coded to "..../radiusd"
    * Check for EOF in more places in the "detail" file reader.
    * Added Freeswitch dictionary.
    * Chop ethernet frames in VMPS, rather than droppping packets.
    * Fix EAP-TLS bug.  Patch from Arnaud Ebalard
    * Don't lose string for regex-compares in the "users" file.
    * Expose more functions in rlm_sql to rlm_sqlippool, which
    helps on systems where RTLD_GLOBAL is off.
    * Fix typos in MySQL schemas for ippools.
    * Remove macro that was causing build issues on some platforms.
    * Fixed issues with dead home servers.  Bug noted by Chris Moules.
    * Fixed "access after free" with some dynamic clients.
* Thu Mar 26 2009
  - do not ship static modules



Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Dec 13 04:11:54 2018