summaryrefslogtreecommitdiffstats
path: root/debian/changelog
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 14:11:04 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-13 14:11:04 +0000
commita31a6484b79cf48b4b464a6ab84df3361801076e (patch)
treea7c33f7023721122d1f49ab1dffdc2cd6a8481a5 /debian/changelog
parentAdding upstream version 3.2.3+dfsg. (diff)
downloadfreeradius-a31a6484b79cf48b4b464a6ab84df3361801076e.tar.xz
freeradius-a31a6484b79cf48b4b464a6ab84df3361801076e.zip
Adding debian version 3.2.3+dfsg-2.debian/3.2.3+dfsg-2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/changelog')
-rw-r--r--debian/changelog1507
1 files changed, 1507 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..b289404
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,1507 @@
+freeradius (3.2.3+dfsg-2) unstable; urgency=medium
+
+ * Don't build against libpcre3 (Closes: #1000031)
+ FreeRADIUS will use Posix regular expressions
+
+ -- Bernhard Schmidt <berni@debian.org> Sun, 02 Jul 2023 22:23:21 +0200
+
+freeradius (3.2.3+dfsg-1) unstable; urgency=medium
+
+ * New upstream version 3.2.3+dfsg (Closes: #1032572)
+ - Drop patches applied upstream
+ - d/freeradius-redis.install: Include new rlm_cache_redis module
+ - Unfuzz d/p/snakeoil-certs.diff
+ * Bump Standards-Version, no changes necessary
+ * Drop obsolete lsb-base dependency
+
+ -- Bernhard Schmidt <berni@debian.org> Fri, 23 Jun 2023 20:20:19 +0200
+
+freeradius (3.2.1+dfsg-4) unstable; urgency=medium
+
+ * Don't install symlink for cache_eap module no longer shipped
+ (Closes: #1035853)
+
+ -- Bernhard Schmidt <berni@debian.org> Tue, 16 May 2023 00:04:23 +0200
+
+freeradius (3.2.1+dfsg-3) unstable; urgency=medium
+
+ * Cherry-pick upstream patch to fix partical CA support (Closes: #1032590)
+
+ -- Bernhard Schmidt <berni@debian.org> Fri, 10 Mar 2023 08:53:27 +0100
+
+freeradius (3.2.1+dfsg-2) unstable; urgency=medium
+
+ * Cherry-pick upstream fix for EAP-TTLS-MSCHAPv2 with TLSv1.3
+ (Closes: #919234)
+
+ -- Bernhard Schmidt <berni@debian.org> Tue, 07 Mar 2023 22:51:06 +0100
+
+freeradius (3.2.1+dfsg-1) unstable; urgency=medium
+
+ * New upstream version 3.2.1+dfsg (Closes: #1025426)
+ * Drop d/p/mkdirp.diff, fixed upstream
+ * Drop d/p/python_config_script_update.diff, fixed upstream
+ * Refresh patch
+ * Fix lintian overrides
+ * Bump debhelper to version 13, drop old dbgsym migration
+
+ -- Bernhard Schmidt <berni@debian.org> Wed, 28 Dec 2022 00:10:38 +0100
+
+freeradius (3.2.0+dfsg-1) unstable; urgency=medium
+
+ * Acknowledge NMU, thanks Andreas Metzler
+ * New upstream version 3.2.0+dfsg (Closes: #1011041)
+ - Drop rlm_{cram,otp} (removed upstream), add rlm_json
+ * Refresh d/p/snakeoil-certs.diff
+ * Refresh d/p/python_config_script_update.diff
+ * Import test updates from Ubuntu, thanks Andreas Hasenack
+ - Add test for rlm_python3 (LP: #1969381):
+ - d/t/control: new rlm_python3 test
+ - d/t/rlm_python3-test: test the rlm_python3 module
+ - d/t/rlm_python3-data/*: test files
+ - d/t/freeradius: run python tests in verbose mode
+ - d/t/test-freeradius.py: test more authentication mechanisms
+
+ -- Bernhard Schmidt <berni@debian.org> Sat, 28 May 2022 22:24:26 +0200
+
+freeradius (3.0.25+dfsg-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * python_config_script_update.diff: Update configurre script in
+ src/modules/rlm_python3 (aclocal + autoconf + cleanup), to fix breakage
+ when built against python 3.10. Closes: #1008832
+
+ -- Andreas Metzler <ametzler@debian.org> Sat, 23 Apr 2022 15:43:51 +0200
+
+freeradius (3.0.25+dfsg-1) unstable; urgency=medium
+
+ [ Bernhard Schmidt ]
+ * New upstream version 3.0.25+dfsg
+ - rlm_eap_peap dropped upstream
+ - rlm_sql_map and rlm_totp added
+ * Fix a lot of lintian overrides
+
+ [ Debian Janitor ]
+ * Remove constraints unnecessary since buster
+
+ -- Bernhard Schmidt <berni@debian.org> Tue, 22 Feb 2022 22:38:13 +0100
+
+freeradius (3.0.21+dfsg-3) unstable; urgency=medium
+
+ * Acknowledge NMUs, thanks
+ * Cherry-Pick upstream fix for a crash bug (Closes: #992036)
+ * Cherry-Pick upstream fix to add missing continuation in postgresql
+ sample config (Closes: #992207)
+
+ -- Bernhard Schmidt <berni@debian.org> Mon, 23 Aug 2021 15:49:43 +0200
+
+freeradius (3.0.21+dfsg-2.2) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Don't fail postinst if daemon is not running (Closes: #991561, #932113)
+
+ -- Jochen Sprickerhof <jspricke@debian.org> Wed, 28 Jul 2021 12:28:32 +0200
+
+freeradius (3.0.21+dfsg-2.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix capabilities in service file.
+ As freeradius is not run as root we need to request extra capabilities
+ wiht AmbientCapabilities instead of limiting the set with
+ CapabilityBoundingSet. (Closes: #985967)
+
+ -- Jochen Sprickerhof <jspricke@debian.org> Fri, 23 Jul 2021 13:19:03 +0200
+
+freeradius (3.0.21+dfsg-2) unstable; urgency=medium
+
+ * Cherry-Pick upstream fixes to build with Python3.8 (Closes: #966860)
+ * Drop migration code for versions earlier than oldstable (Squeeze)
+ * Temporarily collectd integration (again) due to RC bugs
+ * Bump to debhelper compat 10
+
+ -- Bernhard Schmidt <berni@debian.org> Mon, 24 Aug 2020 10:46:49 +0200
+
+freeradius (3.0.21+dfsg-1) unstable; urgency=medium
+
+ [ Bernhard Schmidt ]
+ * New upstream version 3.0.21+dfsg
+ * Sync freeradius.service with upstream, notable changes
+ - run as unprivileged user freerad
+ - use RuntimeDirectory (Closes: #954911)
+ - set ReadOnlyDirectories to the configuration (Closes: #955206)
+ - set some Protect* settings
+ - enable reloading the configuration
+ * Enable the control-socket site in autopkgtest and attempt a connection
+ to validate the fix for #954911
+ * Reenable collectd integration, it does not pull in the world anymore
+ on sid, thanks to Bernd Zeimetz (Closes: #948996)
+
+ [ Sven Hartge ]
+ * d/freeradius.service: Drop manual chown, not necessary
+
+ -- Bernhard Schmidt <berni@debian.org> Wed, 01 Apr 2020 14:21:17 +0200
+
+freeradius (3.0.20+dfsg-3) unstable; urgency=medium
+
+ * Upload to unstable
+
+ -- Bernhard Schmidt <berni@debian.org> Mon, 09 Dec 2019 23:42:23 +0100
+
+freeradius (3.0.20+dfsg-2) experimental; urgency=medium
+
+ * Drop freeradius-python2, build experimental freeradius-python3
+ (Closes: #936558)
+ * Switch run-time tests to python3
+ * Build with systemd support, use Type=notify in systemd unit
+ (Closes: #920345)
+ * Bump Standards-Version to 4.4.1, no changes needed
+
+ -- Bernhard Schmidt <berni@debian.org> Fri, 29 Nov 2019 23:54:37 +0100
+
+freeradius (3.0.20+dfsg-1) unstable; urgency=medium
+
+ * New upstream version 3.0.20+dfsg
+ * Fix reload action on sysvinit (Closes: #940608)
+
+ -- Bernhard Schmidt <berni@debian.org> Fri, 29 Nov 2019 18:03:07 +0100
+
+freeradius (3.0.19+dfsg-3) unstable; urgency=medium
+
+ * Drop collectd integration from freeradius-utils - temporarily?
+ collectd is marked for autoremoval at the end of August due to three
+ RC bugs that do not show any recent activity (Bug#925849, Bug#926528,
+ Bug#932299). Additionally, depending on libcollectdclient pulls in
+ (with Recommends on collectd) 200 additional binary packages. See
+ Bug#933296.
+
+ -- Bernhard Schmidt <berni@debian.org> Wed, 21 Aug 2019 17:11:40 +0200
+
+freeradius (3.0.19+dfsg-2) unstable; urgency=medium
+
+ * Import upstream patch to fix atomics FTBFS on armel etc (Closes: #933634)
+ * Fix wrong wnpp Bug# in previous changelog
+ * Drop patch files already applied upstream
+
+ -- Bernhard Schmidt <berni@debian.org> Thu, 01 Aug 2019 15:49:11 +0200
+
+freeradius (3.0.19+dfsg-1) unstable; urgency=medium
+
+ [ Sven Hartge ]
+ * New upstream version 3.0.19+dfsg
+ * Refresh and remove patches
+ Removed:
+ - disable-session-cache-CVE-2017-9148.patch
+ Fixed Upstream
+ - spelling-fixes.diff
+ Applied Upstream
+ - CVE-2019-11234-1.patch
+ - CVE-2019-11234-2.patch
+ Fixed Upstream
+ * Add Salsa CI pipeline
+
+ [ Bernhard Schmidt ]
+ * Adopt package, help welcome. Thanks to Michael Stapelberg for working on
+ freeradius so far (Closes: #923034)
+ * Drop Josip from Uploaders (Closes: #842469)
+ * Drop Stephen Gran from Uploaders (Closes: #838404)
+ * Fix sysvinit stop by supplying executable to killproc.
+ Thanks to Benjamin Boudoir (Closes: #931920)
+ * Move to debian (former collab-maint) namespace on Salsa for easier
+ collaborative maintainership, adjust Vcs-* fields
+ * Override missing-dep-for-interpreter lintian error on shipped sample
+ files in freeradius-config
+
+ -- Bernhard Schmidt <berni@debian.org> Mon, 29 Jul 2019 22:25:30 +0200
+
+freeradius (3.0.17+dfsg-1.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Cherry-Pick upstream commits to fix CVE-2019-11234 / CVE-2019-11235 /
+ VU#871675 (Invalid Curve Attack and Reflection Attack on EAP-PWD, leading
+ to authentication bypass) (Closes: #926958)
+
+ -- Bernhard Schmidt <berni@debian.org> Mon, 22 Apr 2019 23:23:36 +0200
+
+freeradius (3.0.17+dfsg-1) unstable; urgency=medium
+
+ * stop using pristine-tar
+ * New upstream version 3.0.17+dfsg
+
+ -- Michael Stapelberg <stapelberg@debian.org> Mon, 07 Jan 2019 09:38:17 +0100
+
+freeradius (3.0.16+dfsg-5) unstable; urgency=medium
+
+ * Revert "Strip rpath from a few modules." (Closes: #911180)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Fri, 14 Dec 2018 09:33:40 +0100
+
+freeradius (3.0.16+dfsg-4.1) unstable; urgency=medium
+
+ * Non-maintainer upload with permission.
+ * Split out python2 freeradius module into a standalone package.
+ (Closes: #900064)
+ * Strip rpath from a few modules.
+ * Drop upstart system jobs.
+ * Update git vcs URLs to salsa.
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com> Tue, 25 Sep 2018 15:18:31 +0100
+
+freeradius (3.0.16+dfsg-3) unstable; urgency=medium
+
+ * Change default /etc/freeradius permission from 2751 to 2750 (Closes: #890933)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 20 Mar 2018 07:52:46 +0100
+
+freeradius (3.0.16+dfsg-2) unstable; urgency=medium
+
+ * Remove sites-enabled/* from freeradius-config (Closes: #889593)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Sun, 25 Feb 2018 16:25:54 +0100
+
+freeradius (3.0.16+dfsg-1) unstable; urgency=medium
+
+ * New upstream version 3.0.16+dfsg
+
+ -- Michael Stapelberg <stapelberg@debian.org> Mon, 22 Jan 2018 19:05:09 +0100
+
+freeradius (3.0.15+dfsg-2) unstable; urgency=medium
+
+ * logrotate: don’t accidentally define global options (Closes: #872158)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 15 Aug 2017 09:50:16 +0200
+
+freeradius (3.0.15+dfsg-1) unstable; urgency=high
+
+ * New upstream version 3.0.15+dfsg, addressing the following security issues:
+ CVE-2017-10978 (denial of service)
+ CVE-2017-10984 (remote code execution, denial of service)
+ CVE-2017-10985 (denial of service)
+ CVE-2017-10983 (denial of service)
+ CVE-2017-10986 (denial of service)
+ CVE-2017-10987 (denial of service)
+ (Closes: #868765)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 18 Jul 2017 20:49:31 +0200
+
+freeradius (3.0.14+dfsg-3) unstable; urgency=medium
+
+ * Revert "Work around debhelper bug to fix FTBFS (Closes: #866978)"
+ (fixed upstream in debhelper 10.6.3)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 18 Jul 2017 09:30:49 +0200
+
+freeradius (3.0.14+dfsg-2) unstable; urgency=medium
+
+ * Work around debhelper bug to fix FTBFS (Closes: #866978)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Wed, 05 Jul 2017 08:23:11 +0200
+
+freeradius (3.0.14+dfsg-1) unstable; urgency=medium
+
+ * New upstream version 3.0.14+dfsg
+ * Switch to dh_missing’s --fail-missing feature
+ * Install missing file rlm_sql_freetds.so
+ * drop debian/patches/openssl-autoconf.diff (merged upstream)
+ * drop debian/patches/openssl-1.1.diff (merged upstream)
+ * drop debian/patches/manpage-fixes.diff (merged upstream)
+ * refresh patches
+ * add build-dependency on freetds-dev to build rlm_sql_freetds
+ * update Standards-Version to 4.0.0 (no changes necessary)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Mon, 03 Jul 2017 09:01:13 +0200
+
+freeradius (3.0.12+dfsg-5) unstable; urgency=high
+
+ * disable session cache to address CVE-2017-9148 (closes: #863673)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 30 May 2017 17:18:34 +0200
+
+freeradius (3.0.12+dfsg-4) unstable; urgency=medium
+
+ * fix openssl-1.1.diff: initialize ctx_out
+ * fix openssl-1.1.diff: remove const to fix warnings
+ * fix openssl-1.1.diff: initialize hctx, use HMAC_Init_ex
+ * Build-depend on default-libmysqlclient-dev
+ * Exempt mips64el from libcollectdclient-dev build-dependency
+ * freeradius.postinst: revert incorrect removal of /var/log file creation
+ * d/t: update tests for 3.x (Closes: #710895)
+ * Remove unused lintian overrides binary-or-shlib-defines-rpath
+
+ -- Michael Stapelberg <stapelberg@debian.org> Thu, 17 Nov 2016 22:29:04 +0100
+
+freeradius (3.0.12+dfsg-3) unstable; urgency=medium
+
+ * update debian/patches/openssl-1.1.diff to fix compilation with older
+ OpenSSL versions.
+ * maintscripts: fix symlink creation condition
+
+ -- Michael Stapelberg <stapelberg@debian.org> Thu, 10 Nov 2016 10:12:15 +0100
+
+freeradius (3.0.12+dfsg-2) experimental; urgency=medium
+
+ * Build-Depends: libjson-c-dev pulls in the corresponding library
+ * not-installed: prefix debian/tmp to work with older debhelper
+ * Update upstream signing-key
+ * clarify freeradius-config’s purpose
+ * update debian/patches/openssl-1.1.diff
+ * Switch from custom rm_conffile to dh_installdeb
+ * Install configuration in /etc/freeradius/3.0 (closes: #839931)
+ * Correctly grep for usage of snakeoil certs
+ * Remove all use of dpkg-statoverride
+ * chown/chgrp: use --no-dereference to not follow symlinks
+ * no-op reformatting: consistently indent maintscripts
+ * Directly use invoke-rc.d, remove init script fallback
+
+ -- Michael Stapelberg <stapelberg@debian.org> Sat, 05 Nov 2016 11:11:29 +0100
+
+freeradius (3.0.12+dfsg-1) experimental; urgency=medium
+
+ * New upstream version.
+ drop debian/patches/jlibtool-dependency.diff (applied upstream)
+ drop debian/patches/relative-include-paths.diff (applied upstream)
+ drop debian/patches/dir-dependencies.diff (applied upstream)
+ drop debian/rad_counter.1 (applied upstream)
+ add debian/patches/manpage-fixes.diff
+ * freeradius-config: add missing Breaks/Replaces (closes: #839931)
+ * libfreeradius3: add missing Breaks/Replaces (closes: #839034)
+ * freeradius-{dhcp,config}: postrm: only call rmdir if directory exists
+ (closes: #839914)
+
+ -- Michael Stapelberg <stapelberg@debian.org> Sat, 08 Oct 2016 13:35:04 +0200
+
+freeradius (3.0.11+dfsg-1) experimental; urgency=medium
+
+ * New upstream version
+ closes: #797181
+ closes: #813478
+ closes: #696250
+ closes: #651456
+ closes: #814423
+ closes: #728306
+ closes: #806617
+ * re-order alternatives, sbuild always choses the first one
+ * debian/rules: move to dh(1)
+ * add lintian-overrides for fortify-functions
+ * Place package under pkg-freeradius team maintenance
+ * remove obsolete lintian override
+ * add debian/patches/spelling-fixes.diff
+ * freeradius.service: remove obsolete syslog.target
+ * Update Standards-Version to 3.9.8 (no changes necessary)
+ * debian/watch: mangle +dfsg suffix
+ * add debian/patches/dont-install-tests.diff
+ * Enable parallel compilation
+ * Install libfreeradius-*.{so,a}
+ * 0001-Rename-radius-to-freeradius.patch: update manpage/usage
+ (closes: #775281)
+ * Fix compilation with OpenSSL 1.1 (closes: #828305)
+ * Update Build-Depends
+ * add snakeoil-certs.diff: use snakeoil certs in the default config
+ * add relative-include-paths.diff for reproducible builds
+ * Create the mods-enabled links in freeradius-config.postinst
+ * Update debian/copyright
+ * Use dh-autoreconf to update autotools files
+ * add README.source, documenting importing new upstream versions
+ * Add NEWS.Debian with pointer to upgrading guide
+ * Add rad_counter.1 manpage
+
+ -- Michael Stapelberg <stapelberg@debian.org> Sun, 25 Sep 2016 02:38:49 +0200
+
+freeradius (2.2.8+dfsg-0.1) unstable; urgency=medium
+
+ * Non-maintainer Upload
+ * New Upstream version
+ * Add myself to uploaders
+ * Include ubuntu multiarch python patch
+ * Include ubuntu autotests (Thanks probably to
+ yolanda.robla@canonical.com, marc.deslauriers@ubuntu.com)
+ * New standards version; no changes
+
+ -- Sam Hartman <hartmans@debian.org> Mon, 14 Sep 2015 07:27:09 -0400
+
+freeradius (2.2.5+dfsg-0.2) unstable; urgency=high
+
+ * Disable OpenSSL version check; Debian will maintain ABI stability or
+ change the soname, Closes: #765871
+ * Non-Maintainer Upload
+
+ -- Sam Hartman <hartmans@debian.org> Thu, 23 Oct 2014 21:45:36 -0400
+
+freeradius (2.2.5+dfsg-0.1) unstable; urgency=medium
+
+ * Non-maintainer Upload
+ * Remove remnants of freeradius-dilaupadmin, Closes: #669741
+ * Permit creating freerad to fail because user might exist, Closes: #661915
+ * Update to standards version 3.9.5, no changes
+ * New upstream version, Closes: #740857, #691770
+ - Include dictionary.mikrotik, Closes: #672200
+
+ -- Sam Hartman <hartmans@debian.org> Tue, 30 Sep 2014 19:18:08 -0400
+
+freeradius (2.1.12+dfsg-1.3) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Remove freeradius-dialupadmin, Closes: #711486. I understand there's a
+ patch in the bug that could get this working.
+ However, it's been removed upstream for 3.x, my hope is to package
+ 3.0.2 soon, and a PHP script that copies all the get/post data
+ into globals so as to administer an authentication server is more
+ scary than I choose to contemplate.
+ * Add IODBC include directories, Thanks Maximiliano Curia
+ , Closes: #740060
+
+
+ -- Sam Hartman <hartmans@debian.org> Wed, 12 Mar 2014 20:36:19 -0400
+
+freeradius (2.1.12+dfsg-1.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Fix expired passwords when using the unix module (CVE-2011-4966,
+ Closes: #694407).
+
+ -- Kees Cook <kees@debian.org> Sun, 16 Dec 2012 12:44:35 -0800
+
+freeradius (2.1.12+dfsg-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fix pre-authentication buffer overflow in EAP handling
+ (CVE-2012-3547; Closes: #687175, #687178).
+
+ -- Nico Golde <nion@debian.org> Tue, 11 Sep 2012 19:38:02 +0200
+
+freeradius (2.1.12+dfsg-1) unstable; urgency=low
+
+ * New upstream version, closes: #675698.
+ + Fix for a segmentation fault in rlm_eap, closes: #645998.
+ * Backport upstream commits to fix our bug reports:
+ + Fix for a crash on SIGHUP in config file handling,
+ 378f2517357f11f9900c3799c6a469ee2fda7bdf
+ ab73a3debf93492804e7af253ba45a7b017a18d1
+ closes: #606450
+ + Fix for a segmentation fault in radmin through environment variables,
+ ce1bb741773b253c4ccf24accccf6305e202a322
+ 516dbaabf0ea80d0ff0643dc2ae9a10c4d31494c
+ closes: #662194
+ * Use dpkg-buildflags for configure, by Moritz Muehlenhoff, closes: #657838.
+ * Mark rlm_jradius as stable to get it to build and ship, closes: #599067.
+ * Switch to dpkg-source 3.0 (quilt) format.
+ * Polished packaging a wee bit and updated the Standards-Version.
+
+ -- Josip Rodin <joy-packages@debian.org> Fri, 29 Jun 2012 14:32:33 +0200
+
+freeradius (2.1.10+dfsg-3.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix "FTBFS: libfreeradius-radius-2.1.10.so: could not read symbols:
+ Invalid operation": adjust target dependencies in debian/rules: make sure
+ the patch target is not only called for build but also for
+ build-{arch,indep}. (Closes: #666311)
+
+ -- gregor herrmann <gregoa@debian.org> Wed, 02 May 2012 16:58:57 +0200
+
+freeradius (2.1.10+dfsg-3) unstable; urgency=low
+
+ * Fixed the silly error that rendered previous attempts to use the
+ right libtool functions useless, hopefully finally closes: #416266.
+ * Link radeapclient with libradius to fix linking with binutils-gold,
+ closes: #553387.
+ * Fix the debug mode crashing when home server doesn't respond to
+ a proxied request. Dmitry Borodaenko cherry-picked upstream commits
+ 540a0515de93d99ef45f97b9114185f159587b51 and
+ ab972f1f9b724fc0b71e6ca726078c92ad26bc6b, thanks, closes: #609870.
+ * Fixed udpfromto IPv6 breakage because of broken offsetof tests,
+ backported upstream b4f0c7ed4dc9811d8dfa982540ed8cb721cc854a
+ (one minor change necessary) as well as
+ 655f0786d60fe02440763df69b1aaf5110706690, as well as the simple
+ IPV6_RECVPKTINFO change, hopefully it activates all the right
+ modern IPv6 functions and closes: #606866.
+
+ -- Josip Rodin <joy-packages@debian.org> Thu, 05 May 2011 23:50:20 +0200
+
+freeradius (2.1.10+dfsg-2) unstable; urgency=medium
+
+ * The zombie period start time variable mistakenly got set to a random
+ value because of an upstream typo. Cherry-picked upstream commit
+ 7b7dff7724721f8af5fd163f2292d427a869992d into a Debian patch,
+ requested for squeeze in #600465.
+ * Since 2.1.9, the daemon stopped reopening the default radius.log file
+ constantly, which means the default logrotate setup breaks the default
+ logging. D'oh. We now have to send SIGHUP to the daemon as a postrotate
+ action, which makes it reopen log files and continue normally.
+ * Added delaycompress to the logrotate options, just to be on the safe
+ side.
+ * Added a reload action into the init script accordingly, so that the
+ right pidfile is picked up (one that can be overridden by the admin
+ in /etc/default/freeradius, available since the last release).
+ * Called reload from the postrotate section, closes: #602815.
+ * However, the latter signal also makes the server re-read configuration
+ files, but unlike the initial server start, this all happens under
+ the unprivileged user. That in turn means that if by any chance there
+ is any part of FR configuration that happens not to be readable by
+ group freerad (or whatever non-default is configured), the reload
+ will fail, effectively silently, as the log has been moved away. Gah.
+ So we have to make an effort to ensure that the configuration files
+ are still readable by that user, otherwise the reload fails and the
+ aforementioned bug is not fixed. The files seem to revert to
+ root:root upon conffile actions, at least that's what happened to me
+ and I think that was the cause. So, on upgrade, try to re-apply the
+ dpkg-statoverrides on our /etc/freeradius/* stuff, whatever they are,
+ under the assumption they will let the freerad group read config files
+ as is the initial setup. (I wish dpkg-statoverride --update $file
+ just did the right thing, but it doesn't, so there's a new local
+ function that does that.)
+ * While doing the latter, noticed that we were checking for directories
+ in dpkg-statoverride --list output with trailing slashes, but they
+ get output without it, so it was a no-op. Fixed the check by removing
+ the trailing slashes. Also then noticed that we were grepping --list
+ output, but it takes an optional glob pattern, so saved us that
+ pointless grep fork by using that facility, just as described in the
+ policy manual.
+ * force-reload switches from restart to reload, per policy 9.3.2.
+ * lenny backport needed also libltdl-dev (2.2.x) to build properly, rather
+ than libltdl3-dev, which is obsolete and doesn't make sense anyway.
+
+ -- Josip Rodin <joy-packages@debian.org> Sat, 13 Nov 2010 15:21:30 +0100
+
+freeradius (2.1.10+dfsg-1) unstable; urgency=medium
+
+ * New upstream version, closes a bunch of reproducible SNAFUs,
+ including two tagged as security issues, CVE-2010-3696, CVE-2010-3697,
+ closes: #600176.
+ * Build-depend on newer Libtool because of lt_dladvise_init(), also
+ upstream now has a configure check so we no longer need a patch,
+ yet we still don't want the old behaviour. Noticed by John Morrissey,
+ closes: #584151.
+ * Added the /etc/default/freeradius file as suggested by
+ Rudy Gevaert and Matthew Newton, closes: #564716.
+ * Stop symlinking /dev/urandom into /etc/freeradius/certs/random,
+ it breaks grep -r in /etc. Instead, replace it inside eap.conf,
+ both in the new shipped conffile and in postinst.
+
+ -- Josip Rodin <joy-packages@debian.org> Thu, 14 Oct 2010 21:51:51 +0200
+
+freeradius (2.1.9+dfsg-1) unstable; urgency=low
+
+ * New upstream version.
+ + radclient (radtest) should now use IPv4 by default, closes: #569614.
+ * Depend on ca-certificates explicitly, closes: #569601.
+ * I mistook ca.pem for the locally selected acceptable CA, whereas that
+ actually just happens to mean DebConf.org CA, and we want the former
+ by default. That in turn is in /etc/ssl/certs/ca-certificates.crt.
+ Obviously later the users can trivially change this, but this looks
+ like a reasonably reliable default that doesn't involve a lot of magic
+ that can delay or break postinst invocations. In the future, eap.conf
+ will become modules/eap and this will not be so critical.
+ * The private_key_file = ${certdir}/server.pem default doesn't get along
+ with snakeoil, or common sense really (why would you keep a secret key
+ in the same file as the non-secret certificate?), and could have broken
+ upgrades if people accepted the conffile prompt, so adjusted the
+ default conffile too, and adjusted the postinst upgrade logic as well.
+ * Enable HAVE_LT_DLADVISE_INIT as it fixes the module symbol lookup
+ errors from additional libraries, closes: #416266.
+ * Explicate source format as 1.0.
+ * Add ${misc:Depends} to all binary packages.
+ * Update standards version to 3.8.4, no changes necessary.
+
+ -- Josip Rodin <joy-packages@debian.org> Sun, 30 May 2010 12:48:55 +0200
+
+freeradius (2.1.8+dfsg-1) unstable; urgency=medium
+
+ * New upstream version.
+ + Fixes several showstopper bugs, hence increased urgency.
+ + Includes OpenSSL+GPL license exception, closes: #499120.
+ + Fixes typo in a warning, closes: #523074.
+ * Added libssl-dev into build-depends and enabled the building of
+ modules that just depend on OpenSSL, namely rlm_eap_peap, rlm_eap_tls,
+ rlm_eap_ttls, and rlm_otp, closes: #266229.
+ * Because the configuration of EAP+SSL modules now actually kicks in, its
+ non-existent certificate file would break the server start by default.
+ Depend on ssl-cert, make use of make-ssl-cert and openssl, and add
+ freerad to the ssl-cert group in the postinst to get us past the
+ problematic default settings so that we don't crash and burn on clean
+ upgrades, but otherwise leave everything else to the admin.
+ * Ship /etc/freeradius/attrs.access_challenge, like the others.
+ * Moved otp.conf and snmp.conf statoverride handling to the preinst
+ and used rm_conffile on them as well.
+ * Updated upstream changelog handling a bit.
+
+ -- Josip Rodin <joy-packages@debian.org> Sat, 02 Jan 2010 20:22:47 +0100
+
+freeradius (2.1.7+dfsg-2) unstable; urgency=low
+
+ * Ship radmin and raddebug in the freeradius package.
+ * Correct section number inside raddebug(8) so it doesn't get misplaced.
+
+ -- Josip Rodin <joy-packages@debian.org> Tue, 24 Nov 2009 15:29:59 +0100
+
+freeradius (2.1.7+dfsg-1) unstable; urgency=low
+
+ * Adopting the package, closes: #536623.
+ * New upstream version, closes: #513484.
+ + Fixes the blooper in unlang evaluation logic, closes: #526175.
+ * Used quilt (and added README.source), and moved upstream file patching
+ into debian/patches/. The source is no longer in collab-maint git
+ (to make it simpler for me to finally get this out the door), but
+ kept the .gitignore should we need that again.
+ * Dropped the dialup_admin/bin/backup_radacct patch (integrated upstream).
+ * Dropped the raddb/Makefile patch (problem no longer exists upstream).
+ * Dropped the lib/packet.c lib/radius.c main/listen.c patches (was from
+ upstream 2.0.5 anyway).
+ * Dropped references to otp.conf, it no longer exists upstream.
+ Keep removing the conffile statoverride in prerm.
+ * Dropped references to snmp.conf, it no longer exists upstream.
+ Keep removing the conffile statoverride in prerm.
+ * Ship /etc/freeradius/modules/* in the freeradius package.
+ * Stop shipping sites-enabled symlinks in the package and instead create
+ them only on initial install, thanks to Matej Vela, closes: #533396.
+ * Add export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" to the init script
+ at the request of John Morrissey, closes: #550143.
+ * Stop installing /var/run/freeradius in the package to silence Lintian.
+ The init script already recreates it at will.
+ * Remove executable bit from example.pl to silence Lintian.
+
+ -- Josip Rodin <joy-packages@debian.org> Mon, 23 Nov 2009 03:57:37 +0100
+
+freeradius (2.0.4+dfsg-7) unstable; urgency=low
+
+ * Ignore rmdir failure on clean (closes: #545932)
+ * Do a better job of catching errors in the init script (closes: #533390)
+ * Init headers fixup (closes: #541882)
+ * Clean up some logs so dpkg can successfully rmdir (closes: #530727)
+
+ -- Stephen Gran <sgran@debian.org> Sun, 13 Sep 2009 19:33:12 +0100
+
+freeradius (2.0.4+dfsg-6) unstable; urgency=low
+
+ * Fix unsafe use of tempfile (closes: #496389)
+
+ -- Stephen Gran <sgran@debian.org> Mon, 25 Aug 2008 14:18:48 +0100
+
+freeradius (2.0.4+dfsg-5) unstable; urgency=low
+
+ [ Mark Hymers ]
+ * Cherry pick commit from 2.0.5 which fixes port binding issues.
+ Closes: #489773.
+
+ [ Stephen Gran ]
+ * add PERL_SYS_INIT3 and PERL_SYS_TERM calls to rlm_perl. (closes: #495073)
+ * Make the SQL modules link against rlm_sql.so in the most horrific
+ (and only) way possible. (closes: #448699)
+
+ -- Stephen Gran <sgran@debian.org> Thu, 14 Aug 2008 19:15:30 +0100
+
+freeradius (2.0.4+dfsg-4) unstable; urgency=low
+
+ * Create links from sites-enabled to sites-available for the files that
+ upstream enables by default (closes: #483914)
+
+ -- Stephen Gran <sgran@debian.org> Sun, 01 Jun 2008 12:24:35 +0100
+
+freeradius (2.0.4+dfsg-3) unstable; urgency=low
+
+ * brown paper bag release
+ * Really actually do the statoverride I thought we were doing with -2
+ (closes: #482380)
+
+ -- Stephen Gran <sgran@debian.org> Thu, 22 May 2008 11:18:12 +0100
+
+freeradius (2.0.4+dfsg-2) unstable; urgency=low
+
+ * Install /var/log/freeradius 0750 so that people writing their passwords to
+ logfiles don't accidentally leak them without noticing (closes: #482085)
+
+ -- Stephen Gran <sgran@debian.org> Tue, 20 May 2008 19:38:27 +0100
+
+freeradius (2.0.4+dfsg-1) unstable; urgency=low
+
+ * Ok, actually remove all the cruft in debian/ shipped by upstream. This
+ means repacking the tarball and all that, but it also means dpkg-source
+ won't get the chance to ignore removed files, resulting in files
+ reappearing, but not locally (closes: #481406)
+ * Also remove config.{cache,log} in clean target - damn you gitignore
+
+ -- Stephen Gran <sgran@debian.org> Mon, 19 May 2008 03:55:55 +0100
+
+freeradius (2.0.4-3) unstable; urgency=low
+
+ * I have no god damn idea why the buildds are adding manpages to the wrong
+ binary. Reuploading with DH_VERBOSE=1 to see if we can find it. We
+ certainly can't reproduce it in our local builds, even calling the same
+ targets in the same order as the buildds.
+
+ -- Stephen Gran <sgran@debian.org> Mon, 19 May 2008 00:17:06 +0100
+
+freeradius (2.0.4-2) unstable; urgency=low
+
+ * freeradius-{common,utils} needs to Conflict: with other radius
+ implementations that share files (closes: #480682)
+
+ -- Stephen Gran <sgran@debian.org> Sun, 11 May 2008 18:41:45 +0100
+
+freeradius (2.0.4-1) unstable; urgency=low
+
+ * New upstream release
+ * Make all directories in /etc/freeradius group +x (closes: #479835)
+
+ -- Stephen Gran <sgran@debian.org> Fri, 09 May 2008 12:58:55 +0100
+
+freeradius (2.0.3-1) unstable; urgency=low
+
+ [ Mark Hymers ]
+ * New upstream release
+ * Bump Build-Dep on debhelper to 6.0.7 as we use dh_lintian
+ * Delete lots of obsolete conffiles
+
+ [ Stephen Gran ]
+ * Create a -common package for some extra file that the -utils package
+ needs. Also stuff in manpages and other arch all files to reduce the size
+ of the unnecessarily repeated stuff in the archive
+ * Change chown/chmod calls to dpkg-statoverride
+
+ -- Mark Hymers <mhy@debian.org> Sat, 03 May 2008 17:07:42 +0100
+
+freeradius (2.0.2-1) unstable; urgency=low
+
+ * Yet another new upstream version (closes: #465475)
+ * Cleanup manpages
+ * Add lintian overrides for rpath - this is intentional
+ * Packaging is now being done in git, we're dropping dpatch
+ * Split out client utilities (closes: #470977) - this means we also need to
+ split the library so the two binary packages can use it
+ * Major package rework
+
+ -- Stephen Gran <sgran@debian.org> Sun, 16 Mar 2008 22:58:16 +0000
+
+freeradius (2.0.0-1) unstable; urgency=low
+
+ * New upstream version
+ * Patches:
+ - freshen 02-radiusd-to-freeradius
+ - disable 03-dialupadmin-help until it's reworked properly
+
+ -- Stephen Gran <sgran@debian.org> Thu, 10 Jan 2008 23:05:50 +0000
+
+freeradius (1.1.7-1) unstable; urgency=low
+
+ * New upstream version
+ * Update debian/copyright to reflect reality:
+ - package is GPL v2 only, so refer to the correct file in common-licenses
+ - Remove explanation of wy postgres and snmp modules can't be shipped,
+ since we do ship them.
+ * Remove 04-configure-openssl.dpatch, --without-openssl applied upstream
+
+ -- Stephen Gran <sgran@debian.org> Thu, 09 Aug 2007 10:09:20 +0100
+
+freeradius (1.1.6-4) unstable; urgency=low
+
+ The "Give me GPLv2 compatibility or give me FTBFS" release
+ * Fix rlm_krb5 not to link with openssl unless it actually needs to
+ * debian/rules: move dependency on patch target to config.status
+ * debian/rules: FTBFS if a package accidentally directly links to openssl
+
+ -- Stephen Gran <sgran@debian.org> Wed, 04 Jul 2007 17:08:45 +0100
+
+freeradius (1.1.6-3) unstable; urgency=low
+
+ * Change freeradius-dbg to Priority: extra.
+ * After discussions with one of the ftp-assistants, we can ship
+ freeradius-postgresql in main. Yey! (Closes: #264649, #382329)
+
+ -- Mark Hymers <mhy@debian.org> Thu, 21 Jun 2007 13:32:09 +0100
+
+freeradius (1.1.6-2) unstable; urgency=low
+
+ [ Mark Hymers ]
+ * Add freeradius-dbg package.
+
+ [ Stephen Gran ]
+ * Update debian/control for php5 (dialupadmin) (closes: #424788, #412701)
+
+ -- Stephen Gran <sgran@debian.org> Thu, 31 May 2007 02:47:02 +0100
+
+freeradius (1.1.6-1) unstable; urgency=low
+
+ * New upstream release. Closes: #420003.
+
+ -- Mark Hymers <mhy@debian.org> Thu, 19 Apr 2007 15:14:05 +0100
+
+freeradius (1.1.5-1) unstable; urgency=low
+
+ * New upstream release. Closes: #415980
+ * Remove 01-fix-proxy.dpatch as it was a backport from upstream.
+ * otppasswd.sample is no longer provided so make sure we remove the
+ conffile properly in preinst.
+ * Update my email address and remove Paul from Uploaders. Thanks to him for
+ previously maintaining the package.
+ * Change so that we start at S50 and stop at K19 so that we start after
+ services we depend on and stop before them. Closes: #408665.
+ Note that is only for new installs.
+
+ -- Mark Hymers <mhy@debian.org> Fri, 13 Apr 2007 13:14:08 +0100
+
+freeradius (1.1.3-3) unstable; urgency=medium
+
+ * Fix POSIX compliance problem in init script. Closes: #403384.
+
+ -- Mark Hymers <mark@hymers.org.uk> Sat, 16 Dec 2006 20:45:11 +0000
+
+freeradius (1.1.3-2) unstable; urgency=low
+
+ [ Stephen Gran ]
+ * Check for existence of pidfile in initscript.
+ * Clean some old cruft from debian/rules
+ * Write dialup_admin/Makefile
+ * Make binNMU safe
+ * Some lsb init headers
+
+ [ Mark Hymers ]
+ * Merge upstream patch to deal with proxy port settings. Closes: #388024.
+ * Rewrite large parts of the Debian build system.
+
+ -- Stephen Gran <sgran@debian.org> Sat, 7 Oct 2006 21:08:35 +0100
+
+freeradius (1.1.3-1) unstable; urgency=low
+
+ [ Stephen Gran ]
+ * Add and rework ubuntu /var/run/tmpfs patch
+ * Add LSB init script headers
+ * Actually trap errors in init script, how about?
+
+ [ Mark Hymers ]
+ * New upstream version.
+ * New version of autotools in 1.1.3. Closes: #380204
+ * Remove previous patches merged upstream:
+ - 01-actually_check_for_unset_password.dpatch
+ * Only do user creation, group addition, chmod and chown stuff in postinst
+ on an initial install to avoid clobbering local changes.
+
+ -- Mark Hymers <mark@hymers.org.uk> Wed, 23 Aug 2006 14:48:57 +0100
+
+freeradius (1.1.2-2) unstable; urgency=low
+
+ [ Stephen Gran ]
+ * Acknowledge my previous NMU's (closes: #351732, #359042)
+ * Init scripts overhaul:
+ - now use reload on upgrade of modules
+ - replace sleep statements with --retry, as time based tests are
+ fragile
+ - no longer exit with an error if stop fails because the
+ daemon isn't running (closes: #374670, #351735)
+ - stop using command -v in /bin/sh scripts
+ * General maintainer script overhaul:
+ - Don't rm -rf something in /etc (ouch)
+ - Use chown -R instead of 'find .. -exec'
+ - should not need to manually remove the init script on purge (it's a dpkg
+ managed conffile)
+ - Only do user management stuff if user is missing. No point rerunning it
+ every upgrade.
+ - Install /etc/freeradius/dictionary with relaxed permissions, but never
+ touch it again (closes: #334299)
+ - switch to debhelper files where possible. I like an easy to read
+ Makefile.
+ * Arg. Move README.rfc to the freeradius package where it belongs.
+
+ [ Mark Hymers ]
+ * Document building SSL/PostgreSQL modules in debian/rules, add
+ control.postgresql to make it more convenient. Tested on AMD64 using
+ system libtool.
+
+ -- Stephen Gran <sgran@debian.org> Sun, 25 Jun 2006 23:06:16 +0100
+
+freeradius (1.1.2-1) unstable; urgency=low
+
+ [ Mark Hymers ]
+ * New maintainers
+ * New upstream version.
+ * Remove previous patches merged upstream:
+ - 01_NET-SNMP_build_support.dpatch
+ - 02_document_actual_shared_secret_maximum_length.dpatch
+ - 12_more_dialup_admin_various_fixes.dpatch
+ - 14_broken_parse.dpatch
+ - 15_CVE-2006-1354.dpatch
+ * Use --with-system-libtool during configure. Add B-D: on libtool
+ Removes obsolete dpatches:
+ - 06_libtool14_vs_rlm_eap_tls.dpatch
+ - 13_a_libtool_to_call_your_own.dpatch
+ * Remove freeradius.undocumented as we don't install links to
+ undocumented(7) anymore (not recommended since policy 3.5.8.0)
+
+ [ Stephen Gran ]
+ * Update to Standards Version 3.7.2 (no changes)
+ * Remove doc/rfc/ to make -legal happy (closes: #365192)
+ - this means repacked tarball. See README.rfc for details
+ * Test for unset variable, rather than empty variable in clean_radacct,
+ monthly_tot_stats and truncate_radacct (closes: #374053)
+
+ -- Mark Hymers <mark@hymers.org.uk> Sat, 17 Jun 2006 16:05:19 +0100
+
+freeradius (1.1.0-1.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * [ CVE-2006-1354 ]:
+ src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c:
+ Due to insufficient input validation it is possible for a remote
+ attacker to bypass authentication or cause a denial of service.
+ (closes: #359042)
+
+ -- Stephen Gran <sgran@debian.org> Wed, 17 May 2006 11:22:28 -0500
+
+freeradius (1.1.0-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Upstream patch to fix parsing config file (closes: #351732)
+ Fixes: fails to start on amd64 (error in dictionary parsing code)
+
+ -- Stephen Gran <sgran@debian.org> Sat, 1 Apr 2006 11:07:55 +0100
+
+freeradius (1.1.0-1) unstable; urgency=low
+ * ReDebianise upstream tarball:
+ - Deleted RFCs: 2243 2289 2433 2548 2618 2619 2620 2621 2716 2759 2809 2865
+ 2866 2867 2868 2869 2882 2924 3162 3575 3576 3579 3580
+ draft-kamath-pppext-eap-mschapv2-00
+
+ * New FreeRADIUS modules marked stable by new upstream release
+ - rlm_perl
+ - rlm_sqlcounter
+ - rlm_sql_log + radsqlrelay
+ - rlm_otp (formerly rlm_x99_token, not built as it depends on OpenSSL)
+
+ * Remove upstream-integrated patches:
+ - 02_EAP-SIM_doesnt_need_openssl
+ - 03_X99_is_not_stable
+ - 07_manpage_fixups
+ - 09_use_crypth_if_we_have_it
+ - 10_escape_entire_ldap_string
+ - 11_dont_xlat_possibly_bad_usernames_in_bad_accounting_packets
+ - 12_dialup_admin_various_fixes
+
+ * More dialup-admin fixes from Arve Seljebu
+ - Fix redirects in dialup-admin pages on servers with
+ register_globals turned off.
+ Closes: #333704
+ - HTTP form fields will always fail is_int, use in_numeric instead
+ Closes: #335149
+ - Created 12_more_dialup_admin_various_fixes
+
+ * Update to Policy 3.6.2.0
+ * Upgrade Debhelper support to V5
+ * Don't install the .in files with the examples
+ * Prefer libmysqlclient15-dev
+ Closes: #343779
+ * Shared secrets can only be 31 characters long, note this in clients.conf
+ - Created 02_document_actual_shared_secret_maximum_length
+ Closes: 344606
+ * Added support for lsb-init functions
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Sun, 15 Jan 2006 13:34:13 +1100
+
+freeradius (1.1.0-0) unstable; urgency=low
+
+ * New upstream release.
+ * Update set of patches:
+ - 01_NET-SNMP_build_support.dpatch
+ - 06_libtool14_vs_rlm_eap_tls.dpatch
+ - 13_a_libtool14_to_call_your_own.dpatch
+
+ -- Nicolas Baradakis <nbk@sitadelle.com> Sun, 1 Jan 2006 18:15:47 +0100
+
+freeradius (1.0.5-2) unstable; urgency=low
+
+ * Stop dragging non-PIC code from libeap.a into rlm_eap_sim.so and
+ rlm_eap.so.
+ (Thanks to Peter Salinger)
+ Closes: #288547
+ - Rename 06_libtool14_vs_rlm_eap_tls to 06_libtool14_vs_rlm_eap
+ and modify with Peter's changes and some Makefile hackery to
+ get it all linking
+ * Don't rerun configure during the build.
+ (Thanks to Kurt Roeckx)
+ * A whole bunch of dialup-admin fixes from Arve Seljebu and Tobias
+ - Report correct data transfer statistics for users
+ Closes: #329672
+ - Lower-case sql column names to match creation scripts
+ Closes: #333709
+ - Fix creation of empty groups
+ Closes: #333739
+ - Put quote around usernames in HTML output
+ Closes: #333742
+ - Properly notice when we've got a blank password to SQL
+ Closes: #333744
+ - Created 12_dialup_admin_various_fixes
+ * Stop using libtool1.4 to build against, now that we can't have it and
+ libltdl3-dev installed at the same time
+ Closes: #279391
+ - Created 13_a_libtool14_to_call_your_own to get most recent ltmain.sh
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Sun, 16 Oct 2005 21:26:30 +1000
+
+freeradius (1.0.5-1) unstable; urgency=high
+
+ * Urgency high for security fixes below, all reported upstream
+ * ReDebianise upstream tarball:
+ - Deleted RFCs: 2243 2289 2433 2548 2618 2619 2620 2621 2716 2759 2809 2865
+ 2866 2867 2868 2869 2882 2924 3162 3575 3576 3579 3580
+ draft-kamath-pppext-eap-mschapv2-00
+ * Add missed build-dependancy on dpatch (>=2)
+ * Update to Standards-Version 3.6.2.0
+ - No changes needed
+ * Repair some minorly broken manpages
+ - Created 07_manpage_fixups.dpatch
+ * Security fixes stolen from CVS release_1_0 branch:
+ - Be sure we use crypt.h if we have it, to avoid segfaulting on a
+ bad built-in crypt() definition, spotted by Konstantin Kubatkin
+ + Created 09_use_crypth_if_we_have_it
+ - Make sure we escape the entire LDAP string, instead of
+ aborting as soon as it becomes possible to be out of space
+ + Created 10_escape_entire_ldap_string
+ - Don't xlat the UserName attribute before we can be sure of meeting
+ any escape sequences it may contain, spotted by Primoz Bratanic
+ + Created 11_dont_xlat_possibly_bad_usernames_in_bad_accounting_packets
+ * Depend on adduser, so our postinst can create the freerad user
+ * Don't install the .in versions of the example scripts.
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Mon, 19 Sep 2005 15:10:40 +1000
+
+freeradius (1.0.5-0) unstable; urgency=low
+
+ * New Upstream release, from release_1_0 branch
+ - Remove 04_bonus_control_code_in_clients_conf_5
+ - Remove 05_unbreak_quoted_sql_results
+ * Fix my _name_ in the dpatches
+ * Remove patch to CVS ID header from 05_unbreak_quoted_sql_values
+ so as not to break things when comitting to FreeRADIUS CVS
+ * Take linking fix from FreeRADIUS bugzilla #75 to allow
+ rlm_eap_tls to be linked to by rlm_eap_ttls and rlm_eap_peap
+ even though we don't build them in the Debian archive.
+ (Thanks to Luca Landi for the patch)
+ - Created 06_libtool14_vs_rlm_eap_tls
+ * Fix ownership of files in /var/log/freeradius/ more efficiently
+ (Caught by Guido Trotter)
+ Closes: #326891
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Wed, 7 Sep 2005 01:08:07 +1000
+
+freeradius (1.0.4-2) unstable; urgency=low
+
+ * Fix my email address in the dpatches
+ * Remove extraneous ^g from man/man5/clients.conf.5
+ - Created 04_bonus_control_code_in_clients_conf_5
+ * Correct handing of parameterless call of init script, and
+ general init script neatening
+ (Thanks to Derrick Karpo)
+ Closes: #315438
+ * Correctly leave out the .in files in the examples
+ * Correctly use debhelper after splitting binary make target
+ into binary-arch and binary-indep.
+ (Thanks to Kurt Roeckx for actually hitting the bug)
+ Closes: #315770
+ * Steal fix from CVS release_1_0 tree for rlm_sql quoted values.
+ (Thanks to Nicolas Baradakis for the fix)
+ - Upstream bugzilla #242, src/modules/rlm_sql/sql.c 1.79.2.2
+ - Created 05_unbreak_quoted_sql_values
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Mon, 27 Jun 2005 03:13:48 +1000
+
+freeradius (1.0.4-1) unstable; urgency=low
+ * ReDeianise upstream tarball:
+ - Deleted RFCs: 2243 2289 2433 2548 2618 2619 2620 2621 2716 2759 2809 2865
+ 2866 2867 2868 2869 2882 2924 3162 3575 3576 3579 3580
+ draft-kamath-pppext-eap-mschapv2-00
+ * Convert to dpatch, dpatch-2-style interface.
+ - New build-dependancy on dpatch (>= 2)
+ - Created 01_NET-SNMP_build_support
+ - Created 02_EAP-SIM_doesnt_need_openssl
+ - Created 03_X99_is_not_stable
+ * Assemble the freeradius-dialupadmin in the binary-indep make target
+ Closes: #313173 (Thanks to Santiago Vila for spotting this)
+ * Include the example scripts in /usr/share/doc/freeradius/examples/scripts
+ except those three which are installed into the binary by the Makefile.
+ Closes: #314253 (Thanks to Michael Langer for spotting this)
+ * Suggest libdate-manip-perl for freeradius-dialupadmin
+ Closes: #306007 (Thanks to Feng Sian)
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Wed, 22 Jun 2005 16:03:27 +1000
+
+freeradius (1.0.4-0) unstable; urgency=medium
+
+ * New upstream release, fixing build problems.
+ * Prefer libpq-dev over postgresql-dev as a build-dependancy.
+ - This requires us to use pgconfig to find the headers.
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Thu, 16 Jun 2005 13:56:33 +1000
+
+freeradius (1.0.3-0) unstable; urgency=high
+
+ * New upstream release
+ * Urgency high for some denial-of-service fixes:
+ - SQL injection attacks and DoS (core dump) via buffer overflow.
+ Closes: #307720
+
+ -- Alan DeKok <aland@ox.org> Fri, 3 Jun 2005 11:29:34 -0700
+
+freeradius (1.0.2-4) unstable; urgency=high
+
+ * Security fix stolen from CVS release_1_0 branch:
+ - Always use sql_escape_func when calling radius_xlat
+ - Add a test in sql_escape_func() to check buffer bound when
+ input character needs escaping.
+ - Urgency high as these are (theoretical) security issues.
+ Closes: #307720 (Thanks to Primoz Bratanic and Nicolas Baradakis)
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Mon, 23 May 2005 18:53:51 +1000
+
+freeradius (1.0.2-3) unstable; urgency=medium
+
+ * Fixes stolen from CVS release_1_0 branch:
+ - Fix missed SIGCHLD when waiting for external programs
+ when threaded. (Medium urgency as this can easily livelock
+ FreeRADIUS, which is an authentication server.)
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Mon, 18 Apr 2005 23:46:41 +1000
+
+freeradius (1.0.2-2) unstable; urgency=medium
+
+ * Get rid of extraneous '%' at the start of every reference to
+ /etc/freeradius-dialupadmin in freeradius-dialupadmin's configuration.
+ Closes: #299749
+ * Fixes stolen from CVS release_1_0 branch:
+ - Fix checkrad call for NAS ports > 9999999. (sprintf integer overrun,
+ reason for urgency medium.)
+ - Fix inverted test causing crash with pthreads and crypt
+ Closes: #300219 (Thanks Manuel Menal)
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Wed, 6 Apr 2005 12:33:05 +1000
+
+freeradius (1.0.2-1) unstable; urgency=low
+
+ * ReDebianise upstream tarball:
+ - Deleted RFCs: 2243 2289 2433 2548 2618 2619 2620 2621 2716 2759 2809 2865
+ 2866 2867 2868 2869 2882 2924 3162 3575 3576 3579 3580
+ * Allow rlm_eap_sim to build without OpenSSL
+ * Make init script return 1 if reloading kills the server
+ (Thanks to Nicolas Baradakis)
+ Closes: #292170
+ * Enable Novell eDirectory integration
+ * Enable udpfromto code so that replies come from the same address as
+ the request arrived at
+ * Build-depend on libmysqlclient12-dev as libmysqlclient10 has problems
+ accessing 4.0 series mySQL servers, and libmysqlclient12 can access
+ 4.1 series mySQL servers.
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Fri, 4 Mar 2005 09:30:40 +1100
+
+freeradius (1.0.2-0) unstable; urgency=low
+
+ * New upstream release
+ * Update for Debian Policy 3.6.1.1
+ - Change test if invoke-rc.d as per Policy 9.3.3.2
+ * freeradius-dialupadmin Suggests php4-mysql | php4-pgsql
+ Closes: #279419
+ * Added a two-second pause to restart in init.d script
+ Closes: #262635
+ * FreeRADIUS module packages now depend on the same source
+ version of the main FreeRADIUS package.
+ Closes: #284353
+ * FreeRADIUS-dialupadmin's default paths in admin.conf are
+ now correct.
+ Closes: #280942
+ * FreeRADIUS-dialupadmin's help.php3 can now find README.
+ Closes: #280941
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Wed, 29 Dec 2004 20:12:52 +1100
+
+freeradius (1.0.1-2) unstable; urgency=high
+
+ * freeradius-dialupadmin Suggests php4-mysql | php4-pgsql
+ Closes: #279419
+ * Added a two-second pause to restart in init.d script
+ Closes: #262635
+ * FreeRADIUS module packages now depend on the same source
+ version of the main FreeRADIUS package.
+ Closes: #284353
+ * FreeRADIUS-dialupadmin's default paths in admin.conf are
+ now correct.
+ Closes: #280942
+ * FreeRADIUS-dialupadmin's help.php3 can now find README.
+ Closes: #280941
+ * Fixes stolen from 1.0.2 CVS:
+ - Bug fix to make udpfromto code work
+ - radrelay shouldn't dump core if it can't read a VP from the
+ detail file.
+ - Only initialize the random pool once.
+ - In rlm_sql, don't escape characters twice.
+ - In rlm_ldap, only claim Auth-Type if a plain text password is present.
+ - Locking fixes in threading code
+ - Fix building on gcc-4.0 by not trying to access static auth_port from
+ other files.
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Wed, 29 Dec 2004 20:19:42 +1100
+
+freeradius (1.0.1-1) unstable; urgency=high
+
+ * ReDebianise upstream tarball:
+ - Deleted RFCs: 2243 2289 2433 2548 2618 2619 2620 2621 2716 2759 2809 2865
+ 2866 2867 2868 2869 2882 2924 3162 3575 3576 3579 3580
+ - Remove CVS directories.
+ * Urgency high for security fix from 1.0.1-0 (CAN-2004-0938,
+ closes: #275136).
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Thu, 23 Sep 2004 22:28:11 +1000
+
+freeradius (1.0.1-0) unstable; urgency=high
+
+ * New upstream release
+ * Urgency high for some denial-of-service fixes:
+ - Fix two remote crashes and a remote memory leak in
+ radius packet decoding.
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Thu, 2 Sep 2004 17:12:23 +1000
+
+freeradius (1.0.0-1) unstable; urgency=low
+
+ * ReDebianise upstream tarball:
+ - Deleted RFCs: 2243 2289 2433 2548 2618 2619 2620 2621 2716 2759 2809 2865
+ 2866 2867 2868 2869 2882 2924 3162 3575 3576 3579 3580
+ * Support building with libsnmp5's UCD-SNMP compatiblity mode.
+ - libsnmp{4.2,5} still depend on OpenSSL, so SNMP's still disabled.
+ * Update for Debian Policy 3.6.11
+ - Change test for invoke-rc.d as per Policy 9.3.3.2
+ * Disable rlm_eap types PEAP, TLS and TTLS as they depend on OpenSSL.
+ * Disable rlm_sql driver PostgreSQL as it depends on OpenSSL.
+ * Disable rlm_x99_token as it depends on OpenSSL.
+ * Finally, -v is documented in radius(8).
+ - Closes: #151266
+ * Reword a sentence in radwatch(8) by removing the personal pronoun.
+ - Closes: #264522
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Tue, 17 Aug 2004 17:42:40 +1000
+
+freeradius (1.0.0-0) unstable; urgency=low
+
+ * New upstream release
+ * Added H323 billing stuff to the examples
+ * Created Dialup-Admin package for the PHP-based web
+ FreeRADIUS database (SQL/LDAP) frontend.
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Sat, 17 Jul 2004 16:21:38 +1000
+
+freeradius (0.9.3-1) unstable; urgency=low
+
+ * New upstream release, incorporates security fix from 0.9.2-4.
+ * Correct build-dependancy on debhelper.
+ Closes: #234486
+ * Split iodbc SQL driver into its own package.
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Tue, 24 Feb 2004 23:56:26 +1100
+
+freeradius (0.9.2-4) unstable; urgency=high
+
+ * Patch from upstream head:
+ - Fix a remote DoS and possible exploit due to mis-handling
+ of tagged attributes, and Tunnel-Password attribute.
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Fri, 21 Nov 2003 09:52:51 +1100
+
+freeradius (0.9.2-3) unstable; urgency=low
+
+ * Removed redundant code to delete contents of a directory
+ on purge which ends up being removed anyway.
+ * Provide a default pam.d configuration.
+ * Fix the usage of dh_installinit to not make the package uninstallable.
+ * Change package removal to not abort if we cannot stop the server.
+ * Debian-archive-fit version of freeradius.
+ Closes: #208620
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Tue, 11 Nov 2003 02:12:55 +1100
+
+freeradius (0.9.2-2) unstable; urgency=low
+
+ * Use dh_installinit rather than doing it by hand
+ This involves renaming the initfile in the source tarball
+ * Only add user freerad to the group shadow on first installation
+ * Only chmod /etc/freeradius to group-readable, not group-read/write
+ * Removed the freerad user when the freerad group is removed
+ * Removed spurious build-dependancy on autoconf2.13 and libtool(1.4)
+ * Build-conflict against libssl-dev
+ * Restore Kerberos and LDAP as they will build without OpenSSL
+ * Make myself the maintainer
+ * Update to Policy 3.6.1.0
+ - No changes needed
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Sun, 9 Nov 2003 00:07:52 +1100
+
+freeradius (0.9.2-1) unstable; urgency=low
+
+ * Deleted RFCs: 2243 2289 2433 2548 2618 2616 2620 2621
+ 2719 2759 2809 2865 2866 2867 2868 2869 2882 2924 3162
+ from source tarball due to non-DFSG-free copyright.
+ * Disabled PostgreSQL, x.99 token, EAP/TLS, Kerberos, LDAP
+ and SNMP agent support due to OpenSSL/GPL conflict.
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Thu, 6 Nov 2003 22:40:32 +1100
+
+freeradius (0.9.2-0) unstable; urgency=low
+
+ * New upstream release
+ * Added logrotate script for /var/log/freeradius/radius.log
+ * Don't leave symlinks to config.{guess,sub} lying around to
+ confuse dpkg-source.
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Wed, 15 Oct 2003 05:02:17 +1000
+
+freeradius (0.9.1-0) unstable; urgency=low
+
+ * New upstream release.
+ * Renamed radiusd(8) to freeradius(8) to match binary
+ * Build-Depend on libtool1.4 | libtool (< 1.5) due to
+ new libtool 1.5 package.
+ * Merged multiple sed calls into a single sed call in debian/rules
+ * Installed SQL database examples into /usr/share/doc/freeradius/examples
+ * Modify initscript to only -HUP the parent process
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Fri, 5 Sep 2003 00:54:41 +1000
+
+freeradius (0.9.0-1) unstable; urgency=low
+
+ * New Upstream release.
+ - Upstream dictionary files are in /usr/share/freeradius.
+ - Modified to 'configure{,.in}' to work with openssl 0.9.7 and 0.9.6
+ * Renamed pacakges to 'freeradius*' from 'radiusd-freeradius*'.
+ * Moved file hierarchy around to be neater:
+ - /etc/raddb -> /etc/freeradius
+ - /usr/share/doc/radiusd-freeradius -> /usr/share/doc/freeradius
+ - /var/log/radiusd-freeradius -> /var/log/freeradius
+ - /var/run/radiusd/radiusd.pid -> /var/run/freeradius/freeradius.pid
+ * Included RFCs in documentation.
+ * Enabled the daemon to run under user 'freerad:freerad' by default.
+ * Added support for DEB_BUILD_OPTIONS for policy 3.5.9 compliance.
+ * Installed SNMP mibs for Radius
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Sun, 20 Jul 2003 06:56:28 +1000
+
+radiusd-freeradius (0.7+cvs20021113-1) unstable; urgency=low
+
+ * Explicitly excluding modules not in the "stable" list.
+ * Updated policy version number.
+ * Moved from non-US/main to main.
+ * Put pidfile in package's own directory.
+ * Package not as buggy and unstable modules are easily identifiable.
+ (closes: Bug#142217)
+ * Init script handles failure better. (closes: Bug#151264)
+ * New upstream release. (closes: Bug#140536)
+ * Uses available version of postgresql. (closes: Bug#139290)
+ * Removed "conflicts" with other radiusds.
+ * Added new build-dep on libtool.
+ * Changed section to "net" from "admin".
+ * New config.guess. (closes: Bug#168647)
+ * Run with freerad user and group. (closes: Bug#168272)
+ * Added libssl-dev as build-dep. (closes: #131832)
+
+ -- Chad Miller <cmiller@debian.org> Wed, 13 Nov 2002 17:01:19 -0500
+
+radiusd-freeradius (0.5+cvs20020408-1) unstable; urgency=high
+
+ * New build-dep on libssl-dev, which is implied by another dep, but making
+ explicit for builders on Potato. (closes: Bug#131832)
+ * Built against new postgresql libraries, so automatic dep tracking has
+ the correct version, now. (closes: Bug#139290)
+ * Removed python example module.
+ * Explicitly disabled beta ippool module.
+
+ -- Chad Miller <cmiller@debian.org> Mon, 8 Apr 2002 11:48:30 -0400
+
+radiusd-freeradius (0.4-1) unstable; urgency=high
+
+ * New release.
+ * upstream: New EAP support.
+ * upstream: Fixed security bug in string translation.
+
+ -- Chad Miller <cmiller@debian.org> Thu, 13 Dec 2001 09:26:45 -0500
+
+radiusd-freeradius (0.3-2) unstable; urgency=low
+
+ * Moved to using logrotate instead of cron for files.
+ * Fixed permissions of log files. (closes: Bug#116242,#116243)
+ * Close file descriptors of stdin, stdout, stderr, if not debugging.
+ (closes: Bug#116768)
+ * Made package "non-native". (An upload issue, not code.)
+ (closes: Bug#119161)
+
+ -- Chad Miller <cmiller@debian.org> Tue, 20 Nov 2001 10:50:20 -0500
+
+radiusd-freeradius (0.3-1) unstable; urgency=low
+
+ * New release.
+
+ -- Chad Miller <cmiller@debian.org> Tue, 9 Oct 2001 18:16:23 -0400
+
+radiusd-freeradius (0.2+20010917-1) unstable; urgency=low
+
+ * Removed old mysql build-dep. (closes: Bug#112541)
+
+ -- Chad Miller <cmiller@debian.org> Mon, 17 Sep 2001 11:38:24 -0400
+
+radiusd-freeradius (0.2+20010912-1) unstable; urgency=low
+
+ * Build-dep mysql changed package names.
+ * Added build-dep for libmysqlclient10-dev. (closes: Bug#111880)
+ * In acct_users, keep reply pairs.
+ * Integer values are printed as unsigned numbers, to comply with RFC2866.
+ * Fixed broken/reversed auth comparisons in SQL module.
+ * Sucked out CPPness from inside a printf, as printf is a macro in newer
+ compilers (gcc3.0, e.g.). (closes: Bug#100889)
+ * Sundry LDAP configuration, unresponsive thread, and proxying fixes.
+ * Added user 'freerad' into the 'shadow' group.
+ * Fixed UUCP-style of restricting time of log-in.
+ * Changed debugging messages to give more info about execution flow.
+ * Better counter module.
+ * Inserted CHAP support for SQL modules.
+ * Removed possible infinite loop.
+
+ -- Chad Miller <cmiller@debian.org> Wed, 12 Sep 2001 21:21:47 -0400
+
+radiusd-freeradius (0.1+20010527-1) unstable; urgency=low
+
+ * Updated config.{guess,sub} to recent versions. (closes: Bug#98183)
+ * Updated build-dep to reflect supercession of libltdl0-dev by libltdl3-dev
+ (closes: Bug#98914)
+
+ -- Chad Miller <cmiller@debian.org> Sun, 27 May 2001 11:44:40 -0400
+
+radiusd-freeradius (0.1+20010517-1) unstable; urgency=low
+
+ * Moved package to non-US to allow in Kerberos and PostgreSQL.
+ * Set Suggests of modules to main package.
+ * Better compile-time support of *BSD.
+
+ -- Chad Miller <cmiller@debian.org> Thu, 17 May 2001 14:46:51 -0400
+
+radiusd-freeradius (0.1-1) unstable; urgency=low
+
+ * First beta release!
+ * Added generalized SQL support for ODBC, Oracle, MySQL, and Postgres.
+ * Added shasta, microsoft, and redback dictionaries.
+ * Fixed rc.d restart rule.
+ * Added a user to own the daemon and logfiles.
+ * SQL DB handles more forgiving of unreachable servers at startup.
+ * SQL Crypt-Password attribute support.
+ * Fixed cron log rotation.
+ * Put module libraries in own directory.
+ * Removed bogus build-dep. (closes: Bug#87277)
+ * Better permissions on /etc/raddb
+ * Use correct LDAP library.
+ * Fork ldap, postgresql, and mysql modules into different packages.
+ * Remove Kerberos, as it's restricted from export.
+
+ -- Chad Miller <cmiller@debian.org> Mon, 7 May 2001 16:37:46 -0400
+
+radiusd-freeradius (0.0.20010109-1) unstable; urgency=low
+
+ * Changed priority, from standard to optional.
+
+ -- Chad Miller <cmiller@debian.org> Tue, 9 Jan 2001 14:01:38 -0500
+
+radiusd-freeradius (0.0.20001227-1) unstable; urgency=low
+
+ * Initial revision. (closes: Bug#76476)
+
+ -- Chad Miller <cmiller@debian.org> Wed, 27 Dec 2000 11:58:56 -0500