pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/net/freeradius Update to 1.0.5
details: https://anonhg.NetBSD.org/pkgsrc/rev/9a134c10950e
branches: trunk
changeset: 499144:9a134c10950e
user: adrianp <adrianp%pkgsrc.org@localhost>
date: Sun Sep 11 12:57:34 2005 +0000
description:
Update to 1.0.5
> Security Fixes
> * SQL injection attack in the module "rlm_sqlcounter".
> * Buffer overflows in the module "rlm_sqlcounter".
> * Expansion of variable %t may write 26 bytes beyond the buffer
> bound. Primoz Bratanic is credited with the discovery of these
> three bugs.
>
> Bug fixes
> * Don't de-reference a NULL pointer if the auth-type is unknown
> in the function rad_check_password().
> * Escape more characters in the LDAP queries.
> Bug found by Suse engineers.
> * In rlm_sql_unixodbc, don't call rad_malloc from sql_error(),
> it leaks memory.
> * Fix an off-by-one error in the module rlm_sql_unixodbc.
> Bug found by Suse engineers.
> * In rlm_sql, resize the buffer for the value of SQL-User-Name.
> * Initialize memory for a new SQL socket in the module rlm_sql.
> * Don't add too many attributes after running an external program.
> Bug found by Suse engineers.
> * Fix an off-by-one error in the function getthing().
> * snprintf() and vsnprintf() replacements were not compiled if
> the autoconf tests didn't find the functions.
> * Don't use vsprintf() anymore, but the replacement for vsnprintf()
> in libradius instead.
> * The function decode_attribute() may write beyond buffer bounds.
> Bug found by Suse engineers.
> * Fix a memset() in the function request_enqueue() which was
> begining at the wrong address. Bug found by Matthias Ruttman.
> * Fix an off-by-one error in the function xlat_copy().
> Bug found by Primoz Bratanic.
> * Fix other off-by-one errors in module "rlm_unix", too.
> Bug found by Allan Bazinet.
> * Fix a 2-byte over-run read in function rad_decode().
> * Update thread pool queue properly.
> * Autonconf tests try first any user-specified directory,
> otherwise they may pick up the wrong version.
> * Delete the autoconf tests for the libldap dependancies.
> * Install all the regular files under the "doc" directory.
> * Distinguish between exit code <0 (failure) and >0 (reject)
> in Exec-Program-Wait. Patch from Thor Spruyt.
> * Make Expiration work.
> * Clean up the code for opening a proxy socket.
> * When finding a realm to proxy to, if all are dead, wake them
> if wake_all_if_all_dead is true.
> * In radwho, print the NAS-Port as unsigned int.
> * Use extended regex instead of basic regex in rlm_attr_filter.
> * Catch the case where someone deletes a directory that rlm_detail
> is using.
> * Use the variable $(LDFLAGS) when linking a module.
> * Ignore the Stripped-User-Name when a realm has the "nostrip"
> directive.
> * Add support for NT-Password in rlm_pap.
> * In rlm_sqlcounter, use the time left to the next reset if it's
> inferior to the time left in the counter.
> * Calculate Message-Authenticator correctly for Accounting-Request
> and Accounting-Response. Bug found by Paolo Rotela.
> * Build on MAC OS X. Still need --disable-shared, though.
> * Fix bug #255 (crash with expired CRL's, etc.)
> * Fix quote removal of the values from a SQL database.
> * Reap the zombie process after a command run from "Exec-Program".
> * Allow to cancel proxy of accounting with "Proxy-To-Realm := LOCAL".
> * Don't copy VSA's to an Access-Reject packet.
diffstat:
net/freeradius/Makefile | 5 ++---
net/freeradius/PLIST | 10 +++++++++-
net/freeradius/distinfo | 8 ++++----
3 files changed, 15 insertions(+), 8 deletions(-)
diffs (53 lines):
diff -r ed57c3c16129 -r 9a134c10950e net/freeradius/Makefile
--- a/net/freeradius/Makefile Sun Sep 11 12:42:46 2005 +0000
+++ b/net/freeradius/Makefile Sun Sep 11 12:57:34 2005 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.33 2005/08/29 14:28:12 tv Exp $
+# $NetBSD: Makefile,v 1.34 2005/09/11 12:57:34 adrianp Exp $
-DISTNAME= freeradius-1.0.4
-PKGREVISION= 1
+DISTNAME= freeradius-1.0.5
CATEGORIES= net
MASTER_SITES= ftp://ftp.freeradius.org/pub/radius/ \
ftp://ftp.Awfulhak.org/pub/radius/
diff -r ed57c3c16129 -r 9a134c10950e net/freeradius/PLIST
--- a/net/freeradius/PLIST Sun Sep 11 12:42:46 2005 +0000
+++ b/net/freeradius/PLIST Sun Sep 11 12:57:34 2005 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.11 2005/08/29 14:28:12 tv Exp $
+@comment $NetBSD: PLIST,v 1.12 2005/09/11 12:57:34 adrianp Exp $
bin/radclient
bin/radeapclient
bin/radlast
@@ -208,6 +208,14 @@
sbin/radiusd
sbin/radwatch
sbin/rc.radiusd
+share/doc/${PKGNAME}/Acct-Type
+share/doc/${PKGNAME}/CYGWIN
+share/doc/${PKGNAME}/ChangeLog
+share/doc/${PKGNAME}/Post-Auth-Type
+share/doc/${PKGNAME}/Session-Type
+share/doc/${PKGNAME}/ldap_howto.txt
+share/doc/${PKGNAME}/misc-nas
+share/doc/${PKGNAME}/release-method.txt
share/doc/${PKGNAME}/Autz-Type
share/doc/${PKGNAME}/DIFFS
share/doc/${PKGNAME}/MACOSX
diff -r ed57c3c16129 -r 9a134c10950e net/freeradius/distinfo
--- a/net/freeradius/distinfo Sun Sep 11 12:42:46 2005 +0000
+++ b/net/freeradius/distinfo Sun Sep 11 12:57:34 2005 +0000
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.15 2005/07/09 17:25:00 adrianp Exp $
+$NetBSD: distinfo,v 1.16 2005/09/11 12:57:34 adrianp Exp $
-SHA1 (freeradius-1.0.4.tar.gz) = f0c877ae80592609ada4875cf1b472c7742720fb
-RMD160 (freeradius-1.0.4.tar.gz) = b75a872ced9a461f3063f19d49546fc9ef86a225
-Size (freeradius-1.0.4.tar.gz) = 2209057 bytes
+SHA1 (freeradius-1.0.5.tar.gz) = 6d69629c9686a31bf6548972f3daf6f89451da37
+RMD160 (freeradius-1.0.5.tar.gz) = 8e8cd3937216c3c18dcfc3a217a43a00e3f81258
+Size (freeradius-1.0.5.tar.gz) = 2294225 bytes
SHA1 (patch-ae) = 0c1b6c79329f41c35e3a783e61cc205cb78a4773
SHA1 (patch-ai) = bb4dafd3f6b961403caa955c9a09c271468ada36
SHA1 (patch-aj) = 422c9dfbde08c26acf41a040c57508ab9725004e
Home |
Main Index |
Thread Index |
Old Index