pkgsrc-changes: CVS commit: pkgsrc/net/radiusd-cistron

Subject: CVS commit: pkgsrc/net/radiusd-cistron
To: None <pkgsrc-changes@NetBSD.org>
From: Martti Kuparinen <martti@netbsd.org>
List: pkgsrc-changes
Date: 12/16/2003 19:19:41
Module Name:	pkgsrc
Committed By:	martti
Date:		Tue Dec 16 19:19:41 UTC 2003

Modified Files:
	pkgsrc/net/radiusd-cistron: Makefile PLIST distinfo
	pkgsrc/net/radiusd-cistron/patches: patch-aa patch-ab patch-af

Log Message:
radiusd-cistron (1.6.7) cistron; urgency=medium

  * Fix checkrad.pl::cisco_snmp and usrhiper_snmp so that communities
    other than "public" can be used too.
  * Error out on superflous command line args (optind >= argc)
  * Encrypt CHAP-Password in radclient so that CHAP can be tested too
  * Add "wildcard" option to realms - if you set this option, you can
    match on the entire username using shell wildcards in the realms file.
  * If the nastype in /etc/raddb/naslist is set to 'none' for a nas,
    logins on that nas will have no simultaneous use restrictions imposed
    and those logins will not count towards the total amount of logins.
  * Removed 'raduse' and manpage.
  * Can disable radutmp with "-u none" (likewise radwtmp with "-W none",
    though we already had "-w" for that).
  * Call checkrad with an extra argument, the framed IP address.
  * Fix bug where $INCLUDEing a file without any records would
    cause the rest of the original file to be ignored
  * Support for 64-bit wide integers (integer8 type). If compiled with
    gcc, users file can contain both hex and decimal 64-bit values,
    and 64-bit values are printed in decimal. With other compilers
    (no "long long" support) only hex 64-bit values are supported.
  * Change "_" to "-" in dictionary.redback and change the 64 bits
    values to integer8.
  * Moved the dictionary files to /usr/local/share/radius. Now
    only /etc/raddb/dictionary remains that $INCLUDES all the others.
    For new installs only; existing installations won't be changed
  * Make integer in the format string of sprintf(buf, "%03d:%.20s", ..) in
    make_wtmp() unsigned (%u), otherwise the sprintf could in some cases
    (negative NAS-Port, very long NAS-name) overrun the buffer by one
    byte, overwriting the least significant byte of the return address
    on the stack with a \0. Not sure if this is exploitable or not,
    but it could be a security problem.
  * Make sure ut.login (struct radutmp member) is treated everywhere
    as a NON-zero terminated string.
  * Make sure unsigned integers are used in all places using lvalues
    (32 bits radius values), especially nas_port.
  * radrelay: update id of packet when retransmitting.
  * Print an error and free the request struct if we receive an unknown
    packet type.
  * rad_check_multi: if username/NAS/port match, don't count as dup.


To generate a diff of this commit:
cvs rdiff -r1.10 -r1.11 pkgsrc/net/radiusd-cistron/Makefile
cvs rdiff -r1.6 -r1.7 pkgsrc/net/radiusd-cistron/PLIST
cvs rdiff -r1.4 -r1.5 pkgsrc/net/radiusd-cistron/distinfo
cvs rdiff -r1.3 -r1.4 pkgsrc/net/radiusd-cistron/patches/patch-aa \
    pkgsrc/net/radiusd-cistron/patches/patch-ab
cvs rdiff -r1.2 -r1.3 pkgsrc/net/radiusd-cistron/patches/patch-af

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.