--- freeradius-1.1.3.orig/dialup_admin/Makefile +++ freeradius-1.1.3/dialup_admin/Makefile @@ -0,0 +1,38 @@ +include ../Make.inc +DIALUP_PREFIX := /usr/local/dialup_admin +DIALUP_DOCDIR := ${DIALUP_PREFIX}/doc +DIALUP_CONFDIR := ${DIALUP_PREFIX}/conf + +all: + +install: + mkdir -p ${R}/${DIALUP_PREFIX} + mkdir -p ${R}/${DIALUP_DOCDIR} + mkdir -p ${R}/${DIALUP_CONFDIR} + install -m 0640 conf/* ${R}/${DIALUP_CONFDIR} + install doc/* ${R}/${DIALUP_DOCDIR} + install Changelog ${R}/${DIALUP_DOCDIR} + install README ${R}/${DIALUP_DOCDIR} + install -d ${R}/${DIALUP_PREFIX}/bin + for dir in htdocs html lib sql; do \ + cp -a $$dir ${R}/${DIALUP_PREFIX}/ ;\ + done + sed -e 's#/usr/local/dialup_admin#${DIALUP_PREFIX}#' \ + -e 's#/usr/local/radiusd#${prefix}#' \ + -e 's#general_raddb_dir: %{general_radiusd_base_dir}/etc/raddb#general_raddb_dir: ${raddbdir}#' \ + -e 's#general_clients_conf: /usr/local/etc/raddb/clients.conf#general_clients_conf: ${raddbdir}/clients.conf#' \ + -e 's#%{general_base_dir}/conf#${DIALUP_CONFDIR}#' \ + -e 's#/usr/local/bin#${bindir}#' \ + < conf/admin.conf > ${R}/${DIALUP_CONFDIR}/admin.conf + sed -e 's#../../README#${DIALUP_DOCDIR}/README#' \ + < htdocs/help/help.php3 > ${R}/${DIALUP_PREFIX}/htdocs/help/help.php3 + for binfile in monthly_tot_stats snmpfinger truncate_radacct clean_radacct log_badlogins showmodem tot_stats; do \ + sed -e 's#/usr/local/bin/#${bindir}#' \ + -e 's#/usr/local/dialup_admin/conf/#${DIALUP_CONFDIR}/#' \ + < bin/$$binfile > ${R}/${DIALUP_PREFIX}/bin/$$binfile ; \ + chmod +x ${R}/${DIALUP_PREFIX}/bin/$$binfile; \ + done + sed -e 's#/usr/local/dialup_admin#${DIALUP_PREFIX}#' < bin/dialup_admin.cron \ + > ${R}/${DIALUP_PREFIX}/bin/dialup_admin.cron + +.PHONY: all install --- freeradius-1.1.3.orig/debian/freeradius.dirs +++ freeradius-1.1.3/debian/freeradius.dirs @@ -0,0 +1,22 @@ +etc/ +etc/freeradius +etc/init.d +usr/ +usr/bin +usr/lib +usr/lib/freeradius +usr/share +usr/share/doc +usr/share/doc/freeradius +usr/share/man/ +usr/share/man/man1 +usr/share/man/man5 +usr/share/man/man8 +usr/share/snmp/mibs +usr/share/freeradius +usr/sbin +var/ +var/log +var/log/freeradius +var/run +var/run/freeradius --- freeradius-1.1.3.orig/debian/freeradius.docs +++ freeradius-1.1.3/debian/freeradius.docs @@ -0,0 +1,3 @@ +debian/README.rfc +CREDITS +debian/tmp/usr/share/doc/freeradius/* --- freeradius-1.1.3.orig/debian/freeradius-eappeap.install +++ freeradius-1.1.3/debian/freeradius-eappeap.install @@ -0,0 +1 @@ +usr/lib/freeradius/rlm_eap_peap*.so --- freeradius-1.1.3.orig/debian/freeradius-eaptls.postinst +++ freeradius-1.1.3/debian/freeradius-eaptls.postinst @@ -0,0 +1,21 @@ +#! /bin/sh + +set -e + +case "$1" in + configure) + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d freeradius restart + else + /etc/init.d/freeradius restart + fi + ;; + abort-upgrade) + ;; + abort-remove) + ;; + abort-deconfigure) + ;; +esac + +#DEBHELPER# --- freeradius-1.1.3.orig/debian/freeradius.examples +++ freeradius-1.1.3/debian/freeradius.examples @@ -0,0 +1,17 @@ +src/billing/ +scripts/CA.all +scripts/CA.certs +scripts/certs.sh +scripts/check-radiusd-config +scripts/create-users.pl +scripts/cryptpasswd +scripts/exec-program-wait +scripts/radiusd.cron.daily +scripts/radiusd.cron.monthly +scripts/radiusd.sh +scripts/radiusd2ldif.pl +scripts/radsqlrelay +scripts/radwatch +scripts/users2mysql.pl +scripts/xpextensions +debian/tmp/etc/freeradius/example.pl --- freeradius-1.1.3.orig/debian/freeradius-ldap.install +++ freeradius-1.1.3/debian/freeradius-ldap.install @@ -0,0 +1 @@ +usr/lib/freeradius/rlm_ldap*.so --- freeradius-1.1.3.orig/debian/freeradius-krb5.install +++ freeradius-1.1.3/debian/freeradius-krb5.install @@ -0,0 +1 @@ +usr/lib/freeradius/rlm_krb5*.so --- freeradius-1.1.3.orig/debian/freeradius-iodbc.postinst +++ freeradius-1.1.3/debian/freeradius-iodbc.postinst @@ -0,0 +1,21 @@ +#! /bin/sh + +set -e + +case "$1" in + configure) + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d freeradius reload + else + /etc/init.d/freeradius reload + fi + ;; + abort-upgrade) + ;; + abort-remove) + ;; + abort-deconfigure) + ;; +esac + +#DEBHELPER# --- freeradius-1.1.3.orig/debian/freeradius.radiusd.pam +++ freeradius-1.1.3/debian/freeradius.radiusd.pam @@ -0,0 +1,11 @@ +# +# /etc/pam.d/radiusd - PAM configuration for FreeRADIUS +# + +# We fall back to the system default in /etc/pam.d/common-* +# + +@include common-auth +@include common-account +@include common-password +@include common-session --- freeradius-1.1.3.orig/debian/copyright +++ freeradius-1.1.3/debian/copyright @@ -0,0 +1,48 @@ +This package was debianized by Chad Miller on +Fri, 24 Nov 2000 16:25:57 -0500. +The packaging was rearranged by Paul Hampson on +Sun, 4 May 2003 03:51:20 +1000 + +It was downloaded from http://www.freeradius.org/ + +Copyright (C) 2000-2003 The FreeRADIUS Server Project +Copyright (C) 1997-1999 Cistron Internet Services B.V. + +-- +Except for /usr/lib/freeradius/libradius*, this package is licensed +under the GNU GPL version 2. + +This program is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; either version 2 of the License, or (at your option) any later +version. + +On Debian systems, the complete text of the GNU General Public License can be +found in /usr/share/common-licenses/GPL file. + +-- +/usr/lib/freeradius/libradius* is under the GNU LGPL version 2. + +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; either +version 2 of the License, or (at your option) any later version. + +On Debian systems, the complete text of the GNU Lesser General Public +License can be found in /usr/share/common-licenses/LGPL. + +-- +Some GPL parts of this software depend on OpenSSL, the combination of +which cannot be distributed in compiled binary form. The following +modules cannot be enabled as they directly depend on OpenSSL: + +rlm_eap_peap +rlm_eap_tls +rlm_eap_ttls +rlm_x99_token + +Also, the FreeRADIUS core's SNMP support and the rlm_sql_postgresql +module transitively depend on OpenSSL via libsnmp{4.2,5} and libpq3 +so they cannot be enabled currently, but this is subject to changes +in the relevant packages within Debian, or having usable alternate +libraries in Debian. --- freeradius-1.1.3.orig/debian/freeradius-postgresql.install +++ freeradius-1.1.3/debian/freeradius-postgresql.install @@ -0,0 +1 @@ +usr/lib/freeradius/rlm_sql_postgresql*.so --- freeradius-1.1.3.orig/debian/freeradius-krb5.postinst +++ freeradius-1.1.3/debian/freeradius-krb5.postinst @@ -0,0 +1,21 @@ +#! /bin/sh + +set -e + +case "$1" in + configure) + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d freeradius reload + else + /etc/init.d/freeradius reload + fi + ;; + abort-upgrade) + ;; + abort-remove) + ;; + abort-deconfigure) + ;; +esac + +#DEBHELPER# --- freeradius-1.1.3.orig/debian/patches/03-dialupadmin-help.dpatch +++ freeradius-1.1.3/debian/patches/03-dialupadmin-help.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03-dialupadmin-help.dpatch by Mark Hymers +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix README location + +@DPATCH@ + +--- old/dialup_admin/htdocs/help/help.php3 (revision 1519) ++++ new/dialup_admin/htdocs/help/help.php3 (working copy) +@@ -31,7 +31,7 @@ + For now we just include the README file
+ + + + --- freeradius-1.1.3.orig/debian/patches/00list +++ freeradius-1.1.3/debian/patches/00list @@ -0,0 +1,3 @@ +01-fix-proxy.dpatch +02-radiusd-to-freeradius.dpatch +03-dialupadmin-help.dpatch --- freeradius-1.1.3.orig/debian/patches/01-fix-proxy.dpatch +++ freeradius-1.1.3/debian/patches/01-fix-proxy.dpatch @@ -0,0 +1,47 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 01_fix_proxy.dpatch by Nicolas Baradakis +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix proxy port setting +## DP: dpatch'd by Mark Hymers + +@DPATCH@ + +diff -u -r1.36.2.6.2.2 mainconfig.c +--- old/src/main/mainconfig.c 18 Apr 2006 17:26:26 -0000 1.36.2.6.2.2 ++++ new/src/main/mainconfig.c 18 Sep 2006 11:30:26 -0000 +@@ -381,13 +381,13 @@ + */ + if ((authhost = cf_section_value_find(cs, "authhost")) == NULL) { + c->ipaddr = htonl(INADDR_NONE); +- c->auth_port = auth_port; ++ c->auth_port = 0; + } else { + if ((s = strchr(authhost, ':')) != NULL) { + *s++ = 0; + c->auth_port = atoi(s); + } else { +- c->auth_port = auth_port; ++ c->auth_port = PW_AUTH_UDP_PORT; + } + if (strcmp(authhost, "LOCAL") == 0) { + /* +@@ -395,7 +395,7 @@ + * secret, or port. + */ + c->ipaddr = htonl(INADDR_NONE); +- c->auth_port = auth_port; ++ c->auth_port = 0; + } else { + c->ipaddr = ip_getaddr(authhost); + if (c->ipaddr == htonl(INADDR_NONE)) { +@@ -429,7 +429,7 @@ + *s++ = 0; + c->acct_port = atoi(s); + } else { +- c->acct_port = auth_port + 1; ++ c->acct_port = PW_ACCT_UDP_PORT; + } + if (strcmp(accthost, "LOCAL") == 0) { + /* + --- freeradius-1.1.3.orig/debian/patches/02-radiusd-to-freeradius.dpatch +++ freeradius-1.1.3/debian/patches/02-radiusd-to-freeradius.dpatch @@ -0,0 +1,62 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 02-radiusd-to-freeradius.dpatch by Mark Hymers +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: change debian binary name from radiusd -> freeradius + +@DPATCH@ + +--- old/Make.inc.in (revision 1496) ++++ new/Make.inc.in (working copy) +@@ -47,7 +47,7 @@ + + LOGDIR = ${logdir} + RADDBDIR = ${raddbdir} +-RUNDIR = ${localstatedir}/run/radiusd ++RUNDIR = ${localstatedir}/run/freeradius + SBINDIR = ${sbindir} + RADIR = ${radacctdir} + +--- old/raddb/radiusd.conf.in (revision 1519) ++++ new/raddb/radiusd.conf.in (working copy) +@@ -31,7 +31,7 @@ + + # Location of config and logfiles. + confdir = ${raddbdir} +-run_dir = ${localstatedir}/run/radiusd ++run_dir = ${localstatedir}/run/freeradius + + # + # The logging messages for the server are appended to the +@@ -80,9 +80,9 @@ + # + # This file is written when ONLY running in daemon mode. + # +-# e.g.: kill -HUP `cat /var/run/radiusd/radiusd.pid` ++# e.g.: kill -HUP `cat /var/run/freeradius/freeradius.pid` + # +-pidfile = ${run_dir}/radiusd.pid ++pidfile = ${run_dir}/freeradius.pid + + + # user/group: The name (or #number) of the user/group to run radiusd as. +@@ -106,8 +106,8 @@ + # that the debugging mode server is running as a user that can read the + # shadow info, and the user listed below can not. + # +-#user = nobody +-#group = nobody ++user = freerad ++group = freerad + + # max_request_time: The maximum time (in seconds) to handle a request. + # +@@ -639,7 +639,7 @@ + # and Mac OSX. + # + # passwd = /etc/passwd +- # shadow = /etc/shadow ++ shadow = /etc/shadow + # group = /etc/group + + # --- freeradius-1.1.3.orig/debian/freeradius-dialupadmin.links +++ freeradius-1.1.3/debian/freeradius-dialupadmin.links @@ -0,0 +1 @@ +etc/freeradius-dialupadmin/ usr/share/freeradius-dialupadmin/conf --- freeradius-1.1.3.orig/debian/freeradius.prerm +++ freeradius-1.1.3/debian/freeradius.prerm @@ -0,0 +1,23 @@ +#! /bin/sh + +set -e + +case "$1" in + remove) + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d freeradius stop + else + /etc/init.d/freeradius stop + fi + ;; + upgrade) + ;; + failed-upgrade) + ;; + deconfigure) + ;; +esac + +#DEBHELPER# + +exit 0 --- freeradius-1.1.3.orig/debian/freeradius-dialupadmin.README.Debian +++ freeradius-1.1.3/debian/freeradius-dialupadmin.README.Debian @@ -0,0 +1,13 @@ +Dialup Admin Debian README +Configuration is in /etc/freeradius-dialupadmin/ +which is linked into the dialupadmin tree in +/usr/share/freeradius-dialupadmin. + +To put this into production, set a path on your +webserver to point to +/usr/share/freeradius-dialupadmin/htdocs +and ensure .php3 is processed by PHP. + +The scripts make use of .. to access the +other paths, so symlinking into your webtree +may not work. --- freeradius-1.1.3.orig/debian/freeradius-dialupadmin.dirs +++ freeradius-1.1.3/debian/freeradius-dialupadmin.dirs @@ -0,0 +1,2 @@ +etc/freeradius-dialupadmin/ +usr/share/freeradius-dialupadmin/ --- freeradius-1.1.3.orig/debian/freeradius-dialupadmin.examples +++ freeradius-1.1.3/debian/freeradius-dialupadmin.examples @@ -0,0 +1 @@ +debian/tmp/usr/share/freeradius-dialupadmin/bin/freeradius-dialupadmin.cron --- freeradius-1.1.3.orig/debian/compat +++ freeradius-1.1.3/debian/compat @@ -0,0 +1 @@ +5 --- freeradius-1.1.3.orig/debian/control.postgresql +++ freeradius-1.1.3/debian/control.postgresql @@ -0,0 +1,9 @@ + +Package: freeradius-postgresql +Architecture: any +Conflicts: radiusd-freeradius-postgresql +Replaces: radiusd-freeradius-postgresql +Depends: freeradius (= ${binary:Version}), ${shlibs:Depends} +Description: PostgreSQL module for FreeRADIUS server + The FreeRADIUS server can use PostgreSQL to authenticate users and do + accounting, and this module is necessary for that. --- freeradius-1.1.3.orig/debian/freeradius-mysql.postinst +++ freeradius-1.1.3/debian/freeradius-mysql.postinst @@ -0,0 +1,21 @@ +#! /bin/sh + +set -e + +case "$1" in + configure) + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d freeradius reload + else + /etc/init.d/freeradius reload + fi + ;; + abort-upgrade) + ;; + abort-remove) + ;; + abort-deconfigure) + ;; +esac + +#DEBHELPER# --- freeradius-1.1.3.orig/debian/freeradius-ldap.postinst +++ freeradius-1.1.3/debian/freeradius-ldap.postinst @@ -0,0 +1,21 @@ +#! /bin/sh + +set -e + +case "$1" in + configure) + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d freeradius reload + else + /etc/init.d/freeradius reload + fi + ;; + abort-upgrade) + ;; + abort-remove) + ;; + abort-deconfigure) + ;; +esac + +#DEBHELPER# --- freeradius-1.1.3.orig/debian/TODO +++ freeradius-1.1.3/debian/TODO @@ -0,0 +1,10 @@ +TODO list for the Debian package: + +26 Nov 2000 -- Chad Miller +* Begin writing manpages for topics listed in the + debian/freeradius.undocumented file. + +09 July 2003 -- Paul Hampson +* Debhelper usage check/best practice audit + (http://lists.debian.org/debian-devel-announce/2003/debian-devel-announce-200303/msg00002.html) +* See if it builds cleanly on Debian/stable. --- freeradius-1.1.3.orig/debian/freeradius.install +++ freeradius-1.1.3/debian/freeradius.install @@ -0,0 +1,46 @@ +etc/freeradius/acct_users +etc/freeradius/attrs +etc/freeradius/clients +etc/freeradius/clients.conf +etc/freeradius/dictionary +etc/freeradius/eap.conf +etc/freeradius/experimental.conf +etc/freeradius/hints +etc/freeradius/huntgroups +etc/freeradius/ldap.attrmap +etc/freeradius/mssql.conf +etc/freeradius/naslist +etc/freeradius/naspasswd +etc/freeradius/oraclesql.conf +etc/freeradius/otp.conf +etc/freeradius/otppasswd.sample +etc/freeradius/postgresql.conf +etc/freeradius/preproxy_users +etc/freeradius/proxy.conf +etc/freeradius/radiusd.conf +etc/freeradius/realms +etc/freeradius/snmp.conf +etc/freeradius/sql.conf +etc/freeradius/sqlippool.conf +etc/freeradius/users +etc/freeradius/certs +usr/bin/radclient +usr/bin/radeapclient +usr/bin/radlast +usr/bin/radrelay +usr/bin/radsqlrelay +usr/bin/radtest +usr/bin/radwho +usr/bin/radzap +usr/bin/rlm_dbm_cat +usr/bin/rlm_dbm_parser +usr/bin/rlm_ippool_tool +usr/bin/smbencrypt +usr/lib/freeradius/*.so +usr/share/snmp/mibs/* +usr/share/freeradius/* +usr/sbin/check-radiusd-config +usr/sbin/checkrad +usr/sbin/freeradius +usr/sbin/radwatch + --- freeradius-1.1.3.orig/debian/freeradius-iodbc.install +++ freeradius-1.1.3/debian/freeradius-iodbc.install @@ -0,0 +1 @@ +usr/lib/freeradius/rlm_sql_iodbc*.so --- freeradius-1.1.3.orig/debian/freeradius.postrm +++ freeradius-1.1.3/debian/freeradius.postrm @@ -0,0 +1,25 @@ +#! /bin/sh + +set -e + +case "$1" in + remove) + ;; + purge) + update-rc.d -f freeradius remove >/dev/null + if [ -d /var/log/freeradius ] + then + rm -rf /var/log/freeradius + fi + rmdir --ignore-fail-on-non-empty /etc/freeradius + deluser freerad shadow || true + deluser freerad || true + delgroup freerad || true + ;; + *) + ;; +esac + +#DEBHELPER# + +exit 0 --- freeradius-1.1.3.orig/debian/changelog +++ freeradius-1.1.3/debian/changelog @@ -0,0 +1,667 @@ +freeradius (1.1.3-3) unstable; urgency=medium + + * Fix POSIX compliance problem in init script. Closes: #403384. + + -- Mark Hymers Sat, 16 Dec 2006 20:45:11 +0000 + +freeradius (1.1.3-2) unstable; urgency=low + + [ Stephen Gran ] + * Check for existence of pidfile in initscript. + * Clean some old cruft from debian/rules + * Write dialup_admin/Makefile + * Make binNMU safe + * Some lsb init headers + + [ Mark Hymers ] + * Merge upstream patch to deal with proxy port settings. Closes: #388024. + * Rewrite large parts of the Debian build system. + + -- Stephen Gran Sat, 7 Oct 2006 21:08:35 +0100 + +freeradius (1.1.3-1) unstable; urgency=low + + [ Stephen Gran ] + * Add and rework ubuntu /var/run/tmpfs patch + * Add LSB init script headers + * Actually trap errors in init script, how about? + + [ Mark Hymers ] + * New upstream version. + * New version of autotools in 1.1.3. Closes: #380204 + * Remove previous patches merged upstream: + - 01-actually_check_for_unset_password.dpatch + * Only do user creation, group addition, chmod and chown stuff in postinst + on an initial install to avoid clobbering local changes. + + -- Mark Hymers Wed, 23 Aug 2006 14:48:57 +0100 + +freeradius (1.1.2-2) unstable; urgency=low + + [ Stephen Gran ] + * Acknowledge my previous NMU's (closes: #351732, #359042) + * Init scripts overhaul: + - now use reload on upgrade of modules + - replace sleep statements with --retry, as time based tests are + fragile + - no longer exit with an error if stop fails because the + daemon isn't running (closes: #374670, #351735) + - stop using command -v in /bin/sh scripts + * General maintainer script overhaul: + - Don't rm -rf something in /etc (ouch) + - Use chown -R instead of 'find .. -exec' + - should not need to manually remove the init script on purge (it's a dpkg + managed conffile) + - Only do user management stuff if user is missing. No point rerunning it + every upgrade. + - Install /etc/freeradius/dictionary with relaxed permissions, but never + touch it again (closes: #334299) + - switch to debhelper files where possible. I like an easy to read + Makefile. + * Arg. Move README.rfc to the freeradius package where it belongs. + + [ Mark Hymers ] + * Document building SSL/PostgreSQL modules in debian/rules, add + control.postgresql to make it more convenient. Tested on AMD64 using + system libtool. + + -- Stephen Gran Sun, 25 Jun 2006 23:06:16 +0100 + +freeradius (1.1.2-1) unstable; urgency=low + + [ Mark Hymers ] + * New maintainers + * New upstream version. + * Remove previous patches merged upstream: + - 01_NET-SNMP_build_support.dpatch + - 02_document_actual_shared_secret_maximum_length.dpatch + - 12_more_dialup_admin_various_fixes.dpatch + - 14_broken_parse.dpatch + - 15_CVE-2006-1354.dpatch + * Use --with-system-libtool during configure. Add B-D: on libtool + Removes obsolete dpatches: + - 06_libtool14_vs_rlm_eap_tls.dpatch + - 13_a_libtool_to_call_your_own.dpatch + * Remove freeradius.undocumented as we don't install links to + undocumented(7) anymore (not recommended since policy 3.5.8.0) + + [ Stephen Gran ] + * Update to Standards Version 3.7.2 (no changes) + * Remove doc/rfc/ to make -legal happy (closes: #365192) + - this means repacked tarball. See README.rfc for details + * Test for unset variable, rather than empty variable in clean_radacct, + monthly_tot_stats and truncate_radacct (closes: #374053) + + -- Mark Hymers Sat, 17 Jun 2006 16:05:19 +0100 + +freeradius (1.1.0-1.2) unstable; urgency=high + + * Non-maintainer upload. + * [ CVE-2006-1354 ]: + src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c: + Due to insufficient input validation it is possible for a remote + attacker to bypass authentication or cause a denial of service. + (closes: #359042) + + -- Stephen Gran Wed, 17 May 2006 11:22:28 -0500 + +freeradius (1.1.0-1.1) unstable; urgency=low + + * Non-maintainer upload. + * Upstream patch to fix parsing config file (closes: #351732) + Fixes: fails to start on amd64 (error in dictionary parsing code) + + -- Stephen Gran Sat, 1 Apr 2006 11:07:55 +0100 + +freeradius (1.1.0-1) unstable; urgency=low + * ReDebianise upstream tarball: + - Deleted RFCs: 2243 2289 2433 2548 2618 2619 2620 2621 2716 2759 2809 2865 + 2866 2867 2868 2869 2882 2924 3162 3575 3576 3579 3580 + draft-kamath-pppext-eap-mschapv2-00 + + * New FreeRADIUS modules marked stable by new upstream release + - rlm_perl + - rlm_sqlcounter + - rlm_sql_log + radsqlrelay + - rlm_otp (formerly rlm_x99_token, not built as it depends on OpenSSL) + + * Remove upstream-integrated patches: + - 02_EAP-SIM_doesnt_need_openssl + - 03_X99_is_not_stable + - 07_manpage_fixups + - 09_use_crypth_if_we_have_it + - 10_escape_entire_ldap_string + - 11_dont_xlat_possibly_bad_usernames_in_bad_accounting_packets + - 12_dialup_admin_various_fixes + + * More dialup-admin fixes from Arve Seljebu + - Fix redirects in dialup-admin pages on servers with + register_globals turned off. + Closes: #333704 + - HTTP form fields will always fail is_int, use in_numeric instead + Closes: #335149 + - Created 12_more_dialup_admin_various_fixes + + * Update to Policy 3.6.2.0 + * Upgrade Debhelper support to V5 + * Don't install the .in files with the examples + * Prefer libmysqlclient15-dev + Closes: #343779 + * Shared secrets can only be 31 characters long, note this in clients.conf + - Created 02_document_actual_shared_secret_maximum_length + Closes: 344606 + * Added support for lsb-init functions + + -- Paul Hampson Sun, 15 Jan 2006 13:34:13 +1100 + +freeradius (1.1.0-0) unstable; urgency=low + + * New upstream release. + * Update set of patches: + - 01_NET-SNMP_build_support.dpatch + - 06_libtool14_vs_rlm_eap_tls.dpatch + - 13_a_libtool14_to_call_your_own.dpatch + + -- Nicolas Baradakis Sun, 1 Jan 2006 18:15:47 +0100 + +freeradius (1.0.5-2) unstable; urgency=low + + * Stop dragging non-PIC code from libeap.a into rlm_eap_sim.so and + rlm_eap.so. + (Thanks to Peter Salinger) + Closes: #288547 + - Rename 06_libtool14_vs_rlm_eap_tls to 06_libtool14_vs_rlm_eap + and modify with Peter's changes and some Makefile hackery to + get it all linking + * Don't rerun configure during the build. + (Thanks to Kurt Roeckx) + * A whole bunch of dialup-admin fixes from Arve Seljebu and Tobias + - Report correct data transfer statistics for users + Closes: #329672 + - Lower-case sql column names to match creation scripts + Closes: #333709 + - Fix creation of empty groups + Closes: #333739 + - Put quote around usernames in HTML output + Closes: #333742 + - Properly notice when we've got a blank password to SQL + Closes: #333744 + - Created 12_dialup_admin_various_fixes + * Stop using libtool1.4 to build against, now that we can't have it and + libltdl3-dev installed at the same time + Closes: #279391 + - Created 13_a_libtool14_to_call_your_own to get most recent ltmain.sh + + -- Paul Hampson Sun, 16 Oct 2005 21:26:30 +1000 + +freeradius (1.0.5-1) unstable; urgency=high + + * Urgency high for security fixes below, all reported upstream + * ReDebianise upstream tarball: + - Deleted RFCs: 2243 2289 2433 2548 2618 2619 2620 2621 2716 2759 2809 2865 + 2866 2867 2868 2869 2882 2924 3162 3575 3576 3579 3580 + draft-kamath-pppext-eap-mschapv2-00 + * Add missed build-dependancy on dpatch (>=2) + * Update to Standards-Version 3.6.2.0 + - No changes needed + * Repair some minorly broken manpages + - Created 07_manpage_fixups.dpatch + * Security fixes stolen from CVS release_1_0 branch: + - Be sure we use crypt.h if we have it, to avoid segfaulting on a + bad built-in crypt() definition, spotted by Konstantin Kubatkin + + Created 09_use_crypth_if_we_have_it + - Make sure we escape the entire LDAP string, instead of + aborting as soon as it becomes possible to be out of space + + Created 10_escape_entire_ldap_string + - Don't xlat the UserName attribute before we can be sure of meeting + any escape sequences it may contain, spotted by Primoz Bratanic + + Created 11_dont_xlat_possibly_bad_usernames_in_bad_accounting_packets + * Depend on adduser, so our postinst can create the freerad user + * Don't install the .in versions of the example scripts. + + -- Paul Hampson Mon, 19 Sep 2005 15:10:40 +1000 + +freeradius (1.0.5-0) unstable; urgency=low + + * New Upstream release, from release_1_0 branch + - Remove 04_bonus_control_code_in_clients_conf_5 + - Remove 05_unbreak_quoted_sql_results + * Fix my _name_ in the dpatches + * Remove patch to CVS ID header from 05_unbreak_quoted_sql_values + so as not to break things when comitting to FreeRADIUS CVS + * Take linking fix from FreeRADIUS bugzilla #75 to allow + rlm_eap_tls to be linked to by rlm_eap_ttls and rlm_eap_peap + even though we don't build them in the Debian archive. + (Thanks to Luca Landi for the patch) + - Created 06_libtool14_vs_rlm_eap_tls + * Fix ownership of files in /var/log/freeradius/ more efficiently + (Caught by Guido Trotter) + Closes: #326891 + + -- Paul Hampson Wed, 7 Sep 2005 01:08:07 +1000 + +freeradius (1.0.4-2) unstable; urgency=low + + * Fix my email address in the dpatches + * Remove extraneous ^g from man/man5/clients.conf.5 + - Created 04_bonus_control_code_in_clients_conf_5 + * Correct handing of parameterless call of init script, and + general init script neatening + (Thanks to Derrick Karpo) + Closes: #315438 + * Correctly leave out the .in files in the examples + * Correctly use debhelper after splitting binary make target + into binary-arch and binary-indep. + (Thanks to Kurt Roeckx for actually hitting the bug) + Closes: #315770 + * Steal fix from CVS release_1_0 tree for rlm_sql quoted values. + (Thanks to Nicolas Baradakis for the fix) + - Upstream bugzilla #242, src/modules/rlm_sql/sql.c 1.79.2.2 + - Created 05_unbreak_quoted_sql_values + + -- Paul Hampson Mon, 27 Jun 2005 03:13:48 +1000 + +freeradius (1.0.4-1) unstable; urgency=low + * ReDeianise upstream tarball: + - Deleted RFCs: 2243 2289 2433 2548 2618 2619 2620 2621 2716 2759 2809 2865 + 2866 2867 2868 2869 2882 2924 3162 3575 3576 3579 3580 + draft-kamath-pppext-eap-mschapv2-00 + * Convert to dpatch, dpatch-2-style interface. + - New build-dependancy on dpatch (>= 2) + - Created 01_NET-SNMP_build_support + - Created 02_EAP-SIM_doesnt_need_openssl + - Created 03_X99_is_not_stable + * Assemble the freeradius-dialupadmin in the binary-indep make target + Closes: #313173 (Thanks to Santiago Vila for spotting this) + * Include the example scripts in /usr/share/doc/freeradius/examples/scripts + except those three which are installed into the binary by the Makefile. + Closes: #314253 (Thanks to Michael Langer for spotting this) + * Suggest libdate-manip-perl for freeradius-dialupadmin + Closes: #306007 (Thanks to Feng Sian) + + -- Paul Hampson Wed, 22 Jun 2005 16:03:27 +1000 + +freeradius (1.0.4-0) unstable; urgency=medium + + * New upstream release, fixing build problems. + * Prefer libpq-dev over postgresql-dev as a build-dependancy. + - This requires us to use pgconfig to find the headers. + + -- Paul Hampson Thu, 16 Jun 2005 13:56:33 +1000 + +freeradius (1.0.3-0) unstable; urgency=high + + * New upstream release + * Urgency high for some denial-of-service fixes: + - SQL injection attacks and DoS (core dump) via buffer overflow. + Closes: #307720 + + -- Alan DeKok Fri, 3 Jun 2005 11:29:34 -0700 + +freeradius (1.0.2-4) unstable; urgency=high + + * Security fix stolen from CVS release_1_0 branch: + - Always use sql_escape_func when calling radius_xlat + - Add a test in sql_escape_func() to check buffer bound when + input character needs escaping. + - Urgency high as these are (theoretical) security issues. + Closes: #307720 (Thanks to Primoz Bratanic and Nicolas Baradakis) + + -- Paul Hampson Mon, 23 May 2005 18:53:51 +1000 + +freeradius (1.0.2-3) unstable; urgency=medium + + * Fixes stolen from CVS release_1_0 branch: + - Fix missed SIGCHLD when waiting for external programs + when threaded. (Medium urgency as this can easily livelock + FreeRADIUS, which is an authentication server.) + + -- Paul Hampson Mon, 18 Apr 2005 23:46:41 +1000 + +freeradius (1.0.2-2) unstable; urgency=medium + + * Get rid of extraneous '%' at the start of every reference to + /etc/freeradius-dialupadmin in freeradius-dialupadmin's configuration. + Closes: #299749 + * Fixes stolen from CVS release_1_0 branch: + - Fix checkrad call for NAS ports > 9999999. (sprintf integer overrun, + reason for urgency medium.) + - Fix inverted test causing crash with pthreads and crypt + Closes: #300219 (Thanks Manuel Menal) + + -- Paul Hampson Wed, 6 Apr 2005 12:33:05 +1000 + +freeradius (1.0.2-1) unstable; urgency=low + + * ReDebianise upstream tarball: + - Deleted RFCs: 2243 2289 2433 2548 2618 2619 2620 2621 2716 2759 2809 2865 + 2866 2867 2868 2869 2882 2924 3162 3575 3576 3579 3580 + * Allow rlm_eap_sim to build without OpenSSL + * Make init script return 1 if reloading kills the server + (Thanks to Nicolas Baradakis) + Closes: #292170 + * Enable Novell eDirectory integration + * Enable udpfromto code so that replies come from the same address as + the request arrived at + * Build-depend on libmysqlclient12-dev as libmysqlclient10 has problems + accessing 4.0 series mySQL servers, and libmysqlclient12 can access + 4.1 series mySQL servers. + + -- Paul Hampson Fri, 4 Mar 2005 09:30:40 +1100 + +freeradius (1.0.2-0) unstable; urgency=low + + * New upstream release + * Update for Debian Policy 3.6.1.1 + - Change test if invoke-rc.d as per Policy 9.3.3.2 + * freeradius-dialupadmin Suggests php4-mysql | php4-pgsql + Closes: #279419 + * Added a two-second pause to restart in init.d script + Closes: #262635 + * FreeRADIUS module packages now depend on the same source + version of the main FreeRADIUS package. + Closes: #284353 + * FreeRADIUS-dialupadmin's default paths in admin.conf are + now correct. + Closes: #280942 + * FreeRADIUS-dialupadmin's help.php3 can now find README. + Closes: #280941 + + -- Paul Hampson Wed, 29 Dec 2004 20:12:52 +1100 + +freeradius (1.0.1-2) unstable; urgency=high + + * freeradius-dialupadmin Suggests php4-mysql | php4-pgsql + Closes: #279419 + * Added a two-second pause to restart in init.d script + Closes: #262635 + * FreeRADIUS module packages now depend on the same source + version of the main FreeRADIUS package. + Closes: #284353 + * FreeRADIUS-dialupadmin's default paths in admin.conf are + now correct. + Closes: #280942 + * FreeRADIUS-dialupadmin's help.php3 can now find README. + Closes: #280941 + * Fixes stolen from 1.0.2 CVS: + - Bug fix to make udpfromto code work + - radrelay shouldn't dump core if it can't read a VP from the + detail file. + - Only initialize the random pool once. + - In rlm_sql, don't escape characters twice. + - In rlm_ldap, only claim Auth-Type if a plain text password is present. + - Locking fixes in threading code + - Fix building on gcc-4.0 by not trying to access static auth_port from + other files. + + -- Paul Hampson Wed, 29 Dec 2004 20:19:42 +1100 + +freeradius (1.0.1-1) unstable; urgency=high + + * ReDebianise upstream tarball: + - Deleted RFCs: 2243 2289 2433 2548 2618 2619 2620 2621 2716 2759 2809 2865 + 2866 2867 2868 2869 2882 2924 3162 3575 3576 3579 3580 + - Remove CVS directories. + * Urgency high for security fix from 1.0.1-0 (CAN-2004-0938, + closes: #275136). + + -- Paul Hampson Thu, 23 Sep 2004 22:28:11 +1000 + +freeradius (1.0.1-0) unstable; urgency=high + + * New upstream release + * Urgency high for some denial-of-service fixes: + - Fix two remote crashes and a remote memory leak in + radius packet decoding. + + -- Paul Hampson Thu, 2 Sep 2004 17:12:23 +1000 + +freeradius (1.0.0-1) unstable; urgency=low + + * ReDebianise upstream tarball: + - Deleted RFCs: 2243 2289 2433 2548 2618 2619 2620 2621 2716 2759 2809 2865 + 2866 2867 2868 2869 2882 2924 3162 3575 3576 3579 3580 + * Support building with libsnmp5's UCD-SNMP compatiblity mode. + - libsnmp{4.2,5} still depend on OpenSSL, so SNMP's still disabled. + * Update for Debian Policy 3.6.11 + - Change test for invoke-rc.d as per Policy 9.3.3.2 + * Disable rlm_eap types PEAP, TLS and TTLS as they depend on OpenSSL. + * Disable rlm_sql driver PostgreSQL as it depends on OpenSSL. + * Disable rlm_x99_token as it depends on OpenSSL. + * Finally, -v is documented in radius(8). + - Closes: #151266 + * Reword a sentence in radwatch(8) by removing the personal pronoun. + - Closes: #264522 + + -- Paul Hampson Tue, 17 Aug 2004 17:42:40 +1000 + +freeradius (1.0.0-0) unstable; urgency=low + + * New upstream release + * Added H323 billing stuff to the examples + * Created Dialup-Admin package for the PHP-based web + FreeRADIUS database (SQL/LDAP) frontend. + + -- Paul Hampson Sat, 17 Jul 2004 16:21:38 +1000 + +freeradius (0.9.3-1) unstable; urgency=low + + * New upstream release, incorporates security fix from 0.9.2-4. + * Correct build-dependancy on debhelper. + Closes: #234486 + * Split iodbc SQL driver into its own package. + + -- Paul Hampson Tue, 24 Feb 2004 23:56:26 +1100 + +freeradius (0.9.2-4) unstable; urgency=high + + * Patch from upstream head: + - Fix a remote DoS and possible exploit due to mis-handling + of tagged attributes, and Tunnel-Password attribute. + + -- Paul Hampson Fri, 21 Nov 2003 09:52:51 +1100 + +freeradius (0.9.2-3) unstable; urgency=low + + * Removed redundant code to delete contents of a directory + on purge which ends up being removed anyway. + * Provide a default pam.d configuration. + * Fix the usage of dh_installinit to not make the package uninstallable. + * Change package removal to not abort if we cannot stop the server. + * Debian-archive-fit version of freeradius. + Closes: #208620 + + -- Paul Hampson Tue, 11 Nov 2003 02:12:55 +1100 + +freeradius (0.9.2-2) unstable; urgency=low + + * Use dh_installinit rather than doing it by hand + This involves renaming the initfile in the source tarball + * Only add user freerad to the group shadow on first installation + * Only chmod /etc/freeradius to group-readable, not group-read/write + * Removed the freerad user when the freerad group is removed + * Removed spurious build-dependancy on autoconf2.13 and libtool(1.4) + * Build-conflict against libssl-dev + * Restore Kerberos and LDAP as they will build without OpenSSL + * Make myself the maintainer + * Update to Policy 3.6.1.0 + - No changes needed + + -- Paul Hampson Sun, 9 Nov 2003 00:07:52 +1100 + +freeradius (0.9.2-1) unstable; urgency=low + + * Deleted RFCs: 2243 2289 2433 2548 2618 2616 2620 2621 + 2719 2759 2809 2865 2866 2867 2868 2869 2882 2924 3162 + from source tarball due to non-DFSG-free copyright. + * Disabled PostgreSQL, x.99 token, EAP/TLS, Kerberos, LDAP + and SNMP agent support due to OpenSSL/GPL conflict. + + -- Paul Hampson Thu, 6 Nov 2003 22:40:32 +1100 + +freeradius (0.9.2-0) unstable; urgency=low + + * New upstream release + * Added logrotate script for /var/log/freeradius/radius.log + * Don't leave symlinks to config.{guess,sub} lying around to + confuse dpkg-source. + + -- Paul Hampson Wed, 15 Oct 2003 05:02:17 +1000 + +freeradius (0.9.1-0) unstable; urgency=low + + * New upstream release. + * Renamed radiusd(8) to freeradius(8) to match binary + * Build-Depend on libtool1.4 | libtool (< 1.5) due to + new libtool 1.5 package. + * Merged multiple sed calls into a single sed call in debian/rules + * Installed SQL database examples into /usr/share/doc/freeradius/examples + * Modify initscript to only -HUP the parent process + + -- Paul Hampson Fri, 5 Sep 2003 00:54:41 +1000 + +freeradius (0.9.0-1) unstable; urgency=low + + * New Upstream release. + - Upstream dictionary files are in /usr/share/freeradius. + - Modified to 'configure{,.in}' to work with openssl 0.9.7 and 0.9.6 + * Renamed pacakges to 'freeradius*' from 'radiusd-freeradius*'. + * Moved file hierarchy around to be neater: + - /etc/raddb -> /etc/freeradius + - /usr/share/doc/radiusd-freeradius -> /usr/share/doc/freeradius + - /var/log/radiusd-freeradius -> /var/log/freeradius + - /var/run/radiusd/radiusd.pid -> /var/run/freeradius/freeradius.pid + * Included RFCs in documentation. + * Enabled the daemon to run under user 'freerad:freerad' by default. + * Added support for DEB_BUILD_OPTIONS for policy 3.5.9 compliance. + * Installed SNMP mibs for Radius + + -- Paul Hampson Sun, 20 Jul 2003 06:56:28 +1000 + +radiusd-freeradius (0.7+cvs20021113-1) unstable; urgency=low + + * Explicitly excluding modules not in the "stable" list. + * Updated policy version number. + * Moved from non-US/main to main. + * Put pidfile in package's own directory. + * Package not as buggy and unstable modules are easily identifiable. + (closes: Bug#142217) + * Init script handles failure better. (closes: Bug#151264) + * New upstream release. (closes: Bug#140536) + * Uses available version of postgresql. (closes: Bug#139290) + * Removed "conflicts" with other radiusds. + * Added new build-dep on libtool. + * Changed section to "net" from "admin". + * New config.guess. (closes: Bug#168647) + * Run with freerad user and group. (closes: Bug#168272) + * Added libssl-dev as build-dep. (closes: #131832) + + -- Chad Miller Wed, 13 Nov 2002 17:01:19 -0500 + +radiusd-freeradius (0.5+cvs20020408-1) unstable; urgency=high + + * New build-dep on libssl-dev, which is implied by another dep, but making + explicit for builders on Potato. (closes: Bug#131832) + * Built against new postgresql libraries, so automatic dep tracking has + the correct version, now. (closes: Bug#139290) + * Removed python example module. + * Explicitly disabled beta ippool module. + + -- Chad Miller Mon, 8 Apr 2002 11:48:30 -0400 + +radiusd-freeradius (0.4-1) unstable; urgency=high + + * New release. + * upstream: New EAP support. + * upstream: Fixed security bug in string translation. + + -- Chad Miller Thu, 13 Dec 2001 09:26:45 -0500 + +radiusd-freeradius (0.3-2) unstable; urgency=low + + * Moved to using logrotate instead of cron for files. + * Fixed permissions of log files. (closes: Bug#116242,#116243) + * Close file descriptors of stdin, stdout, stderr, if not debugging. + (closes: Bug#116768) + * Made package "non-native". (An upload issue, not code.) + (closes: Bug#119161) + + -- Chad Miller Tue, 20 Nov 2001 10:50:20 -0500 + +radiusd-freeradius (0.3-1) unstable; urgency=low + + * New release. + + -- Chad Miller Tue, 9 Oct 2001 18:16:23 -0400 + +radiusd-freeradius (0.2+20010917-1) unstable; urgency=low + + * Removed old mysql build-dep. (closes: Bug#112541) + + -- Chad Miller Mon, 17 Sep 2001 11:38:24 -0400 + +radiusd-freeradius (0.2+20010912-1) unstable; urgency=low + + * Build-dep mysql changed package names. + * Added build-dep for libmysqlclient10-dev. (closes: Bug#111880) + * In acct_users, keep reply pairs. + * Integer values are printed as unsigned numbers, to comply with RFC2866. + * Fixed broken/reversed auth comparisons in SQL module. + * Sucked out CPPness from inside a printf, as printf is a macro in newer + compilers (gcc3.0, e.g.). (closes: Bug#100889) + * Sundry LDAP configuration, unresponsive thread, and proxying fixes. + * Added user 'freerad' into the 'shadow' group. + * Fixed UUCP-style of restricting time of log-in. + * Changed debugging messages to give more info about execution flow. + * Better counter module. + * Inserted CHAP support for SQL modules. + * Removed possible infinite loop. + + -- Chad Miller Wed, 12 Sep 2001 21:21:47 -0400 + +radiusd-freeradius (0.1+20010527-1) unstable; urgency=low + + * Updated config.{guess,sub} to recent versions. (closes: Bug#98183) + * Updated build-dep to reflect supercession of libltdl0-dev by libltdl3-dev + (closes: Bug#98914) + + -- Chad Miller Sun, 27 May 2001 11:44:40 -0400 + +radiusd-freeradius (0.1+20010517-1) unstable; urgency=low + + * Moved package to non-US to allow in Kerberos and PostgreSQL. + * Set Suggests of modules to main package. + * Better compile-time support of *BSD. + + -- Chad Miller Thu, 17 May 2001 14:46:51 -0400 + +radiusd-freeradius (0.1-1) unstable; urgency=low + + * First beta release! + * Added generalized SQL support for ODBC, Oracle, MySQL, and Postgres. + * Added shasta, microsoft, and redback dictionaries. + * Fixed rc.d restart rule. + * Added a user to own the daemon and logfiles. + * SQL DB handles more forgiving of unreachable servers at startup. + * SQL Crypt-Password attribute support. + * Fixed cron log rotation. + * Put module libraries in own directory. + * Removed bogus build-dep. (closes: Bug#87277) + * Better permissions on /etc/raddb + * Use correct LDAP library. + * Fork ldap, postgresql, and mysql modules into different packages. + * Remove Kerberos, as it's restricted from export. + + -- Chad Miller Mon, 7 May 2001 16:37:46 -0400 + +radiusd-freeradius (0.0.20010109-1) unstable; urgency=low + + * Changed priority, from standard to optional. + + -- Chad Miller Tue, 9 Jan 2001 14:01:38 -0500 + +radiusd-freeradius (0.0.20001227-1) unstable; urgency=low + + * Initial revision. (closes: Bug#76476) + + -- Chad Miller Wed, 27 Dec 2000 11:58:56 -0500 --- freeradius-1.1.3.orig/debian/freeradius-eappeap.postinst +++ freeradius-1.1.3/debian/freeradius-eappeap.postinst @@ -0,0 +1,21 @@ +#! /bin/sh + +set -e + +case "$1" in + configure) + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d freeradius reload + else + /etc/init.d/freeradius reload + fi + ;; + abort-upgrade) + ;; + abort-remove) + ;; + abort-deconfigure) + ;; +esac + +#DEBHELPER# --- freeradius-1.1.3.orig/debian/freeradius-dialupadmin.install +++ freeradius-1.1.3/debian/freeradius-dialupadmin.install @@ -0,0 +1,12 @@ +usr/share/freeradius-dialupadmin/bin/monthly_tot_stats +usr/share/freeradius-dialupadmin/bin/snmpfinger +usr/share/freeradius-dialupadmin/bin/truncate_radacct +usr/share/freeradius-dialupadmin/bin/clean_radacct +usr/share/freeradius-dialupadmin/bin/log_badlogins +usr/share/freeradius-dialupadmin/bin/showmodem +usr/share/freeradius-dialupadmin/bin/tot_stats +usr/share/freeradius-dialupadmin/htdocs/ +usr/share/freeradius-dialupadmin/html/ +usr/share/freeradius-dialupadmin/lib/ +usr/share/freeradius-dialupadmin/sql/ +etc/freeradius-dialupadmin --- freeradius-1.1.3.orig/debian/control +++ freeradius-1.1.3/debian/control @@ -0,0 +1,84 @@ +Source: freeradius +Build-Depends: debhelper (>= 5), libltdl3-dev, libpam0g-dev, libmysqlclient15-dev | libmysqlclient-dev, libgdbm-dev, libldap2-dev, libsasl2-dev, libiodbc2-dev, libkrb5-dev, snmp, autotools-dev, dpatch (>= 2), libperl-dev, libtool, dpkg-dev (>= 1.13.19), libssl-dev +Build-Conflicts: +Section: net +Priority: optional +Maintainer: Stephen Gran +Uploaders: Mark Hymers , Paul Hampson +Standards-Version: 3.7.2.0 + +Package: freeradius +Architecture: any +Depends: adduser, lsb-base (>= 3.0-6), ${shlibs:Depends} +Provides: radius-server +Suggests: freeradius-ldap, freeradius-mysql, freeradius-krb5 +Conflicts: radiusd-freeradius, radiusd-freeradius-krb5, radiusd-freeradius-ldap, radiusd-freeradius-postgresql, radiusd-freeradius-mysql +Replaces: radiusd-freeradius +Description: a high-performance and highly configurable RADIUS server + A high-performance RADIUS server derived from Cistron's server, and + generally similar to Livingston's 2.0 server, with support for... + - many vendor-specific attributes + - proxying and replicating requests by any criteria + - authentication on system passwd, SQL, Kerberos, LDAP, users file, or PAM + - multiple DEFAULT configurations + - regexp matching in string attributes + and lots more. + +Package: freeradius-eaptls +Architecture: any +Depends: freeradius (= ${binary:Version}), ${shlibs:Depends} +Description: eap-tls module for FreeRADIUS server + Debian will not provide a binary version of the rlm_eap_tls.so library. This + module is required if you want to use EAP/TLS authentication, commonly used + for WiFi access points + +Package: freeradius-eappeap +Architecture: any +Depends: freeradius (= ${binary:Version}), ${shlibs:Depends} +Description: eap-peap module for FreeRADIUS server + Debian will not provide a binary version of the rlm_eap_peap.so library. This + module is required if you want to use EAP/PEAP authentication, commonly used + for WiFi access points + +Package: freeradius-krb5 +Architecture: any +Conflicts: radiusd-freeradius-krb5 +Replaces: radiusd-freeradius-krb5 +Depends: freeradius (= ${binary:Version}), ${shlibs:Depends} +Description: kerberos module for FreeRADIUS server + The FreeRADIUS server can use Kerberos to authenticate users, and this module + is necessary for that. + +Package: freeradius-ldap +Architecture: any +Conflicts: radiusd-freeradius-ldap +Replaces: radiusd-freeradius-ldap +Depends: freeradius (= ${binary:Version}), ${shlibs:Depends} +Description: LDAP module for FreeRADIUS server + The FreeRADIUS server can use LDAP to authenticate users, and this module + is necessary for that. + +Package: freeradius-mysql +Architecture: any +Conflicts: radiusd-freeradius-mysql +Replaces: radiusd-freeradius-mysql +Depends: freeradius (= ${binary:Version}), ${shlibs:Depends} +Description: MySQL module for FreeRADIUS server + The FreeRADIUS server can use MySQL to authenticate users and do accounting, + and this module is necessary for that. + +Package: freeradius-iodbc +Architecture: any +Depends: freeradius (= ${binary:Version}), ${shlibs:Depends} +Description: iODBC module for FreeRADIUS server + The FreeRADIUS server can use iODBC to access databases to authenticate users + and do accounting, and this module is necessary for that. + +Package: freeradius-dialupadmin +Architecture: all +Depends: php4 +Suggests: apache2-mpm-prefork | httpd, php4-mysql | php4-pgsql, libdate-manip-perl +Recommends: ${perl:Depends} +Description: set of PHP scripts for administering a FreeRADIUS server + These scripts provide a web-based interface for administering a FreeRADIUS + server which stores authentication information in either SQL or LDAP. --- freeradius-1.1.3.orig/debian/freeradius-postgresql.postinst +++ freeradius-1.1.3/debian/freeradius-postgresql.postinst @@ -0,0 +1,21 @@ +#! /bin/sh + +set -e + +case "$1" in + configure) + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d freeradius reload + else + /etc/init.d/freeradius reload + fi + ;; + abort-upgrade) + ;; + abort-remove) + ;; + abort-deconfigure) + ;; +esac + +#DEBHELPER# --- freeradius-1.1.3.orig/debian/freeradius.init +++ freeradius-1.1.3/debian/freeradius.init @@ -0,0 +1,86 @@ +#!/bin/sh +# Start/stop the FreeRADIUS daemon. + +### BEGIN INIT INFO +# Provides: radiusd +# Required-Start: $network +# Should-Start: $time mysql ldap postgresql samba krb5-kdc +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Radius Daemon +# Description: Extensible, configurable radius daemon +### END INIT INFO + +set -e + +. /lib/lsb/init-functions + +PROG="freeradius" +PROGRAM="/usr/sbin/freeradius" +PIDFILE="/var/run/freeradius/freeradius.pid" +DESCR="FreeRADIUS daemon" + +test -f $PROGRAM || exit 0 + +# /var/run may be a tmpfs +if [ ! -d /var/run/freeradius ]; then + mkdir -p /var/run/freeradius + chown freerad:freerad /var/run/freeradius +fi + +ret=0 + +case "$1" in + start) + log_daemon_msg "Starting $DESCR" "$PROG" + if start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $PROGRAM; then + ret=$? + fi + log_end_msg $ret + exit $ret + ;; + stop) + log_daemon_msg "Stopping $DESCR" "$PROG" + if [ -f "$PIDFILE" ] ; then + if start-stop-daemon --stop --retry=TERM/30/KILL/5 --quiet --pidfile $PIDFILE; then + ret=$? + fi + log_end_msg $ret + else + log_action_cont_msg "$PIDFILE not found" + log_end_msg 0 + fi + ;; + restart) + $0 stop + $0 start + ;; + reload | force-reload) + log_action_begin_msg "Reloading configuration files for $DESCR" + if [ -f "$PIDFILE" ] ; then + if start-stop-daemon --oknodo --stop --signal 1 --quiet --pidfile $PIDFILE; then + ret=$? + fi + log_action_cont_msg "HUP sent" + sleep 2 + if kill -0 $(cat $PIDFILE) > /dev/null; then + ret=$(($ret|$?)) + fi + if [ "$ret" -ne 0 ]; then + log_action_cont_msg "$DESCR has died!" + fi + log_end_msg $ret + else + log_action_cont_msg "$PIDFILE not found" + log_end_msg 0 + fi + exit $ret + ;; + *) + echo "Usage: $0 start|stop|restart|reload|force-reload" + exit 1 + ;; +esac + +exit 0 --- freeradius-1.1.3.orig/debian/rules +++ freeradius-1.1.3/debian/rules @@ -0,0 +1,193 @@ +#! /usr/bin/make -f +# +# debian/rules file for freeradius +# + +.NOTPARALLEL: + +SHELL =/bin/bash + +package = freeradius +freeradius_dir = $(CURDIR)/debian/tmp/ + +mandir = /usr/share/man +libdir = /usr/lib/$(package) +logdir = /var/log/$(package) +pkgdocdir = /usr/share/doc/$(package) +raddbdir = /etc/$(package) + +include /usr/share/dpatch/dpatch.make + +# If you want to use SSL and/or the postgres module, comment +# out these two lines and uncomment the two after +# You will also need to add a Build-Depends on libssl-dev and libpq-dev +# and remove the Build-Conflicts on libssl-dev +# Finally you need to cat debian/control.postgresql >> debian/control +buildssl=--without-rlm_otp --without-rlm_sql_postgresql --without-snmp +modulelist=krb5 ldap sql_mysql sql_iodbc eap_peap eap_tls +#buildssl=--with-rlm_sql_postgresql_lib_dir=`pg_config --libdir` --with-rlm_sql_postgresql_include_dir=`pg_config --includedir` +#modulelist=krb5 ldap sql_mysql sql_iodbc sql_postgresql + + +export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +export CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) + confflags += --build $(DEB_HOST_GNU_TYPE) +else + confflags += --host $(DEB_BUILD_GNU_TYPE) --build $(DEB_HOST_GNU_TYPE) +# $(error Cannot cross-compile this package out-of-the-box) +endif + +config.status: configure + dh_testdir + + # Update the autotools files if necessary + if [ -e config.sub.dist ]; then rm config.sub; else mv config.sub config.sub.dist; fi + if [ -e config.guess.dist ]; then rm config.guess; else mv config.guess config.guess.dist; fi + ln -s /usr/share/misc/config.sub config.sub + ln -s /usr/share/misc/config.guess config.guess + + ./configure \ + $(confflags) \ + --prefix=/usr \ + --exec-prefix=/usr \ + --mandir=$(mandir) \ + --sysconfdir=/etc \ + --libdir=$(libdir) \ + --datadir=/usr/share \ + --localstatedir=/var \ + --with-raddbdir=$(raddbdir) \ + --with-logdir=/var/log/$(package) \ + --enable-ltdl-install=no --enable-strict-dependencies \ + --with-large-files --with-udpfromto --with-edir \ + --enable-developer \ + --config-cache \ + ${buildssl} \ + --with-system-libtool + + +build: build-arch build-indep + +build-indep: patch build-indep-stamp +build-indep-stamp: config.status + touch build-indep-stamp + + +build-arch: patch build-arch-stamp +build-arch-stamp: config.status + $(MAKE) + touch build-arch-stamp + + +clean: unpatch + dh_testdir + dh_clean + rm -f build-arch-stamp build-indep-stamp libltdl/stamp-h1 + rm -f install-arch-stamp install-indep-stamp + + [ -f Make.inc ] && make distclean || true + # The make clean forgets to remove this build directory + [ -d src/modules/lib ] && rm -fr src/modules/lib || true + + # Put the original autotools files back in place + [ -f config.sub.dist ] && rm config.sub && mv config.sub.dist config.sub || true + [ -f config.guess.dist ] && rm config.guess && mv config.guess.dist config.guess || true + + +install: install-arch install-indep +install-indep: install-indep-stamp +install-indep-stamp: build-indep-stamp + dh_testdir + dh_testroot + + $(MAKE) -C dialup_admin DIALUP_PREFIX=/usr/share/freeradius-dialupadmin \ + DIALUP_DOCDIR=/usr/share/doc/freeradius-dialupadmin \ + DIALUP_CONFDIR=/etc/freeradius-dialupadmin \ + R=$(freeradius_dir) install + + mv $(freeradius_dir)/usr/share/freeradius-dialupadmin/bin/dialup_admin.cron \ + $(freeradius_dir)/usr/share/freeradius-dialupadmin/bin/freeradius-dialupadmin.cron + + touch install-indep-stamp + +install-arch: install-arch-stamp +install-arch-stamp: build-arch-stamp + dh_testdir + dh_testroot + + $(MAKE) install R=$(freeradius_dir) + + # rename radius binary to play nicely with others + mv $(freeradius_dir)/usr/sbin/radiusd $(freeradius_dir)/usr/sbin/$(package) + mv $(freeradius_dir)/$(mandir)/man8/radiusd.8 $(freeradius_dir)/$(mandir)/man8/$(package).8 + + # Install the SNMP MIBs into debian/tmp + mkdir -p $(freeradius_dir)/usr/share/snmp/mibs + install -g root -m 644 mibs/*.txt $(freeradius_dir)/usr/share/snmp/mibs + + touch install-arch-stamp + + +binary: binary-indep binary-arch + +binary-indep: install-indep-stamp + dh_testroot + #dh_clean -i -k + dh_installdirs -i + dh_install -XCVS -X.svn -i --sourcedir=debian/tmp + dh_installdocs -XCVS -X.svn -i + dh_installchangelogs -XCVS -X.svn dialup_admin/Changelog -i + dh_installexamples -XCVS -X.svn -i + dh_installman -XCVS -X.svn -i + dh_link -i + dh_perl -i + dh_installdeb -i + dh_compress -i + dh_fixperms -i + dh_md5sums -i + dh_gencontrol -i + dh_builddeb -i + +binary-arch: install-arch-stamp + dh_testroot + #dh_clean -a -k + dh_installdirs -a + dh_install -XCVS -X.svn -XMakefile -a --sourcedir=debian/tmp + # Not nice, but it works; remove modules we package seperately + # from the main package + for mod in ${modulelist}; do \ + rm -f $(CURDIR)/debian/freeradius/usr/lib/freeradius/rlm_$$mod*.so ; \ + done + dh_installdocs -XCVS -X.svn -a + dh_installexamples -XCVS -X.svn -a + dh_installchangelogs -XCVS -X.svn -a $(freeradius_dir)/usr/share/doc/freeradius/ChangeLog + dh_installman -XCVS -X.svn -a + +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + dh_strip -a +endif + + dh_installlogrotate -a + dh_installinit -n -a + dh_installpam --name=radiusd -a + # We don't need ldconfig. None of our libraries go in it's paths + dh_makeshlibs -n -a + dh_shlibdeps -a + dh_installdeb -a + dh_compress -a + dh_fixperms -a + dh_md5sums -a + dh_gencontrol -a + dh_builddeb -a + + +.PHONY: binary binary-arch binary-indep clean build build-indep build-arch install install-indep install-arch --- freeradius-1.1.3.orig/debian/freeradius.manpages +++ freeradius-1.1.3/debian/freeradius.manpages @@ -0,0 +1,3 @@ +debian/tmp/usr/share/man/man1/* +debian/tmp/usr/share/man/man5/* +debian/tmp/usr/share/man/man8/* --- freeradius-1.1.3.orig/debian/freeradius.logrotate +++ freeradius-1.1.3/debian/freeradius.logrotate @@ -0,0 +1,6 @@ +/var/log/freeradius/*.log { + weekly + rotate 52 + compress + notifempty +} --- freeradius-1.1.3.orig/debian/freeradius-eaptls.install +++ freeradius-1.1.3/debian/freeradius-eaptls.install @@ -0,0 +1 @@ +usr/lib/freeradius/rlm_eap_tls*.so --- freeradius-1.1.3.orig/debian/README.Debian +++ freeradius-1.1.3/debian/README.Debian @@ -0,0 +1,16 @@ +During conversion from radiusd-freeradius* packages to freeradius* packages, +the directory for configuration has moved to /etc/freeradius from +/etc/raddb. Since a number of things have changed in the way freeradius +is configured this package does not automatically copy your old +configuration; please do that manually. + +Also, the upstream supplied dictionaries are now in /usr/share/freeradius/. +/etc/freeradius/dictionary is still the place for local dictionary +additions. See /etc/freeradius/dictionary for details. + +If FreeRADIUS fails to start, without any error message, be sure that the +directory specified for the pidfile in the configuration is correct. If +it is incorrect, or not writeable by user freerad or group freerad, then +FreeRADIUS will fail to start. The initscript supplied expects this to +be /var/run/freeradius/freeradius.pid, and /var/run/freeradius/ is +created by the maintainer scripts. --- freeradius-1.1.3.orig/debian/freeradius-dialupadmin.docs +++ freeradius-1.1.3/debian/freeradius-dialupadmin.docs @@ -0,0 +1,6 @@ +debian/tmp/usr/share/doc/freeradius-dialupadmin/AUTHORS +debian/tmp/usr/share/doc/freeradius-dialupadmin/FAQ +debian/tmp/usr/share/doc/freeradius-dialupadmin/HELP_WANTED +debian/tmp/usr/share/doc/freeradius-dialupadmin/HOWTO +debian/tmp/usr/share/doc/freeradius-dialupadmin/README +debian/tmp/usr/share/doc/freeradius-dialupadmin/TODO --- freeradius-1.1.3.orig/debian/freeradius-mysql.install +++ freeradius-1.1.3/debian/freeradius-mysql.install @@ -0,0 +1 @@ +usr/lib/freeradius/rlm_sql_mysql*.so --- freeradius-1.1.3.orig/debian/freeradius.postinst +++ freeradius-1.1.3/debian/freeradius.postinst @@ -0,0 +1,63 @@ +#! /bin/sh + +set -e + +case "$1" in + configure) + if [ -z "$2" ]; then + # On a fresh install, add the necessary user and group + if ! id freerad >/dev/null 2>&1; then + addgroup --system freerad || true + groups freerad 2>/dev/null || adduser --system --no-create-home --home /etc/freeradius --ingroup freerad --disabled-password freerad + + # Put user freerad in group shadow, so the daemon can auth locally + # Only do this on fresh install as the admin may not want freerad in shadow + # group if authenticating by another mechanism + adduser freerad shadow + fi + + update-rc.d freeradius defaults 50 >/dev/null + + # Set up initial permissions on all the freeradius directories + [ -d /var/log/freeradius ] || mkdir -p /var/log/freeradius + [ -f /var/log/freeradius/radius.log ] || touch /var/log/freeradius/radius.log + [ -f /var/log/freeradius/radwtmp ] || touch /var/log/freeradius/radwtmp + [ -d /var/run/freeradius ] || mkdir /var/run/freeradius + + chown freerad:freerad /var/run/freeradius + find /etc/freeradius -type f -exec chgrp freerad {} \; -exec chmod 640 {} \; + find /etc/freeradius -type d -exec chgrp freerad {} \; -exec chmod 2751 {} \; + chown -R freerad:freerad /var/log/freeradius + + # Relax permissions on local dictionary - allows radclient to run and should + # not contain secrets. At any rate, only do it on fresh install + chmod 0644 /etc/freeradius/dictionary + chmod 2751 /etc/freeradius/ + + action="start" + else + action="restart" + fi + + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d freeradius $action || true + else + /etc/init.d/freeradius $action + fi + ;; + abort-upgrade) + ;; + abort-remove) + if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then + invoke-rc.d freeradius start || true + else + /etc/init.d/freeradius start + fi + ;; + abort-deconfigure) + ;; +esac + +#DEBHELPER# + +exit 0