+freeradius (2.1.8+dfsg-1) unstable; urgency=medium
+
+ * New upstream version.
+ + Fixes several showstopper bugs, hence increased urgency.
+ + Includes OpenSSL+GPL license exception, closes: #499120.
+ + Fixes typo in a warning, closes: #523074.
+ * Added libssl-dev into build-depends and enabled the building of
+ modules that just depend on OpenSSL, namely rlm_eap_peap, rlm_eap_tls,
+ rlm_eap_ttls, and rlm_otp, closes: #266229.
+ * Because the configuration of EAP+SSL modules now actually kicks in, its
+ non-existent certificate file would break the server start by default.
+ Depend on ssl-cert, make use of make-ssl-cert and openssl, and add
+ freerad to the ssl-cert group in the postinst to get us past the
+ problematic default settings so that we don't crash and burn on clean
+ upgrades, but otherwise leave everything else to the admin.
+ * Ship /etc/freeradius/attrs.access_challenge, like the others.
+ * Moved otp.conf and snmp.conf statoverride handling to the preinst
+ and used rm_conffile on them as well.
+ * Updated upstream changelog handling a bit.
+
+ -- Josip Rodin <joy-packages@debian.org> Sat, 02 Jan 2010 20:22:47 +0100
+
+freeradius (2.1.7+dfsg-2) unstable; urgency=low
+
+ * Ship radmin and raddebug in the freeradius package.
+ * Correct section number inside raddebug(8) so it doesn't get misplaced.
+
+ -- Josip Rodin <joy-packages@debian.org> Tue, 24 Nov 2009 15:29:59 +0100
+
+freeradius (2.1.7+dfsg-1) unstable; urgency=low
+
+ * Adopting the package, closes: #536623.
+ * New upstream version, closes: #513484.
+ + Fixes the blooper in unlang evaluation logic, closes: #526175.
+ * Used quilt (and added README.source), and moved upstream file patching
+ into debian/patches/. The source is no longer in collab-maint git
+ (to make it simpler for me to finally get this out the door), but
+ kept the .gitignore should we need that again.
+ * Dropped the dialup_admin/bin/backup_radacct patch (integrated upstream).
+ * Dropped the raddb/Makefile patch (problem no longer exists upstream).
+ * Dropped the lib/packet.c lib/radius.c main/listen.c patches (was from
+ upstream 2.0.5 anyway).
+ * Dropped references to otp.conf, it no longer exists upstream.
+ Keep removing the conffile statoverride in prerm.
+ * Dropped references to snmp.conf, it no longer exists upstream.
+ Keep removing the conffile statoverride in prerm.
+ * Ship /etc/freeradius/modules/* in the freeradius package.
+ * Stop shipping sites-enabled symlinks in the package and instead create
+ them only on initial install, thanks to Matej Vela, closes: #533396.
+ * Add export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" to the init script
+ at the request of John Morrissey, closes: #550143.
+ * Stop installing /var/run/freeradius in the package to silence Lintian.
+ The init script already recreates it at will.
+ * Remove executable bit from example.pl to silence Lintian.
+
+ -- Josip Rodin <joy-packages@debian.org> Mon, 23 Nov 2009 03:57:37 +0100
+
+freeradius (2.0.4+dfsg-7) unstable; urgency=low
+
+ * Ignore rmdir failure on clean (closes: #545932)
+ * Do a better job of catching errors in the init script (closes: #533390)
+ * Init headers fixup (closes: #541882)
+ * Clean up some logs so dpkg can successfully rmdir (closes: #530727)
+
+ -- Stephen Gran <sgran@debian.org> Sun, 13 Sep 2009 19:33:12 +0100
+
+freeradius (2.0.4+dfsg-6) unstable; urgency=low
+
+ * Fix unsafe use of tempfile (closes: #496389)
+
+ -- Stephen Gran <sgran@debian.org> Mon, 25 Aug 2008 14:18:48 +0100
+
+freeradius (2.0.4+dfsg-5) unstable; urgency=low
+
+ [ Mark Hymers ]
+ * Cherry pick commit from 2.0.5 which fixes port binding issues.
+ Closes: #489773.
+
+ [ Stephen Gran ]
+ * add PERL_SYS_INIT3 and PERL_SYS_TERM calls to rlm_perl. (closes: #495073)
+ * Make the SQL modules link against rlm_sql.so in the most horrific
+ (and only) way possible. (closes: #448699)
+
+ -- Stephen Gran <sgran@debian.org> Thu, 14 Aug 2008 19:15:30 +0100
+
+freeradius (2.0.4+dfsg-4) unstable; urgency=low
+
+ * Create links from sites-enabled to sites-available for the files that
+ upstream enables by default (closes: #483914)
+
+ -- Stephen Gran <sgran@debian.org> Sun, 01 Jun 2008 12:24:35 +0100
+
+freeradius (2.0.4+dfsg-3) unstable; urgency=low
+
+ * brown paper bag release
+ * Really actually do the statoverride I thought we were doing with -2
+ (closes: #482380)
+
+ -- Stephen Gran <sgran@debian.org> Thu, 22 May 2008 11:18:12 +0100
+
+freeradius (2.0.4+dfsg-2) unstable; urgency=low
+
+ * Install /var/log/freeradius 0750 so that people writing their passwords to
+ logfiles don't accidentally leak them without noticing (closes: #482085)
+
+ -- Stephen Gran <sgran@debian.org> Tue, 20 May 2008 19:38:27 +0100
+
+freeradius (2.0.4+dfsg-1) unstable; urgency=low
+
+ * Ok, actually remove all the cruft in debian/ shipped by upstream. This
+ means repacking the tarball and all that, but it also means dpkg-source
+ won't get the chance to ignore removed files, resulting in files
+ reappearing, but not locally (closes: #481406)
+ * Also remove config.{cache,log} in clean target - damn you gitignore
+
+ -- Stephen Gran <sgran@debian.org> Mon, 19 May 2008 03:55:55 +0100
+
+freeradius (2.0.4-3) unstable; urgency=low
+
+ * I have no god damn idea why the buildds are adding manpages to the wrong
+ binary. Reuploading with DH_VERBOSE=1 to see if we can find it. We
+ certainly can't reproduce it in our local builds, even calling the same
+ targets in the same order as the buildds.
+
+ -- Stephen Gran <sgran@debian.org> Mon, 19 May 2008 00:17:06 +0100
+
+freeradius (2.0.4-2) unstable; urgency=low
+
+ * freeradius-{common,utils} needs to Conflict: with other radius
+ implementations that share files (closes: #480682)
+
+ -- Stephen Gran <sgran@debian.org> Sun, 11 May 2008 18:41:45 +0100
+
+freeradius (2.0.4-1) unstable; urgency=low
+
+ * New upstream release
+ * Make all directories in /etc/freeradius group +x (closes: #479835)
+
+ -- Stephen Gran <sgran@debian.org> Fri, 09 May 2008 12:58:55 +0100
+
+freeradius (2.0.3-1) unstable; urgency=low
+
+ [ Mark Hymers ]
+ * New upstream release
+ * Bump Build-Dep on debhelper to 6.0.7 as we use dh_lintian
+ * Delete lots of obsolete conffiles
+
+ [ Stephen Gran ]
+ * Create a -common package for some extra file that the -utils package
+ needs. Also stuff in manpages and other arch all files to reduce the size
+ of the unnecessarily repeated stuff in the archive
+ * Change chown/chmod calls to dpkg-statoverride
+
+ -- Mark Hymers <mhy@debian.org> Sat, 03 May 2008 17:07:42 +0100
+
+freeradius (2.0.2-1) unstable; urgency=low
+
+ * Yet another new upstream version (closes: #465475)
+ * Cleanup manpages
+ * Add lintian overrides for rpath - this is intentional
+ * Packaging is now being done in git, we're dropping dpatch
+ * Split out client utilities (closes: #470977) - this means we also need to
+ split the library so the two binary packages can use it
+ * Major package rework
+
+ -- Stephen Gran <sgran@debian.org> Sun, 16 Mar 2008 22:58:16 +0000
+
+freeradius (2.0.0-1) unstable; urgency=low
+
+ * New upstream version
+ * Patches:
+ - freshen 02-radiusd-to-freeradius
+ - disable 03-dialupadmin-help until it's reworked properly
+
+ -- Stephen Gran <sgran@debian.org> Thu, 10 Jan 2008 23:05:50 +0000
+
+freeradius (1.1.7-1) unstable; urgency=low
+
+ * New upstream version
+ * Update debian/copyright to reflect reality:
+ - package is GPL v2 only, so refer to the correct file in common-licenses
+ - Remove explanation of wy postgres and snmp modules can't be shipped,
+ since we do ship them.
+ * Remove 04-configure-openssl.dpatch, --without-openssl applied upstream
+
+ -- Stephen Gran <sgran@debian.org> Thu, 09 Aug 2007 10:09:20 +0100
+
+freeradius (1.1.6-4) unstable; urgency=low
+
+ The "Give me GPLv2 compatibility or give me FTBFS" release
+ * Fix rlm_krb5 not to link with openssl unless it actually needs to
+ * debian/rules: move dependency on patch target to config.status
+ * debian/rules: FTBFS if a package accidentally directly links to openssl
+
+ -- Stephen Gran <sgran@debian.org> Wed, 04 Jul 2007 17:08:45 +0100
+
+freeradius (1.1.6-3) unstable; urgency=low
+
+ * Change freeradius-dbg to Priority: extra.
+ * After discussions with one of the ftp-assistants, we can ship
+ freeradius-postgresql in main. Yey! (Closes: #264649, #382329)
+
+ -- Mark Hymers <mhy@debian.org> Thu, 21 Jun 2007 13:32:09 +0100
+
+freeradius (1.1.6-2) unstable; urgency=low
+
+ [ Mark Hymers ]
+ * Add freeradius-dbg package.
+
+ [ Stephen Gran ]
+ * Update debian/control for php5 (dialupadmin) (closes: #424788, #412701)
+
+ -- Stephen Gran <sgran@debian.org> Thu, 31 May 2007 02:47:02 +0100
+
+freeradius (1.1.6-1) unstable; urgency=low
+
+ * New upstream release. Closes: #420003.
+
+ -- Mark Hymers <mhy@debian.org> Thu, 19 Apr 2007 15:14:05 +0100
+
+freeradius (1.1.5-1) unstable; urgency=low
+
+ * New upstream release. Closes: #415980
+ * Remove 01-fix-proxy.dpatch as it was a backport from upstream.
+ * otppasswd.sample is no longer provided so make sure we remove the
+ conffile properly in preinst.
+ * Update my email address and remove Paul from Uploaders. Thanks to him for
+ previously maintaining the package.
+ * Change so that we start at S50 and stop at K19 so that we start after
+ services we depend on and stop before them. Closes: #408665.
+ Note that is only for new installs.
+
+ -- Mark Hymers <mhy@debian.org> Fri, 13 Apr 2007 13:14:08 +0100
+
+freeradius (1.1.3-3) unstable; urgency=medium
+
+ * Fix POSIX compliance problem in init script. Closes: #403384.
+
+ -- Mark Hymers <mark@hymers.org.uk> Sat, 16 Dec 2006 20:45:11 +0000
+
+freeradius (1.1.3-2) unstable; urgency=low
+
+ [ Stephen Gran ]
+ * Check for existence of pidfile in initscript.
+ * Clean some old cruft from debian/rules
+ * Write dialup_admin/Makefile
+ * Make binNMU safe
+ * Some lsb init headers
+
+ [ Mark Hymers ]
+ * Merge upstream patch to deal with proxy port settings. Closes: #388024.
+ * Rewrite large parts of the Debian build system.
+
+ -- Stephen Gran <sgran@debian.org> Sat, 7 Oct 2006 21:08:35 +0100
+
+freeradius (1.1.3-1) unstable; urgency=low
+
+ [ Stephen Gran ]
+ * Add and rework ubuntu /var/run/tmpfs patch
+ * Add LSB init script headers
+ * Actually trap errors in init script, how about?
+
+ [ Mark Hymers ]
+ * New upstream version.
+ * New version of autotools in 1.1.3. Closes: #380204
+ * Remove previous patches merged upstream:
+ - 01-actually_check_for_unset_password.dpatch
+ * Only do user creation, group addition, chmod and chown stuff in postinst
+ on an initial install to avoid clobbering local changes.
+
+ -- Mark Hymers <mark@hymers.org.uk> Wed, 23 Aug 2006 14:48:57 +0100
+
+freeradius (1.1.2-2) unstable; urgency=low
+
+ [ Stephen Gran ]
+ * Acknowledge my previous NMU's (closes: #351732, #359042)
+ * Init scripts overhaul:
+ - now use reload on upgrade of modules
+ - replace sleep statements with --retry, as time based tests are
+ fragile
+ - no longer exit with an error if stop fails because the
+ daemon isn't running (closes: #374670, #351735)
+ - stop using command -v in /bin/sh scripts
+ * General maintainer script overhaul:
+ - Don't rm -rf something in /etc (ouch)
+ - Use chown -R instead of 'find .. -exec'
+ - should not need to manually remove the init script on purge (it's a dpkg
+ managed conffile)
+ - Only do user management stuff if user is missing. No point rerunning it
+ every upgrade.
+ - Install /etc/freeradius/dictionary with relaxed permissions, but never
+ touch it again (closes: #334299)
+ - switch to debhelper files where possible. I like an easy to read
+ Makefile.
+ * Arg. Move README.rfc to the freeradius package where it belongs.
+
+ [ Mark Hymers ]
+ * Document building SSL/PostgreSQL modules in debian/rules, add
+ control.postgresql to make it more convenient. Tested on AMD64 using
+ system libtool.
+
+ -- Stephen Gran <sgran@debian.org> Sun, 25 Jun 2006 23:06:16 +0100
+
+freeradius (1.1.2-1) unstable; urgency=low
+
+ [ Mark Hymers ]
+ * New maintainers
+ * New upstream version.
+ * Remove previous patches merged upstream:
+ - 01_NET-SNMP_build_support.dpatch
+ - 02_document_actual_shared_secret_maximum_length.dpatch
+ - 12_more_dialup_admin_various_fixes.dpatch
+ - 14_broken_parse.dpatch
+ - 15_CVE-2006-1354.dpatch
+ * Use --with-system-libtool during configure. Add B-D: on libtool
+ Removes obsolete dpatches:
+ - 06_libtool14_vs_rlm_eap_tls.dpatch
+ - 13_a_libtool_to_call_your_own.dpatch
+ * Remove freeradius.undocumented as we don't install links to
+ undocumented(7) anymore (not recommended since policy 3.5.8.0)
+
+ [ Stephen Gran ]
+ * Update to Standards Version 3.7.2 (no changes)
+ * Remove doc/rfc/ to make -legal happy (closes: #365192)
+ - this means repacked tarball. See README.rfc for details
+ * Test for unset variable, rather than empty variable in clean_radacct,
+ monthly_tot_stats and truncate_radacct (closes: #374053)
+
+ -- Mark Hymers <mark@hymers.org.uk> Sat, 17 Jun 2006 16:05:19 +0100
+
+freeradius (1.1.0-1.2) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * [ CVE-2006-1354 ]:
+ src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c:
+ Due to insufficient input validation it is possible for a remote
+ attacker to bypass authentication or cause a denial of service.
+ (closes: #359042)
+
+ -- Stephen Gran <sgran@debian.org> Wed, 17 May 2006 11:22:28 -0500
+
+freeradius (1.1.0-1.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Upstream patch to fix parsing config file (closes: #351732)
+ Fixes: fails to start on amd64 (error in dictionary parsing code)
+
+ -- Stephen Gran <sgran@debian.org> Sat, 1 Apr 2006 11:07:55 +0100
+
+freeradius (1.1.0-1) unstable; urgency=low
+ * ReDebianise upstream tarball:
+ - Deleted RFCs: 2243 2289 2433 2548 2618 2619 2620 2621 2716 2759 2809 2865
+ 2866 2867 2868 2869 2882 2924 3162 3575 3576 3579 3580
+ draft-kamath-pppext-eap-mschapv2-00
+
+ * New FreeRADIUS modules marked stable by new upstream release
+ - rlm_perl
+ - rlm_sqlcounter
+ - rlm_sql_log + radsqlrelay
+ - rlm_otp (formerly rlm_x99_token, not built as it depends on OpenSSL)
+
+ * Remove upstream-integrated patches:
+ - 02_EAP-SIM_doesnt_need_openssl
+ - 03_X99_is_not_stable
+ - 07_manpage_fixups
+ - 09_use_crypth_if_we_have_it
+ - 10_escape_entire_ldap_string
+ - 11_dont_xlat_possibly_bad_usernames_in_bad_accounting_packets
+ - 12_dialup_admin_various_fixes
+
+ * More dialup-admin fixes from Arve Seljebu
+ - Fix redirects in dialup-admin pages on servers with
+ register_globals turned off.
+ Closes: #333704
+ - HTTP form fields will always fail is_int, use in_numeric instead
+ Closes: #335149
+ - Created 12_more_dialup_admin_various_fixes
+
+ * Update to Policy 3.6.2.0
+ * Upgrade Debhelper support to V5
+ * Don't install the .in files with the examples
+ * Prefer libmysqlclient15-dev
+ Closes: #343779
+ * Shared secrets can only be 31 characters long, note this in clients.conf
+ - Created 02_document_actual_shared_secret_maximum_length
+ Closes: 344606
+ * Added support for lsb-init functions
+
+ -- Paul Hampson <Paul.Hampson@anu.edu.au> Sun, 15 Jan 2006 13:34:13 +1100
+
freeradius (1.1.0-0) unstable; urgency=low
* New upstream release.