-freeradius (2.2.0-0) experimental; urgency=low
+freeradius (2.1.8+dfsg-1) unstable; urgency=medium
- * Unreleased.
-
- -- Josip Rodin <joy-packages@debian.org> Mon, 21 Dec 2009 13:04:52 +0100
+ * New upstream version.
+ + Fixes several showstopper bugs, hence increased urgency.
+ + Includes OpenSSL+GPL license exception, closes: #499120.
+ + Fixes typo in a warning, closes: #523074.
+ * Added libssl-dev into build-depends and enabled the building of
+ modules that just depend on OpenSSL, namely rlm_eap_peap, rlm_eap_tls,
+ rlm_eap_ttls, and rlm_otp, closes: #266229.
+ * Because the configuration of EAP+SSL modules now actually kicks in, its
+ non-existent certificate file would break the server start by default.
+ Depend on ssl-cert, make use of make-ssl-cert and openssl, and add
+ freerad to the ssl-cert group in the postinst to get us past the
+ problematic default settings so that we don't crash and burn on clean
+ upgrades, but otherwise leave everything else to the admin.
+ * Ship /etc/freeradius/attrs.access_challenge, like the others.
+ * Moved otp.conf and snmp.conf statoverride handling to the preinst
+ and used rm_conffile on them as well.
+ * Updated upstream changelog handling a bit.
+
+ -- Josip Rodin <joy-packages@debian.org> Sat, 02 Jan 2010 20:22:47 +0100
freeradius (2.1.7+dfsg-2) unstable; urgency=low
libpcap-dev,
python-dev,
libsnmp-dev,
- libpq-dev
+ libpq-dev,
+ libssl-dev
Section: net
Priority: optional
Maintainer: Josip Rodin <joy-packages@debian.org>
Package: freeradius
Architecture: any
-Depends: lsb-base (>= 3.1-23.2), ${shlibs:Depends}, freeradius-common, libfreeradius2 (= ${binary:Version})
+Depends: lsb-base (>= 3.1-23.2), ${shlibs:Depends}, freeradius-common, libfreeradius2 (= ${binary:Version}), ssl-cert, adduser
Provides: radius-server
Recommends: freeradius-utils
Suggests: freeradius-ldap, freeradius-postgresql, freeradius-mysql, freeradius-krb5
etc/freeradius/acct_users
etc/freeradius/attrs
etc/freeradius/attrs.access_reject
+etc/freeradius/attrs.access_challenge
etc/freeradius/attrs.accounting_response
etc/freeradius/attrs.pre-proxy
etc/freeradius/clients.conf
/etc/freeradius/policy.txt \
/etc/freeradius/attrs.accounting_response \
/etc/freeradius/attrs.access_reject \
+ /etc/freeradius/attrs.access_challenge \
/etc/freeradius/clients.conf \
/etc/freeradius/acct_users
do
done
fi
+ # Create stub SSL certificate file that became necessary in 2.1.8,
+ # with analogous disclaimers, because the admin may yet choose to
+ # switch to /usr/share/doc/freeradius/examples/certs/ stuff.
+ if [ -z "$2" ] || dpkg --compare-versions "$2" lt 2.1.8+dfsg-1; then
+ if egrep -q '^[ ]*\$INCLUDE eap.conf' /etc/freeradius/radiusd.conf && \
+ egrep -q '^[ ]*certdir = \${confdir}/certs' /etc/freeradius/eap.conf && \
+ egrep -q '^[ ]*cadir = \${confdir}/certs' /etc/freeradius/eap.conf
+ then
+ echo "Updating default SSL certificate settings, if any..." >&2
+ test -d /etc/freeradius/certs || mkdir /etc/freeradius/certs
+ if test ! -e /etc/ssl/certs/ssl-cert-snakeoil.pem || \
+ test ! -e /etc/ssl/private/ssl-cert-snakeoil.key
+ then
+ make-ssl-cert generate-default-snakeoil
+ fi
+ if egrep -q '^[ ]*certificate_file = \${certdir}/server.pem' /etc/freeradius/eap.conf && \
+ test ! -f /etc/freeradius/certs/server.pem
+ then
+ serverpem=wasnotthere
+ ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/freeradius/certs/server.pem
+ fi
+ if egrep -q '^[ ]*private_key_file = \${certdir}/server.pem' /etc/freeradius/eap.conf && \
+ [ "$serverpem" = "wasnotthere" ]
+ then
+ ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/freeradius/certs/server.key
+ sed -i -e 's,^\([ ]*private_key_file = \${certdir}\)/server.pem$,\1/server.key,' /etc/freeradius/eap.conf
+ if getent group ssl-cert >/dev/null; then
+ # freeradius-common dependency also provides us with adduser
+ adduser --quiet freerad ssl-cert
+ fi
+ fi
+ if egrep -q '^[ ]*CA_file = \${cadir}/ca.pem' /etc/freeradius/eap.conf && \
+ test ! -f /etc/freeradius/certs/ca.pem
+ then
+ ln -s /etc/ssl/certs/ca.pem /etc/freeradius/certs/ca.pem
+ fi
+ if egrep -q '^[ ]*random_file = \${certdir}/random' /etc/freeradius/eap.conf && \
+ test ! -f /etc/freeradius/certs/random
+ then
+ ln -s /dev/urandom /etc/freeradius/certs/random
+ fi
+ if egrep -q '^[ ]*dh_file = \${certdir}/dh' /etc/freeradius/eap.conf && \
+ test ! -f /etc/freeradius/certs/dh
+ then
+ # ssl-cert dependency also provides us with openssl
+ openssl dhparam -out /etc/freeradius/certs/dh 1024
+ fi
+ fi
+ fi
+
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d freeradius $action || true
else
fi
done
+ if [ -L /etc/freeradius/certs/server.pem ]; then
+ rm -f /etc/freeradius/certs/server.pem
+ fi
+ if [ -L /etc/freeradius/certs/server.key ]; then
+ rm -f /etc/freeradius/certs/server.key
+ fi
+ if [ -L /etc/freeradius/certs/ca.pem ]; then
+ rm -f /etc/freeradius/certs/ca.pem
+ fi
+ if [ -L /etc/freeradius/certs/random ]; then
+ rm -f /etc/freeradius/certs/random
+ fi
+ rm -f /etc/freeradius/certs/dh
+
rm -f /var/log/freeradius/radius.log* /var/log/freeradius/radwtmp*
;;
esac
if dpkg --compare-versions "$2" lt "1.1.5"; then
rm_conffile "/etc/freeradius/otppasswd.sample"
fi
+
# There are huge changes between 1.x and 2.x (we cleaned things up
# a lot), so sort it out here
if dpkg --compare-versions "$2" lt "2.0.0"; then
fi
+ # old files shipped by this package previously, but dropped upstream
+ if dpkg --compare-versions "$2" lt "2.1.8"; then
+ for file in \
+ /etc/freeradius/otp.conf \
+ /etc/freeradius/snmp.conf
+ do
+
+ rm_conffile "$file"
+
+ # must get rid of the overrides otherwise they corrupt the database
+ if dpkg-statoverride --list | grep -qw $file$; then
+ dpkg-statoverride --remove $file
+ fi
+
+ done
+ fi
+
esac
#DEBHELPER#
/etc/freeradius/policy.txt \
/etc/freeradius/attrs.accounting_response \
/etc/freeradius/attrs.access_reject \
+ /etc/freeradius/attrs.access_challenge \
/etc/freeradius/clients.conf \
/etc/freeradius/acct_users
do
fi
done
- # old files shipped by this package previously - still need to
- # get rid of the overrides otherwise they corrupt the database
- for file in \
- /etc/freeradius/otp.conf \
- /etc/freeradius/snmp.conf
- do
- if dpkg-statoverride --list | grep -qw $file$; then
- dpkg-statoverride --remove $file
- fi
- done
-
for dir in /etc/freeradius/certs \
/etc/freeradius/sites-available \
/etc/freeradius/sites-enabled \
binary-common:
dh_testdir
dh_testroot
- dh_installchangelogs
+ dh_installchangelogs doc/ChangeLog
dh_installdocs
dh_installexamples
chmod -x debian/freeradius/usr/share/doc/freeradius/examples/example.pl