Created by Yolanda Robla and last modified
Get this branch:
bzr branch lp:~yolanda.robla/ubuntu/saucy/freeradius/dep-8-tests
Only Yolanda Robla can upload to this branch. If you are Yolanda Robla please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Yolanda Robla

Recent revisions

19. By Yolanda Robla

d/tests: added autopkgtests

18. By Dimitri John Ledkov

Fix FTBFS with multiarched python.

17. By Kees Cook

* Non-maintainer upload.
* Fix expired passwords when using the unix module (CVE-2011-4966,
  Closes: #694407).

16. By Nico Golde <email address hidden>

* Non-maintainer upload by the Security Team.
* Fix pre-authentication buffer overflow in EAP handling
  (CVE-2012-3547; Closes: #687175, #687178).

15. By Josip Rodin

* New upstream version, closes: #675698.
  + Fix for a segmentation fault in rlm_eap, closes: #645998.
* Backport upstream commits to fix our bug reports:
  + Fix for a crash on SIGHUP in config file handling,
    closes: #606450
  + Fix for a segmentation fault in radmin through environment variables,
    closes: #662194
* Use dpkg-buildflags for configure, by Moritz Muehlenhoff, closes: #657838.
* Mark rlm_jradius as stable to get it to build and ship, closes: #599067.
* Switch to dpkg-source 3.0 (quilt) format.
* Polished packaging a wee bit and updated the Standards-Version.

14. By gregor herrmann

* Non-maintainer upload.
* Fix "FTBFS: libfreeradius-radius-2.1.10.so: could not read symbols:
  Invalid operation": adjust target dependencies in debian/rules: make sure
  the patch target is not only called for build but also for
  build-{arch,indep}. (Closes: #666311)

13. By Josip Rodin

* Fixed the silly error that rendered previous attempts to use the
  right libtool functions useless, hopefully finally closes: #416266.
* Link radeapclient with libradius to fix linking with binutils-gold,
  closes: #553387.
* Fix the debug mode crashing when home server doesn't respond to
  a proxied request. Dmitry Borodaenko cherry-picked upstream commits
  540a0515de93d99ef45f97b9114185f159587b51 and
  ab972f1f9b724fc0b71e6ca726078c92ad26bc6b, thanks, closes: #609870.
* Fixed udpfromto IPv6 breakage because of broken offsetof tests,
  backported upstream b4f0c7ed4dc9811d8dfa982540ed8cb721cc854a
  (one minor change necessary) as well as
  655f0786d60fe02440763df69b1aaf5110706690, as well as the simple
  IPV6_RECVPKTINFO change, hopefully it activates all the right
  modern IPv6 functions and closes: #606866.

12. By Josip Rodin

* The zombie period start time variable mistakenly got set to a random
  value because of an upstream typo. Cherry-picked upstream commit
  7b7dff7724721f8af5fd163f2292d427a869992d into a Debian patch,
  requested for squeeze in #600465.
* Since 2.1.9, the daemon stopped reopening the default radius.log file
  constantly, which means the default logrotate setup breaks the default
  logging. D'oh. We now have to send SIGHUP to the daemon as a postrotate
  action, which makes it reopen log files and continue normally.
  * Added delaycompress to the logrotate options, just to be on the safe
  * Added a reload action into the init script accordingly, so that the
    right pidfile is picked up (one that can be overridden by the admin
    in /etc/default/freeradius, available since the last release).
  * Called reload from the postrotate section, closes: #602815.
  * However, the latter signal also makes the server re-read configuration
    files, but unlike the initial server start, this all happens under
    the unprivileged user. That in turn means that if by any chance there
    is any part of FR configuration that happens not to be readable by
    group freerad (or whatever non-default is configured), the reload
    will fail, effectively silently, as the log has been moved away. Gah.
    So we have to make an effort to ensure that the configuration files
    are still readable by that user, otherwise the reload fails and the
    aforementioned bug is not fixed. The files seem to revert to
    root:root upon conffile actions, at least that's what happened to me
    and I think that was the cause. So, on upgrade, try to re-apply the
    dpkg-statoverrides on our /etc/freeradius/* stuff, whatever they are,
    under the assumption they will let the freerad group read config files
    as is the initial setup. (I wish dpkg-statoverride --update $file
    just did the right thing, but it doesn't, so there's a new local
    function that does that.)
  * While doing the latter, noticed that we were checking for directories
    in dpkg-statoverride --list output with trailing slashes, but they
    get output without it, so it was a no-op. Fixed the check by removing
    the trailing slashes. Also then noticed that we were grepping --list
    output, but it takes an optional glob pattern, so saved us that
    pointless grep fork by using that facility, just as described in the
    policy manual.
  * force-reload switches from restart to reload, per policy 9.3.2.
* lenny backport needed also libltdl-dev (2.2.x) to build properly, rather
  than libltdl3-dev, which is obsolete and doesn't make sense anyway.

11. By Josip Rodin

* New upstream version, closes a bunch of reproducible SNAFUs,
  including two tagged as security issues, CVE-2010-3696, CVE-2010-3697,
  closes: #600176.
* Build-depend on newer Libtool because of lt_dladvise_init(), also
  upstream now has a configure check so we no longer need a patch,
  yet we still don't want the old behaviour. Noticed by John Morrissey,
  closes: #584151.
* Added the /etc/default/freeradius file as suggested by
  Rudy Gevaert and Matthew Newton, closes: #564716.
* Stop symlinking /dev/urandom into /etc/freeradius/certs/random,
  it breaks grep -r in /etc. Instead, replace it inside eap.conf,
  both in the new shipped conffile and in postinst.

10. By Josip Rodin

* New upstream version.
  + radclient (radtest) should now use IPv4 by default, closes: #569614.
* Depend on ca-certificates explicitly, closes: #569601.
* I mistook ca.pem for the locally selected acceptable CA, whereas that
  actually just happens to mean DebConf.org CA, and we want the former
  by default. That in turn is in /etc/ssl/certs/ca-certificates.crt.
  Obviously later the users can trivially change this, but this looks
  like a reasonably reliable default that doesn't involve a lot of magic
  that can delay or break postinst invocations. In the future, eap.conf
  will become modules/eap and this will not be so critical.
* The private_key_file = ${certdir}/server.pem default doesn't get along
  with snakeoil, or common sense really (why would you keep a secret key
  in the same file as the non-secret certificate?), and could have broken
  upgrades if people accepted the conffile prompt, so adjusted the
  default conffile too, and adjusted the postinst upgrade logic as well.
* Enable HAVE_LT_DLADVISE_INIT as it fixes the module symbol lookup
  errors from additional libraries, closes: #416266.
* Explicate source format as 1.0.
* Add ${misc:Depends} to all binary packages.
* Update standards version to 3.8.4, no changes necessary.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.