./net/freeradius, Free RADIUS server implementation

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.0.17, Package name: freeradius-3.0.17, Maintainer: pkgsrc-users

FreeRADIUS is the most widely deployed RADIUS server in the world.
It is the basis for multiple commercial offerings.

MESSAGE.pam [+/-]

Required to run:
[databases/gdbm] [devel/talloc]

Required to build:

Master sites:

SHA1: a0d4372ee124cbee6b90a4463ff068afe70e06ca
RMD160: c335fe2ef39ca2311ac85b2ec3d5941bbbb5e6e6
Filesize: 3003.637 KB

Version history: (Expand)

CVS history: (Expand)

   2018-12-19 23:52:32 by Emmanuel Dreyfus | Files touched by this commit (2)
Log message:
Fix startup crash when running outside of gdb on BSD systems

On BSD systems, ptrace(PT_DETACH) uses a third argument for
resume address, with the magic value (void *)1 to resume where
process stopped. Specifying NULL there leads to a crash because
process resumes at address 0.

We introduce an OS-dependent _PTRACE_DETACH macro to specify
third argument as NULL on Linux and (void *)1 on other systems.
Always using (void *)1 could be another solution, since basic
tests suggests passing (void *)1 as third argument on Linux
does not cause harm.

From upstream \ 
https://github.com/FreeRADIUS/freeradiu … 60b3f0584a
   2018-10-08 17:50:39 by Jonathan Perkin | Files touched by this commit (2)
Log message:
freeradius: Move openssl buildlink into common file.

Also add explicit openssl configure arguments.  Fixes issue where the module
builds could not find openssl.
   2018-09-25 14:16:37 by Jonathan Perkin | Files touched by this commit (15) | Package updated
Log message:
freeradius*: Update to 3.0.17.

Provided by Coy Hile in joyent/pkgsrc#131.  Fixes an issue where the module
builds would fail if they found a system LDAP.  Fix print-PLIST while here.

FreeRADIUS 3.0.17 Tue 17 Apr 2018 14:00:00 EDT urgency=low
        Feature improvements
        * Add CURLOPT_CAINFO.  Patch from Nicolas C.
        * "stats home server" now supports "src IPADDR",
          to specify home server also by source IP.  Fixes #2169.
        * Add Dockerfiles for a selection of common systems.
        * Increase number of permitted file descriptors, for
          systems with many home servers.
        * Add TLS-Client-Cert-X509v3-Extended-Key-Usage-OIDs.
          Patch from Isaac Boukris.  Fixes #2205.
        * Update main READMEs.  Patches from Matthew Newton.
        * Added dictionary.mimosa

        Bug fixes
        * Don't call post-proxy twice when proxying to
          a virtual server.  Matthew Newton, #2161.
        * Use "raw" string value for shared secrets and dynamic clients.
          It now parses strings with backslashes and "special characters"
          correctly.  Fixes #2168.
        * Fix RuntimeDirectory for RedHat, from Alan Buxey.
        * Relax checks in 'if' parser from Isaac Bourkis
        * Minor cleanups for %{debug_attr:&request} from Isaac Boukris.
        * Be more aggressive about cleaning up cached certificate attributes,
          due to deficiencies in OpenSSL.  Reported by Nicolas Reich.
        * Be more accepting when parsing IPv6 addresses.  Bug noted
          by Klara Mall.
        * Fix double free in rlm_sql.  Fixes #2180.
        * rlm_detail now writes empty Access-Accept packets.
        * rlm_python can now create tagged attributes.
        * Don't crash on duplicate realm + authhost / accthost.
          Bug found by Richard Palmer.
        * Allow partial certificate chain to trusted CA.  Fixes #2162
        * Treat SSL_read() returning zero as error.  Fixes #2164.
        * detail writer now checks if the file was renamed or deleted.
        * Add User-Name to Access-Accept if EAP-Message exists,
          not Stripped-User-Name.
        * RedHat Systemd updates.  Fixes #2184
        * Use correct API for State variable in rlm_securid.
        * Remove broken radclient option "-i".
        * Fix "users" file (and hints, etc). So that it does not
          get confused about entry ordering with multiple $INCLUDEs.
        * Fix rlm_sql to expand the un-escaped string, not the raw string.
        * Link default and inner-tunnel only if they exist.  Fixes #2206.
        * Don't use both IP_PKTINFO and IP_SENDSRCADDR.
        * Always install signal handler for SIGINT (needed by Docker).
        * Fix intermediate CA flow for OCSP.  Fixes #2160.
          Intermediate certs which are not self-signed will now be
        * sqlippool now returns "fail" if it fails IP allocation.
        * Fix rlm_yubikey to look for correct attribute in replay
          attack check.
   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0
   2018-04-12 03:21:07 by NONAKA Kimihiro | Files touched by this commit (11) | Package updated
Log message:
freeradius: Updated to 3.0.16

2018.01.11 Version 3.0.16 has been released.
The focus of this release is stability.

Feature Improvements
* rlm_python now supports multiple lists. From #2031.
* Add trust router re-keying. From #2007.
* Add support for Samba / AD LDAP schema See doc/schemas/ldap/samba/README.txt
  and doc/schemas/ldap/samba/.
* Add "tls_min_version" and "tls_max_version" to EAP module \ 
for Debian OpenSSL
* Better documentation for client certificates in PEAP and TTLS: it usually
  doesn't work. Fixes #2068.
* Distinguish login failure from AD unavailable. Fixes #2069.
* Update RH spec files. Fixes #2070.
* Run Post-Proxy-Type if all home servers are dead Fixes #2072.
* Print offending IP addresses when EAP sessions come from two upstream home
  servers, and rate-limit the messages.
* Minor packaging updates.
* Better documentation for rlm_rest.
* EAP-FAST now has it's own "cipher_list", so that it is easier to \ 
* EAP-FAST now forcibly disables TLS1.2, until such time as we implement
  the new keying mechanism from TLS1.2.
* Add documentation for allow_expired_crl.
* Update Debian logrotation. #2093 and #2101.
* DHCP relay can now drop responses. #2095.
* rlm_sqlippool can now assign Delegated-IPv6-Prefix It also now can assign
  any IPv4 or IPv6 address Based on patches from maximumG. #2094 See
  raddb/mods-available/sqlippool for changes.
* radeapclient can now use EAP-SIM-Ki to dynamically create the necessary
* Explain why many LDAP connections are closed Fixes #1969.
* Debian build / package issues fixed by Matthew Newton.
* dictionary.patton updates from Brice Schaffner. Fixes #2137.
* Added scripts to build "inner-server.pem", and updated \ 
  and certs/README to match.
* Added provisions for using an external CA. See raddb/certs/.
* Include dhcpclient binary in freeradius-dhcp debian packge.

Bug Fixes
* Bind the lifetime of program name and python path to the module FR-AD-002
* Pass correct statement length into sqlite3_prepare[_v2] FR-AD-003 (redone).
* Allow 100-Continue responses with additional headers in rlm_rest.
* fix corner case where detail files were not being locked correctly.
* Fix (SQL-Group == "%{...}") checks, and same for LDAP-Group Fixes #1947.
* Clean up exfile code. Which should help to avoid issues with reading / writing
  100's of detail files.
* Fix build for winbind. Patch from Alex Clouter.
* Fix checkrad for Mikrotik. Patch from Muchael Ducharme.
* Fix home server stats lookup. Patch from Phil Mayers.
* Add libjson-c3 as an optional dependency.
* Require LTB OpenLDAP on CentOS / Redhat, to avoid linking against NSS,
  which breaks the server. Fixes #2040.
* rlm_python fixes. Fixes #2041.
* Typos in "man" pages. Fixes #2045.
* Expand "next" in %{%{...}:-%{...}}. Fixes #2048.
* Don't add TLS attributes twice. Fixes #2050.
* Fix memory allocation in rlm_rest. Fixes #2051.
* Update trustrouter for new API. Fixes #2059.
* Fix SQLite issues on FreeBSD. Fixes #2060.
* Don't do debug logging of bad passwords. Fixes #2064.
* More graceful handling of "die" in rlm_perl. Fixes #2073.
* Fix occasional crash when using cisco_accounting_username_bug = yes.
* EAP-FAST fixes from Isaac Boukris #2078, #2076, and #2082, #2126.
* DHCP fixes, relay, #2092, add run-time check, #2028.
* Decode multiple RADIUS packets at a time in highly loaded RadSec connections. \ 
Patch from Jan Tomasek. #2106.
* TunnelPassword is not "single value" in LDAP schema Fixes #2061.
* sql log now opens the expanded filename, not the input one This was
  a regression introduced in 3.0.15.
* Remove unnecessary UNIQUE constrain in Oracle schemas.
* Fix SSL thread and locking issues when modules also use SSL Fixes #2125 and
* Re-add dhcpclient "raw packet" changes. Patches from Nicolas Chaigne and
  Matthew Newton. Fixes #2155.
   2018-03-31 22:10:49 by Joerg Sonnenberger | Files touched by this commit (2)
Log message:
Fix build on NetBSD/current.
   2018-01-28 21:11:10 by Thomas Klausner | Files touched by this commit (462) | Package updated
Log message:
Bump PKGREVISION for gdbm shlib major bump
   2018-01-23 16:31:23 by Jonathan Perkin | Files touched by this commit (2)
Log message:
freeradius: Fix Darwin .dylib extension.