./net/radsecproxy, Secure radius proxy

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.8.1, Package name: radsecproxy-1.8.1, Maintainer: pkgsrc-users

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS
(RadSec) RADIUS transports. There is also experimental support for
TCP and DTLS.


Required to run:
[security/nettle]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 4b62f3f7bbaeff11ca201f140f06d0b5664501bf
RMD160: ea252a220388ede6cd0a27c7961215a5c11ccd63
Filesize: 319.259 KB

Version history: (Expand)


CVS history: (Expand)


   2019-11-03 12:45:59 by Roland Illig | Files touched by this commit (255)
Log message:
net: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
   2019-10-01 18:38:08 by Havard Eidnes | Files touched by this commit (2) | Package updated
Log message:
Update radsecproxy to version 1.8.1.

Pkgsrc changes:
 * None.

Upstream changes:
2019-10-01 1.8.1
  Bug fixes:
   - Handle Tunnel-Password attribute correctly
   - Fix BSD platform issues
   - Fix spelling in log messages and manpages
   - Fix compile issues for unit tests
   - Don't hardcode location of config files
   2019-09-11 13:51:22 by Havard Eidnes | Files touched by this commit (3) | Package updated
Log message:
Update radsecproxy to version 1.8.0.

Pkgsrc changes:
 * The hosting of radsecproxy has changed to github.com.
 * Add dependency on nettle.
 * Update LICENSE, now only modified-bsd.
 * Use gmake to build to avoid a couple of warnings.
 * Relinquish exclusive maintainership.

Upstream changes:

20190704 1.8.0
        New features:
        - Rewrite: supplement attribute (add attribute if not present) (#19)
        - Rewrite: modify vendor attribute
        - Rewrite whitelist mode
        - Autodetect status-server capability of servers
        - Minimalistic status-server
        - Explicit SubjectAltName:DNS and :IP match on certificates

        Misc:
        - No longer require docbook2x tools, but include plain manpages
        - Fail on startup if overlapping clients with different tls blocks

        Compile fixes:
        - Fix compile issues on bsd

        Bug fixes:
        - Handle %00 in config correctly (#31)
        - Fix server selection when udp were unreachable for long periods

2018-09-03 1.7.2
        Misc:
        - Always copy proxy-state attributes in own responses
        - Authenticate own access-reject responses
        - Retry outstanding requests after connection reset

        Compile fixes:
        - Fix compile issues on some platforms (#14)
        - Fix compile issue when dtls disabled (#16)
        - Fix compile issue on Cygwin (#18)
	- Fix radsecproxy.conf manpage not installed when docbook2x
	  not available

        Bug fixes:
        - Fix request might be dropped if udp client uses multiple source ports
        - Fix tls output might drop requests under high load
        - Check for IP literals in Certificate SubjectAltName:DNS records
        - Fix tls connection might hang during SSL_connect and SSL_accept

2018-07-05 1.7.1
        License and copyright changes:
        - Copyright SWITCH
        - 3-clause BSD license only, no GPL.

        Enhancements:
        - Support the use of OpenSSL version 1.1 and 1.0 series
          (RADSECPROXY-66, RADSECPROXY-74).
        - Reload TLS certificate CRLs on SIGHUP (RADSECPROXY-78).
        - Make use of SO_KEEPALIVE for tcp sockets (RADSECPROXY-12).
        - Optionally include the thread-id in log messages
        - Allow hashing MAC addresses in the log (same as for F-Ticks)
        - Log certificate subject if rejected
        - Log own responses (RADSECPROXY-61)
        - Allow f-ticks prefix to be configured
        - radsecproxy-hash: allow MAC addresses to be passed on command line

        Misc:
        - libnettle is now an unconditional dependency.
        - FTicks support is now on by default and not optional.
        - Experimental code for dynamic discovery has been removed.
        - Replace several server status bits with a single state enum.
          (RADSECPROXY-71)
        - Use poll instead of select to allow > 1000 concurrent connections.
	- Implement locking for all SSL objects (openssl states it
	  is not thread-safe)
        - Rework DTLS code.

        Bug fixes:
        - Detect the presence of docbook2x-man correctly.
        - Make clang less unhappy.
        - Don't use a smaller pthread stack size than what's allowed.
        - Avoid a deadlock situation with dynamic servers (RADSECPROXY-73).
        - Don't forget about good dynamically discovered (TLS) connections
          (RADSECPROXY-69).
	- Fix refcounting in error cases when loading configuration
	  (RADSECPROXY-42)
        - Fix potential crash when rewriting malformed vendor attributes.
        - Properly cleanup expired requests from server output-queue.
        - Fix crash when dynamic discovered server doesn't resolve.
   2017-08-03 13:30:45 by Havard Eidnes | Files touched by this commit (2) | Package updated
Log message:
Update radsecproxy to version 1.6.9.

Pkgsrc changes:
 * The hosting of radsecproxy has changed to nordu.net.

Upstream changes:

2017-08-02 1.6.9
        Misc:
        - Use a listen(2) backlog of 128 (RADSECPROXY-72).

        Bug fixes:
        - Don't follow NULL the pointer at debug level 5 (RADSECPROXY-68).
        - Completely reload CAs and CRLs with cacheExpiry (RADSECPROXY-50).
        - Tie Access-Request log lines to response log lines (RADSECPROXY-60).
        - Fix a couple of memory leaks and NULL ptr derefs in error cases.
        - Take lock on realm refcount before updating it (RADSECPROXY-77).

2016-09-21 1.6.8
        Bug fixes:
        - Stop waiting on writable when reading a TCP socket.
        - Stomp less on the memory of other threads (RADSECPROXY-64).

2016-03-14 1.6.7
        Enhancements (security):
        - Negotiate TLS1.1, TLS1.2 and DTLS1.2 when possible, client and
        server side. Fixes RADSECPROXY-62.

        Enhancements:
        - Build HTML documentation properly.
   2016-09-19 01:13:13 by Sebastian Wiedenroth | Files touched by this commit (1)
Log message:
help configure find openssl
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2015-11-04 01:35:47 by Alistair G. Crooks | Files touched by this commit (748)
Log message:
Add SHA512 digests for distfiles for net category

Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-03-15 20:10:28 by Tobias Nygren | Files touched by this commit (1)
Log message:
needs openssl