./net/freeradius-freetds, Free RADIUS FreeTDS support

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.2.3nb2, Package name: freeradius-freetds-3.2.3nb2, Maintainer: pkgsrc-users

FreeRADIUS FreeTDS support


Required to run:
[databases/freetds] [net/freeradius]

Required to build:
[databases/gdbm] [security/openssl] [devel/talloc] [pkgtools/cwrappers]

Master sites:

Filesize: 3373.896 KB

Version history: (Expand)


CVS history: (Expand)


   2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377)
Log message:
*: recursive bump for icu 74.1
   2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298)
Log message:
*: bump for openssl 3
   2023-06-17 20:19:06 by Adam Ciarcinski | Files touched by this commit (9) | Package updated
Log message:
freeradius: updated to 3.2.3

Version 3.2.3 has been released.

The focus of this release is stability.
   2023-04-19 10:12:01 by Adam Ciarcinski | Files touched by this commit (2359) | Package updated
Log message:
revbump after textproc/icu update
   2023-04-05 11:16:43 by Adam Ciarcinski | Files touched by this commit (12) | Package updated
Log message:
freeradius: updated to 3.2.2

Version 3.2.2

FEATURE IMPROVEMENTS

The "configure" process now gives a much clearer report when it's \ 
finished. Patches by Matthew Newton.
Fallback to "uname -n" on missing "hostname".
Export thread details in radmin "stats threads".
Improve queries for processing radacct into periodic usage data Fix from Nick Porter.
Update dictionary.juniper.
Add dictionary.calix.
Fix dictionary.rfc6519 DS-Lite-Tunnel-Name to be "octets".
Update documentation for robust-proxy-accounting, and be more aggressive about \ 
sending packets.
Add per-module README.md files in the source.
Add default Visual Studio configuration for developers.
Postgres can now automatically use alternate queries for errors other than \ 
duplicate keys.
%{listen:TLS-PSK-Identity} is now set when using PSK and psk_query This helps \ 
the server track the identity of the client which is connecting.
Include thread stats in Status-Server attributes.
Mark rlm_unbound stable and add to packages. Patches by Nick Porter.
Remove broken/unsupported Dockerfiles for centos8 and debian9.
Ensure Docker containers have stable uid/gid. Patches from Terry Burton.

BUG FIXES

Preliminary support for non-blocking TLS sockets.
Fix support for partial certificate chains after adding reload support.
Fix handling of debug_condition.
Clean up home server states, and re-sync with the dictionaries.
Correct certificate order when creating TLS-* attributes
Update use of isalpha() etc. so broken configurations have less impact on the server.
Outgoing TLS sockets now set SNI correctly from the "hostname" \ 
configuration item.
Support Apple Homebrew on the M1.
Better error messages when %{listen:TLS-...} is used.
Getting statistics via Status-Server can now be done within a virtual server.
Make TTLS+MS-CHAP work with TLS 1.3.
Fix md5 xlat memory leak when using OpenSSL 3. Fix by Terry Burton.

Version 3.2.1

FEATURE IMPROVEMENTS

Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries,.
Add simultaneous-use queries for MS SQL.
Add radmin command for "stats pool <module-name>" Which prints \ 
out statistics about the connection pools.
Client statistics now shows "conflicts", to count conflicting packets.
New optional "lightweight accounting-on/off" strategy. When refreshing \ 
queries.conf you should also add the new nasreload table and corresponding \ 
GRANTs to your DB schema.
Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps with Eduroam. \ 
Suggested by Stefan Winter.
Allow auth+acct for TCP sockets, too.
Add rlm_cache_redis. See raddb/mods-available/cache for details.
Allow radmin to look up home servers by name, too.
Ensure that dynamic clients don't create loops on duplicates Reported by Sam Yee.
Removed rlm_sqlhpwippool. There was no documentation, no configuration, and the \ 
module was ~15 years old with no one using it.
Marked rlm_python3 as stable.
Add sigalgs_list. See raddb/mods-available/eap. Patch from Boris Lytochkin.
For rlm_linelog, when opening files in /dev, look at "permissions" to \ 
see whether to open them r/w.
More flexibility for dynamic home servers. See \ 
doc/configuration/dynamic_home_servers.md and raddb/home_servers/README.md.
Allow setting of application_name for PostgreSQL. See mods-available/sql.

BUG FIXES

Correct test for open sessions in radacct for MS SQL.
The linelog module now opens /dev/stdout in "write-only" mode if the \ 
permissions are set to "u+w" (0002).
Various fixes to rlm_unbound from Nick Porter.
PEAP now correctly runs Post-Auth-Type Accept.
Create "TLS-Cert-*" for outbound Radsec, instead of TLS-Client-Cert-*. \ 
See sites-available/tls, and fix_cert_order.
Minor updates and fixes to CI, Dockerfiles and packaging.
Fix rlm_python3 build with python >= 3.10.
   2022-10-26 12:32:08 by Thomas Klausner | Files touched by this commit (687)
Log message:
*: bump PKGREVISION for libunistring shlib major bump
   2021-12-08 17:07:18 by Adam Ciarcinski | Files touched by this commit (3063)
Log message:
revbump for icu and libffi
   2021-11-12 13:27:39 by Adam Ciarcinski | Files touched by this commit (8) | Package updated
Log message:
freeradius: updated to 3.0.25

FreeRADIUS 3.0.25

Feature improvements
* Better debug output when proxying is disabled
* Updates to support PostgreSQL 14

Bug fixes
* Add `correct_escapes` back into default configuration
* Fix undeclared variable with some compile options
* Quiet erroneous debug output
* Fix segfault when proxying to zombie home server
* Fix resolving values to enum strings in rlm_rest
* Fix printing raw values rather than enum strings in rlm_couchbase

FreeRADIUS 3.0.24

Feature improvements
* Add sanitizer options to configure script.
* Log information needed by Wireshark to decode TLS sessions.
* Allow more liberal SQL commands in rlm_sql_map.
* Update dictionary.apc, dictionary.h3c
* Add new Acct-Status-Type Subsystem-On and Subsystem-Off.
  See dictionary.iana and
  https://freeradius.org/rfc/acct_status_type_subsystem.html
* Add reject_unknown_intermediate_ca.  See mods-available/eap
* Add dynamic loading of certificates via TLS-Session-Cert-File.
  See raddb/certs/realms/README.md
* Add Server Name Indication (SNI) for outbound RadSec connections.
  See raddb/sites-available/tls, and the home server tls configuration.
* Support SNI for inbound RadSec connections.  Certificates will
  be loaded from "realm_dir" in the "tls" section.  SNI will be
  cached in the TLS-Server-Name-Indication attribute.
* Preliminary support for haproxy "PROXY" protocol.
  See sites-available/tls, "proxy_protocol" and \ 
doc/antora/modules/howto/pages/protocols/proxy/
* Generate parse errors in more circumstances when we know that the
  configuration is wrong.
* Add "weeklycounter" to sample sqlcounter configuration
* Add certificate attributes to the request list, even if the certificates
  have expired.
* The Simultaneous-Use code is now IPv6 aware, and can deal with
  NAS-IPv6-Address.
* Add dictionary.cambium

Bug fixes
* Fix crash in trustrouter module. Patch from Alejandro Perez
* Fix crash in state handling.
* Don't alter global options in redhat logrotate scripts.
* EAP-FAST will print errors and continue, rather than exiting
  when OpenSSL fails various internal sanity checks.
* Allow admin to manually change core limits, even when core limits
  are disabled. Patch from Antonio Torres.
* Fix chunked rlm_rest HTTP body.
  Patch from Nathan Ward.
* Many fixes around the SQL ippool queries.conf and schema.
  Patches from Jorge Periera.
* Fix MySQL stored procedures.
* Rework connection pool management for corner cases.
* Final fix for double free.
* Fix sqlcounter wrong memory free.
* Accept slow writes from proxies over TCP, which allows the
  server to make more progress when it receives partial packets.
* Add 'weeklycounter' for rlm_sqlcounter.
* Outbound proxying over TCP / TLS is better able to deal with
  partial TCP reads, and has fewer issues with slow networks.
* Fix wrong data-type of Acct-Delay-Time in rlm_unix.
* Fix EAP-FAST PAC lifetime calculation.
* Print correct encoded packet length when debugging