Subject: CVS commit: pkgsrc/net/radsecproxy
From: Havard Eidnes
Date: 2019-09-11 13:51:22
Message id:

Log Message:
Update radsecproxy to version 1.8.0.

Pkgsrc changes:
 * The hosting of radsecproxy has changed to
 * Add dependency on nettle.
 * Update LICENSE, now only modified-bsd.
 * Use gmake to build to avoid a couple of warnings.
 * Relinquish exclusive maintainership.

Upstream changes:

20190704 1.8.0
        New features:
        - Rewrite: supplement attribute (add attribute if not present) (#19)
        - Rewrite: modify vendor attribute
        - Rewrite whitelist mode
        - Autodetect status-server capability of servers
        - Minimalistic status-server
        - Explicit SubjectAltName:DNS and :IP match on certificates

        - No longer require docbook2x tools, but include plain manpages
        - Fail on startup if overlapping clients with different tls blocks

        Compile fixes:
        - Fix compile issues on bsd

        Bug fixes:
        - Handle %00 in config correctly (#31)
        - Fix server selection when udp were unreachable for long periods

2018-09-03 1.7.2
        - Always copy proxy-state attributes in own responses
        - Authenticate own access-reject responses
        - Retry outstanding requests after connection reset

        Compile fixes:
        - Fix compile issues on some platforms (#14)
        - Fix compile issue when dtls disabled (#16)
        - Fix compile issue on Cygwin (#18)
	- Fix radsecproxy.conf manpage not installed when docbook2x
	  not available

        Bug fixes:
        - Fix request might be dropped if udp client uses multiple source ports
        - Fix tls output might drop requests under high load
        - Check for IP literals in Certificate SubjectAltName:DNS records
        - Fix tls connection might hang during SSL_connect and SSL_accept

2018-07-05 1.7.1
        License and copyright changes:
        - Copyright SWITCH
        - 3-clause BSD license only, no GPL.

        - Support the use of OpenSSL version 1.1 and 1.0 series
        - Reload TLS certificate CRLs on SIGHUP (RADSECPROXY-78).
        - Make use of SO_KEEPALIVE for tcp sockets (RADSECPROXY-12).
        - Optionally include the thread-id in log messages
        - Allow hashing MAC addresses in the log (same as for F-Ticks)
        - Log certificate subject if rejected
        - Log own responses (RADSECPROXY-61)
        - Allow f-ticks prefix to be configured
        - radsecproxy-hash: allow MAC addresses to be passed on command line

        - libnettle is now an unconditional dependency.
        - FTicks support is now on by default and not optional.
        - Experimental code for dynamic discovery has been removed.
        - Replace several server status bits with a single state enum.
        - Use poll instead of select to allow > 1000 concurrent connections.
	- Implement locking for all SSL objects (openssl states it
	  is not thread-safe)
        - Rework DTLS code.

        Bug fixes:
        - Detect the presence of docbook2x-man correctly.
        - Make clang less unhappy.
        - Don't use a smaller pthread stack size than what's allowed.
        - Avoid a deadlock situation with dynamic servers (RADSECPROXY-73).
        - Don't forget about good dynamically discovered (TLS) connections
	- Fix refcounting in error cases when loading configuration
        - Fix potential crash when rewriting malformed vendor attributes.
        - Properly cleanup expired requests from server output-queue.
        - Fix crash when dynamic discovered server doesn't resolve.