Subject: CVS commit: pkgsrc/net
From: Adam Ciarcinski
Date: 2021-11-12 13:27:39
Message id: 20211112122739.4B3E3FAEC@cvs.NetBSD.org
Log Message:
freeradius: updated to 3.0.25

FreeRADIUS 3.0.25

Feature improvements
* Better debug output when proxying is disabled
* Updates to support PostgreSQL 14

Bug fixes
* Add `correct_escapes` back into default configuration
* Fix undeclared variable with some compile options
* Quiet erroneous debug output
* Fix segfault when proxying to zombie home server
* Fix resolving values to enum strings in rlm_rest
* Fix printing raw values rather than enum strings in rlm_couchbase

FreeRADIUS 3.0.24

Feature improvements
* Add sanitizer options to configure script.
* Log information needed by Wireshark to decode TLS sessions.
* Allow more liberal SQL commands in rlm_sql_map.
* Update dictionary.apc, dictionary.h3c
* Add new Acct-Status-Type Subsystem-On and Subsystem-Off.
  See dictionary.iana and
  https://freeradius.org/rfc/acct_status_type_subsystem.html
* Add reject_unknown_intermediate_ca.  See mods-available/eap
* Add dynamic loading of certificates via TLS-Session-Cert-File.
  See raddb/certs/realms/README.md
* Add Server Name Indication (SNI) for outbound RadSec connections.
  See raddb/sites-available/tls, and the home server tls configuration.
* Support SNI for inbound RadSec connections.  Certificates will
  be loaded from "realm_dir" in the "tls" section.  SNI will be
  cached in the TLS-Server-Name-Indication attribute.
* Preliminary support for haproxy "PROXY" protocol.
  See sites-available/tls, "proxy_protocol" and \ 
doc/antora/modules/howto/pages/protocols/proxy/
* Generate parse errors in more circumstances when we know that the
  configuration is wrong.
* Add "weeklycounter" to sample sqlcounter configuration
* Add certificate attributes to the request list, even if the certificates
  have expired.
* The Simultaneous-Use code is now IPv6 aware, and can deal with
  NAS-IPv6-Address.
* Add dictionary.cambium

Bug fixes
* Fix crash in trustrouter module. Patch from Alejandro Perez
* Fix crash in state handling.
* Don't alter global options in redhat logrotate scripts.
* EAP-FAST will print errors and continue, rather than exiting
  when OpenSSL fails various internal sanity checks.
* Allow admin to manually change core limits, even when core limits
  are disabled. Patch from Antonio Torres.
* Fix chunked rlm_rest HTTP body.
  Patch from Nathan Ward.
* Many fixes around the SQL ippool queries.conf and schema.
  Patches from Jorge Periera.
* Fix MySQL stored procedures.
* Rework connection pool management for corner cases.
* Final fix for double free.
* Fix sqlcounter wrong memory free.
* Accept slow writes from proxies over TCP, which allows the
  server to make more progress when it receives partial packets.
* Add 'weeklycounter' for rlm_sqlcounter.
* Outbound proxying over TCP / TLS is better able to deal with
  partial TCP reads, and has fewer issues with slow networks.
* Fix wrong data-type of Acct-Delay-Time in rlm_unix.
* Fix EAP-FAST PAC lifetime calculation.
* Print correct encoded packet length when debugging
Files:
RevisionActionfile
1.11modifypkgsrc/net/freeradius/Makefile.common
1.36modifypkgsrc/net/freeradius/PLIST
1.2modifypkgsrc/net/freeradius/config.mk
1.45modifypkgsrc/net/freeradius/distinfo
1.17modifypkgsrc/net/freeradius-freetds/Makefile
1.5modifypkgsrc/net/freeradius-krb5/Makefile
1.5modifypkgsrc/net/freeradius-mysql/Makefile
1.23modifypkgsrc/net/freeradius-rest/Makefile