./net/freeradius, Free RADIUS server implementation

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 3.0.21nb1, Package name: freeradius-3.0.21nb1, Maintainer: pkgsrc-users

FreeRADIUS is the most widely deployed RADIUS server in the world.
It is the basis for multiple commercial offerings.

DEINSTALL [+/-]
MESSAGE.pam [+/-]

Required to run:
[databases/gdbm] [security/openssl] [devel/talloc]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 3d90d63bf1452794cf9d0b04147745a254872c3f
RMD160: 04a038b701f19d9c598e826a795a0cdaacd3768b
Filesize: 3109.949 KB

Version history: (Expand)


CVS history: (Expand)


   2020-04-16 17:49:30 by Jonathan Perkin | Files touched by this commit (5) | Package updated
Log message:
freeradius: Fix SMF initialisation.

Ensures the user/group are correctly substituted into the config file so that
the daemon can run as root then drop privileges appropriately, as well as
creating the rundir as necessary.

Submitted by Jorge Schrauwen in NetBSD/pkgsrc#58.  Bump PKGREVISION.
   2020-04-08 14:25:51 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
freeradius: amend PLIST
   2020-04-08 11:42:06 by Adam Ciarcinski | Files touched by this commit (7) | Package updated
Log message:
freeradius: updated to 3.0.21

3.0.21

Feature improvements

New stored procedure for allocating IPs with PostgreSQL. Rates of 1500 IPs per \ 
second are now possible. See \ 
raddb/mods-config/sql/ippool/postgresql/procedure.sql
Add SQL IP pool support for Microsoft SQL Server See \ 
raddb/mods-config/sql/ippool/mssql/
Added RCNTEC dictionary.
Added Pica8 dictionary.
Add TLS-Client-Cert-Valid-Since attribute holding notBefore date.
Generate attributes containing unknown OIDs. See raddb/sites-available/tls.
Update the WiMAX dictionary.
Added ability to rlm_python (Python2) show a stacktrace from errors.
Add WiFi Alliance Policy OIDs. See raddb/certs/xpextensions
radmin now shows coa stats, too.
Sample schema extensions for summarizing data in SQL. See \ 
mods-config/sql/main/*/process-radacct.sql Many patches from Terry Burton.
Update dictionary.aerohive, dictionary.fortinet, dictionary.arista and dictionary.erx
Added VAS Experts dictionary.
Many updates to RPM and jenkins builds from Matthew Newton
Added %C (time now in seconds) and %c (microsecond component of now) back-ported \ 
from the "master" branch.
Add reload capability to systemd unit file in Debian and RedHat.
Increase timestamp precision in postauth to maximum supported by each database \ 
and simplify (and make more consistent between drivers) the timestamps in SQL \ 
queries by using expansions.
Option to set dictionary path in raduat script.

Bug fixes

Various fixes found by PVS-Studio.
Set permissions of certificates in bootstrap shell script.
Increase the nasportid SQL field for varchar(32).
Skip processing proxy reply if there are no home servers available.
Update SQLite IPPool queries.
rlm_sql_unixodbc fixes.
Fixes when building with LibreSSL.
Fix the rlm_python3 build. Note that this module is experimental.
The rlm_python should append the python_path paths in sys.path, It fixes the \ 
expected behaviour to use the existing Python modules.
Fix rlm_python to print the script errors properly.
Bound total query time for PostgreSQL.
Many fixes to Oracle sqlippool. It now does 500 IPs per second without any tuning.
Reference sqlippool by it's correct name.
Revert 3.0.20 patch which caused crashes on duplicate clients.
Update WiMAX-MSK attribute.
Fix crash when trying to access non-existant regex capture group.
Use timestamps (request or server) rather than SQL NOW() in accounting queries \ 
so that these are stable when replayed from a file buffer.
   2020-03-15 23:45:37 by Tobias Nygren | Files touched by this commit (1)
Log message:
freeradius: include pam.bl3.mk so rlm_pam.so always gets built
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-12-30 19:17:22 by Adam Ciarcinski | Files touched by this commit (8) | Package updated
Log message:
freeradius: updated to 3.0.20

FreeRADIUS 3.0.20 Thu 14 Nov 2019 12:00:00 EDT urgency=medium
Feature improvements
* Add Jenkins continuous integration.
  Used to build http://packages.networkradius.com/
* Added Force10 dictionary.
* Update dictionary.hp with new attributes.
* Update dictionary.aruba with new attributes.
* Update logrotate settings to rotate as non-root user.
* Fix side-channel leak in EAP-PWD.  Patch from Mathy Vanhoef.
* Relax OpenSSL version checks, now that their API is both
  public, and stable.
* Note that tls_min_version/tls_max_version also support "1.3"
  Since there is no standard yet for EAP with TLS 1.3, it
  will not work.
* Added tripplite dictionary.
* Switch to the async interface for rlm_sql_postgresql so that
  we can enforce query_timeout.
* Added new LDAP option 'allow_dangling_group_ref'.
* Updated documentation and functionality for EAP session caching.
  See "cache" section of mods-available/eap.
* Tighten systemd unit file security.
* Disable TLS 1.0 and TLS 1.1 support in the default configuration.
  We STRONGLY recommend doing this for all installations.
* Add expansions for *outgoing* Radsec connections.
  "%{proxy_listen:TLS-...}"  for TLS-Client-Cert-* and TLS-Cert-*
  attributes.
* Add %{listen:tls} which returns "yes" or "no" for TLS or \ 
non-TLS
  connections.
* Update dictionary.lancom with new attributes.
* Added rlm_sql_mongo.  See raddb/mods-available/sql.  Note that
  this module is experimental.
* Added more documentation in sites-available/robust-proxy-accounting
* sqlippool now re-allocates unexpired leases, to prevent IP pool
  exhaustion when clients perform multiple reauthentication attempts.
  Patch from Terry Burton.
* Add support to radmin keep the history in ~/.radmin_history
* Add support for ENV and LD_PRELOAD in radiusd.conf.  See the new
  ENV sub-section of radiusd.conf.
* Update dictionary.aptilo.
* Update dictionary.airespace.
* Add sites-available/coa-relay, which makes CoA easier.
  Patch from Terry Burton.
* Add example stored procedure for IP Pools in MySQL.
  See mods-config/sql/ippool/mysql/procedure.sql
  Patch from Terry Burton.
* Update dictionary.dhcp dictionary with the recent hardware types.
* Add experimental rlm_python3.  This should largely work the same
  as rlm_python, which was Python2 only.
* Add Dockerfiles for Debian10 and CentOS8.
* Add RPM spec file compatibility for RHEL/CentOS 8.
* Notes on iOS 13 certificate issues.  See
  https://support.apple.com/en-us/HT210176.
* Notes on certificate constraints.  See raddb/certs/server.cnf.
* Add NAIRealm example to raddb/certs/server.cnf, for RFC 7585.

Bug fixes
* Allow listen.ipaddr to reference an IPv6-only host.
* ERX-Acct-Request-Reason is "integer".
* Fix a slow memory leak in the file management code.
* Try to fix file permissions if they get modified while
  the server is running.
* Fix slow memory leak with clients.
* Fix request and connection timeouts in rlm_rest.
* Fix systemd issues.  Patches from Daniele Rondina.
* Fixes from clang analyzer.
* Fix missing include for the dictionaries: alcatel.esam,
  altiga,alvarion.wimax.v2_2,aptis,asn,audiocodes,avaya,bristol,
  columbia_university,freedhcp,garderos,infoblox,motorola.illegal,
  starent.vsa1, telkom, wimax.wichorus.
* Fix internal sanity check when running with "-Xx"
* Allow "inner-tunnel" virtual servers to work better with
  "accept" and "reject" policies.
* Fix dictionary.huawei data types for Huawei-DNS-Server-IPv6-address
  and Huawei-Framed-IPv6-Address.
* Framed-Interface-ID in postgresql/queries.conf is string, not inet

* Fix rlm_cache to complain on unknown attributes in the
  "update" section of its configuration.
* Add configure checks for -latomic.  This helps on armel, mips
  and mipsel.
* Add support to Oracle 19 and 18.
* Add support for decoding tags in rlm_rest.
* Use correct passwords when updating CRLs in raddb/certs/
* Properly separate "originate-coa" packets when accounting packets
  are read from the detail file reader.
* Use the correct virtual server for pre/post-proxy.
* radsqlrelay fixes backported from "master" branch.
  Patches from Terry Burton.
* Fix DoS issues due to multithreaded BN_CTX access.
  Patch from Mathy Vanhoef.  CVE-2019-17185
   2019-11-03 12:45:59 by Roland Illig | Files touched by this commit (255)
Log message:
net: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
   2019-08-11 15:25:21 by Thomas Klausner | Files touched by this commit (3557) | Package updated
Log message:
Bump PKGREVISIONs for perl 5.30.0