2023-11-08 14:21:43 by Thomas Klausner | Files touched by this commit (2377) |
Log message: *: recursive bump for icu 74.1 |
2023-10-25 00:11:51 by Thomas Klausner | Files touched by this commit (2298) |
Log message: *: bump for openssl 3 |
2023-06-17 20:19:06 by Adam Ciarcinski | Files touched by this commit (9) | |
Log message: freeradius: updated to 3.2.3 Version 3.2.3 has been released. The focus of this release is stability. |
2023-04-19 10:12:01 by Adam Ciarcinski | Files touched by this commit (2359) | |
Log message: revbump after textproc/icu update |
2023-04-05 11:16:43 by Adam Ciarcinski | Files touched by this commit (12) | |
Log message: freeradius: updated to 3.2.2 Version 3.2.2 FEATURE IMPROVEMENTS The "configure" process now gives a much clearer report when it's \ finished. Patches by Matthew Newton. Fallback to "uname -n" on missing "hostname". Export thread details in radmin "stats threads". Improve queries for processing radacct into periodic usage data Fix from Nick Porter. Update dictionary.juniper. Add dictionary.calix. Fix dictionary.rfc6519 DS-Lite-Tunnel-Name to be "octets". Update documentation for robust-proxy-accounting, and be more aggressive about \ sending packets. Add per-module README.md files in the source. Add default Visual Studio configuration for developers. Postgres can now automatically use alternate queries for errors other than \ duplicate keys. %{listen:TLS-PSK-Identity} is now set when using PSK and psk_query This helps \ the server track the identity of the client which is connecting. Include thread stats in Status-Server attributes. Mark rlm_unbound stable and add to packages. Patches by Nick Porter. Remove broken/unsupported Dockerfiles for centos8 and debian9. Ensure Docker containers have stable uid/gid. Patches from Terry Burton. BUG FIXES Preliminary support for non-blocking TLS sockets. Fix support for partial certificate chains after adding reload support. Fix handling of debug_condition. Clean up home server states, and re-sync with the dictionaries. Correct certificate order when creating TLS-* attributes Update use of isalpha() etc. so broken configurations have less impact on the server. Outgoing TLS sockets now set SNI correctly from the "hostname" \ configuration item. Support Apple Homebrew on the M1. Better error messages when %{listen:TLS-...} is used. Getting statistics via Status-Server can now be done within a virtual server. Make TTLS+MS-CHAP work with TLS 1.3. Fix md5 xlat memory leak when using OpenSSL 3. Fix by Terry Burton. Version 3.2.1 FEATURE IMPROVEMENTS Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries,. Add simultaneous-use queries for MS SQL. Add radmin command for "stats pool <module-name>" Which prints \ out statistics about the connection pools. Client statistics now shows "conflicts", to count conflicting packets. New optional "lightweight accounting-on/off" strategy. When refreshing \ queries.conf you should also add the new nasreload table and corresponding \ GRANTs to your DB schema. Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps with Eduroam. \ Suggested by Stefan Winter. Allow auth+acct for TCP sockets, too. Add rlm_cache_redis. See raddb/mods-available/cache for details. Allow radmin to look up home servers by name, too. Ensure that dynamic clients don't create loops on duplicates Reported by Sam Yee. Removed rlm_sqlhpwippool. There was no documentation, no configuration, and the \ module was ~15 years old with no one using it. Marked rlm_python3 as stable. Add sigalgs_list. See raddb/mods-available/eap. Patch from Boris Lytochkin. For rlm_linelog, when opening files in /dev, look at "permissions" to \ see whether to open them r/w. More flexibility for dynamic home servers. See \ doc/configuration/dynamic_home_servers.md and raddb/home_servers/README.md. Allow setting of application_name for PostgreSQL. See mods-available/sql. BUG FIXES Correct test for open sessions in radacct for MS SQL. The linelog module now opens /dev/stdout in "write-only" mode if the \ permissions are set to "u+w" (0002). Various fixes to rlm_unbound from Nick Porter. PEAP now correctly runs Post-Auth-Type Accept. Create "TLS-Cert-*" for outbound Radsec, instead of TLS-Client-Cert-*. \ See sites-available/tls, and fix_cert_order. Minor updates and fixes to CI, Dockerfiles and packaging. Fix rlm_python3 build with python >= 3.10. |
2022-10-26 12:32:08 by Thomas Klausner | Files touched by this commit (687) |
Log message: *: bump PKGREVISION for libunistring shlib major bump |
2021-12-08 17:07:18 by Adam Ciarcinski | Files touched by this commit (3063) |
Log message: revbump for icu and libffi |
2021-11-12 13:27:39 by Adam Ciarcinski | Files touched by this commit (8) | |
Log message: freeradius: updated to 3.0.25 FreeRADIUS 3.0.25 Feature improvements * Better debug output when proxying is disabled * Updates to support PostgreSQL 14 Bug fixes * Add `correct_escapes` back into default configuration * Fix undeclared variable with some compile options * Quiet erroneous debug output * Fix segfault when proxying to zombie home server * Fix resolving values to enum strings in rlm_rest * Fix printing raw values rather than enum strings in rlm_couchbase FreeRADIUS 3.0.24 Feature improvements * Add sanitizer options to configure script. * Log information needed by Wireshark to decode TLS sessions. * Allow more liberal SQL commands in rlm_sql_map. * Update dictionary.apc, dictionary.h3c * Add new Acct-Status-Type Subsystem-On and Subsystem-Off. See dictionary.iana and https://freeradius.org/rfc/acct_status_type_subsystem.html * Add reject_unknown_intermediate_ca. See mods-available/eap * Add dynamic loading of certificates via TLS-Session-Cert-File. See raddb/certs/realms/README.md * Add Server Name Indication (SNI) for outbound RadSec connections. See raddb/sites-available/tls, and the home server tls configuration. * Support SNI for inbound RadSec connections. Certificates will be loaded from "realm_dir" in the "tls" section. SNI will be cached in the TLS-Server-Name-Indication attribute. * Preliminary support for haproxy "PROXY" protocol. See sites-available/tls, "proxy_protocol" and \ doc/antora/modules/howto/pages/protocols/proxy/ * Generate parse errors in more circumstances when we know that the configuration is wrong. * Add "weeklycounter" to sample sqlcounter configuration * Add certificate attributes to the request list, even if the certificates have expired. * The Simultaneous-Use code is now IPv6 aware, and can deal with NAS-IPv6-Address. * Add dictionary.cambium Bug fixes * Fix crash in trustrouter module. Patch from Alejandro Perez * Fix crash in state handling. * Don't alter global options in redhat logrotate scripts. * EAP-FAST will print errors and continue, rather than exiting when OpenSSL fails various internal sanity checks. * Allow admin to manually change core limits, even when core limits are disabled. Patch from Antonio Torres. * Fix chunked rlm_rest HTTP body. Patch from Nathan Ward. * Many fixes around the SQL ippool queries.conf and schema. Patches from Jorge Periera. * Fix MySQL stored procedures. * Rework connection pool management for corner cases. * Final fix for double free. * Fix sqlcounter wrong memory free. * Accept slow writes from proxies over TCP, which allows the server to make more progress when it receives partial packets. * Add 'weeklycounter' for rlm_sqlcounter. * Outbound proxying over TCP / TLS is better able to deal with partial TCP reads, and has fewer issues with slow networks. * Fix wrong data-type of Acct-Delay-Time in rlm_unix. * Fix EAP-FAST PAC lifetime calculation. * Print correct encoded packet length when debugging |