./net/radsecproxy, Secure radius proxy

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.8.1nb3, Package name: radsecproxy-1.8.1nb3, Maintainer: pkgsrc-users

radsecproxy is a generic RADIUS proxy that supports both UDP and TLS
(RadSec) RADIUS transports. There is also experimental support for

Required to run:
[security/openssl] [security/nettle]

Required to build:

Master sites:

SHA1: 4b62f3f7bbaeff11ca201f140f06d0b5664501bf
RMD160: ea252a220388ede6cd0a27c7961215a5c11ccd63
Filesize: 319.259 KB

Version history: (Expand)

CVS history: (Expand)

   2020-05-22 12:56:49 by Adam Ciarcinski | Files touched by this commit (624)
Log message:
revbump after updating security/nettle
   2020-04-20 02:43:29 by Joerg Sonnenberger | Files touched by this commit (3)
Log message:
Fix ctype use. Bump revision.
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-11-03 12:45:59 by Roland Illig | Files touched by this commit (255)
Log message:
net: align variable assignments

pkglint -Wall -F --only aligned --only indent -r

No manual corrections.
   2019-10-01 18:38:08 by Havard Eidnes | Files touched by this commit (2) | Package updated
Log message:
Update radsecproxy to version 1.8.1.

Pkgsrc changes:
 * None.

Upstream changes:
2019-10-01 1.8.1
  Bug fixes:
   - Handle Tunnel-Password attribute correctly
   - Fix BSD platform issues
   - Fix spelling in log messages and manpages
   - Fix compile issues for unit tests
   - Don't hardcode location of config files
   2019-09-11 13:51:22 by Havard Eidnes | Files touched by this commit (3) | Package updated
Log message:
Update radsecproxy to version 1.8.0.

Pkgsrc changes:
 * The hosting of radsecproxy has changed to github.com.
 * Add dependency on nettle.
 * Update LICENSE, now only modified-bsd.
 * Use gmake to build to avoid a couple of warnings.
 * Relinquish exclusive maintainership.

Upstream changes:

20190704 1.8.0
        New features:
        - Rewrite: supplement attribute (add attribute if not present) (#19)
        - Rewrite: modify vendor attribute
        - Rewrite whitelist mode
        - Autodetect status-server capability of servers
        - Minimalistic status-server
        - Explicit SubjectAltName:DNS and :IP match on certificates

        - No longer require docbook2x tools, but include plain manpages
        - Fail on startup if overlapping clients with different tls blocks

        Compile fixes:
        - Fix compile issues on bsd

        Bug fixes:
        - Handle %00 in config correctly (#31)
        - Fix server selection when udp were unreachable for long periods

2018-09-03 1.7.2
        - Always copy proxy-state attributes in own responses
        - Authenticate own access-reject responses
        - Retry outstanding requests after connection reset

        Compile fixes:
        - Fix compile issues on some platforms (#14)
        - Fix compile issue when dtls disabled (#16)
        - Fix compile issue on Cygwin (#18)
	- Fix radsecproxy.conf manpage not installed when docbook2x
	  not available

        Bug fixes:
        - Fix request might be dropped if udp client uses multiple source ports
        - Fix tls output might drop requests under high load
        - Check for IP literals in Certificate SubjectAltName:DNS records
        - Fix tls connection might hang during SSL_connect and SSL_accept

2018-07-05 1.7.1
        License and copyright changes:
        - Copyright SWITCH
        - 3-clause BSD license only, no GPL.

        - Support the use of OpenSSL version 1.1 and 1.0 series
        - Reload TLS certificate CRLs on SIGHUP (RADSECPROXY-78).
        - Make use of SO_KEEPALIVE for tcp sockets (RADSECPROXY-12).
        - Optionally include the thread-id in log messages
        - Allow hashing MAC addresses in the log (same as for F-Ticks)
        - Log certificate subject if rejected
        - Log own responses (RADSECPROXY-61)
        - Allow f-ticks prefix to be configured
        - radsecproxy-hash: allow MAC addresses to be passed on command line

        - libnettle is now an unconditional dependency.
        - FTicks support is now on by default and not optional.
        - Experimental code for dynamic discovery has been removed.
        - Replace several server status bits with a single state enum.
        - Use poll instead of select to allow > 1000 concurrent connections.
	- Implement locking for all SSL objects (openssl states it
	  is not thread-safe)
        - Rework DTLS code.

        Bug fixes:
        - Detect the presence of docbook2x-man correctly.
        - Make clang less unhappy.
        - Don't use a smaller pthread stack size than what's allowed.
        - Avoid a deadlock situation with dynamic servers (RADSECPROXY-73).
        - Don't forget about good dynamically discovered (TLS) connections
	- Fix refcounting in error cases when loading configuration
        - Fix potential crash when rewriting malformed vendor attributes.
        - Properly cleanup expired requests from server output-queue.
        - Fix crash when dynamic discovered server doesn't resolve.
   2017-08-03 13:30:45 by Havard Eidnes | Files touched by this commit (2) | Package updated
Log message:
Update radsecproxy to version 1.6.9.

Pkgsrc changes:
 * The hosting of radsecproxy has changed to nordu.net.

Upstream changes:

2017-08-02 1.6.9
        - Use a listen(2) backlog of 128 (RADSECPROXY-72).

        Bug fixes:
        - Don't follow NULL the pointer at debug level 5 (RADSECPROXY-68).
        - Completely reload CAs and CRLs with cacheExpiry (RADSECPROXY-50).
        - Tie Access-Request log lines to response log lines (RADSECPROXY-60).
        - Fix a couple of memory leaks and NULL ptr derefs in error cases.
        - Take lock on realm refcount before updating it (RADSECPROXY-77).

2016-09-21 1.6.8
        Bug fixes:
        - Stop waiting on writable when reading a TCP socket.
        - Stomp less on the memory of other threads (RADSECPROXY-64).

2016-03-14 1.6.7
        Enhancements (security):
        - Negotiate TLS1.1, TLS1.2 and DTLS1.2 when possible, client and
        server side. Fixes RADSECPROXY-62.

        - Build HTML documentation properly.
   2016-09-19 01:13:13 by Sebastian Wiedenroth | Files touched by this commit (1)
Log message:
help configure find openssl