pkgsrc

kpriv/pkgsrc

Fork 0

Commit graph

Author	SHA1	Message	Date
jperkin	e9c22b66e3	freeradius: Update to 3.0.17. Provided by Coy Hile in joyent/pkgsrc#131. Fixes an issue where the module builds would fail if they found a system LDAP. Fix print-PLIST while here. FreeRADIUS 3.0.17 Tue 17 Apr 2018 14:00:00 EDT urgency=low Feature improvements Add CURLOPT_CAINFO. Patch from Nicolas C. #2167 * "stats home server" now supports "src IPADDR", to specify home server also by source IP. Fixes #2169. * Add Dockerfiles for a selection of common systems. * Increase number of permitted file descriptors, for systems with many home servers. * Add TLS-Client-Cert-X509v3-Extended-Key-Usage-OIDs. Patch from Isaac Boukris. Fixes #2205. * Update main READMEs. Patches from Matthew Newton. * Added dictionary.mimosa Bug fixes * Don't call post-proxy twice when proxying to a virtual server. Matthew Newton, #2161. * Use "raw" string value for shared secrets and dynamic clients. It now parses strings with backslashes and "special characters" correctly. Fixes #2168. * Fix RuntimeDirectory for RedHat, from Alan Buxey. * Relax checks in 'if' parser from Isaac Bourkis * Minor cleanups for %{debug_attr:&request} from Isaac Boukris. * Be more aggressive about cleaning up cached certificate attributes, due to deficiencies in OpenSSL. Reported by Nicolas Reich. * Be more accepting when parsing IPv6 addresses. Bug noted by Klara Mall. * Fix double free in rlm_sql. Fixes #2180. * rlm_detail now writes empty Access-Accept packets. * rlm_python can now create tagged attributes. * Don't crash on duplicate realm + authhost / accthost. Bug found by Richard Palmer. * Allow partial certificate chain to trusted CA. Fixes #2162 * Treat SSL_read() returning zero as error. Fixes #2164. * detail writer now checks if the file was renamed or deleted. * Add User-Name to Access-Accept if EAP-Message exists, not Stripped-User-Name. * RedHat Systemd updates. Fixes #2184 * Use correct API for State variable in rlm_securid. * Remove broken radclient option "-i". * Fix "users" file (and hints, etc). So that it does not get confused about entry ordering with multiple $INCLUDEs. * Fix rlm_sql to expand the un-escaped string, not the raw string. * Link default and inner-tunnel only if they exist. Fixes #2206. * Don't use both IP_PKTINFO and IP_SENDSRCADDR. * Always install signal handler for SIGINT (needed by Docker). * Fix intermediate CA flow for OCSP. Fixes #2160. Intermediate certs which are not self-signed will now be checked. * sqlippool now returns "fail" if it fails IP allocation. * Fix rlm_yubikey to look for correct attribute in replay attack check.	2018-09-25 12:16:36 +00:00
fhajny	43153c4087	Update net/freeradius to 3.0.15. Based on a PR from @coyhile (https://github.com/joyent/pkgsrc/issues/18). Splits modules with external dependencies into separate packages. The 1.1.x branch was EOL'd in 2008. No upgrade guide from 1.1.x to 3.0.x seem to exist. Summary of improvements in 3.x: - Moved configuration entries in radiusd.conf to make more sense. - Added the "integer64" and "ipv4prefix" data types. - Added RADIUS over TLS (i.e. RadSec). See raddb/sites-available/tls. - Updated internal API to support new attributes and formats. - Added code to send SNMP Traps. See raddb/trigger.conf. - Added preliminary support for Apple's Grand Central Dispatch. - Added provisions for raddb/dictionary.local, for local changes See raddb/dictionary for more details. - Added packet/s tracking. See max_pps in the "listen" section. - The %{} expansions and "unlang" conditions are now parsed at server start. Descriptive errors are produced for syntax and format errors. - Casting is now supported for "unlang" comparisons. See "man unlang" e.g. <ipaddr>127.0.0.1 == Framed-IP-Address. - Direct comparison of attribute references is now supported e.g. &Foo == &Bar. This avoids stringification of the attributes. - Direct assignment of attributes is now supported e.g. Foo := &Bar. It also works for "octets" data types. - Comparisons of IPv4 and IPv6 prefixes are now supported The "<" operator means "within the prefix" for comparisons. - New sha1 xlat expansion (thanks to Alan Buxey). - Colourised log messages when logging to stdout. Look for yellow warnings and red errors. Doing this will save you a LOT of grief. - If the PCRE library is available, use it (insted of the POSIX functions) to process regular expressions (thanks to Phil Mayers). - -xv now displays all the features the server was built with, and the versions of the core libraries (libtalloc, libssl). Summary of improvements in 2.x: - simple policy language (see "man unlang") - virtual servers ("raddb/sites-available/README") - IPv6 support - better proxy support ("raddb/proxy.conf") - More EAP types - Debugging output should be <em>much</em> easier to understand - VMPS support - More modules have been moved to "stable" status (python, etc.) - SQL configuration has been cleaned up (see "raddb/sql/*") - limited support for HUP. (The configuration for some modules is re-loaded on HUP. Nothing else is reloaded.) - check configuration and exit ("radiusd -C") - Server core is now event based (simpler, more powerful)	2017-08-26 10:07:27 +00:00

Author

SHA1

Message

Date

jperkin

e9c22b66e3

freeradius*: Update to 3.0.17.

Provided by Coy Hile in joyent/pkgsrc#131.  Fixes an issue where the module
builds would fail if they found a system LDAP.  Fix print-PLIST while here.

FreeRADIUS 3.0.17 Tue 17 Apr 2018 14:00:00 EDT urgency=low
        Feature improvements
        * Add CURLOPT_CAINFO.  Patch from Nicolas C.
          #2167
        * "stats home server" now supports "src IPADDR",
          to specify home server also by source IP.  Fixes #2169.
        * Add Dockerfiles for a selection of common systems.
        * Increase number of permitted file descriptors, for
          systems with many home servers.
        * Add TLS-Client-Cert-X509v3-Extended-Key-Usage-OIDs.
          Patch from Isaac Boukris.  Fixes #2205.
        * Update main READMEs.  Patches from Matthew Newton.
        * Added dictionary.mimosa

        Bug fixes
        * Don't call post-proxy twice when proxying to
          a virtual server.  Matthew Newton, #2161.
        * Use "raw" string value for shared secrets and dynamic clients.
          It now parses strings with backslashes and "special characters"
          correctly.  Fixes #2168.
        * Fix RuntimeDirectory for RedHat, from Alan Buxey.
        * Relax checks in 'if' parser from Isaac Bourkis
        * Minor cleanups for %{debug_attr:&request} from Isaac Boukris.
        * Be more aggressive about cleaning up cached certificate attributes,
          due to deficiencies in OpenSSL.  Reported by Nicolas Reich.
        * Be more accepting when parsing IPv6 addresses.  Bug noted
          by Klara Mall.
        * Fix double free in rlm_sql.  Fixes #2180.
        * rlm_detail now writes empty Access-Accept packets.
        * rlm_python can now create tagged attributes.
        * Don't crash on duplicate realm + authhost / accthost.
          Bug found by Richard Palmer.
        * Allow partial certificate chain to trusted CA.  Fixes #2162
        * Treat SSL_read() returning zero as error.  Fixes #2164.
        * detail writer now checks if the file was renamed or deleted.
        * Add User-Name to Access-Accept if EAP-Message exists,
          not Stripped-User-Name.
        * RedHat Systemd updates.  Fixes #2184
        * Use correct API for State variable in rlm_securid.
        * Remove broken radclient option "-i".
        * Fix "users" file (and hints, etc). So that it does not
          get confused about entry ordering with multiple $INCLUDEs.
        * Fix rlm_sql to expand the un-escaped string, not the raw string.
        * Link default and inner-tunnel only if they exist.  Fixes #2206.
        * Don't use both IP_PKTINFO and IP_SENDSRCADDR.
        * Always install signal handler for SIGINT (needed by Docker).
        * Fix intermediate CA flow for OCSP.  Fixes #2160.
          Intermediate certs which are not self-signed will now be
          checked.
        * sqlippool now returns "fail" if it fails IP allocation.
        * Fix rlm_yubikey to look for correct attribute in replay
          attack check.

2018-09-25 12:16:36 +00:00

fhajny

43153c4087

Update net/freeradius to 3.0.15.

Based on a PR from @coyhile
(https://github.com/joyent/pkgsrc/issues/18). Splits modules with
external dependencies into separate packages.

The 1.1.x branch was EOL'd in 2008. No upgrade guide from 1.1.x to 3.0.x
seem to exist.

Summary of improvements in 3.x:

- Moved configuration entries in radiusd.conf to make more sense.
- Added the "integer64" and "ipv4prefix" data types.
- Added RADIUS over TLS (i.e. RadSec). See raddb/sites-available/tls.
- Updated internal API to support new attributes and formats.
- Added code to send SNMP Traps. See raddb/trigger.conf.
- Added preliminary support for Apple's Grand Central Dispatch.
- Added provisions for raddb/dictionary.local, for local changes See
  raddb/dictionary for more details.
- Added packet/s tracking. See max_pps in the "listen" section.
- The %{} expansions and "unlang" conditions are now parsed at server
  start. Descriptive errors are produced for syntax and format errors.
- Casting is now supported for "unlang" comparisons. See "man unlang"
  e.g. <ipaddr>127.0.0.1 == Framed-IP-Address.
- Direct comparison of attribute references is now supported e.g. &Foo
  == &Bar. This avoids stringification of the attributes.
- Direct assignment of attributes is now supported e.g. Foo := &Bar. It
  also works for "octets" data types.
- Comparisons of IPv4 and IPv6 prefixes are now supported The "<"
  operator means "within the prefix" for comparisons.
- New sha1 xlat expansion (thanks to Alan Buxey).
- Colourised log messages when logging to stdout. Look for yellow
  warnings and red errors. Doing this will save you a LOT of grief.
- If the PCRE library is available, use it (insted of the POSIX
  functions) to process regular expressions (thanks to Phil Mayers).
- -xv now displays all the features the server was built with, and the
  versions of the core libraries (libtalloc, libssl).

Summary of improvements in 2.x:

- simple policy language (see "man unlang")
- virtual servers ("raddb/sites-available/README")
- IPv6 support
- better proxy support ("raddb/proxy.conf")
- More EAP types
- Debugging output should be <em>much</em> easier to understand
- VMPS support
- More modules have been moved to "stable" status (python, etc.)
- SQL configuration has been cleaned up (see "raddb/sql/*")
- limited support for HUP.  (The configuration for some modules is
  re-loaded on HUP.  Nothing else is reloaded.)
- check configuration and exit ("radiusd -C")
- Server core is now event based (simpler, more powerful)

2017-08-26 10:07:27 +00:00

2 commits