Revisions of freeradius-server
Ana Guerrero (anag+factory)
accepted
request 1148113
from
Dominique Leuenberger (dimstar_suse)
(revision 97)
- fix directory permissions for /etc/raddb/mods-config/sql/moonshot-targeted-ids/*sql* (boo#1220025, accidentally discovered via boo#1220024) (forwarded request 1147358 from cboltz)
Ana Guerrero (anag+factory)
accepted
request 1121419
from
Adam Majer (adamm)
(revision 95)
changes only changes, added CVE references
Ana Guerrero (anag+factory)
accepted
request 1108446
from
Adam Majer (adamm)
(revision 94)
- update to version 3.2.3: Feature Improvements * Add "max_retries" for connection pools. Fixes #4908. * Update dictionary.ciena, dictionary.huawei, dictionary.wifialliance and dictionary.wispr; add dictionary.eleven. * You can now list "eap" in the "pre-proxy" section. If the packet contains a malformed EAP message, then the request will be rejected The home server will either reject (or discard) this packet anyways, so this change can only help with large proxy scenarios. * Show warnings if libldap is not using OpenSSL. * Support RADIUS/1.1. See https://datatracker.ietf.org/doc/draft-dekok-radext-radiusv11/ Disabled by default, can be enabled by passing `--with-radiusv11` to the configure script. For now, this is for testing interoperability. * Add extra sanity checks for malformed EAP attributes. * More TLS debugging output. * Clear old module instance data before HUP reload. Avoids burst memory use when e.g. using large data files with rlm_files. * `rlm_cache_redis` is now included in the freeradius-redis packages. Bug Fixes * Don't leak MD contexts with OpenSSL 3.0. * Increase internal buffer size for TLS connections, which can help with high-load proxies. * Send Status-Server checks for TLS connections. * Give descriptive error if "update CoA" is used with "fake" packets, as it won't work. i.e. inner-tunnel and virtual home servers. * Many small ASAN / LSAN fixes from Jorge Pereira. * Close inbound RADIUS/TLS socket on TLS errors. When a home server sees a TLS error, it will now close the socket, so proxies do not have an open (but dead) TLS connection.
Dominique Leuenberger (dimstar_suse)
accepted
request 1063506
from
Adam Majer (adamm)
(revision 93)
- update to version 3.2.1: Feature Improvements * Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries * Add simultaneous-use queries for MS SQL * Add radmin command for "stats pool <module-name>" which prints out statistics about the connection pools. * Client statistics now shows "conflicts", to count conflicting packets. * New optional "lightweight accounting-on/off" strategy. When refreshing queries.conf you should also add the new nasreload table and corresponding GRANTs to your DB schema. * Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps with Eduroam. * Allow auth+acct for TCP sockets, too. * Add rlm_cache_redis. See raddb/mods-available/cache for details. * Allow radmin to look up home servers by name, too. * Ensure that dynamic clients don't create loops on duplicates * Removed rlm_sqlhpwippool. There was no documentation, no configuration, and the module was ~15 years old with no one using it. * Marked rlm_python3 as stable. * Add sigalgs_list. See raddb/mods-available/eap * For rlm_linelog, when opening files in /dev, look at "permissions" to see whether to open them r/w. * More flexibility for dynamic home servers. See doc/configuration/dynamic_home_servers.md and raddb/home_servers/README.md. * Allow setting of application_name for PostgreSQL. See mods-available/sql. Bug Fixes * Correct test for open sessions in radacct for MS SQL.
Dominique Leuenberger (dimstar_suse)
accepted
request 924673
from
Adam Majer (adamm)
(revision 88)
Adding bug reference only to changelog. No changes.
Dominique Leuenberger (dimstar_suse)
accepted
request 924184
from
Adam Majer (adamm)
(revision 87)
- update to 3.0.25: * `correct_escapes` has been added back into the default configuration. * A segfault when trying to proxy to zombie home servers has been fixed. * A number of other small bugs and compiler warnings were fixed. * Added support for building with PostgreSQL 14. - Update to version 3.0.24 (jsc#SLE-21237) Feature Improvements * Add sanitizer options to configure script. * Log information needed by Wireshark to decode TLS sessions. * Allow more liberal SQL commands in rlm_sql_map. * Update dictionary.apc, dictionary.h3c. * Add new Acct-Status-Type Subsystem-On and Subsystem-Off See dictionary.iana and https://freeradius.org/rfc/acct_status_type_subsystem.html. * Add reject_unknown_intermediate_ca. See mods-available/eap. * Add dynamic loading of certificates via TLS-Session-Cert-File See raddb/certs/realms/README.md. * Add Server Name Indication (SNI) for outbound RadSec connections See raddb/sites-available/tls, and the home server tls configuration. * Support SNI for inbound RadSec connections. Certificates will be loaded from "realm_dir" in the "tls" section. SNI will be cached in the TLS-Server-Name-Indication attribute. * Preliminary support for haproxy "PROXY" protocol See sites-available/tls, "proxy_protocol" and doc/antora/modules/howto/pages/protocols/proxy/. * Generate parse errors in more circumstances when we know that the configuration is wrong. * Add "weeklycounter" to sample sqlcounter configuration. * Add certificate attributes to the request list, even if
Dominique Leuenberger (dimstar_suse)
accepted
request 860194
from
Michael Ströder (stroeder)
(revision 85)
Dominique Leuenberger (dimstar_suse)
accepted
request 829736
from
Adam Majer (adamm)
(revision 83)
- freeradius-server-radiusd-logrotate.patch: fix permissions in logrotate global section (bsc#1170505, bsc#1174905)
Dominique Leuenberger (dimstar_suse)
accepted
request 788266
from
Adam Majer (adamm)
(revision 82)
Bug number fixes only
Dominique Leuenberger (dimstar_suse)
accepted
request 787864
from
Adam Majer (adamm)
(revision 81)
- update to 3.0.21 Feature Improvements * New stored procedure for allocating IPs with PostgreSQL Rates of 1500 IPs per second are now possible See raddb/mods-config/sql/ippool/postgresql/procedure.sql * Add SQL IP pool support for Microsoft SQL Server See raddb/mods-config/sql/ippool/mssql/ * Added RCNTEC dictionary. Closes #3168. * Added Pica8 dictionary. Closes #3179. * Add TLS-Client-Cert-Valid-Since attribute holding not Before date Patch from Boris Lytochkin. Fixes #3157. * Generate attributes containing unknown OIDs See raddb/sites-available/tls * Update the WiMAX dictionary. * Added ability to rlm_python(Python2) show a stacktrace from errors. #2979. * Add WiFi Alliance Policy OIDs. See raddb/certs/xpextensions * radmin now shows coa stats, too. * Sample schema extensions for summarizing data in SQL See mods-config/sql/main/*/process-radacct.sql * Update dictionary.aerohive, dictionary.fortinet, dictionary.arista and dictionary.erx. * Added VAS Experts dictionary. * Many updates to RPM and jenkins builds from Matthew Newton. * Added %C (time now in seconds) and %c (microsecond component of now) back-ported from the "master" branch. * Add reload capability to systemd unit file in Debian and RedHat. * Increase timestamp precision in postauth to maximum supported by each database and simplify (and make more consistent between drivers) the timestamps in SQL queries by using expansions.
Dominique Leuenberger (dimstar_suse)
accepted
request 783861
from
Tomáš Chvátal (scarabeus_iv)
(revision 80)
Dominique Leuenberger (dimstar_suse)
accepted
request 759001
from
Adam Majer (adamm)
(revision 79)
- Add missing BuildRequire on samba-core-devel required for windbind support in rlm_mschap.
Dominique Leuenberger (dimstar_suse)
accepted
request 707189
from
Adam Majer (adamm)
(revision 78)
backport missing change from SLE - install license as %license instead of documentation
Displaying revisions 1 - 20 of 97