openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of freeradius-server

Ana Guerrero (anag+factory) accepted request 1148113 from

Dominique Leuenberger (dimstar_suse) 2 months ago (revision 97)

- fix directory permissions for
  /etc/raddb/mods-config/sql/moonshot-targeted-ids/*sql*
  (boo#1220025, accidentally discovered via boo#1220024) (forwarded request 1147358 from cboltz)

Ana Guerrero (anag+factory) accepted request 1145150 from

Adam Majer (adamm) 3 months ago (revision 96)

Ana Guerrero (anag+factory) accepted request 1121419 from

Adam Majer (adamm) 6 months ago (revision 95)

changes only changes, added CVE references

Ana Guerrero (anag+factory) accepted request 1108446 from

Adam Majer (adamm) 8 months ago (revision 94)

- update to version 3.2.3:
  Feature Improvements
  * Add "max_retries" for connection pools. Fixes #4908.
  * Update dictionary.ciena, dictionary.huawei, dictionary.wifialliance and
    dictionary.wispr; add dictionary.eleven.
  * You can now list "eap" in the "pre-proxy" section. If the packet contains a
    malformed EAP message, then the request will be rejected The home server
    will either reject (or discard) this packet anyways, so this change can
    only help with large proxy scenarios.
  * Show warnings if libldap is not using OpenSSL.
  * Support RADIUS/1.1. See
    https://datatracker.ietf.org/doc/draft-dekok-radext-radiusv11/ Disabled by
    default, can be enabled by passing `--with-radiusv11` to the configure
    script. For now, this is for testing interoperability.
  * Add extra sanity checks for malformed EAP attributes.
  * More TLS debugging output.
  * Clear old module instance data before HUP reload. Avoids burst memory use
    when e.g. using large data files with rlm_files.
  * `rlm_cache_redis` is now included in the freeradius-redis packages.
Bug Fixes
  * Don't leak MD contexts with OpenSSL 3.0.
  * Increase internal buffer size for TLS connections, which can help with
    high-load proxies.
  * Send Status-Server checks for TLS connections.
  * Give descriptive error if "update CoA" is used with "fake" packets, as it
    won't work. i.e. inner-tunnel and virtual home servers.
  * Many small ASAN / LSAN fixes from Jorge Pereira.
  * Close inbound RADIUS/TLS socket on TLS errors. When a home server sees a
    TLS error, it will now close the socket, so proxies do not have an open
    (but dead) TLS connection.

Dominique Leuenberger (dimstar_suse) accepted request 1063506 from

Adam Majer (adamm) about 1 year ago (revision 93)

- update to version 3.2.1:
  Feature Improvements
  *  Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries
  *  Add simultaneous-use queries for MS SQL
  *  Add radmin command for "stats pool <module-name>"
     which prints out statistics about the connection pools.
  *  Client statistics now shows "conflicts",
     to count conflicting packets.
  *  New optional "lightweight accounting-on/off" strategy.
     When refreshing queries.conf you should also add the new
     nasreload table and corresponding GRANTs to your DB schema.
  *  Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps
     with Eduroam.
  *  Allow auth+acct for TCP sockets, too.
  *  Add rlm_cache_redis. See raddb/mods-available/cache for details.
  *  Allow radmin to look up home servers by name, too.
  *  Ensure that dynamic clients don't create loops on duplicates
  *  Removed rlm_sqlhpwippool. There was no documentation, no configuration,
     and the module was ~15 years old with no one using it.
  *  Marked rlm_python3 as stable.
  *  Add sigalgs_list. See raddb/mods-available/eap
  *  For rlm_linelog, when opening files in /dev, look at "permissions"
     to see whether to open them r/w.
  *  More flexibility for dynamic home servers. See
     doc/configuration/dynamic_home_servers.md and
     raddb/home_servers/README.md.
  *  Allow setting of application_name for PostgreSQL.
     See mods-available/sql.
  Bug Fixes
  *  Correct test for open sessions in radacct for MS SQL.

Dominique Leuenberger (dimstar_suse) accepted request 1058729 from

Adam Majer (adamm) over 1 year ago (revision 92)

Richard Brown (RBrownFactory) accepted request 1006870 from

Adam Majer (adamm) over 1 year ago (revision 91)

Richard Brown (RBrownFactory) accepted request 991370 from

Adam Majer (adamm) over 1 year ago (revision 90)

Dominique Leuenberger (dimstar_suse) accepted request 952634 from

Adam Majer (adamm) about 2 years ago (revision 89)

Dominique Leuenberger (dimstar_suse) accepted request 924673 from

Adam Majer (adamm) over 2 years ago (revision 88)

Adding bug reference only to changelog. No changes.

Dominique Leuenberger (dimstar_suse) accepted request 924184 from

Adam Majer (adamm) over 2 years ago (revision 87)

- update to 3.0.25:
  * `correct_escapes` has been added back into the default configuration.
  * A segfault when trying to proxy to zombie home servers has been fixed.
  * A number of other small bugs and compiler warnings were fixed.
  * Added support for building with PostgreSQL 14. 

- Update to version 3.0.24 (jsc#SLE-21237)
  Feature Improvements
  * Add sanitizer options to configure script.
  * Log information needed by Wireshark to decode TLS sessions.
  * Allow more liberal SQL commands in rlm_sql_map.
  * Update dictionary.apc, dictionary.h3c.
  * Add new Acct-Status-Type Subsystem-On and Subsystem-Off See
    dictionary.iana and
    https://freeradius.org/rfc/acct_status_type_subsystem.html.
  * Add reject_unknown_intermediate_ca. See mods-available/eap.
  * Add dynamic loading of certificates via TLS-Session-Cert-File
    See raddb/certs/realms/README.md.
  * Add Server Name Indication (SNI) for outbound RadSec connections
    See raddb/sites-available/tls, and the home server tls
    configuration.
  * Support SNI for inbound RadSec connections. Certificates will be
    loaded from "realm_dir" in the "tls" section. SNI will be cached
    in the TLS-Server-Name-Indication attribute.
  * Preliminary support for haproxy "PROXY" protocol See sites-available/tls,
    "proxy_protocol" and doc/antora/modules/howto/pages/protocols/proxy/.
  * Generate parse errors in more circumstances when we know that
    the configuration is wrong.
  * Add "weeklycounter" to sample sqlcounter configuration.
  * Add certificate attributes to the request list, even if

Dominique Leuenberger (dimstar_suse) accepted request 903262 from

Adam Majer (adamm) almost 3 years ago (revision 86)

Dominique Leuenberger (dimstar_suse) accepted request 860194 from

Michael Ströder (stroeder) over 3 years ago (revision 85)

Dominique Leuenberger (dimstar_suse) accepted request 852412 from

Adam Majer (adamm) over 3 years ago (revision 84)

Dominique Leuenberger (dimstar_suse) accepted request 829736 from

Adam Majer (adamm) over 3 years ago (revision 83)

- freeradius-server-radiusd-logrotate.patch: fix permissions in
  logrotate global section (bsc#1170505, bsc#1174905)

Dominique Leuenberger (dimstar_suse) accepted request 788266 from

Adam Majer (adamm) about 4 years ago (revision 82)

Bug number fixes only

Dominique Leuenberger (dimstar_suse) accepted request 787864 from

Adam Majer (adamm) about 4 years ago (revision 81)

- update to 3.0.21
Feature Improvements
  * New stored procedure for allocating IPs with PostgreSQL
    Rates of 1500 IPs per second are now possible
    See raddb/mods-config/sql/ippool/postgresql/procedure.sql
  * Add SQL IP pool support for Microsoft SQL Server
    See raddb/mods-config/sql/ippool/mssql/
  * Added RCNTEC dictionary. Closes #3168.
  * Added Pica8 dictionary. Closes #3179.
  * Add TLS-Client-Cert-Valid-Since attribute holding not
    Before date Patch from Boris Lytochkin. Fixes #3157.
  * Generate attributes containing unknown OIDs See raddb/sites-available/tls
  * Update the WiMAX dictionary.
  * Added ability to rlm_python(Python2) show a stacktrace
    from errors. #2979.
  * Add WiFi Alliance Policy OIDs.
    See raddb/certs/xpextensions
  * radmin now shows coa stats, too.
  * Sample schema extensions for summarizing data in SQL
    See mods-config/sql/main/*/process-radacct.sql
  * Update dictionary.aerohive, dictionary.fortinet,
    dictionary.arista and dictionary.erx.
  * Added VAS Experts dictionary.
  * Many updates to RPM and jenkins builds from Matthew Newton.
  * Added %C (time now in seconds) and %c (microsecond component of now)
    back-ported from the "master" branch.
  * Add reload capability to systemd unit file in Debian and RedHat.
  * Increase timestamp precision in postauth to maximum supported by each
    database and simplify (and make more consistent between drivers)
    the timestamps in SQL queries by using expansions.

Dominique Leuenberger (dimstar_suse) accepted request 783861 from

Tomáš Chvátal (scarabeus_iv) about 4 years ago (revision 80)

Dominique Leuenberger (dimstar_suse) accepted request 759001 from

Adam Majer (adamm) over 4 years ago (revision 79)

- Add missing BuildRequire on samba-core-devel required for windbind
  support in rlm_mschap.

Dominique Leuenberger (dimstar_suse) accepted request 707189 from

Adam Majer (adamm) almost 5 years ago (revision 78)

backport missing change from SLE

- install license as %license instead of documentation

Displaying revisions 1 - 20 of 97

Places

Revisions of freeradius-server

Places