Commit Graph

133 Commits

Author SHA256 Message Date
02f9ae48b0 - update to 3.2.4
Feature Improvements
  * Preliminary support for TEAP.
  * Update EAP module pre_proxy checks to make them less restrictive
    This prevents the "middle box" effect from affecting future traffic.
  * Many fixes and updates for Docker images.
  * Add dpsk module. See mods-available/dpsk.
  * Print out what cause the TLS operations to be made, such as the EAP
    method name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket.
  * Add auto_escape to sample SQL module config.
  * Add 'if not exists' to mysql create table queries.
  * Update dictionary.aruba; add dictionary.tplink, dictionary.alphion.
  * Allow for 'encrypt=1' attributes to be longer than 128 characters.
  * Added "radsecret" program which generates strong secrets.
    See the top of the "clients.conf" file for more information.
  * radclient now prints packets as hex when using -xxx.
  * Added "-t timeout" to radsniff. It will stop processing packets
    after <timeout> seconds.
  * Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF.
  * The detail module now has a "dates_as_integer" configuration item
    See mods-available/detail for more information.
  * Add lookback/lookforward steps and more configuration to totp.
    See mods-available/totp.
  * Add "time_since" xlat to calculate elapsed time in seconds,
    milliseconds and microseconds.
  * Support "Post-Auth-Type Challenge" in the inner tunnel.
  * Add "proxy_dedup_window". See radiusd.conf.
  * Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf.
  * Add "dedup_key" for misbehaving supplicants. See mods-available/eap.
  Bug Fixes

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=171
2024-05-31 14:47:06 +00:00
Dominique Leuenberger
ebd73b1876 Accepting request 1147358 from home:cboltz:branches:network
- fix directory permissions for
  /etc/raddb/mods-config/sql/moonshot-targeted-ids/*sql*
  (boo#1220025, accidentally discovered via boo#1220024)

OBS-URL: https://build.opensuse.org/request/show/1147358
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=169
2024-02-20 14:45:39 +00:00
30b14f60b6 Accepting request 1144489 from home:msmeissn:branches:network
- provides for user(radiusd), group(radiusd) and group (winbind) bsc#1219600

OBS-URL: https://build.opensuse.org/request/show/1144489
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=167
2024-02-08 11:39:44 +00:00
8c5428e4e0 CVE numbers
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=165
2023-10-31 11:20:42 +00:00
7137d48870 CVE references added only
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=164
2023-10-31 11:18:05 +00:00
10a4af9426 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=162 2023-09-01 11:42:24 +00:00
1b4e5f1e09 - update to version 3.2.3:
Feature Improvements
  * Add "max_retries" for connection pools. Fixes #4908.
  * Update dictionary.ciena, dictionary.huawei, dictionary.wifialliance and
    dictionary.wispr; add dictionary.eleven.
  * You can now list "eap" in the "pre-proxy" section. If the packet contains a
    malformed EAP message, then the request will be rejected The home server
    will either reject (or discard) this packet anyways, so this change can
    only help with large proxy scenarios.
  * Show warnings if libldap is not using OpenSSL.
  * Support RADIUS/1.1. See
    https://datatracker.ietf.org/doc/draft-dekok-radext-radiusv11/ Disabled by
    default, can be enabled by passing `--with-radiusv11` to the configure
    script. For now, this is for testing interoperability.
  * Add extra sanity checks for malformed EAP attributes.
  * More TLS debugging output.
  * Clear old module instance data before HUP reload. Avoids burst memory use
    when e.g. using large data files with rlm_files.
  * `rlm_cache_redis` is now included in the freeradius-redis packages.
Bug Fixes
  * Don't leak MD contexts with OpenSSL 3.0.
  * Increase internal buffer size for TLS connections, which can help with
    high-load proxies.
  * Send Status-Server checks for TLS connections.
  * Give descriptive error if "update CoA" is used with "fake" packets, as it
    won't work. i.e. inner-tunnel and virtual home servers.
  * Many small ASAN / LSAN fixes from Jorge Pereira.
  * Close inbound RADIUS/TLS socket on TLS errors. When a home server sees a
    TLS error, it will now close the socket, so proxies do not have an open
    (but dead) TLS connection.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=161
2023-09-01 11:37:49 +00:00
6b34ba0ef7 - update to version 3.2.1:
Feature Improvements
  *  Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries
  *  Add simultaneous-use queries for MS SQL
  *  Add radmin command for "stats pool <module-name>"
     which prints out statistics about the connection pools.
  *  Client statistics now shows "conflicts",
     to count conflicting packets.
  *  New optional "lightweight accounting-on/off" strategy.
     When refreshing queries.conf you should also add the new
     nasreload table and corresponding GRANTs to your DB schema.
  *  Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps
     with Eduroam.
  *  Allow auth+acct for TCP sockets, too.
  *  Add rlm_cache_redis. See raddb/mods-available/cache for details.
  *  Allow radmin to look up home servers by name, too.
  *  Ensure that dynamic clients don't create loops on duplicates
  *  Removed rlm_sqlhpwippool. There was no documentation, no configuration,
     and the module was ~15 years old with no one using it.
  *  Marked rlm_python3 as stable.
  *  Add sigalgs_list. See raddb/mods-available/eap
  *  For rlm_linelog, when opening files in /dev, look at "permissions"
     to see whether to open them r/w.
  *  More flexibility for dynamic home servers. See
     doc/configuration/dynamic_home_servers.md and
     raddb/home_servers/README.md.
  *  Allow setting of application_name for PostgreSQL.
     See mods-available/sql.
  Bug Fixes
  *  Correct test for open sessions in radacct for MS SQL.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=159
2023-02-06 18:23:52 +00:00
65294a38e7 Accepting request 1058211 from home:schubi2:pam_usr_etc
- Migration of PAM settings to /usr/lib/pam.d.

OBS-URL: https://build.opensuse.org/request/show/1058211
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=157
2023-01-16 15:13:28 +00:00
c89fc9c212 Accepting request 1006867 from home:stroeder:branches:network
- use chown with colon instead dot in radiusd.service

OBS-URL: https://build.opensuse.org/request/show/1006867
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=155
2022-09-29 09:02:13 +00:00
d517bc32d2 Accepting request 991315 from home:firstyear:branches:network
- Resolve issue with linking python3 with rlm-python

OBS-URL: https://build.opensuse.org/request/show/991315
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=153
2022-07-27 08:52:31 +00:00
6007a24a14 Accepting request 950901 from home:scabrero:branches:network
- Remove libwbclient-devel BuildRequires in favor of
  pkgconfig(wbclient); (jsc#SLE-20577);

OBS-URL: https://build.opensuse.org/request/show/950901
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=152
2022-02-08 09:09:10 +00:00
26e7da035a Add missing bug report in the log
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=151
2021-10-11 15:33:41 +00:00
Michael Ströder
f32c5e805c Accepting request 924111 from home:stroeder:branches:network
update to 3.0.25

OBS-URL: https://build.opensuse.org/request/show/924111
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=150
2021-10-07 21:50:17 +00:00
2a57c2d648 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=149 2021-10-07 16:47:23 +00:00
79ab8ece2d - remove python2 build
- drop references to SLE11

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=148
2021-10-07 16:11:57 +00:00
09dea27b0a - freeradius-server-radiusd-logrotate.patch: move logrotate
options into specific parts for each log as "global" options
  will persist past and clobber global options in the
  main logrotate config (bsc#1180525)

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=147
2021-10-07 15:45:35 +00:00
91edf028a2 Accepting request 903141 from home:susnux:branches:network
- Add ldap-schemas subpackage for OpenLDAP radius schemas
- Add freeradius-server-fix-perl-shbang.patch to fix RPMlint warnings
- Fix RPMlint warnings about macros and permissions
- Update to version 3.0.23

OBS-URL: https://build.opensuse.org/request/show/903141
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=146
2021-06-30 15:33:22 +00:00
Michael Ströder
a5d102d662 Accepting request 860192 from home:adamm:branches:network
- freeradius-server-radiusd-logrotate.patch: move logrotate
  options into specific parts for each log as "global" options
  will persist past and clobber global options in the
  main logrotate config (bsc#1180525)

OBS-URL: https://build.opensuse.org/request/show/860192
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=144
2021-01-04 13:06:40 +00:00
d8c2e78ec4 Accepting request 852406 from home:pgajdos
- remove redundant definitions of apache rpm macros

OBS-URL: https://build.opensuse.org/request/show/852406
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=142
2020-12-01 17:32:41 +00:00
a3c6eee1bb logrotate global section (bsc#1170505, bsc#1174905)
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=140
2020-08-26 11:42:57 +00:00
3bd17f8ba3 - freeradius-server-radiusd-logrotate.patch: fix permissions in
lograte global section (bsc#1170505, bsc#1174905)

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=139
2020-08-26 11:35:27 +00:00
5008745954 Fix bugnumbers only
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=137
2020-03-25 16:15:45 +00:00
65823d05b2 - update to 3.0.21
Feature Improvements
  * New stored procedure for allocating IPs with PostgreSQL
    Rates of 1500 IPs per second are now possible
    See raddb/mods-config/sql/ippool/postgresql/procedure.sql
  * Add SQL IP pool support for Microsoft SQL Server
    See raddb/mods-config/sql/ippool/mssql/
  * Added RCNTEC dictionary. Closes #3168.
  * Added Pica8 dictionary. Closes #3179.
  * Add TLS-Client-Cert-Valid-Since attribute holding not
    Before date Patch from Boris Lytochkin. Fixes #3157.
  * Generate attributes containing unknown OIDs See raddb/sites-available/tls
  * Update the WiMAX dictionary.
  * Added ability to rlm_python(Python2) show a stacktrace
    from errors. #2979.
  * Add WiFi Alliance Policy OIDs.
    See raddb/certs/xpextensions
  * radmin now shows coa stats, too.
  * Sample schema extensions for summarizing data in SQL
    See mods-config/sql/main/*/process-radacct.sql
  * Update dictionary.aerohive, dictionary.fortinet,
    dictionary.arista and dictionary.erx.
  * Added VAS Experts dictionary.
  * Many updates to RPM and jenkins builds from Matthew Newton.
  * Added %C (time now in seconds) and %c (microsecond component of now)
    back-ported from the "master" branch.
  * Add reload capability to systemd unit file in Debian and RedHat.
  * Increase timestamp precision in postauth to maximum supported by each
    database and simplify (and make more consistent between drivers)
    the timestamps in SQL queries by using expansions.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=135
2020-03-24 15:45:52 +00:00
415f44c27c Remove git files from installation
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=134
2020-03-24 14:47:55 +00:00
dc40c1af74 - update to 3.0.20
Feature Improvements
  * Added Force10 dictionary.
  * Update dictionary.hp with new attributes. #2690.
  * Update dictionary.aruba with new attributes. #2696.
  * Fix side-channel leak in EAP-PWD (bsc#1166858, CVE-2019-20510)
  * Relax OpenSSL version checks, now that their API is both public, and stable.
  * Note that tls_min_version/tls_max_version also support "1.3"
    Since there is no standard yet for EAP with TLS 1.3, it will not work.
  * Added tripplite dictionary from #2760.
  * Switch to the async interface for rlm_sql_postgresql so that
    we can enforce query_timeout.
  * Added new LDAP option 'allow_dangling_group_ref'.
  * Updated documentation and functionality for EAP session caching
    See "cache" section of mods-available/eap.
  * Tighten systemd unit file security. Fixes #2637.
  * Disable TLS 1.0 and TLS 1.1 support in the default configuration
    We STRONGLY recommend doing this for all installations.
  * Add expansions for *outgoing* Radsec connections
    "%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and
    TLS-Cert-* attributes. Fixes #2839.
  * Add %{listen:tls} which returns "yes" or "no" for
    TLS or non-TLS connections.
  * Update dictionary.lancom with new attributes. #2847.
  * Added rlm_sql_mongo. See raddb/mods-available/sql.
    Note that this module is experimental.
  * Added more documentation in sites-available/robust-proxy-accounting.
  * sqlippool now re-allocates unexpired leases, to prevent IP pool
    exhaustion when clients perform multiple reauthentication attempts
  * Add support to radmin keep the history in ~/.radmin_history.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=133
2020-03-24 14:20:37 +00:00
Tomáš Chvátal
ca3a555f3d Accepting request 783843 from home:adamm:branches:network
- Enable memcached driver on SLE15

OBS-URL: https://build.opensuse.org/request/show/783843
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=131
2020-03-11 13:52:40 +00:00
1f526f6e39 Add missing changes entry for sr#758750
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=129
2019-12-23 15:12:06 +00:00
8b9ebc7e57 Accepting request 758750 from home:j-engel
Require samba-core-devel for build

OBS-URL: https://build.opensuse.org/request/show/758750
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=128
2019-12-23 10:02:57 +00:00
d2bfda64eb Revert last commit
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=127
2019-08-07 13:54:17 +00:00
eb5e37fca6 Add more CVE references to last version update
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=126
2019-08-07 12:15:53 +00:00
b207fee127 Backport from SLE license install changes
- install license as %license instead of documentation

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=124
2019-06-03 14:00:53 +00:00
6b234e6773 CVE was already fixed long ago and we didn't notice
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=122
2019-05-27 13:22:14 +00:00
838fd1d444 Use correct jira entry
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=121
2019-05-27 12:41:10 +00:00
9599255642 - update to 3.0.19 (jira#SLE-5107)
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=120
2019-05-27 12:40:05 +00:00
c1ac5290fe - CVE-2019-10143.patch: fix potential privilege escalation due to
insecure logrotation permissions (bsc#1136195, CVE-2019-10143)

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=119
2019-05-27 12:33:30 +00:00
1593aaad80 Adding another bug reference from upstream update
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=118
2019-04-16 16:26:01 +00:00
635cb7e662 Add bug numbers to .changes file
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=117
2019-04-16 11:39:10 +00:00
2a9164d43c Accepting request 693007 from home:stroeder:branches:network
update to 3.0.19

OBS-URL: https://build.opensuse.org/request/show/693007
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=115
2019-04-11 07:51:12 +00:00
ff04302a52 - reformat changelog mostly by wrapping lines
- add missing bug numbers for security fixes

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=113
2019-02-27 11:50:42 +00:00
35096a5f1d Accepting request 679659 from home:stroeder:branches:network
update to 3.0.18

OBS-URL: https://build.opensuse.org/request/show/679659
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=112
2019-02-27 11:28:47 +00:00
Michael Ströder
7a23e70bb4 Accepting request 619196 from home:stroeder:branches:network
- also fix ownership of /var/log/radius in systemd unit

OBS-URL: https://build.opensuse.org/request/show/619196
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=110
2018-06-26 18:25:55 +00:00
Michael Ströder
16eca59475 Accepting request 597707 from home:stroeder:branches:network
update to 3.0.17

OBS-URL: https://build.opensuse.org/request/show/597707
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=108
2018-04-18 08:37:20 +00:00
OBS User mrdocs
f4f7f11d57 Accepting request 563800 from home:stroeder:branches:network
update to 3.0.16

OBS-URL: https://build.opensuse.org/request/show/563800
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=106
2018-01-15 00:19:02 +00:00
b0d20bd6c1 - Fix permissions of radiusd.service (bnc#1053654):
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=104
2017-09-19 11:58:57 +00:00
OBS User mrdocs
dd94d16c92 Accepting request 518718 from home:varkoly:branches:network
- bsc#1055679 - freeradius-server does not provide winbind/AD auth
  Added libwbclient-devel as buildrequires

OBS-URL: https://build.opensuse.org/request/show/518718
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=102
2017-08-26 03:12:02 +00:00
bbd77fa15f Accepting request 511049 from home:stroeder:branches:network
update to 3.0.15 - now with CVE ids

successfully tested on Tumbleweed x86_64

OBS-URL: https://build.opensuse.org/request/show/511049
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=100
2017-07-18 08:02:28 +00:00
44d1db1d6e Accepting request 499628 from home:adamm:branches:network
- update to 3.0.14 (still FATE#322416)
  
  Feature improvements
  * Enforce TLS client certificate expiration on session resumption,
    and Session-Timeout. See CVE-2017-9148 (bnc#1041445)
  * Updated dictionary.cisco.vpn3000, dictionary.patton
  * Added dictionary.dellemc
  * Lowered the log output for failed PEAP sessions.
  * ALlow utc in rlm_date.
  * The internal OpenSSL session cache has been disabled.
    Please see mods-available/eap
  * Update detail reader documentation.
  * Make outgoing RadSec connections non-blocking.
  * Add SQL backing to Moonshot-*-TargetedId generation.
  Bug Fixes
  * radtest uses Cleartext-Password for EAP, not User-Password.
  * Update documentation for mods-enabled/ linking.
  * Enhanced checks for moonshot salt.
  * Allow session resumption for RadSec connections.
  * Update "huntgroups" file to note that port ranges are not supported
  * Fix OpenSSL permissions issues on default key files.
  * Certificates are not required when PSK is used.
  * Allow SubjectAltName as first extension in cert.
  * Fixed talloc issue with TLS session resumption.
  * "&Attr-26 := 0x01" now produces useful error messages.
  * Handle connection error in rlm_ldap_cacheable_groupobj.
  * Fix endian issues in DHCP.
  * Multiple minor fixes for Coverity complaints.
  * Handle unexpected regex.
  * Fix minor issues in dictionaries.
  * Fix typos and grammar. Patches from Alan Buxey.
  * Fix erroneous VP creation in rlm_preproces.
  * Fix MIB. Patch from Jeff Gehlbach.
  * Trust router updates from Alejandro Perez.
  * Allow build with LibreSSL.
  * Use correct packet for channel bindings.
  * Many fixes found by PVS-Studio. Thanks to PVS-Studio for giving us
    a test license. Please see the git commit history for more info.
  * Fix incorrect length check in EAP-PWD. This may be exploitable.
  * Stop rotating session database files (radutmp, radwtmp) since
    these are not logfiles.
- freeradius-server-radiusd-logrotate.patch: updated

OBS-URL: https://build.opensuse.org/request/show/499628
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=98
2017-05-30 09:15:48 +00:00
2e31162933 - update to 3.0.13 (still FATE#322416)
Changelog only change to keep internal tracking numbers in right places.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=96
2017-03-13 13:14:24 +00:00
bb21ee0f50 Accepting request 477604 from home:stroeder:branches:network
update to 3.0.13

OBS-URL: https://build.opensuse.org/request/show/477604
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=94
2017-03-08 16:03:06 +00:00