Commit Graph

126 Commits

Author SHA256 Message Date
6b34ba0ef7 - update to version 3.2.1:
Feature Improvements
  *  Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries
  *  Add simultaneous-use queries for MS SQL
  *  Add radmin command for "stats pool <module-name>"
     which prints out statistics about the connection pools.
  *  Client statistics now shows "conflicts",
     to count conflicting packets.
  *  New optional "lightweight accounting-on/off" strategy.
     When refreshing queries.conf you should also add the new
     nasreload table and corresponding GRANTs to your DB schema.
  *  Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps
     with Eduroam.
  *  Allow auth+acct for TCP sockets, too.
  *  Add rlm_cache_redis. See raddb/mods-available/cache for details.
  *  Allow radmin to look up home servers by name, too.
  *  Ensure that dynamic clients don't create loops on duplicates
  *  Removed rlm_sqlhpwippool. There was no documentation, no configuration,
     and the module was ~15 years old with no one using it.
  *  Marked rlm_python3 as stable.
  *  Add sigalgs_list. See raddb/mods-available/eap
  *  For rlm_linelog, when opening files in /dev, look at "permissions"
     to see whether to open them r/w.
  *  More flexibility for dynamic home servers. See
     doc/configuration/dynamic_home_servers.md and
     raddb/home_servers/README.md.
  *  Allow setting of application_name for PostgreSQL.
     See mods-available/sql.
  Bug Fixes
  *  Correct test for open sessions in radacct for MS SQL.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=159
2023-02-06 18:23:52 +00:00
65294a38e7 Accepting request 1058211 from home:schubi2:pam_usr_etc
- Migration of PAM settings to /usr/lib/pam.d.

OBS-URL: https://build.opensuse.org/request/show/1058211
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=157
2023-01-16 15:13:28 +00:00
c89fc9c212 Accepting request 1006867 from home:stroeder:branches:network
- use chown with colon instead dot in radiusd.service

OBS-URL: https://build.opensuse.org/request/show/1006867
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=155
2022-09-29 09:02:13 +00:00
d517bc32d2 Accepting request 991315 from home:firstyear:branches:network
- Resolve issue with linking python3 with rlm-python

OBS-URL: https://build.opensuse.org/request/show/991315
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=153
2022-07-27 08:52:31 +00:00
6007a24a14 Accepting request 950901 from home:scabrero:branches:network
- Remove libwbclient-devel BuildRequires in favor of
  pkgconfig(wbclient); (jsc#SLE-20577);

OBS-URL: https://build.opensuse.org/request/show/950901
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=152
2022-02-08 09:09:10 +00:00
26e7da035a Add missing bug report in the log
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=151
2021-10-11 15:33:41 +00:00
Michael Ströder
f32c5e805c Accepting request 924111 from home:stroeder:branches:network
update to 3.0.25

OBS-URL: https://build.opensuse.org/request/show/924111
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=150
2021-10-07 21:50:17 +00:00
2a57c2d648 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=149 2021-10-07 16:47:23 +00:00
79ab8ece2d - remove python2 build
- drop references to SLE11

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=148
2021-10-07 16:11:57 +00:00
09dea27b0a - freeradius-server-radiusd-logrotate.patch: move logrotate
options into specific parts for each log as "global" options
  will persist past and clobber global options in the
  main logrotate config (bsc#1180525)

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=147
2021-10-07 15:45:35 +00:00
91edf028a2 Accepting request 903141 from home:susnux:branches:network
- Add ldap-schemas subpackage for OpenLDAP radius schemas
- Add freeradius-server-fix-perl-shbang.patch to fix RPMlint warnings
- Fix RPMlint warnings about macros and permissions
- Update to version 3.0.23

OBS-URL: https://build.opensuse.org/request/show/903141
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=146
2021-06-30 15:33:22 +00:00
Michael Ströder
a5d102d662 Accepting request 860192 from home:adamm:branches:network
- freeradius-server-radiusd-logrotate.patch: move logrotate
  options into specific parts for each log as "global" options
  will persist past and clobber global options in the
  main logrotate config (bsc#1180525)

OBS-URL: https://build.opensuse.org/request/show/860192
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=144
2021-01-04 13:06:40 +00:00
d8c2e78ec4 Accepting request 852406 from home:pgajdos
- remove redundant definitions of apache rpm macros

OBS-URL: https://build.opensuse.org/request/show/852406
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=142
2020-12-01 17:32:41 +00:00
a3c6eee1bb logrotate global section (bsc#1170505, bsc#1174905)
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=140
2020-08-26 11:42:57 +00:00
3bd17f8ba3 - freeradius-server-radiusd-logrotate.patch: fix permissions in
lograte global section (bsc#1170505, bsc#1174905)

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=139
2020-08-26 11:35:27 +00:00
5008745954 Fix bugnumbers only
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=137
2020-03-25 16:15:45 +00:00
65823d05b2 - update to 3.0.21
Feature Improvements
  * New stored procedure for allocating IPs with PostgreSQL
    Rates of 1500 IPs per second are now possible
    See raddb/mods-config/sql/ippool/postgresql/procedure.sql
  * Add SQL IP pool support for Microsoft SQL Server
    See raddb/mods-config/sql/ippool/mssql/
  * Added RCNTEC dictionary. Closes #3168.
  * Added Pica8 dictionary. Closes #3179.
  * Add TLS-Client-Cert-Valid-Since attribute holding not
    Before date Patch from Boris Lytochkin. Fixes #3157.
  * Generate attributes containing unknown OIDs See raddb/sites-available/tls
  * Update the WiMAX dictionary.
  * Added ability to rlm_python(Python2) show a stacktrace
    from errors. #2979.
  * Add WiFi Alliance Policy OIDs.
    See raddb/certs/xpextensions
  * radmin now shows coa stats, too.
  * Sample schema extensions for summarizing data in SQL
    See mods-config/sql/main/*/process-radacct.sql
  * Update dictionary.aerohive, dictionary.fortinet,
    dictionary.arista and dictionary.erx.
  * Added VAS Experts dictionary.
  * Many updates to RPM and jenkins builds from Matthew Newton.
  * Added %C (time now in seconds) and %c (microsecond component of now)
    back-ported from the "master" branch.
  * Add reload capability to systemd unit file in Debian and RedHat.
  * Increase timestamp precision in postauth to maximum supported by each
    database and simplify (and make more consistent between drivers)
    the timestamps in SQL queries by using expansions.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=135
2020-03-24 15:45:52 +00:00
415f44c27c Remove git files from installation
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=134
2020-03-24 14:47:55 +00:00
dc40c1af74 - update to 3.0.20
Feature Improvements
  * Added Force10 dictionary.
  * Update dictionary.hp with new attributes. #2690.
  * Update dictionary.aruba with new attributes. #2696.
  * Fix side-channel leak in EAP-PWD (bsc#1166858, CVE-2019-20510)
  * Relax OpenSSL version checks, now that their API is both public, and stable.
  * Note that tls_min_version/tls_max_version also support "1.3"
    Since there is no standard yet for EAP with TLS 1.3, it will not work.
  * Added tripplite dictionary from #2760.
  * Switch to the async interface for rlm_sql_postgresql so that
    we can enforce query_timeout.
  * Added new LDAP option 'allow_dangling_group_ref'.
  * Updated documentation and functionality for EAP session caching
    See "cache" section of mods-available/eap.
  * Tighten systemd unit file security. Fixes #2637.
  * Disable TLS 1.0 and TLS 1.1 support in the default configuration
    We STRONGLY recommend doing this for all installations.
  * Add expansions for *outgoing* Radsec connections
    "%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and
    TLS-Cert-* attributes. Fixes #2839.
  * Add %{listen:tls} which returns "yes" or "no" for
    TLS or non-TLS connections.
  * Update dictionary.lancom with new attributes. #2847.
  * Added rlm_sql_mongo. See raddb/mods-available/sql.
    Note that this module is experimental.
  * Added more documentation in sites-available/robust-proxy-accounting.
  * sqlippool now re-allocates unexpired leases, to prevent IP pool
    exhaustion when clients perform multiple reauthentication attempts
  * Add support to radmin keep the history in ~/.radmin_history.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=133
2020-03-24 14:20:37 +00:00
Tomáš Chvátal
ca3a555f3d Accepting request 783843 from home:adamm:branches:network
- Enable memcached driver on SLE15

OBS-URL: https://build.opensuse.org/request/show/783843
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=131
2020-03-11 13:52:40 +00:00
1f526f6e39 Add missing changes entry for sr#758750
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=129
2019-12-23 15:12:06 +00:00
8b9ebc7e57 Accepting request 758750 from home:j-engel
Require samba-core-devel for build

OBS-URL: https://build.opensuse.org/request/show/758750
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=128
2019-12-23 10:02:57 +00:00
d2bfda64eb Revert last commit
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=127
2019-08-07 13:54:17 +00:00
eb5e37fca6 Add more CVE references to last version update
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=126
2019-08-07 12:15:53 +00:00
b207fee127 Backport from SLE license install changes
- install license as %license instead of documentation

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=124
2019-06-03 14:00:53 +00:00
6b234e6773 CVE was already fixed long ago and we didn't notice
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=122
2019-05-27 13:22:14 +00:00
838fd1d444 Use correct jira entry
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=121
2019-05-27 12:41:10 +00:00
9599255642 - update to 3.0.19 (jira#SLE-5107)
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=120
2019-05-27 12:40:05 +00:00
c1ac5290fe - CVE-2019-10143.patch: fix potential privilege escalation due to
insecure logrotation permissions (bsc#1136195, CVE-2019-10143)

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=119
2019-05-27 12:33:30 +00:00
1593aaad80 Adding another bug reference from upstream update
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=118
2019-04-16 16:26:01 +00:00
635cb7e662 Add bug numbers to .changes file
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=117
2019-04-16 11:39:10 +00:00
2a9164d43c Accepting request 693007 from home:stroeder:branches:network
update to 3.0.19

OBS-URL: https://build.opensuse.org/request/show/693007
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=115
2019-04-11 07:51:12 +00:00
ff04302a52 - reformat changelog mostly by wrapping lines
- add missing bug numbers for security fixes

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=113
2019-02-27 11:50:42 +00:00
35096a5f1d Accepting request 679659 from home:stroeder:branches:network
update to 3.0.18

OBS-URL: https://build.opensuse.org/request/show/679659
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=112
2019-02-27 11:28:47 +00:00
Michael Ströder
7a23e70bb4 Accepting request 619196 from home:stroeder:branches:network
- also fix ownership of /var/log/radius in systemd unit

OBS-URL: https://build.opensuse.org/request/show/619196
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=110
2018-06-26 18:25:55 +00:00
Michael Ströder
16eca59475 Accepting request 597707 from home:stroeder:branches:network
update to 3.0.17

OBS-URL: https://build.opensuse.org/request/show/597707
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=108
2018-04-18 08:37:20 +00:00
OBS User mrdocs
f4f7f11d57 Accepting request 563800 from home:stroeder:branches:network
update to 3.0.16

OBS-URL: https://build.opensuse.org/request/show/563800
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=106
2018-01-15 00:19:02 +00:00
b0d20bd6c1 - Fix permissions of radiusd.service (bnc#1053654):
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=104
2017-09-19 11:58:57 +00:00
OBS User mrdocs
dd94d16c92 Accepting request 518718 from home:varkoly:branches:network
- bsc#1055679 - freeradius-server does not provide winbind/AD auth
  Added libwbclient-devel as buildrequires

OBS-URL: https://build.opensuse.org/request/show/518718
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=102
2017-08-26 03:12:02 +00:00
bbd77fa15f Accepting request 511049 from home:stroeder:branches:network
update to 3.0.15 - now with CVE ids

successfully tested on Tumbleweed x86_64

OBS-URL: https://build.opensuse.org/request/show/511049
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=100
2017-07-18 08:02:28 +00:00
44d1db1d6e Accepting request 499628 from home:adamm:branches:network
- update to 3.0.14 (still FATE#322416)
  
  Feature improvements
  * Enforce TLS client certificate expiration on session resumption,
    and Session-Timeout. See CVE-2017-9148 (bnc#1041445)
  * Updated dictionary.cisco.vpn3000, dictionary.patton
  * Added dictionary.dellemc
  * Lowered the log output for failed PEAP sessions.
  * ALlow utc in rlm_date.
  * The internal OpenSSL session cache has been disabled.
    Please see mods-available/eap
  * Update detail reader documentation.
  * Make outgoing RadSec connections non-blocking.
  * Add SQL backing to Moonshot-*-TargetedId generation.
  Bug Fixes
  * radtest uses Cleartext-Password for EAP, not User-Password.
  * Update documentation for mods-enabled/ linking.
  * Enhanced checks for moonshot salt.
  * Allow session resumption for RadSec connections.
  * Update "huntgroups" file to note that port ranges are not supported
  * Fix OpenSSL permissions issues on default key files.
  * Certificates are not required when PSK is used.
  * Allow SubjectAltName as first extension in cert.
  * Fixed talloc issue with TLS session resumption.
  * "&Attr-26 := 0x01" now produces useful error messages.
  * Handle connection error in rlm_ldap_cacheable_groupobj.
  * Fix endian issues in DHCP.
  * Multiple minor fixes for Coverity complaints.
  * Handle unexpected regex.
  * Fix minor issues in dictionaries.
  * Fix typos and grammar. Patches from Alan Buxey.
  * Fix erroneous VP creation in rlm_preproces.
  * Fix MIB. Patch from Jeff Gehlbach.
  * Trust router updates from Alejandro Perez.
  * Allow build with LibreSSL.
  * Use correct packet for channel bindings.
  * Many fixes found by PVS-Studio. Thanks to PVS-Studio for giving us
    a test license. Please see the git commit history for more info.
  * Fix incorrect length check in EAP-PWD. This may be exploitable.
  * Stop rotating session database files (radutmp, radwtmp) since
    these are not logfiles.
- freeradius-server-radiusd-logrotate.patch: updated

OBS-URL: https://build.opensuse.org/request/show/499628
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=98
2017-05-30 09:15:48 +00:00
2e31162933 - update to 3.0.13 (still FATE#322416)
Changelog only change to keep internal tracking numbers in right places.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=96
2017-03-13 13:14:24 +00:00
bb21ee0f50 Accepting request 477604 from home:stroeder:branches:network
update to 3.0.13

OBS-URL: https://build.opensuse.org/request/show/477604
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=94
2017-03-08 16:03:06 +00:00
3c66ce82fa Accepting request 459251 from home:kukuk:branches:network
- Don't require insserv if we use systemd
- Remove require for unused fillup

OBS-URL: https://build.opensuse.org/request/show/459251
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=92
2017-02-20 14:45:54 +00:00
ee5d96b532 fix capitalization typo in changes file.
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=90
2017-02-07 09:34:18 +00:00
5d3beec849 Accepting request 453646 from home:adamm:branches:network
- Merge changes from SLE to OpenSUSE (FATE#322416):
  * freeradius-server-radclient-init-error-buffer.patch - make sure
    we initialize error buffer. bsc#911886: radclient error free()
    invalid pointer
  * freeradius-server-opensslversion.patch: remove OpenSSL version
    check and assume we know what we are doing. (bnc#1013311)
  * merge .changes file, mostly.
- do not attempt to detect "vulnerable" OpenSSL versions. SUSE
  security fixes do not necessarily bump version numbers as
  does upstream OpenSSL (bnc#1021375)
- do not generate certificates in %post. End-user needs to do this
  manually.
- keep FreeTDS disabled on SLE12 - we never shipped it enabled
- require OpenSSL 1.0+
- use pkgconfig(systemd) instead of plain systemd as BuildRequires
- don't list manual pages as %doc

- Add upstream keyring
- 2 new modules: rlm_sql_freetds and rlm_eap_fast

OBS-URL: https://build.opensuse.org/request/show/453646
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=89
2017-02-06 10:58:11 +00:00
849b165adf Accepting request 448405 from home:jengelh:branches:network
- Remove --with-pic which is for static libs only.
- Use SUSE RPM group names. Trim filler words from description.
- Do not hide errors from groupadd/useradd.

OBS-URL: https://build.opensuse.org/request/show/448405
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=87
2017-01-01 15:34:14 +00:00
a53ba595f6 Accepting request 432086 from home:stroeder:branches:network
update to 3.0.12 (successfully tested with EAP-TTLS/PAP with LDAP backend)

OBS-URL: https://build.opensuse.org/request/show/432086
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=85
2016-10-01 16:12:11 +00:00
Ismail Dönmez
122c166ff2 Accepting request 425076 from home:adamm:branches:network
- use %{with} macro for conditional inclusions instead of hardcoding
  version numbers
- improved package descriptions
- fixed builds on SLE12 and SLE11SP4

OBS-URL: https://build.opensuse.org/request/show/425076
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=83
2016-09-06 11:59:19 +00:00
Rusmir Duško
8f53a8841d Accepting request 355850 from home:stroeder:branches:network
update to 3.0.11

OBS-URL: https://build.opensuse.org/request/show/355850
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=81
2016-01-25 22:13:32 +00:00