Commit Graph

191 Commits

Author SHA256 Message Date
Dominique Leuenberger
86f3098ccf Accepting request 1063506 from network
- update to version 3.2.1:
  Feature Improvements
  *  Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries
  *  Add simultaneous-use queries for MS SQL
  *  Add radmin command for "stats pool <module-name>"
     which prints out statistics about the connection pools.
  *  Client statistics now shows "conflicts",
     to count conflicting packets.
  *  New optional "lightweight accounting-on/off" strategy.
     When refreshing queries.conf you should also add the new
     nasreload table and corresponding GRANTs to your DB schema.
  *  Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps
     with Eduroam.
  *  Allow auth+acct for TCP sockets, too.
  *  Add rlm_cache_redis. See raddb/mods-available/cache for details.
  *  Allow radmin to look up home servers by name, too.
  *  Ensure that dynamic clients don't create loops on duplicates
  *  Removed rlm_sqlhpwippool. There was no documentation, no configuration,
     and the module was ~15 years old with no one using it.
  *  Marked rlm_python3 as stable.
  *  Add sigalgs_list. See raddb/mods-available/eap
  *  For rlm_linelog, when opening files in /dev, look at "permissions"
     to see whether to open them r/w.
  *  More flexibility for dynamic home servers. See
     doc/configuration/dynamic_home_servers.md and
     raddb/home_servers/README.md.
  *  Allow setting of application_name for PostgreSQL.
     See mods-available/sql.
  Bug Fixes
  *  Correct test for open sessions in radacct for MS SQL.

OBS-URL: https://build.opensuse.org/request/show/1063506
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=93
2023-02-07 17:49:13 +00:00
6b34ba0ef7 - update to version 3.2.1:
Feature Improvements
  *  Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries
  *  Add simultaneous-use queries for MS SQL
  *  Add radmin command for "stats pool <module-name>"
     which prints out statistics about the connection pools.
  *  Client statistics now shows "conflicts",
     to count conflicting packets.
  *  New optional "lightweight accounting-on/off" strategy.
     When refreshing queries.conf you should also add the new
     nasreload table and corresponding GRANTs to your DB schema.
  *  Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps
     with Eduroam.
  *  Allow auth+acct for TCP sockets, too.
  *  Add rlm_cache_redis. See raddb/mods-available/cache for details.
  *  Allow radmin to look up home servers by name, too.
  *  Ensure that dynamic clients don't create loops on duplicates
  *  Removed rlm_sqlhpwippool. There was no documentation, no configuration,
     and the module was ~15 years old with no one using it.
  *  Marked rlm_python3 as stable.
  *  Add sigalgs_list. See raddb/mods-available/eap
  *  For rlm_linelog, when opening files in /dev, look at "permissions"
     to see whether to open them r/w.
  *  More flexibility for dynamic home servers. See
     doc/configuration/dynamic_home_servers.md and
     raddb/home_servers/README.md.
  *  Allow setting of application_name for PostgreSQL.
     See mods-available/sql.
  Bug Fixes
  *  Correct test for open sessions in radacct for MS SQL.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=159
2023-02-06 18:23:52 +00:00
Dominique Leuenberger
100684a70d Accepting request 1058729 from network
OBS-URL: https://build.opensuse.org/request/show/1058729
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=92
2023-01-16 17:00:03 +00:00
65294a38e7 Accepting request 1058211 from home:schubi2:pam_usr_etc
- Migration of PAM settings to /usr/lib/pam.d.

OBS-URL: https://build.opensuse.org/request/show/1058211
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=157
2023-01-16 15:13:28 +00:00
Richard Brown
e082d6be78 Accepting request 1006870 from network
OBS-URL: https://build.opensuse.org/request/show/1006870
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=91
2022-09-29 16:13:39 +00:00
c89fc9c212 Accepting request 1006867 from home:stroeder:branches:network
- use chown with colon instead dot in radiusd.service

OBS-URL: https://build.opensuse.org/request/show/1006867
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=155
2022-09-29 09:02:13 +00:00
Richard Brown
dc7cbb732b Accepting request 991370 from network
OBS-URL: https://build.opensuse.org/request/show/991370
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=90
2022-07-28 18:58:21 +00:00
d517bc32d2 Accepting request 991315 from home:firstyear:branches:network
- Resolve issue with linking python3 with rlm-python

OBS-URL: https://build.opensuse.org/request/show/991315
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=153
2022-07-27 08:52:31 +00:00
Dominique Leuenberger
984efc56c0 Accepting request 952634 from network
OBS-URL: https://build.opensuse.org/request/show/952634
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=89
2022-02-09 19:39:08 +00:00
6007a24a14 Accepting request 950901 from home:scabrero:branches:network
- Remove libwbclient-devel BuildRequires in favor of
  pkgconfig(wbclient); (jsc#SLE-20577);

OBS-URL: https://build.opensuse.org/request/show/950901
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=152
2022-02-08 09:09:10 +00:00
Dominique Leuenberger
6b44f39794 Accepting request 924673 from network
Adding bug reference only to changelog. No changes.

OBS-URL: https://build.opensuse.org/request/show/924673
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=88
2021-10-12 19:48:40 +00:00
26e7da035a Add missing bug report in the log
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=151
2021-10-11 15:33:41 +00:00
Dominique Leuenberger
7ee5f1b20e Accepting request 924184 from network
- update to 3.0.25:
  * `correct_escapes` has been added back into the default configuration.
  * A segfault when trying to proxy to zombie home servers has been fixed.
  * A number of other small bugs and compiler warnings were fixed.
  * Added support for building with PostgreSQL 14. 

- Update to version 3.0.24 (jsc#SLE-21237)
  Feature Improvements
  * Add sanitizer options to configure script.
  * Log information needed by Wireshark to decode TLS sessions.
  * Allow more liberal SQL commands in rlm_sql_map.
  * Update dictionary.apc, dictionary.h3c.
  * Add new Acct-Status-Type Subsystem-On and Subsystem-Off See
    dictionary.iana and
    https://freeradius.org/rfc/acct_status_type_subsystem.html.
  * Add reject_unknown_intermediate_ca. See mods-available/eap.
  * Add dynamic loading of certificates via TLS-Session-Cert-File
    See raddb/certs/realms/README.md.
  * Add Server Name Indication (SNI) for outbound RadSec connections
    See raddb/sites-available/tls, and the home server tls
    configuration.
  * Support SNI for inbound RadSec connections. Certificates will be
    loaded from "realm_dir" in the "tls" section. SNI will be cached
    in the TLS-Server-Name-Indication attribute.
  * Preliminary support for haproxy "PROXY" protocol See sites-available/tls,
    "proxy_protocol" and doc/antora/modules/howto/pages/protocols/proxy/.
  * Generate parse errors in more circumstances when we know that
    the configuration is wrong.
  * Add "weeklycounter" to sample sqlcounter configuration.
  * Add certificate attributes to the request list, even if

OBS-URL: https://build.opensuse.org/request/show/924184
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=87
2021-10-11 13:31:04 +00:00
Michael Ströder
f32c5e805c Accepting request 924111 from home:stroeder:branches:network
update to 3.0.25

OBS-URL: https://build.opensuse.org/request/show/924111
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=150
2021-10-07 21:50:17 +00:00
2a57c2d648 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=149 2021-10-07 16:47:23 +00:00
79ab8ece2d - remove python2 build
- drop references to SLE11

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=148
2021-10-07 16:11:57 +00:00
09dea27b0a - freeradius-server-radiusd-logrotate.patch: move logrotate
options into specific parts for each log as "global" options
  will persist past and clobber global options in the
  main logrotate config (bsc#1180525)

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=147
2021-10-07 15:45:35 +00:00
Dominique Leuenberger
2ba67a0c74 Accepting request 903262 from network
OBS-URL: https://build.opensuse.org/request/show/903262
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=86
2021-07-01 05:05:49 +00:00
91edf028a2 Accepting request 903141 from home:susnux:branches:network
- Add ldap-schemas subpackage for OpenLDAP radius schemas
- Add freeradius-server-fix-perl-shbang.patch to fix RPMlint warnings
- Fix RPMlint warnings about macros and permissions
- Update to version 3.0.23

OBS-URL: https://build.opensuse.org/request/show/903141
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=146
2021-06-30 15:33:22 +00:00
Dominique Leuenberger
1bb0f8dbaa Accepting request 860194 from network
OBS-URL: https://build.opensuse.org/request/show/860194
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=85
2021-01-04 18:09:41 +00:00
Michael Ströder
a5d102d662 Accepting request 860192 from home:adamm:branches:network
- freeradius-server-radiusd-logrotate.patch: move logrotate
  options into specific parts for each log as "global" options
  will persist past and clobber global options in the
  main logrotate config (bsc#1180525)

OBS-URL: https://build.opensuse.org/request/show/860192
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=144
2021-01-04 13:06:40 +00:00
Dominique Leuenberger
e52522084b Accepting request 852412 from network
OBS-URL: https://build.opensuse.org/request/show/852412
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=84
2020-12-02 12:58:57 +00:00
d8c2e78ec4 Accepting request 852406 from home:pgajdos
- remove redundant definitions of apache rpm macros

OBS-URL: https://build.opensuse.org/request/show/852406
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=142
2020-12-01 17:32:41 +00:00
Dominique Leuenberger
9b7f35f261 Accepting request 829736 from network
- freeradius-server-radiusd-logrotate.patch: fix permissions in
  logrotate global section (bsc#1170505, bsc#1174905)

OBS-URL: https://build.opensuse.org/request/show/829736
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=83
2020-08-29 18:35:55 +00:00
a3c6eee1bb logrotate global section (bsc#1170505, bsc#1174905)
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=140
2020-08-26 11:42:57 +00:00
3bd17f8ba3 - freeradius-server-radiusd-logrotate.patch: fix permissions in
lograte global section (bsc#1170505, bsc#1174905)

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=139
2020-08-26 11:35:27 +00:00
Dominique Leuenberger
11885f017a Accepting request 788266 from network
Bug number fixes only

OBS-URL: https://build.opensuse.org/request/show/788266
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=82
2020-03-26 22:30:55 +00:00
5008745954 Fix bugnumbers only
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=137
2020-03-25 16:15:45 +00:00
Dominique Leuenberger
d8570d7923 Accepting request 787864 from network
- update to 3.0.21
Feature Improvements
  * New stored procedure for allocating IPs with PostgreSQL
    Rates of 1500 IPs per second are now possible
    See raddb/mods-config/sql/ippool/postgresql/procedure.sql
  * Add SQL IP pool support for Microsoft SQL Server
    See raddb/mods-config/sql/ippool/mssql/
  * Added RCNTEC dictionary. Closes #3168.
  * Added Pica8 dictionary. Closes #3179.
  * Add TLS-Client-Cert-Valid-Since attribute holding not
    Before date Patch from Boris Lytochkin. Fixes #3157.
  * Generate attributes containing unknown OIDs See raddb/sites-available/tls
  * Update the WiMAX dictionary.
  * Added ability to rlm_python(Python2) show a stacktrace
    from errors. #2979.
  * Add WiFi Alliance Policy OIDs.
    See raddb/certs/xpextensions
  * radmin now shows coa stats, too.
  * Sample schema extensions for summarizing data in SQL
    See mods-config/sql/main/*/process-radacct.sql
  * Update dictionary.aerohive, dictionary.fortinet,
    dictionary.arista and dictionary.erx.
  * Added VAS Experts dictionary.
  * Many updates to RPM and jenkins builds from Matthew Newton.
  * Added %C (time now in seconds) and %c (microsecond component of now)
    back-ported from the "master" branch.
  * Add reload capability to systemd unit file in Debian and RedHat.
  * Increase timestamp precision in postauth to maximum supported by each
    database and simplify (and make more consistent between drivers)
    the timestamps in SQL queries by using expansions.

OBS-URL: https://build.opensuse.org/request/show/787864
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=81
2020-03-24 21:37:30 +00:00
65823d05b2 - update to 3.0.21
Feature Improvements
  * New stored procedure for allocating IPs with PostgreSQL
    Rates of 1500 IPs per second are now possible
    See raddb/mods-config/sql/ippool/postgresql/procedure.sql
  * Add SQL IP pool support for Microsoft SQL Server
    See raddb/mods-config/sql/ippool/mssql/
  * Added RCNTEC dictionary. Closes #3168.
  * Added Pica8 dictionary. Closes #3179.
  * Add TLS-Client-Cert-Valid-Since attribute holding not
    Before date Patch from Boris Lytochkin. Fixes #3157.
  * Generate attributes containing unknown OIDs See raddb/sites-available/tls
  * Update the WiMAX dictionary.
  * Added ability to rlm_python(Python2) show a stacktrace
    from errors. #2979.
  * Add WiFi Alliance Policy OIDs.
    See raddb/certs/xpextensions
  * radmin now shows coa stats, too.
  * Sample schema extensions for summarizing data in SQL
    See mods-config/sql/main/*/process-radacct.sql
  * Update dictionary.aerohive, dictionary.fortinet,
    dictionary.arista and dictionary.erx.
  * Added VAS Experts dictionary.
  * Many updates to RPM and jenkins builds from Matthew Newton.
  * Added %C (time now in seconds) and %c (microsecond component of now)
    back-ported from the "master" branch.
  * Add reload capability to systemd unit file in Debian and RedHat.
  * Increase timestamp precision in postauth to maximum supported by each
    database and simplify (and make more consistent between drivers)
    the timestamps in SQL queries by using expansions.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=135
2020-03-24 15:45:52 +00:00
415f44c27c Remove git files from installation
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=134
2020-03-24 14:47:55 +00:00
dc40c1af74 - update to 3.0.20
Feature Improvements
  * Added Force10 dictionary.
  * Update dictionary.hp with new attributes. #2690.
  * Update dictionary.aruba with new attributes. #2696.
  * Fix side-channel leak in EAP-PWD (bsc#1166858, CVE-2019-20510)
  * Relax OpenSSL version checks, now that their API is both public, and stable.
  * Note that tls_min_version/tls_max_version also support "1.3"
    Since there is no standard yet for EAP with TLS 1.3, it will not work.
  * Added tripplite dictionary from #2760.
  * Switch to the async interface for rlm_sql_postgresql so that
    we can enforce query_timeout.
  * Added new LDAP option 'allow_dangling_group_ref'.
  * Updated documentation and functionality for EAP session caching
    See "cache" section of mods-available/eap.
  * Tighten systemd unit file security. Fixes #2637.
  * Disable TLS 1.0 and TLS 1.1 support in the default configuration
    We STRONGLY recommend doing this for all installations.
  * Add expansions for *outgoing* Radsec connections
    "%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and
    TLS-Cert-* attributes. Fixes #2839.
  * Add %{listen:tls} which returns "yes" or "no" for
    TLS or non-TLS connections.
  * Update dictionary.lancom with new attributes. #2847.
  * Added rlm_sql_mongo. See raddb/mods-available/sql.
    Note that this module is experimental.
  * Added more documentation in sites-available/robust-proxy-accounting.
  * sqlippool now re-allocates unexpired leases, to prevent IP pool
    exhaustion when clients perform multiple reauthentication attempts
  * Add support to radmin keep the history in ~/.radmin_history.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=133
2020-03-24 14:20:37 +00:00
Dominique Leuenberger
62d6d25c98 Accepting request 783861 from network
OBS-URL: https://build.opensuse.org/request/show/783861
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=80
2020-03-11 17:55:26 +00:00
Tomáš Chvátal
ca3a555f3d Accepting request 783843 from home:adamm:branches:network
- Enable memcached driver on SLE15

OBS-URL: https://build.opensuse.org/request/show/783843
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=131
2020-03-11 13:52:40 +00:00
Dominique Leuenberger
99d5d3b3aa Accepting request 759001 from network
- Add missing BuildRequire on samba-core-devel required for windbind
  support in rlm_mschap.

OBS-URL: https://build.opensuse.org/request/show/759001
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=79
2019-12-23 21:47:48 +00:00
1f526f6e39 Add missing changes entry for sr#758750
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=129
2019-12-23 15:12:06 +00:00
8b9ebc7e57 Accepting request 758750 from home:j-engel
Require samba-core-devel for build

OBS-URL: https://build.opensuse.org/request/show/758750
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=128
2019-12-23 10:02:57 +00:00
d2bfda64eb Revert last commit
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=127
2019-08-07 13:54:17 +00:00
eb5e37fca6 Add more CVE references to last version update
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=126
2019-08-07 12:15:53 +00:00
Dominique Leuenberger
bd91892569 Accepting request 707189 from network
backport missing change from SLE

- install license as %license instead of documentation

OBS-URL: https://build.opensuse.org/request/show/707189
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=78
2019-06-03 16:58:17 +00:00
b207fee127 Backport from SLE license install changes
- install license as %license instead of documentation

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=124
2019-06-03 14:00:53 +00:00
Dominique Leuenberger
f8246434f2 Accepting request 705679 from network
Only reference updates. No changes.

OBS-URL: https://build.opensuse.org/request/show/705679
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=77
2019-05-28 07:43:13 +00:00
6b234e6773 CVE was already fixed long ago and we didn't notice
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=122
2019-05-27 13:22:14 +00:00
838fd1d444 Use correct jira entry
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=121
2019-05-27 12:41:10 +00:00
9599255642 - update to 3.0.19 (jira#SLE-5107)
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=120
2019-05-27 12:40:05 +00:00
c1ac5290fe - CVE-2019-10143.patch: fix potential privilege escalation due to
insecure logrotation permissions (bsc#1136195, CVE-2019-10143)

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=119
2019-05-27 12:33:30 +00:00
1593aaad80 Adding another bug reference from upstream update
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=118
2019-04-16 16:26:01 +00:00
635cb7e662 Add bug numbers to .changes file
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=117
2019-04-16 11:39:10 +00:00
Dominique Leuenberger
6f93da4522 Accepting request 693123 from network
OBS-URL: https://build.opensuse.org/request/show/693123
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=76
2019-04-11 10:20:16 +00:00
2a9164d43c Accepting request 693007 from home:stroeder:branches:network
update to 3.0.19

OBS-URL: https://build.opensuse.org/request/show/693007
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=115
2019-04-11 07:51:12 +00:00