- Merge changes from SLE to OpenSUSE (FATE#322416):
* freeradius-server-radclient-init-error-buffer.patch - make sure
we initialize error buffer. bsc#911886: radclient error free()
invalid pointer
* freeradius-server-opensslversion.patch: remove OpenSSL version
check and assume we know what we are doing. (bnc#1013311)
* merge .changes file, mostly.
- do not attempt to detect "vulnerable" OpenSSL versions. SUSE
security fixes do not necessarily bump version numbers as
does upstream OpenSSL (bnc#1021375)
- do not generate certificates in %post. End-user needs to do this
manually.
- keep FreeTDS disabled on SLE12 - we never shipped it enabled
- require OpenSSL 1.0+
- use pkgconfig(systemd) instead of plain systemd as BuildRequires
- don't list manual pages as %doc
- Add upstream keyring
- 2 new modules: rlm_sql_freetds and rlm_eap_fast
OBS-URL: https://build.opensuse.org/request/show/453646
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=89
- minor adjustments/cleanup of spec and changes
- update to 3.0.8
* for a detailed list of changes look at:
/usr/share/doc/packages/freeradius-server/ChangeLog
- new set of consolidated patch files:
deleted:
* freeradius-server-2.1.1-logrotate_su.patch
* freeradius-server-2.1.6-rcradiusd.patch
* freeradius-server-initscript-pidfile.patch
* freeradius-server-radius-reload-logrotate.patch
* freeradius-server-var_run.patch
added:
* freeradius-server-radiusd-logrotate.patch
* freeradius-server-rcradiusd.patch
* freeradius-server-tmpfiles.patch
OBS-URL: https://build.opensuse.org/request/show/298810
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=72
- update to 3.0.6
- fixes a segmentation fault in PEAP module (bnc#912588)
Feature improvements:
* radmin / raddebug conditional errors are printed to the output, instead of being discarded.
* raddebug will exit if condition set with -c was invalid.
* radmin auto-reconnects if the connection to the server has gone away.
* rlm_cache now has submodule support. See raddb/mods-available/cache
* New memcached driver for rlm_cache. See raddb/mods-available/cache
* Add support for &Attribute-Name[*] in conditions. See "man unlang" for details.
* Add &Attribute-Name[n] which gets the last instance of an attribute e.g. Module-Failure-Message[n].
* Allow for redundant string expansions. See the "instantiate" section of radiusd.conf.
* When checking IP addresses in conditions, make the right side be parsed as an IP prefix.
* Support JIT compilation of compiled regular expressions when built with libpcre.
* Support named capture groups with "%{regex:<name>}" when built with libpcre.
* Increase regular expression capture groups from 8 to 32.
* Emit error markers for badly formed regular expressions.
* Allow 'm' flag to enable multiline mode in regular expressions.
* Support limited implicit attribute conversion in update sections.
* Support casting between IPv6 and IPv4 where the IPv6 address has the v4/v6 mapping prefix (::ffff:).
OBS-URL: https://build.opensuse.org/request/show/280999
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=68
- update to 3.0.5
Some of the new features:
* Allow LDAP to specify arbitrary attributes for dynamic
clients.
* Allow one level of backslashes (finally). See radiusd.conf,
"correct_escapes" setting.
* When supported by OpenSSL, allow TLS 1.1 and TLS 1.2
in EAP methods.
* Allow multiple new connections to be spawned simultaneously
in the connection pool, to cope with spikes in traffic.
* Use kqueue on systems which support it. This allows for
better scaling when using many sockets.
* Home server "response_window" can now take fractions of a
second. See proxy.conf.
* radmin now supports "show module status", as thee counterpart
to "set module status"
* "ipaddr" will now use v6 if no v4 address is present. You should
use "ipv4addr" or "ipv6addr" to force v4/v6 addresses.
* "client" sections will allow "ipaddr = 192.192.0/24". The old
"netmask" is still accepted, but the new format is preferred.
* Allow custom HTTP headers to be set for rlm_rest requests using
control:REST-HTTP-Header (attributes consumed after use).
* Extend format of %{rest:} expansion to allow HTTP method and POST
data to be specified
and urlquoting.
* Add support for aliases in rlm_ldap.
* Add support for connection pool sharing to all modules that use
the connection pool (pool = <instance>).
* "tls" sections now have a "psk_query" configuration item, for dynamic
queries to discover a key from a PSK identity.
OBS-URL: https://build.opensuse.org/request/show/264534
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=65
- update to 3.0.3
Many bugfixes
Feature improvements
* Everything now builds with no warnings from the C compiler,
clang static analyzer, or cppcheck.
* rlm_ldap now supports defining the LDAP attribute name via
backticked expansion (i.e. shell command) in
RADIUS <-> LDAP mappings.
* rlm_ldap now supports older style generic attributes.
* dynamic expansions (e.g. "%{expr:1 + 2}" are now parsed
when the server starts. Syntax errors in the strings
are caught, and a descriptive error is printed.
* Static regular expressions (e.g. /a*b/) are now parsed
when the server starts. Syntax errors in the strings
are caught, and a descriptive error is printed.
* dynamic expansions are cached after being parsed. They are
no longer re-parsed at run-time for every request.
* regular expressions are now parsed and cached when the server
starts.
* Added the %{rest:} expansion to rlm_rest, which will send
a GET request to the URL passed as the format string.
Any body text will be written to the expansion buffer.
* rlm_rest now available as a debian package.
* When an 'if' condition statically evaluates to true/false,
unlang does more static optimization. For examples, see
src/tests/keywords/if-skip
* All modules are marked as safe for '-C', which lets the
dynamic expansion checks work in more situations.
* Added 'none' and 'custom' rlm_rest body types. 'custom'
allows sending of arbitrary expanded text and content-type
OBS-URL: https://build.opensuse.org/request/show/234679
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=59
- update to 3.0.0
* new feature release
* see /usr/share/doc/packages/freeradius-server/ChangeLog
for complete list of changes in this release
* documentation for upgrading from 2.x is in /etc/raddb/README.rst
- drop oracle support (wasn't built anyway)
- dropped patches (obsolete):
* freeradius-server-2.1.6-codecleanup.patch
* freeradius-server-2.1.6-dialup_admin.patch
* freeradius-server-2.1.1-edirectory.patch
- added systemd service unit
* radiusd.service
- added systemd-tmpfile for /var/run/radiusd
* freeradius-tmpfiles.conf
- added gpg-offline verification
* freeradius-server.keyring
OBS-URL: https://build.opensuse.org/request/show/203485
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=51
Feature improvements
* Updates to dictionary.erx, dictionary.siemens, dictionary.starent,
dictionary.starent.vsa1, dictionary.zyxel, added dictionary.symbol
* Added support for PCRE from Phil Mayers
* Configurable file permission in rlm_linelog
* Added "relaxed" option to rlm_attr_filter. This copies attributes
if at least one match occurred.
* Added documentation on dynamic clients.
See raddb/modules/dynamic_clients.
* Added support for elliptical curve cryptography.
See ecdh_curve in raddb/eap.conf.
* Added support for 802.1X MIBs in checkrad
* Added support for %{rand:...}, which generates a uniformly
distributed number between 0 and the number you specify.
* Created "man" pages for all installed commands, and documented
options for all commands. Patch from John Dennis.
* Allow radsniff to decode encrypted VSAs and CoA packets.
Patch from Bjorn Mork.
* Always send Message-Authenticator in radtest. Patch from John Dennis.
radclient continues to be more flexible.
* Updated Oracle schema and queries
* Added SecurID module. See src/modules/rlm_securid/README
Bug fixes
* Fix memory leak in rlm_detail
* Fix "failed to insert event"
* Allow virtual servers to be reloaded on HUP.
It no longer complains about duplicate virtual servers.
* Fix %{string:...} expansion
* Fix "server closed socket" loop in radmin
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=36