7ebd950bcaAccepting request 1195073 from network
factory
Ana Guerrero
2024-08-22 16:13:13 +0000
f91e3ccd6e- update to 3.2.5 Feature Improvements * TOTP now supports TOTP-Time-Offset for tokens with times that are out of sync. See mods-available/totp. * radclient now supports forcing the Request Authenticator and ID for Access-Request packets. * Update dictionary.3gpp. * Update advice on shared secrets, including suggesting a secure method for generating useful secrets. Bug Fixes * Allow proxying by pool / home server name to work with auth+acct servers. * Fix OpenSSL API usage which sometimes caused crash in MS-CHAP Previously it would either always crash immediately, or never crash. * Fix packet statistics. Stop double counting some packets, and track packet statistics even if a socket is closed. * Reverted patch in TTLS which broke compatibility with some systems. * Don't crash in debug mode when multiple intermediate certs are used Patch from Alexander Chernikov.Dirk Mueller2024-08-21 11:13:44 +0000
2ddd73e0daAccepting request 1177967 from network
Ana Guerrero
2024-05-31 20:18:26 +0000
02f9ae48b0- update to 3.2.4 Feature Improvements * Preliminary support for TEAP. * Update EAP module pre_proxy checks to make them less restrictive This prevents the "middle box" effect from affecting future traffic. * Many fixes and updates for Docker images. * Add dpsk module. See mods-available/dpsk. * Print out what cause the TLS operations to be made, such as the EAP method name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket. * Add auto_escape to sample SQL module config. * Add 'if not exists' to mysql create table queries. * Update dictionary.aruba; add dictionary.tplink, dictionary.alphion. * Allow for 'encrypt=1' attributes to be longer than 128 characters. * Added "radsecret" program which generates strong secrets. See the top of the "clients.conf" file for more information. * radclient now prints packets as hex when using -xxx. * Added "-t timeout" to radsniff. It will stop processing packets after <timeout> seconds. * Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF. * The detail module now has a "dates_as_integer" configuration item See mods-available/detail for more information. * Add lookback/lookforward steps and more configuration to totp. See mods-available/totp. * Add "time_since" xlat to calculate elapsed time in seconds, milliseconds and microseconds. * Support "Post-Auth-Type Challenge" in the inner tunnel. * Add "proxy_dedup_window". See radiusd.conf. * Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf. * Add "dedup_key" for misbehaving supplicants. See mods-available/eap. Bug FixesAdam Majer2024-05-31 14:47:06 +0000
2bb7f5eecfAccepting request 1148113 from network
Ana Guerrero
2024-02-20 20:15:57 +0000
ebd73b1876Accepting request 1147358 from home:cboltz:branches:network
Dominique Leuenberger
2024-02-20 14:45:39 +0000
0de1b7dabdAccepting request 1145150 from network
Ana Guerrero
2024-02-08 18:03:49 +0000
30b14f60b6Accepting request 1144489 from home:msmeissn:branches:networkAdam Majer2024-02-08 11:39:44 +0000
3a5a3c77ceAccepting request 1121419 from network
Ana Guerrero
2023-10-31 19:26:27 +0000
1b4e5f1e09- update to version 3.2.3: Feature Improvements * Add "max_retries" for connection pools. Fixes#4908. * Update dictionary.ciena, dictionary.huawei, dictionary.wifialliance and dictionary.wispr; add dictionary.eleven. * You can now list "eap" in the "pre-proxy" section. If the packet contains a malformed EAP message, then the request will be rejected The home server will either reject (or discard) this packet anyways, so this change can only help with large proxy scenarios. * Show warnings if libldap is not using OpenSSL. * Support RADIUS/1.1. See https://datatracker.ietf.org/doc/draft-dekok-radext-radiusv11/ Disabled by default, can be enabled by passing --with-radiusv11 to the configure script. For now, this is for testing interoperability. * Add extra sanity checks for malformed EAP attributes. * More TLS debugging output. * Clear old module instance data before HUP reload. Avoids burst memory use when e.g. using large data files with rlm_files. * rlm_cache_redis is now included in the freeradius-redis packages. Bug Fixes * Don't leak MD contexts with OpenSSL 3.0. * Increase internal buffer size for TLS connections, which can help with high-load proxies. * Send Status-Server checks for TLS connections. * Give descriptive error if "update CoA" is used with "fake" packets, as it won't work. i.e. inner-tunnel and virtual home servers. * Many small ASAN / LSAN fixes from Jorge Pereira. * Close inbound RADIUS/TLS socket on TLS errors. When a home server sees a TLS error, it will now close the socket, so proxies do not have an open (but dead) TLS connection.Adam Majer2023-09-01 11:37:49 +0000
86f3098ccfAccepting request 1063506 from network
Dominique Leuenberger
2023-02-07 17:49:13 +0000
6b34ba0ef7- update to version 3.2.1: Feature Improvements * Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries * Add simultaneous-use queries for MS SQL * Add radmin command for "stats pool <module-name>" which prints out statistics about the connection pools. * Client statistics now shows "conflicts", to count conflicting packets. * New optional "lightweight accounting-on/off" strategy. When refreshing queries.conf you should also add the new nasreload table and corresponding GRANTs to your DB schema. * Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps with Eduroam. * Allow auth+acct for TCP sockets, too. * Add rlm_cache_redis. See raddb/mods-available/cache for details. * Allow radmin to look up home servers by name, too. * Ensure that dynamic clients don't create loops on duplicates * Removed rlm_sqlhpwippool. There was no documentation, no configuration, and the module was ~15 years old with no one using it. * Marked rlm_python3 as stable. * Add sigalgs_list. See raddb/mods-available/eap * For rlm_linelog, when opening files in /dev, look at "permissions" to see whether to open them r/w. * More flexibility for dynamic home servers. See doc/configuration/dynamic_home_servers.md and raddb/home_servers/README.md. * Allow setting of application_name for PostgreSQL. See mods-available/sql. Bug Fixes * Correct test for open sessions in radacct for MS SQL.Adam Majer2023-02-06 18:23:52 +0000
100684a70dAccepting request 1058729 from network
Dominique Leuenberger
2023-01-16 17:00:03 +0000
65294a38e7Accepting request 1058211 from home:schubi2:pam_usr_etcAdam Majer2023-01-16 15:13:28 +0000
e082d6be78Accepting request 1006870 from network
Richard Brown
2022-09-29 16:13:39 +0000
c89fc9c212Accepting request 1006867 from home:stroeder:branches:networkAdam Majer2022-09-29 09:02:13 +0000
dc7cbb732bAccepting request 991370 from network
Richard Brown
2022-07-28 18:58:21 +0000
d517bc32d2Accepting request 991315 from home:firstyear:branches:networkAdam Majer2022-07-27 08:52:31 +0000
984efc56c0Accepting request 952634 from network
Dominique Leuenberger
2022-02-09 19:39:08 +0000
6007a24a14Accepting request 950901 from home:scabrero:branches:networkAdam Majer2022-02-08 09:09:10 +0000
6b44f39794Accepting request 924673 from network
Dominique Leuenberger
2021-10-12 19:48:40 +0000
79ab8ece2d- remove python2 build - drop references to SLE11Adam Majer2021-10-07 16:11:57 +0000
09dea27b0a- freeradius-server-radiusd-logrotate.patch: move logrotate options into specific parts for each log as "global" options will persist past and clobber global options in the main logrotate config (bsc#1180525)Adam Majer2021-10-07 15:45:35 +0000
2ba67a0c74Accepting request 903262 from network
Dominique Leuenberger
2021-07-01 05:05:49 +0000
91edf028a2Accepting request 903141 from home:susnux:branches:networkAdam Majer2021-06-30 15:33:22 +0000
1bb0f8dbaaAccepting request 860194 from network
Dominique Leuenberger
2021-01-04 18:09:41 +0000
a5d102d662Accepting request 860192 from home:adamm:branches:network
Michael Ströder
2021-01-04 13:06:40 +0000
e52522084bAccepting request 852412 from network
Dominique Leuenberger
2020-12-02 12:58:57 +0000
d8c2e78ec4Accepting request 852406 from home:pgajdosAdam Majer2020-12-01 17:32:41 +0000
9b7f35f261Accepting request 829736 from network
Dominique Leuenberger
2020-08-29 18:35:55 +0000
a3c6eee1bblogrotate global section (bsc#1170505, bsc#1174905)Adam Majer2020-08-26 11:42:57 +0000
3bd17f8ba3- freeradius-server-radiusd-logrotate.patch: fix permissions in lograte global section (bsc#1170505, bsc#1174905)Adam Majer2020-08-26 11:35:27 +0000
11885f017aAccepting request 788266 from network
Dominique Leuenberger
2020-03-26 22:30:55 +0000
d8570d7923Accepting request 787864 from network
Dominique Leuenberger
2020-03-24 21:37:30 +0000
65823d05b2- update to 3.0.21 Feature Improvements * New stored procedure for allocating IPs with PostgreSQL Rates of 1500 IPs per second are now possible See raddb/mods-config/sql/ippool/postgresql/procedure.sql * Add SQL IP pool support for Microsoft SQL Server See raddb/mods-config/sql/ippool/mssql/ * Added RCNTEC dictionary. Closes#3168. * Added Pica8 dictionary. Closes#3179. * Add TLS-Client-Cert-Valid-Since attribute holding not Before date Patch from Boris Lytochkin. Fixes#3157. * Generate attributes containing unknown OIDs See raddb/sites-available/tls * Update the WiMAX dictionary. * Added ability to rlm_python(Python2) show a stacktrace from errors. #2979. * Add WiFi Alliance Policy OIDs. See raddb/certs/xpextensions * radmin now shows coa stats, too. * Sample schema extensions for summarizing data in SQL See mods-config/sql/main/*/process-radacct.sql * Update dictionary.aerohive, dictionary.fortinet, dictionary.arista and dictionary.erx. * Added VAS Experts dictionary. * Many updates to RPM and jenkins builds from Matthew Newton. * Added %C (time now in seconds) and %c (microsecond component of now) back-ported from the "master" branch. * Add reload capability to systemd unit file in Debian and RedHat. * Increase timestamp precision in postauth to maximum supported by each database and simplify (and make more consistent between drivers) the timestamps in SQL queries by using expansions.Adam Majer2020-03-24 15:45:52 +0000
dc40c1af74- update to 3.0.20 Feature Improvements * Added Force10 dictionary. * Update dictionary.hp with new attributes. #2690. * Update dictionary.aruba with new attributes. #2696. * Fix side-channel leak in EAP-PWD (bsc#1166858, CVE-2019-20510) * Relax OpenSSL version checks, now that their API is both public, and stable. * Note that tls_min_version/tls_max_version also support "1.3" Since there is no standard yet for EAP with TLS 1.3, it will not work. * Added tripplite dictionary from #2760. * Switch to the async interface for rlm_sql_postgresql so that we can enforce query_timeout. * Added new LDAP option 'allow_dangling_group_ref'. * Updated documentation and functionality for EAP session caching See "cache" section of mods-available/eap. * Tighten systemd unit file security. Fixes#2637. * Disable TLS 1.0 and TLS 1.1 support in the default configuration We STRONGLY recommend doing this for all installations. * Add expansions for *outgoing* Radsec connections "%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and TLS-Cert-* attributes. Fixes#2839. * Add %{listen:tls} which returns "yes" or "no" for TLS or non-TLS connections. * Update dictionary.lancom with new attributes. #2847. * Added rlm_sql_mongo. See raddb/mods-available/sql. Note that this module is experimental. * Added more documentation in sites-available/robust-proxy-accounting. * sqlippool now re-allocates unexpired leases, to prevent IP pool exhaustion when clients perform multiple reauthentication attempts * Add support to radmin keep the history in ~/.radmin_history.Adam Majer2020-03-24 14:20:37 +0000
62d6d25c98Accepting request 783861 from network
Dominique Leuenberger
2020-03-11 17:55:26 +0000
ca3a555f3dAccepting request 783843 from home:adamm:branches:network
Tomáš Chvátal
2020-03-11 13:52:40 +0000
99d5d3b3aaAccepting request 759001 from network
Dominique Leuenberger
2019-12-23 21:47:48 +0000
1f526f6e39Add missing changes entry for sr#758750Adam Majer2019-12-23 15:12:06 +0000
8b9ebc7e57Accepting request 758750 from home:j-engelAdam Majer2019-12-23 10:02:57 +0000