pool/freeradius-server
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 7ebd950bca Accepting request 1195073 from network factory Ana Guerrero 2024-08-22 16:13:13 +0000
  • f91e3ccd6e - update to 3.2.5 Feature Improvements * TOTP now supports TOTP-Time-Offset for tokens with times that are out of sync. See mods-available/totp. * radclient now supports forcing the Request Authenticator and ID for Access-Request packets. * Update dictionary.3gpp. * Update advice on shared secrets, including suggesting a secure method for generating useful secrets. Bug Fixes * Allow proxying by pool / home server name to work with auth+acct servers. * Fix OpenSSL API usage which sometimes caused crash in MS-CHAP Previously it would either always crash immediately, or never crash. * Fix packet statistics. Stop double counting some packets, and track packet statistics even if a socket is closed. * Reverted patch in TTLS which broke compatibility with some systems. * Don't crash in debug mode when multiple intermediate certs are used Patch from Alexander Chernikov. Dirk Mueller 2024-08-21 11:13:44 +0000
  • 2ddd73e0da Accepting request 1177967 from network Ana Guerrero 2024-05-31 20:18:26 +0000
  • bf36e9641a changelog update only Adam Majer 2024-05-31 14:54:19 +0000
  • 02f9ae48b0 - update to 3.2.4 Feature Improvements * Preliminary support for TEAP. * Update EAP module pre_proxy checks to make them less restrictive This prevents the "middle box" effect from affecting future traffic. * Many fixes and updates for Docker images. * Add dpsk module. See mods-available/dpsk. * Print out what cause the TLS operations to be made, such as the EAP method name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket. * Add auto_escape to sample SQL module config. * Add 'if not exists' to mysql create table queries. * Update dictionary.aruba; add dictionary.tplink, dictionary.alphion. * Allow for 'encrypt=1' attributes to be longer than 128 characters. * Added "radsecret" program which generates strong secrets. See the top of the "clients.conf" file for more information. * radclient now prints packets as hex when using -xxx. * Added "-t timeout" to radsniff. It will stop processing packets after <timeout> seconds. * Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF. * The detail module now has a "dates_as_integer" configuration item See mods-available/detail for more information. * Add lookback/lookforward steps and more configuration to totp. See mods-available/totp. * Add "time_since" xlat to calculate elapsed time in seconds, milliseconds and microseconds. * Support "Post-Auth-Type Challenge" in the inner tunnel. * Add "proxy_dedup_window". See radiusd.conf. * Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf. * Add "dedup_key" for misbehaving supplicants. See mods-available/eap. Bug Fixes Adam Majer 2024-05-31 14:47:06 +0000
  • 2bb7f5eecf Accepting request 1148113 from network Ana Guerrero 2024-02-20 20:15:57 +0000
  • ebd73b1876 Accepting request 1147358 from home:cboltz:branches:network Dominique Leuenberger 2024-02-20 14:45:39 +0000
  • 0de1b7dabd Accepting request 1145150 from network Ana Guerrero 2024-02-08 18:03:49 +0000
  • 30b14f60b6 Accepting request 1144489 from home:msmeissn:branches:network Adam Majer 2024-02-08 11:39:44 +0000
  • 3a5a3c77ce Accepting request 1121419 from network Ana Guerrero 2023-10-31 19:26:27 +0000
  • 8c5428e4e0 CVE numbers Adam Majer 2023-10-31 11:20:42 +0000
  • 7137d48870 CVE references added only Adam Majer 2023-10-31 11:18:05 +0000
  • 222d4cad44 Accepting request 1108446 from network Ana Guerrero 2023-09-01 12:21:56 +0000
  • 10a4af9426 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=162 Adam Majer 2023-09-01 11:42:24 +0000
  • 1b4e5f1e09 - update to version 3.2.3: Feature Improvements * Add "max_retries" for connection pools. Fixes #4908. * Update dictionary.ciena, dictionary.huawei, dictionary.wifialliance and dictionary.wispr; add dictionary.eleven. * You can now list "eap" in the "pre-proxy" section. If the packet contains a malformed EAP message, then the request will be rejected The home server will either reject (or discard) this packet anyways, so this change can only help with large proxy scenarios. * Show warnings if libldap is not using OpenSSL. * Support RADIUS/1.1. See https://datatracker.ietf.org/doc/draft-dekok-radext-radiusv11/ Disabled by default, can be enabled by passing --with-radiusv11 to the configure script. For now, this is for testing interoperability. * Add extra sanity checks for malformed EAP attributes. * More TLS debugging output. * Clear old module instance data before HUP reload. Avoids burst memory use when e.g. using large data files with rlm_files. * rlm_cache_redis is now included in the freeradius-redis packages. Bug Fixes * Don't leak MD contexts with OpenSSL 3.0. * Increase internal buffer size for TLS connections, which can help with high-load proxies. * Send Status-Server checks for TLS connections. * Give descriptive error if "update CoA" is used with "fake" packets, as it won't work. i.e. inner-tunnel and virtual home servers. * Many small ASAN / LSAN fixes from Jorge Pereira. * Close inbound RADIUS/TLS socket on TLS errors. When a home server sees a TLS error, it will now close the socket, so proxies do not have an open (but dead) TLS connection. Adam Majer 2023-09-01 11:37:49 +0000
  • 86f3098ccf Accepting request 1063506 from network Dominique Leuenberger 2023-02-07 17:49:13 +0000
  • 6b34ba0ef7 - update to version 3.2.1: Feature Improvements * Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries * Add simultaneous-use queries for MS SQL * Add radmin command for "stats pool <module-name>" which prints out statistics about the connection pools. * Client statistics now shows "conflicts", to count conflicting packets. * New optional "lightweight accounting-on/off" strategy. When refreshing queries.conf you should also add the new nasreload table and corresponding GRANTs to your DB schema. * Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps with Eduroam. * Allow auth+acct for TCP sockets, too. * Add rlm_cache_redis. See raddb/mods-available/cache for details. * Allow radmin to look up home servers by name, too. * Ensure that dynamic clients don't create loops on duplicates * Removed rlm_sqlhpwippool. There was no documentation, no configuration, and the module was ~15 years old with no one using it. * Marked rlm_python3 as stable. * Add sigalgs_list. See raddb/mods-available/eap * For rlm_linelog, when opening files in /dev, look at "permissions" to see whether to open them r/w. * More flexibility for dynamic home servers. See doc/configuration/dynamic_home_servers.md and raddb/home_servers/README.md. * Allow setting of application_name for PostgreSQL. See mods-available/sql. Bug Fixes * Correct test for open sessions in radacct for MS SQL. Adam Majer 2023-02-06 18:23:52 +0000
  • 100684a70d Accepting request 1058729 from network Dominique Leuenberger 2023-01-16 17:00:03 +0000
  • 65294a38e7 Accepting request 1058211 from home:schubi2:pam_usr_etc Adam Majer 2023-01-16 15:13:28 +0000
  • e082d6be78 Accepting request 1006870 from network Richard Brown 2022-09-29 16:13:39 +0000
  • c89fc9c212 Accepting request 1006867 from home:stroeder:branches:network Adam Majer 2022-09-29 09:02:13 +0000
  • dc7cbb732b Accepting request 991370 from network Richard Brown 2022-07-28 18:58:21 +0000
  • d517bc32d2 Accepting request 991315 from home:firstyear:branches:network Adam Majer 2022-07-27 08:52:31 +0000
  • 984efc56c0 Accepting request 952634 from network Dominique Leuenberger 2022-02-09 19:39:08 +0000
  • 6007a24a14 Accepting request 950901 from home:scabrero:branches:network Adam Majer 2022-02-08 09:09:10 +0000
  • 6b44f39794 Accepting request 924673 from network Dominique Leuenberger 2021-10-12 19:48:40 +0000
  • 26e7da035a Add missing bug report in the log Adam Majer 2021-10-11 15:33:41 +0000
  • 7ee5f1b20e Accepting request 924184 from network Dominique Leuenberger 2021-10-11 13:31:04 +0000
  • f32c5e805c Accepting request 924111 from home:stroeder:branches:network Michael Ströder 2021-10-07 21:50:17 +0000
  • 2a57c2d648 OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=149 Adam Majer 2021-10-07 16:47:23 +0000
  • 79ab8ece2d - remove python2 build - drop references to SLE11 Adam Majer 2021-10-07 16:11:57 +0000
  • 09dea27b0a - freeradius-server-radiusd-logrotate.patch: move logrotate options into specific parts for each log as "global" options will persist past and clobber global options in the main logrotate config (bsc#1180525) Adam Majer 2021-10-07 15:45:35 +0000
  • 2ba67a0c74 Accepting request 903262 from network Dominique Leuenberger 2021-07-01 05:05:49 +0000
  • 91edf028a2 Accepting request 903141 from home:susnux:branches:network Adam Majer 2021-06-30 15:33:22 +0000
  • 1bb0f8dbaa Accepting request 860194 from network Dominique Leuenberger 2021-01-04 18:09:41 +0000
  • a5d102d662 Accepting request 860192 from home:adamm:branches:network Michael Ströder 2021-01-04 13:06:40 +0000
  • e52522084b Accepting request 852412 from network Dominique Leuenberger 2020-12-02 12:58:57 +0000
  • d8c2e78ec4 Accepting request 852406 from home:pgajdos Adam Majer 2020-12-01 17:32:41 +0000
  • 9b7f35f261 Accepting request 829736 from network Dominique Leuenberger 2020-08-29 18:35:55 +0000
  • a3c6eee1bb logrotate global section (bsc#1170505, bsc#1174905) Adam Majer 2020-08-26 11:42:57 +0000
  • 3bd17f8ba3 - freeradius-server-radiusd-logrotate.patch: fix permissions in lograte global section (bsc#1170505, bsc#1174905) Adam Majer 2020-08-26 11:35:27 +0000
  • 11885f017a Accepting request 788266 from network Dominique Leuenberger 2020-03-26 22:30:55 +0000
  • 5008745954 Fix bugnumbers only Adam Majer 2020-03-25 16:15:45 +0000
  • d8570d7923 Accepting request 787864 from network Dominique Leuenberger 2020-03-24 21:37:30 +0000
  • 65823d05b2 - update to 3.0.21 Feature Improvements * New stored procedure for allocating IPs with PostgreSQL Rates of 1500 IPs per second are now possible See raddb/mods-config/sql/ippool/postgresql/procedure.sql * Add SQL IP pool support for Microsoft SQL Server See raddb/mods-config/sql/ippool/mssql/ * Added RCNTEC dictionary. Closes #3168. * Added Pica8 dictionary. Closes #3179. * Add TLS-Client-Cert-Valid-Since attribute holding not Before date Patch from Boris Lytochkin. Fixes #3157. * Generate attributes containing unknown OIDs See raddb/sites-available/tls * Update the WiMAX dictionary. * Added ability to rlm_python(Python2) show a stacktrace from errors. #2979. * Add WiFi Alliance Policy OIDs. See raddb/certs/xpextensions * radmin now shows coa stats, too. * Sample schema extensions for summarizing data in SQL See mods-config/sql/main/*/process-radacct.sql * Update dictionary.aerohive, dictionary.fortinet, dictionary.arista and dictionary.erx. * Added VAS Experts dictionary. * Many updates to RPM and jenkins builds from Matthew Newton. * Added %C (time now in seconds) and %c (microsecond component of now) back-ported from the "master" branch. * Add reload capability to systemd unit file in Debian and RedHat. * Increase timestamp precision in postauth to maximum supported by each database and simplify (and make more consistent between drivers) the timestamps in SQL queries by using expansions. Adam Majer 2020-03-24 15:45:52 +0000
  • 415f44c27c Remove git files from installation Adam Majer 2020-03-24 14:47:55 +0000
  • dc40c1af74 - update to 3.0.20 Feature Improvements * Added Force10 dictionary. * Update dictionary.hp with new attributes. #2690. * Update dictionary.aruba with new attributes. #2696. * Fix side-channel leak in EAP-PWD (bsc#1166858, CVE-2019-20510) * Relax OpenSSL version checks, now that their API is both public, and stable. * Note that tls_min_version/tls_max_version also support "1.3" Since there is no standard yet for EAP with TLS 1.3, it will not work. * Added tripplite dictionary from #2760. * Switch to the async interface for rlm_sql_postgresql so that we can enforce query_timeout. * Added new LDAP option 'allow_dangling_group_ref'. * Updated documentation and functionality for EAP session caching See "cache" section of mods-available/eap. * Tighten systemd unit file security. Fixes #2637. * Disable TLS 1.0 and TLS 1.1 support in the default configuration We STRONGLY recommend doing this for all installations. * Add expansions for *outgoing* Radsec connections "%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and TLS-Cert-* attributes. Fixes #2839. * Add %{listen:tls} which returns "yes" or "no" for TLS or non-TLS connections. * Update dictionary.lancom with new attributes. #2847. * Added rlm_sql_mongo. See raddb/mods-available/sql. Note that this module is experimental. * Added more documentation in sites-available/robust-proxy-accounting. * sqlippool now re-allocates unexpired leases, to prevent IP pool exhaustion when clients perform multiple reauthentication attempts * Add support to radmin keep the history in ~/.radmin_history. Adam Majer 2020-03-24 14:20:37 +0000
  • 62d6d25c98 Accepting request 783861 from network Dominique Leuenberger 2020-03-11 17:55:26 +0000
  • ca3a555f3d Accepting request 783843 from home:adamm:branches:network Tomáš Chvátal 2020-03-11 13:52:40 +0000
  • 99d5d3b3aa Accepting request 759001 from network Dominique Leuenberger 2019-12-23 21:47:48 +0000
  • 1f526f6e39 Add missing changes entry for sr#758750 Adam Majer 2019-12-23 15:12:06 +0000
  • 8b9ebc7e57 Accepting request 758750 from home:j-engel Adam Majer 2019-12-23 10:02:57 +0000
  • d2bfda64eb Revert last commit Adam Majer 2019-08-07 13:54:17 +0000
  • eb5e37fca6 Add more CVE references to last version update Adam Majer 2019-08-07 12:15:53 +0000
  • bd91892569 Accepting request 707189 from network Dominique Leuenberger 2019-06-03 16:58:17 +0000
  • b207fee127 Backport from SLE license install changes Adam Majer 2019-06-03 14:00:53 +0000
  • f8246434f2 Accepting request 705679 from network Dominique Leuenberger 2019-05-28 07:43:13 +0000
  • 6b234e6773 CVE was already fixed long ago and we didn't notice Adam Majer 2019-05-27 13:22:14 +0000
  • 838fd1d444 Use correct jira entry Adam Majer 2019-05-27 12:41:10 +0000
  • 9599255642 - update to 3.0.19 (jira#SLE-5107) Adam Majer 2019-05-27 12:40:05 +0000
  • c1ac5290fe - CVE-2019-10143.patch: fix potential privilege escalation due to insecure logrotation permissions (bsc#1136195, CVE-2019-10143) Adam Majer 2019-05-27 12:33:30 +0000
  • 1593aaad80 Adding another bug reference from upstream update Adam Majer 2019-04-16 16:26:01 +0000
  • 635cb7e662 Add bug numbers to .changes file Adam Majer 2019-04-16 11:39:10 +0000
  • 6f93da4522 Accepting request 693123 from network Dominique Leuenberger 2019-04-11 10:20:16 +0000
  • 2a9164d43c Accepting request 693007 from home:stroeder:branches:network Adam Majer 2019-04-11 07:51:12 +0000
  • 12914b2ccb Accepting request 679792 from network Stephan Kulow 2019-02-28 20:43:53 +0000
  • ff04302a52 - reformat changelog mostly by wrapping lines - add missing bug numbers for security fixes Adam Majer 2019-02-27 11:50:42 +0000
  • 35096a5f1d Accepting request 679659 from home:stroeder:branches:network Adam Majer 2019-02-27 11:28:47 +0000
  • 8e4bb705b1 Accepting request 619197 from network Dominique Leuenberger 2018-06-27 08:22:42 +0000
  • 7a23e70bb4 Accepting request 619196 from home:stroeder:branches:network Michael Ströder 2018-06-26 18:25:55 +0000
  • f480aff111 Accepting request 597709 from network Dominique Leuenberger 2018-04-20 15:29:23 +0000
  • 16eca59475 Accepting request 597707 from home:stroeder:branches:network Michael Ströder 2018-04-18 08:37:20 +0000
  • 516e10916c Accepting request 564437 from network Dominique Leuenberger 2018-01-22 15:17:13 +0000
  • f4f7f11d57 Accepting request 563800 from home:stroeder:branches:network OBS User mrdocs 2018-01-15 00:19:02 +0000
  • 840bbbea92 Accepting request 527291 from network Dominique Leuenberger 2017-09-20 15:12:10 +0000
  • b0d20bd6c1 - Fix permissions of radiusd.service (bnc#1053654): Adam Majer 2017-09-19 11:58:57 +0000
  • 58b7d01fb6 Accepting request 518837 from network Dominique Leuenberger 2017-08-28 13:17:19 +0000
  • dd94d16c92 Accepting request 518718 from home:varkoly:branches:network OBS User mrdocs 2017-08-26 03:12:02 +0000
  • de3b2ecdb1 Accepting request 511084 from network Dominique Leuenberger 2017-07-19 09:22:21 +0000
  • bbd77fa15f Accepting request 511049 from home:stroeder:branches:network Adam Majer 2017-07-18 08:02:28 +0000
  • 0fa9cf1c51 Accepting request 499629 from network Dominique Leuenberger 2017-05-31 10:19:49 +0000
  • 44d1db1d6e Accepting request 499628 from home:adamm:branches:network Adam Majer 2017-05-30 09:15:48 +0000
  • 1967e79fb9 Accepting request 480000 from network Dominique Leuenberger 2017-03-20 16:09:16 +0000
  • 2e31162933 - update to 3.0.13 (still FATE#322416) Adam Majer 2017-03-13 13:14:24 +0000
  • 8bb61fb781 Accepting request 477789 from network Dominique Leuenberger 2017-03-12 19:04:03 +0000
  • bb21ee0f50 Accepting request 477604 from home:stroeder:branches:network Adam Majer 2017-03-08 16:03:06 +0000
  • 99cb6580b4 Accepting request 459264 from network Dominique Leuenberger 2017-03-02 18:27:14 +0000
  • 3c66ce82fa Accepting request 459251 from home:kukuk:branches:network Adam Majer 2017-02-20 14:45:54 +0000
  • b32d9ac74a Accepting request 455207 from network Dominique Leuenberger 2017-02-09 10:16:19 +0000
  • ee5d96b532 fix capitalization typo in changes file. Adam Majer 2017-02-07 09:34:18 +0000
  • 5d3beec849 Accepting request 453646 from home:adamm:branches:network Adam Majer 2017-02-06 10:58:11 +0000
  • bb915e8574 Accepting request 448419 from network Dominique Leuenberger 2017-01-11 11:03:13 +0000
  • 849b165adf Accepting request 448405 from home:jengelh:branches:network Adam Majer 2017-01-01 15:34:14 +0000
  • 2c69e3c471 Accepting request 432174 from network Dominique Leuenberger 2016-10-01 22:09:59 +0000
  • a53ba595f6 Accepting request 432086 from home:stroeder:branches:network Adam Majer 2016-10-01 16:12:11 +0000
  • 92d2a14f65 Accepting request 425081 from network Dominique Leuenberger 2016-09-08 15:38:54 +0000
  • 122c166ff2 Accepting request 425076 from home:adamm:branches:network Ismail Dönmez 2016-09-06 11:59:19 +0000
  • de056174c5 Accepting request 355853 from network Dominique Leuenberger 2016-01-28 16:23:25 +0000
  • 8f53a8841d Accepting request 355850 from home:stroeder:branches:network Rusmir Duško 2016-01-25 22:13:32 +0000
  • 80728b464b Accepting request 336653 from network Dominique Leuenberger 2015-10-06 11:27:54 +0000