Navigation:
Browse pkgsrc
(this page)
net freeradi..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] 2026-05-13 11:30:43 by Adam Ciarcinski | Files touched by this commit (10) |  |
Log message: freeradius: updated to 3.2.8 FreeRADIUS 3.2.8 Wed 20 Aug 2025 12:00:00 UTC urgency=low Configuration changes * Replace dictionary.infinera with the correct one. * Update dictionary.alteon Feature improvements * Add support for automated fuzzing. This doesn't affect normal operations, but it does allow for testing of the RADIUS decoder. * Allow tagged attributes to use ":V" as a tag in some cases. The tag is then read from the value which is being assigned to the attribute. This functionality is allowed in 'update' sections, including 'update' in module configurations. See mods-available/ldap for an example. * Add kafka module. See mods-available/kafka. * Allow &control:Packet-SRC-IP-Address to be used when proxying needs a given source address. * Change lower limit for reject_delay to 0.5s. Apparently some NASes will panic and go crazy with a 1s reject_delay. * Rate limit complaints when limiting new connections. * Update raddb/certs/Makefile to support DER output. * Elapsed statistics for packets do not include proxy timers, which helps clarify where any issues are. The total time is still available by adding "our" time to the "proxy" time. * Added kafka module. See mods-available/kafka. * json module can now print dates as integers. See mods-available/json * The debug output now points to the online documentation in many cases, when there are syntax errors in the configuration. * Add support for 389ds password hashes. Patch from Gerald Vogt. * reject_delay does not _add_ a delay, but instead ensures that the reject is delayed for _at least_ that time. This change means that reject_delay can be set in more situations, including for proxies. * Add delay_proxy_rejects. By default, proxied rejects are not delayed. Setting this flag means that reject_delay is applied to proxied rejects, too. * The proxy_rate_limit module can now be listed in the "authorize" section. * Update dpsk module to be faster, and be easier to configure with databases. See mods-available/dpsk Bug fixes * Move assertion in thread / queue code, which only affects debug builds. * Update CRL checks to avoid crash in some cases. * More tweaks to the TEAP code. * Allow building when OpenSSL is missing PSK. * Move assertion so that it isn't triggered when the incoming queue is full, and the server is blocked. * Fix crash when multiple certs are used along with CRL distribution points. * Fix typo in rlm_cache which could cause crashes. * Be more forgiving about '%' in strings. * Move assertion in threading code. * Fixes to interaction with python interpreter * Don't crash when setting client hostname in RADIUS/TLS. * Ignore ".dpkg*" and ".rpm*" files when loading configuration directories. Package managers can leave these around. * Complain more loudly if all of the "authorize" etc. sections have been removed, but the server is still configured to process Access-Request packets. * Use OCIStmtPrepare2 to prepare Oracle queries. * Allow dynamic clients with TCP listeners. |
| 2026-01-07 09:49:50 by Thomas Klausner | Files touched by this commit (2525) |
Log message: *: recursive bump for icu 78.1 |
| 2025-05-06 14:07:36 by Thomas Klausner | Files touched by this commit (124) |
Log message: *: SOEXT -> SHLIB_EXT |
| 2025-04-17 23:53:13 by Thomas Klausner | Files touched by this commit (2449) |
Log message: *: recursive bump for icu 77 and libxml2 2.14 |
| 2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2428) |
Log message: *: recursive bump for icu 76 shlib major version bump |
| 2024-11-01 13:55:19 by Thomas Klausner | Files touched by this commit (2425) |
Log message: *: revbump for icu downgrade |
| 2024-11-01 01:54:33 by Thomas Klausner | Files touched by this commit (2426) |
Log message: *: recursive bump for icu 76.1 shlib bump |
| 2024-06-19 10:46:34 by Adam Ciarcinski | Files touched by this commit (11) | |
Log message:
freeradius: updated to 3.2.4
3.2.4
Configuration changes
Better handle backslashes in strings in the configuration files. If the \
configuration items contain backslashes, then behavior may change. However, the \
previous behavior didn't work as expected, and therefore is not likely to be \
used.
reject_delay no longer applies to proxied packets. All servers should now set \
reject_delay = 1 for security and scalability.
%{randstr:...} now returns the requested amount of data, instead of one too many \
bytes.
Feature improvements
Preliminary support for TEAP.
Update EAP module pre_proxy checks to make them less restrictive. This prevents \
the "middle box" effect from affecting future traffic.
Many fixes and updates for Docker images
Add dpsk module. See mods-available/dpsk
Print out what cause the TLS operations to be made, such as the EAP method name \
(peap, ttls, etc), or RADIUS/TLS listen / proxy socket.
Add auto_escape to sample SQL module config
Add 'if not exists' to mysql create table queries.
Update dictionary.aruba; add dictionary.tplink, dictionary.alphion
Allow for encrypt=1 attributes to be longer than 128 characters.
Added radsecret program which generates strong secrets. See the top of the \
clients.conf file for more information.
radclient now prints packets as hex when using -xxx.
Added -t timeout to radsniff. It will stop processing packets after seconds.
Support interface = ... on OSX and other *BSD which have IP_BOUND_IF.
The detail module now has a dates_as_integer configuration item. See \
mods-available/detail for more information.
Add lookback/lookforward steps and more configuration to totp. See \
mods-available/totp.
Add time_since xlat to calculate elapsed time in seconds, milliseconds and \
microseconds.
Support "Post-Auth-Type Challenge" in the inner tunnel. Patch from \
Alexander Clouter.
Add "proxy_dedup_window". See radiusd.conf.
Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf.
Add dedup_key for misbehaving supplicants. See mods-available/eap
Bug fixes
Fix corner case with empty defaults in rlm_files.
When we have multiple attributes of the same name, always use the canonical attribute
Make FreeRADIUS-Server-EMA* attributes work again for home server exponential \
moving average statistics.
Don't send the global server stats when asked for client stats. They use the \
same attributes, so the result is confusing.
Fix multiple typos in MongoDB query.conf
Add define for illumos.
Add client configuration for TLS PSK.
Permit originate CoA after proxying to an internal virtual server
Use virtual server default when passed -i and -p on the command line.
Fix locking issues with rlm_python3.
The detail file reader will catch bad times in the file, and will not update \
Acct-Delay-Time with extreme values.
Fix issue where Message-Authenticator was calculated incorrectly for CoA / \
Disconnect ACK and NAK packets.
Update Python thread and error handling.
Fix handling of Session-State when proxying.
Run relevant post-proxy Fail-* section on CoA / Disconnect timeout.
Add limit section to AWS health check configurtion. Fixes 35300.
Use MAX in sqlite queries instead of GREATEST.
Fix typo in Mongo queries.
Fix occasional crash with bad home servers.
Minor bug fixes to the SQL freetds modules.
Fix blocking issue with RADIUS/TLS connection checks.
Fix run-time crash on configuration typos of %{substr ...} instead of %{substr:...}
Fix crash with TLS Status-Server requests.
|
New packages: