diff options
author | adam <adam@pkgsrc.org> | 2019-12-30 18:17:22 +0000 |
---|---|---|
committer | adam <adam@pkgsrc.org> | 2019-12-30 18:17:22 +0000 |
commit | df22323049ee256512e2ae03b96f65fb62a5177f (patch) | |
tree | 195e90785f7e3faab14a638e98b6784f07841188 /net/freeradius-freetds | |
parent | 8364a51f1808b0bad7212152f73f0ec3ed4f7dd7 (diff) | |
download | pkgsrc-df22323049ee256512e2ae03b96f65fb62a5177f.tar.gz |
freeradius: updated to 3.0.20
FreeRADIUS 3.0.20 Thu 14 Nov 2019 12:00:00 EDT urgency=medium
Feature improvements
* Add Jenkins continuous integration.
Used to build http://packages.networkradius.com/
* Added Force10 dictionary.
* Update dictionary.hp with new attributes.
* Update dictionary.aruba with new attributes.
* Update logrotate settings to rotate as non-root user.
* Fix side-channel leak in EAP-PWD. Patch from Mathy Vanhoef.
* Relax OpenSSL version checks, now that their API is both
public, and stable.
* Note that tls_min_version/tls_max_version also support "1.3"
Since there is no standard yet for EAP with TLS 1.3, it
will not work.
* Added tripplite dictionary.
* Switch to the async interface for rlm_sql_postgresql so that
we can enforce query_timeout.
* Added new LDAP option 'allow_dangling_group_ref'.
* Updated documentation and functionality for EAP session caching.
See "cache" section of mods-available/eap.
* Tighten systemd unit file security.
* Disable TLS 1.0 and TLS 1.1 support in the default configuration.
We STRONGLY recommend doing this for all installations.
* Add expansions for *outgoing* Radsec connections.
"%{proxy_listen:TLS-...}" for TLS-Client-Cert-* and TLS-Cert-*
attributes.
* Add %{listen:tls} which returns "yes" or "no" for TLS or non-TLS
connections.
* Update dictionary.lancom with new attributes.
* Added rlm_sql_mongo. See raddb/mods-available/sql. Note that
this module is experimental.
* Added more documentation in sites-available/robust-proxy-accounting
* sqlippool now re-allocates unexpired leases, to prevent IP pool
exhaustion when clients perform multiple reauthentication attempts.
Patch from Terry Burton.
* Add support to radmin keep the history in ~/.radmin_history
* Add support for ENV and LD_PRELOAD in radiusd.conf. See the new
ENV sub-section of radiusd.conf.
* Update dictionary.aptilo.
* Update dictionary.airespace.
* Add sites-available/coa-relay, which makes CoA easier.
Patch from Terry Burton.
* Add example stored procedure for IP Pools in MySQL.
See mods-config/sql/ippool/mysql/procedure.sql
Patch from Terry Burton.
* Update dictionary.dhcp dictionary with the recent hardware types.
* Add experimental rlm_python3. This should largely work the same
as rlm_python, which was Python2 only.
* Add Dockerfiles for Debian10 and CentOS8.
* Add RPM spec file compatibility for RHEL/CentOS 8.
* Notes on iOS 13 certificate issues. See
https://support.apple.com/en-us/HT210176.
* Notes on certificate constraints. See raddb/certs/server.cnf.
* Add NAIRealm example to raddb/certs/server.cnf, for RFC 7585.
Bug fixes
* Allow listen.ipaddr to reference an IPv6-only host.
* ERX-Acct-Request-Reason is "integer".
* Fix a slow memory leak in the file management code.
* Try to fix file permissions if they get modified while
the server is running.
* Fix slow memory leak with clients.
* Fix request and connection timeouts in rlm_rest.
* Fix systemd issues. Patches from Daniele Rondina.
* Fixes from clang analyzer.
* Fix missing include for the dictionaries: alcatel.esam,
altiga,alvarion.wimax.v2_2,aptis,asn,audiocodes,avaya,bristol,
columbia_university,freedhcp,garderos,infoblox,motorola.illegal,
starent.vsa1, telkom, wimax.wichorus.
* Fix internal sanity check when running with "-Xx"
* Allow "inner-tunnel" virtual servers to work better with
"accept" and "reject" policies.
* Fix dictionary.huawei data types for Huawei-DNS-Server-IPv6-address
and Huawei-Framed-IPv6-Address.
* Framed-Interface-ID in postgresql/queries.conf is string, not inet
* Fix rlm_cache to complain on unknown attributes in the
"update" section of its configuration.
* Add configure checks for -latomic. This helps on armel, mips
and mipsel.
* Add support to Oracle 19 and 18.
* Add support for decoding tags in rlm_rest.
* Use correct passwords when updating CRLs in raddb/certs/
* Properly separate "originate-coa" packets when accounting packets
are read from the detail file reader.
* Use the correct virtual server for pre/post-proxy.
* radsqlrelay fixes backported from "master" branch.
Patches from Terry Burton.
* Fix DoS issues due to multithreaded BN_CTX access.
Patch from Mathy Vanhoef. CVE-2019-17185
Diffstat (limited to 'net/freeradius-freetds')
-rw-r--r-- | net/freeradius-freetds/Makefile | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/net/freeradius-freetds/Makefile b/net/freeradius-freetds/Makefile index 9fafc10a4b8..b1e378cca63 100644 --- a/net/freeradius-freetds/Makefile +++ b/net/freeradius-freetds/Makefile @@ -1,6 +1,5 @@ -# $NetBSD: Makefile,v 1.8 2019/07/20 22:46:37 wiz Exp $ +# $NetBSD: Makefile,v 1.9 2019/12/30 18:17:22 adam Exp $ -PKGREVISION= 1 .include "../../net/freeradius/Makefile.module" PKGNAME= ${DISTNAME:S/-server/-freetds/} |