![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.NetBSD.org] / pkgsrc / net / radsecproxy
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.16 / (download) - annotate - [select for diffs], Tue Oct 24 22:10:32 2023 UTC (6 weeks, 5 days ago) by wiz
Branch: MAIN
CVS Tags: HEAD
Changes since 1.15: +2 -1
lines
Diff to previous 1.15 (colored)
*: bump for openssl 3
Revision 1.15 / (download) - annotate - [select for diffs], Fri May 26 15:06:05 2023 UTC (6 months, 2 weeks ago) by he
Branch: MAIN
CVS Tags: pkgsrc-2023Q3-base,
pkgsrc-2023Q3,
pkgsrc-2023Q2-base,
pkgsrc-2023Q2
Changes since 1.14: +2 -2
lines
Diff to previous 1.14 (colored)
Update radsecproxy to version 1.10.0.
Pkgsrc changes:
* Only checksums.
Upstream changes:
2023-05-26 1.10.0
New features:
- Native dynamic discovery for NAPTR and SRV records (#2, #83)
- Optionally log accounting requests when respoinding directly (#72)
- SNI support for outgoing connections (#90)
- Optionally specify server name for certificate name check (#106)
- Manual MTU setting for DTLS on non-linux platforms
Misc:
- Don't require server type to be set by dyndisc scripts
- Improve locating openssl lib using pkg-config
Bug Fixes:
- Fix radius message length handling
2023-05-02 1.9.3
Bug Fixes:
- Fix shutdown TLS connection on malformed radius message (#122)
- Fix handling of lost requests in DTLS
- Fix flush requests when dyndisc fails
Revision 1.14 / (download) - annotate - [select for diffs], Mon Jan 23 16:14:17 2023 UTC (10 months, 2 weeks ago) by he
Branch: MAIN
CVS Tags: pkgsrc-2023Q1-base,
pkgsrc-2023Q1
Changes since 1.13: +2 -2
lines
Diff to previous 1.13 (colored)
Update radsecproxy to version 1.9.2.
Pkgsrc changes:
* Only checksums.
Upstream changes:
2023-01-23 1.9.2
Bug Fixes:
- Fix potential segfault in tcp log message
- Fix DTLS over IPv6
- Fix SSL shutdown/EOF for openssl 3.x (#108)
Revision 1.13 / (download) - annotate - [select for diffs], Tue Oct 26 09:54:35 2021 UTC (2 years, 1 month ago) by he
Branch: MAIN
CVS Tags: pkgsrc-2022Q4-base,
pkgsrc-2022Q4,
pkgsrc-2022Q3-base,
pkgsrc-2022Q3,
pkgsrc-2022Q2-base,
pkgsrc-2022Q2,
pkgsrc-2022Q1-base,
pkgsrc-2022Q1,
pkgsrc-2021Q4-base,
pkgsrc-2021Q4
Changes since 1.12: +2 -2
lines
Diff to previous 1.12 (colored)
Update radsecproxy to version 1.9.1.
Pkgsrc changes:
* None.
Upstream changes:
2021-10-25 1.9.1
Misc:
- OpenSSL 3.0 compatibility (#70)
Bug Fixes:
- Fix refused startup with openssl <1.1 (#82)
- Fix compiler issue for Fedora 33 on s390x (#84)
- Fix small memory leak in config parser
- Fix lazy certificate check when connecting to TLS servers
- Fix connect is aborted if first host in list has invalid certificate
- Fix setstacksize for glibc 2.34 (#91)
- Fix system defaults/settings for TLS version not honored (#92)
Revision 1.12 / (download) - annotate - [select for diffs], Fri May 28 06:20:33 2021 UTC (2 years, 6 months ago) by he
Branch: MAIN
CVS Tags: pkgsrc-2021Q3-base,
pkgsrc-2021Q3,
pkgsrc-2021Q2-base,
pkgsrc-2021Q2
Changes since 1.11: +2 -3
lines
Diff to previous 1.11 (colored)
Update radsecproxy to version 1.9.0.
Upstream changes:
2021-05-28 1.9.0
New features:
- Accept multiple source* configs for IPv4/v6
- Specify source per server
- User configurable cipher-list and ciphersuites
- User configurable TLS versions
- Config option for DH-file
- Add rID and otherName options to certifcateAttributeCheck
- Allow multiple matchCertificateAttribute
- Option to start dynamic server in blocking mode
Misc:
- Move radsecproxy manpage to section 8
- Log CUI and operator-name if present
- Log CN for incomming TLS connections
Bug Fixes:
- Fix overlapping log lines
- Fix memory leak in logging
- Fix dynidsc example scripts input validation (CVE-2021-32642)
2020-08-06 1.8.2
Bug fixes:
- Fix wrong config-unhexing if %25 (%) occurs
- Fix compatibility with GCC 10 (#63)
- Fix spelling in manpage
- Fix modifyVendorAttribute not applied (#62)
- Fix unncessary status-server when in minimal mode (#61)
Revision 1.11 / (download) - annotate - [select for diffs], Fri May 22 10:56:31 2020 UTC (3 years, 6 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2021Q1-base,
pkgsrc-2021Q1,
pkgsrc-2020Q4-base,
pkgsrc-2020Q4,
pkgsrc-2020Q3-base,
pkgsrc-2020Q3,
pkgsrc-2020Q2-base,
pkgsrc-2020Q2
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
revbump after updating security/nettle
Revision 1.10 / (download) - annotate - [select for diffs], Mon Apr 20 00:43:28 2020 UTC (3 years, 7 months ago) by joerg
Branch: MAIN
Changes since 1.9: +2 -2
lines
Diff to previous 1.9 (colored)
Fix ctype use. Bump revision.
Revision 1.9 / (download) - annotate - [select for diffs], Sat Jan 18 21:50:25 2020 UTC (3 years, 10 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2020Q1-base,
pkgsrc-2020Q1
Changes since 1.8: +2 -1
lines
Diff to previous 1.8 (colored)
*: Recursive revision bump for openssl 1.1.1.
Revision 1.8 / (download) - annotate - [select for diffs], Sun Nov 3 11:45:52 2019 UTC (4 years, 1 month ago) by rillig
Branch: MAIN
CVS Tags: pkgsrc-2019Q4-base,
pkgsrc-2019Q4
Changes since 1.7: +2 -2
lines
Diff to previous 1.7 (colored)
net: align variable assignments pkglint -Wall -F --only aligned --only indent -r No manual corrections.
Revision 1.7 / (download) - annotate - [select for diffs], Tue Oct 1 16:38:08 2019 UTC (4 years, 2 months ago) by he
Branch: MAIN
Changes since 1.6: +2 -2
lines
Diff to previous 1.6 (colored)
Update radsecproxy to version 1.8.1. Pkgsrc changes: * None. Upstream changes: 2019-10-01 1.8.1 Bug fixes: - Handle Tunnel-Password attribute correctly - Fix BSD platform issues - Fix spelling in log messages and manpages - Fix compile issues for unit tests - Don't hardcode location of config files
Revision 1.6 / (download) - annotate - [select for diffs], Wed Sep 11 11:51:22 2019 UTC (4 years, 3 months ago) by he
Branch: MAIN
CVS Tags: pkgsrc-2019Q3-base,
pkgsrc-2019Q3
Changes since 1.5: +11 -7
lines
Diff to previous 1.5 (colored)
Update radsecproxy to version 1.8.0.
Pkgsrc changes:
* The hosting of radsecproxy has changed to github.com.
* Add dependency on nettle.
* Update LICENSE, now only modified-bsd.
* Use gmake to build to avoid a couple of warnings.
* Relinquish exclusive maintainership.
Upstream changes:
20190704 1.8.0
New features:
- Rewrite: supplement attribute (add attribute if not present) (#19)
- Rewrite: modify vendor attribute
- Rewrite whitelist mode
- Autodetect status-server capability of servers
- Minimalistic status-server
- Explicit SubjectAltName:DNS and :IP match on certificates
Misc:
- No longer require docbook2x tools, but include plain manpages
- Fail on startup if overlapping clients with different tls blocks
Compile fixes:
- Fix compile issues on bsd
Bug fixes:
- Handle %00 in config correctly (#31)
- Fix server selection when udp were unreachable for long periods
2018-09-03 1.7.2
Misc:
- Always copy proxy-state attributes in own responses
- Authenticate own access-reject responses
- Retry outstanding requests after connection reset
Compile fixes:
- Fix compile issues on some platforms (#14)
- Fix compile issue when dtls disabled (#16)
- Fix compile issue on Cygwin (#18)
- Fix radsecproxy.conf manpage not installed when docbook2x
not available
Bug fixes:
- Fix request might be dropped if udp client uses multiple source ports
- Fix tls output might drop requests under high load
- Check for IP literals in Certificate SubjectAltName:DNS records
- Fix tls connection might hang during SSL_connect and SSL_accept
2018-07-05 1.7.1
License and copyright changes:
- Copyright SWITCH
- 3-clause BSD license only, no GPL.
Enhancements:
- Support the use of OpenSSL version 1.1 and 1.0 series
(RADSECPROXY-66, RADSECPROXY-74).
- Reload TLS certificate CRLs on SIGHUP (RADSECPROXY-78).
- Make use of SO_KEEPALIVE for tcp sockets (RADSECPROXY-12).
- Optionally include the thread-id in log messages
- Allow hashing MAC addresses in the log (same as for F-Ticks)
- Log certificate subject if rejected
- Log own responses (RADSECPROXY-61)
- Allow f-ticks prefix to be configured
- radsecproxy-hash: allow MAC addresses to be passed on command line
Misc:
- libnettle is now an unconditional dependency.
- FTicks support is now on by default and not optional.
- Experimental code for dynamic discovery has been removed.
- Replace several server status bits with a single state enum.
(RADSECPROXY-71)
- Use poll instead of select to allow > 1000 concurrent connections.
- Implement locking for all SSL objects (openssl states it
is not thread-safe)
- Rework DTLS code.
Bug fixes:
- Detect the presence of docbook2x-man correctly.
- Make clang less unhappy.
- Don't use a smaller pthread stack size than what's allowed.
- Avoid a deadlock situation with dynamic servers (RADSECPROXY-73).
- Don't forget about good dynamically discovered (TLS) connections
(RADSECPROXY-69).
- Fix refcounting in error cases when loading configuration
(RADSECPROXY-42)
- Fix potential crash when rewriting malformed vendor attributes.
- Properly cleanup expired requests from server output-queue.
- Fix crash when dynamic discovered server doesn't resolve.
Revision 1.5 / (download) - annotate - [select for diffs], Thu Aug 3 11:30:45 2017 UTC (6 years, 4 months ago) by he
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base,
pkgsrc-2019Q2,
pkgsrc-2019Q1-base,
pkgsrc-2019Q1,
pkgsrc-2018Q4-base,
pkgsrc-2018Q4,
pkgsrc-2018Q3-base,
pkgsrc-2018Q3,
pkgsrc-2018Q2-base,
pkgsrc-2018Q2,
pkgsrc-2018Q1-base,
pkgsrc-2018Q1,
pkgsrc-2017Q4-base,
pkgsrc-2017Q4,
pkgsrc-2017Q3-base,
pkgsrc-2017Q3
Changes since 1.4: +4 -5
lines
Diff to previous 1.4 (colored)
Update radsecproxy to version 1.6.9.
Pkgsrc changes:
* The hosting of radsecproxy has changed to nordu.net.
Upstream changes:
2017-08-02 1.6.9
Misc:
- Use a listen(2) backlog of 128 (RADSECPROXY-72).
Bug fixes:
- Don't follow NULL the pointer at debug level 5 (RADSECPROXY-68).
- Completely reload CAs and CRLs with cacheExpiry (RADSECPROXY-50).
- Tie Access-Request log lines to response log lines (RADSECPROXY-60).
- Fix a couple of memory leaks and NULL ptr derefs in error cases.
- Take lock on realm refcount before updating it (RADSECPROXY-77).
2016-09-21 1.6.8
Bug fixes:
- Stop waiting on writable when reading a TCP socket.
- Stomp less on the memory of other threads (RADSECPROXY-64).
2016-03-14 1.6.7
Enhancements (security):
- Negotiate TLS1.1, TLS1.2 and DTLS1.2 when possible, client and
server side. Fixes RADSECPROXY-62.
Enhancements:
- Build HTML documentation properly.
Revision 1.4 / (download) - annotate - [select for diffs], Sun Sep 18 23:13:13 2016 UTC (7 years, 2 months ago) by wiedi
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base,
pkgsrc-2017Q2,
pkgsrc-2017Q1-base,
pkgsrc-2017Q1,
pkgsrc-2016Q4-base,
pkgsrc-2016Q4,
pkgsrc-2016Q3-base,
pkgsrc-2016Q3
Changes since 1.3: +3 -2
lines
Diff to previous 1.3 (colored)
help configure find openssl
Revision 1.3 / (download) - annotate - [select for diffs], Sat Mar 5 11:29:11 2016 UTC (7 years, 9 months ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base,
pkgsrc-2016Q2,
pkgsrc-2016Q1-base,
pkgsrc-2016Q1
Changes since 1.2: +2 -1
lines
Diff to previous 1.2 (colored)
Bump PKGREVISION for security/openssl ABI bump.
Revision 1.2 / (download) - annotate - [select for diffs], Sun Mar 15 19:10:28 2015 UTC (8 years, 8 months ago) by tnn
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base,
pkgsrc-2015Q4,
pkgsrc-2015Q3-base,
pkgsrc-2015Q3,
pkgsrc-2015Q2-base,
pkgsrc-2015Q2,
pkgsrc-2015Q1-base,
pkgsrc-2015Q1
Changes since 1.1: +2 -1
lines
Diff to previous 1.1 (colored)
needs openssl
Revision 1.1 / (download) - annotate - [select for diffs], Tue Jan 20 08:17:09 2015 UTC (8 years, 10 months ago) by he
Branch: MAIN
Add radsecproxy version 1.6.6 to pkgsrc. radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. There is also experimental support for TCP and DTLS.