Up to [cvs.NetBSD.org] / pkgsrc / net / radsecproxy
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Update radsecproxy to version 1.10.0. Pkgsrc changes: * Only checksums. Upstream changes: 2023-05-26 1.10.0 New features: - Native dynamic discovery for NAPTR and SRV records (#2, #83) - Optionally log accounting requests when respoinding directly (#72) - SNI support for outgoing connections (#90) - Optionally specify server name for certificate name check (#106) - Manual MTU setting for DTLS on non-linux platforms Misc: - Don't require server type to be set by dyndisc scripts - Improve locating openssl lib using pkg-config Bug Fixes: - Fix radius message length handling 2023-05-02 1.9.3 Bug Fixes: - Fix shutdown TLS connection on malformed radius message (#122) - Fix handling of lost requests in DTLS - Fix flush requests when dyndisc fails
Update radsecproxy to version 1.9.2. Pkgsrc changes: * Only checksums. Upstream changes: 2023-01-23 1.9.2 Bug Fixes: - Fix potential segfault in tcp log message - Fix DTLS over IPv6 - Fix SSL shutdown/EOF for openssl 3.x (#108)
radsecproxy: use BLAKE2s
Update radsecproxy to version 1.9.1. Pkgsrc changes: * None. Upstream changes: 2021-10-25 1.9.1 Misc: - OpenSSL 3.0 compatibility (#70) Bug Fixes: - Fix refused startup with openssl <1.1 (#82) - Fix compiler issue for Fedora 33 on s390x (#84) - Fix small memory leak in config parser - Fix lazy certificate check when connecting to TLS servers - Fix connect is aborted if first host in list has invalid certificate - Fix setstacksize for glibc 2.34 (#91) - Fix system defaults/settings for TLS version not honored (#92)
net: Remove SHA1 hashes for distfiles
Update radsecproxy to version 1.9.0. Upstream changes: 2021-05-28 1.9.0 New features: - Accept multiple source* configs for IPv4/v6 - Specify source per server - User configurable cipher-list and ciphersuites - User configurable TLS versions - Config option for DH-file - Add rID and otherName options to certifcateAttributeCheck - Allow multiple matchCertificateAttribute - Option to start dynamic server in blocking mode Misc: - Move radsecproxy manpage to section 8 - Log CUI and operator-name if present - Log CN for incomming TLS connections Bug Fixes: - Fix overlapping log lines - Fix memory leak in logging - Fix dynidsc example scripts input validation (CVE-2021-32642) 2020-08-06 1.8.2 Bug fixes: - Fix wrong config-unhexing if %25 (%) occurs - Fix compatibility with GCC 10 (#63) - Fix spelling in manpage - Fix modifyVendorAttribute not applied (#62) - Fix unncessary status-server when in minimal mode (#61)
Fix ctype use. Bump revision.
Update radsecproxy to version 1.8.1. Pkgsrc changes: * None. Upstream changes: 2019-10-01 1.8.1 Bug fixes: - Handle Tunnel-Password attribute correctly - Fix BSD platform issues - Fix spelling in log messages and manpages - Fix compile issues for unit tests - Don't hardcode location of config files
Update radsecproxy to version 1.8.0. Pkgsrc changes: * The hosting of radsecproxy has changed to github.com. * Add dependency on nettle. * Update LICENSE, now only modified-bsd. * Use gmake to build to avoid a couple of warnings. * Relinquish exclusive maintainership. Upstream changes: 20190704 1.8.0 New features: - Rewrite: supplement attribute (add attribute if not present) (#19) - Rewrite: modify vendor attribute - Rewrite whitelist mode - Autodetect status-server capability of servers - Minimalistic status-server - Explicit SubjectAltName:DNS and :IP match on certificates Misc: - No longer require docbook2x tools, but include plain manpages - Fail on startup if overlapping clients with different tls blocks Compile fixes: - Fix compile issues on bsd Bug fixes: - Handle %00 in config correctly (#31) - Fix server selection when udp were unreachable for long periods 2018-09-03 1.7.2 Misc: - Always copy proxy-state attributes in own responses - Authenticate own access-reject responses - Retry outstanding requests after connection reset Compile fixes: - Fix compile issues on some platforms (#14) - Fix compile issue when dtls disabled (#16) - Fix compile issue on Cygwin (#18) - Fix radsecproxy.conf manpage not installed when docbook2x not available Bug fixes: - Fix request might be dropped if udp client uses multiple source ports - Fix tls output might drop requests under high load - Check for IP literals in Certificate SubjectAltName:DNS records - Fix tls connection might hang during SSL_connect and SSL_accept 2018-07-05 1.7.1 License and copyright changes: - Copyright SWITCH - 3-clause BSD license only, no GPL. Enhancements: - Support the use of OpenSSL version 1.1 and 1.0 series (RADSECPROXY-66, RADSECPROXY-74). - Reload TLS certificate CRLs on SIGHUP (RADSECPROXY-78). - Make use of SO_KEEPALIVE for tcp sockets (RADSECPROXY-12). - Optionally include the thread-id in log messages - Allow hashing MAC addresses in the log (same as for F-Ticks) - Log certificate subject if rejected - Log own responses (RADSECPROXY-61) - Allow f-ticks prefix to be configured - radsecproxy-hash: allow MAC addresses to be passed on command line Misc: - libnettle is now an unconditional dependency. - FTicks support is now on by default and not optional. - Experimental code for dynamic discovery has been removed. - Replace several server status bits with a single state enum. (RADSECPROXY-71) - Use poll instead of select to allow > 1000 concurrent connections. - Implement locking for all SSL objects (openssl states it is not thread-safe) - Rework DTLS code. Bug fixes: - Detect the presence of docbook2x-man correctly. - Make clang less unhappy. - Don't use a smaller pthread stack size than what's allowed. - Avoid a deadlock situation with dynamic servers (RADSECPROXY-73). - Don't forget about good dynamically discovered (TLS) connections (RADSECPROXY-69). - Fix refcounting in error cases when loading configuration (RADSECPROXY-42) - Fix potential crash when rewriting malformed vendor attributes. - Properly cleanup expired requests from server output-queue. - Fix crash when dynamic discovered server doesn't resolve.
Update radsecproxy to version 1.6.9. Pkgsrc changes: * The hosting of radsecproxy has changed to nordu.net. Upstream changes: 2017-08-02 1.6.9 Misc: - Use a listen(2) backlog of 128 (RADSECPROXY-72). Bug fixes: - Don't follow NULL the pointer at debug level 5 (RADSECPROXY-68). - Completely reload CAs and CRLs with cacheExpiry (RADSECPROXY-50). - Tie Access-Request log lines to response log lines (RADSECPROXY-60). - Fix a couple of memory leaks and NULL ptr derefs in error cases. - Take lock on realm refcount before updating it (RADSECPROXY-77). 2016-09-21 1.6.8 Bug fixes: - Stop waiting on writable when reading a TCP socket. - Stomp less on the memory of other threads (RADSECPROXY-64). 2016-03-14 1.6.7 Enhancements (security): - Negotiate TLS1.1, TLS1.2 and DTLS1.2 when possible, client and server side. Fixes RADSECPROXY-62. Enhancements: - Build HTML documentation properly.
Add SHA512 digests for distfiles for net category Problems found with existing digests: Package haproxy distfile haproxy-1.5.14.tar.gz 159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded] da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated] Problems found locating distfiles: Package bsddip: missing distfile bsddip-1.02.tar.Z Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2 Package djbdns: missing distfile djbdns-cachestats.patch Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch Package gated: missing distfile gated-3-5-11.tar.gz Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz Package poink: missing distfile poink-1.6.tar.gz Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch Package waste: missing distfile waste-source.tar.gz Otherwise, existing SHA1 digests verified and found to be the same on the machine holding the existing distfiles (morden). All existing SHA1 digests retained for now as an audit trail.
Add radsecproxy version 1.6.6 to pkgsrc. radsecproxy is a generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports. There is also experimental support for TCP and DTLS.