From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] freeradius: Update to version 3.2.5
Date: Mon, 12 Aug 2024 17:37:59 +0200 [thread overview]
Message-ID: <20240812153808.3944396-5-adolf.belka@ipfire.org> (raw)
In-Reply-To: <20240812153808.3944396-1-adolf.belka@ipfire.org>
[-- Attachment #1: Type: text/plain, Size: 12786 bytes --]
- Update from version 3.2.3 to 3.2.5
- Update of rootfile
- Various options removed from ./configure as they are all unrecognised and don't have
any effect. Most of them look to have been related to freeradius-1.x
- There is no command that gets recognised for disabling or not using static libs
- Changelog
3.2.5
Feature Improvements
TOTP now supports TOTP-Time-Offset for tokens with times that are out of sync.
See mods-available/totp.
radclient now supports forcing the Request Authenticator and ID for
Access-Request packets.
Update dictionary.3gpp.
Update advice on shared secrets, including suggesting a secure method for
generating useful secrets.
Bug Fixes
Allow proxying by pool / home server name to work with auth+acct servers.
Fix OpenSSL API usage which sometimes caused crash in MS-CHAP Previously it
would either always crash immediately, or never crash.
Fix packet statistics. Stop double counting some packets, and track packet
statistics even if a socket is closed.
Reverted patch in TTLS which broke compatibility with some systems.
Don't crash in debug mode when multiple intermediate certs are used Patch
from Alexander Chernikov.
3.2.4
Feature Improvements
Preliminary support for TEAP.
Update EAP module pre_proxy checks to make them less restrictive This
prevents the "middle box" effect from affecting future traffic.
Many fixes and updates for Docker images.
Add dpsk module. See mods-available/dpsk.
Print out what cause the TLS operations to be made, such as the EAP method
name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket.
Add auto_escape to sample SQL module config.
Add 'if not exists' to mysql create table queries. ref #5032 (#5137).
Update dictionary.aruba; add dictionary.tplink, dictionary.alphion.
Allow for 'encrypt=1' attributes to be longer than 128 characters.
Added "radsecret" program which generates strong secrets. See the top of the
"clients.conf" file for more information.
radclient now prints packets as hex when using -xxx.
Added "-t timeout" to radsniff. It will stop processing packets after
<timeout> seconds.
Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF.
The detail module now has a "dates_as_integer" configuration item See
mods-available/detail for more information.
Add lookback/lookforward steps and more configuration to totp. See
mods-available/totp.
Add "time_since" xlat to calculate elapsed time in seconds, milliseconds and
microseconds.
Support "Post-Auth-Type Challenge" in the inner tunnel. Patch from Alexander
Clouter. PR #5320.
Add "proxy_dedup_window". See radiusd.conf.
Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf.
Add "dedup_key" for misbehaving supplicants. See mods-available/eap.
Bug Fixes
Fix corner case with empty defaults in rlm_files. Fixes #5035.
When we have multiple attributes of the same name, always use the canonical
attribute.
Make FreeRADIUS-Server-EMA* attributes work again for home server exponential
moving average statistics.
Don't send the global server stats when asked for client stats. They use the
same attributes, so the result is confusing.
Fix multiple typos in MongoDB query.conf (#5130).
Add define for illumos. Fixes #5135.
Add client configuration for TLS PSK.
Permit originate CoA after proxying to an internal virtual server.
Use virtual server "default" when passed "-i" and "-p" on the command line.
Fix locking issues with rlm_python3.
The detail file reader will catch bad times in the file, and will not update
Acct-Delay-Time with extreme values.
Fix issue where Message-Authenticator was calculated incorrectly for
CoA / Disconnect ACK and NAK packets.
Update Python thread and error handling. Fixes #5208.
Fix handling of Session-State when proxying. Fixes #5288.
Run relevant post-proxy Fail-* section on CoA / Disconnect timeout.
Add "limit" section to AWS health check configurtion. Fixes 35300.
Use MAX in sqlite queries instead of GREATEST.
Fix typo in Mongo queries. Fixes #5301.
Fix occasional crash with bad home servers. Fixes #5308.
Minor bug fixes to the SQL freetds modules.
Fix blocking issue with RADIUS/TLS connection checks.
Fix run-time crash on configuration typos of %{substr ...} instead of
%{substr:...} Fixes #5321.
Fix crash with TLS Status-Server requests. Fixes #5326.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
config/rootfiles/packages/freeradius | 37 ++++++++++++++++++++++++++++
lfs/freeradius | 17 +++----------
2 files changed, 40 insertions(+), 14 deletions(-)
diff --git a/config/rootfiles/packages/freeradius b/config/rootfiles/packages/freeradius
index 899bfa139..24e2edf22 100644
--- a/config/rootfiles/packages/freeradius
+++ b/config/rootfiles/packages/freeradius
@@ -9,6 +9,8 @@ etc/raddb
#etc/raddb/certs/client.cnf
#etc/raddb/certs/inner-server.cnf
#etc/raddb/certs/passwords.mk
+#etc/raddb/certs/realms
+#etc/raddb/certs/realms/README.md
#etc/raddb/certs/server.cnf
#etc/raddb/certs/xpextensions
#etc/raddb/clients.conf
@@ -34,6 +36,7 @@ etc/raddb
#etc/raddb/mods-available/dhcp_sql
#etc/raddb/mods-available/dhcp_sqlippool
#etc/raddb/mods-available/digest
+#etc/raddb/mods-available/dpsk
#etc/raddb/mods-available/dynamic_clients
#etc/raddb/mods-available/eap
#etc/raddb/mods-available/echo
@@ -325,6 +328,7 @@ usr/bin/radclient
usr/bin/radcrypt
usr/bin/radeapclient
usr/bin/radlast
+usr/bin/radsecret
usr/bin/radsniff
usr/bin/radsqlrelay
usr/bin/radtest
@@ -453,6 +457,9 @@ usr/lib/freeradius/rlm_dhcp.so
#usr/lib/freeradius/rlm_digest.a
#usr/lib/freeradius/rlm_digest.la
usr/lib/freeradius/rlm_digest.so
+#usr/lib/freeradius/rlm_dpsk.a
+#usr/lib/freeradius/rlm_dpsk.la
+usr/lib/freeradius/rlm_dpsk.so
#usr/lib/freeradius/rlm_dynamic_clients.a
#usr/lib/freeradius/rlm_dynamic_clients.la
usr/lib/freeradius/rlm_dynamic_clients.so
@@ -480,6 +487,9 @@ usr/lib/freeradius/rlm_eap_pwd.so
#usr/lib/freeradius/rlm_eap_sim.a
#usr/lib/freeradius/rlm_eap_sim.la
usr/lib/freeradius/rlm_eap_sim.so
+#usr/lib/freeradius/rlm_eap_teap.a
+#usr/lib/freeradius/rlm_eap_teap.la
+usr/lib/freeradius/rlm_eap_teap.so
#usr/lib/freeradius/rlm_eap_tls.a
#usr/lib/freeradius/rlm_eap_tls.la
usr/lib/freeradius/rlm_eap_tls.so
@@ -614,10 +624,31 @@ usr/sbin/radmin
#usr/share/doc/freeradius/antora/modules/ROOT/pages
#usr/share/doc/freeradius/antora/modules/ROOT/pages/directories.adoc
#usr/share/doc/freeradius/antora/modules/ROOT/pages/index.adoc
+#usr/share/doc/freeradius/antora/modules/concepts
+#usr/share/doc/freeradius/antora/modules/concepts/nav.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages
+#usr/share/doc/freeradius/antora/modules/concepts/pages/aaa.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/index.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/modules
+#usr/share/doc/freeradius/antora/modules/concepts/pages/modules/ldap
+#usr/share/doc/freeradius/antora/modules/concepts/pages/modules/ldap/authentication.adoc
+#usr/share/doc/freeradius/antora/modules/developers
+#usr/share/doc/freeradius/antora/modules/developers/nav.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages
+#usr/share/doc/freeradius/antora/modules/developers/pages/bugs.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages/coding-methods.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages/contributing.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages/coverage.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages/index.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages/profile.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages/release-method.adoc
#usr/share/doc/freeradius/antora/modules/howto
#usr/share/doc/freeradius/antora/modules/howto/nav.adoc
#usr/share/doc/freeradius/antora/modules/howto/pages
#usr/share/doc/freeradius/antora/modules/howto/pages/index.adoc
+#usr/share/doc/freeradius/antora/modules/howto/pages/monitoring
+#usr/share/doc/freeradius/antora/modules/howto/pages/monitoring/index.adoc
+#usr/share/doc/freeradius/antora/modules/howto/pages/monitoring/statistics.adoc
#usr/share/doc/freeradius/antora/modules/howto/pages/protocols
#usr/share/doc/freeradius/antora/modules/howto/pages/protocols/dhcp
#usr/share/doc/freeradius/antora/modules/howto/pages/protocols/dhcp/enable.adoc
@@ -638,6 +669,7 @@ usr/sbin/radmin
#usr/share/doc/freeradius/antora/modules/howto/pages/protocols/proxy/radsec_client.adoc
#usr/share/doc/freeradius/antora/modules/howto/pages/protocols/proxy/radsec_with_haproxy.adoc
#usr/share/doc/freeradius/antora/modules/howto/pages/protocols/proxy/radsec_with_traefik.adoc
+#usr/share/doc/freeradius/antora/modules/howto/pages/simultaneous_use.adoc
#usr/share/doc/freeradius/antora/modules/installation
#usr/share/doc/freeradius/antora/modules/installation/nav.adoc
#usr/share/doc/freeradius/antora/modules/installation/pages
@@ -873,6 +905,7 @@ usr/share/freeradius
#usr/share/freeradius/dictionary.alcatel-lucent.aaa
#usr/share/freeradius/dictionary.alcatel.esam
#usr/share/freeradius/dictionary.alcatel.sr
+#usr/share/freeradius/dictionary.alphion
#usr/share/freeradius/dictionary.alteon
#usr/share/freeradius/dictionary.altiga
#usr/share/freeradius/dictionary.alvarion
@@ -914,6 +947,7 @@ usr/share/freeradius
#usr/share/freeradius/dictionary.cisco.vpn3000
#usr/share/freeradius/dictionary.cisco.vpn5000
#usr/share/freeradius/dictionary.citrix
+#usr/share/freeradius/dictionary.ckey
#usr/share/freeradius/dictionary.clavister
#usr/share/freeradius/dictionary.cnergee
#usr/share/freeradius/dictionary.colubris
@@ -997,6 +1031,7 @@ usr/share/freeradius
#usr/share/freeradius/dictionary.nortel
#usr/share/freeradius/dictionary.ntua
#usr/share/freeradius/dictionary.openser
+#usr/share/freeradius/dictionary.openwifi
#usr/share/freeradius/dictionary.packeteer
#usr/share/freeradius/dictionary.paloalto
#usr/share/freeradius/dictionary.patton
@@ -1056,6 +1091,7 @@ usr/share/freeradius
#usr/share/freeradius/dictionary.shiva
#usr/share/freeradius/dictionary.siemens
#usr/share/freeradius/dictionary.slipstream
+#usr/share/freeradius/dictionary.smartsharesystems
#usr/share/freeradius/dictionary.sofaware
#usr/share/freeradius/dictionary.softbank
#usr/share/freeradius/dictionary.sonicwall
@@ -1069,6 +1105,7 @@ usr/share/freeradius
#usr/share/freeradius/dictionary.telkom
#usr/share/freeradius/dictionary.telrad
#usr/share/freeradius/dictionary.terena
+#usr/share/freeradius/dictionary.tplink
#usr/share/freeradius/dictionary.trapeze
#usr/share/freeradius/dictionary.travelping
#usr/share/freeradius/dictionary.tripplite
diff --git a/lfs/freeradius b/lfs/freeradius
index df59bd63b..7136dc3e1 100644
--- a/lfs/freeradius
+++ b/lfs/freeradius
@@ -26,7 +26,7 @@ include Config
SUMMARY = RADIUS Server
-VER = 3.2.3
+VER = 3.2.5
THISAPP = freeradius-server-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = freeradius
-PAK_VER = 20
+PAK_VER = 21
DEPS = libtalloc samba
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 525204331a5b123dac7457c6adb755cbe9794dbff4a536ea665fc7d1cac97553e392b7b598741c2a9dd00c81decd00608499d6f25208e389b9f213f54977de84
+$(DL_FILE)_BLAKE2 = 169dccd6f04b4503869912dec9423279cc18fc22fa3babf324747bdf0d80d3b4fa5460ac07f89f8d845bf664283a9772b483b8fcec990364fcaf71b673b6917c
install : $(TARGET)
@@ -89,19 +89,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--sysconfdir=/etc \
--libdir=/usr/lib/freeradius \
--localstatedir=/var \
- --with-system-libtool \
--with-threads \
- --with-thread-pool \
- --disable-ltdl-install \
--disable-openssl-version-check \
- --without-rlm_eap_ikev2 \
- --without-rlm_sql_iodbc \
- --without-rlm_sql_firebird \
- --without-rlm_sql_db2 \
- --without-rlm_sql_oracle \
- --without-rlm_sql_sqlite \
- --without-rlm_sql_mysql \
- --without-rlm_python \
LDFLAGS="$(LDFLAGS)"
cd $(DIR_APP) && make $(MAKETUNING)
--
2.46.0
next prev parent reply other threads:[~2024-08-12 15:37 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-12 15:37 [PATCH] bwm-ng: Update to version 0.6.3 Adolf Belka
2024-08-12 15:37 ` [PATCH] cups: Update to version 2.4.10 Adolf Belka
2024-08-12 15:37 ` [PATCH] fetchmail: Update to version 6.4.39 Adolf Belka
2024-08-12 15:37 ` [PATCH] fping: Update to version 5.2 Adolf Belka
2024-08-12 15:37 ` Adolf Belka [this message]
2024-08-12 15:38 ` [PATCH] frr: Update to version 10.1 Adolf Belka
2024-08-12 15:38 ` [PATCH] haproxy: Update to version 3.0.3 Adolf Belka
2024-08-12 15:38 ` [PATCH] hplip: Update to version 3.24.4 Adolf Belka
2024-08-12 15:38 ` [PATCH] iperf: Update to version 2.2.0 Adolf Belka
2024-08-12 15:38 ` [PATCH] keepalived: Update to version 2.3.1 Adolf Belka
2024-08-12 15:38 ` [PATCH] ncat: Update to version 7.95 Adolf Belka
2024-08-12 15:38 ` [PATCH] nmap: " Adolf Belka
2024-08-12 15:38 ` [PATCH] pmacct: Update to version 1.7.9 Adolf Belka
2024-08-12 15:38 ` [PATCH] stunnel: Update to version 5.72 Adolf Belka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240812153808.3944396-5-adolf.belka@ipfire.org \
--to=adolf.belka@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox