From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] freeradius: Update to version 3.2.5 Date: Mon, 12 Aug 2024 17:37:59 +0200 Message-ID: <20240812153808.3944396-5-adolf.belka@ipfire.org> In-Reply-To: <20240812153808.3944396-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0993106582889541820==" List-Id: --===============0993106582889541820== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable - Update from version 3.2.3 to 3.2.5 - Update of rootfile - Various options removed from ./configure as they are all unrecognised and d= on't have any effect. Most of them look to have been related to freeradius-1.x - There is no command that gets recognised for disabling or not using static = libs - Changelog 3.2.5 Feature Improvements TOTP now supports TOTP-Time-Offset for tokens with times that are out of= sync. See mods-available/totp. radclient now supports forcing the Request Authenticator and ID for Access-Request packets. Update dictionary.3gpp. Update advice on shared secrets, including suggesting a secure method for generating useful secrets. Bug Fixes Allow proxying by pool / home server name to work with auth+acct servers. Fix OpenSSL API usage which sometimes caused crash in MS-CHAP Previously= it would either always crash immediately, or never crash. Fix packet statistics. Stop double counting some packets, and track pack= et statistics even if a socket is closed. Reverted patch in TTLS which broke compatibility with some systems. Don't crash in debug mode when multiple intermediate certs are used Patch from Alexander Chernikov. 3.2.4 Feature Improvements Preliminary support for TEAP. Update EAP module pre_proxy checks to make them less restrictive This prevents the "middle box" effect from affecting future traffic. Many fixes and updates for Docker images. Add dpsk module. See mods-available/dpsk. Print out what cause the TLS operations to be made, such as the EAP meth= od name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket. Add auto_escape to sample SQL module config. Add 'if not exists' to mysql create table queries. ref #5032 (#5137). Update dictionary.aruba; add dictionary.tplink, dictionary.alphion. Allow for 'encrypt=3D1' attributes to be longer than 128 characters. Added "radsecret" program which generates strong secrets. See the top of= the "clients.conf" file for more information. radclient now prints packets as hex when using -xxx. Added "-t timeout" to radsniff. It will stop processing packets after seconds. Support "interface =3D ..." on OSX and other *BSD which have IP_BOUND_IF. The detail module now has a "dates_as_integer" configuration item See mods-available/detail for more information. Add lookback/lookforward steps and more configuration to totp. See mods-available/totp. Add "time_since" xlat to calculate elapsed time in seconds, milliseconds= and microseconds. Support "Post-Auth-Type Challenge" in the inner tunnel. Patch from Alexa= nder Clouter. PR #5320. Add "proxy_dedup_window". See radiusd.conf. Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf. Add "dedup_key" for misbehaving supplicants. See mods-available/eap. Bug Fixes Fix corner case with empty defaults in rlm_files. Fixes #5035. When we have multiple attributes of the same name, always use the canoni= cal attribute. Make FreeRADIUS-Server-EMA* attributes work again for home server expone= ntial moving average statistics. Don't send the global server stats when asked for client stats. They use= the same attributes, so the result is confusing. Fix multiple typos in MongoDB query.conf (#5130). Add define for illumos. Fixes #5135. Add client configuration for TLS PSK. Permit originate CoA after proxying to an internal virtual server. Use virtual server "default" when passed "-i" and "-p" on the command li= ne. Fix locking issues with rlm_python3. The detail file reader will catch bad times in the file, and will not up= date Acct-Delay-Time with extreme values. Fix issue where Message-Authenticator was calculated incorrectly for CoA / Disconnect ACK and NAK packets. Update Python thread and error handling. Fixes #5208. Fix handling of Session-State when proxying. Fixes #5288. Run relevant post-proxy Fail-* section on CoA / Disconnect timeout. Add "limit" section to AWS health check configurtion. Fixes 35300. Use MAX in sqlite queries instead of GREATEST. Fix typo in Mongo queries. Fixes #5301. Fix occasional crash with bad home servers. Fixes #5308. Minor bug fixes to the SQL freetds modules. Fix blocking issue with RADIUS/TLS connection checks. Fix run-time crash on configuration typos of %{substr ...} instead of %{substr:...} Fixes #5321. Fix crash with TLS Status-Server requests. Fixes #5326. Signed-off-by: Adolf Belka --- config/rootfiles/packages/freeradius | 37 ++++++++++++++++++++++++++++ lfs/freeradius | 17 +++---------- 2 files changed, 40 insertions(+), 14 deletions(-) diff --git a/config/rootfiles/packages/freeradius b/config/rootfiles/packages= /freeradius index 899bfa139..24e2edf22 100644 --- a/config/rootfiles/packages/freeradius +++ b/config/rootfiles/packages/freeradius @@ -9,6 +9,8 @@ etc/raddb #etc/raddb/certs/client.cnf #etc/raddb/certs/inner-server.cnf #etc/raddb/certs/passwords.mk +#etc/raddb/certs/realms +#etc/raddb/certs/realms/README.md #etc/raddb/certs/server.cnf #etc/raddb/certs/xpextensions #etc/raddb/clients.conf @@ -34,6 +36,7 @@ etc/raddb #etc/raddb/mods-available/dhcp_sql #etc/raddb/mods-available/dhcp_sqlippool #etc/raddb/mods-available/digest +#etc/raddb/mods-available/dpsk #etc/raddb/mods-available/dynamic_clients #etc/raddb/mods-available/eap #etc/raddb/mods-available/echo @@ -325,6 +328,7 @@ usr/bin/radclient usr/bin/radcrypt usr/bin/radeapclient usr/bin/radlast +usr/bin/radsecret usr/bin/radsniff usr/bin/radsqlrelay usr/bin/radtest @@ -453,6 +457,9 @@ usr/lib/freeradius/rlm_dhcp.so #usr/lib/freeradius/rlm_digest.a #usr/lib/freeradius/rlm_digest.la usr/lib/freeradius/rlm_digest.so +#usr/lib/freeradius/rlm_dpsk.a +#usr/lib/freeradius/rlm_dpsk.la +usr/lib/freeradius/rlm_dpsk.so #usr/lib/freeradius/rlm_dynamic_clients.a #usr/lib/freeradius/rlm_dynamic_clients.la usr/lib/freeradius/rlm_dynamic_clients.so @@ -480,6 +487,9 @@ usr/lib/freeradius/rlm_eap_pwd.so #usr/lib/freeradius/rlm_eap_sim.a #usr/lib/freeradius/rlm_eap_sim.la usr/lib/freeradius/rlm_eap_sim.so +#usr/lib/freeradius/rlm_eap_teap.a +#usr/lib/freeradius/rlm_eap_teap.la +usr/lib/freeradius/rlm_eap_teap.so #usr/lib/freeradius/rlm_eap_tls.a #usr/lib/freeradius/rlm_eap_tls.la usr/lib/freeradius/rlm_eap_tls.so @@ -614,10 +624,31 @@ usr/sbin/radmin #usr/share/doc/freeradius/antora/modules/ROOT/pages #usr/share/doc/freeradius/antora/modules/ROOT/pages/directories.adoc #usr/share/doc/freeradius/antora/modules/ROOT/pages/index.adoc +#usr/share/doc/freeradius/antora/modules/concepts +#usr/share/doc/freeradius/antora/modules/concepts/nav.adoc +#usr/share/doc/freeradius/antora/modules/concepts/pages +#usr/share/doc/freeradius/antora/modules/concepts/pages/aaa.adoc +#usr/share/doc/freeradius/antora/modules/concepts/pages/index.adoc +#usr/share/doc/freeradius/antora/modules/concepts/pages/modules +#usr/share/doc/freeradius/antora/modules/concepts/pages/modules/ldap +#usr/share/doc/freeradius/antora/modules/concepts/pages/modules/ldap/authent= ication.adoc +#usr/share/doc/freeradius/antora/modules/developers +#usr/share/doc/freeradius/antora/modules/developers/nav.adoc +#usr/share/doc/freeradius/antora/modules/developers/pages +#usr/share/doc/freeradius/antora/modules/developers/pages/bugs.adoc +#usr/share/doc/freeradius/antora/modules/developers/pages/coding-methods.adoc +#usr/share/doc/freeradius/antora/modules/developers/pages/contributing.adoc +#usr/share/doc/freeradius/antora/modules/developers/pages/coverage.adoc +#usr/share/doc/freeradius/antora/modules/developers/pages/index.adoc +#usr/share/doc/freeradius/antora/modules/developers/pages/profile.adoc +#usr/share/doc/freeradius/antora/modules/developers/pages/release-method.adoc #usr/share/doc/freeradius/antora/modules/howto #usr/share/doc/freeradius/antora/modules/howto/nav.adoc #usr/share/doc/freeradius/antora/modules/howto/pages #usr/share/doc/freeradius/antora/modules/howto/pages/index.adoc +#usr/share/doc/freeradius/antora/modules/howto/pages/monitoring +#usr/share/doc/freeradius/antora/modules/howto/pages/monitoring/index.adoc +#usr/share/doc/freeradius/antora/modules/howto/pages/monitoring/statistics.a= doc #usr/share/doc/freeradius/antora/modules/howto/pages/protocols #usr/share/doc/freeradius/antora/modules/howto/pages/protocols/dhcp #usr/share/doc/freeradius/antora/modules/howto/pages/protocols/dhcp/enable.a= doc @@ -638,6 +669,7 @@ usr/sbin/radmin #usr/share/doc/freeradius/antora/modules/howto/pages/protocols/proxy/radsec_= client.adoc #usr/share/doc/freeradius/antora/modules/howto/pages/protocols/proxy/radsec_= with_haproxy.adoc #usr/share/doc/freeradius/antora/modules/howto/pages/protocols/proxy/radsec_= with_traefik.adoc +#usr/share/doc/freeradius/antora/modules/howto/pages/simultaneous_use.adoc #usr/share/doc/freeradius/antora/modules/installation #usr/share/doc/freeradius/antora/modules/installation/nav.adoc #usr/share/doc/freeradius/antora/modules/installation/pages @@ -873,6 +905,7 @@ usr/share/freeradius #usr/share/freeradius/dictionary.alcatel-lucent.aaa #usr/share/freeradius/dictionary.alcatel.esam #usr/share/freeradius/dictionary.alcatel.sr +#usr/share/freeradius/dictionary.alphion #usr/share/freeradius/dictionary.alteon #usr/share/freeradius/dictionary.altiga #usr/share/freeradius/dictionary.alvarion @@ -914,6 +947,7 @@ usr/share/freeradius #usr/share/freeradius/dictionary.cisco.vpn3000 #usr/share/freeradius/dictionary.cisco.vpn5000 #usr/share/freeradius/dictionary.citrix +#usr/share/freeradius/dictionary.ckey #usr/share/freeradius/dictionary.clavister #usr/share/freeradius/dictionary.cnergee #usr/share/freeradius/dictionary.colubris @@ -997,6 +1031,7 @@ usr/share/freeradius #usr/share/freeradius/dictionary.nortel #usr/share/freeradius/dictionary.ntua #usr/share/freeradius/dictionary.openser +#usr/share/freeradius/dictionary.openwifi #usr/share/freeradius/dictionary.packeteer #usr/share/freeradius/dictionary.paloalto #usr/share/freeradius/dictionary.patton @@ -1056,6 +1091,7 @@ usr/share/freeradius #usr/share/freeradius/dictionary.shiva #usr/share/freeradius/dictionary.siemens #usr/share/freeradius/dictionary.slipstream +#usr/share/freeradius/dictionary.smartsharesystems #usr/share/freeradius/dictionary.sofaware #usr/share/freeradius/dictionary.softbank #usr/share/freeradius/dictionary.sonicwall @@ -1069,6 +1105,7 @@ usr/share/freeradius #usr/share/freeradius/dictionary.telkom #usr/share/freeradius/dictionary.telrad #usr/share/freeradius/dictionary.terena +#usr/share/freeradius/dictionary.tplink #usr/share/freeradius/dictionary.trapeze #usr/share/freeradius/dictionary.travelping #usr/share/freeradius/dictionary.tripplite diff --git a/lfs/freeradius b/lfs/freeradius index df59bd63b..7136dc3e1 100644 --- a/lfs/freeradius +++ b/lfs/freeradius @@ -26,7 +26,7 @@ include Config =20 SUMMARY =3D RADIUS Server =20 -VER =3D 3.2.3 +VER =3D 3.2.5 =20 THISAPP =3D freeradius-server-$(VER) DL_FILE =3D $(THISAPP).tar.bz2 @@ -34,7 +34,7 @@ DL_FROM =3D $(URL_IPFIRE) DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) PROG =3D freeradius -PAK_VER =3D 20 +PAK_VER =3D 21 =20 DEPS =3D libtalloc samba =20 @@ -48,7 +48,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_BLAKE2 =3D 525204331a5b123dac7457c6adb755cbe9794dbff4a536ea665fc7= d1cac97553e392b7b598741c2a9dd00c81decd00608499d6f25208e389b9f213f54977de84 +$(DL_FILE)_BLAKE2 =3D 169dccd6f04b4503869912dec9423279cc18fc22fa3babf324747b= df0d80d3b4fa5460ac07f89f8d845bf664283a9772b483b8fcec990364fcaf71b673b6917c =20 install : $(TARGET) =20 @@ -89,19 +89,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --sysconfdir=3D/etc \ --libdir=3D/usr/lib/freeradius \ --localstatedir=3D/var \ - --with-system-libtool \ --with-threads \ - --with-thread-pool \ - --disable-ltdl-install \ --disable-openssl-version-check \ - --without-rlm_eap_ikev2 \ - --without-rlm_sql_iodbc \ - --without-rlm_sql_firebird \ - --without-rlm_sql_db2 \ - --without-rlm_sql_oracle \ - --without-rlm_sql_sqlite \ - --without-rlm_sql_mysql \ - --without-rlm_python \ LDFLAGS=3D"$(LDFLAGS)" =20 cd $(DIR_APP) && make $(MAKETUNING) --=20 2.46.0 --===============0993106582889541820==--