[PATCH] freeradius: Update to version 3.2.8

public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed

From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Cc: Adolf Belka <adolf.belka@ipfire.org>
Subject: [PATCH] freeradius: Update to version 3.2.8
Date: Wed, 21 Jan 2026 14:38:57 +0100	[thread overview]
Message-ID: <20260121133907.3552584-7-adolf.belka@ipfire.org> (raw)
In-Reply-To: <20260121133907.3552584-1-adolf.belka@ipfire.org>

- Update from version 3.2.7 to 3.2.8
- Update of rootfile
- The 3.2.8 version shgould also fix the incompatibility with openssl > 3.5.1
- Changelog
    3.2.8
	Feature Improvements
	    Add support for automated fuzzing. This doesn't affect normal operations,
		but it does allow for testing of the RADIUS decoder.
	    Allow tagged attributes to use ":V" as a tag in some cases The tag is then
		read from the value which is being assigned to the attribute. This
		functionality is allowed in 'update' sections, including 'update' in
		module configurations See mods-available/ldap for an example.
	    Add kafka module. See mods-available/kafka.
	    Allow &control:Packet-SRC-IP-Address to be used when proxying needs a
		given source address.
	    Change lower limit for reject_delay to 0.5s. Apparently some NASes will
		panic and go crazy with a 1s reject_delay.
	    Rate limit complaints when limiting new connections.
	    Update raddb/certs/Makefile to support DER output.
	    Elapsed statistics for packets do not include proxy timers, which helps
		clarify where any issues are. The total time is still available by
		adding "our" time to the "proxy" time.
	    Added kafka module. See mods-available/kafka.
	    json module can now print dates as integers See mods-available/json.
	    The debug output now points to the online documentation in many cases,
		when there are syntax errors in the configuration.
	    Add support for 389ds password hashes. Patch from Gerald Vogt.
	    reject_delay does not _add_ a delay, but instead ensures that the reject
		is delayed for _at least_ that time. This change means that
		reject_delay can be set in more situations, including for proxies.
	    Add delay_proxy_rejects. By default, proxied rejects are not delayed.
		Setting this flag means that reject_delay is applied to proxied
		rejects, too.
	    The proxy_rate_limit module can now be listed in the "authorize" section.
	    Update dpsk module to be faster, and be easier to configure with
		databases. See mods-available/dpsk.
	Bug Fixes
	    Move assertion in thread / queue code, which only affects debug builds.
		Fixes #5512.
	    Update CRL checks to avoid crash in some cases. Fixes #5515.
	    More tweaks to the TEAP code.
	    Allow building when OpenSSL is missing PSK. Fixes #5520.
	    Move assertion so that it isn't triggered when the incoming queue is full,
		and the server is blocked. Fixes #5512.
	    Fix crash when multiple certs are used along with CRL distribution points.
		Fixes #5515.
	    Fix typo in rlm_cache which could cause crashes. Fixes #5522.
	    Be more forgiving about '%' in strings. Fixes #5525.
	    Move assertion in threading code.
	    Fixes to interaction with python interpreter.
	    Don't crash when setting client hostname in RADIUS/TLS Fixes #5552.
	    Ignore ".dpkg*" and ".rpm*" files when loading configuration directories.
		Package managers can leave these around.
	    Complain more loudly if all of the "authorize" etc. sections have been
		removed, but the server is still configured to process Access-Request
		packets.
	    Use OCIStmtPrepare2 to prepare Oracle queries. Fixes #5540.
	    Allow dynamic clients with TCP listeners.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/packages/freeradius | 107 ++++++++++++++++++++++++++-
 lfs/freeradius                       |   8 +-
 2 files changed, 110 insertions(+), 5 deletions(-)

diff --git a/config/rootfiles/packages/freeradius b/config/rootfiles/packages/freeradius
index d69783b4f..411769253 100644
--- a/config/rootfiles/packages/freeradius
+++ b/config/rootfiles/packages/freeradius
@@ -49,6 +49,8 @@ etc/raddb
 #etc/raddb/mods-available/inner-eap
 #etc/raddb/mods-available/ippool
 #etc/raddb/mods-available/json
+#etc/raddb/mods-available/kafka
+#etc/raddb/mods-available/kafka_async
 #etc/raddb/mods-available/krb5
 #etc/raddb/mods-available/ldap
 #etc/raddb/mods-available/ldap_google
@@ -103,6 +105,8 @@ etc/raddb
 #etc/raddb/mods-config/files/authorize
 #etc/raddb/mods-config/files/dhcp
 #etc/raddb/mods-config/files/pre-proxy
+#etc/raddb/mods-config/kafka
+#etc/raddb/mods-config/kafka/messages-json.conf
 #etc/raddb/mods-config/perl
 #etc/raddb/mods-config/perl/example.pl
 #etc/raddb/mods-config/preprocess
@@ -633,14 +637,46 @@ usr/sbin/radmin
 #usr/share/doc/freeradius/antora/modules/ROOT/pages/directories.adoc
 #usr/share/doc/freeradius/antora/modules/ROOT/pages/index.adoc
 #usr/share/doc/freeradius/antora/modules/ROOT/pages/radiusd_x.adoc
+#usr/share/doc/freeradius/antora/modules/ROOT/partials
+#usr/share/doc/freeradius/antora/modules/ROOT/partials/externaldoc.adoc
+#usr/share/doc/freeradius/antora/modules/ROOT/partials/mailinglist.adoc
 #usr/share/doc/freeradius/antora/modules/concepts
+#usr/share/doc/freeradius/antora/modules/concepts/images
+#usr/share/doc/freeradius/antora/modules/concepts/images/request_flow.svg
 #usr/share/doc/freeradius/antora/modules/concepts/nav.adoc
 #usr/share/doc/freeradius/antora/modules/concepts/pages
+#usr/share/doc/freeradius/antora/modules/concepts/pages/aaa
 #usr/share/doc/freeradius/antora/modules/concepts/pages/aaa.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/aaa/aaa.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/aaa/acct.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/aaa/authn.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/aaa/authz.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/components
+#usr/share/doc/freeradius/antora/modules/concepts/pages/components/architecture.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/components/datastore.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/components/nas.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/components/policy.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/components/radius.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/components/radius_servers.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/freeradius.adoc
 #usr/share/doc/freeradius/antora/modules/concepts/pages/index.adoc
 #usr/share/doc/freeradius/antora/modules/concepts/pages/modules
 #usr/share/doc/freeradius/antora/modules/concepts/pages/modules/ldap
 #usr/share/doc/freeradius/antora/modules/concepts/pages/modules/ldap/authentication.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/modules/ldap/ldap_authentication.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/modules/ldap/novell.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/modules/ldap/password_storage.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/overview.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/protocol
+#usr/share/doc/freeradius/antora/modules/concepts/pages/protocol/authproto.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/protocol/peap.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/protocol/wep.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/protocol/wpa.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/resources.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/session
+#usr/share/doc/freeradius/antora/modules/concepts/pages/session/processing.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/session/radius_session.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/session/radius_session_msg.adoc
 #usr/share/doc/freeradius/antora/modules/developers
 #usr/share/doc/freeradius/antora/modules/developers/nav.adoc
 #usr/share/doc/freeradius/antora/modules/developers/pages
@@ -687,6 +723,75 @@ usr/sbin/radmin
 #usr/share/doc/freeradius/antora/modules/installation/pages/packages.adoc
 #usr/share/doc/freeradius/antora/modules/installation/pages/source.adoc
 #usr/share/doc/freeradius/antora/modules/installation/pages/upgrade.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials
+#usr/share/doc/freeradius/antora/modules/tutorials/assets
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/SAVE.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/access-challenge.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/access-request-proxy.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/access-request.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/accounting-request-proxy.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/accounting-request.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/asciifull.gif
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/dispatcher.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/dual_nas_backup_server.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/dual_nas_backup_server_failover.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/dual_nas_backup_server_redundancy.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/dual_nas_load_balance.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/eap-md5.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/eap-ttls.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/login.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/login_net_access.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/login_ok.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/nas_backup_server.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/nas_backup_server_failover.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/peap_packet.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/proxy.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/proxy_backup_server.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/proxy_load_balance.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/radius_packet.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/request_files.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/request_handoff.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/request_processing.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/request_receive.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/server_schematic.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/assets/images/ttls_packet.svg
+#usr/share/doc/freeradius/antora/modules/tutorials/nav.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/accounting.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/autz-type.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/dictionary.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/dynamic-translation.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/eap-md5.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/eap-peap.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/eap-tls.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/eap-ttls.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/failover.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/final_group_project.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/matching_users.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/module_fail_over.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/multiple_modules.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/new_client.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/new_user.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/prepaid.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/proxy.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/proxy_failover.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/proxy_load_balance.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/proxy_receive.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/radmin.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/simultaneous_use.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/sql.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/sql_user.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/trouble_shooting.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/unlang_policies.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/unlang_return_codes.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/unlang_splitting_strings.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/unlang_update_blocks_and_conditions.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/variables.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/pages/virtual.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/partials
+#usr/share/doc/freeradius/antora/modules/tutorials/partials/common_control_attrs_sidebar.adoc
+#usr/share/doc/freeradius/antora/modules/tutorials/partials/unlang_start.adoc
 #usr/share/doc/freeradius/antora/modules/unlang
 #usr/share/doc/freeradius/antora/modules/unlang/nav.adoc
 #usr/share/doc/freeradius/antora/modules/unlang/pages
@@ -866,7 +971,6 @@ usr/sbin/radmin
 #usr/share/doc/freeradius/rfc/rfc7055.txt
 #usr/share/doc/freeradius/rfc/rfc7268.txt
 #usr/share/doc/freeradius/rfc/rfc7542.txt
-#usr/share/doc/freeradius/rfc/rfc7599.txt
 #usr/share/doc/freeradius/schemas
 #usr/share/doc/freeradius/schemas/ldap
 #usr/share/doc/freeradius/schemas/ldap/edir
@@ -1002,6 +1106,7 @@ usr/share/freeradius
 #usr/share/freeradius/dictionary.iana
 #usr/share/freeradius/dictionary.iea
 #usr/share/freeradius/dictionary.infinera
+#usr/share/freeradius/dictionary.infinera.broken
 #usr/share/freeradius/dictionary.infoblox
 #usr/share/freeradius/dictionary.infonet
 #usr/share/freeradius/dictionary.ipunplugged
diff --git a/lfs/freeradius b/lfs/freeradius
index 716a8e569..1a5ea7117 100644
--- a/lfs/freeradius
+++ b/lfs/freeradius
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2026  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = RADIUS Server
 
-VER        = 3.2.7
+VER        = 3.2.8
 
 THISAPP    = freeradius-server-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = freeradius
-PAK_VER    = 25
+PAK_VER    = 26
 
 DEPS       = libtalloc samba
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = cd523fbc01e82d87f0944926612223ee2acafc008f0f50447c35263b5dcdd36c8f00c54dde1102a3987b45a7e67426c99a7aee692cf59983c80ead111a2188dd
+$(DL_FILE)_BLAKE2 = 6266c00c68cbb02de65f88d976453fdcdda552d7554199030640f9bcd60f208afaf75aaac8fbf0a2eea0022eb23ad7b809cb910d48618261ea9f52100732c469
 
 install : $(TARGET)
 
-- 
2.52.0

next prev parent reply	other threads:[~2026-01-21 13:39 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-01-21 13:38 [PATCH] core200: Ship libpcap Adolf Belka
2026-01-21 13:38 ` [PATCH] core200: Ship libtasn1 Adolf Belka
2026-01-21 13:38 ` [PATCH] core200: Ship meson Adolf Belka
2026-01-21 13:38 ` [PATCH] core200: Ship newt Adolf Belka
2026-01-21 13:38 ` [PATCH] core200: Ship ninja Adolf Belka
2026-01-21 13:38 ` [PATCH] core200: Ship vim Adolf Belka
2026-01-21 13:38 ` Adolf Belka [this message]
2026-01-21 13:38 ` [PATCH] libpcap: Update to version 1.10.6 Adolf Belka
2026-01-21 13:38 ` [PATCH] libplist: Update to version 2.7.0 Adolf Belka
2026-01-21 13:39 ` [PATCH] libtasn1: Update to version 4.21.0 Adolf Belka
2026-01-21 13:39 ` [PATCH] libtpms: Update to version 0.10.2 Adolf Belka
2026-01-21 13:39 ` [PATCH] meson: Update to version 1.10.1 Adolf Belka
2026-01-21 13:39 ` [PATCH] newt: Update to version 0.52.25 Adolf Belka
2026-01-21 13:39 ` [PATCH] ninja: Update to version 1.13.2 Adolf Belka
2026-01-21 13:39 ` [PATCH] opus: Update to version 1.6.1 Adolf Belka
2026-01-21 13:39 ` [PATCH] samba: Update to version 4.23.4 Adolf Belka
2026-01-21 13:39 ` [PATCH] vim: Update to version 9.1.2098 Adolf Belka

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260121133907.3552584-7-adolf.belka@ipfire.org \
    --to=adolf.belka@ipfire.org \
    --cc=development@lists.ipfire.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox