]> git.ipfire.org Git - people/mfischer/ipfire-2.x.git/commitdiff
projects / people / mfischer / ipfire-2.x.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: df638b2)
freeradius: Update to version 3.2.5
authorAdolf Belka <adolf.belka@ipfire.org>
Mon, 12 Aug 2024 15:37:59 +0000 (17:37 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Tue, 13 Aug 2024 09:14:15 +0000 (09:14 +0000)
- Update from version 3.2.3 to 3.2.5
- Update of rootfile
- Various options removed from ./configure as they are all unrecognised and don't have
   any effect. Most of them look to have been related to freeradius-1.x
- There is no command that gets recognised for disabling or not using static libs
- Changelog
    3.2.5
Feature Improvements
    TOTP now supports TOTP-Time-Offset for tokens with times that are out of sync.
     See mods-available/totp.
    radclient now supports forcing the Request Authenticator and ID for
     Access-Request packets.
    Update dictionary.3gpp.
    Update advice on shared secrets, including suggesting a secure method for
     generating useful secrets.
Bug Fixes
    Allow proxying by pool / home server name to work with auth+acct servers.
    Fix OpenSSL API usage which sometimes caused crash in MS-CHAP Previously it
     would either always crash immediately, or never crash.
    Fix packet statistics. Stop double counting some packets, and track packet
     statistics even if a socket is closed.
    Reverted patch in TTLS which broke compatibility with some systems.
    Don't crash in debug mode when multiple intermediate certs are used Patch
     from Alexander Chernikov.
    3.2.4
Feature Improvements
    Preliminary support for TEAP.
    Update EAP module pre_proxy checks to make them less restrictive This
     prevents the "middle box" effect from affecting future traffic.
    Many fixes and updates for Docker images.
    Add dpsk module. See mods-available/dpsk.
    Print out what cause the TLS operations to be made, such as the EAP method
     name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket.
    Add auto_escape to sample SQL module config.
    Add 'if not exists' to mysql create table queries. ref #5032 (#5137).
    Update dictionary.aruba; add dictionary.tplink, dictionary.alphion.
    Allow for 'encrypt=1' attributes to be longer than 128 characters.
    Added "radsecret" program which generates strong secrets. See the top of the
     "clients.conf" file for more information.
    radclient now prints packets as hex when using -xxx.
    Added "-t timeout" to radsniff. It will stop processing packets after
     <timeout> seconds.
    Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF.
    The detail module now has a "dates_as_integer" configuration item See
     mods-available/detail for more information.
    Add lookback/lookforward steps and more configuration to totp. See
     mods-available/totp.
    Add "time_since" xlat to calculate elapsed time in seconds, milliseconds and
     microseconds.
    Support "Post-Auth-Type Challenge" in the inner tunnel. Patch from Alexander
     Clouter. PR #5320.
    Add "proxy_dedup_window". See radiusd.conf.
    Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf.
    Add "dedup_key" for misbehaving supplicants. See mods-available/eap.
Bug Fixes
    Fix corner case with empty defaults in rlm_files. Fixes #5035.
    When we have multiple attributes of the same name, always use the canonical
     attribute.
    Make FreeRADIUS-Server-EMA* attributes work again for home server exponential
     moving average statistics.
    Don't send the global server stats when asked for client stats. They use the
     same attributes, so the result is confusing.
    Fix multiple typos in MongoDB query.conf (#5130).
    Add define for illumos. Fixes #5135.
    Add client configuration for TLS PSK.
    Permit originate CoA after proxying to an internal virtual server.
    Use virtual server "default" when passed "-i" and "-p" on the command line.
    Fix locking issues with rlm_python3.
    The detail file reader will catch bad times in the file, and will not update
     Acct-Delay-Time with extreme values.
    Fix issue where Message-Authenticator was calculated incorrectly for
     CoA / Disconnect ACK and NAK packets.
    Update Python thread and error handling. Fixes #5208.
    Fix handling of Session-State when proxying. Fixes #5288.
    Run relevant post-proxy Fail-* section on CoA / Disconnect timeout.
    Add "limit" section to AWS health check configurtion. Fixes 35300.
    Use MAX in sqlite queries instead of GREATEST.
    Fix typo in Mongo queries. Fixes #5301.
    Fix occasional crash with bad home servers. Fixes #5308.
    Minor bug fixes to the SQL freetds modules.
    Fix blocking issue with RADIUS/TLS connection checks.
    Fix run-time crash on configuration typos of %{substr ...} instead of
     %{substr:...} Fixes #5321.
    Fix crash with TLS Status-Server requests. Fixes #5326.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
config/rootfiles/packages/freeradius patch | blob | blame | history
lfs/freeradius patch | blob | blame | history

diff --git a/config/rootfiles/packages/freeradius b/config/rootfiles/packages/freeradius
index 899bfa139b202ecdb2cfd23b85737fce6916d54f..24e2edf2233a88aa20044b84f217ff888b8f1cee 100644 (file)
--- a/config/rootfiles/packages/freeradius
+++ b/config/rootfiles/packages/freeradius
@@ -9,6 +9,8 @@ etc/raddb
 #etc/raddb/certs/client.cnf
 #etc/raddb/certs/inner-server.cnf
 #etc/raddb/certs/passwords.mk
+#etc/raddb/certs/realms
+#etc/raddb/certs/realms/README.md
 #etc/raddb/certs/server.cnf
 #etc/raddb/certs/xpextensions
 #etc/raddb/clients.conf
@@ -34,6 +36,7 @@ etc/raddb
 #etc/raddb/mods-available/dhcp_sql
 #etc/raddb/mods-available/dhcp_sqlippool
 #etc/raddb/mods-available/digest
+#etc/raddb/mods-available/dpsk
 #etc/raddb/mods-available/dynamic_clients
 #etc/raddb/mods-available/eap
 #etc/raddb/mods-available/echo
@@ -325,6 +328,7 @@ usr/bin/radclient
 usr/bin/radcrypt
 usr/bin/radeapclient
 usr/bin/radlast
+usr/bin/radsecret
 usr/bin/radsniff
 usr/bin/radsqlrelay
 usr/bin/radtest
@@ -453,6 +457,9 @@ usr/lib/freeradius/rlm_dhcp.so
 #usr/lib/freeradius/rlm_digest.a
 #usr/lib/freeradius/rlm_digest.la
 usr/lib/freeradius/rlm_digest.so
+#usr/lib/freeradius/rlm_dpsk.a
+#usr/lib/freeradius/rlm_dpsk.la
+usr/lib/freeradius/rlm_dpsk.so
 #usr/lib/freeradius/rlm_dynamic_clients.a
 #usr/lib/freeradius/rlm_dynamic_clients.la
 usr/lib/freeradius/rlm_dynamic_clients.so
@@ -480,6 +487,9 @@ usr/lib/freeradius/rlm_eap_pwd.so
 #usr/lib/freeradius/rlm_eap_sim.a
 #usr/lib/freeradius/rlm_eap_sim.la
 usr/lib/freeradius/rlm_eap_sim.so
+#usr/lib/freeradius/rlm_eap_teap.a
+#usr/lib/freeradius/rlm_eap_teap.la
+usr/lib/freeradius/rlm_eap_teap.so
 #usr/lib/freeradius/rlm_eap_tls.a
 #usr/lib/freeradius/rlm_eap_tls.la
 usr/lib/freeradius/rlm_eap_tls.so
@@ -614,10 +624,31 @@ usr/sbin/radmin
 #usr/share/doc/freeradius/antora/modules/ROOT/pages
 #usr/share/doc/freeradius/antora/modules/ROOT/pages/directories.adoc
 #usr/share/doc/freeradius/antora/modules/ROOT/pages/index.adoc
+#usr/share/doc/freeradius/antora/modules/concepts
+#usr/share/doc/freeradius/antora/modules/concepts/nav.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages
+#usr/share/doc/freeradius/antora/modules/concepts/pages/aaa.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/index.adoc
+#usr/share/doc/freeradius/antora/modules/concepts/pages/modules
+#usr/share/doc/freeradius/antora/modules/concepts/pages/modules/ldap
+#usr/share/doc/freeradius/antora/modules/concepts/pages/modules/ldap/authentication.adoc
+#usr/share/doc/freeradius/antora/modules/developers
+#usr/share/doc/freeradius/antora/modules/developers/nav.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages
+#usr/share/doc/freeradius/antora/modules/developers/pages/bugs.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages/coding-methods.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages/contributing.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages/coverage.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages/index.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages/profile.adoc
+#usr/share/doc/freeradius/antora/modules/developers/pages/release-method.adoc
 #usr/share/doc/freeradius/antora/modules/howto
 #usr/share/doc/freeradius/antora/modules/howto/nav.adoc
 #usr/share/doc/freeradius/antora/modules/howto/pages
 #usr/share/doc/freeradius/antora/modules/howto/pages/index.adoc
+#usr/share/doc/freeradius/antora/modules/howto/pages/monitoring
+#usr/share/doc/freeradius/antora/modules/howto/pages/monitoring/index.adoc
+#usr/share/doc/freeradius/antora/modules/howto/pages/monitoring/statistics.adoc
 #usr/share/doc/freeradius/antora/modules/howto/pages/protocols
 #usr/share/doc/freeradius/antora/modules/howto/pages/protocols/dhcp
 #usr/share/doc/freeradius/antora/modules/howto/pages/protocols/dhcp/enable.adoc
@@ -638,6 +669,7 @@ usr/sbin/radmin
 #usr/share/doc/freeradius/antora/modules/howto/pages/protocols/proxy/radsec_client.adoc
 #usr/share/doc/freeradius/antora/modules/howto/pages/protocols/proxy/radsec_with_haproxy.adoc
 #usr/share/doc/freeradius/antora/modules/howto/pages/protocols/proxy/radsec_with_traefik.adoc
+#usr/share/doc/freeradius/antora/modules/howto/pages/simultaneous_use.adoc
 #usr/share/doc/freeradius/antora/modules/installation
 #usr/share/doc/freeradius/antora/modules/installation/nav.adoc
 #usr/share/doc/freeradius/antora/modules/installation/pages
@@ -873,6 +905,7 @@ usr/share/freeradius
 #usr/share/freeradius/dictionary.alcatel-lucent.aaa
 #usr/share/freeradius/dictionary.alcatel.esam
 #usr/share/freeradius/dictionary.alcatel.sr
+#usr/share/freeradius/dictionary.alphion
 #usr/share/freeradius/dictionary.alteon
 #usr/share/freeradius/dictionary.altiga
 #usr/share/freeradius/dictionary.alvarion
@@ -914,6 +947,7 @@ usr/share/freeradius
 #usr/share/freeradius/dictionary.cisco.vpn3000
 #usr/share/freeradius/dictionary.cisco.vpn5000
 #usr/share/freeradius/dictionary.citrix
+#usr/share/freeradius/dictionary.ckey
 #usr/share/freeradius/dictionary.clavister
 #usr/share/freeradius/dictionary.cnergee
 #usr/share/freeradius/dictionary.colubris
@@ -997,6 +1031,7 @@ usr/share/freeradius
 #usr/share/freeradius/dictionary.nortel
 #usr/share/freeradius/dictionary.ntua
 #usr/share/freeradius/dictionary.openser
+#usr/share/freeradius/dictionary.openwifi
 #usr/share/freeradius/dictionary.packeteer
 #usr/share/freeradius/dictionary.paloalto
 #usr/share/freeradius/dictionary.patton
@@ -1056,6 +1091,7 @@ usr/share/freeradius
 #usr/share/freeradius/dictionary.shiva
 #usr/share/freeradius/dictionary.siemens
 #usr/share/freeradius/dictionary.slipstream
+#usr/share/freeradius/dictionary.smartsharesystems
 #usr/share/freeradius/dictionary.sofaware
 #usr/share/freeradius/dictionary.softbank
 #usr/share/freeradius/dictionary.sonicwall
@@ -1069,6 +1105,7 @@ usr/share/freeradius
 #usr/share/freeradius/dictionary.telkom
 #usr/share/freeradius/dictionary.telrad
 #usr/share/freeradius/dictionary.terena
+#usr/share/freeradius/dictionary.tplink
 #usr/share/freeradius/dictionary.trapeze
 #usr/share/freeradius/dictionary.travelping
 #usr/share/freeradius/dictionary.tripplite
diff --git a/lfs/freeradius b/lfs/freeradius
index df59bd63b93a59d218e7c9e95dfcd1af17c41a09..7136dc3e17c1e8d909c5ccc751bea7fc5f140400 100644 (file)
--- a/lfs/freeradius
+++ b/lfs/freeradius
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = RADIUS Server
 
-VER        = 3.2.3
+VER        = 3.2.5
 
 THISAPP    = freeradius-server-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = freeradius
-PAK_VER    = 20
+PAK_VER    = 21
 
 DEPS       = libtalloc samba
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 525204331a5b123dac7457c6adb755cbe9794dbff4a536ea665fc7d1cac97553e392b7b598741c2a9dd00c81decd00608499d6f25208e389b9f213f54977de84
+$(DL_FILE)_BLAKE2 = 169dccd6f04b4503869912dec9423279cc18fc22fa3babf324747bdf0d80d3b4fa5460ac07f89f8d845bf664283a9772b483b8fcec990364fcaf71b673b6917c
 
 install : $(TARGET)
 
@@ -89,19 +89,8 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                        --sysconfdir=/etc \
                        --libdir=/usr/lib/freeradius \
                        --localstatedir=/var \
-                       --with-system-libtool \
                        --with-threads \
-                       --with-thread-pool \
-                       --disable-ltdl-install \
                        --disable-openssl-version-check \
-                       --without-rlm_eap_ikev2 \
-                       --without-rlm_sql_iodbc \
-                       --without-rlm_sql_firebird \
-                       --without-rlm_sql_db2 \
-                       --without-rlm_sql_oracle \
-                       --without-rlm_sql_sqlite \
-                       --without-rlm_sql_mysql \
-                       --without-rlm_python \
                        LDFLAGS="$(LDFLAGS)"
 
        cd $(DIR_APP) && make $(MAKETUNING)
Matthias' tree of IPFire 2.x