From patchwork Fri Jul  4 10:14:31 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adolf Belka <adolf.belka@ipfire.org>
X-Patchwork-Id: 8885
Return-Path: <development+bounces-655-patchwork=ipfire.org@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bYTzW6nZlz3wm9
	for <patchwork@web04.haj.ipfire.org>; Fri,  4 Jul 2025 10:15:35 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits)
	 client-signature ECDSA (secp384r1))
	(Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4bYTz76wJbz6wC
	for <patchwork@ipfire.org>; Fri,  4 Jul 2025 10:15:15 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bYTyz1SqBz34PC
	for <patchwork@ipfire.org>; Fri,  4 Jul 2025 10:15:07 +0000 (UTC)
X-Original-To: development@lists.ipfire.org
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bYTyq6fdSz36VR
	for <development@lists.ipfire.org>; Fri,  4 Jul 2025 10:14:59 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mail01.ipfire.org (Postfix) with ESMTPSA id 4bYTym53Psz6xP;
	Fri,  4 Jul 2025 10:14:56 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1751624096;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=l5GkVPu0jUg7RBwGiGy5dn/CkExX+F5+/Ov/EjMy0do=;
	b=No1HWAUxgN6LvmRfueesEY30yutaXqCmsWCg4ISY6nIhk8vHaSmMqHsqDuQZdac7yLy8ld
	xHnt5N7GNDjJJVAg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
	t=1751624096;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=l5GkVPu0jUg7RBwGiGy5dn/CkExX+F5+/Ov/EjMy0do=;
	b=VuIda8M3STAx5Y5h5m1YDxx8ZKPD+nDXyJEck8iwuReeDzaebc7hzJOg+VlnfgloHzS9xE
	GOiuQXtxoLdAC14R0JE/EzHZ5NdD65nvzse9mdYKlj+T7XercMZfIg66tNhpUic7YWC0Mf
	Lu4RLJbexpO2b6MoPSR9rKpy8AkWJ6t5oLD3D/Jxc9eRH3y72kLjt5wf3v5LGdmgsBVEEh
	y/b+2w6QlEyqt0C6fO5TlFTkPCdn745z9rzaz2RS8StJtJoNsebAomj8zNeu2MFSmS+z9q
	6F0LdQl8HF15gnzN6GonSeG/t510kTrZjGQv/0nUznh49tW6NDiDfZyqk2Ck2w==
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Cc: Adolf Belka <adolf.belka@ipfire.org>
Subject: [PATCH] freeradius: Update to version 3.2.7
Date: Fri,  4 Jul 2025 12:14:31 +0200
Message-ID: <20250704101446.8038-16-adolf.belka@ipfire.org>
In-Reply-To: <20250704101446.8038-1-adolf.belka@ipfire.org>
References: <20250704101446.8038-1-adolf.belka@ipfire.org>
Precedence: list
List-Id: <development.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
 <mailto:development+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
 <mailto:development+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development+help@lists.ipfire.org?subject=help>
Sender: <development@lists.ipfire.org>
Mail-Followup-To: <development@lists.ipfire.org>
MIME-Version: 1.0

- Update from version 3.2.6 to 3.2.7
- Update of rootfile
- Changelog
    3.2.7
	Feature Improvements
	    Print MD5 hash of the configuration files in debug mode This helps people
	     track configuration changes.
	    Add support for IPv6 to "abinary" type. The fields are the same as for
	     "ip", but use "ipv6", and IPv6 formatted addresses.
	    Update radclient to make it clear that Message-Authenticator is added to
	     all Access-Request packets, even if the input file does not contain it.
	    Add support for Subject AltName URI. Closes #5450.
	    Add python_path_mode option to python3 module.
	    Relax checks on OpenSSL minor versions for OpenSSL 3.x.
	    Add API for deleting dynamic home servers.
	    set SO_KEEPALIVE on outbound sockets, so firewalls are less likly to close
	     TCP connections.
	    Allow querying of statistics when home_server has src_ipaddr set. See
	     FreeRADIUS-Stats-Server-Src-IP-Address Fixes #5483.
	    Update dictionary "man" page. Fixes #4346.
	    Change jlibtool to use --show-config, to avoid conflicts with clang
	     --config. Fixes #5442.
	    RADIUS/TLS clients now support a "tls' subsection. For connections from
	     this client, this section is used in preference to the "listen" TLS
	     settings. This allows a server to easily present different identities to
	     different clients.
	    RADIUS/TLS has been updated for TLS-PSK and TLS 1.3. Tested with radsecproxy.
	Bug Fixes
	    For EAP-TLS, send TLS start without a length field Some clients refuse to
	     do EAP-TLS when this field exists.
	    Avoid blocking TLS sockets on corner cases during session setup.
	    Update home server stats.
	    Correct error message about untrusted certs. Fixes #5466.
	    Use PyEval_RestoreThread to swap to main thread Fixes #5111.
	    Don't run Python detach function on config check.
	    Fix a number of issues with TLS connections and
	     "check_client_connections = yes".
	    Be more careful about managing the incoming queue when databases block the
	     server. The server will still be unable to make progress, but it should
	     crash less. Whether or not this is a good thing is unknown.
	    Better handler single-character expansions. Fixes #2216.
	    Correct calculation of EAP length in pre-proxy. Fixes #5486.
	    Don't segfault when using detail listeners. Fixes #5485.
	    Add check for Couchbase v2, rlm_couchbase won't build on v3.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 config/rootfiles/packages/freeradius | 6 ++++++
 lfs/freeradius                       | 6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/config/rootfiles/packages/freeradius b/config/rootfiles/packages/freeradius
index 3a82e7d9c..d69783b4f 100644
--- a/config/rootfiles/packages/freeradius
+++ b/config/rootfiles/packages/freeradius
@@ -65,6 +65,7 @@ etc/raddb
 #etc/raddb/mods-available/passwd
 #etc/raddb/mods-available/perl
 #etc/raddb/mods-available/preprocess
+#etc/raddb/mods-available/proxy_rate_limit
 #etc/raddb/mods-available/python
 #etc/raddb/mods-available/python3
 #etc/raddb/mods-available/radutmp
@@ -259,6 +260,7 @@ etc/raddb
 #etc/raddb/mods-enabled/pap
 #etc/raddb/mods-enabled/passwd
 #etc/raddb/mods-enabled/preprocess
+#etc/raddb/mods-enabled/proxy_rate_limit
 #etc/raddb/mods-enabled/radutmp
 #etc/raddb/mods-enabled/realm
 #etc/raddb/mods-enabled/replicate
@@ -544,6 +546,9 @@ usr/lib/freeradius/rlm_perl.so
 #usr/lib/freeradius/rlm_preprocess.a
 #usr/lib/freeradius/rlm_preprocess.la
 usr/lib/freeradius/rlm_preprocess.so
+#usr/lib/freeradius/rlm_proxy_rate_limit.a
+#usr/lib/freeradius/rlm_proxy_rate_limit.la
+usr/lib/freeradius/rlm_proxy_rate_limit.so
 #usr/lib/freeradius/rlm_python3.a
 #usr/lib/freeradius/rlm_python3.la
 usr/lib/freeradius/rlm_python3.so
@@ -993,6 +998,7 @@ usr/share/freeradius
 #usr/share/freeradius/dictionary.hillstone
 #usr/share/freeradius/dictionary.hp
 #usr/share/freeradius/dictionary.huawei
+#usr/share/freeradius/dictionary.huawei.v2
 #usr/share/freeradius/dictionary.iana
 #usr/share/freeradius/dictionary.iea
 #usr/share/freeradius/dictionary.infinera
diff --git a/lfs/freeradius b/lfs/freeradius
index 4a267485f..716a8e569 100644
--- a/lfs/freeradius
+++ b/lfs/freeradius
@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = RADIUS Server
 
-VER        = 3.2.6
+VER        = 3.2.7
 
 THISAPP    = freeradius-server-$(VER)
 DL_FILE    = $(THISAPP).tar.bz2
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = freeradius
-PAK_VER    = 24
+PAK_VER    = 25
 
 DEPS       = libtalloc samba
 
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 0af7cdf7fb784f2d5019f3bcb06d1d44dca046c9a4513d780ab032367001b6a67e9ea17a3a5b4609b9d7b936647e60c96e35188ba9644c4360071ac8d021bd58
+$(DL_FILE)_BLAKE2 = cd523fbc01e82d87f0944926612223ee2acafc008f0f50447c35263b5dcdd36c8f00c54dde1102a3987b45a7e67426c99a7aee692cf59983c80ead111a2188dd
 
 install : $(TARGET)