Version 3.0.16 has been released

Jonathan Gazeley jonathan.gazeley at bristol.ac.uk
Wed Jan 17 12:57:17 CET 2018


Thanks for all the work on this. I've built it and it works for me.

I had a thought about packaging for FreeRADIUS. I can't see anywhere 
that offers really up-to-date packages for FreeRADIUS (we all know the 
distros drag their feet) so I was wondering if anyone on the team had 
considered setting up automated builds from tags in GitHub, that could 
be available either as downloadable artefacts from GitHub or even pushed 
to a repo somewhere like Packagecloud.

If there was an easy-to-use source of recent packages I think it would 
definitely cut down the number of queries the list receives where novice 
users are running 3.0.8 because that's what their distro provides, and 
they don't have enough knowledge to compile by hand.

If there is an appetite for something like this I would be happy to look 
into it. I've started setting up build pipeline for some RPM packages I 
maintain for my employer, although these are built from private GitLab 
repos.

Cheers,
Jonathan


On 11/01/18 18:20, Alan DeKok wrote:
>    Lots of fixes!
>
>
> FreeRADIUS 3.0.16 Thu 11 Jan 2018 12:00:00 EST urgency=low
> 	Feature improvements
> 	* rlm_python now supports multiple lists.  From #2031.
> 	* Add trust router re-keying.  From #2007.
> 	* Add support for Samba / AD LDAP schema.
> 	  See doc/schemas/ldap/samba/README.txt and
> 	  doc/schemas/ldap/samba/
> 	* Add "tls_min_version" and "tls_max_version" to EAP module
> 	  for Debian OpenSSL issues.
> 	* Better documentation for client certificates in PEAP and TTLS:
> 	  it usually doesn't work.  Fixes #2068.
> 	* Distinguish login failure from AD unavailable.  Fixes #2069.
> 	* Update RH spec files.  Fixes #2070.
> 	* Run Post-Proxy-Type if all home servers are dead.
> 	  Fixes #2072.
> 	* Print offending IP addresses when EAP sessions come from
> 	  two upstream home servers, and rate-limit the messages.
> 	* Minor packaging updates.
> 	* Better documentation for rlm_rest.
> 	* EAP-FAST now has it's own "cipher_list", so that it is
> 	  easier to configure.
> 	* EAP-FAST now forcibly disables TLS1.2, until such time
> 	  as we implement the new keying mechanism from TLS1.2.
> 	* Add documentation for allow_expired_crl.
> 	* Update Debian logrotation.  #2093 and #2101.
> 	* DHCP relay can now drop responses.  #2095.
> 	* rlm_sqlippool can now assign Delegated-IPv6-Prefix.
> 	  It also now can assign any IPv4 or IPv6 address.
> 	  Based on patches from maximumG.  #2094.
> 	  See raddb/mods-available/sqlippool for changes.
> 	* radeapclient can now use EAP-SIM-Ki to dynamically
> 	  create the necessary triplets.
> 	* Explain why many LDAP connections are closed.
> 	  Fixes #1969.
> 	* Debian build / package issues fixed by Matthew Newton.
> 	* dictionary.patton updates from Brice Schaffner.  Fixes #2137.
> 	* Added scripts to build "inner-server.pem", and updated
> 	  mods-config/inner-eap and certs/README to match.
> 	* Added provisions for using an external CA.  See raddb/certs/
> 	* Include dhcpclient binary in freeradius-dhcp debian packge.
>
> 	Bug fixes
> 	* Bind the lifetime of program name and python path to the module
> 	  FR-AD-002 (redone)
> 	* Pass correct statement length into sqlite3_prepare[_v2]
> 	  FR-AD-003 (redone)
> 	* Allow 100-Continue responses with additional headers in rlm_rest.
> 	* fix corner case where detail files were not being locked
> 	  correctly.
> 	* Fix (SQL-Group == "%{...}") checks, and same for LDAP-Group.
> 	  Fixes #1947
> 	* Clean up exfile code.  Which should help to avoid issues
> 	  with reading / writing 100's of detail files.
> 	* Fix build for winbind.  Patch from Alex Clouter.
> 	* Fix checkrad for Mikrotik.  Patch from Muchael Ducharme.
> 	* Fix home server stats lookup.  Patch from Phil Mayers.
> 	* Add libjson-c3 as an optional dependency.
> 	* Require LTB OpenLDAP on CentOS / Redhat, to avoid linking
> 	  against NSS, which breaks the server.  Fixes #2040.
> 	* rlm_python fixes.  Fixes #2041
> 	* Typos in "man" pages.  Fixes #2045
> 	* Expand "next" in %{%{...}:-%{...}}.  Fixes #2048
> 	* Don't add TLS attributes twice.  Fixes #2050.
> 	* Fix memory allocation in rlm_rest.  Fixes #2051.
> 	* Update trustrouter for new API. Fixes #2059.
> 	* Fix SQLite issues on FreeBSD.  Fixes #2060
> 	* Don't do debug logging of bad passwords.  Fixes #2064.
> 	* More graceful handling of "die" in rlm_perl.  Fixes #2073.
> 	* Fix occasional crash when using
> 	  cisco_accounting_username_bug = yes
> 	* EAP-FAST fixes from Isaac Boukris.
> 	  #2078, #2076, and #2082, #2126.
> 	* DHCP fixes, relay, #2092, add run-time check, #2028
> 	* Decode multiple RADIUS packets at a time in highly loaded
> 	  RadSec connections.  Patch from Jan Tomasek.  #2106.
> 	* TunnelPassword is not "single value" in LDAP schema.
> 	  Fixes #2061.
> 	* sql log now opens the expanded filename, not the input one.
> 	  This was a regression introduced in 3.0.15.
> 	* Remove unnecessary UNIQUE constrain in Oracle schemas.
> 	* Fix SSL thread and locking issues when modules also use SSL.
> 	  Fixes #2125 and #2129.
> 	* Re-add dhcpclient "raw packet" changes.  Patches from
> 	  Nicolas Chaigne and Matthew Newton.  Fixes #2155.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list