This package provides debug information for package freeradius-server-python. Debug information is useful when developing applications that use this package or when debugging this package.
Homepage | http://www.freeradius.org/ |
---|
3.0.16



3.0.15

3.0.14

Distribution | Version | Since | Package | Installed | Packager | |
---|---|---|---|---|---|---|
![]() | rpm | 3.0.16-lp150.1.5 | 2019-01-17 | 88.1 kiB | 63 kiB | https://bugs.opensuse.org |
![]() | rpm | 3.0.16-lp150.2.3.1 | 2019-06-17 | 71.8 kiB | 62.9 kiB | http://bugs.opensuse.org |
![]() | rpm | 3.0.16-lp151.2.4 | 2019-04-03 | 70.8 kiB | 62.9 kiB | https://bugs.opensuse.org |
![]() | rpm | 3.0.16-lp152.4.5 | 2020-01-07 | 71.1 kiB | 62.8 kiB | https://bugs.opensuse.org |
![]() | rpm | 3.0.14-1.1 | 2019-01-17 | 89.9 kiB | 97 kiB | http://bugs.opensuse.org |
![]() | rpm | 3.0.15-9.1 | 2019-06-17 | 92.3 kiB | 96.8 kiB | http://bugs.opensuse.org |
![]() | rpm | 3.0.15-6.1 | 2019-01-18 | 92.2 kiB | 96.9 kiB | http://bugs.opensuse.org |
![]() | rpm | 3.0.15-3.1 | 2019-01-18 | 91.7 kiB | 96.9 kiB | http://bugs.opensuse.org |
Latest updates

OpenSUSE Tumbleweed debug/oss: Version 3.0.19-5.1 removed
2020-03-26

OpenSUSE Tumbleweed debug/oss: Updated from 3.0.19-4.1 to 3.0.19-5.1
2020-03-14
- Enable memcached driver on SLE15

OpenSUSE Leap 15.2 debug/oss: Version 3.0.16-lp152.4.5 introduced
2020-01-07
- CVE-2019-11235.patch: fixes authentication bypass vulnerability in the EAP-PWD module via invalid curve attack or a reflection attack vector. (CVE-2019-11235, CVE-2019-11234, bsc#1132549, bsc#1132664)

OpenSUSE Tumbleweed debug/oss: Updated from 3.0.19-3.5 to 3.0.19-4.1
2019-12-27
- Add missing BuildRequire on samba-core-devel required for windbind support in rlm_mschap.

OpenSUSE Tumbleweed debug/oss: Updated from 3.0.19-3.4 to 3.0.19-3.5
2019-12-04
- update to 3.0.19 (jira#SLE-5890)
Feature improvements- Update dictionary.cisco
- Update sqlippool to allow for stored procedures with PostgreSQL. This increases performance substantially. Patch from Nathan Ward. Fixes #2540.
- Re-added "show client config" command to radmin.
- Cleaned up mods-available/sql example so that it is easier to understand.
- Added pfSense dictionary. Closes #2581
- Update dictionary.h3c Closes #2592
- Update elasticsearch/logstash config for v6.7.0.
- EAP-PWD security fixes from Mathy Vanhoef. See
http://freeradius.org/security/
(CVE-2019-11234, CVE-2019-11235, bsc#1132549, bsc#1132664)
- Update dynamic_client module and server core so that
the functionality works. This has been broken since
at least v2. - Fix crash in sqlippool due to escaping changes.
Patch from Nathan Ward. Fixes #2532, #2533. - Fix systemd notify, watchdog and unit files.
Fixes #2541, #2499. - Fix erroneous length check in EAP-FAST.
- Update documentation to remove old "ignore_null" configuration. Fixes #2578.
- Fix default POD port. Should be 3799. Fixes #2591
- Correctly encode vendor-specific "encrypted" attributes. Fixes #2600

OpenSUSE Tumbleweed debug/oss: Updated from 3.0.19-3.3 to 3.0.19-3.4
2019-11-18
- update to 3.0.19 (jira#SLE-5890)
Feature improvements- Update dictionary.cisco
- Update sqlippool to allow for stored procedures with PostgreSQL. This increases performance substantially. Patch from Nathan Ward. Fixes #2540.
- Re-added "show client config" command to radmin.
- Cleaned up mods-available/sql example so that it is easier to understand.
- Added pfSense dictionary. Closes #2581
- Update dictionary.h3c Closes #2592
- Update elasticsearch/logstash config for v6.7.0.
- EAP-PWD security fixes from Mathy Vanhoef. See
http://freeradius.org/security/
(CVE-2019-11234, CVE-2019-11235, bsc#1132549, bsc#1132664)
- Update dynamic_client module and server core so that
the functionality works. This has been broken since
at least v2. - Fix crash in sqlippool due to escaping changes.
Patch from Nathan Ward. Fixes #2532, #2533. - Fix systemd notify, watchdog and unit files.
Fixes #2541, #2499. - Fix erroneous length check in EAP-FAST.
- Update documentation to remove old "ignore_null" configuration. Fixes #2578.
- Fix default POD port. Should be 3799. Fixes #2591
- Correctly encode vendor-specific "encrypted" attributes. Fixes #2600

OpenSUSE Tumbleweed debug/oss: Updated from 3.0.19-3.2 to 3.0.19-3.3
2019-07-16
- update to 3.0.19 (jira#SLE-5890)
Feature improvements- Update dictionary.cisco
- Update sqlippool to allow for stored procedures with PostgreSQL. This increases performance substantially. Patch from Nathan Ward. Fixes #2540.
- Re-added "show client config" command to radmin.
- Cleaned up mods-available/sql example so that it is easier to understand.
- Added pfSense dictionary. Closes #2581
- Update dictionary.h3c Closes #2592
- Update elasticsearch/logstash config for v6.7.0.
- EAP-PWD security fixes from Mathy Vanhoef. See
http://freeradius.org/security/
(CVE-2019-11234, CVE-2019-11235, bsc#1132549, bsc#1132664)
- Update dynamic_client module and server core so that
the functionality works. This has been broken since
at least v2. - Fix crash in sqlippool due to escaping changes.
Patch from Nathan Ward. Fixes #2532, #2533. - Fix systemd notify, watchdog and unit files.
Fixes #2541, #2499. - Fix erroneous length check in EAP-FAST.
- Update documentation to remove old "ignore_null" configuration. Fixes #2578.
- Fix default POD port. Should be 3799. Fixes #2591
- Correctly encode vendor-specific "encrypted" attributes. Fixes #2600

OpenSUSE Tumbleweed debug/oss: Updated from 3.0.18-1.1 to 3.0.19-3.2
2019-06-19
- update to 3.0.19 (jira#SLE-5890)
Feature improvements- Update dictionary.cisco
- Update sqlippool to allow for stored procedures with PostgreSQL. This increases performance substantially. Patch from Nathan Ward. Fixes #2540.
- Re-added "show client config" command to radmin.
- Cleaned up mods-available/sql example so that it is easier to understand.
- Added pfSense dictionary. Closes #2581
- Update dictionary.h3c Closes #2592
- Update elasticsearch/logstash config for v6.7.0.
- EAP-PWD security fixes from Mathy Vanhoef. See
http://freeradius.org/security/
(CVE-2019-11234, CVE-2019-11235, bsc#1132549, bsc#1132664)
- Update dynamic_client module and server core so that
the functionality works. This has been broken since
at least v2. - Fix crash in sqlippool due to escaping changes.
Patch from Nathan Ward. Fixes #2532, #2533. - Fix systemd notify, watchdog and unit files.
Fixes #2541, #2499. - Fix erroneous length check in EAP-FAST.
- Update documentation to remove old "ignore_null" configuration. Fixes #2578.
- Fix default POD port. Should be 3799. Fixes #2591
- Correctly encode vendor-specific "encrypted" attributes. Fixes #2600

OpenSUSE Leap 42.3 debug/update/oss: Updated from 3.0.15-6.1 to 3.0.15-9.1
2019-06-17
- CVE-2019-11235.patch: fixes authentication bypass vulnerability in the EAP-PWD module via invalid curve attack or a reflection attack vector. (CVE-2019-11235, CVE-2019-11234, bsc#1132549, bsc#1132664)

OpenSUSE Leap 15.0 debug/update/oss: Version 3.0.16-lp150.2.3.1 introduced
2019-06-17
- CVE-2019-11235.patch: fixes authentication bypass vulnerability in the EAP-PWD module via invalid curve attack or a reflection attack vector. (CVE-2019-11235, CVE-2019-11234, bsc#1132549, bsc#1132664)

OpenSUSE Leap 15.1 debug/oss: Updated from 3.0.16-lp151.2.3 to 3.0.16-lp151.2.4
2019-04-03
- update to 3.0.16
Feature improvements- rlm_python now supports multiple lists. From #2031.
- Add trust router re-keying. From #2007.
- Add support for Samba / AD LDAP schema.
doc/schemas/ldap/samba/- Add "tls_min_version" and "tls_max_version" to EAP module
- Better documentation for client certificates in PEAP and TTLS:
- Distinguish login failure from AD unavailable. Fixes #2069.
- Update RH spec files. Fixes #2070.
- Run Post-Proxy-Type if all home servers are dead.
- Print offending IP addresses when EAP sessions come from
- Minor packaging updates.
- Better documentation for rlm_rest.
- EAP-FAST now has it's own "cipher_list", so that it is
- EAP-FAST now forcibly disables TLS1.2, until such time
- Add documentation for allow_expired_crl.
- Update Debian logrotation. #2093 and #2101.
- DHCP relay can now drop responses. #2095.
- rlm_sqlippool can now assign Delegated-IPv6-Prefix.
Based on patches from maximumG. #2094.
See raddb/mods-available/sqlippool for changes.- radeapclient can now use EAP-SIM-Ki to dynamically
- Explain why many LDAP connections are closed.
- Debian build / package issues fixed by Matthew Newton.
- dictionary.patton updates from Brice Schaffner. Fixes #2137.
- Added scripts to build "inner-server.pem", and updated
- Added provisions for using an external CA. See raddb/certs/
- Include dhcpclient binary in freeradius-dhcp debian packge.
- Bind the lifetime of program name and python path to the module
- Pass correct statement length into sqlite3_prepare[_v2]
- Allow 100-Continue responses with additional headers in rlm_rest.
- fix corner case where detail files were not being locked
- Fix (SQL-Group == "%{...}") checks, and same for LDAP-Group.
- Clean up exfile code. Which should help to avoid issues
- Fix build for winbind. Patch from Alex Clouter.
- Fix checkrad for Mikrotik. Patch from Muchael Ducharme.
- Fix home server stats lookup. Patch from Phil Mayers.
- Add libjson-c3 as an optional dependency.
- Require LTB OpenLDAP on CentOS / Redhat, to avoid linking
- rlm_python fixes. Fixes #2041
- Typos in "man" pages. Fixes #2045
- Expand "next" in %{%{...}:-%{...}}. Fixes #2048
- Don't add TLS attributes twice. Fixes #2050.
- Fix memory allocation in rlm_rest. Fixes #2051.
- Update trustrouter for new API. Fixes #2059.
- Fix SQLite issues on FreeBSD. Fixes #2060
- Don't do debug logging of bad passwords. Fixes #2064.
- More graceful handling of "die" in rlm_perl. Fixes #2073.
- Fix occasional crash when using
- EAP-FAST fixes from Isaac Boukris.
#2078, #2076, and #2082, #2126.- DHCP fixes, relay, #2092, add run-time check, #2028
- Decode multiple RADIUS packets at a time in highly loaded
- TunnelPassword is not "single value" in LDAP schema.
- sql log now opens the expanded filename, not the input one.
- Remove unnecessary UNIQUE constrain in Oracle schemas.
- Fix SSL thread and locking issues when modules also use SSL.
- Re-add dhcpclient "raw packet" changes. Patches from

OpenSUSE Tumbleweed debug/oss: Updated from 3.0.17-2.4 to 3.0.18-1.1
2019-03-03
- reformat changelog mostly by wrapping lines
- add missing bug numbers for security fixes

OpenSUSE Tumbleweed debug/oss: Updated from 3.0.17-2.3 to 3.0.17-2.4
2019-02-15
- also fix ownership of /var/log/radius in systemd unit

OpenSUSE Tumbleweed debug/oss: Updated from 3.0.17-2.2 to 3.0.17-2.3
2019-02-03
- also fix ownership of /var/log/radius in systemd unit

OpenSUSE Leap 15.1 debug/oss: Version 3.0.16-lp151.2.3 introduced
2019-01-23
- update to 3.0.16
Feature improvements- rlm_python now supports multiple lists. From #2031.
- Add trust router re-keying. From #2007.
- Add support for Samba / AD LDAP schema.
doc/schemas/ldap/samba/- Add "tls_min_version" and "tls_max_version" to EAP module
- Better documentation for client certificates in PEAP and TTLS:
- Distinguish login failure from AD unavailable. Fixes #2069.
- Update RH spec files. Fixes #2070.
- Run Post-Proxy-Type if all home servers are dead.
- Print offending IP addresses when EAP sessions come from
- Minor packaging updates.
- Better documentation for rlm_rest.
- EAP-FAST now has it's own "cipher_list", so that it is
- EAP-FAST now forcibly disables TLS1.2, until such time
- Add documentation for allow_expired_crl.
- Update Debian logrotation. #2093 and #2101.
- DHCP relay can now drop responses. #2095.
- rlm_sqlippool can now assign Delegated-IPv6-Prefix.
Based on patches from maximumG. #2094.
See raddb/mods-available/sqlippool for changes.- radeapclient can now use EAP-SIM-Ki to dynamically
- Explain why many LDAP connections are closed.
- Debian build / package issues fixed by Matthew Newton.
- dictionary.patton updates from Brice Schaffner. Fixes #2137.
- Added scripts to build "inner-server.pem", and updated
- Added provisions for using an external CA. See raddb/certs/
- Include dhcpclient binary in freeradius-dhcp debian packge.
- Bind the lifetime of program name and python path to the module
- Pass correct statement length into sqlite3_prepare[_v2]
- Allow 100-Continue responses with additional headers in rlm_rest.
- fix corner case where detail files were not being locked
- Fix (SQL-Group == "%{...}") checks, and same for LDAP-Group.
- Clean up exfile code. Which should help to avoid issues
- Fix build for winbind. Patch from Alex Clouter.
- Fix checkrad for Mikrotik. Patch from Muchael Ducharme.
- Fix home server stats lookup. Patch from Phil Mayers.
- Add libjson-c3 as an optional dependency.
- Require LTB OpenLDAP on CentOS / Redhat, to avoid linking
- rlm_python fixes. Fixes #2041
- Typos in "man" pages. Fixes #2045
- Expand "next" in %{%{...}:-%{...}}. Fixes #2048
- Don't add TLS attributes twice. Fixes #2050.
- Fix memory allocation in rlm_rest. Fixes #2051.
- Update trustrouter for new API. Fixes #2059.
- Fix SQLite issues on FreeBSD. Fixes #2060
- Don't do debug logging of bad passwords. Fixes #2064.
- More graceful handling of "die" in rlm_perl. Fixes #2073.
- Fix occasional crash when using
- EAP-FAST fixes from Isaac Boukris.
#2078, #2076, and #2082, #2126.- DHCP fixes, relay, #2092, add run-time check, #2028
- Decode multiple RADIUS packets at a time in highly loaded
- TunnelPassword is not "single value" in LDAP schema.
- sql log now opens the expanded filename, not the input one.
- Remove unnecessary UNIQUE constrain in Oracle schemas.
- Fix SSL thread and locking issues when modules also use SSL.
- Re-add dhcpclient "raw packet" changes. Patches from

OpenSUSE Leap 42.3 debug/update/oss: Updated from 3.0.15-3.1 to 3.0.15-6.1
2019-01-18
- install license as %license instead of documentation

OpenSUSE Leap 42.3 debug/update/oss: Version 3.0.15-3.1 introduced
2019-01-18
- update to 3.0.15 (bnc#1049086)
Feature improvements- Update dictionary.starent, dictionary.ruckus
- Bind the lifetime of program name and python path to the module
- FR-GV-201: Check input / output length in make_secret().
(CVE-2017-10978) - FR-GV-206: Fix read overflow when decoding DHCP option 63 (CVE-2017-10983)
- FR-GV-301: Fix write overflow in data2vp_wimax()
(CVE-2017-10984) - FR-GV-302: Fix infinite loop and memory exhaustion with
'concat' attributes (CVE-2017-10985) - FR-GV-303: Fix infinite read in dhcp_attr2vp() (CVE-2017-10986)
- FR-GV-304: Fix buffer over-read in fr_dhcp_decode_suboptions() (CVE-2017-10987)
- FR-GV-305: Decode 'signed' attributes correctly.
(CVE-2017-10988) - FR-AD-001: use strncmp() instead of memcmp() for bounded data
- Print messages when we see deprecated configuration items
- Show reasons why we couldn't parse a certificate expiry time
- Be more accepting about truncated ASN1 times.
- Fix OpenSSL API issue which could leak small amounts of memory.
- For Access-Reject, call rad_authlog() after running the post-auth section, just like for Access-Accept.
- Don't crash when reading corrupted data from session resumption cache.
- Parse port in dhcpclient.
- Don't leak memory for OpenSSL.
- Portability fixes taken from OpenBSD port collection.
- run rad_authlog after post-auth for Access-Reject.
- Don't process VMPS packets twice.
- Fix attribute truncation in rlm_perl
- Fix bug when processing huntgroups.
- a1eccee1.patch: FR-AD-002 - Bind the lifetime of program name and python path to the module
- 62f7d288.patch: FR-AD-003 - Pass correct statement length into sqlite3_prepare[_v2]

OpenSUSE Leap 15.0 debug/oss: Version 3.0.16-lp150.1.5 introduced
2019-01-17
- update to 3.0.16
Feature improvements- rlm_python now supports multiple lists. From #2031.
- Add trust router re-keying. From #2007.
- Add support for Samba / AD LDAP schema.
doc/schemas/ldap/samba/- Add "tls_min_version" and "tls_max_version" to EAP module
- Better documentation for client certificates in PEAP and TTLS:
- Distinguish login failure from AD unavailable. Fixes #2069.
- Update RH spec files. Fixes #2070.
- Run Post-Proxy-Type if all home servers are dead.
- Print offending IP addresses when EAP sessions come from
- Minor packaging updates.
- Better documentation for rlm_rest.
- EAP-FAST now has it's own "cipher_list", so that it is
- EAP-FAST now forcibly disables TLS1.2, until such time
- Add documentation for allow_expired_crl.
- Update Debian logrotation. #2093 and #2101.
- DHCP relay can now drop responses. #2095.
- rlm_sqlippool can now assign Delegated-IPv6-Prefix.
Based on patches from maximumG. #2094.
See raddb/mods-available/sqlippool for changes.- radeapclient can now use EAP-SIM-Ki to dynamically
- Explain why many LDAP connections are closed.
- Debian build / package issues fixed by Matthew Newton.
- dictionary.patton updates from Brice Schaffner. Fixes #2137.
- Added scripts to build "inner-server.pem", and updated
- Added provisions for using an external CA. See raddb/certs/
- Include dhcpclient binary in freeradius-dhcp debian packge.
- Bind the lifetime of program name and python path to the module
- Pass correct statement length into sqlite3_prepare[_v2]
- Allow 100-Continue responses with additional headers in rlm_rest.
- fix corner case where detail files were not being locked
- Fix (SQL-Group == "%{...}") checks, and same for LDAP-Group.
- Clean up exfile code. Which should help to avoid issues
- Fix build for winbind. Patch from Alex Clouter.
- Fix checkrad for Mikrotik. Patch from Muchael Ducharme.
- Fix home server stats lookup. Patch from Phil Mayers.
- Add libjson-c3 as an optional dependency.
- Require LTB OpenLDAP on CentOS / Redhat, to avoid linking
- rlm_python fixes. Fixes #2041
- Typos in "man" pages. Fixes #2045
- Expand "next" in %{%{...}:-%{...}}. Fixes #2048
- Don't add TLS attributes twice. Fixes #2050.
- Fix memory allocation in rlm_rest. Fixes #2051.
- Update trustrouter for new API. Fixes #2059.
- Fix SQLite issues on FreeBSD. Fixes #2060
- Don't do debug logging of bad passwords. Fixes #2064.
- More graceful handling of "die" in rlm_perl. Fixes #2073.
- Fix occasional crash when using
- EAP-FAST fixes from Isaac Boukris.
#2078, #2076, and #2082, #2126.- DHCP fixes, relay, #2092, add run-time check, #2028
- Decode multiple RADIUS packets at a time in highly loaded
- TunnelPassword is not "single value" in LDAP schema.
- sql log now opens the expanded filename, not the input one.
- Remove unnecessary UNIQUE constrain in Oracle schemas.
- Fix SSL thread and locking issues when modules also use SSL.
- Re-add dhcpclient "raw packet" changes. Patches from

OpenSUSE Leap 42.3 debug/oss: Version 3.0.14-1.1 introduced
2019-01-17
- update to 3.0.14 (still FATE#322416)
Feature improvements- Enforce TLS client certificate expiration on session resumption, and Session-Timeout. See CVE-2017-9148 (bnc#1041445)
- Updated dictionary.cisco.vpn3000, dictionary.patton
- Added dictionary.dellemc
- Lowered the log output for failed PEAP sessions.
- ALlow utc in rlm_date.
- The internal OpenSSL session cache has been disabled. Please see mods-available/eap
- Update detail reader documentation.
- Make outgoing RadSec connections non-blocking.
- Add SQL backing to Moonshot-*-TargetedId generation.
- radtest uses Cleartext-Password for EAP, not User-Password.
- Update documentation for mods-enabled/ linking.
- Enhanced checks for moonshot salt.
- Allow session resumption for RadSec connections.
- Update "huntgroups" file to note that port ranges are not supported
- Fix OpenSSL permissions issues on default key files.
- Certificates are not required when PSK is used.
- Allow SubjectAltName as first extension in cert.
- Fixed talloc issue with TLS session resumption.
- "&Attr-26 := 0x01" now produces useful error messages.
- Handle connection error in rlm_ldap_cacheable_groupobj.
- Fix endian issues in DHCP.
- Multiple minor fixes for Coverity complaints.
- Handle unexpected regex.
- Fix minor issues in dictionaries.
- Fix typos and grammar. Patches from Alan Buxey.
- Fix erroneous VP creation in rlm_preproces.
- Fix MIB. Patch from Jeff Gehlbach.
- Trust router updates from Alejandro Perez.
- Allow build with LibreSSL.
- Use correct packet for channel bindings.
- Many fixes found by PVS-Studio. Thanks to PVS-Studio for giving us a test license. Please see the git commit history for more info.
- Fix incorrect length check in EAP-PWD. This may be exploitable.
- Stop rotating session database files (radutmp, radwtmp) since these are not logfiles.
- freeradius-server-radiusd-logrotate.patch: updated

OpenSUSE Tumbleweed debug/oss: Version 3.0.17-2.2 introduced
2019-01-17
- Merge changes from SLE to openSUSE (FATE#322416):
- freeradius-server-radclient-init-error-buffer.patch - make sure we initialize error buffer. bsc#911886: radclient error free() invalid pointer
- freeradius-server-opensslversion.patch: remove OpenSSL version check and assume we know what we are doing. (bnc#1013311)
- merge .changes file, mostly.
- do not attempt to detect "vulnerable" OpenSSL versions. SUSE security fixes do not necessarily bump version numbers as does upstream OpenSSL (bnc#1021375)
- do not generate certificates in %post. End-user needs to do this manually.
- keep FreeTDS disabled on SLE12 - we never shipped it enabled
- require OpenSSL 1.0+
- use pkgconfig(systemd) instead of plain systemd as BuildRequires
- don't list manual pages as %doc
Related packages
freeradius - High-performance and highly configurable free RADIUS server
freeradius-server - RADIUS Server
freeradius-server-python - Python support for freeradius