Sync from SUSE:SLFO:1.1 freeradius-server revision b3641ec7b7961c887d43a8c804d71025

freeradius-server-enable-python3.patch

@@ -1,17 +1,17 @@
-Index: freeradius-server-3.2.5/src/modules/rlm_python3/example.py
+Index: freeradius-server-3.2.1/src/modules/rlm_python3/example.py
 ===================================================================
---- freeradius-server-3.2.5.orig/src/modules/rlm_python3/example.py
-+++ freeradius-server-3.2.5/src/modules/rlm_python3/example.py
+--- freeradius-server-3.2.1.orig/src/modules/rlm_python3/example.py
++++ freeradius-server-3.2.1/src/modules/rlm_python3/example.py
 @@ -1,4 +1,4 @@
 -#! /usr/bin/env python3
 +#!/usr/bin/python3
  #
  # Python module example file
  # Miguel A.L. Paraz <mparaz@mparaz.com>
-Index: freeradius-server-3.2.5/src/modules/rlm_python3/radiusd.py
+Index: freeradius-server-3.2.1/src/modules/rlm_python3/radiusd.py
 ===================================================================
---- freeradius-server-3.2.5.orig/src/modules/rlm_python3/radiusd.py
-+++ freeradius-server-3.2.5/src/modules/rlm_python3/radiusd.py
+--- freeradius-server-3.2.1.orig/src/modules/rlm_python3/radiusd.py
++++ freeradius-server-3.2.1/src/modules/rlm_python3/radiusd.py
 @@ -1,4 +1,4 @@
 -#! /usr/bin/env python3
 +#!/usr/bin/python3

freeradius-server-fix-perl-shbang.patch

@@ -1,27 +1,24 @@
-Index: freeradius-server-3.2.5/doc/rfc/genref.pl
-===================================================================
---- freeradius-server-3.2.5.orig/doc/rfc/genref.pl
-+++ freeradius-server-3.2.5/doc/rfc/genref.pl
+diff -Nur freeradius-server-3.0.23/doc/rfc/genref.pl new/doc/rfc/genref.pl
+--- freeradius-server-3.0.23/doc/rfc/genref.pl	2021-06-10 16:49:17.000000000 +0200
++++ new/doc/rfc/genref.pl	2021-06-27 17:40:13.946667745 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
  foreach $file (@ARGV) {
      open FILE, "<$file" || die "Error opening $file: $!\n";
  
-Index: freeradius-server-3.2.5/doc/rfc/per-rfc.pl
-===================================================================
---- freeradius-server-3.2.5.orig/doc/rfc/per-rfc.pl
-+++ freeradius-server-3.2.5/doc/rfc/per-rfc.pl
+diff -Nur freeradius-server-3.0.23/doc/rfc/per-rfc.pl new/doc/rfc/per-rfc.pl
+--- freeradius-server-3.0.23/doc/rfc/per-rfc.pl	2021-06-10 16:49:17.000000000 +0200
++++ new/doc/rfc/per-rfc.pl	2021-06-27 17:40:32.390794075 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl
  
  #
  #   Read in the references, and put into an associative array
-Index: freeradius-server-3.2.5/doc/rfc/rewrite.pl
-===================================================================
---- freeradius-server-3.2.5.orig/doc/rfc/rewrite.pl
-+++ freeradius-server-3.2.5/doc/rfc/rewrite.pl
+diff -Nur freeradius-server-3.0.23/doc/rfc/rewrite.pl new/doc/rfc/rewrite.pl
+--- freeradius-server-3.0.23/doc/rfc/rewrite.pl	2021-06-10 16:49:17.000000000 +0200
++++ new/doc/rfc/rewrite.pl	2021-06-27 17:40:41.162865842 +0200
 @@ -1,4 +1,4 @@
 -#!/usr/bin/env perl
 +#!/usr/bin/perl

freeradius-server-opensslversion.patch

@@ -2,10 +2,10 @@ Author: Adam Majer <adam.majer@suse.de>
 Summary: SUSE OpenSSL version scheme does not follow upstream.
  Relax, breathe, apply.
 
-Index: freeradius-server-3.2.5/src/main/version.c
+Index: freeradius-server-3.0.20/src/main/version.c
 ===================================================================
---- freeradius-server-3.2.5.orig/src/main/version.c
-+++ freeradius-server-3.2.5/src/main/version.c
+--- freeradius-server-3.0.20.orig/src/main/version.c
++++ freeradius-server-3.0.20/src/main/version.c
 @@ -52,6 +52,9 @@ static long ssl_built = OPENSSL_VERSION_
   */
  int ssl_check_consistency(void)

freeradius-server-radclient-init-error-buffer.patch

@@ -1,8 +1,8 @@
-Index: freeradius-server-3.2.5/src/main/radclient.c
+Index: freeradius-server-3.0.3/src/main/radclient.c
 ===================================================================
---- freeradius-server-3.2.5.orig/src/main/radclient.c
-+++ freeradius-server-3.2.5/src/main/radclient.c
-@@ -1588,6 +1588,7 @@ int main(int argc, char **argv)
+--- freeradius-server-3.0.3.orig/src/main/radclient.c
++++ freeradius-server-3.0.3/src/main/radclient.c
+@@ -1180,6 +1180,7 @@ int main(int argc, char **argv)
  		fr_perror("radclient");
  		return 1;
  	}

freeradius-server-rcradiusd.patch

@@ -1,8 +1,6 @@
-Index: freeradius-server-3.2.5/suse/rcradiusd
-===================================================================
---- freeradius-server-3.2.5.orig/suse/rcradiusd
-+++ freeradius-server-3.2.5/suse/rcradiusd
-@@ -50,6 +50,10 @@ case "$1" in
+--- freeradius-server-3.0.8.orig/suse/rcradiusd	2015-04-22 19:21:34.000000000 +0200
++++ freeradius-server-3.0.8.suse/suse/rcradiusd	2015-04-23 10:02:01.393574445 +0200
+@@ -50,6 +50,10 @@
      start)
          configtest || { rc_failed 150; rc_exit; }
          echo -n "Starting RADIUS daemon "

freeradius-server-rlm_sql_unixodbc-configure.patch

@@ -1,7 +1,7 @@
-Index: freeradius-server-3.2.5/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
+Index: freeradius-server-3.2.3/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
 ===================================================================
---- freeradius-server-3.2.5.orig/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
-+++ freeradius-server-3.2.5/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
+--- freeradius-server-3.2.3.orig/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
++++ freeradius-server-3.2.3/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
 @@ -1884,7 +1884,7 @@ if test "${with_unixodbc_dir+set}" = set
  fi
  

freeradius-server-tmpfiles.patch

@@ -1,7 +1,5 @@
-Index: freeradius-server-3.2.5/suse/freeradius-server-tmpfiles.conf
-===================================================================
---- freeradius-server-3.2.5.orig/suse/freeradius-server-tmpfiles.conf
-+++ freeradius-server-3.2.5/suse/freeradius-server-tmpfiles.conf
+--- freeradius-server-3.0.8.orig/suse/freeradius-server-tmpfiles.conf	2015-04-22 19:21:34.000000000 +0200
++++ freeradius-server-3.0.8.suse/suse/freeradius-server-tmpfiles.conf	2015-04-23 09:56:08.342988185 +0200
 @@ -1 +1,2 @@
 -D /var/run/radiusd 0710 radiusd radiusd -
 +D /run/radiusd 0710 radiusd radiusd -

freeradius-server.changes

@@ -1,112 +1,3 @@
--------------------------------------------------------------------
-Tue Aug 13 07:43:45 UTC 2024 - Andrea Manzini <andrea.manzini@suse.com>
-
-- update to 3.2.5
-  Feature Improvements
-  * TOTP now supports TOTP-Time-Offset for tokens with times that are out of sync. 
-    See mods-available/totp.
-  * radclient now supports forcing the Request Authenticator and ID for Access-Request 
-    packets.
-  * Update dictionary.3gpp.
-  * Update advice on shared secrets, including suggesting a secure method for generating 
-    useful secrets.
-
-  Bug Fixes
-  * Allow proxying by pool / home server name to work with auth+acct servers.
-  * Fix OpenSSL API usage which sometimes caused crash in MS-CHAP 
-    Previously it would either always crash immediately, or never crash.
-  * Fix packet statistics. Stop double counting some packets, and track packet 
-    statistics even if a socket is closed.
-  * Reverted patch in TTLS which broke compatibility with some systems.
-  * Don't crash in debug mode when multiple intermediate certs are used Patch 
-    from Alexander Chernikov.
-
--------------------------------------------------------------------
-Fri May 31 14:28:03 UTC 2024 - Adam Majer <adam.majer@suse.de>
-
-- update to 3.2.4
-  Configuration changes
-  * Better handle backslashes in strings in the configuration files.
-    If the configuration items contain backslashes, then behavior may change.
-    However, the previous behavior didn't work as expected,
-    and therefore is not likely to be used.
-  * reject_delay no longer applies to proxied packets. All servers
-    should now set reject_delay = 1 for security and scalability.
-  * %{randstr:...} now returns the requested amount of data,
-    instead of one too many bytes.
-
-  Feature Improvements
-  * Preliminary support for TEAP.
-  * Update EAP module pre_proxy checks to make them less restrictive
-    This prevents the "middle box" effect from affecting future traffic.
-  * Many fixes and updates for Docker images.
-  * Add dpsk module. See mods-available/dpsk.
-  * Print out what cause the TLS operations to be made, such as the EAP
-    method name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket.
-  * Add auto_escape to sample SQL module config.
-  * Add 'if not exists' to mysql create table queries.
-  * Update dictionary.aruba; add dictionary.tplink, dictionary.alphion.
-  * Allow for 'encrypt=1' attributes to be longer than 128 characters.
-  * Added "radsecret" program which generates strong secrets.
-    See the top of the "clients.conf" file for more information.
-  * radclient now prints packets as hex when using -xxx.
-  * Added "-t timeout" to radsniff. It will stop processing packets
-    after <timeout> seconds.
-  * Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF.
-  * The detail module now has a "dates_as_integer" configuration item
-    See mods-available/detail for more information.
-  * Add lookback/lookforward steps and more configuration to totp.
-    See mods-available/totp.
-  * Add "time_since" xlat to calculate elapsed time in seconds,
-    milliseconds and microseconds.
-  * Support "Post-Auth-Type Challenge" in the inner tunnel.
-  * Add "proxy_dedup_window". See radiusd.conf.
-  * Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf.
-  * Add "dedup_key" for misbehaving supplicants. See mods-available/eap.
-
-  Bug Fixes
-  * Fix corner case with empty defaults in rlm_files.
-  * When we have multiple attributes of the same name, always use
-    the canonical attribute.
-  * Make FreeRADIUS-Server-EMA* attributes work again for home
-    server exponential moving average statistics.
-  * Don't send the global server stats when asked for client stats.
-    They use the same attributes, so the result is confusing.
-  * Fix multiple typos in MongoDB query.conf (#5130).
-  * Add define for illumos. Fixes #5135.
-  * Add client configuration for TLS PSK.
-  * Permit originate CoA after proxying to an internal virtual server.
-  * Use virtual server "default" when passed "-i" and "-p" on the command line.
-  * Fix locking issues with rlm_python3.
-  * The detail file reader will catch bad times in the file, and
-    will not update Acct-Delay-Time with extreme values.
-  * Fix issue where Message-Authenticator was calculated incorrectly
-    for CoA / Disconnect ACK and NAK packets.
-  * Update Python thread and error handling. Fixes #5208.
-  * Fix handling of Session-State when proxying. Fixes #5288.
-  * Run relevant post-proxy Fail-* section on CoA / Disconnect timeout.
-  * Add "limit" section to AWS health check configurtion. Fixes 35300.
-  * Use MAX in sqlite queries instead of GREATEST.
-  * Fix typo in Mongo queries. Fixes #5301.
-  * Fix occasional crash with bad home servers. Fixes #5308.
-  * Minor bug fixes to the SQL freetds modules.
-  * Fix blocking issue with RADIUS/TLS connection checks.
-  * Fix run-time crash on configuration typos of %{substr ...}
-    instead of %{substr:...} Fixes #5321.
-  * Fix crash with TLS Status-Server requests. Fixes #5326. 
-
--------------------------------------------------------------------
-Sat Feb 17 18:11:19 UTC 2024 - Christian Boltz <suse-beta@cboltz.de>
-
-- fix directory permissions for
-  /etc/raddb/mods-config/sql/moonshot-targeted-ids/*sql*
-  (boo#1220025, accidentally discovered via boo#1220024)
-
--------------------------------------------------------------------
-Tue Feb  6 08:21:21 UTC 2024 - Marcus Meissner <meissner@suse.com>
-
-- provides for user(radiusd), group(radiusd) and group (winbind) bsc#1219600
-
 -------------------------------------------------------------------
 Thu Aug 31 13:09:06 UTC 2023 - Adam Majer <adam.majer@suse.de>
 

freeradius-server.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package freeradius-server
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %define unitname radiusd
 Name:           freeradius-server
-Version:        3.2.5
+Version:        3.2.3
 Release:        0
 
 # Disable FreeTDS on SLE12. We never shipped it enabled with FreeTDS.
@@ -96,9 +96,6 @@ Conflicts:      radiusd-cistron
 Conflicts:      radiusd-livingston
 BuildRequires:  libunbound-devel
 BuildRequires:  pkgconfig(systemd)
-Provides:       group(radiusd)
-Provides:       group(winbind)
-Provides:       user(radiusd)
 %{?systemd_requires}
 
 #bsc#1055679 - freeradius-server does not provide winbind/AD auth
@@ -296,6 +293,7 @@ rm %{buildroot}%{_sysconfdir}/raddb/certs/*.pem
 rm %{buildroot}%{_sysconfdir}/raddb/certs/*.p12
 rm %{buildroot}%{_sysconfdir}/raddb/certs/index.*
 rm %{buildroot}%{_sysconfdir}/raddb/certs/serial*
+rm %{buildroot}%{_sysconfdir}/raddb/certs/dh
 rm doc/source/.gitignore
 rm %{buildroot}%{_sbindir}/rc.radiusd
 rm -r %{buildroot}%{_datadir}/doc/freeradius*
@@ -387,8 +385,6 @@ done
 %{_sysconfdir}/raddb/certs/Makefile
 %{_sysconfdir}/raddb/certs/passwords.mk
 %{_sysconfdir}/raddb/certs/README.md
-%dir %attr(755,radiusd,radiusd) %{_sysconfdir}/raddb/certs/realms/
-%{_sysconfdir}/raddb/certs/realms/README.md
 %{_sysconfdir}/raddb/certs/xpextensions
 %{_sysconfdir}/raddb/panic.gdb
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/certs/*.cnf
@@ -404,8 +400,7 @@ done
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/files
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/files/*
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/preprocess
-%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/*sql*
-%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/*sql*/*
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/*
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/realm
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/realm/freeradius-naptr-to-home-server.sh
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids
@@ -488,7 +483,6 @@ done
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dhcp_sql
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dhcp_sqlippool
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/digest
-%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dpsk
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dynamic_clients
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/eap
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/echo
@@ -624,7 +618,6 @@ done
 %{_libdir}/freeradius/rlm_detail.so
 %{_libdir}/freeradius/rlm_dhcp.so
 %{_libdir}/freeradius/rlm_digest.so
-%{_libdir}/freeradius/rlm_dpsk.so
 %{_libdir}/freeradius/rlm_dynamic_clients.so
 %{_libdir}/freeradius/rlm_eap.so
 %{_libdir}/freeradius/rlm_eap_fast.so
@@ -634,7 +627,6 @@ done
 %{_libdir}/freeradius/rlm_eap_peap.so
 %{_libdir}/freeradius/rlm_eap_pwd.so
 %{_libdir}/freeradius/rlm_eap_sim.so
-%{_libdir}/freeradius/rlm_eap_teap.so
 %{_libdir}/freeradius/rlm_eap_tls.so
 %{_libdir}/freeradius/rlm_eap_ttls.so
 %{_libdir}/freeradius/rlm_exec.so