diff --git a/freeradius-server-3.2.3.tar.bz2 b/freeradius-server-3.2.3.tar.bz2
deleted file mode 100644
index 41363a9..0000000
--- a/freeradius-server-3.2.3.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4a16aeffbfa1424e1f317fdf71d17e5523a4fd9564d87c747a60595ef93c5d1f
-size 3454869
diff --git a/freeradius-server-3.2.3.tar.bz2.sig b/freeradius-server-3.2.3.tar.bz2.sig
deleted file mode 100644
index 2dadfb0..0000000
Binary files a/freeradius-server-3.2.3.tar.bz2.sig and /dev/null differ
diff --git a/freeradius-server-3.2.4.tar.bz2 b/freeradius-server-3.2.4.tar.bz2
new file mode 100644
index 0000000..7460823
--- /dev/null
+++ b/freeradius-server-3.2.4.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4d7eb0dc48ee12dd9495108cd79316c3f0c07a548392a1be2a69bd2b81e2f94c
+size 3495607
diff --git a/freeradius-server-3.2.4.tar.bz2.sig b/freeradius-server-3.2.4.tar.bz2.sig
new file mode 100644
index 0000000..56aa94f
Binary files /dev/null and b/freeradius-server-3.2.4.tar.bz2.sig differ
diff --git a/freeradius-server.changes b/freeradius-server.changes
index 672f69b..f0c224c 100644
--- a/freeradius-server.changes
+++ b/freeradius-server.changes
@@ -1,3 +1,67 @@
+-------------------------------------------------------------------
+Fri May 31 14:28:03 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- update to 3.2.4
+  Feature Improvements
+  * Preliminary support for TEAP.
+  * Update EAP module pre_proxy checks to make them less restrictive
+    This prevents the "middle box" effect from affecting future traffic.
+  * Many fixes and updates for Docker images.
+  * Add dpsk module. See mods-available/dpsk.
+  * Print out what cause the TLS operations to be made, such as the EAP
+    method name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket.
+  * Add auto_escape to sample SQL module config.
+  * Add 'if not exists' to mysql create table queries.
+  * Update dictionary.aruba; add dictionary.tplink, dictionary.alphion.
+  * Allow for 'encrypt=1' attributes to be longer than 128 characters.
+  * Added "radsecret" program which generates strong secrets.
+    See the top of the "clients.conf" file for more information.
+  * radclient now prints packets as hex when using -xxx.
+  * Added "-t timeout" to radsniff. It will stop processing packets
+    after <timeout> seconds.
+  * Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF.
+  * The detail module now has a "dates_as_integer" configuration item
+    See mods-available/detail for more information.
+  * Add lookback/lookforward steps and more configuration to totp.
+    See mods-available/totp.
+  * Add "time_since" xlat to calculate elapsed time in seconds,
+    milliseconds and microseconds.
+  * Support "Post-Auth-Type Challenge" in the inner tunnel.
+  * Add "proxy_dedup_window". See radiusd.conf.
+  * Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf.
+  * Add "dedup_key" for misbehaving supplicants. See mods-available/eap.
+
+  Bug Fixes
+  * Fix corner case with empty defaults in rlm_files.
+  * When we have multiple attributes of the same name, always use
+    the canonical attribute.
+  * Make FreeRADIUS-Server-EMA* attributes work again for home
+    server exponential moving average statistics.
+  * Don't send the global server stats when asked for client stats.
+    They use the same attributes, so the result is confusing.
+  * Fix multiple typos in MongoDB query.conf (#5130).
+  * Add define for illumos. Fixes #5135.
+  * Add client configuration for TLS PSK.
+  * Permit originate CoA after proxying to an internal virtual server.
+  * Use virtual server "default" when passed "-i" and "-p" on the command line.
+  * Fix locking issues with rlm_python3.
+  * The detail file reader will catch bad times in the file, and
+    will not update Acct-Delay-Time with extreme values.
+  * Fix issue where Message-Authenticator was calculated incorrectly
+    for CoA / Disconnect ACK and NAK packets.
+  * Update Python thread and error handling. Fixes #5208.
+  * Fix handling of Session-State when proxying. Fixes #5288.
+  * Run relevant post-proxy Fail-* section on CoA / Disconnect timeout.
+  * Add "limit" section to AWS health check configurtion. Fixes 35300.
+  * Use MAX in sqlite queries instead of GREATEST.
+  * Fix typo in Mongo queries. Fixes #5301.
+  * Fix occasional crash with bad home servers. Fixes #5308.
+  * Minor bug fixes to the SQL freetds modules.
+  * Fix blocking issue with RADIUS/TLS connection checks.
+  * Fix run-time crash on configuration typos of %{substr ...}
+    instead of %{substr:...} Fixes #5321.
+  * Fix crash with TLS Status-Server requests. Fixes #5326. 
+
 -------------------------------------------------------------------
 Sat Feb 17 18:11:19 UTC 2024 - Christian Boltz <suse-beta@cboltz.de>
 
diff --git a/freeradius-server.spec b/freeradius-server.spec
index 0cc422d..87ced28 100644
--- a/freeradius-server.spec
+++ b/freeradius-server.spec
@@ -18,7 +18,7 @@
 
 %define unitname radiusd
 Name:           freeradius-server
-Version:        3.2.3
+Version:        3.2.4
 Release:        0
 
 # Disable FreeTDS on SLE12. We never shipped it enabled with FreeTDS.
@@ -296,7 +296,6 @@ rm %{buildroot}%{_sysconfdir}/raddb/certs/*.pem
 rm %{buildroot}%{_sysconfdir}/raddb/certs/*.p12
 rm %{buildroot}%{_sysconfdir}/raddb/certs/index.*
 rm %{buildroot}%{_sysconfdir}/raddb/certs/serial*
-rm %{buildroot}%{_sysconfdir}/raddb/certs/dh
 rm doc/source/.gitignore
 rm %{buildroot}%{_sbindir}/rc.radiusd
 rm -r %{buildroot}%{_datadir}/doc/freeradius*
@@ -388,6 +387,8 @@ done
 %{_sysconfdir}/raddb/certs/Makefile
 %{_sysconfdir}/raddb/certs/passwords.mk
 %{_sysconfdir}/raddb/certs/README.md
+%dir %attr(755,radiusd,radiusd) %{_sysconfdir}/raddb/certs/realms/
+%{_sysconfdir}/raddb/certs/realms/README.md
 %{_sysconfdir}/raddb/certs/xpextensions
 %{_sysconfdir}/raddb/panic.gdb
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/certs/*.cnf
@@ -487,6 +488,7 @@ done
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dhcp_sql
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dhcp_sqlippool
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/digest
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dpsk
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dynamic_clients
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/eap
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/echo
@@ -622,6 +624,7 @@ done
 %{_libdir}/freeradius/rlm_detail.so
 %{_libdir}/freeradius/rlm_dhcp.so
 %{_libdir}/freeradius/rlm_digest.so
+%{_libdir}/freeradius/rlm_dpsk.so
 %{_libdir}/freeradius/rlm_dynamic_clients.so
 %{_libdir}/freeradius/rlm_eap.so
 %{_libdir}/freeradius/rlm_eap_fast.so
@@ -631,6 +634,7 @@ done
 %{_libdir}/freeradius/rlm_eap_peap.so
 %{_libdir}/freeradius/rlm_eap_pwd.so
 %{_libdir}/freeradius/rlm_eap_sim.so
+%{_libdir}/freeradius/rlm_eap_teap.so
 %{_libdir}/freeradius/rlm_eap_tls.so
 %{_libdir}/freeradius/rlm_eap_ttls.so
 %{_libdir}/freeradius/rlm_exec.so