From 02f9ae48b0e22be355226fde13a7186f63f46bd97e3a3d98cc6de586ca4cedfa Mon Sep 17 00:00:00 2001
From: Adam Majer <amajer@suse.com>
Date: Fri, 31 May 2024 14:47:06 +0000
Subject: [PATCH] - update to 3.2.4   Feature Improvements   * Preliminary
 support for TEAP.   * Update EAP module pre_proxy checks to make them less
 restrictive     This prevents the "middle box" effect from affecting future
 traffic.   * Many fixes and updates for Docker images.   * Add dpsk module.
 See mods-available/dpsk.   * Print out what cause the TLS operations to be
 made, such as the EAP     method name (peap, ttls, etc), or RADIUS/TLS listen
 / proxy socket.   * Add auto_escape to sample SQL module config.   * Add 'if
 not exists' to mysql create table queries.   * Update dictionary.aruba; add
 dictionary.tplink, dictionary.alphion.   * Allow for 'encrypt=1' attributes
 to be longer than 128 characters.   * Added "radsecret" program which
 generates strong secrets.     See the top of the "clients.conf" file for more
 information.   * radclient now prints packets as hex when using -xxx.   *
 Added "-t timeout" to radsniff. It will stop processing packets     after
 <timeout> seconds.   * Support "interface = ..." on OSX and other *BSD which
 have IP_BOUND_IF.   * The detail module now has a "dates_as_integer"
 configuration item     See mods-available/detail for more information.   *
 Add lookback/lookforward steps and more configuration to totp.     See
 mods-available/totp.   * Add "time_since" xlat to calculate elapsed time in
 seconds,     milliseconds and microseconds.   * Support "Post-Auth-Type
 Challenge" in the inner tunnel.   * Add "proxy_dedup_window". See
 radiusd.conf.   * Document KRB5_CLIENT_KTNAME in the "env" section of
 radiusd.conf.   * Add "dedup_key" for misbehaving supplicants. See
 mods-available/eap.   Bug Fixes

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=171
---
 freeradius-server-3.2.3.tar.bz2     |   3 --
 freeradius-server-3.2.3.tar.bz2.sig | Bin 591 -> 0 bytes
 freeradius-server-3.2.4.tar.bz2     |   3 ++
 freeradius-server-3.2.4.tar.bz2.sig | Bin 0 -> 591 bytes
 freeradius-server.changes           |  64 ++++++++++++++++++++++++++++
 freeradius-server.spec              |   8 +++-
 6 files changed, 73 insertions(+), 5 deletions(-)
 delete mode 100644 freeradius-server-3.2.3.tar.bz2
 delete mode 100644 freeradius-server-3.2.3.tar.bz2.sig
 create mode 100644 freeradius-server-3.2.4.tar.bz2
 create mode 100644 freeradius-server-3.2.4.tar.bz2.sig

diff --git a/freeradius-server-3.2.3.tar.bz2 b/freeradius-server-3.2.3.tar.bz2
deleted file mode 100644
index 41363a9..0000000
--- a/freeradius-server-3.2.3.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4a16aeffbfa1424e1f317fdf71d17e5523a4fd9564d87c747a60595ef93c5d1f
-size 3454869
diff --git a/freeradius-server-3.2.3.tar.bz2.sig b/freeradius-server-3.2.3.tar.bz2.sig
deleted file mode 100644
index 2dadfb0ffc6758c0c8f3768a8848d9bbdbff1ce0480082a11edb8724fee6fba4..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 591
zcmV-V0<isw0!#z|0SW*%79j+`BZTZ}IJtC71LCG2<9sEVTTg`r0%UN;K^PoxVPk7y
zXJvChW^!d^a$#g?b#pFna%TVv2@oLTd?lG%Ple-W5C3K<=UH?)Av8#o{0PzhCOubo
z2*|;CS~vs1hG{A;ZutF&GPT<(HWYjWn!c>4zS|~)lIK+30UZbCAx{ij6%F@#3(E_h
z_Wm46neU($d(Nn0XJlc9@)B}8rpwo-G%D-L*A-Ux7w6^Aynz$!-eQY0X_aN3TBT<Y
zKG5DEK!BRCvM-A7@WLCplFZ>z(jEmps5pJ@bgx^e2{)vs5+YJzTYqmznCo2mAj`C;
zDt={B!aA&`C>y;^LgH{a+^Vw~%08){?Tp$h$wSRO3ZUoy%1oLbrLI8}E332z^E1Hp
zBIzSi`wnQYg&rN_S-T4+Qx2%s>w8e1B*Ebh$|W)2`tX>N)WDAcnrOXT&AU#SD+cmZ
zA)V5<6(|r)->f?$LYA<2)dhF~F;CW^KIpbKQMkh<7gMP}^28;yh#hKzKJFWN&yvFD
zau?!fqPzWWR4l9eBhNvJTkW6^%*Me7cu`&=N(_+LHt7FZot~R|-&8~BYk3ONQKn>*
z!r|2doWIP)&?N3KmjOuOdaZ6zMw>2A&4;ctB6rc4?gq!-8pC_%U>~xf#*_XVbWI+F
zs{|58ZlaW!vPGOn>9YyYrIjrqoM4bGk_M8$8ez1AzWM^E<YL`mU}vRPWMoli$|Y;|
d2Nd9i9)8NJ;&3O`QiA(VbECm~5CcHDz}wT27}x*+

diff --git a/freeradius-server-3.2.4.tar.bz2 b/freeradius-server-3.2.4.tar.bz2
new file mode 100644
index 0000000..7460823
--- /dev/null
+++ b/freeradius-server-3.2.4.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4d7eb0dc48ee12dd9495108cd79316c3f0c07a548392a1be2a69bd2b81e2f94c
+size 3495607
diff --git a/freeradius-server-3.2.4.tar.bz2.sig b/freeradius-server-3.2.4.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..56aa94f4e82fabe47e1341a3834ce6c05c6e8456c307fc1e129365b3cc427ccd
GIT binary patch
literal 591
zcmV-V0<isw0!#z|0SW*%79j+`BZTZ}IJtC71LCG2<9sEVTTg`r0%liOh8P@hVPk7y
zXJvChW^!d^a$#g?b#pFna%TVv2@oLTd?lG%PlYHw5BdX($UvkTh9I&K1)2Q~hv1~i
zdGJ;l>vC4;t__5&+4O+EK=7bh77?>kdNBAGh}(xD@F8?8!X}8|NHt<*;JxzA3psp@
z4P_S;W0YHbR!P*toe>kM49As?e?`T`3z<miW2BpOZ$rynqS^N+xKuKwE2;1U#WED}
z(fG4Q4J3`I9KG1id~Mx=R{hqlMrHIxM(R~mc6UL76wJFJt%5vj5LWV{b(-CxG0ltZ
zJS*xVe+^?g*8GCm5g%OAt($f$o4jQB!d(UhJB|F3ZX7*>x(-O10{}P474DXvQis4k
zx9B~S0xVIm@%Ej;oo0K*pr$_u26XRomigk*Bd2(A*#n6Jye)f5d854fVAH*TXWCPW
z$(ev18+IfnH%O6`6E=pJnY>;Ku<N|A|4Cz=J2flozpjRPc2&8@wTBPg3hLN=eznbD
z1;rmToiFM9zi5y>VdYcEQa=lcgJ>YK(_Xm9cs4E)ft9y+dio8+^oL+Kwx@wk9}uMN
z&@(CwJ5K+VbX%UJ2en{<%IHLX)4BNPPBE6u0(fS|ovEGrJKdUd3kZr#judr01k$MY
z(>(;aoN(z#0jFmg_?HbvB3wSDG;Z4Nabi!K%|NKbT^?e(fvcxnjTYNV&@JEV3|}1S
dPs{|7&q|Tp@jiMtyk=I-cGMqbo5@}D9&B%j7(4&~

literal 0
HcmV?d00001

diff --git a/freeradius-server.changes b/freeradius-server.changes
index 672f69b..f0c224c 100644
--- a/freeradius-server.changes
+++ b/freeradius-server.changes
@@ -1,3 +1,67 @@
+-------------------------------------------------------------------
+Fri May 31 14:28:03 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- update to 3.2.4
+  Feature Improvements
+  * Preliminary support for TEAP.
+  * Update EAP module pre_proxy checks to make them less restrictive
+    This prevents the "middle box" effect from affecting future traffic.
+  * Many fixes and updates for Docker images.
+  * Add dpsk module. See mods-available/dpsk.
+  * Print out what cause the TLS operations to be made, such as the EAP
+    method name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket.
+  * Add auto_escape to sample SQL module config.
+  * Add 'if not exists' to mysql create table queries.
+  * Update dictionary.aruba; add dictionary.tplink, dictionary.alphion.
+  * Allow for 'encrypt=1' attributes to be longer than 128 characters.
+  * Added "radsecret" program which generates strong secrets.
+    See the top of the "clients.conf" file for more information.
+  * radclient now prints packets as hex when using -xxx.
+  * Added "-t timeout" to radsniff. It will stop processing packets
+    after <timeout> seconds.
+  * Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF.
+  * The detail module now has a "dates_as_integer" configuration item
+    See mods-available/detail for more information.
+  * Add lookback/lookforward steps and more configuration to totp.
+    See mods-available/totp.
+  * Add "time_since" xlat to calculate elapsed time in seconds,
+    milliseconds and microseconds.
+  * Support "Post-Auth-Type Challenge" in the inner tunnel.
+  * Add "proxy_dedup_window". See radiusd.conf.
+  * Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf.
+  * Add "dedup_key" for misbehaving supplicants. See mods-available/eap.
+
+  Bug Fixes
+  * Fix corner case with empty defaults in rlm_files.
+  * When we have multiple attributes of the same name, always use
+    the canonical attribute.
+  * Make FreeRADIUS-Server-EMA* attributes work again for home
+    server exponential moving average statistics.
+  * Don't send the global server stats when asked for client stats.
+    They use the same attributes, so the result is confusing.
+  * Fix multiple typos in MongoDB query.conf (#5130).
+  * Add define for illumos. Fixes #5135.
+  * Add client configuration for TLS PSK.
+  * Permit originate CoA after proxying to an internal virtual server.
+  * Use virtual server "default" when passed "-i" and "-p" on the command line.
+  * Fix locking issues with rlm_python3.
+  * The detail file reader will catch bad times in the file, and
+    will not update Acct-Delay-Time with extreme values.
+  * Fix issue where Message-Authenticator was calculated incorrectly
+    for CoA / Disconnect ACK and NAK packets.
+  * Update Python thread and error handling. Fixes #5208.
+  * Fix handling of Session-State when proxying. Fixes #5288.
+  * Run relevant post-proxy Fail-* section on CoA / Disconnect timeout.
+  * Add "limit" section to AWS health check configurtion. Fixes 35300.
+  * Use MAX in sqlite queries instead of GREATEST.
+  * Fix typo in Mongo queries. Fixes #5301.
+  * Fix occasional crash with bad home servers. Fixes #5308.
+  * Minor bug fixes to the SQL freetds modules.
+  * Fix blocking issue with RADIUS/TLS connection checks.
+  * Fix run-time crash on configuration typos of %{substr ...}
+    instead of %{substr:...} Fixes #5321.
+  * Fix crash with TLS Status-Server requests. Fixes #5326. 
+
 -------------------------------------------------------------------
 Sat Feb 17 18:11:19 UTC 2024 - Christian Boltz <suse-beta@cboltz.de>
 
diff --git a/freeradius-server.spec b/freeradius-server.spec
index 0cc422d..87ced28 100644
--- a/freeradius-server.spec
+++ b/freeradius-server.spec
@@ -18,7 +18,7 @@
 
 %define unitname radiusd
 Name:           freeradius-server
-Version:        3.2.3
+Version:        3.2.4
 Release:        0
 
 # Disable FreeTDS on SLE12. We never shipped it enabled with FreeTDS.
@@ -296,7 +296,6 @@ rm %{buildroot}%{_sysconfdir}/raddb/certs/*.pem
 rm %{buildroot}%{_sysconfdir}/raddb/certs/*.p12
 rm %{buildroot}%{_sysconfdir}/raddb/certs/index.*
 rm %{buildroot}%{_sysconfdir}/raddb/certs/serial*
-rm %{buildroot}%{_sysconfdir}/raddb/certs/dh
 rm doc/source/.gitignore
 rm %{buildroot}%{_sbindir}/rc.radiusd
 rm -r %{buildroot}%{_datadir}/doc/freeradius*
@@ -388,6 +387,8 @@ done
 %{_sysconfdir}/raddb/certs/Makefile
 %{_sysconfdir}/raddb/certs/passwords.mk
 %{_sysconfdir}/raddb/certs/README.md
+%dir %attr(755,radiusd,radiusd) %{_sysconfdir}/raddb/certs/realms/
+%{_sysconfdir}/raddb/certs/realms/README.md
 %{_sysconfdir}/raddb/certs/xpextensions
 %{_sysconfdir}/raddb/panic.gdb
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/certs/*.cnf
@@ -487,6 +488,7 @@ done
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dhcp_sql
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dhcp_sqlippool
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/digest
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dpsk
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dynamic_clients
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/eap
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/echo
@@ -622,6 +624,7 @@ done
 %{_libdir}/freeradius/rlm_detail.so
 %{_libdir}/freeradius/rlm_dhcp.so
 %{_libdir}/freeradius/rlm_digest.so
+%{_libdir}/freeradius/rlm_dpsk.so
 %{_libdir}/freeradius/rlm_dynamic_clients.so
 %{_libdir}/freeradius/rlm_eap.so
 %{_libdir}/freeradius/rlm_eap_fast.so
@@ -631,6 +634,7 @@ done
 %{_libdir}/freeradius/rlm_eap_peap.so
 %{_libdir}/freeradius/rlm_eap_pwd.so
 %{_libdir}/freeradius/rlm_eap_sim.so
+%{_libdir}/freeradius/rlm_eap_teap.so
 %{_libdir}/freeradius/rlm_eap_tls.so
 %{_libdir}/freeradius/rlm_eap_ttls.so
 %{_libdir}/freeradius/rlm_exec.so