- freeradius-server-radiusd-logrotate.patch: move logrotate

options into specific parts for each log as "global" options
  will persist past and clobber global options in the
  main logrotate config (bsc#1180525)

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=147

freeradius-server-3.0.23.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:08ce42bf0ec217704ca163619c06efcae8a6d6a8ae7a626d77da9a6fd210e235
-size 3381917

freeradius-server-3.0.24.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7bb0f25bec869f71f81ff6ce0be13181ac75394857e919382220240f3b6f52ef
+size 3400689

freeradius-server-radiusd-logrotate.patch

@@ -1,74 +0,0 @@
-Index: freeradius-server-3.0.21/suse/radiusd-logrotate
-===================================================================
---- freeradius-server-3.0.21.orig/suse/radiusd-logrotate
-+++ freeradius-server-3.0.21/suse/radiusd-logrotate
-@@ -2,39 +2,33 @@
- # it to /etc/logrotate.d/radiusd
- 
- #
--#    Global options for all files
--#
--dateext
--maxage 365
--rotate 99
--missingok
--compress
--delaycompress
--notifempty
--su radiusd radiusd
--
--#
- #  The main server log
- #
- /var/log/radius/radius.log {
-+	dateext
-+	maxage 365
-+	rotate 99
-+	missingok
-+	compress
-+	delaycompress
-+	notifempty
-+
-+	su radiusd radiusd
- 	copytruncate
-+	postrotate
-+			kill -HUP `cat /run/radiusd/radiusd.pid` || :
-+	endscript
- }
- 
- #
- #  Session monitoring utilities
- #
--/var/log/radius/checkrad.log /var/log/radius/radwatch.log {
--	nocreate
--	size=+1024k
--}
-+/var/log/radius/checkrad.log /var/log/radius/radwatch.log
- 
- #
- #  SQL log files
- #
--/var/log/radius/sqllog.sql {
--	nocreate
--	size=+2048k
--}
-+/var/log/radius/sqllog.sql
- 
- # There are different detail-rotating strategies you can use.  One is
- # to write to a single detail file per IP and use the rotate config
-@@ -44,6 +38,15 @@ su radiusd radiusd
- # second technique, you will need another cron job that removes old
- # detail files.  You do not need to comment out the below for method #2.
- /var/log/radius/radacct/*/detail {
-+	dateext
-+	maxage 365
-+	rotate 99
-+	missingok
-+	compress
-+	delaycompress
-+	notifempty
-+	size 1M
-+	su radiusd radiusd
- 	nocreate
- }
- 

freeradius-server.changes

@@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Thu Oct  7 15:02:11 UTC 2021 - Adam Majer <adam.majer@suse.de>
+
+- Update to version 3.0.24 (jsc#SLE-21237)
+  Feature Improvements
+  * Add sanitizer options to configure script.
+  * Log information needed by Wireshark to decode TLS sessions.
+  * Allow more liberal SQL commands in rlm_sql_map.
+  * Update dictionary.apc, dictionary.h3c.
+  * Add new Acct-Status-Type Subsystem-On and Subsystem-Off See
+    dictionary.iana and
+    https://freeradius.org/rfc/acct_status_type_subsystem.html.
+  * Add reject_unknown_intermediate_ca. See mods-available/eap.
+  * Add dynamic loading of certificates via TLS-Session-Cert-File
+    See raddb/certs/realms/README.md.
+  * Add Server Name Indication (SNI) for outbound RadSec connections
+    See raddb/sites-available/tls, and the home server tls
+    configuration.
+  * Support SNI for inbound RadSec connections. Certificates will be
+    loaded from "realm_dir" in the "tls" section. SNI will be cached
+    in the TLS-Server-Name-Indication attribute.
+  * Preliminary support for haproxy "PROXY" protocol See sites-available/tls,
+    "proxy_protocol" and doc/antora/modules/howto/pages/protocols/proxy/.
+  * Generate parse errors in more circumstances when we know that
+    the configuration is wrong.
+  * Add "weeklycounter" to sample sqlcounter configuration.
+  * Add certificate attributes to the request list, even if
+    the certificates have expired.
+  * The Simultaneous-Use code is now IPv6 aware, and can deal
+    with NAS-IPv6-Address.
+  * Add dictionary.cambium.
+
+  Bug Fixes
+  * Fix crash in trustrouter module (#4115)
+  * Fix crash in state handling.
+  * Don't alter global options in redhat logrotate scripts.
+  * EAP-FAST will print errors and continue, rather than exiting
+    when OpenSSL fails various internal sanity checks.
+  * Allow admin to manually change core limits, even when core
+    limits are disabled.
+  * Fix chunked rlm_rest HTTP body. Closes #4131
+  * Many fixes around the SQL ippool queries.conf and schema
+  * Fix MySQL stored procedures. PR #4170
+  * Rework connection pool management for corner cases Fixes #4161, #4162, #4163.
+  * Final fix for double free in #3188.
+  * Fix sqlcounter wrong memory free. PR #4192
+  * Accept slow writes from proxies over TCP, which allows the server
+    to make more progress when it receives partial packets.
+  * Add 'weeklycounter' for rlm_sqlcounter.
+  * Outbound proxying over TCP / TLS is better able to deal with
+    partial TCP reads, and has fewer issues with slow networks.
+  * Fix wrong data-type of Acct-Delay-Time in rlm_unix.
+  * Fix EAP-FAST PAC lifetime calculation.
+  * Print correct encoded packet length when debugging.
+
+- disable python2 build
+- freeradius-server-radiusd-logrotate.patch: upstreamed
+
 -------------------------------------------------------------------
 Sun Jun 27 15:43:02 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
 

freeradius-server.spec

@@ -18,15 +18,9 @@
 
 %define unitname radiusd
 Name:           freeradius-server
-Version:        3.0.23
+Version:        3.0.24
 Release:        0
 
-%if 0%{?suse_version} >= 1500
-%bcond_with python2
-%else
-%bcond_without python2
-%endif
-
 %if 0%{?suse_version} > 1140
 %bcond_without systemd
 %bcond_without libjson
@@ -62,7 +56,6 @@ Source1:        radiusd.service
 Source2:        freeradius-tmpfiles.conf
 Patch0:         freeradius-server-fix-perl-shbang.patch
 Patch1:         freeradius-server-tmpfiles.patch
-Patch2:         freeradius-server-radiusd-logrotate.patch
 Patch3:         freeradius-server-rcradiusd.patch
 Patch5:         freeradius-server-rlm_sql_unixodbc-configure.patch
 Patch6:         freeradius-server-radclient-init-error-buffer.patch
@@ -102,9 +95,6 @@ BuildRequires:  openssl-devel > 1.0
 BuildRequires:  pam-devel
 BuildRequires:  perl
 BuildRequires:  postgresql-devel
-%if 0%{with python2}
-BuildRequires:  python-devel
-%endif
 BuildRequires:  python3-devel
 BuildRequires:  sqlite3-devel
 BuildRequires:  unixODBC-devel
@@ -211,14 +201,6 @@ Requires:       perl
 %description perl
 FreeRADIUS plugin providing Perl support.
 
-%package python
-Summary:        Python support for freeradius
-Group:          System/Daemons
-Requires:       %{name} = %{version}
-
-%description python
-FreeRADIUS plugin providing Python support.
-
 %package python3
 Summary:        Python3 support for freeradius
 Group:          System/Daemons
@@ -283,9 +265,7 @@ export LDFLAGS="-pie"
   --without-rlm_rediswho \
   --without-rlm_sql_oracle \
   --without-rlm_securid \
-%if ! %{with python2}
   --without-rlm_python \
-%endif
   --with-rlm-python3-include-dir=%{_includedir}/python%{python3_version}%{py3_abiflags} \
 %if ! %{with memcached}
   --without-rlm_cache_memcached \
@@ -359,9 +339,6 @@ rm -r %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/oracle
 %if ! %{with json}
 rm %{buildroot}%{_sysconfdir}/raddb/mods-available/rest
 %endif
-%if ! %{with python2}
-rm %{buildroot}%{_sysconfdir}/raddb/mods-available/python
-%endif
 rm %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/ippool/mongo/queries.conf
 rm %{buildroot}%{_sysconfdir}/raddb/mods-config/sql/main/mongo/queries.conf
 rm %{buildroot}%{_sysconfdir}/raddb/sites-available/coa-relay
@@ -467,8 +444,6 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{unitname}.conf
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/*
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/preprocess/*
-#%%dir %%attr(750,root,radiusd) %%{_sysconfdir}/raddb/mods-config/python
-#%%attr(640,root,radiusd) %%config(noreplace) %%{_sysconfdir}/raddb/mods-config/python/radiusd.py
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool/postgresql
@@ -568,9 +543,6 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{unitname}.conf
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/pap
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/passwd
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/preprocess
-%if %{with python2}
-%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/python
-%endif
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/python3
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/radutmp
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/realm
@@ -769,15 +741,6 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{unitname}.conf
 
 %{_libdir}/freeradius/rlm_perl.so
 
-%if %{with python2}
-%files python
-%defattr(-,root,root)
-%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python
-%attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python/radiusd.py
-%{_sysconfdir}/raddb/mods-config/python/example.py*
-%{_libdir}/freeradius/rlm_python.so
-%endif
-
 %files python3
 %defattr(-,root,root)
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/python3
@@ -789,6 +752,7 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{unitname}.conf
 %defattr(-,root,root)
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/counter/mysql
 %attr(640,root,radiusd) %config(noreplace)%{_sysconfdir}/raddb/mods-config/sql/counter/mysql/dailycounter.conf
+%attr(640,root,radiusd) %config(noreplace)%{_sysconfdir}/raddb/mods-config/sql/counter/mysql/weeklycounter.conf
 %attr(640,root,radiusd) %config(noreplace)%{_sysconfdir}/raddb/mods-config/sql/counter/mysql/expire_on_login.conf
 %attr(640,root,radiusd) %config(noreplace)%{_sysconfdir}/raddb/mods-config/sql/counter/mysql/monthlycounter.conf
 %attr(640,root,radiusd) %config(noreplace)%{_sysconfdir}/raddb/mods-config/sql/counter/mysql/noresetcounter.conf
@@ -835,6 +799,7 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{unitname}.conf
 %defattr(-,root,root)
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/counter/postgresql
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/counter/postgresql/dailycounter.conf
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/counter/postgresql/weeklycounter.conf
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/counter/postgresql/expire_on_login.conf
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/counter/postgresql/monthlycounter.conf
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/counter/postgresql/noresetcounter.conf
@@ -877,6 +842,7 @@ systemd-tmpfiles --create %{_tmpfilesdir}/%{unitname}.conf
 
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/counter/sqlite
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/counter/sqlite/dailycounter.conf
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/counter/sqlite/weeklycounter.conf
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/counter/sqlite/expire_on_login.conf
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/counter/sqlite/monthlycounter.conf
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/counter/sqlite/noresetcounter.conf