From 1b4e5f1e0968df46eac58fc40d6184effe6ce56d30a6b5fe6477ea0db2c02126 Mon Sep 17 00:00:00 2001
From: Adam Majer <amajer@suse.com>
Date: Fri, 1 Sep 2023 11:37:49 +0000
Subject: [PATCH] - update to version 3.2.3:   Feature Improvements   * Add
 "max_retries" for connection pools. Fixes #4908.   * Update dictionary.ciena,
 dictionary.huawei, dictionary.wifialliance and     dictionary.wispr; add
 dictionary.eleven.   * You can now list "eap" in the "pre-proxy" section. If
 the packet contains a     malformed EAP message, then the request will be
 rejected The home server     will either reject (or discard) this packet
 anyways, so this change can     only help with large proxy scenarios.   *
 Show warnings if libldap is not using OpenSSL.   * Support RADIUS/1.1. See   
  https://datatracker.ietf.org/doc/draft-dekok-radext-radiusv11/ Disabled by  
   default, can be enabled by passing `--with-radiusv11` to the configure    
 script. For now, this is for testing interoperability.   * Add extra sanity
 checks for malformed EAP attributes.   * More TLS debugging output.   * Clear
 old module instance data before HUP reload. Avoids burst memory use     when
 e.g. using large data files with rlm_files.   * `rlm_cache_redis` is now
 included in the freeradius-redis packages. Bug Fixes   * Don't leak MD
 contexts with OpenSSL 3.0.   * Increase internal buffer size for TLS
 connections, which can help with     high-load proxies.   * Send
 Status-Server checks for TLS connections.   * Give descriptive error if
 "update CoA" is used with "fake" packets, as it     won't work. i.e.
 inner-tunnel and virtual home servers.   * Many small ASAN / LSAN fixes from
 Jorge Pereira.   * Close inbound RADIUS/TLS socket on TLS errors. When a home
 server sees a     TLS error, it will now close the socket, so proxies do not
 have an open     (but dead) TLS connection.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=161
---
 freeradius-server-3.2.1.tar.bz2               |   3 -
 freeradius-server-3.2.1.tar.bz2.sig           | Bin 591 -> 0 bytes
 freeradius-server-3.2.3.tar.bz2               |   3 +
 freeradius-server-3.2.3.tar.bz2.sig           | Bin 0 -> 591 bytes
 ...us-server-rlm_sql_unixodbc-configure.patch |  23 +++--
 freeradius-server.changes                     |  83 ++++++++++++++++++
 freeradius-server.spec                        |  12 +--
 7 files changed, 107 insertions(+), 17 deletions(-)
 delete mode 100644 freeradius-server-3.2.1.tar.bz2
 delete mode 100644 freeradius-server-3.2.1.tar.bz2.sig
 create mode 100644 freeradius-server-3.2.3.tar.bz2
 create mode 100644 freeradius-server-3.2.3.tar.bz2.sig

diff --git a/freeradius-server-3.2.1.tar.bz2 b/freeradius-server-3.2.1.tar.bz2
deleted file mode 100644
index 86c3f89..0000000
--- a/freeradius-server-3.2.1.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:32cd4eae3c24af2893aa5feff643bc9ac0755341b2b7e8dd622c6e9a23e9f256
-size 3399164
diff --git a/freeradius-server-3.2.1.tar.bz2.sig b/freeradius-server-3.2.1.tar.bz2.sig
deleted file mode 100644
index 0edc072eb9d10db1c7397ba73e0d56e8fb5e5e5a5e976877ea27e20be3f55412..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 591
zcmV-V0<isw0!#z|0SW*%79j+`BZTZ}IJtC71LCG2<9sEVTTg`r0%JQ_^%xv*VPk7y
zXJvChW^!d^a$#g?b#pFna%TVv2@oLTd?lG%PlYEw5CE}$XV0kFVbO=9os45hJr6%8
z+U=4bQ3RwbfRUGpXkf)eCOUK;X`LZ0AbZ+aD79P}Baan7IV$b^?R1Ei)jKDFM1b>U
z;l`OKe#UoJ_BcMF6&7OX@>-1=vHWmPUULv(;7LQ))dt`tf#1-;gI^WpNdif=Pc{UW
zBfI~6gMb~C6;7o0+F(OJVbahi&y9pi8TKo1gaA86l&9wF;J$`<f|&EaD>#}hIj1GD
z<f1AbX3EJhzT4cMl1{ithVq*#2BK)T`E~POxQTCZw#_D;E<^2b^9d4uFrg7vy5iIA
zjrrN=+k_8Ib@F8yUJhS-3sGFUJZHYC+If*3=+uq4z!;mHX#{y#;(N7nye-pq)-7e+
zy4yCGSVS7%eEz&D_&QFtO4T7@b$dOuKbpDyMjABe@zij{WfQIehMJULS=s|r1yQxZ
zGx|z3^>>~62&aeGt|W|O!d~ZuZ}4?oh6L!~q5~*}FbAZP^AtEVhZA`kDBQ)z2*%r?
z<9j{!nQs)uHl;r@bQ3pp`*xce80u15;81Ep<<<R3@pgDG&XKo?oH=u;C0aPqTEa%H
zLJ_2ceYXD^Ao$;zG;7SLCvr}!Yi|u?tFkr~zyrh#7J-tWhNf5*&^-HSY1M+MXfGXC
dxD2+~&2E=as!iR3@G2n(n@MBL5izBZRxVHe6runC

diff --git a/freeradius-server-3.2.3.tar.bz2 b/freeradius-server-3.2.3.tar.bz2
new file mode 100644
index 0000000..41363a9
--- /dev/null
+++ b/freeradius-server-3.2.3.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4a16aeffbfa1424e1f317fdf71d17e5523a4fd9564d87c747a60595ef93c5d1f
+size 3454869
diff --git a/freeradius-server-3.2.3.tar.bz2.sig b/freeradius-server-3.2.3.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..2dadfb0ffc6758c0c8f3768a8848d9bbdbff1ce0480082a11edb8724fee6fba4
GIT binary patch
literal 591
zcmV-V0<isw0!#z|0SW*%79j+`BZTZ}IJtC71LCG2<9sEVTTg`r0%UN;K^PoxVPk7y
zXJvChW^!d^a$#g?b#pFna%TVv2@oLTd?lG%Ple-W5C3K<=UH?)Av8#o{0PzhCOubo
z2*|;CS~vs1hG{A;ZutF&GPT<(HWYjWn!c>4zS|~)lIK+30UZbCAx{ij6%F@#3(E_h
z_Wm46neU($d(Nn0XJlc9@)B}8rpwo-G%D-L*A-Ux7w6^Aynz$!-eQY0X_aN3TBT<Y
zKG5DEK!BRCvM-A7@WLCplFZ>z(jEmps5pJ@bgx^e2{)vs5+YJzTYqmznCo2mAj`C;
zDt={B!aA&`C>y;^LgH{a+^Vw~%08){?Tp$h$wSRO3ZUoy%1oLbrLI8}E332z^E1Hp
zBIzSi`wnQYg&rN_S-T4+Qx2%s>w8e1B*Ebh$|W)2`tX>N)WDAcnrOXT&AU#SD+cmZ
zA)V5<6(|r)->f?$LYA<2)dhF~F;CW^KIpbKQMkh<7gMP}^28;yh#hKzKJFWN&yvFD
zau?!fqPzWWR4l9eBhNvJTkW6^%*Me7cu`&=N(_+LHt7FZot~R|-&8~BYk3ONQKn>*
z!r|2doWIP)&?N3KmjOuOdaZ6zMw>2A&4;ctB6rc4?gq!-8pC_%U>~xf#*_XVbWI+F
zs{|58ZlaW!vPGOn>9YyYrIjrqoM4bGk_M8$8ez1AzWM^E<YL`mU}vRPWMoli$|Y;|
d2Nd9i9)8NJ;&3O`QiA(VbECm~5CcHDz}wT27}x*+

literal 0
HcmV?d00001

diff --git a/freeradius-server-rlm_sql_unixodbc-configure.patch b/freeradius-server-rlm_sql_unixodbc-configure.patch
index 12ac20f..f331e28 100644
--- a/freeradius-server-rlm_sql_unixodbc-configure.patch
+++ b/freeradius-server-rlm_sql_unixodbc-configure.patch
@@ -1,11 +1,22 @@
---- freeradius-server-3.0.11.orig/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure	2016-01-25 19:27:03.000000000 +0100
-+++ freeradius-server-3.0.11/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure	2016-01-25 20:42:24.835741109 +0100
-@@ -1843,7 +1843,7 @@
+Index: freeradius-server-3.2.3/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
+===================================================================
+--- freeradius-server-3.2.3.orig/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
++++ freeradius-server-3.2.3/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
+@@ -1884,7 +1884,7 @@ if test "${with_unixodbc_dir+set}" = set
  fi
  
  
--		smart_try_dir="$unixodbc_lib_dir /usr/local/unixodbc/lib"
-+		smart_try_dir="$unixodbc_lib_dir"
- 	ac_ext=c
+-smart_try_dir="$unixodbc_lib_dir /usr/local/unixodbc/lib"
++smart_try_dir="$unixodbc_lib_dir"
+ ac_ext=c
  ac_cpp='$CPP $CPPFLAGS'
  ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+@@ -2800,7 +2800,7 @@ fail="$fail libodbc"
+ 
+ fi
+ 
+-smart_try_dir="$unixodbc_include_dir /usr/local/unixodbc/include"
++smart_try_dir="$unixodbc_include_dir"
+ 
+ 
+ ac_safe=`echo "sql.h" | sed 'y%./+-%__pm%'`
diff --git a/freeradius-server.changes b/freeradius-server.changes
index 8b90a7a..ea40d7d 100644
--- a/freeradius-server.changes
+++ b/freeradius-server.changes
@@ -1,3 +1,86 @@
+-------------------------------------------------------------------
+Thu Aug 31 13:09:06 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- update to version 3.2.3:
+  Feature Improvements
+  * Add "max_retries" for connection pools. Fixes #4908.
+  * Update dictionary.ciena, dictionary.huawei, dictionary.wifialliance and
+    dictionary.wispr; add dictionary.eleven.
+  * You can now list "eap" in the "pre-proxy" section. If the packet contains a
+    malformed EAP message, then the request will be rejected The home server
+    will either reject (or discard) this packet anyways, so this change can
+    only help with large proxy scenarios.
+  * Show warnings if libldap is not using OpenSSL.
+  * Support RADIUS/1.1. See
+    https://datatracker.ietf.org/doc/draft-dekok-radext-radiusv11/ Disabled by
+    default, can be enabled by passing `--with-radiusv11` to the configure
+    script. For now, this is for testing interoperability.
+  * Add extra sanity checks for malformed EAP attributes.
+  * More TLS debugging output.
+  * Clear old module instance data before HUP reload. Avoids burst memory use
+    when e.g. using large data files with rlm_files.
+  * `rlm_cache_redis` is now included in the freeradius-redis packages.
+
+Bug Fixes
+  * Don't leak MD contexts with OpenSSL 3.0.
+  * Increase internal buffer size for TLS connections, which can help with
+    high-load proxies.
+  * Send Status-Server checks for TLS connections.
+  * Give descriptive error if "update CoA" is used with "fake" packets, as it
+    won't work. i.e. inner-tunnel and virtual home servers.
+  * Many small ASAN / LSAN fixes from Jorge Pereira.
+  * Close inbound RADIUS/TLS socket on TLS errors. When a home server sees a
+    TLS error, it will now close the socket, so proxies do not have an open
+    (but dead) TLS connection.
+  * Fix mutex locking issues on inbound RADIUS/TLS connections This change
+    avoids random issues with "bad record mac".
+  * Improve REST encoding loop. Patch from Herwin Weststrate. Closes #4950.
+  * Correctly report the LDAP group a user was found in. Fixes #3084.
+  * Force correct packet type when running Post-Auth-Type. Helps with #4980.
+  * Fix small leak in Client-Lost code. Patch from Terry Burton. PR #4996.
+  * Fix TCP socket statistics. Closes #4990.
+  * Use NAS-Port-Id instead of NAS-Port during SQL simultaneous-use checks. Helps with #5010.
+
+
+Changes in version 3.2.2:
+
+Feature Improvements
+
+  * The "configure" process now gives a much clearer report when it's finished
+  * Fallback to "uname -n" on missing "hostname". Fixes #4771.
+  * Export thread details in radmin "stats threads". Fixes #4770.
+  * Improve queries for processing radacct into periodic usage data
+  * Update dictionary.juniper.
+  * Add dictionary.calix.
+  * Fix dictionary.rfc6519 DS-Lite-Tunnel-Name to be "octets".
+  * Update documentation for robust-proxy-accounting, and be more aggressive about sending packets.
+  * Add per-module README.md files in the source.
+  * Add default Visual Studio configuration for developers.
+  * Postgres can now automatically use alternate queries for errors other than duplicate keys.
+  * %{listen:TLS-PSK-Identity} is now set when using PSK and psk_query This
+    helps the server track the identity of the client which is connecting.
+  * Include thread stats in Status-Server attributes. Fixes #4870.
+  * Mark rlm_unbound stable and add to packages.
+  * Remove broken/unsupported Dockerfiles for centos8 and debian9.
+
+Bug Fixes
+
+  * Preliminary support for non-blocking TLS sockets. Helps with #3501.
+  * Fix support for partial certificate chains after adding reload support. Fixes #4753.
+  * Fix handling of debug_condition.
+  * Clean up home server states, and re-sync with the dictionaries.
+  * Correct certificate order when creating TLS-* attributes Fixes #4785.
+  * Update use of isalpha() etc. so broken configurations have less impact on the server.
+  * Outgoing TLS sockets now set SNI correctly from the "hostname" configuration item.
+  * Support Apple Homebrew on the M1. Fixes #4754.
+  * Better error messages when %{listen:TLS-...} is used.
+  * Getting statistics via Status-Server can now be done within a virtual server. Fixes #4868.
+  * Make TTLS+MS-CHAP work with TLS 1.3. Fixes #4878.
+  * Fix md5 xlat memory leak when using OpenSSL 3.0
+
+- freeradius-server-rlm_sql_unixodbc-configure.patch: refreshed
+- spec file cleanup: remove duplicate BR: from subpackages
+
 -------------------------------------------------------------------
 Mon Feb  6 16:57:33 UTC 2023 - Adam Majer <adam.majer@suse.de>
 
diff --git a/freeradius-server.spec b/freeradius-server.spec
index 0245336..2cbe8b8 100644
--- a/freeradius-server.spec
+++ b/freeradius-server.spec
@@ -18,7 +18,7 @@
 
 %define unitname radiusd
 Name:           freeradius-server
-Version:        3.2.1
+Version:        3.2.3
 Release:        0
 
 # Disable FreeTDS on SLE12. We never shipped it enabled with FreeTDS.
@@ -94,6 +94,7 @@ Obsoletes:      freeradius < %{version}
 Conflicts:      icradius
 Conflicts:      radiusd-cistron
 Conflicts:      radiusd-livingston
+BuildRequires:  pkgconfig(libunbound)
 BuildRequires:  pkgconfig(systemd)
 %{?systemd_requires}
 
@@ -141,7 +142,6 @@ FreeRADIUS documentation.
 %package ldap
 Summary:        LDAP support for freeradius
 Group:          System/Daemons
-BuildRequires:  openldap2-devel
 Requires:       %{name} = %{version}
 
 %description ldap
@@ -158,7 +158,6 @@ FreeRADIUS schemas for OpenLDAP.
 %package krb5
 Summary:        Kerberos 5 support for freeradius
 Group:          System/Daemons
-BuildRequires:  krb5-devel
 Requires:       %{name} = %{version}
 
 %description krb5
@@ -167,8 +166,6 @@ FreeRADIUS plugin providing Kerberos 5 authentication support.
 %package perl
 Summary:        Perl support for freeradius
 Group:          System/Daemons
-BuildRequires:  perl
-BuildRequires:  perl(ExtUtils::Embed)
 Requires:       %{name} = %{version}
 Requires:       perl
 
@@ -186,7 +183,6 @@ FreeRADIUS plugin providing Python3 support.
 %package mysql
 Summary:        MySQL support for freeradius
 Group:          System/Daemons
-BuildRequires:  mysql-devel
 Requires:       %{name} = %{version}
 
 %description mysql
@@ -195,7 +191,6 @@ FreeRADIUS plugin providing MySQL support.
 %package postgresql
 Summary:        Postgresql support for freeradius
 Group:          System/Daemons
-BuildRequires:  postgresql-devel
 Requires:       %{name} = %{version}
 
 %description postgresql
@@ -204,7 +199,6 @@ FreeRADIUS plugin providing PostgreSQL support.
 %package sqlite
 Summary:        SQLite support for freeradius
 Group:          System/Daemons
-BuildRequires:  sqlite3-devel
 Requires:       %{name} = %{version}
 
 %description sqlite
@@ -242,6 +236,7 @@ export LDFLAGS="-pie"
   --without-rlm_sql_iodbc \
   --without-rlm_redis \
   --without-rlm_rediswho \
+  --without-rlm_cache_redis \
   --without-rlm_sql_oracle \
   --without-rlm_securid \
   --without-rlm_python \
@@ -663,6 +658,7 @@ done
 %{_libdir}/freeradius/rlm_sql_null.so
 %{_libdir}/freeradius/rlm_test.so
 %{_libdir}/freeradius/rlm_totp.so
+%{_libdir}/freeradius/rlm_unbound.so
 %{_libdir}/freeradius/rlm_unix.so
 %{_libdir}/freeradius/rlm_utf8.so
 %{_libdir}/freeradius/rlm_wimax.so