Accepting request 1177967 from network

- update to 3.2.4 Configuration changes * Better handle backslashes in strings in the configuration files. If the configuration items contain backslashes, then behavior may change. However, the previous behavior didn't work as expected, and therefore is not likely to be used. * reject_delay no longer applies to proxied packets. All servers should now set reject_delay = 1 for security and scalability. * %{randstr:...} now returns the requested amount of data, instead of one too many bytes. Feature Improvements * Preliminary support for TEAP. * Update EAP module pre_proxy checks to make them less restrictive This prevents the "middle box" effect from affecting future traffic. * Many fixes and updates for Docker images. * Add dpsk module. See mods-available/dpsk. * Print out what cause the TLS operations to be made, such as the EAP method name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket. * Add auto_escape to sample SQL module config. * Add 'if not exists' to mysql create table queries. * Update dictionary.aruba; add dictionary.tplink, dictionary.alphion. * Allow for 'encrypt=1' attributes to be longer than 128 characters. * Added "radsecret" program which generates strong secrets. See the top of the "clients.conf" file for more information. * radclient now prints packets as hex when using -xxx. * Added "-t timeout" to radsniff. It will stop processing packets after <timeout> seconds. * Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF. * The detail module now has a "dates_as_integer" configuration item See mods-available/detail for more information. OBS-URL: https://build.opensuse.org/request/show/1177967 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/freeradius-server?expand=0&rev=98
2024-05-31 20:18:26 +00:00 · 2024-05-31 20:18:26 +00:00 · 2ddd73e0da
commit 2ddd73e0da
parent 2bb7f5eecf bf36e9641a
6 changed files with 83 additions and 5 deletions
--- a/freeradius-server-3.2.3.tar.bz2
+++ b/freeradius-server-3.2.3.tar.bz2
--- a/freeradius-server-3.2.3.tar.bz2.sig
+++ b/freeradius-server-3.2.3.tar.bz2.sig
--- a/freeradius-server-3.2.4.tar.bz2
+++ b/freeradius-server-3.2.4.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4d7eb0dc48ee12dd9495108cd79316c3f0c07a548392a1be2a69bd2b81e2f94c
+size 3495607
--- a/freeradius-server-3.2.4.tar.bz2.sig
+++ b/freeradius-server-3.2.4.tar.bz2.sig
--- a/freeradius-server.changes
+++ b/freeradius-server.changes
@ -1,3 +1,77 @@
+-------------------------------------------------------------------
+Fri May 31 14:28:03 UTC 2024 - Adam Majer <adam.majer@suse.de>
+
+- update to 3.2.4
+  Configuration changes
+  * Better handle backslashes in strings in the configuration files.
+    If the configuration items contain backslashes, then behavior may change.
+    However, the previous behavior didn't work as expected,
+    and therefore is not likely to be used.
+  * reject_delay no longer applies to proxied packets. All servers
+    should now set reject_delay = 1 for security and scalability.
+  * %{randstr:...} now returns the requested amount of data,
+    instead of one too many bytes.
+
+  Feature Improvements
+  * Preliminary support for TEAP.
+  * Update EAP module pre_proxy checks to make them less restrictive
+    This prevents the "middle box" effect from affecting future traffic.
+  * Many fixes and updates for Docker images.
+  * Add dpsk module. See mods-available/dpsk.
+  * Print out what cause the TLS operations to be made, such as the EAP
+    method name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket.
+  * Add auto_escape to sample SQL module config.
+  * Add 'if not exists' to mysql create table queries.
+  * Update dictionary.aruba; add dictionary.tplink, dictionary.alphion.
+  * Allow for 'encrypt=1' attributes to be longer than 128 characters.
+  * Added "radsecret" program which generates strong secrets.
+    See the top of the "clients.conf" file for more information.
+  * radclient now prints packets as hex when using -xxx.
+  * Added "-t timeout" to radsniff. It will stop processing packets
+    after <timeout> seconds.
+  * Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF.
+  * The detail module now has a "dates_as_integer" configuration item
+    See mods-available/detail for more information.
+  * Add lookback/lookforward steps and more configuration to totp.
+    See mods-available/totp.
+  * Add "time_since" xlat to calculate elapsed time in seconds,
+    milliseconds and microseconds.
+  * Support "Post-Auth-Type Challenge" in the inner tunnel.
+  * Add "proxy_dedup_window". See radiusd.conf.
+  * Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf.
+  * Add "dedup_key" for misbehaving supplicants. See mods-available/eap.
+
+  Bug Fixes
+  * Fix corner case with empty defaults in rlm_files.
+  * When we have multiple attributes of the same name, always use
+    the canonical attribute.
+  * Make FreeRADIUS-Server-EMA* attributes work again for home
+    server exponential moving average statistics.
+  * Don't send the global server stats when asked for client stats.
+    They use the same attributes, so the result is confusing.
+  * Fix multiple typos in MongoDB query.conf (#5130).
+  * Add define for illumos. Fixes #5135.
+  * Add client configuration for TLS PSK.
+  * Permit originate CoA after proxying to an internal virtual server.
+  * Use virtual server "default" when passed "-i" and "-p" on the command line.
+  * Fix locking issues with rlm_python3.
+  * The detail file reader will catch bad times in the file, and
+    will not update Acct-Delay-Time with extreme values.
+  * Fix issue where Message-Authenticator was calculated incorrectly
+    for CoA / Disconnect ACK and NAK packets.
+  * Update Python thread and error handling. Fixes #5208.
+  * Fix handling of Session-State when proxying. Fixes #5288.
+  * Run relevant post-proxy Fail-* section on CoA / Disconnect timeout.
+  * Add "limit" section to AWS health check configurtion. Fixes 35300.
+  * Use MAX in sqlite queries instead of GREATEST.
+  * Fix typo in Mongo queries. Fixes #5301.
+  * Fix occasional crash with bad home servers. Fixes #5308.
+  * Minor bug fixes to the SQL freetds modules.
+  * Fix blocking issue with RADIUS/TLS connection checks.
+  * Fix run-time crash on configuration typos of %{substr ...}
+    instead of %{substr:...} Fixes #5321.
+  * Fix crash with TLS Status-Server requests. Fixes #5326. 
+
 -------------------------------------------------------------------
 Sat Feb 17 18:11:19 UTC 2024 - Christian Boltz <suse-beta@cboltz.de>

--- a/freeradius-server.spec
+++ b/freeradius-server.spec
@ -18,7 +18,7 @@

 %define unitname radiusd
 Name:           freeradius-server
-Version:        3.2.3
+Version:        3.2.4
 Release:        0

 # Disable FreeTDS on SLE12. We never shipped it enabled with FreeTDS.
@ -296,7 +296,6 @@ rm %{buildroot}%{_sysconfdir}/raddb/certs/*.pem
 rm %{buildroot}%{_sysconfdir}/raddb/certs/*.p12
 rm %{buildroot}%{_sysconfdir}/raddb/certs/index.*
 rm %{buildroot}%{_sysconfdir}/raddb/certs/serial*
-rm %{buildroot}%{_sysconfdir}/raddb/certs/dh
 rm doc/source/.gitignore
 rm %{buildroot}%{_sbindir}/rc.radiusd
 rm -r %{buildroot}%{_datadir}/doc/freeradius*
@ -388,6 +387,8 @@ done
 %{_sysconfdir}/raddb/certs/Makefile
 %{_sysconfdir}/raddb/certs/passwords.mk
 %{_sysconfdir}/raddb/certs/README.md
+%dir %attr(755,radiusd,radiusd) %{_sysconfdir}/raddb/certs/realms/
+%{_sysconfdir}/raddb/certs/realms/README.md
 %{_sysconfdir}/raddb/certs/xpextensions
 %{_sysconfdir}/raddb/panic.gdb
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/certs/*.cnf
@ -487,6 +488,7 @@ done
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dhcp_sql
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dhcp_sqlippool
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/digest
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dpsk
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dynamic_clients
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/eap
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/echo
@ -622,6 +624,7 @@ done
 %{_libdir}/freeradius/rlm_detail.so
 %{_libdir}/freeradius/rlm_dhcp.so
 %{_libdir}/freeradius/rlm_digest.so
+%{_libdir}/freeradius/rlm_dpsk.so
 %{_libdir}/freeradius/rlm_dynamic_clients.so
 %{_libdir}/freeradius/rlm_eap.so
 %{_libdir}/freeradius/rlm_eap_fast.so
@ -631,6 +634,7 @@ done
 %{_libdir}/freeradius/rlm_eap_peap.so
 %{_libdir}/freeradius/rlm_eap_pwd.so
 %{_libdir}/freeradius/rlm_eap_sim.so
+%{_libdir}/freeradius/rlm_eap_teap.so
 %{_libdir}/freeradius/rlm_eap_tls.so
 %{_libdir}/freeradius/rlm_eap_ttls.so
 %{_libdir}/freeradius/rlm_exec.so