diff --git a/freeradius-server-3.0.25.tar.bz2 b/freeradius-server-3.0.25.tar.bz2 deleted file mode 100644 index cb083bd..0000000 --- a/freeradius-server-3.0.25.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fc158cdab4a705b179b1a91cd72473006ef4dfb570b0d097db6c9c34049a4509 -size 3402380 diff --git a/freeradius-server-3.0.25.tar.bz2.sig b/freeradius-server-3.0.25.tar.bz2.sig deleted file mode 100644 index 3451b83..0000000 Binary files a/freeradius-server-3.0.25.tar.bz2.sig and /dev/null differ diff --git a/freeradius-server-3.2.1.tar.bz2 b/freeradius-server-3.2.1.tar.bz2 new file mode 100644 index 0000000..86c3f89 --- /dev/null +++ b/freeradius-server-3.2.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:32cd4eae3c24af2893aa5feff643bc9ac0755341b2b7e8dd622c6e9a23e9f256 +size 3399164 diff --git a/freeradius-server-3.2.1.tar.bz2.sig b/freeradius-server-3.2.1.tar.bz2.sig new file mode 100644 index 0000000..0edc072 Binary files /dev/null and b/freeradius-server-3.2.1.tar.bz2.sig differ diff --git a/freeradius-server-enable-python3.patch b/freeradius-server-enable-python3.patch index b95c48a..59a19af 100644 --- a/freeradius-server-enable-python3.patch +++ b/freeradius-server-enable-python3.patch @@ -1,29 +1,17 @@ -Index: freeradius-server-3.0.20/src/modules/stable +Index: freeradius-server-3.2.1/src/modules/rlm_python3/example.py =================================================================== ---- freeradius-server-3.0.20.orig/src/modules/stable -+++ freeradius-server-3.0.20/src/modules/stable -@@ -25,6 +25,7 @@ rlm_passwd - rlm_perl - rlm_preprocess - rlm_python -+rlm_python3 - rlm_radutmp - rlm_realm - rlm_rest -Index: freeradius-server-3.0.20/src/modules/rlm_python3/example.py -=================================================================== ---- freeradius-server-3.0.20.orig/src/modules/rlm_python3/example.py -+++ freeradius-server-3.0.20/src/modules/rlm_python3/example.py +--- freeradius-server-3.2.1.orig/src/modules/rlm_python3/example.py ++++ freeradius-server-3.2.1/src/modules/rlm_python3/example.py @@ -1,4 +1,4 @@ -#! /usr/bin/env python3 +#!/usr/bin/python3 # # Python module example file # Miguel A.L. Paraz -Index: freeradius-server-3.0.20/src/modules/rlm_python3/radiusd.py +Index: freeradius-server-3.2.1/src/modules/rlm_python3/radiusd.py =================================================================== ---- freeradius-server-3.0.20.orig/src/modules/rlm_python3/radiusd.py -+++ freeradius-server-3.0.20/src/modules/rlm_python3/radiusd.py +--- freeradius-server-3.2.1.orig/src/modules/rlm_python3/radiusd.py ++++ freeradius-server-3.2.1/src/modules/rlm_python3/radiusd.py @@ -1,4 +1,4 @@ -#! /usr/bin/env python3 +#!/usr/bin/python3 diff --git a/freeradius-server.changes b/freeradius-server.changes index d33eaab..8b90a7a 100644 --- a/freeradius-server.changes +++ b/freeradius-server.changes @@ -1,3 +1,76 @@ +------------------------------------------------------------------- +Mon Feb 6 16:57:33 UTC 2023 - Adam Majer + +- update to version 3.2.1: + Feature Improvements + * Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries + * Add simultaneous-use queries for MS SQL + * Add radmin command for "stats pool " + which prints out statistics about the connection pools. + * Client statistics now shows "conflicts", + to count conflicting packets. + * New optional "lightweight accounting-on/off" strategy. + When refreshing queries.conf you should also add the new + nasreload table and corresponding GRANTs to your DB schema. + * Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps + with Eduroam. + * Allow auth+acct for TCP sockets, too. + * Add rlm_cache_redis. See raddb/mods-available/cache for details. + * Allow radmin to look up home servers by name, too. + * Ensure that dynamic clients don't create loops on duplicates + * Removed rlm_sqlhpwippool. There was no documentation, no configuration, + and the module was ~15 years old with no one using it. + * Marked rlm_python3 as stable. + * Add sigalgs_list. See raddb/mods-available/eap + * For rlm_linelog, when opening files in /dev, look at "permissions" + to see whether to open them r/w. + * More flexibility for dynamic home servers. See + doc/configuration/dynamic_home_servers.md and + raddb/home_servers/README.md. + * Allow setting of application_name for PostgreSQL. + See mods-available/sql. + + Bug Fixes + * Correct test for open sessions in radacct for MS SQL. + * The linelog module now opens /dev/stdout in "write-only" mode + if the permissions are set to "u+w" (0002). + * Various fixes to rlm_unbound from Nick Porter. + * PEAP now correctly runs Post-Auth-Type Accept. + * Create "TLS-Cert-*" for outbound Radsec, instead of + TLS-Client-Cert-* Fixes #4698. See sites-available/tls, + and fix_cert_order. + * Minor updates and fixes to CI, Dockerfiles and packaging. + * Fix rlm_python3 build with python >= 3.10. Fixes #4441. + + Changes in version 3.2.0: + Feature Improvements + All features from 3.0.x are included in the 3.2.x releases. + In addition: + * Add 'reset_day' and '%%r' parameter for rlm_sqlcounter to + specify which day of the month the counter should be reset. + * Partial backport of rlm_json from v4, providing the json_encode + xlat See mods-available/json for documentation. + * Support for haproxy "PROXY" protocol See sites-available/tls, + "proxy_protocol" and doc/antora/modules/howto/pages/protocols/proxy/. + * Support for sending CoA-Request and Disconnect-Request packets + in "reverse" down RadSec tunnels. Experimental for now, + and undocumented. + * It is now possible to run a virtual server when saving / loading + TLS cache attributes. See sites-available/tls-cache for more + information. + * Removed the "cram" module. It was undocumented, + and used old and insecure authentication methods. + * Remove the "otp" module. The "otpd" program it needs is + no longer available, and the module has not been usable since + at least 2015. + * All features from 3.0.x are included in the 3.2.x releases. + * 3.2.0 requires OpenSSL 1.0.2 or greater. + +Bug Fixes + All bug fixes from 3.0.x are included in the 3.2.x releases. + +- freeradius-server-enable-python3.patch: refreshed + ------------------------------------------------------------------- Fri Jan 13 11:06:06 UTC 2023 - Stefan Schubert diff --git a/freeradius-server.spec b/freeradius-server.spec index ddf221c..0245336 100644 --- a/freeradius-server.spec +++ b/freeradius-server.spec @@ -18,7 +18,7 @@ %define unitname radiusd Name: freeradius-server -Version: 3.0.25 +Version: 3.2.1 Release: 0 # Disable FreeTDS on SLE12. We never shipped it enabled with FreeTDS. @@ -34,8 +34,8 @@ Summary: RADIUS Server License: GPL-2.0-only AND LGPL-2.1-only Group: Productivity/Networking/Radius/Servers URL: http://www.freeradius.org/ -Source: ftp://ftp.freeradius.org/pub/freeradius/%{name}-%{version}.tar.bz2 -Source99: ftp://ftp.freeradius.org/pub/freeradius/%{name}-%{version}.tar.bz2.sig +Source: ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-%{version}.tar.bz2 +Source99: ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-%{version}.tar.bz2.sig # keyring downloaded via link @ ftp://ftp.freeradius.org/pub/freeradius/README Source100: freeradius.keyring Source1: radiusd.service @@ -77,6 +77,7 @@ BuildRequires: pam-devel BuildRequires: perl BuildRequires: postgresql-devel BuildRequires: python3-devel +BuildRequires: sqlite3 BuildRequires: sqlite3-devel BuildRequires: unixODBC-devel BuildRequires: pkgconfig(apr-1) @@ -405,6 +406,8 @@ done %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/files/* %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/preprocess %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/* +%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/realm +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/realm/freeradius-naptr-to-home-server.sh %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/preprocess/* %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql @@ -429,6 +432,7 @@ done # sites-available %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sites-available %{_sysconfdir}/raddb/sites-available/README +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/aws-nlb %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/control-socket %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/decoupled-accounting %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/robust-proxy-accounting @@ -455,6 +459,8 @@ done %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/challenge %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/resource-check %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/totp +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/google-ldap-auth +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/tls-cache # sites-enabled # symlink: %%{_sysconfdir}/raddb/sites-enabled/xxx -> ../sites-available/xxx @@ -468,7 +474,7 @@ done %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/always %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/attr_filter %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/cache -%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/cache_eap +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/cache_auth %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/chap %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/counter %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/cui @@ -493,6 +499,8 @@ done %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/idn %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/inner-eap %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/ippool +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/json +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/ldap_google %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/linelog %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/logintime %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/mac2ip @@ -501,7 +509,6 @@ done %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/mschap %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/ntlm_auth %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/opendirectory -%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/otp %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/pam %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/pap %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/passwd @@ -537,7 +544,6 @@ done %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-enabled %config(missingok) %{_sysconfdir}/raddb/mods-enabled/always %config(missingok) %{_sysconfdir}/raddb/mods-enabled/attr_filter -%config(missingok) %{_sysconfdir}/raddb/mods-enabled/cache_eap %config(missingok) %{_sysconfdir}/raddb/mods-enabled/chap %config(missingok) %{_sysconfdir}/raddb/mods-enabled/date %config(missingok) %{_sysconfdir}/raddb/mods-enabled/detail @@ -613,7 +619,6 @@ done %{_libdir}/freeradius/rlm_cache.so %{_libdir}/freeradius/rlm_chap.so %{_libdir}/freeradius/rlm_counter.so -%{_libdir}/freeradius/rlm_cram.so %{_libdir}/freeradius/rlm_date.so %{_libdir}/freeradius/rlm_detail.so %{_libdir}/freeradius/rlm_dhcp.so @@ -634,10 +639,10 @@ done %{_libdir}/freeradius/rlm_expr.so %{_libdir}/freeradius/rlm_files.so %{_libdir}/freeradius/rlm_ippool.so +%{_libdir}/freeradius/rlm_json.so %{_libdir}/freeradius/rlm_linelog.so %{_libdir}/freeradius/rlm_logintime.so %{_libdir}/freeradius/rlm_mschap.so -%{_libdir}/freeradius/rlm_otp.so %{_libdir}/freeradius/rlm_pam.so %{_libdir}/freeradius/rlm_pap.so %{_libdir}/freeradius/rlm_passwd.so @@ -818,7 +823,8 @@ done %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite -%attr(750,root,radiusd) %config %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/process-radacct-refresh.sh +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/process-radacct-close-after-reload.pl +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/process-radacct-new-data-usage-period.sh %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/process-radacct-schema.sql %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/queries.conf %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/schema.sql