From 6b34ba0ef769e9bb2a0c01e415482eaa46a24c53b71dda572eae38abec43cb6b Mon Sep 17 00:00:00 2001
From: Adam Majer <amajer@suse.com>
Date: Mon, 6 Feb 2023 18:23:52 +0000
Subject: [PATCH] - update to version 3.2.1:   Feature Improvements   *  Add
 dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries   *  Add
 simultaneous-use queries for MS SQL   *  Add radmin command for "stats pool
 <module-name>"      which prints out statistics about the connection pools.  
 *  Client statistics now shows "conflicts",      to count conflicting
 packets.   *  New optional "lightweight accounting-on/off" strategy.     
 When refreshing queries.conf you should also add the new      nasreload table
 and corresponding GRANTs to your DB schema.   *  Add
 TLS-Client-Cert-X509v3-Certificate-Policies, which helps      with Eduroam.  
 *  Allow auth+acct for TCP sockets, too.   *  Add rlm_cache_redis. See
 raddb/mods-available/cache for details.   *  Allow radmin to look up home
 servers by name, too.   *  Ensure that dynamic clients don't create loops on
 duplicates   *  Removed rlm_sqlhpwippool. There was no documentation, no
 configuration,      and the module was ~15 years old with no one using it.  
 *  Marked rlm_python3 as stable.   *  Add sigalgs_list. See
 raddb/mods-available/eap   *  For rlm_linelog, when opening files in /dev,
 look at "permissions"      to see whether to open them r/w.   *  More
 flexibility for dynamic home servers. See     
 doc/configuration/dynamic_home_servers.md and     
 raddb/home_servers/README.md.   *  Allow setting of application_name for
 PostgreSQL.      See mods-available/sql.   Bug Fixes   *  Correct test for
 open sessions in radacct for MS SQL.

OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=159
---
 freeradius-server-3.0.25.tar.bz2       |   3 -
 freeradius-server-3.0.25.tar.bz2.sig   | Bin 591 -> 0 bytes
 freeradius-server-3.2.1.tar.bz2        |   3 +
 freeradius-server-3.2.1.tar.bz2.sig    | Bin 0 -> 591 bytes
 freeradius-server-enable-python3.patch |  24 ++------
 freeradius-server.changes              |  73 +++++++++++++++++++++++++
 freeradius-server.spec                 |  24 +++++---
 7 files changed, 97 insertions(+), 30 deletions(-)
 delete mode 100644 freeradius-server-3.0.25.tar.bz2
 delete mode 100644 freeradius-server-3.0.25.tar.bz2.sig
 create mode 100644 freeradius-server-3.2.1.tar.bz2
 create mode 100644 freeradius-server-3.2.1.tar.bz2.sig

diff --git a/freeradius-server-3.0.25.tar.bz2 b/freeradius-server-3.0.25.tar.bz2
deleted file mode 100644
index cb083bd..0000000
--- a/freeradius-server-3.0.25.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fc158cdab4a705b179b1a91cd72473006ef4dfb570b0d097db6c9c34049a4509
-size 3402380
diff --git a/freeradius-server-3.0.25.tar.bz2.sig b/freeradius-server-3.0.25.tar.bz2.sig
deleted file mode 100644
index 3451b83dcb46b61d5a016687374937c846640cfa32dc9da717a1186f42f088f6..0000000000000000000000000000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 591
zcmV-V0<isw0!#z|0SW*%79j+`BZTZ}IJtC71LCG2<9sEVTTg`r0%2cINf;b(VPk7y
zXJvChW^!d^a$#g?b#pFna%TVv2@oLTd?lG%Pldf%5C3?}+r+s6L|;TZV+MHrsetV1
zfmRzN-Psm->3P6aRj92p0Hqp=ByMT~rOBN&MHsZ$htZ8CVIg3lCq=yPpniwvs3g0R
zzpE6-?O{f(j>n)Oa`@z{LRWN#dFEV9Di#4Lr9B^jDB06}WZ=j<r#M;F4P4AL8{<!m
zY#x1%$m_&KctR3B8l-?l?*in88?Ku_&nsax^<_-WLX7CL3gpV9%L@exk-P9GaG%F>
z-OX)EDMp8wuh8eE#m?VqlQ?aLyLFf9wFST7VopGt4<<ZWbKKpu>Q4G%In>(gzWZfZ
z7wTkS|E}1nNH6TOI~gy)Q@X<16Ju)6k(IXTj=n_kOa*dT+$?z!=(&MY(hL1e6-5!g
zEeFWYao&S;@E)8w7CGLoT66EBsIH;=>5^XWAs_eeJmF0SVAS5u>-{1#{Ot0rsl|PU
z+-49A^M<CQVC1z9>6ay)$Bzdy-8Q0d{smaQzSsaS7GFS0ajiRDaTaY)ZIWlvE9$k|
z?o_w|qw--!%D}b;3=Z`Lz0vkOzZk74WSu^ba1}lw)S1=#sW&c>^L&xGyzC2Acc5p#
zP|WmXD}uh>=cH--v)VRz$hEZof%j`pK47os;k$Yh84Q=<xB8sS7;#x8fWsdK=c=86
d!M?G+@MxjHQz*gOqZbI#iopS7yGei*I7%K&BkBME

diff --git a/freeradius-server-3.2.1.tar.bz2 b/freeradius-server-3.2.1.tar.bz2
new file mode 100644
index 0000000..86c3f89
--- /dev/null
+++ b/freeradius-server-3.2.1.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:32cd4eae3c24af2893aa5feff643bc9ac0755341b2b7e8dd622c6e9a23e9f256
+size 3399164
diff --git a/freeradius-server-3.2.1.tar.bz2.sig b/freeradius-server-3.2.1.tar.bz2.sig
new file mode 100644
index 0000000000000000000000000000000000000000000000000000000000000000..0edc072eb9d10db1c7397ba73e0d56e8fb5e5e5a5e976877ea27e20be3f55412
GIT binary patch
literal 591
zcmV-V0<isw0!#z|0SW*%79j+`BZTZ}IJtC71LCG2<9sEVTTg`r0%JQ_^%xv*VPk7y
zXJvChW^!d^a$#g?b#pFna%TVv2@oLTd?lG%PlYEw5CE}$XV0kFVbO=9os45hJr6%8
z+U=4bQ3RwbfRUGpXkf)eCOUK;X`LZ0AbZ+aD79P}Baan7IV$b^?R1Ei)jKDFM1b>U
z;l`OKe#UoJ_BcMF6&7OX@>-1=vHWmPUULv(;7LQ))dt`tf#1-;gI^WpNdif=Pc{UW
zBfI~6gMb~C6;7o0+F(OJVbahi&y9pi8TKo1gaA86l&9wF;J$`<f|&EaD>#}hIj1GD
z<f1AbX3EJhzT4cMl1{ithVq*#2BK)T`E~POxQTCZw#_D;E<^2b^9d4uFrg7vy5iIA
zjrrN=+k_8Ib@F8yUJhS-3sGFUJZHYC+If*3=+uq4z!;mHX#{y#;(N7nye-pq)-7e+
zy4yCGSVS7%eEz&D_&QFtO4T7@b$dOuKbpDyMjABe@zij{WfQIehMJULS=s|r1yQxZ
zGx|z3^>>~62&aeGt|W|O!d~ZuZ}4?oh6L!~q5~*}FbAZP^AtEVhZA`kDBQ)z2*%r?
z<9j{!nQs)uHl;r@bQ3pp`*xce80u15;81Ep<<<R3@pgDG&XKo?oH=u;C0aPqTEa%H
zLJ_2ceYXD^Ao$;zG;7SLCvr}!Yi|u?tFkr~zyrh#7J-tWhNf5*&^-HSY1M+MXfGXC
dxD2+~&2E=as!iR3@G2n(n@MBL5izBZRxVHe6runC

literal 0
HcmV?d00001

diff --git a/freeradius-server-enable-python3.patch b/freeradius-server-enable-python3.patch
index b95c48a..59a19af 100644
--- a/freeradius-server-enable-python3.patch
+++ b/freeradius-server-enable-python3.patch
@@ -1,29 +1,17 @@
-Index: freeradius-server-3.0.20/src/modules/stable
+Index: freeradius-server-3.2.1/src/modules/rlm_python3/example.py
 ===================================================================
---- freeradius-server-3.0.20.orig/src/modules/stable
-+++ freeradius-server-3.0.20/src/modules/stable
-@@ -25,6 +25,7 @@ rlm_passwd
- rlm_perl
- rlm_preprocess
- rlm_python
-+rlm_python3
- rlm_radutmp
- rlm_realm
- rlm_rest
-Index: freeradius-server-3.0.20/src/modules/rlm_python3/example.py
-===================================================================
---- freeradius-server-3.0.20.orig/src/modules/rlm_python3/example.py
-+++ freeradius-server-3.0.20/src/modules/rlm_python3/example.py
+--- freeradius-server-3.2.1.orig/src/modules/rlm_python3/example.py
++++ freeradius-server-3.2.1/src/modules/rlm_python3/example.py
 @@ -1,4 +1,4 @@
 -#! /usr/bin/env python3
 +#!/usr/bin/python3
  #
  # Python module example file
  # Miguel A.L. Paraz <mparaz@mparaz.com>
-Index: freeradius-server-3.0.20/src/modules/rlm_python3/radiusd.py
+Index: freeradius-server-3.2.1/src/modules/rlm_python3/radiusd.py
 ===================================================================
---- freeradius-server-3.0.20.orig/src/modules/rlm_python3/radiusd.py
-+++ freeradius-server-3.0.20/src/modules/rlm_python3/radiusd.py
+--- freeradius-server-3.2.1.orig/src/modules/rlm_python3/radiusd.py
++++ freeradius-server-3.2.1/src/modules/rlm_python3/radiusd.py
 @@ -1,4 +1,4 @@
 -#! /usr/bin/env python3
 +#!/usr/bin/python3
diff --git a/freeradius-server.changes b/freeradius-server.changes
index d33eaab..8b90a7a 100644
--- a/freeradius-server.changes
+++ b/freeradius-server.changes
@@ -1,3 +1,76 @@
+-------------------------------------------------------------------
+Mon Feb  6 16:57:33 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- update to version 3.2.1:
+  Feature Improvements
+  *  Add dictionary.ciena, dictionary.nile, and DHCPv4 dictionaries
+  *  Add simultaneous-use queries for MS SQL
+  *  Add radmin command for "stats pool <module-name>"
+     which prints out statistics about the connection pools.
+  *  Client statistics now shows "conflicts",
+     to count conflicting packets.
+  *  New optional "lightweight accounting-on/off" strategy.
+     When refreshing queries.conf you should also add the new
+     nasreload table and corresponding GRANTs to your DB schema.
+  *  Add TLS-Client-Cert-X509v3-Certificate-Policies, which helps
+     with Eduroam.
+  *  Allow auth+acct for TCP sockets, too.
+  *  Add rlm_cache_redis. See raddb/mods-available/cache for details.
+  *  Allow radmin to look up home servers by name, too.
+  *  Ensure that dynamic clients don't create loops on duplicates
+  *  Removed rlm_sqlhpwippool. There was no documentation, no configuration,
+     and the module was ~15 years old with no one using it.
+  *  Marked rlm_python3 as stable.
+  *  Add sigalgs_list. See raddb/mods-available/eap
+  *  For rlm_linelog, when opening files in /dev, look at "permissions"
+     to see whether to open them r/w.
+  *  More flexibility for dynamic home servers. See
+     doc/configuration/dynamic_home_servers.md and
+     raddb/home_servers/README.md.
+  *  Allow setting of application_name for PostgreSQL.
+     See mods-available/sql.
+
+  Bug Fixes
+  *  Correct test for open sessions in radacct for MS SQL.
+  *  The linelog module now opens /dev/stdout in "write-only" mode
+     if the permissions are set to "u+w" (0002).
+  *  Various fixes to rlm_unbound from Nick Porter.
+  *  PEAP now correctly runs Post-Auth-Type Accept.
+  *  Create "TLS-Cert-*" for outbound Radsec, instead of
+     TLS-Client-Cert-* Fixes #4698. See sites-available/tls,
+     and fix_cert_order.
+  *  Minor updates and fixes to CI, Dockerfiles and packaging.
+  *  Fix rlm_python3 build with python >= 3.10. Fixes #4441.
+
+  Changes in version 3.2.0:
+  Feature Improvements
+  All features from 3.0.x are included in the 3.2.x releases.
+  In addition:
+  *  Add 'reset_day' and '%%r' parameter for rlm_sqlcounter to
+     specify which day of the month the counter should be reset.
+  *  Partial backport of rlm_json from v4, providing the json_encode
+     xlat See mods-available/json for documentation.
+  *  Support for haproxy "PROXY" protocol See sites-available/tls,
+     "proxy_protocol" and doc/antora/modules/howto/pages/protocols/proxy/.
+  *  Support for sending CoA-Request and Disconnect-Request packets
+     in "reverse" down RadSec tunnels. Experimental for now,
+     and undocumented.
+  *  It is now possible to run a virtual server when saving / loading
+     TLS cache attributes. See sites-available/tls-cache for more
+     information.
+  *  Removed the "cram" module. It was undocumented,
+     and used old and insecure authentication methods.
+  *  Remove the "otp" module. The "otpd" program it needs is
+     no longer available, and the module has not been usable since
+     at least 2015.
+  *  All features from 3.0.x are included in the 3.2.x releases.
+  *  3.2.0 requires OpenSSL 1.0.2 or greater.
+
+Bug Fixes
+    All bug fixes from 3.0.x are included in the 3.2.x releases. 
+
+- freeradius-server-enable-python3.patch: refreshed
+
 -------------------------------------------------------------------
 Fri Jan 13 11:06:06 UTC 2023 - Stefan Schubert <schubi@suse.com>
 
diff --git a/freeradius-server.spec b/freeradius-server.spec
index ddf221c..0245336 100644
--- a/freeradius-server.spec
+++ b/freeradius-server.spec
@@ -18,7 +18,7 @@
 
 %define unitname radiusd
 Name:           freeradius-server
-Version:        3.0.25
+Version:        3.2.1
 Release:        0
 
 # Disable FreeTDS on SLE12. We never shipped it enabled with FreeTDS.
@@ -34,8 +34,8 @@ Summary:        RADIUS Server
 License:        GPL-2.0-only AND LGPL-2.1-only
 Group:          Productivity/Networking/Radius/Servers
 URL:            http://www.freeradius.org/
-Source:         ftp://ftp.freeradius.org/pub/freeradius/%{name}-%{version}.tar.bz2
-Source99:       ftp://ftp.freeradius.org/pub/freeradius/%{name}-%{version}.tar.bz2.sig
+Source:         ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-%{version}.tar.bz2
+Source99:       ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-%{version}.tar.bz2.sig
 # keyring downloaded via link @ ftp://ftp.freeradius.org/pub/freeradius/README
 Source100:      freeradius.keyring
 Source1:        radiusd.service
@@ -77,6 +77,7 @@ BuildRequires:  pam-devel
 BuildRequires:  perl
 BuildRequires:  postgresql-devel
 BuildRequires:  python3-devel
+BuildRequires:  sqlite3
 BuildRequires:  sqlite3-devel
 BuildRequires:  unixODBC-devel
 BuildRequires:  pkgconfig(apr-1)
@@ -405,6 +406,8 @@ done
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/files/*
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/preprocess
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/moonshot-targeted-ids/*
+%dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/realm
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/realm/freeradius-naptr-to-home-server.sh
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/moonshot-targeted-ids
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/preprocess/*
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/mysql
@@ -429,6 +432,7 @@ done
 # sites-available
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/sites-available
 %{_sysconfdir}/raddb/sites-available/README
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/aws-nlb
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/control-socket
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/decoupled-accounting
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/robust-proxy-accounting
@@ -455,6 +459,8 @@ done
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/challenge
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/resource-check
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/totp
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/google-ldap-auth
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/sites-available/tls-cache
 
 # sites-enabled
 # symlink: %%{_sysconfdir}/raddb/sites-enabled/xxx -> ../sites-available/xxx
@@ -468,7 +474,7 @@ done
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/always
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/attr_filter
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/cache
-%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/cache_eap
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/cache_auth
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/chap
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/counter
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/cui
@@ -493,6 +499,8 @@ done
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/idn
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/inner-eap
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/ippool
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/json
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/ldap_google
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/linelog
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/logintime
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/mac2ip
@@ -501,7 +509,6 @@ done
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/mschap
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/ntlm_auth
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/opendirectory
-%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/otp
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/pam
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/pap
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/passwd
@@ -537,7 +544,6 @@ done
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-enabled
 %config(missingok) %{_sysconfdir}/raddb/mods-enabled/always
 %config(missingok) %{_sysconfdir}/raddb/mods-enabled/attr_filter
-%config(missingok) %{_sysconfdir}/raddb/mods-enabled/cache_eap
 %config(missingok) %{_sysconfdir}/raddb/mods-enabled/chap
 %config(missingok) %{_sysconfdir}/raddb/mods-enabled/date
 %config(missingok) %{_sysconfdir}/raddb/mods-enabled/detail
@@ -613,7 +619,6 @@ done
 %{_libdir}/freeradius/rlm_cache.so
 %{_libdir}/freeradius/rlm_chap.so
 %{_libdir}/freeradius/rlm_counter.so
-%{_libdir}/freeradius/rlm_cram.so
 %{_libdir}/freeradius/rlm_date.so
 %{_libdir}/freeradius/rlm_detail.so
 %{_libdir}/freeradius/rlm_dhcp.so
@@ -634,10 +639,10 @@ done
 %{_libdir}/freeradius/rlm_expr.so
 %{_libdir}/freeradius/rlm_files.so
 %{_libdir}/freeradius/rlm_ippool.so
+%{_libdir}/freeradius/rlm_json.so
 %{_libdir}/freeradius/rlm_linelog.so
 %{_libdir}/freeradius/rlm_logintime.so
 %{_libdir}/freeradius/rlm_mschap.so
-%{_libdir}/freeradius/rlm_otp.so
 %{_libdir}/freeradius/rlm_pam.so
 %{_libdir}/freeradius/rlm_pap.so
 %{_libdir}/freeradius/rlm_passwd.so
@@ -818,7 +823,8 @@ done
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/ippool-dhcp/sqlite/queries.conf
 
 %dir %attr(750,root,radiusd) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite
-%attr(750,root,radiusd) %config %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/process-radacct-refresh.sh
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/process-radacct-close-after-reload.pl
+%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/process-radacct-new-data-usage-period.sh
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/process-radacct-schema.sql
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/queries.conf
 %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-config/sql/main/sqlite/schema.sql