Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package freeradius-server for openSUSE:Factory checked in at 2023-09-01 14:21:56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/freeradius-server (Old) and /work/SRC/openSUSE:Factory/.freeradius-server.new.1766 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "freeradius-server" Fri Sep 1 14:21:56 2023 rev:94 rq:1108446 version:3.2.3 Changes: -------- --- /work/SRC/openSUSE:Factory/freeradius-server/freeradius-server.changes 2023-02-07 18:49:21.679220754 +0100 +++ /work/SRC/openSUSE:Factory/.freeradius-server.new.1766/freeradius-server.changes 2023-09-01 14:22:29.711265293 +0200 @@ -1,0 +2,83 @@ +Thu Aug 31 13:09:06 UTC 2023 - Adam Majer <adam.majer@suse.de> + +- update to version 3.2.3: + Feature Improvements + * Add "max_retries" for connection pools. Fixes #4908. + * Update dictionary.ciena, dictionary.huawei, dictionary.wifialliance and + dictionary.wispr; add dictionary.eleven. + * You can now list "eap" in the "pre-proxy" section. If the packet contains a + malformed EAP message, then the request will be rejected The home server + will either reject (or discard) this packet anyways, so this change can + only help with large proxy scenarios. + * Show warnings if libldap is not using OpenSSL. + * Support RADIUS/1.1. See + https://datatracker.ietf.org/doc/draft-dekok-radext-radiusv11/ Disabled by + default, can be enabled by passing `--with-radiusv11` to the configure + script. For now, this is for testing interoperability. + * Add extra sanity checks for malformed EAP attributes. + * More TLS debugging output. + * Clear old module instance data before HUP reload. Avoids burst memory use + when e.g. using large data files with rlm_files. + * `rlm_cache_redis` is now included in the freeradius-redis packages. + +Bug Fixes + * Don't leak MD contexts with OpenSSL 3.0. + * Increase internal buffer size for TLS connections, which can help with + high-load proxies. + * Send Status-Server checks for TLS connections. + * Give descriptive error if "update CoA" is used with "fake" packets, as it + won't work. i.e. inner-tunnel and virtual home servers. + * Many small ASAN / LSAN fixes from Jorge Pereira. + * Close inbound RADIUS/TLS socket on TLS errors. When a home server sees a + TLS error, it will now close the socket, so proxies do not have an open + (but dead) TLS connection. + * Fix mutex locking issues on inbound RADIUS/TLS connections This change + avoids random issues with "bad record mac". + * Improve REST encoding loop. Patch from Herwin Weststrate. Closes #4950. + * Correctly report the LDAP group a user was found in. Fixes #3084. + * Force correct packet type when running Post-Auth-Type. Helps with #4980. + * Fix small leak in Client-Lost code. Patch from Terry Burton. PR #4996. + * Fix TCP socket statistics. Closes #4990. + * Use NAS-Port-Id instead of NAS-Port during SQL simultaneous-use checks. Helps with #5010. + + +Changes in version 3.2.2: + +Feature Improvements + + * The "configure" process now gives a much clearer report when it's finished + * Fallback to "uname -n" on missing "hostname". Fixes #4771. + * Export thread details in radmin "stats threads". Fixes #4770. + * Improve queries for processing radacct into periodic usage data + * Update dictionary.juniper. + * Add dictionary.calix. + * Fix dictionary.rfc6519 DS-Lite-Tunnel-Name to be "octets". + * Update documentation for robust-proxy-accounting, and be more aggressive about sending packets. + * Add per-module README.md files in the source. + * Add default Visual Studio configuration for developers. + * Postgres can now automatically use alternate queries for errors other than duplicate keys. + * %{listen:TLS-PSK-Identity} is now set when using PSK and psk_query This + helps the server track the identity of the client which is connecting. + * Include thread stats in Status-Server attributes. Fixes #4870. + * Mark rlm_unbound stable and add to packages. + * Remove broken/unsupported Dockerfiles for centos8 and debian9. + +Bug Fixes + + * Preliminary support for non-blocking TLS sockets. Helps with #3501. + * Fix support for partial certificate chains after adding reload support. Fixes #4753. + * Fix handling of debug_condition. + * Clean up home server states, and re-sync with the dictionaries. + * Correct certificate order when creating TLS-* attributes Fixes #4785. + * Update use of isalpha() etc. so broken configurations have less impact on the server. + * Outgoing TLS sockets now set SNI correctly from the "hostname" configuration item. + * Support Apple Homebrew on the M1. Fixes #4754. + * Better error messages when %{listen:TLS-...} is used. + * Getting statistics via Status-Server can now be done within a virtual server. Fixes #4868. + * Make TTLS+MS-CHAP work with TLS 1.3. Fixes #4878. + * Fix md5 xlat memory leak when using OpenSSL 3.0 + +- freeradius-server-rlm_sql_unixodbc-configure.patch: refreshed +- spec file cleanup: remove duplicate BR: from subpackages + +------------------------------------------------------------------- Old: ---- freeradius-server-3.2.1.tar.bz2 freeradius-server-3.2.1.tar.bz2.sig New: ---- freeradius-server-3.2.3.tar.bz2 freeradius-server-3.2.3.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ freeradius-server.spec ++++++ --- /var/tmp/diff_new_pack.D66VLK/_old 2023-09-01 14:22:31.375324685 +0200 +++ /var/tmp/diff_new_pack.D66VLK/_new 2023-09-01 14:22:31.379324828 +0200 @@ -18,7 +18,7 @@ %define unitname radiusd Name: freeradius-server -Version: 3.2.1 +Version: 3.2.3 Release: 0 # Disable FreeTDS on SLE12. We never shipped it enabled with FreeTDS. @@ -94,6 +94,7 @@ Conflicts: icradius Conflicts: radiusd-cistron Conflicts: radiusd-livingston +BuildRequires: libunbound-devel BuildRequires: pkgconfig(systemd) %{?systemd_requires} @@ -141,7 +142,6 @@ %package ldap Summary: LDAP support for freeradius Group: System/Daemons -BuildRequires: openldap2-devel Requires: %{name} = %{version} %description ldap @@ -158,7 +158,6 @@ %package krb5 Summary: Kerberos 5 support for freeradius Group: System/Daemons -BuildRequires: krb5-devel Requires: %{name} = %{version} %description krb5 @@ -167,8 +166,6 @@ %package perl Summary: Perl support for freeradius Group: System/Daemons -BuildRequires: perl -BuildRequires: perl(ExtUtils::Embed) Requires: %{name} = %{version} Requires: perl @@ -186,7 +183,6 @@ %package mysql Summary: MySQL support for freeradius Group: System/Daemons -BuildRequires: mysql-devel Requires: %{name} = %{version} %description mysql @@ -195,7 +191,6 @@ %package postgresql Summary: Postgresql support for freeradius Group: System/Daemons -BuildRequires: postgresql-devel Requires: %{name} = %{version} %description postgresql @@ -204,7 +199,6 @@ %package sqlite Summary: SQLite support for freeradius Group: System/Daemons -BuildRequires: sqlite3-devel Requires: %{name} = %{version} %description sqlite @@ -242,6 +236,7 @@ --without-rlm_sql_iodbc \ --without-rlm_redis \ --without-rlm_rediswho \ + --without-rlm_cache_redis \ --without-rlm_sql_oracle \ --without-rlm_securid \ --without-rlm_python \ @@ -663,6 +658,7 @@ %{_libdir}/freeradius/rlm_sql_null.so %{_libdir}/freeradius/rlm_test.so %{_libdir}/freeradius/rlm_totp.so +%{_libdir}/freeradius/rlm_unbound.so %{_libdir}/freeradius/rlm_unix.so %{_libdir}/freeradius/rlm_utf8.so %{_libdir}/freeradius/rlm_wimax.so ++++++ freeradius-server-3.2.1.tar.bz2 -> freeradius-server-3.2.3.tar.bz2 ++++++ ++++ 52369 lines of diff (skipped) ++++++ freeradius-server-rlm_sql_unixodbc-configure.patch ++++++ --- /var/tmp/diff_new_pack.D66VLK/_old 2023-09-01 14:22:34.123422767 +0200 +++ /var/tmp/diff_new_pack.D66VLK/_new 2023-09-01 14:22:34.123422767 +0200 @@ -1,12 +1,23 @@ ---- freeradius-server-3.0.11.orig/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure 2016-01-25 19:27:03.000000000 +0100 -+++ freeradius-server-3.0.11/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure 2016-01-25 20:42:24.835741109 +0100 -@@ -1843,7 +1843,7 @@ +Index: freeradius-server-3.2.3/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure +=================================================================== +--- freeradius-server-3.2.3.orig/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure ++++ freeradius-server-3.2.3/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure +@@ -1884,7 +1884,7 @@ if test "${with_unixodbc_dir+set}" = set fi -- smart_try_dir="$unixodbc_lib_dir /usr/local/unixodbc/lib" -+ smart_try_dir="$unixodbc_lib_dir" - ac_ext=c +-smart_try_dir="$unixodbc_lib_dir /usr/local/unixodbc/lib" ++smart_try_dir="$unixodbc_lib_dir" + ac_ext=c ac_cpp='$CPP $CPPFLAGS' ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +@@ -2800,7 +2800,7 @@ fail="$fail libodbc" + + fi + +-smart_try_dir="$unixodbc_include_dir /usr/local/unixodbc/include" ++smart_try_dir="$unixodbc_include_dir" + + + ac_safe=`echo "sql.h" | sed 'y%./+-%__pm%'`