Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package freeradius-server for openSUSE:Factory checked in at 2024-05-31 22:18:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/freeradius-server (Old) and /work/SRC/openSUSE:Factory/.freeradius-server.new.24587 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "freeradius-server" Fri May 31 22:18:26 2024 rev:98 rq:1177967 version:3.2.4 Changes: -------- --- /work/SRC/openSUSE:Factory/freeradius-server/freeradius-server.changes 2024-02-20 21:16:16.418213990 +0100 +++ /work/SRC/openSUSE:Factory/.freeradius-server.new.24587/freeradius-server.changes 2024-05-31 22:21:15.197716783 +0200 @@ -1,0 +2,74 @@ +Fri May 31 14:28:03 UTC 2024 - Adam Majer <adam.majer@suse.de> + +- update to 3.2.4 + Configuration changes + * Better handle backslashes in strings in the configuration files. + If the configuration items contain backslashes, then behavior may change. + However, the previous behavior didn't work as expected, + and therefore is not likely to be used. + * reject_delay no longer applies to proxied packets. All servers + should now set reject_delay = 1 for security and scalability. + * %{randstr:...} now returns the requested amount of data, + instead of one too many bytes. + + Feature Improvements + * Preliminary support for TEAP. + * Update EAP module pre_proxy checks to make them less restrictive + This prevents the "middle box" effect from affecting future traffic. + * Many fixes and updates for Docker images. + * Add dpsk module. See mods-available/dpsk. + * Print out what cause the TLS operations to be made, such as the EAP + method name (peap, ttls, etc), or RADIUS/TLS listen / proxy socket. + * Add auto_escape to sample SQL module config. + * Add 'if not exists' to mysql create table queries. + * Update dictionary.aruba; add dictionary.tplink, dictionary.alphion. + * Allow for 'encrypt=1' attributes to be longer than 128 characters. + * Added "radsecret" program which generates strong secrets. + See the top of the "clients.conf" file for more information. + * radclient now prints packets as hex when using -xxx. + * Added "-t timeout" to radsniff. It will stop processing packets + after <timeout> seconds. + * Support "interface = ..." on OSX and other *BSD which have IP_BOUND_IF. + * The detail module now has a "dates_as_integer" configuration item + See mods-available/detail for more information. + * Add lookback/lookforward steps and more configuration to totp. + See mods-available/totp. + * Add "time_since" xlat to calculate elapsed time in seconds, + milliseconds and microseconds. + * Support "Post-Auth-Type Challenge" in the inner tunnel. + * Add "proxy_dedup_window". See radiusd.conf. + * Document KRB5_CLIENT_KTNAME in the "env" section of radiusd.conf. + * Add "dedup_key" for misbehaving supplicants. See mods-available/eap. + + Bug Fixes + * Fix corner case with empty defaults in rlm_files. + * When we have multiple attributes of the same name, always use + the canonical attribute. + * Make FreeRADIUS-Server-EMA* attributes work again for home + server exponential moving average statistics. + * Don't send the global server stats when asked for client stats. + They use the same attributes, so the result is confusing. + * Fix multiple typos in MongoDB query.conf (#5130). + * Add define for illumos. Fixes #5135. + * Add client configuration for TLS PSK. + * Permit originate CoA after proxying to an internal virtual server. + * Use virtual server "default" when passed "-i" and "-p" on the command line. + * Fix locking issues with rlm_python3. + * The detail file reader will catch bad times in the file, and + will not update Acct-Delay-Time with extreme values. + * Fix issue where Message-Authenticator was calculated incorrectly + for CoA / Disconnect ACK and NAK packets. + * Update Python thread and error handling. Fixes #5208. + * Fix handling of Session-State when proxying. Fixes #5288. + * Run relevant post-proxy Fail-* section on CoA / Disconnect timeout. + * Add "limit" section to AWS health check configurtion. Fixes 35300. + * Use MAX in sqlite queries instead of GREATEST. + * Fix typo in Mongo queries. Fixes #5301. + * Fix occasional crash with bad home servers. Fixes #5308. + * Minor bug fixes to the SQL freetds modules. + * Fix blocking issue with RADIUS/TLS connection checks. + * Fix run-time crash on configuration typos of %{substr ...} + instead of %{substr:...} Fixes #5321. + * Fix crash with TLS Status-Server requests. Fixes #5326. + +------------------------------------------------------------------- Old: ---- freeradius-server-3.2.3.tar.bz2 freeradius-server-3.2.3.tar.bz2.sig New: ---- freeradius-server-3.2.4.tar.bz2 freeradius-server-3.2.4.tar.bz2.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ freeradius-server.spec ++++++ --- /var/tmp/diff_new_pack.yUpP3U/_old 2024-05-31 22:21:16.145751316 +0200 +++ /var/tmp/diff_new_pack.yUpP3U/_new 2024-05-31 22:21:16.145751316 +0200 @@ -18,7 +18,7 @@ %define unitname radiusd Name: freeradius-server -Version: 3.2.3 +Version: 3.2.4 Release: 0 # Disable FreeTDS on SLE12. We never shipped it enabled with FreeTDS. @@ -296,7 +296,6 @@ rm %{buildroot}%{_sysconfdir}/raddb/certs/*.p12 rm %{buildroot}%{_sysconfdir}/raddb/certs/index.* rm %{buildroot}%{_sysconfdir}/raddb/certs/serial* -rm %{buildroot}%{_sysconfdir}/raddb/certs/dh rm doc/source/.gitignore rm %{buildroot}%{_sbindir}/rc.radiusd rm -r %{buildroot}%{_datadir}/doc/freeradius* @@ -388,6 +387,8 @@ %{_sysconfdir}/raddb/certs/Makefile %{_sysconfdir}/raddb/certs/passwords.mk %{_sysconfdir}/raddb/certs/README.md +%dir %attr(755,radiusd,radiusd) %{_sysconfdir}/raddb/certs/realms/ +%{_sysconfdir}/raddb/certs/realms/README.md %{_sysconfdir}/raddb/certs/xpextensions %{_sysconfdir}/raddb/panic.gdb %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/certs/*.cnf @@ -487,6 +488,7 @@ %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dhcp_sql %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dhcp_sqlippool %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/digest +%attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dpsk %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/dynamic_clients %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/eap %attr(640,root,radiusd) %config(noreplace) %{_sysconfdir}/raddb/mods-available/echo @@ -622,6 +624,7 @@ %{_libdir}/freeradius/rlm_detail.so %{_libdir}/freeradius/rlm_dhcp.so %{_libdir}/freeradius/rlm_digest.so +%{_libdir}/freeradius/rlm_dpsk.so %{_libdir}/freeradius/rlm_dynamic_clients.so %{_libdir}/freeradius/rlm_eap.so %{_libdir}/freeradius/rlm_eap_fast.so @@ -631,6 +634,7 @@ %{_libdir}/freeradius/rlm_eap_peap.so %{_libdir}/freeradius/rlm_eap_pwd.so %{_libdir}/freeradius/rlm_eap_sim.so +%{_libdir}/freeradius/rlm_eap_teap.so %{_libdir}/freeradius/rlm_eap_tls.so %{_libdir}/freeradius/rlm_eap_ttls.so %{_libdir}/freeradius/rlm_exec.so ++++++ freeradius-server-3.2.3.tar.bz2 -> freeradius-server-3.2.4.tar.bz2 ++++++ ++++ 24867 lines of diff (skipped)