Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package freeradius-server for
openSUSE:Factory checked in at 2023-09-01 14:21:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/freeradius-server (Old)
and /work/SRC/openSUSE:Factory/.freeradius-server.new.1766 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "freeradius-server"
Fri Sep 1 14:21:56 2023 rev:94 rq:1108446 version:3.2.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/freeradius-server/freeradius-server.changes
2023-02-07 18:49:21.679220754 +0100
+++
/work/SRC/openSUSE:Factory/.freeradius-server.new.1766/freeradius-server.changes
2023-09-01 14:22:29.711265293 +0200
@@ -1,0 +2,83 @@
+Thu Aug 31 13:09:06 UTC 2023 - Adam Majer <[email protected]>
+
+- update to version 3.2.3:
+ Feature Improvements
+ * Add "max_retries" for connection pools. Fixes #4908.
+ * Update dictionary.ciena, dictionary.huawei, dictionary.wifialliance and
+ dictionary.wispr; add dictionary.eleven.
+ * You can now list "eap" in the "pre-proxy" section. If the packet contains a
+ malformed EAP message, then the request will be rejected The home server
+ will either reject (or discard) this packet anyways, so this change can
+ only help with large proxy scenarios.
+ * Show warnings if libldap is not using OpenSSL.
+ * Support RADIUS/1.1. See
+ https://datatracker.ietf.org/doc/draft-dekok-radext-radiusv11/ Disabled by
+ default, can be enabled by passing `--with-radiusv11` to the configure
+ script. For now, this is for testing interoperability.
+ * Add extra sanity checks for malformed EAP attributes.
+ * More TLS debugging output.
+ * Clear old module instance data before HUP reload. Avoids burst memory use
+ when e.g. using large data files with rlm_files.
+ * `rlm_cache_redis` is now included in the freeradius-redis packages.
+
+Bug Fixes
+ * Don't leak MD contexts with OpenSSL 3.0.
+ * Increase internal buffer size for TLS connections, which can help with
+ high-load proxies.
+ * Send Status-Server checks for TLS connections.
+ * Give descriptive error if "update CoA" is used with "fake" packets, as it
+ won't work. i.e. inner-tunnel and virtual home servers.
+ * Many small ASAN / LSAN fixes from Jorge Pereira.
+ * Close inbound RADIUS/TLS socket on TLS errors. When a home server sees a
+ TLS error, it will now close the socket, so proxies do not have an open
+ (but dead) TLS connection.
+ * Fix mutex locking issues on inbound RADIUS/TLS connections This change
+ avoids random issues with "bad record mac".
+ * Improve REST encoding loop. Patch from Herwin Weststrate. Closes #4950.
+ * Correctly report the LDAP group a user was found in. Fixes #3084.
+ * Force correct packet type when running Post-Auth-Type. Helps with #4980.
+ * Fix small leak in Client-Lost code. Patch from Terry Burton. PR #4996.
+ * Fix TCP socket statistics. Closes #4990.
+ * Use NAS-Port-Id instead of NAS-Port during SQL simultaneous-use checks.
Helps with #5010.
+
+
+Changes in version 3.2.2:
+
+Feature Improvements
+
+ * The "configure" process now gives a much clearer report when it's finished
+ * Fallback to "uname -n" on missing "hostname". Fixes #4771.
+ * Export thread details in radmin "stats threads". Fixes #4770.
+ * Improve queries for processing radacct into periodic usage data
+ * Update dictionary.juniper.
+ * Add dictionary.calix.
+ * Fix dictionary.rfc6519 DS-Lite-Tunnel-Name to be "octets".
+ * Update documentation for robust-proxy-accounting, and be more aggressive
about sending packets.
+ * Add per-module README.md files in the source.
+ * Add default Visual Studio configuration for developers.
+ * Postgres can now automatically use alternate queries for errors other than
duplicate keys.
+ * %{listen:TLS-PSK-Identity} is now set when using PSK and psk_query This
+ helps the server track the identity of the client which is connecting.
+ * Include thread stats in Status-Server attributes. Fixes #4870.
+ * Mark rlm_unbound stable and add to packages.
+ * Remove broken/unsupported Dockerfiles for centos8 and debian9.
+
+Bug Fixes
+
+ * Preliminary support for non-blocking TLS sockets. Helps with #3501.
+ * Fix support for partial certificate chains after adding reload support.
Fixes #4753.
+ * Fix handling of debug_condition.
+ * Clean up home server states, and re-sync with the dictionaries.
+ * Correct certificate order when creating TLS-* attributes Fixes #4785.
+ * Update use of isalpha() etc. so broken configurations have less impact on
the server.
+ * Outgoing TLS sockets now set SNI correctly from the "hostname"
configuration item.
+ * Support Apple Homebrew on the M1. Fixes #4754.
+ * Better error messages when %{listen:TLS-...} is used.
+ * Getting statistics via Status-Server can now be done within a virtual
server. Fixes #4868.
+ * Make TTLS+MS-CHAP work with TLS 1.3. Fixes #4878.
+ * Fix md5 xlat memory leak when using OpenSSL 3.0
+
+- freeradius-server-rlm_sql_unixodbc-configure.patch: refreshed
+- spec file cleanup: remove duplicate BR: from subpackages
+
+-------------------------------------------------------------------
Old:
----
freeradius-server-3.2.1.tar.bz2
freeradius-server-3.2.1.tar.bz2.sig
New:
----
freeradius-server-3.2.3.tar.bz2
freeradius-server-3.2.3.tar.bz2.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ freeradius-server.spec ++++++
--- /var/tmp/diff_new_pack.D66VLK/_old 2023-09-01 14:22:31.375324685 +0200
+++ /var/tmp/diff_new_pack.D66VLK/_new 2023-09-01 14:22:31.379324828 +0200
@@ -18,7 +18,7 @@
%define unitname radiusd
Name: freeradius-server
-Version: 3.2.1
+Version: 3.2.3
Release: 0
# Disable FreeTDS on SLE12. We never shipped it enabled with FreeTDS.
@@ -94,6 +94,7 @@
Conflicts: icradius
Conflicts: radiusd-cistron
Conflicts: radiusd-livingston
+BuildRequires: libunbound-devel
BuildRequires: pkgconfig(systemd)
%{?systemd_requires}
@@ -141,7 +142,6 @@
%package ldap
Summary: LDAP support for freeradius
Group: System/Daemons
-BuildRequires: openldap2-devel
Requires: %{name} = %{version}
%description ldap
@@ -158,7 +158,6 @@
%package krb5
Summary: Kerberos 5 support for freeradius
Group: System/Daemons
-BuildRequires: krb5-devel
Requires: %{name} = %{version}
%description krb5
@@ -167,8 +166,6 @@
%package perl
Summary: Perl support for freeradius
Group: System/Daemons
-BuildRequires: perl
-BuildRequires: perl(ExtUtils::Embed)
Requires: %{name} = %{version}
Requires: perl
@@ -186,7 +183,6 @@
%package mysql
Summary: MySQL support for freeradius
Group: System/Daemons
-BuildRequires: mysql-devel
Requires: %{name} = %{version}
%description mysql
@@ -195,7 +191,6 @@
%package postgresql
Summary: Postgresql support for freeradius
Group: System/Daemons
-BuildRequires: postgresql-devel
Requires: %{name} = %{version}
%description postgresql
@@ -204,7 +199,6 @@
%package sqlite
Summary: SQLite support for freeradius
Group: System/Daemons
-BuildRequires: sqlite3-devel
Requires: %{name} = %{version}
%description sqlite
@@ -242,6 +236,7 @@
--without-rlm_sql_iodbc \
--without-rlm_redis \
--without-rlm_rediswho \
+ --without-rlm_cache_redis \
--without-rlm_sql_oracle \
--without-rlm_securid \
--without-rlm_python \
@@ -663,6 +658,7 @@
%{_libdir}/freeradius/rlm_sql_null.so
%{_libdir}/freeradius/rlm_test.so
%{_libdir}/freeradius/rlm_totp.so
+%{_libdir}/freeradius/rlm_unbound.so
%{_libdir}/freeradius/rlm_unix.so
%{_libdir}/freeradius/rlm_utf8.so
%{_libdir}/freeradius/rlm_wimax.so
++++++ freeradius-server-3.2.1.tar.bz2 -> freeradius-server-3.2.3.tar.bz2 ++++++
++++ 52369 lines of diff (skipped)
++++++ freeradius-server-rlm_sql_unixodbc-configure.patch ++++++
--- /var/tmp/diff_new_pack.D66VLK/_old 2023-09-01 14:22:34.123422767 +0200
+++ /var/tmp/diff_new_pack.D66VLK/_new 2023-09-01 14:22:34.123422767 +0200
@@ -1,12 +1,23 @@
----
freeradius-server-3.0.11.orig/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
2016-01-25 19:27:03.000000000 +0100
-+++
freeradius-server-3.0.11/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
2016-01-25 20:42:24.835741109 +0100
-@@ -1843,7 +1843,7 @@
+Index:
freeradius-server-3.2.3/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
+===================================================================
+---
freeradius-server-3.2.3.orig/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
++++
freeradius-server-3.2.3/src/modules/rlm_sql/drivers/rlm_sql_unixodbc/configure
+@@ -1884,7 +1884,7 @@ if test "${with_unixodbc_dir+set}" = set
fi
-- smart_try_dir="$unixodbc_lib_dir /usr/local/unixodbc/lib"
-+ smart_try_dir="$unixodbc_lib_dir"
- ac_ext=c
+-smart_try_dir="$unixodbc_lib_dir /usr/local/unixodbc/lib"
++smart_try_dir="$unixodbc_lib_dir"
+ ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+@@ -2800,7 +2800,7 @@ fail="$fail libodbc"
+
+ fi
+
+-smart_try_dir="$unixodbc_include_dir /usr/local/unixodbc/include"
++smart_try_dir="$unixodbc_include_dir"
+
+
+ ac_safe=`echo "sql.h" | sed 'y%./+-%__pm%'`
