Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package radcli for openSUSE:Factory checked in at 2026-06-08 14:22:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/radcli (Old) and /work/SRC/openSUSE:Factory/.radcli.new.2375 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "radcli" Mon Jun 8 14:22:27 2026 rev:8 rq:1357866 version:1.5.2 Changes: -------- --- /work/SRC/openSUSE:Factory/radcli/radcli.changes 2026-05-04 12:56:42.465358660 +0200 +++ /work/SRC/openSUSE:Factory/.radcli.new.2375/radcli.changes 2026-06-08 14:27:50.195320498 +0200 @@ -1,0 +2,8 @@ +Mon Jun 8 06:36:56 UTC 2026 - Martin Hauke <[email protected]> + +- Update to version 1.5.2 + * tls: defer TCP connect and TLS handshake to first use. This + addresses the issue of radcli connecting to TLS server + during rc_read_config(). + +------------------------------------------------------------------- Old: ---- radcli-1.5.1.tar.gz New: ---- radcli-1.5.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ radcli.spec ++++++ --- /var/tmp/diff_new_pack.JIDIwX/_old 2026-06-08 14:27:50.943351538 +0200 +++ /var/tmp/diff_new_pack.JIDIwX/_new 2026-06-08 14:27:50.947351704 +0200 @@ -19,7 +19,7 @@ %define sover 10 Name: radcli -Version: 1.5.1 +Version: 1.5.2 Release: 0 Summary: A RADIUS client library License: BSD-2-Clause AND MIT ++++++ radcli-1.5.1.tar.gz -> radcli-1.5.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/radcli-1.5.1/NEWS new/radcli-1.5.2/NEWS --- old/radcli-1.5.1/NEWS 2026-05-01 23:42:30.000000000 +0200 +++ new/radcli-1.5.2/NEWS 2026-06-07 12:43:34.000000000 +0200 @@ -1,3 +1,8 @@ +* Version 1.5.2 (released 2026-06-07) +- tls: defer TCP connect and TLS handshake to first use. This addresses + the issue of radcli connecting to TLS server during rc_read_config(). + + * Version 1.5.1 (released 2026-05-01) - Close the TLS and DTLS sessions using an alert (#127) - Enforce the RFC 2865 packet size limit (4096 bytes) when packing diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/radcli-1.5.1/configure new/radcli-1.5.2/configure --- old/radcli-1.5.1/configure 2026-05-01 23:43:02.000000000 +0200 +++ new/radcli-1.5.2/configure 2026-06-07 12:43:53.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.72 for radcli 1.5.1. +# Generated by GNU Autoconf 2.72 for radcli 1.5.2. # # Report bugs to <[email protected]>. # @@ -614,8 +614,8 @@ # Identity of this package. PACKAGE_NAME='radcli' PACKAGE_TARNAME='radcli' -PACKAGE_VERSION='1.5.1' -PACKAGE_STRING='radcli 1.5.1' +PACKAGE_VERSION='1.5.2' +PACKAGE_STRING='radcli 1.5.2' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1400,7 +1400,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -'configure' configures radcli 1.5.1 to adapt to many kinds of systems. +'configure' configures radcli 1.5.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1472,7 +1472,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of radcli 1.5.1:";; + short | recursive ) echo "Configuration of radcli 1.5.2:";; esac cat <<\_ACEOF @@ -1607,7 +1607,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -radcli configure 1.5.1 +radcli configure 1.5.2 generated by GNU Autoconf 2.72 Copyright (C) 2023 Free Software Foundation, Inc. @@ -2027,7 +2027,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by radcli $as_me 1.5.1, which was +It was created by radcli $as_me 1.5.2, which was generated by GNU Autoconf 2.72. Invocation command line was $ $0$ac_configure_args_raw @@ -3648,7 +3648,7 @@ # Define the identity of the package. PACKAGE='radcli' - VERSION='1.5.1' + VERSION='1.5.2' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -18973,7 +18973,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by radcli $as_me 1.5.1, which was +This file was extended by radcli $as_me 1.5.2, which was generated by GNU Autoconf 2.72. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19041,7 +19041,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config='$ac_cs_config_escaped' ac_cs_version="\\ -radcli config.status 1.5.1 +radcli config.status 1.5.2 configured by $0, generated by GNU Autoconf 2.72, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/radcli-1.5.1/configure.ac new/radcli-1.5.2/configure.ac --- old/radcli-1.5.1/configure.ac 2026-05-01 23:42:30.000000000 +0200 +++ new/radcli-1.5.2/configure.ac 2026-06-07 12:43:43.000000000 +0200 @@ -6,7 +6,7 @@ # # -AC_INIT([radcli], [1.5.1], [[email protected]]) +AC_INIT([radcli], [1.5.2], [[email protected]]) AC_CONFIG_MACRO_DIR([m4]) AC_CANONICAL_TARGET([]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/radcli-1.5.1/doc/ChangeLog new/radcli-1.5.2/doc/ChangeLog --- old/radcli-1.5.1/doc/ChangeLog 2026-04-04 15:19:25.000000000 +0200 +++ new/radcli-1.5.2/doc/ChangeLog 2026-06-05 20:18:15.000000000 +0200 @@ -7,7 +7,7 @@ o Clean up generation of random numbers. Patch from Nikos Mavrogiannopoulos. o Update BSD license as permitted by Christos Zoulas. - o Define PW_MAX_MSG_SIZE for maximum message sice. + o Define PW_MAX_MSG_SIZE for maximum message size. Patch from Nikos Mavrogiannopoulos. o Allow the dictionary file parser to understand BEGIN-VENDOR / END-VENDOR as with FreeRADIUS server. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/radcli-1.5.1/doc/Doxyfile.in new/radcli-1.5.2/doc/Doxyfile.in --- old/radcli-1.5.1/doc/Doxyfile.in 2026-04-04 15:19:25.000000000 +0200 +++ new/radcli-1.5.2/doc/Doxyfile.in 2026-06-05 20:18:15.000000000 +0200 @@ -1405,7 +1405,7 @@ FORMULA_FONTSIZE = 10 -# Use the FORMULA_TRANPARENT tag to determine whether or not the images +# Use the FORMULA_TRANSPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are not # supported properly for IE 6.0, but are supported on all modern browsers. # diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/radcli-1.5.1/doc/man/radcli.h.3 new/radcli-1.5.2/doc/man/radcli.h.3 --- old/radcli-1.5.1/doc/man/radcli.h.3 2026-05-01 23:43:12.000000000 +0200 +++ new/radcli-1.5.2/doc/man/radcli.h.3 2026-06-07 12:45:20.000000000 +0200 @@ -1,6 +1,6 @@ .\" File automatically generated by doxy2man0.3 -.\" Generation date: Fri May 1 2026 -.TH radcli.h 3 2026-05-01 "radcli" "Radius client library" +.\" Generation date: Sun Jun 7 2026 +.TH radcli.h 3 2026-06-07 "radcli" "Radius client library" .SH "NAME" radcli.h \- .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/radcli-1.5.1/doc/man/rc_mksid.3 new/radcli-1.5.2/doc/man/rc_mksid.3 --- old/radcli-1.5.1/doc/man/rc_mksid.3 2026-05-01 23:43:12.000000000 +0200 +++ new/radcli-1.5.2/doc/man/rc_mksid.3 2026-06-07 12:45:20.000000000 +0200 @@ -1,6 +1,6 @@ .\" File automatically generated by doxy2man0.3 -.\" Generation date: Fri May 1 2026 -.TH rc_mksid 3 2026-05-01 "radcli" "Radius client library" +.\" Generation date: Sun Jun 7 2026 +.TH rc_mksid 3 2026-06-07 "radcli" "Radius client library" .SH "NAME" rc_mksid \- .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/radcli-1.5.1/doc/man/rc_setdebug.3 new/radcli-1.5.2/doc/man/rc_setdebug.3 --- old/radcli-1.5.1/doc/man/rc_setdebug.3 2026-05-01 23:43:12.000000000 +0200 +++ new/radcli-1.5.2/doc/man/rc_setdebug.3 2026-06-07 12:45:20.000000000 +0200 @@ -1,6 +1,6 @@ .\" File automatically generated by doxy2man0.3 -.\" Generation date: Fri May 1 2026 -.TH rc_setdebug 3 2026-05-01 "radcli" "Radius client library" +.\" Generation date: Sun Jun 7 2026 +.TH rc_setdebug 3 2026-06-07 "radcli" "Radius client library" .SH "NAME" rc_setdebug \- .SH SYNOPSIS diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/radcli-1.5.1/include/radcli/version.h new/radcli-1.5.2/include/radcli/version.h --- old/radcli-1.5.1/include/radcli/version.h 2026-05-01 23:43:07.000000000 +0200 +++ new/radcli-1.5.2/include/radcli/version.h 2026-06-07 12:44:45.000000000 +0200 @@ -1,5 +1,5 @@ -#define RADCLI_VERSION "1.5.1" +#define RADCLI_VERSION "1.5.2" #define RADCLI_VERSION_MAJOR 1 #define RADCLI_VERSION_MINOR 5 -#define RADCLI_VERSION_PATH 1 -#define RADCLI_VERSION_NUMBER 0x010501 +#define RADCLI_VERSION_PATH 2 +#define RADCLI_VERSION_NUMBER 0x010502 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/radcli-1.5.1/lib/ip_util.c new/radcli-1.5.2/lib/ip_util.c --- old/radcli-1.5.1/lib/ip_util.c 2026-05-01 21:41:02.000000000 +0200 +++ new/radcli-1.5.2/lib/ip_util.c 2026-06-05 20:18:15.000000000 +0200 @@ -22,7 +22,7 @@ /*- Returns a struct addrinfo from a host name or address in textual notation. * * @param host the name of the host - * @param flags should be a combinations of PW_AI flags + * @param flags should be a combination of PW_AI flags * @return address which should be deallocated using freeaddrinfo() or NULL on failure -*/ struct addrinfo *rc_getaddrinfo (char const *host, unsigned flags) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/radcli-1.5.1/lib/tls.c new/radcli-1.5.2/lib/tls.c --- old/radcli-1.5.1/lib/tls.c 2026-04-26 10:42:53.000000000 +0200 +++ new/radcli-1.5.2/lib/tls.c 2026-06-05 20:18:13.000000000 +0200 @@ -79,6 +79,10 @@ static int tls_get_fd(void *ptr, struct sockaddr *our_sockaddr) { tls_st *st = ptr; + if (st->ctx.need_restart != 0) { + if (restart_session(st->rh, st) < 0) + return -1; + } return st->ctx.sockfd; } @@ -719,11 +723,13 @@ } } - ret = init_session(rh, &st->ctx, hostname, port, &our_sockaddr, 0, flags); - if (ret < 0) { - ret = -1; - goto cleanup; - } + /* Defer TCP connect + TLS handshake to first use. + * tls_sendto() checks need_restart != 0 and calls restart_session(), + * which calls init_session() with these stored parameters. */ + strlcpy(st->ctx.hostname, hostname, sizeof(st->ctx.hostname)); + st->ctx.port = port; + memcpy(&st->ctx.our_sockaddr, &our_sockaddr, sizeof(our_sockaddr)); + st->ctx.need_restart = 1; rh->so.get_fd = tls_get_fd; rh->so.get_active_fd = tls_get_active_fd; @@ -734,6 +740,7 @@ if (ns != NULL) { if(-1 == rc_reset_netns(&ns_def_hdl)) { rc_log(LOG_ERR, "rc_send_server: namespace %s reset failed", ns); + ret = -1; goto cleanup; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/radcli-1.5.1/tests/eap-tests.sh new/radcli-1.5.2/tests/eap-tests.sh --- old/radcli-1.5.1/tests/eap-tests.sh 2026-04-04 15:19:25.000000000 +0200 +++ new/radcli-1.5.2/tests/eap-tests.sh 2026-06-05 20:18:15.000000000 +0200 @@ -30,7 +30,7 @@ echo "***********************************************" echo "The test sends a basic EAP message and expects " -echo "an Acess-Challenge response. The test does not " +echo "an Access-Challenge response. The test does not " echo "go beyond this point as there is no real EAP " echo "service capable of handling a full EAP request " echo "***********************************************" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/radcli-1.5.1/tests/tls-restart.c new/radcli-1.5.2/tests/tls-restart.c --- old/radcli-1.5.1/tests/tls-restart.c 2026-05-01 23:42:24.000000000 +0200 +++ new/radcli-1.5.2/tests/tls-restart.c 2026-06-05 20:18:13.000000000 +0200 @@ -158,25 +158,41 @@ char buf[BUF_LEN]; int i, fd; - fd = rc_tls_fd(rh); - if (fd >= 0) { - if (dup(fd) == -1) { - fprintf(stderr, "tls-restart: dup failed %s", strerror(errno)); - return 1; - } - close(fd); - } - received = NULL; if (acct == 0) { + /* First auth establishes the TLS session (eagerly or lazily). */ + i = rc_auth(rh, nas_port, send, &received, msg); + if (i != OK_RC) { + fprintf(stderr, "tls-restart: error sending 1\n"); + rc_avpair_free(received); + return 1; + } + rc_avpair_free(received); + received = NULL; + + /* Close the fd underneath GnuTLS to simulate a broken session. */ + fd = rc_tls_fd(rh); + if (fd >= 0) { + if (dup(fd) == -1) { + fprintf(stderr, "tls-restart: dup failed %s\n", strerror(errno)); + return 1; + } + close(fd); + } + + /* This auth will fail because the fd was closed; it arms + * need_restart so the following attempt can reconnect. */ i = rc_auth(rh, nas_port, send, &received, msg); + rc_avpair_free(received); + received = NULL; if (i != OK_RC) { - fprintf(stderr, "tls-restart: error sending 1 (ok)\n"); + fprintf(stderr, "tls-restart: error sending 2 (ok)\n"); } + /* This auth must succeed via reconnection. */ i = rc_auth(rh, nas_port, send, &received, msg); if (i != OK_RC) { - fprintf(stderr, "tls-restart: error sending 2\n"); + fprintf(stderr, "tls-restart: error sending 3\n"); exit(2); } if (received != NULL) {
