Rebase to FreeRADIUS 3.2.5

Resolves: RHEL-46784
Signed-off-by: Antonio Torres <antorres@redhat.com>

.gitignore

@@ -42,3 +42,4 @@ freeradius-*.src.rpm
 /freeradius-server-3.2.1.tar.bz2
 /freeradius-server-3.2.2.tar.bz2
 /freeradius-server-3.2.3.tar.bz2
+/freeradius-server-3.2.5.tar.bz2

freeradius-disable-openssl-engine.patch

@@ -0,0 +1,55 @@
+From: Antonio Torres <antorres@redhat.com>
+Date: Wed, 10 Jul 2024
+Subject: Remove OpenSSL Engine usage
+
+Engine functionality from OpenSSL is deprecated and shouldn't be used.
+
+Related: https://gitlab.com/redhat/centos-stream/rpms/openssl/-/merge_requests/144
+Signed-off-by: Antonio Torres <antorres@redhat.com>
+---
+ configure         | 2 +-
+ configure.ac      | 3 +--
+ src/include/tls-h | 3 ---
+ 3 files changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/configure b/configure
+index 5041ca264f..5ccb061a4c 100755
+--- a/configure
++++ b/configure
+@@ -10515,7 +10515,7 @@ smart_prefix=
+ printf "%s\n" "#define HAVE_OPENSSL_SSL_H 1" >>confdefs.h
+ 
+ 
+-           for ac_header in openssl/asn1.h openssl/conf.h openssl/crypto.h openssl/err.h openssl/evp.h openssl/hmac.h openssl/md5.h openssl/md4.h openssl/rand.h openssl/sha.h openssl/ssl.h openssl/ocsp.h openssl/engine.h
++           for ac_header in openssl/asn1.h openssl/conf.h openssl/crypto.h openssl/err.h openssl/evp.h openssl/hmac.h openssl/md5.h openssl/md4.h openssl/rand.h openssl/sha.h openssl/ssl.h openssl/ocsp.h
+ do :
+   as_ac_Header=`printf "%s\n" "ac_cv_header_$ac_header" | $as_tr_sh`
+ ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+diff --git a/configure.ac b/configure.ac
+index a24a8061f6..f6074f694e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1446,8 +1446,7 @@ if test "x$WITH_OPENSSL" = xyes; then
+       openssl/rand.h \
+       openssl/sha.h \
+       openssl/ssl.h \
+-      openssl/ocsp.h \
+-      openssl/engine.h,
++      openssl/ocsp.h,
+       [ OPENSSL_CPPFLAGS="$smart_include" ],
+       [
+         AC_MSG_FAILURE([failed locating OpenSSL headers. Use --with-openssl-include-dir=<path>, or --with-openssl=no (builds without OpenSSL)])
+diff --git a/src/include/tls-h b/src/include/tls-h
+index 506fb19778..b195ec9fdb 100644
+--- a/src/include/tls-h
++++ b/src/include/tls-h
+@@ -37,9 +37,6 @@ RCSIDH(tls_h, "$Id$")
+ #  define OPENSSL_NO_KRB5
+ #endif
+ #include <openssl/err.h>
+-#ifdef HAVE_OPENSSL_ENGINE_H
+-#  include <openssl/engine.h>
+-#endif
+ #include <openssl/ssl.h>
+ 
+ #ifdef __cplusplus

freeradius.spec

@@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
-Version: 3.2.3
-Release: 7%{?dist}
+Version: 3.2.5
+Release: 1%{?dist}
 License: GPL-2.0-or-later AND LGPL-2.0-or-later
 URL: http://www.freeradius.org/
 
@@ -31,6 +31,7 @@ Patch7: freeradius-ease-openssl-version-check.patch
 Patch8: freeradius-configure-c99.patch
 Patch9: freeradius-no-antora-docs.patch
 Patch10: freeradius-no-sql-scripts.patch
+Patch11: freeradius-disable-openssl-engine.patch
 
 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
 
@@ -217,6 +218,7 @@ This plugin provides the REST support for the FreeRADIUS server project.
 %patch 8 -p1
 %patch 9 -p1
 %patch 10 -p1
+%patch 11 -p1
 
 %build
 # Force compile/link options, extra security for network facing daemon
@@ -225,6 +227,9 @@ This plugin provides the REST support for the FreeRADIUS server project.
 # Enable FIPS support
 %global build_cflags %{build_cflags} -DWITH_FIPS
 
+# No OpenSSL Engine as it's deprecated
+%global build_cflags %{build_cflags} -UHAVE_OPENSSL_ENGINE_H
+
 %global build_ldflags %{build_ldflags} $(python3-config --embed --libs)
 export PY3_LIB_DIR="$(python3-config --configdir)"
 export PY3_INC_DIR="$(python3 -c 'import sysconfig; print(sysconfig.get_config_var("INCLUDEPY"))')"
@@ -422,6 +427,7 @@ EOF
 %config(noreplace) /etc/raddb/certs/Makefile
 %config(noreplace) /etc/raddb/certs/passwords.mk
 /etc/raddb/certs/README.md
+/etc/raddb/certs/realms/README.md
 %config(noreplace) /etc/raddb/certs/xpextensions
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/certs/*.cnf
 %attr(750,root,radiusd) /etc/raddb/certs/bootstrap
@@ -548,6 +554,7 @@ EOF
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/utf8
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/wimax
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/yubikey
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dpsk
 
 # mods-enabled
 # symlink: /etc/raddb/mods-enabled/xxx -> ../mods-available/xxx
@@ -673,6 +680,8 @@ EOF
 %{_libdir}/freeradius/rlm_utf8.so
 %{_libdir}/freeradius/rlm_wimax.so
 %{_libdir}/freeradius/rlm_yubikey.so
+%{_libdir}/freeradius/rlm_dpsk.so
+%{_libdir}/freeradius/rlm_eap_teap.so
 
 # main man pages
 %doc %{_mandir}/man5/clients.conf.5.gz
@@ -903,6 +912,10 @@ EOF
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
 
 %changelog
+* Tue Jul 09 2024 Antonio Torres <antorres@redhat.com> - 3.2.5-1
+- Rebase to release 3.2.5
+  Resolves: RHEL-46784
+
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.2.3-7
 - Bump release for June 2024 mass rebuild
 

sources

@@ -1 +1 @@
-SHA512 (freeradius-server-3.2.3.tar.bz2) = 06767153e262a2baa2d0cc74099bc13c23b33c2316348b5dc8ec0f5834c028571bd09b8c01726a6eabeaab8fdc3050f40bfeba2d5b1c299585d1689abad365ce
+SHA512 (freeradius-server-3.2.5.tar.bz2) = 55e653630674a957dcd52ae58e5fd7b5a510b84aaa80e0552bce8089221e02f652618b53753f438981472a5f47df7c8426b9a5ecda0b06ad9f4c25b23604c86b