Update to 3.0.22

Update to 3.0.22. This includes adaptation of patches
and addition of new files present in the release.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1961190
Signed-off-by: Antonio Torres <antorres@redhat.com>

.gitignore

@@ -34,3 +34,4 @@ freeradius-*.src.rpm
 /freeradius-server-3.0.19.tar.bz2
 /freeradius-server-3.0.20.tar.bz2
 /freeradius-server-3.0.21.tar.bz2
+/freeradius-server-3.0.22.tar.bz2

freeradius-Use-system-crypto-policy-by-default.patch

@@ -15,18 +15,18 @@ diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap
 index 36849e10f2..b28c0f19c6 100644
 --- a/raddb/mods-available/eap
 +++ b/raddb/mods-available/eap
-@@ -368,7 +368,7 @@ eap {
+@@ -370,7 +370,7 @@ eap {
- 		#
+ 		#  TLS cipher suites.  The format is listed
- 		#  For EAP-FAST, use "ALL:!EXPORT:!eNULL:!SSLv2"
+ 		#  in "man 1 ciphers".
  		#
 -		cipher_list = "DEFAULT"
 +		cipher_list = "PROFILE=SYSTEM"
  
  		#  If enabled, OpenSSL will use server cipher list
  		#  (possibly defined by cipher_list option above)
-@@ -912,7 +912,7 @@ eap {
+@@ -1008,7 +1008,7 @@ eap {
- 		#  Note - for OpenSSL 1.1.0 and above you may need
+ 		#  "DEFAULT" as "DEFAULT" contains "!aNULL" so instead it is
- 		#  to add ":@SECLEVEL=0"
+ 		#  recommended "ALL:!EXPORT:!eNULL:!SSLv2" is used
  		#
 -	#	cipher_list = "ALL:!EXPORT:!eNULL:!SSLv2"
 +	#	cipher_list = "PROFILE=SYSTEM"
@@ -47,18 +47,18 @@ index 576eb7739e..ffa07188e2 100644
  		#  You may want to set a very small fragment size.
  		#  The TLS data here needs to go inside of the
 diff --git a/raddb/sites-available/abfab-tls b/raddb/sites-available/abfab-tls
-index 92f1d6330e..cd69b3905a 100644
+index b8d0626bbe..073b2933c2 100644
 --- a/raddb/sites-available/abfab-tls
 +++ b/raddb/sites-available/abfab-tls
-@@ -19,7 +19,7 @@ listen {
+@@ -20,7 +20,7 @@ listen {
  		dh_file = ${certdir}/dh
  		fragment_size = 8192
  		ca_path = ${cadir}
 -		cipher_list = "DEFAULT"
 +		cipher_list = "PROFILE=SYSTEM"
- 
  		cache {
  			enable = no
+ 			lifetime = 24 # hours
 diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls
 index bbc761b1c5..83cd35b851 100644
 --- a/raddb/sites-available/tls

freeradius-no-buildtime-cert-gen.patch

@@ -15,23 +15,25 @@ diff --git a/Make.inc.in b/Make.inc.in
 index 0b2cd74de8..8c623cf95c 100644
 --- a/Make.inc.in
 +++ b/Make.inc.in
-@@ -173,3 +173,8 @@ else
+@@ -174,6 +174,10 @@ else
- 	TESTBINDIR = ./$(BUILD_DIR)/bin
  	TESTBIN    = ./$(BUILD_DIR)/bin
  endif
-+
+ 
 +#
 +#  With reproducible builds, do not generate certificates during installation
 +#
 +ENABLE_REPRODUCIBLE_BUILDS = @ENABLE_REPRODUCIBLE_BUILDS@
+ 
+ #
+ #  For creating documentation via doc/all.mk
 diff --git a/configure b/configure
 index c2c599c92b..3d4403a844 100755
 --- a/configure
 +++ b/configure
-@@ -655,6 +655,7 @@ RUSERS
+@@ -654,6 +654,7 @@ ACLOCAL
+ RUSERS
  SNMPWALK
  SNMPGET
- PERL
 +ENABLE_REPRODUCIBLE_BUILDS
  openssl_version_check_config
  WITH_DHCP

freeradius.spec

@@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
-Version: 3.0.21
+Version: 3.0.22
-Release: 12%{?dist}
+Release: 1%{?dist}
 License: GPLv2+ and LGPLv2+
 URL: http://www.freeradius.org/
 
@@ -410,7 +410,7 @@ exit 0
 %dir %attr(770,root,radiusd) /etc/raddb/certs
 %config(noreplace) /etc/raddb/certs/Makefile
 %config(noreplace) /etc/raddb/certs/passwords.mk
-/etc/raddb/certs/README
+/etc/raddb/certs/README.md
 %config(noreplace) /etc/raddb/certs/xpextensions
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/certs/*.cnf
 %attr(750,root,radiusd) /etc/raddb/certs/bootstrap
@@ -435,6 +435,7 @@ exit 0
 # sites-available
 %dir %attr(750,root,radiusd) /etc/raddb/sites-available
 /etc/raddb/sites-available/README
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/resource-check
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/control-socket
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/decoupled-accounting
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/robust-proxy-accounting
@@ -480,6 +481,9 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/detail.example.com
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/detail.log
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dhcp
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dhcp_files
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dhcp_passwd
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dhcp_sql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dhcp_sqlippool
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/digest
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dynamic_clients
@@ -517,9 +521,11 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/soh
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sometimes
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sql
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sql_map
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sqlcounter
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sqlippool
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sradutmp
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/totp
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unix
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unpack
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/utf8
@@ -613,7 +619,6 @@ exit 0
 %{_libdir}/freeradius/rlm_eap.so
 %{_libdir}/freeradius/rlm_eap_fast.so
 %{_libdir}/freeradius/rlm_eap_gtc.so
-%{_libdir}/freeradius/rlm_eap_leap.so
 %{_libdir}/freeradius/rlm_eap_md5.so
 %{_libdir}/freeradius/rlm_eap_mschapv2.so
 %{_libdir}/freeradius/rlm_eap_peap.so
@@ -644,7 +649,9 @@ exit 0
 %{_libdir}/freeradius/rlm_sql.so
 %{_libdir}/freeradius/rlm_sqlcounter.so
 %{_libdir}/freeradius/rlm_sqlippool.so
+%{_libdir}/freeradius/rlm_sql_map.so
 %{_libdir}/freeradius/rlm_sql_null.so
+%{_libdir}/freeradius/rlm_totp.so
 %{_libdir}/freeradius/rlm_unix.so
 %{_libdir}/freeradius/rlm_unpack.so
 %{_libdir}/freeradius/rlm_utf8.so
@@ -677,6 +684,7 @@ exit 0
 %doc %{_mandir}/man8/radiusd.8.gz
 %doc %{_mandir}/man8/radmin.8.gz
 %doc %{_mandir}/man8/radrelay.8.gz
+%doc %{_mandir}/man8/rlm_sqlippool_tool.8.gz
 
 # MIB files
 %{_datadir}/snmp/mibs/*RADIUS*.mib
@@ -745,14 +753,49 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/mysql/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/mysql/schema.sql
 
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mssql
+%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mssql/queries.conf
+%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mssql/schema.sql
+
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mysql
+%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mysql/queries.conf
+%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mysql/schema.sql
+%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mysql/setup.sql
+
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/dhcp/oracle
+%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/oracle/queries.conf
+%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/oracle/schema.sql
+
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/dhcp/postgresql
+%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/postgresql/queries.conf
+%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/postgresql/schema.sql
+%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/postgresql/setup.sql
+
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/dhcp/sqlite
+%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/sqlite/queries.conf
+%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/sqlite/schema.sql
+
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool/mysql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/mysql/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/mysql/schema.sql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/mysql/procedure.sql
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/mysql/procedure-no-skip-locked.sql
 
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/mysql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/procedure.sql
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/procedure-no-skip-locked.sql
+
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/mssql
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mssql/procedure.sql
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mssql/queries.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mssql/schema.sql
+
+%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/postgresql
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/postgresql/procedure.sql
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/postgresql/queries.conf
+%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/postgresql/schema.sql
 
 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/mysql
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/setup.sql
@@ -839,6 +882,10 @@ exit 0
 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest
 
 %changelog
+* Fri Jun 4 2021 Antonio Torres <antorres@redhat.com> - 3.0.22-1
+- Rebased to 3.0.22
+  Resolves: bz#1961190
+
 * Fri May 21 2021 Jitka Plesnikova <jplesnik@redhat.com> - 3.0.21-12
 - Perl 5.34 rebuild
 

sources

@@ -1 +1 @@
-SHA512 (freeradius-server-3.0.21.tar.bz2) = 18cc142caad2143e30bc54242e3824b5f659f2f6e8f3401c71ce3b9063de0bd8d206d84822c4ad1d99457dfd7121333d4accd0c8340fcfc6b33b8fbe24a31729
+SHA512 (freeradius-server-3.0.22.tar.bz2) = eaded3e67b7016997ffb7f84366f654d6e40117e6588d10be21ebb86cb796cba8b6a138c8fbf01634d63898b0dd116666d41c78a0fc01d76b0415f16b45b4a6f