microsoft · jykanase · Feb 3, 2025 · Feb 9, 2025
@@ -83,4 +83,5 @@ index 137fcbc6cc..a65f8a8711 100644
  		#
  		#  Connection timeout for outgoing TLS connections.
 -- 
-2.21.0
+2.21.0
+
@@ -0,0 +1,35 @@
+The backtrace_symbols function expects a pointer to an array of void *
+values, not a pointer to an array of a single element. Removing the
+address operator ensures that the right type is used.
+
+This avoids an unconditional failure of this probe with compilers that
+treat incompatible pointer types as a compilation error.
+
+Submitted upstream: <https://github.com/FreeRADIUS/freeradius-server/pull/5246>
+
+diff --git a/configure b/configure
+index ed01ee2bdd912f63..1e6d2284779cdd58 100755
+--- a/configure
++++ b/configure
+@@ -13390,7 +13390,7 @@ main (void)
+ {
+
+         void *sym[1];
+-        backtrace_symbols(&sym, sizeof(sym))
++        backtrace_symbols(sym, sizeof(sym))
+   ;
+   return 0;
+ }
+diff --git a/configure.ac b/configure.ac
+index 76320213b51d7bb4..6a689711d6c90483 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2168,7 +2168,7 @@ if test "x$ac_cv_header_execinfo_h" = "xyes"; then
+         #include <execinfo.h>
+       ]], [[
+         void *sym[1];
+-        backtrace_symbols(&sym, sizeof(sym)) ]])],[
++        backtrace_symbols(sym, sizeof(sym)) ]])],[
+         AC_MSG_RESULT(yes)
+         ac_cv_lib_execinfo_backtrace_symbols="yes"
+       ],[
@@ -0,0 +1,35 @@
+From: Antonio Torres <[email protected]>
+Date: Tue, 12 Sep 2023
+Subject: Ease OpenSSL version check requirement
+
+FreeRADIUS includes an OpenSSL version check that compares built vs linked version,
+and fails to start if this check fails. We can ease this requirement in Fedora/RHEL as 
+ABI changes are tracked and soname is changed accordingly, as discussed in previous 
+Bugzilla for this issue [1].
+
+[1]: https://bugzilla.redhat.com/show_bug.cgi?id=1299388
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2238511
+Signed-off-by: Antonio Torres <[email protected]>
+---
+ src/main/version.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/main/version.c b/src/main/version.c
+index c190337c1d..fee2150eb2 100644
+--- a/src/main/version.c
++++ b/src/main/version.c
+@@ -79,11 +79,11 @@ int ssl_check_consistency(void)
+ 	 */
+ 	if ((ssl_linked & 0x0000000f) != (ssl_built & 0x0000000f)) {
+ 	mismatch:
+-		ERROR("libssl version mismatch.  built: %lx linked: %lx",
++		DEBUG2("libssl version mismatch.  built: %lx linked: %lx",
+ 		      (unsigned long) ssl_built,
+ 		      (unsigned long) ssl_linked);
+
+-		return -1;
++		return 0;
+ 	}
+
+ 	/*
@@ -0,0 +1,31 @@
+From: Antonio Torres <[email protected]>
+Date: Fri, 28 Jan 2022
+Subject: Use infinite timeout when using LDAP+start-TLS
+
+This will ensure that the TLS connection to the LDAP server will complete
+before starting FreeRADIUS, as it forces libldap to use a blocking socket during 
+the process. Infinite timeout is the OpenLDAP default.
+Avoids this: https://git.openldap.org/openldap/openldap/-/blob/87ffc60006298069a5a044b8e63dab27a61d3fdf/libraries/libldap/tls2.c#L1134
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1992551
+Signed-off-by: Antonio Torres <[email protected]>
+---
+ src/modules/rlm_ldap/ldap.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/modules/rlm_ldap/ldap.c b/src/modules/rlm_ldap/ldap.c
+index cf7a84e069..841bf888a1 100644
+--- a/src/modules/rlm_ldap/ldap.c
++++ b/src/modules/rlm_ldap/ldap.c
+@@ -1472,7 +1472,10 @@ void *mod_conn_create(TALLOC_CTX *ctx, void *instance)
+ 	}
+
+ #ifdef LDAP_OPT_NETWORK_TIMEOUT
+-	if (inst->net_timeout) {
++	bool using_tls = inst->start_tls ||
++					 inst->port == 636 ||
++					 strncmp(inst->server, "ldaps://", strlen("ldaps://")) == 0;
++	if (inst->net_timeout && !using_tls) {
+ 		memset(&tv, 0, sizeof(tv));
+ 		tv.tv_sec = inst->net_timeout;
+
@@ -27,27 +27,26 @@ index 0b2cd74de8..8c623cf95c 100644
  #
  #  For creating documentation via doc/all.mk
 diff --git a/configure b/configure
-index 77a1436510..74ff9a1fd4 100755
+index 5041ca264f..ed01ee2bdd 100755
 --- a/configure
 +++ b/configure
-@@ -652,6 +652,7 @@ AUTOCONF
+@@ -679,6 +679,7 @@ AUTOCONF
  ACLOCAL
  RUSERS
  SNMPWALK
 +ENABLE_REPRODUCIBLE_BUILDS
  SNMPGET
  openssl_version_check_config
  WITH_DHCP
-@@ -5961,7 +5962,7 @@ else
-   openssl_version_check_config=
- fi
+@@ -6976,6 +6977,7 @@ fi
+
 
--
-+ENABLE_REPRODUCIBLE_BUILDS=yes
  # Check whether --enable-reproducible-builds was given.
- if test "${enable_reproducible_builds+set}" = set; then :
++ENABLE_REPRODUCIBLE_BUILDS=yes
+ if test ${enable_reproducible_builds+y}
+ then :
    enableval=$enable_reproducible_builds;  case "$enableval" in
-@@ -5973,6 +5974,7 @@ $as_echo "#define ENABLE_REPRODUCIBLE_BUILDS 1" >>confdefs.h
+@@ -6987,6 +6989,7 @@ printf "%s\n" "#define ENABLE_REPRODUCIBLE_BUILDS 1" >>confdefs.h
      ;;
    *)
      reproducible_builds=no

@@ -2,9 +2,9 @@
  "Signatures": {
   "freeradius-logrotate": "d9f040861ee70def0c6fd6bad8b901503e1b48b5283cd319f72b28c6493ba29d",
   "freeradius-pam-conf": "5e7dc31dd832ee6365c32bbe8042863ef8381cb1f076dfad72caa2e86d7050d7",
-  "freeradius-server-3.2.3.tar.bz2": "4a16aeffbfa1424e1f317fdf71d17e5523a4fd9564d87c747a60595ef93c5d1f",
+  "freeradius-server-3.2.5.tar.bz2": "0fe4f57b28b942c5e5955f48a88769817ca287a830b939d7120ffcff3fcdba88",
   "freeradius-tmpfiles.conf": "125b30adfdee54a4ae3865e7a75ad71b91c1385190a2d3fb876cf20cfc923a08",
   "freeradius.sysusers": "313b1c8868c014ae368861a92356818f16fabae594ba6483981097b2d815efe2",
-  "radiusd.service": "300647599fcd3f96d2a8065dd49bfeab086a6353c6f97bd32edc698e3550e312"
+  "radiusd.service": "bd5b8c9675a9884e5625a02b12262da30ef6bb84379724593b1d7d2610a02a88"
  }
-}
+}
-Original file line number
+Diff line change
@@ Expand Up / @@ -83,4 +83,5 @@ index 137fcbc6cc..a65f8a8711 100644 @@
      		#
      		#  Connection timeout for outgoing TLS connections.
     --
-.21.0
+.21.0