Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

freeradius3: Update to 3.0.20

Browse source 
Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185).

Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius:
bf1a1eda23
a3c46544b3

Signed-off-by: Robby K <robbyke@gmail.com>
This commit is contained in:
Robby K 2020-01-26 14:43:06 +01:00
parent eab36f8a67
commit b3c1a67ff1
2 changed files with 17 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
net/freeradius3/Makefile
View file

@ -1,5 +1,5 @@
# #
# Copyright (C) 2008-2016 OpenWrt.org # Copyright (C) 2008-2020 OpenWrt.org
# #
# This is free software, licensed under the GNU General Public License v2. # This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information. # See /LICENSE for more information.
@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=freeradius3 PKG_NAME:=freeradius3
PKG_VERSION:=release_3_0_19 PKG_VERSION:=release_3_0_20
PKG_RELEASE:=2 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive
PKG_HASH:=34c50ac47a683b13eae1a02f2d0263c0bd51a83f01b99c02c5fe25df07a1ee77 PKG_HASH:=8177fe550af6685a040884dbe3df28431bdc5a8d3a48a9f4f88bdb49f2d0e90c
PKG_MAINTAINER:= PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0 PKG_LICENSE:=GPL-2.0

26
net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch
View file

@ -3,22 +3,13 @@ Description: disable session caching in the server (as opposed to in the
https://security-tracker.debian.org/tracker/CVE-2017-9148 https://security-tracker.debian.org/tracker/CVE-2017-9148
Author: Michael Stapelberg <stapelberg@debian.org> Author: Michael Stapelberg <stapelberg@debian.org>
Forwarded: not-needed Forwarded: not-needed
Last-Update: 2017-05-30 Last-Update: 2020-01-24
--- ---
--- a/src/main/tls.c --- a/src/main/tls.c
+++ b/src/main/tls.c +++ b/src/main/tls.c
@@ -594,7 +594,7 @@ tls_session_t *tls_new_session(TALLOC_CT @@ -675,7 +675,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU
*
* FIXME: Also do it every N sessions?
*/
- if (conf->session_cache_enable &&
+ if (/*conf->session_cache_enable*/0 &&
((conf->session_last_flushed + ((int)conf->session_timeout * 1800)) <= request->timestamp)){
RDEBUG2("Flushing SSL sessions (of #%ld)", SSL_CTX_sess_number(conf->ctx));
@@ -689,7 +689,7 @@ tls_session_t *tls_new_session(TALLOC_CT
state->mtu = vp->vp_integer; state->mtu = vp->vp_integer;
} }
@ -27,7 +18,7 @@ Last-Update: 2017-05-30
return state; return state;
} }
@@ -3277,7 +3277,7 @@ post_ca: @@ -3292,7 +3292,7 @@ post_ca:
/* /*
* Callbacks, etc. for session resumption. * Callbacks, etc. for session resumption.
*/ */
@ -36,7 +27,7 @@ Last-Update: 2017-05-30
/* /*
* Cache sessions on disk if requested. * Cache sessions on disk if requested.
*/ */
@@ -3347,7 +3347,7 @@ post_ca: @@ -3362,7 +3362,7 @@ post_ca:
/* /*
* Setup session caching * Setup session caching
*/ */
@ -45,3 +36,12 @@ Last-Update: 2017-05-30
/* /*
* Create a unique context Id per EAP-TLS configuration. * Create a unique context Id per EAP-TLS configuration.
*/ */
@@ -3531,7 +3531,7 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs)
goto error;
}
- if (conf->session_cache_enable) {
+ if (/*conf->session_cache_enable*/0) {
CONF_SECTION *subcs;
CONF_ITEM *ci;