LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23686 Commits
1 Branch
46 MiB
Tree: 26a9b47588
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '26a9b47588'
${ noResults }
openwrt-packages-dist/net/freeradius3/patches/002-disable-session-cache-C...

47 lines
1.3 KiB
Raw Normal View History

freeradius3: fix CVE-2017-9148 This takes the fix for CVE-2017-9148 from Debian. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
8 years ago
freeradius3: Refreshed patches/002-disable-session-cache-CVE-2017-9148.patch in preparation for the 3.0.21 update. Signed-off-by: Robby K <robbyke@gmail.com>
5 years ago
freeradius3: fix CVE-2017-9148 This takes the fix for CVE-2017-9148 from Debian. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
8 years ago
treewide: Run refresh on all packages The crude loop I wrote to come up with this changeset: find -L package/feeds/packages/ -name patches | \ sed 's/patches$/refresh/' | sort | xargs make Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
4 years ago
freeradius3: fix CVE-2017-9148 This takes the fix for CVE-2017-9148 from Debian. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
8 years ago
freeradius3: Refreshed patches/002-disable-session-cache-CVE-2017-9148.patch in preparation for the 3.0.21 update. Signed-off-by: Robby K <robbyke@gmail.com>
5 years ago
freeradius3: fix CVE-2017-9148 This takes the fix for CVE-2017-9148 from Debian. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
8 years ago
freeradius3: Refreshed patches/002-disable-session-cache-CVE-2017-9148.patch in preparation for the 3.0.21 update. Signed-off-by: Robby K <robbyke@gmail.com>
5 years ago
freeradius3: fix CVE-2017-9148 This takes the fix for CVE-2017-9148 from Debian. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
8 years ago
treewide: Run refresh on all packages The crude loop I wrote to come up with this changeset: find -L package/feeds/packages/ -name patches | \ sed 's/patches$/refresh/' | sort | xargs make Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
4 years ago
freeradius3: Update to 3.0.20 Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185). Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius: https://github.com/FreeRADIUS/freeradius-server/commit/bf1a1eda2387745bbe538998f3d2e6514f981bfd https://github.com/FreeRADIUS/freeradius-server/commit/a3c46544b38ab46218c385d0ee197538fad5b3da Signed-off-by: Robby K <robbyke@gmail.com>
5 years ago
 
  1. Description: disable session caching in the server (as opposed to in the
  2.  config, which would be way harder to get right) to address
  3.  https://security-tracker.debian.org/tracker/CVE-2017-9148
  4. Author: Michael Stapelberg <stapelberg@debian.org>
  5. Forwarded: not-needed
  6. Last-Update: 2020-04-28
  7. 

  8. ---

  9. 

  10. --- a/src/main/tls.c

  11. +++ b/src/main/tls.c

  12. @@ -675,7 +675,7 @@ tls_session_t *tls_new_session(TALLOC_CT

  13.  		state->mtu = vp->vp_integer;
  14.  	}
  15.  
  16. -	if (conf->session_cache_enable) state->allow_session_resumption = true; /* otherwise it's false */

  17. +	if (/*conf->session_cache_enable*/0) state->allow_session_resumption = true; /* otherwise it's false */

  18.  
  19.  	return state;
  20.  }
  21. @@ -3332,7 +3332,7 @@ post_ca:

  22.  	/*
  23.  	 *	Callbacks, etc. for session resumption.
  24.  	 */
  25. -	if (conf->session_cache_enable) {

  26. +	if (/*conf->session_cache_enable*/0) {

  27.  		/*
  28.  		 *	Cache sessions on disk if requested.
  29.  		 */
  30. @@ -3402,7 +3402,7 @@ post_ca:

  31.  	/*
  32.  	 *	Setup session caching
  33.  	 */
  34. -	if (conf->session_cache_enable) {

  35. +	if (/*conf->session_cache_enable*/0) {

  36.  		/*
  37.  		 *	Create a unique context Id per EAP-TLS configuration.
  38.  		 */
  39. @@ -3571,7 +3571,7 @@ fr_tls_server_conf_t *tls_server_conf_pa

  40.  		goto error;
  41.  	}
  42.  
  43. -	if (conf->session_cache_enable) {

  44. +	if (/*conf->session_cache_enable*/0) {

  45.  		CONF_SECTION	*subcs;
  46.  		CONF_ITEM	*ci;
  47.