LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12691 Commits
1 Branch
46 MiB
Tree: d1174d7779
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd1174d7779'
${ noResults }
openwrt-packages-dist/net/freeradius3/patches/002-disable-session-cache-C...

47 lines
1.4 KiB
Raw Normal View History

freeradius3: fix CVE-2017-9148 This takes the fix for CVE-2017-9148 from Debian. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years ago
freeradius3: update to 3.0.17 Latest stable release, support for openssl 1.1 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
freeradius3: fix CVE-2017-9148 This takes the fix for CVE-2017-9148 from Debian. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years ago
freeradius3: update to 3.0.17 Latest stable release, support for openssl 1.1 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
freeradius3: fix CVE-2017-9148 This takes the fix for CVE-2017-9148 from Debian. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years ago
freeradius3: update to 3.0.17 Latest stable release, support for openssl 1.1 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
freeradius3: fix CVE-2017-9148 This takes the fix for CVE-2017-9148 from Debian. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years ago
freeradius3: update to 3.0.17 Latest stable release, support for openssl 1.1 Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
6 years ago
freeradius3: fix CVE-2017-9148 This takes the fix for CVE-2017-9148 from Debian. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
7 years ago
 
  1. Description: disable session caching in the server (as opposed to in the
  2.  config, which would be way harder to get right) to address
  3.  https://security-tracker.debian.org/tracker/CVE-2017-9148
  4. Author: Michael Stapelberg <stapelberg@debian.org>
  5. Forwarded: not-needed
  6. Last-Update: 2017-05-30
  7. 

  8. ---

  9. 

  10. --- a/src/main/tls.c

  11. +++ b/src/main/tls.c

  12. @@ -594,7 +594,7 @@ tls_session_t *tls_new_session(TALLOC_CT

  13.  	 *
  14.  	 *	FIXME: Also do it every N sessions?
  15.  	 */
  16. -	if (conf->session_cache_enable &&

  17. +	if (/*conf->session_cache_enable*/0 &&

  18.  	    ((conf->session_last_flushed + ((int)conf->session_timeout * 1800)) <= request->timestamp)){
  19.  		RDEBUG2("Flushing SSL sessions (of #%ld)", SSL_CTX_sess_number(conf->ctx));
  20.  
  21. @@ -689,7 +689,7 @@ tls_session_t *tls_new_session(TALLOC_CT

  22.  		state->mtu = vp->vp_integer;
  23.  	}
  24.  
  25. -	if (conf->session_cache_enable) state->allow_session_resumption = true; /* otherwise it's false */

  26. +	if (/*conf->session_cache_enable*/0) state->allow_session_resumption = true; /* otherwise it's false */

  27.  
  28.  	return state;
  29.  }
  30. @@ -3151,7 +3151,7 @@ post_ca:

  31.  	/*
  32.  	 *	Callbacks, etc. for session resumption.
  33.  	 */
  34. -	if (conf->session_cache_enable) {

  35. +	if (/*conf->session_cache_enable*/0) {

  36.  		/*
  37.  		 *	Cache sessions on disk if requested.
  38.  		 */
  39. @@ -3221,7 +3221,7 @@ post_ca:

  40.  	/*
  41.  	 *	Setup session caching
  42.  	 */
  43. -	if (conf->session_cache_enable) {

  44. +	if (/*conf->session_cache_enable*/0) {

  45.  		/*
  46.  		 *	Create a unique context Id per EAP-TLS configuration.
  47.  		 */