Browse Source

freeradius3: Update to 3.0.20

Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185).

Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius:
bf1a1eda23
a3c46544b3

Signed-off-by: Robby K <robbyke@gmail.com>
lilik-openwrt-22.03
Robby K 5 years ago
parent
commit
a4202ca4ff
2 changed files with 17 additions and 17 deletions
  1. +4
    -4
      net/freeradius3/Makefile
  2. +13
    -13
      net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch

+ 4
- 4
net/freeradius3/Makefile View File

@ -1,5 +1,5 @@
# #
# Copyright (C) 2008-2016 OpenWrt.org
# Copyright (C) 2008-2020 OpenWrt.org
# #
# This is free software, licensed under the GNU General Public License v2. # This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information. # See /LICENSE for more information.
@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=freeradius3 PKG_NAME:=freeradius3
PKG_VERSION:=release_3_0_19
PKG_RELEASE:=2
PKG_VERSION:=release_3_0_20
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive
PKG_HASH:=34c50ac47a683b13eae1a02f2d0263c0bd51a83f01b99c02c5fe25df07a1ee77
PKG_HASH:=8177fe550af6685a040884dbe3df28431bdc5a8d3a48a9f4f88bdb49f2d0e90c
PKG_MAINTAINER:= PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0 PKG_LICENSE:=GPL-2.0


+ 13
- 13
net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch View File

@ -3,22 +3,13 @@ Description: disable session caching in the server (as opposed to in the
https://security-tracker.debian.org/tracker/CVE-2017-9148 https://security-tracker.debian.org/tracker/CVE-2017-9148
Author: Michael Stapelberg <stapelberg@debian.org> Author: Michael Stapelberg <stapelberg@debian.org>
Forwarded: not-needed Forwarded: not-needed
Last-Update: 2017-05-30
Last-Update: 2020-01-24
--- ---
--- a/src/main/tls.c --- a/src/main/tls.c
+++ b/src/main/tls.c +++ b/src/main/tls.c
@@ -594,7 +594,7 @@ tls_session_t *tls_new_session(TALLOC_CT
*
* FIXME: Also do it every N sessions?
*/
- if (conf->session_cache_enable &&
+ if (/*conf->session_cache_enable*/0 &&
((conf->session_last_flushed + ((int)conf->session_timeout * 1800)) <= request->timestamp)){
RDEBUG2("Flushing SSL sessions (of #%ld)", SSL_CTX_sess_number(conf->ctx));
@@ -689,7 +689,7 @@ tls_session_t *tls_new_session(TALLOC_CT
@@ -675,7 +675,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU
state->mtu = vp->vp_integer; state->mtu = vp->vp_integer;
} }
@ -27,7 +18,7 @@ Last-Update: 2017-05-30
return state; return state;
} }
@@ -3277,7 +3277,7 @@ post_ca:
@@ -3292,7 +3292,7 @@ post_ca:
/* /*
* Callbacks, etc. for session resumption. * Callbacks, etc. for session resumption.
*/ */
@ -36,7 +27,7 @@ Last-Update: 2017-05-30
/* /*
* Cache sessions on disk if requested. * Cache sessions on disk if requested.
*/ */
@@ -3347,7 +3347,7 @@ post_ca:
@@ -3362,7 +3362,7 @@ post_ca:
/* /*
* Setup session caching * Setup session caching
*/ */
@ -45,3 +36,12 @@ Last-Update: 2017-05-30
/* /*
* Create a unique context Id per EAP-TLS configuration. * Create a unique context Id per EAP-TLS configuration.
*/ */
@@ -3531,7 +3531,7 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs)
goto error;
}
- if (conf->session_cache_enable) {
+ if (/*conf->session_cache_enable*/0) {
CONF_SECTION *subcs;
CONF_ITEM *ci;

Loading…
Cancel
Save