Latest stable release, contains security fixes for EAP-PWD (side-channel leak), logrotate settings (CVE-2019-10143) and a DoS issue due to multithreaded BN_CTX access (CVE-2019-17185).
Also refreshed patches/002-disable-session-cache-CVE-2017-9148.patch due to the following changes/commits in freeradius:
bf1a1eda23a3c46544b3
Signed-off-by: Robby K <robbyke@gmail.com>
This applies a patch from upstream that avoids a call to ENGINE_cleanup
when the openssl library was built without engine support.
A workaround for a missing header check was used to silence a warning
about the implicit definition of RAND_load_file. A proper fix has been
merged upstream as well.
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
- Moves /etc/freeradius3/sites-{enabled,available}/inner-tunnel to be part of
the freeradius3-mod-eap package. This prevents conflicts between
freeradius3-mod-eap-peap and freeradius3-mod-eap-ttls which both included the
file before. This fixes LEDE bug FS#678.
- Change the demo cert validity to be 1 year instead of 60 days. Should keep the
cert valid for the duration of the LEDE release cycle (with some slack). This
fixes#4239.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
Robby K
Jeffery To
David Yang
Eneas U de Queiroz
Hauke Mehrtens
Toke Høiland-Jørgensen