Package: freeradius / 3.0.12+dfsg-5+deb9u1

Metadata

Package Version Patches format
freeradius 3.0.12+dfsg-5+deb9u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
disable session cache CVE 2017 9148.patch | (download)

src/main/tls.c | 8 4 + 4 - 0 !
1 file changed, 4 insertions(+), 4 deletions(-)

 
 disable session caching in the server (as opposed to in the
 config, which would be way harder to get right) to address
 https://security-tracker.debian.org/tracker/CVE-2017-9148
debian local/0001 Rename radius to freeradius.patch | (download)

Make.inc.in | 2 1 + 1 - 0 !
man/man8/radiusd.8 | 10 5 + 5 - 0 !
raddb/radiusd.conf.in | 6 3 + 3 - 0 !
raddb/sites-available/control-socket | 4 2 + 2 - 0 !
scripts/monit/freeradius.monitrc | 6 3 + 3 - 0 !
src/main/radiusd.c | 11 2 + 9 - 0 !
6 files changed, 16 insertions(+), 23 deletions(-)

 
 rename radius to freeradius
Last-Updated: 2016-09-16
0002 gitignore.diff.patch | (download)

.gitignore | 14 14 + 0 - 0 !
1 file changed, 14 insertions(+)

 
 gitignore.diff
0006 jradius.diff.patch | (download)

src/modules/stable | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 
 jradius.diff
0009 dhcp sqlipool Comment out mysql.patch | (download)

raddb/mods-available/dhcp_sqlippool | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 
 dhcp sqlipool: comment out mysql

So freeradius does not depend on freeradius-mysql
debian local/0010 version.c disable openssl version check.patch | (download)

src/main/radiusd.c | 8 0 + 8 - 0 !
1 file changed, 8 deletions(-)

 
 version.c: disable openssl version check

For Debian we don't want to require that the built OpenSSL be the same
as the linked OpenSSL.  Debian will be responsible for changing the
soname if the ABI changes.  The version check causes the freeradius
packages to fail whenever a new OpenSSL is built.

Patch-Category: debian-local
spelling fixes.diff | (download)

man/man5/dictionary.5 | 2 1 + 1 - 0 !
man/man5/radrelay.conf.5 | 2 1 + 1 - 0 !
man/man5/unlang.5 | 18 9 + 9 - 0 !
src/lib/debug.c | 2 1 + 1 - 0 !
src/modules/proto_dhcp/dhcpd.c | 2 1 + 1 - 0 !
src/modules/rlm_krb5/rlm_krb5.c | 2 1 + 1 - 0 !
src/modules/rlm_mschap/rlm_mschap.c | 2 1 + 1 - 0 !
7 files changed, 15 insertions(+), 15 deletions(-)

 
---
dont install tests.diff | (download)

src/main/radattr.mk | 1 1 + 0 - 0 !
src/tests/map/map_unit.mk | 1 1 + 0 - 0 !
2 files changed, 2 insertions(+)

 
---
mkdirp.diff | (download)

install-sh | 698 474 + 224 - 0 !
1 file changed, 474 insertions(+), 224 deletions(-)

 
 fixes parallel build
openssl autoconf.diff | (download)

configure | 23 12 + 11 - 0 !
configure.ac | 2 1 + 1 - 0 !
2 files changed, 13 insertions(+), 12 deletions(-)

 
---
openssl 1.1.diff | (download)

src/include/tls-h | 17 17 + 0 - 0 !
src/main/tls.c | 10 8 + 2 - 0 !
src/modules/rlm_eap/libeap/mppe_keys.c | 58 38 + 20 - 0 !
src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c | 4 2 + 2 - 0 !
src/modules/rlm_eap/types/rlm_eap_pwd/configure | 44 28 + 16 - 0 !
src/modules/rlm_eap/types/rlm_eap_pwd/configure.ac | 4 2 + 2 - 0 !
src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c | 121 71 + 50 - 0 !
src/modules/rlm_otp/otp_radstate.c | 15 8 + 7 - 0 !
src/modules/rlm_wimax/rlm_wimax.c | 62 31 + 31 - 0 !
9 files changed, 205 insertions(+), 130 deletions(-)

 
 largely backported from freeradius 4.x, rest forwarded
snakeoil certs.diff | (download)

raddb/mods-available/eap | 6 3 + 3 - 0 !
raddb/mods-available/inner-eap | 6 3 + 3 - 0 !
raddb/sites-available/abfab-tls | 6 3 + 3 - 0 !
raddb/sites-available/tls | 12 6 + 6 - 0 !
4 files changed, 15 insertions(+), 15 deletions(-)

 
 use snakeoil certificates.
manpage fixes.diff | (download)

man/man1/rad_counter.1 | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 
 fixes man error: macro `ir(hours|minutes|seconds)' not defined
fr ad 001.patch | (download)

src/main/conffile.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [patch] fr-ad-001 - (v3) use strncmp() instead of memcmp() for
 bounded data
fr gv 201.patch | (download)

src/lib/radius.c | 17 11 + 6 - 0 !
1 file changed, 11 insertions(+), 6 deletions(-)

 
 [patch] fr-gv-201 - check input / output length in make_secret()
fr gv 206.patch | (download)

src/modules/proto_dhcp/dhcp.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 [patch] fr-gv-206 - decode option 60 (string) not 63 (octets), and
 check length
fr gv 301.patch | (download)

src/lib/radius.c | 181 132 + 49 - 0 !
src/tests/unit/wimax.txt | 12 12 + 0 - 0 !
2 files changed, 144 insertions(+), 49 deletions(-)

 
 [patch] fr-gv-301 - handle malformed wimax attributes
fr gv 302.patch | (download)

src/lib/radius.c | 10 9 + 1 - 0 !
src/tests/unit/rfc.txt | 12 12 + 0 - 0 !
2 files changed, 21 insertions(+), 1 deletion(-)

 
 [patch] fr-gv-302 - do checks based on pointers, not on decoded data

because decoded data may be empty
fr gv 303.patch | (download)

src/modules/proto_dhcp/dhcp.c | 20 9 + 11 - 0 !
1 file changed, 9 insertions(+), 11 deletions(-)

 
 [patch] fr-gv-303 - do memchr() of end-p, not q-p
fr gv 304.patch | (download)

src/modules/proto_dhcp/dhcp.c | 18 18 + 0 - 0 !
1 file changed, 18 insertions(+)

 
 [patch] fr-gv-304 - check for option overflowing the packet
fr gv 305.patch | (download)

src/lib/radius.c | 2 1 + 1 - 0 !
src/tests/dictionary.test | 1 1 + 0 - 0 !
src/tests/unit/wimax.txt | 6 6 + 0 - 0 !
3 files changed, 8 insertions(+), 1 deletion(-)

 
 [patch] fr-gv-305 read the correct offset instead of uninitialized
 memory