From 520ac45ca84395ab762677a105fe353f1f3356a3 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Tue, 19 Apr 2016 12:26:32 +0200 Subject: [PATCH 1/2] freeradius2: update to version 2.2.9 Signed-off-by: Daniel Golle --- net/freeradius2/Makefile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/freeradius2/Makefile b/net/freeradius2/Makefile index 0cce17f313..2c87dbbfc8 100644 --- a/net/freeradius2/Makefile +++ b/net/freeradius2/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=freeradius2 -PKG_VERSION:=2.2.8 -PKG_RELEASE:=2 +PKG_VERSION:=2.2.9 +PKG_RELEASE:=1 PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=\ ftp://ftp.freeradius.org/pub/freeradius/ \ ftp://ftp.freeradius.org/pub/freeradius/old/ -PKG_MD5SUM:=0adc2454392ab8a43664dea416022e28 +PKG_MD5SUM:=d1398327ba4e23c75da06d8a0e01096b PKG_MAINTAINER:=Daniel Golle PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYRIGHT LICENSE From 1657a09a2d0ecb046cd04dadb07ddd144e236658 Mon Sep 17 00:00:00 2001 From: Zoltan HERPAI Date: Mon, 21 May 2018 13:01:51 +0200 Subject: [PATCH 2/2] freeradius2: bump to 2.2.10 - Fix multiple security issues. See http://freeradius.org/security/fuzzer-2017.html Thanks to Guido Vranken for working with us to discover the issues and test the fixes. - FR-GV-207 Avoid zero-length malloc() in data2vp(). - FR-GV-206 correct decoding of option 60. - FR-GV-205 check for "too long" WiMAX options. - FR-GV-204 free VP if decoding fails, so we don't leak memory. - FR-GV-203 fix memory leak when using decode_tlv(). - FR-GV-202 check for "too long" attributes. - FR-GV-201 check input/output length in make_secret(). - FR-AD-001 Use strncmp() instead of memcmp() for bounded data. - Disable in-memory TLS session caches due to OpenSSL API issues. - Allow issuer_cert to be empty. - Look for extensions using correct index. - Fix types. - Work around OpenSSL 1.0.2 problems, which cause failures in TLS-based EAP methods. - Revert RedHat contributed bug which removes run-time checks for OpenSSL consistency. - Allow OCSP responder URL to be later in the packet Fix by Ean Pasternak. - Catch empty subject and non-existent issuer cert in OCSP Fix by Ean Pasternak. - Allow non-FIPS for MD5 Fix by Ean Pasternak. Signed-off-by: Zoltan HERPAI --- net/freeradius2/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/freeradius2/Makefile b/net/freeradius2/Makefile index 2c87dbbfc8..d409386602 100644 --- a/net/freeradius2/Makefile +++ b/net/freeradius2/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=freeradius2 -PKG_VERSION:=2.2.9 +PKG_VERSION:=2.2.10 PKG_RELEASE:=1 PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=\ ftp://ftp.freeradius.org/pub/freeradius/ \ ftp://ftp.freeradius.org/pub/freeradius/old/ -PKG_MD5SUM:=d1398327ba4e23c75da06d8a0e01096b +PKG_MD5SUM:=f1ce12d2b8258585cb3d525f5bdfeb17 PKG_MAINTAINER:=Daniel Golle PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYRIGHT LICENSE