Path to this page:
Subject: CVS commit: pkgsrc/net/freeradius2
From: Adam Ciarcinski
Date: 2019-07-04 14:26:48
Message id: 20190704122648.7FB3FFBF4@cvs.NetBSD.org
Log Message:
freeradius2: updated to 2.2.10
Version 2.2.10:
BUG FIXES
Fix multiple security issues. See http://freeradius.org/security/fuzzer-2017.html
FR-GV-207 Avoid zero-length malloc() in data2vp().
FR-GV-206 correct decoding of option 60.
FR-GV-205 check for "too long" WiMAX options.
FR-GV-204 free VP if decoding fails, so we don't leak memory.
FR-GV-203 fix memory leak when using decode_tlv().
FR-GV-202 check for "too long" attributes.
FR-GV-201 check input/output length in make_secret().
FR-AD-001 Use strncmp() instead of memcmp() for bounded data.
Disable in-memory TLS session caches due to OpenSSL API issues.
Allow issuer_cert to be empty.
Look for extensions using correct index.
Fix types.
Work around OpenSSL 1.0.2 problems, which cause failures in TLS-based EAP methods.
Revert RedHat contributed bug which removes run-time checks for OpenSSL consistency.
Allow OCSP responder URL to be later in the packet
Catch empty subject and non-existent issuer cert in OCSP
Allow non-FIPS for MD5
Files: