-
Thu Jun 15 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-6
- Avoid race condition when creating session cache file
Resolves: Bug#1458746 CVE-2017-9148 freeradius: TLS resumption
authentication bypass
-
Tue Jun 06 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-5
- Refer to correct package version in configuration comments for Bug#1458746
(CVE-2017-9148) fix.
Related: Bug#1458746 CVE-2017-9148 freeradius: TLS resumption
authentication bypass
-
Tue Jun 06 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-4
- Disable internal OpenSSL cache.
Resolves: Bug#1458746 CVE-2017-9148 freeradius: TLS resumption
authentication bypass
- Check sizeof(*packet), not sizeof(packet) in EAP-PWD
Resolves: Bug#1459073 Potential buffer overflow in FreeRADIUS EAP-PWD
- Parse port as well as address for dhcpclient destination
Resolves: Bug#1457825 dhcpclient does no accept IP:PORT
-
Wed Mar 29 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-3
- Explicitly disable rlm_cache_memcached to avoid error when the module's
dependencies are installed, and it is built, but not packaged.
Related: Bug#1202751 Rebase FreeRADIUS to 3.0.12 or later minor release
- Prevent segfaults by adding a missing handling of connection errors in
rlm_ldap.
Resolves: Bug#1437409 [abrt] freeradius: radiusd killed by SIGSEGV
- Make radtest use Cleartext-Password for EAP, fixing its support for eap-md5.
Resolves: Bug#1436619 radtest does not work with eap-md5
-
Thu Mar 23 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-2
- Fix some issues found with static analyzers.
Resolves: Bug#1432103 FreeRADIUS fails covscan checks
- Revert rlm_eap_tnc removal, because the tncfhh package is still in RHEL.
Related: Bug#1202751 Rebase FreeRADIUS to 3.0.12 or later minor release
-
Tue Mar 07 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.13-1
- Upgrade to upstream v3.0.13 release.
See upstream ChangeLog for details (in freeradius-doc subpackage).
Related: Bug#1202751 Rebase FreeRADIUS to 3.0.12 or later minor release
Resolves: Bug#1329181 freeradius-python fix libpython2.7.so dependency at
compile time
Resolves: Bug#1425869 Radiusd does not trigger modules.sql.fail trap if it
can't connect to mysql server
Resolves: Bug#1427829 Stack overflow when passing bare IPv6 to radclient
-
Tue Feb 21 2017 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.12-2
- Do not fail logrotate if radiusd is not running.
Resolves: Bug#1365226 error running non-shared postrotate script for
/var/log/radius/radius.log of
'/var/log/radius/radius.log '
- Fix output to log file specified with -l option.
Resolves: Bug#1421207 radiusd does not work with log file specified by -l
option
- Fix long hostnames interpreted as IP addresses.
Resolves: Bug#1420359 radclient does not detect 4. level and higher domain
name as a domain name
- Avoid clashes with libtool library symbols.
Resolves: Bug#1391960 undefined symbol: get_vtable in
/usr/lib64/libtdsodbc.so.0 with freeradius-unixODBC
- Remove mentions of Auth-Type = System from docs.
Resolves: Bug#1420293 Freeradius does not know Auth-Type = System
- Improve ip/v4/v6/addr documentation.
Resolves: Bug#1179736 add description for ipaddr = hostname from DNS with A
and AAAA entries
-
Fri Nov 25 2016 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.12-1
- Upgrade to upstream v3.0.12 release.
See upstream ChangeLog for details (in freeradius-doc subpackage).
Related: Bug#1202751 Rebase FreeRADIUS to 3.0.7 or later minor release
Resolves: Bug#1358989 FreeRADIUS stops reading the accounting packets from the
detail file
Resolves: Bug#1269217 FreeRADIUS triggers mprotect with large radius reply
Resolves: Bug#1344183 radiusd crashed in rbtree_find() after receiving a packet
Resolves: Bug#1370431 FreeRADIUS fails to establish LDAP connections under
load
Resolves: Bug#1397981 [abrt] freeradius: radiusd killed by SIGSEGV
-
Mon Apr 18 2016 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.11-1
- Upgrade to upstream v3.0.11 release.
See upstream ChangeLog for details (in freeradius-doc subpackage).
Resolves: Bug#1197551
Resolves: Bug#1179745
Resolves: Bug#1202751 Rebase FreeRADIUS to 3.0.7 or later minor release
Resolves: Bug#1289849 FreeRadius should start after ldap, ipa and krb5kdc
Resolves: Bug#1208886 Add the latest Mikrotik dictionary into Freeradius
Resolves: Bug#1198620 radutmp should not rotate
Resolves: Bug#1180979 Freeradius is installing files under /etc/tmpfiles.d/
Resolves: Bug#1187904 radiusd logrotate config file contains old style
"/sbin/service radius reload" reload call
Resolves: Bug#1167846 radiusd fails to load clients from ldap
Resolves: Bug#1422018 /usr/lib/systemd/system/radiusd.service is marked
executable. Please remove executable permission bits
Resolves: Bug#1167843 support for older style generic attributes in
rlm_ldap doesn't work
Resolves: Bug#1354234 home servers are marked as dead by radiusd
-
Wed Dec 09 2015 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> - 3.0.10-1
- Upgrade to upstream v3.0.10 release.
See upstream ChangeLog for details (in freeradius-doc subpackage).
Related: Bug#1202751
Resolves: Bug#1340334 freeradius: Decryption of very long Tunnel-Passwords
can cause buffer overflow
- Remove rlm_eap_tnc support as the required package "tncfhh" was retired.