Commit report for v3.0.x branch

The git bot announce at freeradius.org
Wed Jul 16 00:00:01 CEST 2014


New activity for FreeRADIUS (the high performance and highly configurable RADIUS server)

======
More changes

Alan T. DeKok at 2014-07-15T14:11:50Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/d257e796f9ad1c62075c5ee0999344905795e008
====== 
Note recent changes

Alan T. DeKok at 2014-07-15T14:06:01Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/b707d3a44c8e2ba8d48fbef17731792590274ebe
====== 
Check BN_rand_range return value

CVE-2014-4733.

In practice, the function should never fail.

jvoisin (via Alan T. DeKok)@2014-07-15T01:34:42Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/c3e8546f1057754dabdb1a607499b30931727744
====== 
Constant time memory comparison.

CVE-2014-4731.

Non-constant time comparisons usually require millions of packets
in order to get enough statistics.  This is VERY hard to do with
WiFi or wired 802.1X.  The delays on switch port open / close
are on the order of seconds.

jvoisin (via Alan T. DeKok)@2014-07-15T01:31:02Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/d0e01ff9a9df52ab027070e647b4f63f5819da8f
====== 
Use *_clear_free instead of *_free.

CVE-2014-4732

jvoisin (via Alan T. DeKok)@2014-07-15T01:29:06Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
	* src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/22297d7bff6f1d5517eb6208feed7527328031b4
====== 
-- 
This commit summary was generated @2014-07-16T00:00:01Z by lgfeed version 0.00 (https://github.com/arr2036/lgfeed).


More information about the Freeradius-Devel mailing list