Commit report for v2.x.x branch
announce at freeradius.org
announce at freeradius.org
Sat Oct 1 02:00:03 CEST 2016
New activity for FreeRADIUS (the high performance and highly configurable RADIUS server)
======
gpgsig -----BEGIN PGP SIGNATURE-----
iQEcBAABCAAGBQJXyIImAAoJEH0Oec13Yh7Nyf8IAIH7tzS+ZQ+Yu7nQ9H3WfWLM
tOKe+QUqmPYuF3FTXsMmsbS+DCK78jX8sAhnptuxB02NwjzW8N/+AsvMItgnpGmx
DIDq4MxWrpdKAiVO1VeLQO4W9HrTlFUDRQHqAK9DRBlRluK3STPunFrmY/r06UCV
udUvt2WqnCuOHZ5vsiCdJTzfThXiaK67t176/ewb9lbMeBd3iSb94X+gPxDaHAph
5x/CcIGSmoZWQvtuRvyMWz5/KH6g0BJ0Y7rKW/orXHSQFOwuxSCL3WsiKiy86i79
2o4ielybeyoAaL/31tSgFtOI8SDX2mtYskL91aNMyM2kxWpURY4DbksSJ42fQmA=
=tYx7
-----END PGP SIGNATURE-----
note EOL status of v2
Alan T. DeKok at 2016-09-01T19:31:50Z
Files modified:
* README.rst
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/c795af10fb99bdb5d3ba94a1e623543d39a8d064
======
gpgsig -----BEGIN PGP SIGNATURE-----
iQEcBAABCAAGBQJXyIImAAoJEH0Oec13Yh7NfwgIAJIskV51iU7I2cHxdJWNTqj6
Ax+9wKuEichn/VzVszkQ0a+yALJ6NqYsPnc7FjaKZaorCR6gMPx8n3JpBKnThilQ
Glu40EyKVPGGLpgNvoo1PgEuOHn2Li/dr6yufV2eVcoiVRz6OhaRDJKkKvxIJLSE
dX/J43cCfGhO9H2v4jjllBRHTXH7Ptr5r53HVXFhAvF3Y4ENdNgPG/bF6kxgmLpv
giIsJgGOgQTSyB6uVsAKYISNfqHCw33u4qd7Cf33R5pgrID/TIKvdK9XdiRBq4oK
Tg2LBajIKLTgaPNHyKvLI4w58CqnORaJVOv5p5jya2y8LQkxCebQBnVIRuoECk0=
=hFWW
-----END PGP SIGNATURE-----
note recent changes
Alan T. DeKok at 2016-09-01T19:31:50Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/1f94975e216a249e5f6f3aa87730eb658b78cf67
======
gpgsig -----BEGIN PGP SIGNATURE-----
iQEcBAABCAAGBQJXyIImAAoJEH0Oec13Yh7NdMUIAKXwOQIUZqv8T419HoXWU0aR
bBqMYnar2Ct4kN0NzvN92oDkBtQdf8LacJH4/BfxLJnpDeozWjREWcp6+fkd4Xha
cmI7GBdKLqHjh2eYPV+jeK4QLg7vj1TMr/Gj7x8XNVCYZIcuVAOv9eBSITwEmWVg
CTacMAyBhwCOuvEnYVmrGe+Xh8qf7h4NYnREYyaICHo2QqivjNguVV7QMCF4xAh/
rOgMwa/Kcu7lwxH8VLKYAHYf2axgT3TnZ3MlCWjrrObmiseteo0NdbFHhc4JOhVJ
FmQ3dp6xnBXDgh00vkdTEu2fDZig66wCFkYm5hyuq6LsurUN5lhzoFKqKYDtheM=
=Dqn3
-----END PGP SIGNATURE-----
allow non-FIPS
Alan T. DeKok at 2016-09-01T19:31:50Z
Files modified:
* src/modules/rlm_eap/libeap/mppe_keys.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/4fac92e082abac759f76970826bf4b06190715df
======
gpgsig -----BEGIN PGP SIGNATURE-----
iQEcBAABCAAGBQJXyIImAAoJEH0Oec13Yh7NuLYIAImv+AB+76ZjSVCRA2YtdGC6
fhmN7UZQilyG9biRwNVcGdBMNmJPAT5DMEPQiM6Q2HOEHXauGoqSyIgubOg5CJ1S
cQMu2ej/d9oG6pWvug2lAmT8M7JHVSRElouvnCkW+LGFC8nBC2NGfQo+hu7KM/Hb
NqqifLa6e8DMtFgA0D/xSOnS5Gbq/vof1K+B/rx032dY3aqNBtSWqRBQVZykfBEZ
ZuA4nKFNmb5fL1Abf/pRrXR8DrSC43LClCwTmjb3NngUDkj7vIw8Aiu8jsLGpCtr
+gN+0JMw29c8ZaKso8J0pXpcBDaaPrvGvSOk8aaJrejKvLccBSeBYypUes5y68k=
=K6kM
-----END PGP SIGNATURE-----
issuer_cert may be NULL
Alan T. DeKok at 2016-09-01T19:31:50Z
Files modified:
* src/modules/rlm_eap/libeap/mppe_keys.c
* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5ad58666552a4fe27411d3356c59904856890aec
======
gpgsig -----BEGIN PGP SIGNATURE-----
iQEcBAABCAAGBQJXyIIlAAoJEH0Oec13Yh7Ns50H/RDDg7wklcz4R6gYVA3XF5TR
21VMJI7kMzsTFN2dX2fy6eTcdXKXoybjIh6yQuufSEl23lXUeT/4V9ocQKKEZgKs
uITepEfPYeu7yM4aP3TPD9nx8mKpApW3YoLt/Z6t46/33PZDDyV2QwFwAUE5ENFK
74hCVTzzere87IBwsfpq7KFF/bzPBeutshVBBExnlMhGFbO96n0YSgAmXWIqy88v
+Ctw2W/ycX2MxGvzOG1772JNLifTs1+NdIZLtrDgo1qQ7nQlfafQN3ATL4q3G/SG
PeMbaP4Aq6nskUDrVUrzgqVUi6Rb1uadX5DYL8PnT8JX1RmSuBGW0cAC9CU8Dq8=
=QZed
-----END PGP SIGNATURE-----
look at index i, not 0
Alan T. DeKok at 2016-09-01T19:31:49Z
Files modified:
* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/79937e9859610976ef397c7100ca7955bef01795
======
Merge pull request #1570 from alanbuxey/patch-4
fixed typo
Arran Cudbard-Bell at 2016-03-23T10:06:23Z
Files modified:
* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/d41d06f37760218789fb084b56227f1205208afa
======
fixed typo
minor typo was still lurking
Alan Buxey at 2016-03-23T10:05:31Z
Files modified:
* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/874a8a5379277635b6ab593c6309326ab95ada02
======
Escaping for v2 style. Fixe #1543
Alan T. DeKok at 2016-02-21T13:04:50Z
Files modified:
* raddb/policy.conf
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/325aa6b0cfd9c07d5feafacfbcada80346909c47
======
Merge pull request #1441 from TheMysteriousX/v2.x.x-fix-disable-ssl
Fix build failure when --disable-openssl-version-check is set.
Arran Cudbard-Bell at 2015-12-20T21:16:28Z
Files modified:
* src/include/radiusd.h
* src/main/mainconfig.c
* src/main/radiusd.c
* src/main/version.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/4f26cb094ce57e8dcde7ded10483b8fd613cfbc0
======
Fix build failure when --disable-openssl-version-check is set.
4f24d4c mostly corrected the behaviour, however mainconfig.allow_vulnerable_ssl still had a dependency on ENABLE_OPENSSL_VERSION_CHECK.
Adam Bishop at 2015-12-10T23:44:44Z
Files modified:
* src/include/radiusd.h
* src/main/mainconfig.c
* src/main/radiusd.c
* src/main/version.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5c23709fc90bb30b51c598aa81a05d4fe0d8cf70
======
Make default match config
Alan T. DeKok at 2015-11-06T12:00:11Z
Files modified:
* src/modules/rlm_ldap/rlm_ldap.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/b3af2547314f105107b3b6472e10288f21f0d4ac
======
Note recent changes
Alan T. DeKok at 2015-10-15T22:09:18Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0c17d0d8ab3304c11acc416b3fe8c12413fd3cef
======
ENABLE_OPENSSL_VERSION_CHECK was intended to be used to disable checks for vulnerable OpenSSL versions, NOT our compile/runtime checks for OpenSSL version mismatches.
Arran Cudbard-Bell at 2015-10-15T21:22:03Z
Files modified:
* src/main/radiusd.c
* src/main/version.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/4f24d4cda8b43b5f703110b6f089759539b2e285
======
Work around other OpenSSL stupidity.
Alan T. DeKok at 2015-10-11T21:21:57Z
Files modified:
* src/modules/rlm_eap/libeap/cb.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ffcd1143d43b43f5e28ed2fdcd8f924b79156624
======
note OpenSSL 1.0.2 idiocy
Alan T. DeKok at 2015-10-10T13:07:15Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/1a3ce7cd204bfd97bf8ccf1f665b6884cbfc0467
======
Fix compatibility with OpenSSL 1.0.2
Which may help OS maintainers who really, really, really want to keep support for v2.x.x.
Arran Cudbard-Bell at 2015-10-10T00:48:09Z
Files modified:
* src/modules/rlm_eap/libeap/cb.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/a8d53ca3684c518216fac9d1dd3e6a9d2daf3639
======
Bump for 2.2.10
Which will only be released if there are catastrophic security
bugs. Everyone should upgrade to 3.0
Alan T. DeKok at 2015-10-06T13:11:27Z
Files modified:
* VERSION
* debian/changelog
* doc/ChangeLog
* redhat/freeradius.spec
* suse/freeradius.spec
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/c69b7e0abdb69e821133bbe030749bb119466256
======
Update for release
Alan T. DeKok at 2015-09-30T20:37:13Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/de6808e7e3b9cf970f6f8067f762d6a66a6bbaab
======
Merge pull request #1280 from mcnewton/ch2xx
update changelog
Arran Cudbard-Bell at 2015-09-30T11:39:33Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ee84ef8023cbc53c2c48bccb72410eaf6593004d
======
update changelog
Matthew Newton at 2015-09-30T10:05:22Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/2bb3ffb6e3b6ae2904180976ab50a0f32ff6f7cc
======
note recent changes
Alan T. DeKok at 2015-09-28T14:39:29Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ceb5215f8143f3fd553b363759c4939656e4e858
======
Don't go to next sibling on empty case. Fixes #1274
Alan T. DeKok at 2015-09-28T13:28:43Z
Files modified:
* src/main/modcall.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/090698d10a03bae13b59bcc6536425b41ef47a3d
======
Bump for 2.2.9
Alan T. DeKok at 2015-09-22T17:46:43Z
Files modified:
* redhat/freeradius.spec
* suse/freeradius.spec
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/2354774d83af5376b1f1bf022a2f27ba3e5f7e7d
======
close to 2.2.9
Alan T. DeKok at 2015-09-16T18:08:38Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/236e087a117888fa42d1e6061ed0810550139c86
======
bump for 2.2.9
Alan T. DeKok at 2015-09-16T18:07:12Z
Files modified:
* debian/changelog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/75650992c8f6aa92b1297e1fcd6020029a4391b1
======
Bump for 2.2.9
Alan T. DeKok at 2015-09-16T18:05:40Z
Files modified:
* VERSION
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0a066956e3412909c0f8c01bcb4efb52a134c536
======
Note recent changes
Alan T. DeKok at 2015-09-09T13:25:00Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/62d57cc431bc6471206f3c24e7f491a17c94d5b6
======
Always delete MS-MPPE-* from the reply. Fixes #1206
Alan T. DeKok at 2015-09-09T13:23:48Z
Files modified:
* src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/a79e943d49b3a9cad3c7bc2ff0fe618bc43192b5
======
More fixes to use SSL_export_keying_material
Alan T. DeKok at 2015-09-09T13:21:05Z
Files modified:
* src/modules/rlm_eap/libeap/mppe_keys.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/905aadc266c19e7fb6615f79280f67023a46ee4e
======
Back-port d1cdce1b0 from v3.0.x
Properly iencode and decode very long Tunnel-Password attributes
Alan T. DeKok at 2015-09-09T13:19:23Z
Files modified:
* src/lib/radius.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/7e39f54ff154c2ca798afe7ed1282edfd572e8fc
======
Merge pull request #1187 from jeremybrowne/v2.x.x
Fix OpenSSL version check issues
Arran Cudbard-Bell at 2015-08-13T11:02:51Z
Files modified:
* src/main/version.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/a509695fe5d27bb5094bbd74ca2f3a97dc123b70
======
Fix OpenSSL version check issues
Bring the relevant bits of 3eb1025dc6ac back to v2.x.x branch
Jeremy Browne at 2015-08-13T07:30:31Z
Files modified:
* src/main/version.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/b50cd6585280a5038b70812f4a0ecc5d6f5e407a
======
set "now"
Alan T. DeKok at 2015-07-27T19:30:23Z
Files modified:
* src/main/event.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ea2f2b88d8a685d612ec80024218cd9f9c9fde91
======
Time for 2.2.8
Alan T. DeKok at 2015-07-09T14:37:25Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/1ab83f3abbc87236bbf24379b5413c16f752ee3b
======
Merge pull request #1105 from alanbuxey/patch-51
Update Makefile
Arran Cudbard-Bell at 2015-06-29T15:06:20Z
Files modified:
* raddb/certs/Makefile
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/bc81ea843af0dc616d4ada0eae52fc529d799381
======
Update Makefile
Alan Buxey at 2015-06-29T14:16:18Z
Files modified:
* raddb/certs/Makefile
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/39d19d4a25d748313888c094f09dd55ccdbdead3
======
Manually manage the append list
Alan T. DeKok at 2015-06-29T12:50:33Z
Files modified:
* src/main/evaluate.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/a55470f04929a56e0c6d18b7d4ae0b076a7412d0
======
Note recent changes
Alan T. DeKok at 2015-06-22T19:28:38Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/1475486a18858c5e2d71cd6da1c22d01714602a7
======
Set X509_V_FLAG_CRL_CHECK_ALL
Alan T. DeKok at 2015-06-22T19:27:32Z
Files modified:
* raddb/eap.conf
* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5e698b407dcac2bc45cf03484bac4398109d25c3
======
Mark home server dead based on calculated time
Alan T. DeKok at 2015-06-08T15:33:48Z
Files modified:
* src/main/event.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/d06af8ba158005d3f42c1084c012ea189c42de59
======
Note recent changes
Alan T. DeKok at 2015-05-31T14:46:39Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/3fbaa3226256543fc5d07a318f6d1a2d207893eb
======
Allow post-auth to return reject
If so, return Access-Reject
Alan T. DeKok at 2015-05-31T12:11:42Z
Files modified:
* src/main/event.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ba502e11ec85a0e2300690a84d15dc3babe778ef
======
Save a copy of the filename
Alan T. DeKok at 2015-05-20T21:39:38Z
Files modified:
* src/main/conffile.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0c05d7ce2419f38dd7585760cd95effc75d2adf6
======
Oops
Alan T. DeKok at 2015-05-20T21:36:24Z
Files modified:
* raddb/sites-available/default
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/796d49527703b97cc7f9e9cef88dfa85454cc6f9
======
Merge pull request #986 from alanbuxey/patch-21
Update base64.h to remove compiler warning
Arran Cudbard-Bell at 2015-05-08T03:22:46Z
Files modified:
* src/include/base64.h
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/7db7bb620a02bfad8688c6a469f0c03a258eb73c
======
Update base64.h
Alan Buxey at 2015-04-30T22:08:40Z
Files modified:
* src/include/base64.h
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0541f367ab1174e0362650609e1208059c3d2a47
======
-Wshadow fix
Alan T. DeKok at 2015-05-01T11:24:14Z
Files modified:
* src/main/client.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/39d82966ee1921c807eceb642f25ff9e6ee13bf0
======
Merge pull request #985 from alanbuxey/patch-20
Update base64.c to remove compiler warning
Arran Cudbard-Bell at 2015-04-30T23:52:17Z
Files modified:
* src/lib/base64.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/f7b9d5315b93c18b1b9f202f30de85c4246928ab
======
Update base64.c
Alan Buxey at 2015-04-30T22:07:25Z
Files modified:
* src/lib/base64.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0347c8268acda4041d30d657f62652db023b6464
======
Fix client_add for virtual servers.
If there's a "listen" section, the clients are added to that
virtual server.
If there's no "listen" section in this virtual server, the
clients are added to the global list.
Alan T. DeKok at 2015-04-30T23:48:24Z
Files modified:
* src/main/client.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/7dc741411ca0067155bcb5c8fdd356b4bb5e6724
======
Bump for 2.2.8
Alan T. DeKok at 2015-04-30T23:48:06Z
Files modified:
* VERSION
* debian/changelog
* doc/ChangeLog
* redhat/freeradius.spec
* suse/freeradius.spec
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/eae6c3d8736df039ce8b6d9d08958a1a9f11ecfd
======
Merge pull request #979 from jahir/patch-1
fixed radclient.c compile error
Arran Cudbard-Bell at 2015-04-27T09:21:57Z
Files modified:
* src/main/radclient.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5fe35e5b5da83d6a2b16738ad9d14fe96d13088a
======
fixed radclient.c compile error
gcc with -Werror=format-security doesn't like printf without string literal
jahir at 2015-04-27T09:18:24Z
Files modified:
* src/main/radclient.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/b914f2a5145f1c8f515f6d10d57ab0fc22d91e57
======
Release for 2.2.7
Alan T. DeKok at 2015-04-22T17:31:54Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/298781855b0e0298a3992dacf20aa444b4f1344b
======
Expand buffer to max string size
Alan T. DeKok at 2015-04-13T16:44:15Z
Files modified:
* src/modules/rlm_logintime/timestr.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/87e7be265f284cc8d9a57b28e1073182c48b049f
======
Add certs to the packet, too
Manual port of commit #994db028
Alan T. DeKok at 2015-04-08T18:42:57Z
Files modified:
* src/modules/rlm_eap/libeap/eap_tls.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/50a27a3ffef885d000a9451cf4e8280cf23dd0c6
======
note recent changes
Alan T. DeKok at 2015-04-05T13:57:52Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0e6812c4f67caeb32e8ff99564157449c26cc413
======
Port fix for #945 from v3.0.x branch
Alan T. DeKok at 2015-04-05T13:57:04Z
Files modified:
* src/main/modcall.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5ea117fbd794193a2f6f911db1067a7bb959c3aa
======
Fix for v2
Alan T. DeKok at 2015-03-31T16:07:29Z
Files modified:
* src/modules/rlm_eap/libeap/mppe_keys.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ef0dd4cea3f2b83d5ebbbe1663865d48ef9010ce
======
Note recent changes
Alan T. DeKok at 2015-03-31T15:34:50Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/7ea41d85d40627da81dbffc539ba614ec3828b7e
======
Revert "Disable TLS 1.2 by default. Causes MPPE key mismatches with eapol_test."
This reverts commit d541351bba3f874bcb9d51483679970981892c49.
No longer necessary after previous commit
Alan T. DeKok at 2015-03-31T15:34:23Z
Files modified:
* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/48d2fdf6d9d5af8f6afdffe576677508a3deca4e
======
Use SSL_export_keying_material for TLSv1.2 PRF derivation
Alan T. DeKok at 2015-03-31T15:33:12Z
Files modified:
* src/modules/rlm_eap/libeap/mppe_keys.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/bdff82cdc5bbd6e9079be4b11f0adc27fa994416
======
Disable TLS 1.2 by default. Causes MPPE key mismatches with eapol_test.
Manual port of commit 8ac08a4 to v2.
Alan T. DeKok at 2015-03-31T02:51:09Z
Files modified:
* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/d541351bba3f874bcb9d51483679970981892c49
======
Fix error message to be correct
Alan T. DeKok at 2015-03-29T14:03:11Z
Files modified:
* src/modules/rlm_ldap/rlm_ldap.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/f0acb76276208399162bb6c7630bec9739782df4
======
Note recent changes
Alan T. DeKok at 2015-03-26T18:15:15Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ae350450b7b77f5c4e0ab92375088cab936fe278
======
Allow "eap" in Post-Auth-Type Reject
which sends EAP failure and Message-Authenticator
Alan T. DeKok at 2015-03-26T18:12:45Z
Files modified:
* raddb/sites-available/default
* share/dictionary.freeradius.internal
* src/modules/rlm_eap/rlm_eap.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5b95f560631bbe4bff3898d267fced07a3c6be88
======
start from 0 for failover
Alan T. DeKok at 2015-03-24T22:12:14Z
Files modified:
* src/main/modcall.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0e5375916df9f3e7efd59e191a26880f350beacb
======
md5 == nt
Alan T. DeKok at 2015-03-10T13:54:44Z
Files modified:
* src/modules/rlm_pap/rlm_pap.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/cafd478b805c923bd6aa4db98029b154df5ec16b
======
note recent changes
Alan T. DeKok at 2015-03-04T13:07:53Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/8d6dd97ea0e86b2735c40a54d958243cd796b72f
======
Use the correct name if there are multiple tagged attributes
Alan T. DeKok at 2015-03-04T13:06:12Z
Files modified:
* src/modules/rlm_perl/rlm_perl.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/aa567fa3fab1ac45fdb8419abe9ba3ee7c6bc23e
======
Note recent changes
Alan T. DeKok at 2015-02-25T19:22:06Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/c7b6f8cd76c0c767add05d38495de76359c26709
======
Set correct default destination port for replies to relay
Alan T. DeKok at 2015-02-25T19:21:45Z
Files modified:
* src/main/dhcpd.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/2c2a234f4e07bbb78448d7cd277445ed51382d59
======
Merge pull request #907 from spbnick/ssl_headers_fix
Include headers for OpenSSL init
Alan DeKok at 2015-02-13T12:36:46Z
Files modified:
* src/main/radiusd.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/411a603832546946838170d66b30de677b919dad
======
Include headers for OpenSSL init
Inlude OpenSSL headers into radiusd.c for OpenSSL init.
This fixes "implicit declaration of function" warnings concerning
SSL_library_init and SSL_load_error_strings.
Nikolai Kondrashov at 2015-02-13T10:54:29Z
Files modified:
* src/main/radiusd.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/1d9ac9f5350716e64ce24ee4559030a259e32a6b
======
Merge pull request #906 from spbnick/fix-openssl-version-check-disabling
Move OpenSSL init out of version check
Arran Cudbard-Bell at 2015-02-11T16:13:00Z
Files modified:
* src/main/radiusd.c
* src/main/version.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/97ed7709112a30cf9c5fe76726aa4fe959fc898c
======
Move OpenSSL init out of version check
Initialize OpenSSL outside ssl_version_check() to execute even with
disabled version check. Otherwise SSL_CTX_new() returns zero and
FreeRADIUS segfaults in init_tls_ctx with version check disabled.
Nikolai Kondrashov at 2015-02-11T16:07:50Z
Files modified:
* src/main/radiusd.c
* src/main/version.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/2c0c94eae5ec9b22272d1b21181c0e2876506b96
======
Merge pull request #898 from spbnick/disable_openssl_vercheck_v2.x.x
Add --disable-openssl-version-check option
Alan DeKok at 2015-02-03T19:40:05Z
Files modified:
* configure
* configure.in
* raddb/radiusd.conf.in
* src/include/autoconf.h.in
* src/include/radiusd.h
* src/main/mainconfig.c
* src/main/radiusd.c
* src/main/version.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5c9ef84f83aa34e3b72afd27439c2ac4ed28b134
======
Add --disable-openssl-version-check option
Add "--disable-openssl-version-check" configure option, which removes
checking for vulnerable OpenSSL versions. It is supposed to be used by
downstream packagers and distributions who have other means to ensure
vulnerabilities are fixed, such as versioned package dependencies and
vulnerability handling processes.
This avoids the necessity of editing radiusd.conf on package upgrade to
make sure it keeps working. At the same time, it provides safe default
to those installing FreeRADIUS from source.
Instead of defining a dummy ssl_check_version function and ignoring
allow_vulnerable_openssl option, remove these altogether to match the
v3.0.x branch.
Nikolai Kondrashov at 2015-02-03T14:58:20Z
Files modified:
* configure
* configure.in
* raddb/radiusd.conf.in
* src/include/autoconf.h.in
* src/include/radiusd.h
* src/main/mainconfig.c
* src/main/radiusd.c
* src/main/version.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/767c67fc4f2f673a44f89794a3531158dcb7b1ec
======
Merge pull request #897 from spbnick/strlcpy_fix
log: Check message buffer length to avoid overflow
Alan DeKok at 2015-02-03T13:32:49Z
Files modified:
* src/main/log.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/b7c5eecddf78b8706972da928b835cd8c8d57757
======
log: Check message buffer length to avoid overflow
Check that adding strlcpy result to the message length didn't exceed
size of the message buffer to avoid underflow in calculating remaining
size and overflowing the buffer.
Nikolai Kondrashov at 2015-02-03T11:10:52Z
Files modified:
* src/main/log.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/94b88276fbdc14e945a5f37618052725e78a7521
======
Replace strncat() with strlcpy()
Alan T. DeKok at 2015-02-01T22:24:23Z
Files modified:
* src/main/log.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0824dd5325f31d2fd2f4e59e4d7c4f5762e8e601
======
Merge pull request #895 from spbnick/v2.x.x_misc_fixes
v2.x.x misc fixes
Alan DeKok at 2015-02-01T22:12:02Z
Files modified:
* src/lib/dhcp.c
* src/main/command.c
* src/main/conffile.c
* src/main/dhcpd.c
* src/main/log.c
* src/main/modcall.c
* src/main/radconf2xml.c
* src/main/radmin.c
* src/main/threads.c
* src/main/xlat.c
* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
* src/modules/rlm_expr/rlm_expr.c
* src/modules/rlm_otp/otp_radstate.c
* src/modules/rlm_pap/rlm_pap.c
* src/modules/rlm_sql/rlm_sql.c
* src/modules/rlm_sql_log/rlm_sql_log.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0495f31aa9255a343e73120ab8450e54cd111459
======
Don't dereference NULL cs in cf_item_parse
Avoid dereferencing NULL cs in cf_item_parse and cf_reference_item it
invokes.
This fixes the following Coverity errors:
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:932: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:938: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:958: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:963: var_deref_model: Passing null pointer "cs" to "cf_expand_variables", which dereferences it.
freeradius-server-2.2.6/src/main/conffile.c:782:4: deref_parm_in_call: Function "cf_reference_item" dereferences "outercs".
freeradius-server-2.2.6/src/main/conffile.c:597:25: var_assign_parm: Assigning: "cs" = "outercs".
freeradius-server-2.2.6/src/main/conffile.c:615:4: deref_var: Dereferencing "cs" (which is a copy of "outercs").
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:958: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:973: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:994: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1009: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1041: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1051: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1054: var_deref_op: Dereferencing null pointer "cs".
Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1066: var_deref_op: Dereferencing null pointer "cs".
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/main/conffile.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/84a901901ad45ab41651485ef9ff5cde0fb7b891
======
dhcp: Remove useless variable initializer
Remove an initialization of a variable, which is then overwritten, in
dhcp_get_option.
This fixes the following Clang warning:
freeradius-server-2.2.6/src/lib/dhcp.c:144:11: warning: Value stored to 'data' during its initialization is never read
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/lib/dhcp.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5a2848bd6463476ff7006a822fa8bd3e62ff5e6d
======
dhcpd: Verify DICT_VALUE exists itself
Verify that a DICT_VALUE was returned from dict_valbyattr by checking
the returned pointer, not the "name" field address. This likely fixes a
possible segfault when debugging.
This also fixes the following Coverity error:
Error: NO_EFFECT (CWE-398):
freeradius-server-2.2.6/src/main/dhcpd.c:300: array_null: Comparing an array to null is not useful: "dv->name".
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/main/dhcpd.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/df1013f5b0d642c20adedac36a33df39d6fea92e
======
dhcp: Use correct format specifiers in a message
Format size_t with %zu specifier, instead of %d, as size_t is not
guaranteed to be the same size as int.
This fixes the following compiler warnings:
freeradius-server-2.2.6/src/lib/dhcp.c: scope_hint: In function 'fr_dhcp_add_arp_entry'
freeradius-server-2.2.6/src/lib/dhcp.c:1536: warning: format '%d' expects type 'int', but argument 2 has type 'long unsigned int'
freeradius-server-2.2.6/src/lib/dhcp.c:1536: warning: format '%d' expects type 'int', but argument 3 has type 'size_t'
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/lib/dhcp.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ff526ad4ad985b94dc6fd30ee5bbce21f1f66e8e
======
Fix two pointer signedness warnings
This fixes the following compiler warnings:
freeradius-server-2.2.6/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c: scope_hint: In function 'cbtls_verify'
freeradius-server-2.2.6/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c:711: warning: pointer targets in passing argument 2 of 'pairmake' differ in signedness
freeradius-server-2.2.6/src/include/libradius.h:373: note: expected 'const char *' but argument is of type 'unsigned char *'
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c: scope_hint: In function 'base64_to_hex_xlat'
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:678: warning: pointer targets in passing argument 1 of 'fr_bin2hex' differ in signedness
freeradius-server-2.2.6/src/include/libradius.h:418: note: expected 'const uint8_t *' but argument is of type 'char *'
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
* src/modules/rlm_expr/rlm_expr.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/66727f8af40dd5646bb52b5e4ca3bec3e49b95b5
======
Remove two unused variable declarations
This fixes the following compiler warnings:
freeradius-server-2.2.6/src/main/listen.c:1359: included_from: Included from here.
freeradius-server-2.2.6/src/main/command.c: scope_hint: In function 'command_show_module_status'
freeradius-server-2.2.6/src/main/command.c:589: warning: unused variable 'mod'
freeradius-server-2.2.6/src/modules/rlm_sql/rlm_sql.c: scope_hint: In function 'rlm_sql_detach'
freeradius-server-2.2.6/src/modules/rlm_sql/rlm_sql.c:824: warning: unused variable 'i'
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/main/command.c
* src/modules/rlm_sql/rlm_sql.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/fc0f61d714cf21f2d925b0a752bb1d4ae85b6bf0
======
Limit log level string when building message
Use strncat instead of strcat to limit the length of copied log level
name in radlog_request. This makes the code easier to reason about
overall and to make sure no buffer overflow happens.
This fixes the following Coverity error:
Error: STRING_OVERFLOW (CWE-120):
freeradius-server-2.2.6/src/main/log.c:310: fixed_size_dest: You might overrun the 1024 byte fixed-size string "buffer" by copying the return value of "fr_int2str" without checking the length.
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/main/log.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/a8f4cdea102441523f875263ee434db82adab497
======
Initialize child count in modcall_recurse
Initialize child count in modcall_recurse to explicitly handle the case of no
children, making the code at least slightly easier to read, if not actually
fixing an issue.
This fixes the following Coverity error:
Error: UNINIT (CWE-457):
freeradius-server-2.2.6/src/main/modcall.c:691: var_decl: Declaring variable "count" without initializer.
freeradius-server-2.2.6/src/main/modcall.c:727: uninit_use: Using uninitialized value "count".
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/main/modcall.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ba452500fec5456d56cd05496e176b6f5b6e38f9
======
Check cf_item_parse return value
Check cf_item_parse return value in dhcp_socket_parse to match all other
invocations.
This fixes the following Coverity errors:
Error: CHECKED_RETURN (CWE-252):
freeradius-server-2.2.6/src/main/dhcpd.c:618: check_return: Calling "cf_item_parse" without checking return value (as is done elsewhere 12 out of 14 times).
Error: CHECKED_RETURN (CWE-252):
freeradius-server-2.2.6/src/main/dhcpd.c:624: check_return: Calling "cf_item_parse" without checking return value (as is done elsewhere 12 out of 14 times).
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/main/dhcpd.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/30185c3f33d0ffb21b0dc9854a7d934c3ccacc68
======
Check radius_get_vp return value
Check radius_get_vp return value in modcall_recurse to match other
invocations.
This fixes the following Coverity error:
Error: CHECKED_RETURN (CWE-252):
freeradius-server-2.2.6/src/main/modcall.c:649: check_return: Calling "radius_get_vp" without checking return value (as is done elsewhere 6 out of 7 times).
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/main/modcall.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ccf298652f8845d02a13fe35f2eaa051f9007584
======
Return positive integers from each radius_xlat
Make all versions of radius_xlat return positive integers only,
including stubs, to match the result checking.
This fixes the following Coverity errors:
Error: NEGATIVE_RETURNS (CWE-394):
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:625: negative_return_fn: Function "radius_xlat(buffer, 1024, fmt, request, func)" returns a negative number.
freeradius-server-2.2.6/src/main/radconf2xml.c:52:2: return_negative_constant: Explicitly returning negative value "-1".
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:625: var_assign: Assigning: unsigned variable "len" = "radius_xlat".
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:637: negative_returns: "len" is passed to a parameter that cannot be negative.
freeradius-server-2.2.6/src/lib/base64.c:66:50: sizet: "inlen" is a size_t parameter.
Error: NEGATIVE_RETURNS (CWE-394):
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:659: negative_return_fn: Function "radius_xlat(buffer, 1024, fmt, request, func)" returns a negative number.
freeradius-server-2.2.6/src/main/radconf2xml.c:52:2: return_negative_constant: Explicitly returning negative value "-1".
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:659: var_assign: Assigning: unsigned variable "len" = "radius_xlat".
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:666: negative_returns: "len" is passed to a parameter that cannot be negative.
freeradius-server-2.2.6/src/lib/base64.c:315:3: parm_loop_bound: Using unsigned parameter "inlen" in a loop exit test.
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/main/radconf2xml.c
* src/main/radmin.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/531d47bf6eccd87849de31f0fb628214bb73f5ba
======
rlm_sql_log: Check rad_mkdir result
Check the result of rad_mkdir in sql_log_write, abort on error.
This makes the reported error clearer and fixes the following Coverity
error:
Error: CHECKED_RETURN (CWE-252):
freeradius-server-2.2.6/src/modules/rlm_sql_log/rlm_sql_log.c:374: check_return: Calling "rad_mkdir" without checking return value (as is done elsewhere 4 out of 5 times).
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/modules/rlm_sql_log/rlm_sql_log.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/b30632a21044bcffec0f558b0eaabf4b968aae5a
======
xlat: Always free head
Move "head" deallocation into the path for handling fr_dhcp_decode_options
failure, in xlat_dhcp_options. This makes sure it is freed, as
fr_dhcp_decode_options is complicated and is not documented to guarantee
deallocation in case of error.
This fixes the following Coverity error:
Error: RESOURCE_LEAK (CWE-772):
freeradius-server-2.2.6/src/main/xlat.c:639: alloc_arg: "fr_dhcp_decode_options" allocates memory that is stored into "head".
freeradius-server-2.2.6/src/lib/dhcp.c:581:2: var_assign_parm: Assigning: "tail" = "head".
freeradius-server-2.2.6/src/lib/dhcp.c:647:4: alloc_fn: Storage is returned from allocation function "pairmake".
freeradius-server-2.2.6/src/lib/valuepair.c:1523:3: alloc_fn: Storage is returned from allocation function "pairmake_any".
freeradius-server-2.2.6/src/lib/valuepair.c:1406:2: alloc_fn: Storage is returned from allocation function "paircreate".
freeradius-server-2.2.6/src/lib/valuepair.c:174:2: alloc_fn: Storage is returned from allocation function "pairalloc".
freeradius-server-2.2.6/src/lib/valuepair.c:72:2: alloc_fn: Storage is returned from allocation function "malloc".
freeradius-server-2.2.6/src/lib/valuepair.c:72:2: var_assign: Assigning: "vp" = "malloc(312UL + name_len)".
freeradius-server-2.2.6/src/lib/valuepair.c:74:2: noescape: Resource "vp" is not freed or pointed-to in function "memset". [Note: The source code implementation of the function has been overridden by a builtin model.]
freeradius-server-2.2.6/src/lib/valuepair.c:134:2: return_alloc: Returning allocated memory "vp".
freeradius-server-2.2.6/src/lib/valuepair.c:174:2: var_assign: Assigning: "vp" = "pairalloc(da)".
freeradius-server-2.2.6/src/lib/valuepair.c:185:2: return_alloc: Returning allocated memory "vp".
freeradius-server-2.2.6/src/lib/valuepair.c:1406:2: var_assign: Assigning: "vp" = "paircreate(attr, 5)".
freeradius-server-2.2.6/src/lib/valuepair.c:1466:2: return_alloc: Returning allocated memory "vp".
freeradius-server-2.2.6/src/lib/valuepair.c:1523:3: return_alloc_fn: Directly returning storage allocated by "pairmake_any".
freeradius-server-2.2.6/src/lib/dhcp.c:647:4: var_assign: Assigning: "vp" = "pairmake(da->name, NULL, T_OP_ADD)".
freeradius-server-2.2.6/src/lib/dhcp.c:671:4: var_assign: Assigning: "*tail" = "vp".
freeradius-server-2.2.6/src/main/xlat.c:661: leaked_storage: Variable "head" going out of scope leaks the storage it points to.
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/main/xlat.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/dfdd4e7755e4d21595d5ef9660ff594955a860c6
======
rlm_otp: Fix key size calculation
Take size of key array element, instead of an expression attempting to
calculate the key size, in otp_gen_state().
This makes the HMAC use the full key, instead of just 4 first bytes,
increasing key strength.
This also fixes the following Coverity error:
Error: BAD_SIZEOF (CWE-467):
freeradius-server-2.2.6/src/modules/rlm_otp/otp_radstate.c:100: bad_sizeof: Taking the size of arithmetic expression "key[0] * 16" is suspicious.
freeradius-server-2.2.6/src/modules/rlm_otp/otp_radstate.c:100: remediation: Did you intend "sizeof (key[0]) * 16"?
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/modules/rlm_otp/otp_radstate.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/59e30f7dfb107f0d5b16beb03eaae1b740cea4fe
======
rlm_pap: Account for terminating zero
Account for terminating '\0' character in target (raw) buffer space when
verifying supplied vp->length in rlm_pap.c normify().
Otherwise both the source (vp->vp_octets) and the target (raw) buffer
will overflow with vp->length == sizeof(raw).
This fixes the following Coverity errors:
Error: OVERRUN (CWE-119):
freeradius-server-2.2.6/src/modules/rlm_pap/rlm_pap.c:260: cond_at_most: Checking "vp->length > 255UL" implies that "vp->length" has the value which may be up to 255 on the false branch.
freeradius-server-2.2.6/src/modules/rlm_pap/rlm_pap.c:262: overrun-buffer-arg: Overrunning array "vp->data.octets" of 254 bytes by passing it to a function which accesses it at byte offset 254 using argument "vp->length" (which evaluates to 255). [Note: The source code implementation of the function has been overridden by a builtin model.]
Error: OVERRUN (CWE-119):
freeradius-server-2.2.6/src/modules/rlm_pap/rlm_pap.c:260: cond_at_most: Checking "vp->length > 255UL" implies that "vp->length" has the value which may be up to 255 on the false branch.
freeradius-server-2.2.6/src/modules/rlm_pap/rlm_pap.c:263: overrun-local: Overrunning array "raw" of 255 bytes at byte offset 255 using index "vp->length" (which evaluates to 255).
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/modules/rlm_pap/rlm_pap.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/d2fa6281c0a431aa1e1eae3758b57cd1d80d3783
======
Verify start_servers <= max_servers
Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
* src/main/threads.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/8c7c238b83c0116dc54f1934c475a52332180c70
======
Note recent changes
Alan T. DeKok at 2015-01-21T14:08:52Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0dc298afc0685fef6be255e1d4e810e90e97a974
======
Fix typo. Closes #880
Alan T. DeKok at 2015-01-20T14:46:33Z
Files modified:
* src/main/event.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/8ae95a733b1194c5a388898bc1a5ff43a28ca17c
======
--
This commit summary was generated @2016-10-01T00:00:03Z by lgfeed version 0.00 (https://github.com/arr2036/lgfeed).
More information about the Freeradius-Devel
mailing list