Commit report for v2.x.x branch

announce at freeradius.org announce at freeradius.org
Tue Aug 1 02:00:08 CEST 2017


New activity for FreeRADIUS (the high performance and highly configurable RADIUS server)

======
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJZbK4wAAoJEH0Oec13Yh7NPv0IAILP3HDUQma9xCEvzHsEIQZk
 E4Uwa+dZdVO+hPoZl4Rj7+l5h8nkdXJwAJ5WdndDCKlMlCXX4oZwPUucBALPuNdq
 RF3mqr4T4Ol0AMP7NtCRmbjsQUyK4yKuKk8h7vOOqwxzwlt5p7NHd7XFWrJZ+bYS
 Im3NmmOGXrNe8nckYO0GaKfcabq7c/7ypYNhyTpFClVHt5gDW7aLsdbZVqW8mSAb
 xymStsnBPaxRT0eV1KXZovusDt4x7vXPrus84npgGBcxtBhxmILrD09Wg7ZSShzu
 suH+2vPPEw+df6Z5ONVm+r2dL/gw3Xdjw0jWPFYzTnrx0aM/IhSm0pbrwDd23QY=
 =5DmM
 -----END PGP SIGNATURE-----

use packages@

Alan T. DeKok at 2017-07-17T12:31:41Z
Files modified:
	* Makefile

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ee6cba74cfa0c7214eb068f2f4665da0137c69c3
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJZbK28AAoJEH0Oec13Yh7Nc18IAIEGyMj9agTqf/W5bx1ax9gA
 BX+UNqJv8Iq5sgfCUc4yowk7mB+C9koSa7GV4YzjL9eDmzIYJHCFOAqtZ0Tsmh6z
 8QG3OYj2942XDT3lOfGKxZ7Q/JSZQnfmSjHiyr5B0flBamfVebA+zYJOr64UAZb0
 jopVhU+zdnZ8NmtO8s6J81IWzGZ+xB6NsdugFLyUubmcc9zW6Y0HdYuss1/oxiib
 dK/CcPz3JQpA36s0R8g+OV+oDTBfBdD9HVfGG6bEpyBKNLK8+JCgM+WVgieuaJJ2
 9VMM++rDGWaT3kNoHx7ws0Y5y5WoDItJd60f4WywPPXgF0At0mO1zmGh4OhXIII=
 =GUYy
 -----END PGP SIGNATURE-----

note recent changes

Alan T. DeKok at 2017-07-17T12:29:44Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/d210e7321bab17ce380220503f0bcb8dfae72242
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJZbKwUAAoJEH0Oec13Yh7NwRAH/jR5hHmjnE+i1Zi6kCSkM3dT
 JgFU4+EyOO/aCTqIgzbVNZ4gsYMynwK3C+7P/ruSTNb10ooXgZAuv9Ry5tMfSyZv
 S7wOYRvoRQ3SdteSWKVlQYEgJwcsTyeJXtf0upTWtcRNcyfT7lyOccBM2sekesBu
 zRsXP7kwUb2+ofLOOMqdFC9i7BGH8sZihXYUyeAQfVTdAJTvMz3SJ3CvNqKibPqL
 hD+4g6Unj0TXAziwAFVPiZ6ZwAdYPQKYe0Nft2g9scuTIAiEgfSWwf0HTtVPiH7s
 wUMiXltbiZu318jQPGfcEIFwrHx2Lxz94oQXYxNfAHppkaApTic9qiN92SjDqKA=
 =HT+d
 -----END PGP SIGNATURE-----

FR-GV-207 - avoid zero-length malloc() in data2vp()

Alan T. DeKok at 2017-07-17T12:22:44Z
Files modified:
	* src/lib/radius.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/26be8a680d2a6830e7be98bee10818dd8b6a426a
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJZbKwOAAoJEH0Oec13Yh7NyhoH/AttTez0cDjxWA3nf0mV9Msa
 MFQUg7n4FGpqY8d0fkEbw/b6Du5+dSrYofNBiVQra/TRvAGy9NYj2RNLH3GFKjza
 iJtmrzrLXYLFuCzlYJZvjyW67HhuLU3RjAHdrTHZRNMjdSULy9OBaUS7EBFaTKqd
 mPrg9r3Wn/BmHIOn41P7rwx3tPc4DrzIOogp6lNydfNmx7LNMOOv5SF4zsfmzj6s
 aq4U6p+RCE9DBeqYNQjopq7xqf9SHZY4Djx7Grwv+edL5gjU2PRSpcXKmNBZe/uH
 bHU24fNZiwcktmsqpUFtTTs/Ejl+D8v+qBdHsUqzP4utMpO91tL6ch+cruh9AdM=
 =zWy4
 -----END PGP SIGNATURE-----

FR-GV-206 - decode option 60 (string) not 63 (octets)

Alan T. DeKok at 2017-07-17T12:22:38Z
Files modified:
	* src/lib/dhcp.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ec08b30f87066f82073d02fab57e8ffeef81373d
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJZbKwIAAoJEH0Oec13Yh7N6zEIAIwQDsfGbCCWhRSAodkUUNY3
 bkaatj3kqY+PnLJwuBRINp9ovfOuj9JtEKcfQ5WVF1Zei+WOSvJvG2vwGwVn5sGt
 CRO75kQdJZNIIgHO4wr4eGOOsukmHAiY3xPQhlAL65vMJiHulGvvNUD6Sk0Ze9Df
 8g7n5+h2LNIRGa0wjwXr+7ZDrX6s4+Fo/5GZ5QrzW3KMqx+S8s6lPOOtHaCS5OBX
 QTSppIwAF+q8ti1FD9q+H3nhOd7UTQhhUnO26ebPFJXe/jzF+G4JC4acWF5CmUuo
 PJm053ifGi5ObNG7Vm0PSz1CSi3QAbm648ywj9rr3bUuEjrz32VoD9okwwwUhV8=
 =PoTG
 -----END PGP SIGNATURE-----

FR-GV-205 - check for "too long" options, too

Alan T. DeKok at 2017-07-17T12:22:32Z
Files modified:
	* src/lib/dhcp.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/10b6de9345c9e0d9d4d5e0426fa5c3d68d702875
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJZbKwCAAoJEH0Oec13Yh7Nuw4H/AiG6n43aza26cUjDIGnvnxW
 ZAyF0YnGcPl1CH1PZH6akTIcsTMKGrHeLQL1J/Zv6z09ZZYiRFqf3A2yL+f8FU0b
 S76DDCgTwoD1juKp1N7Vn7qpemLcP3wbLOqRIIAphK1eEB7QnZq7DdFjuVdYhw8z
 KmCCH+SxMSdkf130saGhxaX101qKPr2FAcjDrhzTCmySqrh+puVXi9LvlgD9YWLl
 cYG1OKsr4zRq9R7fNh4GsvHwYVmANdCmBEXUSrH1srWKut/lmj4zYGRiCTj6lND1
 vXwSSvOWBjLFZ8mjOqEMzvD3TBf6M5kOoigzmBdesdgnDql8+frVXHKnElrVL0E=
 =0pLl
 -----END PGP SIGNATURE-----

FR-GV-204 - free VP if decoding options fails, so we don't leak memory

Alan T. DeKok at 2017-07-17T12:22:26Z
Files modified:
	* src/lib/dhcp.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/812766e2150faa07b4c574e51393b014feaffe6c
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJZbKv6AAoJEH0Oec13Yh7NVCoIAKRSATgz+OwIkCAyi/c50tnU
 fphjWgKXzbG3sOdfFm4+WbKdMHd5FgJJ3ei3ckJlqyePHZhGmix5SYe17FDAs09G
 UkxQ+0yOB5IK25djtF6ak6tFqd9iJaNRFQt2CjfF5UDTfKCvvrWPrctMeBRC8Su5
 W0pI6yKcVFzyjMdP2tOP/aB9Ew2J26W5PemMkv1OjyOvnNkuFySJifr2Ytk5l20j
 +qCgKhC36JpzbUDkB6W6J4n42gHmPljTqDsdN4qolmGoex7eA9Xq8gZoyTH4mps2
 zCBmMkIqrS+UgSo4wSyf5WNEKiGJzHcrHZBZ2BhLu3er8umBzyZgnkB3owBLdOw=
 =tKAE
 -----END PGP SIGNATURE-----

FR-GV-203 - fix memory leak when using decode_tlv()

Alan T. DeKok at 2017-07-17T12:22:18Z
Files modified:
	* src/lib/dhcp.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ef0727fc68e211a36637b5c4e4a6fa1326f0a029
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJZbKv0AAoJEH0Oec13Yh7NYUYH/0VSrU0ZErHse0LSi7g5lrrH
 vLDNQFsWUL2L9yzINMy6Wth6mOKBWNlo9Kz0VXbaORILPZuD0YPBUUzQPZwrqgQg
 qo0BE9L5HOho1Oe4ZPIOu+tkHVSfCAhBO+DQn8RNDyTCcdhaaAHOdD/UtTMKlude
 8G2ZNUd5z9ZTKwCI4lWGj7vSZOW3++PBFEn7MSUsN2pvPE0TFIZktW/omZJfHAi8
 3XmfBqEYai6l4v1OkW2Kq4AFrMKLL3e+YZXlRux3Rp922umLO8bv/KViyjYQsd5Y
 urshbjbmJfJVm/DJDK+CDO/JP1Yg6YKtrBGt45Dpru6J/vQAw2QcAl2FYU57BUU=
 =oyOB
 -----END PGP SIGNATURE-----

FR-GV-202 - check for "too long" attributes, too

Alan T. DeKok at 2017-07-17T12:22:12Z
Files modified:
	* src/lib/dhcp.c
	* src/lib/radius.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ae3ba0011e7d299e92c45300e0137a56a650e8f5
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJZbKvtAAoJEH0Oec13Yh7NZfEIAKhgk9KOvmh50+cX43LgWLqy
 hYO6/uqYjqMx/fjIv7pu2/aPRG1W8ka0NlmQ5bo1tVax/bMhfMOue9k4VA/sfoGE
 4k7Zx+Z3/L++hmIkQEq/IvIkBeGo10UdQ9Y5iIezKnyovmhvAOirob3dkLwPFZOj
 jWvjZsAqNiv8P+kmsd5ioqGwa1riIaK0cEqzAnTTMFQiwZTOJzqhGGoRhsNiaTiU
 vFqqRqSkxwInMrDtye3PY/p5V18M2Mdp9jUvstqxPjiv3gjVRE9al52J2zIdRtT3
 yQWhLjhg/DJ2QNW8gWT8jqzwb+nmCiApclFXsj/ubM/hjjmQvYI0xSxers2eKJc=
 =dOp+
 -----END PGP SIGNATURE-----

FR-GV-201 - check input / output length in make_secret()

Alan T. DeKok at 2017-07-17T12:22:05Z
Files modified:
	* src/lib/radius.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/38ee90f2a5a28dc5887a30bdfdc98109c0418e68
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJZbKvlAAoJEH0Oec13Yh7NLZ4H/3m1wqJCaVBWZ+L65zzDT4Co
 6Sk3g/nZmMc920Ynw18dX7Txgbxi4XjW8fKBw5vfGJseqoK8PmXiAOLRn6DK4fqt
 7p1Ii9sm4QvYoU3n2xBj0Dnu5H8GkG5PzBPVLfWGkmzgdwPKieURy/Z8ju4bGYdL
 kGv1pY1x8kCjyfGVQRRUtybnkfliVqzQPO8rAvbprS+fyCLGzaUrL4IvwqHhjBYT
 EMGLF3GkJm5JYasJPT9kRrz8OkxXiLhuCI1Rq6seYtXiGwp3GPD5i6gBlCDMeqd0
 7wo+OHceBJSLmQBL9jrq4efJEQmkQ0tmPqi7zpL2cAmhw8ILIxDZ6eMKKpCQAmU=
 =Ay/O
 -----END PGP SIGNATURE-----

FR-AD-001 - (v2) use strncmp() instead of memcmp() for bounded data

Alan T. DeKok at 2017-07-17T12:21:57Z
Files modified:
	* src/main/conffile.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/30c9f53f85a9d07f5213789ea9efbd06d6fc67d8
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJZbKtfAAoJEH0Oec13Yh7NUqYH/Ayioe2kYHZaB+U0tRHhdSW+
 jcXWkC5NavdVpoHqAO551fzccsOsyAY5FZiNw7ht9kvCnoJrPK9mC21Bah8vCeY0
 GJJqpV1A9tuLf1Ijfp3nk4e6uC+vrOJKjMku0nqFlDZmiR5DefVpSmgAZ/GtRyes
 rG8AMmYjWsqtFztwkzourYEZrdfkLW54e8Nxf89fn+NJfXIs9LmiGiJjO9NGJQHL
 Fc2WiSj5IF2ZmNxAyH2iX6WPf7DbIgiVWMp3TL2BfMbZeC2n0N4zzKlkz6pqSpst
 1h0WePZXcmz58PgINB5DSUnf4IQGN6cj0sEdPDWQmVwM7+AGUi7hld10aZnWHq8=
 =3rSp
 -----END PGP SIGNATURE-----

Remove erroneous fprintf

Alan T. DeKok at 2017-07-17T12:19:36Z
Files modified:
	* src/lib/radius.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/08a7c2aaa7400ebf70c0192704bf7428278e0f45
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJZWZdmAAoJEH0Oec13Yh7NniAH/2fkFoV9sONFMYDg3kOqrbHd
 GlmVBDytYmY7zCiOJdyfLD1NvV1oVPdx+4Q/Ak720NC8xhiH6CfjdMD6kB2xc/fv
 Uc3BBY47UvERGgSHPjCXZusYmyaE2oaGu9EzUlRRgIyWHWWuHE/LgvlomODiln3h
 83PJJRSWS+R8ZIzutn0do4LNjKZZF6FyJKbw1y+RXhJX7CWO7yNHAjbz32F/+s7+
 Cv7YH11S4is2GpNk8B+H4ftXjOMaNVX2VK4sfSlBlQF9pcFmkSDz3pyIoCXiVZiZ
 ZZ6wCClApeIbjkxKunIW9d4WGSDJqKNEQN/74ThBj8gQA15L1BMGWeSbLBDLH/A=
 =cSQm
 -----END PGP SIGNATURE-----

disable TLS session caches.

So that malicious users cannot falsely resume sessions

Alan T. DeKok at 2017-07-03T01:00:58Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/00579336c0378d84a35e298a8ac691e30c87fe7f
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJZWZc0AAoJEH0Oec13Yh7NTzUH+wcnRkfyteHnX7p/BYHNd6iq
 XZzwdam02KIrXmNR/RR9JEh0s51HUuOLk6EDWYcNYp9+0ZOLp4qWd9hyXHfQsb9g
 4hRyaRDi0lTtHkUz33AZudOKZyIj8/ED6ayky0hmRpg5uhhaf1DCM8QGkiDKN6eq
 MSSEnl0nVy6BubSWSevvkTtGDZ4Do/BgM45eMrG2ferNmou3mZvsxGPC/dDm8RGl
 HjnuURpwPFDrAcTbJekdn8g4xgfjjj9MTVi44lJpILVUBZpL4W3am8FuMHpOwodM
 Y6ZiHjnhzXl5m3/NXqpzjU04GAMQBTvvMjT7dj7noXdCholJ8J8Sd+gCt+2HufU=
 =kb1R
 -----END PGP SIGNATURE-----

Fix OpenSSL API issue.  Based on a patch from Guido Vranken

Alan T. DeKok at 2017-07-03T01:00:34Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/c7f120e8c16841e45656ee9e8175e0b3302c1b1e
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJXyIImAAoJEH0Oec13Yh7Nyf8IAIH7tzS+ZQ+Yu7nQ9H3WfWLM
 tOKe+QUqmPYuF3FTXsMmsbS+DCK78jX8sAhnptuxB02NwjzW8N/+AsvMItgnpGmx
 DIDq4MxWrpdKAiVO1VeLQO4W9HrTlFUDRQHqAK9DRBlRluK3STPunFrmY/r06UCV
 udUvt2WqnCuOHZ5vsiCdJTzfThXiaK67t176/ewb9lbMeBd3iSb94X+gPxDaHAph
 5x/CcIGSmoZWQvtuRvyMWz5/KH6g0BJ0Y7rKW/orXHSQFOwuxSCL3WsiKiy86i79
 2o4ielybeyoAaL/31tSgFtOI8SDX2mtYskL91aNMyM2kxWpURY4DbksSJ42fQmA=
 =tYx7
 -----END PGP SIGNATURE-----

note EOL status of v2

Alan T. DeKok at 2016-09-01T19:31:50Z
Files modified:
	* README.rst

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/c795af10fb99bdb5d3ba94a1e623543d39a8d064
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJXyIImAAoJEH0Oec13Yh7NfwgIAJIskV51iU7I2cHxdJWNTqj6
 Ax+9wKuEichn/VzVszkQ0a+yALJ6NqYsPnc7FjaKZaorCR6gMPx8n3JpBKnThilQ
 Glu40EyKVPGGLpgNvoo1PgEuOHn2Li/dr6yufV2eVcoiVRz6OhaRDJKkKvxIJLSE
 dX/J43cCfGhO9H2v4jjllBRHTXH7Ptr5r53HVXFhAvF3Y4ENdNgPG/bF6kxgmLpv
 giIsJgGOgQTSyB6uVsAKYISNfqHCw33u4qd7Cf33R5pgrID/TIKvdK9XdiRBq4oK
 Tg2LBajIKLTgaPNHyKvLI4w58CqnORaJVOv5p5jya2y8LQkxCebQBnVIRuoECk0=
 =hFWW
 -----END PGP SIGNATURE-----

note recent changes

Alan T. DeKok at 2016-09-01T19:31:50Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/1f94975e216a249e5f6f3aa87730eb658b78cf67
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJXyIImAAoJEH0Oec13Yh7NdMUIAKXwOQIUZqv8T419HoXWU0aR
 bBqMYnar2Ct4kN0NzvN92oDkBtQdf8LacJH4/BfxLJnpDeozWjREWcp6+fkd4Xha
 cmI7GBdKLqHjh2eYPV+jeK4QLg7vj1TMr/Gj7x8XNVCYZIcuVAOv9eBSITwEmWVg
 CTacMAyBhwCOuvEnYVmrGe+Xh8qf7h4NYnREYyaICHo2QqivjNguVV7QMCF4xAh/
 rOgMwa/Kcu7lwxH8VLKYAHYf2axgT3TnZ3MlCWjrrObmiseteo0NdbFHhc4JOhVJ
 FmQ3dp6xnBXDgh00vkdTEu2fDZig66wCFkYm5hyuq6LsurUN5lhzoFKqKYDtheM=
 =Dqn3
 -----END PGP SIGNATURE-----

allow non-FIPS

Alan T. DeKok at 2016-09-01T19:31:50Z
Files modified:
	* src/modules/rlm_eap/libeap/mppe_keys.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/4fac92e082abac759f76970826bf4b06190715df
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJXyIImAAoJEH0Oec13Yh7NuLYIAImv+AB+76ZjSVCRA2YtdGC6
 fhmN7UZQilyG9biRwNVcGdBMNmJPAT5DMEPQiM6Q2HOEHXauGoqSyIgubOg5CJ1S
 cQMu2ej/d9oG6pWvug2lAmT8M7JHVSRElouvnCkW+LGFC8nBC2NGfQo+hu7KM/Hb
 NqqifLa6e8DMtFgA0D/xSOnS5Gbq/vof1K+B/rx032dY3aqNBtSWqRBQVZykfBEZ
 ZuA4nKFNmb5fL1Abf/pRrXR8DrSC43LClCwTmjb3NngUDkj7vIw8Aiu8jsLGpCtr
 +gN+0JMw29c8ZaKso8J0pXpcBDaaPrvGvSOk8aaJrejKvLccBSeBYypUes5y68k=
 =K6kM
 -----END PGP SIGNATURE-----

issuer_cert may be NULL

Alan T. DeKok at 2016-09-01T19:31:50Z
Files modified:
	* src/modules/rlm_eap/libeap/mppe_keys.c
	* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5ad58666552a4fe27411d3356c59904856890aec
====== 
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQEcBAABCAAGBQJXyIIlAAoJEH0Oec13Yh7Ns50H/RDDg7wklcz4R6gYVA3XF5TR
 21VMJI7kMzsTFN2dX2fy6eTcdXKXoybjIh6yQuufSEl23lXUeT/4V9ocQKKEZgKs
 uITepEfPYeu7yM4aP3TPD9nx8mKpApW3YoLt/Z6t46/33PZDDyV2QwFwAUE5ENFK
 74hCVTzzere87IBwsfpq7KFF/bzPBeutshVBBExnlMhGFbO96n0YSgAmXWIqy88v
 +Ctw2W/ycX2MxGvzOG1772JNLifTs1+NdIZLtrDgo1qQ7nQlfafQN3ATL4q3G/SG
 PeMbaP4Aq6nskUDrVUrzgqVUi6Rb1uadX5DYL8PnT8JX1RmSuBGW0cAC9CU8Dq8=
 =QZed
 -----END PGP SIGNATURE-----

look at index i, not 0

Alan T. DeKok at 2016-09-01T19:31:49Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/79937e9859610976ef397c7100ca7955bef01795
====== 
Merge pull request #1570 from alanbuxey/patch-4

fixed typo

Arran Cudbard-Bell at 2016-03-23T10:06:23Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/d41d06f37760218789fb084b56227f1205208afa
====== 
fixed typo

minor typo was still lurking

Alan Buxey at 2016-03-23T10:05:31Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/874a8a5379277635b6ab593c6309326ab95ada02
====== 
Escaping for v2 style.  Fixe #1543

Alan T. DeKok at 2016-02-21T13:04:50Z
Files modified:
	* raddb/policy.conf

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/325aa6b0cfd9c07d5feafacfbcada80346909c47
====== 
Merge pull request #1441 from TheMysteriousX/v2.x.x-fix-disable-ssl

Fix build failure when --disable-openssl-version-check is set.

Arran Cudbard-Bell at 2015-12-20T21:16:28Z
Files modified:
	* src/include/radiusd.h
	* src/main/mainconfig.c
	* src/main/radiusd.c
	* src/main/version.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/4f26cb094ce57e8dcde7ded10483b8fd613cfbc0
====== 
Fix build failure when --disable-openssl-version-check is set.

4f24d4c mostly corrected the behaviour, however mainconfig.allow_vulnerable_ssl still had a dependency on ENABLE_OPENSSL_VERSION_CHECK.

Adam Bishop at 2015-12-10T23:44:44Z
Files modified:
	* src/include/radiusd.h
	* src/main/mainconfig.c
	* src/main/radiusd.c
	* src/main/version.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5c23709fc90bb30b51c598aa81a05d4fe0d8cf70
====== 
Make default match config

Alan T. DeKok at 2015-11-06T12:00:11Z
Files modified:
	* src/modules/rlm_ldap/rlm_ldap.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/b3af2547314f105107b3b6472e10288f21f0d4ac
====== 
Note recent changes

Alan T. DeKok at 2015-10-15T22:09:18Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0c17d0d8ab3304c11acc416b3fe8c12413fd3cef
====== 
ENABLE_OPENSSL_VERSION_CHECK was intended to be used to disable checks for vulnerable OpenSSL versions, NOT our compile/runtime checks for OpenSSL version mismatches.

Arran Cudbard-Bell at 2015-10-15T21:22:03Z
Files modified:
	* src/main/radiusd.c
	* src/main/version.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/4f24d4cda8b43b5f703110b6f089759539b2e285
====== 
Work around other OpenSSL stupidity.

Alan T. DeKok at 2015-10-11T21:21:57Z
Files modified:
	* src/modules/rlm_eap/libeap/cb.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ffcd1143d43b43f5e28ed2fdcd8f924b79156624
====== 
note OpenSSL 1.0.2 idiocy

Alan T. DeKok at 2015-10-10T13:07:15Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/1a3ce7cd204bfd97bf8ccf1f665b6884cbfc0467
====== 
Fix compatibility with OpenSSL 1.0.2

Which may help OS maintainers who really, really, really want to keep support for v2.x.x.

Arran Cudbard-Bell at 2015-10-10T00:48:09Z
Files modified:
	* src/modules/rlm_eap/libeap/cb.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/a8d53ca3684c518216fac9d1dd3e6a9d2daf3639
====== 
Bump for 2.2.10

Which will only be released if there are catastrophic security
bugs.  Everyone should upgrade to 3.0

Alan T. DeKok at 2015-10-06T13:11:27Z
Files modified:
	* VERSION
	* debian/changelog
	* doc/ChangeLog
	* redhat/freeradius.spec
	* suse/freeradius.spec

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/c69b7e0abdb69e821133bbe030749bb119466256
====== 
Update for release

Alan T. DeKok at 2015-09-30T20:37:13Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/de6808e7e3b9cf970f6f8067f762d6a66a6bbaab
====== 
Merge pull request #1280 from mcnewton/ch2xx

update changelog

Arran Cudbard-Bell at 2015-09-30T11:39:33Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ee84ef8023cbc53c2c48bccb72410eaf6593004d
====== 
update changelog

Matthew Newton at 2015-09-30T10:05:22Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/2bb3ffb6e3b6ae2904180976ab50a0f32ff6f7cc
====== 
note recent changes

Alan T. DeKok at 2015-09-28T14:39:29Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ceb5215f8143f3fd553b363759c4939656e4e858
====== 
Don't go to next sibling on empty case.  Fixes #1274

Alan T. DeKok at 2015-09-28T13:28:43Z
Files modified:
	* src/main/modcall.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/090698d10a03bae13b59bcc6536425b41ef47a3d
====== 
Bump for 2.2.9

Alan T. DeKok at 2015-09-22T17:46:43Z
Files modified:
	* redhat/freeradius.spec
	* suse/freeradius.spec

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/2354774d83af5376b1f1bf022a2f27ba3e5f7e7d
====== 
close to 2.2.9

Alan T. DeKok at 2015-09-16T18:08:38Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/236e087a117888fa42d1e6061ed0810550139c86
====== 
bump for 2.2.9

Alan T. DeKok at 2015-09-16T18:07:12Z
Files modified:
	* debian/changelog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/75650992c8f6aa92b1297e1fcd6020029a4391b1
====== 
Bump for 2.2.9

Alan T. DeKok at 2015-09-16T18:05:40Z
Files modified:
	* VERSION

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0a066956e3412909c0f8c01bcb4efb52a134c536
====== 
Note recent changes

Alan T. DeKok at 2015-09-09T13:25:00Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/62d57cc431bc6471206f3c24e7f491a17c94d5b6
====== 
Always delete MS-MPPE-* from the reply.  Fixes #1206

Alan T. DeKok at 2015-09-09T13:23:48Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/a79e943d49b3a9cad3c7bc2ff0fe618bc43192b5
====== 
More fixes to use SSL_export_keying_material

Alan T. DeKok at 2015-09-09T13:21:05Z
Files modified:
	* src/modules/rlm_eap/libeap/mppe_keys.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/905aadc266c19e7fb6615f79280f67023a46ee4e
====== 
Back-port d1cdce1b0 from v3.0.x

Properly iencode and decode very long Tunnel-Password attributes

Alan T. DeKok at 2015-09-09T13:19:23Z
Files modified:
	* src/lib/radius.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/7e39f54ff154c2ca798afe7ed1282edfd572e8fc
====== 
Merge pull request #1187 from jeremybrowne/v2.x.x

Fix OpenSSL version check issues

Arran Cudbard-Bell at 2015-08-13T11:02:51Z
Files modified:
	* src/main/version.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/a509695fe5d27bb5094bbd74ca2f3a97dc123b70
====== 
Fix OpenSSL version check issues

Bring the relevant bits of 3eb1025dc6ac back to v2.x.x branch

Jeremy Browne at 2015-08-13T07:30:31Z
Files modified:
	* src/main/version.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/b50cd6585280a5038b70812f4a0ecc5d6f5e407a
====== 
set "now"

Alan T. DeKok at 2015-07-27T19:30:23Z
Files modified:
	* src/main/event.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ea2f2b88d8a685d612ec80024218cd9f9c9fde91
====== 
Time for 2.2.8

Alan T. DeKok at 2015-07-09T14:37:25Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/1ab83f3abbc87236bbf24379b5413c16f752ee3b
====== 
Merge pull request #1105 from alanbuxey/patch-51

Update Makefile

Arran Cudbard-Bell at 2015-06-29T15:06:20Z
Files modified:
	* raddb/certs/Makefile

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/bc81ea843af0dc616d4ada0eae52fc529d799381
====== 
Update Makefile

Alan Buxey at 2015-06-29T14:16:18Z
Files modified:
	* raddb/certs/Makefile

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/39d19d4a25d748313888c094f09dd55ccdbdead3
====== 
Manually manage the append list

Alan T. DeKok at 2015-06-29T12:50:33Z
Files modified:
	* src/main/evaluate.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/a55470f04929a56e0c6d18b7d4ae0b076a7412d0
====== 
Note recent changes

Alan T. DeKok at 2015-06-22T19:28:38Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/1475486a18858c5e2d71cd6da1c22d01714602a7
====== 
Set X509_V_FLAG_CRL_CHECK_ALL

Alan T. DeKok at 2015-06-22T19:27:32Z
Files modified:
	* raddb/eap.conf
	* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
	* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.h

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5e698b407dcac2bc45cf03484bac4398109d25c3
====== 
Mark home server dead based on calculated time

Alan T. DeKok at 2015-06-08T15:33:48Z
Files modified:
	* src/main/event.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/d06af8ba158005d3f42c1084c012ea189c42de59
====== 
Note recent changes

Alan T. DeKok at 2015-05-31T14:46:39Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/3fbaa3226256543fc5d07a318f6d1a2d207893eb
====== 
Allow post-auth to return reject

If so, return Access-Reject

Alan T. DeKok at 2015-05-31T12:11:42Z
Files modified:
	* src/main/event.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ba502e11ec85a0e2300690a84d15dc3babe778ef
====== 
Save a copy of the filename

Alan T. DeKok at 2015-05-20T21:39:38Z
Files modified:
	* src/main/conffile.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0c05d7ce2419f38dd7585760cd95effc75d2adf6
====== 
Oops

Alan T. DeKok at 2015-05-20T21:36:24Z
Files modified:
	* raddb/sites-available/default

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/796d49527703b97cc7f9e9cef88dfa85454cc6f9
====== 
Merge pull request #986 from alanbuxey/patch-21

Update base64.h to remove compiler warning

Arran Cudbard-Bell at 2015-05-08T03:22:46Z
Files modified:
	* src/include/base64.h

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/7db7bb620a02bfad8688c6a469f0c03a258eb73c
====== 
Update base64.h

Alan Buxey at 2015-04-30T22:08:40Z
Files modified:
	* src/include/base64.h

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0541f367ab1174e0362650609e1208059c3d2a47
====== 
-Wshadow fix

Alan T. DeKok at 2015-05-01T11:24:14Z
Files modified:
	* src/main/client.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/39d82966ee1921c807eceb642f25ff9e6ee13bf0
====== 
Merge pull request #985 from alanbuxey/patch-20

Update base64.c to remove compiler warning

Arran Cudbard-Bell at 2015-04-30T23:52:17Z
Files modified:
	* src/lib/base64.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/f7b9d5315b93c18b1b9f202f30de85c4246928ab
====== 
Update base64.c

Alan Buxey at 2015-04-30T22:07:25Z
Files modified:
	* src/lib/base64.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0347c8268acda4041d30d657f62652db023b6464
====== 
Fix client_add for virtual servers.

If there's a "listen" section, the clients are added to that
virtual server.

If there's no "listen" section in this virtual server, the
clients are added to the global list.

Alan T. DeKok at 2015-04-30T23:48:24Z
Files modified:
	* src/main/client.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/7dc741411ca0067155bcb5c8fdd356b4bb5e6724
====== 
Bump for 2.2.8

Alan T. DeKok at 2015-04-30T23:48:06Z
Files modified:
	* VERSION
	* debian/changelog
	* doc/ChangeLog
	* redhat/freeradius.spec
	* suse/freeradius.spec

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/eae6c3d8736df039ce8b6d9d08958a1a9f11ecfd
====== 
Merge pull request #979 from jahir/patch-1

fixed radclient.c compile error

Arran Cudbard-Bell at 2015-04-27T09:21:57Z
Files modified:
	* src/main/radclient.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5fe35e5b5da83d6a2b16738ad9d14fe96d13088a
====== 
fixed radclient.c compile error

gcc with -Werror=format-security doesn't like printf without string literal

jahir at 2015-04-27T09:18:24Z
Files modified:
	* src/main/radclient.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/b914f2a5145f1c8f515f6d10d57ab0fc22d91e57
====== 
Release for 2.2.7

Alan T. DeKok at 2015-04-22T17:31:54Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/298781855b0e0298a3992dacf20aa444b4f1344b
====== 
Expand buffer to max string size

Alan T. DeKok at 2015-04-13T16:44:15Z
Files modified:
	* src/modules/rlm_logintime/timestr.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/87e7be265f284cc8d9a57b28e1073182c48b049f
====== 
Add certs to the packet, too

Manual port of commit #994db028

Alan T. DeKok at 2015-04-08T18:42:57Z
Files modified:
	* src/modules/rlm_eap/libeap/eap_tls.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/50a27a3ffef885d000a9451cf4e8280cf23dd0c6
====== 
note recent changes

Alan T. DeKok at 2015-04-05T13:57:52Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0e6812c4f67caeb32e8ff99564157449c26cc413
====== 
Port fix for #945 from v3.0.x branch

Alan T. DeKok at 2015-04-05T13:57:04Z
Files modified:
	* src/main/modcall.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5ea117fbd794193a2f6f911db1067a7bb959c3aa
====== 
Fix for v2

Alan T. DeKok at 2015-03-31T16:07:29Z
Files modified:
	* src/modules/rlm_eap/libeap/mppe_keys.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ef0dd4cea3f2b83d5ebbbe1663865d48ef9010ce
====== 
Note recent changes

Alan T. DeKok at 2015-03-31T15:34:50Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/7ea41d85d40627da81dbffc539ba614ec3828b7e
====== 
Revert "Disable TLS 1.2 by default. Causes MPPE key mismatches with eapol_test."

This reverts commit d541351bba3f874bcb9d51483679970981892c49.

No longer necessary after previous commit

Alan T. DeKok at 2015-03-31T15:34:23Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/48d2fdf6d9d5af8f6afdffe576677508a3deca4e
====== 
Use SSL_export_keying_material for TLSv1.2 PRF derivation

Alan T. DeKok at 2015-03-31T15:33:12Z
Files modified:
	* src/modules/rlm_eap/libeap/mppe_keys.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/bdff82cdc5bbd6e9079be4b11f0adc27fa994416
====== 
Disable TLS 1.2 by default. Causes MPPE key mismatches with eapol_test.

Manual port of commit 8ac08a4 to v2.

Alan T. DeKok at 2015-03-31T02:51:09Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/d541351bba3f874bcb9d51483679970981892c49
====== 
Fix error message to be correct

Alan T. DeKok at 2015-03-29T14:03:11Z
Files modified:
	* src/modules/rlm_ldap/rlm_ldap.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/f0acb76276208399162bb6c7630bec9739782df4
====== 
Note recent changes

Alan T. DeKok at 2015-03-26T18:15:15Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ae350450b7b77f5c4e0ab92375088cab936fe278
====== 
Allow "eap" in Post-Auth-Type Reject

which sends EAP failure and Message-Authenticator

Alan T. DeKok at 2015-03-26T18:12:45Z
Files modified:
	* raddb/sites-available/default
	* share/dictionary.freeradius.internal
	* src/modules/rlm_eap/rlm_eap.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5b95f560631bbe4bff3898d267fced07a3c6be88
====== 
start from 0 for failover

Alan T. DeKok at 2015-03-24T22:12:14Z
Files modified:
	* src/main/modcall.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0e5375916df9f3e7efd59e191a26880f350beacb
====== 
md5 == nt

Alan T. DeKok at 2015-03-10T13:54:44Z
Files modified:
	* src/modules/rlm_pap/rlm_pap.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/cafd478b805c923bd6aa4db98029b154df5ec16b
====== 
note recent changes

Alan T. DeKok at 2015-03-04T13:07:53Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/8d6dd97ea0e86b2735c40a54d958243cd796b72f
====== 
Use the correct name if there are multiple tagged attributes

Alan T. DeKok at 2015-03-04T13:06:12Z
Files modified:
	* src/modules/rlm_perl/rlm_perl.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/aa567fa3fab1ac45fdb8419abe9ba3ee7c6bc23e
====== 
Note recent changes

Alan T. DeKok at 2015-02-25T19:22:06Z
Files modified:
	* doc/ChangeLog

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/c7b6f8cd76c0c767add05d38495de76359c26709
====== 
Set correct default destination port for replies to relay

Alan T. DeKok at 2015-02-25T19:21:45Z
Files modified:
	* src/main/dhcpd.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/2c2a234f4e07bbb78448d7cd277445ed51382d59
====== 
Merge pull request #907 from spbnick/ssl_headers_fix

Include headers for OpenSSL init

Alan DeKok at 2015-02-13T12:36:46Z
Files modified:
	* src/main/radiusd.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/411a603832546946838170d66b30de677b919dad
====== 
Include headers for OpenSSL init

Inlude OpenSSL headers into radiusd.c for OpenSSL init.
This fixes "implicit declaration of function" warnings concerning
SSL_library_init and SSL_load_error_strings.

Nikolai Kondrashov at 2015-02-13T10:54:29Z
Files modified:
	* src/main/radiusd.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/1d9ac9f5350716e64ce24ee4559030a259e32a6b
====== 
Merge pull request #906 from spbnick/fix-openssl-version-check-disabling

Move OpenSSL init out of version check

Arran Cudbard-Bell at 2015-02-11T16:13:00Z
Files modified:
	* src/main/radiusd.c
	* src/main/version.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/97ed7709112a30cf9c5fe76726aa4fe959fc898c
====== 
Move OpenSSL init out of version check

Initialize OpenSSL outside ssl_version_check() to execute even with
disabled version check. Otherwise SSL_CTX_new() returns zero and
FreeRADIUS segfaults in init_tls_ctx with version check disabled.

Nikolai Kondrashov at 2015-02-11T16:07:50Z
Files modified:
	* src/main/radiusd.c
	* src/main/version.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/2c0c94eae5ec9b22272d1b21181c0e2876506b96
====== 
Merge pull request #898 from spbnick/disable_openssl_vercheck_v2.x.x

Add --disable-openssl-version-check option

Alan DeKok at 2015-02-03T19:40:05Z
Files modified:
	* configure
	* configure.in
	* raddb/radiusd.conf.in
	* src/include/autoconf.h.in
	* src/include/radiusd.h
	* src/main/mainconfig.c
	* src/main/radiusd.c
	* src/main/version.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5c9ef84f83aa34e3b72afd27439c2ac4ed28b134
====== 
Add --disable-openssl-version-check option

Add "--disable-openssl-version-check" configure option, which removes
checking for vulnerable OpenSSL versions. It is supposed to be used by
downstream packagers and distributions who have other means to ensure
vulnerabilities are fixed, such as versioned package dependencies and
vulnerability handling processes.

This avoids the necessity of editing radiusd.conf on package upgrade to
make sure it keeps working. At the same time, it provides safe default
to those installing FreeRADIUS from source.

Instead of defining a dummy ssl_check_version function and ignoring
allow_vulnerable_openssl option, remove these altogether to match the
v3.0.x branch.

Nikolai Kondrashov at 2015-02-03T14:58:20Z
Files modified:
	* configure
	* configure.in
	* raddb/radiusd.conf.in
	* src/include/autoconf.h.in
	* src/include/radiusd.h
	* src/main/mainconfig.c
	* src/main/radiusd.c
	* src/main/version.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/767c67fc4f2f673a44f89794a3531158dcb7b1ec
====== 
Merge pull request #897 from spbnick/strlcpy_fix

log: Check message buffer length to avoid overflow

Alan DeKok at 2015-02-03T13:32:49Z
Files modified:
	* src/main/log.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/b7c5eecddf78b8706972da928b835cd8c8d57757
====== 
log: Check message buffer length to avoid overflow

Check that adding strlcpy result to the message length didn't exceed
size of the message buffer to avoid underflow in calculating remaining
size and overflowing the buffer.

Nikolai Kondrashov at 2015-02-03T11:10:52Z
Files modified:
	* src/main/log.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/94b88276fbdc14e945a5f37618052725e78a7521
====== 
Replace strncat() with strlcpy()

Alan T. DeKok at 2015-02-01T22:24:23Z
Files modified:
	* src/main/log.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0824dd5325f31d2fd2f4e59e4d7c4f5762e8e601
====== 
Merge pull request #895 from spbnick/v2.x.x_misc_fixes

v2.x.x misc fixes

Alan DeKok at 2015-02-01T22:12:02Z
Files modified:
	* src/lib/dhcp.c
	* src/main/command.c
	* src/main/conffile.c
	* src/main/dhcpd.c
	* src/main/log.c
	* src/main/modcall.c
	* src/main/radconf2xml.c
	* src/main/radmin.c
	* src/main/threads.c
	* src/main/xlat.c
	* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
	* src/modules/rlm_expr/rlm_expr.c
	* src/modules/rlm_otp/otp_radstate.c
	* src/modules/rlm_pap/rlm_pap.c
	* src/modules/rlm_sql/rlm_sql.c
	* src/modules/rlm_sql_log/rlm_sql_log.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/0495f31aa9255a343e73120ab8450e54cd111459
====== 
Don't dereference NULL cs in cf_item_parse

Avoid dereferencing NULL cs in cf_item_parse and cf_reference_item it
invokes.

This fixes the following Coverity errors:

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:932: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:938: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:958: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:963: var_deref_model: Passing null pointer "cs" to "cf_expand_variables", which dereferences it.
freeradius-server-2.2.6/src/main/conffile.c:782:4: deref_parm_in_call: Function "cf_reference_item" dereferences "outercs".
freeradius-server-2.2.6/src/main/conffile.c:597:25: var_assign_parm: Assigning: "cs" = "outercs".
freeradius-server-2.2.6/src/main/conffile.c:615:4: deref_var: Dereferencing "cs" (which is a copy of "outercs").

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:958: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:973: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:994: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1009: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1041: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1051: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1054: var_deref_op: Dereferencing null pointer "cs".

Error: FORWARD_NULL (CWE-476):
freeradius-server-2.2.6/src/main/conffile.c:900: var_compare_op: Comparing "cs" to null implies that "cs" might be null.
freeradius-server-2.2.6/src/main/conffile.c:1066: var_deref_op: Dereferencing null pointer "cs".

Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
	* src/main/conffile.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/84a901901ad45ab41651485ef9ff5cde0fb7b891
====== 
dhcp: Remove useless variable initializer

Remove an initialization of a variable, which is then overwritten, in
dhcp_get_option.

This fixes the following Clang warning:
freeradius-server-2.2.6/src/lib/dhcp.c:144:11: warning: Value stored to 'data' during its initialization is never read

Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
	* src/lib/dhcp.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/5a2848bd6463476ff7006a822fa8bd3e62ff5e6d
====== 
dhcpd: Verify DICT_VALUE exists itself

Verify that a DICT_VALUE was returned from dict_valbyattr by checking
the returned pointer, not the "name" field address. This likely fixes a
possible segfault when debugging.

This also fixes the following Coverity error:

Error: NO_EFFECT (CWE-398):
freeradius-server-2.2.6/src/main/dhcpd.c:300: array_null: Comparing an array to null is not useful: "dv->name".

Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
	* src/main/dhcpd.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/df1013f5b0d642c20adedac36a33df39d6fea92e
====== 
dhcp: Use correct format specifiers in a message

Format size_t with %zu specifier, instead of %d, as size_t is not
guaranteed to be the same size as int.

This fixes the following compiler warnings:

freeradius-server-2.2.6/src/lib/dhcp.c: scope_hint: In function 'fr_dhcp_add_arp_entry'
freeradius-server-2.2.6/src/lib/dhcp.c:1536: warning: format '%d' expects type 'int', but argument 2 has type 'long unsigned int'
freeradius-server-2.2.6/src/lib/dhcp.c:1536: warning: format '%d' expects type 'int', but argument 3 has type 'size_t'

Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
	* src/lib/dhcp.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/ff526ad4ad985b94dc6fd30ee5bbce21f1f66e8e
====== 
Fix two pointer signedness warnings

This fixes the following compiler warnings:

freeradius-server-2.2.6/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c: scope_hint: In function 'cbtls_verify'
freeradius-server-2.2.6/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c:711: warning: pointer targets in passing argument 2 of 'pairmake' differ in signedness
freeradius-server-2.2.6/src/include/libradius.h:373: note: expected 'const char *' but argument is of type 'unsigned char *'

freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c: scope_hint: In function 'base64_to_hex_xlat'
freeradius-server-2.2.6/src/modules/rlm_expr/rlm_expr.c:678: warning: pointer targets in passing argument 1 of 'fr_bin2hex' differ in signedness
freeradius-server-2.2.6/src/include/libradius.h:418: note: expected 'const uint8_t *' but argument is of type 'char *'

Nikolai Kondrashov at 2015-01-30T16:16:32Z
Files modified:
	* src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c
	* src/modules/rlm_expr/rlm_expr.c

Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/66727f8af40dd5646bb52b5e4ca3bec3e49b95b5
====== 
-- 
This commit summary was generated @2017-08-01T00:00:08Z by lgfeed version 0.00 (https://github.com/arr2036/lgfeed).


More information about the Freeradius-Devel mailing list