Release of 3.0.12

Stefan Winter stefan.winter at restena.lu
Mon Sep 26 11:07:26 CEST 2016


Hi,
hm, can we still hold the press?

main {
 security {
        user = "radiusd"
        group = "radiusd"
        allow_core_dumps = yes
 }
        name = "radiusd"
        prefix = "/usr/local/freeradius/current"
        localstatedir = "/var"
        logdir = "/var/log/radius"
        run_dir = "/var/run/radiusd"
}
Cannot update core dump limit: Operation not permitted
Core dumps are enabled
main {
...
 security {
        max_attributes = 200
        reject_delay = 0.000000
        status_server = yes
        allow_vulnerable_openssl = "CVE-2016-6304"
 }
}
...

So after dropping priv's, it reads about CVE clearance. But then:

Debugger not attached
Refusing to start with libssl version OpenSSL 1.0.1k 8 Jan 2015
0x100010bf (1.0.1k release) (in range 1.0.1 release - 1.0.1t rele)
Security advisory CVE-2016-6304 (OCSP status request extension)
For more information see https://www.openssl.org/news/secadv/20160922.txt
Once you have verified libssl has been correctly patched, set
security.allow_vulnerable_openssl = 'CVE-2016-6304'
radius-int-1:/usr/local/freeradius #

Hm.

That's v3.0.x checkout from just a few minutes ago.

Greetings,

Stefan Winter

Am 22.09.2016 um 17:59 schrieb Alan DeKok:
>   A belated request for last-minute tests of 3.0.12.  I've pushed some changes to complain about OpenSSL.  They work for me, but another check would be useful.
> 
>   If all is OK, I'll release 3.0.12 on Monday.  For real this time.
> 
>   Alan DeKok.
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160926/16d3f7f9/attachment.sig>


More information about the Freeradius-Users mailing list