Commit report for v3.0.x branch
The git bot
announce at freeradius.org
Wed Jul 16 00:00:01 CEST 2014
New activity for FreeRADIUS (the high performance and highly configurable RADIUS server)
======
More changes
Alan T. DeKok at 2014-07-15T14:11:50Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/d257e796f9ad1c62075c5ee0999344905795e008
======
Note recent changes
Alan T. DeKok at 2014-07-15T14:06:01Z
Files modified:
* doc/ChangeLog
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/b707d3a44c8e2ba8d48fbef17731792590274ebe
======
Check BN_rand_range return value
CVE-2014-4733.
In practice, the function should never fail.
jvoisin (via Alan T. DeKok)@2014-07-15T01:34:42Z
Files modified:
* src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/c3e8546f1057754dabdb1a607499b30931727744
======
Constant time memory comparison.
CVE-2014-4731.
Non-constant time comparisons usually require millions of packets
in order to get enough statistics. This is VERY hard to do with
WiFi or wired 802.1X. The delays on switch port open / close
are on the order of seconds.
jvoisin (via Alan T. DeKok)@2014-07-15T01:31:02Z
Files modified:
* src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/d0e01ff9a9df52ab027070e647b4f63f5819da8f
======
Use *_clear_free instead of *_free.
CVE-2014-4732
jvoisin (via Alan T. DeKok)@2014-07-15T01:29:06Z
Files modified:
* src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c
* src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c
Commit diff:
https://github.com/FreeRADIUS/freeradius-server/commit/22297d7bff6f1d5517eb6208feed7527328031b4
======
--
This commit summary was generated @2014-07-16T00:00:01Z by lgfeed version 0.00 (https://github.com/arr2036/lgfeed).
More information about the Freeradius-Devel
mailing list