Imminent release of 2.2.5 and 3.0.3

Maja Wolniewicz mgw at umk.pl
Wed Apr 16 16:39:17 CEST 2014 

I'm testing the v3.0.x branch  - FreeRADIUS Version 3.1.0 (git #21acbbf)
on CentOS 6.5 with system openssl and all patches:

rpm -q --changelog openssl | grep CVE-2014-0160
- fix CVE-2014-0160 - information disclosure in TLS heartbeat extension

I'm getting
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013
0x01000105f (1.0.1e-15) (in range 1.0.1-0 - 1.0.1f-15)

The other problem I ran into is that when the cui is enabled then the
server fails when trying to remove an empty value:

(10) # Executing section post-auth from file
/opt/FR3.0/etc/raddb/sites-enabled/default
(10)   post-auth {
(10)   cui.post-auth cui.post-auth {
(10)     if (!control:Proxy-To-Realm && Chargeable-User-Identity &&
!reply:Chargeable-User-Identity &&      (Operator-Name || ('no' != 'yes')) )
(10)     if (!control:Proxy-To-Realm && Chargeable-User-Identity &&
!reply:Chargeable-User-Identity &&      (Operator-Name || ('no' !=
'yes')) )  -> FALSE
(10)    update reply {
(10) EXPAND %{reply:User-Name}
(10)    -->
(10)    User-Name -= '""'
CAUGHT SIGNAL: Segmentation fault
Backtrace of last 24 frames:
/opt/FR3.0/lib/libfreeradius-radius.so(fr_fault+0xea) [0x7f780ee92811]
/lib64/libpthread.so.0(+0xf710) [0x7f780dbbf710]
/opt/FR3.0/lib/libfreeradius-server.so(radius_compare_vps+0x2ff)
[0x7f780f0dff67]
/opt/FR3.0/lib/libfreeradius-server.so(radius_map2request+0x91a)
[0x7f780f0e2181]
..
No panic action set
_EXIT CALLED src/lib/debug.c[413]: 1: Unknown value 'Challenge' for
attribute 'Post-Auth-Type'

Maja

W dniu 15.04.2014 21:59, Alan DeKok pisze:
>   For people with time, please test the v2.x.x branch, and the v3.0.x
> branch.  We'd like to issue new releases to address the "heartbleed"
> issue with OpenSSL.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Maja Gorecka-Wolniewicz          mgw at umk.pl
Uczelniane Centrum               Information & Communication
Informatyczne                    Technology Centre
Uniwersytet Mikolaja Kopernika   Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3395 bytes
Desc: Kryptograficzna sygnatura S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140416/22a634f8/attachment.bin>

More information about the Freeradius-Users mailing list