Dan Breslau [Mon, 17 Jul 2017 18:05:09 +0000 (14:05 -0400)]
Merge tag 'release_3_0_15' into tr-integ
Alan T. DeKok [Mon, 17 Jul 2017 12:43:00 +0000 (08:43 -0400)]
note recent changes
Arran Cudbard-Bell [Wed, 5 Jul 2017 17:07:31 +0000 (13:07 -0400)]
FR-AD-003 - Pass correct statement length into sqlite3_prepare[_v2]
Arran Cudbard-Bell [Wed, 5 Jul 2017 16:40:47 +0000 (12:40 -0400)]
FR-AD-002 - Bind the lifetime of program name and python path to the module
PySys_SetPath and PySys_SetName don't appear to duplicate the buffer, they just store a pointer.
Alan T. DeKok [Thu, 13 Jul 2017 15:49:29 +0000 (11:49 -0400)]
a normal ASN1 time is 13 octets
YYMMDDHHMMSSZ
Alan T. DeKok [Wed, 12 Jul 2017 15:53:29 +0000 (11:53 -0400)]
be more flexible about truncated ASN1 times
Alan T. DeKok [Tue, 11 Jul 2017 13:47:58 +0000 (09:47 -0400)]
note recent changes
Alan T. DeKok [Tue, 11 Jul 2017 13:30:21 +0000 (09:30 -0400)]
remove deprecated configuration item
Alan T. DeKok [Tue, 11 Jul 2017 13:29:51 +0000 (09:29 -0400)]
print error on deprecated config items
Alan T. DeKok [Tue, 11 Jul 2017 12:36:06 +0000 (08:36 -0400)]
print out why we couldn't parse the expiry time
Alan T. DeKok [Sun, 9 Jul 2017 18:35:26 +0000 (14:35 -0400)]
swap checks for people who get excited over multiple messages
Alan T. DeKok [Mon, 3 Jul 2017 23:08:15 +0000 (19:08 -0400)]
FR-GV-305 read the correct offset instead of uninitialized memory
Alan T. DeKok [Mon, 3 Jul 2017 19:42:35 +0000 (15:42 -0400)]
FR-GV-304 - check for option overflowing the packet
Alan T. DeKok [Mon, 3 Jul 2017 19:37:44 +0000 (15:37 -0400)]
FR-GV-303 - do memchr() of end-p, not q-p
Alan T. DeKok [Wed, 28 Jun 2017 01:54:10 +0000 (21:54 -0400)]
FR-GV-302 - do checks based on pointers, not on decoded data
because decoded data may be empty
Alan T. DeKok [Wed, 28 Jun 2017 16:13:03 +0000 (12:13 -0400)]
make data2vp_extended() be more like data2vp_wimax()
There is no exploit, but making the code simpler is good.
Alan T. DeKok [Wed, 28 Jun 2017 01:49:20 +0000 (21:49 -0400)]
FR-GV-301 - handle malformed WiMAX attributes
Alan T. DeKok [Mon, 3 Jul 2017 15:36:13 +0000 (11:36 -0400)]
FR-GV-206 - decode option 60 (string) not 63 (octets), and check length
Alan T. DeKok [Tue, 4 Jul 2017 14:12:09 +0000 (10:12 -0400)]
FR-GV-201 - check input / output length in make_secret()
Alan T. DeKok [Wed, 5 Jul 2017 15:27:55 +0000 (11:27 -0400)]
FR-AD-001 - (v3) use strncmp() instead of memcmp() for bounded data
Alan DeKok [Mon, 3 Jul 2017 13:10:57 +0000 (09:10 -0400)]
Merge pull request #2014 from philmayers/patch-1
Add openssl to BuildRequires
Phil Mayers [Mon, 3 Jul 2017 12:42:54 +0000 (13:42 +0100)]
Add openssl to BuildRequires
The build step:
BOOTSTRAP raddb/certs/
...run `openssl dhparam -out dh -2 2048` which means you need to BuildRequires: openssl - openssl-devel does not pull in the binaries
Philippe Wooding [Thu, 29 Jun 2017 13:32:16 +0000 (15:32 +0200)]
Fix typo for huntgroups bug as described in freeradius.1045715.n5.nabble.com/Problem-with-huntgroups-upgrading-from-2-2-9-to-3-0-x-td5744845.html
Alan T. DeKok [Thu, 29 Jun 2017 12:29:15 +0000 (08:29 -0400)]
note recent changes
Alan T. DeKok [Thu, 29 Jun 2017 11:58:14 +0000 (07:58 -0400)]
don't process VMPS packets twice
Alan T. DeKok [Thu, 29 Jun 2017 11:56:04 +0000 (07:56 -0400)]
This doesn't need bash. SH is more portable
Alan T. DeKok [Thu, 29 Jun 2017 11:54:39 +0000 (07:54 -0400)]
DLT_LINUX_SLL isn't defined everywhere
Alan T. DeKok [Thu, 29 Jun 2017 11:53:38 +0000 (07:53 -0400)]
Add OpenBSD
Alan T. DeKok [Thu, 29 Jun 2017 11:52:57 +0000 (07:52 -0400)]
default to using 2048 bit keys
Alan T. DeKok [Thu, 29 Jun 2017 11:50:18 +0000 (07:50 -0400)]
Fixes for LibreSSL
Alan T. DeKok [Tue, 27 Jun 2017 17:40:52 +0000 (13:40 -0400)]
length in bytes, not chbind packets
Alan T. DeKok [Mon, 26 Jun 2017 13:04:54 +0000 (09:04 -0400)]
typo
Alan T. DeKok [Thu, 22 Jun 2017 01:03:54 +0000 (21:03 -0400)]
Fix OpenSSL API issue. Based on a patch from Guido Vranken
Arran Cudbard-Bell [Wed, 21 Jun 2017 13:46:14 +0000 (09:46 -0400)]
Provide HOSTNAME in the default unit files
# Conflicts:
# redhat/radiusd.service
Alan T. DeKok [Tue, 20 Jun 2017 20:27:15 +0000 (16:27 -0400)]
move rad_authlog() for Access-Reject
to after running post-auth
Arran Cudbard-Bell [Mon, 19 Jun 2017 21:14:00 +0000 (17:14 -0400)]
Use the correct preun command
Alan T. DeKok [Fri, 16 Jun 2017 13:00:28 +0000 (09:00 -0400)]
incorporate all redhat specific files into the tarball. Closes #1987
Manual pull of patch
Alan T. DeKok [Thu, 15 Jun 2017 23:26:56 +0000 (19:26 -0400)]
fix typo. Closes #2006
Arran Cudbard-Bell [Wed, 7 Jun 2017 10:33:47 +0000 (06:33 -0400)]
Merge pull request #2003 from mcnewton/v3.0.x
update starent dictionary as posted to mailing list
Matthew Newton [Wed, 7 Jun 2017 09:58:47 +0000 (10:58 +0100)]
update starent dictionary as posted to mailing list
Alan T. DeKok [Tue, 6 Jun 2017 15:40:25 +0000 (11:40 -0400)]
notes on db_dir vs logdir
Alan T. DeKok [Tue, 6 Jun 2017 14:27:56 +0000 (10:27 -0400)]
as posted to the list
Dan Breslau [Tue, 6 Jun 2017 02:08:11 +0000 (22:08 -0400)]
Updated the spec file for moonshot-targeted-ids
Dan Breslau [Mon, 5 Jun 2017 22:43:53 +0000 (18:43 -0400)]
Bumped Release in freeradius-server.spec. version-number given to build.sh must be consistent with Version and Relase lines in freeradius-server.spec
Dan Breslau [Mon, 5 Jun 2017 22:29:08 +0000 (18:29 -0400)]
Bumped version number in freeradius-server.spec to 3.0.14
Dan Breslau [Mon, 5 Jun 2017 21:04:36 +0000 (17:04 -0400)]
Bumped version number for 3.0.14 merge
Dan Breslau [Mon, 5 Jun 2017 20:58:36 +0000 (16:58 -0400)]
Merge tag 'release_3_0_14' into tr-integ
Dan Breslau [Mon, 5 Jun 2017 20:38:46 +0000 (16:38 -0400)]
Turn session caching in EAP back on in preparation for 3.0.14 upgrade
Dan Breslau [Mon, 5 Jun 2017 20:14:52 +0000 (16:14 -0400)]
Added build script for redhat in redhat/redhat-build.sh
Alan T. DeKok [Mon, 5 Jun 2017 14:47:29 +0000 (10:47 -0400)]
fix printing of long hex values
Alan T. DeKok [Mon, 5 Jun 2017 13:02:29 +0000 (09:02 -0400)]
do less alloc/free
Alan T. DeKok [Sun, 4 Jun 2017 20:48:59 +0000 (16:48 -0400)]
don't truncate at 1K
Alan T. DeKok [Fri, 2 Jun 2017 18:55:17 +0000 (14:55 -0400)]
ifdef out the whole function...
Alan T. DeKok [Fri, 2 Jun 2017 18:54:08 +0000 (14:54 -0400)]
fixes for builds without TCP
Alan T. DeKok [Fri, 2 Jun 2017 18:52:16 +0000 (14:52 -0400)]
expose WITH_DHCP to Make, and then don't build proto_dhcp
Dan Breslau [Fri, 2 Jun 2017 15:29:40 +0000 (11:29 -0400)]
Disabled session caching in raddb/mods-available/eap in response to CVE-2017-9148.
Alan T. DeKok [Fri, 2 Jun 2017 13:17:32 +0000 (09:17 -0400)]
note recent changes
Alan T. DeKok [Fri, 2 Jun 2017 13:10:05 +0000 (09:10 -0400)]
parse port. Closes #2000
Alan T. DeKok [Thu, 1 Jun 2017 18:27:21 +0000 (14:27 -0400)]
note recent changes
Alan T. DeKok [Thu, 1 Jun 2017 18:26:04 +0000 (14:26 -0400)]
set 'sess = NULL' after freeing it. Closes #1999
Alan T. DeKok [Mon, 29 May 2017 13:50:04 +0000 (09:50 -0400)]
note that 3.0.14 wasn't released in March...
Alan T. DeKok [Mon, 29 May 2017 13:45:15 +0000 (09:45 -0400)]
bump for 3.0.15
Alan T. DeKok [Mon, 29 May 2017 13:44:51 +0000 (09:44 -0400)]
bump for 3.0.15
Alan T. DeKok [Fri, 26 May 2017 18:11:20 +0000 (14:11 -0400)]
note recent updates
Alan T. DeKok [Fri, 26 May 2017 14:56:11 +0000 (10:56 -0400)]
remove unnecessary assert
Alan T. DeKok [Fri, 26 May 2017 14:54:14 +0000 (10:54 -0400)]
check before dereference.
Found by PVS-Studio
Alan T. DeKok [Fri, 26 May 2017 14:52:20 +0000 (10:52 -0400)]
check before dereference.
Found by PVS-Studio
Alan T. DeKok [Fri, 26 May 2017 13:04:12 +0000 (09:04 -0400)]
check for username, too
Alan DeKok [Fri, 26 May 2017 10:21:27 +0000 (06:21 -0400)]
Merge pull request #1996 from alejandro-perez/v3.0.x
Fix deadlock
Alejandro Perez [Fri, 26 May 2017 06:15:07 +0000 (08:15 +0200)]
Fix deadlock.
This fixes a regression introduced in #
8391d0ba8ebd2599212317259d26a17cfebb5b2a
Alan T. DeKok [Thu, 25 May 2017 21:04:16 +0000 (17:04 -0400)]
note recent changes
Alan T. DeKok [Thu, 25 May 2017 20:59:14 +0000 (16:59 -0400)]
make outgoing SSL_connect() non-blocking
Alan DeKok [Thu, 25 May 2017 15:19:08 +0000 (11:19 -0400)]
Merge pull request #1995 from spaetow/patch-1
Update freeradius.spec with contents of PR #1991
Stefan Paetow [Thu, 25 May 2017 15:17:01 +0000 (16:17 +0100)]
As part of PR 1991, I forgot to update the FR SPEC file with the updated file list for mysql, postgresql and sqlite. Apologies!
Alan DeKok [Thu, 25 May 2017 12:56:51 +0000 (08:56 -0400)]
Merge pull request #1991 from spaetow/v3.0.x
Add SQL backing to Moonshot-*-TargetedId generation
Alan T. DeKok [Wed, 24 May 2017 21:21:55 +0000 (17:21 -0400)]
remove references to sql_log
Alan T. DeKok [Wed, 24 May 2017 19:55:26 +0000 (15:55 -0400)]
note recent changes
Alan T. DeKok [Wed, 24 May 2017 19:55:05 +0000 (15:55 -0400)]
as posted to the list
Stefan Paetow [Sat, 20 May 2017 20:05:56 +0000 (21:05 +0100)]
Merge branch 'v3.0.x' into v3.0.x
Alan T. DeKok [Fri, 19 May 2017 18:10:37 +0000 (14:10 -0400)]
note recent changes
Alan T. DeKok [Wed, 17 May 2017 16:15:07 +0000 (12:15 -0400)]
reduce scope of variable. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 16:07:49 +0000 (12:07 -0400)]
request by be NULL. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 16:06:57 +0000 (12:06 -0400)]
move shutdown calls into check for ssn->ssl. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 16:03:46 +0000 (12:03 -0400)]
check sizeof(*packet). Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:51:44 +0000 (11:51 -0400)]
check ptr before dereferencing it. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:50:36 +0000 (11:50 -0400)]
remove redundant declaration. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:46:57 +0000 (11:46 -0400)]
move assertion to correct place. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:46:12 +0000 (11:46 -0400)]
remove redundant assignment. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:44:48 +0000 (11:44 -0400)]
move assertion to top of function. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:42:54 +0000 (11:42 -0400)]
fix wrong assertion. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:41:57 +0000 (11:41 -0400)]
check for OOM. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:39:07 +0000 (11:39 -0400)]
check before dereference. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:35:20 +0000 (11:35 -0400)]
don't assign wrong enum to variable. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:27:45 +0000 (11:27 -0400)]
remove redundant check. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:26:54 +0000 (11:26 -0400)]
don't use i for inner and outer loop. Found by PVS-Studio
Alan T. DeKok [Wed, 17 May 2017 15:25:44 +0000 (11:25 -0400)]
remove duplicate checks. Found by PVS-Studio
Alan DeKok [Fri, 19 May 2017 18:06:40 +0000 (14:06 -0400)]
Merge pull request #1989 from Sp1l/v3.0.x
Fix build with LibreSSL
Stefan Paetow [Thu, 18 May 2017 21:14:47 +0000 (22:14 +0100)]
Changed wording. It's incorrect to claim it's a generation policy when it actually does a SQL XLAT.
Stefan Paetow [Thu, 18 May 2017 15:28:27 +0000 (16:28 +0100)]
Adjust the default table names to be SQL-standard compliant. Add the other supported SQL dialects.
Stefan Paetow [Thu, 18 May 2017 13:35:45 +0000 (14:35 +0100)]
Add SQL backing to Moonshot-*-TargetedId generation. Added three attributes for general use in this policy to avoid clashes with Tmp-* variables
projects / freeradius.git / log