CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2017/05/30 16:48:27
Modified files:
net/freeradius3: Tag: OPENBSD_6_1 Makefile distinfo
net/freeradius3/patches: Tag: OPENBSD_6_1
patch-src_main_detail_c
patch-src_main_tls_c
net/freeradius3/pkg: Tag: OPENBSD_6_1 PLIST-main PLIST-mysql
PLIST-pgsql
Added files:
net/freeradius3/patches: Tag: OPENBSD_6_1 patch-configure
Removed files:
net/freeradius3/patches: Tag: OPENBSD_6_1 patch-configure_ac
Log message:
MFC update to freeradius 3.0.14.
Security update for configurations with TLS; FreeRADIUS intentionally
skips inner authentication for TLS resumption, however it allows a
session to be resumed before the initial connection has authenticated,
allowing access without auth to a malicious supplicant. CVE-2017-9148,
See http://seclists.org/oss-sec/2017/q2/342
Workaround: set "enabled = no" in the cache section of raddb/mods-enabled/eap.
