On 04/12/2012 6:25 μ.μ., Florian Fainelli wrote: > On Wednesday 17 October 2012 00:32:56 Zenon Mousmoulas wrote: >> An issue has been found where radsecproxy accepts TLS clients when it >> should not, due to the way it performs client verification after a TLS >> handshake. >> >> See for more details: >> https://project.nordu.net/browse/RADSECPROXY-43 >> https://project.nordu.net/browse/RADSECPROXY-44 >> >> A (short term) fix for this issue has been released as version 1.6.1. >> Other changes in previously released version 1.6 mostly apply to F-Ticks >> logging, an optional feature that is not enabled in the OpenWRT package, >> due to a build dependency on nettle, a library that has not been ported/ >> packaged (yet). >> >> >> Signed-off-by: Zenon Mousmoulas <zmo...@noc.grnet.gr> >> --- > Applied in r34484, thanks!
Since my previous post a similar issue was discovered for DTLS and 1.6.2 was released. CVE numbers were also assigned for these two vulnerabilities: CVE-2012-4523 refers to the TLS issue, fixed in radsecproxy 1.6.1 CVE-2012-4566 refers to the DTLS issue, fixed in radsecproxy 1.6.2 So it would be good to bump to 1.6.2, applying this patch on top of r34484. Signed-off-by: Zenon Mousmoulas <zmo...@noc.grnet.gr> --- package/feeds/packages/radsecproxy/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --exclude .svn --new-file -uprN a/package/feeds/packages/radsecproxy/Makefile b/package/feeds/packages/radsecproxy/Makefile --- a/package/feeds/packages/radsecproxy/Makefile 2012-12-06 16:57:51.000000000 +0200 +++ b/package/feeds/packages/radsecproxy/Makefile 2012-12-06 16:58:39.000000000 +0200 @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=radsecproxy -PKG_VERSION:=1.6.1 +PKG_VERSION:=1.6.2 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://software.uninett.no/radsecproxy/ -PKG_MD5SUM:=841ec9b1492a7c7ae301a05ab035d85d +PKG_MD5SUM:=dad5c696e4cfe80d606ba90c9a13118b PKG_INSTALL:=1 _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
