dated their RADIUS implementation in 25
years.
There is a work-around for the checkpoint issue, so additional configuration
changes for FreeRADIUS aren't a good idea.
Alan DeKok.
signature.asc
Description: Message signed with OpenPGP
The patch looks good to me, thanks.
> On Aug 20, 2024, at 9:42 PM, Santiago Ruano Rincón
> wrote:
>
> Hi!
>
> El 20/08/24 a las 15:14, Santiago Ruano Rincón escribió:
>> Hello Herwin,
>>
>> Thanks a lot for testing the proposed packages!
>>
>> El 15/08/24 a las 17:04, Herwin Weststrate esc
You can build the server without PCRE, even if the PCRE libraries are on the
system. Just do:
./configure --with-pcre=no
and it will fall back to Posix regular expressions.
Here's what we sent CVE. In short, there is no actual "exploit".
---
We disagree with this CVE. In the GitHub report [1], the RedHat
reporter claims:
> we are aware of a way to exploit this,
No description of this alleged exploit has been shared with us.
Our security contact is "secur...@fr
We've been looking for a new Debian maintainer for a while.
What, exactly, is in "bad shape" about this package? If there are issues, we
can work towards fixing them.
The software is widely used by many tens of thousands of sites. I hope it's
not going to be removed from Debian.
I'll
It's arguably bad in minor ways to allow TLSv1.0. But preventing people from
getting online is likely worse.
Alan DeKok.
ld suggest using the
libfreeradius-radius library from the main server distribution. It has many
more features, such as RFC 6929 "extended" attributes.
Alan DeKok.
signature.asc
Description: Message signed with OpenPGP using GPGMail
Package: freeradius
Version: 2.1.12
Severity: important
Dear Maintainer,
FreeRADIUS has been removed from "testing" because the package is no longer
being maintained.
Nearly all of the reported bugs have been fixed in the upstream
release. The only other ones are debian specific.
FreeRADIUS is
I would suggest simply not building dialup-admin, instead of removing
all of FreeRADIUS.
Dialup-admin has already been removed from the Version 3 release, for
precisely this reason. We didn't want to remove it from a "stable"
release because that's considered antisocial.
--
To UNSUBSCRIBE,
> get reset and/or ignored soon enough anyway) which is why nobody else
> noticed.
>
> Alan, is this correct?
Yes. I'll commit a fix.
Alan DeKok.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Josip Rodin wrote:
> Alan, is there any reason for mod_jradius not to be included in
> src/modules/stable?
I'll probably pull in the new module version for 2.1.11, and mark it
as "stable' then.
Alan DeKok.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@li
Josip Rodin wrote:
> Alan, can you apply this? Seems trivial enough.
Yup. Added for 2.1.11.
Alan DeKok.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Josip Rodin wrote:
> Alan, can you remember if any feature was omitted intentionally or not?
I don't think so. Which feature was omitted?
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
t;-6"
on the command line, or by using an IPv6 address for the server, or by
using a hostname which resolves to only an IPv6 address.
Alan DeKok.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@li
dclient -6 ..." for those systems. Or, add more hacks to look for v6
if the v4 lookup fails.
I'll see if I can put something together this week.
Alan DeKok.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Troub
;s defined, it should use the new
lt_dladvise() API.
I haven't added a "configure" check, because we're pretty close to a
release of 2.1.8. Likewise, I haven't upgraded the internal copy of
libltdl.
I'll take a look at updating the internal copy of libltdl for 2.2.0,
ius-server/commit
/4df74f9b1497fc4c88f9159a680707041c70a23d
>
> Maybe it's about a similar issue?
Nope. That commit was to fix an issue where libltdl would crash.
i.e. not return "failed linking to X", but *die*, and take the
application down with it.
Alan DeKok.
--
if (ht->fp) {
>
> statement at the same time, leading both to close the file. So your fix
> has narrowed the race, but not eliminated it.
Sure. Send a patch.
Alan DeKok.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
s to work for *everyone*. Having it crash
occasionally for others because you don't want to HUP it is not nice.
Alan DeKok.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
suggestion is to remove the configuration that reads the file
for every packet. FreeRADIUS already supports HUP to re-load files when
they change. And reading a potentially large file for 1000 packets/s is
a *very* bad idea.
Alan DeKok.
--
To UNSUBSCRIBE, email to debian-bugs-dist-req
Josip Rodin wrote:
> I'm forwarding this to the upstream author. Alan, does this sound
> familiar?
Nope. After a quick look through the code, it might be fixed by this:
http://github.com/alandekok/freeradius-server/commit/f691b0ec7d4c92919bdd4dc81e8a86b211c00832
Alan DeKok
Enrik Berkhan wrote:
> Alan DeKok schrieb:
>> b) The output of perl -MExtUtils::Embed -e ldopts / ccopts
>> should stop telling applications that linking will work.
>> It won't. It's lying to you. If the libperl-dev package
>> isn't ins
hen someone installed broken headers/libraries by hand, from
a "tar" file. Except for libperl.
Alan DeKok.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
es aren't set up correctly. I'm
curious how *any* application can depend on the perl libraries, like
FreeRADIUS does.
My conclusion is it can't. The Perl .so's are there for amusement,
not for general use.
Alan DeKok.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with
24 matches
Mail list logo
