[Pkg-freeradius-maintainers] [Git][debian/freeradius][debian/bullseye] 18 commits: CVE-2024-3596: The RADIUS Protocol under RFC 2865 is susceptible to forgery...

[Bastien Roucariès (@rouca)]

Bastien Roucariès pushed to branch debian/bullseye at Debian / freeradius


Commits:
de5364aa by Santiago Ruano Rincón at 2024-08-06T13:51:37-03:00
CVE-2024-3596: The RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature.

- - - - -
df75f422 by Santiago Ruano Rincón at 2024-08-06T13:51:59-03:00
Update d/patches/series

Gbp-Dch: Ignore

- - - - -
97e037cc by Santiago Ruano Rincón at 2024-08-06T13:52:51-03:00
Set RELEASE to bullseye in salsa-ci.yml

- - - - -
c73d9550 by Santiago Ruano Rincón at 2024-08-06T13:53:24-03:00
Snapshot debian/changelog

Gbp-Dch: Ignore

- - - - -
50108efa by Bastien Roucariès at 2024-08-07T15:42:19+00:00
Fix test

Edit systemctl unit

- - - - -
77d62a6f by Bastien Roucariès at 2024-08-07T19:55:53+00:00
Track origin of patches

- - - - -
d9f11e73 by Bastien Roucariès at 2024-08-07T21:45:49+00:00
CVE-2022-41859 fix

- - - - -
276e2888 by Bastien Roucariès at 2024-08-07T21:57:23+00:00
CVE-2022-41860

- - - - -
445f29ec by Bastien Roucariès at 2024-08-07T22:09:28+00:00
Add a note about not really fixing blastradius

- - - - -
3c067d25 by Bastien Roucariès at 2024-08-07T22:15:22+00:00
CVE-2022-41861

- - - - -
05be1adf by Bastien Roucariès at 2024-08-07T22:17:34+00:00
Fix col > 80

- - - - -
25d83503 by Bastien Roucariès at 2024-08-07T22:36:31+00:00
Test basic blastradius

- - - - -
82a04fb5 by Santiago Ruano Rincón at 2024-08-09T22:41:01-03:00
Clarify d/changelog entry about BlastRADIUS

Gbp-Dch: Ignore

- - - - -
e320f494 by Santiago Ruano Rincón at 2024-08-20T21:13:42-03:00
Add blastradius/0001-use-and-enforce-limit_proxy_state-for-Access-Request.patch

Gbp-Dch: Ignore

- - - - -
de7839dc by Santiago Ruano Rincón at 2024-08-20T21:13:42-03:00
Update d/patches/series

Gbp-Dch: Ignore

- - - - -
b464292e by Santiago Ruano Rincón at 2024-08-20T21:13:43-03:00
Snapshot d/changelog for 3.0.21+dfsg-2.2+deb11u2~2

Gbp-Dch: Ignore

- - - - -
08b65eb9 by Bastien Roucariès at 2024-08-23T12:01:25+00:00
Add NEWS and prepare to release

- - - - -
35c0b538 by Bastien Roucariès at 2024-08-23T12:02:01+00:00
Reput to UNRELEASE due to need of more testing

- - - - -


23 changed files:

- + debian/NEWS.freeradius-common
- debian/changelog
- + debian/patches/CVE-2022-41859-part1.patch
- + debian/patches/CVE-2022-41859-part2.patch
- + debian/patches/CVE-2022-41860.patch
- + debian/patches/CVE-2022-41861.patch
- + debian/patches/blastradius/0001-add-and-document-global-require_message_authenticato.patch
- + debian/patches/blastradius/0001-use-and-enforce-limit_proxy_state-for-Access-Request.patch
- + debian/patches/blastradius/0002-rename-for-consistency.patch
- + debian/patches/blastradius/0003-add-and-use-ignore-default-flag.patch
- + debian/patches/blastradius/0004-make-require_message_authenticator-the-default-for-c.patch
- + debian/patches/blastradius/0005-add-tls-flag-to-packets.patch
- + debian/patches/blastradius/0006-always-add-Message-Authenticator-for-replies-to-Acce.patch
- + debian/patches/blastradius/0007-add-and-set-require_message_authenticator-for-home-s.patch
- + debian/patches/blastradius/0008-add-Message-Authenticator-to-all-Access-Request-pack.patch
- + debian/patches/blastradius/0009-add-and-document-global-limit_proxy_state.patch
- + debian/patches/blastradius/0010-make-limit_proxy_state-the-default-for-clients.patch
- + debian/patches/blastradius/0011-word-smithing.patch
- + debian/patches/blastradius/0012-add-Blast-RADIUS-checks-to-radclient-and-radtest.patch
- + debian/patches/blastradius/0013-Add-M-A-processing-for-Status-Server-and-replies-fro.patch
- + debian/patches/blastradius/0014-Enforce-BlastRADIUS-checks-for-TCP-sockets-too.patch
- + debian/patches/blastradius/0015-implement-and-document-limit_proxy_state-auto.patch
- + debian/patches/blastradius/0016-add-more-helpful-error-messages.patch


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/debian/freeradius/-/compare/3658f0ef11a77fc5d4ebe775cab06efa3a9dcfc7...35c0b5387578cea6276fbf7bba6af297ccab3453

-- 
View it on GitLab: https://salsa.debian.org/debian/freeradius/-/compare/3658f0ef11a77fc5d4ebe775cab06efa3a9dcfc7...35c0b5387578cea6276fbf7bba6af297ccab3453
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeradius-maintainers/attachments/20240823/a598821b/attachment-0001.htm>