Update radsecproxy to version 1.6.5 and convert the init script to use
procd, and start later during boot to ensure name service is operational.
Introduces a small patch to radsecproxy which prevents it from forcing
log output to stderr when run in the foreground, thus making it possible
to simply run it in this mode for procd management.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@40635 3c298f89-4303-0410-b956-a3cf2f4a3e73
Since my previous post a similar issue was discovered for DTLS and 1.6.2
was released. CVE numbers were also assigned for these two
vulnerabilities:
CVE-2012-4523 refers to the TLS issue, fixed in radsecproxy 1.6.1
CVE-2012-4566 refers to the DTLS issue, fixed in radsecproxy 1.6.2
So it would be good to bump to 1.6.2, applying this patch on top of
r34484.
Signed-off-by: Zenon Mousmoulas <zmousm@noc.grnet.gr>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@34535 3c298f89-4303-0410-b956-a3cf2f4a3e73
An issue has been found where radsecproxy accepts TLS clients when it
should not, due to the way it performs client verification after a TLS
handshake.
See for more details:
https://project.nordu.net/browse/RADSECPROXY-43https://project.nordu.net/browse/RADSECPROXY-44
A (short term) fix for this issue has been released as version 1.6.1.
Other changes in previously released version 1.6 mostly apply to F-Ticks
logging, an optional feature that is not enabled in the OpenWRT package,
due to a build dependency on nettle, a library that has not been ported/
packaged (yet).
Signed-off-by: Zenon Mousmoulas <zmousm@noc.grnet.gr>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/packages@34484 3c298f89-4303-0410-b956-a3cf2f4a3e73
