From b8d1a14f7f3b76457c36752202ea7ae5881b6654 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Thu, 21 Nov 2024 19:03:28 +0800 Subject: [PATCH] freeradius: upgrade 3.2.3 -> 3.2.5 ChangeLog: https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_4 https://github.com/FreeRADIUS/freeradius-server/releases/tag/release_3_2_5 Security fixes: CVE-2024-3596: RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen-prefix collision attack against MD5 Response Authenticator signature. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-3596 https://www.freeradius.org/security/ https://www.blastradius.fail/ https://www.inkbridgenetworks.com/web/content/2557?unique=47be02c8aed46c53b0765db185320249ad873d95 (master rev: 28d82d17c8174ee17271ca43ad7eb2175211cacc) Signed-off-by: Yi Zhao Signed-off-by: Khem Raj Signed-off-by: Haixiao Yan Signed-off-by: Armin Kuster --- .../freeradius/{freeradius_3.2.3.bb => freeradius_3.2.5.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-networking/recipes-connectivity/freeradius/{freeradius_3.2.3.bb => freeradius_3.2.5.bb} (99%) diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.3.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.5.bb similarity index 99% rename from meta-networking/recipes-connectivity/freeradius/freeradius_3.2.3.bb rename to meta-networking/recipes-connectivity/freeradius/freeradius_3.2.5.bb index 7ea63a65d3..70f2496170 100644 --- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.3.bb +++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.2.5.bb @@ -39,7 +39,7 @@ SRC_URI = "git://github.com/FreeRADIUS/freeradius-server.git;branch=v3.2.x;lfs=0 raddbdir = "${sysconfdir}/${MLPREFIX}raddb" -SRCREV = "db3d1924d9a2e8d37c43872932621f69cfdbb099" +SRCREV = "a7acce80f5ba2271d9aeb737a4a91a5bf8317f31" UPSTREAM_CHECK_GITTAGREGEX = "release_(?P\d+(\_\d+)+)"