Sorry for the late reply. See inline: On Sun, Nov 5, 2017 at 4:41 PM, Jan Tomasek <j...@tomasek.cz> wrote:
> Package: freeradius > Version: 3.0.12+dfsg-5 > Severity: important > Tags: patch > > freeRADIUS v3 does have implementation bug. It isn't able to read more > than one packet from incoming TLS (RadSec) connection. The bug shows more > likely on large deployments and is able to make server completely useless. > That is why I'm setting Severity to important. > > More detailed technical info is available here: > https://github.com/FreeRADIUS/freeradius-server/pull/2106 > https://github.com/FreeRADIUS/freeradius-server/pull/2107 > > The attached patch is tested against official freeRAIDUS releases 3.0.12, > 3.0.14, 3.0.15 and against Debian package freeradius_3.0.12+dfsg-5 it fixes > the problem and causes no harm. > > Please is it possible to propagate this into Debian/Stretch? > Pushing code directly to Debian stretch is too risky. Let’s wait until the change made it to Debian testing, which most naturally would happen with a new upstream release (3.0.16?). Once that happened, please ping this bug and we can look into preparing an update to stretch. > > > Thanks > -- > ----------------------- > Jan Tomasek aka Semik > http://www.tomasek.cz/ > > _______________________________________________ > Pkg-freeradius-maintainers mailing list > pkg-freeradius-maintain...@lists.alioth.debian.org > https://lists.alioth.debian.org/mailman/listinfo/pkg- > freeradius-maintainers > > -- Best regards, Michael
