Debian Package Tracker

general

source: freeradius (main)
version: 3.0.21+dfsg-2
maintainer: Debian FreeRADIUS Packaging Team (archive) (DMD)
uploaders: Sam Hartman [DMD] – Mark Hymers [DMD] – Bernhard Schmidt [DMD]
arch: all any
std-ver: 4.4.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.2.5+dfsg-0.2+deb8u1
o-o-sec: 2.2.5+dfsg-0.2+deb8u1
oldstable: 3.0.12+dfsg-5+deb9u1
old-sec: 3.0.12+dfsg-5+deb9u1
stable: 3.0.17+dfsg-1.1
stable-bpo: 3.0.21+dfsg-1~bpo10+1
testing: 3.0.21+dfsg-2
unstable: 3.0.21+dfsg-2

versioned links

2.2.5+dfsg-0.2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.0.12+dfsg-5+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.0.17+dfsg-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.0.20+dfsg-3~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.0.21+dfsg-1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.0.21+dfsg-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

freeradius (6 bugs: 0, 5, 1, 0)
freeradius-common
freeradius-config
freeradius-dhcp
freeradius-iodbc
freeradius-krb5
freeradius-ldap (2 bugs: 0, 2, 0, 0)
freeradius-memcached
freeradius-mysql (2 bugs: 0, 2, 0, 0)
freeradius-postgresql (1 bugs: 0, 1, 0, 0)
freeradius-python3
freeradius-redis (1 bugs: 0, 1, 0, 0)
freeradius-rest
freeradius-utils
freeradius-yubikey
libfreeradius-dev
libfreeradius3

action needed

lintian reports 3 errors and 8 warnings high

Lintian reports 3 errors and 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-09-21 06:02

1 bug tagged help in the BTS normal

The BTS contains 1 bug tagged help, please consider helping the maintainer in dealing with it.

Created: 2019-03-21 Last update: 2020-10-21 08:30

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2020-10-19 Last update: 2020-10-21 08:30

6 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit cbb4e254a8a6948039ad7077e4ebd695f3a2f3c3
Author: Bernhard Schmidt <berni@debian.org>
Date:   Mon Aug 24 10:47:30 2020 +0200

    Changelog for 3.0.21+dfsg-2

commit 70e342b100866794e9628366728c64d714071d11
Author: Bernhard Schmidt <berni@debian.org>
Date:   Mon Aug 24 10:45:49 2020 +0200

    Temporarily collectd integration (again, hopefully temporary)
    
    collectd again has RC bugs causing it's removal from testing, disable
    collectd integration until this is fixed.

commit 462223f6feac613708830e1697b0b2209a5bc253
Author: Bernhard Schmidt <berni@debian.org>
Date:   Mon Aug 24 10:44:43 2020 +0200

    Bump to debhelper compat 10
    
    We can't go higher right now because mod_python3 configure fails
    with the additional --runstatedir= parameter

commit a028d119a50fca34b20c023002fac02da74d81ae
Author: Bernhard Schmidt <berni@debian.org>
Date:   Mon Aug 24 10:37:53 2020 +0200

    d/control: run wrap-and-sort

commit f32ebb30b64745884b891e208ef19073b99fc6b4
Author: Bernhard Schmidt <berni@debian.org>
Date:   Mon Aug 24 09:58:17 2020 +0200

    Cherry-Pick upstream fixes to build with Python3.8
    
    Closes: #966860

commit bbda61d85b3b2aa5c29d793dde6b4b17e0d18191
Author: Bernhard Schmidt <berni@debian.org>
Date:   Fri Apr 3 16:29:25 2020 +0200

    Drop migration code for versions earlier than oldstable (Squeeze)

Created: 2020-08-24 Last update: 2020-10-13 08:35

RFH: The maintainer is looking for help with this package. normal

The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #933376 for more information.

Created: 2019-02-23 Last update: 2019-07-30 01:12

4 ignored security issues in stretch low

There are 4 open security issues in stretch.

4 issues skipped by the security teams:

CVE-2019-11234: FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497.
CVE-2019-11235: FreeRADIUS before 3.0.19 mishandles the "each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used" protection mechanism, aka a "Dragonblood" issue, a similar issue to CVE-2019-9498 and CVE-2019-9499.
CVE-2019-13456: In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
CVE-2019-17185: In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.

Please fix them.

Created: 2019-04-16 Last update: 2020-09-13 15:00

2 ignored security issues in buster low

There are 2 open security issues in buster.

2 issues skipped by the security teams:

CVE-2019-13456: In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. This leaks information that an attacker can use to recover the password of any user. This information leakage is similar to the "Dragonblood" attack and CVE-2019-9494.
CVE-2019-17185: In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global OpenSSL BN_CTX instance to handle all handshakes. This mean multiple threads use the same BN_CTX instance concurrently, resulting in crashes when concurrent EAP-pwd handshakes are initiated. This can be abused by an adversary as a Denial-of-Service (DoS) attack.

Please fix them.

Created: 2020-03-18 Last update: 2020-09-13 15:00

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2019-08-10 Last update: 2019-08-10 23:35

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.0 instead of 4.4.1).

Created: 2020-01-21 Last update: 2020-08-24 16:43

testing migrations

This package will soon be part of the auto-perl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-hiredis transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the perl-5.32 transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-openssl transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2020-09-14] freeradius 3.0.21+dfsg-2 MIGRATED to testing (Debian testing watch)
[2020-08-31] freeradius REMOVED from testing (Debian testing watch)
[2020-08-24] Accepted freeradius 3.0.21+dfsg-2 (source) into unstable (Bernhard Schmidt)
[2020-04-07] Accepted freeradius 3.0.21+dfsg-1~bpo10+1 (source) into buster-backports (Bernhard Schmidt)
[2020-04-04] freeradius 3.0.21+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-04-01] Accepted freeradius 3.0.21+dfsg-1 (source) into unstable (Bernhard Schmidt)
[2020-03-09] Accepted freeradius 3.0.20+dfsg-3~bpo10+1 (source all amd64) into buster-backports, buster-backports (Debian FTP Masters) (signed by: Bernhard Schmidt)
[2020-01-05] freeradius 3.0.20+dfsg-3 MIGRATED to testing (Debian testing watch)
[2019-12-09] Accepted freeradius 3.0.20+dfsg-3 (source) into unstable (Bernhard Schmidt)
[2019-12-06] Accepted freeradius 3.0.20+dfsg-2 (source all amd64) into experimental, experimental (Bernhard Schmidt)
[2019-12-02] freeradius 3.0.20+dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-11-29] Accepted freeradius 3.0.20+dfsg-1 (source) into unstable (Bernhard Schmidt)
[2019-08-24] freeradius 3.0.19+dfsg-3 MIGRATED to testing (Debian testing watch)
[2019-08-21] Accepted freeradius 3.0.19+dfsg-3 (source) into unstable (Bernhard Schmidt)
[2019-08-04] freeradius 3.0.19+dfsg-2 MIGRATED to testing (Debian testing watch)
[2019-08-01] Accepted freeradius 3.0.19+dfsg-2 (source) into unstable (Bernhard Schmidt)
[2019-07-29] Accepted freeradius 3.0.19+dfsg-1 (source) into unstable (Bernhard Schmidt)
[2019-04-25] freeradius 3.0.17+dfsg-1.1 MIGRATED to testing (Debian testing watch)
[2019-04-22] Accepted freeradius 3.0.17+dfsg-1.1 (source) into unstable (Bernhard Schmidt)
[2019-01-09] freeradius 3.0.17+dfsg-1 MIGRATED to testing (Debian testing watch)
[2019-01-07] Accepted freeradius 3.0.17+dfsg-1 (source) into unstable (Michael Stapelberg)
[2018-12-17] freeradius 3.0.16+dfsg-5 MIGRATED to testing (Debian testing watch)
[2018-12-14] Accepted freeradius 3.0.16+dfsg-5 (source) into unstable (Michael Stapelberg)
[2018-10-16] freeradius 3.0.16+dfsg-4.1 MIGRATED to testing (Debian testing watch)
[2018-10-11] Accepted freeradius 3.0.16+dfsg-4.1 (all amd64 source) into unstable, unstable (Dimitri John Ledkov)
[2018-05-19] freeradius 3.0.16+dfsg-3 MIGRATED to testing (Debian testing watch)
[2018-03-20] Accepted freeradius 3.0.16+dfsg-3 (source) into unstable (Michael Stapelberg)
[2018-02-25] Accepted freeradius 3.0.16+dfsg-2 (source) into unstable (Michael Stapelberg)
[2018-01-22] Accepted freeradius 3.0.16+dfsg-1 (source) into unstable (Michael Stapelberg)
[2017-12-29] freeradius REMOVED from testing (Debian testing watch)

bugs [bug history graph]

all: 14
RC: 0
I&N: 12
M&W: 2
F&P: 0
patch: 1
help: 1

links

homepage
lintian (3, 8)
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.0.21+dfsg-1ubuntu2
7 bugs
patches for 3.0.21+dfsg-1ubuntu2