aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-connectivity/freeradius/files
diff options
context:
space:
mode:
authorChangqing Li <changqing.li@windriver.com>2018-10-11 10:53:05 +0800
committerKhem Raj <raj.khem@gmail.com>2018-10-10 20:48:18 -0700
commit9f47fcd33739c92dc86003182ac32b2535db7f32 (patch)
tree5e87257a82388a6c948d939eb0e3a3cf91cea25f /meta-networking/recipes-connectivity/freeradius/files
parentf72160a3dc1ee7e8c0edfb19cfdb4b6a7fa3ab2b (diff)
downloadmeta-openembedded-9f47fcd33739c92dc86003182ac32b2535db7f32.tar.gz
meta-openembedded-9f47fcd33739c92dc86003182ac32b2535db7f32.tar.bz2
meta-openembedded-9f47fcd33739c92dc86003182ac32b2535db7f32.zip
freeradius: fix radiusd.service startup failed problem
during radiusd start up, it will check several CVEs of libssl, if allow_vulnerable_openssl set to no and one of the CVEs is matched, radiusd will not startup. in tls.c, two CVEs's version number is wrong, and after upgrade openssl to 1.1.1, one CVE matched, so startup failed. correct the version numner to make radiusd startup successfully. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-networking/recipes-connectivity/freeradius/files')
-rw-r--r--meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch44
1 files changed, 44 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch b/meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch
new file mode 100644
index 000000000..9e1f5b2ef
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch
@@ -0,0 +1,44 @@
+From fecf974b63f72eeb12d3b43522e948ca2bc704d4 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 11 Oct 2018 09:45:52 +0800
+Subject: [PATCH] freeradius: correct version number of libssl defect
+
+Upstream-Status: Backport [https://github.com/FreeRADIUS/freeradius-server
+ /commit/ad039347beca4ded297813a1da6eabb61fcf2ddd]
+
+upstream have refactored this part code into
+src/lib/tls/base.c, and problem also have fixed
+by commit ad039347beca
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/main/tls.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/main/tls.c b/src/main/tls.c
+index acbfe79..d9c91f1 100644
+--- a/src/main/tls.c
++++ b/src/main/tls.c
+@@ -72,15 +72,15 @@ typedef struct libssl_defect {
+ static libssl_defect_t libssl_defects[] =
+ {
+ {
+- .low = 0x01010101f, /* 1.1.0a */
+- .high = 0x01010101f, /* 1.1.0a */
++ .low = 0x01010001f, /* 1.1.0a */
++ .high = 0x01010001f, /* 1.1.0a */
+ .id = "CVE-2016-6309",
+ .name = "OCSP status request extension",
+ .comment = "For more information see https://www.openssl.org/news/secadv/20160926.txt"
+ },
+ {
+- .low = 0x01010100f, /* 1.1.0 */
+- .high = 0x01010100f, /* 1.1.0 */
++ .low = 0x010100000f, /* 1.1.0 */
++ .high = 0x01010000f, /* 1.1.0 */
+ .id = "CVE-2016-6304",
+ .name = "OCSP status request extension",
+ .comment = "For more information see https://www.openssl.org/news/secadv/20160922.txt"
+--
+2.7.4
+