[oe] [PATCH] freeradius: fix radiusd.service startup failed problem
changqing.li at windriver.com
changqing.li at windriver.com
Thu Oct 11 02:26:08 UTC 2018
From: Changqing Li <changqing.li at windriver.com>
during radiud start up, it will sereval CVE of libssl,
if allow_vulnerable_openssl set to no and one of CVE is matched,
radiusd will not startup.
in tls.c, two CVEs's version number is wrong, and after upgrade openssl
to 1.1.1, one CVE matched, so startup failed. correct the version numner
to make radiusd startup success.
Signed-off-by: Changqing Li <changqing.li at windriver.com>
---
...s-correct-version-number-of-libssl-defect.patch | 43 ++++++++++++++++++++++
.../freeradius/freeradius_3.0.17.bb | 1 +
2 files changed, 44 insertions(+)
create mode 100644 meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch
diff --git a/meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch b/meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch
new file mode 100644
index 0000000..0a961d1
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch
@@ -0,0 +1,43 @@
+From fecf974b63f72eeb12d3b43522e948ca2bc704d4 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li at windriver.com>
+Date: Thu, 11 Oct 2018 09:45:52 +0800
+Subject: [PATCH] freeradius: correct version number of libssl defect
+
+Upstream-Status: Backport
+
+upstream have refactored this part code into
+src/lib/tls/base.c, and problem also have fixed
+by commit ad039347beca
+
+Signed-off-by: Changqing Li <changqing.li at windriver.com>
+---
+ src/main/tls.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/main/tls.c b/src/main/tls.c
+index acbfe79..d9c91f1 100644
+--- a/src/main/tls.c
++++ b/src/main/tls.c
+@@ -72,15 +72,15 @@ typedef struct libssl_defect {
+ static libssl_defect_t libssl_defects[] =
+ {
+ {
+- .low = 0x01010101f, /* 1.1.0a */
+- .high = 0x01010101f, /* 1.1.0a */
++ .low = 0x01010001f, /* 1.1.0a */
++ .high = 0x01010001f, /* 1.1.0a */
+ .id = "CVE-2016-6309",
+ .name = "OCSP status request extension",
+ .comment = "For more information see https://www.openssl.org/news/secadv/20160926.txt"
+ },
+ {
+- .low = 0x01010100f, /* 1.1.0 */
+- .high = 0x01010100f, /* 1.1.0 */
++ .low = 0x010100000f, /* 1.1.0 */
++ .high = 0x01010000f, /* 1.1.0 */
+ .id = "CVE-2016-6304",
+ .name = "OCSP status request extension",
+ .comment = "For more information see https://www.openssl.org/news/secadv/20160922.txt"
+--
+2.7.4
+
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb
index 1b45e78..c17d56d 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb
@@ -29,6 +29,7 @@ SRC_URI = "ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-${PV}.tar.b
file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \
file://radiusd.service \
file://radiusd-volatiles.conf \
+ file://0001-freeradius-correct-version-number-of-libssl-defect.patch \
"
SRC_URI[md5sum] = "1f4ad38f32101a7d50d818afa6f17339"
SRC_URI[sha256sum] = "3f03404b6e4a4f410e1f15ea2ababfec7f8a7ae8a49836d8a0c137436d913b96"
--
2.7.4
More information about the Openembedded-devel
mailing list