mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-05 02:50:46 +00:00
Code Issues Projects Releases Wiki Activity

freeradius: fix radiusd.service startup failed problem

Browse Source 
during radiusd start up, it will check several CVEs of libssl,
if allow_vulnerable_openssl set to no and one of the CVEs is
matched, radiusd will not startup.

in tls.c, two CVEs's version number is wrong, and after upgrade openssl
to 1.1.1, one CVE matched, so startup failed. correct the version numner
to make radiusd startup successfully.

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Changqing Li
2018-10-11 10:53:05 +08:00
committed by Khem Raj
parent f72160a3dc
commit 9f47fcd337
2 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch
+44
View File
@@ -0,0 +1,44 @@
From fecf974b63f72eeb12d3b43522e948ca2bc704d4 Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@windriver.com>
Date: Thu, 11 Oct 2018 09:45:52 +0800
Subject: [PATCH] freeradius: correct version number of libssl defect
Upstream-Status: Backport [https://github.com/FreeRADIUS/freeradius-server
/commit/ad039347beca4ded297813a1da6eabb61fcf2ddd]
upstream have refactored this part code into
src/lib/tls/base.c, and problem also have fixed
by commit ad039347beca
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
src/main/tls.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/main/tls.c b/src/main/tls.c
index acbfe79..d9c91f1 100644
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -72,15 +72,15 @@ typedef struct libssl_defect {
static libssl_defect_t libssl_defects[] =
{
{
- .low = 0x01010101f, /* 1.1.0a */
- .high = 0x01010101f, /* 1.1.0a */
+ .low = 0x01010001f, /* 1.1.0a */
+ .high = 0x01010001f, /* 1.1.0a */
.id = "CVE-2016-6309",
.name = "OCSP status request extension",
.comment = "For more information see https://www.openssl.org/news/secadv/20160926.txt"
},
{
- .low = 0x01010100f, /* 1.1.0 */
- .high = 0x01010100f, /* 1.1.0 */
+ .low = 0x010100000f, /* 1.1.0 */
+ .high = 0x01010000f, /* 1.1.0 */
.id = "CVE-2016-6304",
.name = "OCSP status request extension",
.comment = "For more information see https://www.openssl.org/news/secadv/20160922.txt"
--
2.7.4
meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb
+1
View File
@@ -29,6 +29,7 @@ SRC_URI = "ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-${PV}.tar.b
file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \
file://radiusd.service \
file://radiusd-volatiles.conf \
file://0001-freeradius-correct-version-number-of-libssl-defect.patch \
"
SRC_URI[md5sum] = "1f4ad38f32101a7d50d818afa6f17339"
SRC_URI[sha256sum] = "3f03404b6e4a4f410e1f15ea2ababfec7f8a7ae8a49836d8a0c137436d913b96"