Date: Friday, September 14, 2018 @ 19:08:20
Author: eworm
Revision: 380987
upgpkg: freeradius 3.0.17-6
fix version check for openssl vulnerability
Added:
freeradius/trunk/openssl-cve.patch
Modified:
freeradius/trunk/PKGBUILD
-------------------+
PKGBUILD | 16 ++++++++++++----
openssl-cve.patch | 15 +++++++++++++++
2 files changed, 27 insertions(+), 4 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-09-14 18:37:23 UTC (rev 380986)
+++ PKGBUILD 2018-09-14 19:08:20 UTC (rev 380987)
@@ -4,7 +4,7 @@
pkgname=freeradius
pkgver=3.0.17
-pkgrel=5
+pkgrel=6
pkgdesc='The premier open source RADIUS server'
arch=('x86_64')
url="https://freeradius.org/";
@@ -19,15 +19,23 @@
options=('!makeflags')
validpgpkeys=('BF2384EC6938B9744B03E2A620E37C25995B4F85') # FreeRADIUS -
Package Signing [...] <[email protected]>
source=("ftp://ftp.freeradius.org/pub/radius/freeradius-server-$pkgver.tar.bz2"{,.sig}
- 'freeradius-sysusers.conf'
- 'freeradius-tmpfiles.conf'
- 'freeradius.service')
+ 'openssl-cve.patch'
+ 'freeradius-sysusers.conf'
+ 'freeradius-tmpfiles.conf'
+ 'freeradius.service')
sha512sums=('f4510d8e77eb7c72a21fbfad851f13460ff4b5a35f0b7bea6102076ceb71188a63b277fb7e4fcd9c3033b396b63e1bf0e455cc03608d7ab1380d1662407cb399'
'SKIP'
+
'77908c2f9e7bd526711f6057c827a0fd969dd2c9269df7a88d494112cc68c7f3ceb0fcde3d3c6358a14e4980505c57284787c8981e52856c7fc858d46a95a3dc'
'890005b2129174568a3bf0e8963b683ab15550198b9478cc766c3ddcfd5167296cfce221c7592be354fe7dfe08e82484f826e55fd59b6291e86c8a4f78ca2d96'
'5e196584c725885ae33b70d729729b52852f6a051445be3f9afd831564029820179f606e6c8d8554f8615e2b4b9b8d5203a32b8a81c04d4edfb96a377a213bae'
'833bfd85218898af6f24e9356f1af60ba9e8f08a93fa93aafb53ba9ec49afdf23c7eeb897ac5939c2d7c6958076cbb3fbc0c075b741e4b9be2f70c3fef2014b6')
+prepare() {
+ cd "$srcdir"/freeradius-server-$pkgver
+
+ patch -Np1 < ../openssl-cve.patch
+}
+
build() {
cd "$srcdir"/freeradius-server-$pkgver
Added: openssl-cve.patch
===================================================================
--- openssl-cve.patch (rev 0)
+++ openssl-cve.patch 2018-09-14 19:08:20 UTC (rev 380987)
@@ -0,0 +1,15 @@
+diff --git a/src/main/tls.c b/src/main/tls.c
+index f60fa2dbd0..1545b1a0d2 100644
+--- a/src/main/tls.c
++++ b/src/main/tls.c
+@@ -79,8 +79,8 @@ static libssl_defect_t libssl_defects[] =
+ .comment = "For more information see
https://www.openssl.org/news/secadv/20160926.txt";
+ },
+ {
+- .low = 0x01010100f, /* 1.1.0 */
+- .high = 0x01010100f, /* 1.1.0 */
++ .low = 0x01010000f, /* 1.1.0 */
++ .high = 0x01010000f, /* 1.1.0 */
+ .id = "CVE-2016-6304",
+ .name = "OCSP status request extension",
+ .comment = "For more information see
https://www.openssl.org/news/secadv/20160922.txt";
