[arch-commits] Commit in freeradius/trunk (PKGBUILD openssl-cve.patch)

Christian Hesse eworm at archlinux.org
Fri Sep 14 19:08:20 UTC 2018 

    Date: Friday, September 14, 2018 @ 19:08:20
  Author: eworm
Revision: 380987

upgpkg: freeradius 3.0.17-6

fix version check for openssl vulnerability

Added:
  freeradius/trunk/openssl-cve.patch
Modified:
  freeradius/trunk/PKGBUILD

-------------------+
 PKGBUILD          |   16 ++++++++++++----
 openssl-cve.patch |   15 +++++++++++++++
 2 files changed, 27 insertions(+), 4 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2018-09-14 18:37:23 UTC (rev 380986)
+++ PKGBUILD	2018-09-14 19:08:20 UTC (rev 380987)
@@ -4,7 +4,7 @@
 
 pkgname=freeradius
 pkgver=3.0.17
-pkgrel=5
+pkgrel=6
 pkgdesc='The premier open source RADIUS server'
 arch=('x86_64')
 url="https://freeradius.org/"
@@ -19,15 +19,23 @@
 options=('!makeflags')
 validpgpkeys=('BF2384EC6938B9744B03E2A620E37C25995B4F85') # FreeRADIUS - Package Signing [...] <packages at freeradius.org>
 source=("ftp://ftp.freeradius.org/pub/radius/freeradius-server-$pkgver.tar.bz2"{,.sig}
-	'freeradius-sysusers.conf'
-	'freeradius-tmpfiles.conf'
-	'freeradius.service')
+        'openssl-cve.patch'
+        'freeradius-sysusers.conf'
+        'freeradius-tmpfiles.conf'
+        'freeradius.service')
 sha512sums=('f4510d8e77eb7c72a21fbfad851f13460ff4b5a35f0b7bea6102076ceb71188a63b277fb7e4fcd9c3033b396b63e1bf0e455cc03608d7ab1380d1662407cb399'
             'SKIP'
+            '77908c2f9e7bd526711f6057c827a0fd969dd2c9269df7a88d494112cc68c7f3ceb0fcde3d3c6358a14e4980505c57284787c8981e52856c7fc858d46a95a3dc'
             '890005b2129174568a3bf0e8963b683ab15550198b9478cc766c3ddcfd5167296cfce221c7592be354fe7dfe08e82484f826e55fd59b6291e86c8a4f78ca2d96'
             '5e196584c725885ae33b70d729729b52852f6a051445be3f9afd831564029820179f606e6c8d8554f8615e2b4b9b8d5203a32b8a81c04d4edfb96a377a213bae'
             '833bfd85218898af6f24e9356f1af60ba9e8f08a93fa93aafb53ba9ec49afdf23c7eeb897ac5939c2d7c6958076cbb3fbc0c075b741e4b9be2f70c3fef2014b6')
 
+prepare() {
+  cd "$srcdir"/freeradius-server-$pkgver
+
+  patch -Np1 < ../openssl-cve.patch
+}
+
 build() {
   cd "$srcdir"/freeradius-server-$pkgver
 

Added: openssl-cve.patch
===================================================================
--- openssl-cve.patch	                        (rev 0)
+++ openssl-cve.patch	2018-09-14 19:08:20 UTC (rev 380987)
@@ -0,0 +1,15 @@
+diff --git a/src/main/tls.c b/src/main/tls.c
+index f60fa2dbd0..1545b1a0d2 100644
+--- a/src/main/tls.c
++++ b/src/main/tls.c
+@@ -79,8 +79,8 @@ static libssl_defect_t libssl_defects[] =
+ 		.comment	= "For more information see https://www.openssl.org/news/secadv/20160926.txt"
+ 	},
+ 	{
+-		.low		= 0x01010100f,		/* 1.1.0  */
+-		.high		= 0x01010100f,		/* 1.1.0  */
++		.low		= 0x01010000f,		/* 1.1.0  */
++		.high		= 0x01010000f,		/* 1.1.0  */
+ 		.id		= "CVE-2016-6304",
+ 		.name		= "OCSP status request extension",
+ 		.comment	= "For more information see https://www.openssl.org/news/secadv/20160922.txt"

More information about the arch-commits mailing list