2 files changed, 45 insertions, 0 deletions
diff --git a/meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch b/meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch
new file mode 100644
index 000000000..9e1f5b2ef
--- /dev/null
+++ b/meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch
@@ -0,0 +1,44 @@
+From fecf974b63f72eeb12d3b43522e948ca2bc704d4 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 11 Oct 2018 09:45:52 +0800
+Subject: [PATCH] freeradius: correct version number of libssl defect
+Upstream-Status: Backport [https://github.com/FreeRADIUS/freeradius-server
+                 /commit/ad039347beca4ded297813a1da6eabb61fcf2ddd]
+upstream have refactored this part code into
+src/lib/tls/base.c, and problem also have fixed
+by commit ad039347beca
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/main/tls.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+diff --git a/src/main/tls.c b/src/main/tls.c
+index acbfe79..d9c91f1 100644
+--- a/src/main/tls.c
+++ b/src/main/tls.c
+@@ -72,15 +72,15 @@ typedef struct libssl_defect {
+ static libssl_defect_t libssl_defects[] =
+ {
+        {
+-               .low            = 0x01010101f,          /* 1.1.0a */
+-               .high           = 0x01010101f,          /* 1.1.0a */
+               .low            = 0x01010001f,          /* 1.1.0a */
+               .high           = 0x01010001f,          /* 1.1.0a */
+                .id             = "CVE-2016-6309",
+                .name           = "OCSP status request extension",
+                .comment        = "For more information see https://www.openssl.org/news/secadv/20160926.txt"
+        },
+        {
+-               .low            = 0x01010100f,          /* 1.1.0  */
+-               .high           = 0x01010100f,          /* 1.1.0  */
+               .low            = 0x010100000f,         /* 1.1.0  */
+               .high           = 0x01010000f,          /* 1.1.0  */
+                .id             = "CVE-2016-6304",
+                .name           = "OCSP status request extension",
+                .comment        = "For more information see https://www.openssl.org/news/secadv/20160922.txt"
+-- 
+2.7.4
diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb
index 1b45e780a..c17d56dea 100644
--- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb
+++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb
@@ -29,6 +29,7 @@ SRC_URI = "ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-${PV}.tar.b
    file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \
    file://radiusd.service \
    file://radiusd-volatiles.conf \
+    file://0001-freeradius-correct-version-number-of-libssl-defect.patch \
 "
 SRC_URI[md5sum] = "1f4ad38f32101a7d50d818afa6f17339"
 SRC_URI[sha256sum] = "3f03404b6e4a4f410e1f15ea2ababfec7f8a7ae8a49836d8a0c137436d913b96"

diff --git a/meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch b/meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch new file mode 100644 index 000000000..9e1f5b2ef --- /dev/null +++ b/meta-networking/recipes-connectivity/freeradius/files/0001-freeradius-correct-version-number-of-libssl-defect.patch
@@ -0,0 +1,44 @@
		1	From fecf974b63f72eeb12d3b43522e948ca2bc704d4 Mon Sep 17 00:00:00 2001
		2	From: Changqing Li <changqing.li@windriver.com>
		3	Date: Thu, 11 Oct 2018 09:45:52 +0800
		4	Subject: [PATCH] freeradius: correct version number of libssl defect
		5
		6	Upstream-Status: Backport [https://github.com/FreeRADIUS/freeradius-server
		7	/commit/ad039347beca4ded297813a1da6eabb61fcf2ddd]
		8
		9	upstream have refactored this part code into
		10	src/lib/tls/base.c, and problem also have fixed
		11	by commit ad039347beca
		12
		13	Signed-off-by: Changqing Li <changqing.li@windriver.com>
		14	---
		15	src/main/tls.c \| 8 ++++----
		16	1 file changed, 4 insertions(+), 4 deletions(-)
		17
		18	diff --git a/src/main/tls.c b/src/main/tls.c
		19	index acbfe79..d9c91f1 100644
		20	--- a/src/main/tls.c
		21	+++ b/src/main/tls.c
		22	@@ -72,15 +72,15 @@ typedef struct libssl_defect {
		23	static libssl_defect_t libssl_defects[] =
		24	{
		25	{
		26	- .low = 0x01010101f, /* 1.1.0a */
		27	- .high = 0x01010101f, /* 1.1.0a */
		28	+ .low = 0x01010001f, /* 1.1.0a */
		29	+ .high = 0x01010001f, /* 1.1.0a */
		30	.id = "CVE-2016-6309",
		31	.name = "OCSP status request extension",
		32	.comment = "For more information see https://www.openssl.org/news/secadv/20160926.txt"
		33	},
		34	{
		35	- .low = 0x01010100f, /* 1.1.0 */
		36	- .high = 0x01010100f, /* 1.1.0 */
		37	+ .low = 0x010100000f, /* 1.1.0 */
		38	+ .high = 0x01010000f, /* 1.1.0 */
		39	.id = "CVE-2016-6304",
		40	.name = "OCSP status request extension",
		41	.comment = "For more information see https://www.openssl.org/news/secadv/20160922.txt"
		42	--
		43	2.7.4
		44


diff --git a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb index 1b45e780a..c17d56dea 100644 --- a/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb +++ b/meta-networking/recipes-connectivity/freeradius/freeradius_3.0.17.bb
@@ -29,6 +29,7 @@ SRC_URI = "ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-${PV}.tar.b
29	file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \	29	file://0001-rlm_mschap-Use-includedir-instead-of-hardcoding-usr-.patch \
30	file://radiusd.service \	30	file://radiusd.service \
31	file://radiusd-volatiles.conf \	31	file://radiusd-volatiles.conf \
		32	file://0001-freeradius-correct-version-number-of-libssl-defect.patch \
32	"	33	"
33	SRC_URI[md5sum] = "1f4ad38f32101a7d50d818afa6f17339"	34	SRC_URI[md5sum] = "1f4ad38f32101a7d50d818afa6f17339"
34	SRC_URI[sha256sum] = "3f03404b6e4a4f410e1f15ea2ababfec7f8a7ae8a49836d8a0c137436d913b96"	35	SRC_URI[sha256sum] = "3f03404b6e4a4f410e1f15ea2ababfec7f8a7ae8a49836d8a0c137436d913b96"