Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
nrpe
nrpe-CVE-2015-4000.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nrpe-CVE-2015-4000.patch of Package nrpe
diff -Nurp nrpe-2.15-orig/configure nrpe-2.15/configure --- nrpe-2.15-orig/configure 2013-09-06 17:27:13.000000000 +0200 +++ nrpe-2.15/configure 2022-08-08 12:46:25.991998848 +0200 @@ -6745,7 +6745,7 @@ _ACEOF sslbin=$ssldir/bin/openssl fi # awk to strip off meta data at bottom of dhparam output - $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h + $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h fi fi diff -Nurp nrpe-2.15-orig/configure.in nrpe-2.15/configure.in --- nrpe-2.15-orig/configure.in 2013-09-06 17:27:13.000000000 +0200 +++ nrpe-2.15/configure.in 2022-08-08 12:47:00.451998562 +0200 @@ -340,7 +340,7 @@ if test x$check_for_ssl = xyes; then sslbin=$ssldir/bin/openssl fi # awk to strip off meta data at bottom of dhparam output - $sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h + $sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h fi fi diff -Nurp nrpe-2.15-orig/include/dh.h nrpe-2.15/include/dh.h --- nrpe-2.15-orig/include/dh.h 2013-09-06 17:27:13.000000000 +0200 +++ nrpe-2.15/include/dh.h 2022-08-08 12:49:48.903997174 +0200 @@ -1,24 +1,40 @@ #ifndef HEADER_DH_H #include <openssl/dh.h> #endif -DH *get_dh512() +DH *get_dh2048() { - static unsigned char dh512_p[]={ - 0xDA,0xD8,0xF0,0xA2,0x9A,0x64,0xC2,0x9F,0x22,0x9D,0x47,0xA1, - 0xB2,0xED,0xD6,0x89,0xB5,0x46,0x6D,0x4E,0x1F,0x14,0xF4,0xF4, - 0xEB,0xCA,0x4D,0x41,0x89,0x60,0x0D,0x1F,0xB3,0x50,0xC4,0x54, - 0xE1,0x60,0xB5,0xDD,0x57,0x0C,0xF9,0xF5,0x19,0x73,0x6C,0x0C, - 0x45,0x33,0xA9,0xC1,0xD7,0xF3,0x27,0x68,0xEE,0xDA,0x8C,0x4A, - 0x1C,0x52,0xA1,0x9B, + static unsigned char dh2048_p[]={ + 0xD1,0x87,0xA8,0xD2,0x94,0x37,0x3C,0x17,0xB0,0x50,0x0E,0xBA, + 0xEB,0xE0,0xCA,0xCD,0x0A,0x2F,0x3F,0x33,0x6B,0x69,0xA4,0x20, + 0x54,0x14,0x8B,0x6E,0x91,0x07,0x65,0x57,0x0C,0xF9,0xCB,0x7F, + 0x0A,0x0A,0xCA,0xE2,0xD3,0x07,0xBA,0x08,0x14,0x11,0x36,0xFC, + 0xFB,0x57,0x90,0xE3,0x95,0x94,0x40,0x11,0x4E,0xC6,0xB2,0xCD, + 0x63,0x76,0xF7,0xCC,0xD4,0x6B,0xEA,0x65,0x2D,0xBC,0x40,0xEE, + 0x1B,0x45,0x9C,0x11,0xB1,0xA2,0x7D,0x3B,0x41,0x71,0xE5,0x32, + 0xAC,0x0C,0x7A,0xFC,0x8F,0x13,0xAF,0xF6,0xC6,0xE8,0xD9,0x48, + 0x67,0x83,0x3F,0x4F,0xFD,0x90,0x05,0xBA,0x90,0x03,0xDA,0xE8, + 0xBF,0x88,0x43,0x7A,0xFF,0x87,0xF2,0x66,0x70,0xDA,0x0B,0x10, + 0xDF,0xD9,0x65,0x95,0x4D,0x0F,0xF4,0x7F,0x9F,0x28,0xED,0x86, + 0x7B,0x74,0x36,0x1D,0x91,0xE5,0x66,0x9F,0x34,0x1C,0x4B,0x87, + 0x1F,0xC3,0xF1,0xA9,0xC8,0xA1,0x50,0x2F,0xB4,0xC3,0xB7,0x58, + 0x4D,0x47,0x58,0xC7,0x0C,0x47,0xA7,0x1A,0x6C,0x00,0x0C,0x40, + 0xA5,0x0A,0xC1,0xBF,0x00,0x17,0x17,0xF6,0xBC,0x98,0x31,0xEF, + 0x68,0x0D,0x44,0x11,0x6D,0xCA,0x9E,0x5B,0x13,0xE5,0x54,0x23, + 0xE3,0x75,0x07,0x98,0xB3,0x1B,0x79,0xEC,0xF4,0x01,0x16,0x2E, + 0x36,0x44,0x76,0x9A,0xAF,0x8B,0xD8,0xCF,0xA3,0x5C,0xFE,0x96, + 0x7C,0xB8,0xA0,0xC5,0x9B,0xB8,0x8E,0x9F,0xAA,0x0B,0x37,0xC1, + 0x1F,0x6A,0xED,0x5A,0x4F,0x86,0x51,0xCA,0xE4,0x0A,0x0F,0x3D, + 0xE7,0x7B,0x49,0x19,0x70,0xAC,0x04,0x6E,0x6A,0x7A,0x60,0x18, + 0x4F,0xAC,0x70,0xBF, }; - static unsigned char dh512_g[]={ - 0x02, + static unsigned char dh2048_g[]={ + 0x05, }; DH *dh; if ((dh=DH_new()) == NULL) return(NULL); - dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); - dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); + dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); + dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); if ((dh->p == NULL) || (dh->g == NULL)) { DH_free(dh); return(NULL); } return(dh); diff -Nurp nrpe-2.15-orig/README.SSL nrpe-2.15/README.SSL --- nrpe-2.15-orig/README.SSL 2013-09-06 17:27:13.000000000 +0200 +++ nrpe-2.15/README.SSL 2022-08-08 12:45:32.399998695 +0200 @@ -14,7 +14,7 @@ program to dynaically create keys on dae in the dh.h file in the nrpe src directory. This file was created using the command: -openssl dhparam -C 512 +openssl dhparam -C 2048 which outputs the C code in dh.h. For your own security you can replace that file with your own dhparam generated code. diff -Nurp nrpe-2.15-orig/src/nrpe.c nrpe-2.15/src/nrpe.c --- nrpe-2.15-orig/src/nrpe.c 2022-08-08 09:57:02.283690039 +0200 +++ nrpe-2.15/src/nrpe.c 2022-08-08 12:50:37.651998377 +0200 @@ -269,7 +269,7 @@ int main(int argc, char **argv){ /* use anonymous DH ciphers */ SSL_CTX_set_cipher_list(ctx,"ADH"); - dh=get_dh512(); + dh=get_dh2048(); SSL_CTX_set_tmp_dh(ctx,dh); DH_free(dh); if(debug==TRUE)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor