File nrpe-CVE-2015-4000.patch of Package nrpe.27675

diff -Nurp nrpe-2.15-orig/configure nrpe-2.15/configure
--- nrpe-2.15-orig/configure	2013-09-06 17:27:13.000000000 +0200
+++ nrpe-2.15/configure	2022-08-08 12:46:25.991998848 +0200
@@ -6745,7 +6745,7 @@ _ACEOF
 				sslbin=$ssldir/bin/openssl
 			fi
 			# awk to strip off meta data at bottom of dhparam output
-			$sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
+			$sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
 		fi
 	fi
 
diff -Nurp nrpe-2.15-orig/configure.in nrpe-2.15/configure.in
--- nrpe-2.15-orig/configure.in	2013-09-06 17:27:13.000000000 +0200
+++ nrpe-2.15/configure.in	2022-08-08 12:47:00.451998562 +0200
@@ -340,7 +340,7 @@ if test x$check_for_ssl = xyes; then
 				sslbin=$ssldir/bin/openssl
 			fi
 			# awk to strip off meta data at bottom of dhparam output
-			$sslbin dhparam -C 512 | awk '/^-----/ {exit} {print}' > include/dh.h
+			$sslbin dhparam -C 2048 | awk '/^-----/ {exit} {print}' > include/dh.h
 		fi
 	fi
 
diff -Nurp nrpe-2.15-orig/include/dh.h nrpe-2.15/include/dh.h
--- nrpe-2.15-orig/include/dh.h	2013-09-06 17:27:13.000000000 +0200
+++ nrpe-2.15/include/dh.h	2022-08-08 12:49:48.903997174 +0200
@@ -1,24 +1,40 @@
 #ifndef HEADER_DH_H
 #include <openssl/dh.h>
 #endif
-DH *get_dh512()
+DH *get_dh2048()
 	{
-	static unsigned char dh512_p[]={
-		0xDA,0xD8,0xF0,0xA2,0x9A,0x64,0xC2,0x9F,0x22,0x9D,0x47,0xA1,
-		0xB2,0xED,0xD6,0x89,0xB5,0x46,0x6D,0x4E,0x1F,0x14,0xF4,0xF4,
-		0xEB,0xCA,0x4D,0x41,0x89,0x60,0x0D,0x1F,0xB3,0x50,0xC4,0x54,
-		0xE1,0x60,0xB5,0xDD,0x57,0x0C,0xF9,0xF5,0x19,0x73,0x6C,0x0C,
-		0x45,0x33,0xA9,0xC1,0xD7,0xF3,0x27,0x68,0xEE,0xDA,0x8C,0x4A,
-		0x1C,0x52,0xA1,0x9B,
+	static unsigned char dh2048_p[]={
+		0xD1,0x87,0xA8,0xD2,0x94,0x37,0x3C,0x17,0xB0,0x50,0x0E,0xBA,
+		0xEB,0xE0,0xCA,0xCD,0x0A,0x2F,0x3F,0x33,0x6B,0x69,0xA4,0x20,
+		0x54,0x14,0x8B,0x6E,0x91,0x07,0x65,0x57,0x0C,0xF9,0xCB,0x7F,
+		0x0A,0x0A,0xCA,0xE2,0xD3,0x07,0xBA,0x08,0x14,0x11,0x36,0xFC,
+		0xFB,0x57,0x90,0xE3,0x95,0x94,0x40,0x11,0x4E,0xC6,0xB2,0xCD,
+		0x63,0x76,0xF7,0xCC,0xD4,0x6B,0xEA,0x65,0x2D,0xBC,0x40,0xEE,
+		0x1B,0x45,0x9C,0x11,0xB1,0xA2,0x7D,0x3B,0x41,0x71,0xE5,0x32,
+		0xAC,0x0C,0x7A,0xFC,0x8F,0x13,0xAF,0xF6,0xC6,0xE8,0xD9,0x48,
+		0x67,0x83,0x3F,0x4F,0xFD,0x90,0x05,0xBA,0x90,0x03,0xDA,0xE8,
+		0xBF,0x88,0x43,0x7A,0xFF,0x87,0xF2,0x66,0x70,0xDA,0x0B,0x10,
+		0xDF,0xD9,0x65,0x95,0x4D,0x0F,0xF4,0x7F,0x9F,0x28,0xED,0x86,
+		0x7B,0x74,0x36,0x1D,0x91,0xE5,0x66,0x9F,0x34,0x1C,0x4B,0x87,
+		0x1F,0xC3,0xF1,0xA9,0xC8,0xA1,0x50,0x2F,0xB4,0xC3,0xB7,0x58,
+		0x4D,0x47,0x58,0xC7,0x0C,0x47,0xA7,0x1A,0x6C,0x00,0x0C,0x40,
+		0xA5,0x0A,0xC1,0xBF,0x00,0x17,0x17,0xF6,0xBC,0x98,0x31,0xEF,
+		0x68,0x0D,0x44,0x11,0x6D,0xCA,0x9E,0x5B,0x13,0xE5,0x54,0x23,
+		0xE3,0x75,0x07,0x98,0xB3,0x1B,0x79,0xEC,0xF4,0x01,0x16,0x2E,
+		0x36,0x44,0x76,0x9A,0xAF,0x8B,0xD8,0xCF,0xA3,0x5C,0xFE,0x96,
+		0x7C,0xB8,0xA0,0xC5,0x9B,0xB8,0x8E,0x9F,0xAA,0x0B,0x37,0xC1,
+		0x1F,0x6A,0xED,0x5A,0x4F,0x86,0x51,0xCA,0xE4,0x0A,0x0F,0x3D,
+		0xE7,0x7B,0x49,0x19,0x70,0xAC,0x04,0x6E,0x6A,0x7A,0x60,0x18,
+		0x4F,0xAC,0x70,0xBF,
 		};
-	static unsigned char dh512_g[]={
-		0x02,
+	static unsigned char dh2048_g[]={
+		0x05,
 		};
 	DH *dh;
 
 	if ((dh=DH_new()) == NULL) return(NULL);
-	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
-	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
 	if ((dh->p == NULL) || (dh->g == NULL))
 		{ DH_free(dh); return(NULL); }
 	return(dh);
diff -Nurp nrpe-2.15-orig/README.SSL nrpe-2.15/README.SSL
--- nrpe-2.15-orig/README.SSL	2013-09-06 17:27:13.000000000 +0200
+++ nrpe-2.15/README.SSL	2022-08-08 12:45:32.399998695 +0200
@@ -14,7 +14,7 @@ program to dynaically create keys on dae
 in the dh.h file in the nrpe src directory. This file was created
 using the command:
 
-openssl dhparam -C 512 
+openssl dhparam -C 2048
 
 which outputs the C code in dh.h. For your own security you can replace
 that file with your own dhparam generated code.
diff -Nurp nrpe-2.15-orig/src/nrpe.c nrpe-2.15/src/nrpe.c
--- nrpe-2.15-orig/src/nrpe.c	2022-08-08 09:57:02.283690039 +0200
+++ nrpe-2.15/src/nrpe.c	2022-08-08 12:50:37.651998377 +0200
@@ -269,7 +269,7 @@ int main(int argc, char **argv){
 
 		/* use anonymous DH ciphers */
 		SSL_CTX_set_cipher_list(ctx,"ADH");
-		dh=get_dh512();
+		dh=get_dh2048();
 		SSL_CTX_set_tmp_dh(ctx,dh);
 		DH_free(dh);
 		if(debug==TRUE)