From ec6f0ffe301d20b036f64333ee0a65cae2289c98 Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Thu, 27 Nov 2014 13:43:11 +0100 Subject: [PATCH] freeradius2: bump to version 2.2.6 Signed-off-by: Daniel Golle --- net/freeradius2/Makefile | 6 +- .../patches/010-disbale-openssl-check.patch | 2 +- ...011-upstram-relax-ssl-version-checks.patch | 62 ------------------- 3 files changed, 4 insertions(+), 66 deletions(-) delete mode 100644 net/freeradius2/patches/011-upstram-relax-ssl-version-checks.patch diff --git a/net/freeradius2/Makefile b/net/freeradius2/Makefile index cbb69d1ff..1f1d86dce 100644 --- a/net/freeradius2/Makefile +++ b/net/freeradius2/Makefile @@ -8,12 +8,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=freeradius2 -PKG_VERSION:=2.2.5 -PKG_RELEASE:=2 +PKG_VERSION:=2.2.6 +PKG_RELEASE:=1 PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=ftp://ftp.freeradius.org/pub/freeradius/ -PKG_MD5SUM:=40535bace507d7a3134c3d858f3cbc5a +PKG_MD5SUM:=e9a6f9bbee9706b008b924061ab3f915 PKG_MAINTAINER:=Daniel Golle PKG_LICENSE:=GPL-2.0 PKG_LICENSE_FILES:=COPYRIGHT LICENSE diff --git a/net/freeradius2/patches/010-disbale-openssl-check.patch b/net/freeradius2/patches/010-disbale-openssl-check.patch index 4bf225276..c254912d4 100644 --- a/net/freeradius2/patches/010-disbale-openssl-check.patch +++ b/net/freeradius2/patches/010-disbale-openssl-check.patch @@ -1,6 +1,6 @@ --- a/configure.in +++ b/configure.in -@@ -832,35 +832,6 @@ if test "x$WITH_OPENSSL" = xyes; then +@@ -796,35 +796,6 @@ if test "x$WITH_OPENSSL" = xyes; then OPENSSL_INCLUDE="-DOPENSSL_NO_KRB5" fi diff --git a/net/freeradius2/patches/011-upstram-relax-ssl-version-checks.patch b/net/freeradius2/patches/011-upstram-relax-ssl-version-checks.patch deleted file mode 100644 index 2b11d2d4e..000000000 --- a/net/freeradius2/patches/011-upstram-relax-ssl-version-checks.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 5ae2a70a135062a025d8fabc104eeae3a2c53a7a Mon Sep 17 00:00:00 2001 -From: Arran Cudbard-Bell -Date: Tue, 17 Jun 2014 10:09:24 +0100 -Subject: [PATCH] Relax libssl checks - ---- - src/main/version.c | 35 ++++++++++++++++++++++++++++------- - 1 file changed, 28 insertions(+), 7 deletions(-) - ---- a/src/main/version.c -+++ b/src/main/version.c -@@ -34,7 +34,12 @@ RCSID("$Id: af82d4126a65d94929c22f44da2b - - static long ssl_built = OPENSSL_VERSION_NUMBER; - --/** Check build and linked versions of OpenSSL match -+/** Check built and linked versions of OpenSSL match -+ * -+ * OpenSSL version number consists of: -+ * MMNNFFPPS: major minor fix patch status -+ * -+ * Where status >= 0 && < 10 means beta, and status 10 means release. - * - * Startup check for whether the linked version of OpenSSL matches the - * version the server was built against. -@@ -54,14 +59,30 @@ int ssl_check_version(int allow_vulnerab - - ssl_linked = SSLeay(); - -- if (ssl_linked != ssl_built) { -- radlog(L_ERR, "libssl version mismatch." -- " Built with: %lx\n Linked: %lx", -- (unsigned long) ssl_built, -- (unsigned long) ssl_linked); -+ /* -+ * Status mismatch always triggers error. -+ */ -+ if ((ssl_linked & 0x00000000f) != (ssl_built & 0x00000000f)) { -+ mismatch: -+ radlog(L_ERR, "libssl version mismatch. built: %lx linked: %lx", -+ (unsigned long) ssl_built, (unsigned long) ssl_linked); - - return -1; -- }; -+ } -+ -+ /* -+ * Use the OpenSSH approach and relax fix checks after version -+ * 1.0.0 and only allow moving backwards within a patch -+ * series. -+ */ -+ if (ssl_built & 0xff) { -+ if ((ssl_built & 0xffff) != (ssl_linked & 0xffff) || -+ (ssl_built & 0x0000ff) > (ssl_linked & 0x0000ff)) goto mismatch; -+ /* -+ * Before 1.0.0 we require the same major minor and fix version -+ * and ignore the patch number. -+ */ -+ } else if ((ssl_built & 0xffffff) != (ssl_linked & 0xffffff)) goto mismatch; - - if (!allow_vulnerable) { - /* Check for bad versions */