Browse Source

freeradius2: bump to version 2.2.6

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
lilik-openwrt-22.03
Daniel Golle 10 years ago
parent
commit
ec6f0ffe30
3 changed files with 4 additions and 66 deletions
  1. +3
    -3
      net/freeradius2/Makefile
  2. +1
    -1
      net/freeradius2/patches/010-disbale-openssl-check.patch
  3. +0
    -62
      net/freeradius2/patches/011-upstram-relax-ssl-version-checks.patch

+ 3
- 3
net/freeradius2/Makefile View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=freeradius2 PKG_NAME:=freeradius2
PKG_VERSION:=2.2.5
PKG_RELEASE:=2
PKG_VERSION:=2.2.6
PKG_RELEASE:=1
PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=freeradius-server-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=ftp://ftp.freeradius.org/pub/freeradius/ PKG_SOURCE_URL:=ftp://ftp.freeradius.org/pub/freeradius/
PKG_MD5SUM:=40535bace507d7a3134c3d858f3cbc5a
PKG_MD5SUM:=e9a6f9bbee9706b008b924061ab3f915
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org> PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>
PKG_LICENSE:=GPL-2.0 PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYRIGHT LICENSE PKG_LICENSE_FILES:=COPYRIGHT LICENSE


+ 1
- 1
net/freeradius2/patches/010-disbale-openssl-check.patch View File

@ -1,6 +1,6 @@
--- a/configure.in --- a/configure.in
+++ b/configure.in +++ b/configure.in
@@ -832,35 +832,6 @@ if test "x$WITH_OPENSSL" = xyes; then
@@ -796,35 +796,6 @@ if test "x$WITH_OPENSSL" = xyes; then
OPENSSL_INCLUDE="-DOPENSSL_NO_KRB5" OPENSSL_INCLUDE="-DOPENSSL_NO_KRB5"
fi fi


+ 0
- 62
net/freeradius2/patches/011-upstram-relax-ssl-version-checks.patch View File

@ -1,62 +0,0 @@
From 5ae2a70a135062a025d8fabc104eeae3a2c53a7a Mon Sep 17 00:00:00 2001
From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Tue, 17 Jun 2014 10:09:24 +0100
Subject: [PATCH] Relax libssl checks
---
src/main/version.c | 35 ++++++++++++++++++++++++++++-------
1 file changed, 28 insertions(+), 7 deletions(-)
--- a/src/main/version.c
+++ b/src/main/version.c
@@ -34,7 +34,12 @@ RCSID("$Id: af82d4126a65d94929c22f44da2b
static long ssl_built = OPENSSL_VERSION_NUMBER;
-/** Check build and linked versions of OpenSSL match
+/** Check built and linked versions of OpenSSL match
+ *
+ * OpenSSL version number consists of:
+ * MMNNFFPPS: major minor fix patch status
+ *
+ * Where status >= 0 && < 10 means beta, and status 10 means release.
*
* Startup check for whether the linked version of OpenSSL matches the
* version the server was built against.
@@ -54,14 +59,30 @@ int ssl_check_version(int allow_vulnerab
ssl_linked = SSLeay();
- if (ssl_linked != ssl_built) {
- radlog(L_ERR, "libssl version mismatch."
- " Built with: %lx\n Linked: %lx",
- (unsigned long) ssl_built,
- (unsigned long) ssl_linked);
+ /*
+ * Status mismatch always triggers error.
+ */
+ if ((ssl_linked & 0x00000000f) != (ssl_built & 0x00000000f)) {
+ mismatch:
+ radlog(L_ERR, "libssl version mismatch. built: %lx linked: %lx",
+ (unsigned long) ssl_built, (unsigned long) ssl_linked);
return -1;
- };
+ }
+
+ /*
+ * Use the OpenSSH approach and relax fix checks after version
+ * 1.0.0 and only allow moving backwards within a patch
+ * series.
+ */
+ if (ssl_built & 0xff) {
+ if ((ssl_built & 0xffff) != (ssl_linked & 0xffff) ||
+ (ssl_built & 0x0000ff) > (ssl_linked & 0x0000ff)) goto mismatch;
+ /*
+ * Before 1.0.0 we require the same major minor and fix version
+ * and ignore the patch number.
+ */
+ } else if ((ssl_built & 0xffffff) != (ssl_linked & 0xffffff)) goto mismatch;
if (!allow_vulnerable) {
/* Check for bad versions */

Loading…
Cancel
Save