freeradius-server/freeradius-server-opensslversion.patch
Adam Majer 5d3beec849 Accepting request 453646 from home:adamm:branches:network
- Merge changes from SLE to OpenSUSE (FATE#322416):
  * freeradius-server-radclient-init-error-buffer.patch - make sure
    we initialize error buffer. bsc#911886: radclient error free()
    invalid pointer
  * freeradius-server-opensslversion.patch: remove OpenSSL version
    check and assume we know what we are doing. (bnc#1013311)
  * merge .changes file, mostly.
- do not attempt to detect "vulnerable" OpenSSL versions. SUSE
  security fixes do not necessarily bump version numbers as
  does upstream OpenSSL (bnc#1021375)
- do not generate certificates in %post. End-user needs to do this
  manually.
- keep FreeTDS disabled on SLE12 - we never shipped it enabled
- require OpenSSL 1.0+
- use pkgconfig(systemd) instead of plain systemd as BuildRequires
- don't list manual pages as %doc

- Add upstream keyring
- 2 new modules: rlm_sql_freetds and rlm_eap_fast

OBS-URL: https://build.opensuse.org/request/show/453646
OBS-URL: https://build.opensuse.org/package/show/network/freeradius-server?expand=0&rev=89
2017-02-06 10:58:11 +00:00

47 lines
1.3 KiB
Diff

Author: Adam Majer <adam.majer@suse.de>
Summary: SUSE OpenSSL version scheme does not follow upstream.
Relax, breathe, apply.
Index: freeradius-server-3.0.12/src/main/version.c
===================================================================
--- freeradius-server-3.0.12.orig/src/main/version.c
+++ freeradius-server-3.0.12/src/main/version.c
@@ -50,36 +50,7 @@ static long ssl_built = OPENSSL_VERSION_
*/
int ssl_check_consistency(void)
{
- long ssl_linked;
-
- ssl_linked = SSLeay();
-
- /*
- * Status mismatch always triggers error.
- */
- if ((ssl_linked & 0x0000000f) != (ssl_built & 0x0000000f)) {
- mismatch:
- ERROR("libssl version mismatch. built: %lx linked: %lx",
- (unsigned long) ssl_built,
- (unsigned long) ssl_linked);
-
- return -1;
- }
-
- /*
- * Use the OpenSSH approach and relax fix checks after version
- * 1.0.0 and only allow moving backwards within a patch
- * series.
- */
- if (ssl_built & 0xf0000000) {
- if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000) ||
- (ssl_built & 0x00000ff0) > (ssl_linked & 0x00000ff0)) goto mismatch;
- /*
- * Before 1.0.0 we require the same major minor and fix version
- * and ignore the patch number.
- */
- } else if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000)) goto mismatch;
-
+ // noop, since ABI is compatible for SUSE OpenSSL
return 0;
}