From 7376f7d206cc50c1292e369caec4d008d208496e Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Thu, 16 Oct 2014 19:07:32 +0200 Subject: [PATCH 1/1] fix openssl version check issue --- PKGBUILD | 8 ++- fix-openssl-version-check-issue.patch | 131 ++++++++++++++++++++++++++++++++++ 2 files changed, 138 insertions(+), 1 deletion(-) create mode 100644 fix-openssl-version-check-issue.patch diff --git a/PKGBUILD b/PKGBUILD index c22b670..8fe5e5c 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -5,7 +5,7 @@ pkgname=freeradius pkgver=3.0.4 -pkgrel=1 +pkgrel=2 pkgdesc="The premier open source RADIUS server" arch=('i686' 'x86_64') url="http://www.freeradius.org/" @@ -18,15 +18,21 @@ optdepends=('unixodbc: for ODBC' options=('!makeflags') install=$pkgname.install source=("ftp://ftp.freeradius.org/pub/radius/freeradius-server-$pkgver.tar.bz2"{,.sig} + fix-openssl-version-check-issue.patch freeradius.tmpfiles freeradius.service) md5sums=('5457f10d006767e77541b87049f0a7d2' 'SKIP' + '1adcd94e99707990630d9e33f2bb0b4e' 'f959e89812bedfc9f8308076f78cd74e' 'e3f18e3a25df3b692e59f60605354708') build() { cd $srcdir/freeradius-server-$pkgver + + # fix openssl version check issue + patch -Np1 < "${srcdir}/fix-openssl-version-check-issue.patch" + ./configure --with-system-libtool --with-system-libltdl \ --prefix=/usr --enable-heimdal-krb5 \ --localstatedir=/var \ diff --git a/fix-openssl-version-check-issue.patch b/fix-openssl-version-check-issue.patch new file mode 100644 index 0000000..a668e95 --- /dev/null +++ b/fix-openssl-version-check-issue.patch @@ -0,0 +1,131 @@ +From 6d296f2c4f3c58742543cc0508642c6d06747aea Mon Sep 17 00:00:00 2001 +From: Arran Cudbard-Bell +Date: Thu, 16 Oct 2014 11:16:57 -0400 +Subject: [PATCH] Fix OpenSSL version check issues + +--- + src/include/radiusd.h | 4 ++-- + src/main/version.c | 40 ++++++++++++++++++++-------------------- + 2 files changed, 22 insertions(+), 22 deletions(-) + +diff --git a/src/include/radiusd.h b/src/include/radiusd.h +index 53a1f3e..1bf15d7 100644 +--- a/src/include/radiusd.h ++++ b/src/include/radiusd.h +@@ -598,8 +598,8 @@ void pairlist_free(PAIR_LIST **); + /* version.c */ + int rad_check_lib_magic(uint64_t magic); + int ssl_check_consistency(void); +-char const *ssl_version_by_num(uint64_t version); +-char const *ssl_version_range(uint64_t low, uint64_t high); ++char const *ssl_version_by_num(uint32_t version); ++char const *ssl_version_range(uint32_t low, uint32_t high); + char const *ssl_version(void); + void version(void); + +diff --git a/src/main/version.c b/src/main/version.c +index 8b56ffa..fd97970 100644 +--- a/src/main/version.c ++++ b/src/main/version.c +@@ -38,7 +38,7 @@ static long ssl_built = OPENSSL_VERSION_NUMBER; + /** Check built and linked versions of OpenSSL match + * + * OpenSSL version number consists of: +- * MMNNFFPPS: major minor fix patch status ++ * MNNFFPPS: major minor fix patch status + * + * Where status >= 0 && < 10 means beta, and status 10 means release. + * +@@ -56,11 +56,11 @@ int ssl_check_consistency(void) + /* + * Status mismatch always triggers error. + */ +- if ((ssl_linked & 0x00000000f) != (ssl_built & 0x00000000f)) { ++ if ((ssl_linked & 0x0000000f) != (ssl_built & 0x0000000f)) { + mismatch: + ERROR("libssl version mismatch. built: %lx linked: %lx", +- (unsigned long) ssl_built, +- (unsigned long) ssl_linked); ++ (unsigned long) ssl_built, ++ (unsigned long) ssl_linked); + + return -1; + } +@@ -70,14 +70,14 @@ int ssl_check_consistency(void) + * 1.0.0 and only allow moving backwards within a patch + * series. + */ +- if (ssl_built & 0xff) { +- if ((ssl_built & 0xffff) != (ssl_linked & 0xffff) || +- (ssl_built & 0x0000ff) > (ssl_linked & 0x0000ff)) goto mismatch; ++ if (ssl_built & 0xf00000000) { ++ if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000) || ++ (ssl_built & 0x00000ff0) > (ssl_linked & 0x00000ff0)) goto mismatch; + /* + * Before 1.0.0 we require the same major minor and fix version + * and ignore the patch number. + */ +- } else if ((ssl_built & 0xffffff) != (ssl_linked & 0xffffff)) goto mismatch; ++ } else if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000)) goto mismatch; + + return 0; + } +@@ -89,22 +89,22 @@ int ssl_check_consistency(void) + * @param v version to convert. + * @return pointer to a static buffer containing the version string. + */ +-char const *ssl_version_by_num(uint64_t v) ++char const *ssl_version_by_num(uint32_t v) + { + /* 2 (%s) + 1 (.) + 2 (%i) + 1 (.) + 2 (%i) + 1 (c) + 1 (-) + 2 (%i) + \0 */ + static char buffer[13]; + char *p = buffer; + +- p += sprintf(p, "%i.%i.%i", +- (int) ((0xff0000000 & v) >> 28), +- (int) ((0x00ff00000 & v) >> 20), +- (int) ((0x0000ff000 & v) >> 12)); ++ p += sprintf(p, "%u.%u.%u", ++ (0xf0000000 & v) >> 28, ++ (0x0ff00000 & v) >> 20, ++ (0x000ff000 & v) >> 12); + +- if ((0x000000ff0 & v) >> 4) { +- *p++ = (char) (0x60 + ((0x000000ff0 & v) >> 4)); ++ if ((0x00000ff0 & v) >> 4) { ++ *p++ = (char) (0x60 + ((0x00000ff0 & v) >> 4)); + } + +- sprintf(p, "-%i", (int) (0x00000000f & v)); ++ sprintf(p, "%x", 0x0000000f & v); + + return buffer; + } +@@ -117,7 +117,7 @@ char const *ssl_version_by_num(uint64_t v) + * @param high version to convert. + * @return pointer to a static buffer containing the version range string. + */ +-char const *ssl_version_range(uint64_t low, uint64_t high) ++char const *ssl_version_range(uint32_t low, uint32_t high) + { + /* 12 (version) + 3 ( - ) + 12 (version) */ + static char buffer[28]; +@@ -141,12 +141,12 @@ char const *ssl_version(void) + { + static char buffer[256]; + +- uint64_t v = (uint64_t) SSLeay(); ++ uint32_t v = SSLeay(); + +- snprintf(buffer, sizeof(buffer), "%s 0x%.9" PRIx64 " (%s)", ++ snprintf(buffer, sizeof(buffer), "%s 0x%.8x (%s)", + SSLeay_version(SSLEAY_VERSION), /* Not all builds include a useful version number */ + v, +- ssl_version_by_num((uint64_t) v)); ++ ssl_version_by_num(v)); + + return buffer; + } +-- +2.1.2 + -- 2.1.2