D37058.diff
No OneTemporary
Actions

Size

10 KB

Referenced Files

None

Subscribers

None

D37058.diff
View Options

	Index: net/freeradius3/Makefile
	===================================================================
	--- net/freeradius3/Makefile
	+++ net/freeradius3/Makefile
	@@ -1,5 +1,3 @@
	-# Created by: Ryan Steinmetz <zi@FreeBSD.org>
	-
	PORTNAME= freeradius
	DISTVERSION= 3.2.1
	CATEGORIES= net
	@@ -17,10 +15,6 @@

	LICENSE= GPLv2

	-BROKEN_SSL= libressl libressl-devel
	-BROKEN_SSL_REASON_libressl= LibreSSL is no longer supported
	-BROKEN_SSL_REASON_libressl-devel= ${BROKEN_SSL_REASON_libressl}
	-
	LIB_DEPENDS= libgdbm.so:databases/gdbm \
	libtalloc.so:devel/talloc

	Index: net/freeradius3/files/patch-src__main__version.c
	===================================================================
	--- net/freeradius3/files/patch-src__main__version.c
	+++ net/freeradius3/files/patch-src__main__version.c
	@@ -1,6 +1,6 @@
	---- src/main/version.c.orig 2014-12-17 21:49:16 UTC
	+--- src/main/version.c.orig 2022-10-03 21:51:59 UTC
	+++ src/main/version.c
	-@@ -61,8 +61,7 @@ int ssl_check_consistency(void)
	+@@ -82,8 +82,7 @@ int ssl_check_consistency(void)
	ERROR("libssl version mismatch. built: %lx linked: %lx",
	(unsigned long) ssl_built,
	(unsigned long) ssl_linked);
	Index: net/freeradius3/files/patch-src_main_cb.c
	===================================================================
	--- /dev/null
	+++ net/freeradius3/files/patch-src_main_cb.c
	@@ -0,0 +1,20 @@
	+--- src/main/cb.c.orig 2022-10-03 21:51:59 UTC
	++++ src/main/cb.c
	+@@ -64,7 +64,7 @@ void cbtls_info(SSL const *s, int where, int ret)
	+ /*
	+ * After a ClientHello, list all the proposed ciphers from the client
	+ */
	+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
	+ if (SSL_get_state(s) == TLS_ST_SR_CLNT_HELLO) {
	+ int i;
	+ int num_ciphers;
	+@@ -201,7 +201,7 @@ void cbtls_msg(int write_p, int msg_version, int conte
	+ state->info.alert_level = 0x00;
	+ state->info.alert_description = 0x00;
	+
	+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
	++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
	+ } else if (content_type == SSL3_RT_INNER_CONTENT_TYPE && buf[0] == SSL3_RT_APPLICATION_DATA) {
	+ /* let tls_ack_handler set application_data */
	+ state->info.content_type = SSL3_RT_HANDSHAKE;
	Index: net/freeradius3/files/patch-src_main_threads.c
	===================================================================
	--- /dev/null
	+++ net/freeradius3/files/patch-src_main_threads.c
	@@ -0,0 +1,11 @@
	+--- src/main/threads.c.orig 2022-10-18 11:09:43 UTC
	++++ src/main/threads.c
	+@@ -860,7 +860,7 @@ static void request_handler_thread(void arg)
	+ */
	+ #if OPENSSL_VERSION_NUMBER < 0x10000000L
	+ ERR_remove_state(0);
	+-#elif OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
	++#elif OPENSSL_VERSION_NUMBER < 0x10100000L
	+ ERR_remove_thread_state(NULL);
	+ #endif
	+ #endif
	Index: net/freeradius3/files/patch-src_main_tls.c
	===================================================================
	--- /dev/null
	+++ net/freeradius3/files/patch-src_main_tls.c
	@@ -0,0 +1,125 @@
	+--- src/main/tls.c.orig 2022-10-03 21:51:59 UTC
	++++ src/main/tls.c
	+@@ -688,7 +688,7 @@ tls_session_t tls_new_session(TALLOC_CTX ctx, fr_tls
	+ /*
	+ * Swap empty store with the old one.
	+ */
	+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
	++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	+ conf->old_x509_store = SSL_CTX_get_cert_store(conf->ctx);
	+ /* Bump refcnt so the store is kept allocated till next store replacement */
	+ X509_STORE_up_ref(conf->old_x509_store);
	+@@ -2034,7 +2034,7 @@ done:
	+ return 0;
	+ }
	+
	+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
	+ static SSL_SESSION cbtls_get_session(SSL ssl, unsigned char data, int len, int copy)
	+ #else
	+ static SSL_SESSION cbtls_get_session(SSL ssl, const unsigned char data, int len, int copy)
	+@@ -2418,7 +2418,7 @@ static int cbtls_cache_refresh(SSL ssl, SSL_SESSION
	+ return 0;
	+ }
	+
	+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
	+ static SSL_SESSION cbtls_cache_load(SSL ssl, unsigned char data, int len, int copy)
	+ #else
	+ static SSL_SESSION cbtls_cache_load(SSL ssl, const unsigned char data, int len, int copy)
	+@@ -2954,7 +2954,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
	+ char cn_str[1024];
	+ char buf[64];
	+ X509 *client_cert;
	+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
	++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	+ const STACK_OF(X509_EXTENSION) *ext_list;
	+ #else
	+ STACK_OF(X509_EXTENSION) *ext_list;
	+@@ -3182,7 +3182,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
	+ }
	+
	+ if (lookup == 0) {
	+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
	++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	+ ext_list = X509_get0_extensions(client_cert);
	+ #else
	+ X509_CINF *client_inf;
	+@@ -3235,7 +3235,7 @@ int cbtls_verify(int ok, X509_STORE_CTX *ctx)
	+ value[0] = '0';
	+ value[1] = 'x';
	+ const unsigned char *srcp;
	+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
	++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	+ const ASN1_STRING *srcasn1p;
	+ srcasn1p = X509_EXTENSION_get_data(ext);
	+ srcp = ASN1_STRING_get0_data(srcasn1p);
	+@@ -3559,7 +3559,7 @@ static int set_ecdh_curve(SSL_CTX ctx, char const ec
	+
	+ if (!ecdh_curve) return 0;
	+
	+-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
	++#if OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(LIBRESSL_VERSION_NUMBER)
	+ /*
	+ * A colon-separated list of curves.
	+ */
	+@@ -3716,7 +3716,7 @@ void tls_global_cleanup(void)
	+ {
	+ #if OPENSSL_VERSION_NUMBER < 0x10000000L
	+ ERR_remove_state(0);
	+-#elif OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
	++#elif OPENSSL_VERSION_NUMBER < 0x10100000L
	+ ERR_remove_thread_state(NULL);
	+ #endif
	+ #ifndef OPENSSL_NO_ENGINE
	+@@ -4253,7 +4253,7 @@ post_ca:
	+ }
	+ }
	+
	+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
	++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
	+ if (conf->sigalgs_list) {
	+ char *list;
	+
	+@@ -4273,7 +4273,7 @@ post_ca:
	+ * send it flowers and cake.
	+ */
	+ if (min_version <= TLS1_1_VERSION) {
	+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L
	++#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
	+ int seclevel = SSL_CTX_get_security_level(ctx);
	+ int required;;
	+
	+@@ -4490,7 +4490,6 @@ post_ca:
	+ SSL_CTX_set_verify_depth(ctx, conf->verify_depth);
	+ }
	+
	+-#ifndef LIBRESSL_VERSION_NUMBER
	+ /* Load randomness */
	+ if (conf->random_file) {
	+ if (!(RAND_load_file(conf->random_file, 1024*10))) {
	+@@ -4498,7 +4497,6 @@ post_ca:
	+ return NULL;
	+ }
	+ }
	+-#endif
	+
	+ /*
	+ * Setup session caching
	+@@ -4535,14 +4533,14 @@ post_ca:
	+ */
	+ SSL_CTX_sess_set_cache_size(ctx, conf->session_cache_size);
	+
	+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
	++#if OPENSSL_VERSION_NUMBER >= 0x10101000L
	+ SSL_CTX_set_num_tickets(ctx, 1);
	+ #endif
	+
	+ } else {
	+ SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
	+
	+-#if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
	++#if OPENSSL_VERSION_NUMBER >= 0x10101000L
	+ /*
	+ * This controls the number of stateful or stateless tickets
	+ * generated with TLS 1.3. In OpenSSL 1.1.1 it's also
	Index: net/freeradius3/files/patch-src_modules_rlm__eap_types_rlm__eap__fast_eap__fast.c
	===================================================================
	--- /dev/null
	+++ net/freeradius3/files/patch-src_modules_rlm__eap_types_rlm__eap__fast_eap__fast.c
	@@ -0,0 +1,11 @@
	+--- src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c.orig 2022-10-18 11:10:14 UTC
	++++ src/modules/rlm_eap/types/rlm_eap_fast/eap_fast.c
	+@@ -44,7 +44,7 @@ static int openssl_get_keyblock_size(REQUEST *request,
	+ {
	+ const EVP_CIPHER *c;
	+ const EVP_MD *h;
	+-#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
	+ int md_size;
	+
	+ if (ssl->enc_read_ctx == NULL \|\| ssl->enc_read_ctx->cipher == NULL \|\|
	Index: net/freeradius3/files/patch-src_modules_rlm__eap_types_rlm__eap__fast_rlm__eap__fast.c
	===================================================================
	--- /dev/null
	+++ net/freeradius3/files/patch-src_modules_rlm__eap_types_rlm__eap__fast_rlm__eap__fast.c
	@@ -0,0 +1,29 @@
	+--- src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c.orig 2022-10-03 21:51:59 UTC
	++++ src/modules/rlm_eap/types/rlm_eap_fast/rlm_eap_fast.c
	+@@ -200,7 +200,7 @@ static void eap_fast_session_ticket(tls_session_t *tls
	+ }
	+
	+ // hostap:src/crypto/tls_openssl.c:tls_sess_sec_cb()
	+-#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
	+ static int _session_secret(SSL s, void secret, int *secret_len,
	+ UNUSED STACK_OF(SSL_CIPHER) *peer_ciphers,
	+ UNUSED SSL_CIPHER *cipher, void arg)
	+@@ -224,7 +224,7 @@ static int _session_secret(SSL s, void secret, int *
	+
	+ RDEBUG("processing PAC-Opaque");
	+
	+-#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
	+ eap_fast_session_ticket(tls_session, s->s3->client_random, s->s3->server_random, secret, secret_len);
	+ #else
	+ uint8_t client_random[SSL3_RANDOM_SIZE];
	+@@ -591,7 +591,7 @@ static int mod_session_init(void *type_arg, eap_handle
	+ }
	+ }
	+
	+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
	++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	+ {
	+ int i;
	+ for (i = 0; ; i++) {
	Index: net/freeradius3/files/patch-src_modules_rlm__pap_rlm__pap.c
	===================================================================
	--- /dev/null
	+++ net/freeradius3/files/patch-src_modules_rlm__pap_rlm__pap.c
	@@ -0,0 +1,11 @@
	+--- src/modules/rlm_pap/rlm_pap.c.orig 2022-10-20 09:27:04 UTC
	++++ src/modules/rlm_pap/rlm_pap.c
	+@@ -927,7 +927,7 @@ static inline rlm_rcode_t CC_HINT(nonnull) pap_auth_pb
	+ digest_len = SHA512_DIGEST_LENGTH;
	+ break;
	+
	+-# if OPENSSL_VERSION_NUMBER >= 0x10101000L
	++# if OPENSSL_VERSION_NUMBER >= 0x10101000L && !defined(LIBRESSL_VERSION_NUMBER)
	+ case PW_SSHA3_224_PASSWORD:
	+ evp_md = EVP_sha3_224();
	+ digest_len = SHA224_DIGEST_LENGTH;

File Metadata

Mime Type: text/plain
Expires: Sun, Apr 19, 10:30 PM (11 h, 2 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 31804707
Default Alt Text: D37058.diff (10 KB)

D37058.diffNo OneTemporaryActions

D37058.diffView Options

File Metadata

Event Timeline

D37058.diff
No OneTemporary
Actions

D37058.diff
View Options