Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 14 Aug 2017 22:32:53 +0000 (UTC)
From:      Mark Felder <feld@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r447967 - head/net/freeradius3
Message-ID:  <201708142232.v7EMWr4t099020@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Author: feld
Date: Mon Aug 14 22:32:53 2017
New Revision: 447967
URL: https://svnweb.freebsd.org/changeset/ports/447967

Log:
  net/freeradius3: Disable OpenSSL version checking
  
  FreeRadius developers include a feature enabled by default which checks
  your OpenSSL version and refuses to run if certain CVEs are detected.
  This is an interesting idea but it means it's possible to upgrade
  FreeRadius on a production server and suddently it won't run, especially
  if FreeBSD's base OpenSSL doesn't report a version number that can
  convince the software it is free from the specified CVEs.
  
  Currently FreeRadius refuses to run on FreeBSD 10.3-RELEASE because it
  thinks base system OpenSSL is not patched for CVE-2016-6304, but that
  was in fact patched by FreeBSD-10.3-RELEASE-p9.
  
  This feature is only useful if you are using vanilla upstream versions
  of OpenSSL which we are not.
  
  Approved by:	portmgr (with hat)
  MFH:		2017Q3

Modified:
  head/net/freeradius3/Makefile

Modified: head/net/freeradius3/Makefile
==============================================================================
--- head/net/freeradius3/Makefile	Mon Aug 14 20:48:24 2017	(r447966)
+++ head/net/freeradius3/Makefile	Mon Aug 14 22:32:53 2017	(r447967)
@@ -3,6 +3,7 @@
 
 PORTNAME=	freeradius
 DISTVERSION=	3.0.15
+PORTREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \
 		ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \
@@ -321,7 +322,8 @@ CONFIGURE_ARGS+=--with-logdir=${LOGDIR} \
 		--without-rlm_securid \
 		--without-rlm_cache_memcached \
 		--with-vmps \
-		--with-collectdclient-lib-dir=/dev/null
+		--with-collectdclient-lib-dir=/dev/null \
+		--disable-openssl-version-check
 
 .if ${ARCH} == amd64
 CONFIGURE_ARGS+=--with-pic

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201708142232.v7EMWr4t099020>