svn commit: r447967 - head/net/freeradius3
Mark Felder
feld at FreeBSD.org
Mon Aug 14 22:32:54 UTC 2017
Author: feld
Date: Mon Aug 14 22:32:53 2017
New Revision: 447967
URL: https://svnweb.freebsd.org/changeset/ports/447967
Log:
net/freeradius3: Disable OpenSSL version checking
FreeRadius developers include a feature enabled by default which checks
your OpenSSL version and refuses to run if certain CVEs are detected.
This is an interesting idea but it means it's possible to upgrade
FreeRadius on a production server and suddently it won't run, especially
if FreeBSD's base OpenSSL doesn't report a version number that can
convince the software it is free from the specified CVEs.
Currently FreeRadius refuses to run on FreeBSD 10.3-RELEASE because it
thinks base system OpenSSL is not patched for CVE-2016-6304, but that
was in fact patched by FreeBSD-10.3-RELEASE-p9.
This feature is only useful if you are using vanilla upstream versions
of OpenSSL which we are not.
Approved by: portmgr (with hat)
MFH: 2017Q3
Modified:
head/net/freeradius3/Makefile
Modified: head/net/freeradius3/Makefile
==============================================================================
--- head/net/freeradius3/Makefile Mon Aug 14 20:48:24 2017 (r447966)
+++ head/net/freeradius3/Makefile Mon Aug 14 22:32:53 2017 (r447967)
@@ -3,6 +3,7 @@
PORTNAME= freeradius
DISTVERSION= 3.0.15
+PORTREVISION= 1
CATEGORIES= net
MASTER_SITES= ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \
ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \
@@ -321,7 +322,8 @@ CONFIGURE_ARGS+=--with-logdir=${LOGDIR} \
--without-rlm_securid \
--without-rlm_cache_memcached \
--with-vmps \
- --with-collectdclient-lib-dir=/dev/null
+ --with-collectdclient-lib-dir=/dev/null \
+ --disable-openssl-version-check
.if ${ARCH} == amd64
CONFIGURE_ARGS+=--with-pic
More information about the svn-ports-all
mailing list