diff options
author | Mark Felder <feld@FreeBSD.org> | 2017-08-14 22:32:53 +0000 |
---|---|---|
committer | Mark Felder <feld@FreeBSD.org> | 2017-08-14 22:32:53 +0000 |
commit | b784895067b48ad2f8b969b60d9d640243ecf94c (patch) | |
tree | c6242fb4a13ea79e0926fddcebbf1b25ecbf1152 /net/freeradius3 | |
parent | c23c2e8d8519258a850c878b637fc68c9e5a3bd5 (diff) | |
download | ports-b784895067b48ad2f8b969b60d9d640243ecf94c.tar.gz ports-b784895067b48ad2f8b969b60d9d640243ecf94c.zip |
net/freeradius3: Disable OpenSSL version checking
FreeRadius developers include a feature enabled by default which checks
your OpenSSL version and refuses to run if certain CVEs are detected.
This is an interesting idea but it means it's possible to upgrade
FreeRadius on a production server and suddently it won't run, especially
if FreeBSD's base OpenSSL doesn't report a version number that can
convince the software it is free from the specified CVEs.
Currently FreeRadius refuses to run on FreeBSD 10.3-RELEASE because it
thinks base system OpenSSL is not patched for CVE-2016-6304, but that
was in fact patched by FreeBSD-10.3-RELEASE-p9.
This feature is only useful if you are using vanilla upstream versions
of OpenSSL which we are not.
Approved by: portmgr (with hat)
MFH: 2017Q3
Notes
Notes:
svn path=/head/; revision=447967
Diffstat (limited to 'net/freeradius3')
-rw-r--r-- | net/freeradius3/Makefile | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile index 0dbab92234b4..7575d7cb2622 100644 --- a/net/freeradius3/Makefile +++ b/net/freeradius3/Makefile @@ -3,6 +3,7 @@ PORTNAME= freeradius DISTVERSION= 3.0.15 +PORTREVISION= 1 CATEGORIES= net MASTER_SITES= ftp://ftp.freeradius.org/pub/freeradius/%SUBDIR%/ \ ftp://ftp.ntua.gr/pub/net/radius/freeradius/%SUBDIR%/ \ @@ -321,7 +322,8 @@ CONFIGURE_ARGS+=--with-logdir=${LOGDIR} \ --without-rlm_securid \ --without-rlm_cache_memcached \ --with-vmps \ - --with-collectdclient-lib-dir=/dev/null + --with-collectdclient-lib-dir=/dev/null \ + --disable-openssl-version-check .if ${ARCH} == amd64 CONFIGURE_ARGS+=--with-pic |