diff options
-rw-r--r-- | .gitignore | 17 | ||||
-rw-r--r-- | debian/changelog | 10 | ||||
-rw-r--r-- | debian/control | 2 | ||||
-rw-r--r-- | include/radsec/.gitignore | 1 | ||||
-rw-r--r-- | radius/.gitignore | 1 | ||||
-rw-r--r-- | radius/client.h | 2 | ||||
-rwxr-xr-x | radius/convert.pl | 2 | ||||
-rw-r--r-- | radius/valuepair.c | 2 | ||||
-rw-r--r-- | radsecproxy/Makefile.am | 1 | ||||
-rw-r--r-- | radsecproxy/tlscommon.c | 5 | ||||
-rw-r--r-- | tls.c | 5 |
11 files changed, 40 insertions, 8 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..97aee05 --- /dev/null +++ b/.gitignore @@ -0,0 +1,17 @@ +*.*~* +TAGS +*.o +.deps +.libs +autom4te.cache +config.log +config.h* +config.status +configure +aclocal.m4 +*.lo +*.la +Makefile.in +Makefile +stamp-h1 +libtool diff --git a/debian/changelog b/debian/changelog index 643febb..e7d986c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +libradsec (0.0.5-4) unstable; urgency=medium + + * Fix problems detected by better warnings in gcc 7, Closes: #853506 + * We were building against some horrible combination of openssl 1.0 + directly and openssl 1.1 via libevent. That works surprisingly + better than you might think sort of, but can't be any good at all, so + finish moving all the way to openssl 1.1, Closes: #848681 + + -- Sam Hartman <hartmans@debian.org> Sat, 12 Aug 2017 10:20:40 -0400 + libradsec (0.0.5-3) unstable; urgency=medium * Build depend on openssl 1.0, Closes: #828410 diff --git a/debian/control b/debian/control index fc54c29..c7bd47c 100644 --- a/debian/control +++ b/debian/control @@ -1,7 +1,7 @@ Source: libradsec Priority: extra Maintainer: Sam Hartman <hartmans@debian.org> -Build-Depends: debhelper (>= 9), autotools-dev, libconfuse-dev, libssl1.0-dev|libssl-dev (<= 1.1.0), libevent-dev (>= 2.0), dh-autoreconf +Build-Depends: debhelper (>= 9), autotools-dev, libconfuse-dev, libssl-dev, libevent-dev (>= 2.0), dh-autoreconf Standards-Version: 3.9.8 Section: libs Vcs-Git: git://git.project-moonshot.org/git/libradsec.git diff --git a/include/radsec/.gitignore b/include/radsec/.gitignore new file mode 100644 index 0000000..c20d18b --- /dev/null +++ b/include/radsec/.gitignore @@ -0,0 +1 @@ +radius.h diff --git a/radius/.gitignore b/radius/.gitignore new file mode 100644 index 0000000..1af03df --- /dev/null +++ b/radius/.gitignore @@ -0,0 +1 @@ +dictionaries.c diff --git a/radius/client.h b/radius/client.h index ab4718a..2f81625 100644 --- a/radius/client.h +++ b/radius/client.h @@ -654,7 +654,7 @@ extern const int nr_dict_num_names; * \attention This variable should only be accessed by internal RADIUS library * functions. */ -extern const DICT_ATTR const *nr_dict_attr_names[]; +extern const DICT_ATTR * const nr_dict_attr_names[]; /** Static array containing names the RADIUS_PACKET::code field. \ingroup dict * diff --git a/radius/convert.pl b/radius/convert.pl index 7ca424e..ba9ed4e 100755 --- a/radius/convert.pl +++ b/radius/convert.pl @@ -139,7 +139,7 @@ print DICT "const int nr_dict_num_attrs = ", $offset - 1, ";\n\n"; print DICT "const int nr_dict_num_names = ", $num_names - 1, ";\n\n"; my $offset = 0; -print DICT "const DICT_ATTR *nr_dict_attr_names[] = {\n"; +print DICT "const DICT_ATTR * const nr_dict_attr_names[] = {\n"; foreach $attr_val (sort {lc($attributes{$a}{'name'}) cmp lc($attributes{$b}{'name'})} keys %attributes) { next if (defined $attributes{$attr_val}{'raw'}); diff --git a/radius/valuepair.c b/radius/valuepair.c index 6277f7d..4ba33f6 100644 --- a/radius/valuepair.c +++ b/radius/valuepair.c @@ -38,7 +38,7 @@ void nr_vp_free(VALUE_PAIR **head) for (vp = *head; vp != NULL; vp = next) { next = vp->next; if (vp->da->flags.encrypt) { - memset(vp, 0, sizeof(vp)); + memset(vp, 0, sizeof(*vp)); } free(vp); } diff --git a/radsecproxy/Makefile.am b/radsecproxy/Makefile.am index dc5ffc4..872416b 100644 --- a/radsecproxy/Makefile.am +++ b/radsecproxy/Makefile.am @@ -21,3 +21,4 @@ if RS_ENABLE_TLS libradsec_radsecproxy_la_SOURCES += \ tlscommon.c tlscommon.h endif +libradsec_radsecproxy_la_CFLAGS = -Wno-error=deprecated diff --git a/radsecproxy/tlscommon.c b/radsecproxy/tlscommon.c index a31fa32..5a5660b 100644 --- a/radsecproxy/tlscommon.c +++ b/radsecproxy/tlscommon.c @@ -202,12 +202,12 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) { switch (type) { #ifdef RADPROT_TLS case RAD_TLS: - ctx = SSL_CTX_new(TLSv1_method()); + ctx = SSL_CTX_new(TLS_method()); break; #endif #ifdef RADPROT_DTLS case RAD_DTLS: - ctx = SSL_CTX_new(DTLSv1_method()); + ctx = SSL_CTX_new(DTLS_method()); SSL_CTX_set_read_ahead(ctx, 1); break; #endif @@ -218,6 +218,7 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) { debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL)); return NULL; } + SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3); #ifdef DEBUG SSL_CTX_set_info_callback(ctx, ssl_info_callback); #endif @@ -7,6 +7,7 @@ #include <stdlib.h> #include <unistd.h> +#include <string.h> #include <assert.h> #include <fcntl.h> #include <limits.h> @@ -194,8 +195,8 @@ static pthread_mutex_t *s_openssl_mutexes = NULL; static int s_openssl_mutexes_count = 0; /** Callback for OpenSSL when a lock is to be held or released. */ -static void -openssl_locking_cb_ (int mode, int i, const char *file, int line) +__attribute__((unused)) static void +openssl_locking_cb_ (int mode, int i, const char *file, int line) { if (s_openssl_mutexes == NULL || i >= s_openssl_mutexes_count) return; |