summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore17
-rw-r--r--debian/changelog10
-rw-r--r--debian/control2
-rw-r--r--include/radsec/.gitignore1
-rw-r--r--radius/.gitignore1
-rw-r--r--radius/client.h2
-rwxr-xr-xradius/convert.pl2
-rw-r--r--radius/valuepair.c2
-rw-r--r--radsecproxy/Makefile.am1
-rw-r--r--radsecproxy/tlscommon.c5
-rw-r--r--tls.c5
11 files changed, 40 insertions, 8 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..97aee05
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,17 @@
+*.*~*
+TAGS
+*.o
+.deps
+.libs
+autom4te.cache
+config.log
+config.h*
+config.status
+configure
+aclocal.m4
+*.lo
+*.la
+Makefile.in
+Makefile
+stamp-h1
+libtool
diff --git a/debian/changelog b/debian/changelog
index 643febb..e7d986c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+libradsec (0.0.5-4) unstable; urgency=medium
+
+ * Fix problems detected by better warnings in gcc 7, Closes: #853506
+ * We were building against some horrible combination of openssl 1.0
+ directly and openssl 1.1 via libevent. That works surprisingly
+ better than you might think sort of, but can't be any good at all, so
+ finish moving all the way to openssl 1.1, Closes: #848681
+
+ -- Sam Hartman <hartmans@debian.org> Sat, 12 Aug 2017 10:20:40 -0400
+
libradsec (0.0.5-3) unstable; urgency=medium
* Build depend on openssl 1.0, Closes: #828410
diff --git a/debian/control b/debian/control
index fc54c29..c7bd47c 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,7 @@
Source: libradsec
Priority: extra
Maintainer: Sam Hartman <hartmans@debian.org>
-Build-Depends: debhelper (>= 9), autotools-dev, libconfuse-dev, libssl1.0-dev|libssl-dev (<= 1.1.0), libevent-dev (>= 2.0), dh-autoreconf
+Build-Depends: debhelper (>= 9), autotools-dev, libconfuse-dev, libssl-dev, libevent-dev (>= 2.0), dh-autoreconf
Standards-Version: 3.9.8
Section: libs
Vcs-Git: git://git.project-moonshot.org/git/libradsec.git
diff --git a/include/radsec/.gitignore b/include/radsec/.gitignore
new file mode 100644
index 0000000..c20d18b
--- /dev/null
+++ b/include/radsec/.gitignore
@@ -0,0 +1 @@
+radius.h
diff --git a/radius/.gitignore b/radius/.gitignore
new file mode 100644
index 0000000..1af03df
--- /dev/null
+++ b/radius/.gitignore
@@ -0,0 +1 @@
+dictionaries.c
diff --git a/radius/client.h b/radius/client.h
index ab4718a..2f81625 100644
--- a/radius/client.h
+++ b/radius/client.h
@@ -654,7 +654,7 @@ extern const int nr_dict_num_names;
* \attention This variable should only be accessed by internal RADIUS library
* functions.
*/
-extern const DICT_ATTR const *nr_dict_attr_names[];
+extern const DICT_ATTR * const nr_dict_attr_names[];
/** Static array containing names the RADIUS_PACKET::code field. \ingroup dict
*
diff --git a/radius/convert.pl b/radius/convert.pl
index 7ca424e..ba9ed4e 100755
--- a/radius/convert.pl
+++ b/radius/convert.pl
@@ -139,7 +139,7 @@ print DICT "const int nr_dict_num_attrs = ", $offset - 1, ";\n\n";
print DICT "const int nr_dict_num_names = ", $num_names - 1, ";\n\n";
my $offset = 0;
-print DICT "const DICT_ATTR *nr_dict_attr_names[] = {\n";
+print DICT "const DICT_ATTR * const nr_dict_attr_names[] = {\n";
foreach $attr_val (sort {lc($attributes{$a}{'name'}) cmp lc($attributes{$b}{'name'})} keys %attributes) {
next if (defined $attributes{$attr_val}{'raw'});
diff --git a/radius/valuepair.c b/radius/valuepair.c
index 6277f7d..4ba33f6 100644
--- a/radius/valuepair.c
+++ b/radius/valuepair.c
@@ -38,7 +38,7 @@ void nr_vp_free(VALUE_PAIR **head)
for (vp = *head; vp != NULL; vp = next) {
next = vp->next;
if (vp->da->flags.encrypt) {
- memset(vp, 0, sizeof(vp));
+ memset(vp, 0, sizeof(*vp));
}
free(vp);
}
diff --git a/radsecproxy/Makefile.am b/radsecproxy/Makefile.am
index dc5ffc4..872416b 100644
--- a/radsecproxy/Makefile.am
+++ b/radsecproxy/Makefile.am
@@ -21,3 +21,4 @@ if RS_ENABLE_TLS
libradsec_radsecproxy_la_SOURCES += \
tlscommon.c tlscommon.h
endif
+libradsec_radsecproxy_la_CFLAGS = -Wno-error=deprecated
diff --git a/radsecproxy/tlscommon.c b/radsecproxy/tlscommon.c
index a31fa32..5a5660b 100644
--- a/radsecproxy/tlscommon.c
+++ b/radsecproxy/tlscommon.c
@@ -202,12 +202,12 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) {
switch (type) {
#ifdef RADPROT_TLS
case RAD_TLS:
- ctx = SSL_CTX_new(TLSv1_method());
+ ctx = SSL_CTX_new(TLS_method());
break;
#endif
#ifdef RADPROT_DTLS
case RAD_DTLS:
- ctx = SSL_CTX_new(DTLSv1_method());
+ ctx = SSL_CTX_new(DTLS_method());
SSL_CTX_set_read_ahead(ctx, 1);
break;
#endif
@@ -218,6 +218,7 @@ static SSL_CTX *tlscreatectx(uint8_t type, struct tls *conf) {
debug(DBG_ERR, "SSL: %s", ERR_error_string(error, NULL));
return NULL;
}
+ SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3);
#ifdef DEBUG
SSL_CTX_set_info_callback(ctx, ssl_info_callback);
#endif
diff --git a/tls.c b/tls.c
index ba3cab5..7b33d8e 100644
--- a/tls.c
+++ b/tls.c
@@ -7,6 +7,7 @@
#include <stdlib.h>
#include <unistd.h>
+#include <string.h>
#include <assert.h>
#include <fcntl.h>
#include <limits.h>
@@ -194,8 +195,8 @@ static pthread_mutex_t *s_openssl_mutexes = NULL;
static int s_openssl_mutexes_count = 0;
/** Callback for OpenSSL when a lock is to be held or released. */
-static void
-openssl_locking_cb_ (int mode, int i, const char *file, int line)
+__attribute__((unused)) static void
+openssl_locking_cb_ (int mode, int i, const char *file, int line)
{
if (s_openssl_mutexes == NULL || i >= s_openssl_mutexes_count)
return;