From 2376f330f3523246b6a2d9541ff77645ce094d80 Mon Sep 17 00:00:00 2001
From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Jan 19 2015 16:41:28 +0000
Subject: Fix OpenSSL version check issues


Resolves: Bug#1173821

---

diff --git a/freeradius-Fix-OpenSSL-version-check-issues.patch b/freeradius-Fix-OpenSSL-version-check-issues.patch
new file mode 100644
index 0000000..1f59545
--- /dev/null
+++ b/freeradius-Fix-OpenSSL-version-check-issues.patch
@@ -0,0 +1,131 @@
+From 6d296f2c4f3c58742543cc0508642c6d06747aea Mon Sep 17 00:00:00 2001
+From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
+Date: Thu, 16 Oct 2014 11:16:57 -0400
+Subject: [PATCH 1/1] Fix OpenSSL version check issues
+
+---
+ src/include/radiusd.h |  4 ++--
+ src/main/version.c    | 40 ++++++++++++++++++++--------------------
+ 2 files changed, 22 insertions(+), 22 deletions(-)
+
+diff --git a/src/include/radiusd.h b/src/include/radiusd.h
+index 53a1f3e..1bf15d7 100644
+--- a/src/include/radiusd.h
++++ b/src/include/radiusd.h
+@@ -598,8 +598,8 @@ void		pairlist_free(PAIR_LIST **);
+ /* version.c */
+ int		rad_check_lib_magic(uint64_t magic);
+ int 		ssl_check_consistency(void);
+-char const	*ssl_version_by_num(uint64_t version);
+-char const	*ssl_version_range(uint64_t low, uint64_t high);
++char const	*ssl_version_by_num(uint32_t version);
++char const	*ssl_version_range(uint32_t low, uint32_t high);
+ char const	*ssl_version(void);
+ void		version(void);
+ 
+diff --git a/src/main/version.c b/src/main/version.c
+index 8b56ffa..fd97970 100644
+--- a/src/main/version.c
++++ b/src/main/version.c
+@@ -38,7 +38,7 @@ static long ssl_built = OPENSSL_VERSION_NUMBER;
+ /** Check built and linked versions of OpenSSL match
+  *
+  * OpenSSL version number consists of:
+- * MMNNFFPPS: major minor fix patch status
++ * MNNFFPPS: major minor fix patch status
+  *
+  * Where status >= 0 && < 10 means beta, and status 10 means release.
+  *
+@@ -56,11 +56,11 @@ int ssl_check_consistency(void)
+ 	/*
+ 	 *	Status mismatch always triggers error.
+ 	 */
+-	if ((ssl_linked & 0x00000000f) != (ssl_built & 0x00000000f)) {
++	if ((ssl_linked & 0x0000000f) != (ssl_built & 0x0000000f)) {
+ 	mismatch:
+ 		ERROR("libssl version mismatch.  built: %lx linked: %lx",
+-		       (unsigned long) ssl_built,
+-		       (unsigned long) ssl_linked);
++		      (unsigned long) ssl_built,
++		      (unsigned long) ssl_linked);
+ 
+ 		return -1;
+ 	}
+@@ -70,14 +70,14 @@ int ssl_check_consistency(void)
+ 	 *	1.0.0 and only allow moving backwards within a patch
+ 	 *	series.
+ 	 */
+-	if (ssl_built & 0xff) {
+-		if ((ssl_built & 0xffff) != (ssl_linked & 0xffff) ||
+-		    (ssl_built & 0x0000ff) > (ssl_linked & 0x0000ff)) goto mismatch;
++	if (ssl_built & 0xf00000000) {
++		if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000) ||
++		    (ssl_built & 0x00000ff0) > (ssl_linked & 0x00000ff0)) goto mismatch;
+ 	/*
+ 	 *	Before 1.0.0 we require the same major minor and fix version
+ 	 *	and ignore the patch number.
+ 	 */
+-	} else if ((ssl_built & 0xffffff) != (ssl_linked & 0xffffff)) goto mismatch;
++	} else if ((ssl_built & 0xfffff000) != (ssl_linked & 0xfffff000)) goto mismatch;
+ 
+ 	return 0;
+ }
+@@ -89,22 +89,22 @@ int ssl_check_consistency(void)
+  * @param v version to convert.
+  * @return pointer to a static buffer containing the version string.
+  */
+-char const *ssl_version_by_num(uint64_t v)
++char const *ssl_version_by_num(uint32_t v)
+ {
+ 	/* 2 (%s) + 1 (.) + 2 (%i) + 1 (.) + 2 (%i) + 1 (c) + 1 (-) + 2 (%i) + \0 */
+ 	static char buffer[13];
+ 	char *p = buffer;
+ 
+-	p += sprintf(p, "%i.%i.%i",
+-		     (int) ((0xff0000000 & v) >> 28),
+-		     (int) ((0x00ff00000 & v) >> 20),
+-		     (int) ((0x0000ff000 & v) >> 12));
++	p += sprintf(p, "%u.%u.%u",
++		     (0xf0000000 & v) >> 28,
++		     (0x0ff00000 & v) >> 20,
++		     (0x000ff000 & v) >> 12);
+ 
+-	if ((0x000000ff0 & v) >> 4) {
+-		*p++ =  (char) (0x60 + ((0x000000ff0 & v) >> 4));
++	if ((0x00000ff0 & v) >> 4) {
++		*p++ =  (char) (0x60 + ((0x00000ff0 & v) >> 4));
+ 	}
+ 
+-	sprintf(p, "-%i", (int) (0x00000000f & v));
++	sprintf(p, "%x", 0x0000000f & v);
+ 
+ 	return buffer;
+ }
+@@ -117,7 +117,7 @@ char const *ssl_version_by_num(uint64_t v)
+  * @param high version to convert.
+  * @return pointer to a static buffer containing the version range string.
+  */
+-char const *ssl_version_range(uint64_t low, uint64_t high)
++char const *ssl_version_range(uint32_t low, uint32_t high)
+ {
+ 	/* 12 (version) + 3 ( - ) + 12 (version) */
+ 	static char buffer[28];
+@@ -141,12 +141,12 @@ char const *ssl_version(void)
+ {
+ 	static char buffer[256];
+ 
+-	uint64_t v = (uint64_t) SSLeay();
++	uint32_t v = SSLeay();
+ 
+-	snprintf(buffer, sizeof(buffer), "%s 0x%.9" PRIx64 " (%s)",
++	snprintf(buffer, sizeof(buffer), "%s 0x%.8x (%s)",
+ 		 SSLeay_version(SSLEAY_VERSION),		/* Not all builds include a useful version number */
+ 		 v,
+-		 ssl_version_by_num((uint64_t) v));
++		 ssl_version_by_num(v));
+ 
+ 	return buffer;
+ }
+-- 
+2.1.4
+
diff --git a/freeradius.spec b/freeradius.spec
index 1aa1877..cebd360 100644
--- a/freeradius.spec
+++ b/freeradius.spec
@@ -52,6 +52,7 @@ Patch28: freeradius-raddb-Move-trigger.conf-INCLUDE-before-modules.patch
 Patch29: freeradius-Resolve-to-all-families-on-ip_hton-fallback.patch
 Patch30: freeradius-Don-t-overwrite-ip_hton-af-prefix-in-fr_pton4-6.patch
 Patch31: freeradius-raddb-Comment-on-ipaddr-ipv4addr-ipv6addr-use.patch
+Patch32: freeradius-Fix-OpenSSL-version-check-issues.patch
 
 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}