On Tue, 19 Aug 2025 19:43:15 +0200 Sebastian Andrzej Siewior <[email protected]> wrote: > control: reassign -1 freeradius 3.2.7+dfsg-1 > control: affects -1 = src:openssl > control: tags -1 patch upstream fixed-upstream > control: forwarded -1 https://github.com/FreeRADIUS/freeradius-server/issues/5631 > > On 2025-08-16 21:54:55 [+0200], To [email protected] wrote: > > The freeradius' debci breaks with 3.5.2. Upstream report has been filled, > > this is just to keep track on the Debian side. > > This is a freeradius bug and has been fixed freeradius upstream. > Please find attached commit 59e262f1134fe ("change "fips=no" to > "-fips"") from the freeradius tree.
Dear Maintainer(s), Given this bug is RC, and blocks openssl from migrating to testing, which blocks cryptsetup, which blocks my package, I have uploaded to DELAYED/1 the aforementioned patch as an NMU, debdiff attached, to unblock the situation. Please let me know if you'd like me to cancel this or handle it differently. Thanks.
diff -Nru freeradius-3.2.7+dfsg/debian/changelog freeradius-3.2.7+dfsg/debian/changelog --- freeradius-3.2.7+dfsg/debian/changelog 2025-02-10 21:50:22.000000000 +0000 +++ freeradius-3.2.7+dfsg/debian/changelog 2025-08-21 13:06:02.000000000 +0100 @@ -1,3 +1,11 @@ +freeradius (3.2.7+dfsg-1.1) unstable; urgency=high + + * Non-maintainer upload. + * Backport patch to fix compatibility with OpenSSL 3.5.2 (Closes: + #1111328) + + -- Luca Boccassi <[email protected]> Thu, 21 Aug 2025 13:06:02 +0100 + freeradius (3.2.7+dfsg-1) unstable; urgency=medium * New upstream version 3.2.7+dfsg diff -Nru freeradius-3.2.7+dfsg/debian/patches/fips.patch freeradius-3.2.7+dfsg/debian/patches/fips.patch --- freeradius-3.2.7+dfsg/debian/patches/fips.patch 1970-01-01 01:00:00.000000000 +0100 +++ freeradius-3.2.7+dfsg/debian/patches/fips.patch 2025-08-21 13:05:00.000000000 +0100 @@ -0,0 +1,16 @@ +Author: Alan T. DeKok <[email protected]> +Description: change "fips=no" to "-fips" +Origin: upstream, https://github.com/FreeRADIUS/freeradius-server/commit/59e262f1134fef8d53d15ae963885a08c9ea8315 +Forwarded: https://github.com/FreeRADIUS/freeradius-server/issues/5631 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111328 +--- a/src/main/tls.c ++++ b/src/main/tls.c +@@ -3644,7 +3644,7 @@ + CONF_modules_load_file(NULL, NULL, 0); + + #if OPENSSL_VERSION_NUMBER >= 0x30000000L +- EVP_set_default_properties(NULL, "fips=no"); ++ EVP_set_default_properties(NULL, "-fips"); + #endif + + /* diff -Nru freeradius-3.2.7+dfsg/debian/patches/series freeradius-3.2.7+dfsg/debian/patches/series --- freeradius-3.2.7+dfsg/debian/patches/series 2025-02-10 21:50:22.000000000 +0000 +++ freeradius-3.2.7+dfsg/debian/patches/series 2025-08-21 13:02:21.000000000 +0100 @@ -5,3 +5,4 @@ debian-local/0010-version.c-disable-openssl-version-check.patch dont-install-tests.diff snakeoil-certs.diff +fips.patch
