LDAP (rlm_ldap) Version 3.0.9

Scott Pickles scottpickles at yahoo.com
Mon Jul 20 19:37:10 CEST 2015 

Looks like CentOS still supplies a heartbleed variant, no?  Am I missing a repository?

[]# yum search openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.cc.columbia.edu
 * extras: mirror.es.its.nyu.edu
 * updates: centos.mirror.constant.com <------------------------------------------------ Am I missing a repository?
===================================================================================== N/S matched: openssl ======================================================================================
apr-util-openssl.x86_64 : APR utility library OpenSSL crytpo support
openssl-devel.i686 : Files for development of applications which will use OpenSSL
openssl-devel.x86_64 : Files for development of applications which will use OpenSSL
openssl-perl.x86_64 : Perl scripts provided with OpenSSL
openssl-static.i686 : Libraries for static linking of applications which will use OpenSSL
openssl-static.x86_64 : Libraries for static linking of applications which will use OpenSSL
perl-Crypt-OpenSSL-Bignum.x86_64 : Perl interface to OpenSSL for Bignum
perl-Crypt-OpenSSL-RSA.x86_64 : Perl interface to OpenSSL for RSA
perl-Crypt-OpenSSL-Random.x86_64 : Perl interface to OpenSSL for Random
pyOpenSSL.x86_64 : Python wrapper module around the OpenSSL library
pyOpenSSL-doc.noarch : Documentation for pyOpenSSL
xmlsec1-openssl.i686 : OpenSSL crypto plugin for XML Security Library
xmlsec1-openssl.x86_64 : OpenSSL crypto plugin for XML Security Library
xmlsec1-openssl-devel.i686 : OpenSSL crypto plugin for XML Security Library
xmlsec1-openssl-devel.x86_64 : OpenSSL crypto plugin for XML Security Library
m2crypto.x86_64 : Support for using OpenSSL in python scripts
nss_compat_ossl.i686 : Source-level compatibility library for OpenSSL to NSS porting
nss_compat_ossl.x86_64 : Source-level compatibility library for OpenSSL to NSS porting
openssl.x86_64 : Utilities from the general purpose cryptography library with TLS implementation
openssl-libs.i686 : A general purpose cryptography library with TLS implementation
openssl-libs.x86_64 : A general purpose cryptography library with TLS implementation
openssl098e.i686 : A compatibility version of a general cryptography and TLS library
openssl098e.x86_64 : A compatibility version of a general cryptography and TLS library
perl-Crypt-SSLeay.x86_64 : Crypt::SSLeay - OpenSSL glue that provides LWP https support
perl-Net-SSLeay.x86_64 : Perl extension for using OpenSSL
qca-ossl.i686 : OpenSSL plugin for the Qt Cryptographic Architecture v2
qca-ossl.x86_64 : OpenSSL plugin for the Qt Cryptographic Architecture v2

  Name and summary matches only, use "search all" for everything.
[root at rochfreeradius Downloads]# yum info openssl-devel.i686
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.cc.columbia.edu
 * extras: mirror.es.its.nyu.edu
 * updates: centos.mirror.constant.com
Available Packages
Name        : openssl-devel
Arch        : i686
Epoch       : 1
Version     : 1.0.1e <--------------------------------------------------------------------------------------------
Release     : 42.el7.9
Size        : 1.2 M
Repo        : updates/7/x86_64
Summary     : Files for development of applications which will use OpenSSL
URL         : http://www.openssl.org/
License     : OpenSSL
Description : OpenSSL is a toolkit for supporting cryptography. The openssl-devel
            : package contains include files needed to develop applications which
            : support various cryptographic algorithms and protocols.

[root at rochfreeradius Downloads]# yum info openssl-devel.x86_64
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.cc.columbia.edu
 * extras: mirror.es.its.nyu.edu
 * updates: mirrors.centos.webair.com
Installed Packages
Name        : openssl-devel
Arch        : x86_64
Epoch       : 1
Version     : 1.0.1e <-------------------------------------------------------------------------------------------
Release     : 42.el7.9
Size        : 2.2 M
Repo        : installed
>From repo   : updates
Summary     : Files for development of applications which will use OpenSSL
URL         : http://www.openssl.org/
License     : OpenSSL
Description : OpenSSL is a toolkit for supporting cryptography. The openssl-devel
            : package contains include files needed to develop applications which
            : support various cryptographic algorithms and protocols.

 


     On Monday, July 20, 2015 10:28 AM, Alan DeKok <aland at deployingradius.com> wrote:
   

 On Jul 20, 2015, at 4:26 PM, Scott Pickles via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I'm running a CentOS 7 environment and I just did a fresh install of v3.0.9 of FreeRADIUS.  I also installed version 1.0.2d of openssl so I'm not subject to heartbleed.  When I installed the ldap module, yum downloaded version 3.0.4 and also installed a heartbleed vulnerable version of openssl and broke my install.  

  Which is why you don't install manual packages on top of existing ones.  CentOS *should* have a fixed version of OpenSSL.

> I know how to patch radiusd.conf for the heartbleed vulnerability but I'd rather not.  So I removed the ldap module, re-installed openssl 1.0.2d and recompiled FreeRADIUS.  Is there a repo that will provide me with a 3.0.9 version of the ldap module?  If not, can I compile and point to my lib directory for openssl 1.0.2d instead?  Yum downloads an RPM and I don't know of a way to simply extract that, so I am looking for a way to compile from source for either version 3.0.4 or 3.0.9 if it exists.  Don't know where to look for the source(s).

  Install the OpenSSL from CentOS.  It should have the fix.  See the release notes for details.

  Alan DeKok.

More information about the Freeradius-Users mailing list