On 2 Jun 2014, at 11:55, Herwin Weststrate <herwin@quarantainenet.nl> wrote:
I'm having a little inconvenience with the generated Debian packages, they fail to start, trying to protect you from the heartbleed bug
Mon Jun 2 12:33:57 2014 : Error: Refusing to start with libssl version OpenSSL 1.0.1e 11 Feb 2013 0x01000105f (1.0.1e-15) (in range 1.0.1-0 - 1.0.1f-15) Mon Jun 2 12:33:57 2014 : Error: Security advisory CVE-2014-0160 (Heartbleed) Mon Jun 2 12:33:57 2014 : Error: For more information see http://heartbleed.com
However, this issue has been backported by Debian in libssl version 1.0.1e-2+deb7u5. A fix for this has been propesed and merged in #590 <https://github.com/FreeRADIUS/freeradius-server/pull/590>. However, this fix got reverted in commit 55a7773512221d698beb02bc6e36e8585b63fe60, without a real explanation (just the standard "this reverts commit xyz" message).
Is there any specific reason that this fix has been reverted?=
Yes. It broken Ubuntu builds as Ubuntu had a different name for the libssl package. I've requested a couple of times for someone who has more knowledge of Debian packaging to write a fix which will work for both Debian and Ubuntu. Will someone please send a pull request which will work for both Debian and Ubuntu... Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2