[ANN] Release 3.0.4 rc1
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Jun 2 13:17:45 CEST 2014
On 2 Jun 2014, at 11:55, Herwin Weststrate <herwin at quarantainenet.nl> wrote:
> I'm having a little inconvenience with the generated Debian packages,
> they fail to start, trying to protect you from the heartbleed bug
>
> Mon Jun 2 12:33:57 2014 : Error: Refusing to start with libssl version
> OpenSSL 1.0.1e 11 Feb 2013 0x01000105f (1.0.1e-15) (in range 1.0.1-0 -
> 1.0.1f-15)
> Mon Jun 2 12:33:57 2014 : Error: Security advisory CVE-2014-0160
> (Heartbleed)
> Mon Jun 2 12:33:57 2014 : Error: For more information see
> http://heartbleed.com
>
> However, this issue has been backported by Debian in libssl version
> 1.0.1e-2+deb7u5. A fix for this has been propesed and merged in #590
> <https://github.com/FreeRADIUS/freeradius-server/pull/590>. However,
> this fix got reverted in commit
> 55a7773512221d698beb02bc6e36e8585b63fe60, without a real explanation
> (just the standard "this reverts commit xyz" message).
>
> Is there any specific reason that this fix has been reverted?=
Yes. It broken Ubuntu builds as Ubuntu had a different name for the libssl package.
I've requested a couple of times for someone who has more knowledge of Debian packaging to write a fix which will work for both Debian and Ubuntu.
Will someone please send a pull request which will work for both Debian and Ubuntu...
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140602/1cedc13c/attachment.pgp>
More information about the Freeradius-Users
mailing list