not able to install FR 3.0.16+git in (pure) Debian 9
Martin Pauly
pauly at hrz.uni-marburg.de
Thu Sep 7 16:55:07 CEST 2017
Am 07.09.2017 um 15:06 schrieb Alan DeKok:
> So removing security checks is just not going to happen.
Yeah, I actually wanted to second that.
But since everyone including FR relies on the dynamically linked libraries (SSL here),
this specific security check boils down to checking the exact version, right?
I thought the discussion started by Rui is about this snippet from debian/rules:
----------------------------------------------------------------------------------------------------
# Add dependency on distribution specific version of openssl that fixes Heartbleed (CVE-2014-0160).
ifeq ($(shell dpkg-vendor --derives-from Ubuntu && echo yes),yes)
SUBSTVARS = -Vdist:Depends="libssl1.0.0 (>= 1.0.1f-1ubuntu2)"
else
SUBSTVARS = -Vdist:Depends="libssl1.0.0 (>= 1.0.1e-2+deb7u5)"
endif
-----------------------------------------------------------------------------------------------------
Or have I missed some additional checks?
>> So they still distribute 3.0.12, but with everything fixed.
> No. 3.0.15 would be "everything fixed".
correct myself: They still distribute 3.0.12, but with security holes fixed in default config.
I find it hard to judge the Debian approach to security patches. Clinging to a particular
version like that often means overdoing things. On the other hand, AFAIR with Heartbleed,
they did a real good job by very quickly delivering a bugfix-only update. But as things are,
I will continue compiling FR myself. Just good you provide all the prerequites.
I do appreciate scurity-bugfix-only updates, though ;-)
Cheers, Martin
--
Dr. Martin Pauly Phone: +49-6421-28-23527
HRZ Univ. Marburg Fax: +49-6421-28-26994
Hans-Meerwein-Str. E-Mail: pauly at HRZ.Uni-Marburg.DE
D-35032 Marburg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5393 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170907/56377a8f/attachment-0001.bin>
More information about the Freeradius-Users
mailing list