[freeradius/f20] Require OpenSSL with patched heartbleed

Nikolai Kondrashov nkondras at fedoraproject.org
Tue Jun 3 12:32:24 UTC 2014 

commit 1d7b909e0f6b963048929f8df0e9776ed203d950
Author: Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com>
Date:   Tue Jun 3 14:37:59 2014 +0300

    Require OpenSSL with patched heartbleed
    
    (cherry picked from commit e529cbbf6ea68f7beb8e7ce6688fcc05cd630ebb)

 freeradius-heartbleed-confirm.patch |   13 +++++++++++++
 freeradius.spec                     |   12 ++++++++++--
 2 files changed, 23 insertions(+), 2 deletions(-)
---
diff --git a/freeradius-heartbleed-confirm.patch b/freeradius-heartbleed-confirm.patch
new file mode 100644
index 0000000..a52be54
--- /dev/null
+++ b/freeradius-heartbleed-confirm.patch
@@ -0,0 +1,13 @@
+diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
+index 307ae10..c533f56 100644
+--- a/raddb/radiusd.conf.in
++++ b/raddb/radiusd.conf.in
+@@ -483,7 +483,7 @@ security {
+ 	#  and may not reflect patches applied to libssl by
+ 	#  distribution maintainers.
+ 	#
+-	allow_vulnerable_openssl = no
++	allow_vulnerable_openssl = CVE-2014-0160
+ }
+ 
+ # PROXY CONFIGURATION
diff --git a/freeradius.spec b/freeradius.spec
index a6f5a74..6d719fd 100644
--- a/freeradius.spec
+++ b/freeradius.spec
@@ -1,7 +1,7 @@
 Summary: High-performance and highly configurable free RADIUS server
 Name: freeradius
 Version: 3.0.3
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPLv2+ and LGPLv2+
 Group: System Environment/Daemons
 URL: http://www.freeradius.org/
@@ -27,6 +27,7 @@ Patch3: freeradius-case-insensitive-matching.patch
 Patch4: freeradius-perl-string-escaping.patch
 Patch5: freeradius-segfault-on-config-parse.patch
 Patch6: freeradius-foreach.patch
+Patch7: freeradius-heartbleed-confirm.patch
 
 %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
 
@@ -50,7 +51,7 @@ BuildRequires: libyubikey-devel
 BuildRequires: ykclient-devel
 %endif
 
-Requires: openssl
+Requires: openssl >= 1.0.1e-37.fc20.1
 Requires(pre): shadow-utils glibc-common
 Requires(post): systemd-sysv
 Requires(post): systemd-units
@@ -189,6 +190,7 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %build
 # Force compile/link options, extra security for network facing daemon
@@ -760,6 +762,12 @@ exit 0
 %{_libdir}/freeradius/rlm_sql_unixodbc.so
 
 %changelog
+* Mon Jun  2 2014 Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com> - 3.0.3-2
+- Add explicit dependency on OpenSSL package with fixed CVE-2014-0160
+  (Heartbleed bug).
+- Add confirmation of CVE-2014-0160 being fixed in OpenSSL to radiusd.conf.
+
+%changelog
 * Wed May 14 2014 Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com> - 3.0.3-1
 - Upgrade to upstream 3.0.3 release.
   See upstream ChangeLog for details (in freeradius-doc subpackage).

More information about the scm-commits mailing list