[freeradius/f20] Require OpenSSL with patched heartbleed
Nikolai Kondrashov
nkondras at fedoraproject.org
Tue Jun 3 12:32:24 UTC 2014
commit 1d7b909e0f6b963048929f8df0e9776ed203d950
Author: Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com>
Date: Tue Jun 3 14:37:59 2014 +0300
Require OpenSSL with patched heartbleed
(cherry picked from commit e529cbbf6ea68f7beb8e7ce6688fcc05cd630ebb)
freeradius-heartbleed-confirm.patch | 13 +++++++++++++
freeradius.spec | 12 ++++++++++--
2 files changed, 23 insertions(+), 2 deletions(-)
---
diff --git a/freeradius-heartbleed-confirm.patch b/freeradius-heartbleed-confirm.patch
new file mode 100644
index 0000000..a52be54
--- /dev/null
+++ b/freeradius-heartbleed-confirm.patch
@@ -0,0 +1,13 @@
+diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
+index 307ae10..c533f56 100644
+--- a/raddb/radiusd.conf.in
++++ b/raddb/radiusd.conf.in
+@@ -483,7 +483,7 @@ security {
+ # and may not reflect patches applied to libssl by
+ # distribution maintainers.
+ #
+- allow_vulnerable_openssl = no
++ allow_vulnerable_openssl = CVE-2014-0160
+ }
+
+ # PROXY CONFIGURATION
diff --git a/freeradius.spec b/freeradius.spec
index a6f5a74..6d719fd 100644
--- a/freeradius.spec
+++ b/freeradius.spec
@@ -1,7 +1,7 @@
Summary: High-performance and highly configurable free RADIUS server
Name: freeradius
Version: 3.0.3
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2+ and LGPLv2+
Group: System Environment/Daemons
URL: http://www.freeradius.org/
@@ -27,6 +27,7 @@ Patch3: freeradius-case-insensitive-matching.patch
Patch4: freeradius-perl-string-escaping.patch
Patch5: freeradius-segfault-on-config-parse.patch
Patch6: freeradius-foreach.patch
+Patch7: freeradius-heartbleed-confirm.patch
%global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}}
@@ -50,7 +51,7 @@ BuildRequires: libyubikey-devel
BuildRequires: ykclient-devel
%endif
-Requires: openssl
+Requires: openssl >= 1.0.1e-37.fc20.1
Requires(pre): shadow-utils glibc-common
Requires(post): systemd-sysv
Requires(post): systemd-units
@@ -189,6 +190,7 @@ This plugin provides the unixODBC support for the FreeRADIUS server project.
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
%build
# Force compile/link options, extra security for network facing daemon
@@ -760,6 +762,12 @@ exit 0
%{_libdir}/freeradius/rlm_sql_unixodbc.so
%changelog
+* Mon Jun 2 2014 Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com> - 3.0.3-2
+- Add explicit dependency on OpenSSL package with fixed CVE-2014-0160
+ (Heartbleed bug).
+- Add confirmation of CVE-2014-0160 being fixed in OpenSSL to radiusd.conf.
+
+%changelog
* Wed May 14 2014 Nikolai Kondrashov <Nikolai.Kondrashov at redhat.com> - 3.0.3-1
- Upgrade to upstream 3.0.3 release.
See upstream ChangeLog for details (in freeradius-doc subpackage).
More information about the scm-commits
mailing list