force debian pkg to use patched openssl, and disable version check

FreeRADIUS · Apr 17, 2014 · d3977f9 · d3977f9 · arr2036 · Apr 27, 2014
1 parent afc48b2
commit d3977f9
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 1 deletion.
diff --git a/debian/patches/disable-openssl-check.diff b/debian/patches/disable-openssl-check.diff
@@ -0,0 +1,15 @@
+--- a/raddb/radiusd.conf.in
++++ b/raddb/radiusd.conf.in
+@@ -483,7 +483,11 @@
+ 	#  and may not reflect patches applied to libssl by
+ 	#  distribution maintainers.
+ 	#
+-	allow_vulnerable_openssl = no
++	#  This version of FreeRADIUS is built as a Debian package that
++	#  depends on the right version of OpenSSL, so this is set by
++	#  default to allow the server to start.
++	#
++	allow_vulnerable_openssl = 'CVE-2014-0160'
+ }
+
+ # PROXY CONFIGURATION
diff --git a/debian/patches/series b/debian/patches/series
@@ -1 +1,2 @@
 radiusd-to-freeradius.diff
+disable-openssl-check.diff
diff --git a/debian/rules b/debian/rules
@@ -160,7 +160,7 @@ install-arch: build-arch-stamp
 
 	dh_strip -a --dbg-package=freeradius-dbg
 
-	dh_makeshlibs -a -n
+	dh_makeshlibs -a -n -V 'libssl1.0.0 (>= 1.0.1e-2+deb7u6)'
 	dh_shlibdeps -l$(freeradius_dir)/usr/lib/freeradius
 
 binary-common:

diff --git a/debian/shlibs.local b/debian/shlibs.local
@@ -0,0 +1 @@
+libssl 1.0.0 libssl1.0.0 (>= 1.0.1e-2+deb7u6)