Modify

Opened 3 years ago

Last modified 2 years ago

#20090 reopened task

(re)compile libopenssl 1.0.2d package for Barrier Breaker

Reported by: metai Owned by: developers
Priority: highest Milestone:
Component: packages Version: Barrier Breaker 14.07
Keywords: Cc:

Description

/changeset/46287.html bumped libopenssl for Barrier Breaker to 1.0.2d.

downloads.openwrt.org has the libopenssl package with a file date of July 9 2015, but still the old and vulnerable 1.0.2c version.

I believe the buildbot needs a soft nudge.

(I rate this highest priority because as of today, the official packages repo for the latest stable is handing out a vulnerable version of a pretty commonly used library.)

Attachments (0)

Change History (8)

comment:1 Changed 3 years ago by jow

  • Resolution set to fixed
  • Status changed from new to closed

comment:2 Changed 3 years ago by anonymous

  • Resolution fixed deleted
  • Status changed from closed to reopened

You need to recompile the packages that has dependencies on this libopenssl. For example freeradius is broken:

Thu Jul 16 12:50:04 2015 : Error: libssl version mismatch. built: 1000203f linked: 1000204f

comment:3 Changed 3 years ago by jow

meh, stupid freeradius. I thought this has been patched by now in the feed...

comment:4 Changed 3 years ago by PunzIII

Thank you metai and jow, I am now able to upgrade openssl-util and libopenssl from the repo.

Thank you,
PunzIII

comment:5 Changed 3 years ago by jow

  • Resolution set to fixed
  • Status changed from reopened to closed

Freeradius rebuilt and updated to fix CVE-2015-4680

comment:6 Changed 2 years ago by geoff@…

Problem has resurfaced with latest updates for barrier_breaker/14.07/ar71xx/generic/

Trying to start freeradius (in this case in the foreground with debug on):

Sat Dec 12 12:12:01 2015 : Error: libssl version mismatch. built: 1000204f linked: 1000205f

Pertinent package versions:

libopenssl - 1.0.2e-1
freeradius2 - 2.2.5-2.1

comment:7 Changed 2 years ago by anonymous

  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:8 Changed 2 years ago by geoff@…

Apologies on re-opening this ticket, I've created another ticket, https://dev.openwrt.org/ticket/21369#ticket specific to the Dec 7, 2015 libopenssl package and freeradius

This one can be closed.

Add Comment

Modify Ticket

Action
as reopened .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.