Modify

Opened 2 years ago

Last modified 2 years ago

#21369 new defect

Freeradius Package in Barrier Barrier Needs to Be Rebuilt to Support libopenssl - 1.0.2e-1

Reported by: geoff@… Owned by: developers
Priority: high Milestone: Barrier Breaker 14.07
Component: packages Version: Barrier Breaker 14.07
Keywords: libssl version mismatch Cc:

Description

With the latest update of the OpenSSL package (Dec7, 2015) for Barrier Breaker, as has occurred before, freeradius was not re-built (based on its July 2015 creation date in https://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/packages).

The code to relax the SSL version check is not in this version I presume, as it fails to startup with the version check error,

Error: libssl version mismatch. built: 1000204f linked: 1000205f

Would it be possible to rebuild the freeradius packages,

freeradius2
freeradius2-common
freeradius2-democerts
freeradius2-mod-always
freeradius2-mod-attr-rewrite
freeradius2-mod-chap
freeradius2-mod-detail
freeradius2-mod-eap
freeradius2-mod-eap-gtc
freeradius2-mod-eap-md5
freeradius2-mod-eap-mschapv2
freeradius2-mod-eap-peap
freeradius2-mod-eap-tls
freeradius2-mod-eap-ttls
freeradius2-mod-exec
freeradius2-mod-expiration
freeradius2-mod-expr
freeradius2-mod-files
freeradius2-mod-logintime
freeradius2-mod-mschap
freeradius2-mod-pap
freeradius2-mod-passwd
freeradius2-mod-preprocess
freeradius2-mod-radutmp
freeradius2-mod-realm
freeradius2-mod-sql
freeradius2-mod-sql-pgsql
freeradius2-mod-sql-sqlite
freeradius2-mod-sqlcounter
freeradius2-mod-sqllog
freeradius2-utils
strongswan-mod-eap-radius

against the new version of libopenssl in the repo?

Thanks!

Attachments (0)

Change History (11)

comment:1 Changed 2 years ago by anonymous

Same problem with Chaos Calmer.

comment:2 follow-up: Changed 2 years ago by anonymous

THIS IS A SERIOUS PROBLEM!!!

comment:3 in reply to: ↑ 2 Changed 2 years ago by haazee

Replying to anonymous:

THIS IS A SERIOUS PROBLEM!!!

Yes, it is. But you can help yourself: compile it!
See:https://wiki.openwrt.org/doc/howtobuild/single.package

comment:4 follow-ups: Changed 2 years ago by anonymous

ok , when the TV wire does not reach the wall you move the wall instead of the TV , Well done!

comment:5 in reply to: ↑ 4 Changed 2 years ago by haazee

Replying to anonymous:

ok , when the TV wire does not reach the wall you move the wall instead of the TV , Well done!

If you have enough time, to wait for the developers until they correct this...
It's your own business. I just tried to help you.

comment:6 in reply to: ↑ 4 Changed 2 years ago by haazee

Replying to anonymous:

ok , when the TV wire does not reach the wall you move the wall instead of the TV , Well done!

To setup a cross compile environment and build a new freeradius2, needs about 2 hours on an old notebook with processor i5-2520m and an ssd. With hdd it needs 3-3.5 hours, IMHO. vs some days, weeks, months until someone will correct it in the repo. (See the open tickets! It's a very long list :( )

comment:7 Changed 2 years ago by anonymous

There is a hackish way to fix this, download the 1.0.2d version IPK from Chaos Chalmer's Release Candidate repos : http://downloads.openwrt.org/chaos_calmer/15.05-rc3/<YOUR ARCH>/generic/packages/base/libopenssl_1.0.2d-1_ar71xx.ipk and install it manually. You accept living with the 1.0.2d bugs/vulns : https://www.openssl.org/news/openssl-1.0.2-notes.html

Also, there is an option to pass at compile (configure) time to remove that check in freeradius, maybe it would be a good idea to add it to build scripts, since package maintainers lag behind : https://github.com/FreeRADIUS/freeradius-server/commit/767c67fc4f2f673a44f89794a3531158dcb7b1ec

comment:8 follow-up: Changed 2 years ago by anonymous

You sir are a genius. The workaround works. I did an opkg remove openssl --force-depends and then an opkg install <libopenssl_1.0.2d-1_ar71xx.ipk>. radius -X and I'm good to go. Many thanks.

comment:9 in reply to: ↑ 8 Changed 2 years ago by anonymous

Apologies. The above was a typo. Here are my literal steps:

#opkg remove libopenssl --force-depends
#wget http://downloads.openwrt.org/chaos_calmer/15.05-rc3/ar71xx/generic/packages/base/libopens
sl_1.0.2d-1_ar71xx.ipk
#opkg install libopenssl_1.0.2d-1_ar71xx.ipk

comment:10 follow-up: Changed 2 years ago by geoff@…

The new freeradius packages result in a Segmentation Fault when I run them (to test) via radius -XXX
starting - reading configuration files ...
including configuration file /etc/freeradius2/radiusd.conf
including configuration file /etc/freeradius2/clients.conf
including files in directory /etc/freeradius2/modules/
including configuration file /etc/freeradius2/modules/sradutmp
including configuration file /etc/freeradius2/modules/passwd
including configuration file /etc/freeradius2/modules/files
including configuration file /etc/freeradius2/modules/radutmp
including configuration file /etc/freeradius2/modules/echo
including configuration file /etc/freeradius2/modules/detail
including configuration file /etc/freeradius2/modules/attr_rewrite
including configuration file /etc/freeradius2/modules/exec
including configuration file /etc/freeradius2/modules/logintime
including configuration file /etc/freeradius2/modules/chap
including configuration file /etc/freeradius2/modules/expr
including configuration file /etc/freeradius2/modules/inner-eap
including configuration file /etc/freeradius2/modules/expiration
including configuration file /etc/freeradius2/modules/pap
including configuration file /etc/freeradius2/modules/always
including configuration file /etc/freeradius2/modules/realm
including configuration file /etc/freeradius2/modules/mschap
including configuration file /etc/freeradius2/modules/preprocess
including configuration file /etc/freeradius2/eap.conf
including files in directory /etc/freeradius2/sites/
including configuration file /etc/freeradius2/sites/default
including configuration file /etc/freeradius2/sites/inner-tunnel
...
Segmentation fault (at the end)

My barrier breaker is a pretty clean install -- no back porting, etc.,etc.

comment:11 in reply to: ↑ 10 Changed 2 years ago by geoff@…

Replying to geoff@…:

The new freeradius packages result in a Segmentation Fault when I run them (to test) via radius -XXX
starting - reading configuration files ...
including configuration file /etc/freeradius2/radiusd.conf
including configuration file /etc/freeradius2/clients.conf
including files in directory /etc/freeradius2/modules/
including configuration file /etc/freeradius2/modules/sradutmp
including configuration file /etc/freeradius2/modules/passwd
including configuration file /etc/freeradius2/modules/files
including configuration file /etc/freeradius2/modules/radutmp
including configuration file /etc/freeradius2/modules/echo
including configuration file /etc/freeradius2/modules/detail
including configuration file /etc/freeradius2/modules/attr_rewrite
including configuration file /etc/freeradius2/modules/exec
including configuration file /etc/freeradius2/modules/logintime
including configuration file /etc/freeradius2/modules/chap
including configuration file /etc/freeradius2/modules/expr
including configuration file /etc/freeradius2/modules/inner-eap
including configuration file /etc/freeradius2/modules/expiration
including configuration file /etc/freeradius2/modules/pap
including configuration file /etc/freeradius2/modules/always
including configuration file /etc/freeradius2/modules/realm
including configuration file /etc/freeradius2/modules/mschap
including configuration file /etc/freeradius2/modules/preprocess
including configuration file /etc/freeradius2/eap.conf
including files in directory /etc/freeradius2/sites/
including configuration file /etc/freeradius2/sites/default
including configuration file /etc/freeradius2/sites/inner-tunnel
...
Segmentation fault (at the end)

My barrier breaker is a pretty clean install -- no back porting, etc.,etc.

Package versions:
freeradius2 - 2.2.5-2.2
freeradius2-common - 2.2.5-2.2
freeradius2-democerts - 2.2.5-2.2
freeradius2-mod-always - 2.2.5-2.2
freeradius2-mod-attr-rewrite - 2.2.5-2.2
freeradius2-mod-chap - 2.2.5-2.2
freeradius2-mod-detail - 2.2.5-2.2
freeradius2-mod-eap - 2.2.5-2.2
freeradius2-mod-eap-gtc - 2.2.5-2.2
freeradius2-mod-eap-md5 - 2.2.5-2.2
freeradius2-mod-eap-mschapv2 - 2.2.5-2.2
freeradius2-mod-eap-peap - 2.2.5-2.2
freeradius2-mod-eap-tls - 2.2.5-2.2
freeradius2-mod-eap-ttls - 2.2.5-2.2
freeradius2-mod-exec - 2.2.5-2.2
freeradius2-mod-expiration - 2.2.5-2.2
freeradius2-mod-expr - 2.2.5-2.2
freeradius2-mod-files - 2.2.5-2.2
freeradius2-mod-logintime - 2.2.5-2.2
freeradius2-mod-mschap - 2.2.5-2.2
freeradius2-mod-pap - 2.2.5-2.2
freeradius2-mod-passwd - 2.2.5-2.2
freeradius2-mod-preprocess - 2.2.5-2.2
freeradius2-mod-radutmp - 2.2.5-2.2
freeradius2-mod-realm - 2.2.5-2.2
freeradius2-mod-sql - 2.2.5-2.2
freeradius2-mod-sql-pgsql - 2.2.5-2.2
freeradius2-mod-sql-sqlite - 2.2.5-2.2
freeradius2-mod-sqlcounter - 2.2.5-2.2
freeradius2-mod-sqllog - 2.2.5-2.2
freeradius2-utils - 2.2.5-2.2

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.