force debian pkg to use patched openssl, and disable version check

diff --git a/debian/patches/disable-openssl-check.diff b/debian/patches/disable-openssl-check.diff
new file mode 100644 (file)
index 0000000..b65edfc
--- /dev/null
+++ b/debian/patches/disable-openssl-check.diff
@@ -0,0 +1,15 @@
+--- a/raddb/radiusd.conf.in
++++ b/raddb/radiusd.conf.in
+@@ -483,7 +483,11 @@
+       #  and may not reflect patches applied to libssl by
+       #  distribution maintainers.
+       #
+-      allow_vulnerable_openssl = no
++      #  This version of FreeRADIUS is built as a Debian package that
++      #  depends on the right version of OpenSSL, so this is set by
++      #  default to allow the server to start.
++      #
++      allow_vulnerable_openssl = 'CVE-2014-0160'
+ }
+ 
+ # PROXY CONFIGURATION

diff --git a/debian/patches/series b/debian/patches/series
index 5ba2d18..cba5c66 100644 (file)
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 radiusd-to-freeradius.diff
+disable-openssl-check.diff

diff --git a/debian/rules b/debian/rules
index 3d999ca..6d5d7d4 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -160,7 +160,7 @@ install-arch: build-arch-stamp
        
        dh_strip -a --dbg-package=freeradius-dbg
 
-       dh_makeshlibs -a -n
+       dh_makeshlibs -a -n -V 'libssl1.0.0 (>= 1.0.1e-2+deb7u6)'
        dh_shlibdeps -l$(freeradius_dir)/usr/lib/freeradius
 
 binary-common:

diff --git a/debian/shlibs.local b/debian/shlibs.local
new file mode 100644 (file)
index 0000000..2c53dcf
--- /dev/null
+++ b/debian/shlibs.local
@@ -0,0 +1 @@
+libssl 1.0.0 libssl1.0.0 (>= 1.0.1e-2+deb7u6)