security/openssl BROKEN, DEPRECATED, and EXPIRED?
Matt Dawson
matt at chronos.org.uk
Wed Jan 13 13:34:41 UTC 2010
On Wednesday 13 Jan 2010 12:00:23 Trix Farrar wrote:
> What happened? I haven't been able to find any discussion about this
> on either freebsd-ports, freebsd-ports-bugs, or freebsd-security.
> There doesn't seem to be a PR, either.
>
> Am I just being overly sensitive or does this present a POLA problem?
> My ports tree is up to date, but OpenSSL can't be upgraded, and
> neither can anything that depends on it.
If you have a look at the last commit for Mk/bsd.openssl.mk, you'll see the
libcrypto versions have been bumped, too. 8.0-RELEASE has 0.9.8k in base,
but this .mk looks for libcrypto.so.7 and the version conditional has been
dropped (not that it would have made any difference set to 800105) so
dropping back to the version in the base system is going to be no help
either. Even HEAD is still on 0.9.8k (libcrypto.so.6).
http://bit.ly/7h5PpU (CVSweb)
I suspect that there's an update on its way, although that doesn't help the
rest of us using ports in the meantime. For now, I'd personally recommend
to use a date=2010.01.12.15.42.00 definition in your ports supfile until
all of this shakes out.
As for POLA, I can think of nothing more astonishing than finding that my
systems cannot, under any circumstances, meet the requirements of
bsd.openssl.mk, thus breaking nearly everything important. That sort of
snuck up on me without warning...
--
Matt Dawson
MTD15-RIPE
matt at chronos.org.uk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20100113/f59e28e7/attachment.pgp
More information about the freebsd-ports
mailing list