security/openssl BROKEN, DEPRECATED, and EXPIRED?

Matt Dawson matt at
Wed Jan 13 13:34:41 UTC 2010

On Wednesday 13 Jan 2010 12:00:23 Trix Farrar wrote:

> What happened?  I haven't been able to find any discussion about this
> on either freebsd-ports, freebsd-ports-bugs, or freebsd-security.
> There doesn't seem to be a PR, either.
> Am I just being overly sensitive or does this present a POLA problem?
> My ports tree is up to date, but OpenSSL can't be upgraded, and
> neither can anything that depends on it.  

If you have a look at the last commit for Mk/, you'll see the 
libcrypto versions have been bumped, too. 8.0-RELEASE has 0.9.8k in base, 
but this .mk looks for and the version conditional has been 
dropped (not that it would have made any difference set to 800105) so 
dropping back to the version in the base system is going to be no help 
either. Even HEAD is still on 0.9.8k ( (CVSweb)

I suspect that there's an update on its way, although that doesn't help the 
rest of us using ports in the meantime. For now, I'd personally recommend 
to use a date=2010. definition in your ports supfile until 
all of this shakes out.

As for POLA, I can think of nothing more astonishing than finding that my 
systems cannot, under any circumstances, meet the requirements of, thus breaking nearly everything important. That sort of 
snuck up on me without warning...
Matt Dawson
matt at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: This is a digitally signed message part.
Url :

More information about the freebsd-ports mailing list