Date: Wed, 13 Jan 2010 13:34:29 +0000 From: Matt Dawson <matt@chronos.org.uk> To: freebsd-ports@freebsd.org Subject: Re: security/openssl BROKEN, DEPRECATED, and EXPIRED? Message-ID: <201001131334.35040.matt@chronos.org.uk> In-Reply-To: <20100113120023.7AFF3106570E@hub.freebsd.org> References: <20100113120023.7AFF3106570E@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart5075257.DCvC4QAO78 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable On Wednesday 13 Jan 2010 12:00:23 Trix Farrar wrote: > What happened? I haven't been able to find any discussion about this > on either freebsd-ports, freebsd-ports-bugs, or freebsd-security. > There doesn't seem to be a PR, either. >=20 > Am I just being overly sensitive or does this present a POLA problem? > My ports tree is up to date, but OpenSSL can't be upgraded, and > neither can anything that depends on it. =20 If you have a look at the last commit for Mk/bsd.openssl.mk, you'll see the= =20 libcrypto versions have been bumped, too. 8.0-RELEASE has 0.9.8k in base,=20 but this .mk looks for libcrypto.so.7 and the version conditional has been= =20 dropped (not that it would have made any difference set to 800105) so=20 dropping back to the version in the base system is going to be no help=20 either. Even HEAD is still on 0.9.8k (libcrypto.so.6). http://bit.ly/7h5PpU (CVSweb) I suspect that there's an update on its way, although that doesn't help the= =20 rest of us using ports in the meantime. For now, I'd personally recommend=20 to use a date=3D2010.01.12.15.42.00 definition in your ports supfile until= =20 all of this shakes out. As for POLA, I can think of nothing more astonishing than finding that my=20 systems cannot, under any circumstances, meet the requirements of=20 bsd.openssl.mk, thus breaking nearly everything important. That sort of=20 snuck up on me without warning... =2D-=20 Matt Dawson MTD15-RIPE matt@chronos.org.uk --nextPart5075257.DCvC4QAO78 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEABECAAYFAktNy+oACgkQAmT9uY8euiLu4QCguMS3uxoZV7DlO9J4hj8p2aUz kgMAn3Zy1xKZqA7/VWVmsKAuy4Rif8/z =dZhr -----END PGP SIGNATURE----- --nextPart5075257.DCvC4QAO78--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001131334.35040.matt>