From owner-freebsd-ports@FreeBSD.ORG  Wed Jan 13 13:34:41 2010
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3E8F11065672
	for <freebsd-ports@freebsd.org>; Wed, 13 Jan 2010 13:34:41 +0000 (UTC)
	(envelope-from matt@chronos.org.uk)
Received: from chronos.org.uk (chronos-pt.tunnel.tserv5.lon1.ipv6.he.net
	[IPv6:2001:470:1f08:12b::2])
	by mx1.freebsd.org (Postfix) with ESMTP id A24688FC0A
	for <freebsd-ports@freebsd.org>; Wed, 13 Jan 2010 13:34:40 +0000 (UTC)
Received: from workstation1.localnet (workstation1.local.chronos.org.uk
	[IPv6:2001:470:1f09:12b::20]) (authenticated bits=0)
	by chronos.org.uk (8.14.3/8.14.3) with ESMTP id o0DDYbuB087387
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
	for <freebsd-ports@freebsd.org>; Wed, 13 Jan 2010 13:34:37 GMT
	(envelope-from matt@chronos.org.uk)
X-DKIM: Sendmail DKIM Filter v2.8.3 chronos.org.uk o0DDYbuB087387
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=chronos.org.uk;
	s=mail; t=1263389677;
	bh=JvSie+bkeQD+Snhf2L275Fgt6rvF0Pv8i8Tm6VS96lY=;
	h=From:To:Subject:Date:References:In-Reply-To:MIME-Version:
	Content-Type:Content-Transfer-Encoding:Message-Id;
	b=lHbTbzgl3ineqtdnojw76ens6bxSM/4Ghwudd2V34PcR2t26seYznqi4nVJhwUKCC
	RM2G2eM7tjANt4jn5dLBOvkExb9HuRw9qIcCDmI0/A6TmEGLLt6M5wTSDsTjbcRkdA
	cW+hEC4Ft88VfgBV6OBmQajc0yErSvop4wlnYFdU=
From: Matt Dawson <matt@chronos.org.uk>
To: freebsd-ports@freebsd.org
Date: Wed, 13 Jan 2010 13:34:29 +0000
User-Agent: KMail/1.12.4 (FreeBSD/8.0-RELEASE-p2; KDE/4.3.4; amd64; ; )
References: <20100113120023.7AFF3106570E@hub.freebsd.org>
In-Reply-To: <20100113120023.7AFF3106570E@hub.freebsd.org>
X-Face: Uq{{&_!oO{M&ydj<DA1zX|w-l1]w>?-f%{D]bN7/|/]a+utod35[+IyH#R>F~YPffK,=?utf-8?q?=25=60=7D=25=0A?=FTMbmzo,]0X3K:N&{h7],FI{?EkORzB;
	f:V3"vKXsUNw5Yh`}ef4MZ*a4,=?utf-8?q?ObuJ=5F=26=5B1S=27zP=5CK0wcKZP=0A?==?utf-8?q?_=60=23L=25=5Dq*OUPQ-4T=3FHZ=7EAKX0=7D3W=25o=3DP?=<g-V5B.b\Y7
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart5075257.DCvC4QAO78";
	protocol="application/pgp-signature"; micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <201001131334.35040.matt@chronos.org.uk>
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.3
	(chronos.org.uk [IPv6:2001:470:1f09:12b::1]);
	Wed, 13 Jan 2010 13:34:37 +0000 (GMT)
X-Virus-Scanned: clamav-milter 0.95.3 at central.local.chronos.org.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-0.2 required=3.0 tests=AWL,BAYES_00,
	DATE_IN_FUTURE_48_96,NO_RELAYS autolearn=no version=3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on
	central.local.chronos.org.uk
Subject: Re: security/openssl BROKEN, DEPRECATED, and EXPIRED?
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2010 13:34:41 -0000

--nextPart5075257.DCvC4QAO78
Content-Type: Text/Plain;
  charset="iso-8859-15"
Content-Transfer-Encoding: quoted-printable

On Wednesday 13 Jan 2010 12:00:23 Trix Farrar wrote:

> What happened?  I haven't been able to find any discussion about this
> on either freebsd-ports, freebsd-ports-bugs, or freebsd-security.
> There doesn't seem to be a PR, either.
>=20
> Am I just being overly sensitive or does this present a POLA problem?
> My ports tree is up to date, but OpenSSL can't be upgraded, and
> neither can anything that depends on it. =20

If you have a look at the last commit for Mk/bsd.openssl.mk, you'll see the=
=20
libcrypto versions have been bumped, too. 8.0-RELEASE has 0.9.8k in base,=20
but this .mk looks for libcrypto.so.7 and the version conditional has been=
=20
dropped (not that it would have made any difference set to 800105) so=20
dropping back to the version in the base system is going to be no help=20
either. Even HEAD is still on 0.9.8k (libcrypto.so.6).

http://bit.ly/7h5PpU (CVSweb)

I suspect that there's an update on its way, although that doesn't help the=
=20
rest of us using ports in the meantime. For now, I'd personally recommend=20
to use a date=3D2010.01.12.15.42.00 definition in your ports supfile until=
=20
all of this shakes out.

As for POLA, I can think of nothing more astonishing than finding that my=20
systems cannot, under any circumstances, meet the requirements of=20
bsd.openssl.mk, thus breaking nearly everything important. That sort of=20
snuck up on me without warning...
=2D-=20
Matt Dawson
MTD15-RIPE
matt@chronos.org.uk

--nextPart5075257.DCvC4QAO78
Content-Type: application/pgp-signature; name=signature.asc 
Content-Description: This is a digitally signed message part.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iEYEABECAAYFAktNy+oACgkQAmT9uY8euiLu4QCguMS3uxoZV7DlO9J4hj8p2aUz
kgMAn3Zy1xKZqA7/VWVmsKAuy4Rif8/z
=dZhr
-----END PGP SIGNATURE-----

--nextPart5075257.DCvC4QAO78--