On Wednesday 13 Jan 2010 12:00:23 Trix Farrar wrote: > What happened? I haven't been able to find any discussion about this > on either freebsd-ports, freebsd-ports-bugs, or freebsd-security. > There doesn't seem to be a PR, either. > > Am I just being overly sensitive or does this present a POLA problem? > My ports tree is up to date, but OpenSSL can't be upgraded, and > neither can anything that depends on it.
If you have a look at the last commit for Mk/bsd.openssl.mk, you'll see the libcrypto versions have been bumped, too. 8.0-RELEASE has 0.9.8k in base, but this .mk looks for libcrypto.so.7 and the version conditional has been dropped (not that it would have made any difference set to 800105) so dropping back to the version in the base system is going to be no help either. Even HEAD is still on 0.9.8k (libcrypto.so.6). http://bit.ly/7h5PpU (CVSweb) I suspect that there's an update on its way, although that doesn't help the rest of us using ports in the meantime. For now, I'd personally recommend to use a date=2010.01.12.15.42.00 definition in your ports supfile until all of this shakes out. As for POLA, I can think of nothing more astonishing than finding that my systems cannot, under any circumstances, meet the requirements of bsd.openssl.mk, thus breaking nearly everything important. That sort of snuck up on me without warning... -- Matt Dawson MTD15-RIPE m...@chronos.org.uk
signature.asc
Description: This is a digitally signed message part.
