Opened 21 years ago

Closed 21 years ago

Last modified 9 years ago

#979 closed defect (fixed)

Security: OpensSSL vulnerabilities (CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS

Reported by: danielluke (Daniel J. Luke) Owned by: fkr@…
Priority: Normal Milestone:
Component: ports Version: 1.0
Keywords: Cc: kevin@…
Port: openssl

Description (last modified by ryandesign (Ryan Carsten Schmidt))

(note: bugzilla won't let me assign this to 'ssen@…')

The openssl port needs to be updated from 0.9.7b to 0.9.7c

The openssl advisory note is here: http://www.openssl.org/news/secadv_20030930.txt
The CERT advisory is here: http://www.cert.org/advisories/CA-2003-26.html

With these changes, the new version builds and tests fine on my Mac OS X 10.2.8 system.

A cvs diff for the openssl portfile follows (inline):

% cvs diff
? work
cvs server: Diffing .
Index: Portfile
===================================================================
RCS file: /Volumes/src/cvs/od/proj/darwinports/dports/devel/openssl/Portfile,v
retrieving revision 1.5
diff -u -d -b -w -r1.5 Portfile
--- Portfile    5 Aug 2003 21:02:12 -0000       1.5
+++ Portfile    2 Oct 2003 20:40:24 -0000
@@ -2,7 +2,7 @@
 
 PortSystem 1.0
 name                   openssl
-version                        0.9.7b
+version                        0.9.7c
 platforms              darwin freebsd
 categories             devel security
 maintainers            ssen@opendarwin.org
@@ -16,7 +16,7 @@
 cryptography library.
 
 master_sites           http://www.openssl.org/source/
-checksums              md5 fae4bec090fa78e20f09d76d55b6ccff
+checksums              md5 c54fb36218adaaaba01ef733cd88c8ec
 
 depends_lib            lib:libz.1:zlib
 
@@ -25,6 +25,8 @@
 
 destroot.destdir       INSTALL_PREFIX=${destroot}
 destroot.args          MANDIR=${prefix}/man
+
+test.run yes
 
 variant darwin {
        patchfiles              patch-Makefile.org
cvs server: Diffing files

Change History (8)

comment:1 Changed 21 years ago by fkr@…

Summary: Security: OpensSSL vulnerabilities (CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations)Security: OpensSSL vulnerabilities (CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS

am looking at this right now. -fkr

comment:2 Changed 21 years ago by fkr@…

Resolution: fixed
Status: newclosed

committed. thanks! -fkr

comment:3 Changed 21 years ago by danielluke (Daniel J. Luke)

Resolution: fixed
Status: closedreopened

Again, since this is a security fix, a note should probably be sent out to a darwinports list.

comment:4 Changed 21 years ago by fkr@…

thanks, I will take care of this.

comment:5 Changed 21 years ago by fkr@…

I'll write a SA and send it out tomorrow. -fkr

comment:6 Changed 21 years ago by fkr@…

Cc: kevin@… added

currently waiting for kevinv@ to import OpenSSL from apple, so that there is an updated copy for OpenDarwin too. -fkr

comment:7 Changed 21 years ago by fkr@…

Resolution: fixed
Status: reopenedclosed

guess this bug is stale. new OpenSSL has been in OD cvs now for a long time (and rpm were made available as well) -fkr

comment:8 Changed 9 years ago by ryandesign (Ryan Carsten Schmidt)

Description: modified (diff)
Port: openssl added
Note: See TracTickets for help on using tickets.