Security: OpensSSL vulnerabilities (CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations)

[danielluke (Daniel J. Luke)]

(note: bugzilla won't let me assign this to 'ssen@…')

The openssl port needs to be updated from 0.9.7b to 0.9.7c

The openssl advisory note is here: ​http://www.openssl.org/news/secadv_20030930.txt The CERT advisory is here: ​http://www.cert.org/advisories/CA-2003-26.html

With these changes, the new version builds and tests fine on my Mac OS X 10.2.8 system.

A cvs diff for the openssl portfile follows (inline):

% cvs diff ? work cvs server: Diffing . Index: Portfile ============================================================ ======= RCS file: /Volumes/src/cvs/od/proj/darwinports/dports/devel/openssl/Portfile,v retrieving revision 1.5 diff -u -d -b -w -r1.5 Portfile --- Portfile 5 Aug 2003 21:02:12 -0000 1.5 +++ Portfile 2 Oct 2003 20:40:24 -0000 @@ -2,7 +2,7 @@

PortSystem 1.0 name openssl

-version 0.9.7b +version 0.9.7c

platforms darwin freebsd categories devel security maintainers ssen@…

@@ -16,7 +16,7 @@

cryptography library.

master_sites ​http://www.openssl.org/source/

-checksums md5 fae4bec090fa78e20f09d76d55b6ccff +checksums md5 c54fb36218adaaaba01ef733cd88c8ec

depends_lib lib:libz.1:zlib

@@ -25,6 +25,8 @@

destroot.destdir INSTALL_PREFIX=${destroot} destroot.args MANDIR=${prefix}/man

+ +test.run yes

variant darwin {

patchfiles patch-Makefile.org

cvs server: Diffing files