Why is the OpenSSL port marked deprecated? No security issue, but the port builds... no fallback to a safe alternative, no known fix? Does the security team know? ===> Cleaning for openssl-0.9.8l_1 ===> openssl-0.9.8l_1 is marked as broken: coredumps on i386 and amd64. *** Error code 1 Maybe someone should explain this in a way we can understand? The port maintainer or "dinoex" is responsible.... dinoex@FreeBSD.org From the Makefile for the port: # $FreeBSD: ports/security/openssl/Makefile,v 1.161 2010/01/12 15:43:52 dinoex Exp $ BROKEN= coredumps on i386 and amd64 DEPRECATED= has unfixed vulnerabilities EXPIRATION_DATE=2010-01-12 Where have there been coredumps? Says who? Where? Why? How? When? Which version? Which OS? Billy
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010/01/14 15:28, Billy Newsom wrote:> Why is the OpenSSL port marked deprecated? No security issue, but the > port builds... no fallback to a safe alternative, no known fix? Does the > security team know?Please update your ports tree, you have a stale version of the port... Cheers, - -- Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iQEcBAEBAgAGBQJLT7bnAAoJEATO+BI/yjfBcKQH/2L1ejz5cDLn5oH6Ne+FWdep cZMxd6EiWx2J005o5rKmVPPprTDVEcID2j2w1CTkMiGoW2LIFtEsbZb20OVvUGVc 0qaJw0b2lZZnqXKCieYzU+gsJP2fPUux0Px3awiNZUjY4rozxvo8XiUjOvvfQZR8 5JuT1/Cm6LxV0YLmAWFtLVtn4dGDzBZ+jangdiyBUrosKgiyrfFNpsgCwEh54Hyr PDtgFvTpW7Ox6EwPv5ocUVsn5R2Rjd/hYH2/OvvNvqSc3Yn4gbN0v/ilkHxerobw dNXur16YGaEXREnj+L9RxmWNG89tLCJzLxVHJHIb5cZtU4KEYOpyqukTzo3rVVs=qFfg -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010/01/14 15:28, Billy Newsom wrote:> Why is the OpenSSL port marked deprecated? No security issue, but the > port builds... no fallback to a safe alternative, no known fix? Does the > security team know?Please update your ports tree, you have a stale version of the port... Cheers, - -- Xin LI <delphij@delphij.net> http://www.delphij.net/ FreeBSD - The Power to Serve! Live free or die -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iQEcBAEBAgAGBQJLT7chAAoJEATO+BI/yjfBHUsH/25OGrb2rjTyuz8/BMrpIfiG I20QWulnm5QwiAKY9yHHpyu+B4e49UZIySTpP/hIAfiaMLpSgKCpBHC6oRkCopaZ naLrx7Ip6nRyjONNNalWZiP3rAcbzNpmHXoNzxORFX6GXhTFUpA8M9gWVmC8brH/ v/KDEgeXGLrR72JZdR9l/JLIQB6LiHKtU2yKg0QHPNoipz660KroQf0MibItGa4+ pws/XOwDI3vSIJ8PieDBD6J4pMgudF+P/a8fEWEd4CaHXpEqoE7RmKvMZ0IaM4NZ Tvws2/ylPev1Ien0MTf05GhOwj5oL1qFS/ruXfWb9R9qEL4TvUhrZ7yOipjP0KQ=LBdg -----END PGP SIGNATURE-----
On 2010-01-14T17:28:24-0600, Billy Newsom <billy@nlcc.us> wrote:> Why is the OpenSSL port marked deprecated? No security issue, but > the port builds... no fallback to a safe alternative, no known fix? > Does the security team know?[...]> Where have there been coredumps? Says who? Where? Why? How? When? > Which version? Which OS?There is a thread about this on freebsd-ports, but I don't know if it answers all of your questions (yet): http://lists.freebsd.org/pipermail/freebsd-ports/2010-January/thread.html#58899 -- Kenyon Ralph -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: Digital signature Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20100115/966c322d/attachment.pgp