Subject: Re: OpenSSL is vulnerable but pkgsrc needs it to build the guide?
To: Gueven Bay <email@example.com>
From: Adrian Portelli <firstname.lastname@example.org>
Date: 10/31/2007 08:41:24
Gueven Bay wrote:
> So far I understand from the message with which pkgsrc stopped
> building the guide - included at the bottom of this posting - pkgsrc
> says "You know openssl is vulnerable but I need it to build the guide,
> so set ALLOW_VULNERABLE_PACKAGES, please".
> Is this the right interpretation of the error message?
> Why does pkgsrc just not download the not vulnerable version of
> openssl - I downloaded the fresh vulnerability list ca. two hours
> before this build -?
You need to update your local pkgsrc sources. The latest package
version is openssl-0.9.7inb5 which contains a fix for this issue. The
fix was pulled up into the 2007Q3 stable branch as well.