Subject: Re: OpenSSL is vulnerable but pkgsrc needs it to build the guide?
To: Gueven Bay <>
From: Adrian Portelli <>
List: pkgsrc-users
Date: 10/31/2007 08:41:24
Gueven Bay wrote:
> So far I understand from the message with which pkgsrc stopped
> building the guide - included at the bottom of this posting - pkgsrc
> says "You know openssl is vulnerable but I need it to build the guide,
> Is this the right interpretation of the error message?
> Why does pkgsrc just not download the not vulnerable version of
> openssl - I downloaded the fresh vulnerability list ca. two hours
> before this build -?

You need to update your local pkgsrc sources.  The latest package
version is openssl-0.9.7inb5 which contains a fix for this issue.  The
fix was pulled up into the 2007Q3 stable branch as well.