pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

is anyone using pkgsrc openssl these days?


i notice openssl in pkgsrc is at 1.0.2p, which has some security issues ;-)
I also happened to notice that none of my installed packages use pkgsrc openssl anymore.
But to fix the nasty security warnings i just changed the Makefile instead of removing pkgsrc openssl:
cvs diff -u -p Makefile
Index: Makefile
RCS file: /cvsroot/pkgsrc/security/openssl/Makefile,v
retrieving revision 1.240
diff -u -p -r1.240 Makefile
--- Makefile	12 Sep 2018 12:44:17 -0000	1.240
+++ Makefile	15 Jun 2019 09:43:16 -0000
@@ -1,6 +1,6 @@
 # $NetBSD: Makefile,v 1.240 2018/09/12 12:44:17 fhajny Exp $
-DISTNAME=	openssl-1.0.2p
+DISTNAME=	openssl-1.0.2s
 CATEGORIES=	security
and ran make NO_CHECKSUM=yes, which builds fine.  I updated distinfo.

pkgdiff distinfo.1.0.2p distinfo

--- distinfo.1.0.2p	2019-06-15 09:46:58.324777984 +0000
+++ distinfo
@@ -2,6 +2,6 @@ $NetBSD: distinfo,v 1.133 2018/09/12 12:
-SHA1 (openssl-1.0.2p.tar.gz) = f34b5322e92415755c7d58bf5d0d5cf37666382c
-RMD160 (openssl-1.0.2p.tar.gz) = 0df40a7f180e381bff7d7d9593bdfece4b054951
-SHA512 (openssl-1.0.2p.tar.gz) = 958c5a7c3324bbdc8f07dfb13e11329d9a1b4452c07cf41fbd2d42b5fe29c95679332a3476d24c2dc2b88be16e4a24744aba675a05a388c0905756c77a8a2f16
-Size (openssl-1.0.2p.tar.gz) = 5338192 bytes
+SHA1 (openssl-1.0.2s.tar.gz) = cf43d57a21e4baf420b3628677ebf1723ed53bc1
+RMD160 (openssl-1.0.2s.tar.gz) = 6067f88e5f1ac797e189648386adb12ca4aba85d
+SHA512 (openssl-1.0.2s.tar.gz) = 9f745452c4f777df694158e95003cde78a2cf8199bc481a563ec36644664c3c1415a774779b9791dd18f2aeb57fa1721cb52b3db12d025955e970071d5b66d2a
+Size (openssl-1.0.2s.tar.gz) = 5349149 bytes
 SHA1 (patch-Configure) = 2d963d781314276a0ee1bc531df6bc50f0f6b32b

this is what make test outputs (just the last lines):
../util/ ./bad_dtls_test
../util/ ./fatalerrtest ../apps/server.pem ../apps/server.pem
SSL_accept() failed -1, 1
137979223186948:error:140800FF:SSL routines:ssl3_accept:unknown state:s3_srvr.c:869:
../util/ ./x509_time_test
gmake[1]: Leaving directory '/usr/pkgsrc/security/openssl/work/openssl-1.0.2s/test'
OPENSSL_CONF=apps/openssl.cnf util/ version -a
OpenSSL 1.0.2s  28 May 2019
built on: reproducible build, date unspecified
platform: NetBSD-x86_64
options:  bn(64,64) md2(int) rc4(16x,int) des(idx,cisc,16,int) idea(int) blowfish(ptr2) 
OPENSSLDIR: "/usr/pkg/etc/openssl“

since I obviously do not directly need openssl, i refrained from upgrading to openssl stable 1.1.1c, especially since i cannot make a cross-platform check for all variants of pkgsrc.
Nevertheless, this upgrade is what openssl folks recommend since 1.0.2 will receive no support after 2019 has ended.

For the remaining 6 months i think it would be nice to have at least 1.0.2s in pkgsrc.


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Home | Main Index | Thread Index | Old Index