[MacPorts] #46596: openssl @1.0.1k breaks certificate signature verification

MacPorts noreply at macports.org
Wed Jan 21 14:07:42 PST 2015 

#46596: openssl @1.0.1k breaks certificate signature verification
----------------------+-------------------
  Reporter:  uri@…    |      Owner:  mww@…
      Type:  defect   |     Status:  new
  Priority:  High     |  Milestone:
 Component:  ports    |    Version:  2.3.3
Resolution:           |   Keywords:
      Port:  openssl  |
----------------------+-------------------

Comment (by uri@…):

 Replying to [comment:15 cal@…]:
 > If you are using rsync to sync your ports tree (which is the default)
 your changes will be reverted on selfupdate.

 :-) I was certain that I was doing it to myself!

 >  Workarounds are
 >  - Using SVN wiki:howto/SyncingWithSVN
 >  - Using a local ports tree with a copy of OpenSSL that shadows ours:
 http://guide.macports.org/#development.local-repositories

 I thought that the best way is to add a local port tree, as shown in the
 URL you kindly provided.

 This is what I've created:
 {{{
 $ ls -FR ~/ports
 PortIndex               PortIndex.quick         devel/

 /Users/ur20980/ports/devel:
 openssl/

 /Users/ur20980/ports/devel/openssl:
 Portfile        files/

 /Users/ur20980/ports/devel/openssl/files:
 patch-null-absent.diff
 }}}
 I've created index with "portindex", like the Web page told. However when
 I try to do "sudo port selfupdate", I'm getting this:
 {{{
 $ sudo port selfupdate
 Password:
 --->  Updating MacPorts base sources using rsync
 MacPorts base version 2.3.3 installed,
 MacPorts base version 2.3.3 downloaded.
 --->  Updating the ports tree
 Error: updating PortIndex for file://Users/ur20980/ports failed
 --->  MacPorts base is already the latest version

 The ports tree has been updated. To upgrade your installed ports, you
 should run
   port upgrade outdated
 }}}

 >
 > Whether we should add more variants to openssl is essentially the
 maintainer's decision, but I wouldn't be opposed to it unless these
 variants somehow break API or ABI.
 >

 I'm pretty sure they don't break anything, because they just apply certain
 OpenSSL configuration options (and they don't seem to interfere with
 anything on my machine :).

 Perhaps you could point me at a person that I should ask about this? Is it
 mww at macports.org?



 >
 > As with your previous patch, I'm hesitant to pull it into MacPorts'
 OpenSSL without upstream approval.
 >

 Yes, I understand and appreciate your position.

 But they surely do take their time, especially considering the obviousness
 of the issue (there was also a bug in ASN.1 type comparison function - a
 one-liner that I fixed along the way :).

-- 
Ticket URL: <https://trac.macports.org/ticket/46596#comment:16>
MacPorts <https://www.macports.org/>
Ports system for OS X

More information about the macports-tickets mailing list