[MacPorts] #46596: openssl @1.0.1k breaks certificate signature verification
MacPorts
noreply at macports.org
Wed Jan 21 21:20:00 PST 2015
#46596: openssl @1.0.1k breaks certificate signature verification
----------------------+-------------------
Reporter: uri@… | Owner: mww@…
Type: defect | Status: new
Priority: High | Milestone:
Component: ports | Version: 2.3.3
Resolution: | Keywords:
Port: openssl |
----------------------+-------------------
Comment (by uri@…):
Replying to [comment:18 cal@…]:
> > {{{
> > Error: updating PortIndex for file://Users/ur20980/ports failed
> > }}}
>
> Edit your sources.conf and add `[nosync]` to the line adding your local
repository. If it is also marked as `[default]` separate the options using
a comma: `[default,nosync]`.
Thank you - adding `[nosync]` and a missing 3rd slash fixed the day!
> > Perhaps you could point me at a person that I should ask about this?
Is it mww at macports.org?
>
> Yes. He should already get an email for each comment in this ticket, but
he hasn't been very active recently, which is why I've taken care of all
pressing issues with openssl in the last few months. Nevertheless, go
ahead and email him, or open a new ticket with a patch and assign it to
him/put him on cc.
Great! I'm polishing the Portfile now. Hitting a strange obstacle:
{{{
---> Updating database of binaries
---> Scanning binaries for linking errors
---> Found 62 broken file(s), matching files to ports
---> Found 3 broken port(s), determining rebuild order
---> Rebuilding in order
openssl @1.0.1k +universal
curl @7.40.0 +ssl+universal
gnome-vfs @2.24.4 +universal
---> Computing dependencies for openssl
---> Cleaning openssl
---> Computing dependencies for curl
---> Cleaning curl
---> Computing dependencies for gnome-vfs
---> Cleaning gnome-vfs
---> Scanning binaries for linking errors
---> Found 62 broken file(s), matching files to ports
---> Found 3 broken port(s), determining rebuild order
---> Rebuilding in order
openssl @1.0.1k +universal
curl @7.40.0 +ssl+universal
gnome-vfs @2.24.4 +universal
---> Computing dependencies for openssl
---> Fetching distfiles for openssl
---> Attempting to fetch patch-Makefile.org.diff from
http://ykf.ca.distfiles.macports.org/MacPorts/mpdistfiles/openssl
---> Attempting to fetch patch-Makefile.org.diff from
http://distfiles.macports.org/openssl
---> Attempting to fetch patch-Makefile.org.diff from
http://mse.uk.distfiles.macports.org/sites/distfiles.macports.org/openssl
---> Attempting to fetch patch-Makefile.org.diff from
http://nue.de.distfiles.macports.org/macports/distfiles/openssl
---> Attempting to fetch patch-Makefile.org.diff from
http://fco.it.distfiles.macports.org/mirrors/macports-distfiles/openssl
---> Attempting to fetch patch-Makefile.org.diff from
http://sea.us.distfiles.macports.org/macports/distfiles/openssl
---> Attempting to fetch patch-Makefile.org.diff from
http://lil.fr.distfiles.macports.org/openssl
---> Attempting to fetch patch-Makefile.org.diff from
http://www.openssl.org/source/
---> Attempting to fetch patch-Makefile.org.diff from
http://her.gr.distfiles.macports.org/mirrors/macports/mpdistfiles/openssl
---> Attempting to fetch patch-Makefile.org.diff from
http://cjj.kr.distfiles.macports.org/openssl
---> Attempting to fetch patch-Makefile.org.diff from
http://aarnet.au.distfiles.macports.org/pub/macports/mpdistfiles/openssl
---> Attempting to fetch patch-Makefile.org.diff from
http://jog.id.distfiles.macports.org/macports/mpdistfiles/openssl
---> Attempting to fetch patch-Makefile.org.diff from
http://svn.macports.org/repository/macports/distfiles/openssl
Error: org.macports.fetch for port openssl returned: fetch failed
Please see the log file for port openssl for details:
/opt/local/var/macports/logs/_Users_uri_ports_devel_openssl/openssl/main.log
Error: Unable to upgrade port: 1
Error rebuilding openssl
while executing
"error "Error rebuilding $portname""
(procedure "revupgrade_scanandrebuild" line 395)
invoked from within
"revupgrade_scanandrebuild broken_port_counts $opts"
(procedure "macports::revupgrade" line 5)
invoked from within
"macports::revupgrade $opts"
(procedure "action_revupgrade" line 2)
invoked from within
"action_revupgrade $action $portlist $opts"
(procedure "action_upgrade" line 25)
invoked from within
"$action_proc $action $portlist [array get global_options]"
(procedure "process_cmd" line 103)
invoked from within
"process_cmd $remaining_args"
invoked from within
"if { [llength $remaining_args] > 0 } {
# If there are remaining arguments, process those as a command
set exit_status [process_cmd $remaining..."
(file "/opt/local/bin/port" line 5268)
$ sudo port upgrade outdated
Nothing to upgrade.
}}}
It looks like "port" cannot fetch openssl patch files? I did not copy to
my local ports directory anything, except for my (modified) Portile, and
my additional patch:
{{{
$ ls -RF ~/ports
PortIndex PortIndex.quick devel/
/Users/uri/ports/devel:
openssl/
/Users/uri/ports/devel/openssl:
Portfile files/
/Users/uri/ports/devel/openssl/files:
patch-null-absent.diff
$
}}}
Am I doing something wrong???
> > But they surely do take their time, especially considering the
obviousness of the issue (there was also a bug in ASN.1 type comparison
function - a one-liner that I fixed along the way :).
>
> Yeah, I know. Nonetheless, I'd like to avoid patching security-relevant
stuff, even if the issue is obvious. We're trying to avoid replicating
some of the disasters Debian created when patching OpenSSL ;-)
:-) :-) I'm with you here. Wouldn't want my name associated with such a
"sensation" either. :-)
--
Ticket URL: <https://trac.macports.org/ticket/46596#comment:19>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list