[MacPorts] #68766: openssl3 @3.2.0_0+universal may have broken PRNG on High Sierra and older
MacPorts
noreply at macports.org
Tue Apr 9 10:42:23 UTC 2024
#68766: openssl3 @3.2.0_0+universal may have broken PRNG on High Sierra and older
------------------------+------------------------
Reporter: fhgwright | Owner: neverpanic
Type: defect | Status: closed
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: fixed | Keywords:
Port: openssl3 |
------------------------+------------------------
Comment (by neverpanic):
So where are we with this? I'm currently fixing yet another CVE
(https://github.com/macports/macports-ports/pull/23418), and because old
OS versions are still stuck at 3.1.x, I have to do duplicate work because
I need to identify and test the patch for 3.1.x as well. This is exactly
the situation I wanted to avoid, because I'm forced to do additional work
for older operating systems that are no longer supported by Apple.
Somebody needs to step up to replicate this problem with a git clone from
the upstream sources, ideally in an automated fashion, so that it can be
bisected to identify the exact commit that introduces it, reported
upstream, and fixed. I cannot do this work because I don't have a machine
that is affected by the problem.
If nobody steps up to do this work, I will eventually stop patching the
openssl 3.1 for security issues, and eventually remove it, at the latest
when it becomes unsupported on 2025-03-14 (see
https://www.openssl.org/policies/releasestrat.html).
--
Ticket URL: <https://trac.macports.org/ticket/68766#comment:85>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list