[MacPorts] #68766: openssl3 @3.2.0_0+universal may have broken PRNG on High Sierra and older

MacPorts noreply at macports.org
Tue Apr 9 10:42:23 UTC 2024


#68766: openssl3 @3.2.0_0+universal may have broken PRNG on High Sierra and older
------------------------+------------------------
  Reporter:  fhgwright  |      Owner:  neverpanic
      Type:  defect     |     Status:  closed
  Priority:  Normal     |  Milestone:
 Component:  ports      |    Version:
Resolution:  fixed      |   Keywords:
      Port:  openssl3   |
------------------------+------------------------

Comment (by neverpanic):

 So where are we with this? I'm currently fixing yet another CVE
 (https://github.com/macports/macports-ports/pull/23418), and because old
 OS versions are still stuck at 3.1.x, I have to do duplicate work because
 I need to identify and test the patch for 3.1.x as well. This is exactly
 the situation I wanted to avoid, because I'm forced to do additional work
 for older operating systems that are no longer supported by Apple.

 Somebody needs to step up to replicate this problem with a git clone from
 the upstream sources, ideally in an automated fashion, so that it can be
 bisected to identify the exact commit that introduces it, reported
 upstream, and fixed. I cannot do this work because I don't have a machine
 that is affected by the problem.

 If nobody steps up to do this work, I will eventually stop patching the
 openssl 3.1 for security issues, and eventually remove it, at the latest
 when it becomes unsupported on 2025-03-14 (see
 https://www.openssl.org/policies/releasestrat.html).

-- 
Ticket URL: <https://trac.macports.org/ticket/68766#comment:85>
MacPorts <https://www.macports.org/>
Ports system for macOS


More information about the macports-tickets mailing list