Revision: 120682 https://trac.macports.org/changeset/120682 Author: cal@macports.org Date: 2014-06-05 09:41:12 -0700 (Thu, 05 Jun 2014) Log Message: ----------- openssl: update to 1.0.1h, maintainer override due to security implications, remove dovecot2 revbump instruction Update to fix CVE-2014-0224, CVE-2014-0221, CVE-2014-0195, CVE-2014-0198, CVE-2010-5298, and CVE-2014-3470. Remove dovecot2 revbump instruction because only a single user seems to have been affected by the issue – I couln't reproduce. Modified Paths: -------------- trunk/dports/devel/openssl/Portfile Modified: trunk/dports/devel/openssl/Portfile =================================================================== --- trunk/dports/devel/openssl/Portfile 2014-06-05 15:30:11 UTC (rev 120681) +++ trunk/dports/devel/openssl/Portfile 2014-06-05 16:41:12 UTC (rev 120682) @@ -4,12 +4,12 @@ PortGroup muniversal 1.0 name openssl -version 1.0.1g +version 1.0.1h epoch 1 # At least the following ports statically link OpenSSL and need to be revbumped # for every update of OpenSSL: -# - dovecot2 +# - ... # Although they dynamically link OpenSSL, at least the following ports need to # be revbumped for every update of OpenSSL: # - freeradius @@ -30,10 +30,10 @@ cryptography library. master_sites http://www.openssl.org/source/ -checksums md5 de62b43dfcd858e66a74bee1c834e959 \ - sha1 b28b3bcb1dc3ee7b55024c9f795be60eb3183e3c \ - rmd160 cd2eb879646a2b91b2f67dfaf99eb9668ba5d7ea \ - sha256 53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028 +checksums md5 8d6d684a9430d5cc98a62a5d8fbda8cf \ + sha1 b2239599c8bf8f7fc48590a55205c26abe560bf8 \ + rmd160 aeb1e0f41074d499d5411510fd645455730ed05e \ + sha256 9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093 depends_lib port:zlib