https://issues.apache.org/bugzilla/show_bug.cgi?id=53512
Kaspar Brand <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Hardware|PC |All Severity|major |normal --- Comment #1 from Kaspar Brand <[email protected]> --- Increasing the version check to require 1.0.1-beta1 is a way to address this, that's right, but frankly, the proper fix is for NetBSD to pick up a *released* version of OpenSSL. Both 6.0_BETA2 and 6.99.8 seem to have a snapshot from 5 June 2011 (http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/external/bsd/openssl/dist/crypto/opensslv.h?rev=HEAD) - which lacks numerous fixes compared to 1.0.1, and of course even more compared to 1.0.1c: see e.g. http://cvs.openssl.org/filediff?f=openssl/CHANGES&v1=1.1481.2.56&v2=1.1481.2.56.2.103. I would really urge NetBSD to pull up a more recent OpenSSL *release* (and not repeat the exercise they did in 5.x, with the 0.9.9-dev snapshot... I was really hoping for this to be a one-time screw up). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
