summaryrefslogtreecommitdiff
path: root/security/openssl-beta (follow)
Commit message (Collapse)AuthorAgeFilesLines
* - turn this into a slave portDirk Meyer2004-03-2613-1169/+5
| | | | Notes: svn path=/head/; revision=105370
* - Security update to 0.9.7dDirk Meyer2004-03-177-51/+23
| | | | | | | http://www.openssl.org/news/secadv_20040317.txt Notes: svn path=/head/; revision=104290
* - add SIZEDirk Meyer2004-02-261-0/+1
| | | | Notes: svn path=/head/; revision=102162
* - Warn about conflict with /lib/libcrypto.soDirk Meyer2004-01-081-0/+10
| | | | Notes: svn path=/head/; revision=97697
* - add CONFLICTSDirk Meyer2003-10-122-5/+5
| | | | | | | | | | - cleanup - use DOCSDIR Submitted by: eikemeier@fillmore-labs.com [CONFLICTS] Notes: svn path=/head/; revision=90906
* - Security Fix, Update to 0.9.7cDirk Meyer2003-09-306-6/+47
| | | | | | | - Fix manpages Notes: svn path=/head/; revision=89911
* - Fix: FreeBSD 470101 don't has a crytodevice.Dirk Meyer2003-08-041-0/+11
| | | | | | | Problem noted by: jarnold@knightridder.com Notes: svn path=/head/; revision=86302
* - Support amd64Dirk Meyer2003-07-062-3/+12
| | | | Notes: svn path=/head/; revision=84253
* - ### HEAD UP ### SHLIBVER has been bumped back.Dirk Meyer2003-04-161-14/+7
| | | | | | | - honor OPENSSH_SHLIBVER if set by user. Notes: svn path=/head/; revision=79087
* - Update to 0.9.7bDirk Meyer2003-04-115-140/+18
| | | | Notes: svn path=/head/; revision=78755
* - enable threads on ia64Dirk Meyer2003-04-072-7/+7
| | | | | | | | | | | - OPENSSL_OVERWRITE_BASE defaults to STABLE/CURRENT shared lib version This solves problems when the share lib is deinstalled. ports/50292 PR: 50292 Notes: svn path=/head/; revision=78494
* - honor CC and use PHREAD_LIBS and PTHREAD_FLAGSDirk Meyer2003-04-033-3/+24
| | | | | | | Submitted by: marius@alchemy.franken.de Notes: svn path=/head/; revision=78055
* - Security Fix:Dirk Meyer2003-03-232-1/+54
| | | | | | | http://www.openssl.org/news/secadv_20030319.txt Notes: svn path=/head/; revision=77191
* - switch to USE_PERL5_BUILDDirk Meyer2003-03-192-1/+79
| | | | | | | | | - add security patch Approved by: kris Obtained from: http://www.openssl.org/news/secadv_20030317.txt Notes: svn path=/head/; revision=77161
* - retire pkg-commentDirk Meyer2003-02-211-1/+0
| | | | Notes: svn path=/head/; revision=76006
* - add COMMENTDirk Meyer2003-02-201-0/+1
| | | | Notes: svn path=/head/; revision=75965
* - merged some patches in distributionDirk Meyer2003-02-194-74/+70
| | | | | | | | | - added thread support on alpha, sparc64 - Update to 0.9.7a (with security fix) - Add support for daily snaphots with OPENSSL_SNAPSHOT=yes Notes: svn path=/head/; revision=75910
* - sync SHLIBVER for OPENSSL_OVERWRITE_BASE=yes and 5.0-CURRENTDirk Meyer2003-02-151-0/+4
| | | | Notes: svn path=/head/; revision=75549
* - Fix spellingDirk Meyer2003-02-091-1/+1
| | | | Notes: svn path=/head/; revision=75166
* - Fix CURRENT version bump in openssl, so ports link as expected.Dirk Meyer2003-01-311-0/+5
| | | | Notes: svn path=/head/; revision=74369
* - make portlint happierDirk Meyer2003-01-221-1/+1
| | | | Notes: svn path=/head/; revision=73806
* - merge and sort manpages, reduce number of lines neededDirk Meyer2003-01-151-797/+785
| | | | Notes: svn path=/head/; revision=73191
* - use NOPRECIOUSMAKEVARS, to fix bento problemDirk Meyer2003-01-151-2/+1
| | | | | | | - remove BROKEN_MLINKS Notes: svn path=/head/; revision=73184
* add more MLINKSDirk Meyer2003-01-141-0/+36
| | | | Notes: svn path=/head/; revision=73126
* - cleanup patchDirk Meyer2003-01-131-9/+0
| | | | Notes: svn path=/head/; revision=73021
* - add flag BROKEN_MLINKS for problems with bsd.port.mkDirk Meyer2003-01-122-2/+10
| | | | | | | | - sync with openssl - verfied for ia64 Notes: svn path=/head/; revision=72959
* - Clean up FLAGS for sparc64, verfied build and regressionDirk Meyer2003-01-112-9/+12
| | | | | | | - Prepare entries for ia64 Notes: svn path=/head/; revision=72893
* fix missing : for sparc64 onlyDirk Meyer2003-01-021-1/+1
| | | | Notes: svn path=/head/; revision=72294
* Update to 0.9.7 releaseDirk Meyer2003-01-024-13/+11
| | | | Notes: svn path=/head/; revision=72234
* - Update to 0.9.7-beta5Dirk Meyer2003-01-025-9/+719
| | | | | | | | | - add test target - make build on sparc64 - fix a make problem in crypto/bf Notes: svn path=/head/; revision=72142
* - add rnd_keys.c for compatibilty with base. (patch by: jtraub@isilon.com)Dirk Meyer2002-10-253-17/+18
| | | | | | | | - OPENSSL_OVERWRITE_BASE: fix package building - Fix install of manpages for 3.x Notes: svn path=/head/; revision=68819
* remove pkg-plist.noshared and use PLIST_SUBDirk Meyer2002-10-163-81/+6
| | | | Notes: svn path=/head/; revision=68158
* Install manpages in standard only if OPENSSL_OVERWRITE_BASE is not set.Dirk Meyer2002-10-122-1/+9
| | | | Notes: svn path=/head/; revision=67902
* Install openssl's man pages in standard manpathDirk Meyer2002-10-123-7/+13
| | | | | | | PR: 43658 Notes: svn path=/head/; revision=67897
* use /etc/ssl if OPENSSL_OVERWRITE_BASE is setDirk Meyer2002-10-051-1/+4
| | | | Notes: svn path=/head/; revision=67346
* Update to openssl-0.9.7-beta3 after repro-copy, use at own risk.Dirk Meyer2002-08-146-87/+47
| | | | Notes: svn path=/head/; revision=64516
* Security Update to: 0.9.6gDirk Meyer2002-08-103-14/+2
| | | | Notes: svn path=/head/; revision=64320
* Sync Bugfix from CURRENTDirk Meyer2002-08-062-0/+12
| | | | Notes: svn path=/head/; revision=64086
* Fix links to the Handbook, the FAQ and the porters-handbook.Marc Fonvieille2002-08-041-1/+1
| | | | | | | Approved by: portmgr Notes: svn path=/head/; revision=63962
* when build with OPENSSL_OVERWRITE_BASEDirk Meyer2002-08-011-0/+1
| | | | | | | | | reset SHLIBVER to 2, so the existing lib is overwritten fully. Warning: some programs track the version number internally too. Suggested by:nectar Notes: svn path=/head/; revision=63854
* Security Update to 0.9.6eDirk Meyer2002-07-303-58/+6
| | | | Notes: svn path=/head/; revision=63747
* Remove FORBIDDEN, oenssl-0.9.6d doesn't made in into 4.6 RELEASEDirk Meyer2002-06-231-3/+0
| | | | Notes: svn path=/head/; revision=61841
* Add an option OPENSSL_OVERWRITE_BASE=yes as we have done in OPENSHHDirk Meyer2002-06-161-0/+5
| | | | Notes: svn path=/head/; revision=61371
* - get rid of duplicate code in Makefiles.Dirk Meyer2002-05-311-0/+56
| | | | | | | | - Fix USE_OPENSSL_PORT and USE_OPENSSL_BASE - drop obsolete/broken USE_OPENSSL Notes: svn path=/head/; revision=60406
* Update to: 0.9.6dDirk Meyer2002-05-133-15/+18
| | | | | | | | | | | | | | See: http://www.openssl.org/source/exp/CHANGES Port improvements: proccessor type is now detected Add option: OPENSSL_WITH_386 This set as default for package generation on bento Notes: svn path=/head/; revision=59026
* openssl:Dirk Meyer2002-05-042-3/+5
| | | | | | | | | | | | - some configure scripts check the version of the lib so we need to update SHLIBVER - bump PORTREVISION openssh: - build ports with local openssl, if it exists Notes: svn path=/head/; revision=58521
* - Update to 0.9.6cDirk Meyer2002-04-213-26/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - more manpages - shift FORBIDDEN Excerpt of Changes between 0.9.6b and 0.9.6c [21 dec 2001] *) Fix BN_rand_range bug pointed out by Dominikus Scherkl *) Only add signing time to PKCS7 structures if it is not already present. *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", OBJ_ld_ce should be OBJ_id_ce. Also some ip-pda OIDs in crypto/objects/objects.txt were incorrect (cf. RFC 3039). *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() returns early because it has nothing to do. *) Fix mutex callback return values in crypto/engine/hw_ncipher.c. *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake messages are stored in a single piece (fixed-length part and variable-length part combined) and fix various bugs found on the way. *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() instead. BIO_gethostbyname() does not know what timeouts are appropriate, so entries would stay in cache even when they have become invalid. *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when faced with a pathologically small ClientHello fragment that does not contain client_version: Instead of aborting with an error, simply choose the highest available protocol version (i.e., TLS 1.0 unless it is disabled). *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() never resets s->method to s->ctx->method when called from within one of the SSL handshake functions. *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert (sent using the client's version number) if client_version is smaller than the protocol version in use. Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the client will at least see that alert. *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation correctly. *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a client receives HelloRequest while in a handshake. *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C should end in 'break', not 'goto end' which circuments various cleanups done in state SSL_ST_OK. But session related stuff must be disabled for SSL_ST_OK in the case that we just sent a HelloRequest. Also avoid some overhead by not calling ssl_init_wbio_buffer() before just sending a HelloRequest. *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't reveal whether illegal block cipher padding was found or a MAC verification error occured. (Neither SSLerr() codes nor alerts are directly visible to potential attackers, but the information may leak via logfiles.) ssl/s2_pkt.c failed to verify that the purported number of padding bytes is in the legal range. *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid 'wristwatch attack' using huge encoding parameters (cf. James H. Manger's CRYPTO 2001 paper). Note that the RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use encoding parameters and hence was not vulnerable. *) BN_sqr() bug fix. *) Rabin-Miller test analyses assume uniformly distributed witnesses, so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() followed by modular reduction. *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range() equivalent based on BN_pseudo_rand() instead of BN_rand(). *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB). This function was broken, as the check for a new client hello message to handle SGC did not allow these large messages. *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl() for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>). *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() with the same message size as in ssl3_get_certificate_request(). Otherwise, if no ServerKeyExchange message occurs, CertificateRequest messages might inadvertently be reject as too long. *) Modified SSL library such that the verify_callback that has been set specificly for an SSL object with SSL_set_verify() is actually being used. Before the change, a verify_callback set with this function was ignored and the verify_callback() set in the SSL_CTX at the time of the call was used. New function X509_STORE_CTX_set_verify_cb() introduced to allow the necessary settings. *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored dh->length and always used BN_rand_range(priv_key, dh->p). So switch back to BN_rand(priv_key, l, ...) where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1 otherwise. *) In RSA_eay_public_encrypt, RSA_eay_private_decrypt, RSA_eay_private_encrypt RSA_eay_public_decrypt always reject numbers >= n. *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2 to synchronize access to 'locking_thread'. *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID *before* setting the 'crypto_lock_rand' flag. The previous code had a race condition if 0 is a valid thread ID. Notes: svn path=/head/; revision=57949
* - make portlint happierDirk Meyer2002-01-051-2/+2
| | | | | | | | - use DOCSDIR or EXAMPLESDIR - get rid of some INTERACTIVE scrips in news/ifmail Notes: svn path=/head/; revision=52636
* - PORTDOCS policePatrick Li2001-12-241-2/+2
| | | | | | | | - DOCSDIR support to some - Brush out some lint Notes: svn path=/head/; revision=52072
* Style police: WWW tags should either end in a file/script or TRAILING /; Fix ↵Mario Sergio Fujikawa Ferreira2001-11-201-1/+1
| | | | | | | the later case Notes: svn path=/head/; revision=50301