| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Notes:
svn path=/head/; revision=105370
|
| |
|
|
|
|
|
| |
http://www.openssl.org/news/secadv_20040317.txt
Notes:
svn path=/head/; revision=104290
|
| |
|
|
| |
Notes:
svn path=/head/; revision=102162
|
| |
|
|
| |
Notes:
svn path=/head/; revision=97697
|
| |
|
|
|
|
|
|
|
|
| |
- cleanup
- use DOCSDIR
Submitted by: eikemeier@fillmore-labs.com [CONFLICTS]
Notes:
svn path=/head/; revision=90906
|
| |
|
|
|
|
|
| |
- Fix manpages
Notes:
svn path=/head/; revision=89911
|
| |
|
|
|
|
|
| |
Problem noted by: jarnold@knightridder.com
Notes:
svn path=/head/; revision=86302
|
| |
|
|
| |
Notes:
svn path=/head/; revision=84253
|
| |
|
|
|
|
|
| |
- honor OPENSSH_SHLIBVER if set by user.
Notes:
svn path=/head/; revision=79087
|
| |
|
|
| |
Notes:
svn path=/head/; revision=78755
|
| |
|
|
|
|
|
|
|
|
|
| |
- OPENSSL_OVERWRITE_BASE
defaults to STABLE/CURRENT shared lib version
This solves problems when the share lib is deinstalled.
ports/50292
PR: 50292
Notes:
svn path=/head/; revision=78494
|
| |
|
|
|
|
|
| |
Submitted by: marius@alchemy.franken.de
Notes:
svn path=/head/; revision=78055
|
| |
|
|
|
|
|
| |
http://www.openssl.org/news/secadv_20030319.txt
Notes:
svn path=/head/; revision=77191
|
| |
|
|
|
|
|
|
|
| |
- add security patch
Approved by: kris
Obtained from: http://www.openssl.org/news/secadv_20030317.txt
Notes:
svn path=/head/; revision=77161
|
| |
|
|
| |
Notes:
svn path=/head/; revision=76006
|
| |
|
|
| |
Notes:
svn path=/head/; revision=75965
|
| |
|
|
|
|
|
|
|
| |
- added thread support on alpha, sparc64
- Update to 0.9.7a (with security fix)
- Add support for daily snaphots with OPENSSL_SNAPSHOT=yes
Notes:
svn path=/head/; revision=75910
|
| |
|
|
| |
Notes:
svn path=/head/; revision=75549
|
| |
|
|
| |
Notes:
svn path=/head/; revision=75166
|
| |
|
|
| |
Notes:
svn path=/head/; revision=74369
|
| |
|
|
| |
Notes:
svn path=/head/; revision=73806
|
| |
|
|
| |
Notes:
svn path=/head/; revision=73191
|
| |
|
|
|
|
|
| |
- remove BROKEN_MLINKS
Notes:
svn path=/head/; revision=73184
|
| |
|
|
| |
Notes:
svn path=/head/; revision=73126
|
| |
|
|
| |
Notes:
svn path=/head/; revision=73021
|
| |
|
|
|
|
|
|
| |
- sync with openssl
- verfied for ia64
Notes:
svn path=/head/; revision=72959
|
| |
|
|
|
|
|
| |
- Prepare entries for ia64
Notes:
svn path=/head/; revision=72893
|
| |
|
|
| |
Notes:
svn path=/head/; revision=72294
|
| |
|
|
| |
Notes:
svn path=/head/; revision=72234
|
| |
|
|
|
|
|
|
|
| |
- add test target
- make build on sparc64
- fix a make problem in crypto/bf
Notes:
svn path=/head/; revision=72142
|
| |
|
|
|
|
|
|
| |
- OPENSSL_OVERWRITE_BASE: fix package building
- Fix install of manpages for 3.x
Notes:
svn path=/head/; revision=68819
|
| |
|
|
| |
Notes:
svn path=/head/; revision=68158
|
| |
|
|
| |
Notes:
svn path=/head/; revision=67902
|
| |
|
|
|
|
|
| |
PR: 43658
Notes:
svn path=/head/; revision=67897
|
| |
|
|
| |
Notes:
svn path=/head/; revision=67346
|
| |
|
|
| |
Notes:
svn path=/head/; revision=64516
|
| |
|
|
| |
Notes:
svn path=/head/; revision=64320
|
| |
|
|
| |
Notes:
svn path=/head/; revision=64086
|
| |
|
|
|
|
|
| |
Approved by: portmgr
Notes:
svn path=/head/; revision=63962
|
| |
|
|
|
|
|
|
|
| |
reset SHLIBVER to 2, so the existing lib is overwritten fully.
Warning: some programs track the version number internally too.
Suggested by:nectar
Notes:
svn path=/head/; revision=63854
|
| |
|
|
| |
Notes:
svn path=/head/; revision=63747
|
| |
|
|
| |
Notes:
svn path=/head/; revision=61841
|
| |
|
|
| |
Notes:
svn path=/head/; revision=61371
|
| |
|
|
|
|
|
|
| |
- Fix USE_OPENSSL_PORT and USE_OPENSSL_BASE
- drop obsolete/broken USE_OPENSSL
Notes:
svn path=/head/; revision=60406
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
See:
http://www.openssl.org/source/exp/CHANGES
Port improvements:
proccessor type is now detected
Add option: OPENSSL_WITH_386
This set as default for package generation on bento
Notes:
svn path=/head/; revision=59026
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- some configure scripts check the version of the lib
so we need to update SHLIBVER
- bump PORTREVISION
openssh:
- build ports with local openssl, if it exists
Notes:
svn path=/head/; revision=58521
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- more manpages
- shift FORBIDDEN
Excerpt of Changes between 0.9.6b and 0.9.6c [21 dec 2001]
*) Fix BN_rand_range bug pointed out by Dominikus Scherkl
*) Only add signing time to PKCS7 structures if it is not already present.
*) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", OBJ_ld_ce
should be OBJ_id_ce. Also some ip-pda OIDs in crypto/objects/objects.txt
were incorrect (cf. RFC 3039).
*) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
returns early because it has nothing to do.
*) Fix mutex callback return values in crypto/engine/hw_ncipher.c.
*) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
messages are stored in a single piece (fixed-length part and
variable-length part combined) and fix various bugs found on the way.
*) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
instead. BIO_gethostbyname() does not know what timeouts are
appropriate, so entries would stay in cache even when they have
become invalid.
*) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
faced with a pathologically small ClientHello fragment that does
not contain client_version: Instead of aborting with an error,
simply choose the highest available protocol version (i.e.,
TLS 1.0 unless it is disabled).
*) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.
*) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
(sent using the client's version number) if client_version is
smaller than the protocol version in use. Also change
ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
the client will at least see that alert.
*) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
correctly.
*) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
client receives HelloRequest while in a handshake.
*) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
should end in 'break', not 'goto end' which circuments various
cleanups done in state SSL_ST_OK. But session related stuff
must be disabled for SSL_ST_OK in the case that we just sent a
HelloRequest. Also avoid some overhead by not calling
ssl_init_wbio_buffer() before just sending a HelloRequest.
*) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured. (Neither SSLerr() codes nor alerts
are directly visible to potential attackers, but the information
may leak via logfiles.) ssl/s2_pkt.c failed to verify that the
purported number of padding bytes is in the legal range.
*) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
'wristwatch attack' using huge encoding parameters (cf.
James H. Manger's CRYPTO 2001 paper). Note that the
RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
encoding parameters and hence was not vulnerable.
*) BN_sqr() bug fix.
*) Rabin-Miller test analyses assume uniformly distributed witnesses,
so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
followed by modular reduction.
*) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
equivalent based on BN_pseudo_rand() instead of BN_rand().
*) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
This function was broken, as the check for a new client hello message
to handle SGC did not allow these large messages.
*) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
*) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
*) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
with the same message size as in ssl3_get_certificate_request().
Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
messages might inadvertently be reject as too long.
*) Modified SSL library such that the verify_callback that has been set
specificly for an SSL object with SSL_set_verify() is actually being
used. Before the change, a verify_callback set with this function was
ignored and the verify_callback() set in the SSL_CTX at the time of
the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
to allow the necessary settings.
*) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
dh->length and always used
BN_rand_range(priv_key, dh->p).
So switch back to
BN_rand(priv_key, l, ...)
where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
otherwise.
*) In RSA_eay_public_encrypt, RSA_eay_private_decrypt, RSA_eay_private_encrypt
RSA_eay_public_decrypt always reject numbers >= n.
*) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
to synchronize access to 'locking_thread'.
*) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
*before* setting the 'crypto_lock_rand' flag. The previous code had
a race condition if 0 is a valid thread ID.
Notes:
svn path=/head/; revision=57949
|
| |
|
|
|
|
|
|
| |
- use DOCSDIR or EXAMPLESDIR
- get rid of some INTERACTIVE scrips in news/ifmail
Notes:
svn path=/head/; revision=52636
|
| |
|
|
|
|
|
|
| |
- DOCSDIR support to some
- Brush out some lint
Notes:
svn path=/head/; revision=52072
|
| |
|
|
|
|
|
| |
the later case
Notes:
svn path=/head/; revision=50301
|
