summaryrefslogtreecommitdiffstats
path: root/security/openssl-beta
Commit message (Collapse)AuthorAgeFilesLines
* - turn this into a slave portdinoex2004-03-2613-1169/+5
|
* - Security update to 0.9.7ddinoex2004-03-177-51/+23
| | | | http://www.openssl.org/news/secadv_20040317.txt
* - add SIZEdinoex2004-02-261-0/+1
|
* - Warn about conflict with /lib/libcrypto.sodinoex2004-01-081-0/+10
|
* - add CONFLICTSdinoex2003-10-122-5/+5
| | | | | | | - cleanup - use DOCSDIR Submitted by: eikemeier@fillmore-labs.com [CONFLICTS]
* - Security Fix, Update to 0.9.7cdinoex2003-09-306-6/+47
| | | | - Fix manpages
* - Fix: FreeBSD 470101 don't has a crytodevice.dinoex2003-08-041-0/+11
| | | | Problem noted by: jarnold@knightridder.com
* - Support amd64dinoex2003-07-062-3/+12
|
* - ### HEAD UP ### SHLIBVER has been bumped back.dinoex2003-04-161-14/+7
| | | | - honor OPENSSH_SHLIBVER if set by user.
* - Update to 0.9.7bdinoex2003-04-115-140/+18
|
* - enable threads on ia64dinoex2003-04-072-7/+7
| | | | | | | | - OPENSSL_OVERWRITE_BASE defaults to STABLE/CURRENT shared lib version This solves problems when the share lib is deinstalled. ports/50292 PR: 50292
* - honor CC and use PHREAD_LIBS and PTHREAD_FLAGSdinoex2003-04-033-3/+24
| | | | Submitted by: marius@alchemy.franken.de
* - Security Fix:dinoex2003-03-232-1/+54
| | | | http://www.openssl.org/news/secadv_20030319.txt
* - switch to USE_PERL5_BUILDdinoex2003-03-192-1/+79
| | | | | | - add security patch Approved by: kris Obtained from: http://www.openssl.org/news/secadv_20030317.txt
* - retire pkg-commentdinoex2003-02-211-1/+0
|
* - add COMMENTdinoex2003-02-201-0/+1
|
* - merged some patches in distributiondinoex2003-02-194-74/+70
| | | | | | - added thread support on alpha, sparc64 - Update to 0.9.7a (with security fix) - Add support for daily snaphots with OPENSSL_SNAPSHOT=yes
* - sync SHLIBVER for OPENSSL_OVERWRITE_BASE=yes and 5.0-CURRENTdinoex2003-02-151-0/+4
|
* - Fix spellingdinoex2003-02-091-1/+1
|
* - Fix CURRENT version bump in openssl, so ports link as expected.dinoex2003-01-311-0/+5
|
* - make portlint happierdinoex2003-01-221-1/+1
|
* - merge and sort manpages, reduce number of lines neededdinoex2003-01-151-797/+785
|
* - use NOPRECIOUSMAKEVARS, to fix bento problemdinoex2003-01-151-2/+1
| | | | - remove BROKEN_MLINKS
* add more MLINKSdinoex2003-01-141-0/+36
|
* - cleanup patchdinoex2003-01-131-9/+0
|
* - add flag BROKEN_MLINKS for problems with bsd.port.mkdinoex2003-01-122-2/+10
| | | | | - sync with openssl - verfied for ia64
* - Clean up FLAGS for sparc64, verfied build and regressiondinoex2003-01-112-9/+12
| | | | - Prepare entries for ia64
* fix missing : for sparc64 onlydinoex2003-01-021-1/+1
|
* Update to 0.9.7 releasedinoex2003-01-024-13/+11
|
* - Update to 0.9.7-beta5dinoex2003-01-025-9/+719
| | | | | | - add test target - make build on sparc64 - fix a make problem in crypto/bf
* - add rnd_keys.c for compatibilty with base. (patch by: jtraub@isilon.com)dinoex2002-10-253-17/+18
| | | | | - OPENSSL_OVERWRITE_BASE: fix package building - Fix install of manpages for 3.x
* remove pkg-plist.noshared and use PLIST_SUBdinoex2002-10-163-81/+6
|
* Install manpages in standard only if OPENSSL_OVERWRITE_BASE is not set.dinoex2002-10-122-1/+9
|
* Install openssl's man pages in standard manpathdinoex2002-10-123-7/+13
| | | | PR: 43658
* use /etc/ssl if OPENSSL_OVERWRITE_BASE is setdinoex2002-10-051-1/+4
|
* Update to openssl-0.9.7-beta3 after repro-copy, use at own risk.dinoex2002-08-146-87/+47
|
* Security Update to: 0.9.6gdinoex2002-08-103-14/+2
|
* Sync Bugfix from CURRENTdinoex2002-08-062-0/+12
|
* Fix links to the Handbook, the FAQ and the porters-handbook.blackend2002-08-041-1/+1
| | | | Approved by: portmgr
* when build with OPENSSL_OVERWRITE_BASEdinoex2002-08-011-0/+1
| | | | | | reset SHLIBVER to 2, so the existing lib is overwritten fully. Warning: some programs track the version number internally too. Suggested by:nectar
* Security Update to 0.9.6edinoex2002-07-303-58/+6
|
* Remove FORBIDDEN, oenssl-0.9.6d doesn't made in into 4.6 RELEASEdinoex2002-06-231-3/+0
|
* Add an option OPENSSL_OVERWRITE_BASE=yes as we have done in OPENSHHdinoex2002-06-161-0/+5
|
* - get rid of duplicate code in Makefiles.dinoex2002-05-311-0/+56
| | | | | - Fix USE_OPENSSL_PORT and USE_OPENSSL_BASE - drop obsolete/broken USE_OPENSSL
* Update to: 0.9.6ddinoex2002-05-133-15/+18
| | | | | | | | | | | See: http://www.openssl.org/source/exp/CHANGES Port improvements: proccessor type is now detected Add option: OPENSSL_WITH_386 This set as default for package generation on bento
* openssl:dinoex2002-05-042-3/+5
| | | | | | | | | - some configure scripts check the version of the lib so we need to update SHLIBVER - bump PORTREVISION openssh: - build ports with local openssl, if it exists
* - Update to 0.9.6cdinoex2002-04-213-26/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - more manpages - shift FORBIDDEN Excerpt of Changes between 0.9.6b and 0.9.6c [21 dec 2001] *) Fix BN_rand_range bug pointed out by Dominikus Scherkl *) Only add signing time to PKCS7 structures if it is not already present. *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", OBJ_ld_ce should be OBJ_id_ce. Also some ip-pda OIDs in crypto/objects/objects.txt were incorrect (cf. RFC 3039). *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() returns early because it has nothing to do. *) Fix mutex callback return values in crypto/engine/hw_ncipher.c. *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake messages are stored in a single piece (fixed-length part and variable-length part combined) and fix various bugs found on the way. *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() instead. BIO_gethostbyname() does not know what timeouts are appropriate, so entries would stay in cache even when they have become invalid. *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when faced with a pathologically small ClientHello fragment that does not contain client_version: Instead of aborting with an error, simply choose the highest available protocol version (i.e., TLS 1.0 unless it is disabled). *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() never resets s->method to s->ctx->method when called from within one of the SSL handshake functions. *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert (sent using the client's version number) if client_version is smaller than the protocol version in use. Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the client will at least see that alert. *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation correctly. *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a client receives HelloRequest while in a handshake. *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C should end in 'break', not 'goto end' which circuments various cleanups done in state SSL_ST_OK. But session related stuff must be disabled for SSL_ST_OK in the case that we just sent a HelloRequest. Also avoid some overhead by not calling ssl_init_wbio_buffer() before just sending a HelloRequest. *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't reveal whether illegal block cipher padding was found or a MAC verification error occured. (Neither SSLerr() codes nor alerts are directly visible to potential attackers, but the information may leak via logfiles.) ssl/s2_pkt.c failed to verify that the purported number of padding bytes is in the legal range. *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid 'wristwatch attack' using huge encoding parameters (cf. James H. Manger's CRYPTO 2001 paper). Note that the RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use encoding parameters and hence was not vulnerable. *) BN_sqr() bug fix. *) Rabin-Miller test analyses assume uniformly distributed witnesses, so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() followed by modular reduction. *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range() equivalent based on BN_pseudo_rand() instead of BN_rand(). *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB). This function was broken, as the check for a new client hello message to handle SGC did not allow these large messages. *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl() for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>). *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() with the same message size as in ssl3_get_certificate_request(). Otherwise, if no ServerKeyExchange message occurs, CertificateRequest messages might inadvertently be reject as too long. *) Modified SSL library such that the verify_callback that has been set specificly for an SSL object with SSL_set_verify() is actually being used. Before the change, a verify_callback set with this function was ignored and the verify_callback() set in the SSL_CTX at the time of the call was used. New function X509_STORE_CTX_set_verify_cb() introduced to allow the necessary settings. *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored dh->length and always used BN_rand_range(priv_key, dh->p). So switch back to BN_rand(priv_key, l, ...) where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1 otherwise. *) In RSA_eay_public_encrypt, RSA_eay_private_decrypt, RSA_eay_private_encrypt RSA_eay_public_decrypt always reject numbers >= n. *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2 to synchronize access to 'locking_thread'. *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID *before* setting the 'crypto_lock_rand' flag. The previous code had a race condition if 0 is a valid thread ID.
* - make portlint happierdinoex2002-01-051-2/+2
| | | | | - use DOCSDIR or EXAMPLESDIR - get rid of some INTERACTIVE scrips in news/ifmail
* - PORTDOCS policepat2001-12-241-2/+2
| | | | | - DOCSDIR support to some - Brush out some lint
* Style police: WWW tags should either end in a file/script or TRAILING /; Fix ↵lioux2001-11-201-1/+1
| | | | the later case
OpenPOWER on IntegriCloud