summaryrefslogtreecommitdiffstats
path: root/security/openssl
Commit message (Collapse)AuthorAgeFilesLines
* - Fixes problem when base has no openssl installeddinoex2003-05-071-2/+3
| | | | Submitted by: marius@alchemy.franken.de
* - retire Makefile.ssl, please use bsd.openssl.mkdinoex2003-04-161-5/+0
|
* - new Overrideable defaults: OPENSSL_SHLIBVER and OPENSSL_PORTdinoex2003-04-161-14/+23
| | | | - set CFLAGS and LDFLAGS to link the correct libs
* - ### HEAD UP ### SHLIBVER has been bumped back.dinoex2003-04-161-14/+7
| | | | | - honor OPENSSH_SHLIBVER if set by user. - CFLAGS added to esure correct linking
* - Change all USE_OPENSSL_* to WITH_OPENSSL_*dinoex2003-04-131-12/+20
|
* - use bsd.openssl.mkdinoex2003-04-111-104/+1
|
* - Udpate to 0.9.7bdinoex2003-04-115-140/+18
|
* - defaults to STABLE/CURRENT shared lib versiondinoex2003-04-071-4/+4
|
* - enable threads on ia64dinoex2003-04-072-7/+7
| | | | | | | | - OPENSSL_OVERWRITE_BASE defaults to STABLE/CURRENT shared lib version This solves problems when the share lib is deinstalled. ports/50292 PR: 50292
* - honor CC and use PTHREAD_LIBS and PTHREAD_FLAGSdinoex2003-04-033-3/+24
| | | | marius@alchemy.franken.de
* - rename Makefile.ssl to bsd.openssl.mkdinoex2003-04-031-0/+108
|
* - Security Fix:dinoex2003-03-232-1/+54
| | | | http://www.openssl.org/news/secadv_20030319.txt
* - switch to USE_PERL5_BUILDdinoex2003-03-192-1/+79
| | | | | | - add security patch Approved by: kris Obtained from: http://www.openssl.org/news/secadv_20030317.txt
* - check if we have 0.9.7adinoex2003-02-271-3/+6
|
* - retire pkg-commentdinoex2003-02-211-1/+0
|
* - add COMMENTdinoex2003-02-201-0/+1
|
* - merged some patches in distributiondinoex2003-02-195-78/+60
| | | | | | - added thread support on alpha, sparc64 - Update to 0.9.7a (with security fix) - defaults openssl to port
* - keep using the openssl port if its installeddinoex2003-02-191-1/+2
| | | | bento does temporay has this conflict, as INDEX don't match dependencies.
* - USE_OPENSSL_PORT=yesdinoex2003-02-181-3/+6
| | | | | | Use the port, even if base if up to date to make life easy for stable and current users, who don't wan't to recomplie all ports after update.
* - sync SHLIBVER for OPENSSL_OVERWRITE_BASE=yes and 5.0-CURRENTdinoex2003-02-151-0/+4
|
* - add more commentsdinoex2003-02-131-0/+25
| | | | | | - regonize that 5-CURRENT has 0.9.7 after 2003-01-28 OSVERSION 500100 was bumped at 2003-01-23, detection by exist()
* - Fix spellingdinoex2003-02-091-1/+1
|
* - Fix CURRENT version bump in openssl, so ports link as expected.dinoex2003-01-312-2/+13
|
* - break build, when port try to pick up the wrong shared lib.dinoex2003-01-311-0/+8
|
* - Update to 0.9.7dinoex2003-01-2911-614/+848
| | | | | | | - rnd_keys.c now in distribution - drop lib/libRSAglue.a - build on i386, alpha, sparc64, ia64 - build on 2.2.8 with the gas-patch as noted in FAQ
* - add new checksum, only "OPENSSL_VERSION_NUMBER" has been changeddinoex2003-01-021-0/+1
| | | | | | in the distribution after 6th December. 2178290 6 Dez 00:25 /usr/ports/distfiles/openssl-0.9.6h.tar.gz 2178314 8 Dez 21:43 /usr/ports/distfiles/openssl-0.9.6h.tar.gz
* - Update to 0.9.6hdinoex2003-01-024-8/+31
| | | | | | - md5 verified - add test target - make build on sparc64
* - add rnd_keys.c for compatibilty with base. (patch by: jtraub@isilon.com)dinoex2002-10-255-17/+503
| | | | | - OPENSSL_OVERWRITE_BASE: fix package building - Fix install of manpages for 3.x
* remove pkg-plist.noshared and use PLIST_SUBdinoex2002-10-163-81/+6
|
* Install manpages in standard only if OPENSSL_OVERWRITE_BASE is not set.dinoex2002-10-122-1/+9
|
* Install openssl's man pages in standard manpathdinoex2002-10-123-7/+13
| | | | PR: 43658
* fix path for option OPENSSL_OVERWRITE_BASEdinoex2002-09-151-1/+4
| | | | | PR: 42665 Submitted by: roman@bellavista.cz
* Due to popular demant into each port which might be inserted into dependencysobomax2002-09-141-0/+4
| | | | | | | | | | list by bsd.port.mk insert anti foot-shooting device, which prevents infinite fork loop when the user defines corresponding USE_XXX in global make.conf, command line or environment. Similar devices should probably be inserted into ports that might be inserted into dependency list by others bsd.foo.mk files (bsd.ruby.mk, bsd.python.mk and so on.)
* new Option USE_OPENSSL_BETAdinoex2002-08-301-0/+5
|
* Security Update to: 0.9.6gdinoex2002-08-103-14/+2
|
* Sync Bugfix from CURRENTdinoex2002-08-062-0/+12
|
* Fix links to the Handbook, the FAQ and the porters-handbook.blackend2002-08-041-1/+1
| | | | Approved by: portmgr
* when build with OPENSSL_OVERWRITE_BASEdinoex2002-08-011-0/+1
| | | | | | reset SHLIBVER to 2, so the existing lib is overwritten fully. Warning: some programs track the version number internally too. Suggested by:nectar
* Security Update to 0.9.6edinoex2002-07-303-58/+6
|
* Remove FORBIDDEN, oenssl-0.9.6d doesn't made in into 4.6 RELEASEdinoex2002-06-231-3/+0
|
* Add an option OPENSSL_OVERWRITE_BASE=yes as we have done in OPENSHHdinoex2002-06-161-0/+5
|
* - get rid of duplicate code in Makefiles.dinoex2002-05-311-0/+56
| | | | | - Fix USE_OPENSSL_PORT and USE_OPENSSL_BASE - drop obsolete/broken USE_OPENSSL
* Update to: 0.9.6ddinoex2002-05-133-15/+18
| | | | | | | | | | | See: http://www.openssl.org/source/exp/CHANGES Port improvements: proccessor type is now detected Add option: OPENSSL_WITH_386 This set as default for package generation on bento
* openssl:dinoex2002-05-042-3/+5
| | | | | | | | | - some configure scripts check the version of the lib so we need to update SHLIBVER - bump PORTREVISION openssh: - build ports with local openssl, if it exists
* - Update to 0.9.6cdinoex2002-04-213-26/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - more manpages - shift FORBIDDEN Excerpt of Changes between 0.9.6b and 0.9.6c [21 dec 2001] *) Fix BN_rand_range bug pointed out by Dominikus Scherkl *) Only add signing time to PKCS7 structures if it is not already present. *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", OBJ_ld_ce should be OBJ_id_ce. Also some ip-pda OIDs in crypto/objects/objects.txt were incorrect (cf. RFC 3039). *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid() returns early because it has nothing to do. *) Fix mutex callback return values in crypto/engine/hw_ncipher.c. *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake messages are stored in a single piece (fixed-length part and variable-length part combined) and fix various bugs found on the way. *) Disable caching in BIO_gethostbyname(), directly use gethostbyname() instead. BIO_gethostbyname() does not know what timeouts are appropriate, so entries would stay in cache even when they have become invalid. *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when faced with a pathologically small ClientHello fragment that does not contain client_version: Instead of aborting with an error, simply choose the highest available protocol version (i.e., TLS 1.0 unless it is disabled). *) Fix SSL handshake functions and SSL_clear() such that SSL_clear() never resets s->method to s->ctx->method when called from within one of the SSL handshake functions. *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert (sent using the client's version number) if client_version is smaller than the protocol version in use. Also change ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if the client demanded SSL 3.0 but only TLS 1.0 is enabled; then the client will at least see that alert. *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation correctly. *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a client receives HelloRequest while in a handshake. *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C should end in 'break', not 'goto end' which circuments various cleanups done in state SSL_ST_OK. But session related stuff must be disabled for SSL_ST_OK in the case that we just sent a HelloRequest. Also avoid some overhead by not calling ssl_init_wbio_buffer() before just sending a HelloRequest. *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't reveal whether illegal block cipher padding was found or a MAC verification error occured. (Neither SSLerr() codes nor alerts are directly visible to potential attackers, but the information may leak via logfiles.) ssl/s2_pkt.c failed to verify that the purported number of padding bytes is in the legal range. *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid 'wristwatch attack' using huge encoding parameters (cf. James H. Manger's CRYPTO 2001 paper). Note that the RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use encoding parameters and hence was not vulnerable. *) BN_sqr() bug fix. *) Rabin-Miller test analyses assume uniformly distributed witnesses, so use BN_pseudo_rand_range() instead of using BN_pseudo_rand() followed by modular reduction. *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range() equivalent based on BN_pseudo_rand() instead of BN_rand(). *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB). This function was broken, as the check for a new client hello message to handle SGC did not allow these large messages. *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long](). *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl() for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>). *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message() with the same message size as in ssl3_get_certificate_request(). Otherwise, if no ServerKeyExchange message occurs, CertificateRequest messages might inadvertently be reject as too long. *) Modified SSL library such that the verify_callback that has been set specificly for an SSL object with SSL_set_verify() is actually being used. Before the change, a verify_callback set with this function was ignored and the verify_callback() set in the SSL_CTX at the time of the call was used. New function X509_STORE_CTX_set_verify_cb() introduced to allow the necessary settings. *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored dh->length and always used BN_rand_range(priv_key, dh->p). So switch back to BN_rand(priv_key, l, ...) where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1 otherwise. *) In RSA_eay_public_encrypt, RSA_eay_private_decrypt, RSA_eay_private_encrypt RSA_eay_public_decrypt always reject numbers >= n. *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2 to synchronize access to 'locking_thread'. *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID *before* setting the 'crypto_lock_rand' flag. The previous code had a race condition if 0 is a valid thread ID.
* - make portlint happierdinoex2002-01-051-2/+2
| | | | | - use DOCSDIR or EXAMPLESDIR - get rid of some INTERACTIVE scrips in news/ifmail
* - PORTDOCS policepat2001-12-241-2/+2
| | | | | - DOCSDIR support to some - Brush out some lint
* Style police: WWW tags should either end in a file/script or TRAILING /; Fix ↵lioux2001-11-201-1/+1
| | | | the later case
* Allow to build libcrypto.so.2 for 4.0, 4,1 and 4.2 RELEASEdinoex2001-09-031-1/+1
| | | | so dependent ports can build correctly.
* Upgrade openssl to 0.9.6b.okazaki2001-07-202-2/+2
|
OpenPOWER on IntegriCloud