From 64ceb973f8652bbf9739c0275dbfbcdcc2cd450a Mon Sep 17 00:00:00 2001
From: feld <feld@FreeBSD.org>
Date: Wed, 2 Mar 2016 22:31:29 +0000
Subject: security/openssl: Disable SSLv2 and MD2

SSLv2 is being disabled due to DROWN.

MD2 is being disabled as it should not have been enabled by default.
This was disabled by upstream back in 2009.

PR:		195796
Approved by:	delphij, eadler
Security:	CVE-2009-2409
Security:	CVE-2016-0800
---
 security/openssl/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 41085e7..f01ab99 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -4,7 +4,7 @@
 PORTNAME=	openssl
 PORTVERSION=	1.0.2
 DISTVERSIONSUFFIX=	g
-PORTREVISION=	9
+PORTREVISION=	10
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/source/ \
 		ftp://ftp.openssl.org/source/ \
@@ -23,7 +23,7 @@ LICENSE=	OpenSSL
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 OPTIONS_DEFINE=	SHARED THREADS I386 SSE2 ASM PADLOCK ZLIB GMP SCTP SSL2 SSL3 RFC3779 MD2 RC5 EXPCIPHERS DOCS MAN3
-OPTIONS_DEFAULT=SHARED THREADS SSE2 SCTP SSL2 SSL3 MD2 MAN3
+OPTIONS_DEFAULT=SHARED THREADS SSE2 SCTP SSL3 MAN3
 .for a in amd64 ia64
 OPTIONS_DEFINE_${a}=	EC
 OPTIONS_DEFAULT_${a}=	EC
-- 
cgit v1.1