| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Submitted by: phk
Notes:
svn path=/head/; revision=127181
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- remove harmfull -Wl,-Bsymbolic
strcmp did not work correctly,
and the initialisation of internal hashs was defunct.
Therefor serveral applications failed to find some of the ciphers.
e.G. openvpn, jabberd
Notes:
svn path=/head/; revision=120938
|
| |
|
|
|
|
|
| |
- md5 verfied with website
Notes:
svn path=/head/; revision=120280
|
| |
|
|
|
|
|
|
| |
PR: 69150
Submitted by: Konstantin Oznobihin
Notes:
svn path=/head/; revision=113929
|
| |
|
|
| |
Notes:
svn path=/head/; revision=109033
|
| |
|
|
|
|
|
|
| |
PR: 65346
Submitted by: edwin
Notes:
svn path=/head/; revision=106545
|
| |
|
|
|
|
|
| |
- merge lines from openssl-beta
Notes:
svn path=/head/; revision=105369
|
| |
|
|
|
|
|
| |
http://www.openssl.org/news/secadv_20040317.txt
Notes:
svn path=/head/; revision=104290
|
| |
|
|
| |
Notes:
svn path=/head/; revision=97697
|
| |
|
|
|
|
|
|
|
|
| |
- cleanup
- use DOCSDIR
Submitted by: eikemeier@fillmore-labs.com [CONFLICTS]
Notes:
svn path=/head/; revision=90906
|
| |
|
|
|
|
|
| |
- Fix manpages
Notes:
svn path=/head/; revision=89911
|
| |
|
|
|
|
|
|
| |
- honor OPENSSH_SHLIBVER if set by user.
- CFLAGS added to esure correct linking
Notes:
svn path=/head/; revision=79088
|
| |
|
|
| |
Notes:
svn path=/head/; revision=78754
|
| |
|
|
|
|
|
|
|
|
|
| |
- OPENSSL_OVERWRITE_BASE
defaults to STABLE/CURRENT shared lib version
This solves problems when the share lib is deinstalled.
ports/50292
PR: 50292
Notes:
svn path=/head/; revision=78494
|
| |
|
|
|
|
|
| |
marius@alchemy.franken.de
Notes:
svn path=/head/; revision=78054
|
| |
|
|
|
|
|
| |
http://www.openssl.org/news/secadv_20030319.txt
Notes:
svn path=/head/; revision=77191
|
| |
|
|
|
|
|
|
|
| |
- add security patch
Approved by: kris
Obtained from: http://www.openssl.org/news/secadv_20030317.txt
Notes:
svn path=/head/; revision=77161
|
| |
|
|
| |
Notes:
svn path=/head/; revision=75965
|
| |
|
|
|
|
|
|
|
| |
- added thread support on alpha, sparc64
- Update to 0.9.7a (with security fix)
- defaults openssl to port
Notes:
svn path=/head/; revision=75911
|
| |
|
|
| |
Notes:
svn path=/head/; revision=75548
|
| |
|
|
| |
Notes:
svn path=/head/; revision=75166
|
| |
|
|
| |
Notes:
svn path=/head/; revision=74369
|
| |
|
|
|
|
|
|
|
|
| |
- rnd_keys.c now in distribution
- drop lib/libRSAglue.a
- build on i386, alpha, sparc64, ia64
- build on 2.2.8 with the gas-patch as noted in FAQ
Notes:
svn path=/head/; revision=74221
|
| |
|
|
|
|
|
|
|
| |
- md5 verified
- add test target
- make build on sparc64
Notes:
svn path=/head/; revision=72141
|
| |
|
|
|
|
|
|
| |
- OPENSSL_OVERWRITE_BASE: fix package building
- Fix install of manpages for 3.x
Notes:
svn path=/head/; revision=68819
|
| |
|
|
| |
Notes:
svn path=/head/; revision=68158
|
| |
|
|
| |
Notes:
svn path=/head/; revision=67902
|
| |
|
|
|
|
|
| |
PR: 43658
Notes:
svn path=/head/; revision=67897
|
| |
|
|
|
|
|
|
| |
PR: 42665
Submitted by: roman@bellavista.cz
Notes:
svn path=/head/; revision=66364
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
list by bsd.port.mk insert anti foot-shooting device, which prevents
infinite fork loop when the user defines corresponding USE_XXX in global
make.conf, command line or environment.
Similar devices should probably be inserted into ports that might be inserted
into dependency list by others bsd.foo.mk files (bsd.ruby.mk, bsd.python.mk
and so on.)
Notes:
svn path=/head/; revision=66299
|
| |
|
|
| |
Notes:
svn path=/head/; revision=64320
|
| |
|
|
| |
Notes:
svn path=/head/; revision=64086
|
| |
|
|
|
|
|
|
|
| |
reset SHLIBVER to 2, so the existing lib is overwritten fully.
Warning: some programs track the version number internally too.
Suggested by:nectar
Notes:
svn path=/head/; revision=63854
|
| |
|
|
| |
Notes:
svn path=/head/; revision=63747
|
| |
|
|
| |
Notes:
svn path=/head/; revision=61841
|
| |
|
|
| |
Notes:
svn path=/head/; revision=61371
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
See:
http://www.openssl.org/source/exp/CHANGES
Port improvements:
proccessor type is now detected
Add option: OPENSSL_WITH_386
This set as default for package generation on bento
Notes:
svn path=/head/; revision=59026
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- some configure scripts check the version of the lib
so we need to update SHLIBVER
- bump PORTREVISION
openssh:
- build ports with local openssl, if it exists
Notes:
svn path=/head/; revision=58521
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- more manpages
- shift FORBIDDEN
Excerpt of Changes between 0.9.6b and 0.9.6c [21 dec 2001]
*) Fix BN_rand_range bug pointed out by Dominikus Scherkl
*) Only add signing time to PKCS7 structures if it is not already present.
*) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", OBJ_ld_ce
should be OBJ_id_ce. Also some ip-pda OIDs in crypto/objects/objects.txt
were incorrect (cf. RFC 3039).
*) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
returns early because it has nothing to do.
*) Fix mutex callback return values in crypto/engine/hw_ncipher.c.
*) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
messages are stored in a single piece (fixed-length part and
variable-length part combined) and fix various bugs found on the way.
*) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
instead. BIO_gethostbyname() does not know what timeouts are
appropriate, so entries would stay in cache even when they have
become invalid.
*) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
faced with a pathologically small ClientHello fragment that does
not contain client_version: Instead of aborting with an error,
simply choose the highest available protocol version (i.e.,
TLS 1.0 unless it is disabled).
*) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
never resets s->method to s->ctx->method when called from within
one of the SSL handshake functions.
*) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
(sent using the client's version number) if client_version is
smaller than the protocol version in use. Also change
ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
the client will at least see that alert.
*) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
correctly.
*) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
client receives HelloRequest while in a handshake.
*) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
should end in 'break', not 'goto end' which circuments various
cleanups done in state SSL_ST_OK. But session related stuff
must be disabled for SSL_ST_OK in the case that we just sent a
HelloRequest. Also avoid some overhead by not calling
ssl_init_wbio_buffer() before just sending a HelloRequest.
*) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured. (Neither SSLerr() codes nor alerts
are directly visible to potential attackers, but the information
may leak via logfiles.) ssl/s2_pkt.c failed to verify that the
purported number of padding bytes is in the legal range.
*) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
'wristwatch attack' using huge encoding parameters (cf.
James H. Manger's CRYPTO 2001 paper). Note that the
RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
encoding parameters and hence was not vulnerable.
*) BN_sqr() bug fix.
*) Rabin-Miller test analyses assume uniformly distributed witnesses,
so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
followed by modular reduction.
*) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
equivalent based on BN_pseudo_rand() instead of BN_rand().
*) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
This function was broken, as the check for a new client hello message
to handle SGC did not allow these large messages.
*) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
*) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
*) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
with the same message size as in ssl3_get_certificate_request().
Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
messages might inadvertently be reject as too long.
*) Modified SSL library such that the verify_callback that has been set
specificly for an SSL object with SSL_set_verify() is actually being
used. Before the change, a verify_callback set with this function was
ignored and the verify_callback() set in the SSL_CTX at the time of
the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
to allow the necessary settings.
*) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
dh->length and always used
BN_rand_range(priv_key, dh->p).
So switch back to
BN_rand(priv_key, l, ...)
where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
otherwise.
*) In RSA_eay_public_encrypt, RSA_eay_private_decrypt, RSA_eay_private_encrypt
RSA_eay_public_decrypt always reject numbers >= n.
*) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
to synchronize access to 'locking_thread'.
*) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
*before* setting the 'crypto_lock_rand' flag. The previous code had
a race condition if 0 is a valid thread ID.
Notes:
svn path=/head/; revision=57949
|
| |
|
|
|
|
|
|
| |
- use DOCSDIR or EXAMPLESDIR
- get rid of some INTERACTIVE scrips in news/ifmail
Notes:
svn path=/head/; revision=52636
|
| |
|
|
|
|
|
| |
so dependent ports can build correctly.
Notes:
svn path=/head/; revision=47392
|
| |
|
|
| |
Notes:
svn path=/head/; revision=45285
|
| |
|
|
| |
Notes:
svn path=/head/; revision=44897
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
due to non-backwards compatible changes. The shlib bump necessitates
a corresponding bump in bsd.port.mk for the automagic openssl
dependency. Mistakes in the port are my responsibility. Approval for
the bsd.port.mk commit comes through asami -> kkenn -> me. Kris is
a little busy at the moment, so he asked me to lob it in.
Approved by: kris
Notes:
svn path=/head/; revision=42951
|
| |
|
|
|
|
|
|
|
|
| |
and don't mark BROKEN if it doesn't exist.
2. Provide a workaround for inability of recent gcc to link shared library
when -Wl,-whole-archive ld(1) option is used. This should make possible to
build the port on recent -stable or -current.
Notes:
svn path=/head/; revision=41805
|
| |
|
|
|
|
|
| |
I don't use any 3.x system any longer.
Notes:
svn path=/head/; revision=38460
|
| |
|
|
| |
Notes:
svn path=/head/; revision=38162
|
| |
|
|
|
|
|
|
|
| |
spelled out (many of which are ${PKGDIR}/MESSAGE -> ${PKGMESSAGE} type
fixes that shouldn't have been necessary) and the string "/pkg/"
appear.
Notes:
svn path=/head/; revision=33576
|
| |
|
|
| |
Notes:
svn path=/head/; revision=33543
|
| |
|
|
|
|
|
| |
Submitted by: kris
Notes:
svn path=/head/; revision=32745
|
