Commit Graph

115 Commits

Author SHA1 Message Date
Dirk Meyer
3c0cc81cb8 - Fix: FreeBSD 470101 don't has a crytodevice.
Problem noted by: jarnold@knightridder.com
2003-08-04 18:22:34 +00:00
Dirk Meyer
2d1407f8f6 - Support amd64 2003-07-06 03:03:29 +00:00
Dirk Meyer
1afeeb4c02 - Fixes problem when base has no openssl installed
Submitted by:	marius@alchemy.franken.de
2003-05-07 20:08:00 +00:00
Dirk Meyer
26bdfd8a7f - retire Makefile.ssl, please use bsd.openssl.mk 2003-04-16 19:02:31 +00:00
Dirk Meyer
9d825c5f3a - new Overrideable defaults: OPENSSL_SHLIBVER and OPENSSL_PORT
- set CFLAGS and LDFLAGS to link the correct libs
2003-04-16 14:49:26 +00:00
Dirk Meyer
0144066d45 - ### HEAD UP ### SHLIBVER has been bumped back.
- honor OPENSSH_SHLIBVER if set by user.
- CFLAGS added to esure correct linking
2003-04-16 14:49:00 +00:00
Dirk Meyer
ef7899960f - Change all USE_OPENSSL_* to WITH_OPENSSL_* 2003-04-13 11:47:23 +00:00
Dirk Meyer
0636be66df - use bsd.openssl.mk 2003-04-11 18:39:18 +00:00
Dirk Meyer
7d2f60a86e - Udpate to 0.9.7b 2003-04-11 18:29:17 +00:00
Dirk Meyer
4bee344745 - defaults to STABLE/CURRENT shared lib version 2003-04-07 05:54:39 +00:00
Dirk Meyer
605d36542b - enable threads on ia64
- OPENSSL_OVERWRITE_BASE
  defaults to STABLE/CURRENT shared lib version
  This solves problems when the share lib is deinstalled.
  ports/50292
PR:		50292
2003-04-07 05:50:39 +00:00
Dirk Meyer
2e88b8ec35 - honor CC and use PTHREAD_LIBS and PTHREAD_FLAGS
marius@alchemy.franken.de
2003-04-03 18:24:52 +00:00
Dirk Meyer
cae454ac23 - rename Makefile.ssl to bsd.openssl.mk 2003-04-03 18:24:31 +00:00
Dirk Meyer
018fc2c474 - Security Fix:
http://www.openssl.org/news/secadv_20030319.txt
2003-03-23 04:49:53 +00:00
Dirk Meyer
1f094f8114 - switch to USE_PERL5_BUILD
- add security patch
Approved by:	kris
Obtained from:	http://www.openssl.org/news/secadv_20030317.txt
2003-03-19 06:28:03 +00:00
Dirk Meyer
9ea8fec662 - check if we have 0.9.7a 2003-02-27 18:09:09 +00:00
Dirk Meyer
4eb8d6d1fa - retire pkg-comment 2003-02-21 03:59:00 +00:00
Dirk Meyer
387f34ee24 - add COMMENT 2003-02-20 18:26:42 +00:00
Dirk Meyer
b8dd3b052d - merged some patches in distribution
- added thread support on alpha, sparc64
- Update to 0.9.7a (with security fix)
- defaults openssl to port
2003-02-19 21:12:51 +00:00
Dirk Meyer
0a30e2916b - keep using the openssl port if its installed
bento does temporay has this conflict, as INDEX don't match dependencies.
2003-02-19 04:20:00 +00:00
Dirk Meyer
0889a929d1 - USE_OPENSSL_PORT=yes
Use the port, even if base if up to date
to make life easy for stable and current users,
who don't wan't to recomplie all ports after update.
2003-02-18 07:09:28 +00:00
Dirk Meyer
ba4b7af45b - sync SHLIBVER for OPENSSL_OVERWRITE_BASE=yes and 5.0-CURRENT 2003-02-15 06:31:34 +00:00
Dirk Meyer
93f918f4ad - add more comments
- regonize that 5-CURRENT has 0.9.7 after 2003-01-28
  OSVERSION 500100 was bumped at 2003-01-23,
  detection by exist()
2003-02-13 06:04:01 +00:00
Dirk Meyer
268f4e5810 - Fix spelling 2003-02-09 05:45:04 +00:00
Dirk Meyer
4686c6597f - Fix CURRENT version bump in openssl, so ports link as expected. 2003-01-31 19:54:56 +00:00
Dirk Meyer
f78bea0816 - break build, when port try to pick up the wrong shared lib. 2003-01-31 05:53:55 +00:00
Dirk Meyer
d8de079d43 - Update to 0.9.7
- rnd_keys.c now in distribution
- drop lib/libRSAglue.a
- build on i386, alpha, sparc64, ia64
- build on 2.2.8 with the gas-patch as noted in FAQ
2003-01-29 20:00:43 +00:00
Dirk Meyer
83f46c8755 - add new checksum, only "OPENSSL_VERSION_NUMBER" has been changed
in the distribution after 6th December.
2178290  6 Dez 00:25 /usr/ports/distfiles/openssl-0.9.6h.tar.gz
2178314  8 Dez 21:43 /usr/ports/distfiles/openssl-0.9.6h.tar.gz
2003-01-02 16:32:48 +00:00
Dirk Meyer
fcc315c342 - Update to 0.9.6h
- md5 verified
- add test target
- make build on sparc64
2003-01-02 04:17:19 +00:00
Dirk Meyer
1f8692d63c - add rnd_keys.c for compatibilty with base. (patch by: jtraub@isilon.com)
- OPENSSL_OVERWRITE_BASE: fix package building
- Fix install of manpages for 3.x
2002-10-25 20:41:47 +00:00
Dirk Meyer
1d625b6381 remove pkg-plist.noshared and use PLIST_SUB 2002-10-16 18:29:36 +00:00
Dirk Meyer
d0600d1dae Install manpages in standard only if OPENSSL_OVERWRITE_BASE is not set. 2002-10-12 21:04:39 +00:00
Dirk Meyer
ed97522b83 Install openssl's man pages in standard manpath
PR:		43658
2002-10-12 20:27:59 +00:00
Dirk Meyer
b29bd2eb2e fix path for option OPENSSL_OVERWRITE_BASE
PR:		42665
Submitted by:	roman@bellavista.cz
2002-09-15 13:01:05 +00:00
Maxim Sobolev
4fe6852b8f Due to popular demant into each port which might be inserted into dependency
list by bsd.port.mk insert anti foot-shooting device, which prevents
infinite fork loop when the user defines corresponding USE_XXX in global
make.conf, command line or environment.

Similar devices should probably be inserted into ports that might be inserted
into dependency list by others bsd.foo.mk files (bsd.ruby.mk, bsd.python.mk
and so on.)
2002-09-14 13:32:06 +00:00
Dirk Meyer
26f27bdc5a new Option USE_OPENSSL_BETA 2002-08-30 07:02:17 +00:00
Dirk Meyer
183c3e7862 Security Update to: 0.9.6g 2002-08-10 08:30:39 +00:00
Dirk Meyer
6120fd5185 Sync Bugfix from CURRENT 2002-08-06 05:46:17 +00:00
Marc Fonvieille
deef46806d Fix links to the Handbook, the FAQ and the porters-handbook.
Approved by:	portmgr
2002-08-04 09:04:12 +00:00
Dirk Meyer
05e82aa029 when build with OPENSSL_OVERWRITE_BASE
reset SHLIBVER to 2, so the existing lib is overwritten fully.
Warning: some programs track the version number internally too.
Suggested by:nectar
2002-08-01 17:31:06 +00:00
Dirk Meyer
6beb927cde Security Update to 0.9.6e 2002-07-30 17:38:18 +00:00
Dirk Meyer
0b1516b7ba Remove FORBIDDEN, oenssl-0.9.6d doesn't made in into 4.6 RELEASE 2002-06-23 21:14:58 +00:00
Dirk Meyer
9805082a11 Add an option OPENSSL_OVERWRITE_BASE=yes as we have done in OPENSHH 2002-06-16 14:04:49 +00:00
Dirk Meyer
65e2b09e20 - get rid of duplicate code in Makefiles.
- Fix USE_OPENSSL_PORT and USE_OPENSSL_BASE
- drop obsolete/broken USE_OPENSSL
2002-05-31 20:51:48 +00:00
Dirk Meyer
227e98a413 Update to: 0.9.6d
See:
http://www.openssl.org/source/exp/CHANGES

Port improvements:
proccessor type is now detected

Add option: OPENSSL_WITH_386
This set as default for package generation on bento
2002-05-13 18:54:03 +00:00
Dirk Meyer
dd32b25a29 openssl:
- some configure scripts check the version of the lib
  so we need to update SHLIBVER
- bump PORTREVISION

openssh:
- build ports with local openssl, if it exists
2002-05-04 04:38:12 +00:00
Dirk Meyer
cd87949d28 - Update to 0.9.6c
- more manpages
- shift FORBIDDEN

 Excerpt of Changes between 0.9.6b and 0.9.6c  [21 dec 2001]
  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
  *) Only add signing time to PKCS7 structures if it is not already present.
  *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce", OBJ_ld_ce
     should be OBJ_id_ce.  Also some ip-pda OIDs in crypto/objects/objects.txt
     were incorrect (cf. RFC 3039).
  *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
     returns early because it has nothing to do.
  *) Fix mutex callback return values in crypto/engine/hw_ncipher.c.
  *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
     messages are stored in a single piece (fixed-length part and
     variable-length part combined) and fix various bugs found on the way.
  *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
     instead.  BIO_gethostbyname() does not know what timeouts are
     appropriate, so entries would stay in cache even when they have
     become invalid.
  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
     faced with a pathologically small ClientHello fragment that does
     not contain client_version: Instead of aborting with an error,
     simply choose the highest available protocol version (i.e.,
     TLS 1.0 unless it is disabled).
  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
     never resets s->method to s->ctx->method when called from within
     one of the SSL handshake functions.
  *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
     (sent using the client's version number) if client_version is
     smaller than the protocol version in use.  Also change
     ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
     the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
     the client will at least see that alert.
  *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
     correctly.
  *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
     client receives HelloRequest while in a handshake.
  *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
     should end in 'break', not 'goto end' which circuments various
     cleanups done in state SSL_ST_OK.   But session related stuff
     must be disabled for SSL_ST_OK in the case that we just sent a
     HelloRequest.  Also avoid some overhead by not calling
     ssl_init_wbio_buffer() before just sending a HelloRequest.
  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
     reveal whether illegal block cipher padding was found or a MAC
     verification error occured.  (Neither SSLerr() codes nor alerts
     are directly visible to potential attackers, but the information
     may leak via logfiles.) ssl/s2_pkt.c failed to verify that the
     purported number of padding bytes is in the legal range.
  *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
     'wristwatch attack' using huge encoding parameters (cf.
     James H. Manger's CRYPTO 2001 paper).  Note that the
     RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
     encoding parameters and hence was not vulnerable.
  *) BN_sqr() bug fix.
  *) Rabin-Miller test analyses assume uniformly distributed witnesses,
     so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
     followed by modular reduction.
  *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
     equivalent based on BN_pseudo_rand() instead of BN_rand().
  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
     This function was broken, as the check for a new client hello message
     to handle SGC did not allow these large messages.
  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
  *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
     for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
     with the same message size as in ssl3_get_certificate_request().
     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
     messages might inadvertently be reject as too long.
  *) Modified SSL library such that the verify_callback that has been set
     specificly for an SSL object with SSL_set_verify() is actually being
     used. Before the change, a verify_callback set with this function was
     ignored and the verify_callback() set in the SSL_CTX at the time of
     the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
     to allow the necessary settings.
  *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
     dh->length and always used
          BN_rand_range(priv_key, dh->p).
     So switch back to
          BN_rand(priv_key, l, ...)
     where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
     otherwise.
  *) In RSA_eay_public_encrypt, RSA_eay_private_decrypt, RSA_eay_private_encrypt
     RSA_eay_public_decrypt always reject numbers >= n.
  *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
     to synchronize access to 'locking_thread'.
  *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
     *before* setting the 'crypto_lock_rand' flag.  The previous code had
     a race condition if 0 is a valid thread ID.
2002-04-21 13:02:08 +00:00
Dirk Meyer
2025ba84ee - make portlint happier
- use DOCSDIR or EXAMPLESDIR
- get rid of some INTERACTIVE scrips in news/ifmail
2002-01-05 23:43:13 +00:00
Patrick Li
b666502afd - PORTDOCS police
- DOCSDIR support to some
- Brush out some lint
2001-12-24 02:17:17 +00:00
Mario Sergio Fujikawa Ferreira
75ad5febcb Style police: WWW tags should either end in a file/script or TRAILING /; Fix the later case 2001-11-20 23:29:38 +00:00