openssl 1.0.0_9 security =334

SSL and crypto library
Maintained by: dinoex@FreeBSD.org
Port Added: unknown
Also Listed In: devel
License: not specified in port

---

---

The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security
(TLS v1) protocols with full-strength cryptography world-wide. The
project is managed by a worldwide community of volunteers that use
the Internet to communicate, plan, and develop the OpenSSL tookit
and its related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric
A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under
an Apache-style licence, which basically means that you are free
to get and use it for commercial and non-commercial purposes subject
to some simple license conditions.

WWW: http://www.openssl.org/
WWW: http://sctp.fh-muenster.de/dtls-patches.html

CVSWeb : Sources : Main Web Site : Distfiles Availability : PortsMon

---

NOTE: FreshPorts displays only required dependencies information. Optional dependencies are not covered.
Required To Build: devel/makedepend, lang/perl5.8
There are no ports dependent upon this port

---

To install the port: cd /usr/ports/security/openssl/ && make install clean
To add the package: pkg_add -r openssl

---

Configuration Options

===> The following configuration options are available for openssl-1.0.0_9:
     I386=off (default) "Use optimized assembler for 80386"
     SSE2=on (default) "Use runtime SSE2 detection"
     ASM=on (default) "Build with optimized Assembler"
     ZLIB=on (default) "Build with zlib compression"
     MD2=on (default) "Build with MD2 hash (obsolete)"
     RC5=off (default) "Build with RC5 chipher (patented)"
     RFC3779=off (default) "Build with RFC3779 support"
     DTLS_RENEGOTIATION=off (default) "Build with DTLS Abbr. renegotiations"
     DTLS_HEARTBEAT=off (default) "Build with DTLS Heartbeat Extension"
     SCTP=off (default) "Build with SCTP support"
===> Use 'make config' to modify these settings

---

Master Sites:

http://www.openssl.org/source/

ftp://ftp.openssl.org/source/

ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/openssl-1.0.0g/

• port moved here from security/openssl-beta on 2009-01-09
  REASON: Removed
  
  
• port moved here from security/openssl-stable on 2008-12-30
  REASON: Removed: only for 6.0
  

- Security update to 1.0.0g
Security: http://www.openssl.org/news/secadv_20120118.txt

- Build with obsolte MD2 hash by default

- Security Update to 1.0.0f
Security: http://openssl.org/news/secadv_20120104.txt
Security: CVE-2011-4108
Security: CVE-2011-4109
Security: CVE-2011-4576
Security: CVE-2011-4577
Security: CVE-2011-4619
Security: CVE-2012-0027
Submitted by:   Tim Zingelman

- make portlint happier

- update patches
PR:             161379

Feature safe:   yes

- cleanup homepage
Feature safe:   yes

- Security update to 1.0.0e
Security: http://openssl.org/news/secadv_20110906.txt

- drop option TLS_EXTRACTOR, now in distribution

- add RFC-5705 patch
Obtained from:  OpenBSD

- Security update to 1.0.0d
Security: http://openssl.org/news/secadv_20110208.txt
Security: CVE-2011-0014
Feature safe:   yes

- Security update to 1.0.0c
Security: http://openssl.org/news/secadv_20101202.txt
Security: CVE-2010-4180

- Security update to 1.0.0b
Security: http://openssl.org/news/secadv_20101116.txt
Security: CVE-2010-3864

PR:             152312
Submitted by:   Alexander Wittig

- Fix regression in TLS handling
Obtained from:  http://cvs.openssl.org/chngview?cn=19998

- ease fetching

- update dtls-heartbeats.patch
PR:             147787
Submitted by:   Nagilum

- update to openssl-1.0.0a
Security: CVE-2010-1633
this problem was already fixed in 1.0.0 with option WITH_DTLS_BUGS

- fix path in c_rehash
Submitted by:   Matthias Andree
Obtained from:  http://rt.openssl.org/Ticket/Display.html?id=2234

- add more DTLS bugfixes
Obtained from:  http://sctp.fh-muenster.de/

- add option WITHOUT_ASM

- fix build on sparc64
Submitted by:   kwm

- chase updated patches for sctp-17 and dtls

- add options WITH_MD2
Suggested by: Tatsuki Makino

- add options WITH_RC5 and WITH_RFC3779

- strip text for options
Reported by:    Richard J. Dawes

- update to 1.0.0
- regression tested on i386, amd64 and ia64
- use DIST_SUBDIR to resolve conflicts with old patchfiles
- new options DTLS_RENEGOTIATION, DTLS_HEARTBEAT, TLS_EXTRACTOR, SCTP

- Security update to 0.9.8n
Security: http://www.openssl.org/news/secadv_20100324.txt

- update to 0.9.8m
- support RFC5746
Security: CVE-2008-1678
Security: CVE-2009-1377
Security: CVE-2009-1378
Security: CVE-2009-1379
Approved by:    portmgr (pav)
Feature safe:   yes

- allow use of faster CPU
- enable SSE2 optimisations
- fix thread option
- cleanup

- fix spelling
- pass no-zlib option
Submitted by:   b.f.

- Security patch to fix Memory leak
http://cvs.openssl.org/chngview?cn=19068
http://www.openwall.com/lists/oss-security/2010/01/13/3
Security: CVE-2009-4355
Security: CVE-2008-1678
Obtained from:  cvs.openssl.org

- new option WITH_OPENSSL_THREADS
- revert Configure
- bump shared libs

- drop broken FIPS support
- drop broken SCTP support
- drop out of date MASTER_SITE
- mark DEPRECATED

Don't link unneeded PTHREAD_LIBS.

Approved by:    portmgr

- improve message for option WITH_SCTP
PR:             140153
Submitted by:   Paul J Murphy

- Security update to 0.9.8l
Security: CVE-2009-3555

- add option WITH_FIPS to make config
Submitted by:   Patrick Rael

PR:             138881
Obtained from:  openssl-1.0.0
Feature safe:   yes

- fix Hardware acceleration
PR:             138881
Submitted by:   Larry Baird
Feature safe:   yes

- make patches fetchable
- add temorary location to allow fetch before mirrors are in sync.

- revert patch

- update dtls-bugs.patch

- mark option WITH_SCTP as broken

- fix build for OSVERSION 800105

- set MAKE_JOBS_UNSAFE
PR:             136938
Submitted by:   Dmitry Marakasov

- keep private directories around if used

- WITH_SCTP does not buuild on 7.1

- add more DTLS bugfixes
- use options framework
- new option WITH_FIPS
add fips code
- new option WITH_SCTP
add SCTP support to openssl

- Security Fix
Security:       CVE-2009-1377
Security:       CVE-2009-1378
Security:       http://article.gmane.org/gmane.comp.security.oss.general/1769
PR:             134653

- Security update to 0.9.8k
Security: http://www.openssl.org/news/secadv_20090325.txt
Security: CVE-2009-0590
Security: CVE-2009-0591 (port not affected)
Security: CVE-2009-0789
PR:             133156
Submitted by:   Eygene Ryabinkin

- fix shared lib path
Force libssl.so to loads the match libcrypto.so.
The old fix was not working with 0.9.7

This should help ports linking to openssl from ports in FreeBSD 7.1 and above.

- cleanup beta

- update to 0.9.8j
- move patches from files-beta back to files
- FIPS disabled with force
- support for crypto_hw device cloning restored
- support for crypto_hw aes_256 restored

- update to 0.9.8j
- move patches from files-beta back to files
- FIPS disabled with force
- support for crypto_hw device cloning restored
- support for crypto_hw aes_256 restored

- Security fix for incorrect checks for malformed signatures
Security: http://www.openssl.org/news/secadv_20090107.txt

- cleanup 0.97

- mark FORBIDDEN
Security: incorrect checks for malformed signatures

- mark BROKEN

- Remove conditional checks for FreeBSD 5.x and older

- update to 0.9.8i

- Security fix for 0.9.7m
Security:       CVE-2007-5135
Security:       http://www.openssl.org/news/secadv_20071012.txt
Submitted by:   Jung-uk Kim

- Remove duplicates from MAKE_ENV after inclusion of CC and CXX in default
MAKE_ENV

- enable cryptodev
124972
PR:             124972
Submitted by:   Larry Baird
Obtained from:  Simon L. Nielsen

PR:     124281

- readd 0.9.7m

- Security update to 0.9.8h
Security: http://openssl.org/news/secadv_20080528.txt
Security: http://secunia.com/advisories/30405/
Security: http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
Security: CVE-2008-0891
Security: CVE-2008-1672

- remove WITH_OPENSSL_SNAPSHOT

- remove option OPENSSL_OVERWRITE_BASE
  it was only supported for FreeBSD 4.x

- update to 0.9.8g

- Secuurity update to 0.9.8f
Security: CVE-2007-4995

- fix DESTDIR for config stage

- Remove the DESTDIR modifications from individual ports as we have a new,
  fully chrooted DESTDIR, which does not need such any more.

Sponsored by:   Google Summer of Code 2007
Approved by:    portmgr (pav)

- enable cadmilla
PR:             113624
Submitted by:   Tomoyuki Okazaki

- Fix runtime crash in OpenSSL with "Illegal instruction" when build with gcc42
Obtained from:  kan

- Security update to 0.9.7m / 0.9.8e
- md5 verfified.
Security:       CVE-2006-2937
Security:       CVE-2006-2938
Security:       CVE-2006-2940
Security:       CVE-2006-3738
Security:       CVE-2006-4343
Security:       SA-06:23.openssl

- use USE_LDCONFIG

- Remove support for a.out format and PORTOBJFORMAT variable from individual
  ports

With hat:       portmgr

- Security update to 0.9.7l
- Security update to 0.9.8d
Security: http://www.openssl.org/news/secadv_20060928.txt
Security: CVE-2006-2937
Security: CVE-2006-2940
Security: CVE-2006-3738
Security: CVE-2006-4343
Security: http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc

md5 hashes verfied

- update to 0.9.8c
- update stable to 0.9.7k
md5 verified
Security: http://www.openssl.org/news/secadv_20060905.txt
Security: CAN-2006-4339

- fix warning when no openssl is in the base
PR:             102639
Submitted by:   Artis Caune

- new option WITH_OPENSSL_COMPRESSION
Submitted by:   Corey Smith

Add support for DESTDIR part I.

This commit should largele be a NOOP as it only adds support
for DESTDIR undefined. This does allow us to start testing
ports with DESTDIR set, but this is as of yet not supported.

Although this has been extensively tested on pointyhat, this
is a very intrusive change and some cases may have been
overlooked. Please contact Gabor and me if you find any.

PR:             100555
Submitted by:   gabor
Sponsored by:   Google Summer of Code 2006

- ignore OpenSSL 0.9.7* on CUREENT >= 700019
- break out if shared lib version in port is less than base

- activate regression-test

- bump shared lib versions for FreeBSD > 6.0
  libssl.o in the base was bumped, but still uses old ABI
  KDE crashes, as it does not honor LDFLAGS / -rpath=
- solving regression for OpenOffice users

Reported by: Michel Talon

- update to 0.9.8a and 0.9.7j
  md5 verified with distribution

- force CC and CFLAGS from /etc/make.conf
PR:             90888

- warn users of option OPENSSL_OVERWRITE_BASE

- update default build options on aplha
Submitted by:   textfield@yahoo.com

- backout last patch

- update default build options on aplha
Submitted by:   textfield@yahoo.com

- add SHA checksum

- Fix build of openssl-beta on 6.0

- new option WITHOUT_OPENSSL_SSE2
http://www.openssl.org/docs/crypto/OPENSSL_ia32cap.html
Suggested by:   Grant Swenson

- update stable to 0.9.7i

- force 0.9.7 for FREEBSD 6.0 RELEASE
Requested by:   portmgr (kris)

- new option WITH_OPENSSL_STABLE=yes
- updated CONFLICTS

- binary compatability patch
PR:             87419
Submitted by:   Phil Oleson

- update to 0.9.7g and 0.9.8a

- Security Fix: CAN-2005-2969
Security: http://www.openssl.org/news/secadv_20051011.txt

- bump SHLIB version
The API of openssl 0.9.8 ist compatible but not identical.
This version bump might break build of all ports that try
to include the opessl in base at the same time.
That ports should be fixed.

- update default to 0.9.8
- new option WITH_OPENSSL_097

- fix manpages

- update to 0.9.8 for WITH_OPENSSL_BETA=yes

No longer remove libdata/pkgconfig.  This is taken care of by mtree now.

- update 0.9.7g
PR:             79899
Submitted by:   Vasil Dimov

- fix manpages

- update to 0.9.7f

- extended API for hw-crypto
Submitted by:   phk

12 vulnerabilities affecting 31 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities