openssl 0.9.8l_4 security =338

SSL and crypto library
Maintained by: dinoex@FreeBSD.org
Port Added: unknown
Also Listed In: devel

---

---

The OpenSSL Project is a collaborative effort to develop a robust,
commercial-grade, full-featured, and Open Source toolkit implementing
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security
(TLS v1) protocols with full-strength cryptography world-wide. The
project is managed by a worldwide community of volunteers that use
the Internet to communicate, plan, and develop the OpenSSL tookit
and its related documentation.

OpenSSL is based on the excellent SSLeay library developed by Eric
A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under
an Apache-style licence, which basically means that you are free
to get and use it for commercial and non-commercial purposes subject
to some simple license conditions.

OpenSSL homepage:

	http://www.openssl.org/

WWW: http://www.openssl.org/
WWW: http://sctp.fh-muenster.de/dtls-patches.html

CVSWeb : Sources : Main Web Site : Distfiles Availability : PortsMon

---

Required To Build: devel/makedepend, lang/perl5.8

---

To install the port: cd /usr/ports/security/openssl/ && make install clean
To add the package: pkg_add -r openssl

---

Configuration Options

===> The following configuration options are available for openssl-0.9.8l_4:
     I386=off (default) "Use optimized assembler for 80386"
     SSE2=on (default) "Use runtime SSE2 detection"
     ZLIB=on (default) "Build with zlib compression"
===> Use 'make config' to modify these settings

---

Master Sites:

http://www.openssl.org/source/

ftp://ftp.openssl.org/source/

ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/distfiles/

• port moved here from security/openssl-beta on 2009-01-09
  REASON: Removed
  
  
• port moved here from security/openssl-stable on 2008-12-30
  REASON: Removed: only for 6.0
  

- allow use of faster CPU
- enable SSE2 optimisations
- fix thread option
- cleanup

- fix spelling
- pass no-zlib option
Submitted by:   b.f.

- Security patch to fix Memory leak
http://cvs.openssl.org/chngview?cn=19068
http://www.openwall.com/lists/oss-security/2010/01/13/3
Security: CVE-2009-4355
Security: CVE-2008-1678
Obtained from:  cvs.openssl.org

- new option WITH_OPENSSL_THREADS
- revert Configure
- bump shared libs

- drop broken FIPS support
- drop broken SCTP support
- drop out of date MASTER_SITE
- mark DEPRECATED

Don't link unneeded PTHREAD_LIBS.

Approved by:    portmgr

- improve message for option WITH_SCTP
PR:             140153
Submitted by:   Paul J Murphy

- Security update to 0.9.8l
Security: CVE-2009-3555

- add option WITH_FIPS to make config
Submitted by:   Patrick Rael

PR:             138881
Obtained from:  openssl-1.0.0
Feature safe:   yes

- fix Hardware acceleration
PR:             138881
Submitted by:   Larry Baird
Feature safe:   yes

- make patches fetchable
- add temorary location to allow fetch before mirrors are in sync.

- revert patch

- update dtls-bugs.patch

- mark option WITH_SCTP as broken

- fix build for OSVERSION 800105

- set MAKE_JOBS_UNSAFE
PR:             136938
Submitted by:   Dmitry Marakasov

- keep private directories around if used

- WITH_SCTP does not buuild on 7.1

- add more DTLS bugfixes
- use options framework
- new option WITH_FIPS
add fips code
- new option WITH_SCTP
add SCTP support to openssl

- Security Fix
Security:       CVE-2009-1377
Security:       CVE-2009-1378
Security:       http://article.gmane.org/gmane.comp.security.oss.general/1769
PR:             134653

- Security update to 0.9.8k
Security: http://www.openssl.org/news/secadv_20090325.txt
Security: CVE-2009-0590
Security: CVE-2009-0591 (port not affected)
Security: CVE-2009-0789
PR:             133156
Submitted by:   Eygene Ryabinkin

- fix shared lib path
Force libssl.so to loads the match libcrypto.so.
The old fix was not working with 0.9.7

This should help ports linking to openssl from ports in FreeBSD 7.1 and above.

- cleanup beta

- update to 0.9.8j
- move patches from files-beta back to files
- FIPS disabled with force
- support for crypto_hw device cloning restored
- support for crypto_hw aes_256 restored

- update to 0.9.8j
- move patches from files-beta back to files
- FIPS disabled with force
- support for crypto_hw device cloning restored
- support for crypto_hw aes_256 restored

- Security fix for incorrect checks for malformed signatures
Security: http://www.openssl.org/news/secadv_20090107.txt

- cleanup 0.97

- mark FORBIDDEN
Security: incorrect checks for malformed signatures

- mark BROKEN

- Remove conditional checks for FreeBSD 5.x and older

- update to 0.9.8i

- Security fix for 0.9.7m
Security:       CVE-2007-5135
Security:       http://www.openssl.org/news/secadv_20071012.txt
Submitted by:   Jung-uk Kim

- Remove duplicates from MAKE_ENV after inclusion of CC and CXX in default
MAKE_ENV

- enable cryptodev
124972
PR:             124972
Submitted by:   Larry Baird
Obtained from:  Simon L. Nielsen

PR:     124281

- readd 0.9.7m

- Security update to 0.9.8h
Security: http://openssl.org/news/secadv_20080528.txt
Security: http://secunia.com/advisories/30405/
Security: http://cert.fi/haavoittuvuudet/2008/advisory-openssl.html
Security: CVE-2008-0891
Security: CVE-2008-1672

- remove WITH_OPENSSL_SNAPSHOT

- remove option OPENSSL_OVERWRITE_BASE
  it was only supported for FreeBSD 4.x

- update to 0.9.8g

- Secuurity update to 0.9.8f
Security: CVE-2007-4995

- fix DESTDIR for config stage

- Remove the DESTDIR modifications from individual ports as we have a new,
  fully chrooted DESTDIR, which does not need such any more.

Sponsored by:   Google Summer of Code 2007
Approved by:    portmgr (pav)

- enable cadmilla
PR:             113624
Submitted by:   Tomoyuki Okazaki

- Fix runtime crash in OpenSSL with "Illegal instruction" when build with gcc42
Obtained from:  kan

- Security update to 0.9.7m / 0.9.8e
- md5 verfified.
Security:       CVE-2006-2937
Security:       CVE-2006-2938
Security:       CVE-2006-2940
Security:       CVE-2006-3738
Security:       CVE-2006-4343
Security:       SA-06:23.openssl

- use USE_LDCONFIG

- Remove support for a.out format and PORTOBJFORMAT variable from individual
  ports

With hat:       portmgr

- Security update to 0.9.7l
- Security update to 0.9.8d
Security: http://www.openssl.org/news/secadv_20060928.txt
Security: CVE-2006-2937
Security: CVE-2006-2940
Security: CVE-2006-3738
Security: CVE-2006-4343
Security: http://security.freebsd.org/advisories/FreeBSD-SA-06:23.openssl.asc

md5 hashes verfied

- update to 0.9.8c
- update stable to 0.9.7k
md5 verified
Security: http://www.openssl.org/news/secadv_20060905.txt
Security: CAN-2006-4339

- fix warning when no openssl is in the base
PR:             102639
Submitted by:   Artis Caune

- new option WITH_OPENSSL_COMPRESSION
Submitted by:   Corey Smith

Add support for DESTDIR part I.

This commit should largele be a NOOP as it only adds support
for DESTDIR undefined. This does allow us to start testing
ports with DESTDIR set, but this is as of yet not supported.

Although this has been extensively tested on pointyhat, this
is a very intrusive change and some cases may have been
overlooked. Please contact Gabor and me if you find any.

PR:             100555
Submitted by:   gabor
Sponsored by:   Google Summer of Code 2006

- ignore OpenSSL 0.9.7* on CUREENT >= 700019
- break out if shared lib version in port is less than base

- activate regression-test

- bump shared lib versions for FreeBSD > 6.0
  libssl.o in the base was bumped, but still uses old ABI
  KDE crashes, as it does not honor LDFLAGS / -rpath=
- solving regression for OpenOffice users

Reported by: Michel Talon

- update to 0.9.8a and 0.9.7j
  md5 verified with distribution

- force CC and CFLAGS from /etc/make.conf
PR:             90888

- warn users of option OPENSSL_OVERWRITE_BASE

- update default build options on aplha
Submitted by:   textfield@yahoo.com

- backout last patch

- update default build options on aplha
Submitted by:   textfield@yahoo.com

- add SHA checksum

- Fix build of openssl-beta on 6.0

- new option WITHOUT_OPENSSL_SSE2
http://www.openssl.org/docs/crypto/OPENSSL_ia32cap.html
Suggested by:   Grant Swenson

- update stable to 0.9.7i

- force 0.9.7 for FREEBSD 6.0 RELEASE
Requested by:   portmgr (kris)

- new option WITH_OPENSSL_STABLE=yes
- updated CONFLICTS

- binary compatability patch
PR:             87419
Submitted by:   Phil Oleson

- update to 0.9.7g and 0.9.8a

- Security Fix: CAN-2005-2969
Security: http://www.openssl.org/news/secadv_20051011.txt

- bump SHLIB version
The API of openssl 0.9.8 ist compatible but not identical.
This version bump might break build of all ports that try
to include the opessl in base at the same time.
That ports should be fixed.

- update default to 0.9.8
- new option WITH_OPENSSL_097

- fix manpages

- update to 0.9.8 for WITH_OPENSSL_BETA=yes

No longer remove libdata/pkgconfig.  This is taken care of by mtree now.

- update 0.9.7g
PR:             79899
Submitted by:   Vasil Dimov

- fix manpages

- update to 0.9.7f

- extended API for hw-crypto
Submitted by:   phk

- drop objects for win and vms

- cleanup fips
- remove harmfull -Wl,-Bsymbolic

  strcmp did not work correctly,
  and the initialisation of internal hashs was defunct.
  Therefor serveral applications failed to find some of the ciphers.
  e.G. openvpn, jabberd

- Bugfix update to 0.9.7e
- md5 verfied with website

- add patch to support AES-192-CBC and AES-256-CBC
to the crypto engine (assuming your card supports them).
This make the Hifn cards much more useful as AES-256 is
the default encryption for many client applications.

Submitted by:   Spike Ilacqua
Obtained from:  OpenBSD

- installs pkgconfig data in $(prefix)/libdata
PR:             69150
Submitted by:   Konstantin Oznobihin

- Update option OPENSSL_SNAPSHOT to work with newer bsd.port.mk

- Fix check for dynamic root.
PR:             65346
Submitted by:   edwin

- make PKGNAMESUFFIX more flexible
- merge lines from openssl-beta

- Security update to 0.9.7d
http://www.openssl.org/news/secadv_20040317.txt

- add SIZE

- Warn about conflict with /lib/libcrypto.so

- add CONFLICTS
- cleanup
- use DOCSDIR

Submitted by:   eikemeier@fillmore-labs.com [CONFLICTS]

- Security Fix, Update to 0.9.7c
- Fix manpages

- Fix: FreeBSD 470101 don't has a crytodevice.
Problem noted by: jarnold@knightridder.com

- Support amd64

- Fixes problem when base has no openssl installed
Submitted by:   marius@alchemy.franken.de

- retire Makefile.ssl, please use bsd.openssl.mk

- new Overrideable defaults: OPENSSL_SHLIBVER and OPENSSL_PORT
- set CFLAGS and LDFLAGS to link the correct libs

- ### HEAD UP ### SHLIBVER has been bumped back.
- honor OPENSSH_SHLIBVER if set by user.
- CFLAGS added to esure correct linking

- Change all USE_OPENSSL_* to WITH_OPENSSL_*

5 vulnerabilities affecting 16 ports have been reported in the past 14 days

^* - modified, not new

All vulnerabilities