Commit History - (may be incomplete: for full details, see links to repositories near top of page) |
Commit | Credits | Log message |
1.0.2l,1 25 May 2017 21:20:13
  |
brnrd  |
security/openssl: Fix distinfo after DIST_SUBDIR update
- Chase DIST_SUBDIR update in distinfo
Reported by: Cybil Courraud |
1.0.2l,1 25 May 2017 18:53:09
  |
brnrd  |
security/openssl: Update to 1.0.2l
- Bugfix update to 1.0.2l
- Fix PADLOCK option
- Build failure -Wunused-function
- Properly disable with configure
- Strip patch-version from DIST_SUBDIR, reduce dirs
- Remove unneeded testssl patch, dtls tests are OK
- Add new WITHOUT_SSL3 testssl extra-patch
- Remove md5 patch (inconsistent output)
- Remove openbsd_hw.c patch (not compiled)
- Remove srtp patch (upstream fixed)
- Fix plist |
1.0.2k_1,1 08 Feb 2017 20:16:31
  |
brnrd  |
security/openssl: Enable ASM by default
- Enable ASM option
* By extension this enables AES-NI [1]
- Order OPTIONS_DEFAULT alphabetically
- Switch to using @sample [2]
- Bump PORTREVISION
PR: 216559 [2]
Reported by: dtestke [1]
Submitted by: Franco Fichtner <franco@opnsense.org> [2]
Approved by: asomers, allanjude |
1.0.2k,1 26 Jan 2017 14:26:46
  |
brnrd  |
security/openssl: Update to 1.0.2k
MFH: 2017Q1
Security: CVE-2016-7055
Security: CVE-2017-3731
Security: CVE-2017-3732 |
1.0.2j_1,1 28 Oct 2016 20:05:48
  |
brnrd  |
security/openssl: Bump PORTREVISION
- Make sure ports get rebuilt
PR: 209582
Reported by: mat |
1.0.2j,1 28 Oct 2016 19:49:18
  |
brnrd  |
security/openssl: Bump shared library version
- Bump shlib version for security/openssl
- Bump shlib version for security/openssl-devel
- Add instructions to UPDATING
PR: 209582
Reported by: Matthew D. Fuller <fullermd@over-yonder.net>
MFH: 2016Q4 |
1.0.2j,1 21 Oct 2016 12:51:41
  |
mat  |
${RM} already has -f.
PR: 213570
Submitted by: mat
Exp-run by: antoine
Sponsored by: Absolight |
1.0.2j,1 06 Oct 2016 19:38:48
  |
brnrd  |
security/openssl: Fix ldconfig issue
- OPT_USE= feature does not behave as expected
Reported by: dinoex
Differential Revision: D8166 |
1.0.2j,1 04 Oct 2016 18:35:00
  |
brnrd  |
security/openssl: Mark MAKE_JOBS_UNSAFE
- Revert removal of MAKE_JOBS_UNSAFE in r423112
Reported by: D. Randolph |
1.0.2j,1 02 Oct 2016 11:51:00
  |
brnrd  |
security/openssl: Modernize port
- Group options
- Migrate to <OPT>_CONFIGURE helpers
- Use CONFIGURE_ARGS not EXTRACONFIGURE
- Remove make-jobs unsafe (introduced 2009 / 0.9.8)
- Remove base SHLIBVER_BASE check (introduced 2006)
- Revert to default CPE_VERSION
- Rework MAN3 option
- Fix plist when SHARED disabled
Reviewed by: mat
Differential Revision: D8025 |
1.0.2j,1 26 Sep 2016 13:47:20
  |
brnrd  |
security/openssl: Update to 1.0.2j
- Update to 1.0.2j
- Fixes Missing CRL sanity check (CVE-2016-7052)
Security: 337d8-83ed-11e6-bf52-b499baebfeaf |
1.0.2i,1 25 Sep 2016 06:06:59
  |
ohauer  |
- add missing man pages to pkg-plist (fix package building)
from poudriere log:
===> Parsing plist
===> Checking for items in STAGEDIR missing from pkg-plist
Error: Orphaned: man/man3/d2i_AutoPrivateKey.3.gz
Error: Orphaned: man/man3/d2i_PrivateKey.3.gz
Error: Orphaned: man/man3/d2i_Private_key.3.gz
Error: Orphaned: man/man3/i2d_PrivateKey.3.gz
===> Error: Plist issues found.
*** Error code 1
====>> Error: check-plist failures detected
!!! build failure encountered !!!
Approved by: blanket |
1.0.2i,1 24 Sep 2016 20:23:53
  |
brnrd  |
security/openssl: Take maintainership |
1.0.2i,1 24 Sep 2016 13:15:48
  |
marino  |
devel/openssl: change CONFLICTS to CONFLICTS_INSTALL
THere's no problem building openssl with other ports SSL libraries
installed, the conflict comes when it's time to install it. |
1.0.2i,1 24 Sep 2016 06:43:04
  |
dinoex  |
- add option ASM for OPNsense
- drop MAINTAINERSHIP caused of version naming change |
1.0.2i,1 23 Sep 2016 12:54:20
  |
brnrd  |
security/openssl: Update to 1.0.2i
- Update to 1.0.2i
- Move from PORTREVISION to PORTVERSION updates
- Remove patches that are included upstream
Reviewed by: mat, delphij
MFH: 2016Q3
Sponsored by: EuroBSDcon 2016 DevSummit
Differential Revision: D8006 |
1.0.2_15,1 15 Sep 2016 22:05:45
  |
mat  |
ftp.openssl.org is being taken out.
https://mta.openssl.org/pipermail/openssl-announce/2016-September/000075.html
Sponsored by: Absolight |
1.0.2_15,1 12 Sep 2016 18:10:41
  |
dinoex  |
- unroll for loop
Submitted by: John Marino |
1.0.2_15,1 28 Aug 2016 16:19:16
  |
dinoex  |
- remove options ASM and GMP |
1.0.2_14,1 27 Aug 2016 11:00:44
  |
mat  |
Revert the OpenSSL 1.1.0 update, it was not tested.
With hat: portmgr
Sponsored by: Absolight |
1.1.0 27 Aug 2016 09:59:48
  |
dinoex  |
- update to 1.1.0
- bump SHLIBVERSION |
1.0.2_14 14 Aug 2016 20:46:55
  |
dinoex  |
- cleanup options |
1.0.2_14 20 Jul 2016 15:33:20
  |
mat  |
Cleanup $() variables in ports Makefiles.
Mostly replace with ${}, but sometime, replace with $$() because it is
what was intended in the first place. (I think.)
Sponsored by: Absolight |
1.0.2_14 20 Jun 2016 19:16:43
  |
dinoex  |
- fix possible integer overflow and application crash
Security: CVE-2016-2177
MFH: 2016Q2 |
1.0.2_13 16 Jun 2016 18:15:09
  |
dinoex  |
- update warning message for new macros |
1.0.2_13 16 Jun 2016 13:22:59
  |
mat  |
Add DEFAULT_VERSIONS=ssl=XXX
Move the openssl detection routine to bsd.default-version.mk.
Add warnings telling people to not use WITH_OPENSSL_PORT or
WITH_OPENSSL_BASE.
To ease maintainability, change the way the different ssl libraries
version numbers are checked.
PR: 210149
Submitted by: mat
Exp-run by: antoine
Sponsored by: The FreeBSD Foundation, Absolight
Differential Revision: https://reviews.freebsd.org/D6577 |
1.0.2_13 12 Jun 2016 21:29:58
  |
dinoex  |
- Fix DSA, preserve BN_FLG_CONSTTIME
Security: CVE-2016-2178 |
1.0.2_12 03 May 2016 15:19:21
  |
dinoex  |
- Security update to 1.0.2h
Security: https://www.openssl.org/news/secadv/20160503.txt
Security: CVE-2016-2105
Security: CVE-2016-2106
Security: CVE-2016-2107
Security: CVE-2016-2108
Security: CVE-2016-2109
Security: CVE-2016-2176
MFH: 2016Q2 |
1.0.2_11 07 Apr 2016 14:39:14
  |
dinoex  |
- add some more manpages
PR: 208602
Submitted by: timp87@gmail.com |
1.0.2_11 04 Apr 2016 19:09:39
  |
dinoex  |
- remove NOPRECIOUS*
- make portlint happier |
1.0.2_11 01 Apr 2016 14:25:18
  |
mat  |
Remove ${PORTSDIR}/ from dependencies, categories r, s, t, and u.
With hat: portmgr
Sponsored by: Absolight |
1.0.2_11 06 Mar 2016 20:06:41
  |
brnrd  |
security/libressl*: Register conflict with security/openssl-devel
- Add conflict for security/openssl-devel
- Sort conflicts alphabetically
Reviewed by: feld (mentor), koobs (mentor)
Approved by: feld (mentor)
Differential Revision: D5539 |
1.0.2_11 03 Mar 2016 19:00:40
  |
dinoex  |
- extend CONFLICTS for openssl-devel |
1.0.2_11 03 Mar 2016 13:58:50
  |
feld  |
security/openssl: Revert disabling of SSLv2 and MD2
Disabling SSLv2 without a shared library bump has a visible impact to
some applications. It is unclear at this time if disabling MD2 could
cause the same issues, but both are being reverted at the moment to be
safe.
PR: 195796 |
1.0.2_10 02 Mar 2016 22:31:29
  |
feld  |
security/openssl: Disable SSLv2 and MD2
SSLv2 is being disabled due to DROWN.
MD2 is being disabled as it should not have been enabled by default.
This was disabled by upstream back in 2009.
PR: 195796
Approved by: delphij, eadler
Security: CVE-2009-2409
Security: CVE-2016-0800 |
1.0.2_9 01 Mar 2016 16:40:55
  |
dinoex  |
- Security update to 1.0.2g
Security: https://www.openssl.org/news/secadv/20160301.txt
Security: CVE-2016-0800
Security: CVE-2016-0705
Security: CVE-2016-0798
Security: CVE-2016-0797
Security: CVE-2016-0799
Security: CVE-2016-0702
Security: CVE-2016-0703
Security: CVE-2016-0704 |
1.0.2_8 13 Feb 2016 09:48:27
  |
dinoex  |
- mark options ASM broken on sparc64
PR: 204527 |
1.0.2_8 28 Jan 2016 17:35:21
  |
dinoex  |
- add new manpages
Submitted by: olli hauer |
1.0.2_7 28 Jan 2016 15:09:46
  |
dinoex  |
- Security update:
- add LICENSE_FILE
MFH: 2016Q1
Security: CVE-2015-3197
Security: CVE-2016-0701 |
1.0.2_6 13 Jan 2016 17:29:12
  |
brnrd  |
security/openssl: Fix No-SSLv3 option
- This change adds `no-ssl3-method` to config args
- Bump portrevision
Testing with security/openssl buillt with SSL3 option disabled [1]
revealed that the openssl binary and the libraries still support SSLv3
connections and methods. With the added no-ssl3-method argument passed
to the config script, the binary no longer supports the -ssl3 option
and ports requiring SSLv3 methods fail on undefined references to
methods.
PR: 203693 [1]
Reviewed by: koobs (mentor), feld (mentor, ports-secteam), dinoex (maintainer)
Approved by: koobs (mentor), feld (mentor, ports-secteam
MFH: 2016Q1
Differential Revision: D4924 |
1.0.2_5 05 Dec 2015 09:41:11
  |
delphij  |
Update to 1.0.2e.
Security: CVE-2015-3193
Security: CVE-2015-3194
Security: CVE-2015-3195
Security: CVE-2015-3196
Security: CVE-2015-1794
MFH: 2015Q4
Approved by: so |
1.0.2_4 21 Nov 2015 18:36:50
  |
dinoex  |
- use post-install-DOCS-on
- cleanup text in IGNORE |
1.0.2_4 05 Sep 2015 13:17:48
  |
dinoex  |
- new OPTION MAN3
PR: 201459 |
1.0.2_4 10 Jul 2015 13:32:27
  |
dinoex  |
- add more manpage links |
1.0.2_4 09 Jul 2015 20:54:37
  |
dinoex  |
- Security update to 1.0.2d
Security: http://openssl.org/news/secadv_20150709.txt |
1.0.2_3 12 Jun 2015 16:47:11
  |
dinoex  |
- update to 1.0.2c |
1.0.2_2 12 Jun 2015 14:42:23
  |
dinoex  |
- use portable cpu option for sparcv8 |
1.0.2_2 12 Jun 2015 14:40:28
  |
dinoex  |
- fix path in SIZE lines |
1.0.2_2 12 Jun 2015 14:19:49
  |
zi  |
- Correct patch filename for SIZE |
1.0.2_2 12 Jun 2015 14:09:08
  |
zi  |
- Restore missing checksum for
1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
- Correct ordering |
1.0.2_2 12 Jun 2015 01:47:01
  |
zi  |
- Resolve build issue
With hat: ports-secteam |
1.0.2_2 11 Jun 2015 21:37:29
  |
zi  |
- Update to 1.0.2b
- Partially pacify portlint
With hat: ports-secteam
Security: 8305e215-1080-11e5-8ba2-000c2980a9f3 |
1.0.2_1 14 May 2015 10:15:09
  |
mat  |
MASTER_SITES cleanup.
- Replace ${MASTER_SITE_FOO} with FOO.
- Merge MASTER_SITE_SUBDIR into MASTER_SITES when possible. (This means 99.9%
of the time.)
- Remove occurrences of MASTER_SITE_LOCAL when no subdirectory was present and
no hint of what it should be was present.
- Fix some logic.
- And generally, make things more simple and easy to understand.
While there, add magic values to the FESTIVAL, GENTOO, GIMP, GNUPG, QT and
SAMBA macros.
Also, replace some EXTRACT_SUFX occurences with USES=tar:*.
Checked by: make fetch-urlall-list
With hat: portmgr
Sponsored by: Absolight |
1.0.2_1 25 Apr 2015 09:36:02
  |
dinoex  |
- patchfiles for option PADLOCK renamed again
PR: 199444 |
1.0.2_1 12 Apr 2015 17:28:08
  |
dinoex  |
- disable option ASM by default
- bump PORTREVISION
PR: 196756 |
1.0.2 26 Mar 2015 08:38:25
  |
marino  |
security/openssl: Remove patch hunk for configuring pthreads
The patching of Configure file for pthreads is unnecessary -- the effect
of -lpthread -D_REENTRANT is the same as -pthread -D_REENTRANT, so just
remove it to make things even more simpler. |
1.0.2 25 Mar 2015 08:30:28
  |
marino  |
security category: Remove $PTHREAD_LIBS
approved by: PTHREAD blanket |
1.0.2 21 Mar 2015 10:53:14
  |
dinoex  |
- Security update to 1.0.2a
- termios.h now default
- fix patches
- fix manpage generation
- option ZLIB removed from default
- restore padlock support
- restore RFC-5705
- restore patch history
- restore build on older FreeBSD
- restore soname
Security: https://www.openssl.org/news/secadv_20150319.txt
Security: CVE-2015-0291
Security: CVE-2015-0204
Security: CVE-2015-0290
Security: CVE-2015-0207
Security: CVE-2015-0286
Security: CVE-2015-0208
Security: CVE-2015-0287
Security: CVE-2015-0289
Security: CVE-2015-0292
Security: CVE-2015-0293
Security: CVE-2015-1787
Security: CVE-2015-0285
Security: CVE-2015-0209
Security: CVE-2015-0288 |
1.0.1_19 19 Mar 2015 22:15:37
  |
delphij  |
Fix botched patch, this fixes build for i386.
Reported by: ohauer
Pointy hat to: delphij |
1.0.1_19 19 Mar 2015 21:55:03
  |
dinoex  |
- mark BROKEN options |
1.0.1_19 19 Mar 2015 20:23:37
  |
delphij  |
Update to 1.0.1m to fix multiple vulnerabilities.
With hat: so |
1.0.1_18 16 Jan 2015 09:17:39
  |
dinoex  |
- update to 1.0.1l
- fix option PADLOCK |
1.0.1_17 09 Jan 2015 00:02:31
  |
delphij  |
Update to 1.01k.
With hat: ports-secteam
Security: vuxml 4e536c14-9791-11e4-977d-d050992ecde8
Security: CVE-2014-3569
Security: CVE-2014-3570
Security: CVE-2014-3571
Security: CVE-2014-3572
Security: CVE-2014-8275
Security: CVE-2015-0204
Security: CVE-2015-0205
Security: CVE-2015-0206 |
1.0.1_16 23 Nov 2014 10:34:38
  |
dinoex  |
- new option TLSEXPCIPHERS
PR: 195270
Submitted by: yuri@rawbw.com
- options ordered by function
- extends descriptions |
1.0.1_16 15 Oct 2014 18:34:14
  |
delphij  |
Update to 1.01j.
With hat: ports-secteam
Security: vuxml 03175e62-5494-11e4-9cc1-bc5ff4fb5e7b
Security: CVE-2014-3513
Security: CVE-2014-3566
Security: CVE-2014-3567
Security: CVE-2014-3568 |
1.0.1_15 14 Aug 2014 16:25:12
  |
dinoex  |
- remove workaround for amd64 |
1.0.1_14 11 Aug 2014 04:27:53
  |
dinoex  |
- new options SSL2 SSL3
Suggested by: Velcro Leaf |
1.0.1_14 06 Aug 2014 23:37:50
  |
delphij  |
Update to 1.01i.
With hat: ports-secteam
Security: vuxml 8aff07eb-1dbd-11e4-b6ba-3c970e169bc2
Security: CVE-2014-3505
Security: CVE-2014-3506
Security: CVE-2014-3507
Security: CVE-2014-3508
Security: CVE-2014-3509
Security: CVE-2014-3510
Security: CVE-2014-3511
Security: CVE-2014-3512
Security: CVE-2014-5139 |
1.0.1_13 03 Aug 2014 15:30:04
  |
dinoex  |
- rename patch files |
1.0.1_13 29 Jul 2014 14:30:10
  |
adamw  |
Rename security/ patches to reflect the files they modify. |
1.0.1_13 15 Jul 2014 16:57:39
  |
adamw  |
Add DOCS to OPTIONS_DEFINE to ports that check for PORT_OPTIONS:MDOCS. |
1.0.1_13 13 Jul 2014 20:47:22
  |
dinoex  |
- add CONFLICTS because of libressl |
1.0.1_13 10 Jul 2014 10:27:39
  |
des  |
Include the final letter in the CPE version field. |
1.0.1_13 03 Jul 2014 16:49:37
  |
dinoex  |
- allow OPENSSLDIR be changed in /etc/make.conf or Makefile.local |
1.0.1_13 05 Jun 2014 12:54:40
  |
delphij  |
Update to 1.0.1h.
Approved by: so (ports-security@ blanket)
Security: 5ac53801-ec2e-11e3-9cf3-3c970e169bc2 |
1.0.1_12 04 Jun 2014 16:54:57
  |
des  |
Add CPE information.
With hat: ports-secteam |
1.0.1_12 03 May 2014 16:36:42
  |
dinoex  |
- Security patch
Security: CVE-2014-0198
Security: http://seclists.org/oss-sec/2014/q2/232
Security:
https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321
Obtained from: OpenBSD |
1.0.1_11 13 Apr 2014 08:40:14
  |
dinoex  |
- fix a 4 year old "use-after-free" problem
https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest
http://www.tedunangst.com/flak/post/analysis-of-openssl-freelist-reuse
http://ftp.openbsd.org/pub/OpenBSD/patches/5.4/common/008_openssl.patch
Obtained from: OpenBSD |
1.0.1_10 12 Apr 2014 16:58:26
  |
dinoex  |
- fix perl path for CURRENT
PR: 188486 |
1.0.1_10 07 Apr 2014 21:46:40
  |
bdrewery  |
- Update to 1.0.1g
Changes:
- Fix for CVE-2014-0160
- Add TLS padding extension workaround for broken servers.
- Fix for CVE-2014-0076
Security: CVE-2014-0160
Security: CVE-2014-0076
Security: https://www.openssl.org/news/secadv_20140407.txt
With hat: portmgr
MFH: 2014Q2 |
1.0.1_9 30 Mar 2014 19:37:22
  |
dinoex  |
- add missing LIB_DEPENDS for forbidden option GMP |
1.0.1_9 28 Mar 2014 18:23:44
  |
dinoex  |
- reset GREP_OPTIONS
PR: 188030 |
1.0.1_9 04 Mar 2014 06:51:38
  |
dinoex  |
- remove broken MANPREFIX |
1.0.1_9 02 Mar 2014 13:13:28
  |
dinoex  |
- error out early if users trying to break their base system
PR: 187076 |
1.0.1_9 14 Feb 2014 14:34:00
  |
dinoex  |
- use STAGEDIR
PR: 186753
Submitted by: Takefu |
1.0.1_9 08 Jan 2014 20:52:58
  |
dinoex  |
- fix option PADLOCK
Submitted by: Renato Botelho |
1.0.1_9 08 Jan 2014 07:12:01
  |
dinoex  |
- better fix for perl5.18
Submitted by: Jung-uk Kim
- clean up |
1.0.1_9 07 Jan 2014 20:40:22
  |
dinoex  |
- Security update to openssl-1.0.1f
- remove broken patches
- new fix for perl5.18
- fix option GMP
Security: http://www.openssl.org/news/vulnerabilities.html
Security: CVE-2013-4353
Security: CVE-2013-6449
Security: CVE-2013-6450
Security: 5aaa257e-772d-11e3-a65a-3c970e169bc2 |
1.0.1_8 21 Sep 2013 09:45:25
  |
dinoex  |
- fix build with perl 5.16
Submitted by: Takefu |
1.0.1_8 20 Sep 2013 22:55:26
  |
bapt  |
Add NO_STAGE all over the place in preparation for the staging support (cat:
security) |
1.0.1_8 16 Sep 2013 16:45:35
  |
bapt  |
Convert to new perl framework
Convert USE_GMAKE to USES |
1.0.1_8 09 Sep 2013 18:22:13
  |
dinoex  |
- drop depedency to makedepend
Submitted by: Darren Pilgrim |
1.0.1_8 18 Jun 2013 04:33:06
  |
dinoex  |
- fix build when libc.so is not a symlink
Submitted by: Bryan Drewery |
1.0.1_8 18 Mar 2013 06:20:21
  |
dinoex  |
- fix wording of option
Submitted by: Warren Block |
1.0.1_8 05 Mar 2013 20:47:18
  |
dinoex  |
- updated patches for options PADLOCK |
1.0.1_8 03 Mar 2013 22:37:47
  |
dinoex  |
- fix build with manpages |
1.0.1_8 25 Feb 2013 06:07:10
  |
dinoex  |
- fix broken symlink in manpage
Submitted by: Warren Block |
1.0.1_8 13 Feb 2013 20:23:04
  |
dinoex  |
- update to 1.0.1e |
1.0.1_7 10 Feb 2013 16:20:47
  |
dinoex  |
- fix paddding in TLS1.1 and DTLS on amd64 |
1.0.1_6 06 Feb 2013 20:13:08
  |
dinoex  |
- Security update to 1.0.1d
Security: CVE-2012-2686
Security: CVE-2013-0166
Security: CVE-2013-0169
Security: http://www.openssl.org/news/secadv_20120510.txt |