Navigation:
Browse pkgsrc
(this page)| 2008-07-14 05:52:54 by Tobias Nygren | Files touched by this commit (4) |
Log message: Update to openssl-0.9.8h. Changes from 0.9.8g: Two crashes discovered using the Codenomicon TLS test suite, as reported in CVE-2008-0891 and CVE-2008-1672, were fixed. The root CA certificates of commercial CAs were removed from the distribution. Functions were added to implement RFC3394 compatible AES key wrapping. Utility functions to handle ASN1 structures were added. The certificate status request TLS extension, as defined in RFC3546, was implemented. Several other bugfixes and enhancements were made. |
| 2008-06-16 22:18:20 by Tonnerre Lombard | Files touched by this commit (3) |
Log message: Fix shared library build on various architectures. This basically fiddles with the number of colons between the fields. |
| 2008-06-03 23:39:40 by Tonnerre Lombard | Files touched by this commit (4) |
Log message: Fix two Denial of Service vulnerabilities in OpenSSL 0.9.8g: - Fix flaw if 'Server Key exchange message' is omitted from a TLS handshake which could lead to a silent crash. - Fix double free in TLS server name extensions which could lead to a remote crash. Patches from upstream. |
| 2008-05-08 16:04:25 by Tonnerre Lombard | Files touched by this commit (2) |
Log message: Fix build of OpenSSL on NetBSD/amd64 (4.0 and current tested) |
| 2008-04-25 22:06:15 by Johnny C. Lam | Files touched by this commit (1) |
Log message: Fix detection of openssl configuration directory on NetBSD so it's /etc/openssl only if USE_BUILTIN.openssl is "yes". |
| 2008-04-13 00:43:15 by Johnny C. Lam | Files touched by this commit (370) |
Log message: Convert to use PLIST_VARS instead of manually passing "@comment " through PLIST_SUBST to the plist module. |
| 2008-02-20 02:10:20 by Tobias Nygren | Files touched by this commit (2) |
Log message: Link shared libraries with -rpath on IRIX to prevent check-shlibs errors. |
| 2008-01-17 07:42:52 by Tobias Nygren | Files touched by this commit (29) |
Log message:
Update to openssl-0.9.8g. Provided by Jukka Salmi in pkgsrc-wip.
pkgsrc notes:
o Tested on NetBSD/i386 (Jukka Salmi), Mac OSX 10.5 (Adrian Portelli),
Linux (Jeremy C. Reed), Tru64 5.1b (tnn), HP-UX 11i (tnn).
Because the Makefile system has been rewamped, other
platforms may require fixes. Please test if you can.
o OpenSSL can now be built with installation to DESTDIR.
Overview of important changes since 0.9.7i:
o Add gcc 4.2 support.
o DTLS improvements.
o RFC4507bis support.
o TLS Extensions support.
o RFC3779 support.
o New cipher Camellia
o Updated ECC cipher suite support.
o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
o Zlib compression usage fixes.
o Major work on the BIGNUM library for higher efficiency and to
make operations more streamlined and less contradictory. This
is the result of a major audit of the BIGNUM library.
o Addition of BIGNUM functions for fields GF(2^m) and NIST
curves, to support the Elliptic Crypto functions.
o Major work on Elliptic Crypto; ECDH and ECDSA added, including
the use through EVP, X509 and ENGINE.
o New ASN.1 mini-compiler that's usable through the OpenSSL
configuration file.
o Added support for ASN.1 indefinite length constructed encoding.
o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
o Complete rework of shared library construction and linking
programs with shared or static libraries, through a separate
Makefile.shared.
o Rework of the passing of parameters from one Makefile to another.
o Changed ENGINE framework to load dynamic engine modules
automatically from specifically given directories.
o New structure and ASN.1 functions for CertificatePair.
o Changed the key-generation and primality testing "progress"
mechanism to take a structure that contains the ticker
function and an argument.
o New engine module: GMP (performs private key exponentiation).
o New engine module: VIA PadLOck ACE extension in VIA C3
Nehemiah processors.
o Added support for IPv6 addresses in certificate extensions.
See RFC 1884, section 2.2.
o Added support for certificate policy mappings, policy
constraints and name constraints.
o Added support for multi-valued AVAs in the OpenSSL
configuration file.
o Added support for multiple certificates with the same subject
in the 'openssl ca' index file.
o Make it possible to create self-signed certificates using
'openssl ca -selfsign'.
o Make it possible to generate a serial number file with
'openssl ca -create_serial'.
o New binary search functions with extended functionality.
o New BUF functions.
o New STORE structure and library to provide an interface to all
sorts of data repositories. Supports storage of public and
private keys, certificates, CRLs, numbers and arbitrary blobs.
This library is unfortunately unfinished and unused withing
OpenSSL.
o New control functions for the error stack.
o Changed the PKCS#7 library to support one-pass S/MIME
processing.
o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
o New X509_VERIFY_PARAM structure to support parametrisation
of X.509 path validation.
o Change the default digest in 'openssl' commands from MD5 to
SHA-1.
o Added support for DTLS.
o New BIGNUM blinding.
o Added support for the RSA-PSS encryption scheme
o Added support for the RSA X.931 padding.
o Added support for files larger than 2GB.
o Added alternate pkg-config files.
|
| 2008-01-07 16:51:08 by Joerg Sonnenberger | Files touched by this commit (1) |
Log message: Fix builtin.mk logic for thread feature if no native OpenSSL exists. Fixes PR pkg/37699 from Aleksey Cheusov. |
| 2008-01-05 21:41:26 by Roland Illig | Files touched by this commit (3) |
Log message: Fixed a few pkglint warnings. |
New packages: