I'd like to echo some of the others regarding the recent changes in security/openssl: since this port is used by a large number of people, it would be better to announce major changes in advance, and to test more carefully before committing.
The reverted deprecation leaves me a bit puzzled. What were the problems that prompted the comment that the port had "unfixed vulnerabilities"? If that meant that flawed renegotiation could be enabled via run-time flags, and this was thought to be unacceptable, why not patch the port to disable it, as in the base system openssl, rather than suddenly attempting to remove the port? If it was something else, what was it, and what, if anything, is going to be done about it? Can we expect an update to 1.0.x, and the resurrection of SCTP support, after the renegotiation problem is settled? Or is a removal of the port still planned? If that is the case, what do those who want to remove the port propose as a replacement? I note that there are still a few obvious minor flaws after the most recent commits, including what looks like an unintentional inversion of the logic surrounding the SSE2 option. I'm attaching a suggested patch. Regards, b.
--- old.Makefile 2010-01-13 10:45:10.000000000 -0500 +++ Makefile 2010-01-13 11:26:31.000000000 -0500 @@ -29,7 +29,8 @@ .error You have `USE_OPENSSL' variable defined either in environment or in make(1) arguments. Please undefine and try again. .endif -OPTIONS= I386 "Use optimzed assembler for 80386" off \ +OPTIONS= I386 "Use optimized assembler for 80386" off \ + OPENSSL_THREADS "Build a multithreaded openssl" off \ SSE2 "Use runtime SSE2 detection" on \ ZLIB "Build with zlib compression" on \ @@ -857,7 +858,7 @@ OPENSSL_BASE_SOPATH= ${OPENSSL_BASE_SONAME:H} OPENSSL_SHLIBVER?= 7 -.if !defined(WITHOUT_SSE2) +.if defined(WITHOUT_SSE2) # disable runtime SSE2 detection EXTRACONFIGURE+= no-sse2 .endif @@ -900,11 +901,9 @@ .endif do-configure: -.if !defined(WITH_FIPS) ${RM} -rf ${WRKSRC}/fips ${RM} -f ${WRKSRC}/include/openssl/fips.h ${RM} -f ${WRKSRC}/include/openssl/fips_rand.h -.endif .if defined(WITH_OPENSSL_THREADS) cd ${WRKSRC} \ && ${SETENV} CC="${CC}" FREEBSDCC="${CC}" CFLAGS="${CFLAGS}" PERL="${PERL}" \ @@ -918,13 +917,6 @@ ./config --prefix=${PREFIX} --openssldir=${OPENSSLDIR} \ -L${PREFIX}/lib ${EXTRACONFIGURE} .endif -.if defined(WITH_FIPS) - @${REINPLACE_CMD} \ - -e 's|^MANDIR=.*$$|MANDIR=$$(MANPREFIX)/man|' \ - -e 's|lib/pkgconfig|libdata/pkgconfig|g' \ - -e 's|LIBVERSION=[^ ]* |LIBVERSION=$(OPENSSL_SHLIBVER) |' \ - ${WRKSRC}/Makefile -.else @${REINPLACE_CMD} \ -e 's|^MANDIR=.*$$|MANDIR=$$(MANPREFIX)/man|' \ -e 's|lib/pkgconfig|libdata/pkgconfig|g' \ @@ -949,8 +941,7 @@ -e 's|$$(FIPS_RNGVS)$$(EXE_EXT)||' \ -e 's|$$(FIPS_TEST_SUITE)$$(EXE_EXT)||' \ ${WRKSRC}/test/Makefile -.endif - @(cd ${BUILD_WRKSRC}/${i} && ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} depend) + @(cd ${BUILD_WRKSRC} && ${SETENV} ${MAKE_ENV} ${MAKE} ${MAKE_FLAGS} ${MAKEFILE} depend) post-install: .if !defined(NOSHARED)
_______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"