Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Jan 2016 20:16:42 +0100
From:      Bernard Spil <brnrd@freebsd.org>
To:        Mark Felder <feld@freebsd.org>
Cc:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, dinoex@freebsd.org
Subject:   Re: svn commit: r406060 - head/security/openssl
Message-ID:  <b37724db3396a01132b3545b94fed020@imap.brnrd.eu>
In-Reply-To: <1452707787.2832948.491187474.31730688@webmail.messagingengine.com>
References:  <201601131729.u0DHTCQF040857@repo.freebsd.org> <1452707787.2832948.491187474.31730688@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 2016-01-13 18:56, Mark Felder wrote:
> On Wed, Jan 13, 2016, at 11:29, Bernard Spil wrote:
>> Author: brnrd
>> Date: Wed Jan 13 17:29:12 2016
>> New Revision: 406060
>> URL: https://svnweb.freebsd.org/changeset/ports/406060
>> 
>> Log:
>>   security/openssl: Fix No-SSLv3 option
>> 
>>     - This change adds `no-ssl3-method` to config args
>>     - Bump portrevision
>> 
>>   Testing with security/openssl buillt with SSL3 option disabled [1]
>>   revealed that the openssl binary and the libraries still support 
>> SSLv3
>>   connections and methods. With the added no-ssl3-method argument 
>> passed
>>   to the config script, the binary no longer supports the -ssl3 option
>>   and ports requiring SSLv3 methods fail on undefined references to
>>   methods.
>> 
>>   PR:             203693 [1]
>>   Reviewed by:    koobs (mentor), feld (mentor, ports-secteam), dinoex
>>   (maintainer)
>>   Approved by:    koobs (mentor), feld (mentor, ports-secteam
>>   MFH:            2016Q1
>>   Differential Revision:  D4924
>> 
> 
> koobs and I (mentors) goofed up with the review process here. Dinoex as
> maintainer was not involved in the review or approval process, but we
> approved this commit and the commit log message.
> 
> This change is a no-op for users who do not set SSL3=off.
> 
> Sorry, dinoex :-)
Hi,

I did send an email to dinoex with a request to review this patch. After 
the 2 approvals I committed but should've held back...

For users that set SSL3=off this is NOT a no-op. This may trigger build 
failures for people, a list of known affected ports is maintained on 
https://wiki.freebsd.org/OpenSSL/No-SSLv3. Luckily most major ports have 
already been patched.

Sorry...

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b37724db3396a01132b3545b94fed020>