Date: Wed, 13 Jan 2016 20:16:42 +0100 From: Bernard Spil <brnrd@freebsd.org> To: Mark Felder <feld@freebsd.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, dinoex@freebsd.org Subject: Re: svn commit: r406060 - head/security/openssl Message-ID: <b37724db3396a01132b3545b94fed020@imap.brnrd.eu> In-Reply-To: <1452707787.2832948.491187474.31730688@webmail.messagingengine.com> References: <201601131729.u0DHTCQF040857@repo.freebsd.org> <1452707787.2832948.491187474.31730688@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2016-01-13 18:56, Mark Felder wrote: > On Wed, Jan 13, 2016, at 11:29, Bernard Spil wrote: >> Author: brnrd >> Date: Wed Jan 13 17:29:12 2016 >> New Revision: 406060 >> URL: https://svnweb.freebsd.org/changeset/ports/406060 >> >> Log: >> security/openssl: Fix No-SSLv3 option >> >> - This change adds `no-ssl3-method` to config args >> - Bump portrevision >> >> Testing with security/openssl buillt with SSL3 option disabled [1] >> revealed that the openssl binary and the libraries still support >> SSLv3 >> connections and methods. With the added no-ssl3-method argument >> passed >> to the config script, the binary no longer supports the -ssl3 option >> and ports requiring SSLv3 methods fail on undefined references to >> methods. >> >> PR: 203693 [1] >> Reviewed by: koobs (mentor), feld (mentor, ports-secteam), dinoex >> (maintainer) >> Approved by: koobs (mentor), feld (mentor, ports-secteam >> MFH: 2016Q1 >> Differential Revision: D4924 >> > > koobs and I (mentors) goofed up with the review process here. Dinoex as > maintainer was not involved in the review or approval process, but we > approved this commit and the commit log message. > > This change is a no-op for users who do not set SSL3=off. > > Sorry, dinoex :-) Hi, I did send an email to dinoex with a request to review this patch. After the 2 approvals I committed but should've held back... For users that set SSL3=off this is NOT a no-op. This may trigger build failures for people, a list of known affected ports is maintained on https://wiki.freebsd.org/OpenSSL/No-SSLv3. Luckily most major ports have already been patched. Sorry...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b37724db3396a01132b3545b94fed020>