From owner-svn-ports-head@freebsd.org Wed Jan 13 19:16:48 2016 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 53534A80C49; Wed, 13 Jan 2016 19:16:48 +0000 (UTC) (envelope-from brnrd@freebsd.org) Received: from smtp01.qsp.nl (smtp01.qsp.nl [193.254.214.162]) by mx1.freebsd.org (Postfix) with ESMTP id 164C01F1F; Wed, 13 Jan 2016 19:16:47 +0000 (UTC) (envelope-from brnrd@freebsd.org) Received: from smtp01.qsp.nl (localhost [127.0.0.1]) by smtp01.qsp.nl (Postfix) with ESMTP id 73F382A0C66; Wed, 13 Jan 2016 20:16:39 +0100 (CET) Received: from mail.brnrd.eu (unknown [193.164.217.85]) by smtp01.qsp.nl (Postfix) with ESMTP; Wed, 13 Jan 2016 20:16:39 +0100 (CET) Received: by mail.brnrd.eu (OpenSMTPD) with ESMTP id 5b45a79b; Wed, 13 Jan 2016 20:16:44 +0100 (CET) X-Virus-Scanned: amavisd-new at brnrd.eu Received: from mail.brnrd.eu ([172.17.2.2]) by scan.brnrd.eu (scan.brnrd.eu [172.17.2.5]) (amavisd-new, port 10026) with ESMTP id rCthNsCMOctC; Wed, 13 Jan 2016 20:16:42 +0100 (CET) Received: by bachfreund.nl (OpenSMTPD) with ESMTPSA id 3325b496 TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO; Wed, 13 Jan 2016 20:16:42 +0100 (CET) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 13 Jan 2016 20:16:42 +0100 From: Bernard Spil To: Mark Felder Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, dinoex@freebsd.org Subject: Re: svn commit: r406060 - head/security/openssl In-Reply-To: <1452707787.2832948.491187474.31730688@webmail.messagingengine.com> References: <201601131729.u0DHTCQF040857@repo.freebsd.org> <1452707787.2832948.491187474.31730688@webmail.messagingengine.com> Message-ID: X-Sender: brnrd@freebsd.org User-Agent: Roundcube Webmail/1.1.4 X-SMTP-Virus-Scanned: clamav at smtp01 X-Spam-Status: No, score=0.6 required=5.0 tests=HK_RANDOM_ENVFROM, UNPARSEABLE_RELAY autolearn=disabled version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on svfilter04.qsp.nl X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Jan 2016 19:16:48 -0000 On 2016-01-13 18:56, Mark Felder wrote: > On Wed, Jan 13, 2016, at 11:29, Bernard Spil wrote: >> Author: brnrd >> Date: Wed Jan 13 17:29:12 2016 >> New Revision: 406060 >> URL: https://svnweb.freebsd.org/changeset/ports/406060 >> >> Log: >> security/openssl: Fix No-SSLv3 option >> >> - This change adds `no-ssl3-method` to config args >> - Bump portrevision >> >> Testing with security/openssl buillt with SSL3 option disabled [1] >> revealed that the openssl binary and the libraries still support >> SSLv3 >> connections and methods. With the added no-ssl3-method argument >> passed >> to the config script, the binary no longer supports the -ssl3 option >> and ports requiring SSLv3 methods fail on undefined references to >> methods. >> >> PR: 203693 [1] >> Reviewed by: koobs (mentor), feld (mentor, ports-secteam), dinoex >> (maintainer) >> Approved by: koobs (mentor), feld (mentor, ports-secteam >> MFH: 2016Q1 >> Differential Revision: D4924 >> > > koobs and I (mentors) goofed up with the review process here. Dinoex as > maintainer was not involved in the review or approval process, but we > approved this commit and the commit log message. > > This change is a no-op for users who do not set SSL3=off. > > Sorry, dinoex :-) Hi, I did send an email to dinoex with a request to review this patch. After the 2 approvals I committed but should've held back... For users that set SSL3=off this is NOT a no-op. This may trigger build failures for people, a list of known affected ports is maintained on https://wiki.freebsd.org/OpenSSL/No-SSLv3. Luckily most major ports have already been patched. Sorry...