From owner-freebsd-ports@freebsd.org  Tue Jun 14 11:01:22 2016
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D5204B4E29F
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Tue, 14 Jun 2016 11:01:22 +0000 (UTC)
 (envelope-from herbert@mailbox.org)
Received: from mx2.mailbox.org (mx2.mailbox.org [80.241.60.215])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.mailbox.org",
 Issuer "SwissSign Server Silver CA 2014 - G22" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 9A6AD2C83;
 Tue, 14 Jun 2016 11:01:21 +0000 (UTC)
 (envelope-from herbert@mailbox.org)
Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx2.mailbox.org (Postfix) with ESMTPS id 972AD434B5;
 Tue, 14 Jun 2016 12:53:04 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mailbox.org; h=
 content-type:content-type:mime-version:references:in-reply-to
 :subject:subject:from:from:message-id:date:date:received; s=
 mail20150812; t=1465901583; bh=wJ1JZ2nyraqUk3ptGhmQO4XI3y3esQQMU
 R8HAQ/bT9s=; b=iVXgT87NVL6TXS76+eYv+OIjVA3QOHRZ3jJxqEeHVJFcb8zCV
 dHwPSrbvRB74d8PAg+np9NOdh6xBZs5BMq02mX26BUT0MLOLqTnFDr0AnkvF6B7A
 6y72PDTBXtxPamLim1XzUPgn0e6/k0glmX5FJphFiGaxXuKgmOHZkVMfZy9n4yAB
 KpZMjXzoK5SVRs4RrVEgws6R9f7lbwwciXQTWnfjAPF5DCavGj7AytNEOoFgGkHR
 /Snxljje1fe+ONswGxEjoGsVywUC2YL6G+bzu46ZkVbJlvOycnH7h7DRgpTz85HY
 TK7xXhssBu8npNJBcOjiFbZkZFHEbsybkccgA==
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp1.mailbox.org ([80.241.60.240])
 by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173])
 (amavisd-new, port 10030)
 with ESMTP id lhQkzFpNYQXv; Tue, 14 Jun 2016 12:53:03 +0200 (CEST)
Date: Tue, 14 Jun 2016 12:53:01 +0200
Message-ID: <867fds2gaa.wl-herbert@mailbox.org>
From: "Herbert J. Skuhra" <herbert@mailbox.org>
To: FreeBSD Ports <freebsd-ports@freebsd.org>
Cc: "dinoex@FreeBSD.org" <dinoex@FreeBSD.org>
Subject: Re: openssl-1.0.2.13
In-Reply-To: <SN2PR20MB084569E9E00B375CE71ABF0F80540@SN2PR20MB0845.namprd20.prod.outlook.com>
References: <SN2PR20MB084569E9E00B375CE71ABF0F80540@SN2PR20MB0845.namprd20.prod.outlook.com>
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2016 11:01:22 -0000

Gerard Seibert skrev:
> 
> I have a question regarding "openssl-1.0.2.13". Since the port is
> marked as "vulnerable", I was wondering if there is any idea when a
> corrected port will be released?

% svnlite log -l1
------------------------------------------------------------------------
r416823 | dinoex | 2016-06-12 23:29:57 +0200 (Sun, 12 Jun 2016) | 3 lines

- Fix DSA, preserve BN_FLG_CONSTTIME
Security: CVE-2016-2178

> Also, according to the documentation on
> https://vuxml.FreeBSD.org/freebsd/6f0529e2-2e82-11e6-b2ec-b499baebfeaf.html
> this only affects versions of openssl < 1.0.2_13

Yes, openssl 1.0.2_13 is the fixed version.
Run 'pkg audit -F' and try again.

--
Herbert