From owner-svn-src-all@FreeBSD.ORG Mon Mar 23 15:36:33 2015 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0A188E3F for ; Mon, 23 Mar 2015 15:36:33 +0000 (UTC) Received: from mail-ig0-f170.google.com (mail-ig0-f170.google.com [209.85.213.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B9765E61 for ; Mon, 23 Mar 2015 15:36:32 +0000 (UTC) Received: by igcau2 with SMTP id au2so45722179igc.0 for ; Mon, 23 Mar 2015 08:36:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=mn2NZhdnUJwiti+GZbOL388/QLmMvcN72qgdmLrjckA=; b=Y9txSZ64D+qh20QofUUcfJolKxZ/Zt8cYzacbnvvS/5paeRILxsrsogNZ9cpCJ6iA2 345d4JPTKcWSiWJe91sLmEkMO0Gbv+1Z7Tc0B7L3FYzhSCnZ1uDzm2GfcTbTk18Ss2Ez k8ozcPZ2DrHqICGfilEhOc7LCx0zgKEg8mAjSONsDAn0QHumoK+4ueW9Clt0OhWkvcip moOCFXNtoRU6t+MCcgjFozvUNiM/cggBLRJLbSF0eDjxtv72tJlD9XVUcP1bCAJsi5C7 GpXhKC5kMNFroBKRBQ4v/7dL0e/TlO8qD9eWxPRvc3/mhOewp0MczlElMwsizPrfkjr/ QC+Q== X-Gm-Message-State: ALoCoQnKW4vxHfvK42zKxWw5Azb+NM+byxrAglzBo0f8dx1ydF3eKJizvPPRODgKSt5Cu88KkAuH X-Received: by 10.42.47.73 with SMTP id n9mr20777011icf.20.1427124986030; Mon, 23 Mar 2015 08:36:26 -0700 (PDT) MIME-Version: 1.0 Received: by 10.50.0.99 with HTTP; Mon, 23 Mar 2015 08:35:45 -0700 (PDT) X-Originating-IP: [68.101.40.130] In-Reply-To: <201503202348.t2KNmCM0033402@svn.freebsd.org> References: <201503202348.t2KNmCM0033402@svn.freebsd.org> From: "Philip M. Gollucci" Date: Mon, 23 Mar 2015 11:35:45 -0400 Message-ID: Subject: Re: svn commit: r280306 - in head: secure/lib/libcrypto secure/lib/libssl sys/sys To: Jung-uk Kim Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Mar 2015 15:36:33 -0000 What about SSLv3 due to POODLE ? On Fri, Mar 20, 2015 at 7:48 PM, Jung-uk Kim wrote: > Author: jkim > Date: Fri Mar 20 23:48:11 2015 > New Revision: 280306 > URL: https://svnweb.freebsd.org/changeset/base/280306 > > Log: > Disable insecure SSLv2 support from the base OpenSSL. > > Differential Revision: https://reviews.freebsd.org/D1304 > > Modified: > head/secure/lib/libcrypto/opensslconf-arm.h > head/secure/lib/libcrypto/opensslconf-mips.h > head/secure/lib/libcrypto/opensslconf-powerpc.h > head/secure/lib/libcrypto/opensslconf-sparc64.h > head/secure/lib/libcrypto/opensslconf-x86.h > head/secure/lib/libssl/Makefile > head/sys/sys/param.h > > Modified: head/secure/lib/libcrypto/opensslconf-arm.h > > ============================================================================== > --- head/secure/lib/libcrypto/opensslconf-arm.h Fri Mar 20 21:56:48 2015 > (r280305) > +++ head/secure/lib/libcrypto/opensslconf-arm.h Fri Mar 20 23:48:11 2015 > (r280306) > @@ -27,6 +27,9 @@ extern "C" { > #ifndef OPENSSL_NO_SCTP > # define OPENSSL_NO_SCTP > #endif > +#ifndef OPENSSL_NO_SSL2 > +# define OPENSSL_NO_SSL2 > +#endif > #ifndef OPENSSL_NO_STORE > # define OPENSSL_NO_STORE > #endif > @@ -69,6 +72,9 @@ extern "C" { > # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) > # define NO_SCTP > # endif > +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) > +# define NO_SSL2 > +# endif > # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) > # define NO_STORE > # endif > > Modified: head/secure/lib/libcrypto/opensslconf-mips.h > > ============================================================================== > --- head/secure/lib/libcrypto/opensslconf-mips.h Fri Mar 20 > 21:56:48 2015 (r280305) > +++ head/secure/lib/libcrypto/opensslconf-mips.h Fri Mar 20 > 23:48:11 2015 (r280306) > @@ -27,6 +27,9 @@ extern "C" { > #ifndef OPENSSL_NO_SCTP > # define OPENSSL_NO_SCTP > #endif > +#ifndef OPENSSL_NO_SSL2 > +# define OPENSSL_NO_SSL2 > +#endif > #ifndef OPENSSL_NO_STORE > # define OPENSSL_NO_STORE > #endif > @@ -69,6 +72,9 @@ extern "C" { > # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) > # define NO_SCTP > # endif > +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) > +# define NO_SSL2 > +# endif > # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) > # define NO_STORE > # endif > > Modified: head/secure/lib/libcrypto/opensslconf-powerpc.h > > ============================================================================== > --- head/secure/lib/libcrypto/opensslconf-powerpc.h Fri Mar 20 > 21:56:48 2015 (r280305) > +++ head/secure/lib/libcrypto/opensslconf-powerpc.h Fri Mar 20 > 23:48:11 2015 (r280306) > @@ -27,6 +27,9 @@ extern "C" { > #ifndef OPENSSL_NO_SCTP > # define OPENSSL_NO_SCTP > #endif > +#ifndef OPENSSL_NO_SSL2 > +# define OPENSSL_NO_SSL2 > +#endif > #ifndef OPENSSL_NO_STORE > # define OPENSSL_NO_STORE > #endif > @@ -69,6 +72,9 @@ extern "C" { > # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) > # define NO_SCTP > # endif > +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) > +# define NO_SSL2 > +# endif > # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) > # define NO_STORE > # endif > > Modified: head/secure/lib/libcrypto/opensslconf-sparc64.h > > ============================================================================== > --- head/secure/lib/libcrypto/opensslconf-sparc64.h Fri Mar 20 > 21:56:48 2015 (r280305) > +++ head/secure/lib/libcrypto/opensslconf-sparc64.h Fri Mar 20 > 23:48:11 2015 (r280306) > @@ -27,6 +27,9 @@ extern "C" { > #ifndef OPENSSL_NO_SCTP > # define OPENSSL_NO_SCTP > #endif > +#ifndef OPENSSL_NO_SSL2 > +# define OPENSSL_NO_SSL2 > +#endif > #ifndef OPENSSL_NO_STORE > # define OPENSSL_NO_STORE > #endif > @@ -69,6 +72,9 @@ extern "C" { > # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) > # define NO_SCTP > # endif > +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) > +# define NO_SSL2 > +# endif > # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) > # define NO_STORE > # endif > > Modified: head/secure/lib/libcrypto/opensslconf-x86.h > > ============================================================================== > --- head/secure/lib/libcrypto/opensslconf-x86.h Fri Mar 20 21:56:48 2015 > (r280305) > +++ head/secure/lib/libcrypto/opensslconf-x86.h Fri Mar 20 23:48:11 2015 > (r280306) > @@ -27,6 +27,9 @@ extern "C" { > #ifndef OPENSSL_NO_SCTP > # define OPENSSL_NO_SCTP > #endif > +#ifndef OPENSSL_NO_SSL2 > +# define OPENSSL_NO_SSL2 > +#endif > #ifndef OPENSSL_NO_STORE > # define OPENSSL_NO_STORE > #endif > @@ -66,6 +69,9 @@ extern "C" { > # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) > # define NO_SCTP > # endif > +# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) > +# define NO_SSL2 > +# endif > # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) > # define NO_STORE > # endif > > Modified: head/secure/lib/libssl/Makefile > > ============================================================================== > --- head/secure/lib/libssl/Makefile Fri Mar 20 21:56:48 2015 > (r280305) > +++ head/secure/lib/libssl/Makefile Fri Mar 20 23:48:11 2015 > (r280306) > @@ -12,11 +12,11 @@ NO_LINT= > > SRCS= bio_ssl.c d1_both.c d1_clnt.c d1_enc.c d1_lib.c d1_meth.c d1_pkt.c > \ > d1_srtp.c d1_srvr.c s23_clnt.c s23_lib.c s23_meth.c s23_pkt.c \ > - s23_srvr.c s2_clnt.c s2_enc.c s2_lib.c s2_meth.c s2_pkt.c > s2_srvr.c \ > - s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c s3_meth.c s3_pkt.c \ > - s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c ssl_err.c \ > - ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c ssl_txt.c \ > - t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c t1_srvr.c > tls_srp.c > + s23_srvr.c s3_both.c s3_cbc.c s3_clnt.c s3_enc.c s3_lib.c > s3_meth.c \ > + s3_pkt.c s3_srvr.c ssl_algs.c ssl_asn1.c ssl_cert.c ssl_ciph.c \ > + ssl_err.c ssl_err2.c ssl_lib.c ssl_rsa.c ssl_sess.c ssl_stat.c \ > + ssl_txt.c t1_clnt.c t1_enc.c t1_lib.c t1_meth.c t1_reneg.c > t1_srvr.c \ > + tls_srp.c > > INCS= dtls1.h kssl.h srtp.h ssl.h ssl2.h ssl23.h ssl3.h tls1.h > INCSDIR=${INCLUDEDIR}/openssl > > Modified: head/sys/sys/param.h > > ============================================================================== > --- head/sys/sys/param.h Fri Mar 20 21:56:48 2015 (r280305) > +++ head/sys/sys/param.h Fri Mar 20 23:48:11 2015 (r280306) > @@ -58,7 +58,7 @@ > * in the range 5 to 9. > */ > #undef __FreeBSD_version > -#define __FreeBSD_version 1100065 /* Master, propagated to newvers */ > +#define __FreeBSD_version 1100066 /* Master, propagated to newvers */ > > /* > * __FreeBSD_kernel__ indicates that this system uses the kernel of > FreeBSD, > _______________________________________________ > svn-src-all@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/svn-src-all > To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" > -- --------------------------------------------------------------------------------- Curb: Your ride is here 4096R/D1EAB94D 2081 E230 3001 6508 8847 1BBF A0A8 DB0F D1EA B94D Philip M. Gollucci (pgollucci@p6m7g8.com) c: 703.336.9354 Member, Apache Software Foundation Committer, FreeBSD Foundation Consultant, P6M7G8 Inc. Sr. Director IT Operations, Curb What doesn't kill us can only make us stronger; Except it almost kills you.