mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-30 05:40:06 +00:00
0a1b168539
the fix for the following vulnerability: https://www.isc.org/node/373 Description: Return values from OpenSSL library functions EVP_VerifyFinal() and DSA_do_verify() were not checked properly. Impact: It is theoretically possible to spoof answers returned from zones using the DNSKEY algorithms DSA (3) and NSEC3DSA (6). In short, if you're not using DNSSEC to verify signatures you have nothing to worry about. While I'm here, address the issues raised in the PR by adding a knob to disable building with OpenSSL altogether (which eliminates DNSSEC capability), and fix the configure arguments to better deal with the situation where the user has ssl bits in both the base and LOCALBASE. PR: ports/126297 Submitted by: Ronald F.Guilmette <rfg@tristatelogic.com> |
||
---|---|---|
.. | ||
distinfo | ||
Makefile | ||
pkg-descr | ||
pkg-message | ||
pkg-plist |