Index: head/security/openssl/Makefile
===================================================================
--- head/security/openssl/Makefile	(revision 467497)
+++ head/security/openssl/Makefile	(revision 467498)
@@ -1,163 +1,163 @@
 # Created by: Dirk Froemberg <dirk@FreeBSD.org>
 # $FreeBSD$
 
 PORTNAME=	openssl
 PORTVERSION=	1.0.2o
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	1
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/source/ \
 		ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/
 DIST_SUBDIR=	${PORTNAME}-${DISTVERSION:C/[a-z]$//}
 
 MAINTAINER=	brnrd@FreeBSD.org
 COMMENT=	SSL and crypto library
 
 LICENSE=	OpenSSL
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
 CONFLICTS_INSTALL=	libressl-[0-9]* \
 			libressl-devel-[0-9]* \
 			openssl-devel-[0-9]*
 
 OPTIONS_DEFINE=		DOCS MAN3 PADLOCK RFC3779 SHARED THREADS ZLIB
 OPTIONS_DEFAULT=	ASM MD2 MAN3 SCTP SHARED SSE2 SSL2 SSL3 THREADS
 OPTIONS_DEFINE_amd64=	EC
 OPTIONS_DEFAULT_amd64=	EC
 TARGET_ARCH?=	${MACHINE_ARCH}
 .if ${TARGET_ARCH} == "mips64el"
 OPTIONS_DEFINE_mips=	EC
 OPTIONS_DEFAULT_mips=	EC
 .endif
 OPTIONS_GROUP=	CIPHERS HASHES OPTIMIZE PROTOCOLS
 OPTIONS_GROUP_CIPHERS=	RC5
 OPTIONS_GROUP_HASHES=	MD2
 OPTIONS_GROUP_OPTIMIZE=	ASM SSE2
 OPTIONS_GROUP_PROTOCOLS=	SCTP SSL2 SSL3
 .if ${TARGET_ARCH} == "i386"
 OPTIONS_GROUP_OPTIMIZE+=	I386
 .endif
 OPTIONS_SUB=	yes
 ASM_DESC=	Optimized Assembler code
 CIPHERS_DESC=	Cipher Suite support
 EC_DESC=	Optimize NIST elliptic curves
 HASHES_DESC=	Hash Function Support
 I386_DESC=	Optimize for i386 (instead of i486+)
 MAN3_DESC=	Install API manpages (section 3)
 MD2_DESC=	MD2 hash (obsolete)
 OPTIMIZE_DESC=	Optimizations
 PADLOCK_DESC=	VIA Padlock support
 PROTOCOLS_DESC=	Protocol Support
 RC5_DESC=	RC5 cipher (patented)
 RFC3779_DESC=	RFC3779 support (BGP)
 SCTP_DESC=	SCTP protocol support
 SHARED_DESC=	Build shared libs
 SSE2_DESC=	Runtime SSE2 detection
 SSL2_DESC=	SSLv2 protocol support
 SSL3_DESC=	SSLv3 protocol support
 ZLIB_DESC=	zlib compression support
 
 USES=		compiler cpe perl5
 USE_PERL5=	build
 MAKE_ARGS+=	WHOLE_ARCHIVE_FLAG=--whole-archive
 MAKE_ENV+=	LIBRPATH="${PREFIX}/lib" GREP_OPTIONS=
 SUB_FILES=	pkg-message
 
 MAKE_JOBS_UNSAFE=	yes
 
 ASM_CONFIGURE_OFF=	no-asm
 EC_CONFIGURE_ON=	enable-ec_nistp_64_gcc_128
 EC_CONFIGURE_OFF=	no-ec_nistp_64_gcc_128
 I386_CONFIGURE_ON=	386
 MD2_CONFIGURE_ON=	enable-md2
 MD2_CONFIGURE_OFF=	no-md2
 PADLOCK_CFLAGS=		-Wno-unused-function
 PADLOCK_CONFIGURE_OFF=	no-padlock
 PADLOCK_PATCH_SITES=	http://git.alpinelinux.org/cgit/aports/plain/main/openssl/:padlock
 PADLOCK_PATCHFILES=	1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch:padlock \
 			1002-backport-changes-from-upstream-padlock-module.patch:padlock \
 			1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch:padlock \
 			1004-crypto-engine-autoload-padlock-dynamic-engine.patch:padlock
 PADLOCK_VARS=		PATCH_DIST_STRIP=-p1
 RC5_CONFIGURE_ON=	enable-rc5
 RC5_CONFIGURE_OFF=	no-rc5
 RFC3779_CONFIGURE_ON=	enable-rfc3779
 RFC3779_CONFIGURE_OFF=	no-rfc3779
 SCTP_CONFIGURE_ON=	sctp
 SCTP_CONFIGURE_OFF=	no-sctp
 SHARED_CONFIGURE_ON=	shared
 SHARED_MAKE_ENV=	SHLIBVER=${OPENSSL_SHLIBVER}
 SHARED_PLIST_SUB=	SHLIBVER=${OPENSSL_SHLIBVER}
 SHARED_USE=		ldconfig=yes
 SSE2_CONFIGURE_OFF=	no-sse2
 SSL2_CONFIGURE_ON=	enable-ssl2
 SSL2_CONFIGURE_OFF=	no-ssl2
 SSL3_CONFIGURE_ON=	enable-ssl3
 SSL3_CONFIGURE_OFF=	no-ssl3 no-ssl3-method
 SSL3_EXTRA_PATCHES_OFF=	${PATCHDIR}/extra-patch-test_testssl
 THREADS_CONFIGURE_ON=	threads
 THREADS_CONFIGURE_OFF=	no-threads
 ZLIB_CONFIGURE_ON=	zlib zlib-dynamic
 ZLIB_CONFIGURE_OFF=	no-zlib no-zlib-dynamic
 
 CONFIGURE_ARGS=		no-gmp
 
 .include "version.mk"
 
 .include <bsd.port.pre.mk>
 
 .if ${CHOSEN_COMPILER_TYPE} != gcc && ${COMPILER_VERSION} != 42
 CFLAGS+= -Werror -Qunused-arguments
 .endif
 
 .if ${PREFIX} == /usr
 IGNORE=	the OpenSSL port can not be installed over the base version
 .endif
 
 OPENSSLDIR?=	${PREFIX}/openssl
 PLIST_SUB+=	OPENSSLDIR=${OPENSSLDIR:S=^${PREFIX}/==}
 
 .if ${PORT_OPTIONS:MASM}
 BROKEN_sparc64=		option ASM generates illegal instructions
 .endif
 
 post-patch:
 	${REINPLACE_CMD} -e 's|m4 -B 8192|m4|g' \
 		${WRKSRC}/crypto/des/Makefile
 	${REINPLACE_CMD} -e 's|SHLIB_VERSION_NUMBER "1.0.0"|SHLIB_VERSION_NUMBER "${OPENSSL_SHLIBVER}"|' \
 		${WRKSRC}/crypto/opensslv.h
 
 post-patch-MAN3-off:
 	${GREP} -L openssl_manual_section ${WRKSRC}/doc/crypto/*.pod | ${XARGS} ${RM}
 	${REINPLACE_CMD} -e 's|pod doc/ssl/\*\.pod|pod|' ${WRKSRC}/Makefile.org
 
 do-configure:
 	${REINPLACE_CMD} -e "s|options 386|options|" ${WRKSRC}/config
 	cd ${WRKSRC} \
 	&& ${SETENV} CC="${CC}" FREEBSDCC="${CC}" CFLAGS="${CFLAGS}" PERL="${PERL}" \
 	./config --prefix=${PREFIX} --openssldir=${OPENSSLDIR} \
 		--install_prefix=${STAGEDIR} \
 		-L${PREFIX}/lib ${CONFIGURE_ARGS}
 
 post-configure:
 	${REINPLACE_CMD} \
 		-e 's|^MANDIR=.*$$|MANDIR=$$(PREFIX)/man|' \
 		-e 's|$$(LIBDIR)/pkgconfig|libdata/pkgconfig|g' \
 		-e 's|LIBVERSION=[^ ]* |LIBVERSION=${OPENSSL_SHLIBVER} |' \
 		${WRKSRC}/Makefile
 
 post-install-SHARED-on:
 	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl \
 	${STAGEDIR}${PREFIX}/lib/lib*.so.${OPENSSL_SHLIBVER} \
 	${STAGEDIR}${PREFIX}/lib/engines/lib*.so
 
 post-install-DOCS-on:
 	${MKDIR} ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/doc/openssl.txt ${STAGEDIR}${DOCSDIR}/
 
 test: build
 	cd ${WRKSRC} && ${MAKE} test
 
 regression-test:	test
 
 .include <bsd.port.post.mk>
Index: head/security/openssl/files/patch-CVE-2018-0737
===================================================================
--- head/security/openssl/files/patch-CVE-2018-0737	(nonexistent)
+++ head/security/openssl/files/patch-CVE-2018-0737	(revision 467498)
@@ -0,0 +1,28 @@
+From 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Mon Sep 17 00:00:00 2001
+From: Billy Brumley <bbrumley@gmail.com>
+Date: Wed, 11 Apr 2018 10:10:58 +0300
+Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
+ both get called with BN_FLG_CONSTTIME flag set.
+
+CVE-2018-0737
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
+---
+ crypto/rsa/rsa_gen.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
+index 9ca5dfefb70..42b89a8dfaa 100644
+--- crypto/rsa/rsa_gen.c.orig
++++ crypto/rsa/rsa_gen.c
+@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+     if (BN_copy(rsa->e, e_value) == NULL)
+         goto err;
+ 
++    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
++    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
+     BN_set_flags(r2, BN_FLG_CONSTTIME);
+     /* generate p and q */
+     for (;;) {

Property changes on: head/security/openssl/files/patch-CVE-2018-0737
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property