Pullup ticket 3135 - requested by taca

security update

Revisions pulled up:
- pkgsrc/security/openssl/Makefile	1.149
- pkgsrc/security/openssl/distinfo	1.75

Files removed:
pkgsrc/security/openssl/patches/patch-bc

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Mon Apr 12 14:19:17 UTC 2010

   Modified Files:
           pkgsrc/security/openssl: Makefile distinfo
   Removed Files:
           pkgsrc/security/openssl/patches: patch-bc

   Log Message:
   Update openssl package from 0.9.8m to 0.9.8n.

    Changes between 0.9.8m and 0.9.8n [24 Mar 2010]

     *) When rejecting SSL/TLS records due to an incorrect version number, never
        update s->server with a new major version number.  As of
        - OpenSSL 0.9.8m if 'short' is a 16-bit type,
        - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
        the previous behavior could result in a read attempt at NULL when
        receiving specific incorrect SSL/TLS records once record payload
        protection is active.  (CVE-2010-0740)
        [Bodo Moeller, Adam Langley <agl@chromium.org>]

     *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
        could be crashed if the relevant tables were not present (e.g. chrooted).
        [Tomas Hoger <thoger@redhat.com>]


   To generate a diff of this commit:
   cvs rdiff -u -r1.146 -r1.147 pkgsrc/security/openssl/Makefile
   cvs rdiff -u -r1.73 -r1.74 pkgsrc/security/openssl/distinfo
   cvs rdiff -u -r1.1 -r0 pkgsrc/security/openssl/patches/patch-bc

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   adam
   Date:           Sat May  8 06:33:41 UTC 2010

   Modified Files:
           pkgsrc/security/openssl: Makefile

   Log Message:
   Set correct architecture on Darwin


   To generate a diff of this commit:
   cvs rdiff -u -r1.147 -r1.148 pkgsrc/security/openssl/Makefile

   -------------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   taca
   Date:           Wed Jun  2 13:30:11 UTC 2010

   Modified Files:
           pkgsrc/security/openssl: Makefile distinfo

   Log Message:
   Update security/openssl package to 0.9.8o.

    OpenSSL CHANGES
    _______________

    Changes between 0.9.8n and 0.9.8o [01 Jun 2010]

     *) Correct a typo in the CMS ASN1 module which can result in invalid memory
        access or freeing data twice (CVE-2010-0742)
        [Steve Henson, Ronald Moesbergen <intercommit@gmail.com>]

     *) Add SHA2 algorithms to SSL_library_init(). SHA2 is becoming far more
        common in certificates and some applications which only call
        SSL_library_init and not OpenSSL_add_all_algorithms() will fail.
        [Steve Henson]

     *) VMS fixes:
        Reduce copying into .apps and .test in makevms.com
        Don't try to use blank CA certificate in CA.com
        Allow use of C files from original directories in maketests.com
        [Steven M. Schweda" <sms@antinode.info>]


   To generate a diff of this commit:
   cvs rdiff -u -r1.148 -r1.149 pkgsrc/security/openssl/Makefile
   cvs rdiff -u -r1.74 -r1.75 pkgsrc/security/openssl/distinfo

3 files changed, 13 insertions, 27 deletions

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 97469d43fbe..c59137aa83e 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.146 2010/03/26 00:20:49 taca Exp $
+# $NetBSD: Makefile,v 1.146.2.1 2010/06/03 08:33:32 spz Exp $
 
 OPENSSL_SNAPSHOT?=	# empty
 OPENSSL_STABLE?=	# empty
-OPENSSL_VERS?=		0.9.8m
-PKGREVISION=		2
+OPENSSL_VERS?=		0.9.8o
 
 .if empty(OPENSSL_SNAPSHOT)
 DISTNAME=	openssl-${OPENSSL_VERS}
@@ -86,6 +85,13 @@ CONFIGURE_ARGS+=	tru64-alpha-gcc
 CONFIGURE_ARGS+=	tru64-alpha-cc
 .  endif
 .elif ${OPSYS} == "Darwin"
+CONFIGURE_SCRIPT=	./Configure
+.  if ${ABI} == "64"
+CONFIGURE_ARGS+=	darwin64-${MACHINE_ARCH}-cc
+.  else
+CONFIGURE_ARGS+=	darwin-${MACHINE_ARCH}-cc
+.  endif
+
 .include "../../mk/dlopen.buildlink3.mk"
 
 SUBST_CLASSES+=		dl
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index 1e1681a6c45..194d1bf84d3 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.73 2010/03/26 00:20:49 taca Exp $
+$NetBSD: distinfo,v 1.73.2.1 2010/06/03 08:33:32 spz Exp $
 
-SHA1 (openssl-0.9.8m.tar.gz) = 2511c709a47f34d5fa6cd1a1c9cb1699bdffa912
-RMD160 (openssl-0.9.8m.tar.gz) = 0296af151993008526b4f2b3a6810e20c4ad3759
-Size (openssl-0.9.8m.tar.gz) = 3767604 bytes
+SHA1 (openssl-0.9.8o.tar.gz) = 80c73afc7dca790cd26936cb392a4dfd14d4e4d7
+RMD160 (openssl-0.9.8o.tar.gz) = c2e455a17bce59c8a54522ffaa26c3a5cb26b510
+Size (openssl-0.9.8o.tar.gz) = 3772542 bytes
 SHA1 (patch-aa) = b3899aebeea9bd9ead58771ca52ecec049589a55
 SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208
 SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3
@@ -11,4 +11,3 @@ SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6
 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8
 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0
 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302
-SHA1 (patch-bc) = 9200ae3c86fb5c278c9692441555faa4c51afb30
diff --git a/security/openssl/patches/patch-bc b/security/openssl/patches/patch-bc
deleted file mode 100644
index d150c8acb7c..00000000000
--- a/security/openssl/patches/patch-bc
+++ /dev/null
@@ -1,19 +0,0 @@
-$NetBSD: patch-bc,v 1.1 2010/03/26 00:20:49 taca Exp $
-
-Fix for CVE-2010-0740: http://www.openssl.org/news/secadv_20100324.txt
-
---- ssl/s3_pkt.c.orig	2010-01-24 13:52:38.000000000 +0000
-+++ ssl/s3_pkt.c
-@@ -291,9 +291,9 @@ again:
- 			if (version != s->version)
- 				{
- 				SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
--				/* Send back error using their
--				 * version number :-) */
--				s->version=version;
-+				if ((s->version & 0xFF00) == (version & 0xFF00))
-+					/* Send back error using their minor version number :-) */
-+					s->version = (unsigned short)version;
- 				al=SSL_AD_PROTOCOL_VERSION;
- 				goto f_err;
- 				}