diff options
| author | tnn <tnn> | 2008-01-17 06:42:47 +0000 |
|---|---|---|
| committer | tnn <tnn> | 2008-01-17 06:42:47 +0000 |
| commit | 5a0788bf77c7ece384aa656a182d450810622c81 (patch) | |
| tree | 1f95f02eaa71a0eeb14b4e8b1779893c9ac50abd /security/openssl | |
| parent | 9bc9206fe35413a7621d249ab5712940bcd8c3b5 (diff) | |
| download | pkgsrc-5a0788bf77c7ece384aa656a182d450810622c81.tar.gz | |
Update to openssl-0.9.8g. Provided by Jukka Salmi in pkgsrc-wip.
pkgsrc notes:
o Tested on NetBSD/i386 (Jukka Salmi), Mac OSX 10.5 (Adrian Portelli),
Linux (Jeremy C. Reed), Tru64 5.1b (tnn), HP-UX 11i (tnn).
Because the Makefile system has been rewamped, other
platforms may require fixes. Please test if you can.
o OpenSSL can now be built with installation to DESTDIR.
Overview of important changes since 0.9.7i:
o Add gcc 4.2 support.
o DTLS improvements.
o RFC4507bis support.
o TLS Extensions support.
o RFC3779 support.
o New cipher Camellia
o Updated ECC cipher suite support.
o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
o Zlib compression usage fixes.
o Major work on the BIGNUM library for higher efficiency and to
make operations more streamlined and less contradictory. This
is the result of a major audit of the BIGNUM library.
o Addition of BIGNUM functions for fields GF(2^m) and NIST
curves, to support the Elliptic Crypto functions.
o Major work on Elliptic Crypto; ECDH and ECDSA added, including
the use through EVP, X509 and ENGINE.
o New ASN.1 mini-compiler that's usable through the OpenSSL
configuration file.
o Added support for ASN.1 indefinite length constructed encoding.
o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
o Complete rework of shared library construction and linking
programs with shared or static libraries, through a separate
Makefile.shared.
o Rework of the passing of parameters from one Makefile to another.
o Changed ENGINE framework to load dynamic engine modules
automatically from specifically given directories.
o New structure and ASN.1 functions for CertificatePair.
o Changed the key-generation and primality testing "progress"
mechanism to take a structure that contains the ticker
function and an argument.
o New engine module: GMP (performs private key exponentiation).
o New engine module: VIA PadLOck ACE extension in VIA C3
Nehemiah processors.
o Added support for IPv6 addresses in certificate extensions.
See RFC 1884, section 2.2.
o Added support for certificate policy mappings, policy
constraints and name constraints.
o Added support for multi-valued AVAs in the OpenSSL
configuration file.
o Added support for multiple certificates with the same subject
in the 'openssl ca' index file.
o Make it possible to create self-signed certificates using
'openssl ca -selfsign'.
o Make it possible to generate a serial number file with
'openssl ca -create_serial'.
o New binary search functions with extended functionality.
o New BUF functions.
o New STORE structure and library to provide an interface to all
sorts of data repositories. Supports storage of public and
private keys, certificates, CRLs, numbers and arbitrary blobs.
This library is unfortunately unfinished and unused withing
OpenSSL.
o New control functions for the error stack.
o Changed the PKCS#7 library to support one-pass S/MIME
processing.
o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
o New X509_VERIFY_PARAM structure to support parametrisation
of X.509 path validation.
o Change the default digest in 'openssl' commands from MD5 to
SHA-1.
o Added support for DTLS.
o New BIGNUM blinding.
o Added support for the RSA-PSS encryption scheme
o Added support for the RSA X.931 padding.
o Added support for files larger than 2GB.
o Added alternate pkg-config files.
Diffstat (limited to 'security/openssl')
29 files changed, 262 insertions, 634 deletions
diff --git a/security/openssl/DESCR b/security/openssl/DESCR index a779c6b260e..682036946dd 100644 --- a/security/openssl/DESCR +++ b/security/openssl/DESCR @@ -1,7 +1,8 @@ -The OpenSSL Project is a collaborative effort to develop a robust, -commercial-grade, full-featured, and Open Source toolkit implementing -the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS -v1) protocols as well as a full-strength general purpose cryptography -library. The project is managed by a worldwide community of volunteers -that use the Internet to communicate, plan, and develop the OpenSSL -toolkit and its related documentation. +The OpenSSL Project is a collaborative effort to develop a +robust, commercial-grade, full-featured, and Open Source +toolkit implementing the Secure Sockets Layer (SSL v2/v3) +and Transport Layer Security (TLS v1) protocols as well as +a full-strength general purpose cryptography library. The +project is managed by a worldwide community of volunteers +that use the Internet to communicate, plan, and develop the +OpenSSL toolkit and its related documentation. diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 7ce5585fc3c..22c7d8a4353 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.130 2008/01/05 20:41:25 rillig Exp $ +# $NetBSD: Makefile,v 1.131 2008/01/17 06:42:47 tnn Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty -OPENSSL_VERS?= 0.9.7i +OPENSSL_VERS?= 0.9.8g .if empty(OPENSSL_SNAPSHOT) DISTNAME= openssl-${OPENSSL_VERS} @@ -24,7 +24,6 @@ MASTER_SITES= ftp://ftp.openssl.org/snapshot/ . endif .endif -PKGREVISION= 6 SVR4_PKGNAME= ossl CATEGORIES= security MAINTAINER= pkgsrc-users@NetBSD.org @@ -36,6 +35,7 @@ CONFLICTS= SSLeay-[0-9]* ssleay-[0-9]* CRYPTO= yes PKG_INSTALLATION_TYPES= overwrite pkgviews +PKG_DESTDIR_SUPPORT= user-destdir .include "../../mk/bsd.prefs.mk" .include "../../mk/compiler.mk" @@ -46,6 +46,7 @@ TEST_TARGET= tests HAS_CONFIGURE= yes CONFIGURE_SCRIPT= ./config CONFIGURE_ARGS+= --prefix=${PREFIX:Q} +CONFIGURE_ARGS+= --install_prefix=${DESTDIR} CONFIGURE_ARGS+= --openssldir=${PKG_SYSCONFDIR:Q} CONFIGURE_ARGS+= shared threads @@ -81,9 +82,9 @@ CONFIGURE_ARGS+= irix64-mips4-cc PLIST_OPSYS= PLIST.osf1 CONFIGURE_SCRIPT= ./Configure . if !empty(CC_VERSION:Mgcc*) -CONFIGURE_ARGS+= alpha-gcc-rpath +CONFIGURE_ARGS+= tru64-alpha-gcc . else -CONFIGURE_ARGS+= alpha-cc-rpath +CONFIGURE_ARGS+= tru64-alpha-cc . endif .elif ${OPSYS} == "Darwin" .include "../../mk/dlopen.buildlink3.mk" @@ -92,8 +93,8 @@ SUBST_CLASSES+= dl SUBST_MESSAGE.dl= Adding dynamic link compatibility library. SUBST_STAGE.dl= post-configure SUBST_FILES.dl= Makefile apps/Makefile crypto/Makefile \ - crypto/pkcs7/Makefile fips/Makefile test/Makefile -SUBST_SED.dl= -e "s,^EX_LIBS=,EX_LIBS=${DL_LDFLAGS} ,g" + crypto/pkcs7/Makefile test/Makefile +SUBST_SED.dl= -e 's,^EX_LIBS=,EX_LIBS=${DL_LDFLAGS:Q} ,g' .endif .include "../../security/openssl/options.mk" @@ -117,22 +118,8 @@ CONF_FILES= ${PREFIX}/share/examples/openssl/openssl.cnf \ ${PKG_SYSCONFDIR}/openssl.cnf OWN_DIRS= ${PKG_SYSCONFDIR}/certs ${PKG_SYSCONFDIR}/private -# Some shells don't accept empty word lists in for loops. For those -# Makefiles where this occurs, edit the file so that we avoid running -# the loop. -# -# Also, fix the path to perl in various scripts. -# +# Fix the path to perl in various scripts. pre-configure: - cd ${WRKSRC}; \ - for file in fips/*/Makefile; do \ - if ${GREP} "^EXHEADER=[ ]*\$$" $$file >/dev/null; then \ - ${ECHO} "Fixing 'install' target in $$file."; \ - ${MV} -f $$file $$file.preawk; \ - ${AWK} '/^install:/ { printf "install:\n\nnot-install:\n"; next } { print }' \ - $$file.preawk > $$file; \ - fi; \ - done cd ${WRKSRC} && ${PERL5} util/perlpath.pl ${PERL5} .include "../../mk/bsd.pkg.mk" diff --git a/security/openssl/PLIST.common b/security/openssl/PLIST.common index 0d080f3ec94..6d6a0641b8d 100644 --- a/security/openssl/PLIST.common +++ b/security/openssl/PLIST.common @@ -1,7 +1,6 @@ -@comment $NetBSD: PLIST.common,v 1.11 2005/10/11 17:19:21 jlam Exp $ +@comment $NetBSD: PLIST.common,v 1.12 2008/01/17 06:42:47 tnn Exp $ bin/c_rehash bin/openssl -bin/openssl_fips_fingerprint include/openssl/aes.h include/openssl/asn1.h include/openssl/asn1_mac.h @@ -20,15 +19,15 @@ include/openssl/des_old.h include/openssl/dh.h include/openssl/dsa.h include/openssl/dso.h +include/openssl/dtls1.h include/openssl/e_os2.h include/openssl/ebcdic.h include/openssl/ec.h +include/openssl/ecdh.h +include/openssl/ecdsa.h include/openssl/engine.h include/openssl/err.h include/openssl/evp.h -include/openssl/fips.h -include/openssl/fips_rand.h -include/openssl/fips_sha.h include/openssl/hmac.h ${IDEA}include/openssl/idea.h include/openssl/krb5_asn.h @@ -48,6 +47,8 @@ include/openssl/pem.h include/openssl/pem2.h include/openssl/pkcs12.h include/openssl/pkcs7.h +include/openssl/pq_compat.h +include/openssl/pqueue.h include/openssl/rand.h include/openssl/rc2.h include/openssl/rc4.h @@ -61,6 +62,7 @@ include/openssl/ssl2.h include/openssl/ssl23.h include/openssl/ssl3.h include/openssl/stack.h +include/openssl/store.h include/openssl/symhacks.h include/openssl/tls1.h include/openssl/tmdiff.h @@ -70,8 +72,19 @@ include/openssl/ui_compat.h include/openssl/x509.h include/openssl/x509_vfy.h include/openssl/x509v3.h +lib/engines/lib4758cca.so +lib/engines/libaep.so +lib/engines/libatalla.so +lib/engines/libchil.so +lib/engines/libcswift.so +lib/engines/libgmp.so +lib/engines/libnuron.so +lib/engines/libsureware.so +lib/engines/libubsec.so lib/libcrypto.a lib/libssl.a +lib/pkgconfig/libcrypto.pc +lib/pkgconfig/libssl.pc lib/pkgconfig/openssl.pc man/man1/CA.pl.1 man/man1/openssl.1 @@ -84,6 +97,8 @@ man/man1/openssl_dgst.1 man/man1/openssl_dhparam.1 man/man1/openssl_dsa.1 man/man1/openssl_dsaparam.1 +man/man1/openssl_ec.1 +man/man1/openssl_ecparam.1 man/man1/openssl_enc.1 man/man1/openssl_errstr.1 man/man1/openssl_gendsa.1 @@ -129,6 +144,8 @@ man/man3/ASN1_STRING_print_ex_fp.3 man/man3/ASN1_STRING_set.3 man/man3/ASN1_STRING_type.3 man/man3/ASN1_STRING_type_new.3 +man/man3/ASN1_generate_nconf.3 +man/man3/ASN1_generate_v3.3 man/man3/BF_cbc_encrypt.3 man/man3/BF_cfb64_encrypt.3 man/man3/BF_decrypt.3 @@ -255,6 +272,18 @@ man/man3/BIO_vfree.3 man/man3/BIO_wpending.3 man/man3/BIO_write.3 man/man3/BIO_write_filename.3 +man/man3/BN_BLINDING_convert.3 +man/man3/BN_BLINDING_convert_ex.3 +man/man3/BN_BLINDING_create_param.3 +man/man3/BN_BLINDING_free.3 +man/man3/BN_BLINDING_get_flags.3 +man/man3/BN_BLINDING_get_thread_id.3 +man/man3/BN_BLINDING_invert.3 +man/man3/BN_BLINDING_invert_ex.3 +man/man3/BN_BLINDING_new.3 +man/man3/BN_BLINDING_set_flags.3 +man/man3/BN_BLINDING_set_thread_id.3 +man/man3/BN_BLINDING_update.3 man/man3/BN_CTX_end.3 man/man3/BN_CTX_free.3 man/man3/BN_CTX_get.3 @@ -344,6 +373,7 @@ man/man3/BUF_MEM_free.3 man/man3/BUF_MEM_grow.3 man/man3/BUF_MEM_new.3 man/man3/BUF_strdup.3 +man/man3/CONF_modules_finish.3 man/man3/CONF_modules_free.3 man/man3/CONF_modules_load.3 man/man3/CONF_modules_load_file.3 @@ -457,11 +487,13 @@ man/man3/ERR_peek_error_line_data.3 man/man3/ERR_peek_last_error.3 man/man3/ERR_peek_last_error_line.3 man/man3/ERR_peek_last_error_line_data.3 +man/man3/ERR_pop_to_mark.3 man/man3/ERR_print_errors.3 man/man3/ERR_print_errors_fp.3 man/man3/ERR_put_error.3 man/man3/ERR_reason_error_string.3 man/man3/ERR_remove_state.3 +man/man3/ERR_set_mark.3 man/man3/EVP_BytesToKey.3 man/man3/EVP_CIPHER_CTX_block_size.3 man/man3/EVP_CIPHER_CTX_cipher.3 @@ -597,8 +629,10 @@ man/man3/OBJ_obj2txt.3 man/man3/OBJ_sn2nid.3 man/man3/OBJ_txt2nid.3 man/man3/OBJ_txt2obj.3 +man/man3/OPENSSL_Applink.3 man/man3/OPENSSL_VERSION_NUMBER.3 man/man3/OPENSSL_config.3 +man/man3/OPENSSL_ia32cap.3 man/man3/OPENSSL_load_builtin_modules.3 man/man3/OPENSSL_no_config.3 man/man3/OpenSSL_add_all_algorithms.3 @@ -774,6 +808,7 @@ man/man3/SSL_SESSION_get_time.3 man/man3/SSL_SESSION_get_timeout.3 man/man3/SSL_SESSION_set_ex_data.3 man/man3/SSL_SESSION_set_time.3 +man/man3/SSL_SESSION_set_timeout.3 man/man3/SSL_accept.3 man/man3/SSL_add_client_CA.3 man/man3/SSL_add_session.3 @@ -1036,6 +1071,7 @@ man/man3/openssl_crypto.3 man/man3/openssl_des.3 man/man3/openssl_dh.3 man/man3/openssl_dsa.3 +man/man3/openssl_ecdsa.3 man/man3/openssl_engine.3 man/man3/openssl_err.3 man/man3/openssl_evp.3 @@ -1053,8 +1089,9 @@ man/man3/openssl_ssl.3 man/man3/openssl_threads.3 man/man3/openssl_ui.3 man/man3/openssl_ui_compat.3 +man/man3/openssl_x509.3 man/man5/openssl_config.5 -man/man7/Modes_of_DES.7 +man/man5/openssl_x509v3_config.5 man/man7/des_modes.7 share/examples/openssl/CA.pl share/examples/openssl/CA.sh @@ -1065,4 +1102,5 @@ share/examples/openssl/c_name share/examples/openssl/openssl.cnf @dirrm share/examples/openssl @unexec ${RMDIR} -p %D/lib/pkgconfig 2>/dev/null || ${TRUE} +@dirrm lib/engines @dirrm include/openssl diff --git a/security/openssl/PLIST.darwin b/security/openssl/PLIST.darwin index 42a60fea837..71a4a243d04 100644 --- a/security/openssl/PLIST.darwin +++ b/security/openssl/PLIST.darwin @@ -1,7 +1,5 @@ -@comment $NetBSD: PLIST.darwin,v 1.5 2004/12/24 22:02:38 jlam Exp $ +@comment $NetBSD: PLIST.darwin,v 1.6 2008/01/17 06:42:47 tnn Exp $ lib/libcrypto.${SHLIB_VERSION}.dylib -lib/libcrypto.${SHLIB_MAJOR}.dylib lib/libcrypto.dylib lib/libssl.${SHLIB_VERSION}.dylib -lib/libssl.${SHLIB_MAJOR}.dylib lib/libssl.dylib diff --git a/security/openssl/buildlink3.mk b/security/openssl/buildlink3.mk index 7a37e071a4f..faf498d7e6f 100644 --- a/security/openssl/buildlink3.mk +++ b/security/openssl/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.38 2008/01/05 20:41:25 rillig Exp $ +# $NetBSD: buildlink3.mk,v 1.39 2008/01/17 06:42:47 tnn Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ OPENSSL_BUILDLINK3_MK:= ${OPENSSL_BUILDLINK3_MK}+ @@ -16,11 +16,7 @@ BUILDLINK_ORDER:= ${BUILDLINK_ORDER} ${BUILDLINK_DEPTH}openssl . include "../../mk/bsd.fast.prefs.mk" BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.6m -. if defined(USE_FEATURES.openssl) && !empty(USE_FEATURES.openssl:Mthreads) -BUILDLINK_ABI_DEPENDS.openssl+= openssl>=0.9.7inb4 -. else -BUILDLINK_ABI_DEPENDS.openssl+= openssl>=0.9.7inb1 -. endif +BUILDLINK_ABI_DEPENDS.openssl+= openssl>=0.9.8g BUILDLINK_PKGSRCDIR.openssl?= ../../security/openssl # Ensure that -lcrypt comes before -lcrypto when linking so that the diff --git a/security/openssl/builtin.mk b/security/openssl/builtin.mk index 1af6126c4dd..dcb609c78fe 100644 --- a/security/openssl/builtin.mk +++ b/security/openssl/builtin.mk @@ -1,4 +1,4 @@ -# $NetBSD: builtin.mk,v 1.24 2008/01/07 15:51:08 joerg Exp $ +# $NetBSD: builtin.mk,v 1.25 2008/01/17 06:42:47 tnn Exp $ BUILTIN_PKG:= openssl @@ -125,10 +125,10 @@ USE_BUILTIN.openssl= ${IS_BUILTIN.openssl} . if defined(BUILTIN_PKG.openssl) && \ !empty(IS_BUILTIN.openssl:M[yY][eE][sS]) USE_BUILTIN.openssl= yes -. for _dep_ in ${BUILDLINK_API_DEPENDS.openssl} +. for dep_ in ${BUILDLINK_API_DEPENDS.openssl} . if !empty(USE_BUILTIN.openssl:M[yY][eE][sS]) USE_BUILTIN.openssl!= \ - if ${PKG_ADMIN} pmatch ${_dep_:Q} ${BUILTIN_PKG.openssl:Q}; then \ + if ${PKG_ADMIN} pmatch ${dep_:Q} ${BUILTIN_PKG.openssl:Q}; then \ ${ECHO} yes; \ else \ ${ECHO} no; \ diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 2e04f07cf63..b710478854e 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,25 +1,13 @@ -$NetBSD: distinfo,v 1.56 2007/10/21 17:52:52 adrianp Exp $ +$NetBSD: distinfo,v 1.57 2008/01/17 06:42:48 tnn Exp $ -SHA1 (openssl-0.9.7i.tar.gz) = 4c23925744d43272fa19615454da44e01465eb06 -RMD160 (openssl-0.9.7i.tar.gz) = 0dce52c5793a0c37f17b620f7d26bbf9e4fcf755 -Size (openssl-0.9.7i.tar.gz) = 3280907 bytes -SHA1 (patch-aa) = f2489178263220535bdc9b6975afee0215bd7cef -SHA1 (patch-ac) = e3f33b72468ab47b40a426f44e08ea903d83fa26 -SHA1 (patch-ad) = 2581d06c21ed6d1c9a554289591031a6eb66a686 -SHA1 (patch-ae) = cb3ce622ef9efc4098d57b10059e5424272520c8 -SHA1 (patch-af) = f62ac6e23a480eba3edcb3b886276e933556b02f -SHA1 (patch-ah) = 5245d7ca407af952cfa028e46cf7a54dc0f50f6f -SHA1 (patch-ai) = f960775a57551a70806517b439606099000ea97e -SHA1 (patch-ak) = 7f9960a97cbe83c381c2a4565ca3a6e4e661bf54 -SHA1 (patch-al) = 64fd0be6adf30821b4c4bba3c9088c6dcbff3ba7 -SHA1 (patch-am) = 209aad896f976e5acc9bf66f5e3fdf6193d2ff3d -SHA1 (patch-an) = c38cf54341ae5b770f984859c1a3bf6df41e0532 -SHA1 (patch-ao) = 625c6379b38769b639bc7f87ccb0d23c651bf5eb -SHA1 (patch-ap) = 9473b8e69b71864baab3d38ee3de90e7027b1b0b -SHA1 (patch-aq) = 68704a8048f7eea3744ae5e04dda09c676762923 -SHA1 (patch-ar) = 575be597244eb04576651d7b0276604d51fa7464 -SHA1 (patch-as) = d7984ceadfa51356e6d7a9cc398c1adf7e755930 -SHA1 (patch-at) = d232c98b680c8b279181b08efc84c569128d9ebb -SHA1 (patch-au) = 6924cb666df8ed1eadd28a8ba75462560e72ac43 -SHA1 (patch-av) = dc8d31971b9535965339681b7a0c32d0b72d50bd -SHA1 (patch-aw) = 9139c779ac221595423c38dd97a0ec91f103083e +SHA1 (openssl-0.9.8g.tar.gz) = 4e9c5ced466715d18fd924de79bde5c15da80fa1 +RMD160 (openssl-0.9.8g.tar.gz) = f080a32da9becdc8b98c38744d62c6fd8664f603 +Size (openssl-0.9.8g.tar.gz) = 3354792 bytes +SHA1 (patch-aa) = b28ec662bf0586e31d59cab45e3a28b91b10dac1 +SHA1 (patch-ac) = d0a479d0e87f108a39a9ae7e70f8ef67922982ca +SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 +SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480 +SHA1 (patch-af) = 3c1a88329b1a1c54bdd4624ceaf723af3749ec32 +SHA1 (patch-ag) = 7bb5aac4c9073b8e69f70ed247a5b2613fd902f1 +SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 +SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302 diff --git a/security/openssl/options.mk b/security/openssl/options.mk index c0d204e591b..47e309ff069 100644 --- a/security/openssl/options.mk +++ b/security/openssl/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.3 2007/12/27 23:41:42 gdt Exp $ +# $NetBSD: options.mk,v 1.4 2008/01/17 06:42:48 tnn Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.openssl PKG_SUPPORTED_OPTIONS= idea mdc2 rc5 @@ -27,6 +27,7 @@ PLIST_SUBST+= IDEA="@comment " .if !empty(PKG_OPTIONS:Mmdc2) # A license file is needed. OPENSSL_LICENSE+= mdc2-nonlicense +CONFIGURE_ARGS+= enable-mdc2 PLIST_SUBST+= MDC2= .else CONFIGURE_ARGS+= no-mdc2 @@ -40,6 +41,7 @@ PLIST_SUBST+= MDC2="@comment " .if !empty(PKG_OPTIONS:Mrc5) # A license file is needed. OPENSSL_LICENSE+= rc5-nonlicense +CONFIGURE_ARGS+= enable-rc5 PLIST_SUBST+= RC5= .else CONFIGURE_ARGS+= no-rc5 diff --git a/security/openssl/patches/patch-aa b/security/openssl/patches/patch-aa index c40c0aa86e6..9033971357d 100644 --- a/security/openssl/patches/patch-aa +++ b/security/openssl/patches/patch-aa @@ -1,7 +1,7 @@ -$NetBSD: patch-aa,v 1.19 2006/06/12 22:46:51 joerg Exp $ +$NetBSD: patch-aa,v 1.20 2008/01/17 06:42:48 tnn Exp $ ---- config.orig 2005-04-07 20:26:10.000000000 +0000 -+++ config +--- config.orig 2007-08-01 13:21:35.000000000 +0200 ++++ config 2007-10-21 13:18:53.000000000 +0200 @@ -49,6 +49,7 @@ done # First get uname entries that we use below @@ -10,7 +10,7 @@ $NetBSD: patch-aa,v 1.19 2006/06/12 22:46:51 joerg Exp $ RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown" SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown" VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown" -@@ -155,6 +156,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ +@@ -154,6 +155,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ echo "mips4-sgi-irix64"; exit 0 ;; @@ -21,14 +21,14 @@ $NetBSD: patch-aa,v 1.19 2006/06/12 22:46:51 joerg Exp $ Linux:[2-9].*) echo "${MACHINE}-whatever-linux2"; exit 0 ;; -@@ -210,13 +215,16 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ - FreeBSD:*) +@@ -210,12 +215,16 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ echo "${MACHINE}-whatever-freebsd"; exit 0 ;; + + DragonFly:*) + echo "${MACHINE}-whatever-dragonfly"; exit 0 + ;; - ++ NetBSD:*:*:*386*) echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0 ;; @@ -39,30 +39,32 @@ $NetBSD: patch-aa,v 1.19 2006/06/12 22:46:51 joerg Exp $ ;; OpenBSD:*) -@@ -670,10 +678,23 @@ EOF - sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;; - ia64-*-freebsd*) OUT="FreeBSD-ia64" ;; - *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; -+ *-dragonfly*) OUT="FreeBSD-elf" ;; - *-freebsd[1-2]*) OUT="FreeBSD" ;; -- *86*-*-netbsd) OUT="NetBSD-x86" ;; -- sun3*-*-netbsd) OUT="NetBSD-m68" ;; -- *-*-netbsd) OUT="NetBSD-sparc" ;; -+ x86_64-*-netbsd) OUT="NetBSD-${MACHINE_ARCH}" ;; -+ *86*-*-netbsd) -+ if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then -+ OUT="NetBSD-x86-aout" -+ else -+ OUT="NetBSD-x86-elf" -+ fi -+ ;; +@@ -655,13 +664,18 @@ case "$GUESSOS" in + ;; + *-*-sunos4) OUT="sunos-$CC" ;; + + alpha-*-netbsd|arm-*-netbsd|arm32-*-netbsd|m68000-*-netbsd|m68k-*-netbsd|\ + mipseb-*-netbsd|mipsel-*-netbsd|ns32k-*-netbsd|powerpc-*-netbsd|\ -+ sparc-*-netbsd|sparc64-*-netbsd|vax-*-netbsd) -+ OUT="NetBSD-${MACHINE_ARCH}" -+ ;; -+ *-*-netbsd) OUT="NetBSD" ;; -+ *-*-interix3) OUT="Interix3" ;; - alpha*-*-openbsd) OUT="OpenBSD-alpha" ;; - *86*-*-openbsd) OUT="OpenBSD-i386" ;; - m68k*-*-openbsd) OUT="OpenBSD-m68k" ;; ++ sparc-*-netbsd|sparc64-*-netbsd|vax-*-netbsd|x86_64-*-netbsd) ++ OUT="NetBSD-${MACHINE_ARCH}" ;; ++ + *86*-*-bsdi4) OUT="BSD-x86-elf"; options="$options no-sse2 -ldl" ;; + alpha*-*-*bsd*) OUT="BSD-generic64"; options="$options -DL_ENDIAN" ;; + powerpc64-*-*bsd*) OUT="BSD-generic64"; options="$options -DB_ENDIAN" ;; + sparc64-*-*bsd*) OUT="BSD-sparc64" ;; + ia64-*-*bsd*) OUT="BSD-ia64" ;; + amd64-*-*bsd*) OUT="BSD-x86_64" ;; +- *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc... ++ *86*-*-*bsd*|*-dragonfly*) # mimic ld behaviour when it's looking for libc... + if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD + libc=/usr/lib/libc.so + else # OpenBSD +@@ -674,6 +688,8 @@ case "$GUESSOS" in + esac ;; + *-*-*bsd*) OUT="BSD-generic32" ;; + ++ *-*-interix3) OUT="Interix3" ;; ++ + *-*-osf) OUT="osf1-alpha-cc" ;; + *-*-tru64) OUT="tru64-alpha-cc" ;; + *-*-[Uu]nix[Ww]are7) diff --git a/security/openssl/patches/patch-ac b/security/openssl/patches/patch-ac index f1d08a190e9..b61db731feb 100644 --- a/security/openssl/patches/patch-ac +++ b/security/openssl/patches/patch-ac @@ -1,31 +1,28 @@ -$NetBSD: patch-ac,v 1.31 2007/08/04 14:29:43 tnn Exp $ +$NetBSD: patch-ac,v 1.32 2008/01/17 06:42:48 tnn Exp $ ---- Configure.orig 2007-08-04 14:54:41.000000000 +0200 -+++ Configure -@@ -180,7 +180,7 @@ my %table=( - "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-x86_64.o:::dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - +--- Configure.orig 2007-09-16 14:24:17.000000000 +0200 ++++ Configure 2007-10-21 13:21:36.000000000 +0200 +@@ -194,7 +194,7 @@ my %table=( + "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + #### Solaris x86 with Sun C setups --"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"solaris-x86-cc","cc:-xO5 -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL::::::::::dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"solaris-x86-cc","cc:-xO5 -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with GNU C setups -@@ -364,6 +364,7 @@ my %table=( - "alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so", - "alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so", - "alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so", -+"alpha-gcc-rpath", "gcc:-O3::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath-gcc:::.so", - # - # This probably belongs in a different section. +@@ -306,6 +306,7 @@ my %table=( # -@@ -412,10 +413,25 @@ my %table=( - "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-ia64-ecc", "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o::::asm/sha1-ia64.o::asm/rc4-ia64.o:::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o::::::asm/rc4-x86_64.o:::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", --"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so", + "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so", ++"tru64-alpha-gcc", "gcc:-O3::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-Wl,-msym:.so", + "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so", + + #### +@@ -368,6 +369,25 @@ my %table=( + "BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + +"NetBSD","gcc:-DTERMIOS -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-alpha", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-arm", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -43,12 +40,12 @@ $NetBSD: patch-ac,v 1.31 2007/08/04 14:29:43 tnn Exp $ +"NetBSD-x86-elf", "gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"NetBSD-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -DMD32_REG_T=int -O2::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"Interix3","gcc:-DTERMIOS -DL_ENDIAN -O2 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared::-Wl,--image-base,\$\$((\$\$RANDOM /1024*1048576+1577058304)):.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"DragonFly-i386", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", -@@ -845,6 +861,10 @@ PROCESS_ARGS: ++ + "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + + "nextstep", "cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", +@@ -734,6 +754,10 @@ PROCESS_ARGS: { $libs.=$_." "; } @@ -59,7 +56,7 @@ $NetBSD: patch-ac,v 1.31 2007/08/04 14:29:43 tnn Exp $ elsif (/^-[^-]/ or /^\+/) { $flags.=$_." "; -@@ -1323,7 +1343,7 @@ while (<IN>) +@@ -1371,7 +1395,7 @@ while (<IN>) elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) { my $sotmp = $1; diff --git a/security/openssl/patches/patch-ad b/security/openssl/patches/patch-ad index 93e9bfcf5c2..0e83698a7bb 100644 --- a/security/openssl/patches/patch-ad +++ b/security/openssl/patches/patch-ad @@ -1,17 +1,17 @@ -$NetBSD: patch-ad,v 1.15 2005/10/11 17:19:21 jlam Exp $ +$NetBSD: patch-ad,v 1.16 2008/01/17 06:42:48 tnn Exp $ ---- apps/Makefile.orig 2005-06-14 08:29:33.000000000 -0400 -+++ apps/Makefile -@@ -10,6 +10,7 @@ CFLAG= -g -static - INSTALL_PREFIX= - INSTALLTOP= /usr/local/ssl - OPENSSLDIR= /usr/local/ssl +--- apps/Makefile.orig 2007-02-23 02:01:03.000000000 +0100 ++++ apps/Makefile 2007-07-31 17:18:49.000000000 +0200 +@@ -4,6 +4,7 @@ + + DIR= apps + TOP= .. +EXAMPLEDIR= $(INSTALLTOP)/share/examples/openssl - MAKEDEPPROG= makedepend - MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) - MAKEFILE= Makefile -@@ -115,13 +116,13 @@ install: - @for i in $(SCRIPTS); \ + CC= cc + INCLUDES= -I$(TOP) -I../include $(KRB5_INCLUDES) + CFLAG= -g -static +@@ -109,13 +110,13 @@ install: + @set -e; for i in $(SCRIPTS); \ do \ (echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \ diff --git a/security/openssl/patches/patch-ae b/security/openssl/patches/patch-ae index 80ffd555a89..34f796861e4 100644 --- a/security/openssl/patches/patch-ae +++ b/security/openssl/patches/patch-ae @@ -1,16 +1,16 @@ -$NetBSD: patch-ae,v 1.7 2004/12/24 22:02:38 jlam Exp $ +$NetBSD: patch-ae,v 1.8 2008/01/17 06:42:48 tnn Exp $ ---- tools/Makefile.orig 2004-05-11 08:46:17.000000000 -0400 -+++ tools/Makefile -@@ -10,6 +10,7 @@ CFLAG=-g - INSTALL_PREFIX= - OPENSSLDIR= /usr/local/ssl - INSTALLTOP=/usr/local/ssl +--- tools/Makefile.orig 2006-02-04 02:49:36.000000000 +0100 ++++ tools/Makefile 2007-07-31 17:20:05.000000000 +0200 +@@ -4,6 +4,7 @@ + + DIR= tools + TOP= .. +EXAMPLEDIR= $(INSTALLTOP)/share/examples/openssl - MAKEDEPPROG= makedepend - MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) - MAKEFILE= Makefile -@@ -31,9 +32,9 @@ install: + CC= cc + INCLUDES= -I$(TOP) -I../../include + CFLAG=-g +@@ -28,9 +29,9 @@ install: done; @for i in $(MISC_APPS) ; \ do \ diff --git a/security/openssl/patches/patch-af b/security/openssl/patches/patch-af index 531ca61757c..f6b1053d23d 100644 --- a/security/openssl/patches/patch-af +++ b/security/openssl/patches/patch-af @@ -1,7 +1,7 @@ -$NetBSD: patch-af,v 1.20 2007/08/04 14:29:43 tnn Exp $ +$NetBSD: patch-af,v 1.21 2008/01/17 06:42:48 tnn Exp $ ---- Makefile.org.orig 2007-08-04 15:31:35.000000000 +0200 -+++ Makefile.org +--- Makefile.org.orig 2007-04-24 01:49:54.000000000 +0200 ++++ Makefile.org 2007-10-28 12:44:05.000000000 +0100 @@ -28,6 +28,7 @@ INSTALLTOP=/usr/local/ssl # Do not edit this manually. Use Configure --openssldir=DIR do change this! @@ -10,7 +10,7 @@ $NetBSD: patch-af,v 1.20 2007/08/04 14:29:43 tnn Exp $ # NO_IDEA - Define to build without the IDEA algorithm # NO_RC4 - Define to build without the RC4 algorithm -@@ -195,7 +196,7 @@ TESTS = alltests +@@ -125,7 +126,7 @@ TESTS = alltests MAKEFILE= Makefile @@ -19,102 +19,47 @@ $NetBSD: patch-af,v 1.20 2007/08/04 14:29:43 tnn Exp $ MAN1=1 MAN3=3 MANSUFFIX= -@@ -291,11 +292,13 @@ link-shared: - tmp="$(SHARED_LIBS_LINK_EXTS)"; \ - for i in $(SHLIBDIRS); do \ - prev=lib$$i$(SHLIB_EXT); \ -+ if [ -f "$$prev" ]; then \ - for j in $${tmp:-x}; do \ - ( set -x; \ - rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \ - prev=lib$$i$$j; \ - done; \ -+ fi; \ - done; \ - fi +@@ -140,6 +141,7 @@ SHARED_CRYPTO=libcrypto$(SHLIB_EXT) + SHARED_SSL=libssl$(SHLIB_EXT) + SHARED_LIBS= + SHARED_LIBS_LINK_EXTS= ++LIBRPATH=$(INSTALLTOP)/lib + SHARED_LDFLAGS= -@@ -310,8 +313,7 @@ do_gnu-shared: - fi; \ - ( set -x; ${CC} ${SHARED_LDFLAGS} \ - -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -- -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ -- -Wl,-Bsymbolic \ -+ -Wl,-h,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,--whole-archive lib$$i.a \ - -Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \ - libs="-l$$i $$libs"; \ -@@ -327,7 +329,7 @@ do_darwin-shared: - fi; \ - ( set -x; ${CC} ${SHARED_LDFLAGS} \ - --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \ -- lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \ -+ lib$$i.a $$libs ${DL_LDFLAGS} -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \ - -install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \ - libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \ -@@ -410,6 +412,22 @@ do_tru64-shared-rpath: - done; \ - fi - -+do_tru64-shared-rpath-gcc: -+ if ${DETECT_GNU_LD}; then \ -+ $(MAKE) do_gnu-shared; \ -+ else \ -+ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ -+ if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \ -+ libs="$(LIBKRB5) $$libs"; \ -+ fi; \ -+ ( set -x; ${CC} ${SHARED_LDFLAGS} \ -+ -shared -Wl,-msym -o lib$$i.so \ -+ -Wl,-rpath,${INSTALLTOP}/lib \ -+ -Wl,-set_version,"${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \ -+ -Wl,-all lib$$i.a -Wl,-none $$libs ${EX_LIBS} ) || exit 1; \ -+ libs="-l$$i $$libs"; \ -+ done; \ -+ fi - - # This assumes that GNU utilities are *not* used - do_solaris-shared: -@@ -427,6 +445,7 @@ do_solaris-shared: - -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-Bsymbolic \ -+ -Wl,-R${INSTALLTOP}/lib \ - $${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \ - $$libs ${EX_LIBS} ) || exit 1; \ - libs="-l$$i $$libs"; \ -@@ -534,7 +553,7 @@ do_hpux-shared: - # HP/UX-64bit: +forceload - # AIX: -bnogc - # SHAREDFLAGS would be: --# GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} -+# GNU systems: -shared -Wl,-h,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} - # Tru64 Unix: -shared \ - # -set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" - # Solaris: -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} -@@ -771,16 +790,14 @@ dist: + GENERAL= Makefile +@@ -172,7 +174,7 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESS + CC='${CC}' CFLAG='${CFLAG}' \ + AS='${CC}' ASFLAG='${CFLAG} -c' \ + AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \ +- SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \ ++ SDIRS='${SDIRS}' LIBRPATH='${LIBRPATH}' \ + INSTALL_PREFIX='${INSTALL_PREFIX}' \ + INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \ + MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ +@@ -473,7 +475,7 @@ dist: dist_pem_h: - (cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean) + (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) -install: all install_docs install_sw +install: install_docs install_sw install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ +@@ -481,9 +483,7 @@ install_sw: + $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/private + $(INSTALL_PREFIX)$(EXAMPLEDIR) - @headerlist="$(EXHEADER)"; for i in $$headerlist ;\ + @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ do \ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ -@@ -875,35 +892,53 @@ install_docs: - for i in doc/apps/*.pod; do \ +@@ -553,35 +553,53 @@ install_docs: + set -e; for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ - if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \ + sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + case "$$fn" in \ + CA.pl|openssl) ofn="$$fn" ;; \ @@ -140,9 +85,9 @@ $NetBSD: patch-af,v 1.20 2007/08/04 14:29:43 tnn Exp $ + $$here/util/point.sh $$ofn.$${sec}$(MANSUFFIX) "$$on".$${sec}$(MANSUFFIX); \ done); \ done; \ - for i in doc/crypto/*.pod doc/ssl/*.pod; do \ + set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \ fn=`basename $$i .pod`; \ - if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \ + sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ + case "$$fn" in \ + ui*) ofn="openssl_$$fn" ;; \ diff --git a/security/openssl/patches/patch-ag b/security/openssl/patches/patch-ag new file mode 100644 index 00000000000..03a67a513ed --- /dev/null +++ b/security/openssl/patches/patch-ag @@ -0,0 +1,58 @@ +$NetBSD: patch-ag,v 1.10 2008/01/17 06:42:48 tnn Exp $ + +--- Makefile.shared.orig 2007-09-16 16:11:51.000000000 +0200 ++++ Makefile.shared 2007-10-21 13:28:51.000000000 +0200 +@@ -273,6 +273,11 @@ link_o.alpha-osf1: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ ++ if ($(CC) -v 2>&1 | grep gcc) > /dev/null; then \ ++ WL="-Wl,"; DELIM=","; \ ++ else \ ++ WL=""; DELIM=" "; \ ++ fi; \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \ +@@ -282,11 +287,11 @@ link_o.alpha-osf1: + SHLIB_HIST="$(LIBVERSION)"; \ + fi; \ + SHLIB_SOVER=; \ +- ALLSYMSFLAGS='-all'; \ +- NOALLSYMSFLAGS='-none'; \ ++ ALLSYMSFLAGS="$${WL}-all"; \ ++ NOALLSYMSFLAGS="$${WL}-none"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \ + if [ -n "$$SHLIB_HIST" ]; then \ +- SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \ ++ SHAREDFLAGS="$$SHAREDFLAGS $${WL}-set_version$${DELIM}$$SHLIB_HIST"; \ + fi; \ + fi; \ + $(LINK_SO_O) +@@ -294,6 +299,11 @@ link_a.alpha-osf1: + @ if ${DETECT_GNU_LD}; then \ + $(DO_GNU_SO); \ + else \ ++ if ($(CC) -v 2>&1 | grep gcc) > /dev/null; then \ ++ WL="-Wl,"; DELIM=","; \ ++ else \ ++ WL=""; DELIM=" "; \ ++ fi; \ + SHLIB=lib$(LIBNAME).so; \ + SHLIB_SUFFIX=; \ + SHLIB_HIST=`echo "$(LIBCOMPATVERSIONS)" | cut -d';' -f2 | sed -e 's/ */:/'`; \ +@@ -303,11 +313,11 @@ link_a.alpha-osf1: + SHLIB_HIST="$(LIBVERSION)"; \ + fi; \ + SHLIB_SOVER=; \ +- ALLSYMSFLAGS='-all'; \ +- NOALLSYMSFLAGS='-none'; \ ++ ALLSYMSFLAGS="$${WL}-all"; \ ++ NOALLSYMSFLAGS="$${WL}-none"; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-B,symbolic"; \ + if [ -n "$$SHLIB_HIST" ]; then \ +- SHAREDFLAGS="$$SHAREDFLAGS -set_version $$SHLIB_HIST"; \ ++ SHAREDFLAGS="$$SHAREDFLAGS $${WL}-set_version$${DELIM}$$SHLIB_HIST"; \ + fi; \ + fi; \ + $(LINK_SO_A) diff --git a/security/openssl/patches/patch-ah b/security/openssl/patches/patch-ah deleted file mode 100644 index 5ddd76b5a9d..00000000000 --- a/security/openssl/patches/patch-ah +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-ah,v 1.6 2006/09/30 04:20:24 taca Exp $ - -# http://secunia.com/advisories/22130/ - ---- ssl/s3_srvr.c.orig 2005-04-10 08:52:53.000000000 +0900 -+++ ssl/s3_srvr.c -@@ -1727,7 +1727,7 @@ static int ssl3_get_client_key_exchange( - - if (kssl_ctx->client_princ) - { -- int len = strlen(kssl_ctx->client_princ); -+ size_t len = strlen(kssl_ctx->client_princ); - if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) - { - s->session->krb5_client_princ_len = len; diff --git a/security/openssl/patches/patch-ai b/security/openssl/patches/patch-ai deleted file mode 100644 index fcfcb175d74..00000000000 --- a/security/openssl/patches/patch-ai +++ /dev/null @@ -1,64 +0,0 @@ -$NetBSD: patch-ai,v 1.6 2006/09/30 04:20:24 taca Exp $ - -# http://secunia.com/advisories/22130/ - ---- crypto/rsa/rsa_eay.c.orig 2005-05-29 05:15:47.000000000 +0900 -+++ crypto/rsa/rsa_eay.c -@@ -157,6 +157,28 @@ static int RSA_eay_public_encrypt(int fl - unsigned char *buf=NULL; - BN_CTX *ctx=NULL; - -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) -+ { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); -+ return -1; -+ } -+ -+ if (BN_ucmp(rsa->n, rsa->e) <= 0) -+ { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ -+ /* for large moduli, enforce exponent limit */ -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) -+ { -+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) -+ { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ } -+ - BN_init(&f); - BN_init(&ret); - if ((ctx=BN_CTX_new()) == NULL) goto err; -@@ -576,6 +598,28 @@ static int RSA_eay_public_decrypt(int fl - unsigned char *buf=NULL; - BN_CTX *ctx=NULL; - -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) -+ { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); -+ return -1; -+ } -+ -+ if (BN_ucmp(rsa->n, rsa->e) <= 0) -+ { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ -+ /* for large moduli, enforce exponent limit */ -+ if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) -+ { -+ if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) -+ { -+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); -+ return -1; -+ } -+ } -+ - BN_init(&f); - BN_init(&ret); - ctx=BN_CTX_new(); diff --git a/security/openssl/patches/patch-ak b/security/openssl/patches/patch-ak index 203ba06dce8..c2c897dd05d 100644 --- a/security/openssl/patches/patch-ak +++ b/security/openssl/patches/patch-ak @@ -1,7 +1,7 @@ -$NetBSD: patch-ak,v 1.5 2004/03/29 13:49:42 seb Exp $ +$NetBSD: patch-ak,v 1.6 2008/01/17 06:42:49 tnn Exp $ ---- crypto/bn/bn_prime.pl.orig Wed Feb 16 13:24:06 2000 -+++ crypto/bn/bn_prime.pl +--- crypto/bn/bn_prime.pl.orig 2003-09-25 15:57:58.000000000 +0200 ++++ crypto/bn/bn_prime.pl 2007-07-31 17:53:39.000000000 +0200 @@ -1,6 +1,8 @@ #!/usr/local/bin/perl # bn_prime.pl @@ -18,5 +18,5 @@ $NetBSD: patch-ak,v 1.5 2004/03/29 13:49:42 seb Exp $ - $s=int(sqrt($p)); + $s=floor(sqrt($p)); - for ($i=0; $primes[$i]<=$s; $i++) + for ($i=0; defined($primes[$i]) && $primes[$i]<=$s; $i++) { diff --git a/security/openssl/patches/patch-al b/security/openssl/patches/patch-al index c67d3aca0ab..0732091e3a9 100644 --- a/security/openssl/patches/patch-al +++ b/security/openssl/patches/patch-al @@ -1,9 +1,9 @@ -$NetBSD: patch-al,v 1.3 2006/06/12 22:46:51 joerg Exp $ +$NetBSD: patch-al,v 1.4 2008/01/17 06:42:49 tnn Exp $ ---- apps/speed.c.orig 2006-06-12 22:27:58.000000000 +0000 -+++ apps/speed.c -@@ -89,12 +89,12 @@ - #include OPENSSL_UNISTD +--- apps/speed.c.orig 2006-06-09 17:42:11.000000000 +0200 ++++ apps/speed.c 2007-07-31 17:52:43.000000000 +0200 +@@ -108,12 +108,12 @@ + #include <signal.h> #endif -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(OPENSSL_SYS_MACOSX) diff --git a/security/openssl/patches/patch-am b/security/openssl/patches/patch-am deleted file mode 100644 index 5b03f808c50..00000000000 --- a/security/openssl/patches/patch-am +++ /dev/null @@ -1,28 +0,0 @@ -$NetBSD: patch-am,v 1.3 2006/09/07 09:44:31 adrianp Exp $ - ---- crypto/rsa/rsa_sign.c.orig 2004-12-05 01:04:42.000000000 +0000 -+++ crypto/rsa/rsa_sign.c -@@ -185,6 +185,23 @@ int RSA_verify(int dtype, const unsigned - sig=d2i_X509_SIG(NULL,&p,(long)i); - - if (sig == NULL) goto err; -+ -+ /* Excess data can be used to create forgeries */ -+ if(p != s+i) -+ { -+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); -+ goto err; -+ } -+ -+ /* Parameters to the signature algorithm can also be used to -+ create forgeries */ -+ if(sig->algor->parameter -+ && sig->algor->parameter->type != V_ASN1_NULL) -+ { -+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); -+ goto err; -+ } -+ - sigtype=OBJ_obj2nid(sig->algor->algorithm); - - diff --git a/security/openssl/patches/patch-an b/security/openssl/patches/patch-an deleted file mode 100644 index f8eacf9fb82..00000000000 --- a/security/openssl/patches/patch-an +++ /dev/null @@ -1,38 +0,0 @@ -$NetBSD: patch-an,v 1.1 2006/09/30 04:20:24 taca Exp $ - -# http://secunia.com/advisories/22130/ - ---- crypto/asn1/tasn_dec.c.orig 2005-05-01 03:16:40.000000000 +0900 -+++ crypto/asn1/tasn_dec.c -@@ -628,6 +628,9 @@ static int asn1_d2i_ex_primitive(ASN1_VA - if(!ret) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); - return 0; -+ -+ ret = 0; -+ - } else if(ret == -1) return -1; - /* SEQUENCE, SET and "OTHER" are left in encoded form */ - if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { -@@ -662,7 +665,11 @@ static int asn1_d2i_ex_primitive(ASN1_VA - * internally irrespective of the type. So instead just check - * for UNIVERSAL class and ignore the tag. - */ -- if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) goto err; -+ if(!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL)) -+ { -+ free_cont = 1; -+ goto err; -+ } - len = buf.length; - /* Append a final null to string */ - if(!BUF_MEM_grow_clean(&buf, len + 1)) { -@@ -903,7 +910,7 @@ static int asn1_collect(BUF_MEM *buf, un - return 0; - #endif - } else { -- if(!collect_data(buf, &p, plen)) return 0; -+ if(plen && !collect_data(buf, &p, plen)) return 0; - } - len -= p - q; - } diff --git a/security/openssl/patches/patch-ao b/security/openssl/patches/patch-ao deleted file mode 100644 index 7bc30bd52be..00000000000 --- a/security/openssl/patches/patch-ao +++ /dev/null @@ -1,49 +0,0 @@ -$NetBSD: patch-ao,v 1.2 2007/10/21 17:52:53 adrianp Exp $ - -# CVE-2007-5135 - ---- ssl/ssl_lib.c.orig 2005-06-10 21:00:39.000000000 +0100 -+++ ssl/ssl_lib.c -@@ -1169,7 +1169,6 @@ int SSL_set_cipher_list(SSL *s,const cha - char *SSL_get_shared_ciphers(const SSL *s,char *buf,int len) - { - char *p; -- const char *cp; - STACK_OF(SSL_CIPHER) *sk; - SSL_CIPHER *c; - int i; -@@ -1182,20 +1181,21 @@ char *SSL_get_shared_ciphers(const SSL * - sk=s->session->ciphers; - for (i=0; i<sk_SSL_CIPHER_num(sk); i++) - { -- /* Decrement for either the ':' or a '\0' */ -- len--; -+ int n; -+ - c=sk_SSL_CIPHER_value(sk,i); -- for (cp=c->name; *cp; ) -- { -- if (len-- == 0) -- { -- *p='\0'; -- return(buf); -- } -- else -- *(p++)= *(cp++); -- } -- *(p++)=':'; -+ n=strlen(c->name); -+ if (n+1 > len) -+ { -+ if (p != buf) -+ --p; -+ *p='\0'; -+ return buf; -+ } -+ strcpy(p,c->name); -+ p+=n; -+ *(p++)=':'; -+ len-=n+1; - } - p[-1]='\0'; - return(buf); diff --git a/security/openssl/patches/patch-ap b/security/openssl/patches/patch-ap deleted file mode 100644 index f29eb463c49..00000000000 --- a/security/openssl/patches/patch-ap +++ /dev/null @@ -1,25 +0,0 @@ -$NetBSD: patch-ap,v 1.1 2006/09/30 04:20:24 taca Exp $ - -# http://secunia.com/advisories/22130/ - ---- crypto/dh/dh.h.orig 2005-05-16 10:26:03.000000000 +0900 -+++ crypto/dh/dh.h -@@ -70,6 +70,10 @@ - #include <openssl/crypto.h> - #include <openssl/ossl_typ.h> - -+#ifndef OPENSSL_DH_MAX_MODULUS_BITS -+# define OPENSSL_DH_MAX_MODULUS_BITS 10000 -+#endif -+ - #define DH_FLAG_CACHE_MONT_P 0x01 - #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH - * implementation now uses constant time -@@ -203,6 +207,7 @@ void ERR_load_DH_strings(void); - #define DH_F_DH_GENERATE_KEY 103 - #define DH_F_DH_GENERATE_PARAMETERS 104 - #define DH_F_DH_NEW_METHOD 105 -+#define DH_R_MODULUS_TOO_LARGE 103 - - /* Reason codes. */ - #define DH_R_BAD_GENERATOR 101 diff --git a/security/openssl/patches/patch-aq b/security/openssl/patches/patch-aq deleted file mode 100644 index 85f55a29427..00000000000 --- a/security/openssl/patches/patch-aq +++ /dev/null @@ -1,33 +0,0 @@ -$NetBSD: patch-aq,v 1.1 2006/09/30 04:20:24 taca Exp $ - -# http://secunia.com/advisories/22130/ - ---- crypto/dh/dh_key.c.orig 2005-05-28 00:39:11.000000000 +0900 -+++ crypto/dh/dh_key.c -@@ -180,6 +180,12 @@ static int compute_key(unsigned char *ke - BIGNUM *tmp; - int ret= -1; - -+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) -+ { -+ DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE); -+ goto err; -+ } -+ - ctx = BN_CTX_new(); - if (ctx == NULL) goto err; - BN_CTX_start(ctx); -@@ -213,8 +219,11 @@ static int compute_key(unsigned char *ke - - ret=BN_bn2bin(tmp,key); - err: -- BN_CTX_end(ctx); -- BN_CTX_free(ctx); -+ if (ctx != NULL) -+ { -+ BN_CTX_end(ctx); -+ BN_CTX_free(ctx); -+ } - return(ret); - } - diff --git a/security/openssl/patches/patch-ar b/security/openssl/patches/patch-ar deleted file mode 100644 index 9c25622a73a..00000000000 --- a/security/openssl/patches/patch-ar +++ /dev/null @@ -1,28 +0,0 @@ -$NetBSD: patch-ar,v 1.1 2006/09/30 04:20:24 taca Exp $ - -# http://secunia.com/advisories/22130/ - ---- crypto/dsa/dsa.h.orig 2005-05-16 10:26:04.000000000 +0900 -+++ crypto/dsa/dsa.h -@@ -79,6 +79,10 @@ - # include <openssl/dh.h> - #endif - -+#ifndef OPENSSL_DSA_MAX_MODULUS_BITS -+# define OPENSSL_DSA_MAX_MODULUS_BITS 10000 -+#endif -+ - #define DSA_FLAG_CACHE_MONT_P 0x01 - #define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA - * implementation now uses constant time -@@ -252,8 +256,10 @@ void ERR_load_DSA_strings(void); - #define DSA_F_SIG_CB 114 - - /* Reason codes. */ -+#define DSA_R_BAD_Q_VALUE 102 - #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 - #define DSA_R_MISSING_PARAMETERS 101 -+#define DSA_R_MODULUS_TOO_LARGE 103 - - #ifdef __cplusplus - } diff --git a/security/openssl/patches/patch-as b/security/openssl/patches/patch-as deleted file mode 100644 index 311e0c43fb3..00000000000 --- a/security/openssl/patches/patch-as +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-as,v 1.1 2006/09/30 04:20:24 taca Exp $ - -# http://secunia.com/advisories/22130/ - ---- crypto/dsa/dsa_err.c.orig 2005-04-12 22:47:50.000000000 +0900 -+++ crypto/dsa/dsa_err.c -@@ -89,8 +89,10 @@ static ERR_STRING_DATA DSA_str_functs[]= - - static ERR_STRING_DATA DSA_str_reasons[]= - { -+{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"}, - {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"}, - {ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"}, -+{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, - {0,NULL} - }; - diff --git a/security/openssl/patches/patch-at b/security/openssl/patches/patch-at deleted file mode 100644 index 1ce1f479f5d..00000000000 --- a/security/openssl/patches/patch-at +++ /dev/null @@ -1,25 +0,0 @@ -$NetBSD: patch-at,v 1.1 2006/09/30 04:20:24 taca Exp $ - -# http://secunia.com/advisories/22130/ - ---- crypto/dsa/dsa_ossl.c.orig 2005-05-26 13:40:42.000000000 +0900 -+++ crypto/dsa/dsa_ossl.c -@@ -274,6 +274,18 @@ static int dsa_do_verify(const unsigned - return -1; - } - -+ if (BN_num_bits(dsa->q) != 160) -+ { -+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE); -+ return -1; -+ } -+ -+ if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) -+ { -+ DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE); -+ return -1; -+ } -+ - BN_init(&u1); - BN_init(&u2); - BN_init(&t1); diff --git a/security/openssl/patches/patch-au b/security/openssl/patches/patch-au deleted file mode 100644 index 902f26a3f7d..00000000000 --- a/security/openssl/patches/patch-au +++ /dev/null @@ -1,32 +0,0 @@ -$NetBSD: patch-au,v 1.1 2006/09/30 04:20:24 taca Exp $ - -# http://secunia.com/advisories/22130/ - ---- crypto/rsa/rsa.h.orig 2005-06-03 03:07:16.000000000 +0900 -+++ crypto/rsa/rsa.h -@@ -154,6 +154,17 @@ struct rsa_st - BN_BLINDING *blinding; - }; - -+#ifndef OPENSSL_RSA_MAX_MODULUS_BITS -+# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 -+#endif -+ -+#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS -+# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 -+#endif -+#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS -+# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */ -+#endif -+ - #define RSA_3 0x3L - #define RSA_F4 0x10001L - -@@ -386,6 +397,7 @@ void ERR_load_RSA_strings(void); - #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 - #define RSA_R_KEY_SIZE_TOO_SMALL 120 - #define RSA_R_LAST_OCTET_INVALID 134 -+#define RSA_R_MODULUS_TOO_LARGE 105 - #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 - #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 - #define RSA_R_OAEP_DECODING_ERROR 121 diff --git a/security/openssl/patches/patch-av b/security/openssl/patches/patch-av deleted file mode 100644 index f033b150692..00000000000 --- a/security/openssl/patches/patch-av +++ /dev/null @@ -1,14 +0,0 @@ -$NetBSD: patch-av,v 1.1 2006/09/30 04:20:24 taca Exp $ - -# http://secunia.com/advisories/22130/ - ---- crypto/rsa/rsa_err.c.orig 2005-06-03 03:07:16.000000000 +0900 -+++ crypto/rsa/rsa_err.c -@@ -129,6 +129,7 @@ static ERR_STRING_DATA RSA_str_reasons[] - {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"}, - {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, - {ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, -+{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, - {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, - {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, - {ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, diff --git a/security/openssl/patches/patch-aw b/security/openssl/patches/patch-aw deleted file mode 100644 index d340b5b41b0..00000000000 --- a/security/openssl/patches/patch-aw +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-aw,v 1.1 2006/09/30 04:20:24 taca Exp $ - -# http://secunia.com/advisories/22130/ - ---- ssl/s2_clnt.c.orig 2005-05-12 03:26:07.000000000 +0900 -+++ ssl/s2_clnt.c -@@ -538,7 +538,8 @@ static int get_server_hello(SSL *s) - CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509); - } - -- if (s->session->peer != s->session->sess_cert->peer_key->x509) -+ if (s->session->sess_cert == NULL -+ || s->session->peer != s->session->sess_cert->peer_key->x509) - /* can't happen */ - { - ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR); |