diff options
| author | fredb <fredb@pkgsrc.org> | 2002-08-04 15:47:43 +0000 |
|---|---|---|
| committer | fredb <fredb@pkgsrc.org> | 2002-08-04 15:47:43 +0000 |
| commit | d78c8fae4b7bde9d1a807fe757bd05207e15934d (patch) | |
| tree | ee6a0575eb2345de5de1b37a57459a79ab918ccf /security/openssl | |
| parent | 7b0570927c13ca5050fae8216f8f4ed37a1f8ba0 (diff) | |
| download | pkgsrc-d78c8fae4b7bde9d1a807fe757bd05207e15934d.tar.gz | |
Update openssl to 0.9.6e. This update fixes multiple vulnerabilities,
and also changes the ABI of "libcrypto" and "libssl". (So the shared
library majors and buildlink requirements are bumped, too.) The code
base is now synced perfectly with NetBSD HEAD and netbsd-1-6 branches
as of 2002-08-04, the optimization levels are reduced to "-O2", but
I've retained some of the processor optimization flags and different code
path #defines in the "Configure" script, just to keep things interesting.
The default "certs" directory on NetBSD is now "/etc/openssl/certs", to
give continuity to those who find themselves using the package system's
"openssl" after upgrading a package that formerly used the base system's.
[Suggested by itojun.] The best way to avoid such problems, however, is
to upgrade your base system *first*.
I'm making use of the new and improved build system as much as possible.
This gives us a cleaner way to make shared libraries and real man pages,
but loses many of the symlinks to the openssl binary.
I've culled items from the "CHANGES" file that appear to have security
implications or are particularly interesting for NetBSD users, below.
My comments are marked off with '===>'.
===> This is from the netbsd-20020804-patch
*) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
and get fix the header length calculation.
[Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
Alon Kantor <alonk@checkpoint.com> (and others),
Steve Henson]
Changes between 0.9.6d and 0.9.6e [30 Jul 2002]
*) New option
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
that was added in OpenSSL 0.9.6d.
As the countermeasure turned out to be incompatible with some
broken SSL implementations, the new option is part of SSL_OP_ALL.
SSL_OP_ALL is usually employed when compatibility with weird SSL
implementations is desired (e.g. '-bugs' option to 's_client' and
's_server'), so the new option is automatically set in many
applications.
[Bodo Moeller]
*) Changes in security patch:
Changes marked "(CHATS)" were sponsored by the Defense Advanced
Research Projects Agency (DARPA) and Air Force Research Laboratory,
Air Force Materiel Command, USAF, under agreement number
F30602-01-2-0537.
*) Add various sanity checks to asn1_get_length() to reject
the ASN1 length bytes if they exceed sizeof(long), will appear
negative or the content length exceeds the length of the
supplied buffer.
[Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
*) Assertions for various potential buffer overflows, not known to
happen in practice.
[Ben Laurie (CHATS)]
*) Various temporary buffers to hold ASCII versions of integers were
too small for 64 bit platforms. (CAN-2002-0655)
[Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
*) Remote buffer overflow in SSL3 protocol - an attacker could
supply an oversized session ID to a client. (CAN-2002-0656)
[Ben Laurie (CHATS)]
*) Remote buffer overflow in SSL2 protocol - an attacker could
supply an oversized client master key. (CAN-2002-0656)
[Ben Laurie (CHATS)]
Changes between 0.9.6c and 0.9.6d [9 May 2002]
*) Implement a countermeasure against a vulnerability recently found
in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
before application data chunks to avoid the use of known IVs
with data potentially chosen by the attacker.
[Bodo Moeller]
Changes between 0.9.6a and 0.9.6b [9 Jul 2001]
*) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
PRNG state recovery was possible based on the output of
one PRNG request appropriately sized to gain knowledge on
'md' followed by enough consecutive 1-byte PRNG requests
to traverse all of 'state'.
1. When updating 'md_local' (the current thread's copy of 'md')
during PRNG output generation, hash all of the previous
'md_local' value, not just the half used for PRNG output.
2. Make the number of bytes from 'state' included into the hash
independent from the number of PRNG bytes requested.
The first measure alone would be sufficient to avoid
Markku-Juhani's attack. (Actually it had never occurred
to me that the half of 'md_local' used for chaining was the
half from which PRNG output bytes were taken -- I had always
assumed that the secret half would be used.) The second
measure makes sure that additional data from 'state' is never
mixed into 'md_local' in small portions; this heuristically
further strengthens the PRNG.
[Bodo Moeller]
*) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
when fixing the server behaviour for backwards-compatible 'client
hello' messages. (Note that the attack is impractical against
SSL 3.0 and TLS 1.0 anyway because length and version checking
means that the probability of guessing a valid ciphertext is
around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
paper.)
Before 0.9.5, the countermeasure (hide the error by generating a
random 'decryption result') did not work properly because
ERR_clear_error() was missing, meaning that SSL_get_error() would
detect the supposedly ignored error.
Both problems are now fixed.
[Bodo Moeller]
Changes between 0.9.6 and 0.9.6a [5 Apr 2001]
===> This is our ABI change.
*) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes
with des_encrypt() defined on some operating systems, like Solaris
and UnixWare.
[Richard Levitte]
*) Don't use getenv in library functions when run as setuid/setgid.
New function OPENSSL_issetugid().
[Ulf Moeller]
*) Store verify_result within SSL_SESSION also for client side to
avoid potential security hole. (Re-used sessions on the client side
always resulted in verify_result==X509_V_OK, not using the original
result of the server certificate verification.)
[Lutz Jaenicke]
===> package doesn't doesn't do this. We'll bump major versions
===> as necessary.
*) Make sure that shared libraries get the internal name engine with
the full version number and not just 0. This should mark the
shared libraries as not backward compatible. Of course, this should
be changed again when we can guarantee backward binary compatibility.
[Richard Levitte]
*) Rework the system to generate shared libraries:
- Make note of the expected extension for the shared libraries and
if there is a need for symbolic links from for example libcrypto.so.0
to libcrypto.so.0.9.7. There is extended info in Configure for
that.
- Make as few rebuilds of the shared libraries as possible.
- Still avoid linking the OpenSSL programs with the shared libraries.
- When installing, install the shared libraries separately from the
static ones.
Diffstat (limited to 'security/openssl')
| -rw-r--r-- | security/openssl/MESSAGE | 12 | ||||
| -rw-r--r-- | security/openssl/Makefile | 140 | ||||
| -rw-r--r-- | security/openssl/PLIST.common | 513 | ||||
| -rw-r--r-- | security/openssl/PLIST.darwin | 8 | ||||
| -rw-r--r-- | security/openssl/PLIST.netbsd | 10 | ||||
| -rw-r--r-- | security/openssl/buildlink.mk | 88 | ||||
| -rw-r--r-- | security/openssl/distinfo | 22 | ||||
| -rw-r--r-- | security/openssl/files/get_progs.sh | 13 | ||||
| -rwxr-xr-x | security/openssl/files/makelib | 16 | ||||
| -rw-r--r-- | security/openssl/patches/patch-aa | 65 | ||||
| -rw-r--r-- | security/openssl/patches/patch-ab | 89 | ||||
| -rw-r--r-- | security/openssl/patches/patch-ac | 39 | ||||
| -rw-r--r-- | security/openssl/patches/patch-ad | 21 | ||||
| -rw-r--r-- | security/openssl/patches/patch-ae | 15 | ||||
| -rw-r--r-- | security/openssl/patches/patch-af | 36 | ||||
| -rw-r--r-- | security/openssl/patches/patch-ag | 25 | ||||
| -rw-r--r-- | security/openssl/patches/patch-ai | 13 | ||||
| -rw-r--r-- | security/openssl/patches/patch-aj | 18 |
18 files changed, 502 insertions, 641 deletions
diff --git a/security/openssl/MESSAGE b/security/openssl/MESSAGE index 729dbb4589b..4dc89d1c9c2 100644 --- a/security/openssl/MESSAGE +++ b/security/openssl/MESSAGE @@ -1,11 +1,11 @@ =========================================================================== -$NetBSD: MESSAGE,v 1.1 2001/11/01 01:17:06 zuntum Exp $ +$NetBSD: MESSAGE,v 1.2 2002/08/04 15:47:43 fredb Exp $ -If upgrading from SSLeay, you will need to copy your ssleay.cnf (used -for creating certificate requests with "ca") into ${PREFIX}/etc/openssl.cnf. +If upgrading from SSLeay, you will need to copy your ssleay.cnf (used for +creating certificate requests with "ca") into "/etc/openssl/openssl.cnf". -If installing from scratch, you may want to take a look at -${PREFIX}/etc/openssl.cnf.example, copy it to ${PREFIX}/etc/openssl.cnf, -and customize it. +If installing from scratch, you may want to take a look +at "${PREFIX}/share/examples/openssl/openssl.cnf" copy it +to "/etc/openssl/openssl.cnf", and customize it. =========================================================================== diff --git a/security/openssl/Makefile b/security/openssl/Makefile index fb50d11d908..70c81541212 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.52 2002/07/28 05:36:29 schmonz Exp $ +# $NetBSD: Makefile,v 1.53 2002/08/04 15:47:43 fredb Exp $ -DISTNAME= openssl-0.9.6 -PKGREVISION= 2 +DISTNAME= openssl-0.9.6e SVR4_PKGNAME= ossl CATEGORIES= security MASTER_SITES= ftp://ftp.openssl.org/source/ @@ -12,7 +11,7 @@ COMMENT= Secure Socket Layer and cryptographic library USE_PERL5= build -CONFLICTS= SSLeay-[0-9]* ssleay-[0-9]* base64-[0-9]* \ +CONFLICTS= SSLeay-[0-9]* ssleay-[0-9]* base64-[0-9]* \ glimpse-[0-9] CRYPTO= YES @@ -20,28 +19,46 @@ CRYPTO= YES # openssl supplies IDEA/RC5. IDEA/RC5 need license for commercial use. LICENCE= fee-based-commercial-use -# matches what's in `Configure' (except sparc64) -ONLY_FOR_PLATFORM= NetBSD-*-alpha NetBSD-*-arm32 NetBSD-*-i386 \ - NetBSD-*-m68k NetBSD-*-mips NetBSD-*-mipseb \ - NetBSD-*-mipsel NetBSD-*-ns32k NetBSD-*-powerpc \ - NetBSD-*-sparc NetBSD-*-vax \ - SunOS-* Linux-*-* Darwin-*-* - CONFIGURE_SCRIPT= config -CONFIGURE_ARGS= -fPIC -DPIC --openssldir=${PREFIX} --prefix=${PREFIX} \ - ${LDFLAGS} +CONFIGURE_ARGS= shared --openssldir=${PKG_SYSCONFDIR} --prefix=${PREFIX} CONFIGURE_ENV= CC="${CC}" +CONF_FILES= ${PREFIX}/share/examples/openssl/openssl.cnf \ + ${PKG_SYSCONFDIR}/openssl.cnf +PKG_SYSCONFSUBDIR= openssl +PLIST_SRC= ${WRKDIR}/.PLIST_SRC +PLIST_SUBST= PKG_SYSCONFDIR=${PKG_SYSCONFDIR} + +do-configure: + cd ${WRKSRC} \ + && ${PERL5} util/perlpath.pl ${LOCALBASE}/bin \ + && ${SETENV} ${CONFIGURE_ENV} ./${CONFIGURE_SCRIPT} \ + ${CONFIGURE_ARGS} + +post-build: + ${CAT} ${PKGDIR}/PLIST.${LOWER_OPSYS} ${PLIST_RSAREF} \ + ${PKGDIR}/PLIST.common > ${PLIST_SRC} + +test: all + @cd ${WRKSRC}/test \ + && ${SETENV} ${LD_PATH_VARNAME}=${WRKSRC} ${MAKE} tests \ + && ${ECHO} "*** Tests successful. ***" + .include "../../mk/bsd.prefs.mk" .if ${OPSYS} == "NetBSD" PATCH_SITES= ${MASTER_SITE_LOCAL} -PATCHFILES= openssl-0.9.6-20010914-netbsd.patch.gz +PATCHFILES= openssl-0.9.6e-20020804-netbsd.patch.gz +PATCH_DIST_STRIP= -p1 -MAKE_ENV= LD_LIBRARY_PATH=${WRKSRC} MAKELIB=${FILESDIR}/makelib +PKG_SYSCONFBASE= /etc .endif -PLIST_SRC= ${WRKDIR}/.PLIST_SRC +.if ${OPSYS} == "Darwin" +LD_PATH_VARNAME= DYLD_LIBRARY_PATH +.else +LD_PATH_VARNAME= LD_LIBRARY_PATH +.endif .if ${OPSYS} == "NetBSD" && !exists(/usr/libexec/ld.elf_so) && !exists(/usr/libexec/ld.so) IGNORE= ${PKGNAME} requires shared object support @@ -58,95 +75,4 @@ CONFIGURE_SCRIPT= Configure CONFIGURE_ARGS+= solaris-${SPARC_TARGET_ARCH}-${CC} .endif -# The Perl stuff doesn't work yet (nor did it work properly in SSLeay...) -do-configure: - @cd ${WRKSRC} && ${PERL5} util/perlpath.pl ${LOCALBASE}/bin - @cd ${WRKSRC} && ${SETENV} ${CONFIGURE_ENV} ./${CONFIGURE_SCRIPT} \ - ${CONFIGURE_ARGS} - -#post-build: -# @cd ${WRKSRC}/perl && ${MAKE} - -do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/apps/openssl ${PREFIX}/bin - @cd ${PREFIX}/bin && \ - for file in asn1parse base64 bf bf-cbc bf-cfb bf-ecb bf-ofb ca \ - cast cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb ciphers crl \ - crl2pkcs7 des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb \ - des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb \ - des-ofb des3 desx dgst dh dsa dsaparam enc errstr gendh gendsa \ - genrsa idea idea-cbc idea-cfb idea-ecb idea-ofb md2 mdc2 nseq \ - pkcs12 pkcs7 pkcs8 rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb rc4 rc5 \ - rc5-cbc rc5-cfb rc5-ecb rc5-ofb req rmd160 rsa s_client s_server \ - s_time sess_id sha sha1 speed verify version x509; do \ - ${RM} -f $$file ; \ - ${LN} -sf openssl $$file; \ - done - cd ${WRKSRC}/tools && ${INSTALL_SCRIPT} \ - c_hash c_info c_issuer c_name c_rehash ${PREFIX}/bin - ${SED} -e s,/usr/local,${PREFIX}, ${WRKSRC}/apps/der_chop >${WRKDIR}/der_chop && \ - ${INSTALL_SCRIPT} ${WRKDIR}/der_chop ${PREFIX}/bin - cd ${WRKSRC}/apps && ${INSTALL_SCRIPT} CA.sh CA.pl ${PREFIX}/bin - ${INSTALL_DATA} ${WRKSRC}/apps/openssl.cnf ${PREFIX}/etc/openssl.cnf.example - cd ${WRKSRC} && ${INSTALL_DATA} libcrypto.a libssl.a ${PREFIX}/lib -.if ${OPSYS} == "NetBSD" - cd ${WRKSRC} && ${INSTALL_DATA} libcrypto.so.200.0 libssl.so.200.0 ${PREFIX}/lib -.if ${OBJECT_FMT} == "ELF" -.for shared_lib in libcrypto.so.200.0 libssl.so.200.0 - cd ${PREFIX}/lib && ${LN} -s ${shared_lib} ${shared_lib:R} && \ - ${LN} -s ${shared_lib} ${shared_lib:R:R} -.endfor -.endif -.endif -.if exists(/usr/bin/ranlib) - /usr/bin/ranlib ${PREFIX}/lib/libcrypto.a - /usr/bin/ranlib ${PREFIX}/lib/libssl.a -.endif -.if defined(USE_RSAREF2) && ${USE_RSAREF2} == YES - # libRSAglue.a is only useful if you are using the RSAREF2 library. - cd ${WRKSRC} && ${INSTALL_DATA} libRSAglue.a ${PREFIX}/lib -.endif - ${INSTALL_DATA_DIR} ${PREFIX}/include/openssl - cd ${WRKSRC}/include/openssl && \ - for file in \ - asn1.h asn1_mac.h bio.h blowfish.h bn.h buffer.h cast.h comp.h conf.h \ - crypto.h des.h dh.h dsa.h e_os.h e_os2.h ebcdic.h err.h evp.h hmac.h \ - idea.h lhash.h md2.h md4.h md5.h mdc2.h obj_mac.h objects.h \ - opensslconf.h opensslv.h pem.h pem2.h pkcs12.h pkcs7.h rand.h rc2.h \ - rc4.h rc5.h ripemd.h rsa.h safestack.h sha.h ssl.h ssl2.h ssl23.h \ - ssl3.h stack.h symhacks.h tls1.h tmdiff.h txt_db.h x509.h x509_vfy.h \ - x509v3.h ; do \ - ${INSTALL_DATA} $$file ${PREFIX}/include/openssl; \ - done -# @cd ${WRKSRC}/perl && ${MAKE} install - ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/openssl - ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/openssl/apps - ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/openssl/crypto - ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/openssl/ssl - ${INSTALL_DATA} ${WRKSRC}/doc/apps/* \ - ${PREFIX}/share/doc/openssl/apps - ${INSTALL_DATA} ${WRKSRC}/doc/crypto/* \ - ${PREFIX}/share/doc/openssl/crypto - ${INSTALL_DATA} ${WRKSRC}/doc/ssl/* \ - ${PREFIX}/share/doc/openssl/ssl - for file in README c-indentation.el openssl.txt openssl_button.gif \ - openssl_button.html ssleay.txt ; do \ - ${INSTALL_DATA} ${WRKSRC}/doc/$$file \ - ${PREFIX}/share/doc/openssl; \ - done - ${INSTALL_DATA_DIR} ${PREFIX}/certs - ${INSTALL_DATA_DIR} ${PREFIX}/private - @if [ ! -f ${PREFIX}/etc/openssl.cnf ]; then \ - ${CP} -p ${PREFIX}/etc/openssl.cnf.example ${PREFIX}/etc/openssl.cnf; \ - fi - -post-install: - ${CAT} ${PKGDIR}/PLIST.common ${PKGDIR}/PLIST.${LOWER_OPSYS} \ - ${PLIST_RSAREF} > ${PLIST_SRC} - .include "../../mk/bsd.pkg.mk" - -test: all - @cd ${WRKSRC}/test && ${SETENV} LD_LIBRARY_PATH=${WRKSRC} \ - MAKELIB=${FILESDIR}/makelib ${MAKE} tests - @${ECHO} "*** Tests successful. ***" diff --git a/security/openssl/PLIST.common b/security/openssl/PLIST.common index be65f90c286..37b8b0f8847 100644 --- a/security/openssl/PLIST.common +++ b/security/openssl/PLIST.common @@ -1,91 +1,10 @@ -@comment $NetBSD: PLIST.common,v 1.3 2002/06/26 10:30:00 seb Exp $ -bin/CA.pl -bin/CA.sh -bin/asn1parse -bin/base64 -bin/bf -bin/bf-cbc -bin/bf-cfb -bin/bf-ecb -bin/bf-ofb +@comment $NetBSD: PLIST.common,v 1.4 2002/08/04 15:47:44 fredb Exp $ +bin/openssl bin/c_hash bin/c_info bin/c_issuer bin/c_name bin/c_rehash -bin/ca -bin/cast -bin/cast-cbc -bin/cast5-cbc -bin/cast5-cfb -bin/cast5-ecb -bin/cast5-ofb -bin/ciphers -bin/crl -bin/crl2pkcs7 -bin/der_chop -bin/des -bin/des-cbc -bin/des-cfb -bin/des-ecb -bin/des-ede -bin/des-ede-cbc -bin/des-ede-cfb -bin/des-ede-ofb -bin/des-ede3 -bin/des-ede3-cbc -bin/des-ede3-cfb -bin/des-ede3-ofb -bin/des-ofb -bin/des3 -bin/desx -bin/dgst -bin/dh -bin/dsa -bin/dsaparam -bin/enc -bin/errstr -bin/gendh -bin/gendsa -bin/genrsa -bin/idea -bin/idea-cbc -bin/idea-cfb -bin/idea-ecb -bin/idea-ofb -bin/md2 -bin/mdc2 -bin/nseq -bin/openssl -bin/pkcs12 -bin/pkcs7 -bin/pkcs8 -bin/rc2 -bin/rc2-cbc -bin/rc2-cfb -bin/rc2-ecb -bin/rc2-ofb -bin/rc4 -bin/rc5 -bin/rc5-cbc -bin/rc5-cfb -bin/rc5-ecb -bin/rc5-ofb -bin/req -bin/rmd160 -bin/rsa -bin/s_client -bin/s_server -bin/s_time -bin/sess_id -bin/sha -bin/sha1 -bin/speed -bin/verify -bin/version -bin/x509 -etc/openssl.cnf.example -@exec if [ -f %D/etc/openssl.cnf ]; then : ; else cp -p %D/%F %D/etc/openssl.cnf; fi include/openssl/asn1.h include/openssl/asn1_mac.h include/openssl/bio.h @@ -95,10 +14,12 @@ include/openssl/buffer.h include/openssl/cast.h include/openssl/comp.h include/openssl/conf.h +include/openssl/conf_api.h include/openssl/crypto.h include/openssl/des.h include/openssl/dh.h include/openssl/dsa.h +include/openssl/dso.h include/openssl/e_os.h include/openssl/e_os2.h include/openssl/ebcdic.h @@ -141,196 +62,238 @@ include/openssl/x509_vfy.h include/openssl/x509v3.h lib/libcrypto.a lib/libssl.a -share/doc/openssl/README -share/doc/openssl/apps/CA.pl.pod -share/doc/openssl/apps/asn1parse.pod -share/doc/openssl/apps/ca.pod -share/doc/openssl/apps/ciphers.pod -share/doc/openssl/apps/config.pod -share/doc/openssl/apps/crl.pod -share/doc/openssl/apps/crl2pkcs7.pod -share/doc/openssl/apps/dgst.pod -share/doc/openssl/apps/dhparam.pod -share/doc/openssl/apps/dsa.pod -share/doc/openssl/apps/dsaparam.pod -share/doc/openssl/apps/enc.pod -share/doc/openssl/apps/gendsa.pod -share/doc/openssl/apps/genrsa.pod -share/doc/openssl/apps/nseq.pod -share/doc/openssl/apps/openssl.pod -share/doc/openssl/apps/passwd.pod -share/doc/openssl/apps/pkcs12.pod -share/doc/openssl/apps/pkcs7.pod -share/doc/openssl/apps/pkcs8.pod -share/doc/openssl/apps/rand.pod -share/doc/openssl/apps/req.pod -share/doc/openssl/apps/rsa.pod -share/doc/openssl/apps/rsautl.pod -share/doc/openssl/apps/s_client.pod -share/doc/openssl/apps/s_server.pod -share/doc/openssl/apps/sess_id.pod -share/doc/openssl/apps/smime.pod -share/doc/openssl/apps/speed.pod -share/doc/openssl/apps/spkac.pod -share/doc/openssl/apps/verify.pod -share/doc/openssl/apps/version.pod -share/doc/openssl/apps/x509.pod -share/doc/openssl/c-indentation.el -share/doc/openssl/crypto/BIO_ctrl.pod -share/doc/openssl/crypto/BIO_f_base64.pod -share/doc/openssl/crypto/BIO_f_buffer.pod -share/doc/openssl/crypto/BIO_f_cipher.pod -share/doc/openssl/crypto/BIO_f_md.pod -share/doc/openssl/crypto/BIO_f_null.pod -share/doc/openssl/crypto/BIO_f_ssl.pod -share/doc/openssl/crypto/BIO_find_type.pod -share/doc/openssl/crypto/BIO_new.pod -share/doc/openssl/crypto/BIO_new_bio_pair.pod -share/doc/openssl/crypto/BIO_push.pod -share/doc/openssl/crypto/BIO_read.pod -share/doc/openssl/crypto/BIO_s_accept.pod -share/doc/openssl/crypto/BIO_s_bio.pod -share/doc/openssl/crypto/BIO_s_connect.pod -share/doc/openssl/crypto/BIO_s_fd.pod -share/doc/openssl/crypto/BIO_s_file.pod -share/doc/openssl/crypto/BIO_s_mem.pod -share/doc/openssl/crypto/BIO_s_null.pod -share/doc/openssl/crypto/BIO_s_socket.pod -share/doc/openssl/crypto/BIO_set_callback.pod -share/doc/openssl/crypto/BIO_should_retry.pod -share/doc/openssl/crypto/BN_CTX_new.pod -share/doc/openssl/crypto/BN_CTX_start.pod -share/doc/openssl/crypto/BN_add.pod -share/doc/openssl/crypto/BN_add_word.pod -share/doc/openssl/crypto/BN_bn2bin.pod -share/doc/openssl/crypto/BN_cmp.pod -share/doc/openssl/crypto/BN_copy.pod -share/doc/openssl/crypto/BN_generate_prime.pod -share/doc/openssl/crypto/BN_mod_inverse.pod -share/doc/openssl/crypto/BN_mod_mul_montgomery.pod -share/doc/openssl/crypto/BN_mod_mul_reciprocal.pod -share/doc/openssl/crypto/BN_new.pod -share/doc/openssl/crypto/BN_num_bytes.pod -share/doc/openssl/crypto/BN_rand.pod -share/doc/openssl/crypto/BN_set_bit.pod -share/doc/openssl/crypto/BN_zero.pod -share/doc/openssl/crypto/CRYPTO_set_ex_data.pod -share/doc/openssl/crypto/DH_generate_key.pod -share/doc/openssl/crypto/DH_generate_parameters.pod -share/doc/openssl/crypto/DH_get_ex_new_index.pod -share/doc/openssl/crypto/DH_new.pod -share/doc/openssl/crypto/DH_set_method.pod -share/doc/openssl/crypto/DH_size.pod -share/doc/openssl/crypto/DSA_SIG_new.pod -share/doc/openssl/crypto/DSA_do_sign.pod -share/doc/openssl/crypto/DSA_dup_DH.pod -share/doc/openssl/crypto/DSA_generate_key.pod -share/doc/openssl/crypto/DSA_generate_parameters.pod -share/doc/openssl/crypto/DSA_get_ex_new_index.pod -share/doc/openssl/crypto/DSA_new.pod -share/doc/openssl/crypto/DSA_set_method.pod -share/doc/openssl/crypto/DSA_sign.pod -share/doc/openssl/crypto/DSA_size.pod -share/doc/openssl/crypto/ERR_GET_LIB.pod -share/doc/openssl/crypto/ERR_clear_error.pod -share/doc/openssl/crypto/ERR_error_string.pod -share/doc/openssl/crypto/ERR_get_error.pod -share/doc/openssl/crypto/ERR_load_crypto_strings.pod -share/doc/openssl/crypto/ERR_load_strings.pod -share/doc/openssl/crypto/ERR_print_errors.pod -share/doc/openssl/crypto/ERR_put_error.pod -share/doc/openssl/crypto/ERR_remove_state.pod -share/doc/openssl/crypto/EVP_DigestInit.pod -share/doc/openssl/crypto/EVP_EncryptInit.pod -share/doc/openssl/crypto/EVP_OpenInit.pod -share/doc/openssl/crypto/EVP_SealInit.pod -share/doc/openssl/crypto/EVP_SignInit.pod -share/doc/openssl/crypto/EVP_VerifyInit.pod -share/doc/openssl/crypto/OPENSSL_VERSION_NUMBER.pod -share/doc/openssl/crypto/OpenSSL_add_all_algorithms.pod -share/doc/openssl/crypto/RAND_add.pod -share/doc/openssl/crypto/RAND_bytes.pod -share/doc/openssl/crypto/RAND_cleanup.pod -share/doc/openssl/crypto/RAND_egd.pod -share/doc/openssl/crypto/RAND_load_file.pod -share/doc/openssl/crypto/RAND_set_rand_method.pod -share/doc/openssl/crypto/RSA_blinding_on.pod -share/doc/openssl/crypto/RSA_check_key.pod -share/doc/openssl/crypto/RSA_generate_key.pod -share/doc/openssl/crypto/RSA_get_ex_new_index.pod -share/doc/openssl/crypto/RSA_new.pod -share/doc/openssl/crypto/RSA_padding_add_PKCS1_type_1.pod -share/doc/openssl/crypto/RSA_print.pod -share/doc/openssl/crypto/RSA_private_encrypt.pod -share/doc/openssl/crypto/RSA_public_encrypt.pod -share/doc/openssl/crypto/RSA_set_method.pod -share/doc/openssl/crypto/RSA_sign.pod -share/doc/openssl/crypto/RSA_sign_ASN1_OCTET_STRING.pod -share/doc/openssl/crypto/RSA_size.pod -share/doc/openssl/crypto/bio.pod -share/doc/openssl/crypto/blowfish.pod -share/doc/openssl/crypto/bn.pod -share/doc/openssl/crypto/bn_internal.pod -share/doc/openssl/crypto/buffer.pod -share/doc/openssl/crypto/crypto.pod -share/doc/openssl/crypto/d2i_DHparams.pod -share/doc/openssl/crypto/d2i_RSAPublicKey.pod -share/doc/openssl/crypto/des.pod -share/doc/openssl/crypto/des_modes.pod -share/doc/openssl/crypto/dh.pod -share/doc/openssl/crypto/dsa.pod -share/doc/openssl/crypto/err.pod -share/doc/openssl/crypto/evp.pod -share/doc/openssl/crypto/hmac.pod -share/doc/openssl/crypto/lh_stats.pod -share/doc/openssl/crypto/lhash.pod -share/doc/openssl/crypto/md5.pod -share/doc/openssl/crypto/mdc2.pod -share/doc/openssl/crypto/rand.pod -share/doc/openssl/crypto/rc4.pod -share/doc/openssl/crypto/ripemd.pod -share/doc/openssl/crypto/rsa.pod -share/doc/openssl/crypto/sha.pod -share/doc/openssl/crypto/threads.pod -share/doc/openssl/openssl.txt -share/doc/openssl/openssl_button.gif -share/doc/openssl/openssl_button.html -share/doc/openssl/ssl/SSL_CIPHER_get_name.pod -share/doc/openssl/ssl/SSL_CTX_free.pod -share/doc/openssl/ssl/SSL_CTX_new.pod -share/doc/openssl/ssl/SSL_CTX_set_cipher_list.pod -share/doc/openssl/ssl/SSL_CTX_set_ssl_version.pod -share/doc/openssl/ssl/SSL_SESSION_free.pod -share/doc/openssl/ssl/SSL_accept.pod -share/doc/openssl/ssl/SSL_clear.pod -share/doc/openssl/ssl/SSL_connect.pod -share/doc/openssl/ssl/SSL_free.pod -share/doc/openssl/ssl/SSL_get_ciphers.pod -share/doc/openssl/ssl/SSL_get_current_cipher.pod -share/doc/openssl/ssl/SSL_get_error.pod -share/doc/openssl/ssl/SSL_get_fd.pod -share/doc/openssl/ssl/SSL_get_peer_cert_chain.pod -share/doc/openssl/ssl/SSL_get_peer_certificate.pod -share/doc/openssl/ssl/SSL_get_rbio.pod -share/doc/openssl/ssl/SSL_get_session.pod -share/doc/openssl/ssl/SSL_get_verify_result.pod -share/doc/openssl/ssl/SSL_library_init.pod -share/doc/openssl/ssl/SSL_new.pod -share/doc/openssl/ssl/SSL_pending.pod -share/doc/openssl/ssl/SSL_read.pod -share/doc/openssl/ssl/SSL_set_bio.pod -share/doc/openssl/ssl/SSL_set_fd.pod -share/doc/openssl/ssl/SSL_set_session.pod -share/doc/openssl/ssl/SSL_set_verify_result.pod -share/doc/openssl/ssl/SSL_shutdown.pod -share/doc/openssl/ssl/SSL_write.pod -share/doc/openssl/ssl/ssl.pod -share/doc/openssl/ssleay.txt -@exec ${MKDIR} %D/certs %D/private -@unexec ${RMDIR} %D/certs 2>/dev/null || true +man/man1/CA.pl.1 +man/man1/asn1parse.1 +man/man1/ca.1 +man/man1/ciphers.1 +man/man1/crl.1 +man/man1/crl2pkcs7.1 +man/man1/dgst.1 +man/man1/dhparam.1 +man/man1/dsa.1 +man/man1/dsaparam.1 +man/man1/enc.1 +man/man1/gendsa.1 +man/man1/genrsa.1 +man/man1/nseq.1 +man/man1/openssl.1 +man/man1/passwd.1 +man/man1/pkcs12.1 +man/man1/pkcs7.1 +man/man1/pkcs8.1 +man/man1/rand.1 +man/man1/req.1 +man/man1/rsa.1 +man/man1/rsautl.1 +man/man1/s_client.1 +man/man1/s_server.1 +man/man1/sess_id.1 +man/man1/smime.1 +man/man1/speed.1 +man/man1/spkac.1 +man/man1/verify.1 +man/man1/version.1 +man/man1/x509.1 +man/man3/BIO_ctrl.3 +man/man3/BIO_f_base64.3 +man/man3/BIO_f_buffer.3 +man/man3/BIO_f_cipher.3 +man/man3/BIO_f_md.3 +man/man3/BIO_f_null.3 +man/man3/BIO_f_ssl.3 +man/man3/BIO_find_type.3 +man/man3/BIO_new.3 +man/man3/BIO_new_bio_pair.3 +man/man3/BIO_push.3 +man/man3/BIO_read.3 +man/man3/BIO_s_accept.3 +man/man3/BIO_s_bio.3 +man/man3/BIO_s_connect.3 +man/man3/BIO_s_fd.3 +man/man3/BIO_s_file.3 +man/man3/BIO_s_mem.3 +man/man3/BIO_s_null.3 +man/man3/BIO_s_socket.3 +man/man3/BIO_set_callback.3 +man/man3/BIO_should_retry.3 +man/man3/BN_CTX_new.3 +man/man3/BN_CTX_start.3 +man/man3/BN_add.3 +man/man3/BN_add_word.3 +man/man3/BN_bn2bin.3 +man/man3/BN_cmp.3 +man/man3/BN_copy.3 +man/man3/BN_generate_prime.3 +man/man3/BN_mod_inverse.3 +man/man3/BN_mod_mul_montgomery.3 +man/man3/BN_mod_mul_reciprocal.3 +man/man3/BN_new.3 +man/man3/BN_num_bytes.3 +man/man3/BN_rand.3 +man/man3/BN_set_bit.3 +man/man3/BN_zero.3 +man/man3/CRYPTO_set_ex_data.3 +man/man3/DH_generate_key.3 +man/man3/DH_generate_parameters.3 +man/man3/DH_get_ex_new_index.3 +man/man3/DH_new.3 +man/man3/DH_set_method.3 +man/man3/DH_size.3 +man/man3/DSA_SIG_new.3 +man/man3/DSA_do_sign.3 +man/man3/DSA_dup_DH.3 +man/man3/DSA_generate_key.3 +man/man3/DSA_generate_parameters.3 +man/man3/DSA_get_ex_new_index.3 +man/man3/DSA_new.3 +man/man3/DSA_set_method.3 +man/man3/DSA_sign.3 +man/man3/DSA_size.3 +man/man3/ERR_GET_LIB.3 +man/man3/ERR_clear_error.3 +man/man3/ERR_error_string.3 +man/man3/ERR_get_error.3 +man/man3/ERR_load_crypto_strings.3 +man/man3/ERR_load_strings.3 +man/man3/ERR_print_errors.3 +man/man3/ERR_put_error.3 +man/man3/ERR_remove_state.3 +man/man3/EVP_DigestInit.3 +man/man3/EVP_EncryptInit.3 +man/man3/EVP_OpenInit.3 +man/man3/EVP_SealInit.3 +man/man3/EVP_SignInit.3 +man/man3/EVP_VerifyInit.3 +man/man3/OPENSSL_VERSION_NUMBER.3 +man/man3/OpenSSL_add_all_algorithms.3 +man/man3/RAND_add.3 +man/man3/RAND_bytes.3 +man/man3/RAND_cleanup.3 +man/man3/RAND_egd.3 +man/man3/RAND_load_file.3 +man/man3/RAND_set_rand_method.3 +man/man3/RSA_blinding_on.3 +man/man3/RSA_check_key.3 +man/man3/RSA_generate_key.3 +man/man3/RSA_get_ex_new_index.3 +man/man3/RSA_new.3 +man/man3/RSA_padding_add_PKCS1_type_1.3 +man/man3/RSA_print.3 +man/man3/RSA_private_encrypt.3 +man/man3/RSA_public_encrypt.3 +man/man3/RSA_set_method.3 +man/man3/RSA_sign.3 +man/man3/RSA_sign_ASN1_OCTET_STRING.3 +man/man3/RSA_size.3 +man/man3/SSL_CIPHER_get_name.3 +man/man3/SSL_COMP_add_compression_method.3 +man/man3/SSL_CTX_add_extra_chain_cert.3 +man/man3/SSL_CTX_add_session.3 +man/man3/SSL_CTX_ctrl.3 +man/man3/SSL_CTX_flush_sessions.3 +man/man3/SSL_CTX_free.3 +man/man3/SSL_CTX_get_ex_new_index.3 +man/man3/SSL_CTX_get_verify_mode.3 +man/man3/SSL_CTX_load_verify_locations.3 +man/man3/SSL_CTX_new.3 +man/man3/SSL_CTX_sess_number.3 +man/man3/SSL_CTX_sess_set_cache_size.3 +man/man3/SSL_CTX_sess_set_get_cb.3 +man/man3/SSL_CTX_sessions.3 +man/man3/SSL_CTX_set_cert_store.3 +man/man3/SSL_CTX_set_cert_verify_callback.3 +man/man3/SSL_CTX_set_cipher_list.3 +man/man3/SSL_CTX_set_client_CA_list.3 +man/man3/SSL_CTX_set_client_cert_cb.3 +man/man3/SSL_CTX_set_default_passwd_cb.3 +man/man3/SSL_CTX_set_info_callback.3 +man/man3/SSL_CTX_set_mode.3 +man/man3/SSL_CTX_set_options.3 +man/man3/SSL_CTX_set_quiet_shutdown.3 +man/man3/SSL_CTX_set_session_cache_mode.3 +man/man3/SSL_CTX_set_session_id_context.3 +man/man3/SSL_CTX_set_ssl_version.3 +man/man3/SSL_CTX_set_timeout.3 +man/man3/SSL_CTX_set_tmp_dh_callback.3 +man/man3/SSL_CTX_set_tmp_rsa_callback.3 +man/man3/SSL_CTX_set_verify.3 +man/man3/SSL_CTX_use_certificate.3 +man/man3/SSL_SESSION_free.3 +man/man3/SSL_SESSION_get_ex_new_index.3 +man/man3/SSL_SESSION_get_time.3 +man/man3/SSL_accept.3 +man/man3/SSL_alert_type_string.3 +man/man3/SSL_clear.3 +man/man3/SSL_connect.3 +man/man3/SSL_do_handshake.3 +man/man3/SSL_free.3 +man/man3/SSL_get_SSL_CTX.3 +man/man3/SSL_get_ciphers.3 +man/man3/SSL_get_client_CA_list.3 +man/man3/SSL_get_current_cipher.3 +man/man3/SSL_get_default_timeout.3 +man/man3/SSL_get_error.3 +man/man3/SSL_get_ex_data_X509_STORE_CTX_idx.3 +man/man3/SSL_get_ex_new_index.3 +man/man3/SSL_get_fd.3 +man/man3/SSL_get_peer_cert_chain.3 +man/man3/SSL_get_peer_certificate.3 +man/man3/SSL_get_rbio.3 +man/man3/SSL_get_session.3 +man/man3/SSL_get_verify_result.3 +man/man3/SSL_get_version.3 +man/man3/SSL_library_init.3 +man/man3/SSL_load_client_CA_file.3 +man/man3/SSL_new.3 +man/man3/SSL_pending.3 +man/man3/SSL_read.3 +man/man3/SSL_rstate_string.3 +man/man3/SSL_session_reused.3 +man/man3/SSL_set_bio.3 +man/man3/SSL_set_connect_state.3 +man/man3/SSL_set_fd.3 +man/man3/SSL_set_session.3 +man/man3/SSL_set_shutdown.3 +man/man3/SSL_set_verify_result.3 +man/man3/SSL_shutdown.3 +man/man3/SSL_state_string.3 +man/man3/SSL_want.3 +man/man3/SSL_write.3 +man/man3/bio.3 +man/man3/blowfish.3 +man/man3/bn.3 +man/man3/bn_internal.3 +man/man3/buffer.3 +man/man3/crypto.3 +man/man3/d2i_DHparams.3 +man/man3/d2i_RSAPublicKey.3 +man/man3/d2i_SSL_SESSION.3 +man/man3/des.3 +man/man3/dh.3 +man/man3/dsa.3 +man/man3/err.3 +man/man3/evp.3 +man/man3/hmac.3 +man/man3/lh_stats.3 +man/man3/lhash.3 +man/man3/md5.3 +man/man3/mdc2.3 +man/man3/rand.3 +man/man3/rc4.3 +man/man3/ripemd.3 +man/man3/rsa.3 +man/man3/sha.3 +man/man3/ssl.3 +man/man3/threads.3 +man/man5/config.5 +man/man7/des_modes.7 +share/examples/openssl/CA.pl +share/examples/openssl/CA.sh +share/examples/openssl/der_chop +share/examples/openssl/openssl.cnf +@dirrm share/examples/openssl @dirrm include/openssl -@dirrm private -@dirrm share/doc/openssl/apps -@dirrm share/doc/openssl/crypto -@dirrm share/doc/openssl/ssl -@dirrm share/doc/openssl +@exec ${MKDIR} ${PKG_SYSCONFDIR}/certs ${PKG_SYSCONFDIR}/private +@unexec ${RMDIR} ${PKG_SYSCONFDIR}/private 2>/dev/null || true +@unexec ${RMDIR} ${PKG_SYSCONFDIR}/certs 2>/dev/null || true +@unexec ${RMDIR} ${PKG_SYSCONFDIR} 2>/dev/null || true diff --git a/security/openssl/PLIST.darwin b/security/openssl/PLIST.darwin index 99ed85f2811..94899b82d2e 100644 --- a/security/openssl/PLIST.darwin +++ b/security/openssl/PLIST.darwin @@ -1 +1,7 @@ -@comment $NetBSD: PLIST.darwin,v 1.1 2002/07/28 05:36:30 schmonz Exp $ +@comment $NetBSD: PLIST.darwin,v 1.2 2002/08/04 15:47:44 fredb Exp $ +lib/libcrypto.300.0.dylib +lib/libcrypto.300.dylib +lib/libcrypto.dylib +lib/libssl.300.0.dylib +lib/libssl.300.dylib +lib/libssl.dylib diff --git a/security/openssl/PLIST.netbsd b/security/openssl/PLIST.netbsd index 70adbdf4ba6..6080dbb4d21 100644 --- a/security/openssl/PLIST.netbsd +++ b/security/openssl/PLIST.netbsd @@ -1,7 +1,7 @@ -@comment $NetBSD: PLIST.netbsd,v 1.1 2001/11/01 01:22:32 zuntum Exp $ +@comment $NetBSD: PLIST.netbsd,v 1.2 2002/08/04 15:47:44 fredb Exp $ lib/libcrypto.so -lib/libcrypto.so.200 -lib/libcrypto.so.200.0 +lib/libcrypto.so.300 +lib/libcrypto.so.300.0 lib/libssl.so -lib/libssl.so.200 -lib/libssl.so.200.0 +lib/libssl.so.300 +lib/libssl.so.300.0 diff --git a/security/openssl/buildlink.mk b/security/openssl/buildlink.mk index e59715bbe55..93d8a7ea3d8 100644 --- a/security/openssl/buildlink.mk +++ b/security/openssl/buildlink.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink.mk,v 1.13 2002/07/31 06:22:45 tron Exp $ +# $NetBSD: buildlink.mk,v 1.14 2002/08/04 15:47:44 fredb Exp $ # # This Makefile fragment is included by packages that use OpenSSL. # @@ -25,85 +25,97 @@ OPENSSL_VERSION_096B= 0x0090602fL OPENSSL_VERSION_096D= 0x0090604fL OPENSSL_VERSION_096E= 0x0090605fL -# Check for a usable installed version of OpenSSL. Version must be greater -# than 0.9.5a. If a usable version isn't present, then use the pkgsrc -# OpenSSL package. +# Check for a usable installed version of OpenSSL. Version must be greater +# than 0.9.6e, or else contain a fix for the 2002-07-30 security advisory. +# If a usable version isn't present, then use the pkgsrc OpenSSL package. # .include "../../mk/bsd.prefs.mk" -USE_OPENSSL_VERSION?= ${OPENSSL_VERSION_095A} - -# Associate OpenSSL dependency with version number. -.if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_095A} -BUILDLINK_DEPENDS.openssl= {openssl-0.9.5a,openssl>=0.9.6} -.else -BUILDLINK_DEPENDS.openssl= openssl>=0.9.6 -.endif - _NEED_OPENSSL= YES + .if ${OPSYS} == "Darwin" _OPENSSLV_H= /usr/local/include/openssl/opensslv.h +_SSL_H= /usr/local/include/openssl/ssl.h .else _OPENSSLV_H= /usr/include/openssl/opensslv.h +_SSL_H= /usr/include/openssl/ssl.h .endif -.if exists(${_OPENSSLV_H}) + +.if exists(${_OPENSSLV_H}) && exists(${_SSL_H}) +_IN_TREE_OPENSSL_HAS_FIX!= \ + ${AWK} 'BEGIN { ans = "NO" } \ + /SSL_R_KEY_ARG_TOO_LONG/ { ans = "YES" } \ + END { print ans; exit 0 }' ${_SSL_H} + +. if ${_IN_TREE_OPENSSL_HAS_FIX} == "YES" +USE_OPENSSL_VERSION?= ${OPENSSL_VERSION_095A} +. else +USE_OPENSSL_VERSION?= ${OPENSSL_VERSION_096E} +. endif + +# Associate OpenSSL dependency with version number. +. if defined(USE_OPENSSL_VERSION) +BUILDLINK_DEPENDS.openssl= openssl>=0.9.6e +. endif + _OPENSSL_VERSION!= ${AWK} '/.*OPENSSL_VERSION_NUMBER.*/ { print $$3 }' \ ${_OPENSSLV_H} _VALID_SSL_VERSIONS= ${OPENSSL_VERSION_095A} -.if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_096} # OpenSSL 0.9.6 +. if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_096} # OpenSSL 0.9.6 _VALID_SSL_VERSIONS= ${OPENSSL_VERSION_096} -.else +. else _VALID_SSL_VERSIONS+= ${OPENSSL_VERSION_096} -.endif +. endif -.if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_096A} # OpenSSL 0.9.6a +. if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_096A} # OpenSSL 0.9.6a _VALID_SSL_VERSIONS= ${OPENSSL_VERSION_096A} -.else +. else _VALID_SSL_VERSIONS+= ${OPENSSL_VERSION_096A} -.endif +. endif -.if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_096B} # OpenSSL 0.9.6b +. if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_096B} # OpenSSL 0.9.6b _VALID_SSL_VERSIONS= ${OPENSSL_VERSION_096B} -.else +. else _VALID_SSL_VERSIONS+= ${OPENSSL_VERSION_096B} -.endif +. endif -.if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_096D} # OpenSSL 0.9.6d +. if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_096D} # OpenSSL 0.9.6d _VALID_SSL_VERSIONS= ${OPENSSL_VERSION_096D} -.else +. else _VALID_SSL_VERSIONS+= ${OPENSSL_VERSION_096D} -.endif +. endif -.if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_096E} # OpenSSL 0.9.6e +. if ${USE_OPENSSL_VERSION} == ${OPENSSL_VERSION_096E} # OpenSSL 0.9.6e _VALID_SSL_VERSIONS= ${OPENSSL_VERSION_096E} -.else +. else _VALID_SSL_VERSIONS+= ${OPENSSL_VERSION_096E} -.endif +. endif -.for PATTERN in ${_VALID_SSL_VERSIONS} -.if ${_OPENSSL_VERSION:M${PATTERN}} != "" +. for PATTERN in ${_VALID_SSL_VERSIONS} +. if ${_OPENSSL_VERSION:M${PATTERN}} != "" _NEED_OPENSSL= NO -.endif -.endfor -.endif # exists(${_OPENSSLV_H}) +. endif +. endfor + +.endif # exists(${_OPENSSLV_H}) && exists(${_SSL_H}) .if ${_NEED_OPENSSL} == "YES" DEPENDS+= ${BUILDLINK_DEPENDS.openssl}:../../security/openssl EVAL_PREFIX+= BUILDLINK_PREFIX.openssl=openssl BUILDLINK_PREFIX.openssl_DEFAULT= ${LOCALBASE} SSLBASE= ${BUILDLINK_PREFIX.openssl} -SSLCERTS= ${SSLBASE}/certs .else -.if ${OPSYS} == "Darwin" +. if ${OPSYS} == "Darwin" BUILDLINK_PREFIX.openssl= /usr/local SSLBASE= /usr/local -.else +. else BUILDLINK_PREFIX.openssl= /usr SSLBASE= /usr +. endif .endif + SSLCERTS= /etc/openssl/certs -.endif BUILD_DEFS+= SSLBASE SSLCERTS BUILDLINK_FILES.openssl= bin/openssl diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 3f241781551..80bcc8d9ede 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,11 +1,13 @@ -$NetBSD: distinfo,v 1.8 2002/07/28 05:36:30 schmonz Exp $ +$NetBSD: distinfo,v 1.9 2002/08/04 15:47:44 fredb Exp $ -SHA1 (openssl-0.9.6.tar.gz) = d69c964d58535343787a3b8ac38a48772704304c -Size (openssl-0.9.6.tar.gz) = 2086131 bytes -SHA1 (openssl-0.9.6-20010914-netbsd.patch.gz) = dc507c58ec4bd0c4aeb7863961b6e3561ca0978f -Size (openssl-0.9.6-20010914-netbsd.patch.gz) = 2761 bytes -SHA1 (patch-aa) = 967294b914dbaa0f856e619881921a11537b28f0 -SHA1 (patch-ab) = 8d26b010967d2d5d464708baf7bd7672ab064fc3 -SHA1 (patch-ac) = 391d58624890554b9b69ab7c463bf1f40587dccf -SHA1 (patch-ai) = d0f21b594a3343567f7cbea00e71c5319a877782 -SHA1 (patch-aj) = 157a09410949f85f4a7b0bb878a382c8cd76772c +SHA1 (openssl-0.9.6e.tar.gz) = b9eefc560058fc06ad2e24c22d477424ad37fe0d +Size (openssl-0.9.6e.tar.gz) = 2158566 bytes +SHA1 (openssl-0.9.6e-20020804-netbsd.patch.gz) = 0981460c471d4b30504927fb4173e5eaccd3ba82 +Size (openssl-0.9.6e-20020804-netbsd.patch.gz) = 28234 bytes +SHA1 (patch-aa) = 959928efc089555d2189c9f5e54b9e598cc34bd1 +SHA1 (patch-ab) = 9bdac032996bd97834b00cb661f79c00dc31bac1 +SHA1 (patch-ac) = 11d459aa2e7fe0c4d59285db25b74b8b06396c36 +SHA1 (patch-ad) = ee8283d5537edce1bb60470c616ebabfda0aa084 +SHA1 (patch-ae) = f4bf6ae5aa41b55d9978376e4e50ee10c10dd288 +SHA1 (patch-af) = bffccbde6871b7e279c565671308a5740534449e +SHA1 (patch-ag) = 5751967aaa774e213eaddd4afe48e742cc6e8944 diff --git a/security/openssl/files/get_progs.sh b/security/openssl/files/get_progs.sh deleted file mode 100644 index 3c2f0ce129f..00000000000 --- a/security/openssl/files/get_progs.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -# Help figure out what programs openssl wants to install. -# Use when updating this package. -# -export SCRIPTS="`grep ^SCRIPTS= apps/Makefile | sed -es/^SCRIPTS=//`" -export PROGRAM="`grep ^PROGRAM= apps/Makefile | sed -es/^PROGRAM=//`" -export APPS="`grep ^APPS= tools/Makefile | sed -es/^APPS=//`" -export MISC_APPS="`grep ^MISC_APPS= tools/Makefile | sed -es/^MISC_APPS=//`" -(for f in $SCRIPTS $PROGRAM $APPS $MISC_APPS ; do - echo bin/$f -done ; -grep FUNC_TYPE apps/progs.h | awk ' BEGIN { FS="," } { print $2 }' | sed -e's/\"//g' -e's,^,bin/,') \ - | sort | uniq | awk ' /^bin\/.+/ { print }' diff --git a/security/openssl/files/makelib b/security/openssl/files/makelib deleted file mode 100755 index 8056f1d4d6e..00000000000 --- a/security/openssl/files/makelib +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/csh -f -# $NetBSD: makelib,v 1.2 1999/11/25 18:51:47 erh Exp $ - -# simplistic library builder -# usage: makelib is_elf outfile.so.x.y infile... - -#echo __ELF__ | $CC -E - | grep -q __ELF__ -setenv IS_ELF $1 -shift -if ($IS_ELF == 0) then - ld -Bshareable -Bforcearchive -o $* |& sed /RRS/d || exit 1 -else - ld -shared -soname $1:r --whole-archive -o $* || exit 1 - ln -sf $1 $1:r - ln -sf $1 $1:r:r -endif diff --git a/security/openssl/patches/patch-aa b/security/openssl/patches/patch-aa index 844617fe4eb..7a44be0f9c8 100644 --- a/security/openssl/patches/patch-aa +++ b/security/openssl/patches/patch-aa @@ -1,63 +1,24 @@ -$NetBSD: patch-aa,v 1.8 2002/07/28 05:36:30 schmonz Exp $ +$NetBSD: patch-aa,v 1.9 2002/08/04 15:47:46 fredb Exp $ ---- config.orig Thu Sep 21 05:23:14 2000 +--- config.orig Sun Jun 16 05:32:14 2002 +++ config -@@ -83,6 +83,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ - echo "${MACHINE}-ibm-aix"; exit 0 - ;; - -+ Darwin:*) -+ echo "`uname -p`-apple-darwin${RELEASE}"; exit 0 -+ ;; -+ - dgux:*) - echo "${MACHINE}-dg-dgux"; exit 0 - ;; -@@ -167,10 +171,14 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ - echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0 - ;; - -- NetBSD:*:*:*386*) -- echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0 -+ NetBSD:*:*:i386) -+ if echo __ELF__ | cc -E - | grep -q __ELF__; then -+ echo "i386-whatever-netbsd"; exit 0 -+ else -+ echo "i386elf-whatever-netbsd"; exit 0 -+ fi - ;; -- -+ - NetBSD:*) - echo "${MACHINE}-whatever-netbsd"; exit 0 - ;; -@@ -330,6 +338,7 @@ else +@@ -388,7 +388,7 @@ + # does give us what we want though, so we use that. We just just the + # major and minor version numbers. + # peak single digit before and after first dot, e.g. 2.95.1 gives 29 +- GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'` ++ GCCVER=`echo $GCCVER | sed 's/[^.]*\([0-9]\)\.\([0-9]\).*/\1\2/'` + else CC=cc fi - -+if false; then - if [ "$SYSTEM" = "SunOS" ]; then - # check for WorkShop C, expected output is "cc: blah-blah C x.x" - CCVER=`(cc -V 2>&1) 2>/dev/null | \ -@@ -347,6 +356,7 @@ if [ "$SYSTEM" = "SunOS" ]; then - CC=sc3 - fi - fi -+fi - - if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then - # check for Compaq C, expected output is "blah-blah C Vx.x" -@@ -454,9 +464,10 @@ case "$GUESSOS" in - alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;; +@@ -577,8 +577,8 @@ *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; *-freebsd[1-2]*) OUT="FreeBSD" ;; -- *86*-*-netbsd) OUT="NetBSD-x86" ;; + *86*-*-netbsd) OUT="NetBSD-x86" ;; - sun3*-*-netbsd) OUT="NetBSD-m68" ;; - *-*-netbsd) OUT="NetBSD-sparc" ;; -+ *86elf*-*-netbsd) OUT="NetBSD-i386elf" ;; -+ *86-*-netbsd) OUT="NetBSD-i386" ;; -+ *-netbsd) OUT="NetBSD-`sysctl -n hw.machine_arch`" ;; -+ *-*-darwin*) OUT="Darwin" ;; ++ sun3*-*-netbsd) OUT="NetBSD-m68k" ;; ++ *-*-netbsd) OUT="NetBSD-`sysctl -n hw.machine_arch`" ;; *86*-*-openbsd) OUT="OpenBSD-x86" ;; alpha*-*-openbsd) OUT="OpenBSD-alpha" ;; pmax*-*-openbsd) OUT="OpenBSD-mips" ;; diff --git a/security/openssl/patches/patch-ab b/security/openssl/patches/patch-ab index 1d5b8797271..832c6b4da1c 100644 --- a/security/openssl/patches/patch-ab +++ b/security/openssl/patches/patch-ab @@ -1,82 +1,13 @@ -$NetBSD: patch-ab,v 1.7 2001/07/11 01:26:10 wiz Exp $ +$NetBSD: patch-ab,v 1.8 2002/08/04 15:47:46 fredb Exp $ ---- crypto/rand/md_rand.c.orig Mon Sep 11 14:42:39 2000 -+++ crypto/rand/md_rand.c -@@ -308,6 +308,7 @@ - { - static volatile int stirred_pool = 0; - int i,j,k,st_num,st_idx; -+ int num_ceil; - int ok; - long md_c[2]; - unsigned char local_md[MD_DIGEST_LENGTH]; -@@ -328,6 +329,12 @@ - } - #endif +--- crypto/opensslv.h.orig Tue Jul 30 05:34:28 2002 ++++ crypto/opensslv.h +@@ -79,7 +79,7 @@ + * should only keep the versions that are binary compatible with the current. + */ + #define SHLIB_VERSION_HISTORY "" +-#define SHLIB_VERSION_NUMBER "0.9.6" ++#define SHLIB_VERSION_NUMBER "300.0" -+ if (num <= 0) -+ return 1; -+ -+ /* round upwards to multiple of MD_DIGEST_LENGTH/2 */ -+ num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2); -+ - /* - * (Based on the rand(3) manpage:) - * -@@ -409,11 +416,11 @@ - md_c[1] = md_count[1]; - memcpy(local_md, md, sizeof md); - -- state_index+=num; -+ state_index+=num_ceil; - if (state_index > state_num) - state_index %= state_num; - -- /* state[st_idx], ..., state[(st_idx + num - 1) % st_num] -+ /* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] - * are now ours (but other threads may use them too) */ - - md_count[0] += 1; -@@ -424,6 +431,7 @@ - - while (num > 0) - { -+ /* num_ceil -= MD_DIGEST_LENGTH/2 */ - j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num; - num-=j; - MD_Init(&m); -@@ -434,27 +442,28 @@ - curr_pid = 0; - } - #endif -- MD_Update(&m,&(local_md[MD_DIGEST_LENGTH/2]),MD_DIGEST_LENGTH/2); -+ MD_Update(&m,local_md,MD_DIGEST_LENGTH); - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); - #ifndef PURIFY - MD_Update(&m,buf,j); /* purify complains */ - #endif -- k=(st_idx+j)-st_num; -+ k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; - if (k > 0) - { -- MD_Update(&m,&(state[st_idx]),j-k); -+ MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k); - MD_Update(&m,&(state[0]),k); - } - else -- MD_Update(&m,&(state[st_idx]),j); -+ MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2); - MD_Final(local_md,&m); - -- for (i=0; i<j; i++) -+ for (i=0; i<MD_DIGEST_LENGTH/2; i++) - { - state[st_idx++]^=local_md[i]; /* may compete with other threads */ -- *(buf++)=local_md[i+MD_DIGEST_LENGTH/2]; - if (st_idx >= st_num) - st_idx=0; -+ if (i < j) -+ *(buf++)=local_md[i+MD_DIGEST_LENGTH/2]; - } - } + #endif /* HEADER_OPENSSLV_H */ diff --git a/security/openssl/patches/patch-ac b/security/openssl/patches/patch-ac index 2721ed5687b..6e0d2b3833e 100644 --- a/security/openssl/patches/patch-ac +++ b/security/openssl/patches/patch-ac @@ -1,12 +1,35 @@ -$NetBSD: patch-ac,v 1.4 2002/07/28 05:36:30 schmonz Exp $ +$NetBSD: patch-ac,v 1.5 2002/08/04 15:47:46 fredb Exp $ ---- Configure.orig Thu Jul 25 20:08:05 2002 +--- Configure.orig Thu Aug 1 14:11:00 2002 +++ Configure -@@ -404,6 +404,7 @@ my %table=( +@@ -347,9 +347,6 @@ + "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", + "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +-"NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", + "bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}", +@@ -500,6 +482,20 @@ - ##### MacOS X (a.k.a. Rhapsody) setup - "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::", -+"Darwin","cc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DUSE_TOD::(unknown):::::::::::::darwin-shared:-fno-common:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", + ##### VxWorks for various targets + "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::", ++ ++##### NetBSD ++"NetBSD-alpha", "gcc:-DTERMIOS -O2 -Wall::(unknown):-Wl,-R\$(INSTALLTOP)/lib:SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"NetBSD-arm32", "gcc:-DTERMIOS -O2 -Wall -DL_ENDIAN::(unknown):-Wl,-R\$(INSTALLTOP)/lib:BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"NetBSD-m68000", "gcc:-DTERMIOS -O2 -Wall -DB_ENDIAN::(unknown):-Wl,-R\$(INSTALLTOP)/lib:BN_LLONG MD2_CHAR RC4_INDEX::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"NetBSD-m68k", "gcc:-DTERMIOS -O2 -m68020-40 -Wall -DB_ENDIAN::(unknown):-Wl,-R\$(INSTALLTOP)/lib:BN_LLONG MD2_CHAR RC4_INDEX::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"NetBSD-mipseb", "gcc:-DTERMIOS -O2 -Wall -DB_ENDIAN::(unknown):-Wl,-R\$(INSTALLTOP)/lib:BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"NetBSD-mipsel", "gcc:-DTERMIOS -O2 -Wall -DL_ENDIAN::(unknown):-Wl,-R\$(INSTALLTOP)/lib:BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"NetBSD-ns32k", "gcc:-DTERMIOS -O2 -Wall -DL_ENDIAN::(unknown):-Wl,-R\$(INSTALLTOP)/lib:BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"NetBSD-powerpc", "gcc:-DTERMIOS -O2 -Wall -DB_ENDIAN::(unknown):-Wl,-R\$(INSTALLTOP)/lib:BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"NetBSD-sparc", "gcc:-DTERMIOS -O2 -mv8 -Wall -DB_ENDIAN::(unknown):-Wl,-R\$(INSTALLTOP)/lib:BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"NetBSD-sparc64", "gcc:-DTERMIOS -O2 -Wall::(unknown):-Wl,-R\$(INSTALLTOP)/lib:SIXTY_FOUR_BIT_LONG DES_INT DES_RISC1::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"NetBSD-vax", "gcc:-DTERMIOS -O2 -Wall -DL_ENDIAN::(unknown):-Wl,-R\$(INSTALLTOP)/lib:BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"NetBSD-x86", "gcc:-DTERMIOS -O2 -Wall::(unknown):-Wl,-R\$(INSTALLTOP)/lib:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + + ); - ##### Sony NEWS-OS 4.x - "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::", diff --git a/security/openssl/patches/patch-ad b/security/openssl/patches/patch-ad new file mode 100644 index 00000000000..c1d46b8488c --- /dev/null +++ b/security/openssl/patches/patch-ad @@ -0,0 +1,21 @@ +$NetBSD: patch-ad,v 1.6 2002/08/04 15:47:46 fredb Exp $ + +--- apps/Makefile.ssl.orig Tue Jul 30 04:29:57 2002 ++++ apps/Makefile.ssl +@@ -99,11 +100,11 @@ + @for i in $(SCRIPTS); \ + do \ + (echo installing $$i; \ +- cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \ +- chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ +- done +- @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \ +- chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf ++ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/share/examples/openssl/$$i; \ ++ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/share/examples/openssl/$$i ); \ ++ done; ++ @cp openssl.cnf $(INSTALL_PREFIX)$(INSTALLTOP)/share/examples/openssl/; \ ++ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/share/examples/openssl/openssl.cnf + + tags: + ctags $(SRC) diff --git a/security/openssl/patches/patch-ae b/security/openssl/patches/patch-ae new file mode 100644 index 00000000000..99febec539e --- /dev/null +++ b/security/openssl/patches/patch-ae @@ -0,0 +1,15 @@ +$NetBSD: patch-ae,v 1.5 2002/08/04 15:47:46 fredb Exp $ + +--- tools/Makefile.ssl.orig Thu Apr 29 16:52:08 1999 ++++ tools/Makefile.ssl +@@ -31,8 +31,8 @@ + done; + @for i in $(MISC_APPS) ; \ + do \ +- (cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \ +- chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \ ++ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \ ++ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \ + done; + + files: diff --git a/security/openssl/patches/patch-af b/security/openssl/patches/patch-af new file mode 100644 index 00000000000..e23a3936201 --- /dev/null +++ b/security/openssl/patches/patch-af @@ -0,0 +1,36 @@ +$NetBSD: patch-af,v 1.4 2002/08/04 15:47:47 fredb Exp $ + +--- Makefile.org.orig Fri Jul 19 11:33:26 2002 ++++ Makefile.org +@@ -169,7 +169,7 @@ + MAKEFILE= Makefile.ssl + MAKE= make -f Makefile.ssl + +-MANDIR=$(OPENSSLDIR)/man ++MANDIR=$(INSTALLTOP)/man + MAN1=1 + MAN3=3 + SHELL=/bin/sh +@@ -261,7 +261,7 @@ + libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ + ( set -x; ${CC} ${SHARED_LDFLAGS} \ + -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ +- -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ ++ -Wl,-soname=lib$$i.so.${SHLIB_MAJOR} \ + -Wl,-Bsymbolic \ + -Wl,--whole-archive lib$$i.a \ + -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ +@@ -631,10 +631,10 @@ + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ + $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ +- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ ++ $(INSTALL_PREFIX)$(INSTALLTOP)/share/examples/openssl \ ++ $(INSTALL_PREFIX)$(OPENSSLDIR) \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ +- $(INSTALL_PREFIX)$(OPENSSLDIR)/private \ +- $(INSTALL_PREFIX)$(OPENSSLDIR)/lib ++ $(INSTALL_PREFIX)$(OPENSSLDIR)/private + @for i in $(EXHEADER) ;\ + do \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ diff --git a/security/openssl/patches/patch-ag b/security/openssl/patches/patch-ag new file mode 100644 index 00000000000..cef3e9c6646 --- /dev/null +++ b/security/openssl/patches/patch-ag @@ -0,0 +1,25 @@ +$NetBSD: patch-ag,v 1.4 2002/08/04 15:47:47 fredb Exp $ + +--- e_os.h.orig Fri Aug 2 15:08:30 2002 ++++ e_os.h +@@ -431,6 +431,20 @@ + (((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum]) + #endif + ++#if defined(__NetBSD_Version__) ++#define NetBSD_1_4_3 104000300 ++#define NetBSD_1_4A 104010000 ++#define NetBSD_1_4K 104110000 ++#if (__NetBSD_Version__ < NetBSD_1_4_3) || \ ++ (__NetBSD_Version__ >= NetBSD_1_4A) && (__NetBSD_Version__ <= NetBSD_1_4K) ++#include <string.h> ++# define strlcat(s2,s1,n) \ ++ (strncat(s2,s1,n); n ? memset(s2[n-1],0,1) : 0; strlen(s1) + strlen(s2)) ++# define strlcpy(s2,s1,n) \ ++ (strncpy(s2,s1,n); n ? memset(s2[n-1],0,1) : 0; strlen(s1)) ++#endif ++#endif /* __NetBSD_Version__ */ ++ + /***********************************************/ + + /* do we need to do this for getenv. diff --git a/security/openssl/patches/patch-ai b/security/openssl/patches/patch-ai deleted file mode 100644 index e5749d1e7fe..00000000000 --- a/security/openssl/patches/patch-ai +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ai,v 1.2 1999/11/25 18:51:47 erh Exp $ - ---- apps/ca.c.orig Fri Aug 6 16:47:09 1999 -+++ apps/ca.c Wed Oct 20 17:49:43 1999 -@@ -98,7 +98,7 @@ - #define PROG ca_main - - #define BASE_SECTION "ca" --#define CONFIG_FILE "openssl.cnf" -+#define CONFIG_FILE "etc/openssl.cnf" - - #define ENV_DEFAULT_CA "default_ca" - diff --git a/security/openssl/patches/patch-aj b/security/openssl/patches/patch-aj deleted file mode 100644 index 19faff6cc56..00000000000 --- a/security/openssl/patches/patch-aj +++ /dev/null @@ -1,18 +0,0 @@ -$NetBSD: patch-aj,v 1.5 2001/05/11 22:14:11 tron Exp $ - ---- e_os.h.orig Thu Sep 21 11:23:14 2000 -+++ e_os.h Sat May 12 00:03:27 2001 -@@ -1,4 +1,3 @@ --/* e_os.h */ - /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * -@@ -297,7 +296,7 @@ - typedef unsigned long clock_t; - # endif - --# define OPENSSL_CONF "openssl.cnf" -+# define OPENSSL_CONF "etc/openssl.cnf" - # define SSLEAY_CONF OPENSSL_CONF - # define RFILE ".rnd" - # define LIST_SEPARATOR_CHAR ':' |