Add a patch from OpenSSL's repositroy to deal with CVE-2009-4355.

Bump PKGREVISION.

3 files changed, 48 insertions, 2 deletions

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index df98f46093c..d31d4596c3e 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.142 2010/01/15 04:55:30 taca Exp $
+# $NetBSD: Makefile,v 1.143 2010/01/22 03:35:10 taca Exp $
 
 OPENSSL_SNAPSHOT?=	# empty
 OPENSSL_STABLE?=	# empty
 OPENSSL_VERS?=		0.9.8l
+PKGREVISION=		1
 
 .if empty(OPENSSL_SNAPSHOT)
 DISTNAME=	openssl-${OPENSSL_VERS}
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index da4a313795c..3be3aab1782 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.70 2010/01/15 04:55:30 taca Exp $
+$NetBSD: distinfo,v 1.71 2010/01/22 03:35:10 taca Exp $
 
 SHA1 (openssl-0.9.8l.tar.gz) = d3fb6ec89532ab40646b65af179bb1770f7ca28f
 RMD160 (openssl-0.9.8l.tar.gz) = 9de81ec2583edcba729e62d50fd22c0a98a52903
@@ -15,3 +15,4 @@ SHA1 (patch-ax) = ef0c657de2aa42baa365b9857583d1c55d0e7d1b
 SHA1 (patch-ay) = 6d5de155e5508cd2237387626c8e1ff7ee603f8e
 SHA1 (patch-az) = aa7ef7192d56979ba09aa1dab8a2cdf9868f9c4a
 SHA1 (patch-ba) = b8ab55c0c6ab4b995cae18517609720f0803e11f
+SHA1 (patch-bb) = a4092a65f52d3c9c85c9015901b2a5eeb11d0955
diff --git a/security/openssl/patches/patch-bb b/security/openssl/patches/patch-bb
new file mode 100644
index 00000000000..8263f6bdc1f
--- /dev/null
+++ b/security/openssl/patches/patch-bb
@@ -0,0 +1,44 @@
+$NetBSD: patch-bb,v 1.1 2010/01/22 03:35:10 taca Exp $
+
+deal with CVE-2009-4355, revsion 1.15.2.8 from OpenSSL's CVS repository.
+
+--- crypto/comp/c_zlib.c.orig	2008-12-13 17:00:53.000000000 +0000
++++ crypto/comp/c_zlib.c
+@@ -136,15 +136,6 @@ struct zlib_state
+ 
+ static int zlib_stateful_ex_idx = -1;
+ 
+-static void zlib_stateful_free_ex_data(void *obj, void *item,
+-	CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
+-	{
+-	struct zlib_state *state = (struct zlib_state *)item;
+-	inflateEnd(&state->istream);
+-	deflateEnd(&state->ostream);
+-	OPENSSL_free(state);
+-	}
+-
+ static int zlib_stateful_init(COMP_CTX *ctx)
+ 	{
+ 	int err;
+@@ -188,6 +179,12 @@ static int zlib_stateful_init(COMP_CTX *
+ 
+ static void zlib_stateful_finish(COMP_CTX *ctx)
+ 	{
++	struct zlib_state *state =
++		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
++			zlib_stateful_ex_idx);
++	inflateEnd(&state->istream);
++	deflateEnd(&state->ostream);
++	OPENSSL_free(state);
+ 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
+ 	}
+ 
+@@ -402,7 +399,7 @@ COMP_METHOD *COMP_zlib(void)
+ 			if (zlib_stateful_ex_idx == -1)
+ 				zlib_stateful_ex_idx =
+ 					CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
+-						0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
++						0,NULL,NULL,NULL,NULL);
+ 			CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
+ 			if (zlib_stateful_ex_idx == -1)
+ 				goto err;