diff options
author | fredb <fredb> | 2002-08-10 04:50:31 +0000 |
---|---|---|
committer | fredb <fredb> | 2002-08-10 04:50:31 +0000 |
commit | 83b2c48261045008abfb9bda96955f9ac8c88625 (patch) | |
tree | 0bf028b4dd8a881d7400938e7367616fe8668bfe /security | |
parent | f74e490713d2e8a86fbaaee0053ccdcfaae48099 (diff) | |
download | pkgsrc-83b2c48261045008abfb9bda96955f9ac8c88625.tar.gz |
Update to 0.9.6g. The most significant change is this proof against
a stunning DoS vulnerability, fixed in 0.9.6f:
*) Use proper error handling instead of 'assertions' in buffer
overflow checks added in 0.9.6e. This prevents DoS (the
assertions could call abort()).
[Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
Regenerate the netbsd patch. This is now a clean diff against the
vendor tag, with version-number-only changes elided.
Partially revert "crypto/dist/openssl/crypto/rand/randfile.c", version
1.4 (via additional pkgsrc patch), to give this a shot to compile on
NetBSD-1.4.2 and earlier, which had no strlcpy() or strlcat().
Assemble the shared library without "-Bsymbolic", mainly to give this
a shot at linking on NetBSD-a.out (untested).
Diffstat (limited to 'security')
-rw-r--r-- | security/openssl/Makefile | 7 | ||||
-rw-r--r-- | security/openssl/distinfo | 17 | ||||
-rw-r--r-- | security/openssl/patches/patch-aa | 11 | ||||
-rw-r--r-- | security/openssl/patches/patch-ac | 10 | ||||
-rw-r--r-- | security/openssl/patches/patch-af | 11 | ||||
-rw-r--r-- | security/openssl/patches/patch-ag | 35 |
6 files changed, 59 insertions, 32 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 5b971fdbc7a..657e4676bf7 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.54 2002/08/09 14:45:05 jlam Exp $ +# $NetBSD: Makefile,v 1.55 2002/08/10 04:50:31 fredb Exp $ -DISTNAME= openssl-0.9.6e +DISTNAME= openssl-0.9.6g SVR4_PKGNAME= ossl CATEGORIES= security MASTER_SITES= ftp://ftp.openssl.org/source/ @@ -48,8 +48,7 @@ test: all .if ${OPSYS} == "NetBSD" PATCH_SITES= ${MASTER_SITE_LOCAL} -PATCHFILES= openssl-0.9.6e-20020804-netbsd.patch.gz -PATCH_DIST_STRIP= -p1 +PATCHFILES= openssl-0.9.6g-20020810-netbsd.patch.gz PKG_SYSCONFDIR.${PKGBASE}?= /etc/openssl .endif diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 82342fb5dac..070e093db7c 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,12 +1,13 @@ -$NetBSD: distinfo,v 1.10 2002/08/07 10:30:53 fredb Exp $ +$NetBSD: distinfo,v 1.11 2002/08/10 04:50:32 fredb Exp $ -SHA1 (openssl-0.9.6e.tar.gz) = b9eefc560058fc06ad2e24c22d477424ad37fe0d -Size (openssl-0.9.6e.tar.gz) = 2158566 bytes -SHA1 (openssl-0.9.6e-20020804-netbsd.patch.gz) = 0981460c471d4b30504927fb4173e5eaccd3ba82 -Size (openssl-0.9.6e-20020804-netbsd.patch.gz) = 28234 bytes -SHA1 (patch-aa) = 959928efc089555d2189c9f5e54b9e598cc34bd1 +SHA1 (openssl-0.9.6g.tar.gz) = 5b3cdad1d33134c97f659a8ad5dbf4ca4cf3d9c8 +Size (openssl-0.9.6g.tar.gz) = 2170570 bytes +SHA1 (openssl-0.9.6g-20020810-netbsd.patch.gz) = 37cf5db32ba045b8a23af71ea95ab2f90b886e46 +Size (openssl-0.9.6g-20020810-netbsd.patch.gz) = 27608 bytes +SHA1 (patch-aa) = c4766edba4704374ae67d75c2f9454bc70782eea SHA1 (patch-ab) = 9bdac032996bd97834b00cb661f79c00dc31bac1 -SHA1 (patch-ac) = 11d459aa2e7fe0c4d59285db25b74b8b06396c36 +SHA1 (patch-ac) = 7d63a98d7df20065da443084f41413eb98911b14 SHA1 (patch-ad) = ee8283d5537edce1bb60470c616ebabfda0aa084 SHA1 (patch-ae) = f4bf6ae5aa41b55d9978376e4e50ee10c10dd288 -SHA1 (patch-af) = bffccbde6871b7e279c565671308a5740534449e +SHA1 (patch-af) = fd470396c5f54ea2d333df44504c03e7c6c8dc96 +SHA1 (patch-ag) = be064cc8207512e91bccfe7968758b88cb29e966 diff --git a/security/openssl/patches/patch-aa b/security/openssl/patches/patch-aa index 7a44be0f9c8..668ecb5ed79 100644 --- a/security/openssl/patches/patch-aa +++ b/security/openssl/patches/patch-aa @@ -1,16 +1,7 @@ -$NetBSD: patch-aa,v 1.9 2002/08/04 15:47:46 fredb Exp $ +$NetBSD: patch-aa,v 1.10 2002/08/10 04:50:32 fredb Exp $ --- config.orig Sun Jun 16 05:32:14 2002 +++ config -@@ -388,7 +388,7 @@ - # does give us what we want though, so we use that. We just just the - # major and minor version numbers. - # peak single digit before and after first dot, e.g. 2.95.1 gives 29 -- GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'` -+ GCCVER=`echo $GCCVER | sed 's/[^.]*\([0-9]\)\.\([0-9]\).*/\1\2/'` - else - CC=cc - fi @@ -577,8 +577,8 @@ *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; *-freebsd[1-2]*) OUT="FreeBSD" ;; diff --git a/security/openssl/patches/patch-ac b/security/openssl/patches/patch-ac index 6e0d2b3833e..cf2e1e25d53 100644 --- a/security/openssl/patches/patch-ac +++ b/security/openssl/patches/patch-ac @@ -1,10 +1,10 @@ -$NetBSD: patch-ac,v 1.5 2002/08/04 15:47:46 fredb Exp $ +$NetBSD: patch-ac,v 1.6 2002/08/10 04:50:33 fredb Exp $ ---- Configure.orig Thu Aug 1 14:11:00 2002 +--- Configure.orig Thu Aug 8 16:12:40 2002 +++ Configure @@ -347,9 +347,6 @@ - "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", - "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)", + "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -12,7 +12,7 @@ $NetBSD: patch-ac,v 1.5 2002/08/04 15:47:46 fredb Exp $ "FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", "bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}", -@@ -500,6 +482,20 @@ +@@ -500,6 +497,20 @@ ##### VxWorks for various targets "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::", diff --git a/security/openssl/patches/patch-af b/security/openssl/patches/patch-af index e23a3936201..0e7569c24b0 100644 --- a/security/openssl/patches/patch-af +++ b/security/openssl/patches/patch-af @@ -1,6 +1,6 @@ -$NetBSD: patch-af,v 1.4 2002/08/04 15:47:47 fredb Exp $ +$NetBSD: patch-af,v 1.5 2002/08/10 04:50:33 fredb Exp $ ---- Makefile.org.orig Fri Jul 19 11:33:26 2002 +--- Makefile.org.orig Fri Aug 9 06:43:56 2002 +++ Makefile.org @@ -169,7 +169,7 @@ MAKEFILE= Makefile.ssl @@ -11,16 +11,17 @@ $NetBSD: patch-af,v 1.4 2002/08/04 15:47:47 fredb Exp $ MAN1=1 MAN3=3 SHELL=/bin/sh -@@ -261,7 +261,7 @@ +@@ -262,8 +262,7 @@ libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ ( set -x; ${CC} ${SHARED_LDFLAGS} \ -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ - -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ +- -Wl,-Bsymbolic \ + -Wl,-soname=lib$$i.so.${SHLIB_MAJOR} \ - -Wl,-Bsymbolic \ -Wl,--whole-archive lib$$i.a \ -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ -@@ -631,10 +631,10 @@ + libs="$$libs -l$$i"; \ +@@ -632,10 +631,10 @@ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ diff --git a/security/openssl/patches/patch-ag b/security/openssl/patches/patch-ag new file mode 100644 index 00000000000..014f0b494e7 --- /dev/null +++ b/security/openssl/patches/patch-ag @@ -0,0 +1,35 @@ +$NetBSD: patch-ag,v 1.6 2002/08/10 04:50:33 fredb Exp $ + +--- crypto/rand/randfile.c.orig Fri Aug 9 22:31:54 2002 ++++ crypto/rand/randfile.c +@@ -225,9 +225,10 @@ + + if (OPENSSL_issetugid() == 0) + s=getenv("RANDFILE"); +- if (s != NULL && *s && strlen(s) + 1 < size) ++ if (s != NULL) + { +- strlcpy(buf,s,size); ++ strncpy(buf,s,size-1); ++ buf[size-1]='\0'; + ret=buf; + } + else +@@ -240,13 +241,13 @@ + s = DEFAULT_HOME; + } + #endif +- if (s != NULL && *s && (strlen(s)+strlen(RFILE)+2 < size)) ++ if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size)) + { +- strlcpy(buf,s,size); ++ strcpy(buf,s); + #ifndef VMS +- strlcat(buf,"/",size); ++ strcat(buf,"/"); + #endif +- strlcat(buf,RFILE,size); ++ strcat(buf,RFILE); + ret=buf; + } + else |