Update to 0.9.6g. The most significant change is this proof against

a stunning DoS vulnerability, fixed in 0.9.6f: *) Use proper error handling instead of 'assertions' in buffer overflow checks added in 0.9.6e. This prevents DoS (the assertions could call abort()). [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller] Regenerate the netbsd patch. This is now a clean diff against the vendor tag, with version-number-only changes elided. Partially revert "crypto/dist/openssl/crypto/rand/randfile.c", version 1.4 (via additional pkgsrc patch), to give this a shot to compile on NetBSD-1.4.2 and earlier, which had no strlcpy() or strlcat(). Assemble the shared library without "-Bsymbolic", mainly to give this a shot at linking on NetBSD-a.out (untested).
author: fredb <fredb@pkgsrc.org> 2002-08-10 04:50:31 +0000
committer: fredb <fredb@pkgsrc.org> 2002-08-10 04:50:31 +0000
commit: d5e2ea6e6860c9a59e833f1ab67b73eb61d5bfda (patch)
tree: 0bf028b4dd8a881d7400938e7367616fe8668bfe /security
parent: 9fa64dec3b098f174ec1e505394e5ca3b01a8907 (diff)
download: pkgsrc-d5e2ea6e6860c9a59e833f1ab67b73eb61d5bfda.tar.gz
6 files changed, 59 insertions, 32 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 5b971fdbc7a..657e4676bf7 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.54 2002/08/09 14:45:05 jlam Exp $
+# $NetBSD: Makefile,v 1.55 2002/08/10 04:50:31 fredb Exp $
 
-DISTNAME=		openssl-0.9.6e
+DISTNAME=		openssl-0.9.6g
 SVR4_PKGNAME=		ossl
 CATEGORIES=		security
 MASTER_SITES=		ftp://ftp.openssl.org/source/
@@ -48,8 +48,7 @@ test: all
 
 .if ${OPSYS} == "NetBSD"
 PATCH_SITES=		${MASTER_SITE_LOCAL}
-PATCHFILES=		openssl-0.9.6e-20020804-netbsd.patch.gz
-PATCH_DIST_STRIP=	-p1
+PATCHFILES=		openssl-0.9.6g-20020810-netbsd.patch.gz
 
 PKG_SYSCONFDIR.${PKGBASE}?=	/etc/openssl
 .endif
diff --git a/security/openssl/distinfo b/security/openssl/distinfo
index 82342fb5dac..070e093db7c 100644
--- a/security/openssl/distinfo
+++ b/security/openssl/distinfo
@@ -1,12 +1,13 @@
-$NetBSD: distinfo,v 1.10 2002/08/07 10:30:53 fredb Exp $
+$NetBSD: distinfo,v 1.11 2002/08/10 04:50:32 fredb Exp $
 
-SHA1 (openssl-0.9.6e.tar.gz) = b9eefc560058fc06ad2e24c22d477424ad37fe0d
-Size (openssl-0.9.6e.tar.gz) = 2158566 bytes
-SHA1 (openssl-0.9.6e-20020804-netbsd.patch.gz) = 0981460c471d4b30504927fb4173e5eaccd3ba82
-Size (openssl-0.9.6e-20020804-netbsd.patch.gz) = 28234 bytes
-SHA1 (patch-aa) = 959928efc089555d2189c9f5e54b9e598cc34bd1
+SHA1 (openssl-0.9.6g.tar.gz) = 5b3cdad1d33134c97f659a8ad5dbf4ca4cf3d9c8
+Size (openssl-0.9.6g.tar.gz) = 2170570 bytes
+SHA1 (openssl-0.9.6g-20020810-netbsd.patch.gz) = 37cf5db32ba045b8a23af71ea95ab2f90b886e46
+Size (openssl-0.9.6g-20020810-netbsd.patch.gz) = 27608 bytes
+SHA1 (patch-aa) = c4766edba4704374ae67d75c2f9454bc70782eea
 SHA1 (patch-ab) = 9bdac032996bd97834b00cb661f79c00dc31bac1
-SHA1 (patch-ac) = 11d459aa2e7fe0c4d59285db25b74b8b06396c36
+SHA1 (patch-ac) = 7d63a98d7df20065da443084f41413eb98911b14
 SHA1 (patch-ad) = ee8283d5537edce1bb60470c616ebabfda0aa084
 SHA1 (patch-ae) = f4bf6ae5aa41b55d9978376e4e50ee10c10dd288
-SHA1 (patch-af) = bffccbde6871b7e279c565671308a5740534449e
+SHA1 (patch-af) = fd470396c5f54ea2d333df44504c03e7c6c8dc96
+SHA1 (patch-ag) = be064cc8207512e91bccfe7968758b88cb29e966
diff --git a/security/openssl/patches/patch-aa b/security/openssl/patches/patch-aa
index 7a44be0f9c8..668ecb5ed79 100644
--- a/security/openssl/patches/patch-aa
+++ b/security/openssl/patches/patch-aa
@@ -1,16 +1,7 @@
-$NetBSD: patch-aa,v 1.9 2002/08/04 15:47:46 fredb Exp $
+$NetBSD: patch-aa,v 1.10 2002/08/10 04:50:32 fredb Exp $
 
 --- config.orig	Sun Jun 16 05:32:14 2002
 +++ config
-@@ -388,7 +388,7 @@
-   # does give us what we want though, so we use that.  We just just the
-   # major and minor version numbers.
-   # peak single digit before and after first dot, e.g. 2.95.1 gives 29
--  GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
-+  GCCVER=`echo $GCCVER | sed 's/[^.]*\([0-9]\)\.\([0-9]\).*/\1\2/'`
- else
-   CC=cc
- fi
 @@ -577,8 +577,8 @@
    *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
    *-freebsd[1-2]*) OUT="FreeBSD" ;;
diff --git a/security/openssl/patches/patch-ac b/security/openssl/patches/patch-ac
index 6e0d2b3833e..cf2e1e25d53 100644
--- a/security/openssl/patches/patch-ac
+++ b/security/openssl/patches/patch-ac
@@ -1,10 +1,10 @@
-$NetBSD: patch-ac,v 1.5 2002/08/04 15:47:46 fredb Exp $
+$NetBSD: patch-ac,v 1.6 2002/08/10 04:50:33 fredb Exp $
 
---- Configure.orig	Thu Aug  1 14:11:00 2002
+--- Configure.orig	Thu Aug  8 16:12:40 2002
 +++ Configure
 @@ -347,9 +347,6 @@
- "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
- "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)",
+ "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -12,7 +12,7 @@ $NetBSD: patch-ac,v 1.5 2002/08/04 15:47:46 fredb Exp $
  "FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
  "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
  "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
-@@ -500,6 +482,20 @@
+@@ -500,6 +497,20 @@
  
  ##### VxWorks for various targets
  "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",
diff --git a/security/openssl/patches/patch-af b/security/openssl/patches/patch-af
index e23a3936201..0e7569c24b0 100644
--- a/security/openssl/patches/patch-af
+++ b/security/openssl/patches/patch-af
@@ -1,6 +1,6 @@
-$NetBSD: patch-af,v 1.4 2002/08/04 15:47:47 fredb Exp $
+$NetBSD: patch-af,v 1.5 2002/08/10 04:50:33 fredb Exp $
 
---- Makefile.org.orig	Fri Jul 19 11:33:26 2002
+--- Makefile.org.orig	Fri Aug  9 06:43:56 2002
 +++ Makefile.org
 @@ -169,7 +169,7 @@
  MAKEFILE= Makefile.ssl
@@ -11,16 +11,17 @@ $NetBSD: patch-af,v 1.4 2002/08/04 15:47:47 fredb Exp $
  MAN1=1
  MAN3=3
  SHELL=/bin/sh
-@@ -261,7 +261,7 @@
+@@ -262,8 +262,7 @@
  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
  	( set -x; ${CC} ${SHARED_LDFLAGS} \
  		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 -		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+-		-Wl,-Bsymbolic \
 +		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR} \
- 		-Wl,-Bsymbolic \
  		-Wl,--whole-archive lib$$i.a \
  		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
-@@ -631,10 +631,10 @@
+ 	libs="$$libs -l$$i"; \
+@@ -632,10 +631,10 @@
  	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
  		$(INSTALL_PREFIX)$(INSTALLTOP)/lib \
  		$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
diff --git a/security/openssl/patches/patch-ag b/security/openssl/patches/patch-ag
new file mode 100644
index 00000000000..014f0b494e7
--- /dev/null
+++ b/security/openssl/patches/patch-ag
@@ -0,0 +1,35 @@
+$NetBSD: patch-ag,v 1.6 2002/08/10 04:50:33 fredb Exp $
+
+--- crypto/rand/randfile.c.orig	Fri Aug  9 22:31:54 2002
++++ crypto/rand/randfile.c
+@@ -225,9 +225,10 @@
+ 
+ 	if (OPENSSL_issetugid() == 0)
+ 		s=getenv("RANDFILE");
+-	if (s != NULL && *s && strlen(s) + 1 < size)
++	if (s != NULL)
+ 		{
+-		strlcpy(buf,s,size);
++		strncpy(buf,s,size-1);
++		buf[size-1]='\0';
+ 		ret=buf;
+ 		}
+ 	else
+@@ -240,13 +241,13 @@
+ 			s = DEFAULT_HOME;
+ 			}
+ #endif
+-		if (s != NULL && *s && (strlen(s)+strlen(RFILE)+2 < size))
++		if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))
+ 			{
+-			strlcpy(buf,s,size);
++			strcpy(buf,s);
+ #ifndef VMS
+-			strlcat(buf,"/",size);
++			strcat(buf,"/");
+ #endif
+-			strlcat(buf,RFILE,size);
++			strcat(buf,RFILE);
+ 			ret=buf;
+ 			}
+ 		else
author	fredb <fredb@pkgsrc.org>	2002-08-10 04:50:31 +0000
committer	fredb <fredb@pkgsrc.org>	2002-08-10 04:50:31 +0000
commit	d5e2ea6e6860c9a59e833f1ab67b73eb61d5bfda (patch)
tree	0bf028b4dd8a881d7400938e7367616fe8668bfe /security
parent	9fa64dec3b098f174ec1e505394e5ca3b01a8907 (diff)
download	pkgsrc-d5e2ea6e6860c9a59e833f1ab67b73eb61d5bfda.tar.gz