From 75e0e0a8338ac58ad6b0e0ca0e478e89599e8dbc Mon Sep 17 00:00:00 2001 From: taca Date: Fri, 26 Feb 2010 03:15:13 +0000 Subject: Update openssl to 0.9.8m. The OpenSSL project team is pleased to announce the release of version 0.9.8m of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release which implements RFC5746 to address renegotiation vulnerabilities mentioned in CVE-2009-3555. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. --- security/openssl/Makefile | 7 ++++--- security/openssl/distinfo | 19 +++++++---------- security/openssl/patches/patch-aa | 14 ++++++------- security/openssl/patches/patch-ac | 18 ++++++++-------- security/openssl/patches/patch-af | 34 +++++++----------------------- security/openssl/patches/patch-ax | 24 --------------------- security/openssl/patches/patch-ay | 13 ------------ security/openssl/patches/patch-az | 42 ------------------------------------- security/openssl/patches/patch-ba | 17 --------------- security/openssl/patches/patch-bb | 44 --------------------------------------- 10 files changed, 34 insertions(+), 198 deletions(-) delete mode 100644 security/openssl/patches/patch-ax delete mode 100644 security/openssl/patches/patch-ay delete mode 100644 security/openssl/patches/patch-az delete mode 100644 security/openssl/patches/patch-ba delete mode 100644 security/openssl/patches/patch-bb diff --git a/security/openssl/Makefile b/security/openssl/Makefile index d31d4596c3e..a873d9e1179 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,9 +1,8 @@ -# $NetBSD: Makefile,v 1.143 2010/01/22 03:35:10 taca Exp $ +# $NetBSD: Makefile,v 1.144 2010/02/26 03:15:13 taca Exp $ OPENSSL_SNAPSHOT?= # empty OPENSSL_STABLE?= # empty -OPENSSL_VERS?= 0.9.8l -PKGREVISION= 1 +OPENSSL_VERS?= 0.9.8m .if empty(OPENSSL_SNAPSHOT) DISTNAME= openssl-${OPENSSL_VERS} @@ -124,6 +123,8 @@ CONF_FILES= ${PREFIX}/share/examples/openssl/openssl.cnf \ ${PKG_SYSCONFDIR}/openssl.cnf OWN_DIRS= ${PKG_SYSCONFDIR}/certs ${PKG_SYSCONFDIR}/private +INSTALLATION_DIRS+= share/examples/openssl + # Fix the path to perl in various scripts. pre-configure: cd ${WRKSRC} && ${PERL5} util/perlpath.pl ${PERL5} diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 3be3aab1782..9483eef609b 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,18 +1,13 @@ -$NetBSD: distinfo,v 1.71 2010/01/22 03:35:10 taca Exp $ +$NetBSD: distinfo,v 1.72 2010/02/26 03:15:13 taca Exp $ -SHA1 (openssl-0.9.8l.tar.gz) = d3fb6ec89532ab40646b65af179bb1770f7ca28f -RMD160 (openssl-0.9.8l.tar.gz) = 9de81ec2583edcba729e62d50fd22c0a98a52903 -Size (openssl-0.9.8l.tar.gz) = 4179422 bytes -SHA1 (patch-aa) = cb6942b0be960151c185e89af1e09050a6b18dff -SHA1 (patch-ac) = 3f62d36e18c2b8f587322dac5b329207704f40ad +SHA1 (openssl-0.9.8m.tar.gz) = 2511c709a47f34d5fa6cd1a1c9cb1699bdffa912 +RMD160 (openssl-0.9.8m.tar.gz) = 0296af151993008526b4f2b3a6810e20c4ad3759 +Size (openssl-0.9.8m.tar.gz) = 3767604 bytes +SHA1 (patch-aa) = b3899aebeea9bd9ead58771ca52ecec049589a55 +SHA1 (patch-ac) = 6ff4a20440666f5c520837e10547091e1bee2208 SHA1 (patch-ad) = bb86ac463fc4ab8b485df5f1a4fb9c13c1fc41c3 SHA1 (patch-ae) = 7a58f1765a3761321dcc8dafc5fe2e33207be480 -SHA1 (patch-af) = 81263ce9dc0e89293ac1fc298e1178253a0b0b1b +SHA1 (patch-af) = 2610930b6b06397fa2e3955b3244c02193f5b7a6 SHA1 (patch-ag) = 5f12c72b85e4b6c6a79dfcf87055e9e029fbd8c8 SHA1 (patch-ak) = 049250b9bd42e6f155145703135dab39a7ec17e0 SHA1 (patch-al) = 076a606352bdeaeea1cc64f16be2ac1325882302 -SHA1 (patch-ax) = ef0c657de2aa42baa365b9857583d1c55d0e7d1b -SHA1 (patch-ay) = 6d5de155e5508cd2237387626c8e1ff7ee603f8e -SHA1 (patch-az) = aa7ef7192d56979ba09aa1dab8a2cdf9868f9c4a -SHA1 (patch-ba) = b8ab55c0c6ab4b995cae18517609720f0803e11f -SHA1 (patch-bb) = a4092a65f52d3c9c85c9015901b2a5eeb11d0955 diff --git a/security/openssl/patches/patch-aa b/security/openssl/patches/patch-aa index 5c2acd50232..ee2d37d0258 100644 --- a/security/openssl/patches/patch-aa +++ b/security/openssl/patches/patch-aa @@ -1,15 +1,15 @@ -$NetBSD: patch-aa,v 1.22 2010/01/15 04:55:30 taca Exp $ +$NetBSD: patch-aa,v 1.23 2010/02/26 03:15:13 taca Exp $ ---- config.orig 2009-02-16 08:43:41.000000000 +0000 +--- config.orig 2009-10-15 12:58:00.000000000 +0000 +++ config @@ -49,6 +49,7 @@ done # First get uname entries that we use below - MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown" -+MACHINE_ARCH=`(uname -p) 2>/dev/null` || MACHINE_ARCH="unknown" - RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown" - SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown" - VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown" + [ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown" ++[ "$MACHINE_ARCH" ] || MACHINE_ARCH=`(uname -p) 2>/dev/null` || MACHINE_ARCH="unknown" + [ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown" + [ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown" + [ "$BUILD" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown" @@ -154,6 +155,10 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ echo "mips4-sgi-irix64"; exit 0 ;; diff --git a/security/openssl/patches/patch-ac b/security/openssl/patches/patch-ac index 05e06c9ca5f..13a4b3d636a 100644 --- a/security/openssl/patches/patch-ac +++ b/security/openssl/patches/patch-ac @@ -1,17 +1,17 @@ -$NetBSD: patch-ac,v 1.37 2010/01/15 04:55:30 taca Exp $ +$NetBSD: patch-ac,v 1.38 2010/02/26 03:15:13 taca Exp $ ---- Configure.orig 2009-11-05 12:07:06.000000000 +0000 +--- Configure.orig 2009-11-09 14:14:26.000000000 +0000 +++ Configure -@@ -206,7 +206,7 @@ my %table=( - "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +@@ -212,7 +212,7 @@ my %table=( + "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Solaris x86 with Sun C setups -"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris-x86-cc","cc:-xO5 -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", - "solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", + "solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with GNU C setups -@@ -318,6 +318,7 @@ my %table=( +@@ -324,6 +324,7 @@ my %table=( # "osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so", "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so", @@ -19,7 +19,7 @@ $NetBSD: patch-ac,v 1.37 2010/01/15 04:55:30 taca Exp $ "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so", #### -@@ -380,6 +381,25 @@ my %table=( +@@ -386,6 +387,25 @@ my %table=( "BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -45,7 +45,7 @@ $NetBSD: patch-ac,v 1.37 2010/01/15 04:55:30 taca Exp $ "bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "nextstep", "cc:-O -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", -@@ -808,6 +828,10 @@ PROCESS_ARGS: +@@ -821,6 +841,10 @@ PROCESS_ARGS: { $libs.=$_." "; } @@ -56,7 +56,7 @@ $NetBSD: patch-ac,v 1.37 2010/01/15 04:55:30 taca Exp $ elsif (/^-[^-]/ or /^\+/) { $flags.=$_." "; -@@ -1523,7 +1547,7 @@ while () +@@ -1566,7 +1590,7 @@ while () elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) { my $sotmp = $1; diff --git a/security/openssl/patches/patch-af b/security/openssl/patches/patch-af index b209050cfcc..c8192041cf8 100644 --- a/security/openssl/patches/patch-af +++ b/security/openssl/patches/patch-af @@ -1,6 +1,6 @@ -$NetBSD: patch-af,v 1.23 2010/01/15 04:55:30 taca Exp $ +$NetBSD: patch-af,v 1.24 2010/02/26 03:15:14 taca Exp $ ---- Makefile.org.orig 2009-03-03 22:40:29.000000000 +0000 +--- Makefile.org.orig 2010-01-27 16:06:36.000000000 +0000 +++ Makefile.org @@ -28,6 +28,7 @@ INSTALLTOP=/usr/local/ssl @@ -10,7 +10,7 @@ $NetBSD: patch-af,v 1.23 2010/01/15 04:55:30 taca Exp $ # NO_IDEA - Define to build without the IDEA algorithm # NO_RC4 - Define to build without the RC4 algorithm -@@ -131,8 +132,8 @@ FIPSCANLIB= +@@ -132,8 +133,8 @@ FIPSCANLIB= BASEADDR= @@ -21,7 +21,7 @@ $NetBSD: patch-af,v 1.23 2010/01/15 04:55:30 taca Exp $ # dirs in crypto to build SDIRS= \ -@@ -152,7 +153,7 @@ TESTS = alltests +@@ -153,7 +154,7 @@ TESTS = alltests MAKEFILE= Makefile @@ -30,7 +30,7 @@ $NetBSD: patch-af,v 1.23 2010/01/15 04:55:30 taca Exp $ MAN1=1 MAN3=3 MANSUFFIX= -@@ -168,6 +169,7 @@ SHARED_SSL=libssl$(SHLIB_EXT) +@@ -169,6 +170,7 @@ SHARED_SSL=libssl$(SHLIB_EXT) SHARED_FIPS= SHARED_LIBS= SHARED_LIBS_LINK_EXTS= @@ -38,16 +38,7 @@ $NetBSD: patch-af,v 1.23 2010/01/15 04:55:30 taca Exp $ SHARED_LDFLAGS= GENERAL= Makefile -@@ -200,7 +202,7 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESS - CC='${CC}' CFLAG='${CFLAG}' \ - AS='${CC}' ASFLAG='${CFLAG} -c' \ - AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \ -- SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \ -+ SDIRS='${SDIRS}' LIBRPATH='${LIBRPATH}' \ - INSTALL_PREFIX='${INSTALL_PREFIX}' \ - INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \ - MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ -@@ -611,7 +613,7 @@ dist: +@@ -615,7 +617,7 @@ dist: dist_pem_h: (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean) @@ -56,18 +47,7 @@ $NetBSD: patch-af,v 1.23 2010/01/15 04:55:30 taca Exp $ install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ -@@ -619,9 +621,7 @@ install_sw: - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ - $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ -- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ -- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ -- $(INSTALL_PREFIX)$(OPENSSLDIR)/private -+ $(INSTALL_PREFIX)$(EXAMPLEDIR) - @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\ - do \ - (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ -@@ -691,35 +691,53 @@ install_docs: +@@ -695,35 +697,53 @@ install_docs: set -e; for i in doc/apps/*.pod; do \ fn=`basename $$i .pod`; \ sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ diff --git a/security/openssl/patches/patch-ax b/security/openssl/patches/patch-ax deleted file mode 100644 index b710884ea85..00000000000 --- a/security/openssl/patches/patch-ax +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-ax,v 1.1 2009/06/10 13:57:08 tez Exp $ - -Part of CVE-2009-1377 fix. - ---- crypto/pqueue/pqueue.c.orig 2009-06-08 18:55:59.826213100 -0500 -+++ crypto/pqueue/pqueue.c -@@ -234,3 +234,17 @@ pqueue_next(pitem **item) - - return ret; - } -+ -+int -+pqueue_size(pqueue_s *pq) -+{ -+ pitem *item = pq->items; -+ int count = 0; -+ -+ while(item != NULL) -+ { -+ count++; -+ item = item->next; -+ } -+ return count; -+} diff --git a/security/openssl/patches/patch-ay b/security/openssl/patches/patch-ay deleted file mode 100644 index 166214c5209..00000000000 --- a/security/openssl/patches/patch-ay +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-ay,v 1.1 2009/06/10 13:57:08 tez Exp $ - -Part of CVE-2009-1377 fix. - ---- crypto/pqueue/pqueue.h.orig 2009-06-08 18:57:00.672546600 -0500 -+++ crypto/pqueue/pqueue.h -@@ -91,5 +91,6 @@ pitem *pqueue_iterator(pqueue pq); - pitem *pqueue_next(piterator *iter); - - void pqueue_print(pqueue pq); -+int pqueue_size(pqueue pq); - - #endif /* ! HEADER_PQUEUE_H */ diff --git a/security/openssl/patches/patch-az b/security/openssl/patches/patch-az deleted file mode 100644 index 9106990b117..00000000000 --- a/security/openssl/patches/patch-az +++ /dev/null @@ -1,42 +0,0 @@ -$NetBSD: patch-az,v 1.1 2009/06/10 13:57:08 tez Exp $ - -CVE-2009-1378 and CVE-2009-1379 fixes. - ---- ssl/d1_both.c.orig 2009-06-08 18:59:50.629293200 -0500 -+++ ssl/d1_both.c -@@ -519,6 +519,8 @@ dtls1_retrieve_buffered_fragment(SSL *s, - - if ( s->d1->handshake_read_seq == frag->msg_header.seq) - { -+ unsigned long frag_len = frag->msg_header.frag_len; -+ - pqueue_pop(s->d1->buffered_messages); - - al=dtls1_preprocess_fragment(s,&frag->msg_header,max); -@@ -536,7 +538,7 @@ dtls1_retrieve_buffered_fragment(SSL *s, - if (al==0) - { - *ok = 1; -- return frag->msg_header.frag_len; -+ return frag_len; - } - - ssl3_send_alert(s,SSL3_AL_FATAL,al); -@@ -561,7 +563,16 @@ dtls1_process_out_of_seq_message(SSL *s, - if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len) - goto err; - -- if (msg_hdr->seq <= s->d1->handshake_read_seq) -+ /* Try to find item in queue, to prevent duplicate entries */ -+ pq_64bit_init(&seq64); -+ pq_64bit_assign_word(&seq64, msg_hdr->seq); -+ item = pqueue_find(s->d1->buffered_messages, seq64); -+ pq_64bit_free(&seq64); -+ -+ /* Discard the message if sequence number was already there, is -+ * too far in the future or the fragment is already in the queue */ -+ if (msg_hdr->seq <= s->d1->handshake_read_seq || -+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL) - { - unsigned char devnull [256]; - diff --git a/security/openssl/patches/patch-ba b/security/openssl/patches/patch-ba deleted file mode 100644 index 557e03224ed..00000000000 --- a/security/openssl/patches/patch-ba +++ /dev/null @@ -1,17 +0,0 @@ -$NetBSD: patch-ba,v 1.1 2009/06/10 13:57:08 tez Exp $ - -Part of CVE-2009-1377 fix. - ---- ssl/d1_pkt.c.orig 2009-06-08 18:58:13.784215600 -0500 -+++ ssl/d1_pkt.c -@@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueu - DTLS1_RECORD_DATA *rdata; - pitem *item; - -+ /* Limit the size of the queue to prevent DOS attacks */ -+ if (pqueue_size(queue->q) >= 100) -+ return 0; -+ - rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA)); - item = pitem_new(priority, rdata); - if (rdata == NULL || item == NULL) diff --git a/security/openssl/patches/patch-bb b/security/openssl/patches/patch-bb deleted file mode 100644 index 8263f6bdc1f..00000000000 --- a/security/openssl/patches/patch-bb +++ /dev/null @@ -1,44 +0,0 @@ -$NetBSD: patch-bb,v 1.1 2010/01/22 03:35:10 taca Exp $ - -deal with CVE-2009-4355, revsion 1.15.2.8 from OpenSSL's CVS repository. - ---- crypto/comp/c_zlib.c.orig 2008-12-13 17:00:53.000000000 +0000 -+++ crypto/comp/c_zlib.c -@@ -136,15 +136,6 @@ struct zlib_state - - static int zlib_stateful_ex_idx = -1; - --static void zlib_stateful_free_ex_data(void *obj, void *item, -- CRYPTO_EX_DATA *ad, int ind,long argl, void *argp) -- { -- struct zlib_state *state = (struct zlib_state *)item; -- inflateEnd(&state->istream); -- deflateEnd(&state->ostream); -- OPENSSL_free(state); -- } -- - static int zlib_stateful_init(COMP_CTX *ctx) - { - int err; -@@ -188,6 +179,12 @@ static int zlib_stateful_init(COMP_CTX * - - static void zlib_stateful_finish(COMP_CTX *ctx) - { -+ struct zlib_state *state = -+ (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data, -+ zlib_stateful_ex_idx); -+ inflateEnd(&state->istream); -+ deflateEnd(&state->ostream); -+ OPENSSL_free(state); - CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data); - } - -@@ -402,7 +399,7 @@ COMP_METHOD *COMP_zlib(void) - if (zlib_stateful_ex_idx == -1) - zlib_stateful_ex_idx = - CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP, -- 0,NULL,NULL,NULL,zlib_stateful_free_ex_data); -+ 0,NULL,NULL,NULL,NULL); - CRYPTO_w_unlock(CRYPTO_LOCK_COMP); - if (zlib_stateful_ex_idx == -1) - goto err; -- cgit v1.2.3