From bf3b70447327939f1096767ebe5c582f7daf50d0 Mon Sep 17 00:00:00 2001 From: wiz Date: Fri, 26 Mar 2004 02:22:38 +0000 Subject: Update to 0.9.6m: Changes between 0.9.6l and 0.9.6m [17 Mar 2004] *) Fix null-pointer assignment in do_change_cipher_spec() revealed by using the Codenomicon TLS Test Tool (CAN-2004-0079) [Joe Orton, Steve Henson] --- security/openssl/Makefile | 5 ++--- security/openssl/buildlink2.mk | 6 +++--- security/openssl/buildlink3.mk | 4 ++-- security/openssl/builtin.mk | 4 ++-- security/openssl/distinfo | 14 +++++++------- security/openssl/patches/patch-aa | 6 +++--- security/openssl/patches/patch-ac | 18 +++++++++--------- security/openssl/patches/patch-ad | 8 ++++---- security/openssl/patches/patch-af | 12 ++++++------ 9 files changed, 38 insertions(+), 39 deletions(-) diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 1626681c107..ab4c49beaef 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.88 2004/03/09 08:06:45 reed Exp $ +# $NetBSD: Makefile,v 1.89 2004/03/26 02:22:38 wiz Exp $ -DISTNAME= openssl-0.9.6l +DISTNAME= openssl-0.9.6m SVR4_PKGNAME= ossl -PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ftp://ftp.openssl.org/source/ diff --git a/security/openssl/buildlink2.mk b/security/openssl/buildlink2.mk index 80143441376..4aca4942594 100644 --- a/security/openssl/buildlink2.mk +++ b/security/openssl/buildlink2.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink2.mk,v 1.22 2004/02/12 09:38:43 jlam Exp $ +# $NetBSD: buildlink2.mk,v 1.23 2004/03/26 02:22:38 wiz Exp $ .if !defined(OPENSSL_BUILDLINK2_MK) OPENSSL_BUILDLINK2_MK= # defined @@ -8,9 +8,9 @@ OPENSSL_BUILDLINK2_MK= # defined # This is the ${PKGNAME} of the version of the OpenSSL package installed # by pkgsrc. # -_OPENSSL_PKGSRC_PKGNAME= openssl-0.9.6l +_OPENSSL_PKGSRC_PKGNAME= openssl-0.9.6m -BUILDLINK_DEPENDS.openssl?= openssl>=0.9.6l +BUILDLINK_DEPENDS.openssl?= openssl>=0.9.6m BUILDLINK_PKGSRCDIR.openssl?= ../../security/openssl BUILDLINK_CHECK_BUILTIN.openssl?= NO diff --git a/security/openssl/buildlink3.mk b/security/openssl/buildlink3.mk index 5a600e1b50a..7a642985a8e 100644 --- a/security/openssl/buildlink3.mk +++ b/security/openssl/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.17 2004/03/18 09:12:14 jlam Exp $ +# $NetBSD: buildlink3.mk,v 1.18 2004/03/26 02:22:38 wiz Exp $ BUILDLINK_DEPTH:= ${BUILDLINK_DEPTH}+ OPENSSL_BUILDLINK3_MK:= ${OPENSSL_BUILDLINK3_MK}+ @@ -13,7 +13,7 @@ BUILDLINK_PACKAGES:= ${BUILDLINK_PACKAGES:Nopenssl} BUILDLINK_PACKAGES+= openssl .if !empty(OPENSSL_BUILDLINK3_MK:M+) -BUILDLINK_DEPENDS.openssl+= openssl>=0.9.6l +BUILDLINK_DEPENDS.openssl+= openssl>=0.9.6m BUILDLINK_PKGSRCDIR.openssl?= ../../security/openssl # Ensure that -lcrypt comes before -lcrypto when linking so that the diff --git a/security/openssl/builtin.mk b/security/openssl/builtin.mk index c347cf00069..9523e9ae55b 100644 --- a/security/openssl/builtin.mk +++ b/security/openssl/builtin.mk @@ -1,6 +1,6 @@ -# $NetBSD: builtin.mk,v 1.1 2004/03/10 17:57:15 jlam Exp $ +# $NetBSD: builtin.mk,v 1.2 2004/03/26 02:22:38 wiz Exp $ -_OPENSSL_PKGSRC_PKGNAME= openssl-0.9.6l +_OPENSSL_PKGSRC_PKGNAME= openssl-0.9.6m _OPENSSL_OPENSSLV_H= /usr/include/openssl/opensslv.h .if !defined(IS_BUILTIN.openssl) diff --git a/security/openssl/distinfo b/security/openssl/distinfo index 7b8d2c23822..51ba149c988 100644 --- a/security/openssl/distinfo +++ b/security/openssl/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.25 2004/02/17 14:26:47 jlam Exp $ +$NetBSD: distinfo,v 1.26 2004/03/26 02:22:38 wiz Exp $ -SHA1 (openssl-0.9.6l.tar.gz) = 4fdd3c5f09b1276bf3c64140a38130c6dd49871c -Size (openssl-0.9.6l.tar.gz) = 2183726 bytes -SHA1 (patch-aa) = 4f172db9ed515d9972883470bf33b694f9df835a +SHA1 (openssl-0.9.6m.tar.gz) = 52414b8867944e2c35940142d38052544dab1358 +Size (openssl-0.9.6m.tar.gz) = 2184918 bytes +SHA1 (patch-aa) = be92618c7288abe45ed08afe77db2c2a263bc353 SHA1 (patch-ab) = cfbcaa52bec88987b8a63725b84adfd58b324032 -SHA1 (patch-ac) = 3a5248b8b9fe6791b6c114f3b98f1b4fae93a183 -SHA1 (patch-ad) = 950d57633fcb494564641f9b7e6385b96912c05d +SHA1 (patch-ac) = e0a6c1b2923e75e87fae54631240d5dce7afd017 +SHA1 (patch-ad) = 09de004a5cb65b7b990ef1e1ff1bd8f425aedf55 SHA1 (patch-ae) = f4bf6ae5aa41b55d9978376e4e50ee10c10dd288 -SHA1 (patch-af) = 25481e491acd7c2e3cd9587fe038a37e41071a24 +SHA1 (patch-af) = 1f8bfdad878808a05d5597adba5112090568cf19 SHA1 (patch-aj) = e300ae91c19214faf3419e7499214a1b536aac18 diff --git a/security/openssl/patches/patch-aa b/security/openssl/patches/patch-aa index 0fbace605bd..e9bf6b8e825 100644 --- a/security/openssl/patches/patch-aa +++ b/security/openssl/patches/patch-aa @@ -1,8 +1,8 @@ -$NetBSD: patch-aa,v 1.12 2004/02/17 14:26:47 jlam Exp $ +$NetBSD: patch-aa,v 1.13 2004/03/26 02:22:38 wiz Exp $ ---- config.orig Sun Jun 16 05:32:14 2002 +--- config.orig Thu Nov 14 17:30:29 2002 +++ config -@@ -577,8 +577,8 @@ +@@ -588,8 +588,8 @@ EOF *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; *-freebsd[1-2]*) OUT="FreeBSD" ;; *86*-*-netbsd) OUT="NetBSD-x86" ;; diff --git a/security/openssl/patches/patch-ac b/security/openssl/patches/patch-ac index 1f9967aceaa..7ca8b00cacb 100644 --- a/security/openssl/patches/patch-ac +++ b/security/openssl/patches/patch-ac @@ -1,8 +1,8 @@ -$NetBSD: patch-ac,v 1.15 2003/10/21 23:03:36 kristerw Exp $ +$NetBSD: patch-ac,v 1.16 2004/03/26 02:22:38 wiz Exp $ ---- Configure.orig Tue Oct 21 19:33:06 2003 -+++ Configure Tue Oct 21 23:51:28 2003 -@@ -129,55 +129,6 @@ +--- Configure.orig Thu Jan 29 00:59:17 2004 ++++ Configure +@@ -129,55 +129,6 @@ my %table=( "gcc", "gcc:-O3::(unknown)::BN_LLONG:::", "cc", "cc:-O::(unknown):::::", @@ -58,7 +58,7 @@ $NetBSD: patch-ac,v 1.15 2003/10/21 23:03:36 kristerw Exp $ # Sunos configs, assuming sparc for the gcc one. ##"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown)::DES_UNROLL:::", "sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:::", -@@ -275,9 +226,6 @@ +@@ -275,9 +226,6 @@ my %table=( #### HP MPE/iX http://jazz.external.hp.com/src/openssl/ "MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::", @@ -68,7 +68,7 @@ $NetBSD: patch-ac,v 1.15 2003/10/21 23:03:36 kristerw Exp $ # Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion # from the older DEC C Compiler to the newer compiler. It's now the # same as the preferred entry, alpha-cc. If you are still using the -@@ -336,20 +284,6 @@ +@@ -336,20 +284,6 @@ my %table=( # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the # bn86-elf.o file file since it is hand tweaked assembler. @@ -80,7 +80,7 @@ $NetBSD: patch-ac,v 1.15 2003/10/21 23:03:36 kristerw Exp $ -"linux-mips", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", -"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-m68k", "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::", --"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)", +-"linux-s390", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"NetBSD-sparc", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -89,7 +89,7 @@ $NetBSD: patch-ac,v 1.15 2003/10/21 23:03:36 kristerw Exp $ "FreeBSD-elf", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "FreeBSD", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}", "bsdi-gcc", "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}", -@@ -507,6 +441,89 @@ +@@ -507,6 +441,89 @@ my %table=( ##### Compaq Non-Stop Kernel (Tandem) "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown)::THIRTY_TWO_BIT:::", @@ -179,7 +179,7 @@ $NetBSD: patch-ac,v 1.15 2003/10/21 23:03:36 kristerw Exp $ ); my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32 -@@ -680,7 +697,7 @@ +@@ -680,7 +697,7 @@ PROCESS_ARGS: } elsif (/^[-+]/) { diff --git a/security/openssl/patches/patch-ad b/security/openssl/patches/patch-ad index 0c9f3f859ca..9bb3adfe483 100644 --- a/security/openssl/patches/patch-ad +++ b/security/openssl/patches/patch-ad @@ -1,8 +1,8 @@ -$NetBSD: patch-ad,v 1.9 2003/09/10 01:57:07 jlam Exp $ +$NetBSD: patch-ad,v 1.10 2004/03/26 02:22:38 wiz Exp $ ---- apps/Makefile.ssl.orig Thu Aug 8 14:13:36 2002 -+++ apps/Makefile.ssl Sun Aug 24 15:50:06 2003 -@@ -99,11 +99,11 @@ +--- apps/Makefile.ssl.orig Thu Aug 14 08:30:31 2003 ++++ apps/Makefile.ssl +@@ -100,11 +100,11 @@ install: @for i in $(SCRIPTS); \ do \ (echo installing $$i; \ diff --git a/security/openssl/patches/patch-af b/security/openssl/patches/patch-af index 42c0fc3e81f..341daaf3f27 100644 --- a/security/openssl/patches/patch-af +++ b/security/openssl/patches/patch-af @@ -1,8 +1,8 @@ -$NetBSD: patch-af,v 1.8 2003/09/10 01:57:07 jlam Exp $ +$NetBSD: patch-af,v 1.9 2004/03/26 02:22:38 wiz Exp $ ---- Makefile.org.orig Fri Aug 9 07:43:56 2002 -+++ Makefile.org Tue Sep 9 21:37:22 2003 -@@ -169,7 +169,7 @@ +--- Makefile.org.orig Thu Jul 3 23:43:50 2003 ++++ Makefile.org +@@ -169,7 +169,7 @@ SDIRS= \ MAKEFILE= Makefile.ssl MAKE= make -f Makefile.ssl @@ -11,7 +11,7 @@ $NetBSD: patch-af,v 1.8 2003/09/10 01:57:07 jlam Exp $ MAN1=1 MAN3=3 SHELL=/bin/sh -@@ -262,8 +262,7 @@ +@@ -262,8 +262,7 @@ do_gnu-shared: libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \ ( set -x; ${CC} ${SHARED_LDFLAGS} \ -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \ @@ -21,7 +21,7 @@ $NetBSD: patch-af,v 1.8 2003/09/10 01:57:07 jlam Exp $ -Wl,--whole-archive lib$$i.a \ -Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \ libs="$$libs -l$$i"; \ -@@ -632,10 +631,10 @@ +@@ -640,10 +639,10 @@ install: all install_docs @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ -- cgit v1.2.3