head 1.28; access; symbols pkgsrc-2014Q1:1.27.0.2 pkgsrc-2014Q1-base:1.27 pkgsrc-2013Q4:1.26.0.4 pkgsrc-2013Q4-base:1.26 pkgsrc-2013Q3:1.26.0.2 pkgsrc-2013Q3-base:1.26 pkgsrc-2013Q2:1.25.0.10 pkgsrc-2013Q2-base:1.25 pkgsrc-2013Q1:1.25.0.8 pkgsrc-2013Q1-base:1.25 pkgsrc-2012Q4:1.25.0.6 pkgsrc-2012Q4-base:1.25 pkgsrc-2012Q3:1.25.0.4 pkgsrc-2012Q3-base:1.25 pkgsrc-2012Q2:1.25.0.2 pkgsrc-2012Q2-base:1.25 pkgsrc-2012Q1:1.24.0.14 pkgsrc-2012Q1-base:1.24 pkgsrc-2011Q4:1.24.0.12 pkgsrc-2011Q4-base:1.24 pkgsrc-2011Q3:1.24.0.10 pkgsrc-2011Q3-base:1.24 pkgsrc-2011Q2:1.24.0.8 pkgsrc-2011Q2-base:1.24 pkgsrc-2011Q1:1.24.0.6 pkgsrc-2011Q1-base:1.24 pkgsrc-2010Q4:1.24.0.4 pkgsrc-2010Q4-base:1.24 pkgsrc-2010Q3:1.24.0.2 pkgsrc-2010Q3-base:1.24 pkgsrc-2010Q2:1.23.0.4 pkgsrc-2010Q2-base:1.23 pkgsrc-2010Q1:1.23.0.2 pkgsrc-2010Q1-base:1.23 pkgsrc-2009Q4:1.22.0.2 pkgsrc-2009Q4-base:1.22 pkgsrc-2009Q3:1.20.0.18 pkgsrc-2009Q3-base:1.20 pkgsrc-2009Q2:1.20.0.16 pkgsrc-2009Q2-base:1.20 pkgsrc-2009Q1:1.20.0.14 pkgsrc-2009Q1-base:1.20 pkgsrc-2008Q4:1.20.0.12 pkgsrc-2008Q4-base:1.20 pkgsrc-2008Q3:1.20.0.10 pkgsrc-2008Q3-base:1.20 cube-native-xorg:1.20.0.8 cube-native-xorg-base:1.20 pkgsrc-2008Q2:1.20.0.6 pkgsrc-2008Q2-base:1.20 cwrapper:1.20.0.4 pkgsrc-2008Q1:1.20.0.2 pkgsrc-2008Q1-base:1.20 pkgsrc-2007Q4:1.19.0.14 pkgsrc-2007Q4-base:1.19 pkgsrc-2007Q3:1.19.0.12 pkgsrc-2007Q3-base:1.19 pkgsrc-2007Q2:1.19.0.10 pkgsrc-2007Q2-base:1.19 pkgsrc-2007Q1:1.19.0.8 pkgsrc-2007Q1-base:1.19 pkgsrc-2006Q4:1.19.0.6 pkgsrc-2006Q4-base:1.19 pkgsrc-2006Q3:1.19.0.4 pkgsrc-2006Q3-base:1.19 pkgsrc-2006Q2:1.19.0.2 pkgsrc-2006Q2-base:1.19 pkgsrc-2006Q1:1.18.0.4 pkgsrc-2006Q1-base:1.18 pkgsrc-2005Q4:1.18.0.2 pkgsrc-2005Q4-base:1.18 pkgsrc-2005Q3:1.17.0.6 pkgsrc-2005Q3-base:1.17 pkgsrc-2005Q2:1.17.0.4 pkgsrc-2005Q2-base:1.17 pkgsrc-2005Q1:1.17.0.2 pkgsrc-2005Q1-base:1.17 pkgsrc-2004Q4:1.14.0.6 pkgsrc-2004Q4-base:1.14 pkgsrc-2004Q3:1.14.0.4 pkgsrc-2004Q3-base:1.14 pkgsrc-2004Q2:1.14.0.2 pkgsrc-2004Q2-base:1.14 pkgsrc-2004Q1:1.13.0.2 pkgsrc-2004Q1-base:1.13 pkgsrc-2003Q4:1.11.0.4 pkgsrc-2003Q4-base:1.11 netbsd-1-6-1:1.11.0.2 netbsd-1-6-1-base:1.11 netbsd-1-6:1.10.0.4 netbsd-1-6-RELEASE-base:1.10 pkgviews:1.7.0.4 pkgviews-base:1.7 buildlink2:1.7.0.2 buildlink2-base:1.10 netbsd-1-5-PATCH003:1.7 netbsd-1-5-PATCH001:1.7 netbsd-1-4-PATCH002:1.2 comdex-fall-1999:1.1.1.1 netbsd-1-4-PATCH001:1.1.1.1 netbsd-1-4-RELEASE:1.1.1.1 pkgsrc-base:1.1.1.1 TNF:1.1.1; locks; strict; comment @# @; 1.28 date 2014.04.02.12.11.35; author he; state dead; branches; next 1.27; commitid g3YIpigZLUt5x6vx; 1.27 date 2014.01.14.21.51.00; author bsiegert; state Exp; branches 1.27.2.1; next 1.26; commitid JPwtqatHe28of8lx; 1.26 date 2013.07.26.11.27.02; author ryoon; state Exp; branches; next 1.25; commitid W9LJ4bjeP0nCkYYw; 1.25 date 2012.05.22.06.00.11; author joerg; state Exp; branches; next 1.24; 1.24 date 2010.08.18.11.20.56; author wiz; state Exp; branches; next 1.23; 1.23 date 2010.02.26.03.15.13; author taca; state Exp; branches; next 1.22; 1.22 date 2010.01.15.04.55.30; author taca; state Exp; branches 1.22.2.1; next 1.21; 1.21 date 2009.12.25.11.58.06; author obache; state Exp; branches; next 1.20; 1.20 date 2008.01.17.06.42.48; author tnn; state Exp; branches; next 1.19; 1.19 date 2006.06.12.22.46.51; author joerg; state Exp; branches; next 1.18; 1.18 date 2005.10.11.17.19.21; author jlam; state Exp; branches; next 1.17; 1.17 date 2004.12.25.22.11.26; author jlam; state Exp; branches 1.17.6.1; next 1.16; 1.16 date 2004.12.25.19.09.09; author jlam; state Exp; branches; next 1.15; 1.15 date 2004.12.24.22.02.38; author jlam; state Exp; branches; next 1.14; 1.14 date 2004.04.25.20.36.11; author tv; state Exp; branches; next 1.13; 1.13 date 2004.03.26.02.22.38; author wiz; state Exp; branches; next 1.12; 1.12 date 2004.02.17.14.26.47; author jlam; state Exp; branches; next 1.11; 1.11 date 2002.08.25.19.23.18; author jlam; state Exp; branches; next 1.10; 1.10 date 2002.08.10.04.50.32; author fredb; state Exp; branches; next 1.9; 1.9 date 2002.08.04.15.47.46; author fredb; state Exp; branches; next 1.8; 1.8 date 2002.07.28.05.36.30; author schmonz; state Exp; branches; next 1.7; 1.7 date 2001.05.11.22.14.10; author tron; state Exp; branches 1.7.2.1; next 1.6; 1.6 date 2001.04.09.04.29.23; author fredb; state Exp; branches; next 1.5; 1.5 date 2001.01.17.10.09.51; author wiz; state Exp; branches; next 1.4; 1.4 date 2001.01.14.01.51.12; author tron; state Exp; branches; next 1.3; 1.3 date 2000.05.10.12.28.39; author veego; state dead; branches; next 1.2; 1.2 date 99.11.25.18.51.47; author erh; state Exp; branches; next 1.1; 1.1 date 99.04.30.15.19.13; author tv; state Exp; branches 1.1.1.1; next ; 1.27.2.1 date 2014.04.08.10.09.26; author tron; state dead; branches; next ; commitid znq8PwHLRSRRFRvx; 1.22.2.1 date 2010.03.27.14.44.42; author tron; state Exp; branches; next ; 1.17.6.1 date 2005.10.13.13.21.08; author salo; state Exp; branches; next ; 1.7.2.1 date 2002.08.22.11.12.26; author jlam; state Exp; branches; next ; 1.1.1.1 date 99.04.30.15.19.13; author tv; state Exp; branches; next ; desc @@ 1.28 log @Rename all remaining patch-?? files using the newer naming convention. Add a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. Fix from culled from http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29 Bump PKGREVISION. @ text @$NetBSD: patch-aa,v 1.27 2014/01/14 21:51:00 bsiegert Exp $ --- config.orig Mon Feb 11 15:25:39 2013 +++ config @@@@ -49,6 +49,7 @@@@ done # First get uname entries that we use below [ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown" +[ "$MACHINE_ARCH" ] || MACHINE_ARCH=`(uname -p) 2>/dev/null` || MACHINE_ARCH="unknown" [ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown" [ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown" [ "$BUILD" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown" @@@@ -162,6 +163,10 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ echo "mips4-sgi-irix64"; exit 0 ;; + Interix:*) + echo "i386-pc-interix"; exit 0 + ;; + Linux:[2-9].*) echo "${MACHINE}-whatever-linux2"; exit 0 ;; @@@@ -170,6 +175,10 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ echo "${MACHINE}-whatever-linux1"; exit 0 ;; + GNU/kFreeBSD:*) + echo "${MACHINE}-whatever-gnukfreebsd"; exit 0 + ;; + GNU*) echo "hurd-x86"; exit 0; ;; @@@@ -218,15 +227,15 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ echo "${MACHINE}-whatever-freebsd"; exit 0 ;; - NetBSD:*:*:*386*) - echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0 + DragonFly:*) + echo "${MACHINE}-whatever-dragonfly"; exit 0 ;; NetBSD:*) - echo "${MACHINE}-whatever-netbsd"; exit 0 + echo "${MACHINE_ARCH}-whatever-netbsd"; exit 0 ;; - OpenBSD:*) + OpenBSD:*|MirBSD:*) echo "${MACHINE}-whatever-openbsd"; exit 0 ;; @@@@ -728,6 +737,11 @@@@ case "$GUESSOS" in ;; *-*-sunos4) OUT="sunos-$CC" ;; + alpha-*-netbsd|arm-*-netbsd|arm32-*-netbsd|m68000-*-netbsd|m68k-*-netbsd|\ + mipseb-*-netbsd|mipsel-*-netbsd|ns32k-*-netbsd|powerpc-*-netbsd|\ + sparc-*-netbsd|sparc64-*-netbsd|vax-*-netbsd|x86_64-*-netbsd) + OUT="NetBSD-${MACHINE_ARCH}" ;; + *86*-*-bsdi4) OUT="BSD-x86-elf"; options="$options no-sse2 -ldl" ;; alpha*-*-*bsd*) OUT="BSD-generic64"; options="$options -DL_ENDIAN" ;; powerpc64-*-*bsd*) OUT="BSD-generic64"; options="$options -DB_ENDIAN" ;; @@@@ -734,6 +748,8 @@@@ case "$GUESSOS" in sparc64-*-*bsd*) OUT="BSD-sparc64" ;; ia64-*-*bsd*) OUT="BSD-ia64" ;; amd64-*-*bsd*) OUT="BSD-x86_64" ;; + i386-*-dragonfly*|x86_64-*-dragonfly*) OUT="DragonFly-${MACHINE_ARCH}";; + i386-*-gnukfreebsd*|x86_64-*-gnukfreebsd*) OUT="GNU/kFreeBSD-${MACHINE}";; *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc... if [ -L /usr/lib/libc.so ]; then # [Free|Net]BSD libc=/usr/lib/libc.so @@@@ -746,6 +762,8 @@@@ case "$GUESSOS" in *) OUT="BSD-x86"; options="$options no-sse2" ;; esac ;; *-*-*bsd*) OUT="BSD-generic32" ;; + + *-*-interix) OUT="Interix" ;; *-*-osf) OUT="osf1-alpha-cc" ;; *-*-tru64) OUT="tru64-alpha-cc" ;; @ 1.27 log @Add support for MirBSD to OpenSSL. @ text @d1 1 a1 1 $NetBSD$ @ 1.27.2.1 log @Pullup ticket #4359 - requested by obache security/openssl: security update Revisions pulled up: - security/openssl/Makefile 1.186-1.188 - security/openssl/distinfo 1.103-1.104 - security/openssl/patches/patch-Configure 1.1 - security/openssl/patches/patch-Makefile.org 1.1 - security/openssl/patches/patch-Makefile.shared 1.1 - security/openssl/patches/patch-aa deleted - security/openssl/patches/patch-ac deleted - security/openssl/patches/patch-ad deleted - security/openssl/patches/patch-ae deleted - security/openssl/patches/patch-af deleted - security/openssl/patches/patch-ag deleted - security/openssl/patches/patch-ak deleted - security/openssl/patches/patch-apps_Makefile 1.1 - security/openssl/patches/patch-config 1.1 - security/openssl/patches/patch-crypto_bn_bn__prime.pl 1.1 - security/openssl/patches/patch-tools_Makefile 1.1 --- Module Name: pkgsrc Committed By: he Date: Wed Apr 2 12:11:35 UTC 2014 Modified Files: pkgsrc/security/openssl: Makefile distinfo Added Files: pkgsrc/security/openssl/patches: patch-Configure patch-Makefile.org patch-Makefile.shared patch-apps_Makefile patch-config patch-crypto_bn_bn.h patch-crypto_bn_bn__lib.c patch-crypto_bn_bn__prime.pl patch-crypto_ec_ec2__mult.c patch-tools_Makefile Removed Files: pkgsrc/security/openssl/patches: patch-aa patch-ac patch-ad patch-ae patch-af patch-ag patch-ak Log Message: Rename all remaining patch-?? files using the newer naming convention. Add a fix for CVE-2014-0076: Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix. Fix from culled from http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f 91e57d247d0fc667aef29 Bump PKGREVISION. --- Module Name: pkgsrc Committed By: obache Date: Tue Apr 8 02:48:38 UTC 2014 Modified Files: pkgsrc/security/openssl: Makefile Log Message: p5-Perl4-CoreLibs is not required for perl<5.16 --- Module Name: pkgsrc Committed By: obache Date: Tue Apr 8 06:20:44 UTC 2014 Modified Files: pkgsrc/security/openssl: Makefile distinfo Removed Files: pkgsrc/security/openssl/patches: patch-crypto_bn_bn.h patch-crypto_bn_bn__lib.c patch-crypto_ec_ec2__mult.c Log Message: Update openssl to 1.0.1g. (CVE-2014-0076 is already fixed in pkgsrc). OpenSSL CHANGES _______________ Changes between 1.0.1f and 1.0.1g [7 Apr 2014] *) A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server. Thanks for Neel Mehta of Google Security for discovering this bug and to Adam Langley and Bodo Moeller for preparing the fix (CVE-2014-0160) [Adam Langley, Bodo Moeller] *) Fix for the attack described in the paper "Recovering OpenSSL ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack" by Yuval Yarom and Naomi Benger. Details can be obtained from: http://eprint.iacr.org/2014/140 Thanks to Yuval Yarom and Naomi Benger for discovering this flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076) [Yuval Yarom and Naomi Benger] *) TLS pad extension: draft-agl-tls-padding-03 Workaround for the "TLS hang bug" (see FAQ and opensslPR#2771): if the TLS client Hello record length value would otherwise be > 255 and less that 512 pad with a dummy extension containing zeroes so it is at least 512 bytes long. [Adam Langley, Steve Henson] @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.27 2014/01/14 21:51:00 bsiegert Exp $ @ 1.26 log @Bump PKGREVISION. * For DragonFly, use its own condition. * Add Debian GNU/kFreeBSD support. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.25 2012/05/22 06:00:11 joerg Exp $ d3 1 a3 1 --- config.orig 2013-02-11 15:26:04.000000000 +0000 d35 1 a35 1 @@@@ -218,12 +227,12 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ d50 6 a55 2 OpenBSD:*) @@@@ -728,12 +737,19 @@@@ case "$GUESSOS" in d67 1 d76 2 a77 1 @@@@ -747,6 +763,8 @@@@ case "$GUESSOS" in d80 2 a82 2 + *-*-interix) OUT="Interix" ;; + a84 1 *-*-[Uu]nix[Ww]are7) @ 1.25 log @Fix build on NetBSD/amd64, if the kernel was built on a host with 386 in its name. @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- config.orig 2011-07-15 19:59:31.000000000 +0000 d13 1 a13 1 @@@@ -154,6 +155,10 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ d24 12 a35 1 @@@@ -210,12 +215,12 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ d51 1 a51 1 @@@@ -661,13 +666,18 @@@@ case "$GUESSOS" in d65 4 a68 4 - amd64-*-*bsd*) OUT="BSD-x86_64" ;; - *86*-*-*bsd*) # mimic ld behaviour when it's looking for libc... + amd64-*-*bsd*|x86_64-*-dragonfly*) OUT="BSD-x86_64" ;; + *86*-*-*bsd*|*-dragonfly*) # mimic ld behaviour when it's looking for libc... d71 1 a71 2 else # OpenBSD @@@@ -680,6 +690,8 @@@@ case "$GUESSOS" in @ 1.24 log @Recognize 64 bit DragonFly systems correctly. From Damian Lubosch in PR 43774. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.23 2010/02/26 03:15:13 taca Exp $ d3 1 a3 1 --- config.orig 2010-03-09 17:08:24.000000000 +0000 d24 1 a24 1 @@@@ -210,12 +215,16 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ d28 2 a31 4 + ;; + NetBSD:*:*:*386*) echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0 d40 1 a40 1 @@@@ -661,13 +670,18 @@@@ case "$GUESSOS" in d61 1 a61 1 @@@@ -680,6 +694,8 @@@@ case "$GUESSOS" in @ 1.23 log @Update openssl to 0.9.8m. The OpenSSL project team is pleased to announce the release of version 0.9.8m of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release which implements RFC5746 to address renegotiation vulnerabilities mentioned in CVE-2009-3555. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.22 2010/01/15 04:55:30 taca Exp $ d3 1 a3 1 --- config.orig 2009-10-15 12:58:00.000000000 +0000 d56 1 a56 1 amd64-*-*bsd*) OUT="BSD-x86_64" ;; d58 1 @ 1.22 log @Update openssl package to 0.9.8l, fixing security problem. Approved by agc@@. Changes between 0.9.8k and 0.9.8l [5 Nov 2009] *) Disable renegotiation completely - this fixes a severe security problem (CVE-2009-3555) at the cost of breaking all renegotiation. Renegotiation can be re-enabled by setting SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at run-time. This is really not recommended unless you know what you're doing. [Ben Laurie] @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.21 2009/12/25 11:58:06 obache Exp $ d3 1 a3 1 --- config.orig 2009-02-16 08:43:41.000000000 +0000 d8 5 a12 5 MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown" +MACHINE_ARCH=`(uname -p) 2>/dev/null` || MACHINE_ARCH="unknown" RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown" SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown" VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown" @ 1.22.2.1 log @Pullup ticket #3065 - requested by taca openssl: security update Revisions pulled up: - security/openssl/Makefile 1.144-1.1.146 - security/openssl/PLIST.common 1.17 - security/openssl/distinfo 1.72-1.73 - security/openssl/patches/patch-aa 1.23 - security/openssl/patches/patch-ac 1.38 - security/openssl/patches/patch-af 1.24 - security/openssl/patches/patch-ax delete - security/openssl/patches/patch-ay delete - security/openssl/patches/patch-az delete - security/openssl/patches/patch-ba delete - security/openssl/patches/patch-bb delete - security/openssl/patches/patch-bc 1.1 --- Module Name: pkgsrc Committed By: taca Date: Fri Feb 26 03:15:14 UTC 2010 Modified Files: pkgsrc/security/openssl: Makefile distinfo pkgsrc/security/openssl/patches: patch-aa patch-ac patch-af Removed Files: pkgsrc/security/openssl/patches: patch-ax patch-ay patch-az patch-ba patch-bb Log Message: Update openssl to 0.9.8m. The OpenSSL project team is pleased to announce the release of version 0.9.8m of our open source toolkit for SSL/TLS. This new OpenSSL version is a security and bugfix release which implements RFC5746 to address renegotiation vulnerabilities mentioned in CVE-2009-3555. For a complete list of changes, please see http://www.openssl.org/source/exp/CHANGES. --- Module Name: pkgsrc Committed By: taca Date: Mon Mar 1 08:15:40 UTC 2010 Modified Files: pkgsrc/security/openssl: Makefile PLIST.common Log Message: Fix broken PLIST. (I wonder why "make print-PLIST" generated wrong result before...") Bump PKGREVISION. --- Module Name: pkgsrc Committed By: taca Date: Fri Mar 26 00:20:49 UTC 2010 Modified Files: pkgsrc/security/openssl: Makefile distinfo Added Files: pkgsrc/security/openssl/patches: patch-bc Log Message: Add a patch for Fix for CVE-2010-0740, DoS problem. http://www.openssl.org/news/secadv_20100324.txt Bump PKGREVISION. @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- config.orig 2009-10-15 12:58:00.000000000 +0000 d8 5 a12 5 [ "$MACHINE" ] || MACHINE=`(uname -m) 2>/dev/null` || MACHINE="unknown" +[ "$MACHINE_ARCH" ] || MACHINE_ARCH=`(uname -p) 2>/dev/null` || MACHINE_ARCH="unknown" [ "$RELEASE" ] || RELEASE=`(uname -r) 2>/dev/null` || RELEASE="unknown" [ "$SYSTEM" ] || SYSTEM=`(uname -s) 2>/dev/null` || SYSTEM="unknown" [ "$BUILD" ] || VERSION=`(uname -v) 2>/dev/null` || VERSION="unknown" @ 1.21 log @Fixes and improvement for Interix * Not only interix-3, but also treat all interix release, allow to build on SUA. * Gave up randomized image base, use 0x5e000000, as in mk/platform/Interix.mk. It is workaround of PR 42369. * Use -D_REENTRANT flags for threads. * replace -Wl,soname= linker flags with -Wl,h, for Interix @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.20 2008/01/17 06:42:48 tnn Exp $ d3 2 a4 2 --- config.orig 2007-08-01 13:21:35.000000000 +0200 +++ config 2007-10-21 13:18:53.000000000 +0200 d42 1 a42 1 @@@@ -655,13 +664,18 @@@@ case "$GUESSOS" in d62 1 a62 1 @@@@ -674,6 +688,8 @@@@ case "$GUESSOS" in @ 1.20 log @Update to openssl-0.9.8g. Provided by Jukka Salmi in pkgsrc-wip. pkgsrc notes: o Tested on NetBSD/i386 (Jukka Salmi), Mac OSX 10.5 (Adrian Portelli), Linux (Jeremy C. Reed), Tru64 5.1b (tnn), HP-UX 11i (tnn). Because the Makefile system has been rewamped, other platforms may require fixes. Please test if you can. o OpenSSL can now be built with installation to DESTDIR. Overview of important changes since 0.9.7i: o Add gcc 4.2 support. o DTLS improvements. o RFC4507bis support. o TLS Extensions support. o RFC3779 support. o New cipher Camellia o Updated ECC cipher suite support. o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free(). o Zlib compression usage fixes. o Major work on the BIGNUM library for higher efficiency and to make operations more streamlined and less contradictory. This is the result of a major audit of the BIGNUM library. o Addition of BIGNUM functions for fields GF(2^m) and NIST curves, to support the Elliptic Crypto functions. o Major work on Elliptic Crypto; ECDH and ECDSA added, including the use through EVP, X509 and ENGINE. o New ASN.1 mini-compiler that's usable through the OpenSSL configuration file. o Added support for ASN.1 indefinite length constructed encoding. o New PKCS#12 'medium level' API to manipulate PKCS#12 files. o Complete rework of shared library construction and linking programs with shared or static libraries, through a separate Makefile.shared. o Rework of the passing of parameters from one Makefile to another. o Changed ENGINE framework to load dynamic engine modules automatically from specifically given directories. o New structure and ASN.1 functions for CertificatePair. o Changed the key-generation and primality testing "progress" mechanism to take a structure that contains the ticker function and an argument. o New engine module: GMP (performs private key exponentiation). o New engine module: VIA PadLOck ACE extension in VIA C3 Nehemiah processors. o Added support for IPv6 addresses in certificate extensions. See RFC 1884, section 2.2. o Added support for certificate policy mappings, policy constraints and name constraints. o Added support for multi-valued AVAs in the OpenSSL configuration file. o Added support for multiple certificates with the same subject in the 'openssl ca' index file. o Make it possible to create self-signed certificates using 'openssl ca -selfsign'. o Make it possible to generate a serial number file with 'openssl ca -create_serial'. o New binary search functions with extended functionality. o New BUF functions. o New STORE structure and library to provide an interface to all sorts of data repositories. Supports storage of public and private keys, certificates, CRLs, numbers and arbitrary blobs. This library is unfortunately unfinished and unused withing OpenSSL. o New control functions for the error stack. o Changed the PKCS#7 library to support one-pass S/MIME processing. o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512). o New X509_VERIFY_PARAM structure to support parametrisation of X.509 path validation. o Change the default digest in 'openssl' commands from MD5 to SHA-1. o Added support for DTLS. o New BIGNUM blinding. o Added support for the RSA-PSS encryption scheme o Added support for the RSA X.931 padding. o Added support for files larger than 2GB. o Added alternate pkg-config files. @ text @d1 1 a1 1 $NetBSD$ d17 2 a18 2 + Interix:3.*) + echo "i386-pc-interix3"; exit 0 d66 1 a66 1 + *-*-interix3) OUT="Interix3" ;; @ 1.19 log @Add DragonFly support. @ text @d3 2 a4 2 --- config.orig 2005-04-07 20:26:10.000000000 +0000 +++ config d13 1 a13 1 @@@@ -155,6 +156,10 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ d24 1 a24 2 @@@@ -210,13 +215,16 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ FreeBSD:*) d27 1 d31 1 a31 1 d42 4 a45 17 @@@@ -670,10 +678,23 @@@@ EOF sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;; ia64-*-freebsd*) OUT="FreeBSD-ia64" ;; *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; + *-dragonfly*) OUT="FreeBSD-elf" ;; *-freebsd[1-2]*) OUT="FreeBSD" ;; - *86*-*-netbsd) OUT="NetBSD-x86" ;; - sun3*-*-netbsd) OUT="NetBSD-m68" ;; - *-*-netbsd) OUT="NetBSD-sparc" ;; + x86_64-*-netbsd) OUT="NetBSD-${MACHINE_ARCH}" ;; + *86*-*-netbsd) + if echo __ELF__ | $CC -E - | grep __ELF__ >/dev/null; then + OUT="NetBSD-x86-aout" + else + OUT="NetBSD-x86-elf" + fi + ;; d48 23 a70 8 + sparc-*-netbsd|sparc64-*-netbsd|vax-*-netbsd) + OUT="NetBSD-${MACHINE_ARCH}" + ;; + *-*-netbsd) OUT="NetBSD" ;; + *-*-interix3) OUT="Interix3" ;; alpha*-*-openbsd) OUT="OpenBSD-alpha" ;; *86*-*-openbsd) OUT="OpenBSD-i386" ;; m68k*-*-openbsd) OUT="OpenBSD-m68k" ;; @ 1.18 log @Update security/openssl to version 0.9.7h. This is a security vulnerability triggered update due to CAN-2005-2969. Changes from version 0.9.7f include: o Fix SSL 2.0 Rollback, CAN-2005-2969 o Allow use of fixed-length exponent on DSA signing o Default fixed-window RSA, DSA, DH private-key operations o More compilation issues fixed. o Adaptation to more modern Kerberos API. o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin. o Enhanced x86_64 assembler BIGNUM module. o More constification. o Added processing of proxy certificates (RFC 3820). @ text @d3 1 a3 1 --- config.orig 2005-04-07 16:26:10.000000000 -0400 d24 10 a33 1 @@@@ -216,7 +221,7 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ d42 2 a43 1 @@@@ -671,9 +676,21 @@@@ EOF d46 1 @ 1.17 log @Alter patches to make them more likely to be accepted back by the OpenSSL project. Also use the sparcv9 MD5 assembly routines on NetBSD/sparc64. @ text @d3 1 a3 1 --- config.orig 2004-06-28 18:01:05.000000000 -0400 d33 1 a33 1 @@@@ -654,9 +659,21 @@@@ EOF @ 1.17.6.1 log @Pullup tickets 822 and 825 - requested by Johnny C. Lam security update for openssl Revisions pulled up: - pkgsrc/security/openssl/Makefile 1.107 - pkgsrc/security/openssl/PLIST.common 1.11 - pkgsrc/security/openssl/builtin.mk 1.16, 1.17 - pkgsrc/security/openssl/distinfo 1.46 - pkgsrc/security/openssl/patches/patch-aa 1.18 - pkgsrc/security/openssl/patches/patch-ac 1.28 - pkgsrc/security/openssl/patches/patch-ad 1.15 - pkgsrc/security/openssl/patches/patch-af 1.17 Module Name: pkgsrc Committed By: jlam Date: Tue Oct 11 17:19:21 UTC 2005 Modified Files: pkgsrc/security/openssl: Makefile PLIST.common distinfo pkgsrc/security/openssl/patches: patch-aa patch-ac patch-ad patch-af Log Message: Update security/openssl to version 0.9.7h. This is a security vulnerability triggered update due to CAN-2005-2969. Changes from version 0.9.7f include: o Fix SSL 2.0 Rollback, CAN-2005-2969 o Allow use of fixed-length exponent on DSA signing o Default fixed-window RSA, DSA, DH private-key operations o More compilation issues fixed. o Adaptation to more modern Kerberos API. o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin. o Enhanced x86_64 assembler BIGNUM module. o More constification. o Added processing of proxy certificates (RFC 3820). --- Module Name: pkgsrc Committed By: jlam Date: Wed Oct 12 02:00:03 UTC 2005 Modified Files: pkgsrc/security/openssl: builtin.mk Log Message: Remove leading "-" from version number when matching the openssl-0.9.6g from the netbsd-1-6 branch with the 20040401 fix. --- Module Name: pkgsrc Committed By: jlam Date: Wed Oct 12 02:20:10 UTC 2005 Modified Files: pkgsrc/security/openssl: builtin.mk Log Message: If the native openssl-0.9.7d contains the security fixes pulled up to the netbsd-2-0, netbsd-2, and netbsd-3-0 branches on 2005-10-11, then for the purposes of satisfying dependencies, pretend it's openssl-0.9.7h. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.18 2005/10/11 17:19:21 jlam Exp $ d3 1 a3 1 --- config.orig 2005-04-07 16:26:10.000000000 -0400 d33 1 a33 1 @@@@ -671,9 +676,21 @@@@ EOF @ 1.16 log @Use the correct assembly routines on NetBSD/i386 depending on whether it's a.out or ELF. @ text @d3 1 a3 1 --- config.orig Mon Jun 28 18:01:05 2004 d5 9 a13 1 @@@@ -155,6 +155,10 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ d24 10 a33 1 @@@@ -654,9 +658,16 @@@@ EOF d40 1 d48 6 a53 2 + sun3*-*-netbsd) OUT="NetBSD-m68k" ;; + *-*-netbsd) OUT="NetBSD-${MACHINE_ARCH}" ;; @ 1.15 log @Update security/openssl to 0.9.7e. Changes from openssl-0.9.6m are too numerous to be listed here, but include adding a new DES API (support for the old one is still present). Changes to the pkgsrc structure include: * Install the shared libraries with a version number that matches the OpenSSL version number * Move some of the less often-used c_* utilities back into the examples directory. * Drop support for using the RSAREF library and always use the built-in RSA code instead. @ text @d3 1 a3 1 --- config.orig 2004-06-28 18:01:05.000000000 -0400 d16 2 a17 1 @@@@ -655,8 +659,9 @@@@ EOF d20 1 a20 1 *86*-*-netbsd) OUT="NetBSD-x86" ;; d23 7 @ 1.14 log @Make compile on Interix. No-op change for other platforms, so no PKGREVISION bump. (Main MI change: -soname -> -h, as some GNU ld(1) wants --soname instead of -soname, but -h works on all GNU ld(1) versions.) @ text @d3 1 a3 1 --- config.orig Thu Nov 14 11:30:29 2002 d5 1 a5 1 @@@@ -139,6 +139,10 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ d16 1 a16 1 @@@@ -588,8 +592,9 @@@@ EOF a24 1 *86*-*-openbsd) OUT="OpenBSD-x86" ;; d26 2 a27 1 pmax*-*-openbsd) OUT="OpenBSD-mips" ;; @ 1.13 log @Update to 0.9.6m: Changes between 0.9.6l and 0.9.6m [17 Mar 2004] *) Fix null-pointer assignment in do_change_cipher_spec() revealed by using the Codenomicon TLS Test Tool (CAN-2004-0079) [Joe Orton, Steve Henson] @ text @d3 1 a3 1 --- config.orig Thu Nov 14 17:30:29 2002 d5 12 a16 1 @@@@ -588,8 +588,8 @@@@ EOF d24 1 @ 1.12 log @Don't use sysctl to determine the machine arch when ${MACHINE_ARCH} already has the correct value. Fixes build on NetBSD-1.5.3/sparc, which doesn't understand "sysctl hw.machine_arch", reported in PR 24448. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.11 2002/08/25 19:23:18 jlam Exp $ d3 1 a3 1 --- config.orig Sun Jun 16 05:32:14 2002 d5 1 a5 1 @@@@ -577,8 +577,8 @@@@ @ 1.11 log @Merge changes in packages from the buildlink2 branch that have buildlink2.mk files back into the main trunk. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.7.2.1 2002/08/22 11:12:26 jlam Exp $ d12 1 a12 1 + *-*-netbsd) OUT="NetBSD-`sysctl -n hw.machine_arch`" ;; @ 1.10 log @Update to 0.9.6g. The most significant change is this proof against a stunning DoS vulnerability, fixed in 0.9.6f: *) Use proper error handling instead of 'assertions' in buffer overflow checks added in 0.9.6e. This prevents DoS (the assertions could call abort()). [Arne Ansper , Bodo Moeller] Regenerate the netbsd patch. This is now a clean diff against the vendor tag, with version-number-only changes elided. Partially revert "crypto/dist/openssl/crypto/rand/randfile.c", version 1.4 (via additional pkgsrc patch), to give this a shot to compile on NetBSD-1.4.2 and earlier, which had no strlcpy() or strlcat(). Assemble the shared library without "-Bsymbolic", mainly to give this a shot at linking on NetBSD-a.out (untested). @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.9 2002/08/04 15:47:46 fredb Exp $ @ 1.9 log @Update openssl to 0.9.6e. This update fixes multiple vulnerabilities, and also changes the ABI of "libcrypto" and "libssl". (So the shared library majors and buildlink requirements are bumped, too.) The code base is now synced perfectly with NetBSD HEAD and netbsd-1-6 branches as of 2002-08-04, the optimization levels are reduced to "-O2", but I've retained some of the processor optimization flags and different code path #defines in the "Configure" script, just to keep things interesting. The default "certs" directory on NetBSD is now "/etc/openssl/certs", to give continuity to those who find themselves using the package system's "openssl" after upgrading a package that formerly used the base system's. [Suggested by itojun.] The best way to avoid such problems, however, is to upgrade your base system *first*. I'm making use of the new and improved build system as much as possible. This gives us a cleaner way to make shared libraries and real man pages, but loses many of the symlinks to the openssl binary. I've culled items from the "CHANGES" file that appear to have security implications or are particularly interesting for NetBSD users, below. My comments are marked off with '===>'. ===> This is from the netbsd-20020804-patch *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX and get fix the header length calculation. [Florian Weimer , Alon Kantor (and others), Steve Henson] Changes between 0.9.6d and 0.9.6e [30 Jul 2002] *) New option SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure that was added in OpenSSL 0.9.6d. As the countermeasure turned out to be incompatible with some broken SSL implementations, the new option is part of SSL_OP_ALL. SSL_OP_ALL is usually employed when compatibility with weird SSL implementations is desired (e.g. '-bugs' option to 's_client' and 's_server'), so the new option is automatically set in many applications. [Bodo Moeller] *) Changes in security patch: Changes marked "(CHATS)" were sponsored by the Defense Advanced Research Projects Agency (DARPA) and Air Force Research Laboratory, Air Force Materiel Command, USAF, under agreement number F30602-01-2-0537. *) Add various sanity checks to asn1_get_length() to reject the ASN1 length bytes if they exceed sizeof(long), will appear negative or the content length exceeds the length of the supplied buffer. [Steve Henson, Adi Stav , James Yonan ] *) Assertions for various potential buffer overflows, not known to happen in practice. [Ben Laurie (CHATS)] *) Various temporary buffers to hold ASCII versions of integers were too small for 64 bit platforms. (CAN-2002-0655) [Matthew Byng-Maddick and Ben Laurie (CHATS)> *) Remote buffer overflow in SSL3 protocol - an attacker could supply an oversized session ID to a client. (CAN-2002-0656) [Ben Laurie (CHATS)] *) Remote buffer overflow in SSL2 protocol - an attacker could supply an oversized client master key. (CAN-2002-0656) [Ben Laurie (CHATS)] Changes between 0.9.6c and 0.9.6d [9 May 2002] *) Implement a countermeasure against a vulnerability recently found in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment before application data chunks to avoid the use of known IVs with data potentially chosen by the attacker. [Bodo Moeller] Changes between 0.9.6a and 0.9.6b [9 Jul 2001] *) Change ssleay_rand_bytes (crypto/rand/md_rand.c) to avoid a SSLeay/OpenSSL PRNG weakness pointed out by Markku-Juhani O. Saarinen : PRNG state recovery was possible based on the output of one PRNG request appropriately sized to gain knowledge on 'md' followed by enough consecutive 1-byte PRNG requests to traverse all of 'state'. 1. When updating 'md_local' (the current thread's copy of 'md') during PRNG output generation, hash all of the previous 'md_local' value, not just the half used for PRNG output. 2. Make the number of bytes from 'state' included into the hash independent from the number of PRNG bytes requested. The first measure alone would be sufficient to avoid Markku-Juhani's attack. (Actually it had never occurred to me that the half of 'md_local' used for chaining was the half from which PRNG output bytes were taken -- I had always assumed that the secret half would be used.) The second measure makes sure that additional data from 'state' is never mixed into 'md_local' in small portions; this heuristically further strengthens the PRNG. [Bodo Moeller] *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5 RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5 when fixing the server behaviour for backwards-compatible 'client hello' messages. (Note that the attack is impractical against SSL 3.0 and TLS 1.0 anyway because length and version checking means that the probability of guessing a valid ciphertext is around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98 paper.) Before 0.9.5, the countermeasure (hide the error by generating a random 'decryption result') did not work properly because ERR_clear_error() was missing, meaning that SSL_get_error() would detect the supposedly ignored error. Both problems are now fixed. [Bodo Moeller] Changes between 0.9.6 and 0.9.6a [5 Apr 2001] ===> This is our ABI change. *) Rename 'des_encrypt' to 'des_encrypt1'. This avoids the clashes with des_encrypt() defined on some operating systems, like Solaris and UnixWare. [Richard Levitte] *) Don't use getenv in library functions when run as setuid/setgid. New function OPENSSL_issetugid(). [Ulf Moeller] *) Store verify_result within SSL_SESSION also for client side to avoid potential security hole. (Re-used sessions on the client side always resulted in verify_result==X509_V_OK, not using the original result of the server certificate verification.) [Lutz Jaenicke] ===> package doesn't doesn't do this. We'll bump major versions ===> as necessary. *) Make sure that shared libraries get the internal name engine with the full version number and not just 0. This should mark the shared libraries as not backward compatible. Of course, this should be changed again when we can guarantee backward binary compatibility. [Richard Levitte] *) Rework the system to generate shared libraries: - Make note of the expected extension for the shared libraries and if there is a need for symbolic links from for example libcrypto.so.0 to libcrypto.so.0.9.7. There is extended info in Configure for that. - Make as few rebuilds of the shared libraries as possible. - Still avoid linking the OpenSSL programs with the shared libraries. - When installing, install the shared libraries separately from the static ones. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.8 2002/07/28 05:36:30 schmonz Exp $ a4 9 @@@@ -388,7 +388,7 @@@@ # does give us what we want though, so we use that. We just just the # major and minor version numbers. # peak single digit before and after first dot, e.g. 2.95.1 gives 29 - GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'` + GCCVER=`echo $GCCVER | sed 's/[^.]*\([0-9]\)\.\([0-9]\).*/\1\2/'` else CC=cc fi @ 1.8 log @Build on Darwin using patches from Apple's Darwin source repository, via Fink. @ text @d1 1 a1 1 $NetBSD$ d3 1 a3 1 --- config.orig Thu Sep 21 05:23:14 2000 d5 7 a11 30 @@@@ -83,6 +83,10 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ echo "${MACHINE}-ibm-aix"; exit 0 ;; + Darwin:*) + echo "`uname -p`-apple-darwin${RELEASE}"; exit 0 + ;; + dgux:*) echo "${MACHINE}-dg-dgux"; exit 0 ;; @@@@ -167,10 +171,14 @@@@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0 ;; - NetBSD:*:*:*386*) - echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0 + NetBSD:*:*:i386) + if echo __ELF__ | cc -E - | grep -q __ELF__; then + echo "i386-whatever-netbsd"; exit 0 + else + echo "i386elf-whatever-netbsd"; exit 0 + fi ;; - + NetBSD:*) echo "${MACHINE}-whatever-netbsd"; exit 0 ;; @@@@ -330,6 +338,7 @@@@ else d14 1 a14 15 +if false; then if [ "$SYSTEM" = "SunOS" ]; then # check for WorkShop C, expected output is "cc: blah-blah C x.x" CCVER=`(cc -V 2>&1) 2>/dev/null | \ @@@@ -347,6 +356,7 @@@@ if [ "$SYSTEM" = "SunOS" ]; then CC=sc3 fi fi +fi if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then # check for Compaq C, expected output is "blah-blah C Vx.x" @@@@ -454,9 +464,10 @@@@ case "$GUESSOS" in alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;; d17 1 a17 1 - *86*-*-netbsd) OUT="NetBSD-x86" ;; d20 2 a21 4 + *86elf*-*-netbsd) OUT="NetBSD-i386elf" ;; + *86-*-netbsd) OUT="NetBSD-i386" ;; + *-netbsd) OUT="NetBSD-`sysctl -n hw.machine_arch`" ;; + *-*-darwin*) OUT="Darwin" ;; @ 1.7 log @Convert all patches to unified output format. @ text @d3 14 a16 3 --- config.orig Thu Sep 21 11:23:14 2000 +++ config Sat May 12 00:03:27 2001 @@@@ -167,10 +167,14 @@@@ d34 1 a34 1 @@@@ -330,6 +334,7 @@@@ d42 1 a42 1 @@@@ -347,6 +352,7 @@@@ d50 1 a50 1 @@@@ -454,9 +460,9 @@@@ d60 1 @ 1.7.2.1 log @Merge changes from pkgsrc-current into the buildlink2 branch for the packages that have buildlink2.mk files. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.10 2002/08/10 04:50:32 fredb Exp $ d3 38 a40 3 --- config.orig Sun Jun 16 05:32:14 2002 +++ config @@@@ -577,8 +577,8 @@@@ d43 1 a43 1 *86*-*-netbsd) OUT="NetBSD-x86" ;; d46 3 a48 2 + sun3*-*-netbsd) OUT="NetBSD-m68k" ;; + *-*-netbsd) OUT="NetBSD-`sysctl -n hw.machine_arch`" ;; @ 1.6 log @Update to OpenSSL 0.9.6. Update contributed by Dave Burgess, in PR pkg/12569. Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6: o Some documentation for BIO and SSL libraries. o Enhanced chain verification using key identifiers. o New sign and verify options to 'dgst' application. o Support for DER and PEM encoded messages in 'smime' application. o New 'rsautl' application, low level RSA utility. [*] o MD4 now included. o Bugfix for SSL rollback padding check. o Support for external crypto devices [1]. o Enhanced EVP interface. [1] The support for external crypto devices is currently a separate distribution. See the file README.ENGINE. [*] Not installed with the package. @ text @d1 51 a51 70 *** config.orig Thu Sep 21 04:23:14 2000 --- config Sat Apr 7 12:38:53 2001 *************** *** 167,176 **** echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0 ;; ! NetBSD:*:*:*386*) ! echo "`/usr/sbin/sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0 ;; ! NetBSD:*) echo "${MACHINE}-whatever-netbsd"; exit 0 ;; --- 167,180 ---- echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0 ;; ! NetBSD:*:*:i386) ! if echo __ELF__ | cc -E - | grep -q __ELF__; then ! echo "i386-whatever-netbsd"; exit 0 ! else ! echo "i386elf-whatever-netbsd"; exit 0 ! fi ;; ! NetBSD:*) echo "${MACHINE}-whatever-netbsd"; exit 0 ;; *************** *** 330,335 **** --- 334,340 ---- CC=cc fi + if false; then if [ "$SYSTEM" = "SunOS" ]; then # check for WorkShop C, expected output is "cc: blah-blah C x.x" CCVER=`(cc -V 2>&1) 2>/dev/null | \ *************** *** 347,352 **** --- 352,358 ---- CC=sc3 fi fi + fi if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then # check for Compaq C, expected output is "blah-blah C Vx.x" *************** *** 454,462 **** alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;; *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; *-freebsd[1-2]*) OUT="FreeBSD" ;; ! *86*-*-netbsd) OUT="NetBSD-x86" ;; ! sun3*-*-netbsd) OUT="NetBSD-m68" ;; ! *-*-netbsd) OUT="NetBSD-sparc" ;; *86*-*-openbsd) OUT="OpenBSD-x86" ;; alpha*-*-openbsd) OUT="OpenBSD-alpha" ;; pmax*-*-openbsd) OUT="OpenBSD-mips" ;; --- 460,468 ---- alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;; *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; *-freebsd[1-2]*) OUT="FreeBSD" ;; ! *86elf*-*-netbsd) OUT="NetBSD-i386elf" ;; ! *86-*-netbsd) OUT="NetBSD-i386" ;; ! *-netbsd) OUT="NetBSD-`sysctl -n hw.machine_arch`" ;; *86*-*-openbsd) OUT="OpenBSD-x86" ;; alpha*-*-openbsd) OUT="OpenBSD-alpha" ;; pmax*-*-openbsd) OUT="OpenBSD-mips" ;; @ 1.5 log @If we have to choose if this works on Solaris or NetBSD, prefer NetBSD. XXX: This needs some work. How to handle platform-dependent patches? What's the problem with using the NetBSD patches on Solaris? @ text @d1 70 a70 48 $NetBSD: patch-aa,v 1.4 2001/01/14 01:51:12 tron Exp $ --- config.orig Mon Aug 9 05:16:51 1999 +++ config @@@@ -155,8 +155,12 @@@@ echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0 ;; - NetBSD:*:*:*386*) - echo "`sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whateve\r-netbsd"; exit 0 + NetBSD:*:*:i386) + if echo __ELF__ | cc -E - | grep -q __ELF__; then + echo "i386-whatever-netbsd"; exit 0 + else + echo "i386elf-whatever-netbsd"; exit 0 + fi ;; NetBSD:*) @@@@ -324,6 +324,7 @@@@ CC=cc fi +if false; then if [ "$SYSTEM" = "SunOS" ]; then # check for WorkShop C, expected output is "cc: blah-blah C x.x" CCVER=`(cc -V 2>&1) 2>/dev/null | \ @@@@ -340,6 +341,7 @@@@ elif [ "$CC" = "cc" -a $CCVER -gt 0 ]; then CC=sc3 fi +fi fi if [ "${SYSTEM}-${MACHINE}" = "Linux-alpha" ]; then @@@@ -404,9 +408,9 @@@@ alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;; *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; *-freebsd[1-2]*) OUT="FreeBSD" ;; - *86*-*-netbsd) OUT="NetBSD-x86" ;; - sun3*-*-netbsd) OUT="NetBSD-m68" ;; - *-*-netbsd) OUT="NetBSD-sparc" ;; + *86elf*-*-netbsd) OUT="NetBSD-i386elf" ;; + *86-*-netbsd) OUT="NetBSD-i386" ;; + *-netbsd) OUT="NetBSD-`sysctl -n hw.machine_arch`" ;; *86*-*-openbsd) OUT="OpenBSD-x86" ;; alpha*-*-openbsd) OUT="OpenBSD-alpha" ;; pmax*-*-openbsd) OUT="OpenBSD-mips" ;; @ 1.4 log @Don't force to use WS 5.0 on Solaris. @ text @d1 1 a1 1 $NetBSD$ d3 17 a19 2 --- config.orig Tue Mar 14 00:52:44 2000 +++ config Sun Jan 14 02:10:07 2001 d36 13 @ 1.3 log @Support to build it on Solaris. It would be easier to make that change if we support patches for one OPSYS but someone removed that from out tree. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.2 1999/11/25 18:51:47 erh Exp $ d3 5 a7 5 --- config.orig Mon Aug 9 05:16:51 1999 +++ config Wed Oct 20 17:12:32 1999 @@@@ -155,8 +155,12 @@@@ echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0 ;; d9 10 a18 9 - NetBSD:*:*:*386*) - echo "`sysctl -n hw.model | sed 's,.*\(.\)86-class.*,i\186,'`-whateve\r-netbsd"; exit 0 + NetBSD:*:*:i386) + if echo __ELF__ | cc -E - | grep -q __ELF__; then + echo "i386-whatever-netbsd"; exit 0 + else + echo "i386elf-whatever-netbsd"; exit 0 + fi ;; d20 1 a20 14 NetBSD:*) @@@@ -404,9 +408,9 @@@@ alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;; *-freebsd[3-9]*) OUT="FreeBSD-elf" ;; *-freebsd[1-2]*) OUT="FreeBSD" ;; - *86*-*-netbsd) OUT="NetBSD-x86" ;; - sun3*-*-netbsd) OUT="NetBSD-m68" ;; - *-*-netbsd) OUT="NetBSD-sparc" ;; + *86elf*-*-netbsd) OUT="NetBSD-i386elf" ;; + *86-*-netbsd) OUT="NetBSD-i386" ;; + *-netbsd) OUT="NetBSD-`sysctl -n hw.machine_arch`" ;; *86*-*-openbsd) OUT="OpenBSD-x86" ;; alpha*-*-openbsd) OUT="OpenBSD-alpha" ;; pmax*-*-openbsd) OUT="OpenBSD-mips" ;; @ 1.2 log @Update openssl to 0.9.4. @ text @d1 1 a1 1 $NetBSD: $ @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD$ d3 5 a7 5 --- config.orig Sun Jan 17 09:20:20 1999 +++ config Tue Apr 27 10:22:07 1999 @@@@ -137,12 +137,16 @@@@ echo "${MACHINE}-whatever-freebsd"; exit 0 ;; d9 2 a10 2 - NetBSD:*:*:*486*) - echo "i486-whatever-netbsd"; exit 0 d20 4 a23 9 - echo "${MACHINE}-whatever-netbsd"; exit 0 + echo "`sysctl -n hw.machine_arch`-whatever-netbsd"; exit 0 ;; OpenBSD:*) @@@@ -310,9 +314,9 @@@@ *-*-sunos4) OUT="sunos-$CC" ;; *-freebsd3) OUT="FreeBSD-elf" ;; *-freebsd) OUT="FreeBSD" ;; d27 2 a28 2 + i386elf-*-netbsd) OUT="NetBSD-i386elf" ;; + mips-*-netbsd) OUT="NetBSD-mipsel" ;; @ 1.1.1.1 log @Import OpenSSL 0.9.2b pkg, a package which finally updates and fixes many deficiencies in SSLeay. Intended to be a drop-in replacement for SSLeay (and still provides the command-prompt interface as "ssleay"). @ text @@