aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authordinoex <dinoex@FreeBSD.org>2003-03-19 14:28:03 +0800
committerdinoex <dinoex@FreeBSD.org>2003-03-19 14:28:03 +0800
commit43c9e7f97973187ab549d0f407705d1f026c0316 (patch)
treea14398ddad89c65f5928f6c63024dccafcf4298a /security
parent36a1beea0f2eb4b3f7c80b796423e2de446b3d13 (diff)
downloadfreebsd-ports-graphics-43c9e7f97973187ab549d0f407705d1f026c0316.tar.gz
freebsd-ports-graphics-43c9e7f97973187ab549d0f407705d1f026c0316.tar.zst
freebsd-ports-graphics-43c9e7f97973187ab549d0f407705d1f026c0316.zip
- switch to USE_PERL5_BUILD
- add security patch Approved by: kris Obtained from: http://www.openssl.org/news/secadv_20030317.txt
Diffstat (limited to 'security')
-rw-r--r--security/openssl-beta/Makefile3
-rw-r--r--security/openssl-beta/files/patch-security77
-rw-r--r--security/openssl/Makefile3
-rw-r--r--security/openssl/files/patch-security77
4 files changed, 158 insertions, 2 deletions
diff --git a/security/openssl-beta/Makefile b/security/openssl-beta/Makefile
index a51c5b8bf24..66166c5e351 100644
--- a/security/openssl-beta/Makefile
+++ b/security/openssl-beta/Makefile
@@ -10,6 +10,7 @@ PORTNAME= openssl
PORTREVISION!= date -v-1d +%Y%m%d
.else
PORTVERSION= 0.9.7a
+PORTREVISION= 1
.endif
CATEGORIES= security devel
.ifdef OPENSSL_SNAPSHOT
@@ -37,6 +38,7 @@ COMMENT= SSL and crypto library
NOPRECIOUSMAKEVARS= Too many _MLINKS for fetch
NO_LATEST_LINK= yes
+USE_PERL5_BUILD= yes
MAN1= CA.pl.1 asn1parse.1 ca.1 ciphers.1 crl.1 crl2pkcs7.1 dgst.1 dhparam.1 \
dsa.1 dsaparam.1 enc.1 gendsa.1 genrsa.1 nseq.1 ocsp.1 openssl.1 \
@@ -836,7 +838,6 @@ MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=-Bforcearchive
MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive
.endif
-USE_PERL5= yes
.if defined(NOSHARED)
PLIST_SUB+= SHARED="@comment "
.else
diff --git a/security/openssl-beta/files/patch-security b/security/openssl-beta/files/patch-security
new file mode 100644
index 00000000000..4e3eefb3668
--- /dev/null
+++ b/security/openssl-beta/files/patch-security
@@ -0,0 +1,77 @@
+Index: crypto/rsa/rsa_eay.c
+===================================================================
+RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_eay.c,v
+retrieving revision 1.28.2.3
+diff -u -r1.28.2.3 rsa_eay.c
+--- crypto/rsa/rsa_eay.c 30 Jan 2003 17:37:46 -0000 1.28.2.3
++++ crypto/rsa/rsa_eay.c 16 Mar 2003 10:34:13 -0000
+@@ -195,6 +195,25 @@
+ return(r);
+ }
+
++static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
++ {
++ int ret = 1;
++ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
++ /* Check again inside the lock - the macro's check is racey */
++ if(rsa->blinding == NULL)
++ ret = RSA_blinding_on(rsa, ctx);
++ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
++ return ret;
++ }
++
++#define BLINDING_HELPER(rsa, ctx, err_instr) \
++ do { \
++ if(((rsa)->flags & RSA_FLAG_BLINDING) && \
++ ((rsa)->blinding == NULL) && \
++ !rsa_eay_blinding(rsa, ctx)) \
++ err_instr \
++ } while(0)
++
+ /* signing */
+ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+@@ -239,8 +258,8 @@
+ goto err;
+ }
+
+- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+- RSA_blinding_on(rsa,ctx);
++ BLINDING_HELPER(rsa, ctx, goto err;);
++
+ if (rsa->flags & RSA_FLAG_BLINDING)
+ if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+
+@@ -318,8 +337,8 @@
+ goto err;
+ }
+
+- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+- RSA_blinding_on(rsa,ctx);
++ BLINDING_HELPER(rsa, ctx, goto err;);
++
+ if (rsa->flags & RSA_FLAG_BLINDING)
+ if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+
+Index: crypto/rsa/rsa_lib.c
+===================================================================
+RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_lib.c,v
+retrieving revision 1.30.2.2
+diff -u -r1.30.2.2 rsa_lib.c
+--- crypto/rsa/rsa_lib.c 30 Jan 2003 17:37:46 -0000 1.30.2.2
++++ crypto/rsa/rsa_lib.c 16 Mar 2003 10:34:13 -0000
+@@ -72,7 +72,13 @@
+
+ RSA *RSA_new(void)
+ {
+- return(RSA_new_method(NULL));
++ RSA *r=RSA_new_method(NULL);
++
++#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
++ r->flags|=RSA_FLAG_BLINDING;
++#endif
++
++ return r;
+ }
+
+ void RSA_set_default_method(const RSA_METHOD *meth)
diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 36ea0346633..1a4cd8577ae 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -7,6 +7,7 @@
PORTNAME= openssl
PORTVERSION= 0.9.7a
+PORTREVISION= 1
CATEGORIES= security devel
MASTER_SITES= http://www.openssl.org/source/ \
ftp://ftp.openssl.org/source/ \
@@ -22,6 +23,7 @@ COMMENT= SSL and crypto library
MAKE_ENV+= MANPREFIX=${MANPREFIX}
NOPRECIOUSMAKEVARS= Too many _MLINKS for fetch
+USE_PERL5_BUILD= yes
MAN1= CA.pl.1 asn1parse.1 ca.1 ciphers.1 crl.1 crl2pkcs7.1 dgst.1 dhparam.1 \
dsa.1 dsaparam.1 enc.1 gendsa.1 genrsa.1 nseq.1 ocsp.1 openssl.1 \
@@ -821,7 +823,6 @@ MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=-Bforcearchive
MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive
.endif
-USE_PERL5= yes
.if defined(NOSHARED)
PLIST_SUB+= SHARED="@comment "
.else
diff --git a/security/openssl/files/patch-security b/security/openssl/files/patch-security
new file mode 100644
index 00000000000..4e3eefb3668
--- /dev/null
+++ b/security/openssl/files/patch-security
@@ -0,0 +1,77 @@
+Index: crypto/rsa/rsa_eay.c
+===================================================================
+RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_eay.c,v
+retrieving revision 1.28.2.3
+diff -u -r1.28.2.3 rsa_eay.c
+--- crypto/rsa/rsa_eay.c 30 Jan 2003 17:37:46 -0000 1.28.2.3
++++ crypto/rsa/rsa_eay.c 16 Mar 2003 10:34:13 -0000
+@@ -195,6 +195,25 @@
+ return(r);
+ }
+
++static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
++ {
++ int ret = 1;
++ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
++ /* Check again inside the lock - the macro's check is racey */
++ if(rsa->blinding == NULL)
++ ret = RSA_blinding_on(rsa, ctx);
++ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
++ return ret;
++ }
++
++#define BLINDING_HELPER(rsa, ctx, err_instr) \
++ do { \
++ if(((rsa)->flags & RSA_FLAG_BLINDING) && \
++ ((rsa)->blinding == NULL) && \
++ !rsa_eay_blinding(rsa, ctx)) \
++ err_instr \
++ } while(0)
++
+ /* signing */
+ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+ unsigned char *to, RSA *rsa, int padding)
+@@ -239,8 +258,8 @@
+ goto err;
+ }
+
+- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+- RSA_blinding_on(rsa,ctx);
++ BLINDING_HELPER(rsa, ctx, goto err;);
++
+ if (rsa->flags & RSA_FLAG_BLINDING)
+ if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+
+@@ -318,8 +337,8 @@
+ goto err;
+ }
+
+- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+- RSA_blinding_on(rsa,ctx);
++ BLINDING_HELPER(rsa, ctx, goto err;);
++
+ if (rsa->flags & RSA_FLAG_BLINDING)
+ if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+
+Index: crypto/rsa/rsa_lib.c
+===================================================================
+RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_lib.c,v
+retrieving revision 1.30.2.2
+diff -u -r1.30.2.2 rsa_lib.c
+--- crypto/rsa/rsa_lib.c 30 Jan 2003 17:37:46 -0000 1.30.2.2
++++ crypto/rsa/rsa_lib.c 16 Mar 2003 10:34:13 -0000
+@@ -72,7 +72,13 @@
+
+ RSA *RSA_new(void)
+ {
+- return(RSA_new_method(NULL));
++ RSA *r=RSA_new_method(NULL);
++
++#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
++ r->flags|=RSA_FLAG_BLINDING;
++#endif
++
++ return r;
+ }
+
+ void RSA_set_default_method(const RSA_METHOD *meth)