Date: Sat, 22 May 2010 18:40:55 +0000 (UTC) From: "Simon L. Nielsen" <simon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r208419 - in stable/8: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/aes crypto/openssl/crypto/aes/asm crypto/openssl/crypto/asn1 crypto/openssl/crypto/... Message-ID: <201005221840.o4MIetjM037784@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: simon Date: Sat May 22 18:40:54 2010 New Revision: 208419 URL: http://svn.freebsd.org/changeset/base/208419 Log: Merge OpenSSL 0.9.8n from head into stable/8. Approved by: re (kib) Added: stable/8/crypto/openssl/engines/alpha.opt - copied unchanged from r208415, head/crypto/openssl/engines/alpha.opt stable/8/crypto/openssl/engines/ia64.opt - copied unchanged from r208415, head/crypto/openssl/engines/ia64.opt stable/8/crypto/openssl/ssl/t1_reneg.c - copied unchanged from r208415, head/crypto/openssl/ssl/t1_reneg.c Deleted: stable/8/crypto/openssl/apps/genpkey.c stable/8/crypto/openssl/apps/pkey.c stable/8/crypto/openssl/apps/pkeyparam.c stable/8/crypto/openssl/apps/pkeyutl.c stable/8/crypto/openssl/apps/ts.c stable/8/crypto/openssl/apps/tsget stable/8/crypto/openssl/crypto/aes/aes_x86core.c stable/8/crypto/openssl/crypto/aes/asm/aes-armv4.pl stable/8/crypto/openssl/crypto/aes/asm/aes-ppc.pl stable/8/crypto/openssl/crypto/aes/asm/aes-s390x.pl stable/8/crypto/openssl/crypto/aes/asm/aes-sparcv9.pl stable/8/crypto/openssl/crypto/asn1/ameth_lib.c stable/8/crypto/openssl/crypto/asn1/asn1_locl.h stable/8/crypto/openssl/crypto/asn1/bio_asn1.c stable/8/crypto/openssl/crypto/asn1/bio_ndef.c stable/8/crypto/openssl/crypto/asn1/x_nx509.c stable/8/crypto/openssl/crypto/bn/asm/alpha-mont.pl stable/8/crypto/openssl/crypto/bn/asm/armv4-mont.pl stable/8/crypto/openssl/crypto/bn/asm/mips3-mont.pl stable/8/crypto/openssl/crypto/bn/asm/ppc-mont.pl stable/8/crypto/openssl/crypto/bn/asm/ppc64-mont.pl stable/8/crypto/openssl/crypto/bn/asm/s390x-mont.pl stable/8/crypto/openssl/crypto/bn/asm/s390x.S stable/8/crypto/openssl/crypto/bn/asm/sparcv9-mont.pl stable/8/crypto/openssl/crypto/bn/asm/sparcv9a-mont.pl stable/8/crypto/openssl/crypto/bn/asm/via-mont.pl stable/8/crypto/openssl/crypto/bn/asm/x86-mont.pl stable/8/crypto/openssl/crypto/camellia/asm/ stable/8/crypto/openssl/crypto/ppccpuid.pl stable/8/crypto/openssl/crypto/s390xcpuid.S stable/8/crypto/openssl/crypto/sparcv9cap.c stable/8/crypto/openssl/engines/axp.opt Modified: stable/8/crypto/openssl/CHANGES stable/8/crypto/openssl/Configure stable/8/crypto/openssl/FAQ stable/8/crypto/openssl/Makefile stable/8/crypto/openssl/Makefile.org stable/8/crypto/openssl/NEWS stable/8/crypto/openssl/README stable/8/crypto/openssl/apps/CA.sh stable/8/crypto/openssl/apps/Makefile stable/8/crypto/openssl/apps/apps.c stable/8/crypto/openssl/apps/ca.c stable/8/crypto/openssl/apps/dsa.c stable/8/crypto/openssl/apps/dsaparam.c stable/8/crypto/openssl/apps/enc.c stable/8/crypto/openssl/apps/gendsa.c stable/8/crypto/openssl/apps/genrsa.c stable/8/crypto/openssl/apps/openssl.c stable/8/crypto/openssl/apps/pkcs12.c stable/8/crypto/openssl/apps/req.c stable/8/crypto/openssl/apps/s_apps.h stable/8/crypto/openssl/apps/s_cb.c stable/8/crypto/openssl/apps/s_client.c stable/8/crypto/openssl/apps/s_server.c stable/8/crypto/openssl/apps/s_socket.c stable/8/crypto/openssl/apps/speed.c stable/8/crypto/openssl/apps/x509.c stable/8/crypto/openssl/config stable/8/crypto/openssl/crypto/aes/aes_cfb.c stable/8/crypto/openssl/crypto/aes/asm/aes-x86_64.pl stable/8/crypto/openssl/crypto/asn1/a_mbstr.c stable/8/crypto/openssl/crypto/asn1/a_object.c stable/8/crypto/openssl/crypto/asn1/asn1.h stable/8/crypto/openssl/crypto/asn1/asn1_err.c stable/8/crypto/openssl/crypto/asn1/asn1_gen.c stable/8/crypto/openssl/crypto/asn1/asn1_par.c stable/8/crypto/openssl/crypto/asn1/t_x509.c stable/8/crypto/openssl/crypto/bio/bio.h stable/8/crypto/openssl/crypto/bio/bss_dgram.c stable/8/crypto/openssl/crypto/bio/bss_file.c stable/8/crypto/openssl/crypto/bn/asm/ppc.pl stable/8/crypto/openssl/crypto/bn/asm/x86_64-gcc.c stable/8/crypto/openssl/crypto/bn/bn_div.c stable/8/crypto/openssl/crypto/bn/bn_exp.c stable/8/crypto/openssl/crypto/bn/bn_gf2m.c stable/8/crypto/openssl/crypto/bn/bn_mul.c stable/8/crypto/openssl/crypto/bn/bntest.c stable/8/crypto/openssl/crypto/camellia/Makefile stable/8/crypto/openssl/crypto/cast/c_cfb64.c stable/8/crypto/openssl/crypto/cast/c_ecb.c stable/8/crypto/openssl/crypto/cast/c_enc.c stable/8/crypto/openssl/crypto/cast/c_ofb64.c stable/8/crypto/openssl/crypto/cast/cast.h stable/8/crypto/openssl/crypto/cms/cms_ess.c stable/8/crypto/openssl/crypto/cms/cms_lib.c stable/8/crypto/openssl/crypto/comp/c_zlib.c stable/8/crypto/openssl/crypto/cryptlib.c stable/8/crypto/openssl/crypto/dsa/Makefile stable/8/crypto/openssl/crypto/dsa/dsa_asn1.c stable/8/crypto/openssl/crypto/dsa/dsa_lib.c stable/8/crypto/openssl/crypto/dso/dso_dlfcn.c stable/8/crypto/openssl/crypto/ec/ec2_smpl.c stable/8/crypto/openssl/crypto/ecdsa/Makefile stable/8/crypto/openssl/crypto/ecdsa/ecs_ossl.c stable/8/crypto/openssl/crypto/ecdsa/ecs_sign.c stable/8/crypto/openssl/crypto/engine/Makefile stable/8/crypto/openssl/crypto/engine/eng_all.c stable/8/crypto/openssl/crypto/engine/eng_cnf.c stable/8/crypto/openssl/crypto/engine/eng_cryptodev.c stable/8/crypto/openssl/crypto/engine/eng_ctrl.c stable/8/crypto/openssl/crypto/engine/eng_err.c stable/8/crypto/openssl/crypto/engine/eng_table.c stable/8/crypto/openssl/crypto/engine/engine.h stable/8/crypto/openssl/crypto/err/Makefile stable/8/crypto/openssl/crypto/err/err_all.c stable/8/crypto/openssl/crypto/evp/c_allc.c stable/8/crypto/openssl/crypto/evp/c_alld.c stable/8/crypto/openssl/crypto/evp/digest.c stable/8/crypto/openssl/crypto/evp/evp_lib.c stable/8/crypto/openssl/crypto/evp/evp_locl.h stable/8/crypto/openssl/crypto/evp/names.c stable/8/crypto/openssl/crypto/lhash/lhash.c stable/8/crypto/openssl/crypto/md32_common.h stable/8/crypto/openssl/crypto/md5/asm/md5-x86_64.pl stable/8/crypto/openssl/crypto/o_init.c stable/8/crypto/openssl/crypto/o_str.c stable/8/crypto/openssl/crypto/objects/obj_dat.c stable/8/crypto/openssl/crypto/objects/obj_dat.h stable/8/crypto/openssl/crypto/objects/obj_mac.h stable/8/crypto/openssl/crypto/objects/obj_mac.num stable/8/crypto/openssl/crypto/objects/objects.txt stable/8/crypto/openssl/crypto/ocsp/ocsp_prn.c stable/8/crypto/openssl/crypto/opensslv.h stable/8/crypto/openssl/crypto/pem/pem_seal.c stable/8/crypto/openssl/crypto/perlasm/x86_64-xlate.pl stable/8/crypto/openssl/crypto/pkcs12/p12_attr.c stable/8/crypto/openssl/crypto/pkcs12/p12_key.c stable/8/crypto/openssl/crypto/pkcs12/p12_utl.c stable/8/crypto/openssl/crypto/pkcs12/pkcs12.h stable/8/crypto/openssl/crypto/pkcs7/pk7_mime.c stable/8/crypto/openssl/crypto/rand/rand_win.c stable/8/crypto/openssl/crypto/rand/randfile.c stable/8/crypto/openssl/crypto/rsa/rsa.h stable/8/crypto/openssl/crypto/rsa/rsa_eay.c stable/8/crypto/openssl/crypto/rsa/rsa_eng.c stable/8/crypto/openssl/crypto/rsa/rsa_oaep.c stable/8/crypto/openssl/crypto/rsa/rsa_pss.c stable/8/crypto/openssl/crypto/rsa/rsa_sign.c stable/8/crypto/openssl/crypto/sha/sha512.c stable/8/crypto/openssl/crypto/stack/safestack.h stable/8/crypto/openssl/crypto/symhacks.h stable/8/crypto/openssl/crypto/ui/ui_openssl.c stable/8/crypto/openssl/crypto/x509/by_dir.c stable/8/crypto/openssl/crypto/x509/x509.h stable/8/crypto/openssl/crypto/x509/x509_lu.c stable/8/crypto/openssl/crypto/x509/x509_vfy.c stable/8/crypto/openssl/crypto/x509/x509_vfy.h stable/8/crypto/openssl/crypto/x509/x509_vpm.c stable/8/crypto/openssl/crypto/x509v3/pcy_tree.c stable/8/crypto/openssl/crypto/x509v3/v3_alt.c stable/8/crypto/openssl/crypto/x509v3/v3_ocsp.c stable/8/crypto/openssl/demos/x509/mkcert.c stable/8/crypto/openssl/demos/x509/mkreq.c stable/8/crypto/openssl/doc/apps/enc.pod stable/8/crypto/openssl/doc/apps/verify.pod stable/8/crypto/openssl/doc/crypto/ASN1_generate_nconf.pod stable/8/crypto/openssl/doc/crypto/EVP_DigestInit.pod stable/8/crypto/openssl/doc/crypto/PKCS12_parse.pod stable/8/crypto/openssl/doc/crypto/bn_internal.pod stable/8/crypto/openssl/doc/crypto/d2i_X509.pod stable/8/crypto/openssl/doc/crypto/d2i_X509_CRL.pod stable/8/crypto/openssl/doc/crypto/d2i_X509_REQ.pod stable/8/crypto/openssl/doc/crypto/hmac.pod stable/8/crypto/openssl/doc/crypto/pem.pod stable/8/crypto/openssl/doc/ssl/SSL_CIPHER_get_name.pod stable/8/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod stable/8/crypto/openssl/engines/Makefile stable/8/crypto/openssl/engines/e_capi.c stable/8/crypto/openssl/engines/e_capi_err.c stable/8/crypto/openssl/engines/e_capi_err.h stable/8/crypto/openssl/engines/e_chil.c stable/8/crypto/openssl/engines/e_ubsec.c stable/8/crypto/openssl/fips/Makefile stable/8/crypto/openssl/fips/aes/fips_aesavs.c stable/8/crypto/openssl/fips/des/fips_desmovs.c stable/8/crypto/openssl/fips/dsa/fips_dsa_key.c stable/8/crypto/openssl/fips/dsa/fips_dsa_sign.c stable/8/crypto/openssl/fips/dsa/fips_dsatest.c stable/8/crypto/openssl/fips/dsa/fips_dssvs.c stable/8/crypto/openssl/fips/fips_locl.h stable/8/crypto/openssl/fips/fips_test_suite.c stable/8/crypto/openssl/fips/fips_utl.h stable/8/crypto/openssl/fips/fipsalgtest.pl stable/8/crypto/openssl/fips/fipsld stable/8/crypto/openssl/fips/hmac/fips_hmac.c stable/8/crypto/openssl/fips/hmac/fips_hmac_selftest.c stable/8/crypto/openssl/fips/rand/fips_rand.c stable/8/crypto/openssl/fips/rand/fips_rngvs.c stable/8/crypto/openssl/fips/rsa/fips_rsagtest.c stable/8/crypto/openssl/fips/rsa/fips_rsastest.c stable/8/crypto/openssl/fips/rsa/fips_rsavtest.c stable/8/crypto/openssl/fips/sha/Makefile stable/8/crypto/openssl/fips/sha/fips_sha1_selftest.c stable/8/crypto/openssl/openssl.spec stable/8/crypto/openssl/ssl/Makefile stable/8/crypto/openssl/ssl/d1_both.c stable/8/crypto/openssl/ssl/d1_clnt.c stable/8/crypto/openssl/ssl/d1_enc.c stable/8/crypto/openssl/ssl/d1_lib.c stable/8/crypto/openssl/ssl/d1_pkt.c stable/8/crypto/openssl/ssl/d1_srvr.c stable/8/crypto/openssl/ssl/dtls1.h stable/8/crypto/openssl/ssl/kssl.c stable/8/crypto/openssl/ssl/s23_clnt.c stable/8/crypto/openssl/ssl/s23_srvr.c stable/8/crypto/openssl/ssl/s2_srvr.c stable/8/crypto/openssl/ssl/s3_both.c stable/8/crypto/openssl/ssl/s3_clnt.c stable/8/crypto/openssl/ssl/s3_lib.c stable/8/crypto/openssl/ssl/s3_pkt.c stable/8/crypto/openssl/ssl/s3_srvr.c stable/8/crypto/openssl/ssl/ssl.h stable/8/crypto/openssl/ssl/ssl3.h stable/8/crypto/openssl/ssl/ssl_algs.c stable/8/crypto/openssl/ssl/ssl_asn1.c stable/8/crypto/openssl/ssl/ssl_cert.c stable/8/crypto/openssl/ssl/ssl_ciph.c stable/8/crypto/openssl/ssl/ssl_err.c stable/8/crypto/openssl/ssl/ssl_lib.c stable/8/crypto/openssl/ssl/ssl_locl.h stable/8/crypto/openssl/ssl/ssl_rsa.c stable/8/crypto/openssl/ssl/ssl_sess.c stable/8/crypto/openssl/ssl/ssl_stat.c stable/8/crypto/openssl/ssl/ssl_txt.c stable/8/crypto/openssl/ssl/t1_enc.c stable/8/crypto/openssl/ssl/t1_lib.c stable/8/crypto/openssl/ssl/tls1.h stable/8/crypto/openssl/test/Makefile stable/8/crypto/openssl/test/cms-test.pl stable/8/crypto/openssl/util/domd stable/8/crypto/openssl/util/libeay.num stable/8/crypto/openssl/util/mk1mf.pl stable/8/crypto/openssl/util/mkdef.pl stable/8/crypto/openssl/util/mkerr.pl stable/8/crypto/openssl/util/pl/Mingw32.pl stable/8/crypto/openssl/util/pl/VC-32.pl stable/8/crypto/openssl/util/pod2man.pl stable/8/crypto/openssl/util/shlib_wrap.sh stable/8/secure/lib/libcrypto/Makefile.inc stable/8/secure/lib/libcrypto/Makefile.man stable/8/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/8/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/8/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/8/secure/lib/libcrypto/man/BIO_ctrl.3 stable/8/secure/lib/libcrypto/man/BIO_f_base64.3 stable/8/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/8/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/8/secure/lib/libcrypto/man/BIO_f_md.3 stable/8/secure/lib/libcrypto/man/BIO_f_null.3 stable/8/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/8/secure/lib/libcrypto/man/BIO_find_type.3 stable/8/secure/lib/libcrypto/man/BIO_new.3 stable/8/secure/lib/libcrypto/man/BIO_push.3 stable/8/secure/lib/libcrypto/man/BIO_read.3 stable/8/secure/lib/libcrypto/man/BIO_s_accept.3 stable/8/secure/lib/libcrypto/man/BIO_s_bio.3 stable/8/secure/lib/libcrypto/man/BIO_s_connect.3 stable/8/secure/lib/libcrypto/man/BIO_s_fd.3 stable/8/secure/lib/libcrypto/man/BIO_s_file.3 stable/8/secure/lib/libcrypto/man/BIO_s_mem.3 stable/8/secure/lib/libcrypto/man/BIO_s_null.3 stable/8/secure/lib/libcrypto/man/BIO_s_socket.3 stable/8/secure/lib/libcrypto/man/BIO_set_callback.3 stable/8/secure/lib/libcrypto/man/BIO_should_retry.3 stable/8/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/8/secure/lib/libcrypto/man/BN_CTX_new.3 stable/8/secure/lib/libcrypto/man/BN_CTX_start.3 stable/8/secure/lib/libcrypto/man/BN_add.3 stable/8/secure/lib/libcrypto/man/BN_add_word.3 stable/8/secure/lib/libcrypto/man/BN_bn2bin.3 stable/8/secure/lib/libcrypto/man/BN_cmp.3 stable/8/secure/lib/libcrypto/man/BN_copy.3 stable/8/secure/lib/libcrypto/man/BN_generate_prime.3 stable/8/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/8/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/8/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/8/secure/lib/libcrypto/man/BN_new.3 stable/8/secure/lib/libcrypto/man/BN_num_bytes.3 stable/8/secure/lib/libcrypto/man/BN_rand.3 stable/8/secure/lib/libcrypto/man/BN_set_bit.3 stable/8/secure/lib/libcrypto/man/BN_swap.3 stable/8/secure/lib/libcrypto/man/BN_zero.3 stable/8/secure/lib/libcrypto/man/CONF_modules_free.3 stable/8/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/8/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 stable/8/secure/lib/libcrypto/man/DH_generate_key.3 stable/8/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/8/secure/lib/libcrypto/man/DH_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/DH_new.3 stable/8/secure/lib/libcrypto/man/DH_set_method.3 stable/8/secure/lib/libcrypto/man/DH_size.3 stable/8/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/8/secure/lib/libcrypto/man/DSA_do_sign.3 stable/8/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/8/secure/lib/libcrypto/man/DSA_generate_key.3 stable/8/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/8/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/DSA_new.3 stable/8/secure/lib/libcrypto/man/DSA_set_method.3 stable/8/secure/lib/libcrypto/man/DSA_sign.3 stable/8/secure/lib/libcrypto/man/DSA_size.3 stable/8/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/8/secure/lib/libcrypto/man/ERR_clear_error.3 stable/8/secure/lib/libcrypto/man/ERR_error_string.3 stable/8/secure/lib/libcrypto/man/ERR_get_error.3 stable/8/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/8/secure/lib/libcrypto/man/ERR_load_strings.3 stable/8/secure/lib/libcrypto/man/ERR_print_errors.3 stable/8/secure/lib/libcrypto/man/ERR_put_error.3 stable/8/secure/lib/libcrypto/man/ERR_remove_state.3 stable/8/secure/lib/libcrypto/man/ERR_set_mark.3 stable/8/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/8/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/8/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/8/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/8/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/8/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/8/secure/lib/libcrypto/man/EVP_SealInit.3 stable/8/secure/lib/libcrypto/man/EVP_SignInit.3 stable/8/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/8/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/8/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/8/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/8/secure/lib/libcrypto/man/OPENSSL_config.3 stable/8/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/8/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/8/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/8/secure/lib/libcrypto/man/PKCS12_create.3 stable/8/secure/lib/libcrypto/man/PKCS12_parse.3 stable/8/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/8/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/8/secure/lib/libcrypto/man/PKCS7_sign.3 stable/8/secure/lib/libcrypto/man/PKCS7_verify.3 stable/8/secure/lib/libcrypto/man/RAND_add.3 stable/8/secure/lib/libcrypto/man/RAND_bytes.3 stable/8/secure/lib/libcrypto/man/RAND_cleanup.3 stable/8/secure/lib/libcrypto/man/RAND_egd.3 stable/8/secure/lib/libcrypto/man/RAND_load_file.3 stable/8/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/8/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/8/secure/lib/libcrypto/man/RSA_check_key.3 stable/8/secure/lib/libcrypto/man/RSA_generate_key.3 stable/8/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 stable/8/secure/lib/libcrypto/man/RSA_new.3 stable/8/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/8/secure/lib/libcrypto/man/RSA_print.3 stable/8/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/8/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/8/secure/lib/libcrypto/man/RSA_set_method.3 stable/8/secure/lib/libcrypto/man/RSA_sign.3 stable/8/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/8/secure/lib/libcrypto/man/RSA_size.3 stable/8/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/8/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/8/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/8/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/8/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/8/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/8/secure/lib/libcrypto/man/X509_new.3 stable/8/secure/lib/libcrypto/man/bio.3 stable/8/secure/lib/libcrypto/man/blowfish.3 stable/8/secure/lib/libcrypto/man/bn.3 stable/8/secure/lib/libcrypto/man/bn_internal.3 stable/8/secure/lib/libcrypto/man/buffer.3 stable/8/secure/lib/libcrypto/man/crypto.3 stable/8/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 stable/8/secure/lib/libcrypto/man/d2i_DHparams.3 stable/8/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 stable/8/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 stable/8/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 stable/8/secure/lib/libcrypto/man/d2i_X509.3 stable/8/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 stable/8/secure/lib/libcrypto/man/d2i_X509_CRL.3 stable/8/secure/lib/libcrypto/man/d2i_X509_NAME.3 stable/8/secure/lib/libcrypto/man/d2i_X509_REQ.3 stable/8/secure/lib/libcrypto/man/d2i_X509_SIG.3 stable/8/secure/lib/libcrypto/man/des.3 stable/8/secure/lib/libcrypto/man/dh.3 stable/8/secure/lib/libcrypto/man/dsa.3 stable/8/secure/lib/libcrypto/man/ecdsa.3 stable/8/secure/lib/libcrypto/man/engine.3 stable/8/secure/lib/libcrypto/man/err.3 stable/8/secure/lib/libcrypto/man/evp.3 stable/8/secure/lib/libcrypto/man/hmac.3 stable/8/secure/lib/libcrypto/man/lh_stats.3 stable/8/secure/lib/libcrypto/man/lhash.3 stable/8/secure/lib/libcrypto/man/md5.3 stable/8/secure/lib/libcrypto/man/mdc2.3 stable/8/secure/lib/libcrypto/man/pem.3 stable/8/secure/lib/libcrypto/man/rand.3 stable/8/secure/lib/libcrypto/man/rc4.3 stable/8/secure/lib/libcrypto/man/ripemd.3 stable/8/secure/lib/libcrypto/man/rsa.3 stable/8/secure/lib/libcrypto/man/sha.3 stable/8/secure/lib/libcrypto/man/threads.3 stable/8/secure/lib/libcrypto/man/ui.3 stable/8/secure/lib/libcrypto/man/ui_compat.3 stable/8/secure/lib/libcrypto/man/x509.3 stable/8/secure/lib/libssl/Makefile stable/8/secure/lib/libssl/Makefile.man stable/8/secure/lib/libssl/man/SSL_CIPHER_get_name.3 stable/8/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 stable/8/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 stable/8/secure/lib/libssl/man/SSL_CTX_add_session.3 stable/8/secure/lib/libssl/man/SSL_CTX_ctrl.3 stable/8/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 stable/8/secure/lib/libssl/man/SSL_CTX_free.3 stable/8/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 stable/8/secure/lib/libssl/man/SSL_CTX_new.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_number.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 stable/8/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_sessions.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_options.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_timeout.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 stable/8/secure/lib/libssl/man/SSL_CTX_set_verify.3 stable/8/secure/lib/libssl/man/SSL_CTX_use_certificate.3 stable/8/secure/lib/libssl/man/SSL_SESSION_free.3 stable/8/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_SESSION_get_time.3 stable/8/secure/lib/libssl/man/SSL_accept.3 stable/8/secure/lib/libssl/man/SSL_alert_type_string.3 stable/8/secure/lib/libssl/man/SSL_clear.3 stable/8/secure/lib/libssl/man/SSL_connect.3 stable/8/secure/lib/libssl/man/SSL_do_handshake.3 stable/8/secure/lib/libssl/man/SSL_free.3 stable/8/secure/lib/libssl/man/SSL_get_SSL_CTX.3 stable/8/secure/lib/libssl/man/SSL_get_ciphers.3 stable/8/secure/lib/libssl/man/SSL_get_client_CA_list.3 stable/8/secure/lib/libssl/man/SSL_get_current_cipher.3 stable/8/secure/lib/libssl/man/SSL_get_default_timeout.3 stable/8/secure/lib/libssl/man/SSL_get_error.3 stable/8/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 stable/8/secure/lib/libssl/man/SSL_get_ex_new_index.3 stable/8/secure/lib/libssl/man/SSL_get_fd.3 stable/8/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 stable/8/secure/lib/libssl/man/SSL_get_peer_certificate.3 stable/8/secure/lib/libssl/man/SSL_get_rbio.3 stable/8/secure/lib/libssl/man/SSL_get_session.3 stable/8/secure/lib/libssl/man/SSL_get_verify_result.3 stable/8/secure/lib/libssl/man/SSL_get_version.3 stable/8/secure/lib/libssl/man/SSL_library_init.3 stable/8/secure/lib/libssl/man/SSL_load_client_CA_file.3 stable/8/secure/lib/libssl/man/SSL_new.3 stable/8/secure/lib/libssl/man/SSL_pending.3 stable/8/secure/lib/libssl/man/SSL_read.3 stable/8/secure/lib/libssl/man/SSL_rstate_string.3 stable/8/secure/lib/libssl/man/SSL_session_reused.3 stable/8/secure/lib/libssl/man/SSL_set_bio.3 stable/8/secure/lib/libssl/man/SSL_set_connect_state.3 stable/8/secure/lib/libssl/man/SSL_set_fd.3 stable/8/secure/lib/libssl/man/SSL_set_session.3 stable/8/secure/lib/libssl/man/SSL_set_shutdown.3 stable/8/secure/lib/libssl/man/SSL_set_verify_result.3 stable/8/secure/lib/libssl/man/SSL_shutdown.3 stable/8/secure/lib/libssl/man/SSL_state_string.3 stable/8/secure/lib/libssl/man/SSL_want.3 stable/8/secure/lib/libssl/man/SSL_write.3 stable/8/secure/lib/libssl/man/d2i_SSL_SESSION.3 stable/8/secure/lib/libssl/man/ssl.3 stable/8/secure/usr.bin/openssl/man/CA.pl.1 stable/8/secure/usr.bin/openssl/man/asn1parse.1 stable/8/secure/usr.bin/openssl/man/ca.1 stable/8/secure/usr.bin/openssl/man/ciphers.1 stable/8/secure/usr.bin/openssl/man/crl.1 stable/8/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/8/secure/usr.bin/openssl/man/dgst.1 stable/8/secure/usr.bin/openssl/man/dhparam.1 stable/8/secure/usr.bin/openssl/man/dsa.1 stable/8/secure/usr.bin/openssl/man/dsaparam.1 stable/8/secure/usr.bin/openssl/man/ec.1 stable/8/secure/usr.bin/openssl/man/ecparam.1 stable/8/secure/usr.bin/openssl/man/enc.1 stable/8/secure/usr.bin/openssl/man/errstr.1 stable/8/secure/usr.bin/openssl/man/gendsa.1 stable/8/secure/usr.bin/openssl/man/genrsa.1 stable/8/secure/usr.bin/openssl/man/nseq.1 stable/8/secure/usr.bin/openssl/man/ocsp.1 stable/8/secure/usr.bin/openssl/man/openssl.1 stable/8/secure/usr.bin/openssl/man/passwd.1 stable/8/secure/usr.bin/openssl/man/pkcs12.1 stable/8/secure/usr.bin/openssl/man/pkcs7.1 stable/8/secure/usr.bin/openssl/man/pkcs8.1 stable/8/secure/usr.bin/openssl/man/rand.1 stable/8/secure/usr.bin/openssl/man/req.1 stable/8/secure/usr.bin/openssl/man/rsa.1 stable/8/secure/usr.bin/openssl/man/rsautl.1 stable/8/secure/usr.bin/openssl/man/s_client.1 stable/8/secure/usr.bin/openssl/man/s_server.1 stable/8/secure/usr.bin/openssl/man/s_time.1 stable/8/secure/usr.bin/openssl/man/sess_id.1 stable/8/secure/usr.bin/openssl/man/smime.1 stable/8/secure/usr.bin/openssl/man/speed.1 stable/8/secure/usr.bin/openssl/man/spkac.1 stable/8/secure/usr.bin/openssl/man/verify.1 stable/8/secure/usr.bin/openssl/man/version.1 stable/8/secure/usr.bin/openssl/man/x509.1 stable/8/secure/usr.bin/openssl/man/x509v3_config.1 Directory Properties: stable/8/crypto/openssl/ (props changed) stable/8/secure/lib/libcrypto/ (props changed) stable/8/secure/lib/libssl/ (props changed) stable/8/secure/usr.bin/openssl/ (props changed) Modified: stable/8/crypto/openssl/CHANGES ============================================================================== --- stable/8/crypto/openssl/CHANGES Sat May 22 16:55:35 2010 (r208418) +++ stable/8/crypto/openssl/CHANGES Sat May 22 18:40:54 2010 (r208419) @@ -2,6 +2,191 @@ OpenSSL CHANGES _______________ + Changes between 0.9.8m and 0.9.8n [24 Mar 2010] + + *) When rejecting SSL/TLS records due to an incorrect version number, never + update s->server with a new major version number. As of + - OpenSSL 0.9.8m if 'short' is a 16-bit type, + - OpenSSL 0.9.8f if 'short' is longer than 16 bits, + the previous behavior could result in a read attempt at NULL when + receiving specific incorrect SSL/TLS records once record payload + protection is active. (CVE-2010-0740) + [Bodo Moeller, Adam Langley <agl@chromium.org>] + + *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL + could be crashed if the relevant tables were not present (e.g. chrooted). + [Tomas Hoger <thoger@redhat.com>] + + Changes between 0.9.8l and 0.9.8m [25 Feb 2010] + + *) Always check bn_wexpend() return values for failure. (CVE-2009-3245) + [Martin Olsson, Neel Mehta] + + *) Fix X509_STORE locking: Every 'objs' access requires a lock (to + accommodate for stack sorting, always a write lock!). + [Bodo Moeller] + + *) On some versions of WIN32 Heap32Next is very slow. This can cause + excessive delays in the RAND_poll(): over a minute. As a workaround + include a time check in the inner Heap32Next loop too. + [Steve Henson] + + *) The code that handled flushing of data in SSL/TLS originally used the + BIO_CTRL_INFO ctrl to see if any data was pending first. This caused + the problem outlined in PR#1949. The fix suggested there however can + trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions + of Apache). So instead simplify the code to flush unconditionally. + This should be fine since flushing with no data to flush is a no op. + [Steve Henson] + + *) Handle TLS versions 2.0 and later properly and correctly use the + highest version of TLS/SSL supported. Although TLS >= 2.0 is some way + off ancient servers have a habit of sticking around for a while... + [Steve Henson] + + *) Modify compression code so it frees up structures without using the + ex_data callbacks. This works around a problem where some applications + call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when + restarting) then use compression (e.g. SSL with compression) later. + This results in significant per-connection memory leaks and + has caused some security issues including CVE-2008-1678 and + CVE-2009-4355. + [Steve Henson] + + *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't + change when encrypting or decrypting. + [Bodo Moeller] + + *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to + connect and renegotiate with servers which do not support RI. + Until RI is more widely deployed this option is enabled by default. + [Steve Henson] + + *) Add "missing" ssl ctrls to clear options and mode. + [Steve Henson] + + *) If client attempts to renegotiate and doesn't support RI respond with + a no_renegotiation alert as required by RFC5746. Some renegotiating + TLS clients will continue a connection gracefully when they receive + the alert. Unfortunately OpenSSL mishandled this alert and would hang + waiting for a server hello which it will never receive. Now we treat a + received no_renegotiation alert as a fatal error. This is because + applications requesting a renegotiation might well expect it to succeed + and would have no code in place to handle the server denying it so the + only safe thing to do is to terminate the connection. + [Steve Henson] + + *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if + peer supports secure renegotiation and 0 otherwise. Print out peer + renegotiation support in s_client/s_server. + [Steve Henson] + + *) Replace the highly broken and deprecated SPKAC certification method with + the updated NID creation version. This should correctly handle UTF8. + [Steve Henson] + + *) Implement RFC5746. Re-enable renegotiation but require the extension + as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION + turns out to be a bad idea. It has been replaced by + SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with + SSL_CTX_set_options(). This is really not recommended unless you + know what you are doing. + [Eric Rescorla <ekr@networkresonance.com>, Ben Laurie, Steve Henson] + + *) Fixes to stateless session resumption handling. Use initial_ctx when + issuing and attempting to decrypt tickets in case it has changed during + servername handling. Use a non-zero length session ID when attempting + stateless session resumption: this makes it possible to determine if + a resumption has occurred immediately after receiving server hello + (several places in OpenSSL subtly assume this) instead of later in + the handshake. + [Steve Henson] + + *) The functions ENGINE_ctrl(), OPENSSL_isservice(), + CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error + fixes for a few places where the return code is not checked + correctly. + [Julia Lawall <julia@diku.dk>] + + *) Add --strict-warnings option to Configure script to include devteam + warnings in other configurations. + [Steve Henson] + + *) Add support for --libdir option and LIBDIR variable in makefiles. This + makes it possible to install openssl libraries in locations which + have names other than "lib", for example "/usr/lib64" which some + systems need. + [Steve Henson, based on patch from Jeremy Utley] + + *) Don't allow the use of leading 0x80 in OIDs. This is a violation of + X690 8.9.12 and can produce some misleading textual output of OIDs. + [Steve Henson, reported by Dan Kaminsky] + + *) Delete MD2 from algorithm tables. This follows the recommendation in + several standards that it is not used in new applications due to + several cryptographic weaknesses. For binary compatibility reasons + the MD2 API is still compiled in by default. + [Steve Henson] + + *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved + and restored. + [Steve Henson] + + *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and + OPENSSL_asc2uni conditionally on Netware platforms to avoid a name + clash. + [Guenter <lists@gknw.net>] + + *) Fix the server certificate chain building code to use X509_verify_cert(), + it used to have an ad-hoc builder which was unable to cope with anything + other than a simple chain. + [David Woodhouse <dwmw2@infradead.org>, Steve Henson] + + *) Don't check self signed certificate signatures in X509_verify_cert() + by default (a flag can override this): it just wastes time without + adding any security. As a useful side effect self signed root CAs + with non-FIPS digests are now usable in FIPS mode. + [Steve Henson] + + *) In dtls1_process_out_of_seq_message() the check if the current message + is already buffered was missing. For every new message was memory + allocated, allowing an attacker to perform an denial of service attack + with sending out of seq handshake messages until there is no memory + left. Additionally every future messege was buffered, even if the + sequence number made no sense and would be part of another handshake. + So only messages with sequence numbers less than 10 in advance will be + buffered. (CVE-2009-1378) + [Robin Seggelmann, discovered by Daniel Mentz] + + *) Records are buffered if they arrive with a future epoch to be + processed after finishing the corresponding handshake. There is + currently no limitation to this buffer allowing an attacker to perform + a DOS attack with sending records with future epochs until there is no + memory left. This patch adds the pqueue_size() function to detemine + the size of a buffer and limits the record buffer to 100 entries. + (CVE-2009-1377) + [Robin Seggelmann, discovered by Daniel Mentz] + + *) Keep a copy of frag->msg_header.frag_len so it can be used after the + parent structure is freed. (CVE-2009-1379) + [Daniel Mentz] + + *) Handle non-blocking I/O properly in SSL_shutdown() call. + [Darryl Miles <darryl-mailinglists@netbauds.net>] + + *) Add 2.5.4.* OIDs + [Ilya O. <vrghost@gmail.com>] + + Changes between 0.9.8k and 0.9.8l [5 Nov 2009] + + *) Disable renegotiation completely - this fixes a severe security + problem (CVE-2009-3555) at the cost of breaking all + renegotiation. Renegotiation can be re-enabled by setting + SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at + run-time. This is really not recommended unless you know what + you're doing. + [Ben Laurie] + Changes between 0.9.8j and 0.9.8k [25 Mar 2009] *) Don't set val to NULL when freeing up structures, it is freed up by @@ -86,6 +271,10 @@ Changes between 0.9.8h and 0.9.8i [15 Sep 2008] + *) Fix NULL pointer dereference if a DTLS server received + ChangeCipherSpec as first record (CVE-2009-1386). + [PR #1679] + *) Fix a state transitition in s3_srvr.c and d1_srvr.c (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...). [Nagendra Modadugu] @@ -1489,19 +1678,6 @@ differing sizes. [Richard Levitte] - Changes between 0.9.7m and 0.9.7n [xx XXX xxxx] - - *) In the SSL/TLS server implementation, be strict about session ID - context matching (which matters if an application uses a single - external cache for different purposes). Previously, - out-of-context reuse was forbidden only if SSL_VERIFY_PEER was - set. This did ensure strict client verification, but meant that, - with applications using a single external cache for quite - different requirements, clients could circumvent ciphersuite - restrictions for a given session ID context by starting a session - in a different context. - [Bodo Moeller] - Changes between 0.9.7l and 0.9.7m [23 Feb 2007] *) Cleanse PEM buffers before freeing them since they may contain Modified: stable/8/crypto/openssl/Configure ============================================================================== --- stable/8/crypto/openssl/Configure Sat May 22 16:55:35 2010 (r208418) +++ stable/8/crypto/openssl/Configure Sat May 22 18:40:54 2010 (r208419) @@ -106,6 +106,8 @@ my $usage="Usage: Configure [no-<cipher> my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; +my $strict_warnings = 0; + my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; # MD2_CHAR slags pentium pros @@ -159,14 +161,15 @@ my %table=( "debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o", "debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", "debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::", -"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -g3 -O2 -pipe::(unknown)::::::", +"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -O2 -pipe::(unknown)::::::", +"debug-ben-debug-noopt", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", -"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared", "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -178,6 +181,9 @@ my %table=( "debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn", "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "dist", "cc:-O::(unknown)::::::", # Basic configs that should work on any (32 and less bit) box @@ -203,11 +209,11 @@ my %table=( # actually recommend to consider using gcc shared build even with vendor # compiler:-) # <appro@fy.chalmers.se> -"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### Solaris x86 with Sun C setups "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Solaris with GNU C setups "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", @@ -337,7 +343,7 @@ my %table=( "linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SPARC Linux setups # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently # assisted with debugging of following two configs. @@ -390,7 +396,8 @@ my %table=( # QNX "qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:", -"qnx6", "cc:-DL_ENDIAN -DTERMIOS::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:", +"QNX6", "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"QNX6-i386", "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", #### SCO/Caldera targets. # @@ -520,7 +527,7 @@ my %table=( "darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc64.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", ##### A/UX @@ -581,9 +588,11 @@ my $idx_ranlib = $idx++; my $idx_arflags = $idx++; my $prefix=""; +my $libdir=""; my $openssldir=""; my $exe_ext=""; -my $install_prefix=""; +my $install_prefix= "$ENV{'INSTALL_PREFIX'}"; +my $cross_compile_prefix=""; my $fipslibdir="/usr/local/ssl/fips-1.0/lib/"; my $nofipscanistercheck=0; my $fipsdso=0; @@ -747,6 +756,10 @@ PROCESS_ARGS: { exit(&test_sanity()); } + elsif (/^--strict-warnings/) + { + $strict_warnings = 1; + } elsif (/^reconfigure/ || /^reconf/) { if (open(IN,"<$Makefile")) @@ -816,6 +829,10 @@ PROCESS_ARGS: { $prefix=$1; } + elsif (/^--libdir=(.*)$/) + { + $libdir=$1; + } elsif (/^--openssldir=(.*)$/) { $openssldir=$1; @@ -979,7 +996,8 @@ my $shared_target = $fields[$idx_shared_ my $shared_cflag = $fields[$idx_shared_cflag]; my $shared_ldflag = $fields[$idx_shared_ldflag]; my $shared_extension = $fields[$idx_shared_extension]; -my $ranlib = $fields[$idx_ranlib]; +my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib]; +my $ar = $ENV{'AR'} || "ar"; my $arflags = $fields[$idx_arflags]; if ($fips) @@ -1079,9 +1097,14 @@ if ($openssldir eq "" and $prefix eq "") } $prefix=$openssldir if $prefix eq ""; +$libdir="lib" if $libdir eq ""; + $default_ranlib= &which("ranlib") or $default_ranlib="true"; $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") or $perl="perl"; +my $make = $ENV{'MAKE'} || "make"; + +$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq ""; chop $openssldir if $openssldir =~ /\/$/; chop $prefix if $prefix =~ /.\/$/; @@ -1434,6 +1457,16 @@ if ($shlib_version_number =~ /(^[0-9]*)\ $shlib_minor=$2; } +if ($strict_warnings) + { + my $wopt; + die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/); + foreach $wopt (split /\s+/, $gcc_devteam_warn) + { + $cflags .= " $wopt" unless ($cflags =~ /$wopt/) + } + } + open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n"; unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; @@ -1463,11 +1496,22 @@ while (<IN>) s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/; s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/; s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/; + s/^LIBDIR=.*$/LIBDIR=$libdir/; s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/; s/^PLATFORM=.*$/PLATFORM=$target/; s/^OPTIONS=.*$/OPTIONS=$options/; s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/; - s/^CC=.*$/CC= $cc/; + if ($cross_compile_prefix) + { + s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/; + s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/; + s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/; + } + else { + s/^CC=.*$/CC= $cc/; + s/^AR=\s*ar/AR= $ar/; + s/^RANLIB=.*/RANLIB= $ranlib/; + } s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; s/^CFLAG=.*$/CFLAG= $cflags/; s/^DEPFLAG=.*$/DEPFLAG=$depflags/; @@ -1486,7 +1530,6 @@ while (<IN>) s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/; s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/; s/^PROCESSOR=.*/PROCESSOR= $processor/; - s/^RANLIB=.*/RANLIB= $ranlib/; s/^ARFLAGS=.*/ARFLAGS= $arflags/; s/^PERL=.*/PERL= $perl/; s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/; @@ -1643,9 +1686,20 @@ print OUT "#define OPENSSL_CPUID_OBJ\n\n while (<IN>) { if (/^#define\s+OPENSSLDIR/) - { print OUT "#define OPENSSLDIR \"$openssldir\"\n"; } + { + my $foo = $openssldir; + $foo =~ s/\\/\\\\/g; + print OUT "#define OPENSSLDIR \"$foo\"\n"; + } elsif (/^#define\s+ENGINESDIR/) - { print OUT "#define ENGINESDIR \"$prefix/lib/engines\"\n"; } + { + # $foo is to become "$prefix/lib$multilib/engines"; + # as Makefile.org and engines/Makefile are adapted for + # $multilib suffix. + my $foo = "$prefix/lib/engines"; + $foo =~ s/\\/\\\\/g; + print OUT "#define ENGINESDIR \"$foo\"\n"; + } elsif (/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/) { printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n" if $export_var_as_fn; @@ -1750,7 +1804,7 @@ if($IsMK1MF) { EOF close(OUT); } else { - my $make_command = "make PERL=\'$perl\'"; + my $make_command = "$make PERL=\'$perl\'"; my $make_targets = ""; $make_targets .= " links" if $symlink; $make_targets .= " depend" if $depflags ne $default_depflags && $make_depend; Modified: stable/8/crypto/openssl/FAQ ============================================================================== --- stable/8/crypto/openssl/FAQ Sat May 22 16:55:35 2010 (r208418) +++ stable/8/crypto/openssl/FAQ Sat May 22 18:40:54 2010 (r208419) @@ -78,7 +78,7 @@ OpenSSL - Frequently Asked Questions * Which is the current version of OpenSSL? The current version is available from <URL: http://www.openssl.org>. -OpenSSL 0.9.8k was released on Mar 25th, 2009. +OpenSSL 0.9.8n was released on Mar 24th, 2010. In addition to the current stable release, you can also access daily snapshots of the OpenSSL development version at <URL: Modified: stable/8/crypto/openssl/Makefile ============================================================================== --- stable/8/crypto/openssl/Makefile Sat May 22 16:55:35 2010 (r208418) +++ stable/8/crypto/openssl/Makefile Sat May 22 18:40:54 2010 (r208419) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=0.9.8k +VERSION=0.9.8n MAJOR=0 MINOR=9.8 SHLIB_VERSION_NUMBER=0.9.8 @@ -66,13 +66,14 @@ PEX_LIBS= EX_LIBS= EXE_EXT= ARFLAGS= -AR=ar $(ARFLAGS) r +AR= ar $(ARFLAGS) r ARD=ar $(ARFLAGS) d RANLIB= /usr/bin/ranlib PERL= /usr/bin/perl TAR= tar TARFLAGS= --no-recursion MAKEDEPPROG=makedepend +LIBDIR=lib # We let the C compiler driver to take care of .s files. This is done in # order to be excused from maintaining a separate set of architecture @@ -202,9 +203,10 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESS CC='${CC}' CFLAG='${CFLAG}' \ AS='${CC}' ASFLAG='${CFLAG} -c' \ AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \ - SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \ + SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/$(LIBDIR)' \ INSTALL_PREFIX='${INSTALL_PREFIX}' \ INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \ + LIBDIR='${LIBDIR}' \ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \ MAKEDEPPROG='${MAKEDEPPROG}' \ @@ -335,15 +337,15 @@ build_crypto: dir=crypto; target=all; $(BUILD_ONE_CMD) build_fips: @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD) -build_ssl: +build_ssl: build_crypto @dir=ssl; target=all; $(BUILD_ONE_CMD) -build_engines: +build_engines: build_crypto @dir=engines; target=all; $(BUILD_ONE_CMD) -build_apps: +build_apps: build_libs @dir=apps; target=all; $(BUILD_ONE_CMD) -build_tests: +build_tests: build_libs @dir=test; target=all; $(BUILD_ONE_CMD) -build_tools: +build_tools: build_libs @dir=tools; target=all; $(BUILD_ONE_CMD) all_testapps: build_libs build_testapps @@ -359,7 +361,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a $(SHA $(AR) libcrypto.a fips/fipscanister.o ; \ else \ if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \ - FIPSLD_CC=$(CC); CC=fips/fipsld; \ + FIPSLD_CC="$(CC)"; CC=fips/fipsld; \ export CC FIPSLD_CC; \ fi; \ $(MAKE) -e SHLIBDIRS='crypto' build-shared; \ @@ -382,7 +384,7 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT fips/fipscanister.o: build_fips libfips$(SHLIB_EXT): fips/fipscanister.o @if [ "$(SHLIB_TARGET)" != "" ]; then \ - FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \ + FIPSLD_CC="$(CC)"; CC=fips/fipsld; export CC FIPSLD_CC; \ $(MAKE) -f Makefile.shared -e $(BUILDENV) \ CC=$${CC} LIBNAME=fips THIS=$@ \ LIBEXTRAS=fips/fipscanister.o \ @@ -438,7 +440,7 @@ do_$(SHLIB_TARGET): libcrypto.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/lib'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL-libcrypto'; \ @@ -451,7 +453,7 @@ libcrypto.pc: Makefile libssl.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/lib'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL'; \ @@ -464,7 +466,7 @@ libssl.pc: Makefile openssl.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/lib'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL'; \ @@ -519,12 +521,14 @@ dclean: @set -e; target=dclean; $(RECURSIVE_BUILD_CMD) rehash: rehash.time -rehash.time: certs - @(OPENSSL="`pwd`/util/opensslwrap.sh"; \ - OPENSSL_DEBUG_MEMORY=on; \ - export OPENSSL OPENSSL_DEBUG_MEMORY; \ - $(PERL) tools/c_rehash certs) - touch rehash.time +rehash.time: certs apps + @if [ -z "$(CROSS_COMPILE)" ]; then \ + (OPENSSL="`pwd`/util/opensslwrap.sh"; \ + OPENSSL_DEBUG_MEMORY=on; \ + export OPENSSL OPENSSL_DEBUG_MEMORY; \ + $(PERL) tools/c_rehash certs) && \ + touch rehash.time; \ + fi test: tests @@ -617,9 +621,9 @@ install: all install_docs install_sw install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ @@ -634,10 +638,10 @@ install_sw: do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \ fi; \ done; @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ @@ -647,22 +651,22 @@ install_sw: if [ -f "$$i" -o -f "$$i.a" ]; then \ ( echo installing $$i; \ if [ "$(PLATFORM)" != "Cygwin" ]; then \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ else \ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ fi ); \ fi; \ done; \ ( here="`pwd`"; \ - cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ + cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \ $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \ if [ "$(INSTALLTOP)" != "/usr" ]; then \ echo 'OpenSSL shared libraries have been installed in:'; \ @@ -671,12 +675,12 @@ install_sw: sed -e '1,/^$$/d' doc/openssl-shared.txt; \ fi; \ fi - cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc - cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc - cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc + cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc + cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc + cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc install_docs: @$(PERL) $(TOP)/util/mkdir-p.pl \ @@ -684,7 +688,7 @@ install_docs: $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 - @pod2man="`cd util; ./pod2mantest $(PERL)`"; \ + @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ here="`pwd`"; \ filecase=; \ if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \ Modified: stable/8/crypto/openssl/Makefile.org ============================================================================== --- stable/8/crypto/openssl/Makefile.org Sat May 22 16:55:35 2010 (r208418) +++ stable/8/crypto/openssl/Makefile.org Sat May 22 18:40:54 2010 (r208419) @@ -71,6 +71,7 @@ PERL= perl TAR= tar TARFLAGS= --no-recursion MAKEDEPPROG=makedepend +LIBDIR=lib # We let the C compiler driver to take care of .s files. This is done in # order to be excused from maintaining a separate set of architecture @@ -112,7 +113,7 @@ LIBZLIB= # $(INSTALLTOP) for this build make be different so hard # code the path. -FIPSLIBDIR=/usr/local/ssl/lib/ +FIPSLIBDIR=/usr/local/ssl/$(LIBDIR)/ # This is set to "y" if fipscanister.o is compiled internally as # opposed to coming from an external validated location. @@ -200,9 +201,10 @@ BUILDENV= PLATFORM='${PLATFORM}' PROCESS CC='${CC}' CFLAG='${CFLAG}' \ AS='${CC}' ASFLAG='${CFLAG} -c' \ AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \ - SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \ + SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/$(LIBDIR)' \ INSTALL_PREFIX='${INSTALL_PREFIX}' \ INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \ + LIBDIR='${LIBDIR}' \ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \ DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \ MAKEDEPPROG='${MAKEDEPPROG}' \ @@ -333,15 +335,15 @@ build_crypto: dir=crypto; target=all; $(BUILD_ONE_CMD) build_fips: @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD) -build_ssl: +build_ssl: build_crypto @dir=ssl; target=all; $(BUILD_ONE_CMD) -build_engines: +build_engines: build_crypto @dir=engines; target=all; $(BUILD_ONE_CMD) -build_apps: +build_apps: build_libs @dir=apps; target=all; $(BUILD_ONE_CMD) -build_tests: +build_tests: build_libs @dir=test; target=all; $(BUILD_ONE_CMD) -build_tools: +build_tools: build_libs @dir=tools; target=all; $(BUILD_ONE_CMD) all_testapps: build_libs build_testapps @@ -357,7 +359,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a $(SHA $(AR) libcrypto.a fips/fipscanister.o ; \ else \ if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \ - FIPSLD_CC=$(CC); CC=fips/fipsld; \ + FIPSLD_CC="$(CC)"; CC=fips/fipsld; \ export CC FIPSLD_CC; \ fi; \ $(MAKE) -e SHLIBDIRS='crypto' build-shared; \ @@ -380,7 +382,7 @@ libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT fips/fipscanister.o: build_fips libfips$(SHLIB_EXT): fips/fipscanister.o @if [ "$(SHLIB_TARGET)" != "" ]; then \ - FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \ + FIPSLD_CC="$(CC)"; CC=fips/fipsld; export CC FIPSLD_CC; \ $(MAKE) -f Makefile.shared -e $(BUILDENV) \ CC=$${CC} LIBNAME=fips THIS=$@ \ LIBEXTRAS=fips/fipscanister.o \ @@ -436,7 +438,7 @@ do_$(SHLIB_TARGET): libcrypto.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/lib'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL-libcrypto'; \ @@ -449,7 +451,7 @@ libcrypto.pc: Makefile libssl.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/lib'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL'; \ @@ -462,7 +464,7 @@ libssl.pc: Makefile openssl.pc: Makefile @ ( echo 'prefix=$(INSTALLTOP)'; \ echo 'exec_prefix=$${prefix}'; \ - echo 'libdir=$${exec_prefix}/lib'; \ + echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \ echo 'includedir=$${prefix}/include'; \ echo ''; \ echo 'Name: OpenSSL'; \ @@ -517,12 +519,14 @@ dclean: @set -e; target=dclean; $(RECURSIVE_BUILD_CMD) rehash: rehash.time -rehash.time: certs - @(OPENSSL="`pwd`/util/opensslwrap.sh"; \ - OPENSSL_DEBUG_MEMORY=on; \ - export OPENSSL OPENSSL_DEBUG_MEMORY; \ - $(PERL) tools/c_rehash certs) - touch rehash.time +rehash.time: certs apps + @if [ -z "$(CROSS_COMPILE)" ]; then \ + (OPENSSL="`pwd`/util/opensslwrap.sh"; \ + OPENSSL_DEBUG_MEMORY=on; \ + export OPENSSL OPENSSL_DEBUG_MEMORY; \ + $(PERL) tools/c_rehash certs) && \ + touch rehash.time; \ + fi test: tests @@ -615,9 +619,9 @@ install: all install_docs install_sw install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \ - $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \ @@ -632,10 +636,10 @@ install_sw: do \ if [ -f "$$i" ]; then \ ( echo installing $$i; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i ); \ fi; \ done; @set -e; if [ -n "$(SHARED_LIBS)" ]; then \ @@ -645,22 +649,22 @@ install_sw: if [ -f "$$i" -o -f "$$i.a" ]; then \ ( echo installing $$i; \ if [ "$(PLATFORM)" != "Cygwin" ]; then \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ else \ c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \ cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \ - cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \ + cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \ + mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \ fi ); \ fi; \ done; \ ( here="`pwd`"; \ - cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \ + cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR); \ $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \ if [ "$(INSTALLTOP)" != "/usr" ]; then \ echo 'OpenSSL shared libraries have been installed in:'; \ @@ -669,12 +673,12 @@ install_sw: sed -e '1,/^$$/d' doc/openssl-shared.txt; \ fi; \ fi - cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc - cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc - cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig - chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc + cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libcrypto.pc + cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/libssl.pc + cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig/openssl.pc install_docs: @$(PERL) $(TOP)/util/mkdir-p.pl \ @@ -682,7 +686,7 @@ install_docs: $(INSTALL_PREFIX)$(MANDIR)/man3 \ $(INSTALL_PREFIX)$(MANDIR)/man5 \ $(INSTALL_PREFIX)$(MANDIR)/man7 - @pod2man="`cd util; ./pod2mantest $(PERL)`"; \ + @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \ here="`pwd`"; \ filecase=; \ if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \ Modified: stable/8/crypto/openssl/NEWS ============================================================================== --- stable/8/crypto/openssl/NEWS Sat May 22 16:55:35 2010 (r208418) +++ stable/8/crypto/openssl/NEWS Sat May 22 18:40:54 2010 (r208419) @@ -5,6 +5,27 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n: + + o CFB cipher definition fixes. + o Fix security issues CVE-2010-0740 and CVE-2010-0433. + + Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m: + + o Cipher definition fixes. + o Workaround for slow RAND_poll() on some WIN32 versions. + o Remove MD2 from algorithm tables. + o SPKAC handling fixes. + o Support for RFC5746 TLS renegotiation extension. + o Compression memory leak fixed. + o Compression session resumption fixed. + o Ticket and SNI coexistence fixes. + o Many fixes to DTLS handling. + + Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l: + + o Temporary work around for CVE-2009-3555: disable renegotiation. + Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k: o Fix various build issues. Modified: stable/8/crypto/openssl/README ============================================================================== --- stable/8/crypto/openssl/README Sat May 22 16:55:35 2010 (r208418) +++ stable/8/crypto/openssl/README Sat May 22 18:40:54 2010 (r208419) @@ -1,7 +1,7 @@ - OpenSSL 0.9.8k + OpenSSL 0.9.8n - Copyright (c) 1998-2008 The OpenSSL Project + Copyright (c) 1998-2009 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson All rights reserved. @@ -112,8 +112,6 @@ should be contacted if that algorithm is to be used; their web page is http://www.ascom.ch/. - The MDC2 algorithm is patented by IBM. - NTT and Mitsubishi have patents and pending patents on the Camellia algorithm, but allow use at no charge without requiring an explicit licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html @@ -139,6 +137,9 @@ SUPPORT ------- + See the OpenSSL website www.openssl.org for details of how to obtain + commercial technical support. + If you have any problems with OpenSSL then please take the following steps first: @@ -165,6 +166,10 @@ openssl-bugs@openssl.org + Note that the request tracker should NOT be used for general assistance + or support queries. Just because something doesn't work the way you expect + does not mean it is necessarily a bug in OpenSSL. + Note that mail to openssl-bugs@openssl.org is recorded in the publicly readable request tracker database and is forwarded to a public mailing list. Confidential mail may be sent to openssl-security@openssl.org @@ -175,10 +180,22 @@ Development is coordinated on the openssl-dev mailing list (see http://www.openssl.org for information on subscribing). If you - would like to submit a patch, send it to openssl-dev@openssl.org with + would like to submit a patch, send it to openssl-bugs@openssl.org with the string "[PATCH]" in the subject. Please be sure to include a textual explanation of what your patch does. + If you are unsure as to whether a feature will be useful for the general + OpenSSL community please discuss it on the openssl-dev mailing list first. + Someone may be already working on the same thing or there may be a good + reason as to why that feature isn't implemented. + + Patches should be as up to date as possible, preferably relative to the + current CVS or the last snapshot. They should follow the coding style of + OpenSSL and compile without warnings. Some of the core team developer targets + can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL + compiles on many varied platforms: try to ensure you only use portable + features. + Note: For legal reasons, contributions from the US can be accepted only if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov (formerly BXA) with a copy to the ENC Encryption Request Coordinator; Modified: stable/8/crypto/openssl/apps/CA.sh ============================================================================== --- stable/8/crypto/openssl/apps/CA.sh Sat May 22 16:55:35 2010 (r208418) +++ stable/8/crypto/openssl/apps/CA.sh Sat May 22 18:40:54 2010 (r208419) @@ -5,10 +5,10 @@ # things easier between now and when Eric is convinced to fix it :-) # # CA -newca ... will setup the right stuff -# CA -newreq ... will generate a certificate request -# CA -sign ... will sign the generated request and output +# CA -newreq ... will generate a certificate request +# CA -sign ... will sign the generated request and output # -# At the end of that grab newreq.pem and newcert.pem (one has the key +# At the end of that grab newreq.pem and newcert.pem (one has the key # and the other the certificate) and cat them together and that is what # you want/need ... I'll make even this a little cleaner later. # @@ -16,8 +16,8 @@ # 12-Jan-96 tjh Added more things ... including CA -signcert which # converts a certificate to a request and then signs it. # 10-Jan-96 eay Fixed a few more bugs and added the SSLEAY_CONFIG -# environment variable so this can be driven from -# a script. +# environment variable so this can be driven from +# a script. # 25-Jul-96 eay Cleaned up filenames some more. # 11-Jun-96 eay Fixed a few filename missmatches. # 03-May-96 eay Modified to use 'ssleay cmd' instead of 'cmd'. @@ -29,52 +29,87 @@ *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201005221840.o4MIetjM037784>