author: Dirk Meyer <dinoex@FreeBSD.org> 2010-01-20 14:56:53 +0000
committer: Dirk Meyer <dinoex@FreeBSD.org> 2010-01-20 14:56:53 +0000
commit: c7131cd5e3945056a93068b259fb6fb765eaac50 (patch)
tree: f65a7f92dc37acfa9e7a5517953ac8a5e5cec998 /security
parent: ec0c37ec67e43eb53e239d88fe020e2d9d88e5bb (diff)
2 files changed, 46 insertions, 4 deletions
diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 9760ff44e455..00695c3a3189 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -7,7 +7,7 @@
 
 PORTNAME=	openssl
 PORTVERSION=	0.9.8l
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/%SUBDIR%/ \
 		ftp://ftp.openssl.org/%SUBDIR%/ \
@@ -33,7 +33,7 @@ OPTIONS=	I386	"Use optimzed assembler for 80386" off \
 		SSE2	"Use runtime SSE2 detection" on \
 		ZLIB	"Build with zlib compression" on \
 
-EXTRACONFIGURE=	enable-camellia
+EXTRACONFIGURE+=	enable-camellia
 MAKE_ARGS+=		WHOLE_ARCHIVE_FLAG=--whole-archive
 MAKE_ENV+=		LIBRPATH="${PREFIX}/lib"
 NOPRECIOUSMAKEVARS=	Too many _MLINKS for fetch
@@ -857,7 +857,7 @@ OPENSSL_SHLIBVER_BASE=	${OPENSSL_BASE_SONAME:E}
 OPENSSL_BASE_SOPATH=	${OPENSSL_BASE_SONAME:H}
 OPENSSL_SHLIBVER?=	7
 
-.if !defined(WITHOUT_SSE2)
+.if defined(WITHOUT_SSE2)
 # disable runtime SSE2 detection
 EXTRACONFIGURE+=	no-sse2
 .endif
@@ -914,7 +914,6 @@ do-configure:
 .else
 	cd ${WRKSRC} \
 	&& ${SETENV} CC="${CC}" FREEBSDCC="${CC}" CFLAGS="${CFLAGS}" PERL="${PERL}" \
-		PTHREAD_CFLAGS=${PTHREAD_CFLAGS} \
 	./config --prefix=${PREFIX} --openssldir=${OPENSSLDIR} \
 		-L${PREFIX}/lib ${EXTRACONFIGURE}
 .endif
diff --git a/security/openssl/files/patch-CVE-2009-4355 b/security/openssl/files/patch-CVE-2009-4355
new file mode 100644
index 000000000000..7b4809010002
--- /dev/null
+++ b/security/openssl/files/patch-CVE-2009-4355
@@ -0,0 +1,43 @@
+Index: crypto/comp/c_zlib.c
+RCS File: crypto/comp/c_zlib.c,v
+rcsdiff -q -kk '-r1.15.2.7' '-r1.15.2.8' -u 'crypto/comp/c_zlib.c,v' 2>/dev/null
+--- c_zlib.c	2008/12/13 17:00:53	1.15.2.7
++++ c_zlib.c	2010/01/13 18:45:03	1.15.2.8
+@@ -136,15 +136,6 @@
+ 
+ static int zlib_stateful_ex_idx = -1;
+ 
+-static void zlib_stateful_free_ex_data(void *obj, void *item,
+-	CRYPTO_EX_DATA *ad, int ind,long argl, void *argp)
+-	{
+-	struct zlib_state *state = (struct zlib_state *)item;
+-	inflateEnd(&state->istream);
+-	deflateEnd(&state->ostream);
+-	OPENSSL_free(state);
+-	}
+-
+ static int zlib_stateful_init(COMP_CTX *ctx)
+ 	{
+ 	int err;
+@@ -188,6 +179,12 @@
+ 
+ static void zlib_stateful_finish(COMP_CTX *ctx)
+ 	{
++	struct zlib_state *state =
++		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
++			zlib_stateful_ex_idx);
++	inflateEnd(&state->istream);
++	deflateEnd(&state->ostream);
++	OPENSSL_free(state);
+ 	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
+ 	}
+ 
+@@ -402,7 +399,7 @@
+ 			if (zlib_stateful_ex_idx == -1)
+ 				zlib_stateful_ex_idx =
+ 					CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
+-						0,NULL,NULL,NULL,zlib_stateful_free_ex_data);
++						0,NULL,NULL,NULL,NULL);
+ 			CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
+ 			if (zlib_stateful_ex_idx == -1)
+ 				goto err;
author	Dirk Meyer <dinoex@FreeBSD.org>	2010-01-20 14:56:53 +0000
committer	Dirk Meyer <dinoex@FreeBSD.org>	2010-01-20 14:56:53 +0000
commit	c7131cd5e3945056a93068b259fb6fb765eaac50 (patch)
tree	f65a7f92dc37acfa9e7a5517953ac8a5e5cec998 /security
parent	ec0c37ec67e43eb53e239d88fe020e2d9d88e5bb (diff)