PERFORCE change 40233 for review

Robert Watson rwatson at FreeBSD.org
Thu Oct 23 02:17:09 GMT 2003


http://perforce.freebsd.org/chv.cgi?CH=40233

Change 40233 by rwatson at rwatson_paprika on 2003/10/22 19:16:17

	Integrate trustedbsd_sebsd crypto tree forward to 39070, the last
	major integration of the trustedbsd_mac branch, which brings in
	many of the major changes in the last four months to the main
	FreeBSD tree.  This includes substantial lock pushdown, threading
	bug fixes, compiler upgrades, et al.  The crypto tree includes
	OpenSSH and OpenSSL updates with various security fixes, et al.
	This make break parts of the SEBSD build until the remainder of
	the integration is done.

Affected files ...

.. //depot/projects/trustedbsd/sebsd/crypto/openssh/FREEBSD-tricks#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssh/auth-chall.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssh/auth2-pam-freebsd.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssh/buffer.c#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssh/channels.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssh/deattack.c#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssh/misc.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssh/session.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssh/ssh-agent.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssh/ssh_config#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssh/ssh_config.5#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssh/sshd_config#5 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssh/sshd_config.5#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssh/version.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/CHANGES#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/Configure#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/FAQ#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/FREEBSD-Xlist#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/LICENSE#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/Makefile.org#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/Makefile.ssl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/NEWS#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/PROBLEMS#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/README#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/CA.pl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/Makefile.ssl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/apps.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/ca.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/crl.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/der_chop#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/engine.c#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/ocsp.c#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/openssl.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/pkcs8.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/s_apps.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/s_client.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/s_server.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/smime.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/apps/x509.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/bugs/SSLv3#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/config#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/aes/aes.h#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/aes/aes_cbc.c#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/aes/aes_ctr.c#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/asn1/a_mbstr.c#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/asn1/a_strex.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/asn1/a_strnid.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/asn1/asn1.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/asn1/asn1_lib.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/asn1/tasn_dec.c#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/bio/b_print.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/bio/bf_buff.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/bio/bss_bio.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/bio/bss_file.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/bn/Makefile.ssl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/bn/bn.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/bn/bn_mul.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/bn/bntest.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/bn/exptest.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/des/cfb_enc.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/des/destest.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/dh/Makefile.ssl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/dh/dh_key.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/dh/dhtest.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/dsa/Makefile.ssl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/dsa/dsa_ossl.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/dsa/dsa_sign.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/dsa/dsa_vrf.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/dsa/dsatest.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/dso/dso_dlfcn.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/ec/ec_mult.c#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/engine/eng_fat.c#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/engine/engine.h#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/engine/hw_ubsec.c#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/err/err.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/err/err.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/evp/Makefile.ssl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/evp/bio_b64.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/evp/bio_enc.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/evp/c_all.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/evp/digest.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/evp/evp_acnf.c#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/md2/md2test.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/md5/Makefile.ssl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/md5/asm/md5-586.pl#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/md5/asm/md5-sparcv9.S#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/o_time.c#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/ocsp/ocsp_ht.c#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/opensslconf.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/opensslv.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/perlasm/x86ms.pl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/perlasm/x86nasm.pl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/perlasm/x86unix.pl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/pkcs12/p12_npas.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/pkcs7/pk7_doit.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/pkcs7/pk7_mime.c#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/pkcs7/pk7_smime.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/pkcs7/pkcs7.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/rand/rand_win.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/rsa/Makefile.ssl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/rsa/rsa.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/rsa/rsa_eay.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/rsa/rsa_lib.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/rsa/rsa_sign.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/rsa/rsa_test.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/threads/mttest.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/threads/solaris.sh#2 delete
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/x509/by_file.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/x509/x509_trs.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/x509/x509_vfy.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/x509/x509type.c#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/x509v3/v3_conf.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/x509v3/v3_cpols.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/x509v3/v3_lib.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/crypto/x509v3/v3_prn.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/demos/engines/zencod/hw_zencod.h#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/HOWTO/certificates.txt#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/HOWTO/keys.txt#1 branch
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/apps/ca.pod#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/apps/ocsp.pod#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/apps/s_client.pod#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/apps/s_server.pod#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/crypto/BIO_f_base64.pod#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/crypto/BIO_f_cipher.pod#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/openssl-shared.txt#1 branch
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/ssl/SSL_CTX_free.pod#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/ssl/SSL_accept.pod#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/doc/ssl/SSL_connect.pod#2 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/e_os.h#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/openssl.spec#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/ssl/kssl.c#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/ssl/kssl.h#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/ssl/s3_clnt.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/ssl/s3_srvr.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/ssl/ssl_ciph.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/ssl/ssl_lib.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/ssl/ssl_rsa.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/ssl/ssl_sess.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/ssl/ssltest.c#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/test/Makefile.ssl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/test/evptests.txt#1 branch
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/tools/c_rehash#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/util/extract-names.pl#3 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/util/libeay.num#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/util/mk1mf.pl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/util/mkdef.pl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/util/mkerr.pl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/util/pl/Mingw32.pl#4 integrate
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/util/pl/Mingw32f.pl#2 delete
.. //depot/projects/trustedbsd/sebsd/crypto/openssl/util/point.sh#4 integrate

Differences ...

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/FREEBSD-tricks#4 (text+ko) ====

@@ -1,8 +1,8 @@
-# $FreeBSD: src/crypto/openssh/FREEBSD-tricks,v 1.3 2003/04/23 17:21:55 des Exp $
+# $FreeBSD: src/crypto/openssh/FREEBSD-tricks,v 1.4 2003/09/19 11:29:51 des Exp $
 
 # Shell code to remove FreeBSD tags before merging
 grep -rl '\$Fre.BSD:' . >tags
-while read f < tags ; do
+cat tags | while read f ; do
     sed -i.orig -e '/\$Fre.BSD:/d' $f
 done
 
@@ -11,7 +11,7 @@
 xargs perl -n -i.orig -e 'print; s/\$(Id|OpenBSD): [^\$]*\$/\$FreeBSD\$/ && print'
 
 # Shell code to reexpand FreeBSD tags
-while read f < tags ; do
+cat tags | while read f ; do
     id=$(cvs diff $f | grep '\$Fre.BSD:' | sed 's/.*\(\$Fre.BSD:.*\$\).*/\1/') ;
     if [ -n "$id" ] ; then
         sed -i.orig -e "s@\\\$Fre.BSD\\\$@$id@" $f ;

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/auth-chall.c#4 (text+ko) ====

@@ -24,7 +24,7 @@
 
 #include "includes.h"
 RCSID("$OpenBSD: auth-chall.c,v 1.8 2001/05/18 14:13:28 markus Exp $");
-RCSID("$FreeBSD: src/crypto/openssh/auth-chall.c,v 1.6 2003/03/31 13:45:36 des Exp $");
+RCSID("$FreeBSD: src/crypto/openssh/auth-chall.c,v 1.7 2003/09/24 18:24:27 des Exp $");
 
 #include "auth.h"
 #include "log.h"
@@ -93,7 +93,7 @@
 			xfree(info);
 		}
 		/* if we received more prompts, we're screwed */
-		res = (numprompts != 0);
+		res = (res == 0 && numprompts == 0) ? 0 : -1;
 	}
 	device->free_ctx(authctxt->kbdintctxt);
 	authctxt->kbdintctxt = NULL;

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/auth2-pam-freebsd.c#4 (text+ko) ====

@@ -30,7 +30,7 @@
  */
 
 #include "includes.h"
-RCSID("$FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.11 2003/03/31 13:48:18 des Exp $");
+RCSID("$FreeBSD: src/crypto/openssh/auth2-pam-freebsd.c,v 1.13 2003/09/24 19:11:52 des Exp $");
 
 #ifdef USE_PAM
 #include <security/pam_appl.h>
@@ -134,8 +134,8 @@
 	*resp = xmalloc(n * sizeof **resp);
 	buffer_init(&buffer);
 	for (i = 0; i < n; ++i) {
-		resp[i]->resp_retcode = 0;
-		resp[i]->resp = NULL;
+		(*resp)[i].resp_retcode = 0;
+		(*resp)[i].resp = NULL;
 		switch (msg[i]->msg_style) {
 		case PAM_PROMPT_ECHO_OFF:
 			buffer_put_cstring(&buffer, msg[i]->msg);
@@ -143,7 +143,7 @@
 			ssh_msg_recv(ctxt->pam_csock, &buffer);
 			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
 				goto fail;
-			resp[i]->resp = buffer_get_string(&buffer, NULL);
+			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
 			break;
 		case PAM_PROMPT_ECHO_ON:
 			buffer_put_cstring(&buffer, msg[i]->msg);
@@ -151,7 +151,7 @@
 			ssh_msg_recv(ctxt->pam_csock, &buffer);
 			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
 				goto fail;
-			resp[i]->resp = buffer_get_string(&buffer, NULL);
+			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
 			break;
 		case PAM_ERROR_MSG:
 			buffer_put_cstring(&buffer, msg[i]->msg);
@@ -169,8 +169,6 @@
 	buffer_free(&buffer);
 	return (PAM_SUCCESS);
  fail:
-	while (i)
-		xfree(resp[--i]);
 	xfree(*resp);
 	*resp = NULL;
 	buffer_free(&buffer);
@@ -550,20 +548,20 @@
 	for (i = 0; i < n; ++i) {
 		switch (msg[i]->msg_style) {
 		case PAM_PROMPT_ECHO_OFF:
-			resp[i]->resp =
+			(*resp)[i].resp =
 			    read_passphrase(msg[i]->msg, RP_ALLOW_STDIN);
-			resp[i]->resp_retcode = PAM_SUCCESS;
+			(*resp)[i].resp_retcode = PAM_SUCCESS;
 			break;
 		case PAM_PROMPT_ECHO_ON:
 			fputs(msg[i]->msg, stderr);
 			fgets(input, sizeof input, stdin);
-			resp[i]->resp = xstrdup(input);
-			resp[i]->resp_retcode = PAM_SUCCESS;
+			(*resp)[i].resp = xstrdup(input);
+			(*resp)[i].resp_retcode = PAM_SUCCESS;
 			break;
 		case PAM_ERROR_MSG:
 		case PAM_TEXT_INFO:
 			fputs(msg[i]->msg, stderr);
-			resp[i]->resp_retcode = PAM_SUCCESS;
+			(*resp)[i].resp_retcode = PAM_SUCCESS;
 			break;
 		default:
 			goto fail;
@@ -571,8 +569,6 @@
 	}
 	return (PAM_SUCCESS);
  fail:
-	while (i)
-		xfree(resp[--i]);
 	xfree(*resp);
 	*resp = NULL;
 	return (PAM_CONV_ERR);

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/buffer.c#2 (text+ko) ====

@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: buffer.c,v 1.16 2002/06/26 08:54:18 markus Exp $");
+RCSID("$OpenBSD: buffer.c,v 1.17 2003/09/16 03:03:47 deraadt Exp $");
 
 #include "xmalloc.h"
 #include "buffer.h"
@@ -23,8 +23,11 @@
 void
 buffer_init(Buffer *buffer)
 {
-	buffer->alloc = 4096;
-	buffer->buf = xmalloc(buffer->alloc);
+	const u_int len = 4096;
+
+	buffer->alloc = 0;
+	buffer->buf = xmalloc(len);
+	buffer->alloc = len;
 	buffer->offset = 0;
 	buffer->end = 0;
 }
@@ -34,8 +37,10 @@
 void
 buffer_free(Buffer *buffer)
 {
-	memset(buffer->buf, 0, buffer->alloc);
-	xfree(buffer->buf);
+	if (buffer->alloc > 0) {
+		memset(buffer->buf, 0, buffer->alloc);
+		xfree(buffer->buf);
+	}
 }
 
 /*
@@ -69,6 +74,7 @@
 void *
 buffer_append_space(Buffer *buffer, u_int len)
 {
+	u_int newlen;
 	void *p;
 
 	if (len > 0x100000)
@@ -98,11 +104,13 @@
 		goto restart;
 	}
 	/* Increase the size of the buffer and retry. */
-	buffer->alloc += len + 32768;
-	if (buffer->alloc > 0xa00000)
+	
+	newlen = buffer->alloc + len + 32768;
+	if (newlen > 0xa00000)
 		fatal("buffer_append_space: alloc %u not supported",
-		    buffer->alloc);
-	buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+		    newlen);
+	buffer->buf = xrealloc(buffer->buf, newlen);
+	buffer->alloc = newlen;
 	goto restart;
 	/* NOTREACHED */
 }

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/channels.c#4 (text+ko) ====

@@ -229,12 +229,13 @@
 	if (found == -1) {
 		/* There are no free slots.  Take last+1 slot and expand the array.  */
 		found = channels_alloc;
-		channels_alloc += 10;
 		if (channels_alloc > 10000)
 			fatal("channel_new: internal error: channels_alloc %d "
 			    "too big.", channels_alloc);
+		channels = xrealloc(channels,
+		    (channels_alloc + 10) * sizeof(Channel *));
+		channels_alloc += 10;
 		debug2("channel: expanding %d", channels_alloc);
-		channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
 		for (i = found; i < channels_alloc; i++)
 			channels[i] = NULL;
 	}

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/deattack.c#2 (text+ko) ====

@@ -100,12 +100,12 @@
 
 	if (h == NULL) {
 		debug("Installing crc compensation attack detector.");
+		h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
 		n = l;
-		h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE);
 	} else {
 		if (l > n) {
+			h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
 			n = l;
-			h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE);
 		}
 	}
 

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/misc.c#4 (text+ko) ====

@@ -308,18 +308,21 @@
 {
 	va_list ap;
 	char buf[1024];
+	int nalloc;
 
 	va_start(ap, fmt);
 	vsnprintf(buf, sizeof(buf), fmt, ap);
 	va_end(ap);
 
+	nalloc = args->nalloc;
 	if (args->list == NULL) {
-		args->nalloc = 32;
+		nalloc = 32;
 		args->num = 0;
-	} else if (args->num+2 >= args->nalloc)
-		args->nalloc *= 2;
+	} else if (args->num+2 >= nalloc)
+		nalloc *= 2;
 
-	args->list = xrealloc(args->list, args->nalloc * sizeof(char *));
+	args->list = xrealloc(args->list, nalloc * sizeof(char *));
+	args->nalloc = nalloc;
 	args->list[args->num++] = xstrdup(buf);
 	args->list[args->num] = NULL;
 }

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/session.c#4 (text+ko) ====

@@ -34,7 +34,7 @@
 
 #include "includes.h"
 RCSID("$OpenBSD: session.c,v 1.154 2003/03/05 22:33:43 markus Exp $");
-RCSID("$FreeBSD: src/crypto/openssh/session.c,v 1.40 2003/04/23 17:10:53 des Exp $");
+RCSID("$FreeBSD: src/crypto/openssh/session.c,v 1.41 2003/09/17 14:36:14 nectar Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -863,8 +863,9 @@
 child_set_env(char ***envp, u_int *envsizep, const char *name,
 	const char *value)
 {
+	char **env;
+	u_int envsize;
 	u_int i, namelen;
-	char **env;
 
 	/*
 	 * Find the slot where the value should be stored.  If the variable
@@ -881,12 +882,13 @@
 		xfree(env[i]);
 	} else {
 		/* New variable.  Expand if necessary. */
-		if (i >= (*envsizep) - 1) {
-			if (*envsizep >= 1000)
-				fatal("child_set_env: too many env vars,"
-				    " skipping: %.100s", name);
-			(*envsizep) += 50;
-			env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
+		envsize = *envsizep;
+		if (i >= envsize - 1) {
+			if (envsize >= 1000)
+				fatal("child_set_env: too many env vars");
+			envsize += 50;
+			env = (*envp) = xrealloc(env, envsize * sizeof(char *));
+			*envsizep = envsize;
 		}
 		/* Need to set the NULL pointer at end of array beyond the new slot. */
 		env[i + 1] = NULL;

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/ssh-agent.c#4 (text+ko) ====

@@ -36,7 +36,7 @@
 #include "includes.h"
 #include "openbsd-compat/sys-queue.h"
 RCSID("$OpenBSD: ssh-agent.c,v 1.108 2003/03/13 11:44:50 markus Exp $");
-RCSID("$FreeBSD: src/crypto/openssh/ssh-agent.c,v 1.18 2003/04/23 17:10:53 des Exp $");
+RCSID("$FreeBSD: src/crypto/openssh/ssh-agent.c,v 1.19 2003/09/17 14:36:14 nectar Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -768,7 +768,7 @@
 static void
 new_socket(sock_type type, int fd)
 {
-	u_int i, old_alloc;
+	u_int i, old_alloc, new_alloc;
 
 	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
 		error("fcntl O_NONBLOCK: %s", strerror(errno));
@@ -779,25 +779,26 @@
 	for (i = 0; i < sockets_alloc; i++)
 		if (sockets[i].type == AUTH_UNUSED) {
 			sockets[i].fd = fd;
-			sockets[i].type = type;
 			buffer_init(&sockets[i].input);
 			buffer_init(&sockets[i].output);
 			buffer_init(&sockets[i].request);
+			sockets[i].type = type;
 			return;
 		}
 	old_alloc = sockets_alloc;
-	sockets_alloc += 10;
+	new_alloc = sockets_alloc + 10;
 	if (sockets)
-		sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
+		sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
 	else
-		sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
-	for (i = old_alloc; i < sockets_alloc; i++)
+		sockets = xmalloc(new_alloc * sizeof(sockets[0]));
+	for (i = old_alloc; i < new_alloc; i++)
 		sockets[i].type = AUTH_UNUSED;
-	sockets[old_alloc].type = type;
+	sockets_alloc = new_alloc;
 	sockets[old_alloc].fd = fd;
 	buffer_init(&sockets[old_alloc].input);
 	buffer_init(&sockets[old_alloc].output);
 	buffer_init(&sockets[old_alloc].request);
+	sockets[old_alloc].type = type;
 }
 
 static int

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/ssh_config#4 (text+ko) ====

@@ -1,5 +1,5 @@
 #	$OpenBSD: ssh_config,v 1.16 2002/07/03 14:21:05 markus Exp $
-#	$FreeBSD: src/crypto/openssh/ssh_config,v 1.21 2003/04/23 17:10:53 des Exp $
+#	$FreeBSD: src/crypto/openssh/ssh_config,v 1.22 2003/09/24 19:20:23 des Exp $
 
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -35,4 +35,4 @@
 #   Cipher 3des
 #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
 #   EscapeChar ~
-#   VersionAddendum FreeBSD-20030423
+#   VersionAddendum FreeBSD-20030924

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/ssh_config.5#4 (text+ko) ====

@@ -35,7 +35,7 @@
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .\" $OpenBSD: ssh_config.5,v 1.7 2003/03/28 10:11:43 jmc Exp $
-.\" $FreeBSD: src/crypto/openssh/ssh_config.5,v 1.9 2003/04/23 17:10:53 des Exp $
+.\" $FreeBSD: src/crypto/openssh/ssh_config.5,v 1.10 2003/09/24 19:20:23 des Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -623,7 +623,7 @@
 Specifies a string to append to the regular version string to identify
 OS- or site-specific modifications.
 The default is
-.Dq FreeBSD-20030423 .
+.Dq FreeBSD-20030924 .
 .It Cm XAuthLocation
 Specifies the full pathname of the
 .Xr xauth 1

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/sshd_config#5 (text+ko) ====

@@ -1,5 +1,5 @@
 #	$OpenBSD: sshd_config,v 1.59 2002/09/25 11:17:16 markus Exp $
-#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.32 2003/04/23 17:10:53 des Exp $
+#	$FreeBSD: src/crypto/openssh/sshd_config,v 1.33 2003/09/24 19:20:23 des Exp $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -14,7 +14,7 @@
 # Note that some of FreeBSD's defaults differ from OpenBSD's, and
 # FreeBSD has a few additional options.
 
-#VersionAddendum FreeBSD-20030423
+#VersionAddendum FreeBSD-20030924
 
 #Port 22
 #Protocol 2,1

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/sshd_config.5#4 (text+ko) ====

@@ -35,7 +35,7 @@
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
 .\" $OpenBSD: sshd_config.5,v 1.15 2003/03/28 10:11:43 jmc Exp $
-.\" $FreeBSD: src/crypto/openssh/sshd_config.5,v 1.11 2003/04/23 17:10:53 des Exp $
+.\" $FreeBSD: src/crypto/openssh/sshd_config.5,v 1.12 2003/09/24 19:20:23 des Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -650,7 +650,7 @@
 Specifies a string to append to the regular version string to identify
 OS- or site-specific modifications.
 The default is
-.Dq FreeBSD-20030423 .
+.Dq FreeBSD-20030924 .
 .It Cm X11DisplayOffset
 Specifies the first display number available for
 .Nm sshd Ns 's

==== //depot/projects/trustedbsd/sebsd/crypto/openssh/version.h#4 (text+ko) ====

@@ -1,11 +1,11 @@
 /* $OpenBSD: version.h,v 1.37 2003/04/01 10:56:46 markus Exp $ */
-/* $FreeBSD: src/crypto/openssh/version.h,v 1.20 2003/04/23 17:10:53 des Exp $ */
+/* $FreeBSD: src/crypto/openssh/version.h,v 1.23 2003/09/24 19:20:23 des Exp $ */
 
 #ifndef SSH_VERSION
 
 #define SSH_VERSION             (ssh_version_get())
 #define SSH_VERSION_BASE        "OpenSSH_3.6.1p1"
-#define SSH_VERSION_ADDENDUM    "FreeBSD-20030423"
+#define SSH_VERSION_ADDENDUM    "FreeBSD-20030924"
 
 const char *ssh_version_get(void);
 void ssh_version_set_addendum(const char *add);

==== //depot/projects/trustedbsd/sebsd/crypto/openssl/CHANGES#4 (text+ko) ====

@@ -2,6 +2,92 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 0.9.7b and 0.9.7c  [30 Sep 2003]
+
+  *) Fix various bugs revealed by running the NISCC test suite:
+
+     Stop out of bounds reads in the ASN1 code when presented with
+     invalid tags (CAN-2003-0543 and CAN-2003-0544).
+     
+     Free up ASN1_TYPE correctly if ANY type is invalid (CAN-2003-0545).
+
+     If verify callback ignores invalid public key errors don't try to check
+     certificate signature with the NULL public key.
+
+     [Steve Henson]
+
+  *) New -ignore_err option in ocsp application to stop the server
+     exiting on the first error in a request.
+     [Steve Henson]
+
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
+     when it's 512 *bits* long, not 512 bytes.
+     [Richard Levitte]
+
+  *) Change AES_cbc_encrypt() so it outputs exact multiple of
+     blocks during encryption.
+     [Richard Levitte]
+
+  *) Various fixes to base64 BIO and non blocking I/O. On write 
+     flushes were not handled properly if the BIO retried. On read
+     data was not being buffered properly and had various logic bugs.
+     This also affects blocking I/O when the data being decoded is a
+     certain size.
+     [Steve Henson]
+
+  *) Various S/MIME bugfixes and compatibility changes:
+     output correct application/pkcs7 MIME type if
+     PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
+     Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
+     of files as .eml work). Correctly handle very long lines in MIME
+     parser.
+     [Steve Henson]
+
+ Changes between 0.9.7a and 0.9.7b  [10 Apr 2003]
+
+  *) Countermeasure against the Klima-Pokorny-Rosa extension of
+     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+     a protocol version number mismatch like a decryption error
+     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+     [Bodo Moeller]
+
+  *) Turn on RSA blinding by default in the default implementation
+     to avoid a timing attack. Applications that don't want it can call
+     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+     They would be ill-advised to do so in most cases.
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+  *) Change RSA blinding code so that it works when the PRNG is not
+     seeded (in this case, the secret RSA exponent is abused as
+     an unpredictable seed -- if it is not unpredictable, there
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
+     [Bodo Moeller]
+
+  *) Fixed a typo bug that would cause ENGINE_set_default() to set an
+     ENGINE as defaults for all supported algorithms irrespective of
+     the 'flags' parameter. 'flags' is now honoured, so applications
+     should make sure they are passing it correctly.
+     [Geoff Thorpe]
+
+  *) Target "mingw" now allows native Windows code to be generated in
+     the Cygwin environment as well as with the MinGW compiler.
+     [Ulf Moeller] 
+
  Changes between 0.9.7 and 0.9.7a  [19 Feb 2003]
 
   *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
@@ -85,6 +171,9 @@
 
  Changes between 0.9.6h and 0.9.7  [31 Dec 2002]
 
+  [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
+  OpenSSL 0.9.7.]
+
   *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
      code (06) was taken as the first octet of the session ID and the last
      octet was ignored consequently. As a result SSLv2 client side session
@@ -1903,6 +1992,57 @@
   *) Clean old EAY MD5 hack from e_os.h.
      [Richard Levitte]
 
+ Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
+
+  *) Fix various bugs revealed by running the NISCC test suite:
+
+     Stop out of bounds reads in the ASN1 code when presented with
+     invalid tags (CAN-2003-0543 and CAN-2003-0544).
+     
+     If verify callback ignores invalid public key errors don't try to check
+     certificate signature with the NULL public key.
+
+     [Steve Henson]
+
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
+     when it's 512 *bits* long, not 512 bytes.
+     [Richard Levitte]
+
+ Changes between 0.9.6i and 0.9.6j  [10 Apr 2003]
+
+  *) Countermeasure against the Klima-Pokorny-Rosa extension of
+     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+     a protocol version number mismatch like a decryption error
+     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+     [Bodo Moeller]
+
+  *) Turn on RSA blinding by default in the default implementation
+     to avoid a timing attack. Applications that don't want it can call
+     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+     They would be ill-advised to do so in most cases.
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+  *) Change RSA blinding code so that it works when the PRNG is not
+     seeded (in this case, the secret RSA exponent is abused as
+     an unpredictable seed -- if it is not unpredictable, there
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
+     [Bodo Moeller]
+
  Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
 
   *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked

==== //depot/projects/trustedbsd/sebsd/crypto/openssl/Configure#4 (text+ko) ====

@@ -219,7 +219,7 @@
 # './Configure irix-[g]cc' manually.
 # -mips4 flag is added by ./config when appropriate.
 "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # N64 ABI builds.
 "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -390,6 +390,7 @@
 "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-s390x",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc",   "ecc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR BF_PTR2 DES_INT DES_UNROLL:asm/x86_64-gcc.o:::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -506,10 +507,8 @@
 "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32",
 "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
 
-# Mingw32
-# (Note: the real CFLAGS for Windows builds are defined by util/mk1mf.pl
-# and its library files in util/pl/*)
-"Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall:::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+# MinGW
+"mingw", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -mno-cygwin -Wall:::MINGW32:-mno-cygwin -lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:win32::::.dll",
 
 # UWIN 
 "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
@@ -561,6 +560,8 @@
 "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
 "vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
 "vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
+"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
+"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::::::::::::::::ranlibmips:",
 
 ##### Compaq Non-Stop Kernel (Tandem)
 "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",

==== //depot/projects/trustedbsd/sebsd/crypto/openssl/FAQ#4 (text+ko) ====

@@ -68,7 +68,7 @@
 * Which is the current version of OpenSSL?
 
 The current version is available from <URL: http://www.openssl.org>.
-OpenSSL 0.9.7a was released on February 19, 2003.
+OpenSSL 0.9.7c was released on September 30, 2003.
 
 In addition to the current stable release, you can also access daily
 snapshots of the OpenSSL development version at <URL:
@@ -732,6 +732,7 @@
 the OpenSSH configure script. It should contain the detailed information
 on why the OpenSSL library was not detected or considered incompatible.
 
+
 * Can I use OpenSSL's SSL library with non-blocking I/O?
 
 Yes; make sure to read the SSL_get_error(3) manual page!

==== //depot/projects/trustedbsd/sebsd/crypto/openssl/FREEBSD-Xlist#2 (text+ko) ====

@@ -1,10 +1,15 @@
-$FreeBSD: src/crypto/openssl/FREEBSD-Xlist,v 1.4 2002/07/30 12:38:41 nectar Exp $
+$FreeBSD: src/crypto/openssl/FREEBSD-Xlist,v 1.5 2003/10/01 12:21:16 nectar Exp $
+INSTALL.DJGPP
 INSTALL.MacOS
+INSTALL.OS2
 INSTALL.VMS
 INSTALL.W32
+INSTALL.WCE
 MacOS/
 VMS/
 *.com
+*.def
+*.mak
 */*.bat
 */*.com
 */*/*.bat
@@ -13,6 +18,7 @@
 crypto/bn/asm/pa-risc2.s.old
 crypto/bn/asm/vms.mar
 crypto/bn/vms-helper.c
+crypto/buildinf.h
 crypto/dso/dso_vms.c
 crypto/dso/dso_win32.c
 crypto/threads/solaris.sh
@@ -24,6 +30,9 @@
 shlib/solaris-sc4.sh
 shlib/solaris.sh
 shlib/sun.sh
+shlib/sco5-shared-installed
+shlib/sco5-shared-gcc.sh
+shlib/sco5-shared.sh
 shlib/svr5-shared-gcc.sh
 shlib/svr5-shared-installed
 shlib/svr5-shared.sh

==== //depot/projects/trustedbsd/sebsd/crypto/openssl/LICENSE#2 (text+ko) ====

@@ -12,7 +12,7 @@
   ---------------
 
 /* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions

==== //depot/projects/trustedbsd/sebsd/crypto/openssl/Makefile.org#4 (text+ko) ====

@@ -78,7 +78,7 @@
 # gcc, then the driver will automatically translate it to -xarch=v8plus
 # and pass it down to assembler.
 AS=$(CC) -c
-ASFLAGS=$(CFLAG)
+ASFLAG=$(CFLAG)
 
 # Set BN_ASM to bn_asm.o if you want to use the C version
 BN_ASM= bn_asm.o
@@ -194,6 +194,7 @@
 MANDIR=$(OPENSSLDIR)/man
 MAN1=1
 MAN3=3
+MANSUFFIX=
 SHELL=/bin/sh
 
 TOP=    .
@@ -225,7 +226,7 @@
 	do \
 	if [ -d "$$i" ]; then \
 		(cd $$i && echo "making all in $$i..." && \
-		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAG='${ASFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
 	else \
 		$(MAKE) $$i; \
 	fi; \
@@ -410,9 +411,10 @@
 		  find . -name "*.o" -print > allobjs ; \
 		  OBJS= ; export OBJS ; \
 		  for obj in `ar t lib$$i.a` ; do \
-		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
+		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
 		  done ; \
-		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		  set -x; ${CC} ${SHARED_LDFLAGS} \
+			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
 		libs="-l$$i $$libs"; \
@@ -429,13 +431,16 @@
 			libs="$(LIBKRB5) $$libs"; \
 		fi; \
 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+		  SHARE_FLAG='-G'; \
+		  (${CC} -v 2>&1 | grep gcc) > /dev/null && SHARE_FLAG='-shared'; \
 		  find . -name "*.o" -print > allobjs ; \
 		  OBJS= ; export OBJS ; \
 		  for obj in `ar t lib$$i.a` ; do \
-		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
+		    OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
 		  done ; \
-		  set -x; ${CC} ${SHARED_LDFLAGS} \
-			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+		  set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
+			${CC} ${SHARED_LDFLAGS} \
+			$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
 		libs="-l$$i $$libs"; \
@@ -589,10 +594,10 @@
 	@false
 
 libclean:
-	rm -f *.a */lib */*/lib
+	rm -f *.map *.so *.so.* engines/*.so *.a */lib */*/lib
 
-clean:
-	rm -f shlib/*.o *.o core a.out fluff *.map rehash.time testlog make.log cctest cctest.c
+clean:	libclean
+	rm -f shlib/*.o *.o core a.out fluff rehash.time testlog make.log cctest cctest.c
 	@for i in $(DIRS) ;\
 	do \
 	if [ -d "$$i" ]; then \
@@ -602,7 +607,7 @@
 	fi; \
 	done;
 	rm -f openssl.pc
-	rm -f *.a *.o speed.* *.map *.so .pure core
+	rm -f speed.* .pure
 	rm -f $(TARFILE)
 	@for i in $(ONEDIRS) ;\
 	do \
@@ -652,7 +657,10 @@
 rehash.time: certs
 	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
 		export OPENSSL OPENSSL_DEBUG_MEMORY; \
-		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
+		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
+		SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
+		LIBPATH="`pwd`:$$LIBPATH"; \
 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
 		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
 		$(PERL) tools/c_rehash certs)
@@ -663,10 +671,13 @@
 tests: rehash
 	@(cd test && echo "testing..." && \
 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
-	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
-		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
-		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \

>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message



More information about the trustedbsd-cvs mailing list