From oz@nixil.net  Fri Oct 14 01:34:02 2005
Return-Path: <oz@nixil.net>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4459016A41F
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 14 Oct 2005 01:34:02 +0000 (GMT)
	(envelope-from oz@nixil.net)
Received: from nixil.net (nixil.net [161.58.222.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BA63843D45
	for <FreeBSD-gnats-submit@freebsd.org>; Fri, 14 Oct 2005 01:34:01 +0000 (GMT)
	(envelope-from oz@nixil.net)
Received: from nixil.net (localhost [127.0.0.1])
	by nixil.net (8.13.1/8.13.1) with ESMTP id j9E1Y0Kr093888
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT)
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 13 Oct 2005 19:34:00 -0600 (MDT)
Received: (from oz@localhost)
	by nixil.net (8.13.1/8.13.1/Submit) id j9E1Y0Ku093887;
	Thu, 13 Oct 2005 19:34:00 -0600 (MDT)
Message-Id: <200510140134.j9E1Y0Ku093887@nixil.net>
Date: Thu, 13 Oct 2005 19:34:00 -0600 (MDT)
From: Phil Oleson <oz@nixil.net>
Reply-To: Phil Oleson <oz@nixil.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: [patch] openssl-0.9.7h ABI fix
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         87419
>Category:       ports
>Synopsis:       [patch] openssl-0.9.7h ABI fix
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    dinoex
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Oct 14 01:40:17 GMT 2005
>Closed-Date:    Fri Oct 14 07:50:01 CEST 2005
>Last-Modified:  Fri Oct 14 07:50:01 CEST 2005
>Originator:     Phil Oleson
>Release:        FreeBSD 4.7-RELEASE-p28 i386
>Organization:
N/A
>Environment:
System: FreeBSD nixil.net 4.7-RELEASE-p28 FreeBSD 4.7-RELEASE-p28 #42: Tue Jun 21 10:33:20 MDT 2005 root@fc2:/usr/src/sys/compile/nixil i386


>Description:
	0.9.7h broke binary compatability with 0.9.7g
	ref: http://groups.google.com/group/mailing.openssl.users/browse_thread/thread/48de55e291a4e605/df8aa5dfec5a3f50#df8aa5dfec5a3f50
>How-To-Repeat:
	N/A
>Fix:

	Patch from openssl's CVS.

--- patch-openssl begins here ---
diff -ruN openssl.orig/Makefile openssl/Makefile
--- openssl.orig/Makefile	Wed Oct 12 05:14:14 2005
+++ openssl/Makefile	Thu Oct 13 18:51:37 2005
@@ -887,6 +887,11 @@
 
 .include <bsd.port.pre.mk>
 
+.if defined(WITH_OPENSSL_097)
+EXTRA_PATCHES=  ${PATCHDIR}/097-patch-crypto-evp-evp.h \
+                ${PATCHDIR}/097-patch-crypto-hmac-hmac.h
+.endif
+
 .if ${PORTOBJFORMAT} == "aout"
 MAKE_ARGS+=	WHOLE_ARCHIVE_FLAG=-Bforcearchive
 .else
diff -ruN openssl.orig/files/097-patch-crypto-evp-evp.h openssl/files/097-patch-crypto-evp-evp.h
--- openssl.orig/files/097-patch-crypto-evp-evp.h	Wed Dec 31 17:00:00 1969
+++ openssl/files/097-patch-crypto-evp-evp.h	Thu Oct 13 17:27:05 2005
@@ -0,0 +1,14 @@
+--- crypto/evp/evp.h.orig	Thu Oct 13 17:24:41 2005
++++ crypto/evp/evp.h	Thu Oct 13 17:26:32 2005
+@@ -132,7 +132,11 @@
+ #define EVP_CAST5_KEY_SIZE		16
+ #define EVP_RC5_32_12_16_KEY_SIZE	16
+ */
++#ifdef OPENSSL_FIPS
+ #define EVP_MAX_MD_SIZE			64	/* longest known SHA512 */
++#else
++#define EVP_MAX_MD_SIZE			(16+20)	/* The SSLv3 md5+sha1 type */
++#endif
+ #define EVP_MAX_KEY_LENGTH		32
+ #define EVP_MAX_IV_LENGTH		16
+ #define EVP_MAX_BLOCK_LENGTH		32
diff -ruN openssl.orig/files/097-patch-crypto-hmac-hmac.h openssl/files/097-patch-crypto-hmac-hmac.h
--- openssl.orig/files/097-patch-crypto-hmac-hmac.h	Wed Dec 31 17:00:00 1969
+++ openssl/files/097-patch-crypto-hmac-hmac.h	Thu Oct 13 17:29:51 2005
@@ -0,0 +1,14 @@
+--- crypto/hmac/hmac.h.orig	Thu Oct 13 17:27:32 2005
++++ crypto/hmac/hmac.h	Thu Oct 13 17:28:43 2005
+@@ -64,7 +64,11 @@
+ 
+ #include <openssl/evp.h>
+ 
++#ifdef OPENSSL_FIPS
+ #define HMAC_MAX_MD_CBLOCK	128
++#else
++#define HMAC_MAX_MD_CBLOCK	64
++#endif
+ 
+ #ifdef  __cplusplus
+ extern "C" {
--- patch-openssl ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->dinoex 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Fri Oct 14 01:51:02 GMT 2005 
Responsible-Changed-Why:  
Over to maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=87419 

From: Phil Oleson <oz@nixil.net>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/87419: [patch] openssl-0.9.7h ABI fix
Date: Thu, 13 Oct 2005 20:09:56 -0600

 forgot to add 'PORTREVISION=   1' to the Makefile..
 Look into this when checking out the patch.
 
 	Phil.
State-Changed-From-To: open->closed 
State-Changed-By: dinoex 
State-Changed-When: Fri Oct 14 07:49:33 CEST 2005 
State-Changed-Why:  
committed with some cosmetic changes, thanks. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=87419 
>Unformatted:
