Subject: Re: CVS commit: [netbsd-1-6] src/crypto/dist/openssl/crypto
To: Matthias Scheler <tron@netbsd.org>
From: Johnny C. Lam <jlam@NetBSD.org>
List: source-changes
Date: 10/04/2003 01:05:04
On Wed, Oct 01, 2003 at 03:04:30PM +0000, Matthias Scheler wrote:
> 
> Module Name:	src
> Committed By:	tron
> Date:		Wed Oct  1 15:04:30 UTC 2003
> 
> Modified Files:
> 	src/crypto/dist/openssl/crypto/asn1 [netbsd-1-6]: asn1_lib.c
> 	src/crypto/dist/openssl/crypto/x509 [netbsd-1-6]: x509_vfy.c
> 
> Log Message:
> Apply patch (requested by christos in ticket #1492):
> Fix various bugs revealed by running the NISCC test suite:
> Stop out of bounds reads in the ASN1 code when presented with
> invalid tags (CAN-2003-0543 and CAN-2003-0544).
> If verify callback ignores invalid public key errors don't try to check
> certificate signature with the NULL public key.

Is there some way to check whether the system OpenSSL is fixed or not
for pkgsrc purposes?  I think the last time this came up, there was a
header symbol that we could check so that we could avoid installing
and depending on openssl-0.9.6g from pkgsrc.  Is there something
similar that we could do to avoid installing and depending on
openssl-0.9.6k from pkgsrc?  If not a header symbol, then perhaps
a library symbol we could check for using `nm'?

	Cheers,

	-- Johnny Lam <jlam@NetBSD.org>