Subject: Re: CVS commit: [netbsd-1-6] src/crypto/dist/openssl/crypto
To: Matthias Scheler <tron@netbsd.org>
From: Johnny C. Lam <jlam@NetBSD.org>
List: source-changes
Date: 10/04/2003 01:05:04
On Wed, Oct 01, 2003 at 03:04:30PM +0000, Matthias Scheler wrote:
>
> Module Name: src
> Committed By: tron
> Date: Wed Oct 1 15:04:30 UTC 2003
>
> Modified Files:
> src/crypto/dist/openssl/crypto/asn1 [netbsd-1-6]: asn1_lib.c
> src/crypto/dist/openssl/crypto/x509 [netbsd-1-6]: x509_vfy.c
>
> Log Message:
> Apply patch (requested by christos in ticket #1492):
> Fix various bugs revealed by running the NISCC test suite:
> Stop out of bounds reads in the ASN1 code when presented with
> invalid tags (CAN-2003-0543 and CAN-2003-0544).
> If verify callback ignores invalid public key errors don't try to check
> certificate signature with the NULL public key.
Is there some way to check whether the system OpenSSL is fixed or not
for pkgsrc purposes? I think the last time this came up, there was a
header symbol that we could check so that we could avoid installing
and depending on openssl-0.9.6g from pkgsrc. Is there something
similar that we could do to avoid installing and depending on
openssl-0.9.6k from pkgsrc? If not a header symbol, then perhaps
a library symbol we could check for using `nm'?
Cheers,
-- Johnny Lam <jlam@NetBSD.org>