source-changes: Re: CVS commit: src/crypto/dist/openssl/ssl

Subject: Re: CVS commit: src/crypto/dist/openssl/ssl
To: None <gendalia@netbsd.org>
From: Johnny C. Lam <jlam@pkgsrc.org>
List: source-changes
Date: 10/11/2005 14:27:46

Tracy Di Marco White wrote:
> Module Name:	src
> Committed By:	gendalia
> Date:		Tue Oct 11 18:07:40 UTC 2005
> 
> Modified Files:
> 	src/crypto/dist/openssl/ssl: s23_srvr.c
> 
> Log Message:
> fix openssl 2.0 rollback, CAN-2005-2969
> approved by: agc

If we're not going to import OpenSSL 0.9.7h into src, I think we're 
going to need add a preprocessor symbol to <openssl/opensslv.h> so that 
we can distinguish NetBSD's "fixed" openssl-0.9.7g from vanilla 
openssl-0.9.7g.  In the past, we've used the following (see revision 
1.1.1.4.2.4 of src/crypto/dist/openssl/crypto/opensslv.h):

/* The following macro indicates that this version of OpenSSL
  * contains the security-related diffs between 0.9.6l and 0.9.6m
  * that were pulled up to the netbsd-1-6 branch on 2004-04-01.
  */
#define OPENSSL_HAS_20040401_FIX

So I would imagine we need something similar, e.g. OPENSSL_HAS_20051011_FIX.

	Cheers,

	-- Johnny Lam <jlam@pkgsrc.org>