Re: Built-in OpenSSL and pkgsrc bootstrap?

[Joerg Sonnenberger <joerg%britannica.bec.de@localhost>]

On Mon, Feb 16, 2009 at 08:40:50AM +0100, Hauke Fath wrote:
> what minimal version does the pkgsrc bootstrap require from the native OSes
> openssl?

Good question. The OpenSSL documentation is lacking in the compatibility
data part, so I don't know. This is the first time the question came up,
otherwise native either hasn't existed or has been good enough.

> An attempt to either build pkgtools/pkg_install on a previously
> bootstrapped netbsd-1-5 machine, or re-bootstrap the machine, fails while
> building pkg_install because of a missing <openssl/ui.h>. The openssl
> version installed there is 0.9.6g. The missing header appeared in netbsd-2.

Can you try the attached patch?

Joerg

Index: pkcs7.c
===================================================================
RCS file: 
/home/joerg/repo/netbsd/pkgsrc/pkgtools/pkg_install/files/lib/pkcs7.c,v
retrieving revision 1.2
diff -u -p -r1.2 pkcs7.c
--- pkcs7.c     2 Feb 2009 12:35:01 -0000       1.2
+++ pkcs7.c     16 Feb 2009 12:37:45 -0000
@@ -48,7 +48,6 @@ __RCSID("$NetBSD: pkcs7.c,v 1.2 2009/02/
 #include <openssl/x509v3.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
-#include <openssl/ui.h>
 
 #include "lib.h"
 
@@ -227,8 +226,10 @@ static int
 ssl_pass_cb(char *buf, int size, int rwflag, void *u)
 {
 
-       if (UI_UTIL_read_pw_string(buf, size, "Passphrase: ", 0))
+       if (EVP_read_pw_string(buf, size, "Passphrase :", 0)) {
+               OPENSSL_cleanse(buf, size);
                return 0;
+       }
        return strlen(buf);
 }