Commit 7f324285 authored by Mark Andrews's avatar Mark Andrews

1256. [security] Support patches OpenSSL libraries.

                        http://www.cert.org/advisories/CA-2002-23.html
parent 95d24aa0
1256. [security] Support patches OpenSSL libraries.
http://www.cert.org/advisories/CA-2002-23.html
1355. [bug] It was possible to trigger a INSIST when debugging
large dynamic updates. [RT #3390]
......
#! /bin/sh
# From configure.in Revision: 1.328 .
# From configure.in Revision: 1.329 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.53.
#
......@@ -4357,9 +4357,128 @@ rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
fi
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
#
# OpenSSLDie is new with CERT CS-2002-23. If we see it we have may
# have a patched library otherwise check that we are greater than
# the fixed versions
#
echo "$as_me:$LINENO: checking for OpenSSLDie" >&5
echo $ECHO_N "checking for OpenSSLDie... $ECHO_C" >&6
if test "${ac_cv_func_OpenSSLDie+set}" = set; then
echo $ECHO_N "(cached) $ECHO_C" >&6
else
cat >conftest.$ac_ext <<_ACEOF
#line $LINENO "configure"
#include "confdefs.h"
/* System header to define __stub macros and hopefully few prototypes,
which can conflict with char OpenSSLDie (); below. */
#include <assert.h>
/* Override any gcc2 internal prototype to avoid an error. */
#ifdef __cplusplus
extern "C"
#endif
/* We use char because int might match the return type of a gcc2
builtin and then its argument prototype would still apply. */
char OpenSSLDie ();
char (*f) ();
#ifdef F77_DUMMY_MAIN
# ifdef __cplusplus
extern "C"
# endif
int F77_DUMMY_MAIN() { return 1; }
#endif
int
main ()
{
/* The GNU C library defines this for functions which it implements
to always fail with ENOSYS. Some functions are actually named
something starting with __ and the normal name is an alias. */
#if defined (__stub_OpenSSLDie) || defined (__stub___OpenSSLDie)
choke me
#else
f = OpenSSLDie;
#endif
;
return 0;
}
_ACEOF
rm -f conftest.$ac_objext conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } &&
{ ac_try='test -s conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
ac_cv_func_OpenSSLDie=yes
else
echo "$as_me: failed program was:" >&5
cat conftest.$ac_ext >&5
ac_cv_func_OpenSSLDie=no
fi
rm -f conftest.$ac_objext conftest$ac_exeext conftest.$ac_ext
fi
echo "$as_me:$LINENO: result: $ac_cv_func_OpenSSLDie" >&5
echo "${ECHO_T}$ac_cv_func_OpenSSLDie" >&6
if test $ac_cv_func_OpenSSLDie = yes; then
echo "$as_me:$LINENO: checking OpenSSL library version" >&5
echo $ECHO_N "checking OpenSSL library version... $ECHO_C" >&6
if test "$cross_compiling" = yes; then
echo "$as_me:$LINENO: result: assuming target platform has compatible version" >&5
echo "${ECHO_T}assuming target platform has compatible version" >&6
else
cat >conftest.$ac_ext <<_ACEOF
#line $LINENO "configure"
#include "confdefs.h"
#include <stdio.h>
#include <openssl/opensslv.h>
int main() {
if (OPENSSL_VERSION_NUMBER >= 0x0090581fL)
return (0);
printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n",
OPENSSL_VERSION_NUMBER);
printf("Require OPENSSL_VERSION_NUMBER 0x0090581f or greater\n\n");
return (1);
}
_ACEOF
rm -f conftest$ac_exeext
if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5
(eval $ac_link) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && { ac_try='./conftest$ac_exeext'
{ (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5
(eval $ac_try) 2>&5
ac_status=$?
echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); }; }; then
echo "$as_me:$LINENO: result: ok" >&5
echo "${ECHO_T}ok" >&6
else
echo "$as_me: program exited with status $ac_status" >&5
echo "$as_me: failed program was:" >&5
cat conftest.$ac_ext >&5
( exit $ac_status )
echo "$as_me:$LINENO: result: not compatible" >&5
echo "${ECHO_T}not compatible" >&6
{ { echo "$as_me:$LINENO: error: you need OpenSSL 0.9.5a or newer" >&5
echo "$as_me: error: you need OpenSSL 0.9.5a or newer" >&2;}
{ (exit 1); exit 1; }; }
fi
rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
fi
else
echo "$as_me:$LINENO: result: did not find fixes for CERT CA-2002-23" >&5
echo "${ECHO_T}did not find fixes for CERT CA-2002-23" >&6
echo "$as_me:$LINENO: checking OpenSSL library version" >&5
echo $ECHO_N "checking OpenSSL library version... $ECHO_C" >&6
if test "$cross_compiling" = yes; then
......@@ -4373,11 +4492,14 @@ else
#include <stdio.h>
#include <openssl/opensslv.h>
int main() {
if (OPENSSL_VERSION_NUMBER >= 0x0090605fL)
if ((OPENSSL_VERSION_NUMBER >= 0x0090605fL &&
OPENSSL_VERSION_NUMBER < 0x009070000L) ||
OPENSSL_VERSION_NUMBER >= 0x00907003L)
return (0);
printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n",
OPENSSL_VERSION_NUMBER);
printf("Require OPENSSL_VERSION_NUMBER 0x0090605f or greater\n\n");
printf("Require OPENSSL_VERSION_NUMBER 0x0090605f or greater (0.9.6e)\n"
"Require OPENSSL_VERSION_NUMBER 0x00907003 or greater (0.9.7-beta2)\n\n");
return (1);
}
......@@ -4402,12 +4524,14 @@ cat conftest.$ac_ext >&5
( exit $ac_status )
echo "$as_me:$LINENO: result: not compatible" >&5
echo "${ECHO_T}not compatible" >&6
{ { echo "$as_me:$LINENO: error: you need OpenSSL 0.9.6e or newer" >&5
echo "$as_me: error: you need OpenSSL 0.9.6e or newer" >&2;}
{ { echo "$as_me:$LINENO: error: you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23" >&5
echo "$as_me: error: you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23" >&2;}
{ (exit 1); exit 1; }; }
fi
rm -f core core.* *.core conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext
fi
fi
CFLAGS="$saved_cflags"
LIBS="$saved_libs"
;;
......@@ -7233,7 +7357,7 @@ test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
case $host in
*-*-irix6*)
# Find out which ABI we are using.
echo '#line 7236 "configure"' > conftest.$ac_ext
echo '#line 7360 "configure"' > conftest.$ac_ext
if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5
(eval $ac_compile) 2>&5
ac_status=$?
......@@ -7783,7 +7907,7 @@ chmod -w .
save_CFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -o out/conftest2.$ac_objext"
compiler_c_o=no
if { (eval echo configure:7786: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$ac_objext; then
if { (eval echo configure:7910: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>out/conftest.err; } && test -s out/conftest2.$ac_objext; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings
if test -s out/conftest.err; then
......@@ -9614,7 +9738,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
#line 9617 "configure"
#line 9741 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
......@@ -9712,7 +9836,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
#line 9715 "configure"
#line 9839 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
......
......@@ -18,7 +18,7 @@ AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)dnl
esyscmd([sed "s/^/# /" COPYRIGHT])dnl
AC_DIVERT_POP()dnl
AC_REVISION($Revision: 1.328 $)
AC_REVISION($Revision: 1.329 $)
AC_INIT(lib/dns/name.c)
AC_PREREQ(2.13)
......@@ -387,26 +387,51 @@ shared library configuration (e.g., LD_LIBRARY_PATH).)],
[AC_MSG_RESULT(assuming it does work on target platform)]
)
#
# OpenSSLDie is new with CERT CS-2002-23. If we see it we have may
# have a patched library otherwise check that we are greater than
# the fixed versions
#
AC_CHECK_FUNC(OpenSSLDie,
AC_MSG_CHECKING(OpenSSL library version)
AC_TRY_RUN([
#include <stdio.h>
#include <openssl/opensslv.h>
int main() {
if (OPENSSL_VERSION_NUMBER >= 0x0090605fL)
if (OPENSSL_VERSION_NUMBER >= 0x0090581fL)
return (0);
printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n",
OPENSSL_VERSION_NUMBER);
printf("Require OPENSSL_VERSION_NUMBER 0x0090605f or greater\n\n");
printf("Require OPENSSL_VERSION_NUMBER 0x0090581f or greater\n\n");
return (1);
}
],
[AC_MSG_RESULT(ok)],
[AC_MSG_RESULT(not compatible)
AC_MSG_ERROR(you need OpenSSL 0.9.6e or newer)],
AC_MSG_ERROR(you need OpenSSL 0.9.5a or newer)],
[AC_MSG_RESULT(assuming target platform has compatible version)])
,
AC_MSG_RESULT(did not find fixes for CERT CA-2002-23)
AC_MSG_CHECKING(OpenSSL library version)
AC_TRY_RUN([
#include <stdio.h>
#include <openssl/opensslv.h>
int main() {
if ((OPENSSL_VERSION_NUMBER >= 0x0090605fL &&
OPENSSL_VERSION_NUMBER < 0x009070000L) ||
OPENSSL_VERSION_NUMBER >= 0x00907003L)
return (0);
printf("\n\nFound OPENSSL_VERSION_NUMBER %#010x\n",
OPENSSL_VERSION_NUMBER);
printf("Require OPENSSL_VERSION_NUMBER 0x0090605f or greater (0.9.6e)\n"
"Require OPENSSL_VERSION_NUMBER 0x00907003 or greater (0.9.7-beta2)\n\n");
return (1);
}
],
[AC_MSG_RESULT(ok)],
[AC_MSG_RESULT(not compatible)
AC_MSG_ERROR(you need OpenSSL 0.9.6e/0.9.7-beta2 (or newer): CERT CA-2002-23)],
[AC_MSG_RESULT(assuming target platform has compatible version)]))
CFLAGS="$saved_cflags"
LIBS="$saved_libs"
;;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment