From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from smtprelay04.ispgateway.de ([80.67.31.31]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1XFN0C-0002hE-V4 for ptxdist@pengutronix.de; Thu, 07 Aug 2014 14:41:10 +0200 From: Bernhard Walle Date: Thu, 7 Aug 2014 14:41:01 +0200 Message-Id: <1407415261-16377-1-git-send-email-bernhard@bwalle.de> Subject: [ptxdist] [PATCH] openssl: version bump 1.0.1h -> 1.0.1i Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de Cc: Bernhard Walle Fixes CVE-2014-3508. Signed-off-by: Bernhard Walle --- patches/openssl-1.0.1h/0001-ca.patch | 31 ---- patches/openssl-1.0.1h/0002-debian-targets.patch | 80 --------- patches/openssl-1.0.1h/0003-engines-path.patch | 92 ---------- patches/openssl-1.0.1h/0004-no-rpath.patch | 24 --- patches/openssl-1.0.1h/0005-no-symbolic.patch | 24 --- patches/openssl-1.0.1h/0006-pic.patch | 189 --------------------- patches/openssl-1.0.1h/0007-valgrind.patch | 31 ---- patches/openssl-1.0.1h/0008-rehash-crt.patch | 44 ----- patches/openssl-1.0.1h/0009-shared-lib-ext.patch | 25 --- patches/openssl-1.0.1h/0010-stddef.patch | 23 --- patches/openssl-1.0.1h/0011-block_diginotar.patch | 66 ------- .../0012-block_digicert_malaysia.patch | 30 ---- .../0013-Change-default-bit-size-and-digest.patch | 131 -------------- .../openssl-1.0.1h/0014-openssl_fix_for_x32.patch | 50 ------ patches/openssl-1.0.1h/series | 17 -- patches/openssl-1.0.1i/0001-ca.patch | 31 ++++ patches/openssl-1.0.1i/0002-debian-targets.patch | 80 +++++++++ patches/openssl-1.0.1i/0003-engines-path.patch | 92 ++++++++++ patches/openssl-1.0.1i/0004-no-rpath.patch | 24 +++ patches/openssl-1.0.1i/0005-no-symbolic.patch | 24 +++ patches/openssl-1.0.1i/0006-pic.patch | 189 +++++++++++++++++++++ patches/openssl-1.0.1i/0007-valgrind.patch | 31 ++++ patches/openssl-1.0.1i/0008-rehash-crt.patch | 44 +++++ patches/openssl-1.0.1i/0009-shared-lib-ext.patch | 25 +++ patches/openssl-1.0.1i/0010-stddef.patch | 23 +++ patches/openssl-1.0.1i/0011-block_diginotar.patch | 66 +++++++ .../0012-block_digicert_malaysia.patch | 30 ++++ .../0013-Change-default-bit-size-and-digest.patch | 131 ++++++++++++++ .../openssl-1.0.1i/0014-openssl_fix_for_x32.patch | 50 ++++++ patches/openssl-1.0.1i/series | 17 ++ rules/openssl.make | 4 +- 31 files changed, 859 insertions(+), 859 deletions(-) delete mode 100644 patches/openssl-1.0.1h/0001-ca.patch delete mode 100644 patches/openssl-1.0.1h/0002-debian-targets.patch delete mode 100644 patches/openssl-1.0.1h/0003-engines-path.patch delete mode 100644 patches/openssl-1.0.1h/0004-no-rpath.patch delete mode 100644 patches/openssl-1.0.1h/0005-no-symbolic.patch delete mode 100644 patches/openssl-1.0.1h/0006-pic.patch delete mode 100644 patches/openssl-1.0.1h/0007-valgrind.patch delete mode 100644 patches/openssl-1.0.1h/0008-rehash-crt.patch delete mode 100644 patches/openssl-1.0.1h/0009-shared-lib-ext.patch delete mode 100644 patches/openssl-1.0.1h/0010-stddef.patch delete mode 100644 patches/openssl-1.0.1h/0011-block_diginotar.patch delete mode 100644 patches/openssl-1.0.1h/0012-block_digicert_malaysia.patch delete mode 100644 patches/openssl-1.0.1h/0013-Change-default-bit-size-and-digest.patch delete mode 100644 patches/openssl-1.0.1h/0014-openssl_fix_for_x32.patch delete mode 100644 patches/openssl-1.0.1h/series create mode 100644 patches/openssl-1.0.1i/0001-ca.patch create mode 100644 patches/openssl-1.0.1i/0002-debian-targets.patch create mode 100644 patches/openssl-1.0.1i/0003-engines-path.patch create mode 100644 patches/openssl-1.0.1i/0004-no-rpath.patch create mode 100644 patches/openssl-1.0.1i/0005-no-symbolic.patch create mode 100644 patches/openssl-1.0.1i/0006-pic.patch create mode 100644 patches/openssl-1.0.1i/0007-valgrind.patch create mode 100644 patches/openssl-1.0.1i/0008-rehash-crt.patch create mode 100644 patches/openssl-1.0.1i/0009-shared-lib-ext.patch create mode 100644 patches/openssl-1.0.1i/0010-stddef.patch create mode 100644 patches/openssl-1.0.1i/0011-block_diginotar.patch create mode 100644 patches/openssl-1.0.1i/0012-block_digicert_malaysia.patch create mode 100644 patches/openssl-1.0.1i/0013-Change-default-bit-size-and-digest.patch create mode 100644 patches/openssl-1.0.1i/0014-openssl_fix_for_x32.patch create mode 100644 patches/openssl-1.0.1i/series diff --git a/patches/openssl-1.0.1h/0001-ca.patch b/patches/openssl-1.0.1h/0001-ca.patch deleted file mode 100644 index 3a54d2a..0000000 --- a/patches/openssl-1.0.1h/0001-ca.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: Michael Olbrich -Date: Tue, 8 Apr 2014 07:48:47 +0200 -Subject: [PATCH] ca - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - apps/CA.pl.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/apps/CA.pl.in b/apps/CA.pl.in -index c783a6e..fa665b7 100644 ---- a/apps/CA.pl.in -+++ b/apps/CA.pl.in -@@ -65,6 +65,7 @@ $RET = 0; - foreach (@ARGV) { - if ( /^(-\?|-h|-help)$/ ) { - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; -+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; - exit 0; - } elsif (/^-newcert$/) { - # create a certificate -@@ -165,6 +166,7 @@ foreach (@ARGV) { - } else { - print STDERR "Unknown arg $_\n"; - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; -+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; - exit 1; - } - } diff --git a/patches/openssl-1.0.1h/0002-debian-targets.patch b/patches/openssl-1.0.1h/0002-debian-targets.patch deleted file mode 100644 index b3191ae..0000000 --- a/patches/openssl-1.0.1h/0002-debian-targets.patch +++ /dev/null @@ -1,80 +0,0 @@ -From: Michael Olbrich -Date: Tue, 8 Apr 2014 07:48:47 +0200 -Subject: [PATCH] debian-targets - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - Configure | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 51 insertions(+) - -diff --git a/Configure b/Configure -index de78469..79082df 100755 ---- a/Configure -+++ b/Configure -@@ -105,6 +105,10 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta - - my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; - -+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS -+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; -+$debian_cflags =~ s/\n/ /g; -+ - my $strict_warnings = 0; - - my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; -@@ -340,6 +344,53 @@ my %table=( - "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", - "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", - -+# Debian GNU/* (various architectures) -+"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", -+"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", -+ - #### - #### Variety of LINUX:-) - #### diff --git a/patches/openssl-1.0.1h/0003-engines-path.patch b/patches/openssl-1.0.1h/0003-engines-path.patch deleted file mode 100644 index 412247b..0000000 --- a/patches/openssl-1.0.1h/0003-engines-path.patch +++ /dev/null @@ -1,92 +0,0 @@ -From: Michael Olbrich -Date: Tue, 8 Apr 2014 07:48:47 +0200 -Subject: [PATCH] engines-path - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - Configure | 2 +- - Makefile.org | 2 +- - engines/Makefile | 10 +++++----- - engines/ccgost/Makefile | 6 +++--- - 4 files changed, 10 insertions(+), 10 deletions(-) - -diff --git a/Configure b/Configure -index 79082df..c676835 100755 ---- a/Configure -+++ b/Configure -@@ -1855,7 +1855,7 @@ while () - } - elsif (/^#define\s+ENGINESDIR/) - { -- my $foo = "$prefix/$libdir/engines"; -+ my $foo = "$prefix/$libdir/openssl-1.0.0/engines"; - $foo =~ s/\\/\\\\/g; - print OUT "#define ENGINESDIR \"$foo\"\n"; - } -diff --git a/Makefile.org b/Makefile.org -index c92806f..5117a0e 100644 ---- a/Makefile.org -+++ b/Makefile.org -@@ -543,7 +543,7 @@ install: all install_docs install_sw - install_sw: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ -- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ - $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ -diff --git a/engines/Makefile b/engines/Makefile -index 2fa9534..58e0281 100644 ---- a/engines/Makefile -+++ b/engines/Makefile -@@ -107,7 +107,7 @@ install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ -- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \ -+ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines; \ - for l in $(LIBNAMES); do \ - ( echo installing $$l; \ - pfx=lib; \ -@@ -119,13 +119,13 @@ install: - *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ - *) sfx=".bad";; \ - esac; \ -- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ - else \ - sfx=".so"; \ -- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ - fi; \ -- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ -+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ -+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx ); \ - done; \ - fi - @target=install; $(RECURSIVE_MAKE) -diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile -index d661c10..3e593b1 100644 ---- a/engines/ccgost/Makefile -+++ b/engines/ccgost/Makefile -@@ -53,13 +53,13 @@ install: - *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ - *) sfx=".bad";; \ - esac; \ -- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - else \ - sfx=".so"; \ - cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - fi; \ -- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ -+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx; \ - fi - - links: diff --git a/patches/openssl-1.0.1h/0004-no-rpath.patch b/patches/openssl-1.0.1h/0004-no-rpath.patch deleted file mode 100644 index 8c9fbc1..0000000 --- a/patches/openssl-1.0.1h/0004-no-rpath.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Michael Olbrich -Date: Tue, 8 Apr 2014 07:48:47 +0200 -Subject: [PATCH] no-rpath - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - Makefile.shared | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile.shared b/Makefile.shared -index e753f44..6e3f886 100644 ---- a/Makefile.shared -+++ b/Makefile.shared -@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - --DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(CFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/patches/openssl-1.0.1h/0005-no-symbolic.patch b/patches/openssl-1.0.1h/0005-no-symbolic.patch deleted file mode 100644 index 7fa7213..0000000 --- a/patches/openssl-1.0.1h/0005-no-symbolic.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Michael Olbrich -Date: Tue, 8 Apr 2014 07:48:47 +0200 -Subject: [PATCH] no-symbolic - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - Makefile.shared | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile.shared b/Makefile.shared -index 6e3f886..44e3d9c 100644 ---- a/Makefile.shared -+++ b/Makefile.shared -@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ - SHLIB_SUFFIX=; \ - ALLSYMSFLAGS='-Wl,--whole-archive'; \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ -- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" -+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - - DO_GNU_APP=LDFLAGS="$(CFLAGS)" - diff --git a/patches/openssl-1.0.1h/0006-pic.patch b/patches/openssl-1.0.1h/0006-pic.patch deleted file mode 100644 index d2494e1..0000000 --- a/patches/openssl-1.0.1h/0006-pic.patch +++ /dev/null @@ -1,189 +0,0 @@ -From: Michael Olbrich -Date: Tue, 8 Apr 2014 07:48:47 +0200 -Subject: [PATCH] pic - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/des/asm/desboth.pl | 17 ++++++++++++++--- - crypto/perlasm/cbc.pl | 24 ++++++++++++++++++++---- - crypto/perlasm/x86gas.pl | 16 ++++++++++++++++ - crypto/x86cpuid.pl | 10 +++++----- - 4 files changed, 55 insertions(+), 12 deletions(-) - -diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl -index eec0088..ab6f524 100644 ---- a/crypto/des/asm/desboth.pl -+++ b/crypto/des/asm/desboth.pl -@@ -16,6 +16,11 @@ sub DES_encrypt3 - - &push("edi"); - -+ &call (&label("pic_point0")); -+ &set_label("pic_point0"); -+ &blindpop("ebp"); -+ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); -+ - &comment(""); - &comment("Load the data words"); - &mov($L,&DWP(0,"ebx","",0)); -@@ -47,15 +52,21 @@ sub DES_encrypt3 - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "eax"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); - &mov(&swtmp(1), "edi"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "esi"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - - &stack_pop(3); - &mov($L,&DWP(0,"ebx","",0)); -diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl -index 24561e7..269fb0b 100644 ---- a/crypto/perlasm/cbc.pl -+++ b/crypto/perlasm/cbc.pl -@@ -122,7 +122,11 @@ sub cbc - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($enc_func); -+ &call (&label("pic_point0")); -+ &set_label("pic_point0"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); -+ &call("$enc_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -185,7 +189,11 @@ sub cbc - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($enc_func); -+ &call (&label("pic_point1")); -+ &set_label("pic_point1"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); -+ &call("$enc_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -218,7 +226,11 @@ sub cbc - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($dec_func); -+ &call (&label("pic_point2")); -+ &set_label("pic_point2"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); -+ &call("$dec_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # -@@ -261,7 +273,11 @@ sub cbc - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($dec_func); -+ &call (&label("pic_point3")); -+ &set_label("pic_point3"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); -+ &call("$dec_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # -diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl -index 682a3a3..9d4662c 100644 ---- a/crypto/perlasm/x86gas.pl -+++ b/crypto/perlasm/x86gas.pl -@@ -161,6 +161,7 @@ sub ::file_end - if ($::macosx) { push (@out,"$tmp,2\n"); } - elsif ($::elf) { push (@out,"$tmp,4\n"); } - else { push (@out,"$tmp\n"); } -+ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } - } - push(@out,$initseg) if ($initseg); - } -@@ -218,8 +219,23 @@ ___ - elsif ($::elf) - { $initseg.=<<___; - .section .init -+___ -+ if ($::pic) -+ { $initseg.=<<___; -+ pushl %ebx -+ call .pic_point0 -+.pic_point0: -+ popl %ebx -+ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx -+ call $f\@PLT -+ popl %ebx -+___ -+ } -+ else -+ { $initseg.=<<___; - call $f - ___ -+ } - } - elsif ($::coff) - { $initseg.=<<___; # applies to both Cygwin and Mingw -diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl -index b270b44..c01ba83 100644 ---- a/crypto/x86cpuid.pl -+++ b/crypto/x86cpuid.pl -@@ -8,6 +8,8 @@ require "x86asm.pl"; - - for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -+push(@out, ".hidden OPENSSL_ia32cap_P\n"); -+ - &function_begin("OPENSSL_ia32_cpuid"); - &xor ("edx","edx"); - &pushf (); -@@ -141,9 +143,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - &set_label("nocpuid"); - &function_end("OPENSSL_ia32_cpuid"); - --&external_label("OPENSSL_ia32cap_P"); -- --&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_rdtsc"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); -@@ -157,7 +157,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], - # but it's safe to call it on any [supported] 32-bit platform... - # Just check for [non-]zero return value... --&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_instrument_halt"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"ecx"),4); - &jnc (&label("nohalt")); # no TSC -@@ -224,7 +224,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - &ret (); - &function_end_B("OPENSSL_far_spin"); - --&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_wipe_cpu"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); diff --git a/patches/openssl-1.0.1h/0007-valgrind.patch b/patches/openssl-1.0.1h/0007-valgrind.patch deleted file mode 100644 index d3fbd12..0000000 --- a/patches/openssl-1.0.1h/0007-valgrind.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: Michael Olbrich -Date: Tue, 8 Apr 2014 07:48:47 +0200 -Subject: [PATCH] valgrind - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/rand/md_rand.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c -index aee1c30..1caf69c 100644 ---- a/crypto/rand/md_rand.c -+++ b/crypto/rand/md_rand.c -@@ -488,6 +488,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); - - #ifndef PURIFY /* purify complains */ -+#if 0 - /* The following line uses the supplied buffer as a small - * source of entropy: since this buffer is often uninitialised - * it may cause programs such as purify or valgrind to -@@ -497,6 +498,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) - */ - MD_Update(&m,buf,j); - #endif -+#endif - - k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; - if (k > 0) diff --git a/patches/openssl-1.0.1h/0008-rehash-crt.patch b/patches/openssl-1.0.1h/0008-rehash-crt.patch deleted file mode 100644 index c06898f..0000000 --- a/patches/openssl-1.0.1h/0008-rehash-crt.patch +++ /dev/null @@ -1,44 +0,0 @@ -From: Michael Olbrich -Date: Tue, 8 Apr 2014 07:48:47 +0200 -Subject: [PATCH] rehash-crt - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - tools/c_rehash.in | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/tools/c_rehash.in b/tools/c_rehash.in -index bfc4a69..4958e3d 100644 ---- a/tools/c_rehash.in -+++ b/tools/c_rehash.in -@@ -75,12 +75,15 @@ sub hash_dir { - } - } - closedir DIR; -- FILE: foreach $fname (grep {/\.pem$/} @flist) { -+ FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) { - # Check to see if certificates and/or CRLs present. - my ($cert, $crl) = check_file($fname); - if(!$cert && !$crl) { -- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; -- next; -+ ($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der -outform pem | "); -+ if(!$cert && !$crl) { -+ print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; -+ next; -+ } - } - link_hash_cert($fname) if($cert); - link_hash_crl($fname) if($crl); -@@ -153,6 +156,9 @@ sub link_hash_crl { - my $fname = $_[0]; - $fname =~ s/'/'\\''/g; - my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; -+ if(!$hash || !fprint) { -+ ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname' -inform der`; -+ } - chomp $hash; - chomp $fprint; - $fprint =~ s/^.*=//; diff --git a/patches/openssl-1.0.1h/0009-shared-lib-ext.patch b/patches/openssl-1.0.1h/0009-shared-lib-ext.patch deleted file mode 100644 index d7da2a3..0000000 --- a/patches/openssl-1.0.1h/0009-shared-lib-ext.patch +++ /dev/null @@ -1,25 +0,0 @@ -From: Michael Olbrich -Date: Tue, 8 Apr 2014 07:48:47 +0200 -Subject: [PATCH] shared-lib-ext - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - Configure | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/Configure b/Configure -index c676835..7571db1 100755 ---- a/Configure -+++ b/Configure -@@ -1725,7 +1725,8 @@ while () - elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) - { - my $sotmp = $1; -- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; -+# s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; -+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; - } - elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) - { diff --git a/patches/openssl-1.0.1h/0010-stddef.patch b/patches/openssl-1.0.1h/0010-stddef.patch deleted file mode 100644 index e0034c2..0000000 --- a/patches/openssl-1.0.1h/0010-stddef.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Michael Olbrich -Date: Tue, 8 Apr 2014 07:48:47 +0200 -Subject: [PATCH] stddef - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/sha/sha.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h -index 8a6bf4b..734b40a 100644 ---- a/crypto/sha/sha.h -+++ b/crypto/sha/sha.h -@@ -59,6 +59,7 @@ - #ifndef HEADER_SHA_H - #define HEADER_SHA_H - -+#include - #include - #include - diff --git a/patches/openssl-1.0.1h/0011-block_diginotar.patch b/patches/openssl-1.0.1h/0011-block_diginotar.patch deleted file mode 100644 index 3af0669..0000000 --- a/patches/openssl-1.0.1h/0011-block_diginotar.patch +++ /dev/null @@ -1,66 +0,0 @@ -From: Raphael Geissert -Date: Tue, 8 Apr 2014 07:48:47 +0200 -Subject: [PATCH] block_diginotar - -This is not meant as final patch. - - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/x509/x509_vfy.c | 27 +++++++++++++++++++++++++++ - 1 file changed, 27 insertions(+) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 920066a..5b1a0aa 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -117,6 +117,7 @@ static int check_trust(X509_STORE_CTX *ctx); - static int check_revocation(X509_STORE_CTX *ctx); - static int check_cert(X509_STORE_CTX *ctx); - static int check_policy(X509_STORE_CTX *ctx); -+static int check_ca_blacklist(X509_STORE_CTX *ctx); - - static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, - unsigned int *preasons, -@@ -369,6 +370,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx) - ok=internal_verify(ctx); - if(!ok) goto end; - -+ ok = check_ca_blacklist(ctx); -+ if(!ok) goto end; -+ - #ifndef OPENSSL_NO_RFC3779 - /* RFC 3779 path validation, now that CRL check has been done */ - ok = v3_asid_validate_path(ctx); -@@ -827,6 +831,29 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) - return 1; - } - -+static int check_ca_blacklist(X509_STORE_CTX *ctx) -+ { -+ X509 *x; -+ int i; -+ /* Check all certificates against the blacklist */ -+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) -+ { -+ x = sk_X509_value(ctx->chain, i); -+ /* Mark DigiNotar certificates as revoked, no matter -+ * where in the chain they are. -+ */ -+ if (x->name && strstr(x->name, "DigiNotar")) -+ { -+ ctx->error = X509_V_ERR_CERT_REVOKED; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0,ctx)) -+ return 0; -+ } -+ } -+ return 1; -+ } -+ - static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, - X509 **pissuer, int *pscore, unsigned int *preasons, - STACK_OF(X509_CRL) *crls) diff --git a/patches/openssl-1.0.1h/0012-block_digicert_malaysia.patch b/patches/openssl-1.0.1h/0012-block_digicert_malaysia.patch deleted file mode 100644 index e1457a8..0000000 --- a/patches/openssl-1.0.1h/0012-block_digicert_malaysia.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Raphael Geissert -Date: Tue, 8 Apr 2014 07:48:47 +0200 -Subject: [PATCH] block_digicert_malaysia - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/x509/x509_vfy.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 5b1a0aa..696f8d6 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -839,10 +839,11 @@ static int check_ca_blacklist(X509_STORE_CTX *ctx) - for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) - { - x = sk_X509_value(ctx->chain, i); -- /* Mark DigiNotar certificates as revoked, no matter -- * where in the chain they are. -+ /* Mark certificates containing the following names as -+ * revoked, no matter where in the chain they are. - */ -- if (x->name && strstr(x->name, "DigiNotar")) -+ if (x->name && (strstr(x->name, "DigiNotar") || -+ strstr(x->name, "Digicert Sdn. Bhd."))) - { - ctx->error = X509_V_ERR_CERT_REVOKED; - ctx->error_depth = i; diff --git a/patches/openssl-1.0.1h/0013-Change-default-bit-size-and-digest.patch b/patches/openssl-1.0.1h/0013-Change-default-bit-size-and-digest.patch deleted file mode 100644 index 02761e3..0000000 --- a/patches/openssl-1.0.1h/0013-Change-default-bit-size-and-digest.patch +++ /dev/null @@ -1,131 +0,0 @@ -From: Kurt Roeckx -Date: Fri, 1 Nov 2013 20:47:14 +0100 -Subject: [PATCH] Change default bit size and digest - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - apps/dhparam.c | 4 ++-- - apps/gendh.c | 2 +- - apps/genrsa.c | 2 +- - apps/openssl.cnf | 2 +- - crypto/dsa/dsa_ameth.c | 2 +- - crypto/ec/ec_ameth.c | 2 +- - crypto/hmac/hm_ameth.c | 2 +- - crypto/rsa/rsa_ameth.c | 2 +- - 8 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/apps/dhparam.c b/apps/dhparam.c -index 1297d6f..b0c05be 100644 ---- a/apps/dhparam.c -+++ b/apps/dhparam.c -@@ -130,7 +130,7 @@ - #undef PROG - #define PROG dhparam_main - --#define DEFBITS 512 -+#define DEFBITS 2048 - - /* -inform arg - input format - default PEM (DER or PEM) - * -outform arg - output format - default PEM -@@ -253,7 +253,7 @@ bad: - BIO_printf(bio_err," -C Output C code\n"); - BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); - BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); -- BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); -+ BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n"); - #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); - #endif -diff --git a/apps/gendh.c b/apps/gendh.c -index 4ec776b..8df8c62 100644 ---- a/apps/gendh.c -+++ b/apps/gendh.c -@@ -78,7 +78,7 @@ - #include - #include - --#define DEFBITS 512 -+#define DEFBITS 2048 - #undef PROG - #define PROG gendh_main - -diff --git a/apps/genrsa.c b/apps/genrsa.c -index ece114c..7a8c6c5 100644 ---- a/apps/genrsa.c -+++ b/apps/genrsa.c -@@ -78,7 +78,7 @@ - #include - #include - --#define DEFBITS 1024 -+#define DEFBITS 2048 - #undef PROG - #define PROG genrsa_main - -diff --git a/apps/openssl.cnf b/apps/openssl.cnf -index 18760c6..1eb86c4 100644 ---- a/apps/openssl.cnf -+++ b/apps/openssl.cnf -@@ -103,7 +103,7 @@ emailAddress = optional - - #################################################################### - [ req ] --default_bits = 1024 -+default_bits = 2048 - default_keyfile = privkey.pem - distinguished_name = req_distinguished_name - attributes = req_attributes -diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c -index 376156e..13318d7 100644 ---- a/crypto/dsa/dsa_ameth.c -+++ b/crypto/dsa/dsa_ameth.c -@@ -628,7 +628,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) - #endif - - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: -- *(int *)arg2 = NID_sha1; -+ *(int *)arg2 = NID_sha256; - return 2; - - default: -diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c -index 0ce4524..a04ac98 100644 ---- a/crypto/ec/ec_ameth.c -+++ b/crypto/ec/ec_ameth.c -@@ -615,7 +615,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) - #endif - - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: -- *(int *)arg2 = NID_sha1; -+ *(int *)arg2 = NID_sha256; - return 2; - - default: -diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c -index e03f24a..9fe6505 100644 ---- a/crypto/hmac/hm_ameth.c -+++ b/crypto/hmac/hm_ameth.c -@@ -89,7 +89,7 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) - switch (op) - { - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: -- *(int *)arg2 = NID_sha1; -+ *(int *)arg2 = NID_sha256; - return 1; - - default: -diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c -index 5a2062f..47fe535 100644 ---- a/crypto/rsa/rsa_ameth.c -+++ b/crypto/rsa/rsa_ameth.c -@@ -435,7 +435,7 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) - #endif - - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: -- *(int *)arg2 = NID_sha1; -+ *(int *)arg2 = NID_sha256; - return 1; - - default: diff --git a/patches/openssl-1.0.1h/0014-openssl_fix_for_x32.patch b/patches/openssl-1.0.1h/0014-openssl_fix_for_x32.patch deleted file mode 100644 index 36bfa49..0000000 --- a/patches/openssl-1.0.1h/0014-openssl_fix_for_x32.patch +++ /dev/null @@ -1,50 +0,0 @@ -From: Michael Olbrich -Date: Tue, 8 Apr 2014 07:48:47 +0200 -Subject: [PATCH] openssl_fix_for_x32 - -Imported from openssl_1.0.1g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/bn/asm/x86_64-gcc.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c -index acb0b40..acd76ce 100644 ---- a/crypto/bn/asm/x86_64-gcc.c -+++ b/crypto/bn/asm/x86_64-gcc.c -@@ -55,7 +55,7 @@ - * machine. - */ - --#ifdef _WIN64 -+#if defined _WIN64 || !defined __LP64__ - #define BN_ULONG unsigned long long - #else - #define BN_ULONG unsigned long -@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int - asm ( - " subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " adcq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " adcq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" -@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int - asm ( - " subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " sbbq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " sbbq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" diff --git a/patches/openssl-1.0.1h/series b/patches/openssl-1.0.1h/series deleted file mode 100644 index f55bace..0000000 --- a/patches/openssl-1.0.1h/series +++ /dev/null @@ -1,17 +0,0 @@ -# generated by git-ptx-patches -#tag:base --start-number 1 -0001-ca.patch -0002-debian-targets.patch -0003-engines-path.patch -0004-no-rpath.patch -0005-no-symbolic.patch -0006-pic.patch -0007-valgrind.patch -0008-rehash-crt.patch -0009-shared-lib-ext.patch -0010-stddef.patch -0011-block_diginotar.patch -0012-block_digicert_malaysia.patch -0013-Change-default-bit-size-and-digest.patch -0014-openssl_fix_for_x32.patch -# dd4d5e6590bf4d0a9b21935c6ca13a38 - git-ptx-patches magic diff --git a/patches/openssl-1.0.1i/0001-ca.patch b/patches/openssl-1.0.1i/0001-ca.patch new file mode 100644 index 0000000..3a54d2a --- /dev/null +++ b/patches/openssl-1.0.1i/0001-ca.patch @@ -0,0 +1,31 @@ +From: Michael Olbrich +Date: Tue, 8 Apr 2014 07:48:47 +0200 +Subject: [PATCH] ca + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + apps/CA.pl.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/apps/CA.pl.in b/apps/CA.pl.in +index c783a6e..fa665b7 100644 +--- a/apps/CA.pl.in ++++ b/apps/CA.pl.in +@@ -65,6 +65,7 @@ $RET = 0; + foreach (@ARGV) { + if ( /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; ++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; + exit 0; + } elsif (/^-newcert$/) { + # create a certificate +@@ -165,6 +166,7 @@ foreach (@ARGV) { + } else { + print STDERR "Unknown arg $_\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; ++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; + exit 1; + } + } diff --git a/patches/openssl-1.0.1i/0002-debian-targets.patch b/patches/openssl-1.0.1i/0002-debian-targets.patch new file mode 100644 index 0000000..b3191ae --- /dev/null +++ b/patches/openssl-1.0.1i/0002-debian-targets.patch @@ -0,0 +1,80 @@ +From: Michael Olbrich +Date: Tue, 8 Apr 2014 07:48:47 +0200 +Subject: [PATCH] debian-targets + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + Configure | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 51 insertions(+) + +diff --git a/Configure b/Configure +index de78469..79082df 100755 +--- a/Configure ++++ b/Configure +@@ -105,6 +105,10 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta + + my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; + ++# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS ++my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; ++$debian_cflags =~ s/\n/ /g; ++ + my $strict_warnings = 0; + + my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; +@@ -340,6 +344,53 @@ my %table=( + "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", + "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", + ++# Debian GNU/* (various architectures) ++"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", ++"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", ++ + #### + #### Variety of LINUX:-) + #### diff --git a/patches/openssl-1.0.1i/0003-engines-path.patch b/patches/openssl-1.0.1i/0003-engines-path.patch new file mode 100644 index 0000000..412247b --- /dev/null +++ b/patches/openssl-1.0.1i/0003-engines-path.patch @@ -0,0 +1,92 @@ +From: Michael Olbrich +Date: Tue, 8 Apr 2014 07:48:47 +0200 +Subject: [PATCH] engines-path + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + Configure | 2 +- + Makefile.org | 2 +- + engines/Makefile | 10 +++++----- + engines/ccgost/Makefile | 6 +++--- + 4 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/Configure b/Configure +index 79082df..c676835 100755 +--- a/Configure ++++ b/Configure +@@ -1855,7 +1855,7 @@ while () + } + elsif (/^#define\s+ENGINESDIR/) + { +- my $foo = "$prefix/$libdir/engines"; ++ my $foo = "$prefix/$libdir/openssl-1.0.0/engines"; + $foo =~ s/\\/\\\\/g; + print OUT "#define ENGINESDIR \"$foo\"\n"; + } +diff --git a/Makefile.org b/Makefile.org +index c92806f..5117a0e 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -543,7 +543,7 @@ install: all install_docs install_sw + install_sw: + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ +- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ ++ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ + $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ +diff --git a/engines/Makefile b/engines/Makefile +index 2fa9534..58e0281 100644 +--- a/engines/Makefile ++++ b/engines/Makefile +@@ -107,7 +107,7 @@ install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ +- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \ ++ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines; \ + for l in $(LIBNAMES); do \ + ( echo installing $$l; \ + pfx=lib; \ +@@ -119,13 +119,13 @@ install: + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ + else \ + sfx=".so"; \ +- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx ); \ + done; \ + fi + @target=install; $(RECURSIVE_MAKE) +diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile +index d661c10..3e593b1 100644 +--- a/engines/ccgost/Makefile ++++ b/engines/ccgost/Makefile +@@ -53,13 +53,13 @@ install: + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + else \ + sfx=".so"; \ + cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx; \ + fi + + links: diff --git a/patches/openssl-1.0.1i/0004-no-rpath.patch b/patches/openssl-1.0.1i/0004-no-rpath.patch new file mode 100644 index 0000000..8c9fbc1 --- /dev/null +++ b/patches/openssl-1.0.1i/0004-no-rpath.patch @@ -0,0 +1,24 @@ +From: Michael Olbrich +Date: Tue, 8 Apr 2014 07:48:47 +0200 +Subject: [PATCH] no-rpath + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + Makefile.shared | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.shared b/Makefile.shared +index e753f44..6e3f886 100644 +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/patches/openssl-1.0.1i/0005-no-symbolic.patch b/patches/openssl-1.0.1i/0005-no-symbolic.patch new file mode 100644 index 0000000..7fa7213 --- /dev/null +++ b/patches/openssl-1.0.1i/0005-no-symbolic.patch @@ -0,0 +1,24 @@ +From: Michael Olbrich +Date: Tue, 8 Apr 2014 07:48:47 +0200 +Subject: [PATCH] no-symbolic + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + Makefile.shared | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.shared b/Makefile.shared +index 6e3f886..44e3d9c 100644 +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS='-Wl,--whole-archive'; \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ +- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" ++ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + + DO_GNU_APP=LDFLAGS="$(CFLAGS)" + diff --git a/patches/openssl-1.0.1i/0006-pic.patch b/patches/openssl-1.0.1i/0006-pic.patch new file mode 100644 index 0000000..d2494e1 --- /dev/null +++ b/patches/openssl-1.0.1i/0006-pic.patch @@ -0,0 +1,189 @@ +From: Michael Olbrich +Date: Tue, 8 Apr 2014 07:48:47 +0200 +Subject: [PATCH] pic + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + crypto/des/asm/desboth.pl | 17 ++++++++++++++--- + crypto/perlasm/cbc.pl | 24 ++++++++++++++++++++---- + crypto/perlasm/x86gas.pl | 16 ++++++++++++++++ + crypto/x86cpuid.pl | 10 +++++----- + 4 files changed, 55 insertions(+), 12 deletions(-) + +diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl +index eec0088..ab6f524 100644 +--- a/crypto/des/asm/desboth.pl ++++ b/crypto/des/asm/desboth.pl +@@ -16,6 +16,11 @@ sub DES_encrypt3 + + &push("edi"); + ++ &call (&label("pic_point0")); ++ &set_label("pic_point0"); ++ &blindpop("ebp"); ++ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); ++ + &comment(""); + &comment("Load the data words"); + &mov($L,&DWP(0,"ebx","",0)); +@@ -47,15 +52,21 @@ sub DES_encrypt3 + &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); + &mov(&swtmp(1), "eax"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); + &mov(&swtmp(1), "edi"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); + &mov(&swtmp(1), "esi"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + + &stack_pop(3); + &mov($L,&DWP(0,"ebx","",0)); +diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl +index 24561e7..269fb0b 100644 +--- a/crypto/perlasm/cbc.pl ++++ b/crypto/perlasm/cbc.pl +@@ -122,7 +122,11 @@ sub cbc + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($enc_func); ++ &call (&label("pic_point0")); ++ &set_label("pic_point0"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); ++ &call("$enc_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); + &mov("ebx", &DWP($data_off+4,"esp","",0)); +@@ -185,7 +189,11 @@ sub cbc + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($enc_func); ++ &call (&label("pic_point1")); ++ &set_label("pic_point1"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); ++ &call("$enc_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); + &mov("ebx", &DWP($data_off+4,"esp","",0)); +@@ -218,7 +226,11 @@ sub cbc + &mov(&DWP($data_off,"esp","",0), "eax"); # put back + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($dec_func); ++ &call (&label("pic_point2")); ++ &set_label("pic_point2"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); ++ &call("$dec_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); # get return + &mov("ebx", &DWP($data_off+4,"esp","",0)); # +@@ -261,7 +273,11 @@ sub cbc + &mov(&DWP($data_off,"esp","",0), "eax"); # put back + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($dec_func); ++ &call (&label("pic_point3")); ++ &set_label("pic_point3"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); ++ &call("$dec_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); # get return + &mov("ebx", &DWP($data_off+4,"esp","",0)); # +diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl +index 682a3a3..9d4662c 100644 +--- a/crypto/perlasm/x86gas.pl ++++ b/crypto/perlasm/x86gas.pl +@@ -161,6 +161,7 @@ sub ::file_end + if ($::macosx) { push (@out,"$tmp,2\n"); } + elsif ($::elf) { push (@out,"$tmp,4\n"); } + else { push (@out,"$tmp\n"); } ++ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } + } + push(@out,$initseg) if ($initseg); + } +@@ -218,8 +219,23 @@ ___ + elsif ($::elf) + { $initseg.=<<___; + .section .init ++___ ++ if ($::pic) ++ { $initseg.=<<___; ++ pushl %ebx ++ call .pic_point0 ++.pic_point0: ++ popl %ebx ++ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx ++ call $f\@PLT ++ popl %ebx ++___ ++ } ++ else ++ { $initseg.=<<___; + call $f + ___ ++ } + } + elsif ($::coff) + { $initseg.=<<___; # applies to both Cygwin and Mingw +diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl +index b270b44..c01ba83 100644 +--- a/crypto/x86cpuid.pl ++++ b/crypto/x86cpuid.pl +@@ -8,6 +8,8 @@ require "x86asm.pl"; + + for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + ++push(@out, ".hidden OPENSSL_ia32cap_P\n"); ++ + &function_begin("OPENSSL_ia32_cpuid"); + &xor ("edx","edx"); + &pushf (); +@@ -141,9 +143,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + &set_label("nocpuid"); + &function_end("OPENSSL_ia32_cpuid"); + +-&external_label("OPENSSL_ia32cap_P"); +- +-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_rdtsc"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &picmeup("ecx","OPENSSL_ia32cap_P"); +@@ -157,7 +157,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], + # but it's safe to call it on any [supported] 32-bit platform... + # Just check for [non-]zero return value... +-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_instrument_halt"); + &picmeup("ecx","OPENSSL_ia32cap_P"); + &bt (&DWP(0,"ecx"),4); + &jnc (&label("nohalt")); # no TSC +@@ -224,7 +224,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + &ret (); + &function_end_B("OPENSSL_far_spin"); + +-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_wipe_cpu"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &picmeup("ecx","OPENSSL_ia32cap_P"); diff --git a/patches/openssl-1.0.1i/0007-valgrind.patch b/patches/openssl-1.0.1i/0007-valgrind.patch new file mode 100644 index 0000000..d3fbd12 --- /dev/null +++ b/patches/openssl-1.0.1i/0007-valgrind.patch @@ -0,0 +1,31 @@ +From: Michael Olbrich +Date: Tue, 8 Apr 2014 07:48:47 +0200 +Subject: [PATCH] valgrind + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + crypto/rand/md_rand.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c +index aee1c30..1caf69c 100644 +--- a/crypto/rand/md_rand.c ++++ b/crypto/rand/md_rand.c +@@ -488,6 +488,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) + MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); + + #ifndef PURIFY /* purify complains */ ++#if 0 + /* The following line uses the supplied buffer as a small + * source of entropy: since this buffer is often uninitialised + * it may cause programs such as purify or valgrind to +@@ -497,6 +498,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo) + */ + MD_Update(&m,buf,j); + #endif ++#endif + + k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; + if (k > 0) diff --git a/patches/openssl-1.0.1i/0008-rehash-crt.patch b/patches/openssl-1.0.1i/0008-rehash-crt.patch new file mode 100644 index 0000000..c06898f --- /dev/null +++ b/patches/openssl-1.0.1i/0008-rehash-crt.patch @@ -0,0 +1,44 @@ +From: Michael Olbrich +Date: Tue, 8 Apr 2014 07:48:47 +0200 +Subject: [PATCH] rehash-crt + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + tools/c_rehash.in | 12 +++++++++--- + 1 file changed, 9 insertions(+), 3 deletions(-) + +diff --git a/tools/c_rehash.in b/tools/c_rehash.in +index bfc4a69..4958e3d 100644 +--- a/tools/c_rehash.in ++++ b/tools/c_rehash.in +@@ -75,12 +75,15 @@ sub hash_dir { + } + } + closedir DIR; +- FILE: foreach $fname (grep {/\.pem$/} @flist) { ++ FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) { + # Check to see if certificates and/or CRLs present. + my ($cert, $crl) = check_file($fname); + if(!$cert && !$crl) { +- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; +- next; ++ ($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der -outform pem | "); ++ if(!$cert && !$crl) { ++ print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; ++ next; ++ } + } + link_hash_cert($fname) if($cert); + link_hash_crl($fname) if($crl); +@@ -153,6 +156,9 @@ sub link_hash_crl { + my $fname = $_[0]; + $fname =~ s/'/'\\''/g; + my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; ++ if(!$hash || !fprint) { ++ ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname' -inform der`; ++ } + chomp $hash; + chomp $fprint; + $fprint =~ s/^.*=//; diff --git a/patches/openssl-1.0.1i/0009-shared-lib-ext.patch b/patches/openssl-1.0.1i/0009-shared-lib-ext.patch new file mode 100644 index 0000000..d7da2a3 --- /dev/null +++ b/patches/openssl-1.0.1i/0009-shared-lib-ext.patch @@ -0,0 +1,25 @@ +From: Michael Olbrich +Date: Tue, 8 Apr 2014 07:48:47 +0200 +Subject: [PATCH] shared-lib-ext + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + Configure | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/Configure b/Configure +index c676835..7571db1 100755 +--- a/Configure ++++ b/Configure +@@ -1725,7 +1725,8 @@ while () + elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) + { + my $sotmp = $1; +- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; ++# s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; ++ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) + { diff --git a/patches/openssl-1.0.1i/0010-stddef.patch b/patches/openssl-1.0.1i/0010-stddef.patch new file mode 100644 index 0000000..e0034c2 --- /dev/null +++ b/patches/openssl-1.0.1i/0010-stddef.patch @@ -0,0 +1,23 @@ +From: Michael Olbrich +Date: Tue, 8 Apr 2014 07:48:47 +0200 +Subject: [PATCH] stddef + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + crypto/sha/sha.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h +index 8a6bf4b..734b40a 100644 +--- a/crypto/sha/sha.h ++++ b/crypto/sha/sha.h +@@ -59,6 +59,7 @@ + #ifndef HEADER_SHA_H + #define HEADER_SHA_H + ++#include + #include + #include + diff --git a/patches/openssl-1.0.1i/0011-block_diginotar.patch b/patches/openssl-1.0.1i/0011-block_diginotar.patch new file mode 100644 index 0000000..3af0669 --- /dev/null +++ b/patches/openssl-1.0.1i/0011-block_diginotar.patch @@ -0,0 +1,66 @@ +From: Raphael Geissert +Date: Tue, 8 Apr 2014 07:48:47 +0200 +Subject: [PATCH] block_diginotar + +This is not meant as final patch. + + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + crypto/x509/x509_vfy.c | 27 +++++++++++++++++++++++++++ + 1 file changed, 27 insertions(+) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index 920066a..5b1a0aa 100644 +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -117,6 +117,7 @@ static int check_trust(X509_STORE_CTX *ctx); + static int check_revocation(X509_STORE_CTX *ctx); + static int check_cert(X509_STORE_CTX *ctx); + static int check_policy(X509_STORE_CTX *ctx); ++static int check_ca_blacklist(X509_STORE_CTX *ctx); + + static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, + unsigned int *preasons, +@@ -369,6 +370,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + ok=internal_verify(ctx); + if(!ok) goto end; + ++ ok = check_ca_blacklist(ctx); ++ if(!ok) goto end; ++ + #ifndef OPENSSL_NO_RFC3779 + /* RFC 3779 path validation, now that CRL check has been done */ + ok = v3_asid_validate_path(ctx); +@@ -827,6 +831,29 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) + return 1; + } + ++static int check_ca_blacklist(X509_STORE_CTX *ctx) ++ { ++ X509 *x; ++ int i; ++ /* Check all certificates against the blacklist */ ++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) ++ { ++ x = sk_X509_value(ctx->chain, i); ++ /* Mark DigiNotar certificates as revoked, no matter ++ * where in the chain they are. ++ */ ++ if (x->name && strstr(x->name, "DigiNotar")) ++ { ++ ctx->error = X509_V_ERR_CERT_REVOKED; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0,ctx)) ++ return 0; ++ } ++ } ++ return 1; ++ } ++ + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, + X509 **pissuer, int *pscore, unsigned int *preasons, + STACK_OF(X509_CRL) *crls) diff --git a/patches/openssl-1.0.1i/0012-block_digicert_malaysia.patch b/patches/openssl-1.0.1i/0012-block_digicert_malaysia.patch new file mode 100644 index 0000000..e1457a8 --- /dev/null +++ b/patches/openssl-1.0.1i/0012-block_digicert_malaysia.patch @@ -0,0 +1,30 @@ +From: Raphael Geissert +Date: Tue, 8 Apr 2014 07:48:47 +0200 +Subject: [PATCH] block_digicert_malaysia + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + crypto/x509/x509_vfy.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index 5b1a0aa..696f8d6 100644 +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -839,10 +839,11 @@ static int check_ca_blacklist(X509_STORE_CTX *ctx) + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) + { + x = sk_X509_value(ctx->chain, i); +- /* Mark DigiNotar certificates as revoked, no matter +- * where in the chain they are. ++ /* Mark certificates containing the following names as ++ * revoked, no matter where in the chain they are. + */ +- if (x->name && strstr(x->name, "DigiNotar")) ++ if (x->name && (strstr(x->name, "DigiNotar") || ++ strstr(x->name, "Digicert Sdn. Bhd."))) + { + ctx->error = X509_V_ERR_CERT_REVOKED; + ctx->error_depth = i; diff --git a/patches/openssl-1.0.1i/0013-Change-default-bit-size-and-digest.patch b/patches/openssl-1.0.1i/0013-Change-default-bit-size-and-digest.patch new file mode 100644 index 0000000..02761e3 --- /dev/null +++ b/patches/openssl-1.0.1i/0013-Change-default-bit-size-and-digest.patch @@ -0,0 +1,131 @@ +From: Kurt Roeckx +Date: Fri, 1 Nov 2013 20:47:14 +0100 +Subject: [PATCH] Change default bit size and digest + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + apps/dhparam.c | 4 ++-- + apps/gendh.c | 2 +- + apps/genrsa.c | 2 +- + apps/openssl.cnf | 2 +- + crypto/dsa/dsa_ameth.c | 2 +- + crypto/ec/ec_ameth.c | 2 +- + crypto/hmac/hm_ameth.c | 2 +- + crypto/rsa/rsa_ameth.c | 2 +- + 8 files changed, 9 insertions(+), 9 deletions(-) + +diff --git a/apps/dhparam.c b/apps/dhparam.c +index 1297d6f..b0c05be 100644 +--- a/apps/dhparam.c ++++ b/apps/dhparam.c +@@ -130,7 +130,7 @@ + #undef PROG + #define PROG dhparam_main + +-#define DEFBITS 512 ++#define DEFBITS 2048 + + /* -inform arg - input format - default PEM (DER or PEM) + * -outform arg - output format - default PEM +@@ -253,7 +253,7 @@ bad: + BIO_printf(bio_err," -C Output C code\n"); + BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); + BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); +- BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); ++ BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n"); + #ifndef OPENSSL_NO_ENGINE + BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); + #endif +diff --git a/apps/gendh.c b/apps/gendh.c +index 4ec776b..8df8c62 100644 +--- a/apps/gendh.c ++++ b/apps/gendh.c +@@ -78,7 +78,7 @@ + #include + #include + +-#define DEFBITS 512 ++#define DEFBITS 2048 + #undef PROG + #define PROG gendh_main + +diff --git a/apps/genrsa.c b/apps/genrsa.c +index ece114c..7a8c6c5 100644 +--- a/apps/genrsa.c ++++ b/apps/genrsa.c +@@ -78,7 +78,7 @@ + #include + #include + +-#define DEFBITS 1024 ++#define DEFBITS 2048 + #undef PROG + #define PROG genrsa_main + +diff --git a/apps/openssl.cnf b/apps/openssl.cnf +index 18760c6..1eb86c4 100644 +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf +@@ -103,7 +103,7 @@ emailAddress = optional + + #################################################################### + [ req ] +-default_bits = 1024 ++default_bits = 2048 + default_keyfile = privkey.pem + distinguished_name = req_distinguished_name + attributes = req_attributes +diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c +index 376156e..13318d7 100644 +--- a/crypto/dsa/dsa_ameth.c ++++ b/crypto/dsa/dsa_ameth.c +@@ -628,7 +628,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + #endif + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: +- *(int *)arg2 = NID_sha1; ++ *(int *)arg2 = NID_sha256; + return 2; + + default: +diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c +index 0ce4524..a04ac98 100644 +--- a/crypto/ec/ec_ameth.c ++++ b/crypto/ec/ec_ameth.c +@@ -615,7 +615,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + #endif + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: +- *(int *)arg2 = NID_sha1; ++ *(int *)arg2 = NID_sha256; + return 2; + + default: +diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c +index e03f24a..9fe6505 100644 +--- a/crypto/hmac/hm_ameth.c ++++ b/crypto/hmac/hm_ameth.c +@@ -89,7 +89,7 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + switch (op) + { + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: +- *(int *)arg2 = NID_sha1; ++ *(int *)arg2 = NID_sha256; + return 1; + + default: +diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c +index 5a2062f..47fe535 100644 +--- a/crypto/rsa/rsa_ameth.c ++++ b/crypto/rsa/rsa_ameth.c +@@ -435,7 +435,7 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) + #endif + + case ASN1_PKEY_CTRL_DEFAULT_MD_NID: +- *(int *)arg2 = NID_sha1; ++ *(int *)arg2 = NID_sha256; + return 1; + + default: diff --git a/patches/openssl-1.0.1i/0014-openssl_fix_for_x32.patch b/patches/openssl-1.0.1i/0014-openssl_fix_for_x32.patch new file mode 100644 index 0000000..36bfa49 --- /dev/null +++ b/patches/openssl-1.0.1i/0014-openssl_fix_for_x32.patch @@ -0,0 +1,50 @@ +From: Michael Olbrich +Date: Tue, 8 Apr 2014 07:48:47 +0200 +Subject: [PATCH] openssl_fix_for_x32 + +Imported from openssl_1.0.1g-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + crypto/bn/asm/x86_64-gcc.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c +index acb0b40..acd76ce 100644 +--- a/crypto/bn/asm/x86_64-gcc.c ++++ b/crypto/bn/asm/x86_64-gcc.c +@@ -55,7 +55,7 @@ + * machine. + */ + +-#ifdef _WIN64 ++#if defined _WIN64 || !defined __LP64__ + #define BN_ULONG unsigned long long + #else + #define BN_ULONG unsigned long +@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int + asm ( + " subq %2,%2 \n" + ".p2align 4 \n" +- "1: movq (%4,%2,8),%0 \n" +- " adcq (%5,%2,8),%0 \n" +- " movq %0,(%3,%2,8) \n" ++ "1: movq (%q4,%2,8),%0 \n" ++ " adcq (%q5,%2,8),%0 \n" ++ " movq %0,(%q3,%2,8) \n" + " leaq 1(%2),%2 \n" + " loop 1b \n" + " sbbq %0,%0 \n" +@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int + asm ( + " subq %2,%2 \n" + ".p2align 4 \n" +- "1: movq (%4,%2,8),%0 \n" +- " sbbq (%5,%2,8),%0 \n" +- " movq %0,(%3,%2,8) \n" ++ "1: movq (%q4,%2,8),%0 \n" ++ " sbbq (%q5,%2,8),%0 \n" ++ " movq %0,(%q3,%2,8) \n" + " leaq 1(%2),%2 \n" + " loop 1b \n" + " sbbq %0,%0 \n" diff --git a/patches/openssl-1.0.1i/series b/patches/openssl-1.0.1i/series new file mode 100644 index 0000000..f55bace --- /dev/null +++ b/patches/openssl-1.0.1i/series @@ -0,0 +1,17 @@ +# generated by git-ptx-patches +#tag:base --start-number 1 +0001-ca.patch +0002-debian-targets.patch +0003-engines-path.patch +0004-no-rpath.patch +0005-no-symbolic.patch +0006-pic.patch +0007-valgrind.patch +0008-rehash-crt.patch +0009-shared-lib-ext.patch +0010-stddef.patch +0011-block_diginotar.patch +0012-block_digicert_malaysia.patch +0013-Change-default-bit-size-and-digest.patch +0014-openssl_fix_for_x32.patch +# dd4d5e6590bf4d0a9b21935c6ca13a38 - git-ptx-patches magic diff --git a/rules/openssl.make b/rules/openssl.make index dce98f5..2939868 100644 --- a/rules/openssl.make +++ b/rules/openssl.make @@ -18,8 +18,8 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl # # Paths and names # -OPENSSL_VERSION := 1.0.1h -OPENSSL_MD5 := 8d6d684a9430d5cc98a62a5d8fbda8cf +OPENSSL_VERSION := 1.0.1i +OPENSSL_MD5 := c8dc151a671b9b92ff3e4c118b174972 OPENSSL := openssl-$(OPENSSL_VERSION) OPENSSL_SUFFIX := tar.gz OPENSSL_URL := http://www.openssl.org/source/$(OPENSSL).$(OPENSSL_SUFFIX) -- 2.0.4 -- ptxdist mailing list ptxdist@pengutronix.de