From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mail.kamstrup.com ([93.167.225.188]) by metis.ext.pengutronix.de with esmtp (Exim 4.72) (envelope-from ) id 1YQH8V-00061s-Hg for ptxdist@pengutronix.de; Tue, 24 Feb 2015 16:11:02 +0100 From: Bruno Thomsen Date: Tue, 24 Feb 2015 16:10:39 +0100 Message-ID: <1424790639-28303-1-git-send-email-bth@kamstrup.com> MIME-Version: 1.0 Subject: [ptxdist] [PATCH] openssl: version bump 1.0.1k -> 1.0.2 Reply-To: ptxdist@pengutronix.de List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ptxdist-bounces@pengutronix.de Errors-To: ptxdist-bounces@pengutronix.de To: ptxdist@pengutronix.de Cc: bth@kamstrup.com Used Debian patch series and ptxdist specific patch from 1.0.1k. Debian patches was generated using Michael Olbrich's openssl-apply-debian script using the following source: openssl_1.0.2-1.debian.tar.xz [MD5: 3df9826bec6f37f4d4d524291ed4f1f3] Signed-off-by: Bruno Thomsen --- patches/openssl-1.0.1k/0007-valgrind.patch | 31 ----- patches/openssl-1.0.1k/0008-rehash-crt.patch | 44 ------- patches/openssl-1.0.1k/0010-stddef.patch | 23 ---- .../0013-Change-default-bit-size-and-digest.patch | 131 --------------------- .../openssl-1.0.1k/0014-openssl_fix_for_x32.patch | 50 -------- .../0001-ca.patch | 10 +- .../0002-debian-targets.patch | 16 +-- .../0003-engines-path.patch | 53 +++++---- .../0004-no-rpath.patch | 10 +- .../0005-no-symbolic.patch | 10 +- .../0006-pic.patch | 26 ++-- patches/openssl-1.0.2/0007-valgrind.patch | 31 +++++ .../0008-shared-lib-ext.patch} | 12 +- .../0009-libdoc-manpgs-pod-spell.patch | 24 ++++ .../openssl-1.0.2/0010-openssl-pod-misspell.patch | 52 ++++++++ .../0011-block_diginotar.patch | 32 ++--- .../0012-block_digicert_malaysia.patch | 10 +- .../openssl-1.0.2/0013-Disable-the-freelist.patch | 42 +++++++ ...-don-t-ask-dpkg-buildflags-for-more-flags.patch | 0 patches/{openssl-1.0.1k => openssl-1.0.2}/series | 11 +- rules/openssl.make | 4 +- 21 files changed, 250 insertions(+), 372 deletions(-) delete mode 100644 patches/openssl-1.0.1k/0007-valgrind.patch delete mode 100644 patches/openssl-1.0.1k/0008-rehash-crt.patch delete mode 100644 patches/openssl-1.0.1k/0010-stddef.patch delete mode 100644 patches/openssl-1.0.1k/0013-Change-default-bit-size-and-digest.patch delete mode 100644 patches/openssl-1.0.1k/0014-openssl_fix_for_x32.patch rename patches/{openssl-1.0.1k => openssl-1.0.2}/0001-ca.patch (77%) rename patches/{openssl-1.0.1k => openssl-1.0.2}/0002-debian-targets.patch (92%) rename patches/{openssl-1.0.1k => openssl-1.0.2}/0003-engines-path.patch (77%) rename patches/{openssl-1.0.1k => openssl-1.0.2}/0004-no-rpath.patch (73%) rename patches/{openssl-1.0.1k => openssl-1.0.2}/0005-no-symbolic.patch (72%) rename patches/{openssl-1.0.1k => openssl-1.0.2}/0006-pic.patch (89%) create mode 100644 patches/openssl-1.0.2/0007-valgrind.patch rename patches/{openssl-1.0.1k/0009-shared-lib-ext.patch => openssl-1.0.2/0008-shared-lib-ext.patch} (70%) create mode 100644 patches/openssl-1.0.2/0009-libdoc-manpgs-pod-spell.patch create mode 100644 patches/openssl-1.0.2/0010-openssl-pod-misspell.patch rename patches/{openssl-1.0.1k => openssl-1.0.2}/0011-block_diginotar.patch (65%) rename patches/{openssl-1.0.1k => openssl-1.0.2}/0012-block_digicert_malaysia.patch (77%) create mode 100644 patches/openssl-1.0.2/0013-Disable-the-freelist.patch rename patches/{openssl-1.0.1k => openssl-1.0.2}/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch (100%) rename patches/{openssl-1.0.1k => openssl-1.0.2}/series (65%) diff --git a/patches/openssl-1.0.1k/0007-valgrind.patch b/patches/openssl-1.0.1k/0007-valgrind.patch deleted file mode 100644 index 9ec92c4..0000000 --- a/patches/openssl-1.0.1k/0007-valgrind.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: Michael Olbrich -Date: Sat, 10 Jan 2015 09:16:02 +0100 -Subject: [PATCH] valgrind - -Imported from openssl_1.0.1k-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/rand/md_rand.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c -index 888b4eb8dd0b..90ec46315f4d 100644 ---- a/crypto/rand/md_rand.c -+++ b/crypto/rand/md_rand.c -@@ -482,6 +482,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) - MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c)); - - #ifndef PURIFY /* purify complains */ -+#if 0 - /* The following line uses the supplied buffer as a small - * source of entropy: since this buffer is often uninitialised - * it may cause programs such as purify or valgrind to -@@ -491,6 +492,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) - */ - MD_Update(&m,buf,j); - #endif -+#endif - - k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; - if (k > 0) diff --git a/patches/openssl-1.0.1k/0008-rehash-crt.patch b/patches/openssl-1.0.1k/0008-rehash-crt.patch deleted file mode 100644 index 2dbcaaf..0000000 --- a/patches/openssl-1.0.1k/0008-rehash-crt.patch +++ /dev/null @@ -1,44 +0,0 @@ -From: Michael Olbrich -Date: Sat, 10 Jan 2015 09:16:02 +0100 -Subject: [PATCH] rehash-crt - -Imported from openssl_1.0.1k-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - tools/c_rehash.in | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) - -diff --git a/tools/c_rehash.in b/tools/c_rehash.in -index bfc4a69ed4bc..4958e3dd05a7 100644 ---- a/tools/c_rehash.in -+++ b/tools/c_rehash.in -@@ -75,12 +75,15 @@ sub hash_dir { - } - } - closedir DIR; -- FILE: foreach $fname (grep {/\.pem$/} @flist) { -+ FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) { - # Check to see if certificates and/or CRLs present. - my ($cert, $crl) = check_file($fname); - if(!$cert && !$crl) { -- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; -- next; -+ ($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der -outform pem | "); -+ if(!$cert && !$crl) { -+ print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n"; -+ next; -+ } - } - link_hash_cert($fname) if($cert); - link_hash_crl($fname) if($crl); -@@ -153,6 +156,9 @@ sub link_hash_crl { - my $fname = $_[0]; - $fname =~ s/'/'\\''/g; - my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`; -+ if(!$hash || !fprint) { -+ ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname' -inform der`; -+ } - chomp $hash; - chomp $fprint; - $fprint =~ s/^.*=//; diff --git a/patches/openssl-1.0.1k/0010-stddef.patch b/patches/openssl-1.0.1k/0010-stddef.patch deleted file mode 100644 index 0de468e..0000000 --- a/patches/openssl-1.0.1k/0010-stddef.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Michael Olbrich -Date: Sat, 10 Jan 2015 09:16:02 +0100 -Subject: [PATCH] stddef - -Imported from openssl_1.0.1k-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/sha/sha.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h -index 8a6bf4bbbb1d..734b40ac2da3 100644 ---- a/crypto/sha/sha.h -+++ b/crypto/sha/sha.h -@@ -59,6 +59,7 @@ - #ifndef HEADER_SHA_H - #define HEADER_SHA_H - -+#include - #include - #include - diff --git a/patches/openssl-1.0.1k/0013-Change-default-bit-size-and-digest.patch b/patches/openssl-1.0.1k/0013-Change-default-bit-size-and-digest.patch deleted file mode 100644 index 9174402..0000000 --- a/patches/openssl-1.0.1k/0013-Change-default-bit-size-and-digest.patch +++ /dev/null @@ -1,131 +0,0 @@ -From: Kurt Roeckx -Date: Fri, 1 Nov 2013 20:47:14 +0100 -Subject: [PATCH] Change default bit size and digest - -Imported from openssl_1.0.1k-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - apps/dhparam.c | 4 ++-- - apps/gendh.c | 2 +- - apps/genrsa.c | 2 +- - apps/openssl.cnf | 2 +- - crypto/dsa/dsa_ameth.c | 2 +- - crypto/ec/ec_ameth.c | 2 +- - crypto/hmac/hm_ameth.c | 2 +- - crypto/rsa/rsa_ameth.c | 2 +- - 8 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/apps/dhparam.c b/apps/dhparam.c -index 1297d6fb5ec9..b0c05befc8bb 100644 ---- a/apps/dhparam.c -+++ b/apps/dhparam.c -@@ -130,7 +130,7 @@ - #undef PROG - #define PROG dhparam_main - --#define DEFBITS 512 -+#define DEFBITS 2048 - - /* -inform arg - input format - default PEM (DER or PEM) - * -outform arg - output format - default PEM -@@ -253,7 +253,7 @@ bad: - BIO_printf(bio_err," -C Output C code\n"); - BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n"); - BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n"); -- BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n"); -+ BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n"); - #ifndef OPENSSL_NO_ENGINE - BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); - #endif -diff --git a/apps/gendh.c b/apps/gendh.c -index 4ec776ba9399..8df8c62f8aa3 100644 ---- a/apps/gendh.c -+++ b/apps/gendh.c -@@ -78,7 +78,7 @@ - #include - #include - --#define DEFBITS 512 -+#define DEFBITS 2048 - #undef PROG - #define PROG gendh_main - -diff --git a/apps/genrsa.c b/apps/genrsa.c -index ece114c876a6..7a8c6c58ad62 100644 ---- a/apps/genrsa.c -+++ b/apps/genrsa.c -@@ -78,7 +78,7 @@ - #include - #include - --#define DEFBITS 1024 -+#define DEFBITS 2048 - #undef PROG - #define PROG genrsa_main - -diff --git a/apps/openssl.cnf b/apps/openssl.cnf -index 18760c6e673d..1eb86c401263 100644 ---- a/apps/openssl.cnf -+++ b/apps/openssl.cnf -@@ -103,7 +103,7 @@ emailAddress = optional - - #################################################################### - [ req ] --default_bits = 1024 -+default_bits = 2048 - default_keyfile = privkey.pem - distinguished_name = req_distinguished_name - attributes = req_attributes -diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c -index 5af76eade59a..0a7520221690 100644 ---- a/crypto/dsa/dsa_ameth.c -+++ b/crypto/dsa/dsa_ameth.c -@@ -634,7 +634,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) - #endif - - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: -- *(int *)arg2 = NID_sha1; -+ *(int *)arg2 = NID_sha256; - return 2; - - default: -diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c -index 11283769b939..6b24725db608 100644 ---- a/crypto/ec/ec_ameth.c -+++ b/crypto/ec/ec_ameth.c -@@ -618,7 +618,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) - #endif - - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: -- *(int *)arg2 = NID_sha1; -+ *(int *)arg2 = NID_sha256; - return 2; - - default: -diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c -index e03f24aedab9..9fe6505bd5a0 100644 ---- a/crypto/hmac/hm_ameth.c -+++ b/crypto/hmac/hm_ameth.c -@@ -89,7 +89,7 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) - switch (op) - { - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: -- *(int *)arg2 = NID_sha1; -+ *(int *)arg2 = NID_sha256; - return 1; - - default: -diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c -index 4c8ecd9233e1..92cc15c2c730 100644 ---- a/crypto/rsa/rsa_ameth.c -+++ b/crypto/rsa/rsa_ameth.c -@@ -435,7 +435,7 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2) - #endif - - case ASN1_PKEY_CTRL_DEFAULT_MD_NID: -- *(int *)arg2 = NID_sha1; -+ *(int *)arg2 = NID_sha256; - return 1; - - default: diff --git a/patches/openssl-1.0.1k/0014-openssl_fix_for_x32.patch b/patches/openssl-1.0.1k/0014-openssl_fix_for_x32.patch deleted file mode 100644 index 8767f37..0000000 --- a/patches/openssl-1.0.1k/0014-openssl_fix_for_x32.patch +++ /dev/null @@ -1,50 +0,0 @@ -From: Michael Olbrich -Date: Sat, 10 Jan 2015 09:16:02 +0100 -Subject: [PATCH] openssl_fix_for_x32 - -Imported from openssl_1.0.1k-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/bn/asm/x86_64-gcc.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - -diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c -index 2d39407f499e..84b6a5b2f92d 100644 ---- a/crypto/bn/asm/x86_64-gcc.c -+++ b/crypto/bn/asm/x86_64-gcc.c -@@ -55,7 +55,7 @@ - * machine. - */ - --#ifdef _WIN64 -+#if defined _WIN64 || !defined __LP64__ - #define BN_ULONG unsigned long long - #else - #define BN_ULONG unsigned long -@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int - asm volatile ( - " subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " adcq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " adcq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" -@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int - asm volatile ( - " subq %2,%2 \n" - ".p2align 4 \n" -- "1: movq (%4,%2,8),%0 \n" -- " sbbq (%5,%2,8),%0 \n" -- " movq %0,(%3,%2,8) \n" -+ "1: movq (%q4,%2,8),%0 \n" -+ " sbbq (%q5,%2,8),%0 \n" -+ " movq %0,(%q3,%2,8) \n" - " leaq 1(%2),%2 \n" - " loop 1b \n" - " sbbq %0,%0 \n" diff --git a/patches/openssl-1.0.1k/0001-ca.patch b/patches/openssl-1.0.2/0001-ca.patch similarity index 77% rename from patches/openssl-1.0.1k/0001-ca.patch rename to patches/openssl-1.0.2/0001-ca.patch index 471b5ba..b6d7fb8 100644 --- a/patches/openssl-1.0.1k/0001-ca.patch +++ b/patches/openssl-1.0.2/0001-ca.patch @@ -1,16 +1,16 @@ -From: Michael Olbrich -Date: Sat, 10 Jan 2015 09:16:02 +0100 +From: Bruno Thomsen +Date: Mon, 23 Feb 2015 16:13:40 +0100 Subject: [PATCH] ca -Imported from openssl_1.0.1k-1.debian.tar.xz +Imported from openssl_1.0.2-1.debian.tar.xz -Signed-off-by: Michael Olbrich +Signed-off-by: Bruno Thomsen --- apps/CA.pl.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/CA.pl.in b/apps/CA.pl.in -index c783a6e6a541..fa665b7b385f 100644 +index c783a6e..fa665b7 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -65,6 +65,7 @@ $RET = 0; diff --git a/patches/openssl-1.0.1k/0002-debian-targets.patch b/patches/openssl-1.0.2/0002-debian-targets.patch similarity index 92% rename from patches/openssl-1.0.1k/0002-debian-targets.patch rename to patches/openssl-1.0.2/0002-debian-targets.patch index ee09c1d..339bb49 100644 --- a/patches/openssl-1.0.1k/0002-debian-targets.patch +++ b/patches/openssl-1.0.2/0002-debian-targets.patch @@ -1,21 +1,21 @@ -From: Michael Olbrich -Date: Sat, 10 Jan 2015 09:16:02 +0100 +From: Bruno Thomsen +Date: Mon, 23 Feb 2015 16:13:40 +0100 Subject: [PATCH] debian-targets -Imported from openssl_1.0.1k-1.debian.tar.xz +Imported from openssl_1.0.2-1.debian.tar.xz -Signed-off-by: Michael Olbrich +Signed-off-by: Bruno Thomsen --- Configure | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) diff --git a/Configure b/Configure -index 541be9ec57d8..2f816a300f10 100755 +index 3cf4a7a..9728692 100755 --- a/Configure +++ b/Configure -@@ -105,6 +105,10 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [experimenta +@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare - my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED"; + my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum"; +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; @@ -24,7 +24,7 @@ index 541be9ec57d8..2f816a300f10 100755 my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; -@@ -340,6 +344,55 @@ my %table=( +@@ -343,6 +347,55 @@ my %table=( "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", diff --git a/patches/openssl-1.0.1k/0003-engines-path.patch b/patches/openssl-1.0.2/0003-engines-path.patch similarity index 77% rename from patches/openssl-1.0.1k/0003-engines-path.patch rename to patches/openssl-1.0.2/0003-engines-path.patch index fe651c7..2d3b29e 100644 --- a/patches/openssl-1.0.1k/0003-engines-path.patch +++ b/patches/openssl-1.0.2/0003-engines-path.patch @@ -1,22 +1,22 @@ -From: Michael Olbrich -Date: Sat, 10 Jan 2015 09:16:02 +0100 +From: Bruno Thomsen +Date: Mon, 23 Feb 2015 16:13:40 +0100 Subject: [PATCH] engines-path -Imported from openssl_1.0.1k-1.debian.tar.xz +Imported from openssl_1.0.2-1.debian.tar.xz -Signed-off-by: Michael Olbrich +Signed-off-by: Bruno Thomsen --- Configure | 2 +- Makefile.org | 2 +- engines/Makefile | 10 +++++----- - engines/ccgost/Makefile | 6 +++--- - 4 files changed, 10 insertions(+), 10 deletions(-) + engines/ccgost/Makefile | 8 ++++---- + 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Configure b/Configure -index 2f816a300f10..c6b4b86c0764 100755 +index 9728692..17005e6 100755 --- a/Configure +++ b/Configure -@@ -1866,7 +1866,7 @@ while () +@@ -1924,7 +1924,7 @@ while () } elsif (/^#define\s+ENGINESDIR/) { @@ -26,10 +26,10 @@ index 2f816a300f10..c6b4b86c0764 100755 print OUT "#define ENGINESDIR \"$foo\"\n"; } diff --git a/Makefile.org b/Makefile.org -index c92806f9201f..5117a0ef9c0b 100644 +index b7a3f96..5ae0d32 100644 --- a/Makefile.org +++ b/Makefile.org -@@ -543,7 +543,7 @@ install: all install_docs install_sw +@@ -541,7 +541,7 @@ install: all install_docs install_sw install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ @@ -39,10 +39,10 @@ index c92806f9201f..5117a0ef9c0b 100644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ diff --git a/engines/Makefile b/engines/Makefile -index 2fa9534401b1..58e028131786 100644 +index da6c875..8c925f4 100644 --- a/engines/Makefile +++ b/engines/Makefile -@@ -107,7 +107,7 @@ install: +@@ -107,13 +107,13 @@ install: @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... @if [ -n "$(SHARED_LIBS)" ]; then \ set -e; \ @@ -51,16 +51,19 @@ index 2fa9534401b1..58e028131786 100644 for l in $(LIBNAMES); do \ ( echo installing $$l; \ pfx=lib; \ -@@ -119,13 +119,13 @@ install: + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + sfx=".so"; \ +- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ + else \ + case "$(CFLAGS)" in \ + *DSO_BEOS*) sfx=".so";; \ +@@ -122,10 +122,10 @@ install: *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ esac; \ - cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ + cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ - else \ - sfx=".so"; \ -- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \ fi; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ @@ -70,18 +73,24 @@ index 2fa9534401b1..58e028131786 100644 fi @target=install; $(RECURSIVE_MAKE) diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile -index d661c1082851..3e593b1e3e03 100644 +index 2f36580..c3efd8b 100644 --- a/engines/ccgost/Makefile +++ b/engines/ccgost/Makefile -@@ -53,13 +53,13 @@ install: +@@ -47,7 +47,7 @@ install: + pfx=lib; \ + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + sfx=".so"; \ +- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + else \ + case "$(CFLAGS)" in \ + *DSO_BEOS*) sfx=".so";; \ +@@ -56,10 +56,10 @@ install: *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ *) sfx=".bad";; \ esac; \ - cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - else \ - sfx=".so"; \ - cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ fi; \ - chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ diff --git a/patches/openssl-1.0.1k/0004-no-rpath.patch b/patches/openssl-1.0.2/0004-no-rpath.patch similarity index 73% rename from patches/openssl-1.0.1k/0004-no-rpath.patch rename to patches/openssl-1.0.2/0004-no-rpath.patch index a48ef65..b618f5d 100644 --- a/patches/openssl-1.0.1k/0004-no-rpath.patch +++ b/patches/openssl-1.0.2/0004-no-rpath.patch @@ -1,16 +1,16 @@ -From: Michael Olbrich -Date: Sat, 10 Jan 2015 09:16:02 +0100 +From: Bruno Thomsen +Date: Mon, 23 Feb 2015 16:13:40 +0100 Subject: [PATCH] no-rpath -Imported from openssl_1.0.1k-1.debian.tar.xz +Imported from openssl_1.0.2-1.debian.tar.xz -Signed-off-by: Michael Olbrich +Signed-off-by: Bruno Thomsen --- Makefile.shared | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.shared b/Makefile.shared -index e753f44e18fd..6e3f886980bf 100644 +index e753f44..6e3f886 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ diff --git a/patches/openssl-1.0.1k/0005-no-symbolic.patch b/patches/openssl-1.0.2/0005-no-symbolic.patch similarity index 72% rename from patches/openssl-1.0.1k/0005-no-symbolic.patch rename to patches/openssl-1.0.2/0005-no-symbolic.patch index 42df2e5..e3b7a7c 100644 --- a/patches/openssl-1.0.1k/0005-no-symbolic.patch +++ b/patches/openssl-1.0.2/0005-no-symbolic.patch @@ -1,16 +1,16 @@ -From: Michael Olbrich -Date: Sat, 10 Jan 2015 09:16:02 +0100 +From: Bruno Thomsen +Date: Mon, 23 Feb 2015 16:13:40 +0100 Subject: [PATCH] no-symbolic -Imported from openssl_1.0.1k-1.debian.tar.xz +Imported from openssl_1.0.2-1.debian.tar.xz -Signed-off-by: Michael Olbrich +Signed-off-by: Bruno Thomsen --- Makefile.shared | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile.shared b/Makefile.shared -index 6e3f886980bf..44e3d9c48440 100644 +index 6e3f886..44e3d9c 100644 --- a/Makefile.shared +++ b/Makefile.shared @@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ diff --git a/patches/openssl-1.0.1k/0006-pic.patch b/patches/openssl-1.0.2/0006-pic.patch similarity index 89% rename from patches/openssl-1.0.1k/0006-pic.patch rename to patches/openssl-1.0.2/0006-pic.patch index 20b1b68..ef7a08b 100644 --- a/patches/openssl-1.0.1k/0006-pic.patch +++ b/patches/openssl-1.0.2/0006-pic.patch @@ -1,10 +1,10 @@ -From: Michael Olbrich -Date: Sat, 10 Jan 2015 09:16:02 +0100 +From: Bruno Thomsen +Date: Mon, 23 Feb 2015 16:13:40 +0100 Subject: [PATCH] pic -Imported from openssl_1.0.1k-1.debian.tar.xz +Imported from openssl_1.0.2-1.debian.tar.xz -Signed-off-by: Michael Olbrich +Signed-off-by: Bruno Thomsen --- crypto/des/asm/desboth.pl | 17 ++++++++++++++--- crypto/perlasm/cbc.pl | 24 ++++++++++++++++++++---- @@ -13,7 +13,7 @@ Signed-off-by: Michael Olbrich 4 files changed, 55 insertions(+), 12 deletions(-) diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl -index eec00886e4c6..ab6f52452bf3 100644 +index eec0088..ab6f524 100644 --- a/crypto/des/asm/desboth.pl +++ b/crypto/des/asm/desboth.pl @@ -16,6 +16,11 @@ sub DES_encrypt3 @@ -54,7 +54,7 @@ index eec00886e4c6..ab6f52452bf3 100644 &stack_pop(3); &mov($L,&DWP(0,"ebx","",0)); diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl -index 24561e759aba..269fb0b0c69f 100644 +index 24561e7..269fb0b 100644 --- a/crypto/perlasm/cbc.pl +++ b/crypto/perlasm/cbc.pl @@ -122,7 +122,11 @@ sub cbc @@ -110,10 +110,10 @@ index 24561e759aba..269fb0b0c69f 100644 &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl -index 682a3a3163e2..9d4662cb9624 100644 +index 63b2301..176b04d 100644 --- a/crypto/perlasm/x86gas.pl +++ b/crypto/perlasm/x86gas.pl -@@ -161,6 +161,7 @@ sub ::file_end +@@ -163,6 +163,7 @@ sub ::file_end if ($::macosx) { push (@out,"$tmp,2\n"); } elsif ($::elf) { push (@out,"$tmp,4\n"); } else { push (@out,"$tmp\n"); } @@ -121,7 +121,7 @@ index 682a3a3163e2..9d4662cb9624 100644 } push(@out,$initseg) if ($initseg); } -@@ -218,8 +219,23 @@ ___ +@@ -221,8 +222,23 @@ ___ elsif ($::elf) { $initseg.=<<___; .section .init @@ -146,7 +146,7 @@ index 682a3a3163e2..9d4662cb9624 100644 elsif ($::coff) { $initseg.=<<___; # applies to both Cygwin and Mingw diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl -index b270b44337d1..c01ba8383401 100644 +index e95f627..6e8329d 100644 --- a/crypto/x86cpuid.pl +++ b/crypto/x86cpuid.pl @@ -8,6 +8,8 @@ require "x86asm.pl"; @@ -158,7 +158,7 @@ index b270b44337d1..c01ba8383401 100644 &function_begin("OPENSSL_ia32_cpuid"); &xor ("edx","edx"); &pushf (); -@@ -141,9 +143,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +@@ -155,9 +157,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &set_label("nocpuid"); &function_end("OPENSSL_ia32_cpuid"); @@ -169,7 +169,7 @@ index b270b44337d1..c01ba8383401 100644 &xor ("eax","eax"); &xor ("edx","edx"); &picmeup("ecx","OPENSSL_ia32cap_P"); -@@ -157,7 +157,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +@@ -171,7 +171,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], # but it's safe to call it on any [supported] 32-bit platform... # Just check for [non-]zero return value... @@ -178,7 +178,7 @@ index b270b44337d1..c01ba8383401 100644 &picmeup("ecx","OPENSSL_ia32cap_P"); &bt (&DWP(0,"ecx"),4); &jnc (&label("nohalt")); # no TSC -@@ -224,7 +224,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +@@ -238,7 +238,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &ret (); &function_end_B("OPENSSL_far_spin"); diff --git a/patches/openssl-1.0.2/0007-valgrind.patch b/patches/openssl-1.0.2/0007-valgrind.patch new file mode 100644 index 0000000..41f0faa --- /dev/null +++ b/patches/openssl-1.0.2/0007-valgrind.patch @@ -0,0 +1,31 @@ +From: Bruno Thomsen +Date: Mon, 23 Feb 2015 16:13:40 +0100 +Subject: [PATCH] valgrind + +Imported from openssl_1.0.2-1.debian.tar.xz + +Signed-off-by: Bruno Thomsen +--- + crypto/rand/md_rand.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c +index 5c13d57..9e0064e 100644 +--- a/crypto/rand/md_rand.c ++++ b/crypto/rand/md_rand.c +@@ -480,6 +480,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) + MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); + + #ifndef PURIFY /* purify complains */ ++#if 0 + /* + * The following line uses the supplied buffer as a small source of + * entropy: since this buffer is often uninitialised it may cause +@@ -489,6 +490,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) + */ + MD_Update(&m, buf, j); + #endif ++#endif + + k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; + if (k > 0) { diff --git a/patches/openssl-1.0.1k/0009-shared-lib-ext.patch b/patches/openssl-1.0.2/0008-shared-lib-ext.patch similarity index 70% rename from patches/openssl-1.0.1k/0009-shared-lib-ext.patch rename to patches/openssl-1.0.2/0008-shared-lib-ext.patch index e7c8a22..f46bdfc 100644 --- a/patches/openssl-1.0.1k/0009-shared-lib-ext.patch +++ b/patches/openssl-1.0.2/0008-shared-lib-ext.patch @@ -1,19 +1,19 @@ -From: Michael Olbrich -Date: Sat, 10 Jan 2015 09:16:02 +0100 +From: Bruno Thomsen +Date: Mon, 23 Feb 2015 16:13:40 +0100 Subject: [PATCH] shared-lib-ext -Imported from openssl_1.0.1k-1.debian.tar.xz +Imported from openssl_1.0.2-1.debian.tar.xz -Signed-off-by: Michael Olbrich +Signed-off-by: Bruno Thomsen --- Configure | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Configure b/Configure -index c6b4b86c0764..22d307c1fbbd 100755 +index 17005e6..5ef34d9 100755 --- a/Configure +++ b/Configure -@@ -1733,7 +1733,8 @@ while () +@@ -1790,7 +1790,8 @@ while () elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) { my $sotmp = $1; diff --git a/patches/openssl-1.0.2/0009-libdoc-manpgs-pod-spell.patch b/patches/openssl-1.0.2/0009-libdoc-manpgs-pod-spell.patch new file mode 100644 index 0000000..25f6ab9 --- /dev/null +++ b/patches/openssl-1.0.2/0009-libdoc-manpgs-pod-spell.patch @@ -0,0 +1,24 @@ +From: Bruno Thomsen +Date: Mon, 23 Feb 2015 16:13:40 +0100 +Subject: [PATCH] libdoc-manpgs-pod-spell + +Imported from openssl_1.0.2-1.debian.tar.xz + +Signed-off-by: Bruno Thomsen +--- + doc/crypto/EVP_PKEY_cmp.pod | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/crypto/EVP_PKEY_cmp.pod b/doc/crypto/EVP_PKEY_cmp.pod +index 0ff027c..94fcf66 100644 +--- a/doc/crypto/EVP_PKEY_cmp.pod ++++ b/doc/crypto/EVP_PKEY_cmp.pod +@@ -26,7 +26,7 @@ B to key B. + The function EVP_PKEY_cmp_parameters() compares the parameters of keys + B and B. + +-The function EVP_PKEY_cmp() compares the public key components and paramters ++The function EVP_PKEY_cmp() compares the public key components and parameters + (if present) of keys B and B. + + =head1 NOTES diff --git a/patches/openssl-1.0.2/0010-openssl-pod-misspell.patch b/patches/openssl-1.0.2/0010-openssl-pod-misspell.patch new file mode 100644 index 0000000..7778245 --- /dev/null +++ b/patches/openssl-1.0.2/0010-openssl-pod-misspell.patch @@ -0,0 +1,52 @@ +From: Bruno Thomsen +Date: Mon, 23 Feb 2015 16:13:40 +0100 +Subject: [PATCH] openssl-pod-misspell + +Imported from openssl_1.0.2-1.debian.tar.xz + +Signed-off-by: Bruno Thomsen +--- + apps/ca.c | 2 +- + crypto/evp/encode.c | 2 +- + doc/apps/req.pod | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/apps/ca.c b/apps/ca.c +index f0a19cf..b591324 100644 +--- a/apps/ca.c ++++ b/apps/ca.c +@@ -148,7 +148,7 @@ + static const char *ca_usage[] = { + "usage: ca args\n", + "\n", +- " -verbose - Talk alot while doing things\n", ++ " -verbose - Talk a lot while doing things\n", + " -config file - A config file\n", + " -name arg - The particular CA definition to use\n", + " -gencrl - Generate a new CRL\n", +diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c +index d1d8a07..53cc586 100644 +--- a/crypto/evp/encode.c ++++ b/crypto/evp/encode.c +@@ -248,7 +248,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, + + /* We parse the input data */ + for (i = 0; i < inl; i++) { +- /* If the current line is > 80 characters, scream alot */ ++ /* If the current line is > 80 characters, scream a lot */ + if (ln >= 80) { + rv = -1; + goto end; +diff --git a/doc/apps/req.pod b/doc/apps/req.pod +index df68cb0..4e39faf 100644 +--- a/doc/apps/req.pod ++++ b/doc/apps/req.pod +@@ -159,7 +159,7 @@ B generates a key using the parameter file or certificate B, + the algorithm is determined by the parameters. B use algorithm + B and parameter file B: the two algorithms must match or an + error occurs. B just uses algorithm B, and parameters, +-if neccessary should be specified via B<-pkeyopt> parameter. ++if necessary should be specified via B<-pkeyopt> parameter. + + B generates a DSA key using the parameters + in the file B. B generates EC key (usable both with diff --git a/patches/openssl-1.0.1k/0011-block_diginotar.patch b/patches/openssl-1.0.2/0011-block_diginotar.patch similarity index 65% rename from patches/openssl-1.0.1k/0011-block_diginotar.patch rename to patches/openssl-1.0.2/0011-block_diginotar.patch index f4cac1a..a4e19f4 100644 --- a/patches/openssl-1.0.1k/0011-block_diginotar.patch +++ b/patches/openssl-1.0.2/0011-block_diginotar.patch @@ -1,42 +1,42 @@ From: Raphael Geissert -Date: Sat, 10 Jan 2015 09:16:02 +0100 +Date: Mon, 23 Feb 2015 16:13:40 +0100 Subject: [PATCH] block_diginotar This is not meant as final patch. -Imported from openssl_1.0.1k-1.debian.tar.xz +Imported from openssl_1.0.2-1.debian.tar.xz -Signed-off-by: Michael Olbrich +Signed-off-by: Bruno Thomsen --- crypto/x509/x509_vfy.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 920066aeba3b..5b1a0aa054be 100644 +index 1196a2a..ebb8443 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c -@@ -117,6 +117,7 @@ static int check_trust(X509_STORE_CTX *ctx); +@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *ctx); static int check_revocation(X509_STORE_CTX *ctx); static int check_cert(X509_STORE_CTX *ctx); static int check_policy(X509_STORE_CTX *ctx); +static int check_ca_blacklist(X509_STORE_CTX *ctx); static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, - unsigned int *preasons, -@@ -369,6 +370,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx) - ok=internal_verify(ctx); - if(!ok) goto end; + unsigned int *preasons, X509_CRL *crl, X509 *x); +@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + if (!ok) + goto end; + ok = check_ca_blacklist(ctx); + if(!ok) goto end; + #ifndef OPENSSL_NO_RFC3779 - /* RFC 3779 path validation, now that CRL check has been done */ - ok = v3_asid_validate_path(ctx); -@@ -827,6 +831,29 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) - return 1; - } + /* RFC 3779 path validation, now that CRL check has been done */ + ok = v3_asid_validate_path(ctx); +@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) + return 1; + } +static int check_ca_blacklist(X509_STORE_CTX *ctx) + { @@ -62,5 +62,5 @@ index 920066aeba3b..5b1a0aa054be 100644 + } + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, - X509 **pissuer, int *pscore, unsigned int *preasons, - STACK_OF(X509_CRL) *crls) + X509 **pissuer, int *pscore, unsigned int *preasons, + STACK_OF(X509_CRL) *crls) diff --git a/patches/openssl-1.0.1k/0012-block_digicert_malaysia.patch b/patches/openssl-1.0.2/0012-block_digicert_malaysia.patch similarity index 77% rename from patches/openssl-1.0.1k/0012-block_digicert_malaysia.patch rename to patches/openssl-1.0.2/0012-block_digicert_malaysia.patch index 7782c2e..33dac2f 100644 --- a/patches/openssl-1.0.1k/0012-block_digicert_malaysia.patch +++ b/patches/openssl-1.0.2/0012-block_digicert_malaysia.patch @@ -1,19 +1,19 @@ From: Raphael Geissert -Date: Sat, 10 Jan 2015 09:16:02 +0100 +Date: Mon, 23 Feb 2015 16:13:40 +0100 Subject: [PATCH] block_digicert_malaysia -Imported from openssl_1.0.1k-1.debian.tar.xz +Imported from openssl_1.0.2-1.debian.tar.xz -Signed-off-by: Michael Olbrich +Signed-off-by: Bruno Thomsen --- crypto/x509/x509_vfy.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 5b1a0aa054be..696f8d63a5b1 100644 +index ebb8443..bf91023 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c -@@ -839,10 +839,11 @@ static int check_ca_blacklist(X509_STORE_CTX *ctx) +@@ -950,10 +950,11 @@ static int check_ca_blacklist(X509_STORE_CTX *ctx) for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { x = sk_X509_value(ctx->chain, i); diff --git a/patches/openssl-1.0.2/0013-Disable-the-freelist.patch b/patches/openssl-1.0.2/0013-Disable-the-freelist.patch new file mode 100644 index 0000000..3125219 --- /dev/null +++ b/patches/openssl-1.0.2/0013-Disable-the-freelist.patch @@ -0,0 +1,42 @@ +From: Kurt Roeckx +Date: Mon, 23 Feb 2015 16:13:40 +0100 +Subject: [PATCH] Disable the freelist + +We don't define OPENSSL_NO_BUF_FREELISTS globally sinc it changes structures and +would break the ABI. Instead we just do it in the .c files that try to do +something with it. + + +Imported from openssl_1.0.2-1.debian.tar.xz + +Signed-off-by: Bruno Thomsen +--- + ssl/s3_both.c | 1 + + ssl/ssl_lib.c | 2 ++ + 2 files changed, 3 insertions(+) + +diff --git a/ssl/s3_both.c b/ssl/s3_both.c +index c92fd72..8982350 100644 +--- a/ssl/s3_both.c ++++ b/ssl/s3_both.c +@@ -573,6 +573,7 @@ int ssl_verify_alarm_type(long type) + return (al); + } + ++#define OPENSSL_NO_BUF_FREELISTS + #ifndef OPENSSL_NO_BUF_FREELISTS + /*- + * On some platforms, malloc() performance is bad enough that you can't just +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index e9ad2bc..7b96d16 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -162,6 +162,8 @@ + + const char *SSL_version_str = OPENSSL_VERSION_TEXT; + ++#define OPENSSL_NO_BUF_FREELISTS ++ + SSL3_ENC_METHOD ssl3_undef_enc_method = { + /* + * evil casts, but these functions are only called if there's a library diff --git a/patches/openssl-1.0.1k/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch b/patches/openssl-1.0.2/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch similarity index 100% rename from patches/openssl-1.0.1k/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch rename to patches/openssl-1.0.2/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch diff --git a/patches/openssl-1.0.1k/series b/patches/openssl-1.0.2/series similarity index 65% rename from patches/openssl-1.0.1k/series rename to patches/openssl-1.0.2/series index ad425bb..4c854a7 100644 --- a/patches/openssl-1.0.1k/series +++ b/patches/openssl-1.0.2/series @@ -8,13 +8,12 @@ 0005-no-symbolic.patch 0006-pic.patch 0007-valgrind.patch -0008-rehash-crt.patch -0009-shared-lib-ext.patch -0010-stddef.patch +0008-shared-lib-ext.patch +0009-libdoc-manpgs-pod-spell.patch +0010-openssl-pod-misspell.patch 0011-block_diginotar.patch 0012-block_digicert_malaysia.patch -0013-Change-default-bit-size-and-digest.patch -0014-openssl_fix_for_x32.patch +0013-Disable-the-freelist.patch #tag:ptx --start-number 100 0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch -# b3f0cb7915424a88c4a3ff5ca4461972 - git-ptx-patches magic +# b0bd257b376012012639ef11fe1b30f0 - git-ptx-patches magic diff --git a/rules/openssl.make b/rules/openssl.make index 71cab77..573ddf6 100644 --- a/rules/openssl.make +++ b/rules/openssl.make @@ -18,8 +18,8 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl # # Paths and names # -OPENSSL_VERSION := 1.0.1k -OPENSSL_MD5 := d4f002bd22a56881340105028842ae1f +OPENSSL_VERSION := 1.0.2 +OPENSSL_MD5 := 38373013fc85c790aabf8837969c5eba OPENSSL := openssl-$(OPENSSL_VERSION) OPENSSL_SUFFIX := tar.gz OPENSSL_URL := http://www.openssl.org/source/$(OPENSSL).$(OPENSSL_SUFFIX) -- 1.9.1 -- ptxdist mailing list ptxdist@pengutronix.de