* [ptxdist] [PATCHv2] openssl: version bump to 1.1.1a
@ 2019-01-09 14:13 Oliver Graute
0 siblings, 0 replies; only message in thread
From: Oliver Graute @ 2019-01-09 14:13 UTC (permalink / raw)
To: ptxdist; +Cc: Oliver Graute
this patch bump openssl to LTS version 1.1.1a
Signed-off-by: Oliver Graute <oliver.graute@neuhaus.de>
---
changes in v2:
- use the patches from http://deb.debian.org/debian/pool/main/o/openssl/openssl_1.1.1a-1.debian.tar.xz
- removed the old 1.02q patchset
patches/openssl-1.0.2q/0001-debian-targets.patch | 85 ----
patches/openssl-1.0.2q/0002-no-rpath.patch | 24 --
patches/openssl-1.0.2q/0003-pic.patch | 189 ---------
patches/openssl-1.0.2q/0004-valgrind.patch | 31 --
patches/openssl-1.0.2q/0005-shared-lib-ext.patch | 25 --
patches/openssl-1.0.2q/0006-block_diginotar.patch | 74 ----
.../0007-block_digicert_malaysia.patch | 36 --
.../openssl-1.0.2q/0008-Disable-the-freelist.patch | 41 --
.../0009-Mark-3DES-and-RC4-ciphers-as-weak.patch | 429 ---------------------
...-don-t-ask-dpkg-buildflags-for-more-flags.patch | 22 --
.../0101-fix-parallel-building.patch | 108 ------
patches/openssl-1.0.2q/series | 16 -
patches/openssl-1.1.1a/0001-debian-targets.patch | 207 ++++++++++
patches/openssl-1.1.1a/0002-man-section.patch | 54 +++
patches/openssl-1.1.1a/0003-no-symbolic.patch | 21 +
patches/openssl-1.1.1a/0004-pic.patch | 186 +++++++++
patches/openssl-1.1.1a/0005-c_rehash-compat.patch | 72 ++++
...temwide-default-settings-for-libssl-users.patch | 42 ++
patches/openssl-1.1.1a/series | 6 +
rules/openssl.make | 10 +-
20 files changed, 593 insertions(+), 1085 deletions(-)
delete mode 100644 patches/openssl-1.0.2q/0001-debian-targets.patch
delete mode 100644 patches/openssl-1.0.2q/0002-no-rpath.patch
delete mode 100644 patches/openssl-1.0.2q/0003-pic.patch
delete mode 100644 patches/openssl-1.0.2q/0004-valgrind.patch
delete mode 100644 patches/openssl-1.0.2q/0005-shared-lib-ext.patch
delete mode 100644 patches/openssl-1.0.2q/0006-block_diginotar.patch
delete mode 100644 patches/openssl-1.0.2q/0007-block_digicert_malaysia.patch
delete mode 100644 patches/openssl-1.0.2q/0008-Disable-the-freelist.patch
delete mode 100644 patches/openssl-1.0.2q/0009-Mark-3DES-and-RC4-ciphers-as-weak.patch
delete mode 100644 patches/openssl-1.0.2q/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
delete mode 100644 patches/openssl-1.0.2q/0101-fix-parallel-building.patch
delete mode 100644 patches/openssl-1.0.2q/series
create mode 100644 patches/openssl-1.1.1a/0001-debian-targets.patch
create mode 100644 patches/openssl-1.1.1a/0002-man-section.patch
create mode 100644 patches/openssl-1.1.1a/0003-no-symbolic.patch
create mode 100644 patches/openssl-1.1.1a/0004-pic.patch
create mode 100644 patches/openssl-1.1.1a/0005-c_rehash-compat.patch
create mode 100644 patches/openssl-1.1.1a/0006-Set-systemwide-default-settings-for-libssl-users.patch
create mode 100644 patches/openssl-1.1.1a/series
diff --git a/patches/openssl-1.0.2q/0001-debian-targets.patch b/patches/openssl-1.0.2q/0001-debian-targets.patch
deleted file mode 100644
index ca9b1e4..0000000
--- a/patches/openssl-1.0.2q/0001-debian-targets.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
-Date: Tue, 12 Dec 2017 23:35:23 +0100
-Subject: [PATCH] debian-targets
-
-Imported from openssl1.0_1.0.2q-2.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- Configure | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 56 insertions(+)
-
-diff --git a/Configure b/Configure
-index c7066dc97c58..79b7d5c90d8e 100755
---- a/Configure
-+++ b/Configure
-@@ -133,6 +133,10 @@ my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers
- # Warn that "make depend" should be run?
- my $warn_make_depend = 0;
-
-+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
-+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
-+$debian_cflags =~ s/\n/ /g;
-+
- my $strict_warnings = 0;
-
- my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -369,6 +373,58 @@ my %table=(
- "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
- "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
-
-+# Debian GNU/* (various architectures)
-+"debian-alpha","gcc:${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-alpha-ev4","gcc:${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-alpha-ev5","gcc:${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-arm64","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-arm64ilp32","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armel","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armhf","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-amd64", "gcc:-m64 -DL_ENDIAN ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
-+"debian-avr32", "gcc:-DB_ENDIAN ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-kfreebsd-i386","gcc:-DL_ENDIAN ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-hppa","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-hurd-i386","gcc:-DL_ENDIAN -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ia64","gcc:${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i486","gcc:-DL_ENDIAN ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i586","gcc:-DL_ENDIAN ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i686/cmov","gcc:-DL_ENDIAN ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-m68k","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsel", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsn32", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsn32el", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips64", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips64el", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-i386", "gcc:-DL_ENDIAN ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-m68k", "gcc:-DB_ENDIAN ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-sparc", "gcc:-DB_ENDIAN ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-nios2", "gcc:-DB_ENDIAN ${debian_cflags}::(unknown)::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-alpha","gcc:${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-i386", "gcc:-DL_ENDIAN ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-or1k", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-powerpc","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-powerpcspe","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ppc64","gcc:-m64 -DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ppc64el","gcc:-m64 -DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-riscv64","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-s390","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-s390x","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh3", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh4", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh3eb", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh4eb", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-m32r","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc-v8","gcc:-DB_ENDIAN ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc-v9","gcc:-DB_ENDIAN ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc64","gcc:-m64 -DB_ENDIAN ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-x32","gcc:-mx32 -DL_ENDIAN ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
-+
- ####
- #### Variety of LINUX:-)
- ####
diff --git a/patches/openssl-1.0.2q/0002-no-rpath.patch b/patches/openssl-1.0.2q/0002-no-rpath.patch
deleted file mode 100644
index 231ee8b..0000000
--- a/patches/openssl-1.0.2q/0002-no-rpath.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
-Date: Tue, 12 Dec 2017 23:35:23 +0100
-Subject: [PATCH] no-rpath
-
-Imported from openssl1.0_1.0.2q-2.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- Makefile.shared | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.shared b/Makefile.shared
-index e8d222ac6a00..f68d6ff877ac 100644
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-
--DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
-
- #This is rather special. It's a special target with which one can link
- #applications without bothering with any features that have anything to
diff --git a/patches/openssl-1.0.2q/0003-pic.patch b/patches/openssl-1.0.2q/0003-pic.patch
deleted file mode 100644
index c03a319..0000000
--- a/patches/openssl-1.0.2q/0003-pic.patch
+++ /dev/null
@@ -1,189 +0,0 @@
-From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
-Date: Tue, 12 Dec 2017 23:35:24 +0100
-Subject: [PATCH] pic
-
-Imported from openssl1.0_1.0.2q-2.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- crypto/des/asm/desboth.pl | 17 ++++++++++++++---
- crypto/perlasm/cbc.pl | 24 ++++++++++++++++++++----
- crypto/perlasm/x86gas.pl | 16 ++++++++++++++++
- crypto/x86cpuid.pl | 10 +++++-----
- 4 files changed, 55 insertions(+), 12 deletions(-)
-
-diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl
-index eec00886e4c6..ab6f52452bf3 100644
---- a/crypto/des/asm/desboth.pl
-+++ b/crypto/des/asm/desboth.pl
-@@ -16,6 +16,11 @@ sub DES_encrypt3
-
- &push("edi");
-
-+ &call (&label("pic_point0"));
-+ &set_label("pic_point0");
-+ &blindpop("ebp");
-+ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
-+
- &comment("");
- &comment("Load the data words");
- &mov($L,&DWP(0,"ebx","",0));
-@@ -47,15 +52,21 @@ sub DES_encrypt3
- &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
- &mov(&swtmp(1), "eax");
- &mov(&swtmp(0), "ebx");
-- &call("DES_encrypt2");
-+ &exch("ebx", "ebp");
-+ &call("DES_encrypt2\@PLT");
-+ &exch("ebx", "ebp");
- &mov(&swtmp(2), (DWC(($enc)?"0":"1")));
- &mov(&swtmp(1), "edi");
- &mov(&swtmp(0), "ebx");
-- &call("DES_encrypt2");
-+ &exch("ebx", "ebp");
-+ &call("DES_encrypt2\@PLT");
-+ &exch("ebx", "ebp");
- &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
- &mov(&swtmp(1), "esi");
- &mov(&swtmp(0), "ebx");
-- &call("DES_encrypt2");
-+ &exch("ebx", "ebp");
-+ &call("DES_encrypt2\@PLT");
-+ &exch("ebx", "ebp");
-
- &stack_pop(3);
- &mov($L,&DWP(0,"ebx","",0));
-diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl
-index 24561e759aba..269fb0b0c69f 100644
---- a/crypto/perlasm/cbc.pl
-+++ b/crypto/perlasm/cbc.pl
-@@ -122,7 +122,11 @@ sub cbc
- &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
- &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
-
-- &call($enc_func);
-+ &call (&label("pic_point0"));
-+ &set_label("pic_point0");
-+ &blindpop("ebx");
-+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
-+ &call("$enc_func\@PLT");
-
- &mov("eax", &DWP($data_off,"esp","",0));
- &mov("ebx", &DWP($data_off+4,"esp","",0));
-@@ -185,7 +189,11 @@ sub cbc
- &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
- &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
-
-- &call($enc_func);
-+ &call (&label("pic_point1"));
-+ &set_label("pic_point1");
-+ &blindpop("ebx");
-+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
-+ &call("$enc_func\@PLT");
-
- &mov("eax", &DWP($data_off,"esp","",0));
- &mov("ebx", &DWP($data_off+4,"esp","",0));
-@@ -218,7 +226,11 @@ sub cbc
- &mov(&DWP($data_off,"esp","",0), "eax"); # put back
- &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
-
-- &call($dec_func);
-+ &call (&label("pic_point2"));
-+ &set_label("pic_point2");
-+ &blindpop("ebx");
-+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
-+ &call("$dec_func\@PLT");
-
- &mov("eax", &DWP($data_off,"esp","",0)); # get return
- &mov("ebx", &DWP($data_off+4,"esp","",0)); #
-@@ -261,7 +273,11 @@ sub cbc
- &mov(&DWP($data_off,"esp","",0), "eax"); # put back
- &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
-
-- &call($dec_func);
-+ &call (&label("pic_point3"));
-+ &set_label("pic_point3");
-+ &blindpop("ebx");
-+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
-+ &call("$dec_func\@PLT");
-
- &mov("eax", &DWP($data_off,"esp","",0)); # get return
- &mov("ebx", &DWP($data_off+4,"esp","",0)); #
-diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl
-index 63b2301fd1f0..176b04d24521 100644
---- a/crypto/perlasm/x86gas.pl
-+++ b/crypto/perlasm/x86gas.pl
-@@ -163,6 +163,7 @@ sub ::file_end
- if ($::macosx) { push (@out,"$tmp,2\n"); }
- elsif ($::elf) { push (@out,"$tmp,4\n"); }
- else { push (@out,"$tmp\n"); }
-+ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
- }
- push(@out,$initseg) if ($initseg);
- }
-@@ -221,8 +222,23 @@ ___
- elsif ($::elf)
- { $initseg.=<<___;
- .section .init
-+___
-+ if ($::pic)
-+ { $initseg.=<<___;
-+ pushl %ebx
-+ call .pic_point0
-+.pic_point0:
-+ popl %ebx
-+ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
-+ call $f\@PLT
-+ popl %ebx
-+___
-+ }
-+ else
-+ { $initseg.=<<___;
- call $f
- ___
-+ }
- }
- elsif ($::coff)
- { $initseg.=<<___; # applies to both Cygwin and Mingw
-diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
-index 90ed196c09cd..b49d1be8c38c 100644
---- a/crypto/x86cpuid.pl
-+++ b/crypto/x86cpuid.pl
-@@ -8,6 +8,8 @@ require "x86asm.pl";
-
- for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
-
-+push(@out, ".hidden OPENSSL_ia32cap_P\n");
-+
- &function_begin("OPENSSL_ia32_cpuid");
- &xor ("edx","edx");
- &pushf ();
-@@ -153,9 +155,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
- &set_label("nocpuid");
- &function_end("OPENSSL_ia32_cpuid");
-
--&external_label("OPENSSL_ia32cap_P");
--
--&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_rdtsc");
- &xor ("eax","eax");
- &xor ("edx","edx");
- &picmeup("ecx","OPENSSL_ia32cap_P");
-@@ -169,7 +169,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
- # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
- # but it's safe to call it on any [supported] 32-bit platform...
- # Just check for [non-]zero return value...
--&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_instrument_halt");
- &picmeup("ecx","OPENSSL_ia32cap_P");
- &bt (&DWP(0,"ecx"),4);
- &jnc (&label("nohalt")); # no TSC
-@@ -236,7 +236,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
- &ret ();
- &function_end_B("OPENSSL_far_spin");
-
--&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_wipe_cpu");
- &xor ("eax","eax");
- &xor ("edx","edx");
- &picmeup("ecx","OPENSSL_ia32cap_P");
diff --git a/patches/openssl-1.0.2q/0004-valgrind.patch b/patches/openssl-1.0.2q/0004-valgrind.patch
deleted file mode 100644
index e0f7ce7..0000000
--- a/patches/openssl-1.0.2q/0004-valgrind.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
-Date: Tue, 12 Dec 2017 23:35:24 +0100
-Subject: [PATCH] valgrind
-
-Imported from openssl1.0_1.0.2q-2.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- crypto/rand/md_rand.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
-index 2983a3fda487..a16cc804cc56 100644
---- a/crypto/rand/md_rand.c
-+++ b/crypto/rand/md_rand.c
-@@ -488,6 +488,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
- goto err;
-
- #ifndef PURIFY /* purify complains */
-+#if 0
- /*
- * The following line uses the supplied buffer as a small source of
- * entropy: since this buffer is often uninitialised it may cause
-@@ -497,6 +498,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock)
- */
- if (!MD_Update(&m, buf, j))
- goto err;
-+#endif
- #endif
-
- k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
diff --git a/patches/openssl-1.0.2q/0005-shared-lib-ext.patch b/patches/openssl-1.0.2q/0005-shared-lib-ext.patch
deleted file mode 100644
index a3c186d..0000000
--- a/patches/openssl-1.0.2q/0005-shared-lib-ext.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
-Date: Tue, 12 Dec 2017 23:35:24 +0100
-Subject: [PATCH] shared-lib-ext
-
-Imported from openssl1.0_1.0.2q-2.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- Configure | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/Configure b/Configure
-index 79b7d5c90d8e..97ce24d18a5c 100755
---- a/Configure
-+++ b/Configure
-@@ -1853,7 +1853,8 @@ while (<IN>)
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
- {
- my $sotmp = $1;
-- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
-+# s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
-+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
- }
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
- {
diff --git a/patches/openssl-1.0.2q/0006-block_diginotar.patch b/patches/openssl-1.0.2q/0006-block_diginotar.patch
deleted file mode 100644
index 95b8d6d..0000000
--- a/patches/openssl-1.0.2q/0006-block_diginotar.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From: Raphael Geissert <geissert@debian.org>
-Date: Tue, 12 Dec 2017 23:35:24 +0100
-Subject: [PATCH] block_diginotar
-
-Description: make X509_verify_cert indicate that any certificate whose
- name contains "DigiNotar" is revoked.
-Forwarded: not-needed
-Origin: vendor
-Last-Update: 2011-09-08
-Bug: http://bugs.debian.org/639744
-Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
-Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk>
-
-This is not meant as final patch.
-
-Imported from openssl1.0_1.0.2q-2.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- crypto/x509/x509_vfy.c | 27 +++++++++++++++++++++++++++
- 1 file changed, 27 insertions(+)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index da778d47b1cc..77bdb18882ce 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -120,6 +120,7 @@ static int check_trust(X509_STORE_CTX *ctx);
- static int check_revocation(X509_STORE_CTX *ctx);
- static int check_cert(X509_STORE_CTX *ctx);
- static int check_policy(X509_STORE_CTX *ctx);
-+static int check_ca_blacklist(X509_STORE_CTX *ctx);
-
- static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
- unsigned int *preasons, X509_CRL *crl, X509 *x);
-@@ -502,6 +503,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
- if (!ok)
- goto err;
-
-+ ok = check_ca_blacklist(ctx);
-+ if(!ok) goto err;
-+
- #ifndef OPENSSL_NO_RFC3779
- /* RFC 3779 path validation, now that CRL check has been done */
- ok = v3_asid_validate_path(ctx);
-@@ -1110,6 +1114,29 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
- return 1;
- }
-
-+static int check_ca_blacklist(X509_STORE_CTX *ctx)
-+ {
-+ X509 *x;
-+ int i;
-+ /* Check all certificates against the blacklist */
-+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
-+ {
-+ x = sk_X509_value(ctx->chain, i);
-+ /* Mark DigiNotar certificates as revoked, no matter
-+ * where in the chain they are.
-+ */
-+ if (x->name && strstr(x->name, "DigiNotar"))
-+ {
-+ ctx->error = X509_V_ERR_CERT_REVOKED;
-+ ctx->error_depth = i;
-+ ctx->current_cert = x;
-+ if (!ctx->verify_cb(0,ctx))
-+ return 0;
-+ }
-+ }
-+ return 1;
-+ }
-+
- static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
- X509 **pissuer, int *pscore, unsigned int *preasons,
- STACK_OF(X509_CRL) *crls)
diff --git a/patches/openssl-1.0.2q/0007-block_digicert_malaysia.patch b/patches/openssl-1.0.2q/0007-block_digicert_malaysia.patch
deleted file mode 100644
index e502416..0000000
--- a/patches/openssl-1.0.2q/0007-block_digicert_malaysia.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From: Raphael Geissert <geissert@debian.org>
-Date: Tue, 12 Dec 2017 23:35:24 +0100
-Subject: [PATCH] block_digicert_malaysia
-
-Description: make X509_verify_cert indicate that any certificate whose
- name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
-Forwarded: not-needed
-Origin: vendor
-Last-Update: 2011-11-05
-
-Imported from openssl1.0_1.0.2q-2.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- crypto/x509/x509_vfy.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 77bdb18882ce..f7f8ed76e05b 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -1122,10 +1122,11 @@ static int check_ca_blacklist(X509_STORE_CTX *ctx)
- for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
- {
- x = sk_X509_value(ctx->chain, i);
-- /* Mark DigiNotar certificates as revoked, no matter
-- * where in the chain they are.
-+ /* Mark certificates containing the following names as
-+ * revoked, no matter where in the chain they are.
- */
-- if (x->name && strstr(x->name, "DigiNotar"))
-+ if (x->name && (strstr(x->name, "DigiNotar") ||
-+ strstr(x->name, "Digicert Sdn. Bhd.")))
- {
- ctx->error = X509_V_ERR_CERT_REVOKED;
- ctx->error_depth = i;
diff --git a/patches/openssl-1.0.2q/0008-Disable-the-freelist.patch b/patches/openssl-1.0.2q/0008-Disable-the-freelist.patch
deleted file mode 100644
index f1e959c..0000000
--- a/patches/openssl-1.0.2q/0008-Disable-the-freelist.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From: Kurt Roeckx <kurt@roeckx.be>
-Date: Tue, 12 Dec 2017 23:35:24 +0100
-Subject: [PATCH] Disable the freelist
-
-We don't define OPENSSL_NO_BUF_FREELISTS globally sinc it changes structures and
-would break the ABI. Instead we just do it in the .c files that try to do
-something with it.
-
-Imported from openssl1.0_1.0.2q-2.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- ssl/s3_both.c | 1 +
- ssl/ssl_lib.c | 2 ++
- 2 files changed, 3 insertions(+)
-
-diff --git a/ssl/s3_both.c b/ssl/s3_both.c
-index 054ded1c9903..bb0085cf2ec0 100644
---- a/ssl/s3_both.c
-+++ b/ssl/s3_both.c
-@@ -584,6 +584,7 @@ int ssl_verify_alarm_type(long type)
- return (al);
- }
-
-+#define OPENSSL_NO_BUF_FREELISTS
- #ifndef OPENSSL_NO_BUF_FREELISTS
- /*-
- * On some platforms, malloc() performance is bad enough that you can't just
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index cfcfe76b9ce1..5c108288b14b 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -162,6 +162,8 @@
-
- const char *SSL_version_str = OPENSSL_VERSION_TEXT;
-
-+#define OPENSSL_NO_BUF_FREELISTS
-+
- SSL3_ENC_METHOD ssl3_undef_enc_method = {
- /*
- * evil casts, but these functions are only called if there's a library
diff --git a/patches/openssl-1.0.2q/0009-Mark-3DES-and-RC4-ciphers-as-weak.patch b/patches/openssl-1.0.2q/0009-Mark-3DES-and-RC4-ciphers-as-weak.patch
deleted file mode 100644
index 0cc5ec9..0000000
--- a/patches/openssl-1.0.2q/0009-Mark-3DES-and-RC4-ciphers-as-weak.patch
+++ /dev/null
@@ -1,429 +0,0 @@
-From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
-Date: Sun, 18 Dec 2016 15:37:52 +0100
-Subject: [PATCH] Mark 3DES and RC4 ciphers as weak
-
-This disables RC4 and 3DES in our build
-
-Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
-
-Imported from openssl1.0_1.0.2q-2.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- ssl/s3_lib.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++-
- 1 file changed, 58 insertions(+), 1 deletion(-)
-
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index 10c6db683b6e..4b4032ba397a 100644
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -216,6 +216,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- #endif
-
- /* Cipher 04 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_RSA_RC4_128_MD5,
-@@ -230,8 +231,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
-
- /* Cipher 05 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_RSA_RC4_128_SHA,
-@@ -246,7 +249,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
--
-+#endif
- /* Cipher 06 */
- #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
-@@ -320,6 +323,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- #endif
-
- /* Cipher 0A */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_RSA_DES_192_CBC3_SHA,
-@@ -334,6 +338,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* The DH ciphers */
- /* Cipher 0B */
-@@ -373,6 +378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- #endif
-
- /* Cipher 0D */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
-@@ -387,6 +393,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher 0E */
- #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-@@ -425,6 +432,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- #endif
-
- /* Cipher 10 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
-@@ -439,6 +447,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* The Ephemeral DH ciphers */
- /* Cipher 11 */
-@@ -478,6 +487,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- #endif
-
- /* Cipher 13 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
-@@ -492,6 +502,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher 14 */
- #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-@@ -530,6 +541,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- #endif
-
- /* Cipher 16 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
-@@ -544,6 +556,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher 17 */
- #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-@@ -564,6 +577,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- #endif
-
- /* Cipher 18 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_ADH_RC4_128_MD5,
-@@ -578,6 +592,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
-
- /* Cipher 19 */
- #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
-@@ -616,6 +631,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- #endif
-
- /* Cipher 1B */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_ADH_DES_192_CBC_SHA,
-@@ -630,6 +646,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Fortezza ciphersuite from SSL 3.0 spec */
- #if 0
-@@ -703,6 +720,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- # endif
-
- /* Cipher 1F */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_KRB5_DES_192_CBC3_SHA,
-@@ -717,8 +735,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher 20 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_KRB5_RC4_128_SHA,
-@@ -733,6 +753,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
-
- /* Cipher 21 */
- {
-@@ -769,6 +790,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- # endif
-
- /* Cipher 23 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_KRB5_DES_192_CBC3_MD5,
-@@ -783,8 +805,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher 24 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- SSL3_TXT_KRB5_RC4_128_MD5,
-@@ -799,6 +823,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
-
- /* Cipher 25 */
- {
-@@ -1418,6 +1443,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- # endif
-
- /* Cipher 66 */
-+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
-@@ -1432,6 +1458,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
- #endif
-
- /* TLS v1.2 ciphersuites */
-@@ -1703,6 +1730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
-
- #ifndef OPENSSL_NO_PSK
- /* Cipher 8A */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_PSK_WITH_RC4_128_SHA,
-@@ -1717,8 +1745,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
-
- /* Cipher 8B */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
-@@ -1733,6 +1763,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher 8C */
- {
-@@ -2095,6 +2126,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- },
-
- /* Cipher C002 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
-@@ -2109,8 +2141,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
-
- /* Cipher C003 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
-@@ -2125,6 +2159,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher C004 */
- {
-@@ -2175,6 +2210,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- },
-
- /* Cipher C007 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
-@@ -2189,8 +2225,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
-
- /* Cipher C008 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-@@ -2205,6 +2243,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher C009 */
- {
-@@ -2255,6 +2294,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- },
-
- /* Cipher C00C */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
-@@ -2269,8 +2309,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
-
- /* Cipher C00D */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
-@@ -2285,6 +2327,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher C00E */
- {
-@@ -2335,6 +2378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- },
-
- /* Cipher C011 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
-@@ -2349,8 +2393,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
-
- /* Cipher C012 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-@@ -2365,6 +2411,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher C013 */
- {
-@@ -2415,6 +2462,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- },
-
- /* Cipher C016 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
-@@ -2429,8 +2477,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 128,
- 128,
- },
-+#endif
-
- /* Cipher C017 */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
-@@ -2445,6 +2495,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher C018 */
- {
-@@ -2481,6 +2532,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
-
- #ifndef OPENSSL_NO_SRP
- /* Cipher C01A */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
-@@ -2495,8 +2547,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher C01B */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
-@@ -2511,8 +2565,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher C01C */
-+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
- {
- 1,
- TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
-@@ -2527,6 +2583,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
- 112,
- 168,
- },
-+#endif
-
- /* Cipher C01D */
- {
diff --git a/patches/openssl-1.0.2q/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch b/patches/openssl-1.0.2q/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
deleted file mode 100644
index b445ea7..0000000
--- a/patches/openssl-1.0.2q/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Mon, 11 Aug 2014 12:28:49 +0200
-Subject: [PATCH] Configure: don't ask dpkg-buildflags for more flags
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- Configure | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Configure b/Configure
-index 9f58145ef000..4b6f13ee238c 100755
---- a/Configure
-+++ b/Configure
-@@ -134,7 +134,7 @@ my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers
- my $warn_make_depend = 0;
-
- # There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
--my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
-+my $debian_cflags = "-g -O2 -Wformat -Werror=format-security " . "-Wa,--noexecstack -Wall";
- $debian_cflags =~ s/\n/ /g;
-
- my $strict_warnings = 0;
diff --git a/patches/openssl-1.0.2q/0101-fix-parallel-building.patch b/patches/openssl-1.0.2q/0101-fix-parallel-building.patch
deleted file mode 100644
index 65a77a7..0000000
--- a/patches/openssl-1.0.2q/0101-fix-parallel-building.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Mon, 23 Mar 2015 09:29:05 +0100
-Subject: [PATCH] fix parallel building
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- Makefile.org | 22 ++++++++++++++--------
- crypto/Makefile | 4 ++--
- engines/Makefile | 4 ++--
- 3 files changed, 18 insertions(+), 12 deletions(-)
-
-diff --git a/Makefile.org b/Makefile.org
-index f51f0a756c3e..aed1dd978ff4 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -281,18 +281,24 @@ build_libs: build_libcrypto build_libssl openssl.pc
- build_libcrypto: build_crypto build_engines libcrypto.pc
- build_libssl: build_ssl libssl.pc
-
-+ifeq ($(SHARED_LIBS),)
-+build_ssl: build_engines
-+else
-+build_engines: build_ssl
-+endif
-+
- build_crypto:
-- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-+ @+dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_ssl: build_crypto
-- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-+ @+dir=ssl; target=all; $(BUILD_ONE_CMD)
- build_engines: build_crypto
-- @dir=engines; target=all; $(BUILD_ONE_CMD)
-+ @+dir=engines; target=all; $(BUILD_ONE_CMD)
- build_apps: build_libs
-- @dir=apps; target=all; $(BUILD_ONE_CMD)
-+ @+dir=apps; target=all; $(BUILD_ONE_CMD)
- build_tests: build_libs
-- @dir=test; target=all; $(BUILD_ONE_CMD)
-+ @+dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools: build_libs
-- @dir=tools; target=all; $(BUILD_ONE_CMD)
-+ @+dir=tools; target=all; $(BUILD_ONE_CMD)
-
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -311,7 +317,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
- FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \
- export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \
- fi; \
-- $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
-+ $(MAKE) -j1 -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \
- (touch -c fips_premain_dso$(EXE_EXT) || :); \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
-@@ -320,7 +326,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT)
-
- libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a
- @if [ "$(SHLIB_TARGET)" != "" ]; then \
-- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
-+ $(MAKE) -j1 SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \
- else \
- echo "There's no support for shared libraries on this platform" >&2; \
- exit 1; \
-diff --git a/crypto/Makefile b/crypto/Makefile
-index 7869996a9c07..76690a1c8619 100644
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,7 +85,7 @@ testapps:
- @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
- subdirs:
-- @target=all; $(RECURSIVE_MAKE)
-+ @+target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
-@@ -100,7 +100,7 @@ links:
- # lib: $(LIB): are splitted to avoid end-less loop
- lib: $(LIB)
- @touch lib
--$(LIB): $(LIBOBJ)
-+$(LIB): $(LIBOBJ) subdirs
- $(AR) $(LIB) $(LIBOBJ)
- test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- $(RANLIB) $(LIB) || echo Never mind.
-diff --git a/engines/Makefile b/engines/Makefile
-index 2058ff405afe..98e41437e1f2 100644
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@ top:
-
- all: lib subdirs
-
--lib: $(LIBOBJ)
-+lib: $(LIBOBJ) subdirs
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
- for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@ lib: $(LIBOBJ)
-
- subdirs:
- echo $(EDIRS)
-- @target=all; $(RECURSIVE_MAKE)
-+ @+target=all; $(RECURSIVE_MAKE)
-
- files:
- $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
diff --git a/patches/openssl-1.0.2q/series b/patches/openssl-1.0.2q/series
deleted file mode 100644
index cd63acf..0000000
--- a/patches/openssl-1.0.2q/series
+++ /dev/null
@@ -1,16 +0,0 @@
-# generated by git-ptx-patches
-#tag:base --start-number 1
-#tag:debian --start-number 1
-0001-debian-targets.patch
-0002-no-rpath.patch
-0003-pic.patch
-0004-valgrind.patch
-0005-shared-lib-ext.patch
-0006-block_diginotar.patch
-0007-block_digicert_malaysia.patch
-0008-Disable-the-freelist.patch
-0009-Mark-3DES-and-RC4-ciphers-as-weak.patch
-#tag:ptx --start-number 100
-0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
-0101-fix-parallel-building.patch
-# d6f7b68c6d4f0780398061fbcec6168c - git-ptx-patches magic
diff --git a/patches/openssl-1.1.1a/0001-debian-targets.patch b/patches/openssl-1.1.1a/0001-debian-targets.patch
new file mode 100644
index 0000000..fe61436
--- /dev/null
+++ b/patches/openssl-1.1.1a/0001-debian-targets.patch
@@ -0,0 +1,207 @@
+From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
+Date: Sun, 5 Nov 2017 15:09:09 +0100
+Subject: debian-targets
+
+---
+ Configurations/20-debian.conf | 192 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 192 insertions(+)
+ create mode 100644 Configurations/20-debian.conf
+
+diff --git a/Configurations/20-debian.conf b/Configurations/20-debian.conf
+new file mode 100644
+index 000000000000..71215d94dfc1
+--- /dev/null
++++ b/Configurations/20-debian.conf
+@@ -0,0 +1,192 @@
++my %targets = (
++ "debian" => {
++ cflags => add("-Wa,--noexecstack -Wall"),
++ },
++ "debian-alpha" => {
++ inherit_from => [ "linux-alpha-gcc", "debian" ],
++ },
++ "debian-alpha-ev4" => {
++ inherit_from => [ "debian-alpha" ],
++ cflags => add("-mcpu=ev4"),
++ },
++ "debian-alpha-ev5" => {
++ inherit_from => [ "debian-alpha" ],
++ cflags => add("-mcpu=ev5"),
++ },
++ "debian-arm64" => {
++ inherit_from => [ "linux-aarch64", "debian" ],
++ },
++ "debian-arm64ilp32" => {
++ inherit_from => [ "linux-arm64ilp32", "debian" ],
++ },
++ "debian-armel" => {
++ inherit_from => [ "linux-armv4", "debian" ],
++ },
++ "debian-armhf" => {
++ inherit_from => [ "linux-armv4", "debian" ],
++ },
++ "debian-amd64" => {
++ inherit_from => [ "linux-x86_64", "debian" ],
++ },
++ "debian-i386" => {
++ inherit_from => [ "linux-elf", "debian" ],
++ },
++ "debian-avr32" => {
++ inherit_from => [ "linux-generic32", "debian" ],
++ },
++ "debian-kfreebsd-amd64" => {
++ inherit_from => [ "debian-amd64" ],
++ enable => [ ],
++ },
++ "debian-kfreebsd-i386" => {
++ inherit_from => [ "debian-i386" ],
++ enable => [ ],
++ },
++ "debian-hppa" => {
++ inherit_from => [ "linux-generic32", "debian" ],
++ },
++ "debian-hurd-i386" => {
++ inherit_from => [ "hurd-x86", "debian" ],
++ },
++ "debian-ia64" => {
++ inherit_from => [ "linux-ia64", "debian" ],
++ },
++ "debian-m68k" => {
++ inherit_from => [ "linux-generic32", "debian" ],
++ },
++ "debian-mips" => {
++ inherit_from => [ "linux-mips32", "debian" ],
++ cflags => add("-DB_ENDIAN"),
++ },
++ "debian-mipsel" => {
++ inherit_from => [ "linux-mips32", "debian" ],
++ cflags => add("-DL_ENDIAN"),
++ },
++ "debian-mipsn32" => {
++ inherit_from => [ "linux-mips64", "debian" ],
++ cflags => add("-DB_ENDIAN"),
++ },
++ "debian-mipsn32el" => {
++ inherit_from => [ "linux-mips64", "debian" ],
++ cflags => add("-DL_ENDIAN"),
++ },
++ "debian-mips64" => {
++ inherit_from => [ "linux64-mips64", "debian" ],
++ cflags => add("-DB_ENDIAN"),
++ },
++ "debian-mips64el" => {
++ inherit_from => [ "linux64-mips64", "debian" ],
++ cflags => add("-DL_ENDIAN"),
++ },
++
++ # Temporary MIPS R6 targets. Those will vanish approx in 1.1.1 because
++ # aes-mips.pl creates proper R6 ASM code. After that, we can inherit from
++ # the linux*-mips* targets.
++ "linux-mips32r6" => {
++ # Configure script adds minimally required -march for assembly
++ # support, if no -march was specified at command line.
++ inherit_from => [ "linux-generic32"],
++ cflags => add("-mabi=32"),
++ perlasm_scheme => "o32",
++ shared_ldflag => add("-mabi=32"),
++ },
++ # mips32 and mips64 below refer to contemporary MIPS Architecture
++ # specifications, MIPS32 and MIPS64, rather than to kernel bitness.
++ "linux-mips64r6" => {
++ inherit_from => [ "linux-generic32"],
++ cflags => add("-mabi=n32"),
++ bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
++ perlasm_scheme => "n32",
++ shared_ldflag => add("-mabi=n32"),
++ multilib => "32",
++ },
++ "linux64-mips64r6" => {
++ inherit_from => [ "linux-generic64"],
++ cflags => add("-mabi=64"),
++ perlasm_scheme => "64",
++ shared_ldflag => add("-mabi=64"),
++ multilib => "64",
++ },
++ "debian-mipsr6" => {
++ inherit_from => [ "linux-mips32r6", "debian" ],
++ cflags => add("-DB_ENDIAN"),
++ },
++ "debian-mipsr6el" => {
++ inherit_from => [ "linux-mips32r6", "debian" ],
++ cflags => add("-DL_ENDIAN"),
++ },
++ "debian-mipsn32r6" => {
++ inherit_from => [ "linux-mips64r6", "debian" ],
++ cflags => add("-DB_ENDIAN"),
++ },
++ "debian-mipsn32r6el" => {
++ inherit_from => [ "linux-mips64r6", "debian" ],
++ cflags => add("-DL_ENDIAN"),
++ },
++ "debian-mips64r6" => {
++ inherit_from => [ "linux64-mips64r6", "debian" ],
++ cflags => add("-DB_ENDIAN"),
++ },
++ "debian-mips64r6el" => {
++ inherit_from => [ "linux64-mips64r6", "debian" ],
++ cflags => add("-DL_ENDIAN"),
++ },
++
++ "debian-nios2" => {
++ inherit_from => [ "linux-generic32", "debian" ],
++ },
++ "debian-powerpc" => {
++ inherit_from => [ "linux-ppc", "debian" ],
++ },
++ "debian-powerpcspe" => {
++ inherit_from => [ "linux-ppc", "debian" ],
++ },
++ "debian-ppc64" => {
++ inherit_from => [ "linux-generic64", "debian", asm("ppc64_asm") ],
++ cflags => add("-DB_ENDIAN"),
++ perlasm_scheme => "linux64",
++ },
++ "debian-ppc64el" => {
++ inherit_from => [ "linux-ppc64le", "debian" ],
++ },
++ "debian-riscv64" => {
++ inherit_from => [ "linux-generic64", "debian" ],
++ },
++ "debian-s390" => {
++ inherit_from => [ "linux-generic32", "debian" ],
++ },
++ "debian-s390x" => {
++ inherit_from => [ "linux64-s390x", "debian" ],
++ },
++ "debian-sh3" => {
++ inherit_from => [ "linux-generic32", "debian" ],
++ },
++ "debian-sh3eb" => {
++ inherit_from => [ "linux-generic32", "debian" ],
++ },
++ "debian-sh4" => {
++ inherit_from => [ "linux-generic32", "debian" ],
++ },
++ "debian-sh4eb" => {
++ inherit_from => [ "linux-generic32", "debian" ],
++ },
++ "debian-m32r" => {
++ inherit_from => [ "linux-generic32", "debian" ],
++ },
++ "debian-sparc" => {
++ inherit_from => [ "linux-generic32", "debian", asm("sparcv9_asm") ],
++ cflags => add("-DB_ENDIAN -DBN_DIV2W"),
++ },
++ "debian-sparc64" => {
++ inherit_from => [ "linux-generic64", "debian", asm("sparcv9_asm") ],
++ cflags => add("-m64 -mcpu=ultrasparc -DB_ENDIAN"),
++ bn_ops => "BN_LLONG RC4_CHAR",
++ },
++ "debian-tilegx" => {
++ inherit_from => [ "linux-generic64", "debian" ],
++ },
++ "debian-x32" => {
++ inherit_from => [ "linux-x32", "debian" ],
++ },
++);
++
diff --git a/patches/openssl-1.1.1a/0002-man-section.patch b/patches/openssl-1.1.1a/0002-man-section.patch
new file mode 100644
index 0000000..8ef4ed8
--- /dev/null
+++ b/patches/openssl-1.1.1a/0002-man-section.patch
@@ -0,0 +1,54 @@
+From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
+Date: Sun, 5 Nov 2017 15:09:09 +0100
+Subject: man-section
+
+---
+ Configurations/unix-Makefile.tmpl | 6 ++++--
+ util/process_docs.pl | 3 ++-
+ 2 files changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index e7120194ef8c..527ac3dc234c 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -183,7 +183,8 @@ HTMLDIR=$(DOCDIR)/html
+ # MANSUFFIX is for the benefit of anyone who may want to have a suffix
+ # appended after the manpage file section number. "ssl" is popular,
+ # resulting in files such as config.5ssl rather than config.5.
+-MANSUFFIX=
++MANSUFFIX=ssl
++MANSECTION=SSL
+ HTMLSUFFIX=html
+
+ # For "optional" echo messages, to get "real" silence
+@@ -721,7 +722,8 @@ uninstall_runtime: uninstall_programs uninstall_runtime_libs
+ @[ -n "$(INSTALLTOP)" ] || (echo INSTALLTOP should not be empty; exit 1)
+ @$(ECHO) "*** Installing manpages"
+ $(PERL) $(SRCDIR)/util/process_docs.pl \
+- --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX)
++ --destdir=$(DESTDIR)$(MANDIR) --type=man --suffix=$(MANSUFFIX) \
++ --mansection=$(MANSECTION)
+
+ uninstall_man_docs:
+ @$(ECHO) "*** Uninstalling manpages"
+diff --git a/util/process_docs.pl b/util/process_docs.pl
+index 30b149eb8fcc..424155ea808e 100755
+--- a/util/process_docs.pl
++++ b/util/process_docs.pl
+@@ -37,6 +37,7 @@ GetOptions(\%options,
+ 'type=s', # The result type, 'man' or 'html'
+ 'suffix:s', # Suffix to add to the extension.
+ # Only used with type=man
++ 'mansection:s', # Section to put to manpage in
+ 'remove', # To remove files rather than writing them
+ 'dry-run|n', # Only output file names on STDOUT
+ 'debug|D+',
+@@ -97,7 +98,7 @@ foreach my $section (sort @{$options{section}}) {
+ my $name = uc $podname;
+ my $suffix = { man => ".$podinfo{section}".($options{suffix} // ""),
+ html => ".html" } -> {$options{type}};
+- my $generate = { man => "pod2man --name=$name --section=$podinfo{section} --center=OpenSSL --release=$config{version} \"$podpath\"",
++ my $generate = { man => "pod2man --name=$name --section=$podinfo{section}$options{mansection} --center=OpenSSL --release=$config{version} \"$podpath\"",
+ html => "pod2html \"--podroot=$options{sourcedir}\" --htmldir=$updir --podpath=man1:man3:man5:man7 \"--infile=$podpath\" \"--title=$podname\" --quiet"
+ } -> {$options{type}};
+ my $output_dir = catdir($options{destdir}, "man$podinfo{section}");
diff --git a/patches/openssl-1.1.1a/0003-no-symbolic.patch b/patches/openssl-1.1.1a/0003-no-symbolic.patch
new file mode 100644
index 0000000..641bd0d
--- /dev/null
+++ b/patches/openssl-1.1.1a/0003-no-symbolic.patch
@@ -0,0 +1,21 @@
+From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
+Date: Sun, 5 Nov 2017 15:09:09 +0100
+Subject: no-symbolic
+
+---
+ Configurations/shared-info.pl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Configurations/shared-info.pl b/Configurations/shared-info.pl
+index 47eddd68355b..208132e7307f 100644
+--- a/Configurations/shared-info.pl
++++ b/Configurations/shared-info.pl
+@@ -25,7 +25,7 @@ sub detect_gnu_cc {
+ my %shared_info;
+ %shared_info = (
+ 'gnu-shared' => {
+- shared_ldflag => '-shared -Wl,-Bsymbolic',
++ shared_ldflag => '-shared',
+ shared_sonameflag => '-Wl,-soname=',
+ },
+ 'linux-shared' => sub {
diff --git a/patches/openssl-1.1.1a/0004-pic.patch b/patches/openssl-1.1.1a/0004-pic.patch
new file mode 100644
index 0000000..fb12b02
--- /dev/null
+++ b/patches/openssl-1.1.1a/0004-pic.patch
@@ -0,0 +1,186 @@
+From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>
+Date: Sun, 5 Nov 2017 15:09:09 +0100
+Subject: pic
+
+---
+ crypto/des/asm/desboth.pl | 17 ++++++++++++++---
+ crypto/perlasm/cbc.pl | 24 ++++++++++++++++++++----
+ crypto/perlasm/x86gas.pl | 16 ++++++++++++++++
+ crypto/x86cpuid.pl | 10 +++++-----
+ 4 files changed, 55 insertions(+), 12 deletions(-)
+
+diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl
+index ef7054e27506..50765d2b1552 100644
+--- a/crypto/des/asm/desboth.pl
++++ b/crypto/des/asm/desboth.pl
+@@ -23,6 +23,11 @@ sub DES_encrypt3
+
+ &push("edi");
+
++ &call (&label("pic_point0"));
++ &set_label("pic_point0");
++ &blindpop("ebp");
++ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
++
+ &comment("");
+ &comment("Load the data words");
+ &mov($L,&DWP(0,"ebx","",0));
+@@ -54,15 +59,21 @@ sub DES_encrypt3
+ &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+ &mov(&swtmp(1), "eax");
+ &mov(&swtmp(0), "ebx");
+- &call("DES_encrypt2");
++ &exch("ebx", "ebp");
++ &call("DES_encrypt2\@PLT");
++ &exch("ebx", "ebp");
+ &mov(&swtmp(2), (DWC(($enc)?"0":"1")));
+ &mov(&swtmp(1), "edi");
+ &mov(&swtmp(0), "ebx");
+- &call("DES_encrypt2");
++ &exch("ebx", "ebp");
++ &call("DES_encrypt2\@PLT");
++ &exch("ebx", "ebp");
+ &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+ &mov(&swtmp(1), "esi");
+ &mov(&swtmp(0), "ebx");
+- &call("DES_encrypt2");
++ &exch("ebx", "ebp");
++ &call("DES_encrypt2\@PLT");
++ &exch("ebx", "ebp");
+
+ &stack_pop(3);
+ &mov($L,&DWP(0,"ebx","",0));
+diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl
+index 01bafe457d68..c093be5a4fd6 100644
+--- a/crypto/perlasm/cbc.pl
++++ b/crypto/perlasm/cbc.pl
+@@ -129,7 +129,11 @@ sub cbc
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+- &call($enc_func);
++ &call (&label("pic_point0"));
++ &set_label("pic_point0");
++ &blindpop("ebx");
++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
++ &call("$enc_func\@PLT");
+
+ &mov("eax", &DWP($data_off,"esp","",0));
+ &mov("ebx", &DWP($data_off+4,"esp","",0));
+@@ -192,7 +196,11 @@ sub cbc
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+- &call($enc_func);
++ &call (&label("pic_point1"));
++ &set_label("pic_point1");
++ &blindpop("ebx");
++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
++ &call("$enc_func\@PLT");
+
+ &mov("eax", &DWP($data_off,"esp","",0));
+ &mov("ebx", &DWP($data_off+4,"esp","",0));
+@@ -225,7 +233,11 @@ sub cbc
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put back
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+- &call($dec_func);
++ &call (&label("pic_point2"));
++ &set_label("pic_point2");
++ &blindpop("ebx");
++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
++ &call("$dec_func\@PLT");
+
+ &mov("eax", &DWP($data_off,"esp","",0)); # get return
+ &mov("ebx", &DWP($data_off+4,"esp","",0)); #
+@@ -268,7 +280,11 @@ sub cbc
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put back
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+- &call($dec_func);
++ &call (&label("pic_point3"));
++ &set_label("pic_point3");
++ &blindpop("ebx");
++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
++ &call("$dec_func\@PLT");
+
+ &mov("eax", &DWP($data_off,"esp","",0)); # get return
+ &mov("ebx", &DWP($data_off+4,"esp","",0)); #
+diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl
+index 5c7ea3880e4d..7e49b55e97c7 100644
+--- a/crypto/perlasm/x86gas.pl
++++ b/crypto/perlasm/x86gas.pl
+@@ -170,6 +170,7 @@ sub ::file_end
+ if ($::macosx) { push (@out,"$tmp,2\n"); }
+ elsif ($::elf) { push (@out,"$tmp,4\n"); }
+ else { push (@out,"$tmp\n"); }
++ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
+ }
+ push(@out,$initseg) if ($initseg);
+ }
+@@ -228,8 +229,23 @@ ___
+ elsif ($::elf)
+ { $initseg.=<<___;
+ .section .init
++___
++ if ($::pic)
++ { $initseg.=<<___;
++ pushl %ebx
++ call .pic_point0
++.pic_point0:
++ popl %ebx
++ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
++ call $f\@PLT
++ popl %ebx
++___
++ }
++ else
++ { $initseg.=<<___;
+ call $f
+ ___
++ }
+ }
+ elsif ($::coff)
+ { $initseg.=<<___; # applies to both Cygwin and Mingw
+diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
+index d43dda4d935c..d72a36fbf0c5 100644
+--- a/crypto/x86cpuid.pl
++++ b/crypto/x86cpuid.pl
+@@ -18,6 +18,8 @@ open OUT,">$output";
+
+ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
++push(@out, ".hidden OPENSSL_ia32cap_P\n");
++
+ &function_begin("OPENSSL_ia32_cpuid");
+ &xor ("edx","edx");
+ &pushf ();
+@@ -163,9 +165,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+ &set_label("nocpuid");
+ &function_end("OPENSSL_ia32_cpuid");
+
+-&external_label("OPENSSL_ia32cap_P");
+-
+-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_rdtsc");
+ &xor ("eax","eax");
+ &xor ("edx","edx");
+ &picmeup("ecx","OPENSSL_ia32cap_P");
+@@ -179,7 +179,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+ # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
+ # but it's safe to call it on any [supported] 32-bit platform...
+ # Just check for [non-]zero return value...
+-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_instrument_halt");
+ &picmeup("ecx","OPENSSL_ia32cap_P");
+ &bt (&DWP(0,"ecx"),4);
+ &jnc (&label("nohalt")); # no TSC
+@@ -246,7 +246,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+ &ret ();
+ &function_end_B("OPENSSL_far_spin");
+
+-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_wipe_cpu");
+ &xor ("eax","eax");
+ &xor ("edx","edx");
+ &picmeup("ecx","OPENSSL_ia32cap_P");
diff --git a/patches/openssl-1.1.1a/0005-c_rehash-compat.patch b/patches/openssl-1.1.1a/0005-c_rehash-compat.patch
new file mode 100644
index 0000000..1ed5050
--- /dev/null
+++ b/patches/openssl-1.1.1a/0005-c_rehash-compat.patch
@@ -0,0 +1,72 @@
+From: Ludwig Nussel <ludwig.nussel@suse.de>
+Date: Wed, 21 Apr 2010 15:52:10 +0200
+Subject: [PATCH] also create old hash for compatibility
+
+---
+ tools/c_rehash.in | 20 ++++++++++++++------
+ 1 file changed, 14 insertions(+), 6 deletions(-)
+
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index 421fd892086f..5ad1ab1d655f 100644
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -17,8 +17,6 @@ my $prefix = {- quotify1($config{prefix}) -};
+ my $errorcount = 0;
+ my $openssl = $ENV{OPENSSL} || "openssl";
+ my $pwd;
+-my $x509hash = "-subject_hash";
+-my $crlhash = "-hash";
+ my $verbose = 0;
+ my $symlink_exists=eval {symlink("",""); 1};
+ my $removelinks = 1;
+@@ -27,10 +25,7 @@ my $removelinks = 1;
+ while ( $ARGV[0] =~ /^-/ ) {
+ my $flag = shift @ARGV;
+ last if ( $flag eq '--');
+- if ( $flag eq '-old') {
+- $x509hash = "-subject_hash_old";
+- $crlhash = "-hash_old";
+- } elsif ( $flag eq '-h' || $flag eq '-help' ) {
++ if ( $flag eq '-h' || $flag eq '-help' ) {
+ help();
+ } elsif ( $flag eq '-n' ) {
+ $removelinks = 0;
+@@ -128,7 +123,9 @@ sub hash_dir {
+ next;
+ }
+ link_hash_cert($fname) if ($cert);
++ link_hash_cert_old($fname) if ($cert);
+ link_hash_crl($fname) if ($crl);
++ link_hash_crl_old($fname) if ($crl);
+ }
+ }
+
+@@ -161,6 +158,7 @@ sub check_file {
+
+ sub link_hash_cert {
+ my $fname = $_[0];
++ my $x509hash = $_[1] || '-subject_hash';
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
+ chomp $hash;
+@@ -198,10 +196,20 @@ sub link_hash_cert {
+ $hashlist{$hash} = $fprint;
+ }
+
++sub link_hash_cert_old {
++ link_hash_cert($_[0], '-subject_hash_old');
++}
++
++sub link_hash_crl_old {
++ link_hash_crl($_[0], '-hash_old');
++}
++
++
+ # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
+
+ sub link_hash_crl {
+ my $fname = $_[0];
++ my $crlhash = $_[1] || "-hash";
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+ chomp $hash;
diff --git a/patches/openssl-1.1.1a/0006-Set-systemwide-default-settings-for-libssl-users.patch b/patches/openssl-1.1.1a/0006-Set-systemwide-default-settings-for-libssl-users.patch
new file mode 100644
index 0000000..9de855e
--- /dev/null
+++ b/patches/openssl-1.1.1a/0006-Set-systemwide-default-settings-for-libssl-users.patch
@@ -0,0 +1,42 @@
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Tue, 20 Mar 2018 22:07:30 +0100
+Subject: Set systemwide default settings for libssl users
+
+This config change enforeces a TLS1.2 protocol version as minimum. It
+can be overwritten by the system administrator.
+
+It also changes the default security level from 1 to 2, moving from the 80 bit
+security level to the 112 bit security level.
+
+Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+---
+ apps/openssl.cnf | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/apps/openssl.cnf b/apps/openssl.cnf
+index 6df2878d5021..d155d1eda0bd 100644
+--- a/apps/openssl.cnf
++++ b/apps/openssl.cnf
+@@ -15,6 +15,9 @@ HOME = .
+ #oid_file = $ENV::HOME/.oid
+ oid_section = new_oids
+
++# System default
++openssl_conf = default_conf
++
+ # To use this configuration file with the "-extfile" option of the
+ # "openssl x509" utility, name here the section containing the
+ # X.509v3 extensions to use:
+@@ -348,3 +351,12 @@ ess_cert_id_chain = no # Must the ESS cert id chain be included?
+ # (optional, default: no)
+ ess_cert_id_alg = sha1 # algorithm to compute certificate
+ # identifier (optional, default: sha1)
++[default_conf]
++ssl_conf = ssl_sect
++
++[ssl_sect]
++system_default = system_default_sect
++
++[system_default_sect]
++MinProtocol = TLSv1.2
++CipherString = DEFAULT@SECLEVEL=2
diff --git a/patches/openssl-1.1.1a/series b/patches/openssl-1.1.1a/series
new file mode 100644
index 0000000..003a7c4
--- /dev/null
+++ b/patches/openssl-1.1.1a/series
@@ -0,0 +1,6 @@
+0001-debian-targets.patch
+0002-man-section.patch
+0003-no-symbolic.patch
+0004-pic.patch
+0005-c_rehash-compat.patch
+0006-Set-systemwide-default-settings-for-libssl-users.patch
diff --git a/rules/openssl.make b/rules/openssl.make
index d514077..0ace6c3 100644
--- a/rules/openssl.make
+++ b/rules/openssl.make
@@ -18,10 +18,10 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl
#
# Paths and names
#
-OPENSSL_BASE := 1.0.2
-OPENSSL_BUGFIX := q
+OPENSSL_BASE := 1.1.1
+OPENSSL_BUGFIX := a
OPENSSL_VERSION := $(OPENSSL_BASE)$(OPENSSL_BUGFIX)
-OPENSSL_MD5 := 7563e1ce046cb21948eeb6ba1a0eb71c
+OPENSSL_MD5 := 963deb2272d6be7d4c2458afd2517b73
OPENSSL := openssl-$(OPENSSL_VERSION)
OPENSSL_SUFFIX := tar.gz
OPENSSL_URL := \
@@ -74,7 +74,7 @@ endif
OPENSSL_CONF_OPT := \
--prefix=/usr \
--openssldir=/usr/lib/ssl \
- --install_prefix=$(OPENSSL_PKGDIR) \
+ DESTDIR=$(OPENSSL_PKGDIR) \
shared
OPENSSL_INSTALL_OPT := \
@@ -106,7 +106,7 @@ ifdef PTXCONF_OPENSSL_BIN
endif
@$(call install_alternative, openssl, 0, 0, 0644, \
- /usr/lib/ssl/openssl.cnf)
+ /apps/openssl.cnf)
@$(call install_lib, openssl, 0, 0, 0644, libssl)
@$(call install_lib, openssl, 0, 0, 0644, libcrypto)
--
1.9.1
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2019-01-09 14:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-09 14:13 [ptxdist] [PATCHv2] openssl: version bump to 1.1.1a Oliver Graute
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox