* [ptxdist] [PATCH] openssl: version bump 1.0.1h -> 1.0.1i
@ 2014-08-07 12:41 Bernhard Walle
2014-08-08 8:32 ` Michael Olbrich
0 siblings, 1 reply; 2+ messages in thread
From: Bernhard Walle @ 2014-08-07 12:41 UTC (permalink / raw)
To: ptxdist; +Cc: Bernhard Walle
Fixes CVE-2014-3508.
Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
---
patches/openssl-1.0.1h/0001-ca.patch | 31 ----
patches/openssl-1.0.1h/0002-debian-targets.patch | 80 ---------
patches/openssl-1.0.1h/0003-engines-path.patch | 92 ----------
patches/openssl-1.0.1h/0004-no-rpath.patch | 24 ---
patches/openssl-1.0.1h/0005-no-symbolic.patch | 24 ---
patches/openssl-1.0.1h/0006-pic.patch | 189 ---------------------
patches/openssl-1.0.1h/0007-valgrind.patch | 31 ----
patches/openssl-1.0.1h/0008-rehash-crt.patch | 44 -----
patches/openssl-1.0.1h/0009-shared-lib-ext.patch | 25 ---
patches/openssl-1.0.1h/0010-stddef.patch | 23 ---
patches/openssl-1.0.1h/0011-block_diginotar.patch | 66 -------
.../0012-block_digicert_malaysia.patch | 30 ----
.../0013-Change-default-bit-size-and-digest.patch | 131 --------------
.../openssl-1.0.1h/0014-openssl_fix_for_x32.patch | 50 ------
patches/openssl-1.0.1h/series | 17 --
patches/openssl-1.0.1i/0001-ca.patch | 31 ++++
patches/openssl-1.0.1i/0002-debian-targets.patch | 80 +++++++++
patches/openssl-1.0.1i/0003-engines-path.patch | 92 ++++++++++
patches/openssl-1.0.1i/0004-no-rpath.patch | 24 +++
patches/openssl-1.0.1i/0005-no-symbolic.patch | 24 +++
patches/openssl-1.0.1i/0006-pic.patch | 189 +++++++++++++++++++++
patches/openssl-1.0.1i/0007-valgrind.patch | 31 ++++
patches/openssl-1.0.1i/0008-rehash-crt.patch | 44 +++++
patches/openssl-1.0.1i/0009-shared-lib-ext.patch | 25 +++
patches/openssl-1.0.1i/0010-stddef.patch | 23 +++
patches/openssl-1.0.1i/0011-block_diginotar.patch | 66 +++++++
.../0012-block_digicert_malaysia.patch | 30 ++++
.../0013-Change-default-bit-size-and-digest.patch | 131 ++++++++++++++
.../openssl-1.0.1i/0014-openssl_fix_for_x32.patch | 50 ++++++
patches/openssl-1.0.1i/series | 17 ++
rules/openssl.make | 4 +-
31 files changed, 859 insertions(+), 859 deletions(-)
delete mode 100644 patches/openssl-1.0.1h/0001-ca.patch
delete mode 100644 patches/openssl-1.0.1h/0002-debian-targets.patch
delete mode 100644 patches/openssl-1.0.1h/0003-engines-path.patch
delete mode 100644 patches/openssl-1.0.1h/0004-no-rpath.patch
delete mode 100644 patches/openssl-1.0.1h/0005-no-symbolic.patch
delete mode 100644 patches/openssl-1.0.1h/0006-pic.patch
delete mode 100644 patches/openssl-1.0.1h/0007-valgrind.patch
delete mode 100644 patches/openssl-1.0.1h/0008-rehash-crt.patch
delete mode 100644 patches/openssl-1.0.1h/0009-shared-lib-ext.patch
delete mode 100644 patches/openssl-1.0.1h/0010-stddef.patch
delete mode 100644 patches/openssl-1.0.1h/0011-block_diginotar.patch
delete mode 100644 patches/openssl-1.0.1h/0012-block_digicert_malaysia.patch
delete mode 100644 patches/openssl-1.0.1h/0013-Change-default-bit-size-and-digest.patch
delete mode 100644 patches/openssl-1.0.1h/0014-openssl_fix_for_x32.patch
delete mode 100644 patches/openssl-1.0.1h/series
create mode 100644 patches/openssl-1.0.1i/0001-ca.patch
create mode 100644 patches/openssl-1.0.1i/0002-debian-targets.patch
create mode 100644 patches/openssl-1.0.1i/0003-engines-path.patch
create mode 100644 patches/openssl-1.0.1i/0004-no-rpath.patch
create mode 100644 patches/openssl-1.0.1i/0005-no-symbolic.patch
create mode 100644 patches/openssl-1.0.1i/0006-pic.patch
create mode 100644 patches/openssl-1.0.1i/0007-valgrind.patch
create mode 100644 patches/openssl-1.0.1i/0008-rehash-crt.patch
create mode 100644 patches/openssl-1.0.1i/0009-shared-lib-ext.patch
create mode 100644 patches/openssl-1.0.1i/0010-stddef.patch
create mode 100644 patches/openssl-1.0.1i/0011-block_diginotar.patch
create mode 100644 patches/openssl-1.0.1i/0012-block_digicert_malaysia.patch
create mode 100644 patches/openssl-1.0.1i/0013-Change-default-bit-size-and-digest.patch
create mode 100644 patches/openssl-1.0.1i/0014-openssl_fix_for_x32.patch
create mode 100644 patches/openssl-1.0.1i/series
diff --git a/patches/openssl-1.0.1h/0001-ca.patch b/patches/openssl-1.0.1h/0001-ca.patch
deleted file mode 100644
index 3a54d2a..0000000
--- a/patches/openssl-1.0.1h/0001-ca.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Tue, 8 Apr 2014 07:48:47 +0200
-Subject: [PATCH] ca
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- apps/CA.pl.in | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/apps/CA.pl.in b/apps/CA.pl.in
-index c783a6e..fa665b7 100644
---- a/apps/CA.pl.in
-+++ b/apps/CA.pl.in
-@@ -65,6 +65,7 @@ $RET = 0;
- foreach (@ARGV) {
- if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- exit 0;
- } elsif (/^-newcert$/) {
- # create a certificate
-@@ -165,6 +166,7 @@ foreach (@ARGV) {
- } else {
- print STDERR "Unknown arg $_\n";
- print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
-+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
- exit 1;
- }
- }
diff --git a/patches/openssl-1.0.1h/0002-debian-targets.patch b/patches/openssl-1.0.1h/0002-debian-targets.patch
deleted file mode 100644
index b3191ae..0000000
--- a/patches/openssl-1.0.1h/0002-debian-targets.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Tue, 8 Apr 2014 07:48:47 +0200
-Subject: [PATCH] debian-targets
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- Configure | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 51 insertions(+)
-
-diff --git a/Configure b/Configure
-index de78469..79082df 100755
---- a/Configure
-+++ b/Configure
-@@ -105,6 +105,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
-
- my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
-
-+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
-+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
-+$debian_cflags =~ s/\n/ /g;
-+
- my $strict_warnings = 0;
-
- my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -340,6 +344,53 @@ my %table=(
- "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
- "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
-
-+# Debian GNU/* (various architectures)
-+"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
-+"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
-+
- ####
- #### Variety of LINUX:-)
- ####
diff --git a/patches/openssl-1.0.1h/0003-engines-path.patch b/patches/openssl-1.0.1h/0003-engines-path.patch
deleted file mode 100644
index 412247b..0000000
--- a/patches/openssl-1.0.1h/0003-engines-path.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Tue, 8 Apr 2014 07:48:47 +0200
-Subject: [PATCH] engines-path
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- Configure | 2 +-
- Makefile.org | 2 +-
- engines/Makefile | 10 +++++-----
- engines/ccgost/Makefile | 6 +++---
- 4 files changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/Configure b/Configure
-index 79082df..c676835 100755
---- a/Configure
-+++ b/Configure
-@@ -1855,7 +1855,7 @@ while (<IN>)
- }
- elsif (/^#define\s+ENGINESDIR/)
- {
-- my $foo = "$prefix/$libdir/engines";
-+ my $foo = "$prefix/$libdir/openssl-1.0.0/engines";
- $foo =~ s/\\/\\\\/g;
- print OUT "#define ENGINESDIR \"$foo\"\n";
- }
-diff --git a/Makefile.org b/Makefile.org
-index c92806f..5117a0e 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -543,7 +543,7 @@ install: all install_docs install_sw
- install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
-- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines \
- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
- $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-diff --git a/engines/Makefile b/engines/Makefile
-index 2fa9534..58e0281 100644
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -107,7 +107,7 @@ install:
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
-- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
-+ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines; \
- for l in $(LIBNAMES); do \
- ( echo installing $$l; \
- pfx=lib; \
-@@ -119,13 +119,13 @@ install:
- *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
- *) sfx=".bad";; \
- esac; \
-- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \
- else \
- sfx=".so"; \
-- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \
- fi; \
-- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
-+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \
-+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx ); \
- done; \
- fi
- @target=install; $(RECURSIVE_MAKE)
-diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile
-index d661c10..3e593b1 100644
---- a/engines/ccgost/Makefile
-+++ b/engines/ccgost/Makefile
-@@ -53,13 +53,13 @@ install:
- *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
- *) sfx=".bad";; \
- esac; \
-- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- else \
- sfx=".so"; \
- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- fi; \
-- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
-+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx; \
- fi
-
- links:
diff --git a/patches/openssl-1.0.1h/0004-no-rpath.patch b/patches/openssl-1.0.1h/0004-no-rpath.patch
deleted file mode 100644
index 8c9fbc1..0000000
--- a/patches/openssl-1.0.1h/0004-no-rpath.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Tue, 8 Apr 2014 07:48:47 +0200
-Subject: [PATCH] no-rpath
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- Makefile.shared | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.shared b/Makefile.shared
-index e753f44..6e3f886 100644
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-
--DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
-
- #This is rather special. It's a special target with which one can link
- #applications without bothering with any features that have anything to
diff --git a/patches/openssl-1.0.1h/0005-no-symbolic.patch b/patches/openssl-1.0.1h/0005-no-symbolic.patch
deleted file mode 100644
index 7fa7213..0000000
--- a/patches/openssl-1.0.1h/0005-no-symbolic.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Tue, 8 Apr 2014 07:48:47 +0200
-Subject: [PATCH] no-symbolic
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- Makefile.shared | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.shared b/Makefile.shared
-index 6e3f886..44e3d9c 100644
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
- SHLIB_SUFFIX=; \
- ALLSYMSFLAGS='-Wl,--whole-archive'; \
- NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
-- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
-
- DO_GNU_APP=LDFLAGS="$(CFLAGS)"
-
diff --git a/patches/openssl-1.0.1h/0006-pic.patch b/patches/openssl-1.0.1h/0006-pic.patch
deleted file mode 100644
index d2494e1..0000000
--- a/patches/openssl-1.0.1h/0006-pic.patch
+++ /dev/null
@@ -1,189 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Tue, 8 Apr 2014 07:48:47 +0200
-Subject: [PATCH] pic
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- crypto/des/asm/desboth.pl | 17 ++++++++++++++---
- crypto/perlasm/cbc.pl | 24 ++++++++++++++++++++----
- crypto/perlasm/x86gas.pl | 16 ++++++++++++++++
- crypto/x86cpuid.pl | 10 +++++-----
- 4 files changed, 55 insertions(+), 12 deletions(-)
-
-diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl
-index eec0088..ab6f524 100644
---- a/crypto/des/asm/desboth.pl
-+++ b/crypto/des/asm/desboth.pl
-@@ -16,6 +16,11 @@ sub DES_encrypt3
-
- &push("edi");
-
-+ &call (&label("pic_point0"));
-+ &set_label("pic_point0");
-+ &blindpop("ebp");
-+ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
-+
- &comment("");
- &comment("Load the data words");
- &mov($L,&DWP(0,"ebx","",0));
-@@ -47,15 +52,21 @@ sub DES_encrypt3
- &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
- &mov(&swtmp(1), "eax");
- &mov(&swtmp(0), "ebx");
-- &call("DES_encrypt2");
-+ &exch("ebx", "ebp");
-+ &call("DES_encrypt2\@PLT");
-+ &exch("ebx", "ebp");
- &mov(&swtmp(2), (DWC(($enc)?"0":"1")));
- &mov(&swtmp(1), "edi");
- &mov(&swtmp(0), "ebx");
-- &call("DES_encrypt2");
-+ &exch("ebx", "ebp");
-+ &call("DES_encrypt2\@PLT");
-+ &exch("ebx", "ebp");
- &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
- &mov(&swtmp(1), "esi");
- &mov(&swtmp(0), "ebx");
-- &call("DES_encrypt2");
-+ &exch("ebx", "ebp");
-+ &call("DES_encrypt2\@PLT");
-+ &exch("ebx", "ebp");
-
- &stack_pop(3);
- &mov($L,&DWP(0,"ebx","",0));
-diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl
-index 24561e7..269fb0b 100644
---- a/crypto/perlasm/cbc.pl
-+++ b/crypto/perlasm/cbc.pl
-@@ -122,7 +122,11 @@ sub cbc
- &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
- &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
-
-- &call($enc_func);
-+ &call (&label("pic_point0"));
-+ &set_label("pic_point0");
-+ &blindpop("ebx");
-+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
-+ &call("$enc_func\@PLT");
-
- &mov("eax", &DWP($data_off,"esp","",0));
- &mov("ebx", &DWP($data_off+4,"esp","",0));
-@@ -185,7 +189,11 @@ sub cbc
- &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
- &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
-
-- &call($enc_func);
-+ &call (&label("pic_point1"));
-+ &set_label("pic_point1");
-+ &blindpop("ebx");
-+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
-+ &call("$enc_func\@PLT");
-
- &mov("eax", &DWP($data_off,"esp","",0));
- &mov("ebx", &DWP($data_off+4,"esp","",0));
-@@ -218,7 +226,11 @@ sub cbc
- &mov(&DWP($data_off,"esp","",0), "eax"); # put back
- &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
-
-- &call($dec_func);
-+ &call (&label("pic_point2"));
-+ &set_label("pic_point2");
-+ &blindpop("ebx");
-+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
-+ &call("$dec_func\@PLT");
-
- &mov("eax", &DWP($data_off,"esp","",0)); # get return
- &mov("ebx", &DWP($data_off+4,"esp","",0)); #
-@@ -261,7 +273,11 @@ sub cbc
- &mov(&DWP($data_off,"esp","",0), "eax"); # put back
- &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
-
-- &call($dec_func);
-+ &call (&label("pic_point3"));
-+ &set_label("pic_point3");
-+ &blindpop("ebx");
-+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
-+ &call("$dec_func\@PLT");
-
- &mov("eax", &DWP($data_off,"esp","",0)); # get return
- &mov("ebx", &DWP($data_off+4,"esp","",0)); #
-diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl
-index 682a3a3..9d4662c 100644
---- a/crypto/perlasm/x86gas.pl
-+++ b/crypto/perlasm/x86gas.pl
-@@ -161,6 +161,7 @@ sub ::file_end
- if ($::macosx) { push (@out,"$tmp,2\n"); }
- elsif ($::elf) { push (@out,"$tmp,4\n"); }
- else { push (@out,"$tmp\n"); }
-+ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
- }
- push(@out,$initseg) if ($initseg);
- }
-@@ -218,8 +219,23 @@ ___
- elsif ($::elf)
- { $initseg.=<<___;
- .section .init
-+___
-+ if ($::pic)
-+ { $initseg.=<<___;
-+ pushl %ebx
-+ call .pic_point0
-+.pic_point0:
-+ popl %ebx
-+ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
-+ call $f\@PLT
-+ popl %ebx
-+___
-+ }
-+ else
-+ { $initseg.=<<___;
- call $f
- ___
-+ }
- }
- elsif ($::coff)
- { $initseg.=<<___; # applies to both Cygwin and Mingw
-diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
-index b270b44..c01ba83 100644
---- a/crypto/x86cpuid.pl
-+++ b/crypto/x86cpuid.pl
-@@ -8,6 +8,8 @@ require "x86asm.pl";
-
- for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
-
-+push(@out, ".hidden OPENSSL_ia32cap_P\n");
-+
- &function_begin("OPENSSL_ia32_cpuid");
- &xor ("edx","edx");
- &pushf ();
-@@ -141,9 +143,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
- &set_label("nocpuid");
- &function_end("OPENSSL_ia32_cpuid");
-
--&external_label("OPENSSL_ia32cap_P");
--
--&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_rdtsc");
- &xor ("eax","eax");
- &xor ("edx","edx");
- &picmeup("ecx","OPENSSL_ia32cap_P");
-@@ -157,7 +157,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
- # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
- # but it's safe to call it on any [supported] 32-bit platform...
- # Just check for [non-]zero return value...
--&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_instrument_halt");
- &picmeup("ecx","OPENSSL_ia32cap_P");
- &bt (&DWP(0,"ecx"),4);
- &jnc (&label("nohalt")); # no TSC
-@@ -224,7 +224,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
- &ret ();
- &function_end_B("OPENSSL_far_spin");
-
--&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
-+&function_begin_B("OPENSSL_wipe_cpu");
- &xor ("eax","eax");
- &xor ("edx","edx");
- &picmeup("ecx","OPENSSL_ia32cap_P");
diff --git a/patches/openssl-1.0.1h/0007-valgrind.patch b/patches/openssl-1.0.1h/0007-valgrind.patch
deleted file mode 100644
index d3fbd12..0000000
--- a/patches/openssl-1.0.1h/0007-valgrind.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Tue, 8 Apr 2014 07:48:47 +0200
-Subject: [PATCH] valgrind
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- crypto/rand/md_rand.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
-index aee1c30..1caf69c 100644
---- a/crypto/rand/md_rand.c
-+++ b/crypto/rand/md_rand.c
-@@ -488,6 +488,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-
- #ifndef PURIFY /* purify complains */
-+#if 0
- /* The following line uses the supplied buffer as a small
- * source of entropy: since this buffer is often uninitialised
- * it may cause programs such as purify or valgrind to
-@@ -497,6 +498,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
- */
- MD_Update(&m,buf,j);
- #endif
-+#endif
-
- k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
- if (k > 0)
diff --git a/patches/openssl-1.0.1h/0008-rehash-crt.patch b/patches/openssl-1.0.1h/0008-rehash-crt.patch
deleted file mode 100644
index c06898f..0000000
--- a/patches/openssl-1.0.1h/0008-rehash-crt.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Tue, 8 Apr 2014 07:48:47 +0200
-Subject: [PATCH] rehash-crt
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- tools/c_rehash.in | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/tools/c_rehash.in b/tools/c_rehash.in
-index bfc4a69..4958e3d 100644
---- a/tools/c_rehash.in
-+++ b/tools/c_rehash.in
-@@ -75,12 +75,15 @@ sub hash_dir {
- }
- }
- closedir DIR;
-- FILE: foreach $fname (grep {/\.pem$/} @flist) {
-+ FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) {
- # Check to see if certificates and/or CRLs present.
- my ($cert, $crl) = check_file($fname);
- if(!$cert && !$crl) {
-- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
-- next;
-+ ($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der -outform pem | ");
-+ if(!$cert && !$crl) {
-+ print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
-+ next;
-+ }
- }
- link_hash_cert($fname) if($cert);
- link_hash_crl($fname) if($crl);
-@@ -153,6 +156,9 @@ sub link_hash_crl {
- my $fname = $_[0];
- $fname =~ s/'/'\\''/g;
- my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
-+ if(!$hash || !fprint) {
-+ ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname' -inform der`;
-+ }
- chomp $hash;
- chomp $fprint;
- $fprint =~ s/^.*=//;
diff --git a/patches/openssl-1.0.1h/0009-shared-lib-ext.patch b/patches/openssl-1.0.1h/0009-shared-lib-ext.patch
deleted file mode 100644
index d7da2a3..0000000
--- a/patches/openssl-1.0.1h/0009-shared-lib-ext.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Tue, 8 Apr 2014 07:48:47 +0200
-Subject: [PATCH] shared-lib-ext
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- Configure | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/Configure b/Configure
-index c676835..7571db1 100755
---- a/Configure
-+++ b/Configure
-@@ -1725,7 +1725,8 @@ while (<IN>)
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
- {
- my $sotmp = $1;
-- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
-+# s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
-+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
- }
- elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
- {
diff --git a/patches/openssl-1.0.1h/0010-stddef.patch b/patches/openssl-1.0.1h/0010-stddef.patch
deleted file mode 100644
index e0034c2..0000000
--- a/patches/openssl-1.0.1h/0010-stddef.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Tue, 8 Apr 2014 07:48:47 +0200
-Subject: [PATCH] stddef
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- crypto/sha/sha.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h
-index 8a6bf4b..734b40a 100644
---- a/crypto/sha/sha.h
-+++ b/crypto/sha/sha.h
-@@ -59,6 +59,7 @@
- #ifndef HEADER_SHA_H
- #define HEADER_SHA_H
-
-+#include <stddef.h>
- #include <openssl/e_os2.h>
- #include <stddef.h>
-
diff --git a/patches/openssl-1.0.1h/0011-block_diginotar.patch b/patches/openssl-1.0.1h/0011-block_diginotar.patch
deleted file mode 100644
index 3af0669..0000000
--- a/patches/openssl-1.0.1h/0011-block_diginotar.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From: Raphael Geissert <geissert@debian.org>
-Date: Tue, 8 Apr 2014 07:48:47 +0200
-Subject: [PATCH] block_diginotar
-
-This is not meant as final patch.
-
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- crypto/x509/x509_vfy.c | 27 +++++++++++++++++++++++++++
- 1 file changed, 27 insertions(+)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 920066a..5b1a0aa 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -117,6 +117,7 @@ static int check_trust(X509_STORE_CTX *ctx);
- static int check_revocation(X509_STORE_CTX *ctx);
- static int check_cert(X509_STORE_CTX *ctx);
- static int check_policy(X509_STORE_CTX *ctx);
-+static int check_ca_blacklist(X509_STORE_CTX *ctx);
-
- static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
- unsigned int *preasons,
-@@ -369,6 +370,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
- ok=internal_verify(ctx);
- if(!ok) goto end;
-
-+ ok = check_ca_blacklist(ctx);
-+ if(!ok) goto end;
-+
- #ifndef OPENSSL_NO_RFC3779
- /* RFC 3779 path validation, now that CRL check has been done */
- ok = v3_asid_validate_path(ctx);
-@@ -827,6 +831,29 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
- return 1;
- }
-
-+static int check_ca_blacklist(X509_STORE_CTX *ctx)
-+ {
-+ X509 *x;
-+ int i;
-+ /* Check all certificates against the blacklist */
-+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
-+ {
-+ x = sk_X509_value(ctx->chain, i);
-+ /* Mark DigiNotar certificates as revoked, no matter
-+ * where in the chain they are.
-+ */
-+ if (x->name && strstr(x->name, "DigiNotar"))
-+ {
-+ ctx->error = X509_V_ERR_CERT_REVOKED;
-+ ctx->error_depth = i;
-+ ctx->current_cert = x;
-+ if (!ctx->verify_cb(0,ctx))
-+ return 0;
-+ }
-+ }
-+ return 1;
-+ }
-+
- static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
- X509 **pissuer, int *pscore, unsigned int *preasons,
- STACK_OF(X509_CRL) *crls)
diff --git a/patches/openssl-1.0.1h/0012-block_digicert_malaysia.patch b/patches/openssl-1.0.1h/0012-block_digicert_malaysia.patch
deleted file mode 100644
index e1457a8..0000000
--- a/patches/openssl-1.0.1h/0012-block_digicert_malaysia.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From: Raphael Geissert <geissert@debian.org>
-Date: Tue, 8 Apr 2014 07:48:47 +0200
-Subject: [PATCH] block_digicert_malaysia
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- crypto/x509/x509_vfy.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 5b1a0aa..696f8d6 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -839,10 +839,11 @@ static int check_ca_blacklist(X509_STORE_CTX *ctx)
- for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
- {
- x = sk_X509_value(ctx->chain, i);
-- /* Mark DigiNotar certificates as revoked, no matter
-- * where in the chain they are.
-+ /* Mark certificates containing the following names as
-+ * revoked, no matter where in the chain they are.
- */
-- if (x->name && strstr(x->name, "DigiNotar"))
-+ if (x->name && (strstr(x->name, "DigiNotar") ||
-+ strstr(x->name, "Digicert Sdn. Bhd.")))
- {
- ctx->error = X509_V_ERR_CERT_REVOKED;
- ctx->error_depth = i;
diff --git a/patches/openssl-1.0.1h/0013-Change-default-bit-size-and-digest.patch b/patches/openssl-1.0.1h/0013-Change-default-bit-size-and-digest.patch
deleted file mode 100644
index 02761e3..0000000
--- a/patches/openssl-1.0.1h/0013-Change-default-bit-size-and-digest.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-From: Kurt Roeckx <kurt@roeckx.be>
-Date: Fri, 1 Nov 2013 20:47:14 +0100
-Subject: [PATCH] Change default bit size and digest
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- apps/dhparam.c | 4 ++--
- apps/gendh.c | 2 +-
- apps/genrsa.c | 2 +-
- apps/openssl.cnf | 2 +-
- crypto/dsa/dsa_ameth.c | 2 +-
- crypto/ec/ec_ameth.c | 2 +-
- crypto/hmac/hm_ameth.c | 2 +-
- crypto/rsa/rsa_ameth.c | 2 +-
- 8 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/apps/dhparam.c b/apps/dhparam.c
-index 1297d6f..b0c05be 100644
---- a/apps/dhparam.c
-+++ b/apps/dhparam.c
-@@ -130,7 +130,7 @@
- #undef PROG
- #define PROG dhparam_main
-
--#define DEFBITS 512
-+#define DEFBITS 2048
-
- /* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
-@@ -253,7 +253,7 @@ bad:
- BIO_printf(bio_err," -C Output C code\n");
- BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
- BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
-- BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
-+ BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n");
- #ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
- #endif
-diff --git a/apps/gendh.c b/apps/gendh.c
-index 4ec776b..8df8c62 100644
---- a/apps/gendh.c
-+++ b/apps/gendh.c
-@@ -78,7 +78,7 @@
- #include <openssl/x509.h>
- #include <openssl/pem.h>
-
--#define DEFBITS 512
-+#define DEFBITS 2048
- #undef PROG
- #define PROG gendh_main
-
-diff --git a/apps/genrsa.c b/apps/genrsa.c
-index ece114c..7a8c6c5 100644
---- a/apps/genrsa.c
-+++ b/apps/genrsa.c
-@@ -78,7 +78,7 @@
- #include <openssl/pem.h>
- #include <openssl/rand.h>
-
--#define DEFBITS 1024
-+#define DEFBITS 2048
- #undef PROG
- #define PROG genrsa_main
-
-diff --git a/apps/openssl.cnf b/apps/openssl.cnf
-index 18760c6..1eb86c4 100644
---- a/apps/openssl.cnf
-+++ b/apps/openssl.cnf
-@@ -103,7 +103,7 @@ emailAddress = optional
-
- ####################################################################
- [ req ]
--default_bits = 1024
-+default_bits = 2048
- default_keyfile = privkey.pem
- distinguished_name = req_distinguished_name
- attributes = req_attributes
-diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
-index 376156e..13318d7 100644
---- a/crypto/dsa/dsa_ameth.c
-+++ b/crypto/dsa/dsa_ameth.c
-@@ -628,7 +628,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
- #endif
-
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-- *(int *)arg2 = NID_sha1;
-+ *(int *)arg2 = NID_sha256;
- return 2;
-
- default:
-diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
-index 0ce4524..a04ac98 100644
---- a/crypto/ec/ec_ameth.c
-+++ b/crypto/ec/ec_ameth.c
-@@ -615,7 +615,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
- #endif
-
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-- *(int *)arg2 = NID_sha1;
-+ *(int *)arg2 = NID_sha256;
- return 2;
-
- default:
-diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c
-index e03f24a..9fe6505 100644
---- a/crypto/hmac/hm_ameth.c
-+++ b/crypto/hmac/hm_ameth.c
-@@ -89,7 +89,7 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
- switch (op)
- {
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-- *(int *)arg2 = NID_sha1;
-+ *(int *)arg2 = NID_sha256;
- return 1;
-
- default:
-diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
-index 5a2062f..47fe535 100644
---- a/crypto/rsa/rsa_ameth.c
-+++ b/crypto/rsa/rsa_ameth.c
-@@ -435,7 +435,7 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
- #endif
-
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-- *(int *)arg2 = NID_sha1;
-+ *(int *)arg2 = NID_sha256;
- return 1;
-
- default:
diff --git a/patches/openssl-1.0.1h/0014-openssl_fix_for_x32.patch b/patches/openssl-1.0.1h/0014-openssl_fix_for_x32.patch
deleted file mode 100644
index 36bfa49..0000000
--- a/patches/openssl-1.0.1h/0014-openssl_fix_for_x32.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From: Michael Olbrich <m.olbrich@pengutronix.de>
-Date: Tue, 8 Apr 2014 07:48:47 +0200
-Subject: [PATCH] openssl_fix_for_x32
-
-Imported from openssl_1.0.1g-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
----
- crypto/bn/asm/x86_64-gcc.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c
-index acb0b40..acd76ce 100644
---- a/crypto/bn/asm/x86_64-gcc.c
-+++ b/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
- * machine.
- */
-
--#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int
- asm (
- " subq %2,%2 \n"
- ".p2align 4 \n"
-- "1: movq (%4,%2,8),%0 \n"
-- " adcq (%5,%2,8),%0 \n"
-- " movq %0,(%3,%2,8) \n"
-+ "1: movq (%q4,%2,8),%0 \n"
-+ " adcq (%q5,%2,8),%0 \n"
-+ " movq %0,(%q3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int
- asm (
- " subq %2,%2 \n"
- ".p2align 4 \n"
-- "1: movq (%4,%2,8),%0 \n"
-- " sbbq (%5,%2,8),%0 \n"
-- " movq %0,(%3,%2,8) \n"
-+ "1: movq (%q4,%2,8),%0 \n"
-+ " sbbq (%q5,%2,8),%0 \n"
-+ " movq %0,(%q3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n"
diff --git a/patches/openssl-1.0.1h/series b/patches/openssl-1.0.1h/series
deleted file mode 100644
index f55bace..0000000
--- a/patches/openssl-1.0.1h/series
+++ /dev/null
@@ -1,17 +0,0 @@
-# generated by git-ptx-patches
-#tag:base --start-number 1
-0001-ca.patch
-0002-debian-targets.patch
-0003-engines-path.patch
-0004-no-rpath.patch
-0005-no-symbolic.patch
-0006-pic.patch
-0007-valgrind.patch
-0008-rehash-crt.patch
-0009-shared-lib-ext.patch
-0010-stddef.patch
-0011-block_diginotar.patch
-0012-block_digicert_malaysia.patch
-0013-Change-default-bit-size-and-digest.patch
-0014-openssl_fix_for_x32.patch
-# dd4d5e6590bf4d0a9b21935c6ca13a38 - git-ptx-patches magic
diff --git a/patches/openssl-1.0.1i/0001-ca.patch b/patches/openssl-1.0.1i/0001-ca.patch
new file mode 100644
index 0000000..3a54d2a
--- /dev/null
+++ b/patches/openssl-1.0.1i/0001-ca.patch
@@ -0,0 +1,31 @@
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Tue, 8 Apr 2014 07:48:47 +0200
+Subject: [PATCH] ca
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ apps/CA.pl.in | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/apps/CA.pl.in b/apps/CA.pl.in
+index c783a6e..fa665b7 100644
+--- a/apps/CA.pl.in
++++ b/apps/CA.pl.in
+@@ -65,6 +65,7 @@ $RET = 0;
+ foreach (@ARGV) {
+ if ( /^(-\?|-h|-help)$/ ) {
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
+ exit 0;
+ } elsif (/^-newcert$/) {
+ # create a certificate
+@@ -165,6 +166,7 @@ foreach (@ARGV) {
+ } else {
+ print STDERR "Unknown arg $_\n";
+ print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
+ exit 1;
+ }
+ }
diff --git a/patches/openssl-1.0.1i/0002-debian-targets.patch b/patches/openssl-1.0.1i/0002-debian-targets.patch
new file mode 100644
index 0000000..b3191ae
--- /dev/null
+++ b/patches/openssl-1.0.1i/0002-debian-targets.patch
@@ -0,0 +1,80 @@
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Tue, 8 Apr 2014 07:48:47 +0200
+Subject: [PATCH] debian-targets
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ Configure | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 51 insertions(+)
+
+diff --git a/Configure b/Configure
+index de78469..79082df 100755
+--- a/Configure
++++ b/Configure
+@@ -105,6 +105,10 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
+
+ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+
++# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
++my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
++$debian_cflags =~ s/\n/ /g;
++
+ my $strict_warnings = 0;
+
+ my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
+@@ -340,6 +344,53 @@ my %table=(
+ "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+ "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
+
++# Debian GNU/* (various architectures)
++"debian-alpha","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-arm64","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armel","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
++"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-kfreebsd-i386","gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-hppa","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-hurd-i386","gcc:-DL_ENDIAN -DTERMIOS -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ia64","gcc:-DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386-i486","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386-i586","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-i386-i686/cmov","gcc:-DL_ENDIAN -DTERMIO ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-m68k","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsel", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsn32", "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsn32el", "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips64", "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips64el", "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-netbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-netbsd-m68k", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-netbsd-sparc", "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-openbsd-alpha","gcc:-DTERMIOS ${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-openbsd-i386", "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-s390","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-s390x","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh3", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh4", "gcc:-DL_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh3eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sh4eb", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-m32r","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
++
+ ####
+ #### Variety of LINUX:-)
+ ####
diff --git a/patches/openssl-1.0.1i/0003-engines-path.patch b/patches/openssl-1.0.1i/0003-engines-path.patch
new file mode 100644
index 0000000..412247b
--- /dev/null
+++ b/patches/openssl-1.0.1i/0003-engines-path.patch
@@ -0,0 +1,92 @@
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Tue, 8 Apr 2014 07:48:47 +0200
+Subject: [PATCH] engines-path
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ Configure | 2 +-
+ Makefile.org | 2 +-
+ engines/Makefile | 10 +++++-----
+ engines/ccgost/Makefile | 6 +++---
+ 4 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/Configure b/Configure
+index 79082df..c676835 100755
+--- a/Configure
++++ b/Configure
+@@ -1855,7 +1855,7 @@ while (<IN>)
+ }
+ elsif (/^#define\s+ENGINESDIR/)
+ {
+- my $foo = "$prefix/$libdir/engines";
++ my $foo = "$prefix/$libdir/openssl-1.0.0/engines";
+ $foo =~ s/\\/\\\\/g;
+ print OUT "#define ENGINESDIR \"$foo\"\n";
+ }
+diff --git a/Makefile.org b/Makefile.org
+index c92806f..5117a0e 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -543,7 +543,7 @@ install: all install_docs install_sw
+ install_sw:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
++ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+diff --git a/engines/Makefile b/engines/Makefile
+index 2fa9534..58e0281 100644
+--- a/engines/Makefile
++++ b/engines/Makefile
+@@ -107,7 +107,7 @@ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \
++ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines; \
+ for l in $(LIBNAMES); do \
+ ( echo installing $$l; \
+ pfx=lib; \
+@@ -119,13 +119,13 @@ install:
+ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+ *) sfx=".bad";; \
+ esac; \
+- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \
+ else \
+ sfx=".so"; \
+- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \
+ fi; \
+- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new; \
++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+ @target=install; $(RECURSIVE_MAKE)
+diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile
+index d661c10..3e593b1 100644
+--- a/engines/ccgost/Makefile
++++ b/engines/ccgost/Makefile
+@@ -53,13 +53,13 @@ install:
+ *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
+ *) sfx=".bad";; \
+ esac; \
+- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ else \
+ sfx=".so"; \
+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ fi; \
+- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx; \
+ fi
+
+ links:
diff --git a/patches/openssl-1.0.1i/0004-no-rpath.patch b/patches/openssl-1.0.1i/0004-no-rpath.patch
new file mode 100644
index 0000000..8c9fbc1
--- /dev/null
+++ b/patches/openssl-1.0.1i/0004-no-rpath.patch
@@ -0,0 +1,24 @@
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Tue, 8 Apr 2014 07:48:47 +0200
+Subject: [PATCH] no-rpath
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ Makefile.shared | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.shared b/Makefile.shared
+index e753f44..6e3f886 100644
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+
+ #This is rather special. It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/patches/openssl-1.0.1i/0005-no-symbolic.patch b/patches/openssl-1.0.1i/0005-no-symbolic.patch
new file mode 100644
index 0000000..7fa7213
--- /dev/null
+++ b/patches/openssl-1.0.1i/0005-no-symbolic.patch
@@ -0,0 +1,24 @@
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Tue, 8 Apr 2014 07:48:47 +0200
+Subject: [PATCH] no-symbolic
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ Makefile.shared | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile.shared b/Makefile.shared
+index 6e3f886..44e3d9c 100644
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
+ SHLIB_SUFFIX=; \
+ ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
++ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+
+ DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+
diff --git a/patches/openssl-1.0.1i/0006-pic.patch b/patches/openssl-1.0.1i/0006-pic.patch
new file mode 100644
index 0000000..d2494e1
--- /dev/null
+++ b/patches/openssl-1.0.1i/0006-pic.patch
@@ -0,0 +1,189 @@
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Tue, 8 Apr 2014 07:48:47 +0200
+Subject: [PATCH] pic
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ crypto/des/asm/desboth.pl | 17 ++++++++++++++---
+ crypto/perlasm/cbc.pl | 24 ++++++++++++++++++++----
+ crypto/perlasm/x86gas.pl | 16 ++++++++++++++++
+ crypto/x86cpuid.pl | 10 +++++-----
+ 4 files changed, 55 insertions(+), 12 deletions(-)
+
+diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl
+index eec0088..ab6f524 100644
+--- a/crypto/des/asm/desboth.pl
++++ b/crypto/des/asm/desboth.pl
+@@ -16,6 +16,11 @@ sub DES_encrypt3
+
+ &push("edi");
+
++ &call (&label("pic_point0"));
++ &set_label("pic_point0");
++ &blindpop("ebp");
++ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
++
+ &comment("");
+ &comment("Load the data words");
+ &mov($L,&DWP(0,"ebx","",0));
+@@ -47,15 +52,21 @@ sub DES_encrypt3
+ &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+ &mov(&swtmp(1), "eax");
+ &mov(&swtmp(0), "ebx");
+- &call("DES_encrypt2");
++ &exch("ebx", "ebp");
++ &call("DES_encrypt2\@PLT");
++ &exch("ebx", "ebp");
+ &mov(&swtmp(2), (DWC(($enc)?"0":"1")));
+ &mov(&swtmp(1), "edi");
+ &mov(&swtmp(0), "ebx");
+- &call("DES_encrypt2");
++ &exch("ebx", "ebp");
++ &call("DES_encrypt2\@PLT");
++ &exch("ebx", "ebp");
+ &mov(&swtmp(2), (DWC(($enc)?"1":"0")));
+ &mov(&swtmp(1), "esi");
+ &mov(&swtmp(0), "ebx");
+- &call("DES_encrypt2");
++ &exch("ebx", "ebp");
++ &call("DES_encrypt2\@PLT");
++ &exch("ebx", "ebp");
+
+ &stack_pop(3);
+ &mov($L,&DWP(0,"ebx","",0));
+diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl
+index 24561e7..269fb0b 100644
+--- a/crypto/perlasm/cbc.pl
++++ b/crypto/perlasm/cbc.pl
+@@ -122,7 +122,11 @@ sub cbc
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+- &call($enc_func);
++ &call (&label("pic_point0"));
++ &set_label("pic_point0");
++ &blindpop("ebx");
++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]");
++ &call("$enc_func\@PLT");
+
+ &mov("eax", &DWP($data_off,"esp","",0));
+ &mov("ebx", &DWP($data_off+4,"esp","",0));
+@@ -185,7 +189,11 @@ sub cbc
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+- &call($enc_func);
++ &call (&label("pic_point1"));
++ &set_label("pic_point1");
++ &blindpop("ebx");
++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]");
++ &call("$enc_func\@PLT");
+
+ &mov("eax", &DWP($data_off,"esp","",0));
+ &mov("ebx", &DWP($data_off+4,"esp","",0));
+@@ -218,7 +226,11 @@ sub cbc
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put back
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+- &call($dec_func);
++ &call (&label("pic_point2"));
++ &set_label("pic_point2");
++ &blindpop("ebx");
++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]");
++ &call("$dec_func\@PLT");
+
+ &mov("eax", &DWP($data_off,"esp","",0)); # get return
+ &mov("ebx", &DWP($data_off+4,"esp","",0)); #
+@@ -261,7 +273,11 @@ sub cbc
+ &mov(&DWP($data_off,"esp","",0), "eax"); # put back
+ &mov(&DWP($data_off+4,"esp","",0), "ebx"); #
+
+- &call($dec_func);
++ &call (&label("pic_point3"));
++ &set_label("pic_point3");
++ &blindpop("ebx");
++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]");
++ &call("$dec_func\@PLT");
+
+ &mov("eax", &DWP($data_off,"esp","",0)); # get return
+ &mov("ebx", &DWP($data_off+4,"esp","",0)); #
+diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl
+index 682a3a3..9d4662c 100644
+--- a/crypto/perlasm/x86gas.pl
++++ b/crypto/perlasm/x86gas.pl
+@@ -161,6 +161,7 @@ sub ::file_end
+ if ($::macosx) { push (@out,"$tmp,2\n"); }
+ elsif ($::elf) { push (@out,"$tmp,4\n"); }
+ else { push (@out,"$tmp\n"); }
++ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); }
+ }
+ push(@out,$initseg) if ($initseg);
+ }
+@@ -218,8 +219,23 @@ ___
+ elsif ($::elf)
+ { $initseg.=<<___;
+ .section .init
++___
++ if ($::pic)
++ { $initseg.=<<___;
++ pushl %ebx
++ call .pic_point0
++.pic_point0:
++ popl %ebx
++ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx
++ call $f\@PLT
++ popl %ebx
++___
++ }
++ else
++ { $initseg.=<<___;
+ call $f
+ ___
++ }
+ }
+ elsif ($::coff)
+ { $initseg.=<<___; # applies to both Cygwin and Mingw
+diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
+index b270b44..c01ba83 100644
+--- a/crypto/x86cpuid.pl
++++ b/crypto/x86cpuid.pl
+@@ -8,6 +8,8 @@ require "x86asm.pl";
+
+ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+
++push(@out, ".hidden OPENSSL_ia32cap_P\n");
++
+ &function_begin("OPENSSL_ia32_cpuid");
+ &xor ("edx","edx");
+ &pushf ();
+@@ -141,9 +143,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+ &set_label("nocpuid");
+ &function_end("OPENSSL_ia32_cpuid");
+
+-&external_label("OPENSSL_ia32cap_P");
+-
+-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_rdtsc");
+ &xor ("eax","eax");
+ &xor ("edx","edx");
+ &picmeup("ecx","OPENSSL_ia32cap_P");
+@@ -157,7 +157,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+ # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
+ # but it's safe to call it on any [supported] 32-bit platform...
+ # Just check for [non-]zero return value...
+-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_instrument_halt");
+ &picmeup("ecx","OPENSSL_ia32cap_P");
+ &bt (&DWP(0,"ecx"),4);
+ &jnc (&label("nohalt")); # no TSC
+@@ -224,7 +224,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+ &ret ();
+ &function_end_B("OPENSSL_far_spin");
+
+-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD");
++&function_begin_B("OPENSSL_wipe_cpu");
+ &xor ("eax","eax");
+ &xor ("edx","edx");
+ &picmeup("ecx","OPENSSL_ia32cap_P");
diff --git a/patches/openssl-1.0.1i/0007-valgrind.patch b/patches/openssl-1.0.1i/0007-valgrind.patch
new file mode 100644
index 0000000..d3fbd12
--- /dev/null
+++ b/patches/openssl-1.0.1i/0007-valgrind.patch
@@ -0,0 +1,31 @@
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Tue, 8 Apr 2014 07:48:47 +0200
+Subject: [PATCH] valgrind
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ crypto/rand/md_rand.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
+index aee1c30..1caf69c 100644
+--- a/crypto/rand/md_rand.c
++++ b/crypto/rand/md_rand.c
+@@ -488,6 +488,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
+ MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
+
+ #ifndef PURIFY /* purify complains */
++#if 0
+ /* The following line uses the supplied buffer as a small
+ * source of entropy: since this buffer is often uninitialised
+ * it may cause programs such as purify or valgrind to
+@@ -497,6 +498,7 @@ static int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo)
+ */
+ MD_Update(&m,buf,j);
+ #endif
++#endif
+
+ k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
+ if (k > 0)
diff --git a/patches/openssl-1.0.1i/0008-rehash-crt.patch b/patches/openssl-1.0.1i/0008-rehash-crt.patch
new file mode 100644
index 0000000..c06898f
--- /dev/null
+++ b/patches/openssl-1.0.1i/0008-rehash-crt.patch
@@ -0,0 +1,44 @@
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Tue, 8 Apr 2014 07:48:47 +0200
+Subject: [PATCH] rehash-crt
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ tools/c_rehash.in | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index bfc4a69..4958e3d 100644
+--- a/tools/c_rehash.in
++++ b/tools/c_rehash.in
+@@ -75,12 +75,15 @@ sub hash_dir {
+ }
+ }
+ closedir DIR;
+- FILE: foreach $fname (grep {/\.pem$/} @flist) {
++ FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) {
+ # Check to see if certificates and/or CRLs present.
+ my ($cert, $crl) = check_file($fname);
+ if(!$cert && !$crl) {
+- print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
+- next;
++ ($cert, $crl) = check_file("$openssl x509 -in \"$fname\" -inform der -outform pem | ");
++ if(!$cert && !$crl) {
++ print STDERR "WARNING: $fname does not contain a certificate or CRL: skipping\n";
++ next;
++ }
+ }
+ link_hash_cert($fname) if($cert);
+ link_hash_crl($fname) if($crl);
+@@ -153,6 +156,9 @@ sub link_hash_crl {
+ my $fname = $_[0];
+ $fname =~ s/'/'\\''/g;
+ my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
++ if(!$hash || !fprint) {
++ ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname' -inform der`;
++ }
+ chomp $hash;
+ chomp $fprint;
+ $fprint =~ s/^.*=//;
diff --git a/patches/openssl-1.0.1i/0009-shared-lib-ext.patch b/patches/openssl-1.0.1i/0009-shared-lib-ext.patch
new file mode 100644
index 0000000..d7da2a3
--- /dev/null
+++ b/patches/openssl-1.0.1i/0009-shared-lib-ext.patch
@@ -0,0 +1,25 @@
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Tue, 8 Apr 2014 07:48:47 +0200
+Subject: [PATCH] shared-lib-ext
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ Configure | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/Configure b/Configure
+index c676835..7571db1 100755
+--- a/Configure
++++ b/Configure
+@@ -1725,7 +1725,8 @@ while (<IN>)
+ elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
+ {
+ my $sotmp = $1;
+- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
++# s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
++ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
+ }
+ elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
+ {
diff --git a/patches/openssl-1.0.1i/0010-stddef.patch b/patches/openssl-1.0.1i/0010-stddef.patch
new file mode 100644
index 0000000..e0034c2
--- /dev/null
+++ b/patches/openssl-1.0.1i/0010-stddef.patch
@@ -0,0 +1,23 @@
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Tue, 8 Apr 2014 07:48:47 +0200
+Subject: [PATCH] stddef
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ crypto/sha/sha.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h
+index 8a6bf4b..734b40a 100644
+--- a/crypto/sha/sha.h
++++ b/crypto/sha/sha.h
+@@ -59,6 +59,7 @@
+ #ifndef HEADER_SHA_H
+ #define HEADER_SHA_H
+
++#include <stddef.h>
+ #include <openssl/e_os2.h>
+ #include <stddef.h>
+
diff --git a/patches/openssl-1.0.1i/0011-block_diginotar.patch b/patches/openssl-1.0.1i/0011-block_diginotar.patch
new file mode 100644
index 0000000..3af0669
--- /dev/null
+++ b/patches/openssl-1.0.1i/0011-block_diginotar.patch
@@ -0,0 +1,66 @@
+From: Raphael Geissert <geissert@debian.org>
+Date: Tue, 8 Apr 2014 07:48:47 +0200
+Subject: [PATCH] block_diginotar
+
+This is not meant as final patch.
+
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ crypto/x509/x509_vfy.c | 27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index 920066a..5b1a0aa 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -117,6 +117,7 @@ static int check_trust(X509_STORE_CTX *ctx);
+ static int check_revocation(X509_STORE_CTX *ctx);
+ static int check_cert(X509_STORE_CTX *ctx);
+ static int check_policy(X509_STORE_CTX *ctx);
++static int check_ca_blacklist(X509_STORE_CTX *ctx);
+
+ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+ unsigned int *preasons,
+@@ -369,6 +370,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
+ ok=internal_verify(ctx);
+ if(!ok) goto end;
+
++ ok = check_ca_blacklist(ctx);
++ if(!ok) goto end;
++
+ #ifndef OPENSSL_NO_RFC3779
+ /* RFC 3779 path validation, now that CRL check has been done */
+ ok = v3_asid_validate_path(ctx);
+@@ -827,6 +831,29 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
+ return 1;
+ }
+
++static int check_ca_blacklist(X509_STORE_CTX *ctx)
++ {
++ X509 *x;
++ int i;
++ /* Check all certificates against the blacklist */
++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
++ {
++ x = sk_X509_value(ctx->chain, i);
++ /* Mark DigiNotar certificates as revoked, no matter
++ * where in the chain they are.
++ */
++ if (x->name && strstr(x->name, "DigiNotar"))
++ {
++ ctx->error = X509_V_ERR_CERT_REVOKED;
++ ctx->error_depth = i;
++ ctx->current_cert = x;
++ if (!ctx->verify_cb(0,ctx))
++ return 0;
++ }
++ }
++ return 1;
++ }
++
+ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
+ X509 **pissuer, int *pscore, unsigned int *preasons,
+ STACK_OF(X509_CRL) *crls)
diff --git a/patches/openssl-1.0.1i/0012-block_digicert_malaysia.patch b/patches/openssl-1.0.1i/0012-block_digicert_malaysia.patch
new file mode 100644
index 0000000..e1457a8
--- /dev/null
+++ b/patches/openssl-1.0.1i/0012-block_digicert_malaysia.patch
@@ -0,0 +1,30 @@
+From: Raphael Geissert <geissert@debian.org>
+Date: Tue, 8 Apr 2014 07:48:47 +0200
+Subject: [PATCH] block_digicert_malaysia
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ crypto/x509/x509_vfy.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
+index 5b1a0aa..696f8d6 100644
+--- a/crypto/x509/x509_vfy.c
++++ b/crypto/x509/x509_vfy.c
+@@ -839,10 +839,11 @@ static int check_ca_blacklist(X509_STORE_CTX *ctx)
+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+ {
+ x = sk_X509_value(ctx->chain, i);
+- /* Mark DigiNotar certificates as revoked, no matter
+- * where in the chain they are.
++ /* Mark certificates containing the following names as
++ * revoked, no matter where in the chain they are.
+ */
+- if (x->name && strstr(x->name, "DigiNotar"))
++ if (x->name && (strstr(x->name, "DigiNotar") ||
++ strstr(x->name, "Digicert Sdn. Bhd.")))
+ {
+ ctx->error = X509_V_ERR_CERT_REVOKED;
+ ctx->error_depth = i;
diff --git a/patches/openssl-1.0.1i/0013-Change-default-bit-size-and-digest.patch b/patches/openssl-1.0.1i/0013-Change-default-bit-size-and-digest.patch
new file mode 100644
index 0000000..02761e3
--- /dev/null
+++ b/patches/openssl-1.0.1i/0013-Change-default-bit-size-and-digest.patch
@@ -0,0 +1,131 @@
+From: Kurt Roeckx <kurt@roeckx.be>
+Date: Fri, 1 Nov 2013 20:47:14 +0100
+Subject: [PATCH] Change default bit size and digest
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ apps/dhparam.c | 4 ++--
+ apps/gendh.c | 2 +-
+ apps/genrsa.c | 2 +-
+ apps/openssl.cnf | 2 +-
+ crypto/dsa/dsa_ameth.c | 2 +-
+ crypto/ec/ec_ameth.c | 2 +-
+ crypto/hmac/hm_ameth.c | 2 +-
+ crypto/rsa/rsa_ameth.c | 2 +-
+ 8 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/apps/dhparam.c b/apps/dhparam.c
+index 1297d6f..b0c05be 100644
+--- a/apps/dhparam.c
++++ b/apps/dhparam.c
+@@ -130,7 +130,7 @@
+ #undef PROG
+ #define PROG dhparam_main
+
+-#define DEFBITS 512
++#define DEFBITS 2048
+
+ /* -inform arg - input format - default PEM (DER or PEM)
+ * -outform arg - output format - default PEM
+@@ -253,7 +253,7 @@ bad:
+ BIO_printf(bio_err," -C Output C code\n");
+ BIO_printf(bio_err," -2 generate parameters using 2 as the generator value\n");
+ BIO_printf(bio_err," -5 generate parameters using 5 as the generator value\n");
+- BIO_printf(bio_err," numbits number of bits in to generate (default 512)\n");
++ BIO_printf(bio_err," numbits number of bits in to generate (default 2048)\n");
+ #ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n");
+ #endif
+diff --git a/apps/gendh.c b/apps/gendh.c
+index 4ec776b..8df8c62 100644
+--- a/apps/gendh.c
++++ b/apps/gendh.c
+@@ -78,7 +78,7 @@
+ #include <openssl/x509.h>
+ #include <openssl/pem.h>
+
+-#define DEFBITS 512
++#define DEFBITS 2048
+ #undef PROG
+ #define PROG gendh_main
+
+diff --git a/apps/genrsa.c b/apps/genrsa.c
+index ece114c..7a8c6c5 100644
+--- a/apps/genrsa.c
++++ b/apps/genrsa.c
+@@ -78,7 +78,7 @@
+ #include <openssl/pem.h>
+ #include <openssl/rand.h>
+
+-#define DEFBITS 1024
++#define DEFBITS 2048
+ #undef PROG
+ #define PROG genrsa_main
+
+diff --git a/apps/openssl.cnf b/apps/openssl.cnf
+index 18760c6..1eb86c4 100644
+--- a/apps/openssl.cnf
++++ b/apps/openssl.cnf
+@@ -103,7 +103,7 @@ emailAddress = optional
+
+ ####################################################################
+ [ req ]
+-default_bits = 1024
++default_bits = 2048
+ default_keyfile = privkey.pem
+ distinguished_name = req_distinguished_name
+ attributes = req_attributes
+diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
+index 376156e..13318d7 100644
+--- a/crypto/dsa/dsa_ameth.c
++++ b/crypto/dsa/dsa_ameth.c
+@@ -628,7 +628,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+ #endif
+
+ case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+- *(int *)arg2 = NID_sha1;
++ *(int *)arg2 = NID_sha256;
+ return 2;
+
+ default:
+diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
+index 0ce4524..a04ac98 100644
+--- a/crypto/ec/ec_ameth.c
++++ b/crypto/ec/ec_ameth.c
+@@ -615,7 +615,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+ #endif
+
+ case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+- *(int *)arg2 = NID_sha1;
++ *(int *)arg2 = NID_sha256;
+ return 2;
+
+ default:
+diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c
+index e03f24a..9fe6505 100644
+--- a/crypto/hmac/hm_ameth.c
++++ b/crypto/hmac/hm_ameth.c
+@@ -89,7 +89,7 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+ switch (op)
+ {
+ case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+- *(int *)arg2 = NID_sha1;
++ *(int *)arg2 = NID_sha256;
+ return 1;
+
+ default:
+diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
+index 5a2062f..47fe535 100644
+--- a/crypto/rsa/rsa_ameth.c
++++ b/crypto/rsa/rsa_ameth.c
+@@ -435,7 +435,7 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+ #endif
+
+ case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+- *(int *)arg2 = NID_sha1;
++ *(int *)arg2 = NID_sha256;
+ return 1;
+
+ default:
diff --git a/patches/openssl-1.0.1i/0014-openssl_fix_for_x32.patch b/patches/openssl-1.0.1i/0014-openssl_fix_for_x32.patch
new file mode 100644
index 0000000..36bfa49
--- /dev/null
+++ b/patches/openssl-1.0.1i/0014-openssl_fix_for_x32.patch
@@ -0,0 +1,50 @@
+From: Michael Olbrich <m.olbrich@pengutronix.de>
+Date: Tue, 8 Apr 2014 07:48:47 +0200
+Subject: [PATCH] openssl_fix_for_x32
+
+Imported from openssl_1.0.1g-1.debian.tar.xz
+
+Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
+---
+ crypto/bn/asm/x86_64-gcc.c | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c
+index acb0b40..acd76ce 100644
+--- a/crypto/bn/asm/x86_64-gcc.c
++++ b/crypto/bn/asm/x86_64-gcc.c
+@@ -55,7 +55,7 @@
+ * machine.
+ */
+
+-#ifdef _WIN64
++#if defined _WIN64 || !defined __LP64__
+ #define BN_ULONG unsigned long long
+ #else
+ #define BN_ULONG unsigned long
+@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int
+ asm (
+ " subq %2,%2 \n"
+ ".p2align 4 \n"
+- "1: movq (%4,%2,8),%0 \n"
+- " adcq (%5,%2,8),%0 \n"
+- " movq %0,(%3,%2,8) \n"
++ "1: movq (%q4,%2,8),%0 \n"
++ " adcq (%q5,%2,8),%0 \n"
++ " movq %0,(%q3,%2,8) \n"
+ " leaq 1(%2),%2 \n"
+ " loop 1b \n"
+ " sbbq %0,%0 \n"
+@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int
+ asm (
+ " subq %2,%2 \n"
+ ".p2align 4 \n"
+- "1: movq (%4,%2,8),%0 \n"
+- " sbbq (%5,%2,8),%0 \n"
+- " movq %0,(%3,%2,8) \n"
++ "1: movq (%q4,%2,8),%0 \n"
++ " sbbq (%q5,%2,8),%0 \n"
++ " movq %0,(%q3,%2,8) \n"
+ " leaq 1(%2),%2 \n"
+ " loop 1b \n"
+ " sbbq %0,%0 \n"
diff --git a/patches/openssl-1.0.1i/series b/patches/openssl-1.0.1i/series
new file mode 100644
index 0000000..f55bace
--- /dev/null
+++ b/patches/openssl-1.0.1i/series
@@ -0,0 +1,17 @@
+# generated by git-ptx-patches
+#tag:base --start-number 1
+0001-ca.patch
+0002-debian-targets.patch
+0003-engines-path.patch
+0004-no-rpath.patch
+0005-no-symbolic.patch
+0006-pic.patch
+0007-valgrind.patch
+0008-rehash-crt.patch
+0009-shared-lib-ext.patch
+0010-stddef.patch
+0011-block_diginotar.patch
+0012-block_digicert_malaysia.patch
+0013-Change-default-bit-size-and-digest.patch
+0014-openssl_fix_for_x32.patch
+# dd4d5e6590bf4d0a9b21935c6ca13a38 - git-ptx-patches magic
diff --git a/rules/openssl.make b/rules/openssl.make
index dce98f5..2939868 100644
--- a/rules/openssl.make
+++ b/rules/openssl.make
@@ -18,8 +18,8 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl
#
# Paths and names
#
-OPENSSL_VERSION := 1.0.1h
-OPENSSL_MD5 := 8d6d684a9430d5cc98a62a5d8fbda8cf
+OPENSSL_VERSION := 1.0.1i
+OPENSSL_MD5 := c8dc151a671b9b92ff3e4c118b174972
OPENSSL := openssl-$(OPENSSL_VERSION)
OPENSSL_SUFFIX := tar.gz
OPENSSL_URL := http://www.openssl.org/source/$(OPENSSL).$(OPENSSL_SUFFIX)
--
2.0.4
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [ptxdist] [PATCH] openssl: version bump 1.0.1h -> 1.0.1i
2014-08-07 12:41 [ptxdist] [PATCH] openssl: version bump 1.0.1h -> 1.0.1i Bernhard Walle
@ 2014-08-08 8:32 ` Michael Olbrich
0 siblings, 0 replies; 2+ messages in thread
From: Michael Olbrich @ 2014-08-08 8:32 UTC (permalink / raw)
To: ptxdist
[-- Attachment #1: Type: text/plain, Size: 4897 bytes --]
On Thu, Aug 07, 2014 at 02:41:01PM +0200, Bernhard Walle wrote:
> Fixes CVE-2014-3508.
>
Thanks, applied. I've regenerated the patches (no real changes). I've
attached the script I use for this in case anyone is interested.
Btw, if you run git send-email with '-M' then the patch is smaller and much
better to read.
Michael
> Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
> ---
> patches/openssl-1.0.1h/0001-ca.patch | 31 ----
> patches/openssl-1.0.1h/0002-debian-targets.patch | 80 ---------
> patches/openssl-1.0.1h/0003-engines-path.patch | 92 ----------
> patches/openssl-1.0.1h/0004-no-rpath.patch | 24 ---
> patches/openssl-1.0.1h/0005-no-symbolic.patch | 24 ---
> patches/openssl-1.0.1h/0006-pic.patch | 189 ---------------------
> patches/openssl-1.0.1h/0007-valgrind.patch | 31 ----
> patches/openssl-1.0.1h/0008-rehash-crt.patch | 44 -----
> patches/openssl-1.0.1h/0009-shared-lib-ext.patch | 25 ---
> patches/openssl-1.0.1h/0010-stddef.patch | 23 ---
> patches/openssl-1.0.1h/0011-block_diginotar.patch | 66 -------
> .../0012-block_digicert_malaysia.patch | 30 ----
> .../0013-Change-default-bit-size-and-digest.patch | 131 --------------
> .../openssl-1.0.1h/0014-openssl_fix_for_x32.patch | 50 ------
> patches/openssl-1.0.1h/series | 17 --
> patches/openssl-1.0.1i/0001-ca.patch | 31 ++++
> patches/openssl-1.0.1i/0002-debian-targets.patch | 80 +++++++++
> patches/openssl-1.0.1i/0003-engines-path.patch | 92 ++++++++++
> patches/openssl-1.0.1i/0004-no-rpath.patch | 24 +++
> patches/openssl-1.0.1i/0005-no-symbolic.patch | 24 +++
> patches/openssl-1.0.1i/0006-pic.patch | 189 +++++++++++++++++++++
> patches/openssl-1.0.1i/0007-valgrind.patch | 31 ++++
> patches/openssl-1.0.1i/0008-rehash-crt.patch | 44 +++++
> patches/openssl-1.0.1i/0009-shared-lib-ext.patch | 25 +++
> patches/openssl-1.0.1i/0010-stddef.patch | 23 +++
> patches/openssl-1.0.1i/0011-block_diginotar.patch | 66 +++++++
> .../0012-block_digicert_malaysia.patch | 30 ++++
> .../0013-Change-default-bit-size-and-digest.patch | 131 ++++++++++++++
> .../openssl-1.0.1i/0014-openssl_fix_for_x32.patch | 50 ++++++
> patches/openssl-1.0.1i/series | 17 ++
> rules/openssl.make | 4 +-
> 31 files changed, 859 insertions(+), 859 deletions(-)
> delete mode 100644 patches/openssl-1.0.1h/0001-ca.patch
> delete mode 100644 patches/openssl-1.0.1h/0002-debian-targets.patch
> delete mode 100644 patches/openssl-1.0.1h/0003-engines-path.patch
> delete mode 100644 patches/openssl-1.0.1h/0004-no-rpath.patch
> delete mode 100644 patches/openssl-1.0.1h/0005-no-symbolic.patch
> delete mode 100644 patches/openssl-1.0.1h/0006-pic.patch
> delete mode 100644 patches/openssl-1.0.1h/0007-valgrind.patch
> delete mode 100644 patches/openssl-1.0.1h/0008-rehash-crt.patch
> delete mode 100644 patches/openssl-1.0.1h/0009-shared-lib-ext.patch
> delete mode 100644 patches/openssl-1.0.1h/0010-stddef.patch
> delete mode 100644 patches/openssl-1.0.1h/0011-block_diginotar.patch
> delete mode 100644 patches/openssl-1.0.1h/0012-block_digicert_malaysia.patch
> delete mode 100644 patches/openssl-1.0.1h/0013-Change-default-bit-size-and-digest.patch
> delete mode 100644 patches/openssl-1.0.1h/0014-openssl_fix_for_x32.patch
> delete mode 100644 patches/openssl-1.0.1h/series
> create mode 100644 patches/openssl-1.0.1i/0001-ca.patch
> create mode 100644 patches/openssl-1.0.1i/0002-debian-targets.patch
> create mode 100644 patches/openssl-1.0.1i/0003-engines-path.patch
> create mode 100644 patches/openssl-1.0.1i/0004-no-rpath.patch
> create mode 100644 patches/openssl-1.0.1i/0005-no-symbolic.patch
> create mode 100644 patches/openssl-1.0.1i/0006-pic.patch
> create mode 100644 patches/openssl-1.0.1i/0007-valgrind.patch
> create mode 100644 patches/openssl-1.0.1i/0008-rehash-crt.patch
> create mode 100644 patches/openssl-1.0.1i/0009-shared-lib-ext.patch
> create mode 100644 patches/openssl-1.0.1i/0010-stddef.patch
> create mode 100644 patches/openssl-1.0.1i/0011-block_diginotar.patch
> create mode 100644 patches/openssl-1.0.1i/0012-block_digicert_malaysia.patch
> create mode 100644 patches/openssl-1.0.1i/0013-Change-default-bit-size-and-digest.patch
> create mode 100644 patches/openssl-1.0.1i/0014-openssl_fix_for_x32.patch
> create mode 100644 patches/openssl-1.0.1i/series
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
[-- Attachment #2: openssl-apply-debian --]
[-- Type: text/plain, Size: 1230 bytes --]
#!/bin/bash
set -e
set -x
blacklist="
config-hurd.patch
man-dir.patch
man-section.patch
rehash_pod.patch
version-script.patch
gnu_source.patch
c_rehash-compat.patch
dgst_hmac.patch
fix-pod-errors.patch
"
start="$(pwd)"
src="$(pwd)/$1"
deb="$(pwd)/$2"
tmp="$(mktemp -d)"
cd "$tmp"
tar xf "$src"
openssl="$(ls -d openssl-*)"
tar xf "$deb"
patches=debian/patches
for patch in $blacklist; do
sed -i "s/\(${patch}\)/#\1/" ${patches}/series
done
cd "$openssl"
git init
git add *
git commit -m "base"
git tag base
git quiltimport --patches=../$patches/ --author "Michael Olbrich <m.olbrich@pengutronix.de>"
git filter-branch --msg-filter "cat | grep -v '^==*$' && echo '\nImported from $(basename $deb)\n\nSigned-off-by: Michael Olbrich <m.olbrich@pengutronix.de>'" base...master
#for patch in $(cat ../$patches/series | grep -v '^#'); do
# patch=../$patches/$patch
# name=$(basename $patch)
# name=${name%.patch}
# git apply $patch
# git add *
# git commit -m "debian $name
#
#Applied $(basename $patch) from $(basename $deb)" -a -s
#done
git format-patch --no-signature -N base
mkdir "$start/$openssl"
mv 0*.patch "$start/$openssl/"
cd "$start"
rm -rf "$tmp"
cd "$start/$openssl/"
sed -i 1d 0*.patch
ls 0*.patch > series
[-- Attachment #3: Type: text/plain, Size: 48 bytes --]
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2014-08-08 8:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-08-07 12:41 [ptxdist] [PATCH] openssl: version bump 1.0.1h -> 1.0.1i Bernhard Walle
2014-08-08 8:32 ` Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox