mailarchive of the ptxdist mailing list
 help / color / mirror / Atom feed
* [ptxdist] [PATCH] libgcrypt: version bump 1.7.5 -> 1.7.6
@ 2017-02-04 17:41 Clemens Gruber
  2017-02-04 17:41 ` [ptxdist] [PATCH] openssl: version update 1.0.2j -> 1.0.2k Clemens Gruber
                   ` (5 more replies)
  0 siblings, 6 replies; 12+ messages in thread
From: Clemens Gruber @ 2017-02-04 17:41 UTC (permalink / raw)
  To: ptxdist; +Cc: Clemens Gruber

Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
---
 rules/libgcrypt.make | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/libgcrypt.make b/rules/libgcrypt.make
index f933a7766..0c1f0e6b5 100644
--- a/rules/libgcrypt.make
+++ b/rules/libgcrypt.make
@@ -17,8 +17,8 @@ PACKAGES-$(PTXCONF_LIBGCRYPT) += libgcrypt
 #
 # Paths and names
 #
-LIBGCRYPT_VERSION	:= 1.7.5
-LIBGCRYPT_MD5		:= 74c8b4b2118946dcbfec5ff1cbf97177
+LIBGCRYPT_VERSION	:= 1.7.6
+LIBGCRYPT_MD5		:= 54e180679a7ae4d090f8689ca32b654c
 LIBGCRYPT		:= libgcrypt-$(LIBGCRYPT_VERSION)
 LIBGCRYPT_SUFFIX	:= tar.bz2
 LIBGCRYPT_URL		:= http://artfiles.org/gnupg.org/libgcrypt/$(LIBGCRYPT).$(LIBGCRYPT_SUFFIX) ftp://ftp.gnupg.org/gcrypt/libgcrypt/$(LIBGCRYPT).$(LIBGCRYPT_SUFFIX)
-- 
2.11.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [ptxdist] [PATCH] openssl: version update 1.0.2j -> 1.0.2k
  2017-02-04 17:41 [ptxdist] [PATCH] libgcrypt: version bump 1.7.5 -> 1.7.6 Clemens Gruber
@ 2017-02-04 17:41 ` Clemens Gruber
  2017-02-08 15:56   ` Michael Olbrich
  2017-02-04 17:41 ` [ptxdist] [PATCH] e2fsprogs: version bump 1.43.3 -> 1.43.4 Clemens Gruber
                   ` (4 subsequent siblings)
  5 siblings, 1 reply; 12+ messages in thread
From: Clemens Gruber @ 2017-02-04 17:41 UTC (permalink / raw)
  To: ptxdist; +Cc: Clemens Gruber

Also add Debian patch to mark Triple DES and RC4 as weak ciphers.

Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
---
 .../0001-debian-targets.patch                      |   6 +-
 .../0002-engines-path.patch                        |  12 +-
 .../0003-no-rpath.patch                            |   0
 .../0004-no-symbolic.patch                         |   0
 .../0005-pic.patch                                 |   0
 .../0006-valgrind.patch                            |   0
 .../0007-shared-lib-ext.patch                      |   4 +-
 .../0008-block_diginotar.patch                     |   0
 .../0009-block_digicert_malaysia.patch             |   0
 .../0010-Disable-the-freelist.patch                |   2 +-
 .../0011-soname.patch                              |   2 +-
 .../0012-Mark-3DES-and-RC4-ciphers-as-weak.patch   | 427 +++++++++++++++++++++
 ...-don-t-ask-dpkg-buildflags-for-more-flags.patch |   0
 .../0101-fix-parallel-building.patch               |   0
 patches/{openssl-1.0.2j => openssl-1.0.2k}/series  |   3 +-
 rules/openssl.make                                 |   4 +-
 16 files changed, 444 insertions(+), 16 deletions(-)
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0001-debian-targets.patch (98%)
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0002-engines-path.patch (94%)
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0003-no-rpath.patch (100%)
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0004-no-symbolic.patch (100%)
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0005-pic.patch (100%)
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0006-valgrind.patch (100%)
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0007-shared-lib-ext.patch (91%)
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0008-block_diginotar.patch (100%)
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0009-block_digicert_malaysia.patch (100%)
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0010-Disable-the-freelist.patch (96%)
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0011-soname.patch (94%)
 create mode 100644 patches/openssl-1.0.2k/0012-Mark-3DES-and-RC4-ciphers-as-weak.patch
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch (100%)
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0101-fix-parallel-building.patch (100%)
 rename patches/{openssl-1.0.2j => openssl-1.0.2k}/series (81%)

diff --git a/patches/openssl-1.0.2j/0001-debian-targets.patch b/patches/openssl-1.0.2k/0001-debian-targets.patch
similarity index 98%
rename from patches/openssl-1.0.2j/0001-debian-targets.patch
rename to patches/openssl-1.0.2k/0001-debian-targets.patch
index a3a0895fb..ea3b557e5 100644
--- a/patches/openssl-1.0.2j/0001-debian-targets.patch
+++ b/patches/openssl-1.0.2k/0001-debian-targets.patch
@@ -10,10 +10,10 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
  1 file changed, 54 insertions(+)
 
 diff --git a/Configure b/Configure
-index c39f71a17910..738cee34030f 100755
+index 5da7cadbf332..300a314fbd39 100755
 --- a/Configure
 +++ b/Configure
-@@ -131,6 +131,10 @@ my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers
+@@ -133,6 +133,10 @@ my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers
  # Warn that "make depend" should be run?
  my $warn_make_depend = 0;
  
@@ -24,7 +24,7 @@ index c39f71a17910..738cee34030f 100755
  my $strict_warnings = 0;
  
  my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -367,6 +371,56 @@ my %table=(
+@@ -369,6 +373,56 @@ my %table=(
  "osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
  "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
  
diff --git a/patches/openssl-1.0.2j/0002-engines-path.patch b/patches/openssl-1.0.2k/0002-engines-path.patch
similarity index 94%
rename from patches/openssl-1.0.2j/0002-engines-path.patch
rename to patches/openssl-1.0.2k/0002-engines-path.patch
index 054e0c0d8..751ca6539 100644
--- a/patches/openssl-1.0.2j/0002-engines-path.patch
+++ b/patches/openssl-1.0.2k/0002-engines-path.patch
@@ -13,10 +13,10 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
  4 files changed, 12 insertions(+), 12 deletions(-)
 
 diff --git a/Configure b/Configure
-index 738cee34030f..fe3c3c70181c 100755
+index 300a314fbd39..92e1ce9d74b9 100755
 --- a/Configure
 +++ b/Configure
-@@ -1969,7 +1969,7 @@ while (<IN>)
+@@ -1979,7 +1979,7 @@ while (<IN>)
  		}
  	elsif	(/^#define\s+ENGINESDIR/)
  		{
@@ -26,10 +26,10 @@ index 738cee34030f..fe3c3c70181c 100755
  		print OUT "#define ENGINESDIR \"$foo\"\n";
  		}
 diff --git a/Makefile.org b/Makefile.org
-index 2377f5029187..4c92e2167ecd 100644
+index 61a329b4f20f..910692d4a4c2 100644
 --- a/Makefile.org
 +++ b/Makefile.org
-@@ -368,7 +368,7 @@ libcrypto.pc: Makefile
+@@ -369,7 +369,7 @@ libcrypto.pc: Makefile
  	    echo 'exec_prefix=$${prefix}'; \
  	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
  	    echo 'includedir=$${prefix}/include'; \
@@ -38,7 +38,7 @@ index 2377f5029187..4c92e2167ecd 100644
  	    echo ''; \
  	    echo 'Name: OpenSSL-libcrypto'; \
  	    echo 'Description: OpenSSL cryptography library'; \
-@@ -536,7 +536,7 @@ install: all install_docs install_sw
+@@ -537,7 +537,7 @@ install: all install_docs install_sw
  install_sw:
  	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
  		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
@@ -82,7 +82,7 @@ index 2058ff405afe..df7def6174fd 100644
  	fi
  	@target=install; $(RECURSIVE_MAKE)
 diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile
-index 17e1efbdff30..d59a350fd50f 100644
+index f378530c8642..b42a64162730 100644
 --- a/engines/ccgost/Makefile
 +++ b/engines/ccgost/Makefile
 @@ -47,7 +47,7 @@ install:
diff --git a/patches/openssl-1.0.2j/0003-no-rpath.patch b/patches/openssl-1.0.2k/0003-no-rpath.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0003-no-rpath.patch
rename to patches/openssl-1.0.2k/0003-no-rpath.patch
diff --git a/patches/openssl-1.0.2j/0004-no-symbolic.patch b/patches/openssl-1.0.2k/0004-no-symbolic.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0004-no-symbolic.patch
rename to patches/openssl-1.0.2k/0004-no-symbolic.patch
diff --git a/patches/openssl-1.0.2j/0005-pic.patch b/patches/openssl-1.0.2k/0005-pic.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0005-pic.patch
rename to patches/openssl-1.0.2k/0005-pic.patch
diff --git a/patches/openssl-1.0.2j/0006-valgrind.patch b/patches/openssl-1.0.2k/0006-valgrind.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0006-valgrind.patch
rename to patches/openssl-1.0.2k/0006-valgrind.patch
diff --git a/patches/openssl-1.0.2j/0007-shared-lib-ext.patch b/patches/openssl-1.0.2k/0007-shared-lib-ext.patch
similarity index 91%
rename from patches/openssl-1.0.2j/0007-shared-lib-ext.patch
rename to patches/openssl-1.0.2k/0007-shared-lib-ext.patch
index 314f89898..d1f282a2d 100644
--- a/patches/openssl-1.0.2j/0007-shared-lib-ext.patch
+++ b/patches/openssl-1.0.2k/0007-shared-lib-ext.patch
@@ -10,10 +10,10 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/Configure b/Configure
-index fe3c3c70181c..bf0da9cd950b 100755
+index 92e1ce9d74b9..d859e12733ad 100755
 --- a/Configure
 +++ b/Configure
-@@ -1835,7 +1835,8 @@ while (<IN>)
+@@ -1837,7 +1837,8 @@ while (<IN>)
  	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
  		{
  		my $sotmp = $1;
diff --git a/patches/openssl-1.0.2j/0008-block_diginotar.patch b/patches/openssl-1.0.2k/0008-block_diginotar.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0008-block_diginotar.patch
rename to patches/openssl-1.0.2k/0008-block_diginotar.patch
diff --git a/patches/openssl-1.0.2j/0009-block_digicert_malaysia.patch b/patches/openssl-1.0.2k/0009-block_digicert_malaysia.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0009-block_digicert_malaysia.patch
rename to patches/openssl-1.0.2k/0009-block_digicert_malaysia.patch
diff --git a/patches/openssl-1.0.2j/0010-Disable-the-freelist.patch b/patches/openssl-1.0.2k/0010-Disable-the-freelist.patch
similarity index 96%
rename from patches/openssl-1.0.2j/0010-Disable-the-freelist.patch
rename to patches/openssl-1.0.2k/0010-Disable-the-freelist.patch
index 0ca35f946..dc5cf4bde 100644
--- a/patches/openssl-1.0.2j/0010-Disable-the-freelist.patch
+++ b/patches/openssl-1.0.2k/0010-Disable-the-freelist.patch
@@ -28,7 +28,7 @@ index 054ded1c9903..bb0085cf2ec0 100644
  /*-
   * On some platforms, malloc() performance is bad enough that you can't just
 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 42b980ac26a0..da721a9ac559 100644
+index f8054dae6b6b..0c3bafb52814 100644
 --- a/ssl/ssl_lib.c
 +++ b/ssl/ssl_lib.c
 @@ -162,6 +162,8 @@
diff --git a/patches/openssl-1.0.2j/0011-soname.patch b/patches/openssl-1.0.2k/0011-soname.patch
similarity index 94%
rename from patches/openssl-1.0.2j/0011-soname.patch
rename to patches/openssl-1.0.2k/0011-soname.patch
index de9c6fa93..93c046003 100644
--- a/patches/openssl-1.0.2j/0011-soname.patch
+++ b/patches/openssl-1.0.2k/0011-soname.patch
@@ -10,7 +10,7 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/crypto/opensslv.h b/crypto/opensslv.h
-index 88faad652259..2ceb66313cc6 100644
+index 645dd0793f32..976423292855 100644
 --- a/crypto/opensslv.h
 +++ b/crypto/opensslv.h
 @@ -88,7 +88,7 @@ extern "C" {
diff --git a/patches/openssl-1.0.2k/0012-Mark-3DES-and-RC4-ciphers-as-weak.patch b/patches/openssl-1.0.2k/0012-Mark-3DES-and-RC4-ciphers-as-weak.patch
new file mode 100644
index 000000000..719f17225
--- /dev/null
+++ b/patches/openssl-1.0.2k/0012-Mark-3DES-and-RC4-ciphers-as-weak.patch
@@ -0,0 +1,427 @@
+From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
+Date: Sun, 18 Dec 2016 15:37:52 +0100
+Subject: [PATCH] Mark 3DES and RC4 ciphers as weak
+
+This disables RC4 and 3DES in our build
+
+Imported from openssl_1.0.2k-1~bpo8+1.debian.tar.xz
+
+Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
+---
+ ssl/s3_lib.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 58 insertions(+), 1 deletion(-)
+
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
+index 0385e039c8d4..cf785f994917 100644
+--- a/ssl/s3_lib.c
++++ b/ssl/s3_lib.c
+@@ -216,6 +216,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+ 
+ /* Cipher 04 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      SSL3_TXT_RSA_RC4_128_MD5,
+@@ -230,8 +231,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      128,
+      128,
+      },
++#endif
+ 
+ /* Cipher 05 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      SSL3_TXT_RSA_RC4_128_SHA,
+@@ -246,7 +249,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      128,
+      128,
+      },
+-
++#endif
+ /* Cipher 06 */
+ #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+@@ -320,6 +323,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+ 
+ /* Cipher 0A */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      SSL3_TXT_RSA_DES_192_CBC3_SHA,
+@@ -334,6 +338,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+ /* The DH ciphers */
+ /* Cipher 0B */
+@@ -373,6 +378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+ 
+ /* Cipher 0D */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
+@@ -387,6 +393,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+ /* Cipher 0E */
+ #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+@@ -425,6 +432,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+ 
+ /* Cipher 10 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
+@@ -439,6 +447,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+ /* The Ephemeral DH ciphers */
+ /* Cipher 11 */
+@@ -478,6 +487,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+ 
+ /* Cipher 13 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
+@@ -492,6 +502,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+ /* Cipher 14 */
+ #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+@@ -530,6 +541,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+ 
+ /* Cipher 16 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
+@@ -544,6 +556,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+ /* Cipher 17 */
+ #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+@@ -564,6 +577,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+ 
+ /* Cipher 18 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      SSL3_TXT_ADH_RC4_128_MD5,
+@@ -578,6 +592,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      128,
+      128,
+      },
++#endif
+ 
+ /* Cipher 19 */
+ #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+@@ -616,6 +631,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+ 
+ /* Cipher 1B */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      SSL3_TXT_ADH_DES_192_CBC_SHA,
+@@ -630,6 +646,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+ /* Fortezza ciphersuite from SSL 3.0 spec */
+ #if 0
+@@ -703,6 +720,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ # endif
+ 
+ /* Cipher 1F */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      SSL3_TXT_KRB5_DES_192_CBC3_SHA,
+@@ -717,8 +735,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+ /* Cipher 20 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      SSL3_TXT_KRB5_RC4_128_SHA,
+@@ -733,6 +753,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      128,
+      128,
+      },
++#endif
+ 
+ /* Cipher 21 */
+     {
+@@ -769,6 +790,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ # endif
+ 
+ /* Cipher 23 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      SSL3_TXT_KRB5_DES_192_CBC3_MD5,
+@@ -783,8 +805,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+ /* Cipher 24 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      SSL3_TXT_KRB5_RC4_128_MD5,
+@@ -799,6 +823,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      128,
+      128,
+      },
++#endif
+ 
+ /* Cipher 25 */
+     {
+@@ -1418,6 +1443,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ # endif
+ 
+     /* Cipher 66 */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+@@ -1433,6 +1459,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      128,
+      },
+ #endif
++#endif
+ 
+     /* TLS v1.2 ciphersuites */
+     /* Cipher 67 */
+@@ -1703,6 +1730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 
+ #ifndef OPENSSL_NO_PSK
+     /* Cipher 8A */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_PSK_WITH_RC4_128_SHA,
+@@ -1717,8 +1745,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      128,
+      128,
+      },
++#endif
+ 
+     /* Cipher 8B */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+@@ -1733,6 +1763,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+     /* Cipher 8C */
+     {
+@@ -2095,6 +2126,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      },
+ 
+     /* Cipher C002 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
+@@ -2109,8 +2141,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      128,
+      128,
+      },
++#endif
+ 
+     /* Cipher C003 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+@@ -2125,6 +2159,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+     /* Cipher C004 */
+     {
+@@ -2175,6 +2210,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      },
+ 
+     /* Cipher C007 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+@@ -2189,8 +2225,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      128,
+      128,
+      },
++#endif
+ 
+     /* Cipher C008 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+@@ -2205,6 +2243,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+     /* Cipher C009 */
+     {
+@@ -2255,6 +2294,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      },
+ 
+     /* Cipher C00C */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
+@@ -2269,8 +2309,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      128,
+      128,
+      },
++#endif
+ 
+     /* Cipher C00D */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+@@ -2285,6 +2327,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+     /* Cipher C00E */
+     {
+@@ -2335,6 +2378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      },
+ 
+     /* Cipher C011 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+@@ -2349,8 +2393,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      128,
+      128,
+      },
++#endif
+ 
+     /* Cipher C012 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+@@ -2365,6 +2411,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+     /* Cipher C013 */
+     {
+@@ -2415,6 +2462,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      },
+ 
+     /* Cipher C016 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+@@ -2429,8 +2477,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      128,
+      128,
+      },
++#endif
+ 
+     /* Cipher C017 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+@@ -2445,6 +2495,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+     /* Cipher C018 */
+     {
+@@ -2481,6 +2532,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 
+ #ifndef OPENSSL_NO_SRP
+     /* Cipher C01A */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+@@ -2495,8 +2547,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+     /* Cipher C01B */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+@@ -2511,8 +2565,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+     /* Cipher C01C */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+     {
+      1,
+      TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+@@ -2527,6 +2583,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+      112,
+      168,
+      },
++#endif
+ 
+     /* Cipher C01D */
+     {
diff --git a/patches/openssl-1.0.2j/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch b/patches/openssl-1.0.2k/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
rename to patches/openssl-1.0.2k/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
diff --git a/patches/openssl-1.0.2j/0101-fix-parallel-building.patch b/patches/openssl-1.0.2k/0101-fix-parallel-building.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0101-fix-parallel-building.patch
rename to patches/openssl-1.0.2k/0101-fix-parallel-building.patch
diff --git a/patches/openssl-1.0.2j/series b/patches/openssl-1.0.2k/series
similarity index 81%
rename from patches/openssl-1.0.2j/series
rename to patches/openssl-1.0.2k/series
index 01b9069cb..9aff52098 100644
--- a/patches/openssl-1.0.2j/series
+++ b/patches/openssl-1.0.2k/series
@@ -12,7 +12,8 @@
 0009-block_digicert_malaysia.patch
 0010-Disable-the-freelist.patch
 0011-soname.patch
+0012-Mark-3DES-and-RC4-ciphers-as-weak.patch
 #tag:ptx --start-number 100
 0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
 0101-fix-parallel-building.patch
-# f8cea4ba1a426b33140d363dc76fa6d2  - git-ptx-patches magic
+# e678378891be1b4edd294761e63d3a68  - git-ptx-patches magic
diff --git a/rules/openssl.make b/rules/openssl.make
index a6e643418..9ee02819f 100644
--- a/rules/openssl.make
+++ b/rules/openssl.make
@@ -19,9 +19,9 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl
 # Paths and names
 #
 OPENSSL_BASE	:= 1.0.2
-OPENSSL_BUGFIX	:= j
+OPENSSL_BUGFIX	:= k
 OPENSSL_VERSION	:= $(OPENSSL_BASE)$(OPENSSL_BUGFIX)
-OPENSSL_MD5	:= 96322138f0b69e61b7212bc53d5e912b
+OPENSSL_MD5	:= f965fc0bf01bf882b31314b61391ae65
 OPENSSL		:= openssl-$(OPENSSL_VERSION)
 OPENSSL_SUFFIX	:= tar.gz
 OPENSSL_URL	:= \
-- 
2.11.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [ptxdist] [PATCH] e2fsprogs: version bump 1.43.3 -> 1.43.4
  2017-02-04 17:41 [ptxdist] [PATCH] libgcrypt: version bump 1.7.5 -> 1.7.6 Clemens Gruber
  2017-02-04 17:41 ` [ptxdist] [PATCH] openssl: version update 1.0.2j -> 1.0.2k Clemens Gruber
@ 2017-02-04 17:41 ` Clemens Gruber
  2017-02-08 15:57   ` Michael Olbrich
  2017-02-04 17:41 ` [ptxdist] [PATCH] tcpdump: version bump 4.8.1 -> 4.9.0 Clemens Gruber
                   ` (3 subsequent siblings)
  5 siblings, 1 reply; 12+ messages in thread
From: Clemens Gruber @ 2017-02-04 17:41 UTC (permalink / raw)
  To: ptxdist; +Cc: Clemens Gruber

Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
---
 rules/e2fsprogs.make | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/e2fsprogs.make b/rules/e2fsprogs.make
index 232d59ec1..6e16b4fcf 100644
--- a/rules/e2fsprogs.make
+++ b/rules/e2fsprogs.make
@@ -17,8 +17,8 @@ PACKAGES-$(PTXCONF_E2FSPROGS) += e2fsprogs
 #
 # Paths and names
 #
-E2FSPROGS_VERSION	:= 1.43.3
-E2FSPROGS_MD5		:= ec0cd4faac71b2fcf9f73733e4d50ead
+E2FSPROGS_VERSION	:= 1.43.4
+E2FSPROGS_MD5		:= 0bd1c74f357f6e9ae2ab6fa6229b9aea
 E2FSPROGS		:= e2fsprogs-$(E2FSPROGS_VERSION)
 E2FSPROGS_SUFFIX	:= tar.gz
 E2FSPROGS_URL		:= $(call ptx/mirror, SF, e2fsprogs/$(E2FSPROGS).$(E2FSPROGS_SUFFIX))
-- 
2.11.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [ptxdist] [PATCH] tcpdump: version bump 4.8.1 -> 4.9.0
  2017-02-04 17:41 [ptxdist] [PATCH] libgcrypt: version bump 1.7.5 -> 1.7.6 Clemens Gruber
  2017-02-04 17:41 ` [ptxdist] [PATCH] openssl: version update 1.0.2j -> 1.0.2k Clemens Gruber
  2017-02-04 17:41 ` [ptxdist] [PATCH] e2fsprogs: version bump 1.43.3 -> 1.43.4 Clemens Gruber
@ 2017-02-04 17:41 ` Clemens Gruber
  2017-02-07 16:46   ` Michael Olbrich
  2017-02-04 17:41 ` [ptxdist] [PATCH] zlib: version bump 1.2.8 -> 1.2.11 Clemens Gruber
                   ` (2 subsequent siblings)
  5 siblings, 1 reply; 12+ messages in thread
From: Clemens Gruber @ 2017-02-04 17:41 UTC (permalink / raw)
  To: ptxdist; +Cc: Clemens Gruber

A large number of critical vulnerabilities were fixed in 4.9.0.
Most of them are heap overflows and are remotely exploitable.

List of CVE numbers: https://www.debian.org/security/2017/dsa-3775

Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
---
 rules/tcpdump.make | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/tcpdump.make b/rules/tcpdump.make
index 9676b1c17..ed5c6d08e 100644
--- a/rules/tcpdump.make
+++ b/rules/tcpdump.make
@@ -17,8 +17,8 @@ PACKAGES-$(PTXCONF_TCPDUMP) += tcpdump
 #
 # Paths and names
 #
-TCPDUMP_VERSION	:= 4.8.1
-TCPDUMP_MD5	:= 32f57943649f276e09236ba66622bb0c
+TCPDUMP_VERSION	:= 4.9.0
+TCPDUMP_MD5	:= 2b83364eef53b63ca3181b4eb56dab0c
 TCPDUMP		:= tcpdump-$(TCPDUMP_VERSION)
 TCPDUMP_SUFFIX	:= tar.gz
 TCPDUMP_URL	:= http://www.tcpdump.org/release/$(TCPDUMP).$(TCPDUMP_SUFFIX)
-- 
2.11.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [ptxdist] [PATCH] zlib: version bump 1.2.8 -> 1.2.11
  2017-02-04 17:41 [ptxdist] [PATCH] libgcrypt: version bump 1.7.5 -> 1.7.6 Clemens Gruber
                   ` (2 preceding siblings ...)
  2017-02-04 17:41 ` [ptxdist] [PATCH] tcpdump: version bump 4.8.1 -> 4.9.0 Clemens Gruber
@ 2017-02-04 17:41 ` Clemens Gruber
  2017-02-08 15:57   ` Michael Olbrich
  2017-02-04 17:41 ` [ptxdist] [PATCH] sqlite: version bump 3.15.2 -> 3.16.2 Clemens Gruber
  2017-02-08 15:56 ` [ptxdist] [PATCH] libgcrypt: version bump 1.7.5 -> 1.7.6 Michael Olbrich
  5 siblings, 1 reply; 12+ messages in thread
From: Clemens Gruber @ 2017-02-04 17:41 UTC (permalink / raw)
  To: ptxdist; +Cc: Clemens Gruber

Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
---
 rules/zlib.make | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/zlib.make b/rules/zlib.make
index f880401dc..42e1cde08 100644
--- a/rules/zlib.make
+++ b/rules/zlib.make
@@ -17,8 +17,8 @@ PACKAGES-$(PTXCONF_ZLIB) += zlib
 #
 # Paths and names
 #
-ZLIB_VERSION	:= 1.2.8
-ZLIB_MD5	:= 28f1205d8dd2001f26fec1e8c2cebe37
+ZLIB_VERSION	:= 1.2.11
+ZLIB_MD5	:= 85adef240c5f370b308da8c938951a68
 ZLIB		:= zlib-$(ZLIB_VERSION)
 ZLIB_SUFFIX	:= tar.xz
 ZLIB_URL	:= \
-- 
2.11.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 12+ messages in thread

* [ptxdist] [PATCH] sqlite: version bump 3.15.2 -> 3.16.2
  2017-02-04 17:41 [ptxdist] [PATCH] libgcrypt: version bump 1.7.5 -> 1.7.6 Clemens Gruber
                   ` (3 preceding siblings ...)
  2017-02-04 17:41 ` [ptxdist] [PATCH] zlib: version bump 1.2.8 -> 1.2.11 Clemens Gruber
@ 2017-02-04 17:41 ` Clemens Gruber
  2017-02-08 15:57   ` Michael Olbrich
  2017-02-08 15:56 ` [ptxdist] [PATCH] libgcrypt: version bump 1.7.5 -> 1.7.6 Michael Olbrich
  5 siblings, 1 reply; 12+ messages in thread
From: Clemens Gruber @ 2017-02-04 17:41 UTC (permalink / raw)
  To: ptxdist; +Cc: Clemens Gruber

Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
---
 rules/sqlite.make | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/sqlite.make b/rules/sqlite.make
index 90dd89d68..59bf22212 100644
--- a/rules/sqlite.make
+++ b/rules/sqlite.make
@@ -21,11 +21,11 @@ PACKAGES-$(PTXCONF_SQLITE) += sqlite
 #
 # Paths and names
 #
-SQLITE_VERSION	:= 3150200
-SQLITE_MD5	:= 6b4fc0d8f7f02dd56bbde10a7c497a05
+SQLITE_VERSION	:= 3160200
+SQLITE_MD5	:= 5a153ef1fd2fa5845ada74deabc68e32
 SQLITE		:= sqlite-autoconf-$(SQLITE_VERSION)
 SQLITE_SUFFIX	:= tar.gz
-SQLITE_URL	:= https://www.sqlite.org/2016/$(SQLITE).$(SQLITE_SUFFIX)
+SQLITE_URL	:= https://www.sqlite.org/2017/$(SQLITE).$(SQLITE_SUFFIX)
 SQLITE_SOURCE	:= $(SRCDIR)/$(SQLITE).$(SQLITE_SUFFIX)
 SQLITE_DIR	:= $(BUILDDIR)/$(SQLITE)
 SQLITE_LICENSE	:= public_domain
-- 
2.11.1


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [PATCH] tcpdump: version bump 4.8.1 -> 4.9.0
  2017-02-04 17:41 ` [ptxdist] [PATCH] tcpdump: version bump 4.8.1 -> 4.9.0 Clemens Gruber
@ 2017-02-07 16:46   ` Michael Olbrich
  0 siblings, 0 replies; 12+ messages in thread
From: Michael Olbrich @ 2017-02-07 16:46 UTC (permalink / raw)
  To: ptxdist

On Sat, Feb 04, 2017 at 06:41:04PM +0100, Clemens Gruber wrote:
> A large number of critical vulnerabilities were fixed in 4.9.0.
> Most of them are heap overflows and are remotely exploitable.
> 
> List of CVE numbers: https://www.debian.org/security/2017/dsa-3775
> 
> Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
> ---
>  rules/tcpdump.make | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/rules/tcpdump.make b/rules/tcpdump.make
> index 9676b1c17..ed5c6d08e 100644
> --- a/rules/tcpdump.make
> +++ b/rules/tcpdump.make
> @@ -17,8 +17,8 @@ PACKAGES-$(PTXCONF_TCPDUMP) += tcpdump
>  #
>  # Paths and names
>  #
> -TCPDUMP_VERSION	:= 4.8.1

The current version in ptxdist is 4.7.4. I think you have another patch
somewhere in your repo.

Michael

> -TCPDUMP_MD5	:= 32f57943649f276e09236ba66622bb0c
> +TCPDUMP_VERSION	:= 4.9.0
> +TCPDUMP_MD5	:= 2b83364eef53b63ca3181b4eb56dab0c
>  TCPDUMP		:= tcpdump-$(TCPDUMP_VERSION)
>  TCPDUMP_SUFFIX	:= tar.gz
>  TCPDUMP_URL	:= http://www.tcpdump.org/release/$(TCPDUMP).$(TCPDUMP_SUFFIX)
> -- 
> 2.11.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [PATCH] libgcrypt: version bump 1.7.5 -> 1.7.6
  2017-02-04 17:41 [ptxdist] [PATCH] libgcrypt: version bump 1.7.5 -> 1.7.6 Clemens Gruber
                   ` (4 preceding siblings ...)
  2017-02-04 17:41 ` [ptxdist] [PATCH] sqlite: version bump 3.15.2 -> 3.16.2 Clemens Gruber
@ 2017-02-08 15:56 ` Michael Olbrich
  5 siblings, 0 replies; 12+ messages in thread
From: Michael Olbrich @ 2017-02-08 15:56 UTC (permalink / raw)
  To: ptxdist

On Sat, Feb 04, 2017 at 06:41:01PM +0100, Clemens Gruber wrote:
> Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>

Thanks, applied,

Michael

> ---
>  rules/libgcrypt.make | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/rules/libgcrypt.make b/rules/libgcrypt.make
> index f933a7766..0c1f0e6b5 100644
> --- a/rules/libgcrypt.make
> +++ b/rules/libgcrypt.make
> @@ -17,8 +17,8 @@ PACKAGES-$(PTXCONF_LIBGCRYPT) += libgcrypt
>  #
>  # Paths and names
>  #
> -LIBGCRYPT_VERSION	:= 1.7.5
> -LIBGCRYPT_MD5		:= 74c8b4b2118946dcbfec5ff1cbf97177
> +LIBGCRYPT_VERSION	:= 1.7.6
> +LIBGCRYPT_MD5		:= 54e180679a7ae4d090f8689ca32b654c
>  LIBGCRYPT		:= libgcrypt-$(LIBGCRYPT_VERSION)
>  LIBGCRYPT_SUFFIX	:= tar.bz2
>  LIBGCRYPT_URL		:= http://artfiles.org/gnupg.org/libgcrypt/$(LIBGCRYPT).$(LIBGCRYPT_SUFFIX) ftp://ftp.gnupg.org/gcrypt/libgcrypt/$(LIBGCRYPT).$(LIBGCRYPT_SUFFIX)
> -- 
> 2.11.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [PATCH] openssl: version update 1.0.2j -> 1.0.2k
  2017-02-04 17:41 ` [ptxdist] [PATCH] openssl: version update 1.0.2j -> 1.0.2k Clemens Gruber
@ 2017-02-08 15:56   ` Michael Olbrich
  0 siblings, 0 replies; 12+ messages in thread
From: Michael Olbrich @ 2017-02-08 15:56 UTC (permalink / raw)
  To: ptxdist

On Sat, Feb 04, 2017 at 06:41:02PM +0100, Clemens Gruber wrote:
> Also add Debian patch to mark Triple DES and RC4 as weak ciphers.
> 
> Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>

Thanks, applied,

Michael

> ---
>  .../0001-debian-targets.patch                      |   6 +-
>  .../0002-engines-path.patch                        |  12 +-
>  .../0003-no-rpath.patch                            |   0
>  .../0004-no-symbolic.patch                         |   0
>  .../0005-pic.patch                                 |   0
>  .../0006-valgrind.patch                            |   0
>  .../0007-shared-lib-ext.patch                      |   4 +-
>  .../0008-block_diginotar.patch                     |   0
>  .../0009-block_digicert_malaysia.patch             |   0
>  .../0010-Disable-the-freelist.patch                |   2 +-
>  .../0011-soname.patch                              |   2 +-
>  .../0012-Mark-3DES-and-RC4-ciphers-as-weak.patch   | 427 +++++++++++++++++++++
>  ...-don-t-ask-dpkg-buildflags-for-more-flags.patch |   0
>  .../0101-fix-parallel-building.patch               |   0
>  patches/{openssl-1.0.2j => openssl-1.0.2k}/series  |   3 +-
>  rules/openssl.make                                 |   4 +-
>  16 files changed, 444 insertions(+), 16 deletions(-)
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0001-debian-targets.patch (98%)
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0002-engines-path.patch (94%)
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0003-no-rpath.patch (100%)
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0004-no-symbolic.patch (100%)
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0005-pic.patch (100%)
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0006-valgrind.patch (100%)
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0007-shared-lib-ext.patch (91%)
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0008-block_diginotar.patch (100%)
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0009-block_digicert_malaysia.patch (100%)
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0010-Disable-the-freelist.patch (96%)
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0011-soname.patch (94%)
>  create mode 100644 patches/openssl-1.0.2k/0012-Mark-3DES-and-RC4-ciphers-as-weak.patch
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch (100%)
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0101-fix-parallel-building.patch (100%)
>  rename patches/{openssl-1.0.2j => openssl-1.0.2k}/series (81%)
> 
> diff --git a/patches/openssl-1.0.2j/0001-debian-targets.patch b/patches/openssl-1.0.2k/0001-debian-targets.patch
> similarity index 98%
> rename from patches/openssl-1.0.2j/0001-debian-targets.patch
> rename to patches/openssl-1.0.2k/0001-debian-targets.patch
> index a3a0895fb..ea3b557e5 100644
> --- a/patches/openssl-1.0.2j/0001-debian-targets.patch
> +++ b/patches/openssl-1.0.2k/0001-debian-targets.patch
> @@ -10,10 +10,10 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>   1 file changed, 54 insertions(+)
>  
>  diff --git a/Configure b/Configure
> -index c39f71a17910..738cee34030f 100755
> +index 5da7cadbf332..300a314fbd39 100755
>  --- a/Configure
>  +++ b/Configure
> -@@ -131,6 +131,10 @@ my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers
> +@@ -133,6 +133,10 @@ my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers
>   # Warn that "make depend" should be run?
>   my $warn_make_depend = 0;
>   
> @@ -24,7 +24,7 @@ index c39f71a17910..738cee34030f 100755
>   my $strict_warnings = 0;
>   
>   my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
> -@@ -367,6 +371,56 @@ my %table=(
> +@@ -369,6 +373,56 @@ my %table=(
>   "osf1-alpha-cc",  "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
>   "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
>   
> diff --git a/patches/openssl-1.0.2j/0002-engines-path.patch b/patches/openssl-1.0.2k/0002-engines-path.patch
> similarity index 94%
> rename from patches/openssl-1.0.2j/0002-engines-path.patch
> rename to patches/openssl-1.0.2k/0002-engines-path.patch
> index 054e0c0d8..751ca6539 100644
> --- a/patches/openssl-1.0.2j/0002-engines-path.patch
> +++ b/patches/openssl-1.0.2k/0002-engines-path.patch
> @@ -13,10 +13,10 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>   4 files changed, 12 insertions(+), 12 deletions(-)
>  
>  diff --git a/Configure b/Configure
> -index 738cee34030f..fe3c3c70181c 100755
> +index 300a314fbd39..92e1ce9d74b9 100755
>  --- a/Configure
>  +++ b/Configure
> -@@ -1969,7 +1969,7 @@ while (<IN>)
> +@@ -1979,7 +1979,7 @@ while (<IN>)
>   		}
>   	elsif	(/^#define\s+ENGINESDIR/)
>   		{
> @@ -26,10 +26,10 @@ index 738cee34030f..fe3c3c70181c 100755
>   		print OUT "#define ENGINESDIR \"$foo\"\n";
>   		}
>  diff --git a/Makefile.org b/Makefile.org
> -index 2377f5029187..4c92e2167ecd 100644
> +index 61a329b4f20f..910692d4a4c2 100644
>  --- a/Makefile.org
>  +++ b/Makefile.org
> -@@ -368,7 +368,7 @@ libcrypto.pc: Makefile
> +@@ -369,7 +369,7 @@ libcrypto.pc: Makefile
>   	    echo 'exec_prefix=$${prefix}'; \
>   	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
>   	    echo 'includedir=$${prefix}/include'; \
> @@ -38,7 +38,7 @@ index 2377f5029187..4c92e2167ecd 100644
>   	    echo ''; \
>   	    echo 'Name: OpenSSL-libcrypto'; \
>   	    echo 'Description: OpenSSL cryptography library'; \
> -@@ -536,7 +536,7 @@ install: all install_docs install_sw
> +@@ -537,7 +537,7 @@ install: all install_docs install_sw
>   install_sw:
>   	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
>   		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
> @@ -82,7 +82,7 @@ index 2058ff405afe..df7def6174fd 100644
>   	fi
>   	@target=install; $(RECURSIVE_MAKE)
>  diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile
> -index 17e1efbdff30..d59a350fd50f 100644
> +index f378530c8642..b42a64162730 100644
>  --- a/engines/ccgost/Makefile
>  +++ b/engines/ccgost/Makefile
>  @@ -47,7 +47,7 @@ install:
> diff --git a/patches/openssl-1.0.2j/0003-no-rpath.patch b/patches/openssl-1.0.2k/0003-no-rpath.patch
> similarity index 100%
> rename from patches/openssl-1.0.2j/0003-no-rpath.patch
> rename to patches/openssl-1.0.2k/0003-no-rpath.patch
> diff --git a/patches/openssl-1.0.2j/0004-no-symbolic.patch b/patches/openssl-1.0.2k/0004-no-symbolic.patch
> similarity index 100%
> rename from patches/openssl-1.0.2j/0004-no-symbolic.patch
> rename to patches/openssl-1.0.2k/0004-no-symbolic.patch
> diff --git a/patches/openssl-1.0.2j/0005-pic.patch b/patches/openssl-1.0.2k/0005-pic.patch
> similarity index 100%
> rename from patches/openssl-1.0.2j/0005-pic.patch
> rename to patches/openssl-1.0.2k/0005-pic.patch
> diff --git a/patches/openssl-1.0.2j/0006-valgrind.patch b/patches/openssl-1.0.2k/0006-valgrind.patch
> similarity index 100%
> rename from patches/openssl-1.0.2j/0006-valgrind.patch
> rename to patches/openssl-1.0.2k/0006-valgrind.patch
> diff --git a/patches/openssl-1.0.2j/0007-shared-lib-ext.patch b/patches/openssl-1.0.2k/0007-shared-lib-ext.patch
> similarity index 91%
> rename from patches/openssl-1.0.2j/0007-shared-lib-ext.patch
> rename to patches/openssl-1.0.2k/0007-shared-lib-ext.patch
> index 314f89898..d1f282a2d 100644
> --- a/patches/openssl-1.0.2j/0007-shared-lib-ext.patch
> +++ b/patches/openssl-1.0.2k/0007-shared-lib-ext.patch
> @@ -10,10 +10,10 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>   1 file changed, 2 insertions(+), 1 deletion(-)
>  
>  diff --git a/Configure b/Configure
> -index fe3c3c70181c..bf0da9cd950b 100755
> +index 92e1ce9d74b9..d859e12733ad 100755
>  --- a/Configure
>  +++ b/Configure
> -@@ -1835,7 +1835,8 @@ while (<IN>)
> +@@ -1837,7 +1837,8 @@ while (<IN>)
>   	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
>   		{
>   		my $sotmp = $1;
> diff --git a/patches/openssl-1.0.2j/0008-block_diginotar.patch b/patches/openssl-1.0.2k/0008-block_diginotar.patch
> similarity index 100%
> rename from patches/openssl-1.0.2j/0008-block_diginotar.patch
> rename to patches/openssl-1.0.2k/0008-block_diginotar.patch
> diff --git a/patches/openssl-1.0.2j/0009-block_digicert_malaysia.patch b/patches/openssl-1.0.2k/0009-block_digicert_malaysia.patch
> similarity index 100%
> rename from patches/openssl-1.0.2j/0009-block_digicert_malaysia.patch
> rename to patches/openssl-1.0.2k/0009-block_digicert_malaysia.patch
> diff --git a/patches/openssl-1.0.2j/0010-Disable-the-freelist.patch b/patches/openssl-1.0.2k/0010-Disable-the-freelist.patch
> similarity index 96%
> rename from patches/openssl-1.0.2j/0010-Disable-the-freelist.patch
> rename to patches/openssl-1.0.2k/0010-Disable-the-freelist.patch
> index 0ca35f946..dc5cf4bde 100644
> --- a/patches/openssl-1.0.2j/0010-Disable-the-freelist.patch
> +++ b/patches/openssl-1.0.2k/0010-Disable-the-freelist.patch
> @@ -28,7 +28,7 @@ index 054ded1c9903..bb0085cf2ec0 100644
>   /*-
>    * On some platforms, malloc() performance is bad enough that you can't just
>  diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
> -index 42b980ac26a0..da721a9ac559 100644
> +index f8054dae6b6b..0c3bafb52814 100644
>  --- a/ssl/ssl_lib.c
>  +++ b/ssl/ssl_lib.c
>  @@ -162,6 +162,8 @@
> diff --git a/patches/openssl-1.0.2j/0011-soname.patch b/patches/openssl-1.0.2k/0011-soname.patch
> similarity index 94%
> rename from patches/openssl-1.0.2j/0011-soname.patch
> rename to patches/openssl-1.0.2k/0011-soname.patch
> index de9c6fa93..93c046003 100644
> --- a/patches/openssl-1.0.2j/0011-soname.patch
> +++ b/patches/openssl-1.0.2k/0011-soname.patch
> @@ -10,7 +10,7 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>   1 file changed, 1 insertion(+), 1 deletion(-)
>  
>  diff --git a/crypto/opensslv.h b/crypto/opensslv.h
> -index 88faad652259..2ceb66313cc6 100644
> +index 645dd0793f32..976423292855 100644
>  --- a/crypto/opensslv.h
>  +++ b/crypto/opensslv.h
>  @@ -88,7 +88,7 @@ extern "C" {
> diff --git a/patches/openssl-1.0.2k/0012-Mark-3DES-and-RC4-ciphers-as-weak.patch b/patches/openssl-1.0.2k/0012-Mark-3DES-and-RC4-ciphers-as-weak.patch
> new file mode 100644
> index 000000000..719f17225
> --- /dev/null
> +++ b/patches/openssl-1.0.2k/0012-Mark-3DES-and-RC4-ciphers-as-weak.patch
> @@ -0,0 +1,427 @@
> +From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
> +Date: Sun, 18 Dec 2016 15:37:52 +0100
> +Subject: [PATCH] Mark 3DES and RC4 ciphers as weak
> +
> +This disables RC4 and 3DES in our build
> +
> +Imported from openssl_1.0.2k-1~bpo8+1.debian.tar.xz
> +
> +Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>
> +---
> + ssl/s3_lib.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
> + 1 file changed, 58 insertions(+), 1 deletion(-)
> +
> +diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
> +index 0385e039c8d4..cf785f994917 100644
> +--- a/ssl/s3_lib.c
> ++++ b/ssl/s3_lib.c
> +@@ -216,6 +216,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> + #endif
> + 
> + /* Cipher 04 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      SSL3_TXT_RSA_RC4_128_MD5,
> +@@ -230,8 +231,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      128,
> +      128,
> +      },
> ++#endif
> + 
> + /* Cipher 05 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      SSL3_TXT_RSA_RC4_128_SHA,
> +@@ -246,7 +249,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      128,
> +      128,
> +      },
> +-
> ++#endif
> + /* Cipher 06 */
> + #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +@@ -320,6 +323,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> + #endif
> + 
> + /* Cipher 0A */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      SSL3_TXT_RSA_DES_192_CBC3_SHA,
> +@@ -334,6 +338,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> + /* The DH ciphers */
> + /* Cipher 0B */
> +@@ -373,6 +378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> + #endif
> + 
> + /* Cipher 0D */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
> +@@ -387,6 +393,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> + /* Cipher 0E */
> + #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +@@ -425,6 +432,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> + #endif
> + 
> + /* Cipher 10 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
> +@@ -439,6 +447,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> + /* The Ephemeral DH ciphers */
> + /* Cipher 11 */
> +@@ -478,6 +487,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> + #endif
> + 
> + /* Cipher 13 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
> +@@ -492,6 +502,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> + /* Cipher 14 */
> + #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +@@ -530,6 +541,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> + #endif
> + 
> + /* Cipher 16 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
> +@@ -544,6 +556,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> + /* Cipher 17 */
> + #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +@@ -564,6 +577,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> + #endif
> + 
> + /* Cipher 18 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      SSL3_TXT_ADH_RC4_128_MD5,
> +@@ -578,6 +592,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      128,
> +      128,
> +      },
> ++#endif
> + 
> + /* Cipher 19 */
> + #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +@@ -616,6 +631,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> + #endif
> + 
> + /* Cipher 1B */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      SSL3_TXT_ADH_DES_192_CBC_SHA,
> +@@ -630,6 +646,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> + /* Fortezza ciphersuite from SSL 3.0 spec */
> + #if 0
> +@@ -703,6 +720,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> + # endif
> + 
> + /* Cipher 1F */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      SSL3_TXT_KRB5_DES_192_CBC3_SHA,
> +@@ -717,8 +735,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> + /* Cipher 20 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      SSL3_TXT_KRB5_RC4_128_SHA,
> +@@ -733,6 +753,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      128,
> +      128,
> +      },
> ++#endif
> + 
> + /* Cipher 21 */
> +     {
> +@@ -769,6 +790,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> + # endif
> + 
> + /* Cipher 23 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      SSL3_TXT_KRB5_DES_192_CBC3_MD5,
> +@@ -783,8 +805,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> + /* Cipher 24 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      SSL3_TXT_KRB5_RC4_128_MD5,
> +@@ -799,6 +823,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      128,
> +      128,
> +      },
> ++#endif
> + 
> + /* Cipher 25 */
> +     {
> +@@ -1418,6 +1443,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> + # endif
> + 
> +     /* Cipher 66 */
> ++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
> +@@ -1433,6 +1459,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      128,
> +      },
> + #endif
> ++#endif
> + 
> +     /* TLS v1.2 ciphersuites */
> +     /* Cipher 67 */
> +@@ -1703,6 +1730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> + 
> + #ifndef OPENSSL_NO_PSK
> +     /* Cipher 8A */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_PSK_WITH_RC4_128_SHA,
> +@@ -1717,8 +1745,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      128,
> +      128,
> +      },
> ++#endif
> + 
> +     /* Cipher 8B */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
> +@@ -1733,6 +1763,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> +     /* Cipher 8C */
> +     {
> +@@ -2095,6 +2126,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      },
> + 
> +     /* Cipher C002 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
> +@@ -2109,8 +2141,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      128,
> +      128,
> +      },
> ++#endif
> + 
> +     /* Cipher C003 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
> +@@ -2125,6 +2159,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> +     /* Cipher C004 */
> +     {
> +@@ -2175,6 +2210,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      },
> + 
> +     /* Cipher C007 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
> +@@ -2189,8 +2225,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      128,
> +      128,
> +      },
> ++#endif
> + 
> +     /* Cipher C008 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
> +@@ -2205,6 +2243,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> +     /* Cipher C009 */
> +     {
> +@@ -2255,6 +2294,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      },
> + 
> +     /* Cipher C00C */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
> +@@ -2269,8 +2309,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      128,
> +      128,
> +      },
> ++#endif
> + 
> +     /* Cipher C00D */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
> +@@ -2285,6 +2327,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> +     /* Cipher C00E */
> +     {
> +@@ -2335,6 +2378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      },
> + 
> +     /* Cipher C011 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
> +@@ -2349,8 +2393,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      128,
> +      128,
> +      },
> ++#endif
> + 
> +     /* Cipher C012 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
> +@@ -2365,6 +2411,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> +     /* Cipher C013 */
> +     {
> +@@ -2415,6 +2462,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      },
> + 
> +     /* Cipher C016 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
> +@@ -2429,8 +2477,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      128,
> +      128,
> +      },
> ++#endif
> + 
> +     /* Cipher C017 */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
> +@@ -2445,6 +2495,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> +     /* Cipher C018 */
> +     {
> +@@ -2481,6 +2532,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> + 
> + #ifndef OPENSSL_NO_SRP
> +     /* Cipher C01A */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
> +@@ -2495,8 +2547,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> +     /* Cipher C01B */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
> +@@ -2511,8 +2565,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> +     /* Cipher C01C */
> ++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
> +     {
> +      1,
> +      TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
> +@@ -2527,6 +2583,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
> +      112,
> +      168,
> +      },
> ++#endif
> + 
> +     /* Cipher C01D */
> +     {
> diff --git a/patches/openssl-1.0.2j/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch b/patches/openssl-1.0.2k/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
> similarity index 100%
> rename from patches/openssl-1.0.2j/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
> rename to patches/openssl-1.0.2k/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
> diff --git a/patches/openssl-1.0.2j/0101-fix-parallel-building.patch b/patches/openssl-1.0.2k/0101-fix-parallel-building.patch
> similarity index 100%
> rename from patches/openssl-1.0.2j/0101-fix-parallel-building.patch
> rename to patches/openssl-1.0.2k/0101-fix-parallel-building.patch
> diff --git a/patches/openssl-1.0.2j/series b/patches/openssl-1.0.2k/series
> similarity index 81%
> rename from patches/openssl-1.0.2j/series
> rename to patches/openssl-1.0.2k/series
> index 01b9069cb..9aff52098 100644
> --- a/patches/openssl-1.0.2j/series
> +++ b/patches/openssl-1.0.2k/series
> @@ -12,7 +12,8 @@
>  0009-block_digicert_malaysia.patch
>  0010-Disable-the-freelist.patch
>  0011-soname.patch
> +0012-Mark-3DES-and-RC4-ciphers-as-weak.patch
>  #tag:ptx --start-number 100
>  0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
>  0101-fix-parallel-building.patch
> -# f8cea4ba1a426b33140d363dc76fa6d2  - git-ptx-patches magic
> +# e678378891be1b4edd294761e63d3a68  - git-ptx-patches magic
> diff --git a/rules/openssl.make b/rules/openssl.make
> index a6e643418..9ee02819f 100644
> --- a/rules/openssl.make
> +++ b/rules/openssl.make
> @@ -19,9 +19,9 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl
>  # Paths and names
>  #
>  OPENSSL_BASE	:= 1.0.2
> -OPENSSL_BUGFIX	:= j
> +OPENSSL_BUGFIX	:= k
>  OPENSSL_VERSION	:= $(OPENSSL_BASE)$(OPENSSL_BUGFIX)
> -OPENSSL_MD5	:= 96322138f0b69e61b7212bc53d5e912b
> +OPENSSL_MD5	:= f965fc0bf01bf882b31314b61391ae65
>  OPENSSL		:= openssl-$(OPENSSL_VERSION)
>  OPENSSL_SUFFIX	:= tar.gz
>  OPENSSL_URL	:= \
> -- 
> 2.11.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [PATCH] e2fsprogs: version bump 1.43.3 -> 1.43.4
  2017-02-04 17:41 ` [ptxdist] [PATCH] e2fsprogs: version bump 1.43.3 -> 1.43.4 Clemens Gruber
@ 2017-02-08 15:57   ` Michael Olbrich
  0 siblings, 0 replies; 12+ messages in thread
From: Michael Olbrich @ 2017-02-08 15:57 UTC (permalink / raw)
  To: ptxdist

On Sat, Feb 04, 2017 at 06:41:03PM +0100, Clemens Gruber wrote:
> Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>

Thanks, applied,

Michael

> ---
>  rules/e2fsprogs.make | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/rules/e2fsprogs.make b/rules/e2fsprogs.make
> index 232d59ec1..6e16b4fcf 100644
> --- a/rules/e2fsprogs.make
> +++ b/rules/e2fsprogs.make
> @@ -17,8 +17,8 @@ PACKAGES-$(PTXCONF_E2FSPROGS) += e2fsprogs
>  #
>  # Paths and names
>  #
> -E2FSPROGS_VERSION	:= 1.43.3
> -E2FSPROGS_MD5		:= ec0cd4faac71b2fcf9f73733e4d50ead
> +E2FSPROGS_VERSION	:= 1.43.4
> +E2FSPROGS_MD5		:= 0bd1c74f357f6e9ae2ab6fa6229b9aea
>  E2FSPROGS		:= e2fsprogs-$(E2FSPROGS_VERSION)
>  E2FSPROGS_SUFFIX	:= tar.gz
>  E2FSPROGS_URL		:= $(call ptx/mirror, SF, e2fsprogs/$(E2FSPROGS).$(E2FSPROGS_SUFFIX))
> -- 
> 2.11.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [PATCH] zlib: version bump 1.2.8 -> 1.2.11
  2017-02-04 17:41 ` [ptxdist] [PATCH] zlib: version bump 1.2.8 -> 1.2.11 Clemens Gruber
@ 2017-02-08 15:57   ` Michael Olbrich
  0 siblings, 0 replies; 12+ messages in thread
From: Michael Olbrich @ 2017-02-08 15:57 UTC (permalink / raw)
  To: ptxdist

On Sat, Feb 04, 2017 at 06:41:05PM +0100, Clemens Gruber wrote:
> Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>

Thanks, applied,

Michael

> ---
>  rules/zlib.make | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/rules/zlib.make b/rules/zlib.make
> index f880401dc..42e1cde08 100644
> --- a/rules/zlib.make
> +++ b/rules/zlib.make
> @@ -17,8 +17,8 @@ PACKAGES-$(PTXCONF_ZLIB) += zlib
>  #
>  # Paths and names
>  #
> -ZLIB_VERSION	:= 1.2.8
> -ZLIB_MD5	:= 28f1205d8dd2001f26fec1e8c2cebe37
> +ZLIB_VERSION	:= 1.2.11
> +ZLIB_MD5	:= 85adef240c5f370b308da8c938951a68
>  ZLIB		:= zlib-$(ZLIB_VERSION)
>  ZLIB_SUFFIX	:= tar.xz
>  ZLIB_URL	:= \
> -- 
> 2.11.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 12+ messages in thread

* Re: [ptxdist] [PATCH] sqlite: version bump 3.15.2 -> 3.16.2
  2017-02-04 17:41 ` [ptxdist] [PATCH] sqlite: version bump 3.15.2 -> 3.16.2 Clemens Gruber
@ 2017-02-08 15:57   ` Michael Olbrich
  0 siblings, 0 replies; 12+ messages in thread
From: Michael Olbrich @ 2017-02-08 15:57 UTC (permalink / raw)
  To: ptxdist

On Sat, Feb 04, 2017 at 06:41:06PM +0100, Clemens Gruber wrote:
> Signed-off-by: Clemens Gruber <clemens.gruber@pqgruber.com>

Thanks, applied,

Michael

> ---
>  rules/sqlite.make | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/rules/sqlite.make b/rules/sqlite.make
> index 90dd89d68..59bf22212 100644
> --- a/rules/sqlite.make
> +++ b/rules/sqlite.make
> @@ -21,11 +21,11 @@ PACKAGES-$(PTXCONF_SQLITE) += sqlite
>  #
>  # Paths and names
>  #
> -SQLITE_VERSION	:= 3150200
> -SQLITE_MD5	:= 6b4fc0d8f7f02dd56bbde10a7c497a05
> +SQLITE_VERSION	:= 3160200
> +SQLITE_MD5	:= 5a153ef1fd2fa5845ada74deabc68e32
>  SQLITE		:= sqlite-autoconf-$(SQLITE_VERSION)
>  SQLITE_SUFFIX	:= tar.gz
> -SQLITE_URL	:= https://www.sqlite.org/2016/$(SQLITE).$(SQLITE_SUFFIX)
> +SQLITE_URL	:= https://www.sqlite.org/2017/$(SQLITE).$(SQLITE_SUFFIX)
>  SQLITE_SOURCE	:= $(SRCDIR)/$(SQLITE).$(SQLITE_SUFFIX)
>  SQLITE_DIR	:= $(BUILDDIR)/$(SQLITE)
>  SQLITE_LICENSE	:= public_domain
> -- 
> 2.11.1
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de

-- 
Pengutronix e.K.                           |                             |
Industrial Linux Solutions                 | http://www.pengutronix.de/  |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de

^ permalink raw reply	[flat|nested] 12+ messages in thread

end of thread, other threads:[~2017-02-08 15:57 UTC | newest]

Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-04 17:41 [ptxdist] [PATCH] libgcrypt: version bump 1.7.5 -> 1.7.6 Clemens Gruber
2017-02-04 17:41 ` [ptxdist] [PATCH] openssl: version update 1.0.2j -> 1.0.2k Clemens Gruber
2017-02-08 15:56   ` Michael Olbrich
2017-02-04 17:41 ` [ptxdist] [PATCH] e2fsprogs: version bump 1.43.3 -> 1.43.4 Clemens Gruber
2017-02-08 15:57   ` Michael Olbrich
2017-02-04 17:41 ` [ptxdist] [PATCH] tcpdump: version bump 4.8.1 -> 4.9.0 Clemens Gruber
2017-02-07 16:46   ` Michael Olbrich
2017-02-04 17:41 ` [ptxdist] [PATCH] zlib: version bump 1.2.8 -> 1.2.11 Clemens Gruber
2017-02-08 15:57   ` Michael Olbrich
2017-02-04 17:41 ` [ptxdist] [PATCH] sqlite: version bump 3.15.2 -> 3.16.2 Clemens Gruber
2017-02-08 15:57   ` Michael Olbrich
2017-02-08 15:56 ` [ptxdist] [PATCH] libgcrypt: version bump 1.7.5 -> 1.7.6 Michael Olbrich

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox