diff options
author | Michael Olbrich <m.olbrich@pengutronix.de> | 2018-11-11 19:20:43 +0100 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2019-03-01 12:30:38 +0100 |
commit | 43b3386cc51e11d645e21fec7d59b4dd070b57bd (patch) | |
tree | f778b1fb2cf5822e789839d8b6454e4d158d2bdb | |
parent | 7266f21cf47a3caa16637d140d99c0df9acd763d (diff) | |
download | ptxdist-43b3386cc51e11d645e21fec7d59b4dd070b57bd.tar.gz ptxdist-43b3386cc51e11d645e21fec7d59b4dd070b57bd.tar.xz |
openssl: version bump 1.0.2o -> 1.1.1b
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
17 files changed, 296 insertions, 917 deletions
diff --git a/patches/openssl-1.0.2q/0001-debian-targets.patch b/patches/openssl-1.0.2q/0001-debian-targets.patch deleted file mode 100644 index ca9b1e463..000000000 --- a/patches/openssl-1.0.2q/0001-debian-targets.patch +++ /dev/null @@ -1,85 +0,0 @@ -From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> -Date: Tue, 12 Dec 2017 23:35:23 +0100 -Subject: [PATCH] debian-targets - -Imported from openssl1.0_1.0.2q-2.debian.tar.xz - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - Configure | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 56 insertions(+) - -diff --git a/Configure b/Configure -index c7066dc97c58..79b7d5c90d8e 100755 ---- a/Configure -+++ b/Configure -@@ -133,6 +133,10 @@ my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers - # Warn that "make depend" should be run? - my $warn_make_depend = 0; - -+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS -+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; -+$debian_cflags =~ s/\n/ /g; -+ - my $strict_warnings = 0; - - my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; -@@ -369,6 +373,58 @@ my %table=( - "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", - "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", - -+# Debian GNU/* (various architectures) -+"debian-alpha","gcc:${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-alpha-ev4","gcc:${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-alpha-ev5","gcc:${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-arm64","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-arm64ilp32","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armel","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armhf","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-amd64", "gcc:-m64 -DL_ENDIAN ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", -+"debian-avr32", "gcc:-DB_ENDIAN ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-kfreebsd-i386","gcc:-DL_ENDIAN ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-hppa","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-hurd-i386","gcc:-DL_ENDIAN -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-ia64","gcc:${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i486","gcc:-DL_ENDIAN ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i586","gcc:-DL_ENDIAN ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i686/cmov","gcc:-DL_ENDIAN ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-m68k","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mipsel", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mipsn32", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mipsn32el", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips64", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips64el", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-i386", "gcc:-DL_ENDIAN ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-m68k", "gcc:-DB_ENDIAN ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-sparc", "gcc:-DB_ENDIAN ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-nios2", "gcc:-DB_ENDIAN ${debian_cflags}::(unknown)::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-alpha","gcc:${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-i386", "gcc:-DL_ENDIAN ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-or1k", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-powerpc","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-powerpcspe","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-ppc64","gcc:-m64 -DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-ppc64el","gcc:-m64 -DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-riscv64","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-s390","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-s390x","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh3", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh4", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh3eb", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh4eb", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-m32r","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc-v8","gcc:-DB_ENDIAN ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc-v9","gcc:-DB_ENDIAN ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc64","gcc:-m64 -DB_ENDIAN ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-x32","gcc:-mx32 -DL_ENDIAN ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", -+ - #### - #### Variety of LINUX:-) - #### diff --git a/patches/openssl-1.0.2q/0002-no-rpath.patch b/patches/openssl-1.0.2q/0002-no-rpath.patch deleted file mode 100644 index 231ee8b15..000000000 --- a/patches/openssl-1.0.2q/0002-no-rpath.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> -Date: Tue, 12 Dec 2017 23:35:23 +0100 -Subject: [PATCH] no-rpath - -Imported from openssl1.0_1.0.2q-2.debian.tar.xz - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - Makefile.shared | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile.shared b/Makefile.shared -index e8d222ac6a00..f68d6ff877ac 100644 ---- a/Makefile.shared -+++ b/Makefile.shared -@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - --DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(CFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/patches/openssl-1.0.2q/0004-valgrind.patch b/patches/openssl-1.0.2q/0004-valgrind.patch deleted file mode 100644 index e0f7ce74b..000000000 --- a/patches/openssl-1.0.2q/0004-valgrind.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> -Date: Tue, 12 Dec 2017 23:35:24 +0100 -Subject: [PATCH] valgrind - -Imported from openssl1.0_1.0.2q-2.debian.tar.xz - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - crypto/rand/md_rand.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c -index 2983a3fda487..a16cc804cc56 100644 ---- a/crypto/rand/md_rand.c -+++ b/crypto/rand/md_rand.c -@@ -488,6 +488,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) - goto err; - - #ifndef PURIFY /* purify complains */ -+#if 0 - /* - * The following line uses the supplied buffer as a small source of - * entropy: since this buffer is often uninitialised it may cause -@@ -497,6 +498,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) - */ - if (!MD_Update(&m, buf, j)) - goto err; -+#endif - #endif - - k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; diff --git a/patches/openssl-1.0.2q/0005-shared-lib-ext.patch b/patches/openssl-1.0.2q/0005-shared-lib-ext.patch deleted file mode 100644 index a3c186df2..000000000 --- a/patches/openssl-1.0.2q/0005-shared-lib-ext.patch +++ /dev/null @@ -1,25 +0,0 @@ -From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> -Date: Tue, 12 Dec 2017 23:35:24 +0100 -Subject: [PATCH] shared-lib-ext - -Imported from openssl1.0_1.0.2q-2.debian.tar.xz - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - Configure | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/Configure b/Configure -index 79b7d5c90d8e..97ce24d18a5c 100755 ---- a/Configure -+++ b/Configure -@@ -1853,7 +1853,8 @@ while (<IN>) - elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) - { - my $sotmp = $1; -- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; -+# s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; -+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; - } - elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) - { diff --git a/patches/openssl-1.0.2q/0006-block_diginotar.patch b/patches/openssl-1.0.2q/0006-block_diginotar.patch deleted file mode 100644 index 95b8d6d13..000000000 --- a/patches/openssl-1.0.2q/0006-block_diginotar.patch +++ /dev/null @@ -1,74 +0,0 @@ -From: Raphael Geissert <geissert@debian.org> -Date: Tue, 12 Dec 2017 23:35:24 +0100 -Subject: [PATCH] block_diginotar - -Description: make X509_verify_cert indicate that any certificate whose - name contains "DigiNotar" is revoked. -Forwarded: not-needed -Origin: vendor -Last-Update: 2011-09-08 -Bug: http://bugs.debian.org/639744 -Reviewed-by: Kurt Roeckx <kurt@roeckx.be> -Reviewed-by: Dr Stephen N Henson <shenson@drh-consultancy.co.uk> - -This is not meant as final patch. - -Imported from openssl1.0_1.0.2q-2.debian.tar.xz - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - crypto/x509/x509_vfy.c | 27 +++++++++++++++++++++++++++ - 1 file changed, 27 insertions(+) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index da778d47b1cc..77bdb18882ce 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -120,6 +120,7 @@ static int check_trust(X509_STORE_CTX *ctx); - static int check_revocation(X509_STORE_CTX *ctx); - static int check_cert(X509_STORE_CTX *ctx); - static int check_policy(X509_STORE_CTX *ctx); -+static int check_ca_blacklist(X509_STORE_CTX *ctx); - - static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, - unsigned int *preasons, X509_CRL *crl, X509 *x); -@@ -502,6 +503,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx) - if (!ok) - goto err; - -+ ok = check_ca_blacklist(ctx); -+ if(!ok) goto err; -+ - #ifndef OPENSSL_NO_RFC3779 - /* RFC 3779 path validation, now that CRL check has been done */ - ok = v3_asid_validate_path(ctx); -@@ -1110,6 +1114,29 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) - return 1; - } - -+static int check_ca_blacklist(X509_STORE_CTX *ctx) -+ { -+ X509 *x; -+ int i; -+ /* Check all certificates against the blacklist */ -+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) -+ { -+ x = sk_X509_value(ctx->chain, i); -+ /* Mark DigiNotar certificates as revoked, no matter -+ * where in the chain they are. -+ */ -+ if (x->name && strstr(x->name, "DigiNotar")) -+ { -+ ctx->error = X509_V_ERR_CERT_REVOKED; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0,ctx)) -+ return 0; -+ } -+ } -+ return 1; -+ } -+ - static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, - X509 **pissuer, int *pscore, unsigned int *preasons, - STACK_OF(X509_CRL) *crls) diff --git a/patches/openssl-1.0.2q/0007-block_digicert_malaysia.patch b/patches/openssl-1.0.2q/0007-block_digicert_malaysia.patch deleted file mode 100644 index e5024163c..000000000 --- a/patches/openssl-1.0.2q/0007-block_digicert_malaysia.patch +++ /dev/null @@ -1,36 +0,0 @@ -From: Raphael Geissert <geissert@debian.org> -Date: Tue, 12 Dec 2017 23:35:24 +0100 -Subject: [PATCH] block_digicert_malaysia - -Description: make X509_verify_cert indicate that any certificate whose - name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked. -Forwarded: not-needed -Origin: vendor -Last-Update: 2011-11-05 - -Imported from openssl1.0_1.0.2q-2.debian.tar.xz - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - crypto/x509/x509_vfy.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 77bdb18882ce..f7f8ed76e05b 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -1122,10 +1122,11 @@ static int check_ca_blacklist(X509_STORE_CTX *ctx) - for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) - { - x = sk_X509_value(ctx->chain, i); -- /* Mark DigiNotar certificates as revoked, no matter -- * where in the chain they are. -+ /* Mark certificates containing the following names as -+ * revoked, no matter where in the chain they are. - */ -- if (x->name && strstr(x->name, "DigiNotar")) -+ if (x->name && (strstr(x->name, "DigiNotar") || -+ strstr(x->name, "Digicert Sdn. Bhd."))) - { - ctx->error = X509_V_ERR_CERT_REVOKED; - ctx->error_depth = i; diff --git a/patches/openssl-1.0.2q/0008-Disable-the-freelist.patch b/patches/openssl-1.0.2q/0008-Disable-the-freelist.patch deleted file mode 100644 index f1e959ce8..000000000 --- a/patches/openssl-1.0.2q/0008-Disable-the-freelist.patch +++ /dev/null @@ -1,41 +0,0 @@ -From: Kurt Roeckx <kurt@roeckx.be> -Date: Tue, 12 Dec 2017 23:35:24 +0100 -Subject: [PATCH] Disable the freelist - -We don't define OPENSSL_NO_BUF_FREELISTS globally sinc it changes structures and -would break the ABI. Instead we just do it in the .c files that try to do -something with it. - -Imported from openssl1.0_1.0.2q-2.debian.tar.xz - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - ssl/s3_both.c | 1 + - ssl/ssl_lib.c | 2 ++ - 2 files changed, 3 insertions(+) - -diff --git a/ssl/s3_both.c b/ssl/s3_both.c -index 054ded1c9903..bb0085cf2ec0 100644 ---- a/ssl/s3_both.c -+++ b/ssl/s3_both.c -@@ -584,6 +584,7 @@ int ssl_verify_alarm_type(long type) - return (al); - } - -+#define OPENSSL_NO_BUF_FREELISTS - #ifndef OPENSSL_NO_BUF_FREELISTS - /*- - * On some platforms, malloc() performance is bad enough that you can't just -diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index cfcfe76b9ce1..5c108288b14b 100644 ---- a/ssl/ssl_lib.c -+++ b/ssl/ssl_lib.c -@@ -162,6 +162,8 @@ - - const char *SSL_version_str = OPENSSL_VERSION_TEXT; - -+#define OPENSSL_NO_BUF_FREELISTS -+ - SSL3_ENC_METHOD ssl3_undef_enc_method = { - /* - * evil casts, but these functions are only called if there's a library diff --git a/patches/openssl-1.0.2q/0009-Mark-3DES-and-RC4-ciphers-as-weak.patch b/patches/openssl-1.0.2q/0009-Mark-3DES-and-RC4-ciphers-as-weak.patch deleted file mode 100644 index 0cc5ec9d5..000000000 --- a/patches/openssl-1.0.2q/0009-Mark-3DES-and-RC4-ciphers-as-weak.patch +++ /dev/null @@ -1,429 +0,0 @@ -From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> -Date: Sun, 18 Dec 2016 15:37:52 +0100 -Subject: [PATCH] Mark 3DES and RC4 ciphers as weak - -This disables RC4 and 3DES in our build - -Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> - -Imported from openssl1.0_1.0.2q-2.debian.tar.xz - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - ssl/s3_lib.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++- - 1 file changed, 58 insertions(+), 1 deletion(-) - -diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 10c6db683b6e..4b4032ba397a 100644 ---- a/ssl/s3_lib.c -+++ b/ssl/s3_lib.c -@@ -216,6 +216,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - #endif - - /* Cipher 04 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_RSA_RC4_128_MD5, -@@ -230,8 +231,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif - - /* Cipher 05 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_RSA_RC4_128_SHA, -@@ -246,7 +249,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -- -+#endif - /* Cipher 06 */ - #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { -@@ -320,6 +323,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - #endif - - /* Cipher 0A */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_RSA_DES_192_CBC3_SHA, -@@ -334,6 +338,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* The DH ciphers */ - /* Cipher 0B */ -@@ -373,6 +378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - #endif - - /* Cipher 0D */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, -@@ -387,6 +393,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher 0E */ - #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS -@@ -425,6 +432,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - #endif - - /* Cipher 10 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, -@@ -439,6 +447,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* The Ephemeral DH ciphers */ - /* Cipher 11 */ -@@ -478,6 +487,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - #endif - - /* Cipher 13 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, -@@ -492,6 +502,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher 14 */ - #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS -@@ -530,6 +541,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - #endif - - /* Cipher 16 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, -@@ -544,6 +556,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher 17 */ - #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS -@@ -564,6 +577,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - #endif - - /* Cipher 18 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_ADH_RC4_128_MD5, -@@ -578,6 +592,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif - - /* Cipher 19 */ - #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS -@@ -616,6 +631,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - #endif - - /* Cipher 1B */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_ADH_DES_192_CBC_SHA, -@@ -630,6 +646,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Fortezza ciphersuite from SSL 3.0 spec */ - #if 0 -@@ -703,6 +720,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - # endif - - /* Cipher 1F */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_KRB5_DES_192_CBC3_SHA, -@@ -717,8 +735,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher 20 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_KRB5_RC4_128_SHA, -@@ -733,6 +753,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif - - /* Cipher 21 */ - { -@@ -769,6 +790,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - # endif - - /* Cipher 23 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_KRB5_DES_192_CBC3_MD5, -@@ -783,8 +805,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher 24 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - SSL3_TXT_KRB5_RC4_128_MD5, -@@ -799,6 +823,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif - - /* Cipher 25 */ - { -@@ -1418,6 +1443,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - # endif - - /* Cipher 66 */ -+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, -@@ -1432,6 +1458,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif - #endif - - /* TLS v1.2 ciphersuites */ -@@ -1703,6 +1730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - - #ifndef OPENSSL_NO_PSK - /* Cipher 8A */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_PSK_WITH_RC4_128_SHA, -@@ -1717,8 +1745,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif - - /* Cipher 8B */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA, -@@ -1733,6 +1763,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher 8C */ - { -@@ -2095,6 +2126,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - }, - - /* Cipher C002 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA, -@@ -2109,8 +2141,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif - - /* Cipher C003 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA, -@@ -2125,6 +2159,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher C004 */ - { -@@ -2175,6 +2210,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - }, - - /* Cipher C007 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, -@@ -2189,8 +2225,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif - - /* Cipher C008 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, -@@ -2205,6 +2243,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher C009 */ - { -@@ -2255,6 +2294,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - }, - - /* Cipher C00C */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA, -@@ -2269,8 +2309,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif - - /* Cipher C00D */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA, -@@ -2285,6 +2327,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher C00E */ - { -@@ -2335,6 +2378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - }, - - /* Cipher C011 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, -@@ -2349,8 +2393,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif - - /* Cipher C012 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, -@@ -2365,6 +2411,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher C013 */ - { -@@ -2415,6 +2462,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - }, - - /* Cipher C016 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, -@@ -2429,8 +2477,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 128, - 128, - }, -+#endif - - /* Cipher C017 */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, -@@ -2445,6 +2495,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher C018 */ - { -@@ -2481,6 +2532,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - - #ifndef OPENSSL_NO_SRP - /* Cipher C01A */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA, -@@ -2495,8 +2547,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher C01B */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA, -@@ -2511,8 +2565,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher C01C */ -+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS - { - 1, - TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA, -@@ -2527,6 +2583,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { - 112, - 168, - }, -+#endif - - /* Cipher C01D */ - { diff --git a/patches/openssl-1.0.2q/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch b/patches/openssl-1.0.2q/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch deleted file mode 100644 index b445ea79d..000000000 --- a/patches/openssl-1.0.2q/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Michael Olbrich <m.olbrich@pengutronix.de> -Date: Mon, 11 Aug 2014 12:28:49 +0200 -Subject: [PATCH] Configure: don't ask dpkg-buildflags for more flags - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - Configure | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Configure b/Configure -index 9f58145ef000..4b6f13ee238c 100755 ---- a/Configure -+++ b/Configure -@@ -134,7 +134,7 @@ my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers - my $warn_make_depend = 0; - - # There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS --my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; -+my $debian_cflags = "-g -O2 -Wformat -Werror=format-security " . "-Wa,--noexecstack -Wall"; - $debian_cflags =~ s/\n/ /g; - - my $strict_warnings = 0; diff --git a/patches/openssl-1.0.2q/0101-fix-parallel-building.patch b/patches/openssl-1.0.2q/0101-fix-parallel-building.patch deleted file mode 100644 index 65a77a79f..000000000 --- a/patches/openssl-1.0.2q/0101-fix-parallel-building.patch +++ /dev/null @@ -1,108 +0,0 @@ -From: Michael Olbrich <m.olbrich@pengutronix.de> -Date: Mon, 23 Mar 2015 09:29:05 +0100 -Subject: [PATCH] fix parallel building - -Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> ---- - Makefile.org | 22 ++++++++++++++-------- - crypto/Makefile | 4 ++-- - engines/Makefile | 4 ++-- - 3 files changed, 18 insertions(+), 12 deletions(-) - -diff --git a/Makefile.org b/Makefile.org -index f51f0a756c3e..aed1dd978ff4 100644 ---- a/Makefile.org -+++ b/Makefile.org -@@ -281,18 +281,24 @@ build_libs: build_libcrypto build_libssl openssl.pc - build_libcrypto: build_crypto build_engines libcrypto.pc - build_libssl: build_ssl libssl.pc - -+ifeq ($(SHARED_LIBS),) -+build_ssl: build_engines -+else -+build_engines: build_ssl -+endif -+ - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) -+ @+dir=crypto; target=all; $(BUILD_ONE_CMD) - build_ssl: build_crypto -- @dir=ssl; target=all; $(BUILD_ONE_CMD) -+ @+dir=ssl; target=all; $(BUILD_ONE_CMD) - build_engines: build_crypto -- @dir=engines; target=all; $(BUILD_ONE_CMD) -+ @+dir=engines; target=all; $(BUILD_ONE_CMD) - build_apps: build_libs -- @dir=apps; target=all; $(BUILD_ONE_CMD) -+ @+dir=apps; target=all; $(BUILD_ONE_CMD) - build_tests: build_libs -- @dir=test; target=all; $(BUILD_ONE_CMD) -+ @+dir=test; target=all; $(BUILD_ONE_CMD) - build_tools: build_libs -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ @+dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -@@ -311,7 +317,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT) - FIPSLD_CC="$(CC)"; CC=$(FIPSDIR)/bin/fipsld; \ - export CC FIPSLD_CC FIPSLD_LIBCRYPTO; \ - fi; \ -- $(MAKE) -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ -+ $(MAKE) -j1 -e SHLIBDIRS=crypto CC="$${CC:-$(CC)}" build-shared && \ - (touch -c fips_premain_dso$(EXE_EXT) || :); \ - else \ - echo "There's no support for shared libraries on this platform" >&2; \ -@@ -320,7 +326,7 @@ libcrypto$(SHLIB_EXT): libcrypto.a fips_premain_dso$(EXE_EXT) - - libssl$(SHLIB_EXT): libcrypto$(SHLIB_EXT) libssl.a - @if [ "$(SHLIB_TARGET)" != "" ]; then \ -- $(MAKE) SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ -+ $(MAKE) -j1 SHLIBDIRS=ssl SHLIBDEPS='-lcrypto' build-shared; \ - else \ - echo "There's no support for shared libraries on this platform" >&2; \ - exit 1; \ -diff --git a/crypto/Makefile b/crypto/Makefile -index 7869996a9c07..76690a1c8619 100644 ---- a/crypto/Makefile -+++ b/crypto/Makefile -@@ -85,7 +85,7 @@ testapps: - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ @+target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO -@@ -100,7 +100,7 @@ links: - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) subdirs - $(AR) $(LIB) $(LIBOBJ) - test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o - $(RANLIB) $(LIB) || echo Never mind. -diff --git a/engines/Makefile b/engines/Makefile -index 2058ff405afe..98e41437e1f2 100644 ---- a/engines/Makefile -+++ b/engines/Makefile -@@ -72,7 +72,7 @@ top: - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ lib: $(LIBOBJ) - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ @+target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/patches/openssl-1.0.2q/series b/patches/openssl-1.0.2q/series deleted file mode 100644 index cd63acf1e..000000000 --- a/patches/openssl-1.0.2q/series +++ /dev/null @@ -1,16 +0,0 @@ -# generated by git-ptx-patches -#tag:base --start-number 1 -#tag:debian --start-number 1 -0001-debian-targets.patch -0002-no-rpath.patch -0003-pic.patch -0004-valgrind.patch -0005-shared-lib-ext.patch -0006-block_diginotar.patch -0007-block_digicert_malaysia.patch -0008-Disable-the-freelist.patch -0009-Mark-3DES-and-RC4-ciphers-as-weak.patch -#tag:ptx --start-number 100 -0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch -0101-fix-parallel-building.patch -# d6f7b68c6d4f0780398061fbcec6168c - git-ptx-patches magic diff --git a/patches/openssl-1.1.1b/0001-debian-targets.patch b/patches/openssl-1.1.1b/0001-debian-targets.patch new file mode 100644 index 000000000..00ba1ac3f --- /dev/null +++ b/patches/openssl-1.1.1b/0001-debian-targets.patch @@ -0,0 +1,210 @@ +From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> +Date: Sun, 5 Nov 2017 15:09:09 +0100 +Subject: [PATCH] debian-targets + +Imported from openssl_1.1.1b-1.debian.tar.xz + +Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> +--- + Configurations/20-debian.conf | 192 ++++++++++++++++++++++++++++++++++ + 1 file changed, 192 insertions(+) + create mode 100644 Configurations/20-debian.conf + +diff --git a/Configurations/20-debian.conf b/Configurations/20-debian.conf +new file mode 100644 +index 000000000000..71215d94dfc1 +--- /dev/null ++++ b/Configurations/20-debian.conf +@@ -0,0 +1,192 @@ ++my %targets = ( ++ "debian" => { ++ cflags => add("-Wa,--noexecstack -Wall"), ++ }, ++ "debian-alpha" => { ++ inherit_from => [ "linux-alpha-gcc", "debian" ], ++ }, ++ "debian-alpha-ev4" => { ++ inherit_from => [ "debian-alpha" ], ++ cflags => add("-mcpu=ev4"), ++ }, ++ "debian-alpha-ev5" => { ++ inherit_from => [ "debian-alpha" ], ++ cflags => add("-mcpu=ev5"), ++ }, ++ "debian-arm64" => { ++ inherit_from => [ "linux-aarch64", "debian" ], ++ }, ++ "debian-arm64ilp32" => { ++ inherit_from => [ "linux-arm64ilp32", "debian" ], ++ }, ++ "debian-armel" => { ++ inherit_from => [ "linux-armv4", "debian" ], ++ }, ++ "debian-armhf" => { ++ inherit_from => [ "linux-armv4", "debian" ], ++ }, ++ "debian-amd64" => { ++ inherit_from => [ "linux-x86_64", "debian" ], ++ }, ++ "debian-i386" => { ++ inherit_from => [ "linux-elf", "debian" ], ++ }, ++ "debian-avr32" => { ++ inherit_from => [ "linux-generic32", "debian" ], ++ }, ++ "debian-kfreebsd-amd64" => { ++ inherit_from => [ "debian-amd64" ], ++ enable => [ ], ++ }, ++ "debian-kfreebsd-i386" => { ++ inherit_from => [ "debian-i386" ], ++ enable => [ ], ++ }, ++ "debian-hppa" => { ++ inherit_from => [ "linux-generic32", "debian" ], ++ }, ++ "debian-hurd-i386" => { ++ inherit_from => [ "hurd-x86", "debian" ], ++ }, ++ "debian-ia64" => { ++ inherit_from => [ "linux-ia64", "debian" ], ++ }, ++ "debian-m68k" => { ++ inherit_from => [ "linux-generic32", "debian" ], ++ }, ++ "debian-mips" => { ++ inherit_from => [ "linux-mips32", "debian" ], ++ cflags => add("-DB_ENDIAN"), ++ }, ++ "debian-mipsel" => { ++ inherit_from => [ "linux-mips32", "debian" ], ++ cflags => add("-DL_ENDIAN"), ++ }, ++ "debian-mipsn32" => { ++ inherit_from => [ "linux-mips64", "debian" ], ++ cflags => add("-DB_ENDIAN"), ++ }, ++ "debian-mipsn32el" => { ++ inherit_from => [ "linux-mips64", "debian" ], ++ cflags => add("-DL_ENDIAN"), ++ }, ++ "debian-mips64" => { ++ inherit_from => [ "linux64-mips64", "debian" ], ++ cflags => add("-DB_ENDIAN"), ++ }, ++ "debian-mips64el" => { ++ inherit_from => [ "linux64-mips64", "debian" ], ++ cflags => add("-DL_ENDIAN"), ++ }, ++ ++ # Temporary MIPS R6 targets. Those will vanish approx in 1.1.1 because ++ # aes-mips.pl creates proper R6 ASM code. After that, we can inherit from ++ # the linux*-mips* targets. ++ "linux-mips32r6" => { ++ # Configure script adds minimally required -march for assembly ++ # support, if no -march was specified at command line. ++ inherit_from => [ "linux-generic32"], ++ cflags => add("-mabi=32"), ++ perlasm_scheme => "o32", ++ shared_ldflag => add("-mabi=32"), ++ }, ++ # mips32 and mips64 below refer to contemporary MIPS Architecture ++ # specifications, MIPS32 and MIPS64, rather than to kernel bitness. ++ "linux-mips64r6" => { ++ inherit_from => [ "linux-generic32"], ++ cflags => add("-mabi=n32"), ++ bn_ops => "SIXTY_FOUR_BIT RC4_CHAR", ++ perlasm_scheme => "n32", ++ shared_ldflag => add("-mabi=n32"), ++ multilib => "32", ++ }, ++ "linux64-mips64r6" => { ++ inherit_from => [ "linux-generic64"], ++ cflags => add("-mabi=64"), ++ perlasm_scheme => "64", ++ shared_ldflag => add("-mabi=64"), ++ multilib => "64", ++ }, ++ "debian-mipsr6" => { ++ inherit_from => [ "linux-mips32r6", "debian" ], ++ cflags => add("-DB_ENDIAN"), ++ }, ++ "debian-mipsr6el" => { ++ inherit_from => [ "linux-mips32r6", "debian" ], ++ cflags => add("-DL_ENDIAN"), ++ }, ++ "debian-mipsn32r6" => { ++ inherit_from => [ "linux-mips64r6", "debian" ], ++ cflags => add("-DB_ENDIAN"), ++ }, ++ "debian-mipsn32r6el" => { ++ inherit_from => [ "linux-mips64r6", "debian" ], ++ cflags => add("-DL_ENDIAN"), ++ }, ++ "debian-mips64r6" => { ++ inherit_from => [ "linux64-mips64r6", "debian" ], ++ cflags => add("-DB_ENDIAN"), ++ }, ++ "debian-mips64r6el" => { ++ inherit_from => [ "linux64-mips64r6", "debian" ], ++ cflags => add("-DL_ENDIAN"), ++ }, ++ ++ "debian-nios2" => { ++ inherit_from => [ "linux-generic32", "debian" ], ++ }, ++ "debian-powerpc" => { ++ inherit_from => [ "linux-ppc", "debian" ], ++ }, ++ "debian-powerpcspe" => { ++ inherit_from => [ "linux-ppc", "debian" ], ++ }, ++ "debian-ppc64" => { ++ inherit_from => [ "linux-generic64", "debian", asm("ppc64_asm") ], ++ cflags => add("-DB_ENDIAN"), ++ perlasm_scheme => "linux64", ++ }, ++ "debian-ppc64el" => { ++ inherit_from => [ "linux-ppc64le", "debian" ], ++ }, ++ "debian-riscv64" => { ++ inherit_from => [ "linux-generic64", "debian" ], ++ }, ++ "debian-s390" => { ++ inherit_from => [ "linux-generic32", "debian" ], ++ }, ++ "debian-s390x" => { ++ inherit_from => [ "linux64-s390x", "debian" ], ++ }, ++ "debian-sh3" => { ++ inherit_from => [ "linux-generic32", "debian" ], ++ }, ++ "debian-sh3eb" => { ++ inherit_from => [ "linux-generic32", "debian" ], ++ }, ++ "debian-sh4" => { ++ inherit_from => [ "linux-generic32", "debian" ], ++ }, ++ "debian-sh4eb" => { ++ inherit_from => [ "linux-generic32", "debian" ], ++ }, ++ "debian-m32r" => { ++ inherit_from => [ "linux-generic32", "debian" ], ++ }, ++ "debian-sparc" => { ++ inherit_from => [ "linux-generic32", "debian", asm("sparcv9_asm") ], ++ cflags => add("-DB_ENDIAN -DBN_DIV2W"), ++ }, ++ "debian-sparc64" => { ++ inherit_from => [ "linux-generic64", "debian", asm("sparcv9_asm") ], ++ cflags => add("-m64 -mcpu=ultrasparc -DB_ENDIAN"), ++ bn_ops => "BN_LLONG RC4_CHAR", ++ }, ++ "debian-tilegx" => { ++ inherit_from => [ "linux-generic64", "debian" ], ++ }, ++ "debian-x32" => { ++ inherit_from => [ "linux-x32", "debian" ], ++ }, ++); ++ diff --git a/patches/openssl-1.0.2q/0003-pic.patch b/patches/openssl-1.1.1b/0002-pic.patch index c03a3194b..e839c413a 100644 --- a/patches/openssl-1.0.2q/0003-pic.patch +++ b/patches/openssl-1.1.1b/0002-pic.patch @@ -1,8 +1,8 @@ From: Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org> -Date: Tue, 12 Dec 2017 23:35:24 +0100 +Date: Sun, 5 Nov 2017 15:09:09 +0100 Subject: [PATCH] pic -Imported from openssl1.0_1.0.2q-2.debian.tar.xz +Imported from openssl_1.1.1b-1.debian.tar.xz Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> --- @@ -13,10 +13,10 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> 4 files changed, 55 insertions(+), 12 deletions(-) diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl -index eec00886e4c6..ab6f52452bf3 100644 +index ef7054e27506..50765d2b1552 100644 --- a/crypto/des/asm/desboth.pl +++ b/crypto/des/asm/desboth.pl -@@ -16,6 +16,11 @@ sub DES_encrypt3 +@@ -23,6 +23,11 @@ sub DES_encrypt3 &push("edi"); @@ -28,7 +28,7 @@ index eec00886e4c6..ab6f52452bf3 100644 &comment(""); &comment("Load the data words"); &mov($L,&DWP(0,"ebx","",0)); -@@ -47,15 +52,21 @@ sub DES_encrypt3 +@@ -54,15 +59,21 @@ sub DES_encrypt3 &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); &mov(&swtmp(1), "eax"); &mov(&swtmp(0), "ebx"); @@ -54,10 +54,10 @@ index eec00886e4c6..ab6f52452bf3 100644 &stack_pop(3); &mov($L,&DWP(0,"ebx","",0)); diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl -index 24561e759aba..269fb0b0c69f 100644 +index 01bafe457d68..c093be5a4fd6 100644 --- a/crypto/perlasm/cbc.pl +++ b/crypto/perlasm/cbc.pl -@@ -122,7 +122,11 @@ sub cbc +@@ -129,7 +129,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -70,7 +70,7 @@ index 24561e759aba..269fb0b0c69f 100644 &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -185,7 +189,11 @@ sub cbc +@@ -192,7 +196,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -83,7 +83,7 @@ index 24561e759aba..269fb0b0c69f 100644 &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -218,7 +226,11 @@ sub cbc +@@ -225,7 +233,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -96,7 +96,7 @@ index 24561e759aba..269fb0b0c69f 100644 &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # -@@ -261,7 +273,11 @@ sub cbc +@@ -268,7 +280,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -110,10 +110,10 @@ index 24561e759aba..269fb0b0c69f 100644 &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl -index 63b2301fd1f0..176b04d24521 100644 +index 5c7ea3880e4d..7e49b55e97c7 100644 --- a/crypto/perlasm/x86gas.pl +++ b/crypto/perlasm/x86gas.pl -@@ -163,6 +163,7 @@ sub ::file_end +@@ -170,6 +170,7 @@ sub ::file_end if ($::macosx) { push (@out,"$tmp,2\n"); } elsif ($::elf) { push (@out,"$tmp,4\n"); } else { push (@out,"$tmp\n"); } @@ -121,7 +121,7 @@ index 63b2301fd1f0..176b04d24521 100644 } push(@out,$initseg) if ($initseg); } -@@ -221,8 +222,23 @@ ___ +@@ -228,8 +229,23 @@ ___ elsif ($::elf) { $initseg.=<<___; .section .init @@ -146,10 +146,10 @@ index 63b2301fd1f0..176b04d24521 100644 elsif ($::coff) { $initseg.=<<___; # applies to both Cygwin and Mingw diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl -index 90ed196c09cd..b49d1be8c38c 100644 +index d43dda4d935c..d72a36fbf0c5 100644 --- a/crypto/x86cpuid.pl +++ b/crypto/x86cpuid.pl -@@ -8,6 +8,8 @@ require "x86asm.pl"; +@@ -18,6 +18,8 @@ open OUT,">$output"; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -158,7 +158,7 @@ index 90ed196c09cd..b49d1be8c38c 100644 &function_begin("OPENSSL_ia32_cpuid"); &xor ("edx","edx"); &pushf (); -@@ -153,9 +155,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +@@ -163,9 +165,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &set_label("nocpuid"); &function_end("OPENSSL_ia32_cpuid"); @@ -169,7 +169,7 @@ index 90ed196c09cd..b49d1be8c38c 100644 &xor ("eax","eax"); &xor ("edx","edx"); &picmeup("ecx","OPENSSL_ia32cap_P"); -@@ -169,7 +169,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +@@ -179,7 +179,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], # but it's safe to call it on any [supported] 32-bit platform... # Just check for [non-]zero return value... @@ -178,7 +178,7 @@ index 90ed196c09cd..b49d1be8c38c 100644 &picmeup("ecx","OPENSSL_ia32cap_P"); &bt (&DWP(0,"ecx"),4); &jnc (&label("nohalt")); # no TSC -@@ -236,7 +236,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } +@@ -246,7 +246,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } &ret (); &function_end_B("OPENSSL_far_spin"); diff --git a/patches/openssl-1.1.1b/0003-Set-systemwide-default-settings-for-libssl-users.patch b/patches/openssl-1.1.1b/0003-Set-systemwide-default-settings-for-libssl-users.patch new file mode 100644 index 000000000..36d85237c --- /dev/null +++ b/patches/openssl-1.1.1b/0003-Set-systemwide-default-settings-for-libssl-users.patch @@ -0,0 +1,46 @@ +From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> +Date: Tue, 20 Mar 2018 22:07:30 +0100 +Subject: [PATCH] Set systemwide default settings for libssl users + +This config change enforeces a TLS1.2 protocol version as minimum. It +can be overwritten by the system administrator. + +It also changes the default security level from 1 to 2, moving from the 80 bit +security level to the 112 bit security level. + +Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> + +Imported from openssl_1.1.1b-1.debian.tar.xz + +Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de> +--- + apps/openssl.cnf | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/apps/openssl.cnf b/apps/openssl.cnf +index 4acca4b0446f..a6fed92a2e75 100644 +--- a/apps/openssl.cnf ++++ b/apps/openssl.cnf +@@ -15,6 +15,9 @@ HOME = . + #oid_file = $ENV::HOME/.oid + oid_section = new_oids + ++# System default ++openssl_conf = default_conf ++ + # To use this configuration file with the "-extfile" option of the + # "openssl x509" utility, name here the section containing the + # X.509v3 extensions to use: +@@ -348,3 +351,12 @@ ess_cert_id_chain = no # Must the ESS cert id chain be included? + # (optional, default: no) + ess_cert_id_alg = sha1 # algorithm to compute certificate + # identifier (optional, default: sha1) ++[default_conf] ++ssl_conf = ssl_sect ++ ++[ssl_sect] ++system_default = system_default_sect ++ ++[system_default_sect] ++MinProtocol = TLSv1.2 ++CipherString = DEFAULT@SECLEVEL=2 diff --git a/patches/openssl-1.1.1b/series b/patches/openssl-1.1.1b/series new file mode 100644 index 000000000..b14908821 --- /dev/null +++ b/patches/openssl-1.1.1b/series @@ -0,0 +1,8 @@ +# generated by git-ptx-patches +#tag:base --start-number 1 +#tag:debian --start-number 1 +0001-debian-targets.patch +0002-pic.patch +0003-Set-systemwide-default-settings-for-libssl-users.patch +#tag:ptx --start-number 100 +# 643481f88d41dce057273b06b0c390e1 - git-ptx-patches magic diff --git a/rules/host-openssl.make b/rules/host-openssl.make index fbb2e55d7..74d6b2e5b 100644 --- a/rules/host-openssl.make +++ b/rules/host-openssl.make @@ -33,12 +33,12 @@ HOST_OPENSSL_CONF_ENV := $(HOST_ENV) # no ':=' here HOST_OPENSSL_CONF_OPT = \ --prefix=/ \ - --install_prefix=$(HOST_OPENSSL_PKGDIR) \ --libdir=/lib \ shared HOST_OPENSSL_INSTALL_OPT := \ - install_sw + install_sw \ + install_ssldirs # # Follow the directions in INSTALL section 1a. diff --git a/rules/openssl.make b/rules/openssl.make index d51407778..a6962baed 100644 --- a/rules/openssl.make +++ b/rules/openssl.make @@ -18,10 +18,10 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl # # Paths and names # -OPENSSL_BASE := 1.0.2 -OPENSSL_BUGFIX := q +OPENSSL_BASE := 1.1.1 +OPENSSL_BUGFIX := b OPENSSL_VERSION := $(OPENSSL_BASE)$(OPENSSL_BUGFIX) -OPENSSL_MD5 := 7563e1ce046cb21948eeb6ba1a0eb71c +OPENSSL_MD5 := 4532712e7bcc9414f5bce995e4e13930 OPENSSL := openssl-$(OPENSSL_VERSION) OPENSSL_SUFFIX := tar.gz OPENSSL_URL := \ @@ -74,11 +74,17 @@ endif OPENSSL_CONF_OPT := \ --prefix=/usr \ --openssldir=/usr/lib/ssl \ - --install_prefix=$(OPENSSL_PKGDIR) \ - shared + shared \ + no-idea \ + no-mdc2 \ + no-rc5 \ + no-zlib \ + no-ssl3 \ + no-ssl3-method OPENSSL_INSTALL_OPT := \ - install_sw + install_sw \ + install_ssldirs $(STATEDIR)/openssl.prepare: @$(call targetinfo) |