From 2092ef0f30f6d179638bb305fa16fbb3777991b6 Mon Sep 17 00:00:00 2001 From: Michael Olbrich Date: Wed, 4 May 2016 09:30:14 +0200 Subject: openssl: version bump 1.0.2g -> 1.0.2h Signed-off-by: Michael Olbrich --- patches/openssl-1.0.2g/0001-ca.patch | 31 ---- patches/openssl-1.0.2g/0002-debian-targets.patch | 82 --------- patches/openssl-1.0.2g/0003-engines-path.patch | 101 ----------- patches/openssl-1.0.2g/0004-no-rpath.patch | 24 --- patches/openssl-1.0.2g/0005-no-symbolic.patch | 24 --- patches/openssl-1.0.2g/0006-pic.patch | 189 --------------------- patches/openssl-1.0.2g/0007-valgrind.patch | 31 ---- patches/openssl-1.0.2g/0008-shared-lib-ext.patch | 25 --- patches/openssl-1.0.2g/0009-block_diginotar.patch | 66 ------- .../0010-block_digicert_malaysia.patch | 30 ---- .../openssl-1.0.2g/0011-Disable-the-freelist.patch | 42 ----- patches/openssl-1.0.2g/0012-soname.patch | 24 --- ...-don-t-ask-dpkg-buildflags-for-more-flags.patch | 22 --- .../0101-fix-parallel-building.patch | 90 ---------- patches/openssl-1.0.2g/series | 19 --- patches/openssl-1.0.2h/0001-ca.patch | 31 ++++ patches/openssl-1.0.2h/0002-debian-targets.patch | 83 +++++++++ patches/openssl-1.0.2h/0003-engines-path.patch | 101 +++++++++++ patches/openssl-1.0.2h/0004-no-rpath.patch | 24 +++ patches/openssl-1.0.2h/0005-no-symbolic.patch | 24 +++ patches/openssl-1.0.2h/0006-pic.patch | 189 +++++++++++++++++++++ patches/openssl-1.0.2h/0007-valgrind.patch | 31 ++++ patches/openssl-1.0.2h/0008-shared-lib-ext.patch | 25 +++ patches/openssl-1.0.2h/0009-block_diginotar.patch | 66 +++++++ .../0010-block_digicert_malaysia.patch | 30 ++++ .../openssl-1.0.2h/0011-Disable-the-freelist.patch | 42 +++++ patches/openssl-1.0.2h/0012-soname.patch | 24 +++ ...-don-t-ask-dpkg-buildflags-for-more-flags.patch | 22 +++ .../0101-fix-parallel-building.patch | 90 ++++++++++ patches/openssl-1.0.2h/series | 19 +++ 30 files changed, 801 insertions(+), 800 deletions(-) delete mode 100644 patches/openssl-1.0.2g/0001-ca.patch delete mode 100644 patches/openssl-1.0.2g/0002-debian-targets.patch delete mode 100644 patches/openssl-1.0.2g/0003-engines-path.patch delete mode 100644 patches/openssl-1.0.2g/0004-no-rpath.patch delete mode 100644 patches/openssl-1.0.2g/0005-no-symbolic.patch delete mode 100644 patches/openssl-1.0.2g/0006-pic.patch delete mode 100644 patches/openssl-1.0.2g/0007-valgrind.patch delete mode 100644 patches/openssl-1.0.2g/0008-shared-lib-ext.patch delete mode 100644 patches/openssl-1.0.2g/0009-block_diginotar.patch delete mode 100644 patches/openssl-1.0.2g/0010-block_digicert_malaysia.patch delete mode 100644 patches/openssl-1.0.2g/0011-Disable-the-freelist.patch delete mode 100644 patches/openssl-1.0.2g/0012-soname.patch delete mode 100644 patches/openssl-1.0.2g/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch delete mode 100644 patches/openssl-1.0.2g/0101-fix-parallel-building.patch delete mode 100644 patches/openssl-1.0.2g/series create mode 100644 patches/openssl-1.0.2h/0001-ca.patch create mode 100644 patches/openssl-1.0.2h/0002-debian-targets.patch create mode 100644 patches/openssl-1.0.2h/0003-engines-path.patch create mode 100644 patches/openssl-1.0.2h/0004-no-rpath.patch create mode 100644 patches/openssl-1.0.2h/0005-no-symbolic.patch create mode 100644 patches/openssl-1.0.2h/0006-pic.patch create mode 100644 patches/openssl-1.0.2h/0007-valgrind.patch create mode 100644 patches/openssl-1.0.2h/0008-shared-lib-ext.patch create mode 100644 patches/openssl-1.0.2h/0009-block_diginotar.patch create mode 100644 patches/openssl-1.0.2h/0010-block_digicert_malaysia.patch create mode 100644 patches/openssl-1.0.2h/0011-Disable-the-freelist.patch create mode 100644 patches/openssl-1.0.2h/0012-soname.patch create mode 100644 patches/openssl-1.0.2h/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch create mode 100644 patches/openssl-1.0.2h/0101-fix-parallel-building.patch create mode 100644 patches/openssl-1.0.2h/series (limited to 'patches') diff --git a/patches/openssl-1.0.2g/0001-ca.patch b/patches/openssl-1.0.2g/0001-ca.patch deleted file mode 100644 index 26b1da890..000000000 --- a/patches/openssl-1.0.2g/0001-ca.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: Michael Olbrich -Date: Wed, 2 Mar 2016 07:41:48 +0100 -Subject: [PATCH] ca - -Imported from openssl_1.0.2g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - apps/CA.pl.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/apps/CA.pl.in b/apps/CA.pl.in -index c783a6e6a541..fa665b7b385f 100644 ---- a/apps/CA.pl.in -+++ b/apps/CA.pl.in -@@ -65,6 +65,7 @@ $RET = 0; - foreach (@ARGV) { - if ( /^(-\?|-h|-help)$/ ) { - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; -+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; - exit 0; - } elsif (/^-newcert$/) { - # create a certificate -@@ -165,6 +166,7 @@ foreach (@ARGV) { - } else { - print STDERR "Unknown arg $_\n"; - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; -+ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; - exit 1; - } - } diff --git a/patches/openssl-1.0.2g/0002-debian-targets.patch b/patches/openssl-1.0.2g/0002-debian-targets.patch deleted file mode 100644 index 3932b51e4..000000000 --- a/patches/openssl-1.0.2g/0002-debian-targets.patch +++ /dev/null @@ -1,82 +0,0 @@ -From: Michael Olbrich -Date: Wed, 2 Mar 2016 07:41:48 +0100 -Subject: [PATCH] debian-targets - -Imported from openssl_1.0.2g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - Configure | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 53 insertions(+) - -diff --git a/Configure b/Configure -index c98107a48718..aca30583e17a 100755 ---- a/Configure -+++ b/Configure -@@ -131,6 +131,10 @@ my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers - # Warn that "make depend" should be run? - my $warn_make_depend = 0; - -+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS -+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; -+$debian_cflags =~ s/\n/ /g; -+ - my $strict_warnings = 0; - - my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; -@@ -367,6 +371,55 @@ my %table=( - "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", - "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", - -+# Debian GNU/* (various architectures) -+"debian-alpha","gcc:${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-alpha-ev4","gcc:${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-alpha-ev5","gcc:${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-arm64","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armel","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-armhf","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-amd64", "gcc:-m64 -DL_ENDIAN ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", -+"debian-avr32", "gcc:-DB_ENDIAN ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-kfreebsd-i386","gcc:-DL_ENDIAN ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-hppa","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-hurd-i386","gcc:-DL_ENDIAN -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-ia64","gcc:${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i486","gcc:-DL_ENDIAN ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i586","gcc:-DL_ENDIAN ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-i386-i686/cmov","gcc:-DL_ENDIAN ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-m68k","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mipsel", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mipsn32", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mipsn32el", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips64", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-mips64el", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-i386", "gcc:-DL_ENDIAN ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-m68k", "gcc:-DB_ENDIAN ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-netbsd-sparc", "gcc:-DB_ENDIAN ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-alpha","gcc:${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-i386", "gcc:-DL_ENDIAN ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-or1k", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-powerpc","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-powerpcspe","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-ppc64","gcc:-m64 -DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-ppc64el","gcc:-m64 -DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-s390","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-s390x","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh3", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh4", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh3eb", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sh4eb", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-m32r","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc-v8","gcc:-DB_ENDIAN ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc-v9","gcc:-DB_ENDIAN ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-sparc64","gcc:-m64 -DB_ENDIAN ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", -+"debian-x32","gcc:-mx32 -DL_ENDIAN ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", -+ - #### - #### Variety of LINUX:-) - #### diff --git a/patches/openssl-1.0.2g/0003-engines-path.patch b/patches/openssl-1.0.2g/0003-engines-path.patch deleted file mode 100644 index 17efbc1b7..000000000 --- a/patches/openssl-1.0.2g/0003-engines-path.patch +++ /dev/null @@ -1,101 +0,0 @@ -From: Michael Olbrich -Date: Wed, 2 Mar 2016 07:41:48 +0100 -Subject: [PATCH] engines-path - -Imported from openssl_1.0.2g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - Configure | 2 +- - Makefile.org | 2 +- - engines/Makefile | 10 +++++----- - engines/ccgost/Makefile | 8 ++++---- - 4 files changed, 11 insertions(+), 11 deletions(-) - -diff --git a/Configure b/Configure -index aca30583e17a..f7dbd724028f 100755 ---- a/Configure -+++ b/Configure -@@ -1963,7 +1963,7 @@ while () - } - elsif (/^#define\s+ENGINESDIR/) - { -- my $foo = "$prefix/$libdir/engines"; -+ my $foo = "$prefix/$libdir/openssl-1.0.2/engines"; - $foo =~ s/\\/\\\\/g; - print OUT "#define ENGINESDIR \"$foo\"\n"; - } -diff --git a/Makefile.org b/Makefile.org -index 76fdbdf6ac5c..9aee32001139 100644 ---- a/Makefile.org -+++ b/Makefile.org -@@ -533,7 +533,7 @@ install: all install_docs install_sw - install_sw: - @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ -- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ -+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines \ - $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ - $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ - $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ -diff --git a/engines/Makefile b/engines/Makefile -index 2058ff405afe..df7def6174fd 100644 ---- a/engines/Makefile -+++ b/engines/Makefile -@@ -107,13 +107,13 @@ install: - @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ -- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \ -+ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines; \ - for l in $(LIBNAMES); do \ - ( echo installing $$l; \ - pfx=lib; \ - if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ - sfx=".so"; \ -- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new; \ - else \ - case "$(CFLAGS)" in \ - *DSO_BEOS*) sfx=".so";; \ -@@ -122,10 +122,10 @@ install: - *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ - *) sfx=".bad";; \ - esac; \ -- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -+ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new; \ - fi; \ -- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ -- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ -+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new; \ -+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx ); \ - done; \ - fi - @target=install; $(RECURSIVE_MAKE) -diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile -index 17e1efbdff30..d59a350fd50f 100644 ---- a/engines/ccgost/Makefile -+++ b/engines/ccgost/Makefile -@@ -47,7 +47,7 @@ install: - pfx=lib; \ - if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ - sfx=".so"; \ -- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - else \ - case "$(CFLAGS)" in \ - *DSO_BEOS*) sfx=".so";; \ -@@ -56,10 +56,10 @@ install: - *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ - *) sfx=".bad";; \ - esac; \ -- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new; \ - fi; \ -- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ -+ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new; \ -+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx; \ - fi - - links: diff --git a/patches/openssl-1.0.2g/0004-no-rpath.patch b/patches/openssl-1.0.2g/0004-no-rpath.patch deleted file mode 100644 index 1133adfab..000000000 --- a/patches/openssl-1.0.2g/0004-no-rpath.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Michael Olbrich -Date: Wed, 2 Mar 2016 07:41:48 +0100 -Subject: [PATCH] no-rpath - -Imported from openssl_1.0.2g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - Makefile.shared | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile.shared b/Makefile.shared -index a2aa9804c1d9..5b960d9cdaec 100644 ---- a/Makefile.shared -+++ b/Makefile.shared -@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ - SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - --DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" -+DO_GNU_APP=LDFLAGS="$(CFLAGS)" - - #This is rather special. It's a special target with which one can link - #applications without bothering with any features that have anything to diff --git a/patches/openssl-1.0.2g/0005-no-symbolic.patch b/patches/openssl-1.0.2g/0005-no-symbolic.patch deleted file mode 100644 index 66843d1b5..000000000 --- a/patches/openssl-1.0.2g/0005-no-symbolic.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Michael Olbrich -Date: Wed, 2 Mar 2016 07:41:48 +0100 -Subject: [PATCH] no-symbolic - -Imported from openssl_1.0.2g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - Makefile.shared | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Makefile.shared b/Makefile.shared -index 5b960d9cdaec..1c69ea2edf35 100644 ---- a/Makefile.shared -+++ b/Makefile.shared -@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ - SHLIB_SUFFIX=; \ - ALLSYMSFLAGS='-Wl,--whole-archive'; \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ -- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" -+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - - DO_GNU_APP=LDFLAGS="$(CFLAGS)" - diff --git a/patches/openssl-1.0.2g/0006-pic.patch b/patches/openssl-1.0.2g/0006-pic.patch deleted file mode 100644 index 42d3d7d1d..000000000 --- a/patches/openssl-1.0.2g/0006-pic.patch +++ /dev/null @@ -1,189 +0,0 @@ -From: Michael Olbrich -Date: Wed, 2 Mar 2016 07:41:48 +0100 -Subject: [PATCH] pic - -Imported from openssl_1.0.2g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/des/asm/desboth.pl | 17 ++++++++++++++--- - crypto/perlasm/cbc.pl | 24 ++++++++++++++++++++---- - crypto/perlasm/x86gas.pl | 16 ++++++++++++++++ - crypto/x86cpuid.pl | 10 +++++----- - 4 files changed, 55 insertions(+), 12 deletions(-) - -diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl -index eec00886e4c6..ab6f52452bf3 100644 ---- a/crypto/des/asm/desboth.pl -+++ b/crypto/des/asm/desboth.pl -@@ -16,6 +16,11 @@ sub DES_encrypt3 - - &push("edi"); - -+ &call (&label("pic_point0")); -+ &set_label("pic_point0"); -+ &blindpop("ebp"); -+ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); -+ - &comment(""); - &comment("Load the data words"); - &mov($L,&DWP(0,"ebx","",0)); -@@ -47,15 +52,21 @@ sub DES_encrypt3 - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "eax"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); - &mov(&swtmp(1), "edi"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); - &mov(&swtmp(1), "esi"); - &mov(&swtmp(0), "ebx"); -- &call("DES_encrypt2"); -+ &exch("ebx", "ebp"); -+ &call("DES_encrypt2\@PLT"); -+ &exch("ebx", "ebp"); - - &stack_pop(3); - &mov($L,&DWP(0,"ebx","",0)); -diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl -index 24561e759aba..269fb0b0c69f 100644 ---- a/crypto/perlasm/cbc.pl -+++ b/crypto/perlasm/cbc.pl -@@ -122,7 +122,11 @@ sub cbc - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($enc_func); -+ &call (&label("pic_point0")); -+ &set_label("pic_point0"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); -+ &call("$enc_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -185,7 +189,11 @@ sub cbc - &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($enc_func); -+ &call (&label("pic_point1")); -+ &set_label("pic_point1"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); -+ &call("$enc_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); - &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -218,7 +226,11 @@ sub cbc - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($dec_func); -+ &call (&label("pic_point2")); -+ &set_label("pic_point2"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); -+ &call("$dec_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # -@@ -261,7 +273,11 @@ sub cbc - &mov(&DWP($data_off,"esp","",0), "eax"); # put back - &mov(&DWP($data_off+4,"esp","",0), "ebx"); # - -- &call($dec_func); -+ &call (&label("pic_point3")); -+ &set_label("pic_point3"); -+ &blindpop("ebx"); -+ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); -+ &call("$dec_func\@PLT"); - - &mov("eax", &DWP($data_off,"esp","",0)); # get return - &mov("ebx", &DWP($data_off+4,"esp","",0)); # -diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl -index 63b2301fd1f0..176b04d24521 100644 ---- a/crypto/perlasm/x86gas.pl -+++ b/crypto/perlasm/x86gas.pl -@@ -163,6 +163,7 @@ sub ::file_end - if ($::macosx) { push (@out,"$tmp,2\n"); } - elsif ($::elf) { push (@out,"$tmp,4\n"); } - else { push (@out,"$tmp\n"); } -+ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } - } - push(@out,$initseg) if ($initseg); - } -@@ -221,8 +222,23 @@ ___ - elsif ($::elf) - { $initseg.=<<___; - .section .init -+___ -+ if ($::pic) -+ { $initseg.=<<___; -+ pushl %ebx -+ call .pic_point0 -+.pic_point0: -+ popl %ebx -+ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx -+ call $f\@PLT -+ popl %ebx -+___ -+ } -+ else -+ { $initseg.=<<___; - call $f - ___ -+ } - } - elsif ($::coff) - { $initseg.=<<___; # applies to both Cygwin and Mingw -diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl -index e95f6274f5e0..6e8329d78589 100644 ---- a/crypto/x86cpuid.pl -+++ b/crypto/x86cpuid.pl -@@ -8,6 +8,8 @@ require "x86asm.pl"; - - for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - -+push(@out, ".hidden OPENSSL_ia32cap_P\n"); -+ - &function_begin("OPENSSL_ia32_cpuid"); - &xor ("edx","edx"); - &pushf (); -@@ -155,9 +157,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - &set_label("nocpuid"); - &function_end("OPENSSL_ia32_cpuid"); - --&external_label("OPENSSL_ia32cap_P"); -- --&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_rdtsc"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); -@@ -171,7 +171,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], - # but it's safe to call it on any [supported] 32-bit platform... - # Just check for [non-]zero return value... --&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_instrument_halt"); - &picmeup("ecx","OPENSSL_ia32cap_P"); - &bt (&DWP(0,"ecx"),4); - &jnc (&label("nohalt")); # no TSC -@@ -238,7 +238,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } - &ret (); - &function_end_B("OPENSSL_far_spin"); - --&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); -+&function_begin_B("OPENSSL_wipe_cpu"); - &xor ("eax","eax"); - &xor ("edx","edx"); - &picmeup("ecx","OPENSSL_ia32cap_P"); diff --git a/patches/openssl-1.0.2g/0007-valgrind.patch b/patches/openssl-1.0.2g/0007-valgrind.patch deleted file mode 100644 index 02e3037df..000000000 --- a/patches/openssl-1.0.2g/0007-valgrind.patch +++ /dev/null @@ -1,31 +0,0 @@ -From: Michael Olbrich -Date: Wed, 2 Mar 2016 07:41:48 +0100 -Subject: [PATCH] valgrind - -Imported from openssl_1.0.2g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/rand/md_rand.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c -index 5c13d57765b0..9e0064e79083 100644 ---- a/crypto/rand/md_rand.c -+++ b/crypto/rand/md_rand.c -@@ -480,6 +480,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) - MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); - - #ifndef PURIFY /* purify complains */ -+#if 0 - /* - * The following line uses the supplied buffer as a small source of - * entropy: since this buffer is often uninitialised it may cause -@@ -489,6 +490,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) - */ - MD_Update(&m, buf, j); - #endif -+#endif - - k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; - if (k > 0) { diff --git a/patches/openssl-1.0.2g/0008-shared-lib-ext.patch b/patches/openssl-1.0.2g/0008-shared-lib-ext.patch deleted file mode 100644 index f3af12ae5..000000000 --- a/patches/openssl-1.0.2g/0008-shared-lib-ext.patch +++ /dev/null @@ -1,25 +0,0 @@ -From: Michael Olbrich -Date: Wed, 2 Mar 2016 07:41:48 +0100 -Subject: [PATCH] shared-lib-ext - -Imported from openssl_1.0.2g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - Configure | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/Configure b/Configure -index f7dbd724028f..f9533aec8586 100755 ---- a/Configure -+++ b/Configure -@@ -1829,7 +1829,8 @@ while () - elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) - { - my $sotmp = $1; -- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; -+# s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; -+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; - } - elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) - { diff --git a/patches/openssl-1.0.2g/0009-block_diginotar.patch b/patches/openssl-1.0.2g/0009-block_diginotar.patch deleted file mode 100644 index 0fa67964b..000000000 --- a/patches/openssl-1.0.2g/0009-block_diginotar.patch +++ /dev/null @@ -1,66 +0,0 @@ -From: Raphael Geissert -Date: Wed, 2 Mar 2016 07:41:48 +0100 -Subject: [PATCH] block_diginotar - -This is not meant as final patch. - - -Imported from openssl_1.0.2g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/x509/x509_vfy.c | 27 +++++++++++++++++++++++++++ - 1 file changed, 27 insertions(+) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 4d34dbac9314..3cddc32279e1 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *ctx); - static int check_revocation(X509_STORE_CTX *ctx); - static int check_cert(X509_STORE_CTX *ctx); - static int check_policy(X509_STORE_CTX *ctx); -+static int check_ca_blacklist(X509_STORE_CTX *ctx); - - static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, - unsigned int *preasons, X509_CRL *crl, X509 *x); -@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx) - if (!ok) - goto err; - -+ ok = check_ca_blacklist(ctx); -+ if(!ok) goto err; -+ - #ifndef OPENSSL_NO_RFC3779 - /* RFC 3779 path validation, now that CRL check has been done */ - ok = v3_asid_validate_path(ctx); -@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) - return 1; - } - -+static int check_ca_blacklist(X509_STORE_CTX *ctx) -+ { -+ X509 *x; -+ int i; -+ /* Check all certificates against the blacklist */ -+ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) -+ { -+ x = sk_X509_value(ctx->chain, i); -+ /* Mark DigiNotar certificates as revoked, no matter -+ * where in the chain they are. -+ */ -+ if (x->name && strstr(x->name, "DigiNotar")) -+ { -+ ctx->error = X509_V_ERR_CERT_REVOKED; -+ ctx->error_depth = i; -+ ctx->current_cert = x; -+ if (!ctx->verify_cb(0,ctx)) -+ return 0; -+ } -+ } -+ return 1; -+ } -+ - static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, - X509 **pissuer, int *pscore, unsigned int *preasons, - STACK_OF(X509_CRL) *crls) diff --git a/patches/openssl-1.0.2g/0010-block_digicert_malaysia.patch b/patches/openssl-1.0.2g/0010-block_digicert_malaysia.patch deleted file mode 100644 index c2a303f34..000000000 --- a/patches/openssl-1.0.2g/0010-block_digicert_malaysia.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Raphael Geissert -Date: Wed, 2 Mar 2016 07:41:48 +0100 -Subject: [PATCH] block_digicert_malaysia - -Imported from openssl_1.0.2g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/x509/x509_vfy.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c -index 3cddc32279e1..7970ac58eff7 100644 ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -1008,10 +1008,11 @@ static int check_ca_blacklist(X509_STORE_CTX *ctx) - for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) - { - x = sk_X509_value(ctx->chain, i); -- /* Mark DigiNotar certificates as revoked, no matter -- * where in the chain they are. -+ /* Mark certificates containing the following names as -+ * revoked, no matter where in the chain they are. - */ -- if (x->name && strstr(x->name, "DigiNotar")) -+ if (x->name && (strstr(x->name, "DigiNotar") || -+ strstr(x->name, "Digicert Sdn. Bhd."))) - { - ctx->error = X509_V_ERR_CERT_REVOKED; - ctx->error_depth = i; diff --git a/patches/openssl-1.0.2g/0011-Disable-the-freelist.patch b/patches/openssl-1.0.2g/0011-Disable-the-freelist.patch deleted file mode 100644 index b984982b0..000000000 --- a/patches/openssl-1.0.2g/0011-Disable-the-freelist.patch +++ /dev/null @@ -1,42 +0,0 @@ -From: Kurt Roeckx -Date: Wed, 2 Mar 2016 07:41:48 +0100 -Subject: [PATCH] Disable the freelist - -We don't define OPENSSL_NO_BUF_FREELISTS globally sinc it changes structures and -would break the ABI. Instead we just do it in the .c files that try to do -something with it. - - -Imported from openssl_1.0.2g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - ssl/s3_both.c | 1 + - ssl/ssl_lib.c | 2 ++ - 2 files changed, 3 insertions(+) - -diff --git a/ssl/s3_both.c b/ssl/s3_both.c -index 09d0661e81f6..3429899872b8 100644 ---- a/ssl/s3_both.c -+++ b/ssl/s3_both.c -@@ -573,6 +573,7 @@ int ssl_verify_alarm_type(long type) - return (al); - } - -+#define OPENSSL_NO_BUF_FREELISTS - #ifndef OPENSSL_NO_BUF_FREELISTS - /*- - * On some platforms, malloc() performance is bad enough that you can't just -diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c -index f1279bbf9103..d817b0a4243f 100644 ---- a/ssl/ssl_lib.c -+++ b/ssl/ssl_lib.c -@@ -162,6 +162,8 @@ - - const char *SSL_version_str = OPENSSL_VERSION_TEXT; - -+#define OPENSSL_NO_BUF_FREELISTS -+ - SSL3_ENC_METHOD ssl3_undef_enc_method = { - /* - * evil casts, but these functions are only called if there's a library diff --git a/patches/openssl-1.0.2g/0012-soname.patch b/patches/openssl-1.0.2g/0012-soname.patch deleted file mode 100644 index 150a4e029..000000000 --- a/patches/openssl-1.0.2g/0012-soname.patch +++ /dev/null @@ -1,24 +0,0 @@ -From: Michael Olbrich -Date: Wed, 2 Mar 2016 07:41:48 +0100 -Subject: [PATCH] soname - -Imported from openssl_1.0.2g-1.debian.tar.xz - -Signed-off-by: Michael Olbrich ---- - crypto/opensslv.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/crypto/opensslv.h b/crypto/opensslv.h -index 4334fd15cd87..f8d74f0e506b 100644 ---- a/crypto/opensslv.h -+++ b/crypto/opensslv.h -@@ -88,7 +88,7 @@ extern "C" { - * should only keep the versions that are binary compatible with the current. - */ - # define SHLIB_VERSION_HISTORY "" --# define SHLIB_VERSION_NUMBER "1.0.0" -+# define SHLIB_VERSION_NUMBER "1.0.2" - - - #ifdef __cplusplus diff --git a/patches/openssl-1.0.2g/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch b/patches/openssl-1.0.2g/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch deleted file mode 100644 index bb3e51e58..000000000 --- a/patches/openssl-1.0.2g/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Michael Olbrich -Date: Mon, 11 Aug 2014 12:28:49 +0200 -Subject: [PATCH] Configure: don't ask dpkg-buildflags for more flags - -Signed-off-by: Michael Olbrich ---- - Configure | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Configure b/Configure -index 646194960bf0..e4ae865dbdec 100755 ---- a/Configure -+++ b/Configure -@@ -125,7 +125,7 @@ my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initiali - my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments"; - - # There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS --my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; -+my $debian_cflags = "-g -O2 -Wformat -Werror=format-security " . "-Wa,--noexecstack -Wall"; - $debian_cflags =~ s/\n/ /g; - - my $strict_warnings = 0; diff --git a/patches/openssl-1.0.2g/0101-fix-parallel-building.patch b/patches/openssl-1.0.2g/0101-fix-parallel-building.patch deleted file mode 100644 index b22fa1380..000000000 --- a/patches/openssl-1.0.2g/0101-fix-parallel-building.patch +++ /dev/null @@ -1,90 +0,0 @@ -From: Michael Olbrich -Date: Mon, 23 Mar 2015 09:29:05 +0100 -Subject: [PATCH] fix parallel building - -Signed-off-by: Michael Olbrich ---- - Makefile.org | 18 ++++++++++++------ - crypto/Makefile | 4 ++-- - engines/Makefile | 4 ++-- - 3 files changed, 16 insertions(+), 10 deletions(-) - -diff --git a/Makefile.org b/Makefile.org -index 7c6da5e78ed3..3258f13bf732 100644 ---- a/Makefile.org -+++ b/Makefile.org -@@ -279,18 +279,24 @@ build_libs: build_libcrypto build_libssl openssl.pc - build_libcrypto: build_crypto build_engines libcrypto.pc - build_libssl: build_ssl libssl.pc - -+ifeq ($(SHARED_LIBS),) -+build_ssl: build_engines -+else -+build_engines: build_ssl -+endif -+ - build_crypto: -- @dir=crypto; target=all; $(BUILD_ONE_CMD) -+ @+dir=crypto; target=all; $(BUILD_ONE_CMD) - build_ssl: build_crypto -- @dir=ssl; target=all; $(BUILD_ONE_CMD) -+ @+dir=ssl; target=all; $(BUILD_ONE_CMD) - build_engines: build_crypto -- @dir=engines; target=all; $(BUILD_ONE_CMD) -+ @+dir=engines; target=all; $(BUILD_ONE_CMD) - build_apps: build_libs -- @dir=apps; target=all; $(BUILD_ONE_CMD) -+ @+dir=apps; target=all; $(BUILD_ONE_CMD) - build_tests: build_libs -- @dir=test; target=all; $(BUILD_ONE_CMD) -+ @+dir=test; target=all; $(BUILD_ONE_CMD) - build_tools: build_libs -- @dir=tools; target=all; $(BUILD_ONE_CMD) -+ @+dir=tools; target=all; $(BUILD_ONE_CMD) - - all_testapps: build_libs build_testapps - build_testapps: -diff --git a/crypto/Makefile b/crypto/Makefile -index 7869996a9c07..76690a1c8619 100644 ---- a/crypto/Makefile -+++ b/crypto/Makefile -@@ -85,7 +85,7 @@ testapps: - @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi - - subdirs: -- @target=all; $(RECURSIVE_MAKE) -+ @+target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO -@@ -100,7 +100,7 @@ links: - # lib: $(LIB): are splitted to avoid end-less loop - lib: $(LIB) - @touch lib --$(LIB): $(LIBOBJ) -+$(LIB): $(LIBOBJ) subdirs - $(AR) $(LIB) $(LIBOBJ) - test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o - $(RANLIB) $(LIB) || echo Never mind. -diff --git a/engines/Makefile b/engines/Makefile -index df7def6174fd..ec27bc24be64 100644 ---- a/engines/Makefile -+++ b/engines/Makefile -@@ -72,7 +72,7 @@ top: - - all: lib subdirs - --lib: $(LIBOBJ) -+lib: $(LIBOBJ) subdirs - @if [ -n "$(SHARED_LIBS)" ]; then \ - set -e; \ - for l in $(LIBNAMES); do \ -@@ -89,7 +89,7 @@ lib: $(LIBOBJ) - - subdirs: - echo $(EDIRS) -- @target=all; $(RECURSIVE_MAKE) -+ @+target=all; $(RECURSIVE_MAKE) - - files: - $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/patches/openssl-1.0.2g/series b/patches/openssl-1.0.2g/series deleted file mode 100644 index 898c5a1e7..000000000 --- a/patches/openssl-1.0.2g/series +++ /dev/null @@ -1,19 +0,0 @@ -# generated by git-ptx-patches -#tag:base --start-number 1 -#tag:debian --start-number 1 -0001-ca.patch -0002-debian-targets.patch -0003-engines-path.patch -0004-no-rpath.patch -0005-no-symbolic.patch -0006-pic.patch -0007-valgrind.patch -0008-shared-lib-ext.patch -0009-block_diginotar.patch -0010-block_digicert_malaysia.patch -0011-Disable-the-freelist.patch -0012-soname.patch -#tag:ptx --start-number 100 -0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch -0101-fix-parallel-building.patch -# 140047a5c07890c453b82870bc8087e3 - git-ptx-patches magic diff --git a/patches/openssl-1.0.2h/0001-ca.patch b/patches/openssl-1.0.2h/0001-ca.patch new file mode 100644 index 000000000..b3d7549de --- /dev/null +++ b/patches/openssl-1.0.2h/0001-ca.patch @@ -0,0 +1,31 @@ +From: Michael Olbrich +Date: Wed, 4 May 2016 09:27:51 +0200 +Subject: [PATCH] ca + +Imported from openssl_1.0.2h-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + apps/CA.pl.in | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/apps/CA.pl.in b/apps/CA.pl.in +index c783a6e6a541..fa665b7b385f 100644 +--- a/apps/CA.pl.in ++++ b/apps/CA.pl.in +@@ -65,6 +65,7 @@ $RET = 0; + foreach (@ARGV) { + if ( /^(-\?|-h|-help)$/ ) { + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; ++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; + exit 0; + } elsif (/^-newcert$/) { + # create a certificate +@@ -165,6 +166,7 @@ foreach (@ARGV) { + } else { + print STDERR "Unknown arg $_\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; ++ print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; + exit 1; + } + } diff --git a/patches/openssl-1.0.2h/0002-debian-targets.patch b/patches/openssl-1.0.2h/0002-debian-targets.patch new file mode 100644 index 000000000..80b1f739c --- /dev/null +++ b/patches/openssl-1.0.2h/0002-debian-targets.patch @@ -0,0 +1,83 @@ +From: Michael Olbrich +Date: Wed, 4 May 2016 09:27:51 +0200 +Subject: [PATCH] debian-targets + +Imported from openssl_1.0.2h-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + Configure | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 54 insertions(+) + +diff --git a/Configure b/Configure +index c98107a48718..110849367256 100755 +--- a/Configure ++++ b/Configure +@@ -131,6 +131,10 @@ my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers + # Warn that "make depend" should be run? + my $warn_make_depend = 0; + ++# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS ++my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; ++$debian_cflags =~ s/\n/ /g; ++ + my $strict_warnings = 0; + + my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; +@@ -367,6 +371,56 @@ my %table=( + "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", + "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", + ++# Debian GNU/* (various architectures) ++"debian-alpha","gcc:${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-alpha-ev4","gcc:${debian_cflags} -mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-alpha-ev5","gcc:${debian_cflags} -mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-arm64","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armel","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-armhf","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-amd64", "gcc:-m64 -DL_ENDIAN ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::", ++"debian-avr32", "gcc:-DB_ENDIAN ${debian_cflags} -fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-kfreebsd-i386","gcc:-DL_ENDIAN ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hppa","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-hurd-i386","gcc:-DL_ENDIAN -O3 -Wa,--noexecstack -g -mtune=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ia64","gcc:${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386","gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i486","gcc:-DL_ENDIAN ${debian_cflags} -march=i486::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i586","gcc:-DL_ENDIAN ${debian_cflags} -march=i586::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-i386-i686/cmov","gcc:-DL_ENDIAN ${debian_cflags} -march=i686::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-m68k","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsel", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsn32", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mipsn32el", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips64", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-mips64el", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-i386", "gcc:-DL_ENDIAN ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-m68k", "gcc:-DB_ENDIAN ${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-netbsd-sparc", "gcc:-DB_ENDIAN ${debian_cflags} -mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-nios2", "gcc:-DB_ENDIAN ${debian_cflags}::(unknown)::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-alpha","gcc:${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-i386", "gcc:-DL_ENDIAN ${debian_cflags} -m486::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-or1k", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-powerpc","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-powerpcspe","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ppc64","gcc:-m64 -DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-ppc64el","gcc:-m64 -DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-s390","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-s390x","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh3", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh4", "gcc:-DL_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh3eb", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sh4eb", "gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-m32r","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc","gcc:-DB_ENDIAN ${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc-v8","gcc:-DB_ENDIAN ${debian_cflags} -mcpu=v8 -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc-v9","gcc:-DB_ENDIAN ${debian_cflags} -mcpu=v9 -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-sparc64","gcc:-m64 -DB_ENDIAN ${debian_cflags} -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", ++"debian-x32","gcc:-mx32 -DL_ENDIAN ${debian_cflags} -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32", ++ + #### + #### Variety of LINUX:-) + #### diff --git a/patches/openssl-1.0.2h/0003-engines-path.patch b/patches/openssl-1.0.2h/0003-engines-path.patch new file mode 100644 index 000000000..a33f6da1a --- /dev/null +++ b/patches/openssl-1.0.2h/0003-engines-path.patch @@ -0,0 +1,101 @@ +From: Michael Olbrich +Date: Wed, 4 May 2016 09:27:51 +0200 +Subject: [PATCH] engines-path + +Imported from openssl_1.0.2h-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + Configure | 2 +- + Makefile.org | 2 +- + engines/Makefile | 10 +++++----- + engines/ccgost/Makefile | 8 ++++---- + 4 files changed, 11 insertions(+), 11 deletions(-) + +diff --git a/Configure b/Configure +index 110849367256..90d41302421d 100755 +--- a/Configure ++++ b/Configure +@@ -1964,7 +1964,7 @@ while () + } + elsif (/^#define\s+ENGINESDIR/) + { +- my $foo = "$prefix/$libdir/engines"; ++ my $foo = "$prefix/$libdir/openssl-1.0.2/engines"; + $foo =~ s/\\/\\\\/g; + print OUT "#define ENGINESDIR \"$foo\"\n"; + } +diff --git a/Makefile.org b/Makefile.org +index 76fdbdf6ac5c..9aee32001139 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -533,7 +533,7 @@ install: all install_docs install_sw + install_sw: + @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ +- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \ ++ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines \ + $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ + $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ + $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ +diff --git a/engines/Makefile b/engines/Makefile +index 2058ff405afe..df7def6174fd 100644 +--- a/engines/Makefile ++++ b/engines/Makefile +@@ -107,13 +107,13 @@ install: + @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ +- $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines; \ ++ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines; \ + for l in $(LIBNAMES); do \ + ( echo installing $$l; \ + pfx=lib; \ + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + sfx=".so"; \ +- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new; \ + else \ + case "$(CFLAGS)" in \ + *DSO_BEOS*) sfx=".so";; \ +@@ -122,10 +122,10 @@ install: + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ ++ cp $$pfx$$l$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$$pfx$$l$$sfx ); \ + done; \ + fi + @target=install; $(RECURSIVE_MAKE) +diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile +index 17e1efbdff30..d59a350fd50f 100644 +--- a/engines/ccgost/Makefile ++++ b/engines/ccgost/Makefile +@@ -47,7 +47,7 @@ install: + pfx=lib; \ + if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ + sfx=".so"; \ +- cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp cyg$(LIBNAME).dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + else \ + case "$(CFLAGS)" in \ + *DSO_BEOS*) sfx=".so";; \ +@@ -56,10 +56,10 @@ install: + *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \ + *) sfx=".bad";; \ + esac; \ +- cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ cp $${pfx}$(LIBNAME)$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new; \ + fi; \ +- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \ +- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \ ++ chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new; \ ++ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.2/engines/$${pfx}$(LIBNAME)$$sfx; \ + fi + + links: diff --git a/patches/openssl-1.0.2h/0004-no-rpath.patch b/patches/openssl-1.0.2h/0004-no-rpath.patch new file mode 100644 index 000000000..e4952fc4d --- /dev/null +++ b/patches/openssl-1.0.2h/0004-no-rpath.patch @@ -0,0 +1,24 @@ +From: Michael Olbrich +Date: Wed, 4 May 2016 09:27:51 +0200 +Subject: [PATCH] no-rpath + +Imported from openssl_1.0.2h-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + Makefile.shared | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.shared b/Makefile.shared +index a2aa9804c1d9..5b960d9cdaec 100644 +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ + SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + +-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)" ++DO_GNU_APP=LDFLAGS="$(CFLAGS)" + + #This is rather special. It's a special target with which one can link + #applications without bothering with any features that have anything to diff --git a/patches/openssl-1.0.2h/0005-no-symbolic.patch b/patches/openssl-1.0.2h/0005-no-symbolic.patch new file mode 100644 index 000000000..e36a65d99 --- /dev/null +++ b/patches/openssl-1.0.2h/0005-no-symbolic.patch @@ -0,0 +1,24 @@ +From: Michael Olbrich +Date: Wed, 4 May 2016 09:27:51 +0200 +Subject: [PATCH] no-symbolic + +Imported from openssl_1.0.2h-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + Makefile.shared | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Makefile.shared b/Makefile.shared +index 5b960d9cdaec..1c69ea2edf35 100644 +--- a/Makefile.shared ++++ b/Makefile.shared +@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS='-Wl,--whole-archive'; \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ +- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" ++ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + + DO_GNU_APP=LDFLAGS="$(CFLAGS)" + diff --git a/patches/openssl-1.0.2h/0006-pic.patch b/patches/openssl-1.0.2h/0006-pic.patch new file mode 100644 index 000000000..a46b4efcc --- /dev/null +++ b/patches/openssl-1.0.2h/0006-pic.patch @@ -0,0 +1,189 @@ +From: Michael Olbrich +Date: Wed, 4 May 2016 09:27:51 +0200 +Subject: [PATCH] pic + +Imported from openssl_1.0.2h-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + crypto/des/asm/desboth.pl | 17 ++++++++++++++--- + crypto/perlasm/cbc.pl | 24 ++++++++++++++++++++---- + crypto/perlasm/x86gas.pl | 16 ++++++++++++++++ + crypto/x86cpuid.pl | 10 +++++----- + 4 files changed, 55 insertions(+), 12 deletions(-) + +diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl +index eec00886e4c6..ab6f52452bf3 100644 +--- a/crypto/des/asm/desboth.pl ++++ b/crypto/des/asm/desboth.pl +@@ -16,6 +16,11 @@ sub DES_encrypt3 + + &push("edi"); + ++ &call (&label("pic_point0")); ++ &set_label("pic_point0"); ++ &blindpop("ebp"); ++ &add ("ebp", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); ++ + &comment(""); + &comment("Load the data words"); + &mov($L,&DWP(0,"ebx","",0)); +@@ -47,15 +52,21 @@ sub DES_encrypt3 + &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); + &mov(&swtmp(1), "eax"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); + &mov(&swtmp(1), "edi"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); + &mov(&swtmp(1), "esi"); + &mov(&swtmp(0), "ebx"); +- &call("DES_encrypt2"); ++ &exch("ebx", "ebp"); ++ &call("DES_encrypt2\@PLT"); ++ &exch("ebx", "ebp"); + + &stack_pop(3); + &mov($L,&DWP(0,"ebx","",0)); +diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl +index 24561e759aba..269fb0b0c69f 100644 +--- a/crypto/perlasm/cbc.pl ++++ b/crypto/perlasm/cbc.pl +@@ -122,7 +122,11 @@ sub cbc + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($enc_func); ++ &call (&label("pic_point0")); ++ &set_label("pic_point0"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point0") . "]"); ++ &call("$enc_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); + &mov("ebx", &DWP($data_off+4,"esp","",0)); +@@ -185,7 +189,11 @@ sub cbc + &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($enc_func); ++ &call (&label("pic_point1")); ++ &set_label("pic_point1"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point1") . "]"); ++ &call("$enc_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); + &mov("ebx", &DWP($data_off+4,"esp","",0)); +@@ -218,7 +226,11 @@ sub cbc + &mov(&DWP($data_off,"esp","",0), "eax"); # put back + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($dec_func); ++ &call (&label("pic_point2")); ++ &set_label("pic_point2"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point2") . "]"); ++ &call("$dec_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); # get return + &mov("ebx", &DWP($data_off+4,"esp","",0)); # +@@ -261,7 +273,11 @@ sub cbc + &mov(&DWP($data_off,"esp","",0), "eax"); # put back + &mov(&DWP($data_off+4,"esp","",0), "ebx"); # + +- &call($dec_func); ++ &call (&label("pic_point3")); ++ &set_label("pic_point3"); ++ &blindpop("ebx"); ++ &add ("ebx", "\$_GLOBAL_OFFSET_TABLE_+[.-" . &label("pic_point3") . "]"); ++ &call("$dec_func\@PLT"); + + &mov("eax", &DWP($data_off,"esp","",0)); # get return + &mov("ebx", &DWP($data_off+4,"esp","",0)); # +diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl +index 63b2301fd1f0..176b04d24521 100644 +--- a/crypto/perlasm/x86gas.pl ++++ b/crypto/perlasm/x86gas.pl +@@ -163,6 +163,7 @@ sub ::file_end + if ($::macosx) { push (@out,"$tmp,2\n"); } + elsif ($::elf) { push (@out,"$tmp,4\n"); } + else { push (@out,"$tmp\n"); } ++ if ($::elf) { push (@out,".hidden\tOPENSSL_ia32cap_P\n"); } + } + push(@out,$initseg) if ($initseg); + } +@@ -221,8 +222,23 @@ ___ + elsif ($::elf) + { $initseg.=<<___; + .section .init ++___ ++ if ($::pic) ++ { $initseg.=<<___; ++ pushl %ebx ++ call .pic_point0 ++.pic_point0: ++ popl %ebx ++ addl \$_GLOBAL_OFFSET_TABLE_+[.-.pic_point0],%ebx ++ call $f\@PLT ++ popl %ebx ++___ ++ } ++ else ++ { $initseg.=<<___; + call $f + ___ ++ } + } + elsif ($::coff) + { $initseg.=<<___; # applies to both Cygwin and Mingw +diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl +index e95f6274f5e0..6e8329d78589 100644 +--- a/crypto/x86cpuid.pl ++++ b/crypto/x86cpuid.pl +@@ -8,6 +8,8 @@ require "x86asm.pl"; + + for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + ++push(@out, ".hidden OPENSSL_ia32cap_P\n"); ++ + &function_begin("OPENSSL_ia32_cpuid"); + &xor ("edx","edx"); + &pushf (); +@@ -155,9 +157,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + &set_label("nocpuid"); + &function_end("OPENSSL_ia32_cpuid"); + +-&external_label("OPENSSL_ia32cap_P"); +- +-&function_begin_B("OPENSSL_rdtsc","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_rdtsc"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &picmeup("ecx","OPENSSL_ia32cap_P"); +@@ -171,7 +171,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], + # but it's safe to call it on any [supported] 32-bit platform... + # Just check for [non-]zero return value... +-&function_begin_B("OPENSSL_instrument_halt","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_instrument_halt"); + &picmeup("ecx","OPENSSL_ia32cap_P"); + &bt (&DWP(0,"ecx"),4); + &jnc (&label("nohalt")); # no TSC +@@ -238,7 +238,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } + &ret (); + &function_end_B("OPENSSL_far_spin"); + +-&function_begin_B("OPENSSL_wipe_cpu","EXTRN\t_OPENSSL_ia32cap_P:DWORD"); ++&function_begin_B("OPENSSL_wipe_cpu"); + &xor ("eax","eax"); + &xor ("edx","edx"); + &picmeup("ecx","OPENSSL_ia32cap_P"); diff --git a/patches/openssl-1.0.2h/0007-valgrind.patch b/patches/openssl-1.0.2h/0007-valgrind.patch new file mode 100644 index 000000000..119d78a52 --- /dev/null +++ b/patches/openssl-1.0.2h/0007-valgrind.patch @@ -0,0 +1,31 @@ +From: Michael Olbrich +Date: Wed, 4 May 2016 09:27:51 +0200 +Subject: [PATCH] valgrind + +Imported from openssl_1.0.2h-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + crypto/rand/md_rand.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c +index 5c13d57765b0..9e0064e79083 100644 +--- a/crypto/rand/md_rand.c ++++ b/crypto/rand/md_rand.c +@@ -480,6 +480,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) + MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); + + #ifndef PURIFY /* purify complains */ ++#if 0 + /* + * The following line uses the supplied buffer as a small source of + * entropy: since this buffer is often uninitialised it may cause +@@ -489,6 +490,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int pseudo, int lock) + */ + MD_Update(&m, buf, j); + #endif ++#endif + + k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num; + if (k > 0) { diff --git a/patches/openssl-1.0.2h/0008-shared-lib-ext.patch b/patches/openssl-1.0.2h/0008-shared-lib-ext.patch new file mode 100644 index 000000000..3d6b392d7 --- /dev/null +++ b/patches/openssl-1.0.2h/0008-shared-lib-ext.patch @@ -0,0 +1,25 @@ +From: Michael Olbrich +Date: Wed, 4 May 2016 09:27:51 +0200 +Subject: [PATCH] shared-lib-ext + +Imported from openssl_1.0.2h-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + Configure | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/Configure b/Configure +index 90d41302421d..974407e2d9a5 100755 +--- a/Configure ++++ b/Configure +@@ -1830,7 +1830,8 @@ while () + elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) + { + my $sotmp = $1; +- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; ++# s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/; ++ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/) + { diff --git a/patches/openssl-1.0.2h/0009-block_diginotar.patch b/patches/openssl-1.0.2h/0009-block_diginotar.patch new file mode 100644 index 000000000..a08fda43c --- /dev/null +++ b/patches/openssl-1.0.2h/0009-block_diginotar.patch @@ -0,0 +1,66 @@ +From: Raphael Geissert +Date: Wed, 4 May 2016 09:27:51 +0200 +Subject: [PATCH] block_diginotar + +This is not meant as final patch. + + +Imported from openssl_1.0.2h-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + crypto/x509/x509_vfy.c | 27 +++++++++++++++++++++++++++ + 1 file changed, 27 insertions(+) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index 4d34dbac9314..3cddc32279e1 100644 +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *ctx); + static int check_revocation(X509_STORE_CTX *ctx); + static int check_cert(X509_STORE_CTX *ctx); + static int check_policy(X509_STORE_CTX *ctx); ++static int check_ca_blacklist(X509_STORE_CTX *ctx); + + static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, + unsigned int *preasons, X509_CRL *crl, X509 *x); +@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx) + if (!ok) + goto err; + ++ ok = check_ca_blacklist(ctx); ++ if(!ok) goto err; ++ + #ifndef OPENSSL_NO_RFC3779 + /* RFC 3779 path validation, now that CRL check has been done */ + ok = v3_asid_validate_path(ctx); +@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify) + return 1; + } + ++static int check_ca_blacklist(X509_STORE_CTX *ctx) ++ { ++ X509 *x; ++ int i; ++ /* Check all certificates against the blacklist */ ++ for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) ++ { ++ x = sk_X509_value(ctx->chain, i); ++ /* Mark DigiNotar certificates as revoked, no matter ++ * where in the chain they are. ++ */ ++ if (x->name && strstr(x->name, "DigiNotar")) ++ { ++ ctx->error = X509_V_ERR_CERT_REVOKED; ++ ctx->error_depth = i; ++ ctx->current_cert = x; ++ if (!ctx->verify_cb(0,ctx)) ++ return 0; ++ } ++ } ++ return 1; ++ } ++ + static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl, + X509 **pissuer, int *pscore, unsigned int *preasons, + STACK_OF(X509_CRL) *crls) diff --git a/patches/openssl-1.0.2h/0010-block_digicert_malaysia.patch b/patches/openssl-1.0.2h/0010-block_digicert_malaysia.patch new file mode 100644 index 000000000..19e5dc652 --- /dev/null +++ b/patches/openssl-1.0.2h/0010-block_digicert_malaysia.patch @@ -0,0 +1,30 @@ +From: Raphael Geissert +Date: Wed, 4 May 2016 09:27:51 +0200 +Subject: [PATCH] block_digicert_malaysia + +Imported from openssl_1.0.2h-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + crypto/x509/x509_vfy.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c +index 3cddc32279e1..7970ac58eff7 100644 +--- a/crypto/x509/x509_vfy.c ++++ b/crypto/x509/x509_vfy.c +@@ -1008,10 +1008,11 @@ static int check_ca_blacklist(X509_STORE_CTX *ctx) + for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) + { + x = sk_X509_value(ctx->chain, i); +- /* Mark DigiNotar certificates as revoked, no matter +- * where in the chain they are. ++ /* Mark certificates containing the following names as ++ * revoked, no matter where in the chain they are. + */ +- if (x->name && strstr(x->name, "DigiNotar")) ++ if (x->name && (strstr(x->name, "DigiNotar") || ++ strstr(x->name, "Digicert Sdn. Bhd."))) + { + ctx->error = X509_V_ERR_CERT_REVOKED; + ctx->error_depth = i; diff --git a/patches/openssl-1.0.2h/0011-Disable-the-freelist.patch b/patches/openssl-1.0.2h/0011-Disable-the-freelist.patch new file mode 100644 index 000000000..ebf586673 --- /dev/null +++ b/patches/openssl-1.0.2h/0011-Disable-the-freelist.patch @@ -0,0 +1,42 @@ +From: Kurt Roeckx +Date: Wed, 4 May 2016 09:27:51 +0200 +Subject: [PATCH] Disable the freelist + +We don't define OPENSSL_NO_BUF_FREELISTS globally sinc it changes structures and +would break the ABI. Instead we just do it in the .c files that try to do +something with it. + + +Imported from openssl_1.0.2h-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + ssl/s3_both.c | 1 + + ssl/ssl_lib.c | 2 ++ + 2 files changed, 3 insertions(+) + +diff --git a/ssl/s3_both.c b/ssl/s3_both.c +index 09d0661e81f6..3429899872b8 100644 +--- a/ssl/s3_both.c ++++ b/ssl/s3_both.c +@@ -573,6 +573,7 @@ int ssl_verify_alarm_type(long type) + return (al); + } + ++#define OPENSSL_NO_BUF_FREELISTS + #ifndef OPENSSL_NO_BUF_FREELISTS + /*- + * On some platforms, malloc() performance is bad enough that you can't just +diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c +index fd94325bb3a4..4bf657652041 100644 +--- a/ssl/ssl_lib.c ++++ b/ssl/ssl_lib.c +@@ -162,6 +162,8 @@ + + const char *SSL_version_str = OPENSSL_VERSION_TEXT; + ++#define OPENSSL_NO_BUF_FREELISTS ++ + SSL3_ENC_METHOD ssl3_undef_enc_method = { + /* + * evil casts, but these functions are only called if there's a library diff --git a/patches/openssl-1.0.2h/0012-soname.patch b/patches/openssl-1.0.2h/0012-soname.patch new file mode 100644 index 000000000..76c842b50 --- /dev/null +++ b/patches/openssl-1.0.2h/0012-soname.patch @@ -0,0 +1,24 @@ +From: Michael Olbrich +Date: Wed, 4 May 2016 09:27:51 +0200 +Subject: [PATCH] soname + +Imported from openssl_1.0.2h-1.debian.tar.xz + +Signed-off-by: Michael Olbrich +--- + crypto/opensslv.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/opensslv.h b/crypto/opensslv.h +index 13fe440231cd..ed092f113f1b 100644 +--- a/crypto/opensslv.h ++++ b/crypto/opensslv.h +@@ -88,7 +88,7 @@ extern "C" { + * should only keep the versions that are binary compatible with the current. + */ + # define SHLIB_VERSION_HISTORY "" +-# define SHLIB_VERSION_NUMBER "1.0.0" ++# define SHLIB_VERSION_NUMBER "1.0.2" + + + #ifdef __cplusplus diff --git a/patches/openssl-1.0.2h/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch b/patches/openssl-1.0.2h/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch new file mode 100644 index 000000000..348505b97 --- /dev/null +++ b/patches/openssl-1.0.2h/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch @@ -0,0 +1,22 @@ +From: Michael Olbrich +Date: Mon, 11 Aug 2014 12:28:49 +0200 +Subject: [PATCH] Configure: don't ask dpkg-buildflags for more flags + +Signed-off-by: Michael Olbrich +--- + Configure | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Configure b/Configure +index 974407e2d9a5..020f215dd1e8 100755 +--- a/Configure ++++ b/Configure +@@ -132,7 +132,7 @@ my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers + my $warn_make_depend = 0; + + # There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS +-my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall"; ++my $debian_cflags = "-g -O2 -Wformat -Werror=format-security " . "-Wa,--noexecstack -Wall"; + $debian_cflags =~ s/\n/ /g; + + my $strict_warnings = 0; diff --git a/patches/openssl-1.0.2h/0101-fix-parallel-building.patch b/patches/openssl-1.0.2h/0101-fix-parallel-building.patch new file mode 100644 index 000000000..80ee249df --- /dev/null +++ b/patches/openssl-1.0.2h/0101-fix-parallel-building.patch @@ -0,0 +1,90 @@ +From: Michael Olbrich +Date: Mon, 23 Mar 2015 09:29:05 +0100 +Subject: [PATCH] fix parallel building + +Signed-off-by: Michael Olbrich +--- + Makefile.org | 18 ++++++++++++------ + crypto/Makefile | 4 ++-- + engines/Makefile | 4 ++-- + 3 files changed, 16 insertions(+), 10 deletions(-) + +diff --git a/Makefile.org b/Makefile.org +index 9aee32001139..fc86c73c76f0 100644 +--- a/Makefile.org ++++ b/Makefile.org +@@ -278,18 +278,24 @@ build_libs: build_libcrypto build_libssl openssl.pc + build_libcrypto: build_crypto build_engines libcrypto.pc + build_libssl: build_ssl libssl.pc + ++ifeq ($(SHARED_LIBS),) ++build_ssl: build_engines ++else ++build_engines: build_ssl ++endif ++ + build_crypto: +- @dir=crypto; target=all; $(BUILD_ONE_CMD) ++ @+dir=crypto; target=all; $(BUILD_ONE_CMD) + build_ssl: build_crypto +- @dir=ssl; target=all; $(BUILD_ONE_CMD) ++ @+dir=ssl; target=all; $(BUILD_ONE_CMD) + build_engines: build_crypto +- @dir=engines; target=all; $(BUILD_ONE_CMD) ++ @+dir=engines; target=all; $(BUILD_ONE_CMD) + build_apps: build_libs +- @dir=apps; target=all; $(BUILD_ONE_CMD) ++ @+dir=apps; target=all; $(BUILD_ONE_CMD) + build_tests: build_libs +- @dir=test; target=all; $(BUILD_ONE_CMD) ++ @+dir=test; target=all; $(BUILD_ONE_CMD) + build_tools: build_libs +- @dir=tools; target=all; $(BUILD_ONE_CMD) ++ @+dir=tools; target=all; $(BUILD_ONE_CMD) + + all_testapps: build_libs build_testapps + build_testapps: +diff --git a/crypto/Makefile b/crypto/Makefile +index 7869996a9c07..76690a1c8619 100644 +--- a/crypto/Makefile ++++ b/crypto/Makefile +@@ -85,7 +85,7 @@ testapps: + @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi + + subdirs: +- @target=all; $(RECURSIVE_MAKE) ++ @+target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO +@@ -100,7 +100,7 @@ links: + # lib: $(LIB): are splitted to avoid end-less loop + lib: $(LIB) + @touch lib +-$(LIB): $(LIBOBJ) ++$(LIB): $(LIBOBJ) subdirs + $(AR) $(LIB) $(LIBOBJ) + test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o + $(RANLIB) $(LIB) || echo Never mind. +diff --git a/engines/Makefile b/engines/Makefile +index df7def6174fd..ec27bc24be64 100644 +--- a/engines/Makefile ++++ b/engines/Makefile +@@ -72,7 +72,7 @@ top: + + all: lib subdirs + +-lib: $(LIBOBJ) ++lib: $(LIBOBJ) subdirs + @if [ -n "$(SHARED_LIBS)" ]; then \ + set -e; \ + for l in $(LIBNAMES); do \ +@@ -89,7 +89,7 @@ lib: $(LIBOBJ) + + subdirs: + echo $(EDIRS) +- @target=all; $(RECURSIVE_MAKE) ++ @+target=all; $(RECURSIVE_MAKE) + + files: + $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO diff --git a/patches/openssl-1.0.2h/series b/patches/openssl-1.0.2h/series new file mode 100644 index 000000000..898c5a1e7 --- /dev/null +++ b/patches/openssl-1.0.2h/series @@ -0,0 +1,19 @@ +# generated by git-ptx-patches +#tag:base --start-number 1 +#tag:debian --start-number 1 +0001-ca.patch +0002-debian-targets.patch +0003-engines-path.patch +0004-no-rpath.patch +0005-no-symbolic.patch +0006-pic.patch +0007-valgrind.patch +0008-shared-lib-ext.patch +0009-block_diginotar.patch +0010-block_digicert_malaysia.patch +0011-Disable-the-freelist.patch +0012-soname.patch +#tag:ptx --start-number 100 +0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch +0101-fix-parallel-building.patch +# 140047a5c07890c453b82870bc8087e3 - git-ptx-patches magic -- cgit v1.2.3