Also add Debian patch to mark Triple DES and RC4 as weak ciphers.
Signed-off-by: Clemens Gruber <clemens.gru...@pqgruber.com>
---
.../0001-debian-targets.patch | 6 +-
.../0002-engines-path.patch | 12 +-
.../0003-no-rpath.patch | 0
.../0004-no-symbolic.patch | 0
.../0005-pic.patch | 0
.../0006-valgrind.patch | 0
.../0007-shared-lib-ext.patch | 4 +-
.../0008-block_diginotar.patch | 0
.../0009-block_digicert_malaysia.patch | 0
.../0010-Disable-the-freelist.patch | 2 +-
.../0011-soname.patch | 2 +-
.../0012-Mark-3DES-and-RC4-ciphers-as-weak.patch | 427 +++++++++++++++++++++
...-don-t-ask-dpkg-buildflags-for-more-flags.patch | 0
.../0101-fix-parallel-building.patch | 0
patches/{openssl-1.0.2j => openssl-1.0.2k}/series | 3 +-
rules/openssl.make | 4 +-
16 files changed, 444 insertions(+), 16 deletions(-)
rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0001-debian-targets.patch
(98%)
rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0002-engines-path.patch (94%)
rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0003-no-rpath.patch (100%)
rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0004-no-symbolic.patch (100%)
rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0005-pic.patch (100%)
rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0006-valgrind.patch (100%)
rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0007-shared-lib-ext.patch
(91%)
rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0008-block_diginotar.patch
(100%)
rename patches/{openssl-1.0.2j =>
openssl-1.0.2k}/0009-block_digicert_malaysia.patch (100%)
rename patches/{openssl-1.0.2j =>
openssl-1.0.2k}/0010-Disable-the-freelist.patch (96%)
rename patches/{openssl-1.0.2j => openssl-1.0.2k}/0011-soname.patch (94%)
create mode 100644
patches/openssl-1.0.2k/0012-Mark-3DES-and-RC4-ciphers-as-weak.patch
rename patches/{openssl-1.0.2j =>
openssl-1.0.2k}/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
(100%)
rename patches/{openssl-1.0.2j =>
openssl-1.0.2k}/0101-fix-parallel-building.patch (100%)
rename patches/{openssl-1.0.2j => openssl-1.0.2k}/series (81%)
diff --git a/patches/openssl-1.0.2j/0001-debian-targets.patch
b/patches/openssl-1.0.2k/0001-debian-targets.patch
similarity index 98%
rename from patches/openssl-1.0.2j/0001-debian-targets.patch
rename to patches/openssl-1.0.2k/0001-debian-targets.patch
index a3a0895fb..ea3b557e5 100644
--- a/patches/openssl-1.0.2j/0001-debian-targets.patch
+++ b/patches/openssl-1.0.2k/0001-debian-targets.patch
@@ -10,10 +10,10 @@ Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
1 file changed, 54 insertions(+)
diff --git a/Configure b/Configure
-index c39f71a17910..738cee34030f 100755
+index 5da7cadbf332..300a314fbd39 100755
--- a/Configure
+++ b/Configure
-@@ -131,6 +131,10 @@ my $clang_devteam_warn = "-Wno-unused-parameter
-Wno-missing-field-initializers
+@@ -133,6 +133,10 @@ my $clang_devteam_warn = "-Wno-unused-parameter
-Wno-missing-field-initializers
# Warn that "make depend" should be run?
my $warn_make_depend = 0;
@@ -24,7 +24,7 @@ index c39f71a17910..738cee34030f 100755
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -367,6 +371,56 @@ my %table=(
+@@ -369,6 +373,56 @@ my %table=(
"osf1-alpha-cc", "cc:-std1 -tune host -O4
-readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG
RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
"tru64-alpha-cc", "cc:-std1 -tune host -fast
-readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG
RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
diff --git a/patches/openssl-1.0.2j/0002-engines-path.patch
b/patches/openssl-1.0.2k/0002-engines-path.patch
similarity index 94%
rename from patches/openssl-1.0.2j/0002-engines-path.patch
rename to patches/openssl-1.0.2k/0002-engines-path.patch
index 054e0c0d8..751ca6539 100644
--- a/patches/openssl-1.0.2j/0002-engines-path.patch
+++ b/patches/openssl-1.0.2k/0002-engines-path.patch
@@ -13,10 +13,10 @@ Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
4 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/Configure b/Configure
-index 738cee34030f..fe3c3c70181c 100755
+index 300a314fbd39..92e1ce9d74b9 100755
--- a/Configure
+++ b/Configure
-@@ -1969,7 +1969,7 @@ while (<IN>)
+@@ -1979,7 +1979,7 @@ while (<IN>)
}
elsif (/^#define\s+ENGINESDIR/)
{
@@ -26,10 +26,10 @@ index 738cee34030f..fe3c3c70181c 100755
print OUT "#define ENGINESDIR \"$foo\"\n";
}
diff --git a/Makefile.org b/Makefile.org
-index 2377f5029187..4c92e2167ecd 100644
+index 61a329b4f20f..910692d4a4c2 100644
--- a/Makefile.org
+++ b/Makefile.org
-@@ -368,7 +368,7 @@ libcrypto.pc: Makefile
+@@ -369,7 +369,7 @@ libcrypto.pc: Makefile
echo 'exec_prefix=$${prefix}'; \
echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
echo 'includedir=$${prefix}/include'; \
@@ -38,7 +38,7 @@ index 2377f5029187..4c92e2167ecd 100644
echo ''; \
echo 'Name: OpenSSL-libcrypto'; \
echo 'Description: OpenSSL cryptography library'; \
-@@ -536,7 +536,7 @@ install: all install_docs install_sw
+@@ -537,7 +537,7 @@ install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
@@ -82,7 +82,7 @@ index 2058ff405afe..df7def6174fd 100644
fi
@target=install; $(RECURSIVE_MAKE)
diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile
-index 17e1efbdff30..d59a350fd50f 100644
+index f378530c8642..b42a64162730 100644
--- a/engines/ccgost/Makefile
+++ b/engines/ccgost/Makefile
@@ -47,7 +47,7 @@ install:
diff --git a/patches/openssl-1.0.2j/0003-no-rpath.patch
b/patches/openssl-1.0.2k/0003-no-rpath.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0003-no-rpath.patch
rename to patches/openssl-1.0.2k/0003-no-rpath.patch
diff --git a/patches/openssl-1.0.2j/0004-no-symbolic.patch
b/patches/openssl-1.0.2k/0004-no-symbolic.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0004-no-symbolic.patch
rename to patches/openssl-1.0.2k/0004-no-symbolic.patch
diff --git a/patches/openssl-1.0.2j/0005-pic.patch
b/patches/openssl-1.0.2k/0005-pic.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0005-pic.patch
rename to patches/openssl-1.0.2k/0005-pic.patch
diff --git a/patches/openssl-1.0.2j/0006-valgrind.patch
b/patches/openssl-1.0.2k/0006-valgrind.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0006-valgrind.patch
rename to patches/openssl-1.0.2k/0006-valgrind.patch
diff --git a/patches/openssl-1.0.2j/0007-shared-lib-ext.patch
b/patches/openssl-1.0.2k/0007-shared-lib-ext.patch
similarity index 91%
rename from patches/openssl-1.0.2j/0007-shared-lib-ext.patch
rename to patches/openssl-1.0.2k/0007-shared-lib-ext.patch
index 314f89898..d1f282a2d 100644
--- a/patches/openssl-1.0.2j/0007-shared-lib-ext.patch
+++ b/patches/openssl-1.0.2k/0007-shared-lib-ext.patch
@@ -10,10 +10,10 @@ Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Configure b/Configure
-index fe3c3c70181c..bf0da9cd950b 100755
+index 92e1ce9d74b9..d859e12733ad 100755
--- a/Configure
+++ b/Configure
-@@ -1835,7 +1835,8 @@ while (<IN>)
+@@ -1837,7 +1837,8 @@ while (<IN>)
elsif ($shared_extension ne "" && $shared_extension =~
/^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
diff --git a/patches/openssl-1.0.2j/0008-block_diginotar.patch
b/patches/openssl-1.0.2k/0008-block_diginotar.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0008-block_diginotar.patch
rename to patches/openssl-1.0.2k/0008-block_diginotar.patch
diff --git a/patches/openssl-1.0.2j/0009-block_digicert_malaysia.patch
b/patches/openssl-1.0.2k/0009-block_digicert_malaysia.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0009-block_digicert_malaysia.patch
rename to patches/openssl-1.0.2k/0009-block_digicert_malaysia.patch
diff --git a/patches/openssl-1.0.2j/0010-Disable-the-freelist.patch
b/patches/openssl-1.0.2k/0010-Disable-the-freelist.patch
similarity index 96%
rename from patches/openssl-1.0.2j/0010-Disable-the-freelist.patch
rename to patches/openssl-1.0.2k/0010-Disable-the-freelist.patch
index 0ca35f946..dc5cf4bde 100644
--- a/patches/openssl-1.0.2j/0010-Disable-the-freelist.patch
+++ b/patches/openssl-1.0.2k/0010-Disable-the-freelist.patch
@@ -28,7 +28,7 @@ index 054ded1c9903..bb0085cf2ec0 100644
/*-
* On some platforms, malloc() performance is bad enough that you can't just
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 42b980ac26a0..da721a9ac559 100644
+index f8054dae6b6b..0c3bafb52814 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -162,6 +162,8 @@
diff --git a/patches/openssl-1.0.2j/0011-soname.patch
b/patches/openssl-1.0.2k/0011-soname.patch
similarity index 94%
rename from patches/openssl-1.0.2j/0011-soname.patch
rename to patches/openssl-1.0.2k/0011-soname.patch
index de9c6fa93..93c046003 100644
--- a/patches/openssl-1.0.2j/0011-soname.patch
+++ b/patches/openssl-1.0.2k/0011-soname.patch
@@ -10,7 +10,7 @@ Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/crypto/opensslv.h b/crypto/opensslv.h
-index 88faad652259..2ceb66313cc6 100644
+index 645dd0793f32..976423292855 100644
--- a/crypto/opensslv.h
+++ b/crypto/opensslv.h
@@ -88,7 +88,7 @@ extern "C" {
diff --git
a/patches/openssl-1.0.2k/0012-Mark-3DES-and-RC4-ciphers-as-weak.patch
b/patches/openssl-1.0.2k/0012-Mark-3DES-and-RC4-ciphers-as-weak.patch
new file mode 100644
index 000000000..719f17225
--- /dev/null
+++ b/patches/openssl-1.0.2k/0012-Mark-3DES-and-RC4-ciphers-as-weak.patch
@@ -0,0 +1,427 @@
+From: Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
+Date: Sun, 18 Dec 2016 15:37:52 +0100
+Subject: [PATCH] Mark 3DES and RC4 ciphers as weak
+
+This disables RC4 and 3DES in our build
+
+Imported from openssl_1.0.2k-1~bpo8+1.debian.tar.xz
+
+Signed-off-by: Clemens Gruber <clemens.gru...@pqgruber.com>
+---
+ ssl/s3_lib.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 58 insertions(+), 1 deletion(-)
+
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
+index 0385e039c8d4..cf785f994917 100644
+--- a/ssl/s3_lib.c
++++ b/ssl/s3_lib.c
+@@ -216,6 +216,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+
+ /* Cipher 04 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_RSA_RC4_128_MD5,
+@@ -230,8 +231,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
++#endif
+
+ /* Cipher 05 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_RSA_RC4_128_SHA,
+@@ -246,7 +249,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
+-
++#endif
+ /* Cipher 06 */
+ #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+@@ -320,6 +323,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+
+ /* Cipher 0A */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_RSA_DES_192_CBC3_SHA,
+@@ -334,6 +338,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* The DH ciphers */
+ /* Cipher 0B */
+@@ -373,6 +378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+
+ /* Cipher 0D */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_DH_DSS_DES_192_CBC3_SHA,
+@@ -387,6 +393,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher 0E */
+ #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+@@ -425,6 +432,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+
+ /* Cipher 10 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_DH_RSA_DES_192_CBC3_SHA,
+@@ -439,6 +447,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* The Ephemeral DH ciphers */
+ /* Cipher 11 */
+@@ -478,6 +487,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+
+ /* Cipher 13 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
+@@ -492,6 +502,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher 14 */
+ #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+@@ -530,6 +541,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+
+ /* Cipher 16 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
+@@ -544,6 +556,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher 17 */
+ #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+@@ -564,6 +577,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+
+ /* Cipher 18 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_ADH_RC4_128_MD5,
+@@ -578,6 +592,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
++#endif
+
+ /* Cipher 19 */
+ #ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+@@ -616,6 +631,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ #endif
+
+ /* Cipher 1B */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_ADH_DES_192_CBC_SHA,
+@@ -630,6 +646,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Fortezza ciphersuite from SSL 3.0 spec */
+ #if 0
+@@ -703,6 +720,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ # endif
+
+ /* Cipher 1F */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_192_CBC3_SHA,
+@@ -717,8 +735,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher 20 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_128_SHA,
+@@ -733,6 +753,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
++#endif
+
+ /* Cipher 21 */
+ {
+@@ -769,6 +790,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ # endif
+
+ /* Cipher 23 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_KRB5_DES_192_CBC3_MD5,
+@@ -783,8 +805,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher 24 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ SSL3_TXT_KRB5_RC4_128_MD5,
+@@ -799,6 +823,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
++#endif
+
+ /* Cipher 25 */
+ {
+@@ -1418,6 +1443,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ # endif
+
+ /* Cipher 66 */
++# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+@@ -1433,6 +1459,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ },
+ #endif
++#endif
+
+ /* TLS v1.2 ciphersuites */
+ /* Cipher 67 */
+@@ -1703,6 +1730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+
+ #ifndef OPENSSL_NO_PSK
+ /* Cipher 8A */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_RC4_128_SHA,
+@@ -1717,8 +1745,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
++#endif
+
+ /* Cipher 8B */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+@@ -1733,6 +1763,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher 8C */
+ {
+@@ -2095,6 +2126,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ },
+
+ /* Cipher C002 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA,
+@@ -2109,8 +2141,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
++#endif
+
+ /* Cipher C003 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA,
+@@ -2125,6 +2159,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher C004 */
+ {
+@@ -2175,6 +2210,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ },
+
+ /* Cipher C007 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+@@ -2189,8 +2225,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
++#endif
+
+ /* Cipher C008 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+@@ -2205,6 +2243,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher C009 */
+ {
+@@ -2255,6 +2294,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ },
+
+ /* Cipher C00C */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA,
+@@ -2269,8 +2309,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
++#endif
+
+ /* Cipher C00D */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA,
+@@ -2285,6 +2327,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher C00E */
+ {
+@@ -2335,6 +2378,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ },
+
+ /* Cipher C011 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+@@ -2349,8 +2393,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
++#endif
+
+ /* Cipher C012 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+@@ -2365,6 +2411,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher C013 */
+ {
+@@ -2415,6 +2462,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ },
+
+ /* Cipher C016 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+@@ -2429,8 +2477,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 128,
+ 128,
+ },
++#endif
+
+ /* Cipher C017 */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+@@ -2445,6 +2495,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher C018 */
+ {
+@@ -2481,6 +2532,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+
+ #ifndef OPENSSL_NO_SRP
+ /* Cipher C01A */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+@@ -2495,8 +2547,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher C01B */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+@@ -2511,8 +2565,10 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher C01C */
++#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+ {
+ 1,
+ TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+@@ -2527,6 +2583,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+ 112,
+ 168,
+ },
++#endif
+
+ /* Cipher C01D */
+ {
diff --git
a/patches/openssl-1.0.2j/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
b/patches/openssl-1.0.2k/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
similarity index 100%
rename from
patches/openssl-1.0.2j/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
rename to
patches/openssl-1.0.2k/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
diff --git a/patches/openssl-1.0.2j/0101-fix-parallel-building.patch
b/patches/openssl-1.0.2k/0101-fix-parallel-building.patch
similarity index 100%
rename from patches/openssl-1.0.2j/0101-fix-parallel-building.patch
rename to patches/openssl-1.0.2k/0101-fix-parallel-building.patch
diff --git a/patches/openssl-1.0.2j/series b/patches/openssl-1.0.2k/series
similarity index 81%
rename from patches/openssl-1.0.2j/series
rename to patches/openssl-1.0.2k/series
index 01b9069cb..9aff52098 100644
--- a/patches/openssl-1.0.2j/series
+++ b/patches/openssl-1.0.2k/series
@@ -12,7 +12,8 @@
0009-block_digicert_malaysia.patch
0010-Disable-the-freelist.patch
0011-soname.patch
+0012-Mark-3DES-and-RC4-ciphers-as-weak.patch
#tag:ptx --start-number 100
0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
0101-fix-parallel-building.patch
-# f8cea4ba1a426b33140d363dc76fa6d2 - git-ptx-patches magic
+# e678378891be1b4edd294761e63d3a68 - git-ptx-patches magic
diff --git a/rules/openssl.make b/rules/openssl.make
index a6e643418..9ee02819f 100644
--- a/rules/openssl.make
+++ b/rules/openssl.make
@@ -19,9 +19,9 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl
# Paths and names
#
OPENSSL_BASE := 1.0.2
-OPENSSL_BUGFIX := j
+OPENSSL_BUGFIX := k
OPENSSL_VERSION := $(OPENSSL_BASE)$(OPENSSL_BUGFIX)
-OPENSSL_MD5 := 96322138f0b69e61b7212bc53d5e912b
+OPENSSL_MD5 := f965fc0bf01bf882b31314b61391ae65
OPENSSL := openssl-$(OPENSSL_VERSION)
OPENSSL_SUFFIX := tar.gz
OPENSSL_URL := \
--
2.11.1
_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
