Muehlenhoff has submitted this change and it was merged. Change subject: Update Debian patches for 1.0.2i ......................................................................
Update Debian patches for 1.0.2i Update ca.patch and cloudflare-c20p1305.patch for changes in 1.0.2i and refresh all remaining quilt patches. Change-Id: Ie4840b816352e46bf106394d8dc41ab6a237db4b --- M debian/patches/block_digicert_malaysia.patch M debian/patches/block_diginotar.patch M debian/patches/c_rehash-compat.patch M debian/patches/ca.patch M debian/patches/cloudflare-c20p1305-sym.patch M debian/patches/cloudflare-c20p1305.patch M debian/patches/config-hurd.patch M debian/patches/debian-targets.patch M debian/patches/disable_freelist.patch M debian/patches/engines-path.patch M debian/patches/extend-version-script.patch M debian/patches/man-dir.patch M debian/patches/man-section.patch M debian/patches/more-chapoly.patch M debian/patches/no-rpath.patch M debian/patches/no-symbolic.patch M debian/patches/pic.patch M debian/patches/shared-lib-ext.patch M debian/patches/valgrind.patch M debian/patches/version-script.patch M debian/patches/zero-pad-dhe.patch 21 files changed, 241 insertions(+), 255 deletions(-) Approvals: Muehlenhoff: Looks good to me, approved jenkins-bot: Verified diff --git a/debian/patches/block_digicert_malaysia.patch b/debian/patches/block_digicert_malaysia.patch index 877d534..61aa8df 100644 --- a/debian/patches/block_digicert_malaysia.patch +++ b/debian/patches/block_digicert_malaysia.patch @@ -5,11 +5,11 @@ Origin: vendor Last-Update: 2011-11-05 -Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c +Index: openssl/crypto/x509/x509_vfy.c =================================================================== ---- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.488028844 +0100 -+++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 +0100 -@@ -964,10 +964,11 @@ +--- openssl.orig/crypto/x509/x509_vfy.c ++++ openssl/crypto/x509/x509_vfy.c +@@ -1122,10 +1122,11 @@ static int check_ca_blacklist(X509_STORE for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) { x = sk_X509_value(ctx->chain, i); diff --git a/debian/patches/block_diginotar.patch b/debian/patches/block_diginotar.patch index 2cbbb10..8c62339 100644 --- a/debian/patches/block_diginotar.patch +++ b/debian/patches/block_diginotar.patch @@ -10,10 +10,10 @@ This is not meant as final patch. -Index: openssl-1.0.2g/crypto/x509/x509_vfy.c +Index: openssl/crypto/x509/x509_vfy.c =================================================================== ---- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c -+++ openssl-1.0.2g/crypto/x509/x509_vfy.c +--- openssl.orig/crypto/x509/x509_vfy.c ++++ openssl/crypto/x509/x509_vfy.c @@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c static int check_revocation(X509_STORE_CTX *ctx); static int check_cert(X509_STORE_CTX *ctx); @@ -22,7 +22,7 @@ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer, unsigned int *preasons, X509_CRL *crl, X509 *x); -@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx +@@ -501,6 +502,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx if (!ok) goto err; @@ -32,7 +32,7 @@ #ifndef OPENSSL_NO_RFC3779 /* RFC 3779 path validation, now that CRL check has been done */ ok = v3_asid_validate_path(ctx); -@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX +@@ -1110,6 +1114,29 @@ static int check_crl_time(X509_STORE_CTX return 1; } diff --git a/debian/patches/c_rehash-compat.patch b/debian/patches/c_rehash-compat.patch index 102210a..9614124 100644 --- a/debian/patches/c_rehash-compat.patch +++ b/debian/patches/c_rehash-compat.patch @@ -7,10 +7,10 @@ tools/c_rehash.in | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) -Index: openssl-1.0.2b/tools/c_rehash.in +Index: openssl/tools/c_rehash.in =================================================================== ---- openssl-1.0.2b.orig/tools/c_rehash.in -+++ openssl-1.0.2b/tools/c_rehash.in +--- openssl.orig/tools/c_rehash.in ++++ openssl/tools/c_rehash.in @@ -8,8 +8,6 @@ my $prefix; my $openssl = $ENV{OPENSSL} || "openssl"; diff --git a/debian/patches/ca.patch b/debian/patches/ca.patch index 761eebe..7d1b357 100644 --- a/debian/patches/ca.patch +++ b/debian/patches/ca.patch @@ -1,16 +1,16 @@ -Index: openssl-0.9.8m/apps/CA.pl.in +Index: openssl/apps/CA.pl.in =================================================================== ---- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000 -+++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000 -@@ -65,6 +65,7 @@ +--- openssl.orig/apps/CA.pl.in ++++ openssl/apps/CA.pl.in +@@ -65,6 +65,7 @@ $RET = 0; foreach (@ARGV) { if ( /^(-\?|-h|-help)$/ ) { - print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; + print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n"; + print STDERR "usage: CA -signcert certfile keyfile|-newcert|-newreq|-newca|-sign|-verify\n"; exit 0; } elsif (/^-newcert$/) { # create a certificate -@@ -165,6 +166,7 @@ +@@ -165,6 +166,7 @@ foreach (@ARGV) { } else { print STDERR "Unknown arg $_\n"; print STDERR "usage: CA -newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n"; diff --git a/debian/patches/cloudflare-c20p1305-sym.patch b/debian/patches/cloudflare-c20p1305-sym.patch index 513ede5..d73745f 100644 --- a/debian/patches/cloudflare-c20p1305-sym.patch +++ b/debian/patches/cloudflare-c20p1305-sym.patch @@ -1,8 +1,8 @@ # symbol export fixup for cloudflare patch on debian -diff --git a/openssl.ld b/openssl.ld -index b4d1a18..3156af7 100644 ---- a/openssl.ld -+++ b/openssl.ld +Index: openssl/openssl.ld +=================================================================== +--- openssl.orig/openssl.ld ++++ openssl/openssl.ld @@ -4613,5 +4613,7 @@ OPENSSL_1.0.2 { SSL_test_functions; SRP_VBASE_get1_by_user; @@ -10,4 +10,4 @@ + EVP_chacha20_poly1305; + EVP_chacha20_poly1305_draft; } OPENSSL_1.0.1d; - + diff --git a/debian/patches/cloudflare-c20p1305.patch b/debian/patches/cloudflare-c20p1305.patch index 181567b..f8747cb 100644 --- a/debian/patches/cloudflare-c20p1305.patch +++ b/debian/patches/cloudflare-c20p1305.patch @@ -45,11 +45,11 @@ create mode 100644 crypto/chacha20poly1305/poly1305.c create mode 100644 crypto/evp/e_chacha20poly1305.c -diff --git a/Configure b/Configure -index 4a715dc..f3ab6cd 100755 ---- a/Configure -+++ b/Configure -@@ -146,25 +146,25 @@ my $tlib="-lnsl -lsocket"; +Index: openssl/Configure +=================================================================== +--- openssl.orig/Configure ++++ openssl/Configure +@@ -154,25 +154,25 @@ my $tlib="-lnsl -lsocket"; my $bits1="THIRTY_TWO_BIT "; my $bits2="SIXTY_FOUR_BIT "; @@ -89,7 +89,7 @@ # As for $BSDthreads. Idea is to maintain "collective" set of flags, # which would cover all BSD flavors. -pthread applies to them all, -@@ -710,6 +710,7 @@ my $idx_wp_obj = $idx++; +@@ -767,6 +767,7 @@ my $idx_wp_obj = $idx++; my $idx_cmll_obj = $idx++; my $idx_modes_obj = $idx++; my $idx_engines_obj = $idx++; @@ -97,7 +97,7 @@ my $idx_perlasm_scheme = $idx++; my $idx_dso_scheme = $idx++; my $idx_shared_target = $idx++; -@@ -752,6 +753,7 @@ my $bf ="crypto/bf/bf_locl.h"; +@@ -809,6 +810,7 @@ my $bf ="crypto/bf/bf_locl.h"; my $bn_asm ="bn_asm.o"; my $des_enc="des_enc.o fcrypt_b.o"; my $aes_enc="aes_core.o aes_cbc.o"; @@ -105,7 +105,7 @@ my $bf_enc ="bf_enc.o"; my $cast_enc="c_enc.o"; my $rc4_enc="rc4_enc.o rc4_skey.o"; -@@ -1210,7 +1212,7 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/] +@@ -1264,7 +1266,7 @@ $openssldir=$prefix . "/" . $openssldir print "IsMK1MF=$IsMK1MF\n"; @@ -114,7 +114,7 @@ my $cc = $fields[$idx_cc]; # Allow environment CC to override compiler... if($ENV{CC}) { -@@ -1239,6 +1241,7 @@ my $wp_obj = $fields[$idx_wp_obj]; +@@ -1293,6 +1295,7 @@ my $wp_obj = $fields[$idx_wp_obj]; my $cmll_obj = $fields[$idx_cmll_obj]; my $modes_obj = $fields[$idx_modes_obj]; my $engines_obj = $fields[$idx_engines_obj]; @@ -122,7 +122,7 @@ my $perlasm_scheme = $fields[$idx_perlasm_scheme]; my $dso_scheme = $fields[$idx_dso_scheme]; my $shared_target = $fields[$idx_shared_target]; -@@ -1405,7 +1408,7 @@ if ($no_asm) +@@ -1460,7 +1463,7 @@ if ($no_asm) { $cpuid_obj=$bn_obj=$ec_obj= $des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj= @@ -131,9 +131,9 @@ } if (!$no_shared) -@@ -1558,6 +1561,14 @@ $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); +@@ -1612,6 +1615,14 @@ $des_obj=$des_enc unless ($des_obj =~ /\ + $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); - $rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/); $rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/); +if ($chapoly_obj =~ /\.o$/) + { @@ -143,9 +143,9 @@ + { + $chapoly_obj=$chapoly_enc; + } - if ($sha1_obj =~ /\.o$/) + if ($rc4_obj =~ /\.o$/) { - # $sha1_obj=$sha1_enc; + $cflags.=" -DRC4_ASM"; @@ -1740,6 +1751,7 @@ while (<IN>) s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/; s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/; @@ -179,11 +179,11 @@ \$perlasm_scheme = $perlasm_scheme \$dso_scheme = $dso_scheme \$shared_target= $shared_target -diff --git a/Makefile.org b/Makefile.org -index 76fdbdf..6556ef6 100644 ---- a/Makefile.org -+++ b/Makefile.org -@@ -91,6 +91,7 @@ BN_ASM= bn_asm.o +Index: openssl/Makefile.org +=================================================================== +--- openssl.orig/Makefile.org ++++ openssl/Makefile.org +@@ -92,6 +92,7 @@ BN_ASM= bn_asm.o EC_ASM= DES_ENC= des_enc.o fcrypt_b.o AES_ENC= aes_core.o aes_cbc.o @@ -191,7 +191,7 @@ BF_ENC= bf_enc.o CAST_ENC= c_enc.o RC4_ENC= rc4_enc.o -@@ -148,7 +149,7 @@ SDIRS= \ +@@ -149,7 +150,7 @@ SDIRS= \ bn ec rsa dsa ecdsa dh ecdh dso engine \ buffer bio stack lhash rand err \ evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \ @@ -200,7 +200,7 @@ # keep in mind that the above list is adjusted by ./Configure # according to no-xxx arguments... -@@ -234,6 +235,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)' PROCESSOR='$(PROCESSOR)'\ +@@ -237,6 +238,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM) WP_ASM_OBJ='$(WP_ASM_OBJ)' \ MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \ ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \ @@ -208,10 +208,10 @@ PERLASM_SCHEME='$(PERLASM_SCHEME)' \ FIPSLIBDIR='${FIPSLIBDIR}' \ FIPSDIR='${FIPSDIR}' \ -diff --git a/apps/speed.c b/apps/speed.c -index 95adcc1..94b80a1 100644 ---- a/apps/speed.c -+++ b/apps/speed.c +Index: openssl/apps/speed.c +=================================================================== +--- openssl.orig/apps/speed.c ++++ openssl/apps/speed.c @@ -1,4 +1,4 @@ -/* apps/speed.c */ +/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */ @@ -227,7 +227,7 @@ static volatile int run = 0; static int mr = 0; -@@ -241,7 +241,7 @@ static void print_result(int alg, int run_no, int count, double time_used); +@@ -241,7 +241,7 @@ static void print_result(int alg, int ru static int do_multi(int multi); # endif @@ -302,11 +302,10 @@ # ifndef OPENSSL_NO_CAMELLIA if (doit[D_CBC_128_CML]) { for (j = 0; j < SIZE_NUM; j++) { -diff --git a/crypto/chacha20poly1305/Makefile b/crypto/chacha20poly1305/Makefile -new file mode 100644 -index 0000000..446eb27 +Index: openssl/crypto/chacha20poly1305/Makefile +=================================================================== --- /dev/null -+++ b/crypto/chacha20poly1305/Makefile ++++ openssl/crypto/chacha20poly1305/Makefile @@ -0,0 +1,97 @@ +# +# crypto/chacha20poly1305/Makefile @@ -405,11 +404,10 @@ + +chacha20.o: ../../include/openssl/chacha20poly1305.h chacha20.c +poly1305.o: ../../include/openssl/chacha20poly1305.h poly1305.c -diff --git a/crypto/chacha20poly1305/asm/chacha20_avx.pl b/crypto/chacha20poly1305/asm/chacha20_avx.pl -new file mode 100644 -index 0000000..bf3e3f0 +Index: openssl/crypto/chacha20poly1305/asm/chacha20_avx.pl +=================================================================== --- /dev/null -+++ b/crypto/chacha20poly1305/asm/chacha20_avx.pl ++++ openssl/crypto/chacha20poly1305/asm/chacha20_avx.pl @@ -0,0 +1,408 @@ +#!/usr/bin/env perl + @@ -819,11 +817,10 @@ + +close STDOUT; + -diff --git a/crypto/chacha20poly1305/asm/chacha20_avx2.pl b/crypto/chacha20poly1305/asm/chacha20_avx2.pl -new file mode 100644 -index 0000000..9f31f86 +Index: openssl/crypto/chacha20poly1305/asm/chacha20_avx2.pl +=================================================================== --- /dev/null -+++ b/crypto/chacha20poly1305/asm/chacha20_avx2.pl ++++ openssl/crypto/chacha20poly1305/asm/chacha20_avx2.pl @@ -0,0 +1,443 @@ +#!/usr/bin/env perl + @@ -1268,11 +1265,10 @@ + +close STDOUT; + -diff --git a/crypto/chacha20poly1305/asm/poly1305_avx.pl b/crypto/chacha20poly1305/asm/poly1305_avx.pl -new file mode 100644 -index 0000000..cedeca1 +Index: openssl/crypto/chacha20poly1305/asm/poly1305_avx.pl +=================================================================== --- /dev/null -+++ b/crypto/chacha20poly1305/asm/poly1305_avx.pl ++++ openssl/crypto/chacha20poly1305/asm/poly1305_avx.pl @@ -0,0 +1,732 @@ +############################################################################## +# # @@ -2006,11 +2002,10 @@ +print $code; +close STDOUT; + -diff --git a/crypto/chacha20poly1305/asm/poly1305_avx2.pl b/crypto/chacha20poly1305/asm/poly1305_avx2.pl -new file mode 100644 -index 0000000..d2dd51f +Index: openssl/crypto/chacha20poly1305/asm/poly1305_avx2.pl +=================================================================== --- /dev/null -+++ b/crypto/chacha20poly1305/asm/poly1305_avx2.pl ++++ openssl/crypto/chacha20poly1305/asm/poly1305_avx2.pl @@ -0,0 +1,984 @@ +############################################################################## +# # @@ -2996,11 +2991,10 @@ +print $code; +close STDOUT; + -diff --git a/crypto/chacha20poly1305/asm/poly1305_x64.pl b/crypto/chacha20poly1305/asm/poly1305_x64.pl -new file mode 100644 -index 0000000..31c4c47 +Index: openssl/crypto/chacha20poly1305/asm/poly1305_x64.pl +=================================================================== --- /dev/null -+++ b/crypto/chacha20poly1305/asm/poly1305_x64.pl ++++ openssl/crypto/chacha20poly1305/asm/poly1305_x64.pl @@ -0,0 +1,281 @@ + +############################################################################## @@ -3283,11 +3277,10 @@ +$code =~ s/\`([^\`]*)\`/eval($1)/gem; +print $code; +close STDOUT; -diff --git a/crypto/chacha20poly1305/chacha20.c b/crypto/chacha20poly1305/chacha20.c -new file mode 100644 -index 0000000..3044751 +Index: openssl/crypto/chacha20poly1305/chacha20.c +=================================================================== --- /dev/null -+++ b/crypto/chacha20poly1305/chacha20.c ++++ openssl/crypto/chacha20poly1305/chacha20.c @@ -0,0 +1,162 @@ +/* Copyright (c) 2014, Google Inc. + * @@ -3451,11 +3444,10 @@ + U32TO8_LITTLE(nonce + 36, input[13]); +} + -diff --git a/crypto/chacha20poly1305/chacha20poly1305.h b/crypto/chacha20poly1305/chacha20poly1305.h -new file mode 100644 -index 0000000..09b0450 +Index: openssl/crypto/chacha20poly1305/chacha20poly1305.h +=================================================================== --- /dev/null -+++ b/crypto/chacha20poly1305/chacha20poly1305.h ++++ openssl/crypto/chacha20poly1305/chacha20poly1305.h @@ -0,0 +1,79 @@ +/* Copyright (c) 2014, Google Inc. + * @@ -3536,11 +3528,10 @@ +#endif + +#endif /* OPENSSL_HEADER_POLY1305_H */ -diff --git a/crypto/chacha20poly1305/chapolytest.c b/crypto/chacha20poly1305/chapolytest.c -new file mode 100644 -index 0000000..7e2933f +Index: openssl/crypto/chacha20poly1305/chapolytest.c +=================================================================== --- /dev/null -+++ b/crypto/chacha20poly1305/chapolytest.c ++++ openssl/crypto/chacha20poly1305/chapolytest.c @@ -0,0 +1,470 @@ +/* ==================================================================== + * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. @@ -4012,11 +4003,10 @@ + return 0; +} + -diff --git a/crypto/chacha20poly1305/poly1305.c b/crypto/chacha20poly1305/poly1305.c -new file mode 100644 -index 0000000..50bc4a0 +Index: openssl/crypto/chacha20poly1305/poly1305.c +=================================================================== --- /dev/null -+++ b/crypto/chacha20poly1305/poly1305.c ++++ openssl/crypto/chacha20poly1305/poly1305.c @@ -0,0 +1,287 @@ +/* Copyright (c) 2014, Google Inc. + * @@ -4305,11 +4295,11 @@ + U32TO8_LE(&mac[12], f3); +} + -diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c -index c9f674b..c6ff6ff 100644 ---- a/crypto/cryptlib.c -+++ b/crypto/cryptlib.c -@@ -656,16 +656,6 @@ const char *CRYPTO_get_lock_name(int type) +Index: openssl/crypto/cryptlib.c +=================================================================== +--- openssl.orig/crypto/cryptlib.c ++++ openssl/crypto/cryptlib.c +@@ -656,16 +656,6 @@ const char *CRYPTO_get_lock_name(int typ extern unsigned int OPENSSL_ia32cap_P[4]; unsigned long *OPENSSL_ia32cap_loc(void) { @@ -4326,11 +4316,11 @@ return (unsigned long *)OPENSSL_ia32cap_P; } -diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile -index aaaad98..e30b588 100644 ---- a/crypto/evp/Makefile -+++ b/crypto/evp/Makefile -@@ -29,7 +29,8 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c evp_cnf.c \ +Index: openssl/crypto/evp/Makefile +=================================================================== +--- openssl.orig/crypto/evp/Makefile ++++ openssl/crypto/evp/Makefile +@@ -29,7 +29,8 @@ LIBSRC= encode.c digest.c evp_enc.c evp_ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \ e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \ @@ -4340,7 +4330,7 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\ -@@ -42,7 +43,8 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \ +@@ -42,7 +43,8 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_ c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \ evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \ e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \ @@ -4350,7 +4340,7 @@ SRC= $(LIBSRC) -@@ -263,6 +265,7 @@ e_cast.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +@@ -264,6 +266,7 @@ e_cast.o: ../../include/openssl/objects. e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h @@ -4358,11 +4348,10 @@ e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h -diff --git a/crypto/evp/e_chacha20poly1305.c b/crypto/evp/e_chacha20poly1305.c -new file mode 100644 -index 0000000..17f8cb4 +Index: openssl/crypto/evp/e_chacha20poly1305.c +=================================================================== --- /dev/null -+++ b/crypto/evp/e_chacha20poly1305.c ++++ openssl/crypto/evp/e_chacha20poly1305.c @@ -0,0 +1,435 @@ +/* ==================================================================== + * Copyright (c) 2001-2014 The OpenSSL Project. All rights reserved. @@ -4799,11 +4788,11 @@ +const EVP_CIPHER *EVP_chacha20_poly1305(void) +{ return &chacha20_poly1305; } +#endif -diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h -index 39ab793..53ed671 100644 ---- a/crypto/evp/evp.h -+++ b/crypto/evp/evp.h -@@ -893,6 +893,10 @@ const EVP_CIPHER *EVP_camellia_256_cfb128(void); +Index: openssl/crypto/evp/evp.h +=================================================================== +--- openssl.orig/crypto/evp/evp.h ++++ openssl/crypto/evp/evp.h +@@ -893,6 +893,10 @@ const EVP_CIPHER *EVP_camellia_256_cfb12 # define EVP_camellia_256_cfb EVP_camellia_256_cfb128 const EVP_CIPHER *EVP_camellia_256_ofb(void); # endif @@ -4814,11 +4803,11 @@ # ifndef OPENSSL_NO_SEED const EVP_CIPHER *EVP_seed_ecb(void); -diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index f846cb5..b0364c1 100644 ---- a/ssl/s3_lib.c -+++ b/ssl/s3_lib.c -@@ -2891,6 +2891,111 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = { +Index: openssl/ssl/s3_lib.c +=================================================================== +--- openssl.orig/ssl/s3_lib.c ++++ openssl/ssl/s3_lib.c +@@ -2945,6 +2945,111 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] 256}, #endif @@ -4930,7 +4919,7 @@ /* end of list */ }; -@@ -4036,6 +4141,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4090,6 +4195,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S int i, ii, ok; CERT *cert; unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; @@ -4938,7 +4927,7 @@ /* Let's see which ciphers we can support */ cert = s->cert; -@@ -4069,9 +4175,17 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4123,9 +4229,17 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) { prio = srvr; allow = clnt; @@ -4956,7 +4945,7 @@ } tls1_set_cert_validity(s); -@@ -4083,6 +4197,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4137,6 +4251,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s)) continue; @@ -4968,10 +4957,10 @@ ssl_set_cert_masks(cert, c); mask_k = cert->mask_k; mask_a = cert->mask_a; -diff --git a/ssl/ssl.h b/ssl/ssl.h -index ae8c925..c7635b6 100644 ---- a/ssl/ssl.h -+++ b/ssl/ssl.h +Index: openssl/ssl/ssl.h +=================================================================== +--- openssl.orig/ssl/ssl.h ++++ openssl/ssl/ssl.h @@ -294,6 +294,8 @@ extern "C" { # define SSL_TXT_AES256 "AES256" # define SSL_TXT_AES "AES" @@ -4981,10 +4970,10 @@ # define SSL_TXT_CAMELLIA128 "CAMELLIA128" # define SSL_TXT_CAMELLIA256 "CAMELLIA256" # define SSL_TXT_CAMELLIA "CAMELLIA" -diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c -index 6957bda..21eae5c 100644 ---- a/ssl/ssl_ciph.c -+++ b/ssl/ssl_ciph.c +Index: openssl/ssl/ssl_ciph.c +=================================================================== +--- openssl.orig/ssl/ssl_ciph.c ++++ openssl/ssl/ssl_ciph.c @@ -150,25 +150,27 @@ #endif #include "ssl_locl.h" @@ -5029,7 +5018,7 @@ }; #define SSL_COMP_NULL_IDX 0 -@@ -363,6 +365,9 @@ static const SSL_CIPHER cipher_aliases[] = { +@@ -362,6 +364,9 @@ static const SSL_CIPHER cipher_aliases[] {0, SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, 0, SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3, SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 0, 0, 0,}, @@ -5039,7 +5028,7 @@ }; /* -@@ -432,6 +437,11 @@ void ssl_load_ciphers(void) +@@ -431,6 +436,11 @@ void ssl_load_ciphers(void) ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] = EVP_get_cipherbyname(SN_aes_256_gcm); @@ -5051,7 +5040,7 @@ ssl_digest_methods[SSL_MD_MD5_IDX] = EVP_get_digestbyname(SN_md5); ssl_mac_secret_size[SSL_MD_MD5_IDX] = EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]); -@@ -582,6 +592,12 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc, +@@ -581,6 +591,12 @@ int ssl_cipher_get_evp(const SSL_SESSION case SSL_AES256GCM: i = SSL_ENC_AES256GCM_IDX; break; @@ -5064,7 +5053,7 @@ default: i = -1; break; -@@ -797,6 +813,12 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, +@@ -796,6 +812,12 @@ static void ssl_cipher_get_disabled(unsi (ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] == NULL) ? SSL_AES256GCM : 0; *enc |= @@ -5077,7 +5066,7 @@ (ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] == NULL) ? SSL_CAMELLIA128 : 0; *enc |= -@@ -1812,6 +1834,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) +@@ -1812,6 +1834,12 @@ char *SSL_CIPHER_description(const SSL_C case SSL_AES256GCM: enc = "AESGCM(256)"; break; @@ -5090,10 +5079,10 @@ case SSL_CAMELLIA128: enc = "Camellia(128)"; break; -diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index a8e4efc..67d355c 100644 ---- a/ssl/ssl_locl.h -+++ b/ssl/ssl_locl.h +Index: openssl/ssl/ssl_locl.h +=================================================================== +--- openssl.orig/ssl/ssl_locl.h ++++ openssl/ssl/ssl_locl.h @@ -354,6 +354,8 @@ # define SSL_SEED 0x00000800L # define SSL_AES128GCM 0x00001000L @@ -5103,11 +5092,11 @@ # define SSL_AES (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM) # define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256) -diff --git a/ssl/tls1.h b/ssl/tls1.h -index 7e237d0..fb0c981 100644 ---- a/ssl/tls1.h -+++ b/ssl/tls1.h -@@ -563,6 +563,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) +Index: openssl/ssl/tls1.h +=================================================================== +--- openssl.orig/ssl/tls1.h ++++ openssl/ssl/tls1.h +@@ -563,6 +563,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_T # define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031 # define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032 @@ -5128,7 +5117,7 @@ /* * XXX * Backward compatibility alert: + * Older versions of OpenSSL gave * some DHE ciphers names with "EDH" + * instead of "DHE". Going forward, we -@@ -713,6 +727,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb) +@@ -713,6 +727,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_T # define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256 "ECDH-RSA-AES128-GCM-SHA256" # define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384 "ECDH-RSA-AES256-GCM-SHA384" @@ -5149,6 +5138,3 @@ # define TLS_CT_RSA_SIGN 1 # define TLS_CT_DSS_SIGN 2 # define TLS_CT_RSA_FIXED_DH 3 --- -2.5.0 - diff --git a/debian/patches/config-hurd.patch b/debian/patches/config-hurd.patch index 31a9184..9502388 100644 --- a/debian/patches/config-hurd.patch +++ b/debian/patches/config-hurd.patch @@ -1,8 +1,8 @@ -Index: openssl-1.0.0c/config +Index: openssl/config =================================================================== ---- openssl-1.0.0c.orig/config 2010-12-12 16:09:43.000000000 +0100 -+++ openssl-1.0.0c/config 2010-12-12 16:09:48.000000000 +0100 -@@ -170,8 +170,8 @@ +--- openssl.orig/config ++++ openssl/config +@@ -170,8 +170,8 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${ echo "${MACHINE}-whatever-linux1"; exit 0 ;; diff --git a/debian/patches/debian-targets.patch b/debian/patches/debian-targets.patch index 7de4b89..960f1d0 100644 --- a/debian/patches/debian-targets.patch +++ b/debian/patches/debian-targets.patch @@ -1,8 +1,8 @@ -Index: openssl-1.0.2f/Configure +Index: openssl/Configure =================================================================== ---- openssl-1.0.2f.orig/Configure -+++ openssl-1.0.2f/Configure -@@ -127,6 +127,10 @@ my $clang_devteam_warn = "-Wno-unused-pa +--- openssl.orig/Configure ++++ openssl/Configure +@@ -131,6 +131,10 @@ my $clang_devteam_warn = "-Wno-unused-pa # Warn that "make depend" should be run? my $warn_make_depend = 0; @@ -13,7 +13,7 @@ my $strict_warnings = 0; my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL"; -@@ -363,6 +367,55 @@ my %table=( +@@ -367,6 +371,55 @@ my %table=( "osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so", "tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so", diff --git a/debian/patches/disable_freelist.patch b/debian/patches/disable_freelist.patch index 354fed8..41fae4b 100644 --- a/debian/patches/disable_freelist.patch +++ b/debian/patches/disable_freelist.patch @@ -5,11 +5,11 @@ would break the ABI. Instead we just do it in the .c files that try to do something with it. -Index: openssl-1.0.2/ssl/s3_both.c +Index: openssl/ssl/s3_both.c =================================================================== ---- openssl-1.0.2.orig/ssl/s3_both.c -+++ openssl-1.0.2/ssl/s3_both.c -@@ -573,6 +573,7 @@ int ssl_verify_alarm_type(long type) +--- openssl.orig/ssl/s3_both.c ++++ openssl/ssl/s3_both.c +@@ -584,6 +584,7 @@ int ssl_verify_alarm_type(long type) return (al); } @@ -17,10 +17,10 @@ #ifndef OPENSSL_NO_BUF_FREELISTS /*- * On some platforms, malloc() performance is bad enough that you can't just -Index: openssl-1.0.2/ssl/ssl_lib.c +Index: openssl/ssl/ssl_lib.c =================================================================== ---- openssl-1.0.2.orig/ssl/ssl_lib.c -+++ openssl-1.0.2/ssl/ssl_lib.c +--- openssl.orig/ssl/ssl_lib.c ++++ openssl/ssl/ssl_lib.c @@ -162,6 +162,8 @@ const char *SSL_version_str = OPENSSL_VERSION_TEXT; diff --git a/debian/patches/engines-path.patch b/debian/patches/engines-path.patch index 4d4013d..76ef5c1 100644 --- a/debian/patches/engines-path.patch +++ b/debian/patches/engines-path.patch @@ -1,8 +1,8 @@ -Index: openssl-1.0.2~beta3/Makefile.org +Index: openssl/Makefile.org =================================================================== ---- openssl-1.0.2~beta3.orig/Makefile.org -+++ openssl-1.0.2~beta3/Makefile.org -@@ -541,7 +541,7 @@ install: all install_docs install_sw +--- openssl.orig/Makefile.org ++++ openssl/Makefile.org +@@ -536,7 +536,7 @@ install: all install_docs install_sw install_sw: @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \ @@ -11,10 +11,10 @@ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \ $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \ -Index: openssl-1.0.2~beta3/engines/Makefile +Index: openssl/engines/Makefile =================================================================== ---- openssl-1.0.2~beta3.orig/engines/Makefile -+++ openssl-1.0.2~beta3/engines/Makefile +--- openssl.orig/engines/Makefile ++++ openssl/engines/Makefile @@ -107,13 +107,13 @@ install: @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile... @if [ -n "$(SHARED_LIBS)" ]; then \ @@ -45,11 +45,11 @@ done; \ fi @target=install; $(RECURSIVE_MAKE) -Index: openssl-1.0.2~beta3/Configure +Index: openssl/Configure =================================================================== ---- openssl-1.0.2~beta3.orig/Configure -+++ openssl-1.0.2~beta3/Configure -@@ -1893,7 +1893,7 @@ while (<IN>) +--- openssl.orig/Configure ++++ openssl/Configure +@@ -1968,7 +1968,7 @@ while (<IN>) } elsif (/^#define\s+ENGINESDIR/) { @@ -58,10 +58,10 @@ $foo =~ s/\\/\\\\/g; print OUT "#define ENGINESDIR \"$foo\"\n"; } -Index: openssl-1.0.2~beta3/engines/ccgost/Makefile +Index: openssl/engines/ccgost/Makefile =================================================================== ---- openssl-1.0.2~beta3.orig/engines/ccgost/Makefile -+++ openssl-1.0.2~beta3/engines/ccgost/Makefile +--- openssl.orig/engines/ccgost/Makefile ++++ openssl/engines/ccgost/Makefile @@ -47,7 +47,7 @@ install: pfx=lib; \ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \ diff --git a/debian/patches/extend-version-script.patch b/debian/patches/extend-version-script.patch index 0f498f0..b9f68fe 100644 --- a/debian/patches/extend-version-script.patch +++ b/debian/patches/extend-version-script.patch @@ -1,7 +1,8 @@ -diff -aur openssl.orig/openssl.ld openssl/openssl.ld ---- openssl.orig/openssl.ld 2016-03-03 11:19:38.888050124 +0100 -+++ openssl/openssl.ld 2016-03-03 11:25:09.708605927 +0100 -@@ -4611,5 +4611,7 @@ +Index: openssl/openssl.ld +=================================================================== +--- openssl.orig/openssl.ld ++++ openssl/openssl.ld +@@ -4611,5 +4611,7 @@ OPENSSL_1.0.2 { BUF_strnlen; sk_deep_copy; SSL_test_functions; @@ -9,4 +10,3 @@ + SRP_user_pwd_free; } OPENSSL_1.0.1d; - diff --git a/debian/patches/man-dir.patch b/debian/patches/man-dir.patch index a35b37e..f5b6ae2 100644 --- a/debian/patches/man-dir.patch +++ b/debian/patches/man-dir.patch @@ -1,8 +1,8 @@ -Index: openssl-1.0.0c/Makefile.org +Index: openssl/Makefile.org =================================================================== ---- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100 -+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100 -@@ -131,7 +131,7 @@ +--- openssl.orig/Makefile.org ++++ openssl/Makefile.org +@@ -159,7 +159,7 @@ TESTS = alltests MAKEFILE= Makefile diff --git a/debian/patches/man-section.patch b/debian/patches/man-section.patch index a8ac662..4438e31 100644 --- a/debian/patches/man-section.patch +++ b/debian/patches/man-section.patch @@ -1,8 +1,8 @@ -Index: openssl-1.0.0c/Makefile.org +Index: openssl/Makefile.org =================================================================== ---- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100 -+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100 -@@ -134,7 +134,8 @@ +--- openssl.orig/Makefile.org ++++ openssl/Makefile.org +@@ -162,7 +162,8 @@ MAKEFILE= Makefile MANDIR=/usr/share/man MAN1=1 MAN3=3 @@ -12,7 +12,7 @@ HTMLSUFFIX=html HTMLDIR=$(OPENSSLDIR)/html SHELL=/bin/sh -@@ -606,7 +607,7 @@ +@@ -649,7 +650,7 @@ install_docs: echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ @@ -21,7 +21,7 @@ --release=$(VERSION) `basename $$i`") \ > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ $(PERL) util/extract-names.pl < $$i | \ -@@ -623,7 +624,7 @@ +@@ -666,7 +667,7 @@ install_docs: echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ (cd `$(PERL) util/dirname.pl $$i`; \ sh -c "$$pod2man \ diff --git a/debian/patches/more-chapoly.patch b/debian/patches/more-chapoly.patch index 677256e..2b9bcd5 100644 --- a/debian/patches/more-chapoly.patch +++ b/debian/patches/more-chapoly.patch @@ -1,8 +1,8 @@ -diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index 494bfd5..2753400 100644 ---- a/ssl/s3_lib.c -+++ b/ssl/s3_lib.c -@@ -4195,7 +4195,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +Index: openssl/ssl/s3_lib.c +=================================================================== +--- openssl.orig/ssl/s3_lib.c ++++ openssl/ssl/s3_lib.c +@@ -4195,7 +4195,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S int i, ii, ok; CERT *cert; unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a; @@ -12,7 +12,7 @@ /* Let's see which ciphers we can support */ cert = s->cert; -@@ -4229,17 +4230,50 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4229,17 +4230,50 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) { prio = srvr; allow = clnt; @@ -70,7 +70,7 @@ } tls1_set_cert_validity(s); -@@ -4251,10 +4285,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, +@@ -4251,10 +4285,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s)) continue; diff --git a/debian/patches/no-rpath.patch b/debian/patches/no-rpath.patch index 6ef0f0e..06ad41b 100644 --- a/debian/patches/no-rpath.patch +++ b/debian/patches/no-rpath.patch @@ -1,8 +1,8 @@ -Index: openssl-1.0.0c/Makefile.shared +Index: openssl/Makefile.shared =================================================================== ---- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000 +0200 -+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 -@@ -153,7 +153,7 @@ +--- openssl.orig/Makefile.shared ++++ openssl/Makefile.shared +@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" diff --git a/debian/patches/no-symbolic.patch b/debian/patches/no-symbolic.patch index 2a30777..62167aa 100644 --- a/debian/patches/no-symbolic.patch +++ b/debian/patches/no-symbolic.patch @@ -1,8 +1,8 @@ -Index: openssl-1.0.0c/Makefile.shared +Index: openssl/Makefile.shared =================================================================== ---- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000 +0100 -+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100 -@@ -151,7 +151,7 @@ +--- openssl.orig/Makefile.shared ++++ openssl/Makefile.shared +@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ SHLIB_SUFFIX=; \ ALLSYMSFLAGS='-Wl,--whole-archive'; \ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ diff --git a/debian/patches/pic.patch b/debian/patches/pic.patch index 2f13e57..4452f94 100644 --- a/debian/patches/pic.patch +++ b/debian/patches/pic.patch @@ -1,8 +1,8 @@ -Index: openssl-1.0.1c/crypto/des/asm/desboth.pl +Index: openssl/crypto/des/asm/desboth.pl =================================================================== ---- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24 23:20:56.000000000 +0200 -+++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000 +0200 -@@ -16,6 +16,11 @@ +--- openssl.orig/crypto/des/asm/desboth.pl ++++ openssl/crypto/des/asm/desboth.pl +@@ -16,6 +16,11 @@ sub DES_encrypt3 &push("edi"); @@ -14,7 +14,7 @@ &comment(""); &comment("Load the data words"); &mov($L,&DWP(0,"ebx","",0)); -@@ -47,15 +52,21 @@ +@@ -47,15 +52,21 @@ sub DES_encrypt3 &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); &mov(&swtmp(1), "eax"); &mov(&swtmp(0), "ebx"); @@ -39,11 +39,11 @@ &stack_pop(3); &mov($L,&DWP(0,"ebx","",0)); -Index: openssl-1.0.1c/crypto/perlasm/cbc.pl +Index: openssl/crypto/perlasm/cbc.pl =================================================================== ---- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000 +0200 -+++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000 +0200 -@@ -122,7 +122,11 @@ +--- openssl.orig/crypto/perlasm/cbc.pl ++++ openssl/crypto/perlasm/cbc.pl +@@ -122,7 +122,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -56,7 +56,7 @@ &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -185,7 +189,11 @@ +@@ -185,7 +189,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -69,7 +69,7 @@ &mov("eax", &DWP($data_off,"esp","",0)); &mov("ebx", &DWP($data_off+4,"esp","",0)); -@@ -218,7 +226,11 @@ +@@ -218,7 +226,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -82,7 +82,7 @@ &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # -@@ -261,7 +273,11 @@ +@@ -261,7 +273,11 @@ sub cbc &mov(&DWP($data_off,"esp","",0), "eax"); # put back &mov(&DWP($data_off+4,"esp","",0), "ebx"); # @@ -95,11 +95,11 @@ &mov("eax", &DWP($data_off,"esp","",0)); # get return &mov("ebx", &DWP($data_off+4,"esp","",0)); # -Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl +Index: openssl/crypto/perlasm/x86gas.pl =================================================================== ---- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09 20:16:35.000000000 +0100 -+++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000 +0200 -@@ -161,6 +161,7 @@ +--- openssl.orig/crypto/perlasm/x86gas.pl ++++ openssl/crypto/perlasm/x86gas.pl +@@ -163,6 +163,7 @@ sub ::file_end if ($::macosx) { push (@out,"$tmp,2\n"); } elsif ($::elf) { push (@out,"$tmp,4\n"); } else { push (@out,"$tmp\n"); } @@ -107,7 +107,7 @@ } push(@out,$initseg) if ($initseg); } -@@ -218,8 +219,23 @@ +@@ -221,8 +222,23 @@ ___ elsif ($::elf) { $initseg.=<<___; .section .init @@ -131,11 +131,11 @@ } elsif ($::coff) { $initseg.=<<___; # applies to both Cygwin and Mingw -Index: openssl-1.0.1c/crypto/x86cpuid.pl +Index: openssl/crypto/x86cpuid.pl =================================================================== ---- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000 +0100 -+++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200 -@@ -8,6 +8,8 @@ +--- openssl.orig/crypto/x86cpuid.pl ++++ openssl/crypto/x86cpuid.pl +@@ -8,6 +8,8 @@ require "x86asm.pl"; for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); } @@ -144,7 +144,7 @@ &function_begin("OPENSSL_ia32_cpuid"); &xor ("edx","edx"); &pushf (); -@@ -139,9 +141,7 @@ +@@ -155,9 +157,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 &set_label("nocpuid"); &function_end("OPENSSL_ia32_cpuid"); @@ -155,7 +155,7 @@ &xor ("eax","eax"); &xor ("edx","edx"); &picmeup("ecx","OPENSSL_ia32cap_P"); -@@ -155,7 +155,7 @@ +@@ -171,7 +171,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 # This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host], # but it's safe to call it on any [supported] 32-bit platform... # Just check for [non-]zero return value... @@ -164,7 +164,7 @@ &picmeup("ecx","OPENSSL_ia32cap_P"); &bt (&DWP(0,"ecx"),4); &jnc (&label("nohalt")); # no TSC -@@ -222,7 +222,7 @@ +@@ -238,7 +238,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3 &ret (); &function_end_B("OPENSSL_far_spin"); diff --git a/debian/patches/shared-lib-ext.patch b/debian/patches/shared-lib-ext.patch index 6b57a6d..bdfb8a6 100644 --- a/debian/patches/shared-lib-ext.patch +++ b/debian/patches/shared-lib-ext.patch @@ -1,8 +1,8 @@ -Index: openssl-1.0.0c/Configure +Index: openssl/Configure =================================================================== ---- openssl-1.0.0c.orig/Configure 2010-12-12 16:10:12.000000000 +0100 -+++ openssl-1.0.0c/Configure 2010-12-12 17:12:38.000000000 +0100 -@@ -1605,7 +1605,8 @@ +--- openssl.orig/Configure ++++ openssl/Configure +@@ -1834,7 +1834,8 @@ while (<IN>) elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/) { my $sotmp = $1; diff --git a/debian/patches/valgrind.patch b/debian/patches/valgrind.patch index 83f1e7d..1c533e5 100644 --- a/debian/patches/valgrind.patch +++ b/debian/patches/valgrind.patch @@ -1,7 +1,7 @@ -Index: openssl-1.0.2/crypto/rand/md_rand.c +Index: openssl/crypto/rand/md_rand.c =================================================================== ---- openssl-1.0.2.orig/crypto/rand/md_rand.c -+++ openssl-1.0.2/crypto/rand/md_rand.c +--- openssl.orig/crypto/rand/md_rand.c ++++ openssl/crypto/rand/md_rand.c @@ -480,6 +480,7 @@ int ssleay_rand_bytes(unsigned char *buf MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c)); diff --git a/debian/patches/version-script.patch b/debian/patches/version-script.patch index a249180..34e39f9 100644 --- a/debian/patches/version-script.patch +++ b/debian/patches/version-script.patch @@ -1,8 +1,8 @@ -Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure +Index: openssl/Configure =================================================================== ---- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure 2014-02-24 21:02:30.000000000 +0100 -+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24 21:02:30.000000000 +0100 -@@ -1651,6 +1651,8 @@ +--- openssl.orig/Configure ++++ openssl/Configure +@@ -1732,6 +1732,8 @@ if ($strict_warnings) } } @@ -11,10 +11,10 @@ open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n"; unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new"; open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n"; -Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld +Index: openssl/openssl.ld =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 22:19:08.601827266 +0100 +--- /dev/null ++++ openssl/openssl.ld @@ -0,0 +1,4615 @@ +OPENSSL_1.0.0 { + global: @@ -4631,10 +4631,10 @@ + SSL_test_functions; +} OPENSSL_1.0.1d; + -Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld +Index: openssl/engines/openssl.ld =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 2014-02-24 21:02:30.000000000 +0100 +--- /dev/null ++++ openssl/engines/openssl.ld @@ -0,0 +1,10 @@ +OPENSSL_1.0.0 { + global: @@ -4646,10 +4646,10 @@ + *; +}; + -Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld +Index: openssl/engines/ccgost/openssl.ld =================================================================== ---- /dev/null 1970-01-01 00:00:00.000000000 +0000 -+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld 2014-02-24 21:02:30.000000000 +0100 +--- /dev/null ++++ openssl/engines/ccgost/openssl.ld @@ -0,0 +1,10 @@ +OPENSSL_1.0.0 { + global: diff --git a/debian/patches/zero-pad-dhe.patch b/debian/patches/zero-pad-dhe.patch index e3bd30a..d94ff3f 100644 --- a/debian/patches/zero-pad-dhe.patch +++ b/debian/patches/zero-pad-dhe.patch @@ -1,11 +1,11 @@ zero pad DHE public key in ServerKeyExchange message for interop: https://github.com/openssl/openssl/pull/1350/commits/3bfdc80ef28664b4488a25cd65077b9a1cb488c8 -diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c -index c95d610..472d1a2 100644 ---- a/ssl/s3_srvr.c -+++ b/ssl/s3_srvr.c -@@ -1600,6 +1600,9 @@ int ssl3_send_server_key_exchange(SSL *s) +Index: openssl/ssl/s3_srvr.c +=================================================================== +--- openssl.orig/ssl/s3_srvr.c ++++ openssl/ssl/s3_srvr.c +@@ -1601,6 +1601,9 @@ int ssl3_send_server_key_exchange(SSL *s unsigned int u; #endif #ifndef OPENSSL_NO_DH @@ -15,7 +15,7 @@ DH *dh = NULL, *dhp; #endif #ifndef OPENSSL_NO_ECDH -@@ -1861,6 +1864,16 @@ int ssl3_send_server_key_exchange(SSL *s) +@@ -1862,6 +1865,16 @@ int ssl3_send_server_key_exchange(SSL *s n += 1 + nr[i]; else #endif @@ -32,7 +32,7 @@ n += 2 + nr[i]; } -@@ -1895,6 +1908,20 @@ int ssl3_send_server_key_exchange(SSL *s) +@@ -1896,6 +1909,20 @@ int ssl3_send_server_key_exchange(SSL *s p++; } else #endif -- To view, visit https://gerrit.wikimedia.org/r/312234 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie4840b816352e46bf106394d8dc41ab6a237db4b Gerrit-PatchSet: 2 Gerrit-Project: operations/debs/openssl Gerrit-Branch: master Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org> Gerrit-Reviewer: BBlack <bbl...@wikimedia.org> Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits