Muehlenhoff has submitted this change and it was merged.
Change subject: Update Debian patches for 1.0.2i
......................................................................
Update Debian patches for 1.0.2i
Update ca.patch and cloudflare-c20p1305.patch for changes in 1.0.2i
and refresh all remaining quilt patches.
Change-Id: Ie4840b816352e46bf106394d8dc41ab6a237db4b
---
M debian/patches/block_digicert_malaysia.patch
M debian/patches/block_diginotar.patch
M debian/patches/c_rehash-compat.patch
M debian/patches/ca.patch
M debian/patches/cloudflare-c20p1305-sym.patch
M debian/patches/cloudflare-c20p1305.patch
M debian/patches/config-hurd.patch
M debian/patches/debian-targets.patch
M debian/patches/disable_freelist.patch
M debian/patches/engines-path.patch
M debian/patches/extend-version-script.patch
M debian/patches/man-dir.patch
M debian/patches/man-section.patch
M debian/patches/more-chapoly.patch
M debian/patches/no-rpath.patch
M debian/patches/no-symbolic.patch
M debian/patches/pic.patch
M debian/patches/shared-lib-ext.patch
M debian/patches/valgrind.patch
M debian/patches/version-script.patch
M debian/patches/zero-pad-dhe.patch
21 files changed, 241 insertions(+), 255 deletions(-)
Approvals:
Muehlenhoff: Looks good to me, approved
jenkins-bot: Verified
diff --git a/debian/patches/block_digicert_malaysia.patch
b/debian/patches/block_digicert_malaysia.patch
index 877d534..61aa8df 100644
--- a/debian/patches/block_digicert_malaysia.patch
+++ b/debian/patches/block_digicert_malaysia.patch
@@ -5,11 +5,11 @@
Origin: vendor
Last-Update: 2011-11-05
-Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
+Index: openssl/crypto/x509/x509_vfy.c
===================================================================
---- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c 2014-02-25
00:16:12.488028844 +0100
-+++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929
+0100
-@@ -964,10 +964,11 @@
+--- openssl.orig/crypto/x509/x509_vfy.c
++++ openssl/crypto/x509/x509_vfy.c
+@@ -1122,10 +1122,11 @@ static int check_ca_blacklist(X509_STORE
for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
{
x = sk_X509_value(ctx->chain, i);
diff --git a/debian/patches/block_diginotar.patch
b/debian/patches/block_diginotar.patch
index 2cbbb10..8c62339 100644
--- a/debian/patches/block_diginotar.patch
+++ b/debian/patches/block_diginotar.patch
@@ -10,10 +10,10 @@
This is not meant as final patch.
-Index: openssl-1.0.2g/crypto/x509/x509_vfy.c
+Index: openssl/crypto/x509/x509_vfy.c
===================================================================
---- openssl-1.0.2g.orig/crypto/x509/x509_vfy.c
-+++ openssl-1.0.2g/crypto/x509/x509_vfy.c
+--- openssl.orig/crypto/x509/x509_vfy.c
++++ openssl/crypto/x509/x509_vfy.c
@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
static int check_revocation(X509_STORE_CTX *ctx);
static int check_cert(X509_STORE_CTX *ctx);
@@ -22,7 +22,7 @@
static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
unsigned int *preasons, X509_CRL *crl, X509 *x);
-@@ -489,6 +490,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+@@ -501,6 +502,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
if (!ok)
goto err;
@@ -32,7 +32,7 @@
#ifndef OPENSSL_NO_RFC3779
/* RFC 3779 path validation, now that CRL check has been done */
ok = v3_asid_validate_path(ctx);
-@@ -996,6 +1000,29 @@ static int check_crl_time(X509_STORE_CTX
+@@ -1110,6 +1114,29 @@ static int check_crl_time(X509_STORE_CTX
return 1;
}
diff --git a/debian/patches/c_rehash-compat.patch
b/debian/patches/c_rehash-compat.patch
index 102210a..9614124 100644
--- a/debian/patches/c_rehash-compat.patch
+++ b/debian/patches/c_rehash-compat.patch
@@ -7,10 +7,10 @@
tools/c_rehash.in | 8 +++++++-
1 files changed, 7 insertions(+), 1 deletions(-)
-Index: openssl-1.0.2b/tools/c_rehash.in
+Index: openssl/tools/c_rehash.in
===================================================================
---- openssl-1.0.2b.orig/tools/c_rehash.in
-+++ openssl-1.0.2b/tools/c_rehash.in
+--- openssl.orig/tools/c_rehash.in
++++ openssl/tools/c_rehash.in
@@ -8,8 +8,6 @@ my $prefix;
my $openssl = $ENV{OPENSSL} || "openssl";
diff --git a/debian/patches/ca.patch b/debian/patches/ca.patch
index 761eebe..7d1b357 100644
--- a/debian/patches/ca.patch
+++ b/debian/patches/ca.patch
@@ -1,16 +1,16 @@
-Index: openssl-0.9.8m/apps/CA.pl.in
+Index: openssl/apps/CA.pl.in
===================================================================
---- openssl-0.9.8m.orig/apps/CA.pl.in 2006-04-28 00:28:51.000000000 +0000
-+++ openssl-0.9.8m/apps/CA.pl.in 2010-02-27 00:36:51.000000000 +0000
-@@ -65,6 +65,7 @@
+--- openssl.orig/apps/CA.pl.in
++++ openssl/apps/CA.pl.in
+@@ -65,6 +65,7 @@ $RET = 0;
foreach (@ARGV) {
if ( /^(-\?|-h|-help)$/ ) {
- print STDERR "usage: CA
-newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
+ print STDERR "usage: CA
-newcert|-newreq|-newreq-nodes|-newca|-sign|-signcert|-verify\n";
+ print STDERR "usage: CA -signcert certfile
keyfile|-newcert|-newreq|-newca|-sign|-verify\n";
exit 0;
} elsif (/^-newcert$/) {
# create a certificate
-@@ -165,6 +166,7 @@
+@@ -165,6 +166,7 @@ foreach (@ARGV) {
} else {
print STDERR "Unknown arg $_\n";
print STDERR "usage: CA
-newcert|-newreq|-newreq-nodes|-newca|-sign|-verify\n";
diff --git a/debian/patches/cloudflare-c20p1305-sym.patch
b/debian/patches/cloudflare-c20p1305-sym.patch
index 513ede5..d73745f 100644
--- a/debian/patches/cloudflare-c20p1305-sym.patch
+++ b/debian/patches/cloudflare-c20p1305-sym.patch
@@ -1,8 +1,8 @@
# symbol export fixup for cloudflare patch on debian
-diff --git a/openssl.ld b/openssl.ld
-index b4d1a18..3156af7 100644
---- a/openssl.ld
-+++ b/openssl.ld
+Index: openssl/openssl.ld
+===================================================================
+--- openssl.orig/openssl.ld
++++ openssl/openssl.ld
@@ -4613,5 +4613,7 @@ OPENSSL_1.0.2 {
SSL_test_functions;
SRP_VBASE_get1_by_user;
@@ -10,4 +10,4 @@
+ EVP_chacha20_poly1305;
+ EVP_chacha20_poly1305_draft;
} OPENSSL_1.0.1d;
-
+
diff --git a/debian/patches/cloudflare-c20p1305.patch
b/debian/patches/cloudflare-c20p1305.patch
index 181567b..f8747cb 100644
--- a/debian/patches/cloudflare-c20p1305.patch
+++ b/debian/patches/cloudflare-c20p1305.patch
@@ -45,11 +45,11 @@
create mode 100644 crypto/chacha20poly1305/poly1305.c
create mode 100644 crypto/evp/e_chacha20poly1305.c
-diff --git a/Configure b/Configure
-index 4a715dc..f3ab6cd 100755
---- a/Configure
-+++ b/Configure
-@@ -146,25 +146,25 @@ my $tlib="-lnsl -lsocket";
+Index: openssl/Configure
+===================================================================
+--- openssl.orig/Configure
++++ openssl/Configure
+@@ -154,25 +154,25 @@ my $tlib="-lnsl -lsocket";
my $bits1="THIRTY_TWO_BIT ";
my $bits2="SIXTY_FOUR_BIT ";
@@ -89,7 +89,7 @@
# As for $BSDthreads. Idea is to maintain "collective" set of flags,
# which would cover all BSD flavors. -pthread applies to them all,
-@@ -710,6 +710,7 @@ my $idx_wp_obj = $idx++;
+@@ -767,6 +767,7 @@ my $idx_wp_obj = $idx++;
my $idx_cmll_obj = $idx++;
my $idx_modes_obj = $idx++;
my $idx_engines_obj = $idx++;
@@ -97,7 +97,7 @@
my $idx_perlasm_scheme = $idx++;
my $idx_dso_scheme = $idx++;
my $idx_shared_target = $idx++;
-@@ -752,6 +753,7 @@ my $bf ="crypto/bf/bf_locl.h";
+@@ -809,6 +810,7 @@ my $bf ="crypto/bf/bf_locl.h";
my $bn_asm ="bn_asm.o";
my $des_enc="des_enc.o fcrypt_b.o";
my $aes_enc="aes_core.o aes_cbc.o";
@@ -105,7 +105,7 @@
my $bf_enc ="bf_enc.o";
my $cast_enc="c_enc.o";
my $rc4_enc="rc4_enc.o rc4_skey.o";
-@@ -1210,7 +1212,7 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir
!~ /(^\/|^[a-zA-Z]:[\\\/]
+@@ -1264,7 +1266,7 @@ $openssldir=$prefix . "/" . $openssldir
print "IsMK1MF=$IsMK1MF\n";
@@ -114,7 +114,7 @@
my $cc = $fields[$idx_cc];
# Allow environment CC to override compiler...
if($ENV{CC}) {
-@@ -1239,6 +1241,7 @@ my $wp_obj = $fields[$idx_wp_obj];
+@@ -1293,6 +1295,7 @@ my $wp_obj = $fields[$idx_wp_obj];
my $cmll_obj = $fields[$idx_cmll_obj];
my $modes_obj = $fields[$idx_modes_obj];
my $engines_obj = $fields[$idx_engines_obj];
@@ -122,7 +122,7 @@
my $perlasm_scheme = $fields[$idx_perlasm_scheme];
my $dso_scheme = $fields[$idx_dso_scheme];
my $shared_target = $fields[$idx_shared_target];
-@@ -1405,7 +1408,7 @@ if ($no_asm)
+@@ -1460,7 +1463,7 @@ if ($no_asm)
{
$cpuid_obj=$bn_obj=$ec_obj=
$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
@@ -131,9 +131,9 @@
}
if (!$no_shared)
-@@ -1558,6 +1561,14 @@ $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
+@@ -1612,6 +1615,14 @@ $des_obj=$des_enc unless ($des_obj =~ /\
+ $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
- $rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/);
$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/);
+if ($chapoly_obj =~ /\.o$/)
+ {
@@ -143,9 +143,9 @@
+ {
+ $chapoly_obj=$chapoly_enc;
+ }
- if ($sha1_obj =~ /\.o$/)
+ if ($rc4_obj =~ /\.o$/)
{
- # $sha1_obj=$sha1_enc;
+ $cflags.=" -DRC4_ASM";
@@ -1740,6 +1751,7 @@ while (<IN>)
s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/;
s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/;
@@ -179,11 +179,11 @@
\$perlasm_scheme = $perlasm_scheme
\$dso_scheme = $dso_scheme
\$shared_target= $shared_target
-diff --git a/Makefile.org b/Makefile.org
-index 76fdbdf..6556ef6 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -91,6 +91,7 @@ BN_ASM= bn_asm.o
+Index: openssl/Makefile.org
+===================================================================
+--- openssl.orig/Makefile.org
++++ openssl/Makefile.org
+@@ -92,6 +92,7 @@ BN_ASM= bn_asm.o
EC_ASM=
DES_ENC= des_enc.o fcrypt_b.o
AES_ENC= aes_core.o aes_cbc.o
@@ -191,7 +191,7 @@
BF_ENC= bf_enc.o
CAST_ENC= c_enc.o
RC4_ENC= rc4_enc.o
-@@ -148,7 +149,7 @@ SDIRS= \
+@@ -149,7 +150,7 @@ SDIRS= \
bn ec rsa dsa ecdsa dh ecdh dso engine \
buffer bio stack lhash rand err \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp ui krb5 \
@@ -200,7 +200,7 @@
# keep in mind that the above list is adjusted by ./Configure
# according to no-xxx arguments...
-@@ -234,6 +235,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)'
PROCESSOR='$(PROCESSOR)'\
+@@ -237,6 +238,7 @@ BUILDENV= LC_ALL=C PLATFORM='$(PLATFORM)
WP_ASM_OBJ='$(WP_ASM_OBJ)' \
MODES_ASM_OBJ='$(MODES_ASM_OBJ)' \
ENGINES_ASM_OBJ='$(ENGINES_ASM_OBJ)' \
@@ -208,10 +208,10 @@
PERLASM_SCHEME='$(PERLASM_SCHEME)' \
FIPSLIBDIR='${FIPSLIBDIR}' \
FIPSDIR='${FIPSDIR}' \
-diff --git a/apps/speed.c b/apps/speed.c
-index 95adcc1..94b80a1 100644
---- a/apps/speed.c
-+++ b/apps/speed.c
+Index: openssl/apps/speed.c
+===================================================================
+--- openssl.orig/apps/speed.c
++++ openssl/apps/speed.c
@@ -1,4 +1,4 @@
-/* apps/speed.c */
+/* apps/speed.c -*- mode:C; c-file-style: "eay" -*- */
@@ -227,7 +227,7 @@
static volatile int run = 0;
static int mr = 0;
-@@ -241,7 +241,7 @@ static void print_result(int alg, int run_no, int count,
double time_used);
+@@ -241,7 +241,7 @@ static void print_result(int alg, int ru
static int do_multi(int multi);
# endif
@@ -302,11 +302,10 @@
# ifndef OPENSSL_NO_CAMELLIA
if (doit[D_CBC_128_CML]) {
for (j = 0; j < SIZE_NUM; j++) {
-diff --git a/crypto/chacha20poly1305/Makefile
b/crypto/chacha20poly1305/Makefile
-new file mode 100644
-index 0000000..446eb27
+Index: openssl/crypto/chacha20poly1305/Makefile
+===================================================================
--- /dev/null
-+++ b/crypto/chacha20poly1305/Makefile
++++ openssl/crypto/chacha20poly1305/Makefile
@@ -0,0 +1,97 @@
+#
+# crypto/chacha20poly1305/Makefile
@@ -405,11 +404,10 @@
+
+chacha20.o: ../../include/openssl/chacha20poly1305.h chacha20.c
+poly1305.o: ../../include/openssl/chacha20poly1305.h poly1305.c
-diff --git a/crypto/chacha20poly1305/asm/chacha20_avx.pl
b/crypto/chacha20poly1305/asm/chacha20_avx.pl
-new file mode 100644
-index 0000000..bf3e3f0
+Index: openssl/crypto/chacha20poly1305/asm/chacha20_avx.pl
+===================================================================
--- /dev/null
-+++ b/crypto/chacha20poly1305/asm/chacha20_avx.pl
++++ openssl/crypto/chacha20poly1305/asm/chacha20_avx.pl
@@ -0,0 +1,408 @@
+#!/usr/bin/env perl
+
@@ -819,11 +817,10 @@
+
+close STDOUT;
+
-diff --git a/crypto/chacha20poly1305/asm/chacha20_avx2.pl
b/crypto/chacha20poly1305/asm/chacha20_avx2.pl
-new file mode 100644
-index 0000000..9f31f86
+Index: openssl/crypto/chacha20poly1305/asm/chacha20_avx2.pl
+===================================================================
--- /dev/null
-+++ b/crypto/chacha20poly1305/asm/chacha20_avx2.pl
++++ openssl/crypto/chacha20poly1305/asm/chacha20_avx2.pl
@@ -0,0 +1,443 @@
+#!/usr/bin/env perl
+
@@ -1268,11 +1265,10 @@
+
+close STDOUT;
+
-diff --git a/crypto/chacha20poly1305/asm/poly1305_avx.pl
b/crypto/chacha20poly1305/asm/poly1305_avx.pl
-new file mode 100644
-index 0000000..cedeca1
+Index: openssl/crypto/chacha20poly1305/asm/poly1305_avx.pl
+===================================================================
--- /dev/null
-+++ b/crypto/chacha20poly1305/asm/poly1305_avx.pl
++++ openssl/crypto/chacha20poly1305/asm/poly1305_avx.pl
@@ -0,0 +1,732 @@
+##############################################################################
+# #
@@ -2006,11 +2002,10 @@
+print $code;
+close STDOUT;
+
-diff --git a/crypto/chacha20poly1305/asm/poly1305_avx2.pl
b/crypto/chacha20poly1305/asm/poly1305_avx2.pl
-new file mode 100644
-index 0000000..d2dd51f
+Index: openssl/crypto/chacha20poly1305/asm/poly1305_avx2.pl
+===================================================================
--- /dev/null
-+++ b/crypto/chacha20poly1305/asm/poly1305_avx2.pl
++++ openssl/crypto/chacha20poly1305/asm/poly1305_avx2.pl
@@ -0,0 +1,984 @@
+##############################################################################
+# #
@@ -2996,11 +2991,10 @@
+print $code;
+close STDOUT;
+
-diff --git a/crypto/chacha20poly1305/asm/poly1305_x64.pl
b/crypto/chacha20poly1305/asm/poly1305_x64.pl
-new file mode 100644
-index 0000000..31c4c47
+Index: openssl/crypto/chacha20poly1305/asm/poly1305_x64.pl
+===================================================================
--- /dev/null
-+++ b/crypto/chacha20poly1305/asm/poly1305_x64.pl
++++ openssl/crypto/chacha20poly1305/asm/poly1305_x64.pl
@@ -0,0 +1,281 @@
+
+##############################################################################
@@ -3283,11 +3277,10 @@
+$code =~ s/\`([^\`]*)\`/eval($1)/gem;
+print $code;
+close STDOUT;
-diff --git a/crypto/chacha20poly1305/chacha20.c
b/crypto/chacha20poly1305/chacha20.c
-new file mode 100644
-index 0000000..3044751
+Index: openssl/crypto/chacha20poly1305/chacha20.c
+===================================================================
--- /dev/null
-+++ b/crypto/chacha20poly1305/chacha20.c
++++ openssl/crypto/chacha20poly1305/chacha20.c
@@ -0,0 +1,162 @@
+/* Copyright (c) 2014, Google Inc.
+ *
@@ -3451,11 +3444,10 @@
+ U32TO8_LITTLE(nonce + 36, input[13]);
+}
+
-diff --git a/crypto/chacha20poly1305/chacha20poly1305.h
b/crypto/chacha20poly1305/chacha20poly1305.h
-new file mode 100644
-index 0000000..09b0450
+Index: openssl/crypto/chacha20poly1305/chacha20poly1305.h
+===================================================================
--- /dev/null
-+++ b/crypto/chacha20poly1305/chacha20poly1305.h
++++ openssl/crypto/chacha20poly1305/chacha20poly1305.h
@@ -0,0 +1,79 @@
+/* Copyright (c) 2014, Google Inc.
+ *
@@ -3536,11 +3528,10 @@
+#endif
+
+#endif /* OPENSSL_HEADER_POLY1305_H */
-diff --git a/crypto/chacha20poly1305/chapolytest.c
b/crypto/chacha20poly1305/chapolytest.c
-new file mode 100644
-index 0000000..7e2933f
+Index: openssl/crypto/chacha20poly1305/chapolytest.c
+===================================================================
--- /dev/null
-+++ b/crypto/chacha20poly1305/chapolytest.c
++++ openssl/crypto/chacha20poly1305/chapolytest.c
@@ -0,0 +1,470 @@
+/* ====================================================================
+ * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved.
@@ -4012,11 +4003,10 @@
+ return 0;
+}
+
-diff --git a/crypto/chacha20poly1305/poly1305.c
b/crypto/chacha20poly1305/poly1305.c
-new file mode 100644
-index 0000000..50bc4a0
+Index: openssl/crypto/chacha20poly1305/poly1305.c
+===================================================================
--- /dev/null
-+++ b/crypto/chacha20poly1305/poly1305.c
++++ openssl/crypto/chacha20poly1305/poly1305.c
@@ -0,0 +1,287 @@
+/* Copyright (c) 2014, Google Inc.
+ *
@@ -4305,11 +4295,11 @@
+ U32TO8_LE(&mac[12], f3);
+}
+
-diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
-index c9f674b..c6ff6ff 100644
---- a/crypto/cryptlib.c
-+++ b/crypto/cryptlib.c
-@@ -656,16 +656,6 @@ const char *CRYPTO_get_lock_name(int type)
+Index: openssl/crypto/cryptlib.c
+===================================================================
+--- openssl.orig/crypto/cryptlib.c
++++ openssl/crypto/cryptlib.c
+@@ -656,16 +656,6 @@ const char *CRYPTO_get_lock_name(int typ
extern unsigned int OPENSSL_ia32cap_P[4];
unsigned long *OPENSSL_ia32cap_loc(void)
{
@@ -4326,11 +4316,11 @@
return (unsigned long *)OPENSSL_ia32cap_P;
}
-diff --git a/crypto/evp/Makefile b/crypto/evp/Makefile
-index aaaad98..e30b588 100644
---- a/crypto/evp/Makefile
-+++ b/crypto/evp/Makefile
-@@ -29,7 +29,8 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c
evp_cnf.c \
+Index: openssl/crypto/evp/Makefile
+===================================================================
+--- openssl.orig/crypto/evp/Makefile
++++ openssl/crypto/evp/Makefile
+@@ -29,7 +29,8 @@ LIBSRC= encode.c digest.c evp_enc.c evp_
c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c \
e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c \
@@ -4340,7 +4330,7 @@
LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o evp_cnf.o \
e_des.o e_bf.o e_idea.o e_des3.o e_camellia.o\
-@@ -42,7 +43,8 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_key.o
evp_acnf.o evp_cnf.o \
+@@ -42,7 +43,8 @@ LIBOBJ= encode.o digest.o evp_enc.o evp_
c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o \
e_old.o pmeth_lib.o pmeth_fn.o pmeth_gn.o m_sigver.o \
@@ -4350,7 +4340,7 @@
SRC= $(LIBSRC)
-@@ -263,6 +265,7 @@ e_cast.o: ../../include/openssl/objects.h
../../include/openssl/opensslconf.h
+@@ -264,6 +266,7 @@ e_cast.o: ../../include/openssl/objects.
e_cast.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
e_cast.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h e_cast.c evp_locl.h
@@ -4358,11 +4348,10 @@
e_des.o: ../../e_os.h ../../include/openssl/asn1.h ../../include/openssl/bio.h
e_des.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
e_des.o: ../../include/openssl/des.h ../../include/openssl/des_old.h
-diff --git a/crypto/evp/e_chacha20poly1305.c b/crypto/evp/e_chacha20poly1305.c
-new file mode 100644
-index 0000000..17f8cb4
+Index: openssl/crypto/evp/e_chacha20poly1305.c
+===================================================================
--- /dev/null
-+++ b/crypto/evp/e_chacha20poly1305.c
++++ openssl/crypto/evp/e_chacha20poly1305.c
@@ -0,0 +1,435 @@
+/* ====================================================================
+ * Copyright (c) 2001-2014 The OpenSSL Project. All rights reserved.
@@ -4799,11 +4788,11 @@
+const EVP_CIPHER *EVP_chacha20_poly1305(void)
+{ return &chacha20_poly1305; }
+#endif
-diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
-index 39ab793..53ed671 100644
---- a/crypto/evp/evp.h
-+++ b/crypto/evp/evp.h
-@@ -893,6 +893,10 @@ const EVP_CIPHER *EVP_camellia_256_cfb128(void);
+Index: openssl/crypto/evp/evp.h
+===================================================================
+--- openssl.orig/crypto/evp/evp.h
++++ openssl/crypto/evp/evp.h
+@@ -893,6 +893,10 @@ const EVP_CIPHER *EVP_camellia_256_cfb12
# define EVP_camellia_256_cfb EVP_camellia_256_cfb128
const EVP_CIPHER *EVP_camellia_256_ofb(void);
# endif
@@ -4814,11 +4803,11 @@
# ifndef OPENSSL_NO_SEED
const EVP_CIPHER *EVP_seed_ecb(void);
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index f846cb5..b0364c1 100644
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -2891,6 +2891,111 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+Index: openssl/ssl/s3_lib.c
+===================================================================
+--- openssl.orig/ssl/s3_lib.c
++++ openssl/ssl/s3_lib.c
+@@ -2945,6 +2945,111 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]
256},
#endif
@@ -4930,7 +4919,7 @@
/* end of list */
};
-@@ -4036,6 +4141,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
STACK_OF(SSL_CIPHER) *clnt,
+@@ -4090,6 +4195,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
int i, ii, ok;
CERT *cert;
unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
@@ -4938,7 +4927,7 @@
/* Let's see which ciphers we can support */
cert = s->cert;
-@@ -4069,9 +4175,17 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
STACK_OF(SSL_CIPHER) *clnt,
+@@ -4123,9 +4229,17 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
prio = srvr;
allow = clnt;
@@ -4956,7 +4945,7 @@
}
tls1_set_cert_validity(s);
-@@ -4083,6 +4197,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
STACK_OF(SSL_CIPHER) *clnt,
+@@ -4137,6 +4251,11 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s))
continue;
@@ -4968,10 +4957,10 @@
ssl_set_cert_masks(cert, c);
mask_k = cert->mask_k;
mask_a = cert->mask_a;
-diff --git a/ssl/ssl.h b/ssl/ssl.h
-index ae8c925..c7635b6 100644
---- a/ssl/ssl.h
-+++ b/ssl/ssl.h
+Index: openssl/ssl/ssl.h
+===================================================================
+--- openssl.orig/ssl/ssl.h
++++ openssl/ssl/ssl.h
@@ -294,6 +294,8 @@ extern "C" {
# define SSL_TXT_AES256 "AES256"
# define SSL_TXT_AES "AES"
@@ -4981,10 +4970,10 @@
# define SSL_TXT_CAMELLIA128 "CAMELLIA128"
# define SSL_TXT_CAMELLIA256 "CAMELLIA256"
# define SSL_TXT_CAMELLIA "CAMELLIA"
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 6957bda..21eae5c 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
+Index: openssl/ssl/ssl_ciph.c
+===================================================================
+--- openssl.orig/ssl/ssl_ciph.c
++++ openssl/ssl/ssl_ciph.c
@@ -150,25 +150,27 @@
#endif
#include "ssl_locl.h"
@@ -5029,7 +5018,7 @@
};
#define SSL_COMP_NULL_IDX 0
-@@ -363,6 +365,9 @@ static const SSL_CIPHER cipher_aliases[] = {
+@@ -362,6 +364,9 @@ static const SSL_CIPHER cipher_aliases[]
{0, SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA, 0,
SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, SSL_SSLV3,
SSL_NOT_EXP | SSL_HIGH | SSL_FIPS, 0, 0, 0,},
@@ -5039,7 +5028,7 @@
};
/*
-@@ -432,6 +437,11 @@ void ssl_load_ciphers(void)
+@@ -431,6 +436,11 @@ void ssl_load_ciphers(void)
ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] =
EVP_get_cipherbyname(SN_aes_256_gcm);
@@ -5051,7 +5040,7 @@
ssl_digest_methods[SSL_MD_MD5_IDX] = EVP_get_digestbyname(SN_md5);
ssl_mac_secret_size[SSL_MD_MD5_IDX] =
EVP_MD_size(ssl_digest_methods[SSL_MD_MD5_IDX]);
-@@ -582,6 +592,12 @@ int ssl_cipher_get_evp(const SSL_SESSION *s, const
EVP_CIPHER **enc,
+@@ -581,6 +591,12 @@ int ssl_cipher_get_evp(const SSL_SESSION
case SSL_AES256GCM:
i = SSL_ENC_AES256GCM_IDX;
break;
@@ -5064,7 +5053,7 @@
default:
i = -1;
break;
-@@ -797,6 +813,12 @@ static void ssl_cipher_get_disabled(unsigned long *mkey,
unsigned long *auth,
+@@ -796,6 +812,12 @@ static void ssl_cipher_get_disabled(unsi
(ssl_cipher_methods[SSL_ENC_AES256GCM_IDX] ==
NULL) ? SSL_AES256GCM : 0;
*enc |=
@@ -5077,7 +5066,7 @@
(ssl_cipher_methods[SSL_ENC_CAMELLIA128_IDX] ==
NULL) ? SSL_CAMELLIA128 : 0;
*enc |=
-@@ -1812,6 +1834,12 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher,
char *buf, int len)
+@@ -1812,6 +1834,12 @@ char *SSL_CIPHER_description(const SSL_C
case SSL_AES256GCM:
enc = "AESGCM(256)";
break;
@@ -5090,10 +5079,10 @@
case SSL_CAMELLIA128:
enc = "Camellia(128)";
break;
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index a8e4efc..67d355c 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
+Index: openssl/ssl/ssl_locl.h
+===================================================================
+--- openssl.orig/ssl/ssl_locl.h
++++ openssl/ssl/ssl_locl.h
@@ -354,6 +354,8 @@
# define SSL_SEED 0x00000800L
# define SSL_AES128GCM 0x00001000L
@@ -5103,11 +5092,11 @@
# define SSL_AES
(SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
# define SSL_CAMELLIA (SSL_CAMELLIA128|SSL_CAMELLIA256)
-diff --git a/ssl/tls1.h b/ssl/tls1.h
-index 7e237d0..fb0c981 100644
---- a/ssl/tls1.h
-+++ b/ssl/tls1.h
-@@ -563,6 +563,20 @@
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
+Index: openssl/ssl/tls1.h
+===================================================================
+--- openssl.orig/ssl/tls1.h
++++ openssl/ssl/tls1.h
+@@ -563,6 +563,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_T
# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256 0x0300C031
# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384 0x0300C032
@@ -5128,7 +5117,7 @@
/*
* XXX * Backward compatibility alert: + * Older versions of OpenSSL gave
* some DHE ciphers names with "EDH" + * instead of "DHE". Going forward, we
-@@ -713,6 +727,20 @@
SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
+@@ -713,6 +727,20 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_T
# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256
"ECDH-RSA-AES128-GCM-SHA256"
# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384
"ECDH-RSA-AES256-GCM-SHA384"
@@ -5149,6 +5138,3 @@
# define TLS_CT_RSA_SIGN 1
# define TLS_CT_DSS_SIGN 2
# define TLS_CT_RSA_FIXED_DH 3
---
-2.5.0
-
diff --git a/debian/patches/config-hurd.patch b/debian/patches/config-hurd.patch
index 31a9184..9502388 100644
--- a/debian/patches/config-hurd.patch
+++ b/debian/patches/config-hurd.patch
@@ -1,8 +1,8 @@
-Index: openssl-1.0.0c/config
+Index: openssl/config
===================================================================
---- openssl-1.0.0c.orig/config 2010-12-12 16:09:43.000000000 +0100
-+++ openssl-1.0.0c/config 2010-12-12 16:09:48.000000000 +0100
-@@ -170,8 +170,8 @@
+--- openssl.orig/config
++++ openssl/config
+@@ -170,8 +170,8 @@ case "${SYSTEM}:${RELEASE}:${VERSION}:${
echo "${MACHINE}-whatever-linux1"; exit 0
;;
diff --git a/debian/patches/debian-targets.patch
b/debian/patches/debian-targets.patch
index 7de4b89..960f1d0 100644
--- a/debian/patches/debian-targets.patch
+++ b/debian/patches/debian-targets.patch
@@ -1,8 +1,8 @@
-Index: openssl-1.0.2f/Configure
+Index: openssl/Configure
===================================================================
---- openssl-1.0.2f.orig/Configure
-+++ openssl-1.0.2f/Configure
-@@ -127,6 +127,10 @@ my $clang_devteam_warn = "-Wno-unused-pa
+--- openssl.orig/Configure
++++ openssl/Configure
+@@ -131,6 +131,10 @@ my $clang_devteam_warn = "-Wno-unused-pa
# Warn that "make depend" should be run?
my $warn_make_depend = 0;
@@ -13,7 +13,7 @@
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -363,6 +367,55 @@ my %table=(
+@@ -367,6 +371,55 @@ my %table=(
"osf1-alpha-cc", "cc:-std1 -tune host -O4
-readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG
RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
"tru64-alpha-cc", "cc:-std1 -tune host -fast
-readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG
RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
diff --git a/debian/patches/disable_freelist.patch
b/debian/patches/disable_freelist.patch
index 354fed8..41fae4b 100644
--- a/debian/patches/disable_freelist.patch
+++ b/debian/patches/disable_freelist.patch
@@ -5,11 +5,11 @@
would break the ABI. Instead we just do it in the .c files that try to do
something with it.
-Index: openssl-1.0.2/ssl/s3_both.c
+Index: openssl/ssl/s3_both.c
===================================================================
---- openssl-1.0.2.orig/ssl/s3_both.c
-+++ openssl-1.0.2/ssl/s3_both.c
-@@ -573,6 +573,7 @@ int ssl_verify_alarm_type(long type)
+--- openssl.orig/ssl/s3_both.c
++++ openssl/ssl/s3_both.c
+@@ -584,6 +584,7 @@ int ssl_verify_alarm_type(long type)
return (al);
}
@@ -17,10 +17,10 @@
#ifndef OPENSSL_NO_BUF_FREELISTS
/*-
* On some platforms, malloc() performance is bad enough that you can't just
-Index: openssl-1.0.2/ssl/ssl_lib.c
+Index: openssl/ssl/ssl_lib.c
===================================================================
---- openssl-1.0.2.orig/ssl/ssl_lib.c
-+++ openssl-1.0.2/ssl/ssl_lib.c
+--- openssl.orig/ssl/ssl_lib.c
++++ openssl/ssl/ssl_lib.c
@@ -162,6 +162,8 @@
const char *SSL_version_str = OPENSSL_VERSION_TEXT;
diff --git a/debian/patches/engines-path.patch
b/debian/patches/engines-path.patch
index 4d4013d..76ef5c1 100644
--- a/debian/patches/engines-path.patch
+++ b/debian/patches/engines-path.patch
@@ -1,8 +1,8 @@
-Index: openssl-1.0.2~beta3/Makefile.org
+Index: openssl/Makefile.org
===================================================================
---- openssl-1.0.2~beta3.orig/Makefile.org
-+++ openssl-1.0.2~beta3/Makefile.org
-@@ -541,7 +541,7 @@ install: all install_docs install_sw
+--- openssl.orig/Makefile.org
++++ openssl/Makefile.org
+@@ -536,7 +536,7 @@ install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
@@ -11,10 +11,10 @@
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/pkgconfig \
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
-Index: openssl-1.0.2~beta3/engines/Makefile
+Index: openssl/engines/Makefile
===================================================================
---- openssl-1.0.2~beta3.orig/engines/Makefile
-+++ openssl-1.0.2~beta3/engines/Makefile
+--- openssl.orig/engines/Makefile
++++ openssl/engines/Makefile
@@ -107,13 +107,13 @@ install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@if [ -n "$(SHARED_LIBS)" ]; then \
@@ -45,11 +45,11 @@
done; \
fi
@target=install; $(RECURSIVE_MAKE)
-Index: openssl-1.0.2~beta3/Configure
+Index: openssl/Configure
===================================================================
---- openssl-1.0.2~beta3.orig/Configure
-+++ openssl-1.0.2~beta3/Configure
-@@ -1893,7 +1893,7 @@ while (<IN>)
+--- openssl.orig/Configure
++++ openssl/Configure
+@@ -1968,7 +1968,7 @@ while (<IN>)
}
elsif (/^#define\s+ENGINESDIR/)
{
@@ -58,10 +58,10 @@
$foo =~ s/\\/\\\\/g;
print OUT "#define ENGINESDIR \"$foo\"\n";
}
-Index: openssl-1.0.2~beta3/engines/ccgost/Makefile
+Index: openssl/engines/ccgost/Makefile
===================================================================
---- openssl-1.0.2~beta3.orig/engines/ccgost/Makefile
-+++ openssl-1.0.2~beta3/engines/ccgost/Makefile
+--- openssl.orig/engines/ccgost/Makefile
++++ openssl/engines/ccgost/Makefile
@@ -47,7 +47,7 @@ install:
pfx=lib; \
if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
diff --git a/debian/patches/extend-version-script.patch
b/debian/patches/extend-version-script.patch
index 0f498f0..b9f68fe 100644
--- a/debian/patches/extend-version-script.patch
+++ b/debian/patches/extend-version-script.patch
@@ -1,7 +1,8 @@
-diff -aur openssl.orig/openssl.ld openssl/openssl.ld
---- openssl.orig/openssl.ld 2016-03-03 11:19:38.888050124 +0100
-+++ openssl/openssl.ld 2016-03-03 11:25:09.708605927 +0100
-@@ -4611,5 +4611,7 @@
+Index: openssl/openssl.ld
+===================================================================
+--- openssl.orig/openssl.ld
++++ openssl/openssl.ld
+@@ -4611,5 +4611,7 @@ OPENSSL_1.0.2 {
BUF_strnlen;
sk_deep_copy;
SSL_test_functions;
@@ -9,4 +10,3 @@
+ SRP_user_pwd_free;
} OPENSSL_1.0.1d;
-
diff --git a/debian/patches/man-dir.patch b/debian/patches/man-dir.patch
index a35b37e..f5b6ae2 100644
--- a/debian/patches/man-dir.patch
+++ b/debian/patches/man-dir.patch
@@ -1,8 +1,8 @@
-Index: openssl-1.0.0c/Makefile.org
+Index: openssl/Makefile.org
===================================================================
---- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:27.000000000 +0100
-+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:11:37.000000000 +0100
-@@ -131,7 +131,7 @@
+--- openssl.orig/Makefile.org
++++ openssl/Makefile.org
+@@ -159,7 +159,7 @@ TESTS = alltests
MAKEFILE= Makefile
diff --git a/debian/patches/man-section.patch b/debian/patches/man-section.patch
index a8ac662..4438e31 100644
--- a/debian/patches/man-section.patch
+++ b/debian/patches/man-section.patch
@@ -1,8 +1,8 @@
-Index: openssl-1.0.0c/Makefile.org
+Index: openssl/Makefile.org
===================================================================
---- openssl-1.0.0c.orig/Makefile.org 2010-12-12 16:11:37.000000000 +0100
-+++ openssl-1.0.0c/Makefile.org 2010-12-12 16:13:28.000000000 +0100
-@@ -134,7 +134,8 @@
+--- openssl.orig/Makefile.org
++++ openssl/Makefile.org
+@@ -162,7 +162,8 @@ MAKEFILE= Makefile
MANDIR=/usr/share/man
MAN1=1
MAN3=3
@@ -12,7 +12,7 @@
HTMLSUFFIX=html
HTMLDIR=$(OPENSSLDIR)/html
SHELL=/bin/sh
-@@ -606,7 +607,7 @@
+@@ -649,7 +650,7 @@ install_docs:
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
@@ -21,7 +21,7 @@
--release=$(VERSION) `basename $$i`") \
>
$(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \
$(PERL) util/extract-names.pl < $$i | \
-@@ -623,7 +624,7 @@
+@@ -666,7 +667,7 @@ install_docs:
echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
(cd `$(PERL) util/dirname.pl $$i`; \
sh -c "$$pod2man \
diff --git a/debian/patches/more-chapoly.patch
b/debian/patches/more-chapoly.patch
index 677256e..2b9bcd5 100644
--- a/debian/patches/more-chapoly.patch
+++ b/debian/patches/more-chapoly.patch
@@ -1,8 +1,8 @@
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index 494bfd5..2753400 100644
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -4195,7 +4195,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
STACK_OF(SSL_CIPHER) *clnt,
+Index: openssl/ssl/s3_lib.c
+===================================================================
+--- openssl.orig/ssl/s3_lib.c
++++ openssl/ssl/s3_lib.c
+@@ -4195,7 +4195,8 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
int i, ii, ok;
CERT *cert;
unsigned long alg_k, alg_a, mask_k, mask_a, emask_k, emask_a;
@@ -12,7 +12,7 @@
/* Let's see which ciphers we can support */
cert = s->cert;
-@@ -4229,17 +4230,50 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
STACK_OF(SSL_CIPHER) *clnt,
+@@ -4229,17 +4230,50 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || tls1_suiteb(s)) {
prio = srvr;
allow = clnt;
@@ -70,7 +70,7 @@
}
tls1_set_cert_validity(s);
-@@ -4251,10 +4285,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s,
STACK_OF(SSL_CIPHER) *clnt,
+@@ -4251,10 +4285,14 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, S
if ((c->algorithm_ssl & SSL_TLSV1_2) && !SSL_USE_TLS1_2_CIPHERS(s))
continue;
diff --git a/debian/patches/no-rpath.patch b/debian/patches/no-rpath.patch
index 6ef0f0e..06ad41b 100644
--- a/debian/patches/no-rpath.patch
+++ b/debian/patches/no-rpath.patch
@@ -1,8 +1,8 @@
-Index: openssl-1.0.0c/Makefile.shared
+Index: openssl/Makefile.shared
===================================================================
---- openssl-1.0.0c.orig/Makefile.shared 2010-08-21 13:36:49.000000000
+0200
-+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:36.000000000 +0100
-@@ -153,7 +153,7 @@
+--- openssl.orig/Makefile.shared
++++ openssl/Makefile.shared
+@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic
-Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
diff --git a/debian/patches/no-symbolic.patch b/debian/patches/no-symbolic.patch
index 2a30777..62167aa 100644
--- a/debian/patches/no-symbolic.patch
+++ b/debian/patches/no-symbolic.patch
@@ -1,8 +1,8 @@
-Index: openssl-1.0.0c/Makefile.shared
+Index: openssl/Makefile.shared
===================================================================
---- openssl-1.0.0c.orig/Makefile.shared 2010-12-12 16:13:36.000000000
+0100
-+++ openssl-1.0.0c/Makefile.shared 2010-12-12 16:13:44.000000000 +0100
-@@ -151,7 +151,7 @@
+--- openssl.orig/Makefile.shared
++++ openssl/Makefile.shared
+@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
SHLIB_SUFFIX=; \
ALLSYMSFLAGS='-Wl,--whole-archive'; \
NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
diff --git a/debian/patches/pic.patch b/debian/patches/pic.patch
index 2f13e57..4452f94 100644
--- a/debian/patches/pic.patch
+++ b/debian/patches/pic.patch
@@ -1,8 +1,8 @@
-Index: openssl-1.0.1c/crypto/des/asm/desboth.pl
+Index: openssl/crypto/des/asm/desboth.pl
===================================================================
---- openssl-1.0.1c.orig/crypto/des/asm/desboth.pl 2001-10-24
23:20:56.000000000 +0200
-+++ openssl-1.0.1c/crypto/des/asm/desboth.pl 2012-07-29 14:15:26.000000000
+0200
-@@ -16,6 +16,11 @@
+--- openssl.orig/crypto/des/asm/desboth.pl
++++ openssl/crypto/des/asm/desboth.pl
+@@ -16,6 +16,11 @@ sub DES_encrypt3
&push("edi");
@@ -14,7 +14,7 @@
&comment("");
&comment("Load the data words");
&mov($L,&DWP(0,"ebx","",0));
-@@ -47,15 +52,21 @@
+@@ -47,15 +52,21 @@ sub DES_encrypt3
&mov(&swtmp(2), (DWC(($enc)?"1":"0")));
&mov(&swtmp(1), "eax");
&mov(&swtmp(0), "ebx");
@@ -39,11 +39,11 @@
&stack_pop(3);
&mov($L,&DWP(0,"ebx","",0));
-Index: openssl-1.0.1c/crypto/perlasm/cbc.pl
+Index: openssl/crypto/perlasm/cbc.pl
===================================================================
---- openssl-1.0.1c.orig/crypto/perlasm/cbc.pl 2011-07-13 08:22:46.000000000
+0200
-+++ openssl-1.0.1c/crypto/perlasm/cbc.pl 2012-07-29 14:15:26.000000000
+0200
-@@ -122,7 +122,11 @@
+--- openssl.orig/crypto/perlasm/cbc.pl
++++ openssl/crypto/perlasm/cbc.pl
+@@ -122,7 +122,11 @@ sub cbc
&mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
@@ -56,7 +56,7 @@
&mov("eax", &DWP($data_off,"esp","",0));
&mov("ebx", &DWP($data_off+4,"esp","",0));
-@@ -185,7 +189,11 @@
+@@ -185,7 +189,11 @@ sub cbc
&mov(&DWP($data_off,"esp","",0), "eax"); # put in array for call
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
@@ -69,7 +69,7 @@
&mov("eax", &DWP($data_off,"esp","",0));
&mov("ebx", &DWP($data_off+4,"esp","",0));
-@@ -218,7 +226,11 @@
+@@ -218,7 +226,11 @@ sub cbc
&mov(&DWP($data_off,"esp","",0), "eax"); # put back
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
@@ -82,7 +82,7 @@
&mov("eax", &DWP($data_off,"esp","",0)); # get return
&mov("ebx", &DWP($data_off+4,"esp","",0)); #
-@@ -261,7 +273,11 @@
+@@ -261,7 +273,11 @@ sub cbc
&mov(&DWP($data_off,"esp","",0), "eax"); # put back
&mov(&DWP($data_off+4,"esp","",0), "ebx"); #
@@ -95,11 +95,11 @@
&mov("eax", &DWP($data_off,"esp","",0)); # get return
&mov("ebx", &DWP($data_off+4,"esp","",0)); #
-Index: openssl-1.0.1c/crypto/perlasm/x86gas.pl
+Index: openssl/crypto/perlasm/x86gas.pl
===================================================================
---- openssl-1.0.1c.orig/crypto/perlasm/x86gas.pl 2011-12-09
20:16:35.000000000 +0100
-+++ openssl-1.0.1c/crypto/perlasm/x86gas.pl 2012-07-29 14:15:26.000000000
+0200
-@@ -161,6 +161,7 @@
+--- openssl.orig/crypto/perlasm/x86gas.pl
++++ openssl/crypto/perlasm/x86gas.pl
+@@ -163,6 +163,7 @@ sub ::file_end
if ($::macosx) { push (@out,"$tmp,2\n"); }
elsif ($::elf) { push (@out,"$tmp,4\n"); }
else { push (@out,"$tmp\n"); }
@@ -107,7 +107,7 @@
}
push(@out,$initseg) if ($initseg);
}
-@@ -218,8 +219,23 @@
+@@ -221,8 +222,23 @@ ___
elsif ($::elf)
{ $initseg.=<<___;
.section .init
@@ -131,11 +131,11 @@
}
elsif ($::coff)
{ $initseg.=<<___; # applies to both Cygwin and Mingw
-Index: openssl-1.0.1c/crypto/x86cpuid.pl
+Index: openssl/crypto/x86cpuid.pl
===================================================================
---- openssl-1.0.1c.orig/crypto/x86cpuid.pl 2012-02-28 15:20:34.000000000
+0100
-+++ openssl-1.0.1c/crypto/x86cpuid.pl 2012-07-29 14:15:26.000000000 +0200
-@@ -8,6 +8,8 @@
+--- openssl.orig/crypto/x86cpuid.pl
++++ openssl/crypto/x86cpuid.pl
+@@ -8,6 +8,8 @@ require "x86asm.pl";
for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
@@ -144,7 +144,7 @@
&function_begin("OPENSSL_ia32_cpuid");
&xor ("edx","edx");
&pushf ();
-@@ -139,9 +141,7 @@
+@@ -155,9 +157,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
&set_label("nocpuid");
&function_end("OPENSSL_ia32_cpuid");
@@ -155,7 +155,7 @@
&xor ("eax","eax");
&xor ("edx","edx");
&picmeup("ecx","OPENSSL_ia32cap_P");
-@@ -155,7 +155,7 @@
+@@ -171,7 +171,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
# This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
# but it's safe to call it on any [supported] 32-bit platform...
# Just check for [non-]zero return value...
@@ -164,7 +164,7 @@
&picmeup("ecx","OPENSSL_ia32cap_P");
&bt (&DWP(0,"ecx"),4);
&jnc (&label("nohalt")); # no TSC
-@@ -222,7 +222,7 @@
+@@ -238,7 +238,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA3
&ret ();
&function_end_B("OPENSSL_far_spin");
diff --git a/debian/patches/shared-lib-ext.patch
b/debian/patches/shared-lib-ext.patch
index 6b57a6d..bdfb8a6 100644
--- a/debian/patches/shared-lib-ext.patch
+++ b/debian/patches/shared-lib-ext.patch
@@ -1,8 +1,8 @@
-Index: openssl-1.0.0c/Configure
+Index: openssl/Configure
===================================================================
---- openssl-1.0.0c.orig/Configure 2010-12-12 16:10:12.000000000 +0100
-+++ openssl-1.0.0c/Configure 2010-12-12 17:12:38.000000000 +0100
-@@ -1605,7 +1605,8 @@
+--- openssl.orig/Configure
++++ openssl/Configure
+@@ -1834,7 +1834,8 @@ while (<IN>)
elsif ($shared_extension ne "" && $shared_extension =~
/^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
diff --git a/debian/patches/valgrind.patch b/debian/patches/valgrind.patch
index 83f1e7d..1c533e5 100644
--- a/debian/patches/valgrind.patch
+++ b/debian/patches/valgrind.patch
@@ -1,7 +1,7 @@
-Index: openssl-1.0.2/crypto/rand/md_rand.c
+Index: openssl/crypto/rand/md_rand.c
===================================================================
---- openssl-1.0.2.orig/crypto/rand/md_rand.c
-+++ openssl-1.0.2/crypto/rand/md_rand.c
+--- openssl.orig/crypto/rand/md_rand.c
++++ openssl/crypto/rand/md_rand.c
@@ -480,6 +480,7 @@ int ssleay_rand_bytes(unsigned char *buf
MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
diff --git a/debian/patches/version-script.patch
b/debian/patches/version-script.patch
index a249180..34e39f9 100644
--- a/debian/patches/version-script.patch
+++ b/debian/patches/version-script.patch
@@ -1,8 +1,8 @@
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
+Index: openssl/Configure
===================================================================
---- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure
2014-02-24 21:02:30.000000000 +0100
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure 2014-02-24
21:02:30.000000000 +0100
-@@ -1651,6 +1651,8 @@
+--- openssl.orig/Configure
++++ openssl/Configure
+@@ -1732,6 +1732,8 @@ if ($strict_warnings)
}
}
@@ -11,10 +11,10 @@
open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if
-e "$Makefile.new";
open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
+Index: openssl/openssl.ld
===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24
22:19:08.601827266 +0100
+--- /dev/null
++++ openssl/openssl.ld
@@ -0,0 +1,4615 @@
+OPENSSL_1.0.0 {
+ global:
@@ -4631,10 +4631,10 @@
+ SSL_test_functions;
+} OPENSSL_1.0.1d;
+
-Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
+Index: openssl/engines/openssl.ld
===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
2014-02-24 21:02:30.000000000 +0100
+--- /dev/null
++++ openssl/engines/openssl.ld
@@ -0,0 +1,10 @@
+OPENSSL_1.0.0 {
+ global:
@@ -4646,10 +4646,10 @@
+ *;
+};
+
-Index:
openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
+Index: openssl/engines/ccgost/openssl.ld
===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
2014-02-24 21:02:30.000000000 +0100
+--- /dev/null
++++ openssl/engines/ccgost/openssl.ld
@@ -0,0 +1,10 @@
+OPENSSL_1.0.0 {
+ global:
diff --git a/debian/patches/zero-pad-dhe.patch
b/debian/patches/zero-pad-dhe.patch
index e3bd30a..d94ff3f 100644
--- a/debian/patches/zero-pad-dhe.patch
+++ b/debian/patches/zero-pad-dhe.patch
@@ -1,11 +1,11 @@
zero pad DHE public key in ServerKeyExchange message for interop:
https://github.com/openssl/openssl/pull/1350/commits/3bfdc80ef28664b4488a25cd65077b9a1cb488c8
-diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
-index c95d610..472d1a2 100644
---- a/ssl/s3_srvr.c
-+++ b/ssl/s3_srvr.c
-@@ -1600,6 +1600,9 @@ int ssl3_send_server_key_exchange(SSL *s)
+Index: openssl/ssl/s3_srvr.c
+===================================================================
+--- openssl.orig/ssl/s3_srvr.c
++++ openssl/ssl/s3_srvr.c
+@@ -1601,6 +1601,9 @@ int ssl3_send_server_key_exchange(SSL *s
unsigned int u;
#endif
#ifndef OPENSSL_NO_DH
@@ -15,7 +15,7 @@
DH *dh = NULL, *dhp;
#endif
#ifndef OPENSSL_NO_ECDH
-@@ -1861,6 +1864,16 @@ int ssl3_send_server_key_exchange(SSL *s)
+@@ -1862,6 +1865,16 @@ int ssl3_send_server_key_exchange(SSL *s
n += 1 + nr[i];
else
#endif
@@ -32,7 +32,7 @@
n += 2 + nr[i];
}
-@@ -1895,6 +1908,20 @@ int ssl3_send_server_key_exchange(SSL *s)
+@@ -1896,6 +1909,20 @@ int ssl3_send_server_key_exchange(SSL *s
p++;
} else
#endif
--
To view, visit https://gerrit.wikimedia.org/r/312234
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ie4840b816352e46bf106394d8dc41ab6a237db4b
Gerrit-PatchSet: 2
Gerrit-Project: operations/debs/openssl
Gerrit-Branch: master
Gerrit-Owner: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: BBlack <bbl...@wikimedia.org>
Gerrit-Reviewer: Muehlenhoff <mmuhlenh...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
