Used Debian patch series and ptxdist specific patch from 1.0.1k.
Debian patches was generated using Michael Olbrich's openssl-apply-debian
script using the following source:
openssl_1.0.2-1.debian.tar.xz [MD5: 3df9826bec6f37f4d4d524291ed4f1f3]
Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
---
patches/openssl-1.0.1k/0007-valgrind.patch | 31 -----
patches/openssl-1.0.1k/0008-rehash-crt.patch | 44 -------
patches/openssl-1.0.1k/0010-stddef.patch | 23 ----
.../0013-Change-default-bit-size-and-digest.patch | 131 ---------------------
.../openssl-1.0.1k/0014-openssl_fix_for_x32.patch | 50 --------
.../0001-ca.patch | 10 +-
.../0002-debian-targets.patch | 16 +--
.../0003-engines-path.patch | 53 +++++----
.../0004-no-rpath.patch | 10 +-
.../0005-no-symbolic.patch | 10 +-
.../0006-pic.patch | 26 ++--
patches/openssl-1.0.2/0007-valgrind.patch | 31 +++++
.../0008-shared-lib-ext.patch} | 12 +-
.../0009-libdoc-manpgs-pod-spell.patch | 24 ++++
.../openssl-1.0.2/0010-openssl-pod-misspell.patch | 52 ++++++++
.../0011-block_diginotar.patch | 32 ++---
.../0012-block_digicert_malaysia.patch | 10 +-
.../openssl-1.0.2/0013-Disable-the-freelist.patch | 42 +++++++
...-don-t-ask-dpkg-buildflags-for-more-flags.patch | 0
patches/{openssl-1.0.1k => openssl-1.0.2}/series | 11 +-
rules/openssl.make | 4 +-
21 files changed, 250 insertions(+), 372 deletions(-)
delete mode 100644 patches/openssl-1.0.1k/0007-valgrind.patch
delete mode 100644 patches/openssl-1.0.1k/0008-rehash-crt.patch
delete mode 100644 patches/openssl-1.0.1k/0010-stddef.patch
delete mode 100644
patches/openssl-1.0.1k/0013-Change-default-bit-size-and-digest.patch
delete mode 100644 patches/openssl-1.0.1k/0014-openssl_fix_for_x32.patch
rename patches/{openssl-1.0.1k => openssl-1.0.2}/0001-ca.patch (77%)
rename patches/{openssl-1.0.1k => openssl-1.0.2}/0002-debian-targets.patch
(92%)
rename patches/{openssl-1.0.1k => openssl-1.0.2}/0003-engines-path.patch (77%)
rename patches/{openssl-1.0.1k => openssl-1.0.2}/0004-no-rpath.patch (73%)
rename patches/{openssl-1.0.1k => openssl-1.0.2}/0005-no-symbolic.patch (72%)
rename patches/{openssl-1.0.1k => openssl-1.0.2}/0006-pic.patch (89%)
create mode 100644 patches/openssl-1.0.2/0007-valgrind.patch
rename patches/{openssl-1.0.1k/0009-shared-lib-ext.patch =>
openssl-1.0.2/0008-shared-lib-ext.patch} (70%)
create mode 100644 patches/openssl-1.0.2/0009-libdoc-manpgs-pod-spell.patch
create mode 100644 patches/openssl-1.0.2/0010-openssl-pod-misspell.patch
rename patches/{openssl-1.0.1k => openssl-1.0.2}/0011-block_diginotar.patch
(65%)
rename patches/{openssl-1.0.1k =>
openssl-1.0.2}/0012-block_digicert_malaysia.patch (77%)
create mode 100644 patches/openssl-1.0.2/0013-Disable-the-freelist.patch
rename patches/{openssl-1.0.1k =>
openssl-1.0.2}/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
(100%)
rename patches/{openssl-1.0.1k => openssl-1.0.2}/series (65%)
diff --git a/patches/openssl-1.0.1k/0007-valgrind.patch
b/patches/openssl-1.0.1k/0007-valgrind.patch
deleted file mode 100644
index 9ec92c4..0000000
--- a/patches/openssl-1.0.1k/0007-valgrind.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From: Michael Olbrich <m.olbr...@pengutronix.de>
-Date: Sat, 10 Jan 2015 09:16:02 +0100
-Subject: [PATCH] valgrind
-
-Imported from openssl_1.0.1k-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
----
- crypto/rand/md_rand.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
-index 888b4eb8dd0b..90ec46315f4d 100644
---- a/crypto/rand/md_rand.c
-+++ b/crypto/rand/md_rand.c
-@@ -482,6 +482,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int
pseudo, int lock)
- MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-
- #ifndef PURIFY /* purify complains */
-+#if 0
- /* The following line uses the supplied buffer as a small
- * source of entropy: since this buffer is often uninitialised
- * it may cause programs such as purify or valgrind to
-@@ -491,6 +492,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int
pseudo, int lock)
- */
- MD_Update(&m,buf,j);
- #endif
-+#endif
-
- k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
- if (k > 0)
diff --git a/patches/openssl-1.0.1k/0008-rehash-crt.patch
b/patches/openssl-1.0.1k/0008-rehash-crt.patch
deleted file mode 100644
index 2dbcaaf..0000000
--- a/patches/openssl-1.0.1k/0008-rehash-crt.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From: Michael Olbrich <m.olbr...@pengutronix.de>
-Date: Sat, 10 Jan 2015 09:16:02 +0100
-Subject: [PATCH] rehash-crt
-
-Imported from openssl_1.0.1k-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
----
- tools/c_rehash.in | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/tools/c_rehash.in b/tools/c_rehash.in
-index bfc4a69ed4bc..4958e3dd05a7 100644
---- a/tools/c_rehash.in
-+++ b/tools/c_rehash.in
-@@ -75,12 +75,15 @@ sub hash_dir {
- }
- }
- closedir DIR;
-- FILE: foreach $fname (grep {/\.pem$/} @flist) {
-+ FILE: foreach $fname (grep {/\.pem$|\.crt$/} @flist) {
- # Check to see if certificates and/or CRLs present.
- my ($cert, $crl) = check_file($fname);
- if(!$cert && !$crl) {
-- print STDERR "WARNING: $fname does not contain a
certificate or CRL: skipping\n";
-- next;
-+ ($cert, $crl) = check_file("$openssl x509 -in
\"$fname\" -inform der -outform pem | ");
-+ if(!$cert && !$crl) {
-+ print STDERR "WARNING: $fname does not contain
a certificate or CRL: skipping\n";
-+ next;
-+ }
- }
- link_hash_cert($fname) if($cert);
- link_hash_crl($fname) if($crl);
-@@ -153,6 +156,9 @@ sub link_hash_crl {
- my $fname = $_[0];
- $fname =~ s/'/'\\''/g;
- my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout
-in '$fname'`;
-+ if(!$hash || !fprint) {
-+ ($hash, $fprint) = `"$openssl" crl -hash -fingerprint
-noout -in '$fname' -inform der`;
-+ }
- chomp $hash;
- chomp $fprint;
- $fprint =~ s/^.*=//;
diff --git a/patches/openssl-1.0.1k/0010-stddef.patch
b/patches/openssl-1.0.1k/0010-stddef.patch
deleted file mode 100644
index 0de468e..0000000
--- a/patches/openssl-1.0.1k/0010-stddef.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-From: Michael Olbrich <m.olbr...@pengutronix.de>
-Date: Sat, 10 Jan 2015 09:16:02 +0100
-Subject: [PATCH] stddef
-
-Imported from openssl_1.0.1k-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
----
- crypto/sha/sha.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/crypto/sha/sha.h b/crypto/sha/sha.h
-index 8a6bf4bbbb1d..734b40ac2da3 100644
---- a/crypto/sha/sha.h
-+++ b/crypto/sha/sha.h
-@@ -59,6 +59,7 @@
- #ifndef HEADER_SHA_H
- #define HEADER_SHA_H
-
-+#include <stddef.h>
- #include <openssl/e_os2.h>
- #include <stddef.h>
-
diff --git
a/patches/openssl-1.0.1k/0013-Change-default-bit-size-and-digest.patch
b/patches/openssl-1.0.1k/0013-Change-default-bit-size-and-digest.patch
deleted file mode 100644
index 9174402..0000000
--- a/patches/openssl-1.0.1k/0013-Change-default-bit-size-and-digest.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-From: Kurt Roeckx <k...@roeckx.be>
-Date: Fri, 1 Nov 2013 20:47:14 +0100
-Subject: [PATCH] Change default bit size and digest
-
-Imported from openssl_1.0.1k-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
----
- apps/dhparam.c | 4 ++--
- apps/gendh.c | 2 +-
- apps/genrsa.c | 2 +-
- apps/openssl.cnf | 2 +-
- crypto/dsa/dsa_ameth.c | 2 +-
- crypto/ec/ec_ameth.c | 2 +-
- crypto/hmac/hm_ameth.c | 2 +-
- crypto/rsa/rsa_ameth.c | 2 +-
- 8 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/apps/dhparam.c b/apps/dhparam.c
-index 1297d6fb5ec9..b0c05befc8bb 100644
---- a/apps/dhparam.c
-+++ b/apps/dhparam.c
-@@ -130,7 +130,7 @@
- #undef PROG
- #define PROG dhparam_main
-
--#define DEFBITS 512
-+#define DEFBITS 2048
-
- /* -inform arg - input format - default PEM (DER or PEM)
- * -outform arg - output format - default PEM
-@@ -253,7 +253,7 @@ bad:
- BIO_printf(bio_err," -C Output C code\n");
- BIO_printf(bio_err," -2 generate parameters using 2
as the generator value\n");
- BIO_printf(bio_err," -5 generate parameters using 5
as the generator value\n");
-- BIO_printf(bio_err," numbits number of bits in to
generate (default 512)\n");
-+ BIO_printf(bio_err," numbits number of bits in to
generate (default 2048)\n");
- #ifndef OPENSSL_NO_ENGINE
- BIO_printf(bio_err," -engine e use engine e, possibly a
hardware device.\n");
- #endif
-diff --git a/apps/gendh.c b/apps/gendh.c
-index 4ec776ba9399..8df8c62f8aa3 100644
---- a/apps/gendh.c
-+++ b/apps/gendh.c
-@@ -78,7 +78,7 @@
- #include <openssl/x509.h>
- #include <openssl/pem.h>
-
--#define DEFBITS 512
-+#define DEFBITS 2048
- #undef PROG
- #define PROG gendh_main
-
-diff --git a/apps/genrsa.c b/apps/genrsa.c
-index ece114c876a6..7a8c6c58ad62 100644
---- a/apps/genrsa.c
-+++ b/apps/genrsa.c
-@@ -78,7 +78,7 @@
- #include <openssl/pem.h>
- #include <openssl/rand.h>
-
--#define DEFBITS 1024
-+#define DEFBITS 2048
- #undef PROG
- #define PROG genrsa_main
-
-diff --git a/apps/openssl.cnf b/apps/openssl.cnf
-index 18760c6e673d..1eb86c401263 100644
---- a/apps/openssl.cnf
-+++ b/apps/openssl.cnf
-@@ -103,7 +103,7 @@ emailAddress = optional
-
- ####################################################################
- [ req ]
--default_bits = 1024
-+default_bits = 2048
- default_keyfile = privkey.pem
- distinguished_name = req_distinguished_name
- attributes = req_attributes
-diff --git a/crypto/dsa/dsa_ameth.c b/crypto/dsa/dsa_ameth.c
-index 5af76eade59a..0a7520221690 100644
---- a/crypto/dsa/dsa_ameth.c
-+++ b/crypto/dsa/dsa_ameth.c
-@@ -634,7 +634,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long
arg1, void *arg2)
- #endif
-
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-- *(int *)arg2 = NID_sha1;
-+ *(int *)arg2 = NID_sha256;
- return 2;
-
- default:
-diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
-index 11283769b939..6b24725db608 100644
---- a/crypto/ec/ec_ameth.c
-+++ b/crypto/ec/ec_ameth.c
-@@ -618,7 +618,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1,
void *arg2)
- #endif
-
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-- *(int *)arg2 = NID_sha1;
-+ *(int *)arg2 = NID_sha256;
- return 2;
-
- default:
-diff --git a/crypto/hmac/hm_ameth.c b/crypto/hmac/hm_ameth.c
-index e03f24aedab9..9fe6505bd5a0 100644
---- a/crypto/hmac/hm_ameth.c
-+++ b/crypto/hmac/hm_ameth.c
-@@ -89,7 +89,7 @@ static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1,
void *arg2)
- switch (op)
- {
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-- *(int *)arg2 = NID_sha1;
-+ *(int *)arg2 = NID_sha256;
- return 1;
-
- default:
-diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
-index 4c8ecd9233e1..92cc15c2c730 100644
---- a/crypto/rsa/rsa_ameth.c
-+++ b/crypto/rsa/rsa_ameth.c
-@@ -435,7 +435,7 @@ static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long
arg1, void *arg2)
- #endif
-
- case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-- *(int *)arg2 = NID_sha1;
-+ *(int *)arg2 = NID_sha256;
- return 1;
-
- default:
diff --git a/patches/openssl-1.0.1k/0014-openssl_fix_for_x32.patch
b/patches/openssl-1.0.1k/0014-openssl_fix_for_x32.patch
deleted file mode 100644
index 8767f37..0000000
--- a/patches/openssl-1.0.1k/0014-openssl_fix_for_x32.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From: Michael Olbrich <m.olbr...@pengutronix.de>
-Date: Sat, 10 Jan 2015 09:16:02 +0100
-Subject: [PATCH] openssl_fix_for_x32
-
-Imported from openssl_1.0.1k-1.debian.tar.xz
-
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
----
- crypto/bn/asm/x86_64-gcc.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/crypto/bn/asm/x86_64-gcc.c b/crypto/bn/asm/x86_64-gcc.c
-index 2d39407f499e..84b6a5b2f92d 100644
---- a/crypto/bn/asm/x86_64-gcc.c
-+++ b/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
- * machine.
- */
-
--#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp,int
- asm volatile (
- " subq %2,%2 \n"
- ".p2align 4 \n"
-- "1: movq (%4,%2,8),%0 \n"
-- " adcq (%5,%2,8),%0 \n"
-- " movq %0,(%3,%2,8) \n"
-+ "1: movq (%q4,%2,8),%0 \n"
-+ " adcq (%q5,%2,8),%0 \n"
-+ " movq %0,(%q3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap,
const BN_ULONG *bp,int
- asm volatile (
- " subq %2,%2 \n"
- ".p2align 4 \n"
-- "1: movq (%4,%2,8),%0 \n"
-- " sbbq (%5,%2,8),%0 \n"
-- " movq %0,(%3,%2,8) \n"
-+ "1: movq (%q4,%2,8),%0 \n"
-+ " sbbq (%q5,%2,8),%0 \n"
-+ " movq %0,(%q3,%2,8) \n"
- " leaq 1(%2),%2 \n"
- " loop 1b \n"
- " sbbq %0,%0 \n"
diff --git a/patches/openssl-1.0.1k/0001-ca.patch
b/patches/openssl-1.0.2/0001-ca.patch
similarity index 77%
rename from patches/openssl-1.0.1k/0001-ca.patch
rename to patches/openssl-1.0.2/0001-ca.patch
index 471b5ba..b6d7fb8 100644
--- a/patches/openssl-1.0.1k/0001-ca.patch
+++ b/patches/openssl-1.0.2/0001-ca.patch
@@ -1,16 +1,16 @@
-From: Michael Olbrich <m.olbr...@pengutronix.de>
-Date: Sat, 10 Jan 2015 09:16:02 +0100
+From: Bruno Thomsen <b...@kamstrup.com>
+Date: Mon, 23 Feb 2015 16:13:40 +0100
Subject: [PATCH] ca
-Imported from openssl_1.0.1k-1.debian.tar.xz
+Imported from openssl_1.0.2-1.debian.tar.xz
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
+Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
---
apps/CA.pl.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/apps/CA.pl.in b/apps/CA.pl.in
-index c783a6e6a541..fa665b7b385f 100644
+index c783a6e..fa665b7 100644
--- a/apps/CA.pl.in
+++ b/apps/CA.pl.in
@@ -65,6 +65,7 @@ $RET = 0;
diff --git a/patches/openssl-1.0.1k/0002-debian-targets.patch
b/patches/openssl-1.0.2/0002-debian-targets.patch
similarity index 92%
rename from patches/openssl-1.0.1k/0002-debian-targets.patch
rename to patches/openssl-1.0.2/0002-debian-targets.patch
index ee09c1d..339bb49 100644
--- a/patches/openssl-1.0.1k/0002-debian-targets.patch
+++ b/patches/openssl-1.0.2/0002-debian-targets.patch
@@ -1,21 +1,21 @@
-From: Michael Olbrich <m.olbr...@pengutronix.de>
-Date: Sat, 10 Jan 2015 09:16:02 +0100
+From: Bruno Thomsen <b...@kamstrup.com>
+Date: Mon, 23 Feb 2015 16:13:40 +0100
Subject: [PATCH] debian-targets
-Imported from openssl_1.0.1k-1.debian.tar.xz
+Imported from openssl_1.0.2-1.debian.tar.xz
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
+Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
---
Configure | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 53 insertions(+)
diff --git a/Configure b/Configure
-index 541be9ec57d8..2f816a300f10 100755
+index 3cf4a7a..9728692 100755
--- a/Configure
+++ b/Configure
-@@ -105,6 +105,10 @@ my $usage="Usage: Configure [no-<cipher> ...]
[enable-<cipher> ...] [experimenta
+@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC
-Wno-long-long -Wsign-compare
- my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long
-Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror
-DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+ my $clang_disabled_warnings = "-Wno-language-extension-token
-Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral
-Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion
-Wno-unreachable-code -Wno-conversion -Wno-documentation
-Wno-missing-variable-declarations -Wno-cast-align
-Wno-incompatible-pointer-types-discards-qualifiers
-Wno-missing-variable-declarations -Wno-missing-field-initializers
-Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized
-Wno-switch-enum";
+# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
+my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get
CPPFLAGS` . `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
@@ -24,7 +24,7 @@ index 541be9ec57d8..2f816a300f10 100755
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -340,6 +344,55 @@ my %table=(
+@@ -343,6 +347,55 @@ my %table=(
"osf1-alpha-cc", "cc:-std1 -tune host -O4
-readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG
RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
"tru64-alpha-cc", "cc:-std1 -tune host -fast
-readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG
RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
diff --git a/patches/openssl-1.0.1k/0003-engines-path.patch
b/patches/openssl-1.0.2/0003-engines-path.patch
similarity index 77%
rename from patches/openssl-1.0.1k/0003-engines-path.patch
rename to patches/openssl-1.0.2/0003-engines-path.patch
index fe651c7..2d3b29e 100644
--- a/patches/openssl-1.0.1k/0003-engines-path.patch
+++ b/patches/openssl-1.0.2/0003-engines-path.patch
@@ -1,22 +1,22 @@
-From: Michael Olbrich <m.olbr...@pengutronix.de>
-Date: Sat, 10 Jan 2015 09:16:02 +0100
+From: Bruno Thomsen <b...@kamstrup.com>
+Date: Mon, 23 Feb 2015 16:13:40 +0100
Subject: [PATCH] engines-path
-Imported from openssl_1.0.1k-1.debian.tar.xz
+Imported from openssl_1.0.2-1.debian.tar.xz
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
+Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
---
Configure | 2 +-
Makefile.org | 2 +-
engines/Makefile | 10 +++++-----
- engines/ccgost/Makefile | 6 +++---
- 4 files changed, 10 insertions(+), 10 deletions(-)
+ engines/ccgost/Makefile | 8 ++++----
+ 4 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/Configure b/Configure
-index 2f816a300f10..c6b4b86c0764 100755
+index 9728692..17005e6 100755
--- a/Configure
+++ b/Configure
-@@ -1866,7 +1866,7 @@ while (<IN>)
+@@ -1924,7 +1924,7 @@ while (<IN>)
}
elsif (/^#define\s+ENGINESDIR/)
{
@@ -26,10 +26,10 @@ index 2f816a300f10..c6b4b86c0764 100755
print OUT "#define ENGINESDIR \"$foo\"\n";
}
diff --git a/Makefile.org b/Makefile.org
-index c92806f9201f..5117a0ef9c0b 100644
+index b7a3f96..5ae0d32 100644
--- a/Makefile.org
+++ b/Makefile.org
-@@ -543,7 +543,7 @@ install: all install_docs install_sw
+@@ -541,7 +541,7 @@ install: all install_docs install_sw
install_sw:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
@@ -39,10 +39,10 @@ index c92806f9201f..5117a0ef9c0b 100644
$(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
diff --git a/engines/Makefile b/engines/Makefile
-index 2fa9534401b1..58e028131786 100644
+index da6c875..8c925f4 100644
--- a/engines/Makefile
+++ b/engines/Makefile
-@@ -107,7 +107,7 @@ install:
+@@ -107,13 +107,13 @@ install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
@@ -51,16 +51,19 @@ index 2fa9534401b1..58e028131786 100644
for l in $(LIBNAMES); do \
( echo installing $$l; \
pfx=lib; \
-@@ -119,13 +119,13 @@ install:
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+- cp cyg$$l.dll
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++ cp cyg$$l.dll
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new;
\
+ else \
+ case "$(CFLAGS)" in \
+ *DSO_BEOS*) sfx=".so";; \
+@@ -122,10 +122,10 @@ install:
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
- cp $$pfx$$l$$sfx
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
+ cp $$pfx$$l$$sfx
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new;
\
- else \
- sfx=".so"; \
-- cp cyg$$l.dll
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+ cp cyg$$l.dll
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$$pfx$$l$$sfx.new;
\
fi; \
- chmod 555
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
- mv -f
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
@@ -70,18 +73,24 @@ index 2fa9534401b1..58e028131786 100644
fi
@target=install; $(RECURSIVE_MAKE)
diff --git a/engines/ccgost/Makefile b/engines/ccgost/Makefile
-index d661c1082851..3e593b1e3e03 100644
+index 2f36580..c3efd8b 100644
--- a/engines/ccgost/Makefile
+++ b/engines/ccgost/Makefile
-@@ -53,13 +53,13 @@ install:
+@@ -47,7 +47,7 @@ install:
+ pfx=lib; \
+ if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+ sfx=".so"; \
+- cp cyg$(LIBNAME).dll
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++ cp cyg$(LIBNAME).dll
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new;
\
+ else \
+ case "$(CFLAGS)" in \
+ *DSO_BEOS*) sfx=".so";; \
+@@ -56,10 +56,10 @@ install:
*DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
*) sfx=".bad";; \
esac; \
- cp $${pfx}$(LIBNAME)$$sfx
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
+ cp $${pfx}$(LIBNAME)$$sfx
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/openssl-1.0.0/engines/$${pfx}$(LIBNAME)$$sfx.new;
\
- else \
- sfx=".so"; \
- cp cyg$(LIBNAME).dll
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
fi; \
- chmod 555
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
- mv -f
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
diff --git a/patches/openssl-1.0.1k/0004-no-rpath.patch
b/patches/openssl-1.0.2/0004-no-rpath.patch
similarity index 73%
rename from patches/openssl-1.0.1k/0004-no-rpath.patch
rename to patches/openssl-1.0.2/0004-no-rpath.patch
index a48ef65..b618f5d 100644
--- a/patches/openssl-1.0.1k/0004-no-rpath.patch
+++ b/patches/openssl-1.0.2/0004-no-rpath.patch
@@ -1,16 +1,16 @@
-From: Michael Olbrich <m.olbr...@pengutronix.de>
-Date: Sat, 10 Jan 2015 09:16:02 +0100
+From: Bruno Thomsen <b...@kamstrup.com>
+Date: Mon, 23 Feb 2015 16:13:40 +0100
Subject: [PATCH] no-rpath
-Imported from openssl_1.0.1k-1.debian.tar.xz
+Imported from openssl_1.0.2-1.debian.tar.xz
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
+Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
---
Makefile.shared | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.shared b/Makefile.shared
-index e753f44e18fd..6e3f886980bf 100644
+index e753f44..6e3f886 100644
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -153,7 +153,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
diff --git a/patches/openssl-1.0.1k/0005-no-symbolic.patch
b/patches/openssl-1.0.2/0005-no-symbolic.patch
similarity index 72%
rename from patches/openssl-1.0.1k/0005-no-symbolic.patch
rename to patches/openssl-1.0.2/0005-no-symbolic.patch
index 42df2e5..e3b7a7c 100644
--- a/patches/openssl-1.0.1k/0005-no-symbolic.patch
+++ b/patches/openssl-1.0.2/0005-no-symbolic.patch
@@ -1,16 +1,16 @@
-From: Michael Olbrich <m.olbr...@pengutronix.de>
-Date: Sat, 10 Jan 2015 09:16:02 +0100
+From: Bruno Thomsen <b...@kamstrup.com>
+Date: Mon, 23 Feb 2015 16:13:40 +0100
Subject: [PATCH] no-symbolic
-Imported from openssl_1.0.1k-1.debian.tar.xz
+Imported from openssl_1.0.2-1.debian.tar.xz
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
+Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
---
Makefile.shared | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/Makefile.shared b/Makefile.shared
-index 6e3f886980bf..44e3d9c48440 100644
+index 6e3f886..44e3d9c 100644
--- a/Makefile.shared
+++ b/Makefile.shared
@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \
diff --git a/patches/openssl-1.0.1k/0006-pic.patch
b/patches/openssl-1.0.2/0006-pic.patch
similarity index 89%
rename from patches/openssl-1.0.1k/0006-pic.patch
rename to patches/openssl-1.0.2/0006-pic.patch
index 20b1b68..ef7a08b 100644
--- a/patches/openssl-1.0.1k/0006-pic.patch
+++ b/patches/openssl-1.0.2/0006-pic.patch
@@ -1,10 +1,10 @@
-From: Michael Olbrich <m.olbr...@pengutronix.de>
-Date: Sat, 10 Jan 2015 09:16:02 +0100
+From: Bruno Thomsen <b...@kamstrup.com>
+Date: Mon, 23 Feb 2015 16:13:40 +0100
Subject: [PATCH] pic
-Imported from openssl_1.0.1k-1.debian.tar.xz
+Imported from openssl_1.0.2-1.debian.tar.xz
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
+Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
---
crypto/des/asm/desboth.pl | 17 ++++++++++++++---
crypto/perlasm/cbc.pl | 24 ++++++++++++++++++++----
@@ -13,7 +13,7 @@ Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
4 files changed, 55 insertions(+), 12 deletions(-)
diff --git a/crypto/des/asm/desboth.pl b/crypto/des/asm/desboth.pl
-index eec00886e4c6..ab6f52452bf3 100644
+index eec0088..ab6f524 100644
--- a/crypto/des/asm/desboth.pl
+++ b/crypto/des/asm/desboth.pl
@@ -16,6 +16,11 @@ sub DES_encrypt3
@@ -54,7 +54,7 @@ index eec00886e4c6..ab6f52452bf3 100644
&stack_pop(3);
&mov($L,&DWP(0,"ebx","",0));
diff --git a/crypto/perlasm/cbc.pl b/crypto/perlasm/cbc.pl
-index 24561e759aba..269fb0b0c69f 100644
+index 24561e7..269fb0b 100644
--- a/crypto/perlasm/cbc.pl
+++ b/crypto/perlasm/cbc.pl
@@ -122,7 +122,11 @@ sub cbc
@@ -110,10 +110,10 @@ index 24561e759aba..269fb0b0c69f 100644
&mov("eax", &DWP($data_off,"esp","",0)); # get return
&mov("ebx", &DWP($data_off+4,"esp","",0)); #
diff --git a/crypto/perlasm/x86gas.pl b/crypto/perlasm/x86gas.pl
-index 682a3a3163e2..9d4662cb9624 100644
+index 63b2301..176b04d 100644
--- a/crypto/perlasm/x86gas.pl
+++ b/crypto/perlasm/x86gas.pl
-@@ -161,6 +161,7 @@ sub ::file_end
+@@ -163,6 +163,7 @@ sub ::file_end
if ($::macosx) { push (@out,"$tmp,2\n"); }
elsif ($::elf) { push (@out,"$tmp,4\n"); }
else { push (@out,"$tmp\n"); }
@@ -121,7 +121,7 @@ index 682a3a3163e2..9d4662cb9624 100644
}
push(@out,$initseg) if ($initseg);
}
-@@ -218,8 +219,23 @@ ___
+@@ -221,8 +222,23 @@ ___
elsif ($::elf)
{ $initseg.=<<___;
.section .init
@@ -146,7 +146,7 @@ index 682a3a3163e2..9d4662cb9624 100644
elsif ($::coff)
{ $initseg.=<<___; # applies to both Cygwin and Mingw
diff --git a/crypto/x86cpuid.pl b/crypto/x86cpuid.pl
-index b270b44337d1..c01ba8383401 100644
+index e95f627..6e8329d 100644
--- a/crypto/x86cpuid.pl
+++ b/crypto/x86cpuid.pl
@@ -8,6 +8,8 @@ require "x86asm.pl";
@@ -158,7 +158,7 @@ index b270b44337d1..c01ba8383401 100644
&function_begin("OPENSSL_ia32_cpuid");
&xor ("edx","edx");
&pushf ();
-@@ -141,9 +143,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+@@ -155,9 +157,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
&set_label("nocpuid");
&function_end("OPENSSL_ia32_cpuid");
@@ -169,7 +169,7 @@ index b270b44337d1..c01ba8383401 100644
&xor ("eax","eax");
&xor ("edx","edx");
&picmeup("ecx","OPENSSL_ia32cap_P");
-@@ -157,7 +157,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+@@ -171,7 +171,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
# This works in Ring 0 only [read DJGPP+MS-DOS+privileged DPMI host],
# but it's safe to call it on any [supported] 32-bit platform...
# Just check for [non-]zero return value...
@@ -178,7 +178,7 @@ index b270b44337d1..c01ba8383401 100644
&picmeup("ecx","OPENSSL_ia32cap_P");
&bt (&DWP(0,"ecx"),4);
&jnc (&label("nohalt")); # no TSC
-@@ -224,7 +224,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
+@@ -238,7 +238,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
&ret ();
&function_end_B("OPENSSL_far_spin");
diff --git a/patches/openssl-1.0.2/0007-valgrind.patch
b/patches/openssl-1.0.2/0007-valgrind.patch
new file mode 100644
index 0000000..41f0faa
--- /dev/null
+++ b/patches/openssl-1.0.2/0007-valgrind.patch
@@ -0,0 +1,31 @@
+From: Bruno Thomsen <b...@kamstrup.com>
+Date: Mon, 23 Feb 2015 16:13:40 +0100
+Subject: [PATCH] valgrind
+
+Imported from openssl_1.0.2-1.debian.tar.xz
+
+Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
+---
+ crypto/rand/md_rand.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
+index 5c13d57..9e0064e 100644
+--- a/crypto/rand/md_rand.c
++++ b/crypto/rand/md_rand.c
+@@ -480,6 +480,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int
pseudo, int lock)
+ MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
+
+ #ifndef PURIFY /* purify complains */
++#if 0
+ /*
+ * The following line uses the supplied buffer as a small source of
+ * entropy: since this buffer is often uninitialised it may cause
+@@ -489,6 +490,7 @@ int ssleay_rand_bytes(unsigned char *buf, int num, int
pseudo, int lock)
+ */
+ MD_Update(&m, buf, j);
+ #endif
++#endif
+
+ k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
+ if (k > 0) {
diff --git a/patches/openssl-1.0.1k/0009-shared-lib-ext.patch
b/patches/openssl-1.0.2/0008-shared-lib-ext.patch
similarity index 70%
rename from patches/openssl-1.0.1k/0009-shared-lib-ext.patch
rename to patches/openssl-1.0.2/0008-shared-lib-ext.patch
index e7c8a22..f46bdfc 100644
--- a/patches/openssl-1.0.1k/0009-shared-lib-ext.patch
+++ b/patches/openssl-1.0.2/0008-shared-lib-ext.patch
@@ -1,19 +1,19 @@
-From: Michael Olbrich <m.olbr...@pengutronix.de>
-Date: Sat, 10 Jan 2015 09:16:02 +0100
+From: Bruno Thomsen <b...@kamstrup.com>
+Date: Mon, 23 Feb 2015 16:13:40 +0100
Subject: [PATCH] shared-lib-ext
-Imported from openssl_1.0.1k-1.debian.tar.xz
+Imported from openssl_1.0.2-1.debian.tar.xz
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
+Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
---
Configure | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Configure b/Configure
-index c6b4b86c0764..22d307c1fbbd 100755
+index 17005e6..5ef34d9 100755
--- a/Configure
+++ b/Configure
-@@ -1733,7 +1733,8 @@ while (<IN>)
+@@ -1790,7 +1790,8 @@ while (<IN>)
elsif ($shared_extension ne "" && $shared_extension =~
/^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
diff --git a/patches/openssl-1.0.2/0009-libdoc-manpgs-pod-spell.patch
b/patches/openssl-1.0.2/0009-libdoc-manpgs-pod-spell.patch
new file mode 100644
index 0000000..25f6ab9
--- /dev/null
+++ b/patches/openssl-1.0.2/0009-libdoc-manpgs-pod-spell.patch
@@ -0,0 +1,24 @@
+From: Bruno Thomsen <b...@kamstrup.com>
+Date: Mon, 23 Feb 2015 16:13:40 +0100
+Subject: [PATCH] libdoc-manpgs-pod-spell
+
+Imported from openssl_1.0.2-1.debian.tar.xz
+
+Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
+---
+ doc/crypto/EVP_PKEY_cmp.pod | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/doc/crypto/EVP_PKEY_cmp.pod b/doc/crypto/EVP_PKEY_cmp.pod
+index 0ff027c..94fcf66 100644
+--- a/doc/crypto/EVP_PKEY_cmp.pod
++++ b/doc/crypto/EVP_PKEY_cmp.pod
+@@ -26,7 +26,7 @@ B<from> to key B<to>.
+ The function EVP_PKEY_cmp_parameters() compares the parameters of keys
+ B<a> and B<b>.
+
+-The function EVP_PKEY_cmp() compares the public key components and paramters
++The function EVP_PKEY_cmp() compares the public key components and parameters
+ (if present) of keys B<a> and B<b>.
+
+ =head1 NOTES
diff --git a/patches/openssl-1.0.2/0010-openssl-pod-misspell.patch
b/patches/openssl-1.0.2/0010-openssl-pod-misspell.patch
new file mode 100644
index 0000000..7778245
--- /dev/null
+++ b/patches/openssl-1.0.2/0010-openssl-pod-misspell.patch
@@ -0,0 +1,52 @@
+From: Bruno Thomsen <b...@kamstrup.com>
+Date: Mon, 23 Feb 2015 16:13:40 +0100
+Subject: [PATCH] openssl-pod-misspell
+
+Imported from openssl_1.0.2-1.debian.tar.xz
+
+Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
+---
+ apps/ca.c | 2 +-
+ crypto/evp/encode.c | 2 +-
+ doc/apps/req.pod | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/apps/ca.c b/apps/ca.c
+index f0a19cf..b591324 100644
+--- a/apps/ca.c
++++ b/apps/ca.c
+@@ -148,7 +148,7 @@
+ static const char *ca_usage[] = {
+ "usage: ca args\n",
+ "\n",
+- " -verbose - Talk alot while doing things\n",
++ " -verbose - Talk a lot while doing things\n",
+ " -config file - A config file\n",
+ " -name arg - The particular CA definition to use\n",
+ " -gencrl - Generate a new CRL\n",
+diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
+index d1d8a07..53cc586 100644
+--- a/crypto/evp/encode.c
++++ b/crypto/evp/encode.c
+@@ -248,7 +248,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char
*out, int *outl,
+
+ /* We parse the input data */
+ for (i = 0; i < inl; i++) {
+- /* If the current line is > 80 characters, scream alot */
++ /* If the current line is > 80 characters, scream a lot */
+ if (ln >= 80) {
+ rv = -1;
+ goto end;
+diff --git a/doc/apps/req.pod b/doc/apps/req.pod
+index df68cb0..4e39faf 100644
+--- a/doc/apps/req.pod
++++ b/doc/apps/req.pod
+@@ -159,7 +159,7 @@ B<param:file> generates a key using the parameter file or
certificate B<file>,
+ the algorithm is determined by the parameters. B<algname:file> use algorithm
+ B<algname> and parameter file B<file>: the two algorithms must match or an
+ error occurs. B<algname> just uses algorithm B<algname>, and parameters,
+-if neccessary should be specified via B<-pkeyopt> parameter.
++if necessary should be specified via B<-pkeyopt> parameter.
+
+ B<dsa:filename> generates a DSA key using the parameters
+ in the file B<filename>. B<ec:filename> generates EC key (usable both with
diff --git a/patches/openssl-1.0.1k/0011-block_diginotar.patch
b/patches/openssl-1.0.2/0011-block_diginotar.patch
similarity index 65%
rename from patches/openssl-1.0.1k/0011-block_diginotar.patch
rename to patches/openssl-1.0.2/0011-block_diginotar.patch
index f4cac1a..a4e19f4 100644
--- a/patches/openssl-1.0.1k/0011-block_diginotar.patch
+++ b/patches/openssl-1.0.2/0011-block_diginotar.patch
@@ -1,42 +1,42 @@
From: Raphael Geissert <geiss...@debian.org>
-Date: Sat, 10 Jan 2015 09:16:02 +0100
+Date: Mon, 23 Feb 2015 16:13:40 +0100
Subject: [PATCH] block_diginotar
This is not meant as final patch.
-Imported from openssl_1.0.1k-1.debian.tar.xz
+Imported from openssl_1.0.2-1.debian.tar.xz
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
+Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
---
crypto/x509/x509_vfy.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 920066aeba3b..5b1a0aa054be 100644
+index 1196a2a..ebb8443 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
-@@ -117,6 +117,7 @@ static int check_trust(X509_STORE_CTX *ctx);
+@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *ctx);
static int check_revocation(X509_STORE_CTX *ctx);
static int check_cert(X509_STORE_CTX *ctx);
static int check_policy(X509_STORE_CTX *ctx);
+static int check_ca_blacklist(X509_STORE_CTX *ctx);
static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
- unsigned int *preasons,
-@@ -369,6 +370,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
- ok=internal_verify(ctx);
- if(!ok) goto end;
+ unsigned int *preasons, X509_CRL *crl, X509 *x);
+@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
+ if (!ok)
+ goto end;
+ ok = check_ca_blacklist(ctx);
+ if(!ok) goto end;
+
#ifndef OPENSSL_NO_RFC3779
- /* RFC 3779 path validation, now that CRL check has been done */
- ok = v3_asid_validate_path(ctx);
-@@ -827,6 +831,29 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL
*crl, int notify)
- return 1;
- }
+ /* RFC 3779 path validation, now that CRL check has been done */
+ ok = v3_asid_validate_path(ctx);
+@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL
*crl, int notify)
+ return 1;
+ }
+static int check_ca_blacklist(X509_STORE_CTX *ctx)
+ {
@@ -62,5 +62,5 @@ index 920066aeba3b..5b1a0aa054be 100644
+ }
+
static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
- X509 **pissuer, int *pscore, unsigned int *preasons,
- STACK_OF(X509_CRL) *crls)
+ X509 **pissuer, int *pscore, unsigned int *preasons,
+ STACK_OF(X509_CRL) *crls)
diff --git a/patches/openssl-1.0.1k/0012-block_digicert_malaysia.patch
b/patches/openssl-1.0.2/0012-block_digicert_malaysia.patch
similarity index 77%
rename from patches/openssl-1.0.1k/0012-block_digicert_malaysia.patch
rename to patches/openssl-1.0.2/0012-block_digicert_malaysia.patch
index 7782c2e..33dac2f 100644
--- a/patches/openssl-1.0.1k/0012-block_digicert_malaysia.patch
+++ b/patches/openssl-1.0.2/0012-block_digicert_malaysia.patch
@@ -1,19 +1,19 @@
From: Raphael Geissert <geiss...@debian.org>
-Date: Sat, 10 Jan 2015 09:16:02 +0100
+Date: Mon, 23 Feb 2015 16:13:40 +0100
Subject: [PATCH] block_digicert_malaysia
-Imported from openssl_1.0.1k-1.debian.tar.xz
+Imported from openssl_1.0.2-1.debian.tar.xz
-Signed-off-by: Michael Olbrich <m.olbr...@pengutronix.de>
+Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
---
crypto/x509/x509_vfy.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 5b1a0aa054be..696f8d63a5b1 100644
+index ebb8443..bf91023 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
-@@ -839,10 +839,11 @@ static int check_ca_blacklist(X509_STORE_CTX *ctx)
+@@ -950,10 +950,11 @@ static int check_ca_blacklist(X509_STORE_CTX *ctx)
for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
{
x = sk_X509_value(ctx->chain, i);
diff --git a/patches/openssl-1.0.2/0013-Disable-the-freelist.patch
b/patches/openssl-1.0.2/0013-Disable-the-freelist.patch
new file mode 100644
index 0000000..3125219
--- /dev/null
+++ b/patches/openssl-1.0.2/0013-Disable-the-freelist.patch
@@ -0,0 +1,42 @@
+From: Kurt Roeckx <k...@roeckx.be>
+Date: Mon, 23 Feb 2015 16:13:40 +0100
+Subject: [PATCH] Disable the freelist
+
+We don't define OPENSSL_NO_BUF_FREELISTS globally sinc it changes structures
and
+would break the ABI. Instead we just do it in the .c files that try to do
+something with it.
+
+
+Imported from openssl_1.0.2-1.debian.tar.xz
+
+Signed-off-by: Bruno Thomsen <b...@kamstrup.com>
+---
+ ssl/s3_both.c | 1 +
+ ssl/ssl_lib.c | 2 ++
+ 2 files changed, 3 insertions(+)
+
+diff --git a/ssl/s3_both.c b/ssl/s3_both.c
+index c92fd72..8982350 100644
+--- a/ssl/s3_both.c
++++ b/ssl/s3_both.c
+@@ -573,6 +573,7 @@ int ssl_verify_alarm_type(long type)
+ return (al);
+ }
+
++#define OPENSSL_NO_BUF_FREELISTS
+ #ifndef OPENSSL_NO_BUF_FREELISTS
+ /*-
+ * On some platforms, malloc() performance is bad enough that you can't just
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index e9ad2bc..7b96d16 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -162,6 +162,8 @@
+
+ const char *SSL_version_str = OPENSSL_VERSION_TEXT;
+
++#define OPENSSL_NO_BUF_FREELISTS
++
+ SSL3_ENC_METHOD ssl3_undef_enc_method = {
+ /*
+ * evil casts, but these functions are only called if there's a library
diff --git
a/patches/openssl-1.0.1k/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
b/patches/openssl-1.0.2/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
similarity index 100%
rename from
patches/openssl-1.0.1k/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
rename to
patches/openssl-1.0.2/0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
diff --git a/patches/openssl-1.0.1k/series b/patches/openssl-1.0.2/series
similarity index 65%
rename from patches/openssl-1.0.1k/series
rename to patches/openssl-1.0.2/series
index ad425bb..4c854a7 100644
--- a/patches/openssl-1.0.1k/series
+++ b/patches/openssl-1.0.2/series
@@ -8,13 +8,12 @@
0005-no-symbolic.patch
0006-pic.patch
0007-valgrind.patch
-0008-rehash-crt.patch
-0009-shared-lib-ext.patch
-0010-stddef.patch
+0008-shared-lib-ext.patch
+0009-libdoc-manpgs-pod-spell.patch
+0010-openssl-pod-misspell.patch
0011-block_diginotar.patch
0012-block_digicert_malaysia.patch
-0013-Change-default-bit-size-and-digest.patch
-0014-openssl_fix_for_x32.patch
+0013-Disable-the-freelist.patch
#tag:ptx --start-number 100
0100-Configure-don-t-ask-dpkg-buildflags-for-more-flags.patch
-# b3f0cb7915424a88c4a3ff5ca4461972 - git-ptx-patches magic
+# b0bd257b376012012639ef11fe1b30f0 - git-ptx-patches magic
diff --git a/rules/openssl.make b/rules/openssl.make
index 71cab77..573ddf6 100644
--- a/rules/openssl.make
+++ b/rules/openssl.make
@@ -18,8 +18,8 @@ PACKAGES-$(PTXCONF_OPENSSL) += openssl
#
# Paths and names
#
-OPENSSL_VERSION := 1.0.1k
-OPENSSL_MD5 := d4f002bd22a56881340105028842ae1f
+OPENSSL_VERSION := 1.0.2
+OPENSSL_MD5 := 38373013fc85c790aabf8837969c5eba
OPENSSL := openssl-$(OPENSSL_VERSION)
OPENSSL_SUFFIX := tar.gz
OPENSSL_URL := http://www.openssl.org/source/$(OPENSSL).$(OPENSSL_SUFFIX)
--
1.9.1
--
ptxdist mailing list
ptxdist@pengutronix.de
