This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via b7234e013e0316148d5250543c1b44ef2fc8969f (commit) via 0a2f51fba67ac7d4b5ef484a1c129ce220adf5f8 (commit) via 6564ae03fe08f4ff734ef5cf93c04cbb9b0c8658 (commit) from 37835947b2615a735aca6acde4a436c023267052 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit b7234e013e0316148d5250543c1b44ef2fc8969f Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jul 5 23:55:04 2015 +0200
openssl: Update to version 1.0.2c
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 0a2f51fba67ac7d4b5ef484a1c129ce220adf5f8 Merge: 6564ae0 3783594 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jul 5 23:53:42 2015 +0200
Merge branch 'master' of ssh://git.ipfire.org/pub/git/ipfire-3.x
commit 6564ae03fe08f4ff734ef5cf93c04cbb9b0c8658 Author: Michael Tremer michael.tremer@ipfire.org Date: Fri Jun 12 00:43:49 2015 +0200
rp-pppoe: Update to 3.11
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: openssl/openssl.nm | 46 +- openssl/patches/openssl-0.9.6-x509.patch | 29 -- .../openssl-0.9.8b-test-use-localhost.patch | 24 - .../openssl-0.9.8j-version-add-engines.patch | 48 -- .../openssl-1.0.0-beta4-default-paths.patch | 77 --- .../openssl-1.0.0-beta5-readme-warning.patch | 39 -- openssl/patches/openssl-1.0.0-timezone.patch | 21 - openssl/patches/openssl-1.0.0d-apps-dgst.patch | 110 ----- openssl/patches/openssl-1.0.0d-xmpp-starttls.patch | 12 - openssl/patches/openssl-1.0.0e-chil-fixes.patch | 24 - openssl/patches/openssl-1.0.0e-doc-noeof.patch | 23 - openssl/patches/openssl-1.0.0f-defaults.patch | 44 -- openssl/patches/openssl-1.0.1-beta2-build.patch | 109 ----- .../patches/openssl-1.0.1-beta2-dtls1-abi.patch | 23 - .../patches/openssl-1.0.1-beta2-padlock64.patch | 193 -------- openssl/patches/openssl-1.0.1a-algo-doc.patch | 77 --- openssl/patches/openssl-1.0.1e-env-zlib.patch | 38 -- openssl/patches/openssl-1.0.1e-issuer-hash.patch | 11 - openssl/patches/openssl-1.0.1e-ssl2-no-ec.patch | 17 - openssl/patches/openssl-1.0.1e-version.patch | 63 --- openssl/patches/openssl-1.0.1g-3des-strength.patch | 168 ------- openssl/patches/openssl-1.0.1h-ipv6-apps.patch | 529 --------------------- openssl/patches/openssl-1.0.1h-manfix.patch | 135 ------ openssl/patches/openssl-1.0.2a-version.patch | 83 ++++ openssl/patches/openssl-1.0.2c-rpmbuild.patch | 114 +++++ rp-pppoe/rp-pppoe.nm | 4 +- 26 files changed, 235 insertions(+), 1826 deletions(-) delete mode 100644 openssl/patches/openssl-0.9.6-x509.patch delete mode 100644 openssl/patches/openssl-0.9.8b-test-use-localhost.patch delete mode 100644 openssl/patches/openssl-0.9.8j-version-add-engines.patch delete mode 100644 openssl/patches/openssl-1.0.0-beta4-default-paths.patch delete mode 100644 openssl/patches/openssl-1.0.0-beta5-readme-warning.patch delete mode 100644 openssl/patches/openssl-1.0.0-timezone.patch delete mode 100644 openssl/patches/openssl-1.0.0d-apps-dgst.patch delete mode 100644 openssl/patches/openssl-1.0.0d-xmpp-starttls.patch delete mode 100644 openssl/patches/openssl-1.0.0e-chil-fixes.patch delete mode 100644 openssl/patches/openssl-1.0.0e-doc-noeof.patch delete mode 100644 openssl/patches/openssl-1.0.0f-defaults.patch delete mode 100644 openssl/patches/openssl-1.0.1-beta2-build.patch delete mode 100644 openssl/patches/openssl-1.0.1-beta2-dtls1-abi.patch delete mode 100644 openssl/patches/openssl-1.0.1-beta2-padlock64.patch delete mode 100644 openssl/patches/openssl-1.0.1a-algo-doc.patch delete mode 100644 openssl/patches/openssl-1.0.1e-env-zlib.patch delete mode 100644 openssl/patches/openssl-1.0.1e-issuer-hash.patch delete mode 100644 openssl/patches/openssl-1.0.1e-ssl2-no-ec.patch delete mode 100644 openssl/patches/openssl-1.0.1e-version.patch delete mode 100644 openssl/patches/openssl-1.0.1g-3des-strength.patch delete mode 100644 openssl/patches/openssl-1.0.1h-ipv6-apps.patch delete mode 100644 openssl/patches/openssl-1.0.1h-manfix.patch create mode 100644 openssl/patches/openssl-1.0.2a-version.patch create mode 100644 openssl/patches/openssl-1.0.2c-rpmbuild.patch
Difference in files: diff --git a/openssl/openssl.nm b/openssl/openssl.nm index 7ddb8e1..c2d3c65 100644 --- a/openssl/openssl.nm +++ b/openssl/openssl.nm @@ -4,8 +4,8 @@ ###############################################################################
name = openssl -version = 1.0.1h -release = 2 +version = 1.0.2c +release = 1
maintainer = Michael Tremer michael.tremer@ipfire.org groups = System/Libraries @@ -118,16 +118,42 @@ build
# Rename man pages so that they don't conflict with other system man pages. pushd %{BUILDROOT}%{mandir} - for manpage in man*/*; do - if [ -L ${manpage} ]; then - TARGET=`ls -l ${manpage} | awk '{ print $NF }'` - ln -snf ${TARGET}ssl ${manpage}ssl - rm -f ${manpage} - else - mv ${manpage} ${manpage}ssl - fi + for m in $(find . -type f | xargs grep -L '#include'); do + d="${m%/*}" + d="${d#./}" + m="${m##*/}" + [[ ${m} == openssl.1* ]] && continue + [[ -n "$(find -L "${d}" -type l)" ]] && exit 1 + mv ${d}/{,ssl-}${m} + + # fix up references to renamed man pages + sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:([^(, ]*(1)):ssl-\1:g' "${d}/ssl-${m}" + ln -s "ssl-${m}" "${d}/openssl-${m}" + + # locate any symlinks that point to this man page ... we assume + # that any broken links are due to the above renaming + for s in $(find -L "${d}" -type l); do + s="${s##*/}" + rm -f "${d}/${s}" + ln -s "ssl-${m}" "${d}/ssl-${s}" + ln -s "ssl-${s}" "${d}/openssl-${s}" + done done + + [[ -n "$(find -L "${d}" -type l)" ]] && exit 1 # "broken manpage links found :(" popd + + #pushd %{BUILDROOT}%{mandir} + #for manpage in man*/*; do + # if [ -L "${manpage}" ]; then + # TARGET="$(ls -l "${manpage}" | awk '{ print $NF }')" + # ln -snf "${TARGET}ssl" "${manpage}ssl" + # rm -f "${manpage}" + # else + # mv "${manpage}" "${manpage}ssl" + # fi + #done + #popd end end
diff --git a/openssl/patches/openssl-0.9.6-x509.patch b/openssl/patches/openssl-0.9.6-x509.patch deleted file mode 100644 index 7b3f49f..0000000 --- a/openssl/patches/openssl-0.9.6-x509.patch +++ /dev/null @@ -1,29 +0,0 @@ -Do not treat duplicate certs as an error. - ---- openssl-0.9.6/crypto/x509/by_file.c Wed Sep 27 15:09:05 2000 -+++ openssl-0.9.6/crypto/x509/by_file.c Wed Sep 27 14:21:20 2000 -@@ -163,8 +163,12 @@ - } - } - i=X509_STORE_add_cert(ctx->store_ctx,x); -- if (!i) goto err; -- count++; -+ /* ignore any problems with current certificate -+ and continue with the next one */ -+ if (i) -+ count++; -+ else -+ ERR_clear_error(); - X509_free(x); - x=NULL; - } -@@ -179,7 +183,8 @@ - goto err; - } - i=X509_STORE_add_cert(ctx->store_ctx,x); -- if (!i) goto err; -+ if (!i) -+ ERR_clear_error(); - ret=i; - } - else diff --git a/openssl/patches/openssl-0.9.8b-test-use-localhost.patch b/openssl/patches/openssl-0.9.8b-test-use-localhost.patch deleted file mode 100644 index 08adf1c..0000000 --- a/openssl/patches/openssl-0.9.8b-test-use-localhost.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up openssl-0.9.8b/ssl/ssltest.c.use-localhost openssl-0.9.8b/ssl/ssltest.c ---- openssl-0.9.8b/ssl/ssltest.c.use-localhost 2006-02-24 18:58:35.000000000 +0100 -+++ openssl-0.9.8b/ssl/ssltest.c 2007-08-03 14:06:16.000000000 +0200 -@@ -839,19 +839,8 @@ bad: - #ifndef OPENSSL_NO_KRB5 - if (c_ssl && c_ssl->kssl_ctx) - { -- char localhost[MAXHOSTNAMELEN+2]; -- -- if (gethostname(localhost, sizeof localhost-1) == 0) -- { -- localhost[sizeof localhost-1]='\0'; -- if(strlen(localhost) == sizeof localhost-1) -- { -- BIO_printf(bio_err,"localhost name too long\n"); -- goto end; -- } - kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER, -- localhost); -- } -+ "localhost"); - } - #endif /* OPENSSL_NO_KRB5 */ - diff --git a/openssl/patches/openssl-0.9.8j-version-add-engines.patch b/openssl/patches/openssl-0.9.8j-version-add-engines.patch deleted file mode 100644 index f54326c..0000000 --- a/openssl/patches/openssl-0.9.8j-version-add-engines.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up openssl-0.9.8j/apps/version.c.version-add-engines openssl-0.9.8j/apps/version.c ---- openssl-0.9.8j/apps/version.c.version-add-engines 2008-10-20 14:53:33.000000000 +0200 -+++ openssl-0.9.8j/apps/version.c 2009-01-13 23:22:03.000000000 +0100 -@@ -131,6 +131,7 @@ - #ifndef OPENSSL_NO_BF - # include <openssl/blowfish.h> - #endif -+#include <openssl/engine.h> - - #undef PROG - #define PROG version_main -@@ -140,7 +141,7 @@ int MAIN(int, char **); - int MAIN(int argc, char **argv) - { - int i,ret=0; -- int cflags=0,version=0,date=0,options=0,platform=0,dir=0; -+ int cflags=0,version=0,date=0,options=0,platform=0,dir=0,engines=0; - - apps_startup(); - -@@ -164,7 +165,7 @@ int MAIN(int argc, char **argv) - else if (strcmp(argv[i],"-d") == 0) - dir=1; - else if (strcmp(argv[i],"-a") == 0) -- date=version=cflags=options=platform=dir=1; -+ date=version=cflags=options=platform=dir=engines=1; - else - { - BIO_printf(bio_err,"usage:version -[avbofpd]\n"); -@@ -211,6 +212,18 @@ int MAIN(int argc, char **argv) - } - if (cflags) printf("%s\n",SSLeay_version(SSLEAY_CFLAGS)); - if (dir) printf("%s\n",SSLeay_version(SSLEAY_DIR)); -+ if (engines) -+ { -+ ENGINE *e; -+ printf("engines: "); -+ e = ENGINE_get_first(); -+ while (e) -+ { -+ printf("%s ", ENGINE_get_id(e)); -+ e = ENGINE_get_next(e); -+ } -+ printf("\n"); -+ } - end: - apps_shutdown(); - OPENSSL_EXIT(ret); diff --git a/openssl/patches/openssl-1.0.0-beta4-default-paths.patch b/openssl/patches/openssl-1.0.0-beta4-default-paths.patch deleted file mode 100644 index 0b48a27..0000000 --- a/openssl/patches/openssl-1.0.0-beta4-default-paths.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -up openssl-1.0.0-beta4/apps/s_client.c.default-paths openssl-1.0.0-beta4/apps/s_client.c ---- openssl-1.0.0-beta4/apps/s_client.c.default-paths 2009-08-12 15:21:26.000000000 +0200 -+++ openssl-1.0.0-beta4/apps/s_client.c 2009-11-12 12:26:32.000000000 +0100 -@@ -889,12 +889,13 @@ bad: - if (!set_cert_key_stuff(ctx,cert,key)) - goto end; - -- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx))) -+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) -+ { -+ ERR_print_errors(bio_err); -+ } -+ if (!SSL_CTX_set_default_verify_paths(ctx)) - { -- /* BIO_printf(bio_err,"error setting default verify locations\n"); */ - ERR_print_errors(bio_err); -- /* goto end; */ - } - - #ifndef OPENSSL_NO_TLSEXT -diff -up openssl-1.0.0-beta4/apps/s_server.c.default-paths openssl-1.0.0-beta4/apps/s_server.c ---- openssl-1.0.0-beta4/apps/s_server.c.default-paths 2009-10-28 18:49:37.000000000 +0100 -+++ openssl-1.0.0-beta4/apps/s_server.c 2009-11-12 12:31:23.000000000 +0100 -@@ -1408,12 +1408,13 @@ bad: - } - #endif - -- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx))) -+ if (!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) -+ { -+ ERR_print_errors(bio_err); -+ } -+ if (!SSL_CTX_set_default_verify_paths(ctx)) - { -- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */ - ERR_print_errors(bio_err); -- /* goto end; */ - } - if (vpm) - SSL_CTX_set1_param(ctx, vpm); -@@ -1465,8 +1466,11 @@ bad: - else - SSL_CTX_sess_set_cache_size(ctx2,128); - -- if ((!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) || -- (!SSL_CTX_set_default_verify_paths(ctx2))) -+ if (!SSL_CTX_load_verify_locations(ctx2,CAfile,CApath)) -+ { -+ ERR_print_errors(bio_err); -+ } -+ if (!SSL_CTX_set_default_verify_paths(ctx2)) - { - ERR_print_errors(bio_err); - } -diff -up openssl-1.0.0-beta4/apps/s_time.c.default-paths openssl-1.0.0-beta4/apps/s_time.c ---- openssl-1.0.0-beta4/apps/s_time.c.default-paths 2006-04-17 14:22:13.000000000 +0200 -+++ openssl-1.0.0-beta4/apps/s_time.c 2009-11-12 12:26:32.000000000 +0100 -@@ -373,12 +373,13 @@ int MAIN(int argc, char **argv) - - SSL_load_error_strings(); - -- if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) || -- (!SSL_CTX_set_default_verify_paths(tm_ctx))) -+ if (!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) -+ { -+ ERR_print_errors(bio_err); -+ } -+ if (!SSL_CTX_set_default_verify_paths(tm_ctx)) - { -- /* BIO_printf(bio_err,"error setting default verify locations\n"); */ - ERR_print_errors(bio_err); -- /* goto end; */ - } - - if (tm_cipher == NULL) diff --git a/openssl/patches/openssl-1.0.0-beta5-readme-warning.patch b/openssl/patches/openssl-1.0.0-beta5-readme-warning.patch deleted file mode 100644 index 0d89720..0000000 --- a/openssl/patches/openssl-1.0.0-beta5-readme-warning.patch +++ /dev/null @@ -1,39 +0,0 @@ -diff -up openssl-1.0.0-beta5/README.warning openssl-1.0.0-beta5/README ---- openssl-1.0.0-beta5/README.warning 2010-01-20 16:00:47.000000000 +0100 -+++ openssl-1.0.0-beta5/README 2010-01-21 09:06:11.000000000 +0100 -@@ -5,6 +5,35 @@ - Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson - All rights reserved. - -+ WARNING -+ ------- -+ -+ This version of OpenSSL is built in a way that supports operation in -+ the so called FIPS mode. Note though that the library as we build it -+ is not FIPS validated and the FIPS mode is present for testing purposes -+ only. -+ -+ This version also contains a few differences from the upstream code -+ some of which are: -+ * There are added changes forward ported from the upstream OpenSSL -+ 0.9.8 FIPS branch however the FIPS integrity verification check -+ is implemented differently from the upstream FIPS validated OpenSSL -+ module. It verifies HMAC-SHA256 checksum of the whole shared -+ libraries. For this reason the changes are ported to files in the -+ crypto directory and not in a separate fips subdirectory. Also -+ note that the FIPS integrity verification check requires unmodified -+ libcrypto and libssl shared library files which means that it will -+ fail if these files are modified for example by prelink. -+ * The module respects the kernel FIPS flag /proc/sys/crypto/fips and -+ tries to initialize the FIPS mode if it is set to 1 aborting if the -+ FIPS mode could not be initialized. It is also possible to force the -+ OpenSSL library to FIPS mode especially for debugging purposes by -+ setting the environment variable OPENSSL_FORCE_FIPS_MODE. -+ * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module -+ will not automatically load the built in compression method ZLIB -+ when initialized. Applications can still explicitely ask for ZLIB -+ compression method. -+ - DESCRIPTION - ----------- - diff --git a/openssl/patches/openssl-1.0.0-timezone.patch b/openssl/patches/openssl-1.0.0-timezone.patch deleted file mode 100644 index b1d6682..0000000 --- a/openssl/patches/openssl-1.0.0-timezone.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up openssl-1.0.0/Makefile.org.timezone openssl-1.0.0/Makefile.org ---- openssl-1.0.0/Makefile.org.timezone 2010-03-30 11:08:40.000000000 +0200 -+++ openssl-1.0.0/Makefile.org 2010-04-06 12:49:21.000000000 +0200 -@@ -609,7 +609,7 @@ install_docs: - sec=`$(PERL) util/extract-section.pl 1 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ -- sh -c "$$pod2man \ -+ sh -c "TZ=UTC $$pod2man \ - --section=$$sec --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ -@@ -626,7 +626,7 @@ install_docs: - sec=`$(PERL) util/extract-section.pl 3 < $$i`; \ - echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \ - (cd `$(PERL) util/dirname.pl $$i`; \ -- sh -c "$$pod2man \ -+ sh -c "TZ=UTC $$pod2man \ - --section=$$sec --center=OpenSSL \ - --release=$(VERSION) `basename $$i`") \ - > $(INSTALL_PREFIX)$(MANDIR)/man$$sec/$$fn.$${sec}$(MANSUFFIX); \ diff --git a/openssl/patches/openssl-1.0.0d-apps-dgst.patch b/openssl/patches/openssl-1.0.0d-apps-dgst.patch deleted file mode 100644 index da20481..0000000 --- a/openssl/patches/openssl-1.0.0d-apps-dgst.patch +++ /dev/null @@ -1,110 +0,0 @@ -diff -up openssl-1.0.0d/apps/ca.c.dgst openssl-1.0.0d/apps/ca.c ---- openssl-1.0.0d/apps/ca.c.dgst 2009-12-02 15:41:24.000000000 +0100 -+++ openssl-1.0.0d/apps/ca.c 2011-04-05 21:09:42.000000000 +0200 -@@ -157,7 +157,7 @@ static const char *ca_usage[]={ - " -startdate YYMMDDHHMMSSZ - certificate validity notBefore\n", - " -enddate YYMMDDHHMMSSZ - certificate validity notAfter (overrides -days)\n", - " -days arg - number of days to certify the certificate for\n", --" -md arg - md to use, one of md2, md5, sha or sha1\n", -+" -md arg - md to use, see openssl dgst -h for list\n", - " -policy arg - The CA 'policy' to support\n", - " -keyfile arg - private key file\n", - " -keyform arg - private key file format (PEM or ENGINE)\n", -diff -up openssl-1.0.0d/apps/enc.c.dgst openssl-1.0.0d/apps/enc.c ---- openssl-1.0.0d/apps/enc.c.dgst 2010-06-15 19:25:02.000000000 +0200 -+++ openssl-1.0.0d/apps/enc.c 2011-04-05 21:11:54.000000000 +0200 -@@ -302,7 +302,7 @@ bad: - BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k"); - BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile"); - BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md"); -- BIO_printf(bio_err,"%-14s from a passphrase. One of md2, md5, sha or sha1\n",""); -+ BIO_printf(bio_err,"%-14s from a passphrase. See openssl dgst -h for list.\n",""); - BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S"); - BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv"); - BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]"); -diff -up openssl-1.0.0d/apps/req.c.dgst openssl-1.0.0d/apps/req.c ---- openssl-1.0.0d/apps/req.c.dgst 2010-03-10 14:48:21.000000000 +0100 -+++ openssl-1.0.0d/apps/req.c 2011-04-05 21:12:33.000000000 +0200 -@@ -421,7 +421,7 @@ bad: - #ifndef OPENSSL_NO_ECDSA - BIO_printf(bio_err," -newkey ec:file generate a new EC key, parameters taken from CA in 'file'\n"); - #endif -- BIO_printf(bio_err," -[digest] Digest to sign with (md5, sha1, md2, mdc2, md4)\n"); -+ BIO_printf(bio_err," -[digest] Digest to sign with (see openssl dgst -h for list)\n"); - BIO_printf(bio_err," -config file request template file.\n"); - BIO_printf(bio_err," -subj arg set or modify request subject\n"); - BIO_printf(bio_err," -multivalue-rdn enable support for multivalued RDNs\n"); -diff -up openssl-1.0.0d/apps/ts.c.dgst openssl-1.0.0d/apps/ts.c ---- openssl-1.0.0d/apps/ts.c.dgst 2009-10-18 16:42:26.000000000 +0200 -+++ openssl-1.0.0d/apps/ts.c 2011-04-05 21:16:07.000000000 +0200 -@@ -368,7 +368,7 @@ int MAIN(int argc, char **argv) - BIO_printf(bio_err, "usage:\n" - "ts -query [-rand file%cfile%c...] [-config configfile] " - "[-data file_to_hash] [-digest digest_bytes]" -- "[-md2|-md4|-md5|-sha|-sha1|-mdc2|-ripemd160] " -+ "[-<hashalg>] " - "[-policy object_id] [-no_nonce] [-cert] " - "[-in request.tsq] [-out request.tsq] [-text]\n", - LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); -diff -up openssl-1.0.0d/apps/x509.c.dgst openssl-1.0.0d/apps/x509.c ---- openssl-1.0.0d/apps/x509.c.dgst 2011-04-05 21:13:42.000000000 +0200 -+++ openssl-1.0.0d/apps/x509.c 2011-04-05 21:13:17.000000000 +0200 -@@ -141,7 +141,7 @@ static const char *x509_usage[]={ - " -set_serial - serial number to use\n", - " -text - print the certificate in text form\n", - " -C - print out C code forms\n", --" -md2/-md5/-sha1/-mdc2 - digest to use\n", -+" -<dgst> - digest to use, see openssl dgst -h output for list\n", - " -extfile - configuration file with X509V3 extensions to add\n", - " -extensions - section from config file with X509V3 extensions to add\n", - " -clrext - delete extensions before signing and input certificate\n", -diff -up openssl-1.0.0d/doc/apps/ca.pod.dgst openssl-1.0.0d/doc/apps/ca.pod ---- openssl-1.0.0d/doc/apps/ca.pod.dgst 2009-04-10 13:25:53.000000000 +0200 -+++ openssl-1.0.0d/doc/apps/ca.pod 2011-04-05 21:16:39.000000000 +0200 -@@ -160,7 +160,8 @@ the number of days to certify the certif - =item B<-md alg> - - the message digest to use. Possible values include md5, sha1 and mdc2. --This option also applies to CRLs. -+For full list of digests see openssl dgst -h output. This option also -+applies to CRLs. - - =item B<-policy arg> - -diff -up openssl-1.0.0d/doc/apps/ocsp.pod.dgst openssl-1.0.0d/doc/apps/ocsp.pod ---- openssl-1.0.0d/doc/apps/ocsp.pod.dgst 2008-02-25 19:11:47.000000000 +0100 -+++ openssl-1.0.0d/doc/apps/ocsp.pod 2011-04-05 21:18:17.000000000 +0200 -@@ -210,7 +210,8 @@ check is not performed. - =item B<-md5|-sha1|-sha256|-ripemod160|...> - - this option sets digest algorithm to use for certificate identification --in the OCSP request. By default SHA-1 is used. -+in the OCSP request. By default SHA-1 is used. See openssl dgst -h output for -+the list of available algorithms. - - =back - -diff -up openssl-1.0.0d/doc/apps/req.pod.dgst openssl-1.0.0d/doc/apps/req.pod ---- openssl-1.0.0d/doc/apps/req.pod.dgst 2009-04-10 18:42:28.000000000 +0200 -+++ openssl-1.0.0d/doc/apps/req.pod 2011-04-05 21:20:47.000000000 +0200 -@@ -201,7 +201,8 @@ will not be encrypted. - - this specifies the message digest to sign the request with (such as - B<-md5>, B<-sha1>). This overrides the digest algorithm specified in --the configuration file. -+the configuration file. For full list of possible digests see openssl -+dgst -h output. - - Some public key algorithms may override this choice. For instance, DSA - signatures always use SHA1, GOST R 34.10 signatures always use -diff -up openssl-1.0.0d/doc/apps/x509.pod.dgst openssl-1.0.0d/doc/apps/x509.pod ---- openssl-1.0.0d/doc/apps/x509.pod.dgst 2010-01-12 18:27:11.000000000 +0100 -+++ openssl-1.0.0d/doc/apps/x509.pod 2011-04-05 21:19:56.000000000 +0200 -@@ -101,6 +101,7 @@ the digest to use. This affects any sign - digest, such as the B<-fingerprint>, B<-signkey> and B<-CA> options. If not - specified then SHA1 is used. If the key being used to sign with is a DSA key - then this option has no effect: SHA1 is always used with DSA keys. -+For full list of digests see openssl dgst -h output. - - =item B<-engine id> - diff --git a/openssl/patches/openssl-1.0.0d-xmpp-starttls.patch b/openssl/patches/openssl-1.0.0d-xmpp-starttls.patch deleted file mode 100644 index b3999cc..0000000 --- a/openssl/patches/openssl-1.0.0d-xmpp-starttls.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -ru openssl-1.0.0d.old/apps/s_client.c openssl-1.0.0d/apps/s_client.c ---- openssl-1.0.0d.old/apps/s_client.c 2011-07-17 21:05:19.934181169 +0200 -+++ openssl-1.0.0d/apps/s_client.c 2011-07-17 21:11:42.747824990 +0200 -@@ -1186,7 +1186,7 @@ - "xmlns='jabber:client' to='%s' version='1.0'>", host); - seen = BIO_read(sbio,mbuf,BUFSIZZ); - mbuf[seen] = 0; -- while (!strstr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) -+ while (!strcasestr(mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") && !strcasestr(mbuf, "<starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"")) - { - if (strstr(mbuf, "/stream:features>")) - goto shut; diff --git a/openssl/patches/openssl-1.0.0e-chil-fixes.patch b/openssl/patches/openssl-1.0.0e-chil-fixes.patch deleted file mode 100644 index 58a035f..0000000 --- a/openssl/patches/openssl-1.0.0e-chil-fixes.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up openssl-1.0.0e/engines/e_chil.c.chil openssl-1.0.0e/engines/e_chil.c ---- openssl-1.0.0e/engines/e_chil.c.chil 2010-06-15 19:25:12.000000000 +0200 -+++ openssl-1.0.0e/engines/e_chil.c 2011-09-21 17:32:03.000000000 +0200 -@@ -1261,6 +1261,11 @@ static int hwcrhk_insert_card(const char - UI *ui; - void *callback_data = NULL; - UI_METHOD *ui_method = NULL; -+ /* Despite what the documentation says prompt_info can be -+ * an empty string. -+ */ -+ if (prompt_info && !*prompt_info) -+ prompt_info = NULL; - - if (cactx) - { -@@ -1287,7 +1292,7 @@ static int hwcrhk_insert_card(const char - - if (ui) - { -- char answer; -+ char answer = '\0'; - char buf[BUFSIZ]; - /* Despite what the documentation says wrong_info can be - * an empty string. diff --git a/openssl/patches/openssl-1.0.0e-doc-noeof.patch b/openssl/patches/openssl-1.0.0e-doc-noeof.patch deleted file mode 100644 index 9686575..0000000 --- a/openssl/patches/openssl-1.0.0e-doc-noeof.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -up openssl-1.0.0e/doc/apps/s_client.pod.doc-noeof openssl-1.0.0e/doc/apps/s_client.pod ---- openssl-1.0.0e/doc/apps/s_client.pod.doc-noeof 2009-06-26 13:28:51.000000000 +0200 -+++ openssl-1.0.0e/doc/apps/s_client.pod 2011-11-03 08:30:35.000000000 +0100 -@@ -27,6 +27,7 @@ B<openssl> B<s_client> - [B<-nbio>] - [B<-crlf>] - [B<-ign_eof>] -+[B<-no_ign_eof>] - [B<-quiet>] - [B<-ssl2>] - [B<-ssl3>] -@@ -161,6 +162,11 @@ by some servers. - inhibit shutting down the connection when end of file is reached in the - input. - -+=item B<-no_ign_eof> -+ -+shut down the connection when end of file is reached in the -+input. Can be used to override the implicit B<-ign_eof> after B<-quiet>. -+ - =item B<-quiet> - - inhibit printing of session and certificate information. This implicitly diff --git a/openssl/patches/openssl-1.0.0f-defaults.patch b/openssl/patches/openssl-1.0.0f-defaults.patch deleted file mode 100644 index d20c7fc..0000000 --- a/openssl/patches/openssl-1.0.0f-defaults.patch +++ /dev/null @@ -1,44 +0,0 @@ -diff -up openssl-1.0.0f/apps/openssl.cnf.defaults openssl-1.0.0f/apps/openssl.cnf ---- openssl-1.0.0f/apps/openssl.cnf.defaults 2011-12-06 01:01:00.000000000 +0100 -+++ openssl-1.0.0f/apps/openssl.cnf 2012-01-05 13:16:15.000000000 +0100 -@@ -103,7 +103,8 @@ emailAddress = optional - - #################################################################### - [ req ] --default_bits = 1024 -+default_bits = 2048 -+default_md = sha1 - default_keyfile = privkey.pem - distinguished_name = req_distinguished_name - attributes = req_attributes -@@ -126,17 +127,18 @@ string_mask = utf8only - - [ req_distinguished_name ] - countryName = Country Name (2 letter code) --countryName_default = AU -+countryName_default = XX - countryName_min = 2 - countryName_max = 2 - - stateOrProvinceName = State or Province Name (full name) --stateOrProvinceName_default = Some-State -+#stateOrProvinceName_default = Default Province - - localityName = Locality Name (eg, city) -+localityName_default = Default City - - 0.organizationName = Organization Name (eg, company) --0.organizationName_default = Internet Widgits Pty Ltd -+0.organizationName_default = Default Company Ltd - - # we can do this but it is not needed normally :-) - #1.organizationName = Second Organization Name (eg, company) -@@ -145,7 +147,7 @@ localityName = Locality Name (eg, city - organizationalUnitName = Organizational Unit Name (eg, section) - #organizationalUnitName_default = - --commonName = Common Name (e.g. server FQDN or YOUR name) -+commonName = Common Name (eg, your name or your server's hostname) - commonName_max = 64 - - emailAddress = Email Address diff --git a/openssl/patches/openssl-1.0.1-beta2-build.patch b/openssl/patches/openssl-1.0.1-beta2-build.patch deleted file mode 100644 index 0a5cef1..0000000 --- a/openssl/patches/openssl-1.0.1-beta2-build.patch +++ /dev/null @@ -1,109 +0,0 @@ -diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure ---- openssl-1.0.1-beta2/Configure.rpmbuild 2012-01-05 01:07:34.000000000 +0100 -+++ openssl-1.0.1-beta2/Configure 2012-02-02 12:43:56.547409325 +0100 -@@ -343,23 +343,23 @@ my %table=( - #### - # *-generic* is endian-neutral target, but ./config is free to - # throw in -D[BL]_ENDIAN, whichever appropriate... --"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-generic32","gcc:-DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", -+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - # It's believed that majority of ARM toolchains predefine appropriate -march. - # If you compiler does not, do complement config command line with one! --"linux-armv4", "gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-armv4", "gcc:-DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - #### IA-32 targets... - "linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", - #### --"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", --"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-generic64","gcc:-DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", -+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", -+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", - "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", --"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", -+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", -+"linux64-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", - #### So called "highgprs" target for z/Architecture CPUs - # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see - # /proc/cpuinfo. The idea is to preserve most significant bits of -@@ -373,16 +373,16 @@ my %table=( - # ldconfig and run-time linker to autodiscover. Unfortunately it - # doesn't work just yet, because of couple of bugs in glibc - # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1... --"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn-s390x.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::/highgprs", -+"linux32-s390x", "gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn-s390x.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::/highgprs", - #### SPARC Linux setups - # Ray Miller ray.miller@computing-services.oxford.ac.uk has patiently - # assisted with debugging of following two configs. --"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - # it's a real mess with -mcpu=ultrasparc option under Linux, but - # -Wa,-Av8plus should do the trick no matter what. --"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - # GCC 3.1 is a requirement --"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", -+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", - #### Alpha Linux with GNU C and Compaq C setups - # Special notes: - # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you -@@ -396,8 +396,8 @@ my %table=( - # - # appro@fy.chalmers.se - # --"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", --"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", -+"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", -+"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", - "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}", - -@@ -1678,7 +1678,7 @@ while (<IN>) - elsif ($shared_extension ne "" && $shared_extension =~ /^.s([ol]).[^.]*.[^.]*$/) - { - my $sotmp = $1; -- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_MAJOR) .s$sotmp/; -+ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_SONAMEVER) .s$sotmp/; - } - elsif ($shared_extension ne "" && $shared_extension =~ /^.[^.]*.[^.]*.dylib$/) - { -diff -up openssl-1.0.1-beta2/Makefile.org.rpmbuild openssl-1.0.1-beta2/Makefile.org ---- openssl-1.0.1-beta2/Makefile.org.rpmbuild 2011-12-27 16:17:50.000000000 +0100 -+++ openssl-1.0.1-beta2/Makefile.org 2012-02-02 12:30:23.652495435 +0100 -@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY= - SHLIB_MAJOR= - SHLIB_MINOR= - SHLIB_EXT= -+SHLIB_SONAMEVER=10 - PLATFORM=dist - OPTIONS= - CONFIGURE_ARGS= -@@ -333,10 +334,9 @@ clean-shared: - link-shared: - @ set -e; for i in $(SHLIBDIRS); do \ - $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ -- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ -+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - symlink.$(SHLIB_TARGET); \ -- libs="$$libs -l$$i"; \ - done - - build-shared: do_$(SHLIB_TARGET) link-shared -@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET): - libs="$(LIBKRB5) $$libs"; \ - fi; \ - $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ -- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ -+ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ - LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ - LIBDEPS="$$libs $(EX_LIBS)" \ - link_a.$(SHLIB_TARGET); \ diff --git a/openssl/patches/openssl-1.0.1-beta2-dtls1-abi.patch b/openssl/patches/openssl-1.0.1-beta2-dtls1-abi.patch deleted file mode 100644 index 6a556be..0000000 --- a/openssl/patches/openssl-1.0.1-beta2-dtls1-abi.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -up openssl-1.0.1-beta2/ssl/dtls1.h.dtls1-abi openssl-1.0.1-beta2/ssl/dtls1.h ---- openssl-1.0.1-beta2/ssl/dtls1.h.dtls1-abi 2012-02-06 17:07:34.630336118 +0100 -+++ openssl-1.0.1-beta2/ssl/dtls1.h 2012-02-06 17:10:08.956623707 +0100 -@@ -222,9 +222,6 @@ typedef struct dtls1_state_st - */ - record_pqueue buffered_app_data; - -- /* Is set when listening for new connections with dtls1_listen() */ -- unsigned int listen; -- - unsigned int mtu; /* max DTLS packet size */ - - struct hm_header_st w_msg_hdr; -@@ -248,6 +245,9 @@ typedef struct dtls1_state_st - unsigned int retransmitting; - unsigned int change_cipher_spec_ok; - -+ /* Is set when listening for new connections with dtls1_listen() */ -+ unsigned int listen; -+ - #ifndef OPENSSL_NO_SCTP - /* used when SSL_ST_XX_FLUSH is entered */ - int next_state; diff --git a/openssl/patches/openssl-1.0.1-beta2-padlock64.patch b/openssl/patches/openssl-1.0.1-beta2-padlock64.patch deleted file mode 100644 index 4b7f7da..0000000 --- a/openssl/patches/openssl-1.0.1-beta2-padlock64.patch +++ /dev/null @@ -1,193 +0,0 @@ -diff -up openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 openssl-1.0.1-beta2/engines/e_padlock.c ---- openssl-1.0.1-beta2/engines/e_padlock.c.padlock64 2011-06-21 18:42:15.000000000 +0200 -+++ openssl-1.0.1-beta2/engines/e_padlock.c 2012-02-06 20:18:52.039537799 +0100 -@@ -101,7 +101,10 @@ - compiler choice is limited to GCC and Microsoft C. */ - #undef COMPILE_HW_PADLOCK - #if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM) --# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \ -+# if (defined(__GNUC__) && __GNUC__>=2 && \ -+ (defined(__i386__) || defined(__i386) || \ -+ defined(__x86_64__) || defined(__x86_64)) \ -+ ) || \ - (defined(_MSC_VER) && defined(_M_IX86)) - # define COMPILE_HW_PADLOCK - # endif -@@ -137,7 +140,7 @@ void ENGINE_load_padlock (void) - # endif - #elif defined(__GNUC__) - # ifndef alloca --# define alloca(s) __builtin_alloca(s) -+# define alloca(s) __builtin_alloca((s)) - # endif - #endif - -@@ -304,6 +307,7 @@ static volatile struct padlock_cipher_da - * ======================================================= - */ - #if defined(__GNUC__) && __GNUC__>=2 -+#if defined(__i386__) || defined(__i386) - /* - * As for excessive "push %ebx"/"pop %ebx" found all over. - * When generating position-independent code GCC won't let -@@ -383,21 +387,6 @@ padlock_available(void) - return padlock_use_ace + padlock_use_rng; - } - --#ifndef OPENSSL_NO_AES --/* Our own htonl()/ntohl() */ --static inline void --padlock_bswapl(AES_KEY *ks) --{ -- size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); -- unsigned int *key = ks->rd_key; -- -- while (i--) { -- asm volatile ("bswapl %0" : "+r"(*key)); -- key++; -- } --} --#endif -- - /* Force key reload from memory to the CPU microcode. - Loading EFLAGS from the stack clears EFLAGS[30] - which does the trick. */ -@@ -455,12 +444,127 @@ static inline void *name(size_t cnt, \ - : "edx", "cc", "memory"); \ - return iv; \ - } -+#endif -+ -+#elif defined(__x86_64__) || defined(__x86_64) -+ -+/* Load supported features of the CPU to see if -+ the PadLock is available. */ -+static int -+padlock_available(void) -+{ -+ char vendor_string[16]; -+ unsigned int eax, edx; - -+ /* Are we running on the Centaur (VIA) CPU? */ -+ eax = 0x00000000; -+ vendor_string[12] = 0; -+ asm volatile ( -+ "cpuid\n" -+ "movl %%ebx,(%1)\n" -+ "movl %%edx,4(%1)\n" -+ "movl %%ecx,8(%1)\n" -+ : "+a"(eax) : "r"(vendor_string) : "rbx", "rcx", "rdx"); -+ if (strcmp(vendor_string, "CentaurHauls") != 0) -+ return 0; -+ -+ /* Check for Centaur Extended Feature Flags presence */ -+ eax = 0xC0000000; -+ asm volatile ("cpuid" -+ : "+a"(eax) : : "rbx", "rcx", "rdx"); -+ if (eax < 0xC0000001) -+ return 0; -+ -+ /* Read the Centaur Extended Feature Flags */ -+ eax = 0xC0000001; -+ asm volatile ("cpuid" -+ : "+a"(eax), "=d"(edx) : : "rbx", "rcx"); -+ -+ /* Fill up some flags */ -+ padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6)); -+ padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2)); -+ -+ return padlock_use_ace + padlock_use_rng; -+} -+ -+/* Force key reload from memory to the CPU microcode. -+ Loading EFLAGS from the stack clears EFLAGS[30] -+ which does the trick. */ -+static inline void -+padlock_reload_key(void) -+{ -+ asm volatile ("pushfq; popfq"); -+} -+ -+#ifndef OPENSSL_NO_AES -+/* -+ * This is heuristic key context tracing. At first one -+ * believes that one should use atomic swap instructions, -+ * but it's not actually necessary. Point is that if -+ * padlock_saved_context was changed by another thread -+ * after we've read it and before we compare it with cdata, -+ * our key *shall* be reloaded upon thread context switch -+ * and we are therefore set in either case... -+ */ -+static inline void -+padlock_verify_context(struct padlock_cipher_data *cdata) -+{ -+ asm volatile ( -+ "pushfq\n" -+" btl $30,(%%rsp)\n" -+" jnc 1f\n" -+" cmpq %2,%1\n" -+" je 1f\n" -+" popfq\n" -+" subq $8,%%rsp\n" -+"1: addq $8,%%rsp\n" -+" movq %2,%0" -+ :"+m"(padlock_saved_context) -+ : "r"(padlock_saved_context), "r"(cdata) : "cc"); -+} -+ -+/* Template for padlock_xcrypt_* modes */ -+/* BIG FAT WARNING: -+ * The offsets used with 'leal' instructions -+ * describe items of the 'padlock_cipher_data' -+ * structure. -+ */ -+#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \ -+static inline void *name(size_t cnt, \ -+ struct padlock_cipher_data *cdata, \ -+ void *out, const void *inp) \ -+{ void *iv; \ -+ asm volatile ( "leaq 16(%0),%%rdx\n" \ -+ " leaq 32(%0),%%rbx\n" \ -+ rep_xcrypt "\n" \ -+ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \ -+ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \ -+ : "rbx", "rdx", "cc", "memory"); \ -+ return iv; \ -+} -+#endif -+ -+#endif /* cpu */ -+ -+#ifndef OPENSSL_NO_AES - /* Generate all functions with appropriate opcodes */ - PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8") /* rep xcryptecb */ - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0") /* rep xcryptcbc */ - PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0") /* rep xcryptcfb */ - PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8") /* rep xcryptofb */ -+ -+/* Our own htonl()/ntohl() */ -+static inline void -+padlock_bswapl(AES_KEY *ks) -+{ -+ size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]); -+ unsigned int *key = ks->rd_key; -+ -+ while (i--) { -+ asm volatile ("bswapl %0" : "+r"(*key)); -+ key++; -+ } -+} - #endif - - /* The RNG call itself */ -@@ -491,8 +595,8 @@ padlock_xstore(void *addr, unsigned int - static inline unsigned char * - padlock_memcpy(void *dst,const void *src,size_t n) - { -- long *d=dst; -- const long *s=src; -+ size_t *d=dst; -+ const size_t *s=src; - - n /= sizeof(*d); - do { *d++ = *s++; } while (--n); diff --git a/openssl/patches/openssl-1.0.1a-algo-doc.patch b/openssl/patches/openssl-1.0.1a-algo-doc.patch deleted file mode 100644 index c4aaa89..0000000 --- a/openssl/patches/openssl-1.0.1a-algo-doc.patch +++ /dev/null @@ -1,77 +0,0 @@ -diff -up openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod.algo-doc openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod ---- openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod.algo-doc 2012-04-11 00:28:22.000000000 +0200 -+++ openssl-1.0.1a/doc/crypto/EVP_DigestInit.pod 2012-04-20 09:14:01.865167011 +0200 -@@ -75,7 +75,7 @@ EVP_MD_CTX_create() allocates, initializ - - EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest - B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this --function. B<type> will typically be supplied by a functionsuch as EVP_sha1(). -+function. B<type> will typically be supplied by a function such as EVP_sha1(). - If B<impl> is NULL then the default implementation of digest B<type> is used. - - EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the -@@ -165,7 +165,8 @@ EVP_MD_size(), EVP_MD_block_size(), EVP_ - EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or block - size in bytes. - --EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(), -+EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), -+EVP_sha224(), EVP_sha256(), EVP_sha384(), EVP_sha512(), EVP_dss(), - EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the - corresponding EVP_MD structures. - -diff -up openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod.algo-doc openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod ---- openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod.algo-doc 2005-04-15 18:01:35.000000000 +0200 -+++ openssl-1.0.1a/doc/crypto/EVP_EncryptInit.pod 2012-04-20 09:10:59.114736465 +0200 -@@ -91,6 +91,32 @@ EVP_CIPHER_CTX_set_padding - EVP cipher - int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); - -+ const EVP_CIPHER *EVP_des_ede3(void); -+ const EVP_CIPHER *EVP_des_ede3_ecb(void); -+ const EVP_CIPHER *EVP_des_ede3_cfb64(void); -+ const EVP_CIPHER *EVP_des_ede3_cfb1(void); -+ const EVP_CIPHER *EVP_des_ede3_cfb8(void); -+ const EVP_CIPHER *EVP_des_ede3_ofb(void); -+ const EVP_CIPHER *EVP_des_ede3_cbc(void); -+ const EVP_CIPHER *EVP_aes_128_ecb(void); -+ const EVP_CIPHER *EVP_aes_128_cbc(void); -+ const EVP_CIPHER *EVP_aes_128_cfb1(void); -+ const EVP_CIPHER *EVP_aes_128_cfb8(void); -+ const EVP_CIPHER *EVP_aes_128_cfb128(void); -+ const EVP_CIPHER *EVP_aes_128_ofb(void); -+ const EVP_CIPHER *EVP_aes_192_ecb(void); -+ const EVP_CIPHER *EVP_aes_192_cbc(void); -+ const EVP_CIPHER *EVP_aes_192_cfb1(void); -+ const EVP_CIPHER *EVP_aes_192_cfb8(void); -+ const EVP_CIPHER *EVP_aes_192_cfb128(void); -+ const EVP_CIPHER *EVP_aes_192_ofb(void); -+ const EVP_CIPHER *EVP_aes_256_ecb(void); -+ const EVP_CIPHER *EVP_aes_256_cbc(void); -+ const EVP_CIPHER *EVP_aes_256_cfb1(void); -+ const EVP_CIPHER *EVP_aes_256_cfb8(void); -+ const EVP_CIPHER *EVP_aes_256_cfb128(void); -+ const EVP_CIPHER *EVP_aes_256_ofb(void); -+ - =head1 DESCRIPTION - - The EVP cipher routines are a high level interface to certain -@@ -297,6 +323,18 @@ Three key triple DES in CBC, ECB, CFB an - - DESX algorithm in CBC mode. - -+=item EVP_aes_128_cbc(void), EVP_aes_128_ecb(), EVP_aes_128_ofb(void), EVP_aes_128_cfb1(void), EVP_aes_128_cfb8(void), EVP_aes_128_cfb128(void) -+ -+AES with 128 bit key length in CBC, ECB, OFB and CFB modes respectively. -+ -+=item EVP_aes_192_cbc(void), EVP_aes_192_ecb(), EVP_aes_192_ofb(void), EVP_aes_192_cfb1(void), EVP_aes_192_cfb8(void), EVP_aes_192_cfb128(void) -+ -+AES with 192 bit key length in CBC, ECB, OFB and CFB modes respectively. -+ -+=item EVP_aes_256_cbc(void), EVP_aes_256_ecb(), EVP_aes_256_ofb(void), EVP_aes_256_cfb1(void), EVP_aes_256_cfb8(void), EVP_aes_256_cfb128(void) -+ -+AES with 256 bit key length in CBC, ECB, OFB and CFB modes respectively. -+ - =item EVP_rc4(void) - - RC4 stream cipher. This is a variable key length cipher with default key length 128 bits. diff --git a/openssl/patches/openssl-1.0.1e-env-zlib.patch b/openssl/patches/openssl-1.0.1e-env-zlib.patch deleted file mode 100644 index b702acb..0000000 --- a/openssl/patches/openssl-1.0.1e-env-zlib.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod ---- openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.env-zlib 2013-02-11 16:02:48.000000000 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-02-19 16:32:51.000000000 +0100 -@@ -47,6 +47,13 @@ Once the identities of the compression m - been standardized, the compression API will most likely be changed. Using - it in the current state is not recommended. - -+It is also not recommended to use compression if data transfered contain -+untrusted parts that can be manipulated by an attacker as he could then -+get information about the encrypted data. See the CRIME attack. For -+that reason the default loading of the zlib compression method is -+disabled and enabled only if the environment variable B<OPENSSL_DEFAULT_ZLIB> -+is present during the library initialization. -+ - =head1 RETURN VALUES - - SSL_COMP_add_compression_method() may return the following values: -diff -up openssl-1.0.1e/ssl/ssl_ciph.c.env-zlib openssl-1.0.1e/ssl/ssl_ciph.c ---- openssl-1.0.1e/ssl/ssl_ciph.c.env-zlib 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/ssl/ssl_ciph.c 2013-02-19 16:37:36.163545085 +0100 -@@ -140,6 +140,8 @@ - * OTHERWISE. - */ - -+/* for secure_getenv */ -+#define _GNU_SOURCE - #include <stdio.h> - #include <openssl/objects.h> - #ifndef OPENSSL_NO_COMP -@@ -455,7 +457,7 @@ static void load_builtin_compressions(vo - - MemCheck_off(); - ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); -- if (ssl_comp_methods != NULL) -+ if (ssl_comp_methods != NULL && secure_getenv("OPENSSL_DEFAULT_ZLIB") != NULL) - { - comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); - if (comp != NULL) diff --git a/openssl/patches/openssl-1.0.1e-issuer-hash.patch b/openssl/patches/openssl-1.0.1e-issuer-hash.patch deleted file mode 100644 index 0f3bfdb..0000000 --- a/openssl/patches/openssl-1.0.1e-issuer-hash.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up openssl-1.0.1e/crypto/x509/x509_cmp.c.issuer-hash openssl-1.0.1e/crypto/x509/x509_cmp.c ---- openssl-1.0.1e/crypto/x509/x509_cmp.c.issuer-hash 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/crypto/x509/x509_cmp.c 2013-02-19 12:46:11.315788592 +0100 -@@ -85,6 +85,7 @@ unsigned long X509_issuer_and_serial_has - char *f; - - EVP_MD_CTX_init(&ctx); -+ EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - f=X509_NAME_oneline(a->cert_info->issuer,NULL,0); - if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL)) - goto err; diff --git a/openssl/patches/openssl-1.0.1e-ssl2-no-ec.patch b/openssl/patches/openssl-1.0.1e-ssl2-no-ec.patch deleted file mode 100644 index 81ad472..0000000 --- a/openssl/patches/openssl-1.0.1e-ssl2-no-ec.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff -up openssl-1.0.1e/ssl/s23_lib.c.ssl2noec openssl-1.0.1e/ssl/s23_lib.c ---- openssl-1.0.1e/ssl/s23_lib.c.ssl2noec 2013-02-11 16:26:04.000000000 +0100 -+++ openssl-1.0.1e/ssl/s23_lib.c 2014-05-06 15:51:54.053293674 +0200 -@@ -107,6 +107,13 @@ int ssl23_put_cipher_by_char(const SSL_C - long l; - - /* We can write SSLv2 and SSLv3 ciphers */ -+ /* but no ECC ciphers */ -+ if (c->algorithm_mkey == SSL_kECDHr || -+ c->algorithm_mkey == SSL_kECDHe || -+ c->algorithm_mkey == SSL_kEECDH || -+ c->algorithm_auth == SSL_aECDH || -+ c->algorithm_auth == SSL_aECDSA) -+ return 0; - if (p != NULL) - { - l=c->id; diff --git a/openssl/patches/openssl-1.0.1e-version.patch b/openssl/patches/openssl-1.0.1e-version.patch deleted file mode 100644 index e73f2c9..0000000 --- a/openssl/patches/openssl-1.0.1e-version.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -up openssl-1.0.1e/crypto/cversion.c.version openssl-1.0.1e/crypto/cversion.c ---- openssl-1.0.1e/crypto/cversion.c.version 2013-02-11 16:02:47.000000000 +0100 -+++ openssl-1.0.1e/crypto/cversion.c 2013-07-26 12:28:12.739161925 +0200 -@@ -62,7 +62,7 @@ - #include "buildinf.h" - #endif - --const char *SSLeay_version(int t) -+const char *_current_SSLeay_version(int t) - { - if (t == SSLEAY_VERSION) - return OPENSSL_VERSION_TEXT; -@@ -110,8 +110,25 @@ const char *SSLeay_version(int t) - return("not available"); - } - --unsigned long SSLeay(void) -+const char *_original_SSLeay_version(int t) -+ { -+ if (t == SSLEAY_VERSION) -+ return "OpenSSL 1.0.0-fips 29 Mar 2010"; -+ else -+ return _current_SSLeay_version(t); -+ } -+ -+unsigned long _original_SSLeay(void) -+ { -+ return(0x10000003); -+ } -+ -+unsigned long _current_SSLeay(void) - { - return(SSLEAY_VERSION_NUMBER); - } - -+__asm__(".symver _original_SSLeay,SSLeay@"); -+__asm__(".symver _original_SSLeay_version,SSLeay_version@"); -+__asm__(".symver _current_SSLeay,SSLeay@@OPENSSL_1.0.1"); -+__asm__(".symver _current_SSLeay_version,SSLeay_version@@OPENSSL_1.0.1"); -diff -up openssl-1.0.1e/Makefile.shared.version openssl-1.0.1e/Makefile.shared ---- openssl-1.0.1e/Makefile.shared.version 2013-07-26 12:23:43.615545603 +0200 -+++ openssl-1.0.1e/Makefile.shared 2013-07-26 12:23:43.701547398 +0200 -@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ - SHLIB_SUFFIX=; \ - ALLSYMSFLAGS='-Wl,--whole-archive'; \ - NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ -- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" -+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--default-symver,--version-script=version.map -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" - - DO_GNU_APP=LDFLAGS="$(CFLAGS)" - -diff -up openssl-1.0.1e/version.map.version openssl-1.0.1e/version.map ---- openssl-1.0.1e/version.map.version 2013-07-26 12:23:43.701547398 +0200 -+++ openssl-1.0.1e/version.map 2013-07-26 12:29:10.698371472 +0200 -@@ -0,0 +1,8 @@ -+OPENSSL_1.0.1 { -+ global: -+ SSLeay; -+ SSLeay_version; -+ local: -+ _original*; -+ _current*; -+}; diff --git a/openssl/patches/openssl-1.0.1g-3des-strength.patch b/openssl/patches/openssl-1.0.1g-3des-strength.patch deleted file mode 100644 index aec054d..0000000 --- a/openssl/patches/openssl-1.0.1g-3des-strength.patch +++ /dev/null @@ -1,168 +0,0 @@ -diff -up openssl-1.0.1g/ssl/s2_lib.c.3des-strength openssl-1.0.1g/ssl/s2_lib.c ---- openssl-1.0.1g/ssl/s2_lib.c.3des-strength 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/ssl/s2_lib.c 2014-05-06 16:33:45.646358418 +0200 -@@ -250,7 +250,7 @@ OPENSSL_GLOBAL const SSL_CIPHER ssl2_cip - SSL_SSLV2, - SSL_NOT_EXP|SSL_HIGH, - 0, -- 168, -+ 128, - 168, - }, - -diff -up openssl-1.0.1g/ssl/s3_lib.c.3des-strength openssl-1.0.1g/ssl/s3_lib.c ---- openssl-1.0.1g/ssl/s3_lib.c.3des-strength 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/ssl/s3_lib.c 2014-05-06 16:38:05.887374872 +0200 -@@ -328,7 +328,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -377,7 +377,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -425,7 +425,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -474,7 +474,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -522,7 +522,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -602,7 +602,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -687,7 +687,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -751,7 +751,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_SSLV3, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -1685,7 +1685,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -2062,7 +2062,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -2142,7 +2142,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -2222,7 +2222,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -2302,7 +2302,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -2382,7 +2382,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH|SSL_FIPS, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -2432,7 +2432,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -2448,7 +2448,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - -@@ -2464,7 +2464,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] - SSL_TLSV1, - SSL_NOT_EXP|SSL_HIGH, - SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF, -- 168, -+ 128, - 168, - }, - diff --git a/openssl/patches/openssl-1.0.1h-ipv6-apps.patch b/openssl/patches/openssl-1.0.1h-ipv6-apps.patch deleted file mode 100644 index db6b543..0000000 --- a/openssl/patches/openssl-1.0.1h-ipv6-apps.patch +++ /dev/null @@ -1,529 +0,0 @@ -diff -up openssl-1.0.1h/apps/s_apps.h.ipv6-apps openssl-1.0.1h/apps/s_apps.h ---- openssl-1.0.1h/apps/s_apps.h.ipv6-apps 2014-06-05 14:33:38.515668750 +0200 -+++ openssl-1.0.1h/apps/s_apps.h 2014-06-05 14:33:38.540669335 +0200 -@@ -148,7 +148,7 @@ typedef fd_mask fd_set; - #define PORT_STR "4433" - #define PROTOCOL "tcp" - --int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); -+int do_server(char *port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context); - #ifdef HEADER_X509_H - int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx); - #endif -@@ -156,10 +156,9 @@ int MS_CALLBACK verify_callback(int ok, - int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file); - int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key); - #endif --int init_client(int *sock, char *server, int port, int type); -+int init_client(int *sock, char *server, char *port, int type); - int should_retry(int i); --int extract_port(char *str, short *port_ptr); --int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p); -+int extract_host_port(char *str,char **host_ptr,char **port_ptr); - - long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp, - int argi, long argl, long ret); -diff -up openssl-1.0.1h/apps/s_client.c.ipv6-apps openssl-1.0.1h/apps/s_client.c ---- openssl-1.0.1h/apps/s_client.c.ipv6-apps 2014-06-05 14:33:38.533669171 +0200 -+++ openssl-1.0.1h/apps/s_client.c 2014-06-05 14:33:38.540669335 +0200 -@@ -567,7 +567,7 @@ int MAIN(int argc, char **argv) - int cbuf_len,cbuf_off; - int sbuf_len,sbuf_off; - fd_set readfds,writefds; -- short port=PORT; -+ char *port_str = PORT_STR; - int full_log=1; - char *host=SSL_HOST_NAME; - char *cert_file=NULL,*key_file=NULL; -@@ -668,13 +668,12 @@ int MAIN(int argc, char **argv) - else if (strcmp(*argv,"-port") == 0) - { - if (--argc < 1) goto bad; -- port=atoi(*(++argv)); -- if (port == 0) goto bad; -+ port_str= *(++argv); - } - else if (strcmp(*argv,"-connect") == 0) - { - if (--argc < 1) goto bad; -- if (!extract_host_port(*(++argv),&host,NULL,&port)) -+ if (!extract_host_port(*(++argv),&host,&port_str)) - goto bad; - } - else if (strcmp(*argv,"-verify") == 0) -@@ -1267,7 +1266,7 @@ bad: - - re_start: - -- if (init_client(&s,host,port,socket_type) == 0) -+ if (init_client(&s,host,port_str,socket_type) == 0) - { - BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error()); - SHUTDOWN(s); -diff -up openssl-1.0.1h/apps/s_server.c.ipv6-apps openssl-1.0.1h/apps/s_server.c ---- openssl-1.0.1h/apps/s_server.c.ipv6-apps 2014-06-05 14:33:38.533669171 +0200 -+++ openssl-1.0.1h/apps/s_server.c 2014-06-05 14:33:38.541669358 +0200 -@@ -933,7 +933,7 @@ int MAIN(int argc, char *argv[]) - { - X509_VERIFY_PARAM *vpm = NULL; - int badarg = 0; -- short port=PORT; -+ char *port_str = PORT_STR; - char *CApath=NULL,*CAfile=NULL; - unsigned char *context = NULL; - char *dhfile = NULL; -@@ -1004,8 +1004,7 @@ int MAIN(int argc, char *argv[]) - (strcmp(*argv,"-accept") == 0)) - { - if (--argc < 1) goto bad; -- if (!extract_port(*(++argv),&port)) -- goto bad; -+ port_str= *(++argv); - } - else if (strcmp(*argv,"-verify") == 0) - { -@@ -1892,9 +1891,9 @@ bad: - BIO_printf(bio_s_out,"ACCEPT\n"); - (void)BIO_flush(bio_s_out); - if (www) -- do_server(port,socket_type,&accept_socket,www_body, context); -+ do_server(port_str,socket_type,&accept_socket,www_body, context); - else -- do_server(port,socket_type,&accept_socket,sv_body, context); -+ do_server(port_str,socket_type,&accept_socket,sv_body, context); - print_stats(bio_s_out,ctx); - ret=0; - end: -diff -up openssl-1.0.1h/apps/s_socket.c.ipv6-apps openssl-1.0.1h/apps/s_socket.c ---- openssl-1.0.1h/apps/s_socket.c.ipv6-apps 2014-06-05 11:44:33.000000000 +0200 -+++ openssl-1.0.1h/apps/s_socket.c 2014-06-05 14:39:53.226442195 +0200 -@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha - static void ssl_sock_cleanup(void); - #endif - static int ssl_sock_init(void); --static int init_client_ip(int *sock,unsigned char ip[4], int port, int type); --static int init_server(int *sock, int port, int type); --static int init_server_long(int *sock, int port,char *ip, int type); -+static int init_server(int *sock, char *port, int type); - static int do_accept(int acc_sock, int *sock, char **host); - static int host_ip(char *str, unsigned char ip[4]); - -@@ -234,57 +232,71 @@ static int ssl_sock_init(void) - return(1); - } - --int init_client(int *sock, char *host, int port, int type) -+int init_client(int *sock, char *host, char *port, int type) - { -- unsigned char ip[4]; -- -- memset(ip, '\0', sizeof ip); -- if (!host_ip(host,&(ip[0]))) -- return 0; -- return init_client_ip(sock,ip,port,type); -- } -- --static int init_client_ip(int *sock, unsigned char ip[4], int port, int type) -- { -- unsigned long addr; -- struct sockaddr_in them; -- int s,i; -+ struct addrinfo *res, *res0, hints; -+ char * failed_call = NULL; -+ int s; -+ int e; - - if (!ssl_sock_init()) return(0); - -- memset((char *)&them,0,sizeof(them)); -- them.sin_family=AF_INET; -- them.sin_port=htons((unsigned short)port); -- addr=(unsigned long) -- ((unsigned long)ip[0]<<24L)| -- ((unsigned long)ip[1]<<16L)| -- ((unsigned long)ip[2]<< 8L)| -- ((unsigned long)ip[3]); -- them.sin_addr.s_addr=htonl(addr); -- -- if (type == SOCK_STREAM) -- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); -- else /* ( type == SOCK_DGRAM) */ -- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP); -- -- if (s == INVALID_SOCKET) { perror("socket"); return(0); } -+ memset(&hints, '\0', sizeof(hints)); -+ hints.ai_socktype = type; -+ hints.ai_flags = AI_ADDRCONFIG; -+ -+ e = getaddrinfo(host, port, &hints, &res); -+ if (e) -+ { -+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e)); -+ if (e == EAI_SYSTEM) -+ perror("getaddrinfo"); -+ return (0); -+ } - -+ res0 = res; -+ while (res) -+ { -+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); -+ if (s == INVALID_SOCKET) -+ { -+ failed_call = "socket"; -+ goto nextres; -+ } - #if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) - if (type == SOCK_STREAM) - { -- i=0; -- i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); -- if (i < 0) { closesocket(s); perror("keepalive"); return(0); } -+ int i=0; -+ i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE, -+ (char *)&i,sizeof(i)); -+ if (i < 0) { -+ failed_call = "keepalive"; -+ goto nextres; -+ } - } - #endif -- -- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1) -- { closesocket(s); perror("connect"); return(0); } -+ if (connect(s,(struct sockaddr *)res->ai_addr, -+ res->ai_addrlen) == 0) -+ { -+ freeaddrinfo(res0); - *sock=s; - return(1); - } - --int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) -+ failed_call = "socket"; -+nextres: -+ if (s != INVALID_SOCKET) -+ close(s); -+ res = res->ai_next; -+ } -+ freeaddrinfo(res0); -+ closesocket(s); -+ -+ perror(failed_call); -+ return(0); -+ } -+ -+int do_server(char *port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context) - { - int sock; - char *name = NULL; -@@ -322,33 +334,50 @@ int do_server(int port, int type, int *r - } - } - --static int init_server_long(int *sock, int port, char *ip, int type) -+static int init_server(int *sock, char *port, int type) - { -- int ret=0; -- struct sockaddr_in server; -- int s= -1; -+ struct addrinfo *res, *res0 = NULL, hints; -+ char * failed_call = NULL; -+ int s = INVALID_SOCKET; -+ int e; - - if (!ssl_sock_init()) return(0); - -- memset((char *)&server,0,sizeof(server)); -- server.sin_family=AF_INET; -- server.sin_port=htons((unsigned short)port); -- if (ip == NULL) -- server.sin_addr.s_addr=INADDR_ANY; -- else --/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */ --#ifndef BIT_FIELD_LIMITS -- memcpy(&server.sin_addr.s_addr,ip,4); --#else -- memcpy(&server.sin_addr,ip,4); --#endif -+ memset(&hints, '\0', sizeof(hints)); -+ hints.ai_family = AF_INET6; -+tryipv4: -+ hints.ai_socktype = type; -+ hints.ai_flags = AI_PASSIVE; - -- if (type == SOCK_STREAM) -- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); -- else /* type == SOCK_DGRAM */ -- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP); -+ e = getaddrinfo(NULL, port, &hints, &res); -+ if (e) -+ { -+ if (hints.ai_family == AF_INET) -+ { -+ fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(e)); -+ if (e == EAI_SYSTEM) -+ perror("getaddrinfo"); -+ return (0); -+ } -+ else -+ res = NULL; -+ } - -- if (s == INVALID_SOCKET) goto err; -+ res0 = res; -+ while (res) -+ { -+ s = socket(res->ai_family, res->ai_socktype, res->ai_protocol); -+ if (s == INVALID_SOCKET) -+ { -+ failed_call = "socket"; -+ goto nextres; -+ } -+ if (hints.ai_family == AF_INET6) -+ { -+ int j = 0; -+ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, -+ (void *) &j, sizeof j); -+ } - #if defined SOL_SOCKET && defined SO_REUSEADDR - { - int j = 1; -@@ -356,35 +385,49 @@ static int init_server_long(int *sock, i - (void *) &j, sizeof j); - } - #endif -- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) -+ -+ if (bind(s,(struct sockaddr *)res->ai_addr, res->ai_addrlen) == -1) - { --#ifndef OPENSSL_SYS_WINDOWS -- perror("bind"); --#endif -- goto err; -+ failed_call = "bind"; -+ goto nextres; - } -- /* Make it 128 for linux */ -- if (type==SOCK_STREAM && listen(s,128) == -1) goto err; -- *sock=s; -- ret=1; --err: -- if ((ret == 0) && (s != -1)) -+ if (type==SOCK_STREAM && listen(s,128) == -1) - { -- SHUTDOWN(s); -+ failed_call = "listen"; -+ goto nextres; - } -- return(ret); -+ -+ *sock=s; -+ return(1); -+ -+nextres: -+ if (s != INVALID_SOCKET) -+ close(s); -+ res = res->ai_next; - } -+ if (res0) -+ freeaddrinfo(res0); - --static int init_server(int *sock, int port, int type) -+ if (s == INVALID_SOCKET) - { -- return(init_server_long(sock, port, NULL, type)); -+ if (hints.ai_family == AF_INET6) -+ { -+ hints.ai_family = AF_INET; -+ goto tryipv4; -+ } -+ perror("socket"); -+ return(0); -+ } -+ -+ perror(failed_call); -+ return(0); - } - - static int do_accept(int acc_sock, int *sock, char **host) - { -+ static struct sockaddr_storage from; -+ char buffer[NI_MAXHOST]; - int ret; -- struct hostent *h1,*h2; -- static struct sockaddr_in from; - int len; - /* struct linger ling; */ - -@@ -424,145 +467,66 @@ redoit: - ling.l_onoff=1; - ling.l_linger=0; - i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling)); -- if (i < 0) { perror("linger"); return(0); } -+ if (i < 0) { closesocket(ret); perror("linger"); return(0); } - i=0; - i=setsockopt(ret,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); -- if (i < 0) { perror("keepalive"); return(0); } -+ if (i < 0) { closesocket(ret); perror("keepalive"); return(0); } - */ - - if (host == NULL) goto end; --#ifndef BIT_FIELD_LIMITS -- /* I should use WSAAsyncGetHostByName() under windows */ -- h1=gethostbyaddr((char *)&from.sin_addr.s_addr, -- sizeof(from.sin_addr.s_addr),AF_INET); --#else -- h1=gethostbyaddr((char *)&from.sin_addr, -- sizeof(struct in_addr),AF_INET); --#endif -- if (h1 == NULL) -+ -+ if (getnameinfo((struct sockaddr *)&from, sizeof(from), -+ buffer, sizeof(buffer), -+ NULL, 0, 0)) - { -- BIO_printf(bio_err,"bad gethostbyaddr\n"); -+ BIO_printf(bio_err,"getnameinfo failed\n"); - *host=NULL; - /* return(0); */ - } - else - { -- if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL) -+ if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL) - { - perror("OPENSSL_malloc"); - closesocket(ret); - return(0); - } -- BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1); -- -- h2=GetHostByName(*host); -- if (h2 == NULL) -- { -- BIO_printf(bio_err,"gethostbyname failure\n"); -- closesocket(ret); -- return(0); -- } -- if (h2->h_addrtype != AF_INET) -- { -- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); -- closesocket(ret); -- return(0); -- } -+ strcpy(*host, buffer); - } - end: - *sock=ret; - return(1); - } - --int extract_host_port(char *str, char **host_ptr, unsigned char *ip, -- short *port_ptr) -+int extract_host_port(char *str, char **host_ptr, -+ char **port_ptr) - { -- char *h,*p; -+ char *h,*p,*x; - -- h=str; -- p=strchr(str,':'); -+ x=h=str; -+ if (*h == '[') -+ { -+ h++; -+ p=strchr(h,']'); - if (p == NULL) - { -- BIO_printf(bio_err,"no port defined\n"); -+ BIO_printf(bio_err,"no ending bracket for IPv6 address\n"); - return(0); - } - *(p++)='\0'; -- -- if ((ip != NULL) && !host_ip(str,ip)) -- goto err; -- if (host_ptr != NULL) *host_ptr=h; -- -- if (!extract_port(p,port_ptr)) -- goto err; -- return(1); --err: -- return(0); -+ x = p; - } -- --static int host_ip(char *str, unsigned char ip[4]) -- { -- unsigned int in[4]; -- int i; -- -- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4) -- { -- for (i=0; i<4; i++) -- if (in[i] > 255) -- { -- BIO_printf(bio_err,"invalid IP address\n"); -- goto err; -- } -- ip[0]=in[0]; -- ip[1]=in[1]; -- ip[2]=in[2]; -- ip[3]=in[3]; -- } -- else -- { /* do a gethostbyname */ -- struct hostent *he; -- -- if (!ssl_sock_init()) return(0); -- -- he=GetHostByName(str); -- if (he == NULL) -- { -- BIO_printf(bio_err,"gethostbyname failure\n"); -- goto err; -- } -- /* cast to short because of win16 winsock definition */ -- if ((short)he->h_addrtype != AF_INET) -+ p=strchr(x,':'); -+ if (p == NULL) - { -- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n"); -- return(0); -- } -- ip[0]=he->h_addr_list[0][0]; -- ip[1]=he->h_addr_list[0][1]; -- ip[2]=he->h_addr_list[0][2]; -- ip[3]=he->h_addr_list[0][3]; -- } -- return(1); --err: -+ BIO_printf(bio_err,"no port defined\n"); - return(0); - } -+ *(p++)='\0'; - --int extract_port(char *str, short *port_ptr) -- { -- int i; -- struct servent *s; -+ if (host_ptr != NULL) *host_ptr=h; -+ if (port_ptr != NULL) *port_ptr=p; - -- i=atoi(str); -- if (i != 0) -- *port_ptr=(unsigned short)i; -- else -- { -- s=getservbyname(str,"tcp"); -- if (s == NULL) -- { -- BIO_printf(bio_err,"getservbyname failure for %s\n",str); -- return(0); -- } -- *port_ptr=ntohs((unsigned short)s->s_port); -- } - return(1); - } - diff --git a/openssl/patches/openssl-1.0.1h-manfix.patch b/openssl/patches/openssl-1.0.1h-manfix.patch deleted file mode 100644 index 836f58f..0000000 --- a/openssl/patches/openssl-1.0.1h-manfix.patch +++ /dev/null @@ -1,135 +0,0 @@ -diff -up openssl-1.0.1h/doc/apps/ec.pod.manfix openssl-1.0.1h/doc/apps/ec.pod ---- openssl-1.0.1h/doc/apps/ec.pod.manfix 2014-06-05 11:41:31.000000000 +0200 -+++ openssl-1.0.1h/doc/apps/ec.pod 2014-06-05 14:41:11.501274915 +0200 -@@ -93,10 +93,6 @@ prints out the public, private key compo - - this option prevents output of the encoded version of the key. - --=item B<-modulus> -- --this option prints out the value of the public key component of the key. -- - =item B<-pubin> - - by default a private key is read from the input file: with this option a -diff -up openssl-1.0.1h/doc/apps/openssl.pod.manfix openssl-1.0.1h/doc/apps/openssl.pod ---- openssl-1.0.1h/doc/apps/openssl.pod.manfix 2014-06-05 11:41:31.000000000 +0200 -+++ openssl-1.0.1h/doc/apps/openssl.pod 2014-06-05 14:41:11.501274915 +0200 -@@ -163,7 +163,7 @@ Create or examine a netscape certificate - - Online Certificate Status Protocol utility. - --=item L<B<passwd>|passwd(1)> -+=item L<B<passwd>|sslpasswd(1)> - - Generation of hashed passwords. - -@@ -187,7 +187,7 @@ Public key algorithm parameter managemen - - Public key algorithm cryptographic operation utility. - --=item L<B<rand>|rand(1)> -+=item L<B<rand>|sslrand(1)> - - Generate pseudo-random bytes. - -@@ -401,9 +401,9 @@ L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkc - L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>, - L<enc(1)|enc(1)>, L<gendsa(1)|gendsa(1)>, L<genpkey(1)|genpkey(1)>, - L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>, --L<passwd(1)|passwd(1)>, -+L<sslpasswd(1)|sslpasswd(1)>, - L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>, --L<rand(1)|rand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, -+L<sslrand(1)|sslrand(1)>, L<req(1)|req(1)>, L<rsa(1)|rsa(1)>, - L<rsautl(1)|rsautl(1)>, L<s_client(1)|s_client(1)>, - L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>, - L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>, -diff -up openssl-1.0.1h/doc/apps/s_client.pod.manfix openssl-1.0.1h/doc/apps/s_client.pod ---- openssl-1.0.1h/doc/apps/s_client.pod.manfix 2014-06-05 14:41:11.445273605 +0200 -+++ openssl-1.0.1h/doc/apps/s_client.pod 2014-06-05 14:41:11.501274915 +0200 -@@ -33,9 +33,14 @@ B<openssl> B<s_client> - [B<-ssl2>] - [B<-ssl3>] - [B<-tls1>] -+[B<-tls1_1>] -+[B<-tls1_2>] -+[B<-dtls1>] - [B<-no_ssl2>] - [B<-no_ssl3>] - [B<-no_tls1>] -+[B<-no_tls1_1>] -+[B<-no_tls1_2>] - [B<-bugs>] - [B<-cipher cipherlist>] - [B<-starttls protocol>] -@@ -45,6 +50,7 @@ B<openssl> B<s_client> - [B<-sess_out filename>] - [B<-sess_in filename>] - [B<-rand file(s)>] -+[B<-nextprotoneg protocols>] - - =head1 DESCRIPTION - -@@ -188,7 +194,7 @@ Use the PSK key B<key> when using a PSK - given as a hexadecimal number without leading 0x, for example -psk - 1a2b3c4d. - --=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> -+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> - - these options disable the use of certain SSL or TLS protocols. By default - the initial handshake uses a method which should be compatible with all -@@ -249,6 +255,17 @@ Multiple files can be specified separate - The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for - all others. - -+=item B<-nextprotoneg protocols> -+ -+enable Next Protocol Negotiation TLS extension and provide a list of -+comma-separated protocol names that the client should advertise -+support for. The list should contain most wanted protocols first. -+Protocol names are printable ASCII strings, for example "http/1.1" or -+"spdy/3". -+Empty list of protocols is treated specially and will cause the client to -+advertise support for the TLS extension but disconnect just after -+reciving ServerHello with a list of server supported protocols. -+ - =back - - =head1 CONNECTED COMMANDS -diff -up openssl-1.0.1h/doc/apps/s_server.pod.manfix openssl-1.0.1h/doc/apps/s_server.pod ---- openssl-1.0.1h/doc/apps/s_server.pod.manfix 2014-06-05 11:41:31.000000000 +0200 -+++ openssl-1.0.1h/doc/apps/s_server.pod 2014-06-05 14:41:11.502274939 +0200 -@@ -55,6 +55,7 @@ B<openssl> B<s_server> - [B<-no_ticket>] - [B<-id_prefix arg>] - [B<-rand file(s)>] -+[B<-nextprotoneg protocols>] - - =head1 DESCRIPTION - -@@ -207,7 +208,7 @@ Use the PSK key B<key> when using a PSK - given as a hexadecimal number without leading 0x, for example -psk - 1a2b3c4d. - --=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> -+=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-tls1_1>, B<-tls1_2>, B<-dtls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> - - these options disable the use of certain SSL or TLS protocols. By default - the initial handshake uses a method which should be compatible with all -@@ -282,6 +283,14 @@ Multiple files can be specified separate - The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for - all others. - -+=item B<-nextprotoneg protocols> -+ -+enable Next Protocol Negotiation TLS extension and provide a -+comma-separated list of supported protocol names. -+The list should contain most wanted protocols first. -+Protocol names are printable ASCII strings, for example "http/1.1" or -+"spdy/3". -+ - =back - - =head1 CONNECTED COMMANDS diff --git a/openssl/patches/openssl-1.0.2a-version.patch b/openssl/patches/openssl-1.0.2a-version.patch new file mode 100644 index 0000000..25dfff5 --- /dev/null +++ b/openssl/patches/openssl-1.0.2a-version.patch @@ -0,0 +1,83 @@ +diff -up openssl-1.0.2a/crypto/cversion.c.version openssl-1.0.2a/crypto/cversion.c +--- openssl-1.0.2a/crypto/cversion.c.version 2015-03-19 14:30:36.000000000 +0100 ++++ openssl-1.0.2a/crypto/cversion.c 2015-04-21 16:48:56.285535316 +0200 +@@ -62,7 +62,7 @@ + # include "buildinf.h" + #endif + +-const char *SSLeay_version(int t) ++const char *_current_SSLeay_version(int t) + { + if (t == SSLEAY_VERSION) + return OPENSSL_VERSION_TEXT; +@@ -101,7 +101,40 @@ const char *SSLeay_version(int t) + return ("not available"); + } + +-unsigned long SSLeay(void) ++const char *_original_SSLeay_version(int t) ++{ ++ if (t == SSLEAY_VERSION) ++ return "OpenSSL 1.0.0-fips 29 Mar 2010"; ++ else ++ return _current_SSLeay_version(t); ++} ++ ++const char *_original101_SSLeay_version(int t) ++{ ++ if (t == SSLEAY_VERSION) ++ return "OpenSSL 1.0.1e-fips 11 Feb 2013"; ++ else ++ return _current_SSLeay_version(t); ++} ++ ++unsigned long _original_SSLeay(void) ++{ ++ return (0x10000003L); ++} ++ ++unsigned long _original101_SSLeay(void) ++{ ++ return (0x1000105fL); ++} ++ ++unsigned long _current_SSLeay(void) + { + return (SSLEAY_VERSION_NUMBER); + } ++ ++__asm__(".symver _original_SSLeay,SSLeay@"); ++__asm__(".symver _original_SSLeay_version,SSLeay_version@"); ++__asm__(".symver _original101_SSLeay,SSLeay@OPENSSL_1.0.1"); ++__asm__(".symver _original101_SSLeay_version,SSLeay_version@OPENSSL_1.0.1"); ++__asm__(".symver _current_SSLeay,SSLeay@@OPENSSL_1.0.2"); ++__asm__(".symver _current_SSLeay_version,SSLeay_version@@OPENSSL_1.0.2"); +diff -up openssl-1.0.2a/Makefile.shared.version openssl-1.0.2a/Makefile.shared +--- openssl-1.0.2a/Makefile.shared.version 2015-04-21 16:43:02.624170648 +0200 ++++ openssl-1.0.2a/Makefile.shared 2015-04-21 16:43:02.676171879 +0200 +@@ -151,7 +151,7 @@ DO_GNU_SO=$(CALC_VERSIONS); \ + SHLIB_SUFFIX=; \ + ALLSYMSFLAGS='-Wl,--whole-archive'; \ + NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \ +- SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" ++ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,--default-symver,--version-script=version.map -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX" + + DO_GNU_APP=LDFLAGS="$(CFLAGS)" + +diff -up openssl-1.0.2a/version.map.version openssl-1.0.2a/version.map +--- openssl-1.0.2a/version.map.version 2015-04-21 16:43:02.676171879 +0200 ++++ openssl-1.0.2a/version.map 2015-04-21 16:51:49.621630589 +0200 +@@ -0,0 +1,13 @@ ++OPENSSL_1.0.1 { ++ global: ++ SSLeay; ++ SSLeay_version; ++ local: ++ _original*; ++ _current*; ++}; ++OPENSSL_1.0.2 { ++ global: ++ SSLeay; ++ SSLeay_version; ++} OPENSSL_1.0.1; diff --git a/openssl/patches/openssl-1.0.2c-rpmbuild.patch b/openssl/patches/openssl-1.0.2c-rpmbuild.patch new file mode 100644 index 0000000..555010c --- /dev/null +++ b/openssl/patches/openssl-1.0.2c-rpmbuild.patch @@ -0,0 +1,114 @@ +diff -up openssl-1.0.2c/Configure.rpmbuild openssl-1.0.2c/Configure +--- openssl-1.0.2c/Configure.rpmbuild 2015-06-12 16:51:21.000000000 +0200 ++++ openssl-1.0.2c/Configure 2015-06-15 17:22:52.598496680 +0200 +@@ -365,8 +365,8 @@ my %table=( + #### + # *-generic* is endian-neutral target, but ./config is free to + # throw in -D[BL]_ENDIAN, whichever appropriate... +-"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", +-"linux-ppc", "gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", ++"linux-generic32","gcc:-Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", ++"linux-ppc", "gcc:-DB_ENDIAN -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", + + ####################################################################### + # Note that -march is not among compiler options in below linux-armv4 +@@ -395,30 +395,30 @@ my %table=( + # + # ./Configure linux-armv4 -march=armv6 -D__ARM_MAX_ARCH__=8 + # +-"linux-armv4", "gcc: -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", +-"linux-aarch64","gcc: -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", ++"linux-armv4", "gcc:-Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", ++"linux-aarch64","gcc:-DL_ENDIAN -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", + # Configure script adds minimally required -march for assembly support, + # if no -march was specified at command line. mips32 and mips64 below + # refer to contemporary MIPS Architecture specifications, MIPS32 and + # MIPS64, rather than to kernel bitness. +-"linux-mips32", "gcc:-mabi=32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", +-"linux-mips64", "gcc:-mabi=n32 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::32", +-"linux64-mips64", "gcc:-mabi=64 -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", ++"linux-mips32", "gcc:-mabi=32 -Wall $(RPM_OPT_FLAGS) -DBN_DIV3W::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", ++"linux-mips64", "gcc:-mabi=n32 -Wall $(RPM_OPT_FLAGS) -DBN_DIV3W::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::32", ++"linux64-mips64", "gcc:-mabi=64 -Wall $(RPM_OPT_FLAGS) -DBN_DIV3W::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", + #### IA-32 targets... + "linux-ia32-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", +-"linux-elf", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", ++"linux-elf", "gcc:-DL_ENDIAN -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", + "linux-aout", "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out", + #### +-"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", +-"linux-ppc64", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", +-"linux-ppc64le","gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::", +-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", ++"linux-generic64","gcc:-Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", ++"linux-ppc64", "gcc:-m64 -DB_ENDIAN -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", ++"linux-ppc64le","gcc:-m64 -DL_ENDIAN -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", ++"linux-ia64", "gcc:-DL_ENDIAN -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", + "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", +-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", ++"linux-x86_64", "gcc:-m64 -DL_ENDIAN -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", + "linux-x86_64-clang", "clang: -m64 -DL_ENDIAN -O3 -Wall -Wextra $clang_disabled_warnings -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", + "linux-x86_64-icc", "icc:-DL_ENDIAN -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", + "linux-x32", "gcc:-mx32 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::x32", +-"linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", ++"linux64-s390x", "gcc:-m64 -DB_ENDIAN -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT::-Wl,-z,relro -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", + #### So called "highgprs" target for z/Architecture CPUs + # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see + # /proc/cpuinfo. The idea is to preserve most significant bits of +@@ -436,12 +436,12 @@ my %table=( + #### SPARC Linux setups + # Ray Miller ray.miller@computing-services.oxford.ac.uk has patiently + # assisted with debugging of following two configs. +-"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", ++"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -Wall $(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:$(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", + # it's a real mess with -mcpu=ultrasparc option under Linux, but + # -Wa,-Av8plus should do the trick no matter what. +-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)", ++"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -Wall $(RPM_OPT_FLAGS) -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER)", + # GCC 3.1 is a requirement +-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.$(SHLIB_MAJOR).$(SHLIB_MINOR):::64", ++"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -Wall $(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-Wl,-z,relro -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64 $(RPM_OPT_FLAGS):.so.$(SHLIB_SONAMEVER):::64", + #### Alpha Linux with GNU C and Compaq C setups + # Special notes: + # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you +@@ -1764,7 +1764,7 @@ while (<IN>) + elsif ($shared_extension ne "" && $shared_extension =~ /^.s([ol]).[^.]*.[^.]*$/) + { + my $sotmp = $1; +- s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_MAJOR) .s$sotmp/; ++ s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.$(SHLIB_SONAMEVER) .s$sotmp/; + } + elsif ($shared_extension ne "" && $shared_extension =~ /^.[^.]*.[^.]*.dylib$/) + { +diff -up openssl-1.0.2c/Makefile.org.rpmbuild openssl-1.0.2c/Makefile.org +--- openssl-1.0.2c/Makefile.org.rpmbuild 2015-06-12 16:51:21.000000000 +0200 ++++ openssl-1.0.2c/Makefile.org 2015-06-15 17:19:14.874510995 +0200 +@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY= + SHLIB_MAJOR= + SHLIB_MINOR= + SHLIB_EXT= ++SHLIB_SONAMEVER=10 + PLATFORM=dist + OPTIONS= + CONFIGURE_ARGS= +@@ -338,10 +339,9 @@ clean-shared: + link-shared: + @ set -e; for i in $(SHLIBDIRS); do \ + $(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \ +- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ ++ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ + symlink.$(SHLIB_TARGET); \ +- libs="$$libs -l$$i"; \ + done + + build-shared: do_$(SHLIB_TARGET) link-shared +@@ -352,7 +352,7 @@ do_$(SHLIB_TARGET): + libs="$(LIBKRB5) $$libs"; \ + fi; \ + $(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \ +- LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \ ++ LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \ + LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \ + LIBDEPS="$$libs $(EX_LIBS)" \ + link_a.$(SHLIB_TARGET); \ diff --git a/rp-pppoe/rp-pppoe.nm b/rp-pppoe/rp-pppoe.nm index af16c6c..156e461 100644 --- a/rp-pppoe/rp-pppoe.nm +++ b/rp-pppoe/rp-pppoe.nm @@ -4,8 +4,8 @@ ###############################################################################
name = rp-pppoe -version = 3.10 -release = 3 +version = 3.11 +release = 1
groups = Networking/Dialin url = http://www.roaringpenguin.com/pppoe/
hooks/post-receive -- IPFire 3.x development tree