+++ /dev/null
-diff -up openssl-0.9.8k/crypto/pqueue/pqueue.c.dtls-dos openssl-0.9.8k/crypto/pqueue/pqueue.c
---- openssl-0.9.8k/crypto/pqueue/pqueue.c.dtls-dos 2005-06-28 14:53:33.000000000 +0200
-+++ openssl-0.9.8k/crypto/pqueue/pqueue.c 2009-05-21 18:26:29.000000000 +0200
-@@ -234,3 +234,17 @@ pqueue_next(pitem **item)
-
- return ret;
- }
-+
-+int
-+pqueue_size(pqueue_s *pq)
-+{
-+ pitem *item = pq->items;
-+ int count = 0;
-+
-+ while(item != NULL)
-+ {
-+ count++;
-+ item = item->next;
-+ }
-+ return count;
-+}
-diff -up openssl-0.9.8k/crypto/pqueue/pqueue.h.dtls-dos openssl-0.9.8k/crypto/pqueue/pqueue.h
---- openssl-0.9.8k/crypto/pqueue/pqueue.h.dtls-dos 2009-04-21 11:43:58.000000000 +0200
-+++ openssl-0.9.8k/crypto/pqueue/pqueue.h 2009-05-21 18:26:29.000000000 +0200
-@@ -91,5 +91,6 @@ pitem *pqueue_iterator(pqueue pq);
- pitem *pqueue_next(piterator *iter);
-
- void pqueue_print(pqueue pq);
-+int pqueue_size(pqueue pq);
-
- #endif /* ! HEADER_PQUEUE_H */
-diff -up openssl-0.9.8k/ssl/d1_both.c.dtls-dos openssl-0.9.8k/ssl/d1_both.c
---- openssl-0.9.8k/ssl/d1_both.c.dtls-dos 2007-10-17 23:17:49.000000000 +0200
-+++ openssl-0.9.8k/ssl/d1_both.c 2009-05-21 18:26:29.000000000 +0200
-@@ -519,6 +519,7 @@ dtls1_retrieve_buffered_fragment(SSL *s,
-
- if ( s->d1->handshake_read_seq == frag->msg_header.seq)
- {
-+ unsigned long frag_len = frag->msg_header.frag_len;
- pqueue_pop(s->d1->buffered_messages);
-
- al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
-@@ -536,7 +537,7 @@ dtls1_retrieve_buffered_fragment(SSL *s,
- if (al==0)
- {
- *ok = 1;
-- return frag->msg_header.frag_len;
-+ return frag_len;
- }
-
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
-@@ -561,7 +562,16 @@ dtls1_process_out_of_seq_message(SSL *s,
- if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
- goto err;
-
-- if (msg_hdr->seq <= s->d1->handshake_read_seq)
-+ /* Try to find item in queue, to prevent duplicate entries */
-+ pq_64bit_init(&seq64);
-+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
-+ item = pqueue_find(s->d1->buffered_messages, seq64);
-+ pq_64bit_free(&seq64);
-+
-+ /* Discard the message if sequence number was already there, is
-+ * too far in the future or the fragment is already in the queue */
-+ if (msg_hdr->seq <= s->d1->handshake_read_seq ||
-+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
- {
- unsigned char devnull [256];
-
-diff -up openssl-0.9.8k/ssl/d1_pkt.c.dtls-dos openssl-0.9.8k/ssl/d1_pkt.c
---- openssl-0.9.8k/ssl/d1_pkt.c.dtls-dos 2009-04-21 11:44:02.000000000 +0200
-+++ openssl-0.9.8k/ssl/d1_pkt.c 2009-05-21 18:26:29.000000000 +0200
-@@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueu
- DTLS1_RECORD_DATA *rdata;
- pitem *item;
-
-+ /* Limit the size of the queue to prevent DOS attacks */
-+ if (pqueue_size(queue->q) >= 100)
-+ return 0;
-+
- rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
- item = pitem_new(priority, rdata);
- if (rdata == NULL || item == NULL)
---- fips/Makefile.orig 2009-01-08 13:29:36.362699820 +0100
-+++ fips/Makefile 2009-01-08 13:30:25.780295482 +0100
-@@ -186,10 +186,6 @@
+--- openssl-0.9.8m/fips/Makefile.orig 2009-10-15 16:14:34.000000000 +0200
++++ openssl-0.9.8m/fips/Makefile 2010-03-20 08:50:18.958704379 +0100
+@@ -190,10 +190,6 @@
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
done
- cp -p -f $(FIPSLIBDIR)fipscanister.o $(FIPSLIBDIR)fipscanister.o.sha1 \
- $(FIPSLIBDIR)fips_premain.c $(FIPSLIBDIR)fips_premain.c.sha1 \
-- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \
-- chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fips*
+- $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/; \
+- chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/fips*
lint:
@target=lint; $(RECURSIVE_MAKE)
-
-diff -Nuard openssl-0.9.7b.orig/Makefile.org openssl-0.9.7b/Makefile.org
---- openssl-0.9.7b.orig/Makefile.org 2003-04-08 13:54:32.000000000 +0200
-+++ openssl-0.9.7b/Makefile.org 2003-08-20 21:12:53.000000000 +0200
-@@ -578,7 +578,7 @@
+--- openssl-0.9.8m/Makefile.org.orig 2010-02-25 18:21:14.000000000 +0100
++++ openssl-0.9.8m/Makefile.org 2010-03-19 08:59:24.082711921 +0100
+@@ -441,7 +441,7 @@
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/lib'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+- echo 'includedir=$${prefix}/include'; \
++ echo 'includedir=$${prefix}/include/openssl'; \
+ echo ''; \
+ echo 'Name: OpenSSL-libcrypto'; \
+ echo 'Description: OpenSSL cryptography library'; \
+@@ -454,7 +454,7 @@
+ @ ( echo 'prefix=$(INSTALLTOP)'; \
+ echo 'exec_prefix=$${prefix}'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
+ echo 'includedir=$${prefix}/include/openssl'; \
echo ''; \
echo 'Name: OpenSSL'; \
- echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
---- openssl-0.9.7e.orig/Makefile 2003-04-10 22:47:14.000000000 +0200
-+++ openssl-0.9.7e/Makefile 2003-08-20 21:01:09.000000000 +0200
-@@ -580,7 +580,7 @@
+ echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+@@ -467,7 +467,7 @@
@ ( echo 'prefix=$(INSTALLTOP)'; \
echo 'exec_prefix=$${prefix}'; \
- echo 'libdir=$${exec_prefix}/lib'; \
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- echo 'includedir=$${prefix}/include'; \
+ echo 'includedir=$${prefix}/include/openssl'; \
echo ''; \
make sure we respect LDFLAGS
---- openssl-0.9.8h/Makefile
-+++ openssl-0.9.8h/Makefile
+--- openssl-0.9.8h/Makefile.org
++++ openssl-0.9.8h/Makefile.org
@@ -180,6 +181,7 @@
MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
+++ /dev/null
-diff -ur openssl-0.9.8b/apps/Makefile openssl-0.9.8b.varLIB/apps/Makefile
---- openssl-0.9.8b/apps/Makefile 2005-07-05 20:41:28.000000000 +0200
-+++ openssl-0.9.8b.varLIB/apps/Makefile 2006-07-14 21:37:55.000000000 +0200
-@@ -102,16 +102,12 @@
- @set -e; for i in $(EXE); \
- do \
- (echo installing $$i; \
-- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
-- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
-+ install $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
- done;
- @set -e; for i in $(SCRIPTS); \
- do \
- (echo installing $$i; \
-- cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
-- chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new; \
-- mv -f $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i.new $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
-+ install $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
- done
- @cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
- chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
-Només a openssl-0.9.8b.varLIB/apps: Makefile~
-diff -ur openssl-0.9.8b/Configure openssl-0.9.8b.varLIB/Configure
---- openssl-0.9.8b/Configure 2006-07-14 21:12:31.000000000 +0200
-+++ openssl-0.9.8b.varLIB/Configure 2006-07-14 21:21:09.000000000 +0200
-@@ -561,6 +561,7 @@
- my $idx_arflags = $idx++;
-
- my $prefix="";
-+my $lib="lib";
- my $openssldir="";
- my $exe_ext="";
- my $install_prefix="";
-@@ -737,6 +738,10 @@
- {
- $prefix=$1;
- }
-+ elsif (/^--lib=(.*)$/)
-+ {
-+ $lib=$1;
-+ }
- elsif (/^--openssldir=(.*)$/)
- {
- $openssldir=$1;
-@@ -1283,6 +1288,7 @@
- s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
- s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
- s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
-+ s/^LIBD=.*$/LIBD=$lib/;
- s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
- s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
- s/^PLATFORM=.*$/PLATFORM=$target/;
-diff -ur openssl-0.9.8b/engines/Makefile openssl-0.9.8b.varLIB/engines/Makefile
---- openssl-0.9.8b/engines/Makefile 2006-02-04 02:49:34.000000000 +0100
-+++ openssl-0.9.8b.varLIB/engines/Makefile 2006-07-14 21:34:48.000000000 +0200
-@@ -97,13 +97,12 @@
- *DSO_DL*) sfx="sl";; \
- *) sfx="bad";; \
- esac; \
-- cp lib$$l.$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \
-+ install lib$$l.$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/engines/lib$$l.$$sfx; \
- else \
- sfx="so"; \
-- cp cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \
-+ install cyg$$l.dll $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/engines/lib$$l.$$sfx; \
- fi; \
-- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \
-- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx ); \
-+ ); \
- done; \
- fi
-
-diff -ur openssl-0.9.8b/Makefile.org openssl-0.9.8b.varLIB/Makefile.org
---- openssl-0.9.8b/Makefile.org 2006-07-14 21:12:31.000000000 +0200
-+++ openssl-0.9.8b.varLIB/Makefile.org 2006-07-14 21:32:12.000000000 +0200
-@@ -25,6 +25,7 @@
- # Normally it is left empty.
- INSTALL_PREFIX=
- INSTALLTOP=/usr/local/ssl
-+LIBD=lib
-
- # Do not edit this manually. Use Configure --openssldir=DIR do change this!
- OPENSSLDIR=/usr/local/ssl
-@@ -172,7 +173,7 @@
- CC='${CC}' CFLAG='${CFLAG}' \
- AS='${CC}' ASFLAG='${CFLAG} -c' \
- AR='${AR}' PERL='${PERL}' RANLIB='${RANLIB}' \
-- SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/lib' \
-+ SDIRS='${SDIRS}' LIBRPATH='${INSTALLTOP}/$(LIBD)' LIBD='$(LIBD)' \
- INSTALL_PREFIX='${INSTALL_PREFIX}' \
- INSTALLTOP='${INSTALLTOP}' OPENSSLDIR='${OPENSSLDIR}' \
- MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
-@@ -301,7 +302,7 @@
- libcrypto.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
-- echo 'libdir=$${exec_prefix}/lib'; \
-+ echo 'libdir=$${exec_prefix}/$(LIBD)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL-libcrypto'; \
-@@ -314,7 +315,7 @@
- libssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
-- echo 'libdir=$${exec_prefix}/lib'; \
-+ echo 'libdir=$${exec_prefix}/$(LIBD)'; \
- echo 'includedir=$${prefix}/include'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
-@@ -327,7 +328,7 @@
- openssl.pc: Makefile
- @ ( echo 'prefix=$(INSTALLTOP)'; \
- echo 'exec_prefix=$${prefix}'; \
-- echo 'libdir=$${exec_prefix}/lib'; \
-+ echo 'libdir=$${exec_prefix}/$(LIBD)'; \
- echo 'includedir=$${prefix}/include/openssl'; \
- echo ''; \
- echo 'Name: OpenSSL'; \
-@@ -477,9 +478,9 @@
-
- install_sw:
- @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
-- $(INSTALL_PREFIX)$(INSTALLTOP)/lib \
-- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines \
-- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig \
-+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD) \
-+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/engines \
-+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/pkgconfig \
- $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
-@@ -494,10 +495,9 @@
- do \
- if [ -f "$$i" ]; then \
- ( echo installing $$i; \
-- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-- $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
-+ install $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/$$i; \
-+ $(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/$$i; \
-+ ); \
- fi; \
- done;
- @set -e; if [ -n "$(SHARED_LIBS)" ]; then \
-@@ -507,36 +507,30 @@
- if [ -f "$$i" -o -f "$$i.a" ]; then \
- ( echo installing $$i; \
- if [ "$(PLATFORM)" != "Cygwin" ]; then \
-- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-- chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
-+ install $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/$$i; \
- else \
- c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
-- cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-- chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
-- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
-+ install $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
-+ cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/$$i; \
- fi ); \
- fi; \
- done; \
- ( here="`pwd`"; \
-- cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
-+ cd $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD); \
- $(MAKE) -f $$here/Makefile HERE="$$here" link-shared ); \
- if [ "$(INSTALLTOP)" != "/usr" ]; then \
- echo 'OpenSSL shared libraries have been installed in:'; \
-- echo ' $(INSTALLTOP)'; \
-+ echo ' $(INSTALLTOP)/$(LIBD)'; \
- echo ''; \
- sed -e '1,/^$$/d' doc/openssl-shared.txt; \
- fi; \
- fi
-- cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
-- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libcrypto.pc
-- cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
-- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/libssl.pc
-- cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
-- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
-+ cp libcrypto.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/pkgconfig
-+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/pkgconfig/libcrypto.pc
-+ cp libssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/pkgconfig
-+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/pkgconfig/libssl.pc
-+ cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/pkgconfig
-+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBD)/pkgconfig/openssl.pc
-
- install_docs:
- @$(PERL) $(TOP)/util/mkdir-p.pl \
---- openssl-0.9.8h/Configure.orig 2008-05-30 00:34:52.856047264 +0200
-+++ openssl-0.9.8h/Configure 2008-05-30 07:06:59.720767714 +0200
-@@ -147,8 +147,8 @@
+--- openssl-0.9.8m/Configure.orig 2010-03-19 08:12:32.938715273 +0100
++++ openssl-0.9.8m/Configure 2010-03-19 08:46:19.618713597 +0100
+@@ -156,8 +156,8 @@
#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
# Our development configs
"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
-@@ -169,8 +169,8 @@
+@@ -179,8 +179,8 @@
"debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g $ENV{OPTFLAGS} -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g $ENV{OPTFLAGS} -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "dist", "cc:-O::(unknown)::::::",
-
- # Basic configs that should work on any (32 and less bit) box
-@@ -318,28 +318,28 @@
+ "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+@@ -331,28 +331,28 @@
####
# *-generic* is endian-neutral target, but ./config is free to
# throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic64","gcc:-DTERMIO $ENV{OPTFLAGS} -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO $ENV{OPTFLAGS} -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO $ENV{OPTFLAGS} -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO $ENV{OPTFLAGS} -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO $ENV{OPTFLAGS} -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO $ENV{OPTFLAGS} -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO $ENV{OPTFLAGS} -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
#### SPARC Linux setups
# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
# assisted with debugging of following two configs.
#### Alpha Linux with GNU C and Compaq C setups
# Special notes:
# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
-@@ -353,8 +353,8 @@
+@@ -366,8 +366,8 @@
#
# <appro@fy.chalmers.se>
#
"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
"linux-alpha+bwx-ccc-generic","ccc:-fast -generic -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
-@@ -1399,7 +1399,7 @@
+@@ -1567,7 +1567,7 @@
elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
{
my $sotmp = $1;
+++ /dev/null
-diff -uNr openssl-0.9.8j.ORIG/Makefile.org openssl-0.9.8j/Makefile.org
---- openssl-0.9.8j.ORIG/Makefile.org 2009-01-07 18:06:31.000000000 +0000
-+++ openssl-0.9.8j/Makefile.org 2009-01-07 18:08:38.000000000 +0000
-@@ -333,15 +333,15 @@
- dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_fips:
- @dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
- @dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_libs
- @dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_libs
- @dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-+build_tools: build_libs
- @dir=tools; target=all; $(BUILD_ONE_CMD)
-
- all_testapps: build_libs build_testapps
+++ /dev/null
-diff -ur openssl-0.9.8l.org/crypto/md5/asm/md5-x86_64.pl openssl-0.9.8l/crypto/md5/asm/md5-x86_64.pl
---- openssl-0.9.8l.org/crypto/md5/asm/md5-x86_64.pl 2007-11-11 14:34:06.000000000 +0100
-+++ openssl-0.9.8l/crypto/md5/asm/md5-x86_64.pl 2009-11-06 23:23:15.528442820 +0100
-@@ -19,6 +19,7 @@
- sub round1_step
- {
- my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-+ $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
- $code .= " mov 0*4(%rsi), %r10d /* (NEXT STEP) X[0] */\n" if ($pos == -1);
- $code .= " mov %edx, %r11d /* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
- $code .= <<EOF;
-@@ -42,6 +43,7 @@
- sub round2_step
- {
- my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-+ $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
- $code .= " mov 1*4(%rsi), %r10d /* (NEXT STEP) X[1] */\n" if ($pos == -1);
- $code .= " mov %ecx, %r11d /* (NEXT STEP) y' = %ecx */\n" if ($pos == -1);
- $code .= <<EOF;
-@@ -65,6 +67,7 @@
- sub round3_step
- {
- my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-+ $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
- $code .= " mov 5*4(%rsi), %r10d /* (NEXT STEP) X[5] */\n" if ($pos == -1);
- $code .= " mov %ecx, %r11d /* (NEXT STEP) y' = %ecx */\n" if ($pos == -1);
- $code .= <<EOF;
-@@ -87,6 +90,7 @@
- sub round4_step
- {
- my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-+ $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
- $code .= " mov 0*4(%rsi), %r10d /* (NEXT STEP) X[0] */\n" if ($pos == -1);
- $code .= " mov \$0xffffffff, %r11d\n" if ($pos == -1);
- $code .= " xor %edx, %r11d /* (NEXT STEP) not z' = not %edx*/\n"
-
---- openssl-0.9.8l/crypto/sha/asm/sha1-x86_64.pl-x 2007-11-11 14:56:47.000000000 +0100
-+++ openssl-0.9.8l/crypto/sha/asm/sha1-x86_64.pl 2009-11-12 13:52:12.350872046 +0100
-@@ -143,7 +143,7 @@
- sub BODY_20_39 {
- my ($i,$a,$b,$c,$d,$e,$f)=@_;
- my $j=$i+1;
--my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
-+my $K=($i<40)?0x6ed9eba1:-0x359d3e2a;
- $code.=<<___ if ($i<79);
- lea $K($xi,$e),$f
- mov `4*($j%16)`(%rsp),$xi
-@@ -180,7 +180,7 @@
- my ($i,$a,$b,$c,$d,$e,$f)=@_;
- my $j=$i+1;
- $code.=<<___;
-- lea 0x8f1bbcdc($xi,$e),$f
-+ lea -0x70e44324($xi,$e),$f
- mov `4*($j%16)`(%rsp),$xi
- mov $b,$t0
- mov $b,$t1
Summary(ru.UTF-8): Библиотеки и утилиты для соединений через Secure Sockets Layer
Summary(uk.UTF-8): Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
Name: openssl
-Version: 0.9.8l
-Release: 2
+Version: 0.9.8m
+Release: 1
License: Apache-like
Group: Libraries
Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: 05a0ece1372392a2cf310ebb96333025
+# Source0-md5: 898bf125370926d5f692a2201124f8ec
Source2: %{name}.1.pl
Source3: %{name}-ssl-certificate.sh
Source4: %{name}-c_rehash.sh
Patch1: %{name}-optflags.patch
Patch2: %{name}-globalCA.diff
Patch3: %{name}-include.patch
-Patch4: %{name}-libvar.patch
-Patch5: %{name}-man-namespace.patch
-Patch6: %{name}-asflag.patch
-Patch7: %{name}-ca-certificates.patch
-Patch8: %{name}-fips_install.patch
-Patch9: %{name}-CVE-2009-1377-1378-1379.patch
-Patch10: %{name}-ldflags.patch
-Patch11: %{name}-parallel-build.patch
-Patch12: %{name}-x86_64-asm.patch
+Patch4: %{name}-man-namespace.patch
+Patch5: %{name}-asflag.patch
+Patch6: %{name}-ca-certificates.patch
+Patch7: %{name}-fips_install.patch
+Patch8: %{name}-ldflags.patch
URL: http://www.openssl.org/
BuildRequires: bc
BuildRequires: perl-devel >= 1:5.6.1
%patch5 -p1
%patch6 -p1
%patch7 -p1
-%patch8 -p0
-%patch9 -p1
-%patch10 -p1
-%patch11 -p1
-%patch12 -p1
+%patch8 -p1
%{__perl} -pi -e 's#%{_prefix}/local/bin/perl#%{__perl}#g' \
`grep -l -r "%{_prefix}/local/bin/perl" *`
%else
--openssldir=%{_sysconfdir}/%{name} \
%endif
- --lib=%{_lib} \
+ --libdir=%{_lib} \
shared threads \
enable-tlsext \
enable-seed \