Accepting request 236989 from Base:System

NOTE: I submitted perl-Net-SSLeay 1.64 update to devel:languages:perl which fixes its regression. - updated openssl to 1.0.1h (bnc#880891): - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous ECDH ciphersuites are subject to a denial of service attack. - openssl-buffreelistbug-aka-CVE-2010-5298.patch: removed, upstream - CVE-2014-0198.patch: removed, upstream - 0009-Fix-double-frees.patch: removed, upstream - 0012-Fix-eckey_priv_encode.patch: removed, upstream - 0017-Double-free-in-i2o_ECPublicKey.patch: removed, upstream - 0018-fix-coverity-issues-966593-966596.patch: removed, upstream - 0020-Initialize-num-properly.patch: removed, upstream - 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch: removed, upstream - 0023-evp-prevent-underflow-in-base64-decoding.patch: removed, upstream - 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch: removed, upstream - 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch: removed, upstream - 0001-libcrypto-Hide-library-private-symbols.patch: disabled heartbeat testcase - openssl-1.0.1c-ipv6-apps.patch: refreshed - openssl-fix-pod-syntax.diff: some stuff merged upstream, refreshed - Added new SUSE default cipher suite openssl-1.0.1e-add-suse-default-cipher.patch OBS-URL: https://build.opensuse.org/request/show/236989 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=118
2014-06-18 05:47:41 +00:00 · 2014-06-18 05:47:41 +00:00 · 66d6e48709
commit 66d6e48709
parent 6a3418284a
23 changed files with 419 additions and 980 deletions
--- a/0001-libcrypto-Hide-library-private-symbols.patch
+++ b/0001-libcrypto-Hide-library-private-symbols.patch
@ -37,8 +37,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 crypto/x509v3/pcy_int.h          |  3 +++
 31 files changed, 85 insertions(+), 17 deletions(-)
--- openssl-1.0.1g.orig/apps/Makefile
+Index: openssl-1.0.1h/apps/Makefile
-+++ openssl-1.0.1g/apps/Makefile
+===================================================================
 --- openssl-1.0.1h.orig/apps/Makefile
 +++ openssl-1.0.1h/apps/Makefile
@@ -20,7 +20,7 @@ EXE_EXT=
 SHLIB_TARGET=
@ -48,8 +50,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 GENERAL=Makefile makeapps.com install.com
--- openssl-1.0.1g.orig/crypto/asn1/asn1_locl.h
+Index: openssl-1.0.1h/crypto/asn1/asn1_locl.h
-+++ openssl-1.0.1g/crypto/asn1/asn1_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/asn1/asn1_locl.h
 +++ openssl-1.0.1h/crypto/asn1/asn1_locl.h
@@ -58,6 +58,8 @@
 /* Internal ASN1 structures and functions: not for application use */
@ -65,8 +69,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 	};
 +
 +#pragma GCC visibility pop
--- openssl-1.0.1g.orig/crypto/bn/bn_lcl.h
+Index: openssl-1.0.1h/crypto/bn/bn_lcl.h
-+++ openssl-1.0.1g/crypto/bn/bn_lcl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/bn/bn_lcl.h
 +++ openssl-1.0.1h/crypto/bn/bn_lcl.h
@@ -483,6 +483,8 @@ extern "C" {
 #undef bn_div_words
 #endif
@ -85,8 +91,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #ifdef  __cplusplus
 }
 #endif
--- openssl-1.0.1g.orig/crypto/camellia/cmll_locl.h
+Index: openssl-1.0.1h/crypto/camellia/cmll_locl.h
-+++ openssl-1.0.1g/crypto/camellia/cmll_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/camellia/cmll_locl.h
 +++ openssl-1.0.1h/crypto/camellia/cmll_locl.h
@@ -68,6 +68,8 @@
 #ifndef HEADER_CAMELLIA_LOCL_H
 #define HEADER_CAMELLIA_LOCL_H
@ -102,8 +110,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 			     CAMELLIA_KEY *key);
 +#pragma GCC visibility pop
 #endif /* #ifndef HEADER_CAMELLIA_LOCL_H */
--- openssl-1.0.1g.orig/crypto/cast/cast_lcl.h
+Index: openssl-1.0.1h/crypto/cast/cast_lcl.h
-+++ openssl-1.0.1g/crypto/cast/cast_lcl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/cast/cast_lcl.h
 +++ openssl-1.0.1h/crypto/cast/cast_lcl.h
@@ -217,6 +217,7 @@
 	}
 #endif
@ -117,8 +127,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 extern const CAST_LONG CAST_S_table6[256];
 extern const CAST_LONG CAST_S_table7[256];
 +#pragma GCC visibility pop
--- openssl-1.0.1g.orig/crypto/cms/cms_lcl.h
+Index: openssl-1.0.1h/crypto/cms/cms_lcl.h
-+++ openssl-1.0.1g/crypto/cms/cms_lcl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/cms/cms_lcl.h
 +++ openssl-1.0.1h/crypto/cms/cms_lcl.h
@@ -426,6 +426,8 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerA
 #define CMS_RECIPINFO_ISSUER_SERIAL	0
 #define CMS_RECIPINFO_KEYIDENTIFIER	1
@ -138,8 +150,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #ifdef  __cplusplus
 }
 #endif
--- openssl-1.0.1g.orig/crypto/des/des_locl.h
+Index: openssl-1.0.1h/crypto/des/des_locl.h
-+++ openssl-1.0.1g/crypto/des/des_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/des/des_locl.h
 +++ openssl-1.0.1h/crypto/des/des_locl.h
@@ -421,10 +421,12 @@
 	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
 	}
@ -153,16 +167,20 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #ifdef OPENSSL_SMALL_FOOTPRINT
 #undef DES_UNROLL
--- openssl-1.0.1g.orig/crypto/dsa/dsa_locl.h
+Index: openssl-1.0.1h/crypto/dsa/dsa_locl.h
-+++ openssl-1.0.1g/crypto/dsa/dsa_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/dsa/dsa_locl.h
 +++ openssl-1.0.1h/crypto/dsa/dsa_locl.h
@@ -57,4 +57,4 @@
 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
 	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
 	unsigned char *seed_out,
 -	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
 +	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) __attribute__ ((visibility ("hidden")));
--- openssl-1.0.1g.orig/crypto/ec/ec_lcl.h
+Index: openssl-1.0.1h/crypto/ec/ec_lcl.h
-+++ openssl-1.0.1g/crypto/ec/ec_lcl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/ec/ec_lcl.h
 +++ openssl-1.0.1h/crypto/ec/ec_lcl.h
@@ -88,6 +88,8 @@
 /* Structure details are not part of the exported interface,
  * so all this may change in future versions. */
@ -178,8 +196,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #endif
 +
 +#pragma GCC visibility pop
--- openssl-1.0.1g.orig/crypto/ecdh/ech_locl.h
+Index: openssl-1.0.1h/crypto/ecdh/ech_locl.h
-+++ openssl-1.0.1g/crypto/ecdh/ech_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/ecdh/ech_locl.h
 +++ openssl-1.0.1h/crypto/ecdh/ech_locl.h
@@ -58,6 +58,8 @@
 #include <openssl/ecdh.h>
@ -196,8 +216,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 -
 +#pragma GCC visibility pop
 #endif /* HEADER_ECH_LOCL_H */
--- openssl-1.0.1g.orig/crypto/ecdsa/ecs_locl.h
+Index: openssl-1.0.1h/crypto/ecdsa/ecs_locl.h
-+++ openssl-1.0.1g/crypto/ecdsa/ecs_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/ecdsa/ecs_locl.h
 +++ openssl-1.0.1h/crypto/ecdsa/ecs_locl.h
@@ -61,6 +61,8 @@
 #include <openssl/ecdsa.h>
@ -214,8 +236,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 +#pragma GCC visibility pop
 +
 #endif /* HEADER_ECS_LOCL_H */
--- openssl-1.0.1g.orig/crypto/engine/eng_int.h
+Index: openssl-1.0.1h/crypto/engine/eng_int.h
-+++ openssl-1.0.1g/crypto/engine/eng_int.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/engine/eng_int.h
 +++ openssl-1.0.1h/crypto/engine/eng_int.h
@@ -68,6 +68,8 @@
 /* Take public definitions from engine.h */
 #include <openssl/engine.h>
@ -232,8 +256,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 -
 +#pragma GCC visibility pop
 #endif /* HEADER_ENGINE_INT_H */
--- openssl-1.0.1g.orig/crypto/engine/eng_rsax.c
+Index: openssl-1.0.1h/crypto/engine/eng_rsax.c
-+++ openssl-1.0.1g/crypto/engine/eng_rsax.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/engine/eng_rsax.c
 +++ openssl-1.0.1h/crypto/engine/eng_rsax.c
@@ -262,7 +262,7 @@ static int mod_exp_pre_compute_data_512(
 void mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */
 		 UINT64 *g,      /* 512 bits, 8 qwords */
@ -243,8 +269,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 typedef struct st_e_rsax_mod_ctx
 {
--- openssl-1.0.1g.orig/crypto/evp/e_aes.c
+Index: openssl-1.0.1h/crypto/evp/e_aes.c
-+++ openssl-1.0.1g/crypto/evp/e_aes.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/evp/e_aes.c
 +++ openssl-1.0.1h/crypto/evp/e_aes.c
@@ -108,6 +108,8 @@ typedef struct
 #define MAXBITCHUNK	((size_t)1<<(sizeof(size_t)*8-4))
@ -290,8 +318,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 		   const unsigned char *iv, int enc)
 	{
--- openssl-1.0.1g.orig/crypto/evp/e_aes_cbc_hmac_sha1.c
+Index: openssl-1.0.1h/crypto/evp/e_aes_cbc_hmac_sha1.c
-+++ openssl-1.0.1g/crypto/evp/e_aes_cbc_hmac_sha1.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/evp/e_aes_cbc_hmac_sha1.c
 +++ openssl-1.0.1h/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -97,6 +97,8 @@ typedef struct
 extern unsigned int OPENSSL_ia32cap_P[2];
 #define AESNI_CAPABLE   (1<<(57-32))
@ -310,8 +340,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
 static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
--- openssl-1.0.1g.orig/crypto/evp/evp_locl.h
+Index: openssl-1.0.1h/crypto/evp/evp_locl.h
-+++ openssl-1.0.1g/crypto/evp/evp_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/evp/evp_locl.h
 +++ openssl-1.0.1h/crypto/evp/evp_locl.h
@@ -263,6 +263,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
 			     EVP_CIPHER_get_asn1_iv, \
 			     NULL)
@ -330,8 +362,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #ifdef OPENSSL_FIPS
 #ifdef OPENSSL_DOING_MAKEDEPEND
--- openssl-1.0.1g.orig/crypto/md4/md4_locl.h
+Index: openssl-1.0.1h/crypto/md4/md4_locl.h
-+++ openssl-1.0.1g/crypto/md4/md4_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/md4/md4_locl.h
 +++ openssl-1.0.1h/crypto/md4/md4_locl.h
@@ -65,7 +65,7 @@
 #define MD4_LONG_LOG2 2 /* default to 32 bits */
 #endif
@ -341,8 +375,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #define DATA_ORDER_IS_LITTLE_ENDIAN
--- openssl-1.0.1g.orig/crypto/md5/md5_locl.h
+Index: openssl-1.0.1h/crypto/md5/md5_locl.h
-+++ openssl-1.0.1g/crypto/md5/md5_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/md5/md5_locl.h
 +++ openssl-1.0.1h/crypto/md5/md5_locl.h
@@ -74,7 +74,7 @@
 # endif
 #endif
@ -352,8 +388,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #define DATA_ORDER_IS_LITTLE_ENDIAN
--- openssl-1.0.1g.orig/crypto/modes/modes_lcl.h
+Index: openssl-1.0.1h/crypto/modes/modes_lcl.h
-+++ openssl-1.0.1g/crypto/modes/modes_lcl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/modes/modes_lcl.h
 +++ openssl-1.0.1h/crypto/modes/modes_lcl.h
@@ -83,6 +83,8 @@ typedef unsigned char u8;
 #define PUTU32(p,v)	((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
 #endif
@ -369,8 +407,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 };
 -
 +#pragma GCC visibility pop
--- openssl-1.0.1g.orig/crypto/o_str.h
+Index: openssl-1.0.1h/crypto/o_str.h
-+++ openssl-1.0.1g/crypto/o_str.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/o_str.h
 +++ openssl-1.0.1h/crypto/o_str.h
@@ -61,8 +61,12 @@
 #include <stddef.h>		/* to get size_t */
@ -384,8 +424,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 +#pragma GCC visibility pop
 +
 #endif
--- openssl-1.0.1g.orig/crypto/o_time.h
+Index: openssl-1.0.1h/crypto/o_time.h
-+++ openssl-1.0.1g/crypto/o_time.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/o_time.h
 +++ openssl-1.0.1h/crypto/o_time.h
@@ -61,7 +61,11 @@
 #include <time.h>
@ -398,8 +440,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 +#pragma GCC visibility pop
 +
 #endif
--- openssl-1.0.1g.orig/crypto/ripemd/rmd_locl.h
+Index: openssl-1.0.1h/crypto/ripemd/rmd_locl.h
-+++ openssl-1.0.1g/crypto/ripemd/rmd_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/ripemd/rmd_locl.h
 +++ openssl-1.0.1h/crypto/ripemd/rmd_locl.h
@@ -76,7 +76,7 @@
 # endif
 #endif
@ -409,16 +453,20 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #define DATA_ORDER_IS_LITTLE_ENDIAN
--- openssl-1.0.1g.orig/crypto/rsa/rsa_locl.h
+Index: openssl-1.0.1h/crypto/rsa/rsa_locl.h
-+++ openssl-1.0.1g/crypto/rsa/rsa_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/rsa/rsa_locl.h
 +++ openssl-1.0.1h/crypto/rsa/rsa_locl.h
@@ -1,4 +1,4 @@
 extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 		unsigned char *rm, size_t *prm_len,
 		const unsigned char *sigbuf, size_t siglen,
 -		RSA *rsa);
 +		RSA *rsa) __attribute__ ((visibility ("hidden")));
--- openssl-1.0.1g.orig/crypto/sha/sha256.c
+Index: openssl-1.0.1h/crypto/sha/sha256.c
-+++ openssl-1.0.1g/crypto/sha/sha256.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/sha/sha256.c
 +++ openssl-1.0.1h/crypto/sha/sha256.c
@@ -110,7 +110,7 @@ int SHA224_Final (unsigned char *md, SHA
 #ifndef SHA256_ASM
 static
@ -428,8 +476,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #include "md32_common.h"
--- openssl-1.0.1g.orig/crypto/sha/sha512.c
+Index: openssl-1.0.1h/crypto/sha/sha512.c
-+++ openssl-1.0.1g/crypto/sha/sha512.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/sha/sha512.c
 +++ openssl-1.0.1h/crypto/sha/sha512.c
@@ -94,7 +94,7 @@ fips_md_init(SHA512)
 #ifndef SHA512_ASM
 static
@ -439,8 +489,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 int SHA512_Final (unsigned char *md, SHA512_CTX *c)
 	{
--- openssl-1.0.1g.orig/crypto/sha/sha_locl.h
+Index: openssl-1.0.1h/crypto/sha/sha_locl.h
-+++ openssl-1.0.1g/crypto/sha/sha_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/sha/sha_locl.h
 +++ openssl-1.0.1h/crypto/sha/sha_locl.h
@@ -108,7 +108,7 @@ static void sha_block_data_order (SHA_CT
 #ifndef SHA1_ASM
 static
@ -450,8 +502,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #else
 # error "Either SHA_0 or SHA_1 must be defined."
--- openssl-1.0.1g.orig/crypto/store/str_locl.h
+Index: openssl-1.0.1h/crypto/store/str_locl.h
-+++ openssl-1.0.1g/crypto/store/str_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/store/str_locl.h
 +++ openssl-1.0.1h/crypto/store/str_locl.h
@@ -62,6 +62,8 @@
 #include <openssl/crypto.h>
 #include <openssl/store.h>
@ -468,8 +522,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 -
 +#pragma GCC visibility pop
 #endif
--- openssl-1.0.1g.orig/crypto/ui/ui_locl.h
+Index: openssl-1.0.1h/crypto/ui/ui_locl.h
-+++ openssl-1.0.1g/crypto/ui/ui_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/ui/ui_locl.h
 +++ openssl-1.0.1h/crypto/ui/ui_locl.h
@@ -66,6 +66,8 @@
 #undef _
 #endif
@ -486,15 +542,19 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 -
 +#pragma GCC visibility pop
 #endif
--- openssl-1.0.1g.orig/crypto/whrlpool/wp_locl.h
+Index: openssl-1.0.1h/crypto/whrlpool/wp_locl.h
-+++ openssl-1.0.1g/crypto/whrlpool/wp_locl.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/whrlpool/wp_locl.h
 +++ openssl-1.0.1h/crypto/whrlpool/wp_locl.h
@@ -1,3 +1,3 @@
 #include <openssl/whrlpool.h>
 -void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t);
 +void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t) __attribute__ ((visibility ("hidden")));
--- openssl-1.0.1g.orig/crypto/x509v3/ext_dat.h
+Index: openssl-1.0.1h/crypto/x509v3/ext_dat.h
-+++ openssl-1.0.1g/crypto/x509v3/ext_dat.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/x509v3/ext_dat.h
 +++ openssl-1.0.1h/crypto/x509v3/ext_dat.h
@@ -57,6 +57,8 @@
  */
 /* This file contains a table of "standard" extensions */
@ -512,8 +572,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 /* Number of standard extensions */
 #define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
--- openssl-1.0.1g.orig/crypto/x509v3/pcy_int.h
+Index: openssl-1.0.1h/crypto/x509v3/pcy_int.h
-+++ openssl-1.0.1g/crypto/x509v3/pcy_int.h
+===================================================================
 --- openssl-1.0.1h.orig/crypto/x509v3/pcy_int.h
 +++ openssl-1.0.1h/crypto/x509v3/pcy_int.h
@@ -56,6 +56,7 @@
  *
  */
@ -528,8 +590,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 const X509_POLICY_CACHE *policy_cache_set(X509 *x);
 +
 +#pragma GCC visibility pop
--- openssl-1.0.1g.orig/crypto/modes/gcm128.c
+Index: openssl-1.0.1h/crypto/modes/gcm128.c
-+++ openssl-1.0.1g/crypto/modes/gcm128.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/modes/gcm128.c
 +++ openssl-1.0.1h/crypto/modes/gcm128.c
@@ -567,8 +567,8 @@ static void gcm_ghash_4bit(u64 Xi[2],con
 }
 #endif
@ -554,8 +618,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #  if	defined(__i386) || defined(__i386__) || defined(_M_IX86)
 #   define GHASH_ASM_X86
--- openssl-1.0.1g.orig/crypto/evp/e_rc4_hmac_md5.c
+Index: openssl-1.0.1h/crypto/evp/e_rc4_hmac_md5.c
-+++ openssl-1.0.1g/crypto/evp/e_rc4_hmac_md5.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/evp/e_rc4_hmac_md5.c
 +++ openssl-1.0.1h/crypto/evp/e_rc4_hmac_md5.c
@@ -78,7 +78,7 @@ typedef struct
 #define NO_PAYLOAD_LENGTH	((size_t)-1)
@ -565,8 +631,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data)
--- openssl-1.0.1g.orig/crypto/cmac/cm_ameth.c
+Index: openssl-1.0.1h/crypto/cmac/cm_ameth.c
-+++ openssl-1.0.1g/crypto/cmac/cm_ameth.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/cmac/cm_ameth.c
 +++ openssl-1.0.1h/crypto/cmac/cm_ameth.c
@@ -73,6 +73,7 @@ static void cmac_key_free(EVP_PKEY *pkey
 		CMAC_CTX_free(cmctx);
 	}
@ -575,8 +643,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = 
 	{
 	EVP_PKEY_CMAC,
--- openssl-1.0.1g.orig/crypto/evp/pmeth_lib.c
+Index: openssl-1.0.1h/crypto/evp/pmeth_lib.c
-+++ openssl-1.0.1g/crypto/evp/pmeth_lib.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/evp/pmeth_lib.c
 +++ openssl-1.0.1h/crypto/evp/pmeth_lib.c
@@ -70,7 +70,7 @@
 typedef int sk_cmp_fn_type(const char * const *a, const char * const *b);
@ -586,8 +656,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
 extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
--- openssl-1.0.1g.orig/crypto/cmac/cm_pmeth.c
+Index: openssl-1.0.1h/crypto/cmac/cm_pmeth.c
-+++ openssl-1.0.1g/crypto/cmac/cm_pmeth.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/cmac/cm_pmeth.c
 +++ openssl-1.0.1h/crypto/cmac/cm_pmeth.c
@@ -188,6 +188,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C
 	return -2;
 	}
@ -596,8 +668,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 const EVP_PKEY_METHOD cmac_pkey_meth = 
 	{
 	EVP_PKEY_CMAC,
--- openssl-1.0.1g.orig/crypto/rand/md_rand.c
+Index: openssl-1.0.1h/crypto/rand/md_rand.c
-+++ openssl-1.0.1g/crypto/rand/md_rand.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/rand/md_rand.c
 +++ openssl-1.0.1h/crypto/rand/md_rand.c
@@ -164,7 +164,7 @@ static int ssleay_rand_nopseudo_bytes(un
 static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
 static int ssleay_rand_status(void);
@ -607,8 +681,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 	ssleay_rand_seed,
 	ssleay_rand_nopseudo_bytes,
 	ssleay_rand_cleanup,
--- openssl-1.0.1g.orig/crypto/dh/dh_ameth.c
+Index: openssl-1.0.1h/crypto/dh/dh_ameth.c
-+++ openssl-1.0.1g/crypto/dh/dh_ameth.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/dh/dh_ameth.c
 +++ openssl-1.0.1h/crypto/dh/dh_ameth.c
@@ -466,6 +466,7 @@ int DHparams_print(BIO *bp, const DH *x)
 	return do_dh_print(bp, x, 4, NULL, 0);
 	}
@ -617,8 +693,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 const EVP_PKEY_ASN1_METHOD dh_asn1_meth = 
 	{
 	EVP_PKEY_DH,
--- openssl-1.0.1g.orig/crypto/dh/dh_pmeth.c
+Index: openssl-1.0.1h/crypto/dh/dh_pmeth.c
-+++ openssl-1.0.1g/crypto/dh/dh_pmeth.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/dh/dh_pmeth.c
 +++ openssl-1.0.1h/crypto/dh/dh_pmeth.c
@@ -217,6 +217,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *
 	return 1;
 	}
@ -627,8 +705,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 const EVP_PKEY_METHOD dh_pkey_meth = 
 	{
 	EVP_PKEY_DH,
--- openssl-1.0.1g.orig/crypto/dsa/dsa_ameth.c
+Index: openssl-1.0.1h/crypto/dsa/dsa_ameth.c
-+++ openssl-1.0.1g/crypto/dsa/dsa_ameth.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/dsa/dsa_ameth.c
 +++ openssl-1.0.1h/crypto/dsa/dsa_ameth.c
@@ -639,7 +639,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey,
 	}
@ -638,8 +718,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = 
 	{
--- openssl-1.0.1g.orig/crypto/dsa/dsa_pmeth.c
+Index: openssl-1.0.1h/crypto/dsa/dsa_pmeth.c
-+++ openssl-1.0.1g/crypto/dsa/dsa_pmeth.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/dsa/dsa_pmeth.c
 +++ openssl-1.0.1h/crypto/dsa/dsa_pmeth.c
@@ -281,6 +281,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX
 	return DSA_generate_key(pkey->pkey.dsa);
 	}
@ -648,9 +730,11 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 const EVP_PKEY_METHOD dsa_pkey_meth = 
 	{
 	EVP_PKEY_DSA,
--- openssl-1.0.1g.orig/crypto/ec/ec_ameth.c
+Index: openssl-1.0.1h/crypto/ec/ec_ameth.c
-+++ openssl-1.0.1g/crypto/ec/ec_ameth.c
+===================================================================
-@@ -625,6 +625,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey,
+--- openssl-1.0.1h.orig/crypto/ec/ec_ameth.c
 +++ openssl-1.0.1h/crypto/ec/ec_ameth.c
@@ -626,6 +626,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey,
 	}
@ -658,8 +742,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = 
 	{
 	EVP_PKEY_EC,
--- openssl-1.0.1g.orig/crypto/ec/ec_pmeth.c
+Index: openssl-1.0.1h/crypto/ec/ec_pmeth.c
-+++ openssl-1.0.1g/crypto/ec/ec_pmeth.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/ec/ec_pmeth.c
 +++ openssl-1.0.1h/crypto/ec/ec_pmeth.c
@@ -304,6 +304,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *
 	return EC_KEY_generate_key(pkey->pkey.ec);
 	}
@ -668,8 +754,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 const EVP_PKEY_METHOD ec_pkey_meth = 
 	{
 	EVP_PKEY_EC,
--- openssl-1.0.1g.orig/crypto/hmac/hm_ameth.c
+Index: openssl-1.0.1h/crypto/hmac/hm_ameth.c
-+++ openssl-1.0.1g/crypto/hmac/hm_ameth.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/hmac/hm_ameth.c
 +++ openssl-1.0.1h/crypto/hmac/hm_ameth.c
@@ -138,6 +138,7 @@ static int old_hmac_encode(const EVP_PKE
 #endif
@ -678,8 +766,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = 
 	{
 	EVP_PKEY_HMAC,
--- openssl-1.0.1g.orig/crypto/hmac/hm_pmeth.c
+Index: openssl-1.0.1h/crypto/hmac/hm_pmeth.c
-+++ openssl-1.0.1g/crypto/hmac/hm_pmeth.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/hmac/hm_pmeth.c
 +++ openssl-1.0.1h/crypto/hmac/hm_pmeth.c
@@ -235,6 +235,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C
 	return -2;
 	}
@ -688,8 +778,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 const EVP_PKEY_METHOD hmac_pkey_meth = 
 	{
 	EVP_PKEY_HMAC,
--- openssl-1.0.1g.orig/crypto/rsa/rsa_ameth.c
+Index: openssl-1.0.1h/crypto/rsa/rsa_ameth.c
-+++ openssl-1.0.1g/crypto/rsa/rsa_ameth.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/rsa/rsa_ameth.c
 +++ openssl-1.0.1h/crypto/rsa/rsa_ameth.c
@@ -657,6 +657,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx
 	return 2;
 	}
@ -698,8 +790,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = 
 	{
 		{
--- openssl-1.0.1g.orig/crypto/rsa/rsa_pmeth.c
+Index: openssl-1.0.1h/crypto/rsa/rsa_pmeth.c
-+++ openssl-1.0.1g/crypto/rsa/rsa_pmeth.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/rsa/rsa_pmeth.c
 +++ openssl-1.0.1h/crypto/rsa/rsa_pmeth.c
@@ -685,6 +685,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX
 	return ret;
 	}
@ -708,8 +802,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 const EVP_PKEY_METHOD rsa_pkey_meth = 
 	{
 	EVP_PKEY_RSA,
--- openssl-1.0.1g.orig/crypto/objects/obj_xref.c
+Index: openssl-1.0.1h/crypto/objects/obj_xref.c
-+++ openssl-1.0.1g/crypto/objects/obj_xref.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/objects/obj_xref.c
 +++ openssl-1.0.1h/crypto/objects/obj_xref.c
@@ -60,7 +60,7 @@
 #include "obj_xref.h"
@ -719,8 +815,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 static int sig_cmp(const nid_triple *a, const nid_triple *b)
 	{
--- openssl-1.0.1g.orig/crypto/pem/pem_lib.c
+Index: openssl-1.0.1h/crypto/pem/pem_lib.c
-+++ openssl-1.0.1g/crypto/pem/pem_lib.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/pem/pem_lib.c
 +++ openssl-1.0.1h/crypto/pem/pem_lib.c
@@ -80,7 +80,7 @@ const char PEM_version[]="PEM" OPENSSL_V
 static int load_iv(char **fromp,unsigned char *to, int num);
@ -730,8 +828,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 int PEM_def_callback(char *buf, int num, int w, void *key)
 	{
--- openssl-1.0.1g.orig/crypto/asn1/tasn_prn.c
+Index: openssl-1.0.1h/crypto/asn1/tasn_prn.c
-+++ openssl-1.0.1g/crypto/asn1/tasn_prn.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/asn1/tasn_prn.c
 +++ openssl-1.0.1h/crypto/asn1/tasn_prn.c
@@ -72,7 +72,7 @@
 /* ASN1_PCTX routines */
@ -741,8 +841,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 	{
 	ASN1_PCTX_FLAGS_SHOW_ABSENT,	/* flags */
 	0,	/* nm_flags */
--- openssl-1.0.1g.orig/crypto/bn/bn_exp.c
+Index: openssl-1.0.1h/crypto/bn/bn_exp.c
-+++ openssl-1.0.1g/crypto/bn/bn_exp.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/bn/bn_exp.c
 +++ openssl-1.0.1h/crypto/bn/bn_exp.c
@@ -684,11 +684,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
 	{
 	void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap,
@ -758,8 +860,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 	BN_ULONG *np=mont->N.d, *n0=mont->n0;
--- openssl-1.0.1g.orig/crypto/bn/bn_gf2m.c
+Index: openssl-1.0.1h/crypto/bn/bn_gf2m.c
-+++ openssl-1.0.1g/crypto/bn/bn_gf2m.c
+===================================================================
 --- openssl-1.0.1h.orig/crypto/bn/bn_gf2m.c
 +++ openssl-1.0.1h/crypto/bn/bn_gf2m.c
@@ -220,7 +220,7 @@ static void bn_GF2m_mul_2x2(BN_ULONG *r,
 	r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0;  /* l1 ^= l0 ^ h0 ^ m0; */
 	}
@ -769,3 +873,34 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 #endif 
 /* Add polynomials a and b and store result in r; r could be a or b, a and b 
 Index: openssl-1.0.1h/test/Makefile
 ===================================================================
 --- openssl-1.0.1h.orig/test/Makefile
 +++ openssl-1.0.1h/test/Makefile
@@ -75,7 +75,7 @@ EXE=	$(BNTEST)$(EXE_EXT) $(ECTEST)$(EXE_
 	$(RANDTEST)$(EXE_EXT) $(DHTEST)$(EXE_EXT) $(ENGINETEST)$(EXE_EXT) \
 	$(BFTEST)$(EXE_EXT) $(CASTTEST)$(EXE_EXT) $(SSLTEST)$(EXE_EXT) $(EXPTEST)$(EXE_EXT) $(DSATEST)$(EXE_EXT) $(RSATEST)$(EXE_EXT) \
 	$(EVPTEST)$(EXE_EXT) $(IGETEST)$(EXE_EXT) $(JPAKETEST)$(EXE_EXT) $(SRPTEST)$(EXE_EXT) \
 -	$(ASN1TEST)$(EXE_EXT) $(HEARTBEATTEST)$(EXE_EXT)
 +	$(ASN1TEST)$(EXE_EXT)
 # $(METHTEST)$(EXE_EXT)
@@ -87,7 +87,7 @@ OBJ=	$(BNTEST).o $(ECTEST).o  $(ECDSATES
 	$(MDC2TEST).o $(RMDTEST).o \
 	$(RANDTEST).o $(DHTEST).o $(ENGINETEST).o $(CASTTEST).o \
 	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o \
 -	$(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o $(HEARTBEATTEST).o
 +	$(EVPTEST).o $(IGETEST).o $(JPAKETEST).o $(ASN1TEST).o
 SRC=	$(BNTEST).c $(ECTEST).c  $(ECDSATEST).c $(ECDHTEST).c $(IDEATEST).c \
 	$(MD2TEST).c  $(MD4TEST).c $(MD5TEST).c \
@@ -140,7 +140,7 @@ alltests: \
 	test_enc test_x509 test_rsa test_crl test_sid \
 	test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
 	test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
 -	test_jpake test_srp test_cms test_heartbeat
 +	test_jpake test_srp test_cms
 test_evp:
 	../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
--- a/0009-Fix-double-frees.patch
+++ b/0009-Fix-double-frees.patch
@ -1,51 +0,0 @@
 From 9c8dc84ac16a2f21063ae36809d202d0284ecf82 Mon Sep 17 00:00:00 2001
 From: Ben Laurie <ben@links.org>
 Date: Tue, 22 Apr 2014 13:11:56 +0100
 Subject: [PATCH 09/17] Fix double frees.
 ---
 CHANGES                   | 3 ++-
 crypto/pkcs7/pk7_doit.c   | 1 +
 crypto/ts/ts_rsp_verify.c | 1 +
 ssl/d1_srvr.c             | 1 +
 4 files changed, 5 insertions(+), 1 deletion(-)
 diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
 index 77fda3b..4c12a9d 100644
 --- a/crypto/pkcs7/pk7_doit.c
 +++ b/crypto/pkcs7/pk7_doit.c
@@ -928,6 +928,7 @@ int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
 	if (EVP_DigestSignUpdate(&mctx,abuf,alen) <= 0)
 		goto err;
 	OPENSSL_free(abuf);
 +	abuf = NULL;
 	if (EVP_DigestSignFinal(&mctx, NULL, &siglen) <= 0)
 		goto err;
 	abuf = OPENSSL_malloc(siglen);
 diff --git a/crypto/ts/ts_rsp_verify.c b/crypto/ts/ts_rsp_verify.c
 index afe16af..b7d170a 100644
 --- a/crypto/ts/ts_rsp_verify.c
 +++ b/crypto/ts/ts_rsp_verify.c
@@ -629,6 +629,7 @@ static int TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
 	X509_ALGOR_free(*md_alg);
 	OPENSSL_free(*imprint);
 	*imprint_len = 0;
 +	*imprint = NULL;
 	return 0;
 	}
 diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
 index 9975e20..1384ab0 100644
 --- a/ssl/d1_srvr.c
 +++ b/ssl/d1_srvr.c
@@ -1356,6 +1356,7 @@ int dtls1_send_server_key_exchange(SSL *s)
 			    (unsigned char *)encodedPoint, 
 			    encodedlen);
 			OPENSSL_free(encodedPoint);
 +			encodedPoint = NULL;
 			p += encodedlen;
 			}
 #endif
 -- 
 1.8.4.5
--- a/0012-Fix-eckey_priv_encode.patch
+++ b/0012-Fix-eckey_priv_encode.patch
@ -1,26 +0,0 @@
 From f0816174d264b11f6f4ccb41c75883640a2416bb Mon Sep 17 00:00:00 2001
 From: mancha <mancha1@zoho.com>
 Date: Thu, 24 Apr 2014 19:06:20 +0000
 Subject: [PATCH 12/17] Fix eckey_priv_encode()
 Fix eckey_priv_encode to return an error on failure of i2d_ECPrivateKey.
 ---
 CHANGES              | 4 ++++
 crypto/ec/ec_ameth.c | 1 +
 2 files changed, 5 insertions(+)
 diff --git a/crypto/ec/ec_ameth.c b/crypto/ec/ec_ameth.c
 index 0ce4524..f715a23 100644
 --- a/crypto/ec/ec_ameth.c
 +++ b/crypto/ec/ec_ameth.c
@@ -352,6 +352,7 @@ static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
 		EC_KEY_set_enc_flags(ec_key, old_flags);
 		OPENSSL_free(ep);
 		ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
 +		return 0;
 	}
 	/* restore old encoding flags */
 	EC_KEY_set_enc_flags(ec_key, old_flags);
 -- 
 1.8.4.5
--- a/0017-Double-free-in-i2o_ECPublicKey.patch
+++ b/0017-Double-free-in-i2o_ECPublicKey.patch
@ -1,31 +0,0 @@
 From 8eb094b9460575a328ba04708147c91fc267b394 Mon Sep 17 00:00:00 2001
 From: David Ramos <daramos@stanford.edu>
 Date: Sat, 3 May 2014 12:00:27 +0200
 Subject: [PATCH 17/17] Double free in i2o_ECPublicKey
 PR: 3338
 ---
 crypto/ec/ec_asn1.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
 diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
 index 145807b..e94f34e 100644
 --- a/crypto/ec/ec_asn1.c
 +++ b/crypto/ec/ec_asn1.c
@@ -1435,8 +1435,11 @@ int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)
 				*out, buf_len, NULL))
 		{
 		ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
 -		OPENSSL_free(*out);
 -		*out = NULL;
 +		if (new_buffer)
 +			{
 +			OPENSSL_free(*out);
 +			*out = NULL;
 +			}
 		return 0;
 		}
 	if (!new_buffer)
 -- 
 1.8.4.5
--- a/0018-fix-coverity-issues-966593-966596.patch
+++ b/0018-fix-coverity-issues-966593-966596.patch
@ -1,26 +0,0 @@
 From 7b7b18c57e899201338d91083bc49cc8c5a915fc Mon Sep 17 00:00:00 2001
 From: Tim Hudson <tjh@cryptsoft.com>
 Date: Mon, 5 May 2014 06:41:22 +1000
 Subject: [PATCH 18/23] - fix coverity issues 966593-966596
 ---
 crypto/srp/srp_vfy.c | 3 +++
 1 file changed, 3 insertions(+)
 diff --git a/crypto/srp/srp_vfy.c b/crypto/srp/srp_vfy.c
 index 4a3d13e..fdca19f 100644
 --- a/crypto/srp/srp_vfy.c
 +++ b/crypto/srp/srp_vfy.c
@@ -93,6 +93,9 @@ static int t_fromb64(unsigned char *a, const char *src)
 		else a[i] = loc - b64table;
 		++i;
 		}
 +	/* if nothing valid to process we have a zero length response */
 +	if (i == 0)
 +		return 0;
 	size = i;
 	i = size - 1;
 	j = size;
 -- 
 1.8.4.5
--- a/0020-Initialize-num-properly.patch
+++ b/0020-Initialize-num-properly.patch
@ -1,27 +0,0 @@
 From a41d5174e27c99d1caefd76a8e927c814ede509e Mon Sep 17 00:00:00 2001
 From: "Dr. Stephen Henson" <steve@openssl.org>
 Date: Tue, 6 May 2014 14:07:37 +0100
 Subject: [PATCH 20/23] Initialize num properly.
 PR#3289
 PR#3345
 (cherry picked from commit 3ba1e406c2309adb427ced9815ebf05f5b58d155)
 ---
 crypto/evp/bio_b64.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/crypto/evp/bio_b64.c b/crypto/evp/bio_b64.c
 index ac6d441..16863fe 100644
 --- a/crypto/evp/bio_b64.c
 +++ b/crypto/evp/bio_b64.c
@@ -226,6 +226,7 @@ static int b64_read(BIO *b, char *out, int outl)
 		else if (ctx->start)
 			{
 			q=p=(unsigned char *)ctx->tmp;
 +			num = 0;
 			for (j=0; j<i; j++)
 				{
 				if (*(q++) != '\n') continue;
 -- 
 1.8.4.5
--- a/0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch
+++ b/0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch
@ -1,85 +0,0 @@
 From d8afda60a991791f27cfac79186b1f8a4f4e30a0 Mon Sep 17 00:00:00 2001
 From: Geoff Thorpe <geoff@openssl.org>
 Date: Sun, 4 May 2014 16:19:22 -0400
 Subject: [PATCH 22/23] bignum: allow concurrent BN_MONT_CTX_set_locked()
 The lazy-initialisation of BN_MONT_CTX was serialising all threads, as
 noted by Daniel Sands and co at Sandia. This was to handle the case that
 2 or more threads race to lazy-init the same context, but stunted all
 scalability in the case where 2 or more threads are doing unrelated
 things! We favour the latter case by punishing the former. The init work
 gets done by each thread that finds the context to be uninitialised, and
 we then lock the "set" logic after that work is done - the winning
 thread's work gets used, the losing threads throw away what they've done.
 Signed-off-by: Geoff Thorpe <geoff@openssl.org>
 ---
 crypto/bn/bn_mont.c | 46 ++++++++++++++++++++++++++--------------------
 1 file changed, 26 insertions(+), 20 deletions(-)
 diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
 index 427b5cf..ee8532c 100644
 --- a/crypto/bn/bn_mont.c
 +++ b/crypto/bn/bn_mont.c
@@ -478,32 +478,38 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
 BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
 					const BIGNUM *mod, BN_CTX *ctx)
 	{
 -	int got_write_lock = 0;
 	BN_MONT_CTX *ret;
 	CRYPTO_r_lock(lock);
 -	if (!*pmont)
 +	ret = *pmont;
 +	CRYPTO_r_unlock(lock);
 +	if (ret)
 +		return ret;
 +
 +	/* We don't want to serialise globally while doing our lazy-init math in
 +	 * BN_MONT_CTX_set. That punishes threads that are doing independent
 +	 * things. Instead, punish the case where more than one thread tries to
 +	 * lazy-init the same 'pmont', by having each do the lazy-init math work
 +	 * independently and only use the one from the thread that wins the race
 +	 * (the losers throw away the work they've done). */
 +	ret = BN_MONT_CTX_new();
 +	if (!ret)
 +		return NULL;
 +	if (!BN_MONT_CTX_set(ret, mod, ctx))
 		{
 -		CRYPTO_r_unlock(lock);
 -		CRYPTO_w_lock(lock);
 -		got_write_lock = 1;
 +		BN_MONT_CTX_free(ret);
 +		return NULL;
 +		}
 -		if (!*pmont)
 -			{
 -			ret = BN_MONT_CTX_new();
 -			if (ret && !BN_MONT_CTX_set(ret, mod, ctx))
 -				BN_MONT_CTX_free(ret);
 -			else
 -				*pmont = ret;
 -			}
 +	/* The locked compare-and-set, after the local work is done. */
 +	CRYPTO_w_lock(lock);
 +	if (*pmont)
 +		{
 +		BN_MONT_CTX_free(ret);
 +		ret = *pmont;
 		}
 -	
 -	ret = *pmont;
 -	
 -	if (got_write_lock)
 -		CRYPTO_w_unlock(lock);
 	else
 -		CRYPTO_r_unlock(lock);
 -		
 +		*pmont = ret;
 +	CRYPTO_w_unlock(lock);
 	return ret;
 	}
 -- 
 1.8.4.5
--- a/0023-evp-prevent-underflow-in-base64-decoding.patch
+++ b/0023-evp-prevent-underflow-in-base64-decoding.patch
@ -1,30 +0,0 @@
 From d0666f289ac013094bbbf547bfbcd616199b7d2d Mon Sep 17 00:00:00 2001
 From: Geoff Thorpe <geoff@openssl.org>
 Date: Sun, 4 May 2014 18:44:14 -0400
 Subject: [PATCH 23/23] evp: prevent underflow in base64 decoding
 This patch resolves RT ticket #2608.
 Thanks to Robert Dugal for originally spotting this, and to David
 Ramos for noticing that the ball had been dropped.
 Signed-off-by: Geoff Thorpe <geoff@openssl.org>
 ---
 crypto/evp/encode.c | 1 +
 1 file changed, 1 insertion(+)
 diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c
 index 28546a8..4654bdc 100644
 --- a/crypto/evp/encode.c
 +++ b/crypto/evp/encode.c
@@ -324,6 +324,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 				v=EVP_DecodeBlock(out,d,n);
 				n=0;
 				if (v < 0) { rv=0; goto end; }
 +				if (eof > v) { rv=-1; goto end; }
 				ret+=(v-eof);
 				}
 			else
 -- 
 1.8.4.5
--- a/0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch
+++ b/0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch
@ -1,63 +0,0 @@
 From c6a47f988c19093e4716d58dbed92938c18e1640 Mon Sep 17 00:00:00 2001
 From: Matt Caswell <matt@openssl.org>
 Date: Wed, 7 May 2014 23:21:02 +0100
 Subject: [PATCH 24/25] Fixed NULL pointer dereference in PKCS7_dataDecode
 reported by David Ramos in PR#3339
 ---
 crypto/pkcs7/pk7_doit.c | 5 +++++
 crypto/pkcs7/pkcs7.h    | 1 +
 crypto/pkcs7/pkcs7err.c | 3 ++-
 3 files changed, 8 insertions(+), 1 deletion(-)
 diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
 index 4c12a9d..d91aa11 100644
 --- a/crypto/pkcs7/pk7_doit.c
 +++ b/crypto/pkcs7/pk7_doit.c
@@ -440,6 +440,11 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 		{
 	case NID_pkcs7_signed:
 		data_body=PKCS7_get_octet_string(p7->d.sign->contents);
 +		if (!PKCS7_is_detached(p7) && data_body == NULL)
 +			{
 +			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_INVALID_SIGNED_DATA_TYPE);
 +			goto err;
 +			}
 		md_sk=p7->d.sign->md_algs;
 		break;
 	case NID_pkcs7_signedAndEnveloped:
 diff --git a/crypto/pkcs7/pkcs7.h b/crypto/pkcs7/pkcs7.h
 index e4d4431..04f6037 100644
 --- a/crypto/pkcs7/pkcs7.h
 +++ b/crypto/pkcs7/pkcs7.h
@@ -453,6 +453,7 @@ void ERR_load_PKCS7_strings(void);
 #define PKCS7_R_ERROR_SETTING_CIPHER			 121
 #define PKCS7_R_INVALID_MIME_TYPE			 131
 #define PKCS7_R_INVALID_NULL_POINTER			 143
 +#define PKCS7_R_INVALID_SIGNED_DATA_TYPE		 155
 #define PKCS7_R_MIME_NO_CONTENT_TYPE			 132
 #define PKCS7_R_MIME_PARSE_ERROR			 133
 #define PKCS7_R_MIME_SIG_PARSE_ERROR			 134
 diff --git a/crypto/pkcs7/pkcs7err.c b/crypto/pkcs7/pkcs7err.c
 index d0af32a..f3db08e 100644
 --- a/crypto/pkcs7/pkcs7err.c
 +++ b/crypto/pkcs7/pkcs7err.c
@@ -1,6 +1,6 @@
 /* crypto/pkcs7/pkcs7err.c */
 /* ====================================================================
 - * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.
 + * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -130,6 +130,7 @@ static ERR_STRING_DATA PKCS7_str_reasons[]=
 {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
 {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE)   ,"invalid mime type"},
 {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"},
 +{ERR_REASON(PKCS7_R_INVALID_SIGNED_DATA_TYPE),"invalid signed data type"},
 {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"},
 {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR)    ,"mime parse error"},
 {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"},
 -- 
 1.8.4.5
--- a/0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch
+++ b/0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch
@ -1,49 +0,0 @@
 From 6a60b414318ec4315ee016c3e15777c448603115 Mon Sep 17 00:00:00 2001
 From: Tim Hudson <tjh@cryptsoft.com>
 Date: Mon, 5 May 2014 08:22:42 +1000
 Subject: [PATCH 25/25] fix coverity issue 966597 - error line is not always
 initialised
 ---
 ssl/ssl_asn1.c | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
 index 38540be..4775003 100644
 --- a/ssl/ssl_asn1.c
 +++ b/ssl/ssl_asn1.c
@@ -408,6 +408,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 		if (os.length != 3)
 			{
 			c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
 +			c.line=__LINE__;
 			goto err;
 			}
 		id=0x02000000L|
@@ -420,6 +421,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 		if (os.length != 2)
 			{
 			c.error=SSL_R_CIPHER_CODE_WRONG_LENGTH;
 +			c.line=__LINE__;
 			goto err;
 			}
 		id=0x03000000L|
@@ -429,6 +431,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 	else
 		{
 		c.error=SSL_R_UNKNOWN_SSL_VERSION;
 +		c.line=__LINE__;
 		goto err;
 		}
@@ -521,6 +524,7 @@ SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
 	    if (os.length > SSL_MAX_SID_CTX_LENGTH)
 		{
 		c.error=SSL_R_BAD_LENGTH;
 +		c.line=__LINE__;
 		goto err;
 		}
 	    else
 -- 
 1.8.4.5
--- a/CVE-2014-0198.patch
+++ b/CVE-2014-0198.patch
@ -1,15 +0,0 @@
 Index: openssl-1.0.1g/ssl/s3_pkt.c
 ===================================================================
 --- openssl-1.0.1g.orig/ssl/s3_pkt.c
 +++ openssl-1.0.1g/ssl/s3_pkt.c
@@ -657,6 +657,10 @@ static int do_ssl3_write(SSL *s, int typ
 		if (i <= 0)
 			return(i);
 		/* if it went, fall through and send more stuff */
 +		/* we may have released our buffer, so get it again */
 +		if (wb->buf == NULL)
 +			if (!ssl3_setup_write_buffer(s))
 +				return -1;
 		}
 	if (len == 0 && !create_empty_fragment)
--- a/openssl-1.0.1c-ipv6-apps.patch
+++ b/openssl-1.0.1c-ipv6-apps.patch
@ -1,7 +1,7 @@
-Index: openssl-1.0.1g/apps/s_apps.h
+Index: openssl-1.0.1h/apps/s_apps.h
 ===================================================================
--- openssl-1.0.1g.orig/apps/s_apps.h
+--- openssl-1.0.1h.orig/apps/s_apps.h
-+++ openssl-1.0.1g/apps/s_apps.h
+++ openssl-1.0.1h/apps/s_apps.h
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"
@ -24,10 +24,10 @@ Index: openssl-1.0.1g/apps/s_apps.h
 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
 				   int argi, long argl, long ret);
-Index: openssl-1.0.1g/apps/s_client.c
+Index: openssl-1.0.1h/apps/s_client.c
 ===================================================================
--- openssl-1.0.1g.orig/apps/s_client.c
+--- openssl-1.0.1h.orig/apps/s_client.c
-+++ openssl-1.0.1g/apps/s_client.c
+++ openssl-1.0.1h/apps/s_client.c
@@ -567,7 +567,7 @@ int MAIN(int argc, char **argv)
 	int cbuf_len,cbuf_off;
 	int sbuf_len,sbuf_off;
@ -62,10 +62,10 @@ Index: openssl-1.0.1g/apps/s_client.c
 		{
 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
 		SHUTDOWN(s);
-Index: openssl-1.0.1g/apps/s_server.c
+Index: openssl-1.0.1h/apps/s_server.c
 ===================================================================
--- openssl-1.0.1g.orig/apps/s_server.c
+--- openssl-1.0.1h.orig/apps/s_server.c
-+++ openssl-1.0.1g/apps/s_server.c
+++ openssl-1.0.1h/apps/s_server.c
@@ -933,7 +933,7 @@ int MAIN(int argc, char *argv[])
 	{
 	X509_VERIFY_PARAM *vpm = NULL;
@ -97,10 +97,10 @@ Index: openssl-1.0.1g/apps/s_server.c
 	print_stats(bio_s_out,ctx);
 	ret=0;
 end:
-Index: openssl-1.0.1g/apps/s_socket.c
+Index: openssl-1.0.1h/apps/s_socket.c
 ===================================================================
--- openssl-1.0.1g.orig/apps/s_socket.c
+--- openssl-1.0.1h.orig/apps/s_socket.c
-+++ openssl-1.0.1g/apps/s_socket.c
+++ openssl-1.0.1h/apps/s_socket.c
@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
 static void ssl_sock_cleanup(void);
 #endif
@ -182,7 +182,7 @@ Index: openssl-1.0.1g/apps/s_socket.c
 		{
 -		i=0;
 -		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-		if (i < 0) { perror("keepalive"); return(0); }
+-		if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
 +			int i=0;
 +			i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,
 +				(char *)&i,sizeof(i));
@ -359,7 +359,7 @@ Index: openssl-1.0.1g/apps/s_socket.c
 	int len;
 /*	struct linger ling; */
-@@ -431,135 +473,58 @@ redoit:
+@@ -431,138 +473,59 @@ redoit:
 */
 	if (host == NULL) goto end;
@ -388,6 +388,7 @@ Index: openssl-1.0.1g/apps/s_socket.c
 +		if ((*host=(char *)OPENSSL_malloc(strlen(buffer)+1)) == NULL)
 			{
 			perror("OPENSSL_malloc");
 			closesocket(ret);
 			return(0);
 			}
 -		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
@ -396,11 +397,13 @@ Index: openssl-1.0.1g/apps/s_socket.c
 -		if (h2 == NULL)
 -			{
 -			BIO_printf(bio_err,"gethostbyname failure\n");
 -			closesocket(ret);
 -			return(0);
 -			}
 -		if (h2->h_addrtype != AF_INET)
 -			{
 -			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
 -			closesocket(ret);
 -			return(0);
 -			}
 +		strcpy(*host, buffer);
--- a/openssl-1.0.1e-add-suse-default-cipher-header.patch
+++ b/openssl-1.0.1e-add-suse-default-cipher-header.patch
@ -0,0 +1,16 @@
 Index: openssl-1.0.1g/ssl/ssl.h
 ===================================================================
 --- openssl-1.0.1g.orig/ssl/ssl.h
 +++ openssl-1.0.1g/ssl/ssl.h
@@ -332,9 +332,11 @@ extern "C" {
  * It also is substituted when an application-defined cipher list string
  * starts with 'DEFAULT'. */
 #define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES"
 +
 #define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
     "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
     "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA"
 +
 /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
  * starts with a reasonable order, and all we have to do for DEFAULT is
  * throwing out anonymous and unencrypted ciphersuites!
--- a/openssl-1.0.1e-add-suse-default-cipher.patch
+++ b/openssl-1.0.1e-add-suse-default-cipher.patch
@ -0,0 +1,39 @@
 Index: openssl-1.0.1g/ssl/ssl_ciph.c
 ===================================================================
 --- openssl-1.0.1g.orig/ssl/ssl_ciph.c
 +++ openssl-1.0.1g/ssl/ssl_ciph.c
@@ -1470,7 +1470,17 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_
 	 */
 	ok = 1;
 	rule_p = rule_str;
 -	if (strncmp(rule_str,"DEFAULT",7) == 0)
 +
 +	if (strncmp(rule_str,"DEFAULT_SUSE",12) == 0)
 +		{
 +		ok = ssl_cipher_process_rulestr(SSL_DEFAULT_SUSE_CIPHER_LIST,
 +			&head, &tail, ca_list);
 +		rule_p += 12;
 +		if (*rule_p == ':')
 +			rule_p++;
 +		}
 +
 +    else if (strncmp(rule_str,"DEFAULT",7) == 0)
 		{
 		ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
 			&head, &tail, ca_list);
 Index: openssl-1.0.1g/ssl/ssl.h
 ===================================================================
 --- openssl-1.0.1g.orig/ssl/ssl.h
 +++ openssl-1.0.1g/ssl/ssl.h
@@ -331,7 +331,10 @@ extern "C" {
 /* The following cipher list is used by default.
  * It also is substituted when an application-defined cipher list string
  * starts with 'DEFAULT'. */
 -#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!LOW"
 +#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES"
 +#define SSL_DEFAULT_SUSE_CIPHER_LIST "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:"\
 +    "DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:"\
 +    "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:CAMELLIA128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:DES-CBC3-SHA"
 /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
  * starts with a reasonable order, and all we have to do for DEFAULT is
  * throwing out anonymous and unencrypted ciphersuites!
--- a/openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
+++ b/openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
@ -0,0 +1,30 @@
 Index: openssl-1.0.1f/test/testssl
 ===================================================================
 --- openssl-1.0.1f.orig/test/testssl
 +++ openssl-1.0.1f/test/testssl
@@ -136,6 +136,25 @@ for protocol in TLSv1.2 SSLv3; do
   done
 done
 +echo "Testing default ciphersuites"
 +
 +for cipher_suite in DEFAULT_SUSE DEFAULT; do
 +    ../util/shlib_wrap.sh ../apps/openssl ciphers $cipher_suite
 +    if [ $? -ne 0 ]; then
 +        echo "Failed default ciphersuite $cipher_suite"
 +        exit 1
 +    fi
 +done
 +
 +echo "Testing if MD5, DES and RC4 are excluded from DEFAULT_SUSE cipher suite"
 +../util/shlib_wrap.sh ../apps/openssl ciphers DEFAULT_SUSE| grep "MD5\|RC4\|DES-[^CBC3]" 
 +
 +if [ $? -ne 1 ];then
 +    echo "weak ciphers are present on DEFAULT_SUSE cipher suite"
 +    exit 1
 +fi
 +
 +
 #############################################################################
 if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
--- a/openssl-1.0.1g.tar.gz
+++ b/openssl-1.0.1g.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028
 size 4509047
--- a/openssl-1.0.1g.tar.gz.asc
+++ b/openssl-1.0.1g.tar.gz.asc
@ -1,17 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 iQIcBAABCAAGBQJTQtiaAAoJENNXdQf6QOniuAkP/2hFMcb2NEG36by4oleDQQA1
 xw/qiE5NryMU7+bwwhjvVdGsyeLnnPxN0K5fFVlsWHFIJCArZ/ERsR3xJfldSoZX
 xz/PgU4JAWT7vkhIR0zW2SInzxdX2hUsonG3dRqVY5JVX3aAMkcIanczpxrv39Cb
 ZeKwStINV5HOXH++Y7O4SWsFF3w2H4cmijyF2QQngrvyGkkS4C1Wy/PH54rAQrSH
 phfsDlULL48/4NPul9LiRK6clgf+6DtOa9eY/NF+enjmEw2B73PRt1DmCaaaabWU
 RwKHyVZUvXGhZYnPnfriz+V09FEq9SMEyyCBg2JeTljESPaPKxPP53ueI7OTo3B8
 cyXcVMq3nckgq3XI1j/Z/BJVTO6Zp/thTlkGv35O/+AgdY/lWiMictFYLLfbHC1Z
 9A9gbwuhO7pc1BrQF0vhIR+NlHAq4fVA81xHrClsIWebs8XjaH4zLRoeYBKqK0+m
 4T2vf78yh+viiSOU2KpQdi4kWOUpCMVBa4CJclyAWdX+jjhnrudWcV5JwCz1KtNK
 Pdaje0WrJ8gqAKpZC88q2vhVZF8FQt2YGhe16sGM5N9aSeg0/GMd1rAbJPUlpQ41
 /b64wg+J3/ZQsRDfNvXwIgaGa1Ur8mUv/hmtAr1ecXK+rOcn6wcoouWwDYcOCQj/
 opNSFe0Slj1X6unB62z2
 =9S5s
 -----END PGP SIGNATURE-----
--- a/openssl-1.0.1h.tar.gz
+++ b/openssl-1.0.1h.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:9d1c8a9836aa63e2c6adb684186cbd4371c9e9dcc01d6e3bb447abf2d4d3d093
 size 4475692
--- a/openssl-1.0.1h.tar.gz.asc
+++ b/openssl-1.0.1h.tar.gz.asc
@ -0,0 +1,17 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 iQIcBAABCAAGBQJTkDweAAoJENNXdQf6QOnizlMQAJ/tw6A4s/TMQjiLTapBAJzJ
 b5W2/nOD87oa0HL2aKvTHb0R7RKuvqGR71kgWaPOPJUwyLEWG1SinTeYR0J+yl0K
 5y8TE8p4AwnAEp1JcMfbljl3tkyRXOVqS1idkvcBKBawurL68jfyWWkzZ1D2wZtE
 LEmVm0diQIDSACuisnonE2Q8YvtqV4/imuX4BEZlZ+iNNdL0+NEuLB+xIWSl84lb
 YqM0cXQ09SIZZL+nvO0t5PBNJcQM/6w9TPKDFReQxvhVkdqoWa/o2FfeSgRLNDIu
 gGPTe0cEGUpOYyeC/SbLUOppCsRNBbzWjdRotEOV1GO2dMihZaMZZedJDhAhh5q6
 Z1wctpZGxq/vMIQ669Wayj2OxAtluCjW8GwlaJRi7XfB/fCk1NDFezTL4hhWRhIh
 mvI4oKO7TC2/OhJ2YvNGqYeqNzsIJbszn7bipvbF5KNf0eNtrUoRWsNPia9nRlca
 2yzAxCCx2QtR0PV52/c5Xbfm/Ljxta9ZKgQgAjApz5+YMsap9LyQhklc+r7tETij
 yv3Vf3Xft6n4VtKxHsecebl9VZXsz/hCjHN3PmYI0SLZDZOFBdIYoju2ttspH1pH
 aBXTitvmBUsDIss2fjJJQLX22TgTpTS3FyPb9zlN+ecE/0HJcGIJUAi80i1gldzH
 DQhyf3Qf17vW5g28E7Iv
 =oxkH
 -----END PGP SIGNATURE-----
--- a/openssl-buffreelistbug-aka-CVE-2010-5298.patch
+++ b/openssl-buffreelistbug-aka-CVE-2010-5298.patch
@ -1,13 +0,0 @@
 --- openssl-1.0.1g.orig/ssl/s3_pkt.c
 +++ openssl-1.0.1g/ssl/s3_pkt.c
@@ -1055,8 +1055,8 @@ start:
 				{
 				s->rstate=SSL_ST_READ_HEADER;
 				rr->off=0;
 -				if (s->mode & SSL_MODE_RELEASE_BUFFERS)
 -					ssl3_release_read_buffer(s);
 +				if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
 +					    ssl3_release_read_buffer(s);
 				}
 			}
 		return(n);
--- a/openssl-fix-pod-syntax.diff
+++ b/openssl-fix-pod-syntax.diff
@ -59,88 +59,10 @@ Content-Length: 12835
 doc/ssl/SSL_write.pod                       |    2 +-
 23 files changed, 59 insertions(+), 55 deletions(-)
-Index: openssl-1.0.1g/doc/apps/cms.pod
+Index: openssl-1.0.1h/doc/apps/ts.pod
 ===================================================================
--- openssl-1.0.1g.orig/doc/apps/cms.pod
+--- openssl-1.0.1h.orig/doc/apps/ts.pod
-+++ openssl-1.0.1g/doc/apps/cms.pod
+++ openssl-1.0.1h/doc/apps/ts.pod
@@ -450,28 +450,28 @@ remains DER.
 =over 4
 -=item 0
 +=item Z<>0
 the operation was completely successfully.
 -=item 1 
 +=item Z<>1 
 an error occurred parsing the command options.
 -=item 2
 +=item Z<>2
 one of the input files could not be read.
 -=item 3
 +=item Z<>3
 an error occurred creating the CMS file or when reading the MIME
 message.
 -=item 4
 +=item Z<>4
 an error occurred decrypting or verifying the message.
 -=item 5
 +=item Z<>5
 the message was verified correctly but an error occurred writing out
 the signers certificates.
 Index: openssl-1.0.1g/doc/apps/smime.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/apps/smime.pod
 +++ openssl-1.0.1g/doc/apps/smime.pod
@@ -308,28 +308,28 @@ remains DER.
 =over 4
 -=item 0
 +=item Z<>0
 the operation was completely successfully.
 -=item 1 
 +=item Z<>1 
 an error occurred parsing the command options.
 -=item 2
 +=item Z<>2
 one of the input files could not be read.
 -=item 3
 +=item Z<>3
 an error occurred creating the PKCS#7 file or when reading the MIME
 message.
 -=item 4
 +=item Z<>4
 an error occurred decrypting or verifying the message.
 -=item 5
 +=item Z<>5
 the message was verified correctly but an error occurred writing out
 the signers certificates.
 Index: openssl-1.0.1g/doc/apps/ts.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/apps/ts.pod
 +++ openssl-1.0.1g/doc/apps/ts.pod
@@ -58,19 +58,19 @@ time. Here is a brief description of the
 =over 4
@ -164,10 +86,10 @@ Index: openssl-1.0.1g/doc/apps/ts.pod
 The TSA client receives the time stamp token and verifies the
 signature on it. It also checks if the token contains the same hash
-Index: openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod
+Index: openssl-1.0.1h/doc/crypto/OPENSSL_ia32cap.pod
 ===================================================================
--- openssl-1.0.1g.orig/doc/crypto/OPENSSL_ia32cap.pod
+--- openssl-1.0.1h.orig/doc/crypto/OPENSSL_ia32cap.pod
-+++ openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod
+++ openssl-1.0.1h/doc/crypto/OPENSSL_ia32cap.pod
@@ -20,6 +20,8 @@ toolkit initialization, but can be manip
 crypto library behaviour. For the moment of this writing six bits are
 significant, namely:
@ -186,10 +108,10 @@ Index: openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod
 For example, clearing bit #26 at run-time disables high-performance
 SSE2 code present in the crypto library. You might have to do this if
 target OpenSSL application is executed on SSE2 capable CPU, but under
-Index: openssl-1.0.1g/doc/crypto/rand.pod
+Index: openssl-1.0.1h/doc/crypto/rand.pod
 ===================================================================
--- openssl-1.0.1g.orig/doc/crypto/rand.pod
+--- openssl-1.0.1h.orig/doc/crypto/rand.pod
-+++ openssl-1.0.1g/doc/crypto/rand.pod
+++ openssl-1.0.1h/doc/crypto/rand.pod
@@ -74,16 +74,16 @@ First up I will state the things I belie
 =over 4
@ -241,318 +163,3 @@ Index: openssl-1.0.1g/doc/crypto/rand.pod
 Given the random number output stream, it should not be possible to determine
 the RNG state or the next random number.
 Index: openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_COMP_add_compression_method.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may re
 =over 4
 -=item 0
 +=item Z<>0
 The operation succeeded.
 -=item 1
 +=item Z<>1
 The operation failed. Check the error queue to find out the reason.
 Index: openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_add_session.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
@@ -52,13 +52,13 @@ The following values are returned by all
 =over 4
 -=item 0
 +=item Z<>0
  The operation failed. In case of the add operation, it was tried to add
  the same (identical) session twice. In case of the remove operation, the
  session was not found in the cache.
 -=item 1
 +=item Z<>1
  The operation succeeded.
 Index: openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_load_verify_locations.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -100,13 +100,13 @@ The following return values can occur:
 =over 4
 -=item 0
 +=item Z<>0
 The operation failed because B<CAfile> and B<CApath> are NULL or the
 processing at one of the locations specified failed. Check the error
 stack to find out the reason.
 -=item 1
 +=item Z<>1
 The operation succeeded.
 Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -66,13 +66,13 @@ values:
 =over 4
 -=item 0
 +=item Z<>0
 A failure while manipulating the STACK_OF(X509_NAME) object occurred or
 the X509_NAME could not be extracted from B<cacert>. Check the error stack
 to find out the reason.
 -=item 1
 +=item Z<>1
 The operation succeeded.
 Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_session_id_context.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -64,13 +64,13 @@ return the following values:
 =over 4
 -=item 0
 +=item Z<>0
 The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
 the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
 is logged to the error stack.
 -=item 1
 +=item Z<>1
 The operation succeeded.
 Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_ssl_version.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
 =over 4
 -=item 0
 +=item Z<>0
 The new choice failed, check the error stack to find out the reason.
 -=item 1
 +=item Z<>1
 The operation succeeded.
 Index: openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -96,7 +96,7 @@ data to B<psk> and return the length of
 connection will fail with decryption_error before it will be finished
 completely.
 -=item 0
 +=item Z<>0
 PSK identity was not found. An "unknown_psk_identity" alert message
 will be sent and the connection setup fails.
 Index: openssl-1.0.1g/doc/ssl/SSL_accept.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_accept.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_accept.pod
@@ -44,13 +44,13 @@ The following return values can occur:
 =over 4
 -=item 0
 +=item Z<>0
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 -=item 1
 +=item Z<>1
 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
 established.
 Index: openssl-1.0.1g/doc/ssl/SSL_clear.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_clear.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_clear.pod
@@ -56,12 +56,12 @@ The following return values can occur:
 =over 4
 -=item 0
 +=item Z<>0
 The SSL_clear() operation could not be performed. Check the error stack to
 find out the reason.
 -=item 1
 +=item Z<>1
 The SSL_clear() operation was successful.
 Index: openssl-1.0.1g/doc/ssl/SSL_connect.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_connect.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_connect.pod
@@ -41,13 +41,13 @@ The following return values can occur:
 =over 4
 -=item 0
 +=item Z<>0
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 -=item 1
 +=item Z<>1
 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
 established.
 Index: openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_do_handshake.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod
@@ -45,13 +45,13 @@ The following return values can occur:
 =over 4
 -=item 0
 +=item Z<>0
 The TLS/SSL handshake was not successful but was shut down controlled and
 by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
 return value B<ret> to find out the reason.
 -=item 1
 +=item Z<>1
 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
 established.
 Index: openssl-1.0.1g/doc/ssl/SSL_read.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_read.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_read.pod
@@ -86,7 +86,7 @@ The following return values can occur:
 The read operation was successful; the return value is the number of
 bytes actually read from the TLS/SSL connection.
 -=item 0
 +=item Z<>0
 The read operation was not successful. The reason may either be a clean
 shutdown due to a "close notify" alert sent by the peer (in which case
 Index: openssl-1.0.1g/doc/ssl/SSL_session_reused.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_session_reused.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_session_reused.pod
@@ -27,11 +27,11 @@ The following return values can occur:
 =over 4
 -=item 0
 +=item Z<>0
 A new session was negotiated.
 -=item 1
 +=item Z<>1
 A session was reused.
 Index: openssl-1.0.1g/doc/ssl/SSL_set_fd.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_set_fd.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_set_fd.pod
@@ -35,11 +35,11 @@ The following return values can occur:
 =over 4
 -=item 0
 +=item Z<>0
 The operation failed. Check the error stack to find out why.
 -=item 1
 +=item Z<>1
 The operation succeeded.
 Index: openssl-1.0.1g/doc/ssl/SSL_set_session.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_set_session.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_set_session.pod
@@ -37,11 +37,11 @@ The following return values can occur:
 =over 4
 -=item 0
 +=item Z<>0
 The operation failed; check the error stack to find out the reason.
 -=item 1
 +=item Z<>1
 The operation succeeded.
 Index: openssl-1.0.1g/doc/ssl/SSL_shutdown.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_shutdown.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_shutdown.pod
@@ -92,19 +92,19 @@ The following return values can occur:
 =over 4
 -=item 0
 +=item Z<>0
 The shutdown is not yet finished. Call SSL_shutdown() for a second time,
 if a bidirectional shutdown shall be performed.
 The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
 erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
 -=item 1
 +=item Z<>1
 The shutdown was successfully completed. The "close notify" alert was sent
 and the peer's "close notify" alert was received.
 -=item -1
 +=item Z<>-1
 The shutdown was not successful because a fatal error occurred either
 at the protocol level or a connection failure occurred. It can also occur if
 Index: openssl-1.0.1g/doc/ssl/SSL_write.pod
 ===================================================================
 --- openssl-1.0.1g.orig/doc/ssl/SSL_write.pod
 +++ openssl-1.0.1g/doc/ssl/SSL_write.pod
@@ -79,7 +79,7 @@ The following return values can occur:
 The write operation was successful, the return value is the number of
 bytes actually written to the TLS/SSL connection.
 -=item 0
 +=item Z<>0
 The write operation was not successful. Probably the underlying connection
 was closed. Call SSL_get_error() with the return value B<ret> to find out,
--- a/openssl.changes
+++ b/openssl.changes
@ -1,3 +1,43 @@
 -------------------------------------------------------------------
 Thu Jun  5 14:37:19 UTC 2014 - meissner@suse.com
 - updated openssl to 1.0.1h (bnc#880891):
  - CVE-2014-0224: Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
    handshake can force the use of weak keying material in OpenSSL
    SSL/TLS clients and servers.
  - CVE-2014-0221: Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
    OpenSSL DTLS client the code can be made to recurse eventually crashing
    in a DoS attack.
  - CVE-2014-0195: Fix DTLS invalid fragment vulnerability. A buffer
    overrun attack can be triggered by sending invalid DTLS fragments to
    an OpenSSL DTLS client or server. This is potentially exploitable to
    run arbitrary code on a vulnerable client or server.
  - CVE-2014-3470: Fix bug in TLS code where clients enable anonymous
    ECDH ciphersuites are subject to a denial of service attack.
 - openssl-buffreelistbug-aka-CVE-2010-5298.patch: removed, upstream
 - CVE-2014-0198.patch: removed, upstream
 - 0009-Fix-double-frees.patch: removed, upstream
 - 0012-Fix-eckey_priv_encode.patch: removed, upstream
 - 0017-Double-free-in-i2o_ECPublicKey.patch: removed, upstream
 - 0018-fix-coverity-issues-966593-966596.patch: removed, upstream
 - 0020-Initialize-num-properly.patch: removed, upstream
 - 0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch: removed, upstream
 - 0023-evp-prevent-underflow-in-base64-decoding.patch: removed, upstream
 - 0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch: removed, upstream
 - 0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch: removed, upstream
 - 0001-libcrypto-Hide-library-private-symbols.patch: disabled heartbeat testcase
 - openssl-1.0.1c-ipv6-apps.patch: refreshed
 - openssl-fix-pod-syntax.diff: some stuff merged upstream, refreshed
 -------------------------------------------------------------------
 Wed May 21 12:19:53 UTC 2014 - vpereira@novell.com
 - Added new SUSE default cipher suite
  openssl-1.0.1e-add-suse-default-cipher.patch
  openssl-1.0.1e-add-suse-default-cipher-header.patch
  openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
 -------------------------------------------------------------------
 Fri May  9 04:42:46 UTC 2014 - crrodriguez@opensuse.org
--- a/openssl.spec
+++ b/openssl.spec
@ -29,7 +29,7 @@ Provides:       ssl
 %ifarch ppc64
 Obsoletes:      openssl-64bit
 %endif
-Version:        1.0.1g
+Version:        1.0.1h
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        OpenSSL
@ -65,21 +65,14 @@ Patch16:        openssl-1.0.1e-fips-ec.patch
 Patch17:        openssl-1.0.1e-fips-ctor.patch
 Patch18:        openssl-1.0.1e-new-fips-reqs.patch
 Patch19:        openssl-gcc-attributes.patch
 Patch20:        openssl-buffreelistbug-aka-CVE-2010-5298.patch
 Patch21:        openssl-libssl-noweakciphers.patch
 Patch22:        CVE-2014-0198.patch
 Patch23:        0009-Fix-double-frees.patch
 Patch24:        0012-Fix-eckey_priv_encode.patch
 Patch25:        0017-Double-free-in-i2o_ECPublicKey.patch
 Patch26:        0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
 Patch27:        0018-fix-coverity-issues-966593-966596.patch
 Patch28:        0020-Initialize-num-properly.patch
 Patch29:        0022-bignum-allow-concurrent-BN_MONT_CTX_set_locked.patch
 Patch30:        0023-evp-prevent-underflow-in-base64-decoding.patch
 Patch31:        0024-Fixed-NULL-pointer-dereference-in-PKCS7_dataDecode-r.patch
 Patch32:        0025-fix-coverity-issue-966597-error-line-is-not-always-i.patch
 Patch33:        openssl-no-egd.patch
 Patch34:        openssl-fips-hidden.patch
 Patch35:        openssl-1.0.1e-add-suse-default-cipher.patch 
 Patch36:        openssl-1.0.1e-add-suse-default-cipher-header.patch
 Patch37:        openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %description
@ -186,21 +179,13 @@ this package's base documentation.
 %patch17 -p1
 %patch18 -p1
 %patch19 -p1
 %patch20 -p1
 %patch21 -p1
 %patch22 -p1
 %patch23 -p1
 %patch24 -p1
 %patch25 -p1
 %patch26 -p1
 %patch27 -p1
 %patch28 -p1
 %patch29 -p1
 %patch30 -p1
 %patch31 -p1
 %patch32 -p1
 %patch33 -p1
 %patch34 -p1
 %patch35 -p1
 %patch36 -p1
 %patch37 -p1
 cp -p %{S:10} .
 cp -p %{S:11} .
 echo "adding/overwriting some entries in the 'table' hash in Configure"