Accepting request 315685 from Base:System

- update to 1.0.2d
  * fixes CVE-2015-1793 (bsc#936746)
  Alternate chains certificate forgery
     During certificate verfification, OpenSSL will attempt to find an
     alternative certificate chain if the first attempt to build such a chain
     fails. An error in the implementation of this logic can mean that an
     attacker could cause certain checks on untrusted certificates to be
     bypassed, such as the CA flag, enabling them to use a valid leaf
     certificate to act as a CA and "issue" an invalid certificate.
- drop openssl-fix_invalid_manpage_name.patch (upstream) (forwarded request 315682 from vitezslav_cizek)

OBS-URL: https://build.opensuse.org/request/show/315685
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=128

0001-Axe-builtin-printf-implementation-use-glibc-instead.patch

@@ -4,10 +4,10 @@ Date: Sun, 4 May 2014 23:36:54 -0400
 Subject: [PATCH] Axe builtin printf implementation, use glibc instead
 
 
-Index: openssl-1.0.2a/crypto/bio/b_print.c
+Index: openssl-1.0.2b/crypto/bio/b_print.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/bio/b_print.c	2015-05-24 13:30:38.744606756 +0200
-+++ openssl-1.0.2a/crypto/bio/b_print.c	2015-05-24 13:41:38.708200825 +0200
+--- openssl-1.0.2b.orig/crypto/bio/b_print.c	2015-06-11 15:01:06.000000000 +0200
++++ openssl-1.0.2b/crypto/bio/b_print.c	2015-06-11 17:50:00.893823977 +0200
 @@ -56,17 +56,10 @@
   * [including the GNU Public Licence.]
   */
@@ -28,7 +28,7 @@ Index: openssl-1.0.2a/crypto/bio/b_print.c
  #include <stdio.h>
  #include <string.h>
  #include <ctype.h>
-@@ -79,671 +72,6 @@
+@@ -79,668 +72,6 @@
  #include <openssl/bn.h>         /* To get BN_LLONG properly defined */
  #include <openssl/bio.h>
  
@@ -657,32 +657,29 @@ Index: openssl-1.0.2a/crypto/bio/b_print.c
 -    /* If we haven't at least one buffer, someone has doe a big booboo */
 -    assert(*sbuffer != NULL || buffer != NULL);
 -
--    if (buffer) {
--        while (*currlen >= *maxlen) {
--            if (*buffer == NULL) {
--                if (*maxlen == 0)
--                    *maxlen = 1024;
--                *buffer = OPENSSL_malloc(*maxlen);
--                if(!*buffer) {
--                    /* Panic! Can't really do anything sensible. Just return */
--                    return;
--                }
--                if (*currlen > 0) {
--                    assert(*sbuffer != NULL);
--                    memcpy(*buffer, *sbuffer, *currlen);
--                }
--                *sbuffer = NULL;
--            } else {
--                *maxlen += 1024;
--                *buffer = OPENSSL_realloc(*buffer, *maxlen);
--                if(!*buffer) {
--                    /* Panic! Can't really do anything sensible. Just return */
--                    return;
--                }
+-    /* |currlen| must always be <= |*maxlen| */
+-    assert(*currlen <= *maxlen);
+-
+-    if (buffer && *currlen == *maxlen) {
+-        *maxlen += 1024;
+-        if (*buffer == NULL) {
+-            *buffer = OPENSSL_malloc(*maxlen);
+-            if (!*buffer) {
+-                /* Panic! Can't really do anything sensible. Just return */
+-                return;
+-            }
+-            if (*currlen > 0) {
+-                assert(*sbuffer != NULL);
+-                memcpy(*buffer, *sbuffer, *currlen);
+-            }
+-            *sbuffer = NULL;
+-        } else {
+-            *buffer = OPENSSL_realloc(*buffer, *maxlen);
+-            if (!*buffer) {
+-                /* Panic! Can't really do anything sensible. Just return */
+-                return;
 -            }
 -        }
--        /* What to do if *buffer is NULL? */
--        assert(*sbuffer != NULL || *buffer != NULL);
 -    }
 -
 -    if (*currlen < *maxlen) {
@@ -700,7 +697,7 @@ Index: openssl-1.0.2a/crypto/bio/b_print.c
  int BIO_printf(BIO *bio, const char *format, ...)
  {
      va_list args;
-@@ -757,28 +85,36 @@ int BIO_printf(BIO *bio, const char *for
+@@ -754,28 +85,36 @@ int BIO_printf(BIO *bio, const char *for
      return (ret);
  }
  
@@ -756,7 +753,7 @@ Index: openssl-1.0.2a/crypto/bio/b_print.c
      return (ret);
  }
  
-@@ -794,28 +130,22 @@ int BIO_snprintf(char *buf, size_t n, co
+@@ -791,28 +130,22 @@ int BIO_snprintf(char *buf, size_t n, co
      int ret;
  
      va_start(args, format);

0001-libcrypto-Hide-library-private-symbols.patch

@@ -37,10 +37,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
  crypto/x509v3/pcy_int.h          |  3 +++
  31 files changed, 85 insertions(+), 17 deletions(-)
 
-Index: openssl-1.0.2a/apps/Makefile
+Index: openssl-1.0.2b/apps/Makefile
 ===================================================================
---- openssl-1.0.2a.orig/apps/Makefile	2015-05-29 13:57:01.496491593 +0200
-+++ openssl-1.0.2a/apps/Makefile	2015-05-29 13:58:53.830777136 +0200
+--- openssl-1.0.2b.orig/apps/Makefile	2015-06-11 15:55:38.000000000 +0200
++++ openssl-1.0.2b/apps/Makefile	2015-06-11 17:50:03.669860202 +0200
 @@ -20,7 +20,7 @@ EXE_EXT=
  
  SHLIB_TARGET=
@@ -50,10 +50,10 @@ Index: openssl-1.0.2a/apps/Makefile
  
  GENERAL=Makefile makeapps.com install.com
  
-Index: openssl-1.0.2a/crypto/asn1/asn1_locl.h
+Index: openssl-1.0.2b/crypto/asn1/asn1_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/asn1/asn1_locl.h	2015-05-29 13:57:01.496491593 +0200
-+++ openssl-1.0.2a/crypto/asn1/asn1_locl.h	2015-05-29 13:59:35.960258988 +0200
+--- openssl-1.0.2b.orig/crypto/asn1/asn1_locl.h	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/asn1/asn1_locl.h	2015-06-11 17:50:03.670860215 +0200
 @@ -62,6 +62,8 @@
  int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
  int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
@@ -69,10 +69,10 @@ Index: openssl-1.0.2a/crypto/asn1/asn1_locl.h
  };
 +
 +#pragma GCC visibility pop
-Index: openssl-1.0.2a/crypto/bn/bn_lcl.h
+Index: openssl-1.0.2b/crypto/bn/bn_lcl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/bn/bn_lcl.h	2015-05-29 13:57:01.497491605 +0200
-+++ openssl-1.0.2a/crypto/bn/bn_lcl.h	2015-05-29 14:00:30.503883360 +0200
+--- openssl-1.0.2b.orig/crypto/bn/bn_lcl.h	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/bn/bn_lcl.h	2015-06-11 17:50:03.670860215 +0200
 @@ -505,6 +505,8 @@ unsigned __int64 _umul128(unsigned __int
  #  undef bn_div_words
  # endif
@@ -91,10 +91,10 @@ Index: openssl-1.0.2a/crypto/bn/bn_lcl.h
  #ifdef  __cplusplus
  }
  #endif
-Index: openssl-1.0.2a/crypto/cast/cast_lcl.h
+Index: openssl-1.0.2b/crypto/cast/cast_lcl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/cast/cast_lcl.h	2015-05-29 13:57:01.497491605 +0200
-+++ openssl-1.0.2a/crypto/cast/cast_lcl.h	2015-05-29 13:58:53.831777147 +0200
+--- openssl-1.0.2b.orig/crypto/cast/cast_lcl.h	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/cast/cast_lcl.h	2015-06-11 17:50:03.670860215 +0200
 @@ -217,6 +217,7 @@
          }
  #endif
@@ -108,10 +108,10 @@ Index: openssl-1.0.2a/crypto/cast/cast_lcl.h
  extern const CAST_LONG CAST_S_table6[256];
  extern const CAST_LONG CAST_S_table7[256];
 +#pragma GCC visibility pop
-Index: openssl-1.0.2a/crypto/cms/cms_lcl.h
+Index: openssl-1.0.2b/crypto/cms/cms_lcl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/cms/cms_lcl.h	2015-05-29 13:57:01.498491617 +0200
-+++ openssl-1.0.2a/crypto/cms/cms_lcl.h	2015-05-29 14:02:50.582486082 +0200
+--- openssl-1.0.2b.orig/crypto/cms/cms_lcl.h	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/cms/cms_lcl.h	2015-06-11 17:50:03.670860215 +0200
 @@ -410,6 +410,8 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerA
  # define CMS_OIK_KEYIDENTIFIER           1
  # define CMS_OIK_PUBKEY                  2
@@ -130,10 +130,10 @@ Index: openssl-1.0.2a/crypto/cms/cms_lcl.h
  #ifdef  __cplusplus
  }
  #endif
-Index: openssl-1.0.2a/crypto/des/des_locl.h
+Index: openssl-1.0.2b/crypto/des/des_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/des/des_locl.h	2015-05-29 13:58:53.832777158 +0200
-+++ openssl-1.0.2a/crypto/des/des_locl.h	2015-05-29 14:03:58.545263671 +0200
+--- openssl-1.0.2b.orig/crypto/des/des_locl.h	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/des/des_locl.h	2015-06-11 17:50:03.670860215 +0200
 @@ -432,10 +432,12 @@
          PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
          }
@@ -147,10 +147,10 @@ Index: openssl-1.0.2a/crypto/des/des_locl.h
  
  # ifdef OPENSSL_SMALL_FOOTPRINT
  #  undef DES_UNROLL
-Index: openssl-1.0.2a/crypto/dsa/dsa_locl.h
+Index: openssl-1.0.2b/crypto/dsa/dsa_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/dsa/dsa_locl.h	2015-05-29 13:58:53.832777158 +0200
-+++ openssl-1.0.2a/crypto/dsa/dsa_locl.h	2015-05-29 14:05:14.177128917 +0200
+--- openssl-1.0.2b.orig/crypto/dsa/dsa_locl.h	2015-06-11 17:41:59.488534507 +0200
++++ openssl-1.0.2b/crypto/dsa/dsa_locl.h	2015-06-11 17:50:03.670860215 +0200
 @@ -58,7 +58,7 @@ int dsa_builtin_paramgen(DSA *ret, size_
                           const EVP_MD *evpmd, const unsigned char *seed_in,
                           size_t seed_len,
@@ -160,10 +160,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_locl.h
  
  int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
                            const EVP_MD *evpmd, const unsigned char *seed_in,
-Index: openssl-1.0.2a/crypto/ec/ec_lcl.h
+Index: openssl-1.0.2b/crypto/ec/ec_lcl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/ec/ec_lcl.h	2015-05-29 13:57:01.499491629 +0200
-+++ openssl-1.0.2a/crypto/ec/ec_lcl.h	2015-05-29 13:58:53.833777170 +0200
+--- openssl-1.0.2b.orig/crypto/ec/ec_lcl.h	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/ec/ec_lcl.h	2015-06-11 17:50:03.671860227 +0200
 @@ -89,6 +89,8 @@
   * change in future versions.
   */
@@ -173,16 +173,16 @@ Index: openssl-1.0.2a/crypto/ec/ec_lcl.h
  struct ec_method_st {
      /* Various method flags */
      int flags;
-@@ -574,3 +576,5 @@ EC_GROUP *FIPS_ec_group_new_curve_gf2m(c
+@@ -566,3 +568,5 @@ EC_GROUP *FIPS_ec_group_new_curve_gf2m(c
                                         const BIGNUM *b, BN_CTX *ctx);
  EC_GROUP *FIPS_ec_group_new_by_curve_name(int nid);
  #endif
 +
 +#pragma GCC visibility pop
-Index: openssl-1.0.2a/crypto/ecdh/ech_locl.h
+Index: openssl-1.0.2b/crypto/ecdh/ech_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/ecdh/ech_locl.h	2015-05-29 13:57:01.499491629 +0200
-+++ openssl-1.0.2a/crypto/ecdh/ech_locl.h	2015-05-29 14:06:06.800730916 +0200
+--- openssl-1.0.2b.orig/crypto/ecdh/ech_locl.h	2015-06-11 15:01:06.000000000 +0200
++++ openssl-1.0.2b/crypto/ecdh/ech_locl.h	2015-06-11 17:50:03.671860227 +0200
 @@ -58,6 +58,8 @@
  
  # include <openssl/ecdh.h>
@@ -198,10 +198,10 @@ Index: openssl-1.0.2a/crypto/ecdh/ech_locl.h
  
 +#pragma GCC visibility pop
  #endif                          /* HEADER_ECH_LOCL_H */
-Index: openssl-1.0.2a/crypto/ecdsa/ecs_locl.h
+Index: openssl-1.0.2b/crypto/ecdsa/ecs_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/ecdsa/ecs_locl.h	2015-05-29 13:57:01.499491629 +0200
-+++ openssl-1.0.2a/crypto/ecdsa/ecs_locl.h	2015-05-29 14:06:33.641037950 +0200
+--- openssl-1.0.2b.orig/crypto/ecdsa/ecs_locl.h	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/ecdsa/ecs_locl.h	2015-06-11 17:50:03.671860227 +0200
 @@ -61,6 +61,8 @@
  
  # include <openssl/ecdsa.h>
@@ -217,10 +217,10 @@ Index: openssl-1.0.2a/crypto/ecdsa/ecs_locl.h
  
 +#pragma GCC visibility pop
  #endif                          /* HEADER_ECS_LOCL_H */
-Index: openssl-1.0.2a/crypto/engine/eng_int.h
+Index: openssl-1.0.2b/crypto/engine/eng_int.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/engine/eng_int.h	2015-05-29 13:57:01.499491629 +0200
-+++ openssl-1.0.2a/crypto/engine/eng_int.h	2015-05-29 14:07:02.552368670 +0200
+--- openssl-1.0.2b.orig/crypto/engine/eng_int.h	2015-06-11 15:01:06.000000000 +0200
++++ openssl-1.0.2b/crypto/engine/eng_int.h	2015-06-11 17:50:03.671860227 +0200
 @@ -69,6 +69,8 @@
  /* Take public definitions from engine.h */
  # include <openssl/engine.h>
@@ -236,11 +236,11 @@ Index: openssl-1.0.2a/crypto/engine/eng_int.h
  
 +#pragma GCC visibility pop
  #endif                          /* HEADER_ENGINE_INT_H */
-Index: openssl-1.0.2a/crypto/evp/e_aes.c
+Index: openssl-1.0.2b/crypto/evp/e_aes.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/evp/e_aes.c	2015-05-29 13:57:01.501491652 +0200
-+++ openssl-1.0.2a/crypto/evp/e_aes.c	2015-05-29 14:08:41.561501841 +0200
-@@ -115,6 +115,8 @@ typedef struct {
+--- openssl-1.0.2b.orig/crypto/evp/e_aes.c	2015-06-11 17:41:59.490534533 +0200
++++ openssl-1.0.2b/crypto/evp/e_aes.c	2015-06-11 17:50:03.671860227 +0200
+@@ -116,6 +116,8 @@ typedef struct {
  
  # define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
  
@@ -249,7 +249,7 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c
  # ifdef VPAES_ASM
  int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
                            AES_KEY *key);
-@@ -145,6 +147,7 @@ void bsaes_xts_decrypt(const unsigned ch
+@@ -146,6 +148,7 @@ void bsaes_xts_decrypt(const unsigned ch
                         size_t len, const AES_KEY *key1,
                         const AES_KEY *key2, const unsigned char iv[16]);
  # endif
@@ -257,7 +257,7 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c
  # ifdef AES_CTR_ASM
  void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
                         size_t blocks, const AES_KEY *key,
-@@ -193,6 +196,8 @@ extern unsigned int OPENSSL_ia32cap_P[];
+@@ -194,6 +197,8 @@ extern unsigned int OPENSSL_ia32cap_P[];
   */
  #  define AESNI_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
  
@@ -266,7 +266,7 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c
  int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
                            AES_KEY *key);
  int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
-@@ -262,6 +267,8 @@ void gcm_ghash_avx(u64 Xi[2], const u128
+@@ -263,6 +268,8 @@ void gcm_ghash_avx(u64 Xi[2], const u128
  #   undef AES_GCM_ASM2          /* minor size optimization */
  #  endif
  
@@ -275,12 +275,12 @@ Index: openssl-1.0.2a/crypto/evp/e_aes.c
  static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
                            const unsigned char *iv, int enc)
  {
-Index: openssl-1.0.2a/crypto/evp/e_aes_cbc_hmac_sha1.c
+Index: openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/evp/e_aes_cbc_hmac_sha1.c	2015-05-29 13:57:01.501491652 +0200
-+++ openssl-1.0.2a/crypto/evp/e_aes_cbc_hmac_sha1.c	2015-05-29 14:09:13.009860938 +0200
+--- openssl-1.0.2b.orig/crypto/evp/e_aes_cbc_hmac_sha1.c	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/evp/e_aes_cbc_hmac_sha1.c	2015-06-11 17:50:03.672860241 +0200
 @@ -97,6 +97,8 @@ typedef struct {
- extern unsigned int OPENSSL_ia32cap_P[3];
+ extern unsigned int OPENSSL_ia32cap_P[];
  #  define AESNI_CAPABLE   (1<<(57-32))
  
 +#pragma GCC visibility push(hidden)
@@ -297,10 +297,10 @@ Index: openssl-1.0.2a/crypto/evp/e_aes_cbc_hmac_sha1.c
  #  define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
  
  static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
-Index: openssl-1.0.2a/crypto/evp/evp_locl.h
+Index: openssl-1.0.2b/crypto/evp/evp_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/evp/evp_locl.h	2015-05-29 13:57:01.502491662 +0200
-+++ openssl-1.0.2a/crypto/evp/evp_locl.h	2015-05-29 14:09:56.939363434 +0200
+--- openssl-1.0.2b.orig/crypto/evp/evp_locl.h	2015-06-11 17:41:59.492534560 +0200
++++ openssl-1.0.2b/crypto/evp/evp_locl.h	2015-06-11 17:50:03.672860241 +0200
 @@ -261,6 +261,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
                               EVP_CIPH_FLAG_DEFAULT_ASN1, \
                               cipher##_init_key, NULL, NULL, NULL, NULL)
@@ -319,10 +319,10 @@ Index: openssl-1.0.2a/crypto/evp/evp_locl.h
  #ifdef OPENSSL_FIPS
  
  # ifdef OPENSSL_DOING_MAKEDEPEND
-Index: openssl-1.0.2a/crypto/md4/md4_locl.h
+Index: openssl-1.0.2b/crypto/md4/md4_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/md4/md4_locl.h	2015-05-29 13:58:53.836777204 +0200
-+++ openssl-1.0.2a/crypto/md4/md4_locl.h	2015-05-29 14:10:54.331025396 +0200
+--- openssl-1.0.2b.orig/crypto/md4/md4_locl.h	2015-06-11 15:01:06.000000000 +0200
++++ openssl-1.0.2b/crypto/md4/md4_locl.h	2015-06-11 17:50:03.672860241 +0200
 @@ -65,7 +65,7 @@
  # define MD4_LONG_LOG2 2        /* default to 32 bits */
  #endif
@@ -332,10 +332,10 @@ Index: openssl-1.0.2a/crypto/md4/md4_locl.h
  
  #define DATA_ORDER_IS_LITTLE_ENDIAN
  
-Index: openssl-1.0.2a/crypto/md5/md5_locl.h
+Index: openssl-1.0.2b/crypto/md5/md5_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/md5/md5_locl.h	2015-05-29 13:58:53.836777204 +0200
-+++ openssl-1.0.2a/crypto/md5/md5_locl.h	2015-05-29 14:11:40.218580180 +0200
+--- openssl-1.0.2b.orig/crypto/md5/md5_locl.h	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/md5/md5_locl.h	2015-06-11 17:50:03.672860241 +0200
 @@ -76,7 +76,7 @@
  # endif
  #endif
@@ -345,10 +345,10 @@ Index: openssl-1.0.2a/crypto/md5/md5_locl.h
  
  #define DATA_ORDER_IS_LITTLE_ENDIAN
  
-Index: openssl-1.0.2a/crypto/modes/modes_lcl.h
+Index: openssl-1.0.2b/crypto/modes/modes_lcl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/modes/modes_lcl.h	2015-05-29 13:58:53.836777204 +0200
-+++ openssl-1.0.2a/crypto/modes/modes_lcl.h	2015-05-29 14:12:47.352391628 +0200
+--- openssl-1.0.2b.orig/crypto/modes/modes_lcl.h	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/modes/modes_lcl.h	2015-06-11 17:50:03.672860241 +0200
 @@ -89,6 +89,9 @@ _asm mov eax, val _asm bswap eax}
  # define GETU32(p)       ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
  # define PUTU32(p,v)     ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
@@ -365,10 +365,10 @@ Index: openssl-1.0.2a/crypto/modes/modes_lcl.h
  };
 +
 +#pragma GCC visibility pop
-Index: openssl-1.0.2a/crypto/o_str.h
+Index: openssl-1.0.2b/crypto/o_str.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/o_str.h	2015-05-29 13:58:53.836777204 +0200
-+++ openssl-1.0.2a/crypto/o_str.h	2015-05-29 14:13:21.018798729 +0200
+--- openssl-1.0.2b.orig/crypto/o_str.h	2015-06-11 15:01:06.000000000 +0200
++++ openssl-1.0.2b/crypto/o_str.h	2015-06-11 17:50:03.672860241 +0200
 @@ -61,9 +61,11 @@
  # define HEADER_O_STR_H
  
@@ -381,10 +381,10 @@ Index: openssl-1.0.2a/crypto/o_str.h
 +#pragma GCC visibility pop
  
  #endif
-Index: openssl-1.0.2a/crypto/o_time.h
+Index: openssl-1.0.2b/crypto/o_time.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/o_time.h	2015-05-29 13:58:53.836777204 +0200
-+++ openssl-1.0.2a/crypto/o_time.h	2015-05-29 14:14:00.740278452 +0200
+--- openssl-1.0.2b.orig/crypto/o_time.h	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/o_time.h	2015-06-11 17:50:03.672860241 +0200
 @@ -61,10 +61,12 @@
  # define HEADER_O_TIME_H
  
@@ -398,10 +398,10 @@ Index: openssl-1.0.2a/crypto/o_time.h
  
 +#pragma GCC visibility pop
  #endif
-Index: openssl-1.0.2a/crypto/ripemd/rmd_locl.h
+Index: openssl-1.0.2b/crypto/ripemd/rmd_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/ripemd/rmd_locl.h	2015-05-29 13:58:53.837777216 +0200
-+++ openssl-1.0.2a/crypto/ripemd/rmd_locl.h	2015-05-29 14:14:42.587783890 +0200
+--- openssl-1.0.2b.orig/crypto/ripemd/rmd_locl.h	2015-06-11 15:01:06.000000000 +0200
++++ openssl-1.0.2b/crypto/ripemd/rmd_locl.h	2015-06-11 17:50:03.673860254 +0200
 @@ -76,7 +76,7 @@
  # endif
  #endif
@@ -411,20 +411,20 @@ Index: openssl-1.0.2a/crypto/ripemd/rmd_locl.h
  
  #define DATA_ORDER_IS_LITTLE_ENDIAN
  
-Index: openssl-1.0.2a/crypto/rsa/rsa_locl.h
+Index: openssl-1.0.2b/crypto/rsa/rsa_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/rsa/rsa_locl.h	2015-05-29 13:58:53.837777216 +0200
-+++ openssl-1.0.2a/crypto/rsa/rsa_locl.h	2015-05-29 14:15:18.372216267 +0200
+--- openssl-1.0.2b.orig/crypto/rsa/rsa_locl.h	2015-06-11 15:00:12.000000000 +0200
++++ openssl-1.0.2b/crypto/rsa/rsa_locl.h	2015-06-11 17:50:03.673860254 +0200
 @@ -1,4 +1,4 @@
  extern int int_rsa_verify(int dtype, const unsigned char *m,
                            unsigned int m_len, unsigned char *rm,
                            size_t *prm_len, const unsigned char *sigbuf,
 -                          size_t siglen, RSA *rsa);
 +                          size_t siglen, RSA *rsa) __attribute__ ((visibility ("hidden")));
-Index: openssl-1.0.2a/crypto/sha/sha256.c
+Index: openssl-1.0.2b/crypto/sha/sha256.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/sha/sha256.c	2015-05-29 13:58:53.837777216 +0200
-+++ openssl-1.0.2a/crypto/sha/sha256.c	2015-05-29 14:16:36.509166160 +0200
+--- openssl-1.0.2b.orig/crypto/sha/sha256.c	2015-06-11 17:41:59.509534778 +0200
++++ openssl-1.0.2b/crypto/sha/sha256.c	2015-06-11 17:50:03.673860254 +0200
 @@ -135,7 +135,7 @@ int SHA224_Final(unsigned char *md, SHA2
  # ifndef SHA256_ASM
  static
@@ -434,10 +434,10 @@ Index: openssl-1.0.2a/crypto/sha/sha256.c
  
  # include "md32_common.h"
  
-Index: openssl-1.0.2a/crypto/sha/sha512.c
+Index: openssl-1.0.2b/crypto/sha/sha512.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/sha/sha512.c	2015-05-29 13:58:53.837777216 +0200
-+++ openssl-1.0.2a/crypto/sha/sha512.c	2015-05-29 14:17:13.260611799 +0200
+--- openssl-1.0.2b.orig/crypto/sha/sha512.c	2015-06-11 17:41:59.509534778 +0200
++++ openssl-1.0.2b/crypto/sha/sha512.c	2015-06-11 17:50:03.673860254 +0200
 @@ -109,7 +109,7 @@ fips_md_init(SHA512)
  # ifndef SHA512_ASM
  static
@@ -447,10 +447,10 @@ Index: openssl-1.0.2a/crypto/sha/sha512.c
  
  int SHA512_Final(unsigned char *md, SHA512_CTX *c)
  {
-Index: openssl-1.0.2a/crypto/sha/sha_locl.h
+Index: openssl-1.0.2b/crypto/sha/sha_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/sha/sha_locl.h	2015-05-29 13:58:53.838777227 +0200
-+++ openssl-1.0.2a/crypto/sha/sha_locl.h	2015-05-29 14:17:59.773173925 +0200
+--- openssl-1.0.2b.orig/crypto/sha/sha_locl.h	2015-06-11 17:41:59.509534778 +0200
++++ openssl-1.0.2b/crypto/sha/sha_locl.h	2015-06-11 17:50:03.673860254 +0200
 @@ -108,7 +108,7 @@ static void sha_block_data_order(SHA_CTX
  # ifndef SHA1_ASM
  static
@@ -460,10 +460,10 @@ Index: openssl-1.0.2a/crypto/sha/sha_locl.h
  
  #else
  # error "Either SHA_0 or SHA_1 must be defined."
-Index: openssl-1.0.2a/crypto/store/str_locl.h
+Index: openssl-1.0.2b/crypto/store/str_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/store/str_locl.h	2015-05-29 13:57:01.505491696 +0200
-+++ openssl-1.0.2a/crypto/store/str_locl.h	2015-05-29 13:58:53.838777227 +0200
+--- openssl-1.0.2b.orig/crypto/store/str_locl.h	2015-03-19 15:02:02.000000000 +0100
++++ openssl-1.0.2b/crypto/store/str_locl.h	2015-06-11 17:50:03.673860254 +0200
 @@ -63,6 +63,8 @@
  # include <openssl/crypto.h>
  # include <openssl/store.h>
@@ -480,10 +480,10 @@ Index: openssl-1.0.2a/crypto/store/str_locl.h
 -
 +#pragma GCC visibility pop
  #endif
-Index: openssl-1.0.2a/crypto/ui/ui_locl.h
+Index: openssl-1.0.2b/crypto/ui/ui_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/ui/ui_locl.h	2015-05-29 13:58:53.838777227 +0200
-+++ openssl-1.0.2a/crypto/ui/ui_locl.h	2015-05-29 14:18:44.460717716 +0200
+--- openssl-1.0.2b.orig/crypto/ui/ui_locl.h	2015-03-19 15:02:02.000000000 +0100
++++ openssl-1.0.2b/crypto/ui/ui_locl.h	2015-06-11 17:50:03.673860254 +0200
 @@ -67,6 +67,8 @@
  #  undef _
  # endif
@@ -499,19 +499,19 @@ Index: openssl-1.0.2a/crypto/ui/ui_locl.h
  
 +#pragma GCC visibility pop
  #endif
-Index: openssl-1.0.2a/crypto/whrlpool/wp_locl.h
+Index: openssl-1.0.2b/crypto/whrlpool/wp_locl.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/whrlpool/wp_locl.h	2015-05-29 13:58:53.838777227 +0200
-+++ openssl-1.0.2a/crypto/whrlpool/wp_locl.h	2015-05-29 14:19:16.174102106 +0200
+--- openssl-1.0.2b.orig/crypto/whrlpool/wp_locl.h	2015-06-11 15:00:12.000000000 +0200
++++ openssl-1.0.2b/crypto/whrlpool/wp_locl.h	2015-06-11 17:50:03.673860254 +0200
 @@ -1,3 +1,3 @@
  #include <openssl/whrlpool.h>
  
 -void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t);
 +void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t) __attribute__ ((visibility ("hidden")));
-Index: openssl-1.0.2a/crypto/x509v3/ext_dat.h
+Index: openssl-1.0.2b/crypto/x509v3/ext_dat.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/x509v3/ext_dat.h	2015-05-29 13:57:01.505491696 +0200
-+++ openssl-1.0.2a/crypto/x509v3/ext_dat.h	2015-05-29 13:58:53.839777239 +0200
+--- openssl-1.0.2b.orig/crypto/x509v3/ext_dat.h	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/x509v3/ext_dat.h	2015-06-11 17:50:03.674860267 +0200
 @@ -58,6 +58,8 @@
   */
  /* This file contains a table of "standard" extensions */
@@ -529,10 +529,10 @@ Index: openssl-1.0.2a/crypto/x509v3/ext_dat.h
  /* Number of standard extensions */
  
  #define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
-Index: openssl-1.0.2a/crypto/x509v3/pcy_int.h
+Index: openssl-1.0.2b/crypto/x509v3/pcy_int.h
 ===================================================================
---- openssl-1.0.2a.orig/crypto/x509v3/pcy_int.h	2015-05-29 13:57:01.506491709 +0200
-+++ openssl-1.0.2a/crypto/x509v3/pcy_int.h	2015-05-29 14:19:55.941583947 +0200
+--- openssl-1.0.2b.orig/crypto/x509v3/pcy_int.h	2015-06-11 15:00:12.000000000 +0200
++++ openssl-1.0.2b/crypto/x509v3/pcy_int.h	2015-06-11 17:50:03.674860267 +0200
 @@ -57,6 +57,8 @@
   *
   */
@@ -548,10 +548,10 @@ Index: openssl-1.0.2a/crypto/x509v3/pcy_int.h
  const X509_POLICY_CACHE *policy_cache_set(X509 *x);
 +
 +#pragma GCC visibility pop
-Index: openssl-1.0.2a/crypto/modes/gcm128.c
+Index: openssl-1.0.2b/crypto/modes/gcm128.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/modes/gcm128.c	2015-05-29 13:58:53.840777250 +0200
-+++ openssl-1.0.2a/crypto/modes/gcm128.c	2015-05-29 14:21:51.614984305 +0200
+--- openssl-1.0.2b.orig/crypto/modes/gcm128.c	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/modes/gcm128.c	2015-06-11 17:50:03.674860267 +0200
 @@ -602,9 +602,9 @@ static void gcm_ghash_4bit(u64 Xi[2], co
  }
  #  endif
@@ -566,7 +566,7 @@ Index: openssl-1.0.2a/crypto/modes/gcm128.c
  # define GCM_MUL(ctx,Xi)   gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
 @@ -696,10 +696,10 @@ static void gcm_gmult_1bit(u64 Xi[2], co
  #  define GCM_FUNCREF_4BIT
- extern unsigned int OPENSSL_ia32cap_P[2];
+ extern unsigned int OPENSSL_ia32cap_P[];
  
 -void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]);
 -void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]);
@@ -578,11 +578,11 @@ Index: openssl-1.0.2a/crypto/modes/gcm128.c
  
  #  if defined(__i386) || defined(__i386__) || defined(_M_IX86)
  #   define gcm_init_avx   gcm_init_clmul
-Index: openssl-1.0.2a/crypto/evp/e_rc4_hmac_md5.c
+Index: openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/evp/e_rc4_hmac_md5.c	2015-05-29 13:58:53.840777250 +0200
-+++ openssl-1.0.2a/crypto/evp/e_rc4_hmac_md5.c	2015-05-29 14:22:20.495333738 +0200
-@@ -77,7 +77,7 @@ typedef struct {
+--- openssl-1.0.2b.orig/crypto/evp/e_rc4_hmac_md5.c	2015-06-11 15:01:06.000000000 +0200
++++ openssl-1.0.2b/crypto/evp/e_rc4_hmac_md5.c	2015-06-11 17:50:03.674860267 +0200
+@@ -78,7 +78,7 @@ typedef struct {
  # define NO_PAYLOAD_LENGTH       ((size_t)-1)
  
  void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out,
@@ -591,10 +591,10 @@ Index: openssl-1.0.2a/crypto/evp/e_rc4_hmac_md5.c
  
  # define data(ctx) ((EVP_RC4_HMAC_MD5 *)(ctx)->cipher_data)
  
-Index: openssl-1.0.2a/crypto/cmac/cm_ameth.c
+Index: openssl-1.0.2b/crypto/cmac/cm_ameth.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/cmac/cm_ameth.c	2015-05-29 13:58:53.840777250 +0200
-+++ openssl-1.0.2a/crypto/cmac/cm_ameth.c	2015-05-29 14:23:02.278839089 +0200
+--- openssl-1.0.2b.orig/crypto/cmac/cm_ameth.c	2015-06-11 15:01:06.000000000 +0200
++++ openssl-1.0.2b/crypto/cmac/cm_ameth.c	2015-06-11 17:50:03.674860267 +0200
 @@ -73,7 +73,7 @@ static void cmac_key_free(EVP_PKEY *pkey
      if (cmctx)
          CMAC_CTX_free(cmctx);
@@ -604,10 +604,10 @@ Index: openssl-1.0.2a/crypto/cmac/cm_ameth.c
  const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = {
      EVP_PKEY_CMAC,
      EVP_PKEY_CMAC,
-Index: openssl-1.0.2a/crypto/evp/pmeth_lib.c
+Index: openssl-1.0.2b/crypto/evp/pmeth_lib.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/evp/pmeth_lib.c	2015-05-29 13:57:01.507491720 +0200
-+++ openssl-1.0.2a/crypto/evp/pmeth_lib.c	2015-05-29 13:58:53.841777261 +0200
+--- openssl-1.0.2b.orig/crypto/evp/pmeth_lib.c	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/evp/pmeth_lib.c	2015-06-11 17:50:03.675860280 +0200
 @@ -71,7 +71,7 @@
  typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
  
@@ -617,10 +617,10 @@ Index: openssl-1.0.2a/crypto/evp/pmeth_lib.c
  
  extern const EVP_PKEY_METHOD rsa_pkey_meth, dh_pkey_meth, dsa_pkey_meth;
  extern const EVP_PKEY_METHOD ec_pkey_meth, hmac_pkey_meth, cmac_pkey_meth;
-Index: openssl-1.0.2a/crypto/cmac/cm_pmeth.c
+Index: openssl-1.0.2b/crypto/cmac/cm_pmeth.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/cmac/cm_pmeth.c	2015-05-29 13:58:53.841777261 +0200
-+++ openssl-1.0.2a/crypto/cmac/cm_pmeth.c	2015-05-29 14:23:33.695219495 +0200
+--- openssl-1.0.2b.orig/crypto/cmac/cm_pmeth.c	2015-06-11 15:01:06.000000000 +0200
++++ openssl-1.0.2b/crypto/cmac/cm_pmeth.c	2015-06-11 17:50:03.675860280 +0200
 @@ -182,6 +182,7 @@ static int pkey_cmac_ctrl_str(EVP_PKEY_C
      return -2;
  }
@@ -629,10 +629,10 @@ Index: openssl-1.0.2a/crypto/cmac/cm_pmeth.c
  const EVP_PKEY_METHOD cmac_pkey_meth = {
      EVP_PKEY_CMAC,
      EVP_PKEY_FLAG_SIGCTX_CUSTOM,
-Index: openssl-1.0.2a/crypto/rand/md_rand.c
+Index: openssl-1.0.2b/crypto/rand/md_rand.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/rand/md_rand.c	2015-05-29 13:58:53.841777261 +0200
-+++ openssl-1.0.2a/crypto/rand/md_rand.c	2015-05-29 14:24:04.870595846 +0200
+--- openssl-1.0.2b.orig/crypto/rand/md_rand.c	2015-06-11 17:41:59.506534739 +0200
++++ openssl-1.0.2b/crypto/rand/md_rand.c	2015-06-11 17:50:03.675860280 +0200
 @@ -164,7 +164,7 @@ static int ssleay_rand_nopseudo_bytes(un
  static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
  static int ssleay_rand_status(void);
@@ -642,10 +642,10 @@ Index: openssl-1.0.2a/crypto/rand/md_rand.c
      ssleay_rand_seed,
      ssleay_rand_nopseudo_bytes,
      ssleay_rand_cleanup,
-Index: openssl-1.0.2a/crypto/dh/dh_ameth.c
+Index: openssl-1.0.2b/crypto/dh/dh_ameth.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/dh/dh_ameth.c	2015-05-29 13:58:53.842777273 +0200
-+++ openssl-1.0.2a/crypto/dh/dh_ameth.c	2015-05-29 14:24:30.526905527 +0200
+--- openssl-1.0.2b.orig/crypto/dh/dh_ameth.c	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/dh/dh_ameth.c	2015-06-11 17:50:03.675860280 +0200
 @@ -584,6 +584,7 @@ static int dh_pkey_ctrl(EVP_PKEY *pkey,
  
  }
@@ -654,10 +654,10 @@ Index: openssl-1.0.2a/crypto/dh/dh_ameth.c
  const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
      EVP_PKEY_DH,
      EVP_PKEY_DH,
-Index: openssl-1.0.2a/crypto/dh/dh_pmeth.c
+Index: openssl-1.0.2b/crypto/dh/dh_pmeth.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/dh/dh_pmeth.c	2015-05-29 13:58:53.842777273 +0200
-+++ openssl-1.0.2a/crypto/dh/dh_pmeth.c	2015-05-29 14:25:02.208288551 +0200
+--- openssl-1.0.2b.orig/crypto/dh/dh_pmeth.c	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/dh/dh_pmeth.c	2015-06-11 17:50:03.675860280 +0200
 @@ -482,6 +482,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *
      return 1;
  }
@@ -666,10 +666,10 @@ Index: openssl-1.0.2a/crypto/dh/dh_pmeth.c
  const EVP_PKEY_METHOD dh_pkey_meth = {
      EVP_PKEY_DH,
      0,
-Index: openssl-1.0.2a/crypto/dsa/dsa_ameth.c
+Index: openssl-1.0.2b/crypto/dsa/dsa_ameth.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/dsa/dsa_ameth.c	2015-05-29 13:58:53.842777273 +0200
-+++ openssl-1.0.2a/crypto/dsa/dsa_ameth.c	2015-05-29 14:25:24.527557694 +0200
+--- openssl-1.0.2b.orig/crypto/dsa/dsa_ameth.c	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/dsa/dsa_ameth.c	2015-06-11 17:50:03.676860293 +0200
 @@ -620,6 +620,7 @@ static int dsa_pkey_ctrl(EVP_PKEY *pkey,
  
  /* NB these are sorted in pkey_id order, lowest first */
@@ -678,10 +678,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_ameth.c
  const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[] = {
  
      {
-Index: openssl-1.0.2a/crypto/dsa/dsa_pmeth.c
+Index: openssl-1.0.2b/crypto/dsa/dsa_pmeth.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/dsa/dsa_pmeth.c	2015-05-29 13:58:53.843777284 +0200
-+++ openssl-1.0.2a/crypto/dsa/dsa_pmeth.c	2015-05-29 14:25:50.943876979 +0200
+--- openssl-1.0.2b.orig/crypto/dsa/dsa_pmeth.c	2015-06-11 17:41:59.488534507 +0200
++++ openssl-1.0.2b/crypto/dsa/dsa_pmeth.c	2015-06-11 17:50:03.676860293 +0200
 @@ -278,6 +278,7 @@ static int pkey_dsa_keygen(EVP_PKEY_CTX
      return DSA_generate_key(pkey->pkey.dsa);
  }
@@ -690,10 +690,10 @@ Index: openssl-1.0.2a/crypto/dsa/dsa_pmeth.c
  const EVP_PKEY_METHOD dsa_pkey_meth = {
      EVP_PKEY_DSA,
      EVP_PKEY_FLAG_AUTOARGLEN,
-Index: openssl-1.0.2a/crypto/ec/ec_ameth.c
+Index: openssl-1.0.2b/crypto/ec/ec_ameth.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/ec/ec_ameth.c	2015-05-29 13:58:53.843777284 +0200
-+++ openssl-1.0.2a/crypto/ec/ec_ameth.c	2015-05-29 14:26:15.256170382 +0200
+--- openssl-1.0.2b.orig/crypto/ec/ec_ameth.c	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/ec/ec_ameth.c	2015-06-11 17:50:03.676860293 +0200
 @@ -608,6 +608,7 @@ static int ec_pkey_ctrl(EVP_PKEY *pkey,
  
  }
@@ -702,10 +702,10 @@ Index: openssl-1.0.2a/crypto/ec/ec_ameth.c
  const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
      EVP_PKEY_EC,
      EVP_PKEY_EC,
-Index: openssl-1.0.2a/crypto/ec/ec_pmeth.c
+Index: openssl-1.0.2b/crypto/ec/ec_pmeth.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/ec/ec_pmeth.c	2015-05-29 13:58:53.843777284 +0200
-+++ openssl-1.0.2a/crypto/ec/ec_pmeth.c	2015-05-29 14:26:42.183495689 +0200
+--- openssl-1.0.2b.orig/crypto/ec/ec_pmeth.c	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/ec/ec_pmeth.c	2015-06-11 17:50:03.676860293 +0200
 @@ -491,6 +491,7 @@ static int pkey_ec_keygen(EVP_PKEY_CTX *
      return EC_KEY_generate_key(pkey->pkey.ec);
  }
@@ -714,10 +714,10 @@ Index: openssl-1.0.2a/crypto/ec/ec_pmeth.c
  const EVP_PKEY_METHOD ec_pkey_meth = {
      EVP_PKEY_EC,
      0,
-Index: openssl-1.0.2a/crypto/hmac/hm_ameth.c
+Index: openssl-1.0.2b/crypto/hmac/hm_ameth.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/hmac/hm_ameth.c	2015-05-29 13:58:53.844777296 +0200
-+++ openssl-1.0.2a/crypto/hmac/hm_ameth.c	2015-05-29 14:27:00.087711757 +0200
+--- openssl-1.0.2b.orig/crypto/hmac/hm_ameth.c	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/hmac/hm_ameth.c	2015-06-11 17:50:03.676860293 +0200
 @@ -135,6 +135,7 @@ static int old_hmac_encode(const EVP_PKE
  
  #endif
@@ -726,10 +726,10 @@ Index: openssl-1.0.2a/crypto/hmac/hm_ameth.c
  const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
      EVP_PKEY_HMAC,
      EVP_PKEY_HMAC,
-Index: openssl-1.0.2a/crypto/hmac/hm_pmeth.c
+Index: openssl-1.0.2b/crypto/hmac/hm_pmeth.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/hmac/hm_pmeth.c	2015-05-29 13:58:53.844777296 +0200
-+++ openssl-1.0.2a/crypto/hmac/hm_pmeth.c	2015-05-29 14:27:18.207930409 +0200
+--- openssl-1.0.2b.orig/crypto/hmac/hm_pmeth.c	2015-06-11 15:01:06.000000000 +0200
++++ openssl-1.0.2b/crypto/hmac/hm_pmeth.c	2015-06-11 17:50:03.676860293 +0200
 @@ -228,6 +228,7 @@ static int pkey_hmac_ctrl_str(EVP_PKEY_C
      return -2;
  }
@@ -738,10 +738,10 @@ Index: openssl-1.0.2a/crypto/hmac/hm_pmeth.c
  const EVP_PKEY_METHOD hmac_pkey_meth = {
      EVP_PKEY_HMAC,
      0,
-Index: openssl-1.0.2a/crypto/rsa/rsa_ameth.c
+Index: openssl-1.0.2b/crypto/rsa/rsa_ameth.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/rsa/rsa_ameth.c	2015-05-29 13:58:53.844777296 +0200
-+++ openssl-1.0.2a/crypto/rsa/rsa_ameth.c	2015-05-29 14:27:55.153376094 +0200
+--- openssl-1.0.2b.orig/crypto/rsa/rsa_ameth.c	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/rsa/rsa_ameth.c	2015-06-11 17:50:03.677860306 +0200
 @@ -921,6 +921,7 @@ static int rsa_cms_encrypt(CMS_Recipient
      return rv;
  }
@@ -750,11 +750,11 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_ameth.c
  const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
      {
       EVP_PKEY_RSA,
-Index: openssl-1.0.2a/crypto/rsa/rsa_pmeth.c
+Index: openssl-1.0.2b/crypto/rsa/rsa_pmeth.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/rsa/rsa_pmeth.c	2015-05-29 13:58:53.845777307 +0200
-+++ openssl-1.0.2a/crypto/rsa/rsa_pmeth.c	2015-05-29 14:28:12.111582149 +0200
-@@ -717,6 +717,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX
+--- openssl-1.0.2b.orig/crypto/rsa/rsa_pmeth.c	2015-06-11 17:41:59.508534765 +0200
++++ openssl-1.0.2b/crypto/rsa/rsa_pmeth.c	2015-06-11 17:50:03.677860306 +0200
+@@ -723,6 +723,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX
      return ret;
  }
  
@@ -762,10 +762,10 @@ Index: openssl-1.0.2a/crypto/rsa/rsa_pmeth.c
  const EVP_PKEY_METHOD rsa_pkey_meth = {
      EVP_PKEY_RSA,
      EVP_PKEY_FLAG_AUTOARGLEN,
-Index: openssl-1.0.2a/crypto/objects/obj_xref.c
+Index: openssl-1.0.2b/crypto/objects/obj_xref.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/objects/obj_xref.c	2015-05-29 13:57:01.511491765 +0200
-+++ openssl-1.0.2a/crypto/objects/obj_xref.c	2015-05-29 13:58:53.845777307 +0200
+--- openssl-1.0.2b.orig/crypto/objects/obj_xref.c	2015-06-11 15:01:06.000000000 +0200
++++ openssl-1.0.2b/crypto/objects/obj_xref.c	2015-06-11 17:50:03.677860306 +0200
 @@ -61,7 +61,7 @@
  #include "obj_xref.h"
  
@@ -775,10 +775,10 @@ Index: openssl-1.0.2a/crypto/objects/obj_xref.c
  
  static int sig_cmp(const nid_triple *a, const nid_triple *b)
  {
-Index: openssl-1.0.2a/crypto/pem/pem_lib.c
+Index: openssl-1.0.2b/crypto/pem/pem_lib.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/pem/pem_lib.c	2015-05-29 13:57:01.512491776 +0200
-+++ openssl-1.0.2a/crypto/pem/pem_lib.c	2015-05-29 13:58:53.845777307 +0200
+--- openssl-1.0.2b.orig/crypto/pem/pem_lib.c	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/pem/pem_lib.c	2015-06-11 17:50:03.677860306 +0200
 @@ -80,7 +80,7 @@ const char PEM_version[] = "PEM" OPENSSL
  
  static int load_iv(char **fromp, unsigned char *to, int num);
@@ -788,10 +788,10 @@ Index: openssl-1.0.2a/crypto/pem/pem_lib.c
  
  int PEM_def_callback(char *buf, int num, int w, void *key)
  {
-Index: openssl-1.0.2a/crypto/asn1/tasn_prn.c
+Index: openssl-1.0.2b/crypto/asn1/tasn_prn.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/asn1/tasn_prn.c	2015-05-29 13:58:53.845777307 +0200
-+++ openssl-1.0.2a/crypto/asn1/tasn_prn.c	2015-05-29 14:28:41.568929701 +0200
+--- openssl-1.0.2b.orig/crypto/asn1/tasn_prn.c	2015-06-11 15:01:06.000000000 +0200
++++ openssl-1.0.2b/crypto/asn1/tasn_prn.c	2015-06-11 17:50:03.677860306 +0200
 @@ -73,7 +73,7 @@
  
  /* ASN1_PCTX routines */
@@ -801,10 +801,10 @@ Index: openssl-1.0.2a/crypto/asn1/tasn_prn.c
      ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */
      0,                          /* nm_flags */
      0,                          /* cert_flags */
-Index: openssl-1.0.2a/crypto/bn/bn_exp.c
+Index: openssl-1.0.2b/crypto/bn/bn_exp.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/bn/bn_exp.c	2015-05-29 13:58:53.846777318 +0200
-+++ openssl-1.0.2a/crypto/bn/bn_exp.c	2015-05-29 14:29:50.256737750 +0200
+--- openssl-1.0.2b.orig/crypto/bn/bn_exp.c	2015-06-11 15:50:11.000000000 +0200
++++ openssl-1.0.2b/crypto/bn/bn_exp.c	2015-06-11 17:50:03.678860319 +0200
 @@ -947,10 +947,10 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr
           */
          void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
@@ -819,10 +819,10 @@ Index: openssl-1.0.2a/crypto/bn/bn_exp.c
          void bn_power5(BN_ULONG *rp, const BN_ULONG *ap,
                         const void *table, const BN_ULONG *np,
                         const BN_ULONG *n0, int num, int power);
-Index: openssl-1.0.2a/crypto/bn/bn_gf2m.c
+Index: openssl-1.0.2b/crypto/bn/bn_gf2m.c
 ===================================================================
---- openssl-1.0.2a.orig/crypto/bn/bn_gf2m.c	2015-05-29 13:58:53.846777318 +0200
-+++ openssl-1.0.2a/crypto/bn/bn_gf2m.c	2015-05-29 14:31:03.496598921 +0200
+--- openssl-1.0.2b.orig/crypto/bn/bn_gf2m.c	2015-06-11 15:52:57.000000000 +0200
++++ openssl-1.0.2b/crypto/bn/bn_gf2m.c	2015-06-11 17:50:03.678860319 +0200
 @@ -321,7 +321,7 @@ static void bn_GF2m_mul_2x2(BN_ULONG *r,
  }
  # else

bsc936563_hack.patch

@@ -0,0 +1,13 @@
+Index: openssl-1.0.2c/crypto/ec/Makefile
+===================================================================
+--- openssl-1.0.2c.orig/crypto/ec/Makefile
++++ openssl-1.0.2c/crypto/ec/Makefile
+@@ -10,7 +10,7 @@ CFLAG=-g
+ MAKEFILE=	Makefile
+ AR=		ar r
+ 
+-CFLAGS= $(INCLUDES) $(CFLAG)
++CFLAGS= $(INCLUDES) $(CFLAG) -O0
+ ASFLAGS= $(INCLUDES) $(ASFLAG)
+ AFLAGS= $(ASFLAGS)
+ 

compression_methods_switch.patch

@@ -1,10 +1,10 @@
-Index: openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod
+Index: openssl-1.0.2b/doc/ssl/SSL_COMP_add_compression_method.pod
 ===================================================================
---- openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod	2015-04-03 22:10:19.262805732 +0200
-+++ openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod	2015-04-03 22:10:28.958939879 +0200
-@@ -41,6 +41,24 @@ of compression methods supported on a pe
- The OpenSSL library has the compression methods B<COMP_rle()> and (when
- especially enabled during compilation) B<COMP_zlib()> available.
+--- openssl-1.0.2b.orig/doc/ssl/SSL_COMP_add_compression_method.pod	2015-06-11 20:11:49.353667505 +0200
++++ openssl-1.0.2b/doc/ssl/SSL_COMP_add_compression_method.pod	2015-06-11 20:11:51.183689314 +0200
+@@ -47,6 +47,24 @@ of compression methods supported on a pe
+ If enabled during compilation, the OpenSSL library will have the
+ COMP_zlib() compression method available.
  
 +And, there is an environment variable to switch the compression
 +methods off and on. In default the compression is off to mitigate 
@@ -27,10 +27,10 @@ Index: openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod
  =head1 WARNINGS
  
  Once the identities of the compression methods for the TLS protocol have
-Index: openssl-1.0.2a/ssl/ssl_ciph.c
+Index: openssl-1.0.2b/ssl/ssl_ciph.c
 ===================================================================
---- openssl-1.0.2a.orig/ssl/ssl_ciph.c	2015-04-03 22:10:28.959939893 +0200
-+++ openssl-1.0.2a/ssl/ssl_ciph.c	2015-04-03 22:12:33.425662139 +0200
+--- openssl-1.0.2b.orig/ssl/ssl_ciph.c	2015-06-11 20:11:49.353667505 +0200
++++ openssl-1.0.2b/ssl/ssl_ciph.c	2015-06-11 20:11:51.183689314 +0200
 @@ -478,10 +478,16 @@ static void load_builtin_compressions(vo
  
          if (ssl_comp_methods == NULL) {

merge_from_0.9.8k.patch

@@ -1,8 +1,13 @@
+---
+ Configure |    4 ++--
+ config    |   23 +++++++++++++++--------
+ 2 files changed, 17 insertions(+), 10 deletions(-)
+
 Index: openssl-1.0.2a/Configure
 ===================================================================
---- openssl-1.0.2a.orig/Configure	2015-05-30 21:58:49.358278076 +0200
-+++ openssl-1.0.2a/Configure	2015-05-30 21:58:52.830317683 +0200
-@@ -996,7 +996,7 @@ PROCESS_ARGS:
+--- openssl-1.0.2a.orig/Configure
++++ openssl-1.0.2a/Configure
+@@ -978,7 +978,7 @@ PROCESS_ARGS:
  			}
  		else
  			{
@@ -11,7 +16,7 @@ Index: openssl-1.0.2a/Configure
  			$target=$_;
  			}
  
-@@ -1276,7 +1276,7 @@ if ($target =~ /linux.*\-mips/ && !$no_a
+@@ -1258,7 +1258,7 @@ if ($target =~ /linux.*\-mips/ && !$no_a
  my $no_shared_warn=0;
  my $no_user_cflags=0;
  
@@ -22,8 +27,8 @@ Index: openssl-1.0.2a/Configure
  # Kerberos settings.  The flavor must be provided from outside, either through
 Index: openssl-1.0.2a/config
 ===================================================================
---- openssl-1.0.2a.orig/config	2015-05-30 21:58:49.358278076 +0200
-+++ openssl-1.0.2a/config	2015-05-30 21:58:52.830317683 +0200
+--- openssl-1.0.2a.orig/config
++++ openssl-1.0.2a/config
 @@ -573,7 +573,8 @@ case "$GUESSOS" in
  	options="$options -arch%20${MACHINE}"
  	OUT="iphoneos-cross" ;;
@@ -34,17 +39,19 @@ Index: openssl-1.0.2a/config
  	case ${ISA:-generic} in
  	*[678])	OUT="linux-alpha+bwx-$CC" ;;
  	*)	OUT="linux-alpha-$CC" ;;
-@@ -598,7 +599,9 @@ case "$GUESSOS" in
+@@ -598,8 +599,10 @@ case "$GUESSOS" in
  	if [ "$KERNEL_BITS" = "64" ]; then
  	    OUT="linux-ppc64"
  	else
 -	    OUT="linux-ppc"
+-	    (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
 +#	    OUT="linux-ppc"
 +	# we have the target and force it here
 +	OUT="linux-ppc64"
- 	    (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
++	    (echo "__LP64" | gcc -E -x c - 2>/dev/null | grep "^__LP64" 2>&1 > /dev/null) || options="$options -m32"
  	fi
  	;;
+   ppc64le-*-linux2) OUT="linux-ppc64le" ;;
 @@ -632,10 +635,10 @@ case "$GUESSOS" in
    sparc-*-linux2)
  	KARCH=`awk '/^type/{print$3;exit(0);}' /proc/cpuinfo`

openssl-1.0.1e-add-test-suse-default-cipher-suite.patch

@@ -1,9 +1,9 @@
-Index: openssl-1.0.2a/test/testssl
+Index: openssl-1.0.2b/test/testssl
 ===================================================================
---- openssl-1.0.2a.orig/test/testssl	2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/test/testssl	2015-05-24 14:06:02.038506053 +0200
-@@ -138,6 +138,25 @@ for protocol in TLSv1.2 SSLv3; do
-   done
+--- openssl-1.0.2b.orig/test/testssl	2015-06-11 20:11:36.398513121 +0200
++++ openssl-1.0.2b/test/testssl	2015-06-11 20:15:40.833426946 +0200
+@@ -192,6 +192,25 @@ for protocol in TLSv1.2 SSLv3; do
+   fi
  done
  
 +echo "Testing default ciphersuites"

openssl-1.0.2a-default-paths.patch

@@ -1,25 +1,9 @@
-diff -up openssl-1.0.2a/apps/s_client.c.default-paths openssl-1.0.2a/apps/s_client.c
---- openssl-1.0.2a/apps/s_client.c.default-paths	2015-04-20 14:48:31.462166971 +0200
-+++ openssl-1.0.2a/apps/s_client.c	2015-04-20 14:52:55.125316170 +0200
-@@ -1336,19 +1336,16 @@ int MAIN(int argc, char **argv)
- 
-     SSL_CTX_set_verify(ctx, verify, verify_callback);
- 
--    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
--        (!SSL_CTX_set_default_verify_paths(ctx))) {
--        /*
--         * BIO_printf(bio_err,"error setting default verify locations\n");
--         */
--        ERR_print_errors(bio_err);
--        /* goto end; */
-+    if (CAfile == NULL && CApath == NULL) {
-+        if (!SSL_CTX_set_default_verify_paths(ctx)) {
-+            ERR_print_errors(bio_err);
-+        }
-+    } else {
-+        if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) {
-+            ERR_print_errors(bio_err);
-+        }
+Index: openssl-1.0.2b/apps/s_client.c
+===================================================================
+--- openssl-1.0.2b.orig/apps/s_client.c	2015-06-11 17:28:32.039203737 +0200
++++ openssl-1.0.2b/apps/s_client.c	2015-06-11 17:39:40.138741521 +0200
+@@ -1346,10 +1346,6 @@ int MAIN(int argc, char **argv)
+         ERR_print_errors(bio_err);
      }
  
 -    ssl_ctx_add_crls(ctx, crls, crl_download);
@@ -29,10 +13,11 @@ diff -up openssl-1.0.2a/apps/s_client.c.default-paths openssl-1.0.2a/apps/s_clie
  #ifndef OPENSSL_NO_TLSEXT
      if (servername != NULL) {
          tlsextcbp.biodebug = bio_err;
-diff -up openssl-1.0.2a/apps/s_server.c.default-paths openssl-1.0.2a/apps/s_server.c
---- openssl-1.0.2a/apps/s_server.c.default-paths	2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/apps/s_server.c	2015-04-20 14:48:31.462166971 +0200
-@@ -1768,12 +1768,16 @@ int MAIN(int argc, char *argv[])
+Index: openssl-1.0.2b/apps/s_server.c
+===================================================================
+--- openssl-1.0.2b.orig/apps/s_server.c	2015-06-11 17:28:04.879854931 +0200
++++ openssl-1.0.2b/apps/s_server.c	2015-06-11 17:28:32.040203749 +0200
+@@ -1788,12 +1788,16 @@ int MAIN(int argc, char *argv[])
      }
  #endif
  
@@ -54,7 +39,7 @@ diff -up openssl-1.0.2a/apps/s_server.c.default-paths openssl-1.0.2a/apps/s_serv
      if (vpm)
          SSL_CTX_set1_param(ctx, vpm);
  
-@@ -1830,8 +1834,10 @@ int MAIN(int argc, char *argv[])
+@@ -1850,8 +1854,10 @@ int MAIN(int argc, char *argv[])
          else
              SSL_CTX_sess_set_cache_size(ctx2, 128);
  
@@ -67,9 +52,10 @@ diff -up openssl-1.0.2a/apps/s_server.c.default-paths openssl-1.0.2a/apps/s_serv
              ERR_print_errors(bio_err);
          }
          if (vpm)
-diff -up openssl-1.0.2a/apps/s_time.c.default-paths openssl-1.0.2a/apps/s_time.c
---- openssl-1.0.2a/apps/s_time.c.default-paths	2015-04-20 14:48:31.462166971 +0200
-+++ openssl-1.0.2a/apps/s_time.c	2015-04-20 14:55:14.232542738 +0200
+Index: openssl-1.0.2b/apps/s_time.c
+===================================================================
+--- openssl-1.0.2b.orig/apps/s_time.c	2015-06-11 17:28:04.879854931 +0200
++++ openssl-1.0.2b/apps/s_time.c	2015-06-11 17:28:32.040203749 +0200
 @@ -381,13 +381,14 @@ int MAIN(int argc, char **argv)
  
      SSL_load_error_strings();

openssl-1.0.2a.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a
-size 5262089

openssl-1.0.2a.tar.gz.asc

@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1
-
-iQEcBAABAgAGBQJVCs+pAAoJENnE0m0OYESRFCAH+gLn6G4l1HY1R6agC3WYf8Xj
-iTUFCJnwHN1jSgF9edLxASDS5DJ9kstEu1xyswdJT4jumFusxgnrDkqorN0K50Xe
-PlflZyRdr8Fkg9M3pYkRZ7hxvZszmdx53hnuYTZ5m4C/8EUd12icAHhho8M0ks+E
-rT1VfVKfX7iD9MIgLJ+9ZVGWUdUH/1RsQPPEWPWed5TCQUmilvm6Ygz2LsTKYQSQ
-TOvhCMCnWl6gVrc3o0AlrgHRL01dq6kMwNSnvC09Iby/C3N+b7VbOG3sZU/xTO/M
-YhqFJOjGYk5W1SFJ4PNpM504sPo2N6uJ8pCgSa3chcqfvzSjFgKzAqI9CHv8BD4=
-=mSK1
------END PGP SIGNATURE-----

openssl-1.0.2d.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:671c36487785628a703374c652ad2cebea45fa920ae5681515df25d9f2c9a8c8
+size 5295447

openssl-1.0.2d.tar.gz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQEcBAABAgAGBQJVnmMAAAoJENnE0m0OYESRFMAIALdJSJRX5Na77O4wTzrhE/O+
+0QU0MhqZikfEsngd5F47f5fwTGmXM3+oLJ3J94okqxuBeicAMq90MRxUe9cczUqr
+qZ3MH5dMJ12rwaKnnyUH2Xl5Zg41px4tL7oD9piGJc52dKmEbX+t7dUKj/N3WglZ
+uKYp7jxV0tdzZeQcuPIOxq74yGQuYTell+hHXKdlmYPrH8LL27ZUpVmGuCUrHBku
+6+VDZVvRZFvTPy2IrIoI5e0lN9qUobyhoGUUICXYEaKMt1xenTWCi9CFzTEmrhjq
+54Zp4CgVXj24PwNKJ42v3jgN4nVEsMSreD0SDyOh2d2kV0/51avX7KmHAjPYD6Y=
+=U3sw
+-----END PGP SIGNATURE-----

openssl-fix_invalid_manpage_name.patch

@@ -1,13 +0,0 @@
-Index: openssl-1.0.2a/doc/ssl/SSL_CTX_use_serverinfo.pod
-===================================================================
---- openssl-1.0.2a.orig/doc/ssl/SSL_CTX_use_serverinfo.pod	2015-03-19 14:30:36.000000000 +0100
-+++ openssl-1.0.2a/doc/ssl/SSL_CTX_use_serverinfo.pod	2015-05-29 11:33:45.390463069 +0200
-@@ -2,7 +2,7 @@
- 
- =head1 NAME
- 
--SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file
-+SSL_CTX_use_serverinfo, SSL_CTX_use_serverinfo_file - load serverinfo
- 
- =head1 SYNOPSIS
- 

openssl.changes

@@ -1,3 +1,66 @@
+-------------------------------------------------------------------
+Thu Jul  9 13:32:34 UTC 2015 - vcizek@suse.com
+
+- update to 1.0.2d
+  * fixes CVE-2015-1793 (bsc#936746)
+
+  Alternate chains certificate forgery
+
+     During certificate verfification, OpenSSL will attempt to find an
+     alternative certificate chain if the first attempt to build such a chain
+     fails. An error in the implementation of this logic can mean that an
+     attacker could cause certain checks on untrusted certificates to be
+     bypassed, such as the CA flag, enabling them to use a valid leaf
+     certificate to act as a CA and "issue" an invalid certificate.
+- drop openssl-fix_invalid_manpage_name.patch (upstream)
+
+-------------------------------------------------------------------
+Thu Jul  2 14:46:36 UTC 2015 - dvaleev@suse.com
+
+- Workaround debugit crash on ppc64le with gcc5
+  bsc936563_hack.patch (bsc#936563) 
+
+-------------------------------------------------------------------
+Wed Jul  1 09:26:26 UTC 2015 - normand@linux.vnet.ibm.com
+
+- update merge_from_0.9.8k.patch replacing __LP64__ by __LP64
+  this is a change versus previous request 309611
+  required to avoid build error for ppc64
+
+-------------------------------------------------------------------
+Fri Jun 26 00:11:20 UTC 2015 - crrodriguez@opensuse.org
+
+- Build with no-ssl3, for details on why this is needed read 
+  rfc7568. Contrary to the "no-ssl2" option, this does not
+  require us to patch dependant packages as the relevant 
+  functions are still available (SSLv3_(client|server)_method) 
+  but will fail to negotiate. if removing SSL3 methods is desired
+  at a later time, option "no-ssl3-method" needs to be used.
+
+-------------------------------------------------------------------
+Fri Jun 12 21:22:45 UTC 2015 - vcizek@suse.com
+
+- update to 1.0.2c
+  * Fix HMAC ABI incompatibility
+- refreshed openssl-1.0.2a-fips.patch
+
+-------------------------------------------------------------------
+Thu Jun 11 15:50:44 UTC 2015 - vcizek@suse.com
+
+- update to 1.0.2b
+  * Malformed ECParameters causes infinite loop (CVE-2015-1788)
+  * Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+  * PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+  * CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+  * Race condition handling NewSessionTicket (CVE-2015-1791)
+- refreshed patches:
+  * 0001-Axe-builtin-printf-implementation-use-glibc-instead.patch
+  * 0001-libcrypto-Hide-library-private-symbols.patch
+  * openssl-1.0.2a-default-paths.patch
+  * openssl-1.0.2a-fips.patch
+  * compression_methods_switch.patch
+  * openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
+
 -------------------------------------------------------------------
 Sun May 24 12:13:14 UTC 2015 - vcizek@suse.com
 

openssl.spec

@@ -29,7 +29,7 @@ Provides:       ssl
 %ifarch ppc64
 Obsoletes:      openssl-64bit
 %endif
-Version:        1.0.2a
+Version:        1.0.2d
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        OpenSSL
@@ -73,7 +73,7 @@ Patch34:        openssl-fips-hidden.patch
 Patch35:        openssl-1.0.1e-add-suse-default-cipher.patch
 Patch37:        openssl-1.0.1e-add-test-suse-default-cipher-suite.patch
 Patch38:        openssl-missing_FIPS_ec_group_new_by_curve_name.patch
-Patch39:        openssl-fix_invalid_manpage_name.patch
+Patch40:        bsc936563_hack.patch
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
@@ -184,12 +184,15 @@ this package's base documentation.
 %patch35 -p1
 %patch37 -p1
 %patch38 -p1
-%patch39 -p1
 %if 0%{?suse_version} >= 1120
 %patch3
 %endif
 %patch8 -p1
 %patch14 -p1
+#workaround https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66728
+%ifarch ppc64le
+%patch40 -p1
+%endif
 cp -p %{S:10} .
 cp -p %{S:11} .
 echo "adding/overwriting some entries in the 'table' hash in Configure"
@@ -241,6 +244,7 @@ config_flags="threads shared no-rc5 no-idea \
 fips \
 %if 0%{suse_version} > 1310
 no-ssl2 \
+no-ssl3 \
 enable-rfc3779 \
 %endif
 %ifarch x86_64 aarch64 ppc64le