23221238 Upgrade OpenSSL version to 1.0.1t
23206902 problem in LIBRARY/OPENSSL
23207083 problem in LIBRARY/OPENSSL
23207086 problem in LIBRARY/OPENSSL
23207121 problem in LIBRARY/OPENSSL
23207118 problem in LIBRARY/OPENSSL
--- a/components/openssl/openssl-1.0.1-fips-140/Makefile Mon May 09 19:41:29 2016 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/Makefile Mon May 09 20:56:05 2016 -0700
@@ -32,18 +32,18 @@
COMPONENT_NAME = openssl-fips-140
# Note that this is the OpenSSL version that is used to build FIPS-140 certified
# libraries. However, we use the FIPS canister version for the IPS package.
-COMPONENT_VERSION = 1.0.1s
+COMPONENT_VERSION = 1.0.1t
IPS_COMPONENT_VERSION = 2.0.6
COMPONENT_PROJECT_URL= http://www.openssl.org/
COMPONENT_SRC_NAME = openssl
COMPONENT_SRC = $(COMPONENT_SRC_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:e7e81d82f3cd538ab0cdba494006d44aab9dd96b7f6233ce9971fb7c7916d511
+ sha256:4a6ee491a2fdb22e519c76fdc2a628bb3cec12762cd456861d207996c8a07088
COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= library/openssl
-TPNO= 27087
+TPNO= 28138
# OpenSSL FIPS directory
OPENSSL_FIPS_DIR = $(COMPONENT_DIR)/../openssl-fips
@@ -107,7 +107,7 @@
CONFIGURE_OPTIONS += no-seed
# Disable SSLv2 protocol
-CONFIGURE_OPTIONS += no-ssl2
+CONFIGURE_OPTIONS += no-ssl2 no-ssl2-method
# We define our own compiler and linker option sets for Solaris. See Configure
# for more information.
--- a/components/openssl/openssl-1.0.1-fips-140/patches/42_rm_sslv2.patch Mon May 09 19:41:29 2016 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/42_rm_sslv2.patch Mon May 09 20:56:05 2016 -0700
@@ -51,11 +51,11 @@
# endif
--- openssl-1.0.1/ssl/ssl.h Tue May 26 11:13:15 2015
+++ openssl-1.0.1/ssl/ssl.h.new Tue May 26 11:32:09 2015
-@@ -2016,12 +2016,26 @@
+@@ -2016,12 +2016,28 @@
/* This sets the 'default' SSL version that SSL_new() will create */
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
--# ifndef OPENSSL_NO_SSL2
+-# ifndef OPENSSL_NO_SSL2_METHOD
-const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
-const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
-const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
@@ -75,10 +75,12 @@
+#endif
+
+# ifndef OPENSSL_NO_SSL2
++# ifndef OPENSSL_NO_SSL2_METHOD
+DEPRECATED const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
+DEPRECATED const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
+DEPRECATED const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
+# endif
++# endif
+
# ifndef OPENSSL_NO_SSL3_METHOD
const SSL_METHOD *SSLv3_method(void); /* SSLv3 */
--- a/components/openssl/openssl-1.0.1/Makefile Mon May 09 19:41:29 2016 -0700
+++ b/components/openssl/openssl-1.0.1/Makefile Mon May 09 20:56:05 2016 -0700
@@ -28,20 +28,20 @@
# When upgrading OpenSSL, please, DON'T FORGET TO TEST WANBOOT too.
# For more information about wanboot-openssl testing, please refer to
# ../README.
-COMPONENT_VERSION = 1.0.1s
+COMPONENT_VERSION = 1.0.1t
# Version for IPS. It is easier to do it manually than convert the letter to a
# number while taking into account that there might be no letter at all.
-IPS_COMPONENT_VERSION = 1.0.1.19
+IPS_COMPONENT_VERSION = 1.0.1.20
COMPONENT_PROJECT_URL= http://www.openssl.org/
COMPONENT_SRC = $(COMPONENT_NAME)-$(COMPONENT_VERSION)
COMPONENT_ARCHIVE = $(COMPONENT_SRC).tar.gz
COMPONENT_ARCHIVE_HASH= \
- sha256:e7e81d82f3cd538ab0cdba494006d44aab9dd96b7f6233ce9971fb7c7916d511
+ sha256:4a6ee491a2fdb22e519c76fdc2a628bb3cec12762cd456861d207996c8a07088
COMPONENT_ARCHIVE_URL = $(COMPONENT_PROJECT_URL)source/$(COMPONENT_ARCHIVE)
COMPONENT_BUGDB= library/openssl
-TPNO= 27087
+TPNO= 28138
include $(WS_MAKE_RULES)/prep.mk
include $(WS_MAKE_RULES)/configure.mk
@@ -98,7 +98,7 @@
CONFIGURE_OPTIONS += no-seed
# Disable SSLv2 protocol
-CONFIGURE_OPTIONS += no-ssl2
+CONFIGURE_OPTIONS += no-ssl2 no-ssl2-method
# We use both no-whirlpool and no-whrlpool since there is an inconsistency in
# the OpenSSL code and one needs both to build OpenSSL successfully with
--- a/components/openssl/openssl-1.0.1/patches/42_rm_sslv2.patch Mon May 09 19:41:29 2016 -0700
+++ b/components/openssl/openssl-1.0.1/patches/42_rm_sslv2.patch Mon May 09 20:56:05 2016 -0700
@@ -51,11 +51,11 @@
# endif
--- openssl-1.0.1/ssl/ssl.h Tue May 26 11:13:15 2015
+++ openssl-1.0.1/ssl/ssl.h.new Tue May 26 11:32:09 2015
-@@ -2016,12 +2016,26 @@
+@@ -2016,12 +2016,28 @@
/* This sets the 'default' SSL version that SSL_new() will create */
int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
--# ifndef OPENSSL_NO_SSL2
+-# ifndef OPENSSL_NO_SSL2_METHOD
-const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
-const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
-const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
@@ -75,10 +75,12 @@
+#endif
+
+# ifndef OPENSSL_NO_SSL2
++# ifndef OPENSSL_NO_SSL2_METHOD
+DEPRECATED const SSL_METHOD *SSLv2_method(void); /* SSLv2 */
+DEPRECATED const SSL_METHOD *SSLv2_server_method(void); /* SSLv2 */
+DEPRECATED const SSL_METHOD *SSLv2_client_method(void); /* SSLv2 */
+# endif
++# endif
+
# ifndef OPENSSL_NO_SSL3_METHOD
const SSL_METHOD *SSLv3_method(void); /* SSLv3 */