From 37cac8501e3e8f5076f9d036cd22275f5c4d26da Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 19 Mar 2015 15:54:43 +0100
Subject: [PATCH] openssl: Update weak-ciphers and build patches

Conflicts:
	lfs/openssl
	lfs/openssl-compat
---
 lfs/openssl                                   |   8 +-
 lfs/openssl-compat                            |   8 +-
 src/patches/openssl-1.0.1-beta2-build.patch   | 109 ------------------
 src/patches/openssl-1.0.1e-rpmbuild.patch     |  44 +++++++
 src/patches/openssl-1.0.1e-weak-ciphers.patch |  12 --
 src/patches/openssl-1.0.1m-weak-ciphers.patch |  11 ++
 6 files changed, 66 insertions(+), 126 deletions(-)
 delete mode 100644 src/patches/openssl-1.0.1-beta2-build.patch
 create mode 100644 src/patches/openssl-1.0.1e-rpmbuild.patch
 delete mode 100644 src/patches/openssl-1.0.1e-weak-ciphers.patch
 create mode 100644 src/patches/openssl-1.0.1m-weak-ciphers.patch

diff --git a/lfs/openssl b/lfs/openssl
index 8723212840..4acaef5ba4 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -82,9 +82,13 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1-beta2-build.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-rpmbuild.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-fix_parallel_build-1.patch
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1e-weak-ciphers.patch
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
+
+	# Apply our CFLAGS
+	cd $(DIR_APP) && sed -i Configure \
+		-e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
 
 	cd $(DIR_APP) && find crypto/ -name Makefile -exec \
 		sed 's/^ASFLAGS=/&-Wa,--noexecstack /' -i {} \;
diff --git a/lfs/openssl-compat b/lfs/openssl-compat
index dae9008aa0..4b35daeb55 100644
--- a/lfs/openssl-compat
+++ b/lfs/openssl-compat
@@ -71,6 +71,10 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
 
+	# Apply our CFLAGS
+	cd $(DIR_APP) && sed -i Configure \
+		-e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
+
 	cd $(DIR_APP) && sed -i -e 's/mcpu/march/' config
 	cd $(DIR_APP) && sed -i -e 's/-O3/-O2/' -e 's/-march=i486/-march=i586/' Configure
 
@@ -84,9 +88,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 		zlib-dynamic \
 		no-engines \
 		no-asm 386 \
-		-DSSL_FORBID_ENULL \
-		-DHAVE_CRYPTODEV \
-		-DUSE_CRYPTODEV_DIGEST
+		-DSSL_FORBID_ENULL
 
 	cd $(DIR_APP) && make depend
 	cd $(DIR_APP) && make
diff --git a/src/patches/openssl-1.0.1-beta2-build.patch b/src/patches/openssl-1.0.1-beta2-build.patch
deleted file mode 100644
index 0a5cef12c1..0000000000
--- a/src/patches/openssl-1.0.1-beta2-build.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-diff -up openssl-1.0.1-beta2/Configure.rpmbuild openssl-1.0.1-beta2/Configure
---- openssl-1.0.1-beta2/Configure.rpmbuild	2012-01-05 01:07:34.000000000 +0100
-+++ openssl-1.0.1-beta2/Configure	2012-02-02 12:43:56.547409325 +0100
-@@ -343,23 +343,23 @@ my %table=(
- ####
- # *-generic* is endian-neutral target, but ./config is free to
- # throw in -D[BL]_ENDIAN, whichever appropriate...
--"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic32","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
-+"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- # It's believed that majority of ARM toolchains predefine appropriate -march.
- # If you compiler does not, do complement config command line with one!
--"linux-armv4",	"gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-armv4",	"gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- #### IA-32 targets...
- "linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
- ####
--"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
--"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic64","gcc:-DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
-+"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
-+"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
--"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
-+"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
- #### So called "highgprs" target for z/Architecture CPUs
- # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
- # /proc/cpuinfo. The idea is to preserve most significant bits of
-@@ -373,16 +373,16 @@ my %table=(
- # ldconfig and run-time linker to autodiscover. Unfortunately it
- # doesn't work just yet, because of couple of bugs in glibc
- # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
--"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
-+"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31 \$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::/highgprs",
- #### SPARC Linux setups
- # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
- # assisted with debugging of following two configs.
--"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-sparcv8","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- # it's a real mess with -mcpu=ultrasparc option under Linux, but
- # -Wa,-Av8plus should do the trick no matter what.
--"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS) -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- # GCC 3.1 is a requirement
--"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux64-sparcv9","gcc:-DB_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER):::64",
- #### Alpha Linux with GNU C and Compaq C setups
- # Special notes:
- # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
-@@ -396,8 +396,8 @@ my %table=(
- #
- #					<appro@fy.chalmers.se>
- #
--"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-alpha-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
-+"linux-alpha+bwx-gcc","gcc:-DL_ENDIAN -DTERMIO -Wall \$(RPM_OPT_FLAGS)::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:\$(RPM_OPT_FLAGS):.so.\$(SHLIB_SONAMEVER)",
- "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
- 
-@@ -1678,7 +1678,7 @@ while (<IN>)
- 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
- 		{
- 		my $sotmp = $1;
--		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
-+		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
- 		}
- 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
- 		{
-diff -up openssl-1.0.1-beta2/Makefile.org.rpmbuild openssl-1.0.1-beta2/Makefile.org
---- openssl-1.0.1-beta2/Makefile.org.rpmbuild	2011-12-27 16:17:50.000000000 +0100
-+++ openssl-1.0.1-beta2/Makefile.org	2012-02-02 12:30:23.652495435 +0100
-@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
- SHLIB_MAJOR=
- SHLIB_MINOR=
- SHLIB_EXT=
-+SHLIB_SONAMEVER=10
- PLATFORM=dist
- OPTIONS=
- CONFIGURE_ARGS=
-@@ -333,10 +334,9 @@ clean-shared:
- link-shared:
- 	@ set -e; for i in $(SHLIBDIRS); do \
- 		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
--			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-+			LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
- 			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
- 			symlink.$(SHLIB_TARGET); \
--		libs="$$libs -l$$i"; \
- 	done
- 
- build-shared: do_$(SHLIB_TARGET) link-shared
-@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET):
- 			libs="$(LIBKRB5) $$libs"; \
- 		fi; \
- 		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
--			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
-+			LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
- 			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
- 			LIBDEPS="$$libs $(EX_LIBS)" \
- 			link_a.$(SHLIB_TARGET); \
diff --git a/src/patches/openssl-1.0.1e-rpmbuild.patch b/src/patches/openssl-1.0.1e-rpmbuild.patch
new file mode 100644
index 0000000000..3fb3c6437b
--- /dev/null
+++ b/src/patches/openssl-1.0.1e-rpmbuild.patch
@@ -0,0 +1,44 @@
+diff -up openssl-1.0.1e/Configure.rpmbuild openssl-1.0.1e/Configure
+--- openssl-1.0.1e/Configure.rpmbuild	2014-08-13 19:19:53.211005598 +0200
++++ openssl-1.0.1e/Configure	2014-08-13 19:29:21.704099285 +0200
+@@ -1675,7 +1676,7 @@ while (<IN>)
+ 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
+ 		{
+ 		my $sotmp = $1;
+-		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
++		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_SONAMEVER) .s$sotmp/;
+ 		}
+ 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
+ 		{
+diff -up openssl-1.0.1e/Makefile.org.rpmbuild openssl-1.0.1e/Makefile.org
+--- openssl-1.0.1e/Makefile.org.rpmbuild	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/Makefile.org	2014-08-13 19:19:53.218005759 +0200
+@@ -10,6 +10,7 @@ SHLIB_VERSION_HISTORY=
+ SHLIB_MAJOR=
+ SHLIB_MINOR=
+ SHLIB_EXT=
++SHLIB_SONAMEVER=10
+ PLATFORM=dist
+ OPTIONS=
+ CONFIGURE_ARGS=
+@@ -333,10 +334,9 @@ clean-shared:
+ link-shared:
+ 	@ set -e; for i in $(SHLIBDIRS); do \
+ 		$(MAKE) -f $(HERE)/Makefile.shared -e $(BUILDENV) \
+-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
++			LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
+ 			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+ 			symlink.$(SHLIB_TARGET); \
+-		libs="$$libs -l$$i"; \
+ 	done
+ 
+ build-shared: do_$(SHLIB_TARGET) link-shared
+@@ -347,7 +347,7 @@ do_$(SHLIB_TARGET):
+ 			libs="$(LIBKRB5) $$libs"; \
+ 		fi; \
+ 		$(CLEARENV) && $(MAKE) -f Makefile.shared -e $(BUILDENV) \
+-			LIBNAME=$$i LIBVERSION=$(SHLIB_MAJOR).$(SHLIB_MINOR) \
++			LIBNAME=$$i LIBVERSION=$(SHLIB_SONAMEVER) \
+ 			LIBCOMPATVERSIONS=";$(SHLIB_VERSION_HISTORY)" \
+ 			LIBDEPS="$$libs $(EX_LIBS)" \
+ 			link_a.$(SHLIB_TARGET); \
diff --git a/src/patches/openssl-1.0.1e-weak-ciphers.patch b/src/patches/openssl-1.0.1e-weak-ciphers.patch
deleted file mode 100644
index 8657345387..0000000000
--- a/src/patches/openssl-1.0.1e-weak-ciphers.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up openssl-1.0.1e/ssl/ssl.h.weak-ciphers openssl-1.0.1e/ssl/ssl.h
---- openssl-1.0.1e/ssl/ssl.h.weak-ciphers	2013-12-18 15:50:40.881620314 +0100
-+++ openssl-1.0.1e/ssl/ssl.h	2013-12-18 14:25:25.596566704 +0100
-@@ -331,7 +331,7 @@ extern "C" {
- /* The following cipher list is used by default.
-  * It also is substituted when an application-defined cipher list string
-  * starts with 'DEFAULT'. */
--#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2"
-+#define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:!SSLv2:!EXPORT:!RC2:!DES"
- /* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
-  * starts with a reasonable order, and all we have to do for DEFAULT is
-  * throwing out anonymous and unencrypted ciphersuites!
diff --git a/src/patches/openssl-1.0.1m-weak-ciphers.patch b/src/patches/openssl-1.0.1m-weak-ciphers.patch
new file mode 100644
index 0000000000..f57b97811d
--- /dev/null
+++ b/src/patches/openssl-1.0.1m-weak-ciphers.patch
@@ -0,0 +1,11 @@
+--- openssl-1.0.1m/ssl/ssl.h.old	2015-03-19 15:25:20.646533583 +0100
++++ openssl-1.0.1m/ssl/ssl.h	2015-03-19 15:25:31.229875691 +0100
+@@ -334,7 +334,7 @@
+  * The following cipher list is used by default. It also is substituted when
+  * an application-defined cipher list string starts with 'DEFAULT'.
+  */
+-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
+ /*
+  * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+  * starts with a reasonable order, and all we have to do for DEFAULT is
-- 
2.39.5