include Config
-VER = 1.0.2g
+VER = 1.0.2h
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
zlib-dynamic \
enable-camellia \
enable-md2 \
- enable-ssl2 \
+ disable-ssl2 \
enable-seed \
enable-tlsext \
enable-rfc3779 \
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = f3c710c045cdee5fd114feb69feba7aa
+$(DL_FILE)_MD5 = 9392e65072ce4b614c1392eefc1f23d0
install : $(TARGET)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.0-beta5-enginesdir.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a-rpmbuild.patch
- cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.1m-weak-ciphers.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2h-weak-ciphers.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2g-disable-sslv2v3.patch
# i586 specific patches
+++ /dev/null
---- openssl-1.0.1m/ssl/ssl.h.old 2015-03-19 15:25:20.646533583 +0100
-+++ openssl-1.0.1m/ssl/ssl.h 2015-03-19 15:25:31.229875691 +0100
-@@ -334,7 +334,7 @@
- * The following cipher list is used by default. It also is substituted when
- * an application-defined cipher list string starts with 'DEFAULT'.
- */
--# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2"
-+# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
- /*
- * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
- * starts with a reasonable order, and all we have to do for DEFAULT is
--- /dev/null
+diff -Naur openssl-1.0.2h.org/ssl/ssl.h openssl-1.0.2h/ssl/ssl.h
+--- openssl-1.0.2h.org/ssl/ssl.h 2016-05-03 15:44:42.000000000 +0200
++++ openssl-1.0.2h/ssl/ssl.h 2016-05-03 18:49:10.393302264 +0200
+@@ -338,7 +338,7 @@
+ * The following cipher list is used by default. It also is substituted when
+ * an application-defined cipher list string starts with 'DEFAULT'.
+ */
+-# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2"
++# define SSL_DEFAULT_CIPHER_LIST "ALL:!EXPORT:!LOW:!aNULL:!eNULL:!SSLv2:!RC2:!DES"
+ /*
+ * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+ * starts with a reasonable order, and all we have to do for DEFAULT is