openssl: Upgrade to 1.0.2

Rebased numerous patches
removed aarch64 initial work since it's part of upstream now
Imported a few additional patches from Debian to support the version-script
and blacklist additional bad certificates.

(From OE-Core rev: 10b689033551c37d6cafa284d82bdccd43f6113e)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 44 insertions, 14 deletions

diff --git a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
index ac1b19b943..3943e2c2e7 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
@@ -1,38 +1,58 @@
-Upstream-Status: Backport [debian]
-
 From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
 From: Ludwig Nussel <ludwig.nussel@suse.de>
 Date: Wed, 21 Apr 2010 15:52:10 +0200
 Subject: [PATCH] also create old hash for compatibility
 
+Upstream-Status: Backport [debian]
+
 ---
  tools/c_rehash.in |    8 +++++++-
  1 files changed, 7 insertions(+), 1 deletions(-)
 
-Index: openssl-1.0.0d/tools/c_rehash.in
+Index: openssl-1.0.2~beta3/tools/c_rehash.in
 ===================================================================
---- openssl-1.0.0d.orig/tools/c_rehash.in       2011-04-13 20:41:28.000000000 +0000
-+++ openssl-1.0.0d/tools/c_rehash.in    2011-04-13 20:41:28.000000000 +0000
-@@ -86,6 +86,7 @@
-                        }
+--- openssl-1.0.2~beta3.orig/tools/c_rehash.in
++++ openssl-1.0.2~beta3/tools/c_rehash.in
+@@ -8,8 +8,6 @@ my $prefix;
+ 
+ my $openssl = $ENV{OPENSSL} || "openssl";
+ my $pwd;
+-my $x509hash = "-subject_hash";
+-my $crlhash = "-hash";
+ my $verbose = 0;
+ my $symlink_exists=eval {symlink("",""); 1};
+ my $removelinks = 1;
+@@ -18,10 +16,7 @@ my $removelinks = 1;
+ while ( $ARGV[0] =~ '-.*' ) {
+     my $flag = shift @ARGV;
+     last if ( $flag eq '--');
+-    if ( $flag =~ /-old/) {
+-           $x509hash = "-subject_hash_old";
+-           $crlhash = "-hash_old";
+-    } elsif ( $flag =~ /-h/) {
++    if ( $flag =~ /-h/) {
+            help();
+     } elsif ( $flag eq '-n' ) {
+            $removelinks = 0;
+@@ -113,7 +108,9 @@ sub hash_dir {
+                        next;
                 }
                 link_hash_cert($fname) if($cert);
 +               link_hash_cert_old($fname) if($cert);
                 link_hash_crl($fname) if($crl);
++               link_hash_crl_old($fname) if($crl);
         }
  }
-@@ -119,8 +120,9 @@
+ 
+@@ -146,6 +143,7 @@ sub check_file {
  
  sub link_hash_cert {
                 my $fname = $_[0];
-+               my $hashopt = $_[1] || '-subject_hash';
++               my $x509hash = $_[1] || '-subject_hash';
                 $fname =~ s/'/'\\''/g;
--               my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in "$fname"`;
-+               my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in "$fname"`;
+                my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in "$fname"`;
                 chomp $hash;
-                chomp $fprint;
-                $fprint =~ s/^.*=//;
-@@ -150,6 +152,10 @@
+@@ -177,10 +175,20 @@ sub link_hash_cert {
                 $hashlist{$hash} = $fprint;
  }
  
@@ -40,6 +60,16 @@ Index: openssl-1.0.0d/tools/c_rehash.in
 +               link_hash_cert($_[0], '-subject_hash_old');
 +}
 +
++sub link_hash_crl_old {
++               link_hash_crl($_[0], '-hash_old');
++}
++
++
  # Same as above except for a CRL. CRL links are of the form <hash>.r<n>
  
  sub link_hash_crl {
+                my $fname = $_[0];
++               my $crlhash = $_[1] || "-hash";
+                $fname =~ s/'/'\\''/g;
+                my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint -noout -in '$fname'`;
+                chomp $hash;