Re: [OE-core] [PATCH] openssl: Upgrade to 1.0.2

Saul Wold Sun, 15 Mar 2015 22:42:53 -0700

On 03/13/2015 07:46 AM, Martin Jansa wrote:

On Thu, Mar 12, 2015 at 02:18:27PM +0800, Robert Yang wrote:


I met this error when building openflow in meta-networking, I guess it maybe
related to the upgraded:

x86_64-wrs-linux-gcc  -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse
--sysroot=/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64
 -Wstrict-prototypes
   -O2 -pipe -g -feliminate-unused-debug-types -Wall -Wno-sign-compare
-Wpointer-arith -Wdeclaration-after-statement -Wformat-security -Wswitch-enum
-Wunused-parameter -Wstrict-aliasing -Wbad-function-cast -Wcast-align
-Wstrict-prototypes -Wold-style-definition -Wmissing-prototypes
-Wmissing-field-initializers -Wno-override-init -export-dynamic -Wl,-O1
-Wl,--hash-style=gnu -Wl,--as-needed -o secchan/ofprotocol secchan/discovery.o
secchan/emerg-flow.o secchan/fail-open.o secchan/failover.o secchan/in-band.o
secchan/port-watcher.o secchan/protocol-stat.o secchan/ratelimit.o
secchan/secchan.o secchan/status.o secchan/stp-secchan.o lib/libopenflow.a -ldl
-L/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/usr/lib64
-lssl
/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/x86_64-linux/usr/libexec/x86_64-wrs-linux/gcc/x86_64-wrs-linux/4.9.2/ld:
lib/libopenflow.a(vconn-ssl.o): undefined reference to symbol
'ERR_error_string@@OPENSSL_1.0.0'
/buildarea/lyang1/test_qemux86-64/bitbake_build/tmp/sysroots/qemux86-64/lib64/libcrypto.so.1.0.0:
error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status

I think I have a fix for this coming with a change to the libssl.pc fileto Require libcrypto instead of Require.private it.

python-pyopenssl is also failing since this upgrade:

| x86_64-oe-linux-gcc -m64 -march=core2 -mtune=core2 -msse3 -mfpmath=sse 
--sysroot=/home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64 
-DNDEBUG -g -O3 -Wall -Wstrict-prototypes -O2 -pipe -g 
-feliminate-unused-debug-types -fPIC 
-I/home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64/usr/include/python2.7
 -c OpenSSL/crypto/crl.c -o build/temp.linux-x86_64-2.7/OpenSSL/crypto/crl.o
| OpenSSL/crypto/crl.c:6:23: error: static declaration of 'X509_REVOKED_dup' 
follows non-static declaration
|  static X509_REVOKED * X509_REVOKED_dup(X509_REVOKED *orig) {
|                        ^
| In file included from 
/home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64/usr/include/openssl/ssl.h:156:0,
|                  from OpenSSL/crypto/x509.h:17,
|                  from OpenSSL/crypto/crypto.h:30,
|                  from OpenSSL/crypto/crl.c:3:
| 
/home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemux86-64/usr/include/openssl/x509.h:751:15:
 note: previous declaration of 'X509_REVOKED_dup' was here
|  X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
|                ^
| OpenSSL/crypto/crl.c: In function 'init_crypto_crl':
| OpenSSL/crypto/crl.c:285:5: warning: dereferencing type-punned pointer will 
break strict-aliasing rules [-Wstrict-aliasing]
|      Py_INCREF((PyObject *)&crypto_CRL_Type);
|      ^
| error: command 'x86_64-oe-linux-gcc' failed with exit status 1
| ERROR: python setup.py build_ext execution failed.
| WARNING: exit code 1 from a shell command.
| ERROR: Function failed: do_compile (log file is located at 
/home/jenkins/oe/world/shr-core/tmp-glibc/work/core2-64-oe-linux/python-pyopenssl/0.13-r1/temp/log.do_compile.21838)
NOTE: recipe python-pyopenssl-0.13-r1: task do_compile: Failed
ERROR: Task 19005 
(/home/jenkins/oe/world/shr-core/meta-openembedded/meta-oe/recipes-devtools/python/python-pyopenssl_0.13.bb,
 do_compile) failed with exit code '1'

I think this one needs a fix in the pyopenssl code which may be part ofthe 0.14, can you look into that update?


Sau!


// Robert

On 03/05/2015 01:46 AM, Saul Wold wrote:

Rebased numerous patches
removed aarch64 initial work since it's part of upstream now
Imported a few additional patches from Debian to support the version-script
and blacklist additional bad certificates.

Signed-off-by: Saul Wold <s...@linux.intel.com>
---
   .../openssl/openssl/Makefiles-ptest.patch          |  36 +--
   .../openssl/openssl/debian/c_rehash-compat.patch   |  58 +++-
   .../openssl/openssl/debian/debian-targets.patch    |  25 +-
   .../openssl/openssl/debian/version-script.patch    | 311 
++++++++++-----------
   .../debian1.0.2/block_digicert_malaysia.patch      |  29 ++
   .../openssl/debian1.0.2/block_diginotar.patch      |  67 +++++
   .../openssl/openssl/debian1.0.2/padlock_conf.patch |  31 ++
   .../openssl/engines-install-in-libdir-ssl.patch    |  42 +--
   .../openssl/openssl/fix-cipher-des-ede3-cfb1.patch |  21 +-
   .../openssl/openssl/initial-aarch64-bits.patch     | 120 --------
   ...-pointer-dereference-in-EVP_DigestInit_ex.patch |  22 +-
   ...NULL-pointer-dereference-in-dh_pub_encode.patch |  41 +--
   .../openssl/openssl/openssl_fix_for_x32.patch      |  85 ++----
   .../openssl/openssl/ptest-deps.patch               |  16 +-
   .../openssl/update-version-script-for-1.0.2.patch  |  66 +++++
   .../{openssl_1.0.1k.bb => openssl_1.0.2.bb}        |  19 +-
   16 files changed, 522 insertions(+), 467 deletions(-)
   create mode 100644 
meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
   create mode 100644 
meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
   create mode 100644 
meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
   delete mode 100644 
meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
   create mode 100644 
meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
   rename meta/recipes-connectivity/openssl/{openssl_1.0.1k.bb => 
openssl_1.0.2.bb} (84%)

diff --git a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch 
b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
index ac53a91..249446a 100644
--- a/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
+++ b/meta/recipes-connectivity/openssl/openssl/Makefiles-ptest.patch
@@ -5,10 +5,11 @@ Signed-off-by: Anders Roxell <anders.rox...@enea.com>
   Signed-off-by: Maxin B. John <maxin.j...@enea.com>
   Upstream-Status: Pending
   ---
-diff -uNr a/Makefile b/Makefile
---- a/Makefile.org     2012-05-10 17:06:02.000000000 +0200
-+++ b/Makefile.org     2012-10-27 00:05:55.359424024 +0200
-@@ -411,8 +411,16 @@
+Index: openssl-1.0.2/Makefile.org
+===================================================================
+--- openssl-1.0.2.orig/Makefile.org
++++ openssl-1.0.2/Makefile.org
+@@ -451,8 +451,16 @@ rehash.time: certs apps
    test:   tests

    tests: rehash
@@ -26,11 +27,11 @@ diff -uNr a/Makefile b/Makefile
        OPENSSL_CONF=apps/openssl.cnf util/opensslwrap.sh version -a

    report:
-diff --git a/test/Makefile b/test/Makefile
-index 3912f82..1696767 100644
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -128,7 +128,7 @@ tests:     exe apps $(TESTS)
+Index: openssl-1.0.2/test/Makefile
+===================================================================
+--- openssl-1.0.2.orig/test/Makefile
++++ openssl-1.0.2/test/Makefile
+@@ -137,7 +137,7 @@ tests:     exe apps $(TESTS)
    apps:
        @(cd ..; $(MAKE) DIRS=apps all)

@@ -39,28 +40,28 @@ index 3912f82..1696767 100644
        test_des test_idea test_sha test_md4 test_md5 test_hmac \
        test_md2 test_mdc2 test_wp \
        test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
-@@ -138,6 +138,11 @@ alltests: \
-       test_ss test_ca test_engine test_evp test_ssl test_tsa test_ige \
-       test_jpake test_cms
+@@ -148,6 +148,11 @@ alltests: \
+       test_jpake test_srp test_cms test_ocsp test_v3name test_heartbeat \
+       test_constant_time

   +alltests:
   +    @(for i in $(all-tests); do \
   +    ( $(MAKE) $$i && echo "PASS: $$i" ) || echo "FAIL: $$i"; \
   +    done)
   +
- test_evp:
+ test_evp: $(EVPTEST)$(EXE_EXT) evptests.txt
        ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt

-@@ -203,7 +208,7 @@ test_x509:
+@@ -213,7 +218,7 @@ test_x509: ../apps/openssl$(EXE_EXT) tx5
        echo test second x509v3 certificate
        sh ./tx509 v3-cert2.pem 2>/dev/null

--test_rsa: $(RSATEST)$(EXE_EXT)
-+test_rsa:
+-test_rsa: $(RSATEST)$(EXE_EXT) ../apps/openssl$(EXE_EXT) trsa testrsa.pem
++test_rsa: ../apps/openssl$(EXE_EXT) trsa testrsa.pem
        @sh ./trsa 2>/dev/null
        ../util/shlib_wrap.sh ./$(RSATEST)

-@@ -298,11 +303,11 @@ test_tsa:
+@@ -313,11 +318,11 @@ test_tsa: ../apps/openssl$(EXE_EXT) test
          sh ./testtsa; \
        fi

@@ -73,3 +74,4 @@ index 3912f82..1696767 100644
   +test_jpake:
        @echo "Test JPAKE"
        ../util/shlib_wrap.sh ./$(JPAKETEST)
+
diff --git 
a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch 
b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
index ac1b19b..3943e2c 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/c_rehash-compat.patch
@@ -1,38 +1,58 @@
-Upstream-Status: Backport [debian]
-
   From 83f318d68bbdab1ca898c94576a838cc97df4700 Mon Sep 17 00:00:00 2001
   From: Ludwig Nussel <ludwig.nus...@suse.de>
   Date: Wed, 21 Apr 2010 15:52:10 +0200
   Subject: [PATCH] also create old hash for compatibility

+Upstream-Status: Backport [debian]
+
   ---
    tools/c_rehash.in |    8 +++++++-
    1 files changed, 7 insertions(+), 1 deletions(-)

-Index: openssl-1.0.0d/tools/c_rehash.in
+Index: openssl-1.0.2~beta3/tools/c_rehash.in
   ===================================================================
---- openssl-1.0.0d.orig/tools/c_rehash.in      2011-04-13 20:41:28.000000000 
+0000
-+++ openssl-1.0.0d/tools/c_rehash.in   2011-04-13 20:41:28.000000000 +0000
-@@ -86,6 +86,7 @@
-                       }
+--- openssl-1.0.2~beta3.orig/tools/c_rehash.in
++++ openssl-1.0.2~beta3/tools/c_rehash.in
+@@ -8,8 +8,6 @@ my $prefix;
+
+ my $openssl = $ENV{OPENSSL} || "openssl";
+ my $pwd;
+-my $x509hash = "-subject_hash";
+-my $crlhash = "-hash";
+ my $verbose = 0;
+ my $symlink_exists=eval {symlink("",""); 1};
+ my $removelinks = 1;
+@@ -18,10 +16,7 @@ my $removelinks = 1;
+ while ( $ARGV[0] =~ '-.*' ) {
+     my $flag = shift @ARGV;
+     last if ( $flag eq '--');
+-    if ( $flag =~ /-old/) {
+-          $x509hash = "-subject_hash_old";
+-          $crlhash = "-hash_old";
+-    } elsif ( $flag =~ /-h/) {
++    if ( $flag =~ /-h/) {
+           help();
+     } elsif ( $flag eq '-n' ) {
+           $removelinks = 0;
+@@ -113,7 +108,9 @@ sub hash_dir {
+                       next;
                }
                link_hash_cert($fname) if($cert);
   +            link_hash_cert_old($fname) if($cert);
                link_hash_crl($fname) if($crl);
++              link_hash_crl_old($fname) if($crl);
        }
    }
-@@ -119,8 +120,9 @@
+
+@@ -146,6 +143,7 @@ sub check_file {

    sub link_hash_cert {
                my $fname = $_[0];
-+              my $hashopt = $_[1] || '-subject_hash';
++              my $x509hash = $_[1] || '-subject_hash';
                $fname =~ s/'/'\\''/g;
--              my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in 
"$fname"`;
-+              my ($hash, $fprint) = `"$openssl" x509 $hashopt -fingerprint -noout -in 
"$fname"`;
+               my ($hash, $fprint) = `"$openssl" x509 $x509hash -fingerprint -noout -in 
"$fname"`;
                chomp $hash;
-               chomp $fprint;
-               $fprint =~ s/^.*=//;
-@@ -150,6 +152,10 @@
+@@ -177,10 +175,20 @@ sub link_hash_cert {
                $hashlist{$hash} = $fprint;
    }

@@ -40,6 +60,16 @@ Index: openssl-1.0.0d/tools/c_rehash.in
   +            link_hash_cert($_[0], '-subject_hash_old');
   +}
   +
++sub link_hash_crl_old {
++              link_hash_crl($_[0], '-hash_old');
++}
++
++
    # Same as above except for a CRL. CRL links are of the form <hash>.r<n>

    sub link_hash_crl {
+               my $fname = $_[0];
++              my $crlhash = $_[1] || "-hash";
+               $fname =~ s/'/'\\''/g;
+               my ($hash, $fprint) = `"$openssl" crl $crlhash -fingerprint 
-noout -in '$fname'`;
+               chomp $hash;
diff --git 
a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch 
b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
index 8101edf..39d4328 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/debian-targets.patch
@@ -1,12 +1,12 @@
   Upstream-Status: Backport [debian]

-Index: openssl-1.0.1/Configure
+Index: openssl-1.0.2/Configure
   ===================================================================
---- openssl-1.0.1.orig/Configure       2012-03-17 15:37:54.000000000 +0000
-+++ openssl-1.0.1/Configure    2012-03-17 16:13:49.000000000 +0000
-@@ -105,6 +105,10 @@
+--- openssl-1.0.2.orig/Configure
++++ openssl-1.0.2/Configure
+@@ -107,6 +107,10 @@ my $gcc_devteam_warn = "-Wall -pedantic

- my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare 
-Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT 
-DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+ my $clang_disabled_warnings = "-Wno-language-extension-token 
-Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral 
-Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code 
-Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align 
-Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations 
-Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion 
-Wno-conditional-uninitialized -Wno-switch-enum";

   +# There are no separate CFLAGS/CPPFLAGS/LDFLAGS, set everything in CFLAGS
   +my $debian_cflags = `dpkg-buildflags --get CFLAGS` . `dpkg-buildflags --get CPPFLAGS` 
. `dpkg-buildflags --get LDFLAGS` . "-Wa,--noexecstack -Wall";
@@ -15,7 +15,7 @@ Index: openssl-1.0.1/Configure
    my $strict_warnings = 0;

    my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
-@@ -338,6 +342,48 @@
+@@ -343,6 +347,55 @@ my %table=(
    "osf1-alpha-cc",  "cc:-std1 -tune host -O4 
-readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG 
RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
    "tru64-alpha-cc", "cc:-std1 -tune host -fast 
-readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG 
RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared::-msym:.so",

@@ -23,9 +23,9 @@ Index: openssl-1.0.1/Configure
   +"debian-alpha","gcc:-DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 
DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-alpha-ev4","gcc:-DTERMIO ${debian_cflags} 
-mcpu=ev4::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 
DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-alpha-ev5","gcc:-DTERMIO ${debian_cflags} 
-mcpu=ev5::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 
DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armeb","gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL 
BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armel","gcc:-DL_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL 
BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"debian-armhf","gcc:-DL_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL 
BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-arm64","gcc:-DL_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL 
BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armel","gcc:-DL_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL 
BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-armhf","gcc:-DL_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL 
BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-amd64", "gcc:-m64 -DL_ENDIAN -DTERMIO ${debian_cflags} 
-DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
   +"debian-avr32", "gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} 
-fomit-frame-pointer::-D_REENTRANT::-ldl:BN_LLONG_BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-kfreebsd-amd64","gcc:-m64 -DL_ENDIAN -DTERMIOS ${debian_cflags} 
-DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -40,15 +40,21 @@ Index: openssl-1.0.1/Configure
   +"debian-m68k","gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG MD2_CHAR 
RC4_INDEX:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-mips",   "gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-mipsel",   "gcc:-DL_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsn32",   "mips64-linux-gnuabin32-gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mipsn32el",   "mips64el-linux-gnuabin32-gcc:-DL_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips64",   "mips64-linux-gnuabi64-gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-mips64el",   "mips64el-linux-gnuabi64-gcc:-DL_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL 
DES_RISC2:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-netbsd-i386",     "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} 
-m486::(unknown):::BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-netbsd-m68k",     "gcc:-DB_ENDIAN -DTERMIOS 
${debian_cflags}::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX 
DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-netbsd-sparc",    "gcc:-DB_ENDIAN -DTERMIOS ${debian_cflags} 
-mv8::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX 
DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-openbsd-alpha","gcc:-DTERMIOS 
${debian_cflags}::(unknown):::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR 
DES_RISC2:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-openbsd-i386",  "gcc:-DL_ENDIAN -DTERMIOS ${debian_cflags} 
-m486::(unknown):::BN_LLONG ${x86_gcc_des} 
${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-openbsd-mips","gcc:-DL_ENDIAN ${debian_cflags}::(unknown)::BN_LLONG 
MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR 
BF_PTR:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-or1k", "gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG 
DES_RISC1:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-powerpc","gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 
DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-powerpcspe","gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 
DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-ppc64","gcc:-m64 -DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 
DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-ppc64el","gcc:-m64 -DL_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 
DES_UNROLL:${ppc64_asm}:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-s390","gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:RC4_CHAR RC4_CHUNK DES_INT 
DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-s390x","gcc:-DB_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT 
DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-sh3",   "gcc:-DL_ENDIAN -DTERMIO 
${debian_cflags}::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
@@ -60,6 +66,7 @@ Index: openssl-1.0.1/Configure
   +"debian-sparc-v8","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v8 
-DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL 
BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-sparc-v9","gcc:-DB_ENDIAN -DTERMIO ${debian_cflags} -mcpu=v9 
-Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL 
BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
   +"debian-sparc64","gcc:-m64 -DB_ENDIAN -DTERMIO ${debian_cflags} -DULTRASPARC 
-DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL 
BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debian-x32","gcc:-mx32 -DL_ENDIAN -DTERMIO ${debian_cflags} 
-DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
   +
    ####
    #### Variety of LINUX:-)
diff --git 
a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch 
b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
index ece8b9b..a249180 100644
--- a/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
+++ b/meta/recipes-connectivity/openssl/openssl/debian/version-script.patch
@@ -1,10 +1,8 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.1d/Configure
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure
   ===================================================================
---- openssl-1.0.1d.orig/Configure      2013-02-06 19:41:43.000000000 +0100
-+++ openssl-1.0.1d/Configure   2013-02-06 19:41:43.000000000 +0100
-@@ -1621,6 +1621,8 @@
+--- openssl-1.0.2~beta1.obsolete.0.0498436515490575.orig/Configure     
2014-02-24 21:02:30.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/Configure  2014-02-24 
21:02:30.000000000 +0100
+@@ -1651,6 +1651,8 @@
                }
        }

@@ -13,11 +11,11 @@ Index: openssl-1.0.1d/Configure
    open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
    unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e 
"$Makefile.new";
    open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
-Index: openssl-1.0.1d/openssl.ld
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld
   ===================================================================
   --- /dev/null        1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/openssl.ld  2013-02-06 19:44:25.000000000 +0100
-@@ -0,0 +1,4620 @@
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/openssl.ld 2014-02-24 
22:19:08.601827266 +0100
+@@ -0,0 +1,4615 @@
   +OPENSSL_1.0.0 {
   +    global:
   +            BIO_f_ssl;
@@ -2229,20 +2227,16 @@ Index: openssl-1.0.1d/openssl.ld
   +            ERR_load_COMP_strings;
   +            PKCS12_item_decrypt_d2i;
   +            ASN1_UTF8STRING_it;
-+              ASN1_UTF8STRING_it;
   +            ENGINE_unregister_ciphers;
   +            ENGINE_get_ciphers;
   +            d2i_OCSP_BASICRESP;
   +            KRB5_CHECKSUM_it;
-+              KRB5_CHECKSUM_it;
   +            EC_POINT_add;
   +            ASN1_item_ex_i2d;
   +            OCSP_CERTID_it;
-+              OCSP_CERTID_it;
   +            d2i_OCSP_RESPBYTES;
   +            X509V3_add1_i2d;
   +            PKCS7_ENVELOPE_it;
-+              PKCS7_ENVELOPE_it;
   +            UI_add_input_boolean;
   +            ENGINE_unregister_RSA;
   +            X509V3_EXT_nconf;
@@ -2254,19 +2248,15 @@ Index: openssl-1.0.1d/openssl.ld
   +            ENGINE_register_all_RAND;
   +            ENGINE_load_dynamic;
   +            PBKDF2PARAM_it;
-+              PBKDF2PARAM_it;
   +            EXTENDED_KEY_USAGE_new;
   +            EC_GROUP_clear_free;
   +            OCSP_sendreq_bio;
   +            ASN1_item_digest;
   +            OCSP_BASICRESP_delete_ext;
   +            OCSP_SIGNATURE_it;
-+              OCSP_SIGNATURE_it;
-+              X509_CRL_it;
   +            X509_CRL_it;
   +            OCSP_BASICRESP_add_ext;
   +            KRB5_ENCKEY_it;
-+              KRB5_ENCKEY_it;
   +            UI_method_set_closer;
   +            X509_STORE_set_purpose;
   +            i2d_ASN1_GENERALSTRING;
@@ -2277,7 +2267,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            OCSP_REQUEST_get_ext_by_OBJ;
   +            _ossl_old_des_random_key;
   +            ASN1_T61STRING_it;
-+              ASN1_T61STRING_it;
   +            EC_GROUP_method_of;
   +            i2d_KRB5_APREQ;
   +            _ossl_old_des_encrypt;
@@ -2293,7 +2282,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            OCSP_SINGLERESP_get_ext_count;
   +            UI_ctrl;
   +            _shadow_DES_rw_mode;
-+              _shadow_DES_rw_mode;
   +            asn1_do_adb;
   +            ASN1_template_i2d;
   +            ENGINE_register_DH;
@@ -2307,8 +2295,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            KRB5_ENCKEY_free;
   +            OCSP_resp_get0;
   +            GENERAL_NAME_it;
-+              GENERAL_NAME_it;
-+              ASN1_GENERALIZEDTIME_it;
   +            ASN1_GENERALIZEDTIME_it;
   +            X509_STORE_set_flags;
   +            EC_POINT_set_compressed_coordinates_GFp;
@@ -2330,21 +2316,18 @@ Index: openssl-1.0.1d/openssl.ld
   +            EC_POINT_set_affine_coords_GFp;
   +            _ossl_old_des_options;
   +            SXNET_it;
-+              SXNET_it;
   +            UI_dup_input_boolean;
   +            PKCS12_add_CSPName_asc;
   +            EC_POINT_is_at_infinity;
   +            ENGINE_load_cryptodev;
   +            DSO_convert_filename;
   +            POLICYQUALINFO_it;
-+              POLICYQUALINFO_it;
   +            ENGINE_register_ciphers;
   +            BN_mod_lshift_quick;
   +            DSO_set_filename;
   +            ASN1_item_free;
   +            KRB5_TKTBODY_free;
   +            AUTHORITY_KEYID_it;
-+              AUTHORITY_KEYID_it;
   +            KRB5_APREQBODY_new;
   +            X509V3_EXT_REQ_add_nconf;
   +            ENGINE_ctrl_cmd_string;
@@ -2352,19 +2335,15 @@ Index: openssl-1.0.1d/openssl.ld
   +            EVP_MD_CTX_init;
   +            EXTENDED_KEY_USAGE_free;
   +            PKCS7_ATTR_SIGN_it;
-+              PKCS7_ATTR_SIGN_it;
   +            UI_add_error_string;
   +            KRB5_CHECKSUM_free;
   +            OCSP_REQUEST_get_ext;
   +            ENGINE_load_ubsec;
   +            ENGINE_register_all_digests;
   +            PKEY_USAGE_PERIOD_it;
-+              PKEY_USAGE_PERIOD_it;
   +            PKCS12_unpack_authsafes;
   +            ASN1_item_unpack;
   +            NETSCAPE_SPKAC_it;
-+              NETSCAPE_SPKAC_it;
-+              X509_REVOKED_it;
   +            X509_REVOKED_it;
   +            ASN1_STRING_encode;
   +            EVP_aes_128_ecb;
@@ -2376,7 +2355,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            UI_dup_info_string;
   +            _ossl_old_des_xwhite_in2out;
   +            PKCS12_it;
-+              PKCS12_it;
   +            OCSP_SINGLERESP_get_ext_by_critical;
   +            OCSP_SINGLERESP_get_ext_by_crit;
   +            OCSP_CERTSTATUS_free;
@@ -2395,10 +2373,8 @@ Index: openssl-1.0.1d/openssl.ld
   +            ENGINE_unregister_DSA;
   +            _ossl_old_des_key_sched;
   +            X509_EXTENSION_it;
-+              X509_EXTENSION_it;
   +            i2d_KRB5_AUTHENT;
   +            SXNETID_it;
-+              SXNETID_it;
   +            d2i_OCSP_SINGLERESP;
   +            EDIPARTYNAME_new;
   +            PKCS12_certbag2x509;
@@ -2409,10 +2385,8 @@ Index: openssl-1.0.1d/openssl.ld
   +            d2i_KRB5_APREQBODY;
   +            UI_method_get_flusher;
   +            X509_PUBKEY_it;
-+              X509_PUBKEY_it;
   +            _ossl_old_des_enc_read;
   +            PKCS7_ENCRYPT_it;
-+              PKCS7_ENCRYPT_it;
   +            i2d_OCSP_RESPONSE;
   +            EC_GROUP_get_cofactor;
   +            PKCS12_unpack_p7data;
@@ -2430,10 +2404,8 @@ Index: openssl-1.0.1d/openssl.ld
   +            PKCS12_item_i2d_encrypt;
   +            X509_add1_ext_i2d;
   +            PKCS7_SIGNER_INFO_it;
-+              PKCS7_SIGNER_INFO_it;
   +            KRB5_PRINCNAME_new;
   +            PKCS12_SAFEBAG_it;
-+              PKCS12_SAFEBAG_it;
   +            EC_GROUP_get_order;
   +            d2i_OCSP_RESPID;
   +            OCSP_request_verify;
@@ -2448,42 +2420,32 @@ Index: openssl-1.0.1d/openssl.ld
   +            EVP_MD_CTX_create;
   +            OCSP_resp_find_status;
   +            X509_ALGOR_it;
-+              X509_ALGOR_it;
-+              ASN1_TIME_it;
   +            ASN1_TIME_it;
   +            OCSP_request_set1_name;
   +            OCSP_ONEREQ_get_ext_count;
   +            UI_get0_result;
   +            PKCS12_AUTHSAFES_it;
-+              PKCS12_AUTHSAFES_it;
   +            EVP_aes_256_ecb;
   +            PKCS12_pack_authsafes;
   +            ASN1_IA5STRING_it;
-+              ASN1_IA5STRING_it;
   +            UI_get_input_flags;
   +            EC_GROUP_set_generator;
   +            _ossl_old_des_string_to_2keys;
   +            OCSP_CERTID_free;
   +            X509_CERT_AUX_it;
-+              X509_CERT_AUX_it;
-+              CERTIFICATEPOLICIES_it;
   +            CERTIFICATEPOLICIES_it;
   +            _ossl_old_des_ede3_cbc_encrypt;
   +            RAND_set_rand_engine;
   +            DSO_get_loaded_filename;
   +            X509_ATTRIBUTE_it;
-+              X509_ATTRIBUTE_it;
   +            OCSP_ONEREQ_get_ext_by_NID;
   +            PKCS12_decrypt_skey;
   +            KRB5_AUTHENT_it;
-+              KRB5_AUTHENT_it;
   +            UI_dup_error_string;
   +            RSAPublicKey_it;
-+              RSAPublicKey_it;
   +            i2d_OCSP_REQUEST;
   +            PKCS12_x509crl2certbag;
   +            OCSP_SERVICELOC_it;
-+              OCSP_SERVICELOC_it;
   +            ASN1_item_sign;
   +            X509_CRL_set_issuer_name;
   +            OBJ_NAME_do_all_sorted;
@@ -2494,30 +2456,23 @@ Index: openssl-1.0.1d/openssl.ld
   +            ENGINE_get_digest;
   +            OCSP_RESPONSE_print;
   +            KRB5_TKTBODY_it;
-+              KRB5_TKTBODY_it;
   +            ACCESS_DESCRIPTION_it;
-+              ACCESS_DESCRIPTION_it;
-+              PKCS7_ISSUER_AND_SERIAL_it;
   +            PKCS7_ISSUER_AND_SERIAL_it;
   +            PBE2PARAM_it;
-+              PBE2PARAM_it;
   +            PKCS12_certbag2x509crl;
   +            PKCS7_SIGNED_it;
-+              PKCS7_SIGNED_it;
   +            ENGINE_get_cipher;
   +            i2d_OCSP_CRLID;
   +            OCSP_SINGLERESP_new;
   +            ENGINE_cmd_is_executable;
   +            RSA_up_ref;
   +            ASN1_GENERALSTRING_it;
-+              ASN1_GENERALSTRING_it;
   +            ENGINE_register_DSA;
   +            X509V3_EXT_add_nconf_sk;
   +            ENGINE_set_load_pubkey_function;
   +            PKCS8_decrypt;
   +            PEM_bytes_read_bio;
   +            DIRECTORYSTRING_it;
-+              DIRECTORYSTRING_it;
   +            d2i_OCSP_CRLID;
   +            EC_POINT_is_on_curve;
   +            CRYPTO_set_locked_mem_ex_functions;
@@ -2525,7 +2480,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            d2i_KRB5_CHECKSUM;
   +            ASN1_item_dup;
   +            X509_it;
-+              X509_it;
   +            BN_mod_add;
   +            KRB5_AUTHDATA_free;
   +            _ossl_old_des_cbc_cksum;
@@ -2534,7 +2488,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            EC_POINT_get_Jprojective_coordinates_GFp;
   +            EC_POINT_get_Jproj_coords_GFp;
   +            ZLONG_it;
-+              ZLONG_it;
   +            CRYPTO_get_locked_mem_ex_functions;
   +            CRYPTO_get_locked_mem_ex_funcs;
   +            ASN1_TIME_check;
@@ -2544,41 +2497,30 @@ Index: openssl-1.0.1d/openssl.ld
   +            _ossl_old_des_ede3_cfb64_encrypt;
   +            _ossl_odes_ede3_cfb64_encrypt;
   +            ASN1_BMPSTRING_it;
-+              ASN1_BMPSTRING_it;
   +            ASN1_tag2bit;
   +            UI_method_set_flusher;
   +            X509_ocspid_print;
   +            KRB5_ENCDATA_it;
-+              KRB5_ENCDATA_it;
   +            ENGINE_get_load_pubkey_function;
   +            UI_add_user_data;
   +            OCSP_REQUEST_delete_ext;
   +            UI_get_method;
   +            OCSP_ONEREQ_free;
   +            ASN1_PRINTABLESTRING_it;
-+              ASN1_PRINTABLESTRING_it;
   +            X509_CRL_set_nextUpdate;
   +            OCSP_REQUEST_it;
-+              OCSP_REQUEST_it;
-+              OCSP_BASICRESP_it;
   +            OCSP_BASICRESP_it;
   +            AES_ecb_encrypt;
   +            BN_mod_sqr;
   +            NETSCAPE_CERT_SEQUENCE_it;
-+              NETSCAPE_CERT_SEQUENCE_it;
-+              GENERAL_NAMES_it;
   +            GENERAL_NAMES_it;
   +            AUTHORITY_INFO_ACCESS_it;
-+              AUTHORITY_INFO_ACCESS_it;
-+              ASN1_FBOOLEAN_it;
   +            ASN1_FBOOLEAN_it;
   +            UI_set_ex_data;
   +            _ossl_old_des_string_to_key;
   +            ENGINE_register_all_RSA;
   +            d2i_KRB5_PRINCNAME;
   +            OCSP_RESPBYTES_it;
-+              OCSP_RESPBYTES_it;
-+              X509_CINF_it;
   +            X509_CINF_it;
   +            ENGINE_unregister_digests;
   +            d2i_EDIPARTYNAME;
@@ -2588,7 +2530,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            OCSP_RESPDATA_free;
   +            d2i_KRB5_TICKET;
   +            OTHERNAME_it;
-+              OTHERNAME_it;
   +            EVP_MD_CTX_cleanup;
   +            d2i_ASN1_GENERALSTRING;
   +            X509_CRL_set_version;
@@ -2598,7 +2539,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            OCSP_REQUEST_free;
   +            OCSP_REQUEST_add1_ext_i2d;
   +            X509_VAL_it;
-+              X509_VAL_it;
   +            EC_POINTs_make_affine;
   +            EC_POINT_mul;
   +            X509V3_EXT_add_nconf;
@@ -2606,7 +2546,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            X509_CRL_add1_ext_i2d;
   +            _ossl_old_des_fcrypt;
   +            DISPLAYTEXT_it;
-+              DISPLAYTEXT_it;
   +            X509_CRL_set_lastUpdate;
   +            OCSP_BASICRESP_free;
   +            OCSP_BASICRESP_add1_ext_i2d;
@@ -2619,7 +2558,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            UI_get0_result_string;
   +            ASN1_GENERALSTRING_new;
   +            X509_SIG_it;
-+              X509_SIG_it;
   +            ERR_set_implementation;
   +            ERR_load_EC_strings;
   +            UI_get0_action_string;
@@ -2634,35 +2572,27 @@ Index: openssl-1.0.1d/openssl.ld
   +            OCSP_ONEREQ_get_ext_by_OBJ;
   +            ASN1_primitive_new;
   +            ASN1_PRINTABLE_it;
-+              ASN1_PRINTABLE_it;
   +            EVP_aes_192_ecb;
   +            OCSP_SIGNATURE_new;
   +            LONG_it;
-+              LONG_it;
-+              ASN1_VISIBLESTRING_it;
   +            ASN1_VISIBLESTRING_it;
   +            OCSP_SINGLERESP_add1_ext_i2d;
   +            d2i_OCSP_CERTID;
   +            ASN1_item_d2i_fp;
   +            CRL_DIST_POINTS_it;
-+              CRL_DIST_POINTS_it;
   +            GENERAL_NAME_print;
   +            OCSP_SINGLERESP_delete_ext;
   +            PKCS12_SAFEBAGS_it;
-+              PKCS12_SAFEBAGS_it;
   +            d2i_OCSP_SIGNATURE;
   +            OCSP_request_add1_nonce;
   +            ENGINE_set_cmd_defns;
   +            OCSP_SERVICELOC_free;
   +            EC_GROUP_free;
   +            ASN1_BIT_STRING_it;
-+              ASN1_BIT_STRING_it;
-+              X509_REQ_it;
   +            X509_REQ_it;
   +            _ossl_old_des_cbc_encrypt;
   +            ERR_unload_strings;
   +            PKCS7_SIGN_ENVELOPE_it;
-+              PKCS7_SIGN_ENVELOPE_it;
   +            EDIPARTYNAME_free;
   +            OCSP_REQINFO_free;
   +            EC_GROUP_new_curve_GFp;
@@ -2687,7 +2617,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            OCSP_CRLID_free;
   +            OCSP_BASICRESP_get1_ext_d2i;
   +            RSAPrivateKey_it;
-+              RSAPrivateKey_it;
   +            ENGINE_register_all_DH;
   +            i2d_EDIPARTYNAME;
   +            EC_POINT_get_affine_coordinates_GFp;
@@ -2695,10 +2624,8 @@ Index: openssl-1.0.1d/openssl.ld
   +            OCSP_CRLID_new;
   +            ENGINE_get_flags;
   +            OCSP_ONEREQ_it;
-+              OCSP_ONEREQ_it;
   +            UI_process;
   +            ASN1_INTEGER_it;
-+              ASN1_INTEGER_it;
   +            EVP_CipherInit_ex;
   +            UI_get_string_type;
   +            ENGINE_unregister_DH;
@@ -2707,7 +2634,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            bn_dup_expand;
   +            OCSP_cert_id_new;
   +            BASIC_CONSTRAINTS_it;
-+              BASIC_CONSTRAINTS_it;
   +            BN_mod_add_quick;
   +            EC_POINT_new;
   +            EVP_MD_CTX_destroy;
@@ -2717,7 +2643,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            EC_POINT_free;
   +            DH_up_ref;
   +            X509_NAME_ENTRY_it;
-+              X509_NAME_ENTRY_it;
   +            UI_get_ex_new_index;
   +            BN_mod_sub_quick;
   +            OCSP_ONEREQ_add_ext;
@@ -2730,7 +2655,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            ENGINE_register_complete;
   +            X509V3_EXT_nconf_nid;
   +            ASN1_SEQUENCE_it;
-+              ASN1_SEQUENCE_it;
   +            UI_set_default_method;
   +            RAND_query_egd_bytes;
   +            UI_method_get_writer;
@@ -2738,8 +2662,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            PEM_def_callback;
   +            ENGINE_cleanup;
   +            DIST_POINT_it;
-+              DIST_POINT_it;
-+              OCSP_SINGLERESP_it;
   +            OCSP_SINGLERESP_it;
   +            d2i_KRB5_TKTBODY;
   +            EC_POINT_cmp;
@@ -2758,24 +2680,20 @@ Index: openssl-1.0.1d/openssl.ld
   +            OCSP_cert_to_id;
   +            OCSP_RESPID_new;
   +            OCSP_RESPDATA_it;
-+              OCSP_RESPDATA_it;
   +            d2i_OCSP_RESPDATA;
   +            ENGINE_register_all_complete;
   +            OCSP_check_validity;
   +            PKCS12_BAGS_it;
-+              PKCS12_BAGS_it;
   +            OCSP_url_svcloc_new;
   +            ASN1_template_free;
   +            OCSP_SINGLERESP_add_ext;
   +            KRB5_AUTHENTBODY_it;
-+              KRB5_AUTHENTBODY_it;
   +            X509_supported_extension;
   +            i2d_KRB5_AUTHDATA;
   +            UI_method_get_opener;
   +            ENGINE_set_ex_data;
   +            OCSP_REQUEST_print;
   +            CBIGNUM_it;
-+              CBIGNUM_it;
   +            KRB5_TICKET_new;
   +            KRB5_APREQ_new;
   +            EC_GROUP_get_curve_GFp;
@@ -2785,27 +2703,20 @@ Index: openssl-1.0.1d/openssl.ld
   +            OCSP_single_get0_status;
   +            BN_swap;
   +            POLICYINFO_it;
-+              POLICYINFO_it;
   +            ENGINE_set_destroy_function;
   +            asn1_enc_free;
   +            OCSP_RESPID_it;
-+              OCSP_RESPID_it;
   +            EC_GROUP_new;
   +            EVP_aes_256_cbc;
   +            i2d_KRB5_PRINCNAME;
   +            _ossl_old_des_encrypt2;
   +            _ossl_old_des_encrypt3;
   +            PKCS8_PRIV_KEY_INFO_it;
-+              PKCS8_PRIV_KEY_INFO_it;
-+              OCSP_REQINFO_it;
   +            OCSP_REQINFO_it;
   +            PBEPARAM_it;
-+              PBEPARAM_it;
   +            KRB5_AUTHENTBODY_new;
   +            X509_CRL_add0_revoked;
   +            EDIPARTYNAME_it;
-+              EDIPARTYNAME_it;
-+              NETSCAPE_SPKI_it;
   +            NETSCAPE_SPKI_it;
   +            UI_get0_test_string;
   +            ENGINE_get_cipher_engine;
@@ -2817,14 +2728,12 @@ Index: openssl-1.0.1d/openssl.ld
   +            UI_method_get_reader;
   +            OCSP_BASICRESP_get_ext_count;
   +            ASN1_ENUMERATED_it;
-+              ASN1_ENUMERATED_it;
   +            UI_set_result;
   +            i2d_KRB5_TICKET;
   +            X509_print_ex_fp;
   +            EVP_CIPHER_CTX_set_padding;
   +            d2i_OCSP_RESPONSE;
   +            ASN1_UTCTIME_it;
-+              ASN1_UTCTIME_it;
   +            _ossl_old_des_enc_write;
   +            OCSP_RESPONSE_new;
   +            AES_set_encrypt_key;
@@ -2834,14 +2743,11 @@ Index: openssl-1.0.1d/openssl.ld
   +            OCSP_onereq_get0_id;
   +            ENGINE_set_default_ciphers;
   +            NOTICEREF_it;
-+              NOTICEREF_it;
   +            X509V3_EXT_CRL_add_nconf;
   +            OCSP_REVOKEDINFO_it;
-+              OCSP_REVOKEDINFO_it;
   +            AES_encrypt;
   +            OCSP_REQUEST_new;
   +            ASN1_ANY_it;
-+              ASN1_ANY_it;
   +            CRYPTO_ex_data_new_class;
   +            _ossl_old_des_ncbc_encrypt;
   +            i2d_KRB5_TKTBODY;
@@ -2864,19 +2770,15 @@ Index: openssl-1.0.1d/openssl.ld
   +            ENGINE_load_nuron;
   +            _ossl_old_des_pcbc_encrypt;
   +            PKCS12_MAC_DATA_it;
-+              PKCS12_MAC_DATA_it;
   +            OCSP_accept_responses_new;
   +            asn1_do_lock;
   +            PKCS7_ATTR_VERIFY_it;
-+              PKCS7_ATTR_VERIFY_it;
-+              KRB5_APREQBODY_it;
   +            KRB5_APREQBODY_it;
   +            i2d_OCSP_SINGLERESP;
   +            ASN1_item_ex_new;
   +            UI_add_verify_string;
   +            _ossl_old_des_set_key;
   +            KRB5_PRINCNAME_it;
-+              KRB5_PRINCNAME_it;
   +            EVP_DecryptInit_ex;
   +            i2d_OCSP_CERTID;
   +            ASN1_item_d2i_bio;
@@ -2890,20 +2792,17 @@ Index: openssl-1.0.1d/openssl.ld
   +            OCSP_BASICRESP_new;
   +            OCSP_REQUEST_get_ext_by_NID;
   +            KRB5_APREQ_it;
-+              KRB5_APREQ_it;
   +            ENGINE_get_destroy_function;
   +            CONF_set_nconf;
   +            ASN1_PRINTABLE_free;
   +            OCSP_BASICRESP_get_ext_by_NID;
   +            DIST_POINT_NAME_it;
-+              DIST_POINT_NAME_it;
   +            X509V3_extensions_print;
   +            _ossl_old_des_cfb64_encrypt;
   +            X509_REVOKED_add1_ext_i2d;
   +            _ossl_old_des_ofb_encrypt;
   +            KRB5_TKTBODY_new;
   +            ASN1_OCTET_STRING_it;
-+              ASN1_OCTET_STRING_it;
   +            ERR_load_UI_strings;
   +            i2d_KRB5_ENCKEY;
   +            ASN1_template_new;
@@ -2911,8 +2810,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            ASN1_item_i2d_fp;
   +            KRB5_PRINCNAME_free;
   +            PKCS7_RECIP_INFO_it;
-+              PKCS7_RECIP_INFO_it;
-+              EXTENDED_KEY_USAGE_it;
   +            EXTENDED_KEY_USAGE_it;
   +            EC_GFp_simple_method;
   +            EC_GROUP_precompute_mult;
@@ -2920,42 +2817,33 @@ Index: openssl-1.0.1d/openssl.ld
   +            UI_method_set_writer;
   +            KRB5_AUTHENT_new;
   +            X509_CRL_INFO_it;
-+              X509_CRL_INFO_it;
   +            DSO_set_name_converter;
   +            AES_set_decrypt_key;
   +            PKCS7_DIGEST_it;
-+              PKCS7_DIGEST_it;
   +            PKCS12_x5092certbag;
   +            EVP_DigestInit_ex;
   +            i2a_ACCESS_DESCRIPTION;
   +            OCSP_RESPONSE_it;
-+              OCSP_RESPONSE_it;
-+              PKCS7_ENC_CONTENT_it;
   +            PKCS7_ENC_CONTENT_it;
   +            OCSP_request_add0_id;
   +            EC_POINT_make_affine;
   +            DSO_get_filename;
   +            OCSP_CERTSTATUS_it;
-+              OCSP_CERTSTATUS_it;
   +            OCSP_request_add1_cert;
   +            UI_get0_output_string;
   +            UI_dup_verify_string;
   +            BN_mod_lshift;
   +            KRB5_AUTHDATA_it;
-+              KRB5_AUTHDATA_it;
   +            asn1_set_choice_selector;
   +            OCSP_basic_add1_status;
   +            OCSP_RESPID_free;
   +            asn1_get_field_ptr;
   +            UI_add_input_string;
   +            OCSP_CRLID_it;
-+              OCSP_CRLID_it;
   +            i2d_KRB5_AUTHENTBODY;
   +            OCSP_REQUEST_get_ext_count;
   +            ENGINE_load_atalla;
   +            X509_NAME_it;
-+              X509_NAME_it;
-+              USERNOTICE_it;
   +            USERNOTICE_it;
   +            OCSP_REQINFO_new;
   +            OCSP_BASICRESP_get_ext;
@@ -2965,33 +2853,27 @@ Index: openssl-1.0.1d/openssl.ld
   +            i2d_KRB5_ENCDATA;
   +            X509_PURPOSE_set;
   +            X509_REQ_INFO_it;
-+              X509_REQ_INFO_it;
   +            UI_method_set_opener;
   +            ASN1_item_ex_free;
   +            ASN1_BOOLEAN_it;
-+              ASN1_BOOLEAN_it;
   +            ENGINE_get_table_flags;
   +            UI_create_method;
   +            OCSP_ONEREQ_add1_ext_i2d;
   +            _shadow_DES_check_key;
-+              _shadow_DES_check_key;
   +            d2i_OCSP_REQINFO;
   +            UI_add_info_string;
   +            UI_get_result_minsize;
   +            ASN1_NULL_it;
-+              ASN1_NULL_it;
   +            BN_mod_lshift1;
   +            d2i_OCSP_ONEREQ;
   +            OCSP_ONEREQ_new;
   +            KRB5_TICKET_it;
-+              KRB5_TICKET_it;
   +            EVP_aes_192_cbc;
   +            KRB5_TICKET_free;
   +            UI_new;
   +            OCSP_response_create;
   +            _ossl_old_des_xcbc_encrypt;
   +            PKCS7_it;
-+              PKCS7_it;
   +            OCSP_REQUEST_get_ext_by_critical;
   +            OCSP_REQUEST_get_ext_by_crit;
   +            ENGINE_set_flags;
@@ -3000,11 +2882,9 @@ Index: openssl-1.0.1d/openssl.ld
   +            EVP_Digest;
   +            OCSP_ONEREQ_delete_ext;
   +            ASN1_TBOOLEAN_it;
-+              ASN1_TBOOLEAN_it;
   +            ASN1_item_new;
   +            ASN1_TIME_to_generalizedtime;
   +            BIGNUM_it;
-+              BIGNUM_it;
   +            AES_cbc_encrypt;
   +            ENGINE_get_load_privkey_function;
   +            ENGINE_get_load_privkey_fn;
@@ -3016,7 +2896,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            EC_POINT_point2oct;
   +            KRB5_APREQ_free;
   +            ASN1_OBJECT_it;
-+              ASN1_OBJECT_it;
   +            OCSP_crlID_new;
   +            OCSP_crlID2_new;
   +            CONF_modules_load_file;
@@ -3074,7 +2953,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            i2d_ASN1_UNIVERSALSTRING;
   +            ASN1_UNIVERSALSTRING_free;
   +            ASN1_UNIVERSALSTRING_it;
-+              ASN1_UNIVERSALSTRING_it;
   +            d2i_ASN1_UNIVERSALSTRING;
   +            EVP_des_ede3_ecb;
   +            X509_REQ_print_ex;
@@ -3130,14 +3008,12 @@ Index: openssl-1.0.1d/openssl.ld
   +            HMAC_CTX_set_flags;
   +            d2i_PROXY_CERT_INFO_EXTENSION;
   +            PROXY_POLICY_it;
-+              PROXY_POLICY_it;
   +            i2d_PROXY_POLICY;
   +            i2d_PROXY_CERT_INFO_EXTENSION;
   +            d2i_PROXY_POLICY;
   +            PROXY_CERT_INFO_EXTENSION_new;
   +            PROXY_CERT_INFO_EXTENSION_free;
   +            PROXY_CERT_INFO_EXTENSION_it;
-+              PROXY_CERT_INFO_EXTENSION_it;
   +            PROXY_POLICY_free;
   +            PROXY_POLICY_new;
   +            BN_MONT_CTX_set_locked;
@@ -3174,7 +3050,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            BN_BLINDING_get_thread_id;
   +            X509_STORE_CTX_set0_param;
   +            POLICY_MAPPING_it;
-+              POLICY_MAPPING_it;
   +            STORE_parse_attrs_start;
   +            POLICY_CONSTRAINTS_free;
   +            EVP_PKEY_add1_attr_by_NID;
@@ -3183,7 +3058,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            STORE_set_method;
   +            GENERAL_SUBTREE_free;
   +            NAME_CONSTRAINTS_it;
-+              NAME_CONSTRAINTS_it;
   +            ECDH_get_default_method;
   +            PKCS12_add_safe;
   +            EC_KEY_new_by_curve_name;
@@ -3226,7 +3100,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            ENGINE_get_default_ECDH;
   +            EC_KEY_get_conv_form;
   +            ASN1_OCTET_STRING_NDEF_it;
-+              ASN1_OCTET_STRING_NDEF_it;
   +            STORE_delete_public_key;
   +            STORE_get_public_key;
   +            STORE_modify_arbitrary;
@@ -3383,7 +3256,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            ENGINE_load_padlock;
   +            EC_GROUP_set_curve_name;
   +            X509_CERT_PAIR_it;
-+              X509_CERT_PAIR_it;
   +            STORE_meth_get_revoke_fn;
   +            STORE_method_get_revoke_function;
   +            STORE_method_set_get_function;
@@ -3510,7 +3382,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            pqueue_pop;
   +            STORE_ATTR_INFO_get0_cstr;
   +            POLICY_CONSTRAINTS_it;
-+              POLICY_CONSTRAINTS_it;
   +            STORE_get_ex_new_index;
   +            EVP_PKEY_get_attr_by_OBJ;
   +            X509_VERIFY_PARAM_add0_policy;
@@ -3558,8 +3429,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            STORE_modify_crl;
   +            STORE_list_private_key_start;
   +            POLICY_MAPPINGS_it;
-+              POLICY_MAPPINGS_it;
-+              GENERAL_SUBTREE_it;
   +            GENERAL_SUBTREE_it;
   +            EC_GROUP_get_curve_name;
   +            PEM_write_X509_CERT_PAIR;
@@ -3692,15 +3561,12 @@ Index: openssl-1.0.1d/openssl.ld
   +            BIO_set_callback_arg;
   +            v3_addr_add_prefix;
   +            IPAddressOrRange_it;
-+              IPAddressOrRange_it;
   +            BIO_set_flags;
   +            ASIdentifiers_it;
-+              ASIdentifiers_it;
   +            v3_addr_get_range;
   +            BIO_method_type;
   +            v3_addr_inherits;
   +            IPAddressChoice_it;
-+              IPAddressChoice_it;
   +            AES_ige_encrypt;
   +            v3_addr_add_range;
   +            EVP_CIPHER_CTX_nid;
@@ -3721,7 +3587,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            BIO_clear_flags;
   +            i2d_ASRange;
   +            IPAddressRange_it;
-+              IPAddressRange_it;
   +            IPAddressChoice_new;
   +            ASIdentifierChoice_new;
   +            ASRange_free;
@@ -3742,7 +3607,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            BIO_test_flags;
   +            i2d_ASIdentifierChoice;
   +            ASRange_it;
-+              ASRange_it;
   +            d2i_ASIdentifiers;
   +            ASRange_new;
   +            d2i_IPAddressChoice;
@@ -3751,7 +3615,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            EVP_Cipher;
   +            i2d_IPAddressOrRange;
   +            ASIdOrRange_it;
-+              ASIdOrRange_it;
   +            EVP_CIPHER_nid;
   +            i2d_IPAddressChoice;
   +            EVP_CIPHER_CTX_block_size;
@@ -3762,7 +3625,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            v3_addr_is_canonical;
   +            i2d_IPAddressRange;
   +            IPAddressFamily_it;
-+              IPAddressFamily_it;
   +            v3_asid_inherits;
   +            EVP_CIPHER_CTX_cipher;
   +            EVP_CIPHER_CTX_get_app_data;
@@ -3772,7 +3634,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            d2i_IPAddressOrRange;
   +            v3_addr_canonize;
   +            ASIdentifierChoice_it;
-+              ASIdentifierChoice_it;
   +            EVP_MD_CTX_md;
   +            d2i_ASIdentifierChoice;
   +            BIO_method_name;
@@ -3795,7 +3656,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            SEED_set_key;
   +            EVP_seed_cfb128;
   +            X509_EXTENSIONS_it;
-+              X509_EXTENSIONS_it;
   +            X509_get1_ocsp;
   +            OCSP_REQ_CTX_free;
   +            i2d_X509_EXTENSIONS;
@@ -3803,7 +3663,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            OCSP_sendreq_new;
   +            d2i_X509_EXTENSIONS;
   +            X509_ALGORS_it;
-+              X509_ALGORS_it;
   +            X509_ALGOR_get0;
   +            X509_ALGOR_set0;
   +            AES_unwrap_key;
@@ -3848,7 +3707,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            CMS_SignerInfo_verify;
   +            CMS_data;
   +            CMS_ContentInfo_it;
-+              CMS_ContentInfo_it;
   +            d2i_CMS_ReceiptRequest;
   +            CMS_compress;
   +            CMS_digest_create;
@@ -3893,7 +3751,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            CMS_RecipientInfo_kekri_get0_id;
   +            CMS_verify_receipt;
   +            CMS_ReceiptRequest_it;
-+              CMS_ReceiptRequest_it;
   +            PEM_read_bio_CMS;
   +            CMS_get1_crls;
   +            CMS_add0_recipient_key;
@@ -4032,7 +3889,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            TS_REQ_dup;
   +            GENERAL_NAME_dup;
   +            ASN1_SEQUENCE_ANY_it;
-+              ASN1_SEQUENCE_ANY_it;
   +            WHIRLPOOL;
   +            X509_STORE_get1_crls;
   +            ENGINE_get_pkey_asn1_meth;
@@ -4103,7 +3959,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            DIST_POINT_set_dpname;
   +            i2d_ISSUING_DIST_POINT;
   +            ASN1_SET_ANY_it;
-+              ASN1_SET_ANY_it;
   +            EVP_PKEY_CTX_get_data;
   +            TS_STATUS_INFO_print_bio;
   +            EVP_PKEY_derive_init;
@@ -4263,7 +4118,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            EVP_DigestSignFinal;
   +            TS_RESP_CTX_set_def_policy;
   +            NETSCAPE_X509_it;
-+              NETSCAPE_X509_it;
   +            TS_RESP_create_response;
   +            PKCS7_SIGNER_INFO_get0_algs;
   +            TS_TST_INFO_get_nonce;
@@ -4322,7 +4176,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            EVP_CIPHER_do_all_sorted;
   +            EVP_PKEY_CTX_free;
   +            ISSUING_DIST_POINT_it;
-+              ISSUING_DIST_POINT_it;
   +            d2i_TS_MSG_IMPRINT_fp;
   +            X509_STORE_get1_certs;
   +            EVP_PKEY_CTX_get_operation;
@@ -4615,7 +4468,6 @@ Index: openssl-1.0.1d/openssl.ld
   +            X509_signature_dump;
   +            d2i_RSA_PSS_PARAMS;
   +            RSA_PSS_PARAMS_it;
-+              RSA_PSS_PARAMS_it;
   +            RSA_PSS_PARAMS_free;
   +            X509_sign_ctx;
   +            i2d_RSA_PSS_PARAMS;
@@ -4638,10 +4490,151 @@ Index: openssl-1.0.1d/openssl.ld
   +            CRYPTO_memcmp;
   +} OPENSSL_1.0.1;
   +
-Index: openssl-1.0.1d/engines/openssl.ld
++OPENSSL_1.0.2 {
++      global:
++              SSL_CTX_set_alpn_protos;
++              SSL_set_alpn_protos;
++              SSL_CTX_set_alpn_select_cb;
++              SSL_get0_alpn_selected;
++              SSL_CTX_set_custom_cli_ext;
++              SSL_CTX_set_custom_srv_ext;
++              SSL_CTX_set_srv_supp_data;
++              SSL_CTX_set_cli_supp_data;
++              SSL_set_cert_cb;
++              SSL_CTX_use_serverinfo;
++              SSL_CTX_use_serverinfo_file;
++              SSL_CTX_set_cert_cb;
++              SSL_CTX_get0_param;
++              SSL_get0_param;
++              SSL_certs_clear;
++              DTLSv1_2_method;
++              DTLSv1_2_server_method;
++              DTLSv1_2_client_method;
++              DTLS_method;
++              DTLS_server_method;
++              DTLS_client_method;
++              SSL_CTX_get_ssl_method;
++              SSL_CTX_get0_certificate;
++              SSL_CTX_get0_privatekey;
++              SSL_COMP_set0_compression_methods;
++              SSL_COMP_free_compression_methods;
++              SSL_CIPHER_find;
++              SSL_is_server;
++              SSL_CONF_CTX_new;
++              SSL_CONF_CTX_finish;
++              SSL_CONF_CTX_free;
++              SSL_CONF_CTX_set_flags;
++              SSL_CONF_CTX_clear_flags;
++              SSL_CONF_CTX_set1_prefix;
++              SSL_CONF_CTX_set_ssl;
++              SSL_CONF_CTX_set_ssl_ctx;
++              SSL_CONF_cmd;
++              SSL_CONF_cmd_argv;
++              SSL_CONF_cmd_value_type;
++              SSL_trace;
++              SSL_CIPHER_standard_name;
++              SSL_get_tlsa_record_byname;
++              ASN1_TIME_diff;
++              BIO_hex_string;
++              CMS_RecipientInfo_get0_pkey_ctx;
++              CMS_RecipientInfo_encrypt;
++              CMS_SignerInfo_get0_pkey_ctx;
++              CMS_SignerInfo_get0_md_ctx;
++              CMS_SignerInfo_get0_signature;
++              CMS_RecipientInfo_kari_get0_alg;
++              CMS_RecipientInfo_kari_get0_reks;
++              CMS_RecipientInfo_kari_get0_orig_id;
++              CMS_RecipientInfo_kari_orig_id_cmp;
++              CMS_RecipientEncryptedKey_get0_id;
++              CMS_RecipientEncryptedKey_cert_cmp;
++              CMS_RecipientInfo_kari_set0_pkey;
++              CMS_RecipientInfo_kari_get0_ctx;
++              CMS_RecipientInfo_kari_decrypt;
++              CMS_SharedInfo_encode;
++              DH_compute_key_padded;
++              d2i_DHxparams;
++              i2d_DHxparams;
++              DH_get_1024_160;
++              DH_get_2048_224;
++              DH_get_2048_256;
++              DH_KDF_X9_42;
++              ECDH_KDF_X9_62;
++              ECDSA_METHOD_new;
++              ECDSA_METHOD_free;
++              ECDSA_METHOD_set_app_data;
++              ECDSA_METHOD_get_app_data;
++              ECDSA_METHOD_set_sign;
++              ECDSA_METHOD_set_sign_setup;
++              ECDSA_METHOD_set_verify;
++              ECDSA_METHOD_set_flags;
++              ECDSA_METHOD_set_name;
++              EVP_des_ede3_wrap;
++              EVP_aes_128_wrap;
++              EVP_aes_192_wrap;
++              EVP_aes_256_wrap;
++              EVP_aes_128_cbc_hmac_sha256;
++              EVP_aes_256_cbc_hmac_sha256;
++              CRYPTO_128_wrap;
++              CRYPTO_128_unwrap;
++              OCSP_REQ_CTX_nbio;
++              OCSP_REQ_CTX_new;
++              OCSP_set_max_response_length;
++              OCSP_REQ_CTX_i2d;
++              OCSP_REQ_CTX_nbio_d2i;
++              OCSP_REQ_CTX_get0_mem_bio;
++              OCSP_REQ_CTX_http;
++              RSA_padding_add_PKCS1_OAEP_mgf1;
++              RSA_padding_check_PKCS1_OAEP_mgf1;
++              RSA_OAEP_PARAMS_free;
++              RSA_OAEP_PARAMS_it;
++              RSA_OAEP_PARAMS_new;
++              SSL_get_sigalgs;
++              SSL_get_shared_sigalgs;
++              SSL_check_chain;
++              X509_chain_up_ref;
++              X509_http_nbio;
++              X509_CRL_http_nbio;
++              X509_REVOKED_dup;
++              i2d_re_X509_tbs;
++              X509_get0_signature;
++              X509_get_signature_nid;
++              X509_CRL_diff;
++              X509_chain_check_suiteb;
++              X509_CRL_check_suiteb;
++              X509_check_host;
++              X509_check_email;
++              X509_check_ip;
++              X509_check_ip_asc;
++              X509_STORE_set_lookup_crls_cb;
++              X509_STORE_CTX_get0_store;
++              X509_VERIFY_PARAM_set1_host;
++              X509_VERIFY_PARAM_add1_host;
++              X509_VERIFY_PARAM_set_hostflags;
++              X509_VERIFY_PARAM_get0_peername;
++              X509_VERIFY_PARAM_set1_email;
++              X509_VERIFY_PARAM_set1_ip;
++              X509_VERIFY_PARAM_set1_ip_asc;
++              X509_VERIFY_PARAM_get0_name;
++              X509_VERIFY_PARAM_get_count;
++              X509_VERIFY_PARAM_get0;
++              X509V3_EXT_free;
++              EC_GROUP_get_mont_data;
++              EC_curve_nid2nist;
++              EC_curve_nist2nid;
++              PEM_write_bio_DHxparams;
++              PEM_write_DHxparams;
++              SSL_CTX_add_client_custom_ext;
++              SSL_CTX_add_server_custom_ext;
++              SSL_extension_supported;
++              BUF_strnlen;
++              sk_deep_copy;
++              SSL_test_functions;
++} OPENSSL_1.0.1d;
++
+Index: openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld
   ===================================================================
   --- /dev/null        1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/engines/openssl.ld  2013-02-06 19:41:43.000000000 +0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/openssl.ld 
2014-02-24 21:02:30.000000000 +0100
   @@ -0,0 +1,10 @@
   +OPENSSL_1.0.0 {
   +    global:
@@ -4653,10 +4646,10 @@ Index: openssl-1.0.1d/engines/openssl.ld
   +            *;
   +};
   +
-Index: openssl-1.0.1d/engines/ccgost/openssl.ld
+Index: 
openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld
   ===================================================================
   --- /dev/null        1970-01-01 00:00:00.000000000 +0000
-+++ openssl-1.0.1d/engines/ccgost/openssl.ld   2013-02-06 19:41:43.000000000 
+0100
++++ openssl-1.0.2~beta1.obsolete.0.0498436515490575/engines/ccgost/openssl.ld  
2014-02-24 21:02:30.000000000 +0100
   @@ -0,0 +1,10 @@
   +OPENSSL_1.0.0 {
   +    global:
diff --git 
a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
 
b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
new file mode 100644
index 0000000..c43bcd1
--- /dev/null
+++ 
b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_digicert_malaysia.patch
@@ -0,0 +1,29 @@
+From: Raphael Geissert <geiss...@debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "Digicert Sdn. Bhd." (from Malaysia) is revoked.
+Forwarded: not-needed
+Origin: vendor
+Last-Update: 2011-11-05
+
+Upstream-Status: Backport [debian]
+
+
+Index: openssl-1.0.2~beta1/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-1.0.2~beta1.orig/crypto/x509/x509_vfy.c    2014-02-25 
00:16:12.488028844 +0100
++++ openssl-1.0.2~beta1/crypto/x509/x509_vfy.c 2014-02-25 00:16:12.484028929 
+0100
+@@ -964,10 +964,11 @@
+       for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
+               {
+               x = sk_X509_value(ctx->chain, i);
+-              /* Mark DigiNotar certificates as revoked, no matter
+-               * where in the chain they are.
++              /* Mark certificates containing the following names as
++               * revoked, no matter where in the chain they are.
+                */
+-              if (x->name && strstr(x->name, "DigiNotar"))
++              if (x->name && (strstr(x->name, "DigiNotar") ||
++                      strstr(x->name, "Digicert Sdn. Bhd.")))
+                       {
+                       ctx->error = X509_V_ERR_CERT_REVOKED;
+                       ctx->error_depth = i;
diff --git 
a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch 
b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
new file mode 100644
index 0000000..0c1a0b6
--- /dev/null
+++ 
b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/block_diginotar.patch
@@ -0,0 +1,67 @@
+From: Raphael Geissert <geiss...@debian.org>
+Description: make X509_verify_cert indicate that any certificate whose
+ name contains "DigiNotar" is revoked.
+Forwarded: not-needed
+Origin: vendor
+Last-Update: 2011-09-08
+Bug: http://bugs.debian.org/639744
+Reviewed-by: Kurt Roeckx <k...@roeckx.be>
+Reviewed-by: Dr Stephen N Henson <shen...@drh-consultancy.co.uk>
+
+This is not meant as final patch.
+
+Upstream-Status: Backport [debian]
+
+
+Index: openssl-1.0.2/crypto/x509/x509_vfy.c
+===================================================================
+--- openssl-1.0.2.orig/crypto/x509/x509_vfy.c
++++ openssl-1.0.2/crypto/x509/x509_vfy.c
+@@ -119,6 +119,7 @@ static int check_trust(X509_STORE_CTX *c
+ static int check_revocation(X509_STORE_CTX *ctx);
+ static int check_cert(X509_STORE_CTX *ctx);
+ static int check_policy(X509_STORE_CTX *ctx);
++static int check_ca_blacklist(X509_STORE_CTX *ctx);
+
+ static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                          unsigned int *preasons, X509_CRL *crl, X509 *x);
+@@ -438,6 +439,9 @@ int X509_verify_cert(X509_STORE_CTX *ctx
+     if (!ok)
+         goto end;
+
++      ok = check_ca_blacklist(ctx);
++      if(!ok) goto end;
++
+ #ifndef OPENSSL_NO_RFC3779
+     /* RFC 3779 path validation, now that CRL check has been done */
+     ok = v3_asid_validate_path(ctx);
+@@ -938,6 +942,29 @@ static int check_crl_time(X509_STORE_CTX
+     return 1;
+ }
+
++static int check_ca_blacklist(X509_STORE_CTX *ctx)
++      {
++      X509 *x;
++      int i;
++      /* Check all certificates against the blacklist */
++      for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--)
++              {
++              x = sk_X509_value(ctx->chain, i);
++              /* Mark DigiNotar certificates as revoked, no matter
++               * where in the chain they are.
++               */
++              if (x->name && strstr(x->name, "DigiNotar"))
++                      {
++                      ctx->error = X509_V_ERR_CERT_REVOKED;
++                      ctx->error_depth = i;
++                      ctx->current_cert = x;
++                      if (!ctx->verify_cb(0,ctx))
++                              return 0;
++                      }
++              }
++      return 1;
++      }
++
+ static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
+                       X509 **pissuer, int *pscore, unsigned int *preasons,
+                       STACK_OF(X509_CRL) *crls)
diff --git 
a/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch 
b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
new file mode 100644
index 0000000..61dcf45
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/debian1.0.2/padlock_conf.patch
@@ -0,0 +1,31 @@
+
+Upstream-Status: Backport [debian]
+
+--- openssl/apps/openssl.cnf.orig      2012-06-06 00:45:56.000000000 +0200
++++ openssl/apps/openssl.cnf   2012-06-06 00:46:46.000000000 +0200
+@@ -19,6 +19,8 @@
+ # (Alternatively, use a configuration file that has only
+ # X.509v3 extensions in its main [= default] section.)
+
++openssl_conf = openssl_def
++
+ [ new_oids ]
+
+ # We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
+@@ -348,3 +350,16 @@
+                               # (optional, default: no)
+ ess_cert_id_chain     = no    # Must the ESS cert id chain be included?
+                               # (optional, default: no)
++
++[openssl_def]
++engines = engine_section
++
++[engine_section]
++padlock = padlock_section
++
++[padlock_section]
++soft_load=1
++init=1
++default_algorithms = ALL
++dynamic_path=padlock
++
diff --git 
a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch 
b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
index d8a6f1a..a574648 100644
--- 
a/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
+++ 
b/meta/recipes-connectivity/openssl/openssl/engines-install-in-libdir-ssl.patch
@@ -1,11 +1,11 @@
   Upstream-Status: Inappropriate [configuration]


-Index: openssl-1.0.0/engines/Makefile
+Index: openssl-1.0.2/engines/Makefile
   ===================================================================
---- openssl-1.0.0.orig/engines/Makefile
-+++ openssl-1.0.0/engines/Makefile
-@@ -107,7 +107,7 @@
+--- openssl-1.0.2.orig/engines/Makefile
++++ openssl-1.0.2/engines/Makefile
+@@ -107,13 +107,13 @@ install:
        @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
        @if [ -n "$(SHARED_LIBS)" ]; then \
                set -e; \
@@ -14,16 +14,19 @@ Index: openssl-1.0.0/engines/Makefile
                for l in $(LIBNAMES); do \
                        ( echo installing $$l; \
                          pfx=lib; \
-@@ -119,13 +119,13 @@
+                         if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+                               sfx=".so"; \
+-                              cp cyg$$l.dll 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
++                              cp cyg$$l.dll 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
+                         else \
+                               case "$(CFLAGS)" in \
+                               *DSO_BEOS*)     sfx=".so";;   \
+@@ -122,10 +122,10 @@ install:
                                *DSO_WIN32*)    sfx="eay32.dll"; pfx=;;       \
                                *)              sfx=".bad";;  \
                                esac; \
   -                            cp $$pfx$$l$$sfx 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
   +                            cp $$pfx$$l$$sfx 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
-                         else \
-                               sfx=".so"; \
--                              cp cyg$$l.dll 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
-+                              cp cyg$$l.dll 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$$pfx$$l$$sfx.new; \
                          fi; \
   -                      chmod 555 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new; \
   -                      mv -f 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
@@ -32,20 +35,25 @@ Index: openssl-1.0.0/engines/Makefile
                done; \
        fi
        @target=install; $(RECURSIVE_MAKE)
-Index: openssl-1.0.0/engines/ccgost/Makefile
+Index: openssl-1.0.2/engines/ccgost/Makefile
   ===================================================================
---- openssl-1.0.0.orig/engines/ccgost/Makefile
-+++ openssl-1.0.0/engines/ccgost/Makefile
-@@ -53,13 +53,13 @@
+--- openssl-1.0.2.orig/engines/ccgost/Makefile
++++ openssl-1.0.2/engines/ccgost/Makefile
+@@ -47,7 +47,7 @@ install:
+               pfx=lib; \
+               if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
+                       sfx=".so"; \
+-                      cp cyg$(LIBNAME).dll 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
++                      cp cyg$(LIBNAME).dll 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new;
 \
+               else \
+                       case "$(CFLAGS)" in \
+                       *DSO_BEOS*) sfx=".so";; \
+@@ -56,10 +56,10 @@ install:
                        *DSO_WIN32*) sfx="eay32.dll"; pfx=;; \
                        *) sfx=".bad";; \
                        esac; \
   -                    cp $${pfx}$(LIBNAME)$$sfx 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
   +                    cp $${pfx}$(LIBNAME)$$sfx 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new;
 \
-               else \
-                       sfx=".so"; \
--                      cp cyg$(LIBNAME).dll 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
-+                      cp cyg$(LIBNAME).dll 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/ssl/engines/$${pfx}$(LIBNAME)$$sfx.new;
 \
                fi; \
   -            chmod 555 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new; \
   -            mv -f 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx.new 
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$${pfx}$(LIBNAME)$$sfx; \
diff --git 
a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch 
b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
index f0e1778..06d1ea6 100644
--- a/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
+++ b/meta/recipes-connectivity/openssl/openssl/fix-cipher-des-ede3-cfb1.patch
@@ -6,17 +6,16 @@ http://rt.openssl.org/Ticket/Display.html?id=2867

   Signed-Off-By: Muhammad Shakeel <muhammad_shak...@mentor.com>

-diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
-index 3232cfe..df84922 100644
+Index: openssl-1.0.2/crypto/evp/e_des3.c
   ===================================================================
---- a/crypto/evp/e_des3.c
-+++ b/crypto/evp/e_des3.c
-@@ -173,7 +173,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, 
unsigned char *out,
+--- openssl-1.0.2.orig/crypto/evp/e_des3.c
++++ openssl-1.0.2/crypto/evp/e_des3.c
+@@ -211,7 +211,7 @@ static int des_ede3_cfb1_cipher(EVP_CIPH
        size_t n;
-     unsigned char c[1],d[1];
+     unsigned char c[1], d[1];

--    for(n=0 ; n < inl ; ++n)
-+    for(n=0 ; n < inl*8 ; ++n)
-       {
-       c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-       DES_ede3_cfb_encrypt(c,d,1,1,
+-    for (n = 0; n < inl; ++n) {
++    for (n = 0; n * 8 < inl; ++n) {
+         c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+         DES_ede3_cfb_encrypt(c, d, 1, 1,
+                              &data(ctx)->ks1, &data(ctx)->ks2,
diff --git 
a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch 
b/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
deleted file mode 100644
index 770097d..0000000
--- a/meta/recipes-connectivity/openssl/openssl/initial-aarch64-bits.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From: Andy Polyakov <ap...@openssl.org>
-Date: Sun, 13 Oct 2013 17:15:15 +0000 (+0200)
-Subject: Initial aarch64 bits.
-X-Git-Url: 
http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=039081b80977e2a5de84e1f88f8b4d025b559956
-
-Initial aarch64 bits.
-Upstream-Status: backport (will be included in 1.0.2)
----
- crypto/bn/bn_lcl.h       |    9 +++++++++
- crypto/md32_common.h     |   18 ++++++++++++++++++
- crypto/modes/modes_lcl.h |    8 ++++++++
- crypto/sha/sha512.c      |   13 +++++++++++++
- 4 files changed, 48 insertions(+)
-
-Index: openssl-1.0.1f/crypto/bn/bn_lcl.h
-===================================================================
---- openssl-1.0.1f.orig/crypto/bn/bn_lcl.h     2014-01-06 15:47:42.000000000 
+0200
-+++ openssl-1.0.1f/crypto/bn/bn_lcl.h  2014-02-28 10:37:55.495979037 +0200
-@@ -300,6 +300,15 @@
-            : "r"(a), "r"(b));
- #    endif
- #  endif
-+# elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
-+#  if defined(__GNUC__) && __GNUC__>=2
-+#   define BN_UMULT_HIGH(a,b)  ({  \
-+   register BN_ULONG ret;      \
-+   asm ("umulh %0,%1,%2"   \
-+        : "=r"(ret)        \
-+        : "r"(a), "r"(b));     \
-+   ret;            })
-+#  endif
- # endif               /* cpu */
- #endif                /* OPENSSL_NO_ASM */
-
-Index: openssl-1.0.1f/crypto/md32_common.h
-===================================================================
---- openssl-1.0.1f.orig/crypto/md32_common.h   2014-01-06 15:47:42.000000000 
+0200
-+++ openssl-1.0.1f/crypto/md32_common.h        2014-02-28 10:39:21.751979107 
+0200
-@@ -213,6 +213,24 @@
-                                  asm ("bswapl %0":"=r"(r):"0"(r));      \
-                                  *((unsigned int *)(c))=r; (c)+=4; r; })
- #   endif
-+#  elif defined(__aarch64__)
-+#   if defined(__BYTE_ORDER__)
-+#    if defined(__ORDER_LITTLE_ENDIAN__) && 
__BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-+#     define HOST_c2l(c,l) ({ unsigned int r;      \
-+                  asm ("rev    %w0,%w1"    \
-+                   :"=r"(r)        \
-+                   :"r"(*((const unsigned int *)(c))));\
-+                  (c)+=4; (l)=r;       })
-+#     define HOST_l2c(l,c) ({ unsigned int r;      \
-+                  asm ("rev    %w0,%w1"    \
-+                   :"=r"(r)        \
-+                   :"r"((unsigned int)(l)));\
-+                  *((unsigned int *)(c))=r; (c)+=4; r; })
-+#    elif defined(__ORDER_BIG_ENDIAN__) && 
__BYTE_ORDER__==__ORDER_BIG_ENDIAN__
-+#     define HOST_c2l(c,l) ((l)=*((const unsigned int *)(c)), (c)+=4, (l))
-+#     define HOST_l2c(l,c) (*((unsigned int *)(c))=(l), (c)+=4, (l))
-+#    endif
-+#   endif
- #  endif
- # endif
- #endif
-Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
-===================================================================
---- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h       2014-02-28 
10:47:48.731979011 +0200
-+++ openssl-1.0.1f/crypto/modes/modes_lcl.h    2014-02-28 10:48:49.707978919 
+0200
-@@ -29,6 +29,7 @@
- #if defined(__i386)   || defined(__i386__)    || \
-     defined(__x86_64) || defined(__x86_64__)  || \
-     defined(_M_IX86)  || defined(_M_AMD64)    || defined(_M_X64) || \
-+    defined(__aarch64__)           || \
-     defined(__s390__) || defined(__s390x__)
- # undef STRICT_ALIGNMENT
- #endif
-@@ -50,6 +51,13 @@
- #  define BSWAP4(x) ({        u32 ret=(x);                    \
-                       asm ("bswapl %0"              \
-                       : "+r"(ret)); ret;            })
-+# elif defined(__aarch64__)
-+#  define BSWAP8(x) ({ u64 ret;            \
-+           asm ("rev %0,%1"        \
-+           : "=r"(ret) : "r"(x)); ret; })
-+#  define BSWAP4(x) ({ u32 ret;            \
-+           asm ("rev %w0,%w1"      \
-+           : "=r"(ret) : "r"(x)); ret; })
- # elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
- #  define BSWAP8(x) ({        u32 lo=(u64)(x)>>32,hi=(x);       \
-                       asm ("rev %0,%0; rev %1,%1"   \
-Index: openssl-1.0.1f/crypto/sha/sha512.c
-===================================================================
---- openssl-1.0.1f.orig/crypto/sha/sha512.c    2014-01-06 15:47:42.000000000 
+0200
-+++ openssl-1.0.1f/crypto/sha/sha512.c 2014-02-28 10:52:14.579978981 +0200
-@@ -55,6 +55,7 @@
- #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
-     defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
-     defined(__s390__) || defined(__s390x__) || \
-+    defined(__aarch64__) || \
-     defined(SHA512_ASM)
- #define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
- #endif
-@@ -347,6 +348,18 @@
-                               asm ("rotrdi %0,%1,%2"        \
-                               : "=r"(ret)           \
-                               : "r"(a),"K"(n)); ret;      })
-+#  elif defined(__aarch64__)
-+#   define ROTR(a,n)   ({ SHA_LONG64 ret;      \
-+               asm ("ror %0,%1,%2" \
-+               : "=r"(ret)     \
-+               : "r"(a),"I"(n)); ret;  })
-+#   if  defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
-+   __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
-+#    define PULL64(x)  ({ SHA_LONG64 ret;          \
-+               asm ("rev   %0,%1"      \
-+               : "=r"(ret)         \
-+               : "r"(*((const SHA_LONG64 *)(&(x))))); ret;     })
-+#   endif
- #  endif
- # elif defined(_MSC_VER)
- #  if defined(_WIN64) /* applies to both IA-64 and AMD64 */
diff --git 
a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
 
b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index c161e62..cebc8cf 100644
--- 
a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ 
b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
@@ -8,14 +8,16 @@ 
http://www.mail-archive.com/openssl-dev@openssl.org/msg32860.html

   Signed-off-by: Xufeng Zhang <xufeng.zh...@windriver.com>
   ---
---- a/crypto/evp/digest.c
-+++ b/crypto/evp/digest.c
-@@ -199,7 +199,7 @@
-               return 0;
-               }
+Index: openssl-1.0.2/crypto/evp/digest.c
+===================================================================
+--- openssl-1.0.2.orig/crypto/evp/digest.c
++++ openssl-1.0.2/crypto/evp/digest.c
+@@ -208,7 +208,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, c
+         return 0;
+     }
    #endif
--      if (ctx->digest != type)
-+      if (type && (ctx->digest != type))
-               {
-               if (ctx->digest && ctx->digest->ctx_size)
-                       OPENSSL_free(ctx->md_data);
+-    if (ctx->digest != type) {
++    if (type && (ctx->digest != type)) {
+         if (ctx->digest && ctx->digest->ctx_size)
+             OPENSSL_free(ctx->md_data);
+         ctx->digest = type;
diff --git 
a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
 
b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
index 3e93fe4..d7047bb 100644
--- 
a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
+++ 
b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
@@ -8,32 +8,19 @@ 
http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html

   Signed-off-by: Xufeng Zhang <xufeng.zh...@windriver.com>
   ---
---- a/crypto/dh/dh_ameth.c
-+++ b/crypto/dh/dh_ameth.c
-@@ -139,6 +139,12 @@
-       dh=pkey->pkey.dh;
+Index: openssl-1.0.2/crypto/dh/dh_ameth.c
+===================================================================
+--- openssl-1.0.2.orig/crypto/dh/dh_ameth.c
++++ openssl-1.0.2/crypto/dh/dh_ameth.c
+@@ -161,6 +161,11 @@ static int dh_pub_encode(X509_PUBKEY *pk
+     dh = pkey->pkey.dh;

-       str = ASN1_STRING_new();
-+      if (!str)
-+              {
-+              DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+              goto err;
-+              }
+     str = ASN1_STRING_new();
++    if (!str) {
++        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
++        goto err;
++    }
   +
-       str->length = i2d_DHparams(dh, &str->data);
-       if (str->length <= 0)
-               {
---- a/crypto/dsa/dsa_ameth.c
-+++ b/crypto/dsa/dsa_ameth.c
-@@ -148,6 +148,11 @@
-               {
-               ASN1_STRING *str;
-               str = ASN1_STRING_new();
-+              if (!str)
-+                      {
-+                      DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+                      goto err;
-+                      }
-               str->length = i2d_DSAparams(dsa, &str->data);
-               if (str->length <= 0)
-                       {
+     str->length = i2d_dhp(pkey, dh, &str->data);
+     if (str->length <= 0) {
+         DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
diff --git 
a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch 
b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
index 93ce034..cbce32c 100644
--- a/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl_fix_for_x32.patch
@@ -6,64 +6,13 @@ Signed-Off-By: Nitin A Kamble <nitin.a.kam...@intel.com> 
2011/07/13

   ported the patch to the 1.0.0e version
   Signed-Off-By: Nitin A Kamble <nitin.a.kam...@intel.com> 2011/12/01
-Index: openssl-1.0.1e/Configure
+Index: openssl-1.0.2/crypto/bn/bn.h
   ===================================================================
---- openssl-1.0.1e.orig/Configure
-+++ openssl-1.0.1e/Configure
-@@ -402,6 +402,7 @@ my %table=(
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall 
-no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK 
DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall 
-no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 
DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-x86_64",     "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32", "gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall 
-DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT 
DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
- "linux64-s390x",    "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 
-Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT 
DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- #### So called "highgprs" target for z/Architecture CPUs
- # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
-Index: openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
-===================================================================
---- openssl-1.0.1e.orig/crypto/bn/asm/x86_64-gcc.c
-+++ openssl-1.0.1e/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
-  *    machine.
-  */
-
--#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
-       asm (
-       "  subq    %2,%2           \n"
-       ".p2align 4                        \n"
--      "1:        movq    (%4,%2,8),%0    \n"
--      "  adcq    (%5,%2,8),%0    \n"
--      "  movq    %0,(%3,%2,8)    \n"
-+      "1:        movq    (%q4,%2,8),%0   \n"
-+      "  adcq    (%q5,%2,8),%0   \n"
-+      "  movq    %0,(%q3,%2,8)   \n"
-       "  leaq    1(%2),%2        \n"
-       "  loop    1b              \n"
-       "  sbbq    %0,%0           \n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
-       asm (
-       "  subq    %2,%2           \n"
-       ".p2align 4                        \n"
--      "1:        movq    (%4,%2,8),%0    \n"
--      "  sbbq    (%5,%2,8),%0    \n"
--      "  movq    %0,(%3,%2,8)    \n"
-+      "1:        movq    (%q4,%2,8),%0   \n"
-+      "  sbbq    (%q5,%2,8),%0   \n"
-+      "  movq    %0,(%q3,%2,8)   \n"
-       "  leaq    1(%2),%2        \n"
-       "  loop    1b              \n"
-       "  sbbq    %0,%0           \n"
-Index: openssl-1.0.1e/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.1e.orig/crypto/bn/bn.h
-+++ openssl-1.0.1e/crypto/bn/bn.h
-@@ -172,6 +172,13 @@ extern "C" {
+--- openssl-1.0.2.orig/crypto/bn/bn.h
++++ openssl-1.0.2/crypto/bn/bn.h
+@@ -173,6 +173,13 @@ extern "C" {
+ #  endif
    # endif
- #endif

   +/* Address type.  */
   +#ifdef _WIN64
@@ -72,19 +21,19 @@ Index: openssl-1.0.1e/crypto/bn/bn.h
   +#define BN_ADDR unsigned long
   +#endif
   +
- /* assuming long is 64bit - this is the DEC Alpha
-  * unsigned long long is only 64 bits :-(, don't define
-  * BN_LLONG for the DEC Alpha */
-Index: openssl-1.0.1e/crypto/bn/bn_exp.c
+ /*
+  * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+  * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
+Index: openssl-1.0.2/crypto/bn/bn_exp.c
   ===================================================================
---- openssl-1.0.1e.orig/crypto/bn/bn_exp.c
-+++ openssl-1.0.1e/crypto/bn/bn_exp.c
-@@ -567,7 +567,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
-
- /* Given a pointer value, compute the next address that is a cache line 
multiple. */
+--- openssl-1.0.2.orig/crypto/bn/bn_exp.c
++++ openssl-1.0.2/crypto/bn/bn_exp.c
+@@ -638,7 +638,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
+  * multiple.
+  */
    #define MOD_EXP_CTIME_ALIGN(x_) \
--      ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 
(((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+-        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 
(((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
   +    ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 
(((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))

- /* This variant of BN_mod_exp_mont() uses fixed windows and the special
-  * precomputation memory layout to limit data-dependency to a minimum
+ /*
+  * This variant of BN_mod_exp_mont() uses fixed windows and the special
diff --git a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch 
b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
index 527e10c..ef6d179 100644
--- a/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
+++ b/meta/recipes-connectivity/openssl/openssl/ptest-deps.patch
@@ -10,11 +10,11 @@ Upstream-Status: Inappropriate [config]

   Signed-off-by: Paul Eggleton <paul.eggle...@linux.intel.com>

-diff --git a/test/Makefile b/test/Makefile
-index e6fcfb4..5ae043b 100644
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -322,11 +322,11 @@ test_cms:
+Index: openssl-1.0.2/test/Makefile
+===================================================================
+--- openssl-1.0.2.orig/test/Makefile
++++ openssl-1.0.2/test/Makefile
+@@ -330,7 +330,7 @@ test_cms: ../apps/openssl$(EXE_EXT) cms-
        @echo "CMS consistency test"
        $(PERL) cms-test.pl

@@ -23,8 +23,12 @@ index e6fcfb4..5ae043b 100644
        @echo "Test SRP"
        ../util/shlib_wrap.sh ./srptest

+@@ -342,7 +342,7 @@ test_v3name: $(V3NAMETEST)$(EXE_EXT)
+       @echo "Test X509v3_check_*"
+       ../util/shlib_wrap.sh ./$(V3NAMETEST)
+
   -test_heartbeat: $(HEARTBEATTEST)$(EXE_EXT)
   +test_heartbeat:
        ../util/shlib_wrap.sh ./$(HEARTBEATTEST)

- lint:
+ test_constant_time: $(CONSTTIMETEST)$(EXE_EXT)
diff --git 
a/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
 
b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
new file mode 100644
index 0000000..fcfccfa
--- /dev/null
+++ 
b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
@@ -0,0 +1,66 @@
+Index: openssl-1.0.2/openssl.ld
+===================================================================
+--- openssl-1.0.2.orig/openssl.ld
++++ openssl-1.0.2/openssl.ld
+@@ -4618,3 +4618,61 @@ OPENSSL_1.0.1d {
+               CRYPTO_memcmp;
+ } OPENSSL_1.0.1;
+
++OPENSSL_1.0.2 {
++      global:
++              ASN1_TIME_diff;
++              CMS_RecipientInfo_get0_pkey_ctx;
++              CMS_RecipientInfo_kari_get0_ctx;
++              CMS_SignerInfo_get0_pkey_ctx;
++              DH_get_1024_160;
++              DH_get_2048_224;
++              DH_get_2048_256;
++              DTLS_client_method;
++              DTLS_server_method;
++              DTLSv1_2_client_method;
++              DTLSv1_2_server_method;
++              EC_curve_nid2nist;
++              EC_curve_nist2nid;
++              EVP_aes_128_cbc_hmac_sha256;
++              EVP_aes_128_wrap;
++              EVP_aes_192_wrap;
++              EVP_aes_256_cbc_hmac_sha256;
++              EVP_aes_256_wrap;
++              EVP_des_ede3_wrap;
++              OCSP_REQ_CTX_http;
++              OCSP_REQ_CTX_new;
++              PEM_write_bio_DHxparams;
++              SSL_CIPHER_find;
++              SSL_CONF_CTX_finish;
++              SSL_CONF_CTX_free;
++              SSL_CONF_CTX_new;
++              SSL_CONF_CTX_set_flags;
++              SSL_CONF_CTX_set_ssl_ctx;
++              SSL_CONF_cmd;
++              SSL_CONF_cmd_argv;
++              SSL_CTX_add_client_custom_ext;
++              SSL_CTX_add_server_custom_ext;
++              SSL_CTX_set_alpn_protos;
++              SSL_CTX_set_alpn_select_cb;
++              SSL_CTX_set_cert_cb;
++              SSL_CTX_use_serverinfo_file;
++              SSL_certs_clear;
++              SSL_check_chain;
++              SSL_get0_alpn_selected;
++              SSL_get_shared_sigalgs;
++              SSL_get_sigalgs;
++              SSL_is_server;
++              X509_CRL_diff;
++              X509_CRL_http_nbio;
++              X509_STORE_set_lookup_crls_cb;
++              X509_VERIFY_PARAM_set1_email;
++              X509_VERIFY_PARAM_set1_host;
++              X509_VERIFY_PARAM_set1_ip_asc;
++              X509_chain_check_suiteb;
++              X509_chain_up_ref;
++              X509_check_email;
++              X509_check_host;
++              X509_check_ip_asc;
++              X509_get_signature_nid;
++              X509_http_nbio;
++} OPENSSL_1.0.1d;
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1k.bb 
b/meta/recipes-connectivity/openssl/openssl_1.0.2.bb
similarity index 84%
rename from meta/recipes-connectivity/openssl/openssl_1.0.1k.bb
rename to meta/recipes-connectivity/openssl/openssl_1.0.2.bb
index 16ffc58..79537f9 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1k.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2.bb
@@ -16,21 +16,22 @@ SRC_URI += "file://configure-targets.patch \
               file://oe-ldflags.patch \
               file://engines-install-in-libdir-ssl.patch \
               file://openssl-fix-link.patch \
-            file://debian/version-script.patch \
-            file://debian/pic.patch \
-            file://debian/c_rehash-compat.patch \
+            file://debian1.0.2/block_diginotar.patch \
+            file://debian1.0.2/block_digicert_malaysia.patch \
+            file://debian1.0.2/padlock_conf.patch \
               file://debian/ca.patch \
-            file://debian/make-targets.patch \
-            file://debian/no-rpath.patch \
+            file://debian/c_rehash-compat.patch \
+            file://debian/debian-targets.patch \
               file://debian/man-dir.patch \
               file://debian/man-section.patch \
+            file://debian/no-rpath.patch \
               file://debian/no-symbolic.patch \
-            file://debian/debian-targets.patch \
+            file://debian/pic.patch \
+            file://debian/version-script.patch \
               file://openssl_fix_for_x32.patch \
               file://fix-cipher-des-ede3-cfb1.patch \
               
file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \
               
file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \
-            file://initial-aarch64-bits.patch \
               file://find.pl \
               file://openssl-fix-des.pod-error.patch \
               file://Makefiles-ptest.patch \
@@ -38,8 +39,8 @@ SRC_URI += "file://configure-targets.patch \
               file://run-ptest \
              "

-SRC_URI[md5sum] = "d4f002bd22a56881340105028842ae1f"
-SRC_URI[sha256sum] = 
"8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c"
+SRC_URI[md5sum] = "38373013fc85c790aabf8837969c5eba"
+SRC_URI[sha256sum] = 
"8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9"

   PACKAGES =+ " \
        ${PN}-engines \

--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] openssl: Upgrade to 1.0.2

Reply via email to