Automatic import for version 1.0.1

2025-02-22 15:52:50 +00:00 · 2012-03-18 04:46:02 +04:00 · 2012-03-18 04:46:02 +04:00 · a4232fb948
commit a4232fb948
parent 24ddcd6c53
12 changed files with 108 additions and 12748 deletions
--- a/.abf.yml
+++ b/.abf.yml
@ -1,2 +1,2 @@
 sources:
-  "openssl-1.0.0h.tar.gz": 6d4587a96817147021e93ca266441daf4bcbf485
+  "openssl-1.0.1.tar.gz": a6476d33fd38c2e7dfb438d1e3be178cc242c907
--- a/README.pkcs11
+++ b/README.pkcs11
@ -1,242 +0,0 @@
-PKCS#11 engine support for OpenSSL 0.9.8l
-=========================================
-
-[Nov 19, 2009]
-
-Contents:
-
-Overview
-Revisions of the patch for 0.9.8 branch
-FAQs
-Feedback
-
-Overview
-========
-
-This patch containing code available in OpenSolaris adds support for PKCS#11
-engine into OpenSSL and implements PKCS#11 v2.20. It is to be applied against
-OpenSSL 0.9.8l source code distribution as shipped by OpenSSL.Org. Your system
-must provide PKCS#11 backend otherwise the patch is useless. You provide the
-PKCS#11 library name during the build configuration phase, see below.
-
-Patch can be applied like this:
-
-	# NOTE: use gtar if on Solaris
-	tar xfzv openssl-0.9.8l.tar.gz
-	# now download the patch to the current directory
-	# ...
-	cd openssl-0.9.8l
-	# NOTE: must use gpatch if on Solaris (is part of the system)
-	patch -p1 < path-to/pkcs11_engine-0.9.8l.patch.2009-11-19
-
-It is designed to support pure acceleration for RSA, DSA, DH and all the
-symetric ciphers and message digest algorithms that PKCS#11 and OpenSSL share
-except for missing support for patented algorithms MDC2, RC3, RC5 and IDEA.
-
-According to the PKCS#11 providers installed on your machine, it can support
-following mechanisms:
-
-	RSA, DSA, DH, RAND, DES-CBC, DES-EDE3-CBC, DES-ECB, DES-EDE3, RC4,
-	AES-128-CBC, AES-192-CBC, AES-256-CBC, AES-128-ECB, AES-192-ECB,
-	AES-256-ECB, AES-128-CTR, AES-192-CTR, AES-256-CTR, MD5, SHA1, SHA224,
-	SHA256, SHA384, SHA512
-
-Note that for AES counter mode the application must provide their own EVP
-functions since OpenSSL doesn't support counter mode through EVP yet. You may
-see OpenSSH source code (cipher.c) to get the idea how to do that. SunSSH is an
-example of code that uses the PKCS#11 engine and deals with the fork-safety
-problem (see engine.c and packet.c files if interested).
-
-You must provide the location of PKCS#11 library in your system to the
-configure script. You will be instructed to do that when you try to run the
-config script:
-
-	$ ./config 
-	Operating system: i86pc-whatever-solaris2
-	Configuring for solaris-x86-cc
-	You must set --pk11-libname for PKCS#11 library.
-	See README.pkcs11 for more information.
-
-Taking openCryptoki project on Linux AMD64 box as an example, you would run
-configure script like this:
-
-	./config --pk11-libname=/usr/lib64/pkcs11/PKCS11_API.so
-
-To check whether newly built openssl really supports PKCS#11 it's enough to run
-"apps/openssl engine" and look for "(pkcs11) PKCS #11 engine support" in the
-output. If you see no PKCS#11 engine support check that the built openssl binary
-and the PKCS#11 library from --pk11-libname don't conflict on 32/64 bits.
-
-The patch, during various phases of development, was tested on Solaris against
-PKCS#11 engine available from Solaris Cryptographic Framework (Solaris 10 and
-OpenSolaris) and also on Linux using PKCS#11 libraries from openCryptoki project
-(see openCryptoki website http://sourceforge.net/projects/opencryptoki for more
-information). Some Linux distributions even ship those libraries with the
-system. The patch should work on any system that is supported by OpenSSL itself
-and has functional PKCS#11 library.
-
-The patch contains "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-(Cryptoki)" - files cryptoki.h, pkcs11.h, pkcs11f.h and pkcs11t.h which are
-copyrighted by RSA Security Inc., see pkcs11.h for more information.
-
-Other added/modified code in this patch is copyrighted by Sun Microsystems,
-Inc. and is released under the OpenSSL license (see LICENSE file for more
-information).
-
-Revisions of the patch for 0.9.8 branch
-=======================================
-
-2009-11-19
- adjusted for OpenSSL version 0.9.8l
-
- bugs and RFEs:
-
-	6479874 OpenSSL should support RSA key by reference/hardware keystores
-	6896677 PKCS#11 engine's hw_pk11_err.h needs to be split
-	6732677 make check to trigger Solaris specific code automatic in the
-		PKCS#11 engine
-
-2009-03-11
- adjusted for OpenSSL version 0.9.8j 
-
- README.pkcs11 moved out of the patch, and is shipped together with it in a
-  tarball instead so that it can be read before the patch is applied.
-
- fixed bugs:
-
-	6804216 pkcs#11 engine should support a key length range for RC4
-	6734038 Apache SSL web server using the pkcs11 engine fails to start if
-		meta slot is disabled
-
-2008-12-02
- fixed bugs and RFEs (most of the work done by Vladimir Kotal)
-
-	6723504 more granular locking in PKCS#11 engine
-	6667128 CRYPTO_LOCK_PK11_ENGINE assumption does not hold true
-	6710420 PKCS#11 engine source should be lint clean
-	6747327 PKCS#11 engine atfork handlers need to be aware of guys who take
-		it seriously
-	6746712 PKCS#11 engine source code should be cstyle clean
-	6731380 return codes of several functions are not checked in the PKCS#11
-		engine code
-	6746735 PKCS#11 engine should use extended FILE space API
-	6734038 Apache SSL web server using the pkcs11 engine fails to start if
-		meta slot is disabled
-
-2008-08-01
- fixed bug
-
-	6731839 OpenSSL PKCS#11 engine no longer uses n2cp for symmetric ciphers
-		and digests
-
- Solaris specific code for slot selection made automatic
-
-2008-07-29
- update the patch to OpenSSL 0.9.8h version
- pkcs11t.h updated to the latest version:
-
-	6545665 make CKM_AES_CTR available to non-kernel users
-
- fixed bugs in the engine code:
-
-	6602801 PK11_SESSION cache has to employ reference counting scheme for
-		asymmetric key operations
-	6605538 pkcs11 functions C_FindObjects[{Init,Final}]() not called
-		atomically
-	6607307 pkcs#11 engine can't read RSA private keys
-	6652362 pk11_RSA_finish() is cutting corners
-	6662112 pk11_destroy_{rsa,dsa,dh}_key_objects() use locking in
-		suboptimal way
-	6666625 pk11_destroy_{rsa,dsa,dh}_key_objects() should be more
-		resilient to destroy failures
-	6667273 OpenSSL engine should not use free() but OPENSSL_free()
-	6670363 PKCS#11 engine fails to reuse existing symmetric keys
-	6678135 memory corruption in pk11_DH_generate_key() in pkcs#11 engine
-	6678503 DSA signature conversion in pk11_dsa_do_verify() ignores size
-		of big numbers leading to failures
-	6706562 pk11_DH_compute_key() returns 0 in case of failure instead of
-		-1
-	6706622 pk11_load_{pub,priv}key create corrupted RSA key references
-	6707129 return values from BN_new() in pk11_DH_generate_key() are not
-		checked
-	6707274 DSA/RSA/DH PKCS#11 engine operations need to be resistant to
-		structure reuse
-	6707782 OpenSSL PKCS#11 engine pretends to be aware of
-		OPENSSL_NO_{RSA,DSA,DH}
-	defines but fails miserably
-	6709966 make check_new_*() to return values to indicate cache hit/miss
-	6705200 pk11_dh struct initialization in PKCS#11 engine is missing
-		generate_params parameter
-	6709513 PKCS#11 engine sets IV length even for ECB modes
-	6728296 buffer length not initialized for C_(En|De)crypt_Final() in the
-		PKCS#11 engine
-	6728871 PKCS#11 engine must reset global_session in pk11_finish()
-
- new features and enhancements:
-
-	6562155 OpenSSL pkcs#11 engine needs support for SHA224/256/384/512
-	6685012 OpenSSL pkcs#11 engine needs support for new cipher modes
-	6725903 OpenSSL PKCS#11 engine shouldn't use soft token for symmetric
-		ciphers and digests
-
-2007-10-15
- update for 0.9.8f version
- update for "6607670 teach pkcs#11 engine how to use keys be reference"
-
-2007-10-02
- draft for "6607670 teach pkcs#11 engine how to use keys be reference"
- draft for "6607307 pkcs#11 engine can't read RSA private keys"
-
-2007-09-26
- 6375348 Using pkcs11 as the SSLCryptoDevice with Apache/OpenSSL causes
-	  significant performance drop
- 6573196 memory is leaked when OpenSSL is used with PKCS#11 engine
-
-2007-05-25
- 6558630 race in OpenSSL pkcs11 engine when using symetric block ciphers
-
-2007-05-19
- initial patch for 0.9.8e using latest OpenSolaris code
-
-FAQs
-====
-
-(1) my build failed on Linux distro with this error:
-
-../libcrypto.a(hw_pk11.o): In function `pk11_library_init':
-hw_pk11.c:(.text+0x20f5): undefined reference to `pthread_atfork'
-
-Answer:
-
-	- don't use "no-threads" when configuring
-	- if you didn't then OpenSSL failed to create a threaded library by
-	  default. You may manually edit Configure and try again. Look for the
-	  architecture that Configure printed, for example:
-
-Configured for linux-elf.
-
-	- then edit Configure, find string "linux-elf" (inluding the quotes),
-	  and add flags to support threads to the 4th column of the 2nd string.
-	  If you build with GCC then adding "-pthread" should be enough. With
-	  "linux-elf" as an example, you would add " -pthread" right after
-	  "-D_REENTRANT", like this:
-
-....-O3 -fomit-frame-pointer -Wall::-D_REENTRANT -pthread::-ldl:.....
-
-(2) I'm using MinGW/MSYS environment and get undeclared reference error for
-pthread_atfork() function when trying to build OpenSSL with the patch.
-
-Answer:
-
-	Sorry, pthread_atfork() is not implemented in the current pthread-win32
-	(as of Nov 2009). You can not use the patch there.
-
-
-Feedback
-========
-
-Please send feedback to security-discuss@opensolaris.org. The patch was
-created by Jan.Pechanec@Sun.COM from code available in OpenSolaris.
-
-Latest version should be always available on http://blogs.sun.com/janp.
-
--- a/openssl-0.9.7-beta6-ia64.patch
+++ b/openssl-0.9.7-beta6-ia64.patch
@ -1,8 +1,8 @@
--- crypto/bn/bn_lcl.h	2008-12-16 19:02:02.000000000 +0100
-+++ crypto/bn/bn_lcl.h.oden	2008-12-16 19:02:17.000000000 +0100
-@@ -288,6 +288,15 @@ extern "C" {
- #   define BN_UMULT_HIGH(a,b)		__umulh((a),(b))
- #   define BN_UMULT_LOHI(low,high,a,b)	((low)=_umul128((a),(b),&(high)))
+--- crypto/bn/bn_lcl.h	2012-01-18 02:40:36.000000000 +0100
+++ crypto/bn/bn_lcl.h.oden	2012-03-14 17:36:07.034007529 +0100
+@@ -293,6 +293,15 @@ extern "C" {
+ 	     : "=l"(low),"=h"(high)	\
+ 	     : "r"(a), "r"(b));
 #  endif
 +# elif defined(__ia64) && defined(SIXTY_FOUR_BIT_LONG)
 +#  if defined(__GNUC__)
--- a/openssl-0.9.8a-no-rpath.patch
+++ b/openssl-0.9.8a-no-rpath.patch
@ -0,0 +1,11 @@
+--- openssl-0.9.8a/Makefile.shared.no-rpath	2005-06-23 22:47:54.000000000 +0200
+++ openssl-0.9.8a/Makefile.shared	2005-11-16 22:35:37.000000000 +0100
+@@ -153,7 +153,7 @@
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
+DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to
--- a/openssl-1.0.0-arm.patch
+++ b/openssl-1.0.0-arm.patch
@ -1,10 +1,9 @@
-diff -p -up openssl-1.0.0/Configure.arm openssl-1.0.0/Configure
--- openssl-1.0.0/Configure.arm	2010-03-30 12:11:24.000000000 -0300
-+++ openssl-1.0.0/Configure	2010-03-30 12:12:03.000000000 -0300
-@@ -356,6 +356,9 @@ my %table=(
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- "linux-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+--- Configure	2012-03-14 17:53:00.551959027 +0100
+++ Configure.oden	2012-03-14 17:54:12.239955596 +0100
+@@ -374,6 +374,9 @@
+ # doesn't work just yet, because of couple of bugs in glibc
+ # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
+ "linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
 +#### Arm Linux setups
 +"linux-arm",   "gcc:\$(RPM_OPT_FLAGS) -DL_ENDIAN -DTERMIO -O3 -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-armel",   "gcc:\$(RPM_OPT_FLAGS) -DL_ENDIAN -DTERMIO -O3 -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--- a/openssl-1.0.0-mips.patch
+++ b/openssl-1.0.0-mips.patch
@ -1,10 +1,9 @@
-diff -p -up openssl-1.0.0/Configure.mips openssl-1.0.0/Configure
--- openssl-1.0.0/Configure.mips	2010-03-30 12:09:16.000000000 -0300
-+++ openssl-1.0.0/Configure	2010-03-30 12:10:12.000000000 -0300
-@@ -356,6 +356,11 @@ my %table=(
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- "linux-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+--- Configure	2012-03-14 17:48:43.000000000 +0100
+++ Configure.oden	2012-03-14 17:50:22.879966572 +0100
+@@ -374,6 +374,11 @@
+ # doesn't work just yet, because of couple of bugs in glibc
+ # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
+ "linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
 +#### Mips Linux setups
 +"linux-mips",   "gcc:-mabi=32 \$(RPM_OPT_FLAGS) -DB_ENDIAN -DTERMIO -O3 -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-mipsel",   "gcc:-mabi=32 \$(RPM_OPT_FLAGS) -DL_ENDIAN -DTERMIO -O3 -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--- a/openssl-1.0.0h.tar.gz.asc
+++ b/openssl-1.0.0h.tar.gz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.11 (GNU/Linux)
-
-iQEVAwUAT14Xz6LSm3vylcdZAQLsSAf/bGrb3a21LxmT85HIccQW4XgPTIlaPGiY
-4Gva9cL7rErYWPMmgvP848CWoOwHFlCWSh6KwRfoNrcFki1zaQStc+VcOCPkeL/Z
-QdjB/2ztbniWbENiizxGsriarkAzRsQ6EQTevtRbA6FaiM876ffObB3X74SYMJ95
-ykxKWmvTgprQKmy+F66Q+WI3KNnstvERHLE9LrEU+rvkZZOccZKNF/Lp7L/W/6ze
-wiTuxYtBMDlGppz7APjP3U+TxmnLvr5NDCDlgN3pVN9A9exMm/C4L5G1qpTJ0ubX
-WWGTI+e0jyNLYzmAkADhKjwG72BJTj5uNeeKzr4zleKiq3LgznNcfQ==
-=CCRA
-----END PGP SIGNATURE-----
--- a/openssl-1.0.1-test-use-localhost.diff
+++ b/openssl-1.0.1-test-use-localhost.diff
@ -0,0 +1,23 @@
+--- ssl/ssltest.c	2011-12-14 17:18:03.000000000 -0500
+++ ssl/ssltest.c.oden	2012-03-15 06:11:11.577157097 -0400
+@@ -1070,19 +1070,8 @@ bad:
+ #ifndef OPENSSL_NO_KRB5
+ 	if (c_ssl  &&  c_ssl->kssl_ctx)
+                 {
+-                char	localhost[MAXHOSTNAMELEN+2];
+-
+-		if (gethostname(localhost, sizeof localhost-1) == 0)
+-                        {
+-			localhost[sizeof localhost-1]='\0';
+-			if(strlen(localhost) == sizeof localhost-1)
+-				{
+-				BIO_printf(bio_err,"localhost name too long\n");
+-				goto end;
+-				}
+ 			kssl_ctx_setstring(c_ssl->kssl_ctx, KSSL_SERVER,
+-                                localhost);
+-			}
+                                "localhost");
+ 		}
+ #endif    /* OPENSSL_NO_KRB5  */
+ 
--- a/openssl-1.0.1.tar.gz.asc
+++ b/openssl-1.0.1.tar.gz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (GNU/Linux)
+
+iQEVAwUAT2CeNqLSm3vylcdZAQKnrwf/eeM/Vq/65aK+ydF44o8m4sWe1I2K6kul
+mr2cYMpQWOQTKGfv+dwNsvznNFF1xJpBov9IAavKvUNhhzyOjKPJiUGENevOVFH9
+X2Oaatof6xUKv+oDkhXxPvGO6YyyRNbr7ZClgSHnCneoCmu9PbI7B/PpGZzOXc0m
+DW8AOOVPkPhdt/4EBeIF4meLhh1Ele01Z+UHpIacf4YNRy2Z/D/83lyiKwB0TOr3
+vKcJ+3uYMllD29LF61fDRz4GnSLfqzDba7nKIrYto/K0sxT7qazNPQRKX6gMkCi2
+TQ3ULi02NnQvYxTvDW+fmx34PJ7DkCOeqAhmBuu4mpuou8e/BswgWQ==
+=kwY1
+-----END PGP SIGNATURE-----
--- a/openssl-optflags.diff
+++ b/openssl-optflags.diff
@ -1,38 +1,48 @@
-diff -p -up openssl-1.0.0/Configure.optflags openssl-1.0.0/Configure
--- openssl-1.0.0/Configure.optflags	2010-01-19 19:40:54.000000000 -0200
-+++ openssl-1.0.0/Configure	2010-03-30 11:34:00.000000000 -0300
-@@ -336,32 +336,32 @@ my %table=(
+--- Configure	2012-03-03 14:18:06.000000000 +0100
+++ Configure.oden	2012-03-14 17:33:34.726014818 +0100
+@@ -343,23 +343,23 @@
 ####
 # *-generic* is endian-neutral target, but ./config is free to
 # throw in -D[BL]_ENDIAN, whichever appropriate...
 -"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-generic32","gcc:-DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:-DTERMIO \$(RPM_OPT_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # It's believed that majority of ARM toolchains predefine appropriate -march.
 # If you compiler does not, do complement config command line with one!
- "linux-armv4",	"gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-armv4",	"gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4",	"gcc:-DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IA-32 targets...
 -"linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
 +"linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
 ####
 -"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 -"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+-"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+-"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 +"linux-generic64","gcc:-DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 +"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 +"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- "linux-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### So called "highgprs" target for z/Architecture CPUs
+ # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
+ # /proc/cpuinfo. The idea is to preserve most significant bits of
+@@ -373,16 +373,16 @@
+ # ldconfig and run-time linker to autodiscover. Unfortunately it
+ # doesn't work just yet, because of couple of bugs in glibc
+ # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
+-"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
+"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
 #### SPARC Linux setups
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
@ -41,21 +51,21 @@ diff -p -up openssl-1.0.0/Configure.optflags openssl-1.0.0/Configure
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
 -"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC 3.1 is a requirement
 -"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO \$(RPM_OPT_FLAGS) -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
 # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
-@@ -375,8 +375,8 @@ my %table=(
+@@ -396,8 +396,8 @@
 #
 #					<appro@fy.chalmers.se>
 #
 -"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 -"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-alpha-gcc","gcc:$(RPM_OPT_FLAGS) -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"linux-alpha+bwx-gcc","gcc:$(RPM_OPT_FLAGS) -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-gcc","gcc:\$(RPM_OPT_FLAGS) -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:\$(RPM_OPT_FLAGS) -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
 
--- a/openssl.spec
+++ b/openssl.spec
@ -13,7 +13,7 @@

 Summary:	Secure Sockets Layer communications libs & utils
 Name:		openssl
-Version:	%{maj}h
+Version:	1.0.1
 Release:	1
 License:	BSD-like
 Group:		System/Libraries
@ -23,7 +23,6 @@ Source1:	ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc
 Source2:	Makefile.certificate
 Source3:	make-dummy-cert
 Source4:	openssl-thread-test.c
-Source5:	README.pkcs11
 # (gb) 0.9.7b-4mdk: Handle RPM_OPT_FLAGS in Configure
 Patch2:		openssl-optflags.diff
 # (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
@ -36,20 +35,20 @@ Patch12:	openssl-0.9.6-x509.patch
 Patch13:	openssl-0.9.7-beta5-version-add-engines.patch
 # http://qa.mandriva.com/show_bug.cgi?id=32621
 Patch15:        openssl-0.9.8e-crt.patch
-# http://blogs.sun.com/janp/
-Patch16:	pkcs11_engine-1.0.0.diff
 # MIPS and ARM support
 Patch300:	openssl-1.0.0-mips.patch
 Patch301:	openssl-1.0.0-arm.patch
 Patch302:	openssl-1.0.0-enginesdir.patch
+Patch303:	openssl-0.9.8a-no-rpath.patch
+Patch304:	openssl-1.0.1-test-use-localhost.diff
 Requires:	%{engines_name} = %{version}-%{release}
 Requires:	perl-base
 Requires:	rootcerts
 %{?_with_krb5:BuildRequires: krb5-devel}
-BuildRequires:	chrpath
 BuildRequires:	zlib-devel
 # (tv) for test suite:
 BuildRequires:	bc
+BuildRequires:	sctp-devel

 %description
 The openssl certificate management tool and the shared libraries that provide
@ -107,7 +106,7 @@ cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
 %prep

 %setup -q -n %{name}-%{version}
-%patch2 -p1 -b .optflags
+%patch2 -p0 -b .optflags
 %patch6 -p0 -b .icpbrasil
 %patch7 -p1 -b .defaults
 %{?_with_krb5:%patch8 -p1 -b .krb5}
@ -115,11 +114,12 @@ cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.
 %patch12 -p1 -b .x509
 %patch13 -p1 -b .version-add-engines
 %patch15 -p1 -b .crt
-%patch16 -p1 -b .pkcs11_engine

-%patch300 -p1 -b .mips
-%patch301 -p1 -b .arm
+%patch300 -p0 -b .mips
+%patch301 -p0 -b .arm
 %patch302 -p1 -b .engines
+%patch303 -p1 -b .no-rpath
+%patch304 -p0 -b .test-use-localhost

 perl -pi -e "s,^(OPENSSL_LIBNAME=).+$,\1%{_lib}," Makefile.org engines/Makefile

@ -129,7 +129,6 @@ perl util/perlpath.pl %{_bindir}/perl
 cp %{SOURCE2} Makefile.certificate
 cp %{SOURCE3} make-dummy-cert
 cp %{SOURCE4} openssl-thread-test.c
-cp %{SOURCE5} README.pkcs11

 %build 
 %serverbuild
@ -167,8 +166,7 @@ sslarch=linux-generic32
    --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
    --enginesdir=%{_libdir}/openssl-%{version}/engines \
    --prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \
-    --pk11-libname=%{_libdir}/pkcs11/PKCS11_API.so \
-    zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms shared ${sslarch} \
+    zlib no-idea no-rc5 enable-camellia enable-seed enable-tlsext enable-rfc3779 enable-cms sctp shared ${sslarch}

 # Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
 # marked as not requiring an executable stack.
@ -197,7 +195,6 @@ gcc -o openssl-thread-test \
 ./openssl-thread-test --threads %{thread_test_threads}

 %install
-rm -fr %{buildroot}

 %makeinstall \
    INSTALL_PREFIX=%{buildroot} \
@ -264,9 +261,6 @@ chmod 755 %{buildroot}%{_bindir}/*
 # nuke a mistake
 rm -f %{buildroot}%{_mandir}/man3/.3

-# nuke rpath
-chrpath -d %{buildroot}%{_bindir}/openssl
-
 # Fix libdir.
 pushd %{buildroot}%{_libdir}/pkgconfig
    for i in *.pc ; do
@ -284,7 +278,7 @@ perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pk

 %files 
 %doc FAQ INSTALL LICENSE NEWS PROBLEMS main-doc-info/README*
-%doc README README.ASN1 README.ENGINE README.pkcs11
+%doc README README.ASN1 README.ENGINE
 %dir %{_sysconfdir}/pki
 %dir %{_sysconfdir}/pki/CA
 %dir %{_sysconfdir}/pki/CA/private
@ -322,6 +316,14 @@ perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pk


 %changelog
+* Fri Mar 16 2012 Oden Eriksson <oeriksson@mandriva.com> 1.0.1-1
+ Revision: 785271
+- fix deps; sctp-devel for the new SCTP support in openssl
+- 1.0.1
+- drop the pkcs11_engine patch by sun (now oracle), it's nowhere to be found...
+- rediffed some patches
+- added 2 patches from fedora
+
 * Tue Mar 13 2012 Oden Eriksson <oeriksson@mandriva.com> 1.0.0h-1
 + Revision: 784664
 - 1.0.0h
--- a/pkcs11_engine-1.0.0.diff
+++ b/pkcs11_engine-1.0.0.diff