[arch-commits] Commit in openssl/trunk (8 files)
Pierre Schmitz
pierre at nymeria.archlinux.org
Mon Jan 6 20:34:01 UTC 2014
Date: Monday, January 6, 2014 @ 21:34:00
Author: pierre
Revision: 203254
upgpkg: openssl 1.0.1.f-1
Added:
openssl/trunk/openssl-1.0.1f-perl-5.18.patch
Modified:
openssl/trunk/PKGBUILD
Deleted:
openssl/trunk/openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch
openssl/trunk/openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch
openssl/trunk/openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch
openssl/trunk/openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch
openssl/trunk/openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch
openssl/trunk/openssl-1.0.1e-fix_pod_syntax-1.patch
--------------------------------------------------------------------------+
PKGBUILD | 33
openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch | 31
openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch | 77 -
openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch | 78 -
openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch | 30
openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch | 32
openssl-1.0.1e-fix_pod_syntax-1.patch | 393 ----------
openssl-1.0.1f-perl-5.18.patch | 356 +++++++++
8 files changed, 362 insertions(+), 668 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-01-06 20:32:13 UTC (rev 203253)
+++ PKGBUILD 2014-01-06 20:34:00 UTC (rev 203254)
@@ -2,11 +2,11 @@
# Maintainer: Pierre Schmitz <pierre at archlinux.de>
pkgname=openssl
-_ver=1.0.1e
+_ver=1.0.1f
# use a pacman compatible version scheme
pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
#pkgver=$_ver
-pkgrel=6
+pkgrel=1
pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
arch=('i686' 'x86_64')
url='https://www.openssl.org'
@@ -19,22 +19,12 @@
"https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz.asc"
'no-rpath.patch'
'ca-dir.patch'
- 'openssl-1.0.1e-fix_pod_syntax-1.patch'
- 'openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch'
- 'openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch'
- 'openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch'
- 'openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch'
- 'openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch')
-md5sums=('66bf6f10f060d561929de96f9dfe5b8c'
+ 'openssl-1.0.1f-perl-5.18.patch')
+md5sums=('f26b09c028a0541cab33da697d522b25'
'SKIP'
'dc78d3d06baffc16217519242ce92478'
'3bf51be3a1bbd262be46dc619f92aa90'
- '88d3bef4bbdc640b0412315d8d347bdf'
- 'ae7848bb152b8834ceff30c8c480d422'
- 'c5cc62a47cef72f4e5ad119a88e97ae4'
- '3f674c14f07d9c7efd64c58e966eda83'
- '756362dfdd40cee380d3158022415fc4'
- 'fc0c0466ea2f4f8446d16050a9639dee')
+ 'ea2a61c8bd43788d81d98f1ac36c98ac')
prepare() {
cd $srcdir/$pkgname-$_ver
@@ -44,18 +34,7 @@
# set ca dir to /etc/ssl by default
patch -p0 -i $srcdir/ca-dir.patch
- patch -p1 -i $srcdir/openssl-1.0.1e-fix_pod_syntax-1.patch
- # OpenSSL 1.0.0k, 1.0.1.d, 1.0.1e fail handshake with DTLS1_BAD_VER
- # http://rt.openssl.org/Ticket/Display.html?id=2984
- patch -p1 -i $srcdir/openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch
- # Communication problems with 1.0.1e
- # http://rt.openssl.org/Ticket/Display.html?id=3002
- patch -p1 -i $srcdir/openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch
- # CVE-2013-6449; FS#38357
- patch -p1 -i $srcdir/openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch
- patch -p1 -i $srcdir/openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch
- # CVE-2013-6450
- patch -p1 -i $srcdir/openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch
+ patch -p1 -i $srcdir/openssl-1.0.1f-perl-5.18.patch
}
build() {
Deleted: openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch
===================================================================
--- openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch 2014-01-06 20:32:13 UTC (rev 203253)
+++ openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch 2014-01-06 20:34:00 UTC (rev 203254)
@@ -1,31 +0,0 @@
-From 9fe4603b8245425a4c46986ed000fca054231253 Mon Sep 17 00:00:00 2001
-From: David Woodhouse <dwmw2 at infradead.org>
-Date: Tue, 12 Feb 2013 14:55:32 +0000
-Subject: Check DTLS_BAD_VER for version number.
-
-The version check for DTLS1_VERSION was redundant as
-DTLS1_VERSION > TLS1_1_VERSION, however we do need to
-check for DTLS1_BAD_VER for compatibility.
-
-PR:2984
-(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc)
----
- ssl/s3_cbc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
-index 02edf3f..443a31e 100644
---- a/ssl/s3_cbc.c
-+++ b/ssl/s3_cbc.c
-@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
- unsigned padding_length, good, to_check, i;
- const unsigned overhead = 1 /* padding length byte */ + mac_size;
- /* Check if version requires explicit IV */
-- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
-+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
- {
- /* These lengths are all public so we can test them in
- * non-constant time.
---
-1.8.4.2
-
Deleted: openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch
===================================================================
--- openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch 2014-01-06 20:32:13 UTC (rev 203253)
+++ openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch 2014-01-06 20:34:00 UTC (rev 203254)
@@ -1,77 +0,0 @@
-From 0294b2be5f4c11e60620c0018674ff0e17b14238 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve at openssl.org>
-Date: Sat, 14 Dec 2013 13:55:48 +0000
-Subject: Check EVP errors for handshake digests.
-
-Partial mitigation of PR#3200
----
- ssl/s3_both.c | 2 ++
- ssl/s3_pkt.c | 8 +++++++-
- ssl/t1_enc.c | 11 ++++++-----
- 3 files changed, 15 insertions(+), 6 deletions(-)
-
-diff --git a/ssl/s3_both.c b/ssl/s3_both.c
-index ead01c8..1e5dcab 100644
---- a/ssl/s3_both.c
-+++ b/ssl/s3_both.c
-@@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
-
- i=s->method->ssl3_enc->final_finish_mac(s,
- sender,slen,s->s3->tmp.finish_md);
-+ if (i == 0)
-+ return 0;
- s->s3->tmp.finish_md_len = i;
- memcpy(p, s->s3->tmp.finish_md, i);
- p+=i;
-diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
-index 804291e..c4bc4e7 100644
---- a/ssl/s3_pkt.c
-+++ b/ssl/s3_pkt.c
-@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s)
- slen=s->method->ssl3_enc->client_finished_label_len;
- }
-
-- s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
-+ i = s->method->ssl3_enc->final_finish_mac(s,
- sender,slen,s->s3->tmp.peer_finish_md);
-+ if (i == 0)
-+ {
-+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-+ s->s3->tmp.peer_finish_md_len = i;
-
- return(1);
- }
-diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index 809ad2e..72015f5 100644
---- a/ssl/t1_enc.c
-+++ b/ssl/t1_enc.c
-@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s,
- if (mask & ssl_get_algorithm2(s))
- {
- int hashsize = EVP_MD_size(md);
-- if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
-+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx];
-+ if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf)))
- {
- /* internal error: 'buf' is too small for this cipersuite! */
- err = 1;
- }
- else
- {
-- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]);
-- EVP_DigestFinal_ex(&ctx,q,&i);
-- if (i != (unsigned int)hashsize) /* can't really happen */
-+ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) ||
-+ !EVP_DigestFinal_ex(&ctx,q,&i) ||
-+ (i != (unsigned int)hashsize))
- err = 1;
-- q+=i;
-+ q+=hashsize;
- }
- }
- }
---
-1.8.5.2
-
Deleted: openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch
===================================================================
--- openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch 2014-01-06 20:32:13 UTC (rev 203253)
+++ openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch 2014-01-06 20:34:00 UTC (rev 203254)
@@ -1,78 +0,0 @@
-From 34628967f1e65dc8f34e000f0f5518e21afbfc7b Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve at openssl.org>
-Date: Fri, 20 Dec 2013 15:26:50 +0000
-Subject: Fix DTLS retransmission from previous session.
-
-For DTLS we might need to retransmit messages from the previous session
-so keep a copy of write context in DTLS retransmission buffers instead
-of replacing it after sending CCS. CVE-2013-6450.
----
- ssl/d1_both.c | 6 ++++++
- ssl/ssl_locl.h | 2 ++
- ssl/t1_enc.c | 17 +++++++++++------
- 3 files changed, 19 insertions(+), 6 deletions(-)
-
-diff --git a/ssl/d1_both.c b/ssl/d1_both.c
-index 65ec001..7a5596a 100644
---- a/ssl/d1_both.c
-+++ b/ssl/d1_both.c
-@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
- static void
- dtls1_hm_fragment_free(hm_fragment *frag)
- {
-+
-+ if (frag->msg_header.is_ccs)
-+ {
-+ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx);
-+ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);
-+ }
- if (frag->fragment) OPENSSL_free(frag->fragment);
- if (frag->reassembly) OPENSSL_free(frag->reassembly);
- OPENSSL_free(frag);
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
-index 96ce9a7..e485907 100644
---- a/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
-@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data;
- extern SSL3_ENC_METHOD SSLv3_enc_data;
- extern SSL3_ENC_METHOD DTLSv1_enc_data;
-
-+#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION)
-+
- #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \
- s_get_meth) \
- const SSL_METHOD *func_name(void) \
-diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index 72015f5..56db834 100644
---- a/ssl/t1_enc.c
-+++ b/ssl/t1_enc.c
-@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which)
- s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
- else
- s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
-- if (s->enc_write_ctx != NULL)
-+ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s))
- reuse_dd = 1;
-- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
-+ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL)
- goto err;
-- else
-- /* make sure it's intialized in case we exit later with an error */
-- EVP_CIPHER_CTX_init(s->enc_write_ctx);
- dd= s->enc_write_ctx;
-- mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
-+ if (SSL_IS_DTLS(s))
-+ {
-+ mac_ctx = EVP_MD_CTX_create();
-+ if (!mac_ctx)
-+ goto err;
-+ s->write_hash = mac_ctx;
-+ }
-+ else
-+ mac_ctx = ssl_replace_hash(&s->write_hash,NULL);
- #ifndef OPENSSL_NO_COMP
- if (s->compress != NULL)
- {
---
-1.8.5.2
-
Deleted: openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch
===================================================================
--- openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch 2014-01-06 20:32:13 UTC (rev 203253)
+++ openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch 2014-01-06 20:34:00 UTC (rev 203254)
@@ -1,30 +0,0 @@
-From ca989269a2876bae79393bd54c3e72d49975fc75 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve at openssl.org>
-Date: Thu, 19 Dec 2013 14:37:39 +0000
-Subject: Use version in SSL_METHOD not SSL structure.
-
-When deciding whether to use TLS 1.2 PRF and record hash algorithms
-use the version number in the corresponding SSL_METHOD structure
-instead of the SSL structure. The SSL structure version is sometimes
-inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
-(CVE-2013-6449)
----
- ssl/s3_lib.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index bf832bb..c4ef273 100644
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
- long ssl_get_algorithm2(SSL *s)
- {
- long alg2 = s->s3->tmp.new_cipher->algorithm2;
-- if (TLS1_get_version(s) >= TLS1_2_VERSION &&
-+ if (s->method->version == TLS1_2_VERSION &&
- alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
- return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
- return alg2;
---
-1.8.5.2
-
Deleted: openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch
===================================================================
--- openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch 2014-01-06 20:32:13 UTC (rev 203253)
+++ openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch 2014-01-06 20:34:00 UTC (rev 203254)
@@ -1,32 +0,0 @@
-From 9ab3ce124616cb12bd39c6aa1e1bde0f46969b29 Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro at openssl.org>
-Date: Mon, 18 Mar 2013 19:29:41 +0100
-Subject: e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
-
-PR: 3002
-(cherry picked from commit 5c60046553716fcf160718f59160493194f212dc)
----
- crypto/evp/e_aes_cbc_hmac_sha1.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
-index 483e04b..fb2c884 100644
---- a/crypto/evp/e_aes_cbc_hmac_sha1.c
-+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
-@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-
- if (res!=SHA_CBLOCK) continue;
-
-- mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
-+ /* j is not incremented yet */
-+ mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
- data->u[SHA_LBLOCK-1] |= bitlen&mask;
- sha1_block_data_order(&key->md,data,1);
-- mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
-+ mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
- pmac->u[0] |= key->md.h0 & mask;
- pmac->u[1] |= key->md.h1 & mask;
- pmac->u[2] |= key->md.h2 & mask;
---
-1.8.4.2
-
Deleted: openssl-1.0.1e-fix_pod_syntax-1.patch
===================================================================
--- openssl-1.0.1e-fix_pod_syntax-1.patch 2014-01-06 20:32:13 UTC (rev 203253)
+++ openssl-1.0.1e-fix_pod_syntax-1.patch 2014-01-06 20:34:00 UTC (rev 203254)
@@ -1,393 +0,0 @@
-Submitted By: Martin Ward <macros_the_black at ntlworld dot com>
-Date: 2013-06-18
-Initial Package Version: 1.0.1e
-Upstream Status: Unknown
-Origin: self, based on fedora
-Description: Fixes install with perl-5.18.
-
-diff -Naur openssl-1.0.1e.orig/doc/apps/cms.pod openssl-1.0.1e/doc/apps/cms.pod
---- openssl-1.0.1e.orig/doc/apps/cms.pod 2013-06-06 14:35:15.867871879 +0100
-+++ openssl-1.0.1e/doc/apps/cms.pod 2013-06-06 14:35:25.791747119 +0100
-@@ -450,28 +450,28 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- the operation was completely successfully.
-
--=item 1
-+=item C<1>
-
- an error occurred parsing the command options.
-
--=item 2
-+=item C<2>
-
- one of the input files could not be read.
-
--=item 3
-+=item C<3>
-
- an error occurred creating the CMS file or when reading the MIME
- message.
-
--=item 4
-+=item C<4>
-
- an error occurred decrypting or verifying the message.
-
--=item 5
-+=item C<5>
-
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-diff -Naur openssl-1.0.1e.orig/doc/apps/smime.pod openssl-1.0.1e/doc/apps/smime.pod
---- openssl-1.0.1e.orig/doc/apps/smime.pod 2013-06-06 14:35:15.867871879 +0100
-+++ openssl-1.0.1e/doc/apps/smime.pod 2013-06-06 14:35:25.794747082 +0100
-@@ -308,28 +308,28 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- the operation was completely successfully.
-
--=item 1
-+=item C<1>
-
- an error occurred parsing the command options.
-
--=item 2
-+=item C<2>
-
- one of the input files could not be read.
-
--=item 3
-+=item C<3>
-
- an error occurred creating the PKCS#7 file or when reading the MIME
- message.
-
--=item 4
-+=item C<4>
-
- an error occurred decrypting or verifying the message.
-
--=item 5
-+=item C<5>
-
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-diff -Naur openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod
---- openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod 2013-06-06 14:35:15.874871791 +0100
-+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod 2013-06-06 14:37:13.826388940 +0100
-@@ -278,6 +278,8 @@
- an application specific error. This will never be returned unless explicitly
- set by an application.
-
-+=back
-+
- =head1 NOTES
-
- The above functions should be used instead of directly referencing the fields
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod openssl-1.0.1e/doc/ssl/SSL_accept.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod 2013-06-06 14:35:15.871871829 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-06-06 14:35:25.796747057 +0100
-@@ -44,12 +44,12 @@
-
- =over 4
-
--=item 1
-+=item C<1>
-
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-
--=item 0
-+=item C<0>
-
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod openssl-1.0.1e/doc/ssl/SSL_clear.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod 2013-06-06 14:35:15.871871829 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-06-06 14:35:25.803746969 +0100
-@@ -56,12 +56,12 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The SSL_clear() operation could not be performed. Check the error stack to
- find out the reason.
-
--=item 1
-+=item C<1>
-
- The SSL_clear() operation was successful.
-
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2013-06-06 14:35:15.870871842 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-06-06 14:35:25.806746931 +0100
-@@ -53,11 +53,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation succeeded.
-
--=item 1
-+=item C<1>
-
- The operation failed. Check the error queue to find out the reason.
-
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod openssl-1.0.1e/doc/ssl/SSL_connect.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod 2013-06-06 14:35:15.869871854 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-06-06 14:35:25.808746906 +0100
-@@ -41,12 +41,12 @@
-
- =over 4
-
--=item 1
-+=item C<1>
-
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-
--=item 0
-+=item C<0>
-
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod 2013-06-06 14:35:15.871871829 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-06-06 14:35:25.816746805 +0100
-@@ -52,13 +52,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation failed. In case of the add operation, it was tried to add
- the same (identical) session twice. In case of the remove operation, the
- session was not found in the cache.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-06-06 14:35:15.870871842 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-06-06 14:35:25.818746780 +0100
-@@ -100,13 +100,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation failed because B<CAfile> and B<CApath> are NULL or the
- processing at one of the locations specified failed. Check the error
- stack to find out the reason.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-06-06 14:35:15.871871829 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-06-06 14:35:25.821746742 +0100
-@@ -66,11 +66,11 @@
-
- =over 4
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
--=item 0
-+=item C<0>
-
- A failure while manipulating the STACK_OF(X509_NAME) object occurred or
- the X509_NAME could not be extracted from B<cacert>. Check the error stack
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-06-06 14:35:15.871871829 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-06-06 14:35:25.828746654 +0100
-@@ -64,13 +64,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
- the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
- is logged to the error stack.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-06-06 14:35:15.871871829 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-06-06 14:35:25.831746617 +0100
-@@ -42,11 +42,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The new choice failed, check the error stack to find out the reason.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-06-06 14:35:15.870871842 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-06-06 14:36:42.456783309 +0100
-@@ -81,6 +81,8 @@
-
- Return values from the server callback are interpreted as follows:
-
-+=over
-+
- =item > 0
-
- PSK identity was found and the server callback has provided the PSK
-@@ -94,9 +96,11 @@
- connection will fail with decryption_error before it will be finished
- completely.
-
--=item 0
-+=item C<0>
-
- PSK identity was not found. An "unknown_psk_identity" alert message
- will be sent and the connection setup fails.
-
-+=back
-+
- =cut
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod 2013-06-06 14:35:15.869871854 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-06-06 14:35:25.839746516 +0100
-@@ -45,12 +45,12 @@
-
- =over 4
-
--=item 1
-+=item C<1>
-
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-
--=item 0
-+=item C<0>
-
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_read.pod openssl-1.0.1e/doc/ssl/SSL_read.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod 2013-06-06 14:35:15.871871829 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-06-06 14:35:25.847746415 +0100
-@@ -86,7 +86,7 @@
- The read operation was successful; the return value is the number of
- bytes actually read from the TLS/SSL connection.
-
--=item 0
-+=item C<0>
-
- The read operation was not successful. The reason may either be a clean
- shutdown due to a "close notify" alert sent by the peer (in which case
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod 2013-06-06 14:35:15.871871829 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-06-06 14:35:25.849746390 +0100
-@@ -27,11 +27,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- A new session was negotiated.
-
--=item 1
-+=item C<1>
-
- A session was reused.
-
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod 2013-06-06 14:35:15.869871854 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-06-06 14:35:25.852746353 +0100
-@@ -35,11 +35,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation failed. Check the error stack to find out why.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod openssl-1.0.1e/doc/ssl/SSL_set_session.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod 2013-06-06 14:35:15.870871842 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-06-06 14:35:25.855746315 +0100
-@@ -37,11 +37,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation failed; check the error stack to find out the reason.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod 2013-06-06 14:35:15.870871842 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-06-06 14:35:25.857746290 +0100
-@@ -92,12 +92,12 @@
-
- =over 4
-
--=item 1
-+=item C<1>
-
- The shutdown was successfully completed. The "close notify" alert was sent
- and the peer's "close notify" alert was received.
-
--=item 0
-+=item C<0>
-
- The shutdown is not yet finished. Call SSL_shutdown() for a second time,
- if a bidirectional shutdown shall be performed.
-diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_write.pod openssl-1.0.1e/doc/ssl/SSL_write.pod
---- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod 2013-06-06 14:35:15.870871842 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-06-06 14:35:25.865746189 +0100
-@@ -79,7 +79,7 @@
- The write operation was successful, the return value is the number of
- bytes actually written to the TLS/SSL connection.
-
--=item 0
-+=item C<0>
-
- The write operation was not successful. Probably the underlying connection
- was closed. Call SSL_get_error() with the return value B<ret> to find out,
Added: openssl-1.0.1f-perl-5.18.patch
===================================================================
--- openssl-1.0.1f-perl-5.18.patch (rev 0)
+++ openssl-1.0.1f-perl-5.18.patch 2014-01-06 20:34:00 UTC (rev 203254)
@@ -0,0 +1,356 @@
+Forward-ported from openssl-1.0.1e-perl-5.18.patch
+Fixes install with perl-5.18.
+
+https://bugs.gentoo.org/show_bug.cgi?id=497286
+
+Signed-off-by: Lars Wendler <polynomial-c at gentoo.org>
+
+--- openssl-1.0.1f/doc/apps/cms.pod
++++ openssl-1.0.1f/doc/apps/cms.pod
+@@ -450,28 +450,28 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ the operation was completely successfully.
+
+-=item 1
++=item C<1>
+
+ an error occurred parsing the command options.
+
+-=item 2
++=item C<2>
+
+ one of the input files could not be read.
+
+-=item 3
++=item C<3>
+
+ an error occurred creating the CMS file or when reading the MIME
+ message.
+
+-=item 4
++=item C<4>
+
+ an error occurred decrypting or verifying the message.
+
+-=item 5
++=item C<5>
+
+ the message was verified correctly but an error occurred writing out
+ the signers certificates.
+--- openssl-1.0.1f/doc/apps/smime.pod
++++ openssl-1.0.1f/doc/apps/smime.pod
+@@ -308,28 +308,28 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ the operation was completely successfully.
+
+-=item 1
++=item C<1>
+
+ an error occurred parsing the command options.
+
+-=item 2
++=item C<2>
+
+ one of the input files could not be read.
+
+-=item 3
++=item C<3>
+
+ an error occurred creating the PKCS#7 file or when reading the MIME
+ message.
+
+-=item 4
++=item C<4>
+
+ an error occurred decrypting or verifying the message.
+
+-=item 5
++=item C<5>
+
+ the message was verified correctly but an error occurred writing out
+ the signers certificates.
+--- openssl-1.0.1f/doc/ssl/SSL_accept.pod
++++ openssl-1.0.1f/doc/ssl/SSL_accept.pod
+@@ -44,13 +44,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+--- openssl-1.0.1f/doc/ssl/SSL_clear.pod
++++ openssl-1.0.1f/doc/ssl/SSL_clear.pod
+@@ -56,12 +56,12 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The SSL_clear() operation could not be performed. Check the error stack to
+ find out the reason.
+
+-=item 1
++=item C<1>
+
+ The SSL_clear() operation was successful.
+
+--- openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
++++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
+@@ -53,11 +53,11 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The operation succeeded.
+
+-=item 1
++=item C<1>
+
+ The operation failed. Check the error queue to find out the reason.
+
+--- openssl-1.0.1f/doc/ssl/SSL_connect.pod
++++ openssl-1.0.1f/doc/ssl/SSL_connect.pod
+@@ -41,13 +41,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+--- openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
++++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
+@@ -52,13 +52,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The operation failed. In case of the add operation, it was tried to add
+ the same (identical) session twice. In case of the remove operation, the
+ session was not found in the cache.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
+--- openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
++++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
+@@ -100,13 +100,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The operation failed because B<CAfile> and B<CApath> are NULL or the
+ processing at one of the locations specified failed. Check the error
+ stack to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
+--- openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
+@@ -66,13 +66,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ A failure while manipulating the STACK_OF(X509_NAME) object occurred or
+ the X509_NAME could not be extracted from B<cacert>. Check the error stack
+ to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
+--- openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
+@@ -64,13 +64,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
+ the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
+ is logged to the error stack.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
+--- openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
+@@ -42,11 +42,11 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The new choice failed, check the error stack to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
+--- openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
++++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+@@ -96,7 +96,7 @@
+ connection will fail with decryption_error before it will be finished
+ completely.
+
+-=item 0
++=item C<0>
+
+ PSK identity was not found. An "unknown_psk_identity" alert message
+ will be sent and the connection setup fails.
+--- openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
++++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
+@@ -45,13 +45,13 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+--- openssl-1.0.1f/doc/ssl/SSL_read.pod
++++ openssl-1.0.1f/doc/ssl/SSL_read.pod
+@@ -86,7 +86,7 @@
+ The read operation was successful; the return value is the number of
+ bytes actually read from the TLS/SSL connection.
+
+-=item 0
++=item C<0>
+
+ The read operation was not successful. The reason may either be a clean
+ shutdown due to a "close notify" alert sent by the peer (in which case
+--- openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
++++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
+@@ -27,11 +27,11 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ A new session was negotiated.
+
+-=item 1
++=item C<1>
+
+ A session was reused.
+
+--- openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
++++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
+@@ -35,11 +35,11 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The operation failed. Check the error stack to find out why.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
+--- openssl-1.0.1f/doc/ssl/SSL_set_session.pod
++++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod
+@@ -37,11 +37,11 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The operation failed; check the error stack to find out the reason.
+
+-=item 1
++=item C<1>
+
+ The operation succeeded.
+
+--- openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
++++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
+@@ -92,14 +92,14 @@
+
+ =over 4
+
+-=item 0
++=item C<0>
+
+ The shutdown is not yet finished. Call SSL_shutdown() for a second time,
+ if a bidirectional shutdown shall be performed.
+ The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
+ erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
+
+-=item 1
++=item C<1>
+
+ The shutdown was successfully completed. The "close notify" alert was sent
+ and the peer's "close notify" alert was received.
+--- openssl-1.0.1f/doc/ssl/SSL_write.pod
++++ openssl-1.0.1f/doc/ssl/SSL_write.pod
+@@ -79,7 +79,7 @@
+ The write operation was successful, the return value is the number of
+ bytes actually written to the TLS/SSL connection.
+
+-=item 0
++=item C<0>
+
+ The write operation was not successful. Probably the underlying connection
+ was closed. Call SSL_get_error() with the return value B<ret> to find out,
More information about the arch-commits
mailing list