Date: Monday, January 6, 2014 @ 21:34:00 Author: pierre Revision: 203254
upgpkg: openssl 1.0.1.f-1 Added: openssl/trunk/openssl-1.0.1f-perl-5.18.patch Modified: openssl/trunk/PKGBUILD Deleted: openssl/trunk/openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch openssl/trunk/openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch openssl/trunk/openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch openssl/trunk/openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch openssl/trunk/openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch openssl/trunk/openssl-1.0.1e-fix_pod_syntax-1.patch --------------------------------------------------------------------------+ PKGBUILD | 33 openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch | 31 openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch | 77 - openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch | 78 - openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch | 30 openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch | 32 openssl-1.0.1e-fix_pod_syntax-1.patch | 393 ---------- openssl-1.0.1f-perl-5.18.patch | 356 +++++++++ 8 files changed, 362 insertions(+), 668 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2014-01-06 20:32:13 UTC (rev 203253) +++ PKGBUILD 2014-01-06 20:34:00 UTC (rev 203254) @@ -2,11 +2,11 @@ # Maintainer: Pierre Schmitz <pie...@archlinux.de> pkgname=openssl -_ver=1.0.1e +_ver=1.0.1f # use a pacman compatible version scheme pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} #pkgver=$_ver -pkgrel=6 +pkgrel=1 pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security' arch=('i686' 'x86_64') url='https://www.openssl.org' @@ -19,22 +19,12 @@ "https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz.asc" 'no-rpath.patch' 'ca-dir.patch' - 'openssl-1.0.1e-fix_pod_syntax-1.patch' - 'openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch' - 'openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch' - 'openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch' - 'openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch' - 'openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch') -md5sums=('66bf6f10f060d561929de96f9dfe5b8c' + 'openssl-1.0.1f-perl-5.18.patch') +md5sums=('f26b09c028a0541cab33da697d522b25' 'SKIP' 'dc78d3d06baffc16217519242ce92478' '3bf51be3a1bbd262be46dc619f92aa90' - '88d3bef4bbdc640b0412315d8d347bdf' - 'ae7848bb152b8834ceff30c8c480d422' - 'c5cc62a47cef72f4e5ad119a88e97ae4' - '3f674c14f07d9c7efd64c58e966eda83' - '756362dfdd40cee380d3158022415fc4' - 'fc0c0466ea2f4f8446d16050a9639dee') + 'ea2a61c8bd43788d81d98f1ac36c98ac') prepare() { cd $srcdir/$pkgname-$_ver @@ -44,18 +34,7 @@ # set ca dir to /etc/ssl by default patch -p0 -i $srcdir/ca-dir.patch - patch -p1 -i $srcdir/openssl-1.0.1e-fix_pod_syntax-1.patch - # OpenSSL 1.0.0k, 1.0.1.d, 1.0.1e fail handshake with DTLS1_BAD_VER - # http://rt.openssl.org/Ticket/Display.html?id=2984 - patch -p1 -i $srcdir/openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch - # Communication problems with 1.0.1e - # http://rt.openssl.org/Ticket/Display.html?id=3002 - patch -p1 -i $srcdir/openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch - # CVE-2013-6449; FS#38357 - patch -p1 -i $srcdir/openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch - patch -p1 -i $srcdir/openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch - # CVE-2013-6450 - patch -p1 -i $srcdir/openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch + patch -p1 -i $srcdir/openssl-1.0.1f-perl-5.18.patch } build() { Deleted: openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch =================================================================== --- openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch 2014-01-06 20:32:13 UTC (rev 203253) +++ openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch 2014-01-06 20:34:00 UTC (rev 203254) @@ -1,31 +0,0 @@ -From 9fe4603b8245425a4c46986ed000fca054231253 Mon Sep 17 00:00:00 2001 -From: David Woodhouse <dw...@infradead.org> -Date: Tue, 12 Feb 2013 14:55:32 +0000 -Subject: Check DTLS_BAD_VER for version number. - -The version check for DTLS1_VERSION was redundant as -DTLS1_VERSION > TLS1_1_VERSION, however we do need to -check for DTLS1_BAD_VER for compatibility. - -PR:2984 -(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc) ---- - ssl/s3_cbc.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c -index 02edf3f..443a31e 100644 ---- a/ssl/s3_cbc.c -+++ b/ssl/s3_cbc.c -@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s, - unsigned padding_length, good, to_check, i; - const unsigned overhead = 1 /* padding length byte */ + mac_size; - /* Check if version requires explicit IV */ -- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) -+ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) - { - /* These lengths are all public so we can test them in - * non-constant time. --- -1.8.4.2 - Deleted: openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch =================================================================== --- openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch 2014-01-06 20:32:13 UTC (rev 203253) +++ openssl-1.0.1-Check-EVP-errors-for-handshake-digests.patch 2014-01-06 20:34:00 UTC (rev 203254) @@ -1,77 +0,0 @@ -From 0294b2be5f4c11e60620c0018674ff0e17b14238 Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" <st...@openssl.org> -Date: Sat, 14 Dec 2013 13:55:48 +0000 -Subject: Check EVP errors for handshake digests. - -Partial mitigation of PR#3200 ---- - ssl/s3_both.c | 2 ++ - ssl/s3_pkt.c | 8 +++++++- - ssl/t1_enc.c | 11 ++++++----- - 3 files changed, 15 insertions(+), 6 deletions(-) - -diff --git a/ssl/s3_both.c b/ssl/s3_both.c -index ead01c8..1e5dcab 100644 ---- a/ssl/s3_both.c -+++ b/ssl/s3_both.c -@@ -161,6 +161,8 @@ int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) - - i=s->method->ssl3_enc->final_finish_mac(s, - sender,slen,s->s3->tmp.finish_md); -+ if (i == 0) -+ return 0; - s->s3->tmp.finish_md_len = i; - memcpy(p, s->s3->tmp.finish_md, i); - p+=i; -diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c -index 804291e..c4bc4e7 100644 ---- a/ssl/s3_pkt.c -+++ b/ssl/s3_pkt.c -@@ -1459,8 +1459,14 @@ int ssl3_do_change_cipher_spec(SSL *s) - slen=s->method->ssl3_enc->client_finished_label_len; - } - -- s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, -+ i = s->method->ssl3_enc->final_finish_mac(s, - sender,slen,s->s3->tmp.peer_finish_md); -+ if (i == 0) -+ { -+ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR); -+ return 0; -+ } -+ s->s3->tmp.peer_finish_md_len = i; - - return(1); - } -diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c -index 809ad2e..72015f5 100644 ---- a/ssl/t1_enc.c -+++ b/ssl/t1_enc.c -@@ -915,18 +915,19 @@ int tls1_final_finish_mac(SSL *s, - if (mask & ssl_get_algorithm2(s)) - { - int hashsize = EVP_MD_size(md); -- if (hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) -+ EVP_MD_CTX *hdgst = s->s3->handshake_dgst[idx]; -+ if (!hdgst || hashsize < 0 || hashsize > (int)(sizeof buf - (size_t)(q-buf))) - { - /* internal error: 'buf' is too small for this cipersuite! */ - err = 1; - } - else - { -- EVP_MD_CTX_copy_ex(&ctx,s->s3->handshake_dgst[idx]); -- EVP_DigestFinal_ex(&ctx,q,&i); -- if (i != (unsigned int)hashsize) /* can't really happen */ -+ if (!EVP_MD_CTX_copy_ex(&ctx, hdgst) || -+ !EVP_DigestFinal_ex(&ctx,q,&i) || -+ (i != (unsigned int)hashsize)) - err = 1; -- q+=i; -+ q+=hashsize; - } - } - } --- -1.8.5.2 - Deleted: openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch =================================================================== --- openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch 2014-01-06 20:32:13 UTC (rev 203253) +++ openssl-1.0.1-Fix-DTLS-retransmission-from-previous-session.patch 2014-01-06 20:34:00 UTC (rev 203254) @@ -1,78 +0,0 @@ -From 34628967f1e65dc8f34e000f0f5518e21afbfc7b Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" <st...@openssl.org> -Date: Fri, 20 Dec 2013 15:26:50 +0000 -Subject: Fix DTLS retransmission from previous session. - -For DTLS we might need to retransmit messages from the previous session -so keep a copy of write context in DTLS retransmission buffers instead -of replacing it after sending CCS. CVE-2013-6450. ---- - ssl/d1_both.c | 6 ++++++ - ssl/ssl_locl.h | 2 ++ - ssl/t1_enc.c | 17 +++++++++++------ - 3 files changed, 19 insertions(+), 6 deletions(-) - -diff --git a/ssl/d1_both.c b/ssl/d1_both.c -index 65ec001..7a5596a 100644 ---- a/ssl/d1_both.c -+++ b/ssl/d1_both.c -@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) - static void - dtls1_hm_fragment_free(hm_fragment *frag) - { -+ -+ if (frag->msg_header.is_ccs) -+ { -+ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); -+ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); -+ } - if (frag->fragment) OPENSSL_free(frag->fragment); - if (frag->reassembly) OPENSSL_free(frag->reassembly); - OPENSSL_free(frag); -diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h -index 96ce9a7..e485907 100644 ---- a/ssl/ssl_locl.h -+++ b/ssl/ssl_locl.h -@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data; - extern SSL3_ENC_METHOD SSLv3_enc_data; - extern SSL3_ENC_METHOD DTLSv1_enc_data; - -+#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION) -+ - #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \ - s_get_meth) \ - const SSL_METHOD *func_name(void) \ -diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c -index 72015f5..56db834 100644 ---- a/ssl/t1_enc.c -+++ b/ssl/t1_enc.c -@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which) - s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; - else - s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; -- if (s->enc_write_ctx != NULL) -+ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) - reuse_dd = 1; -- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) -+ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL) - goto err; -- else -- /* make sure it's intialized in case we exit later with an error */ -- EVP_CIPHER_CTX_init(s->enc_write_ctx); - dd= s->enc_write_ctx; -- mac_ctx = ssl_replace_hash(&s->write_hash,NULL); -+ if (SSL_IS_DTLS(s)) -+ { -+ mac_ctx = EVP_MD_CTX_create(); -+ if (!mac_ctx) -+ goto err; -+ s->write_hash = mac_ctx; -+ } -+ else -+ mac_ctx = ssl_replace_hash(&s->write_hash,NULL); - #ifndef OPENSSL_NO_COMP - if (s->compress != NULL) - { --- -1.8.5.2 - Deleted: openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch =================================================================== --- openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch 2014-01-06 20:32:13 UTC (rev 203253) +++ openssl-1.0.1-Use-version-in-SSL_METHOD-not-SSL-structure.patch 2014-01-06 20:34:00 UTC (rev 203254) @@ -1,30 +0,0 @@ -From ca989269a2876bae79393bd54c3e72d49975fc75 Mon Sep 17 00:00:00 2001 -From: "Dr. Stephen Henson" <st...@openssl.org> -Date: Thu, 19 Dec 2013 14:37:39 +0000 -Subject: Use version in SSL_METHOD not SSL structure. - -When deciding whether to use TLS 1.2 PRF and record hash algorithms -use the version number in the corresponding SSL_METHOD structure -instead of the SSL structure. The SSL structure version is sometimes -inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already. -(CVE-2013-6449) ---- - ssl/s3_lib.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c -index bf832bb..c4ef273 100644 ---- a/ssl/s3_lib.c -+++ b/ssl/s3_lib.c -@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT. - long ssl_get_algorithm2(SSL *s) - { - long alg2 = s->s3->tmp.new_cipher->algorithm2; -- if (TLS1_get_version(s) >= TLS1_2_VERSION && -+ if (s->method->version == TLS1_2_VERSION && - alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) - return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; - return alg2; --- -1.8.5.2 - Deleted: openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch =================================================================== --- openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch 2014-01-06 20:32:13 UTC (rev 203253) +++ openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch 2014-01-06 20:34:00 UTC (rev 203254) @@ -1,32 +0,0 @@ -From 9ab3ce124616cb12bd39c6aa1e1bde0f46969b29 Mon Sep 17 00:00:00 2001 -From: Andy Polyakov <ap...@openssl.org> -Date: Mon, 18 Mar 2013 19:29:41 +0100 -Subject: e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms. - -PR: 3002 -(cherry picked from commit 5c60046553716fcf160718f59160493194f212dc) ---- - crypto/evp/e_aes_cbc_hmac_sha1.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c -index 483e04b..fb2c884 100644 ---- a/crypto/evp/e_aes_cbc_hmac_sha1.c -+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c -@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, - - if (res!=SHA_CBLOCK) continue; - -- mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1)); -+ /* j is not incremented yet */ -+ mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1)); - data->u[SHA_LBLOCK-1] |= bitlen&mask; - sha1_block_data_order(&key->md,data,1); -- mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1)); -+ mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1)); - pmac->u[0] |= key->md.h0 & mask; - pmac->u[1] |= key->md.h1 & mask; - pmac->u[2] |= key->md.h2 & mask; --- -1.8.4.2 - Deleted: openssl-1.0.1e-fix_pod_syntax-1.patch =================================================================== --- openssl-1.0.1e-fix_pod_syntax-1.patch 2014-01-06 20:32:13 UTC (rev 203253) +++ openssl-1.0.1e-fix_pod_syntax-1.patch 2014-01-06 20:34:00 UTC (rev 203254) @@ -1,393 +0,0 @@ -Submitted By: Martin Ward <macros_the_black at ntlworld dot com> -Date: 2013-06-18 -Initial Package Version: 1.0.1e -Upstream Status: Unknown -Origin: self, based on fedora -Description: Fixes install with perl-5.18. - -diff -Naur openssl-1.0.1e.orig/doc/apps/cms.pod openssl-1.0.1e/doc/apps/cms.pod ---- openssl-1.0.1e.orig/doc/apps/cms.pod 2013-06-06 14:35:15.867871879 +0100 -+++ openssl-1.0.1e/doc/apps/cms.pod 2013-06-06 14:35:25.791747119 +0100 -@@ -450,28 +450,28 @@ - - =over 4 - --=item 0 -+=item C<0> - - the operation was completely successfully. - --=item 1 -+=item C<1> - - an error occurred parsing the command options. - --=item 2 -+=item C<2> - - one of the input files could not be read. - --=item 3 -+=item C<3> - - an error occurred creating the CMS file or when reading the MIME - message. - --=item 4 -+=item C<4> - - an error occurred decrypting or verifying the message. - --=item 5 -+=item C<5> - - the message was verified correctly but an error occurred writing out - the signers certificates. -diff -Naur openssl-1.0.1e.orig/doc/apps/smime.pod openssl-1.0.1e/doc/apps/smime.pod ---- openssl-1.0.1e.orig/doc/apps/smime.pod 2013-06-06 14:35:15.867871879 +0100 -+++ openssl-1.0.1e/doc/apps/smime.pod 2013-06-06 14:35:25.794747082 +0100 -@@ -308,28 +308,28 @@ - - =over 4 - --=item 0 -+=item C<0> - - the operation was completely successfully. - --=item 1 -+=item C<1> - - an error occurred parsing the command options. - --=item 2 -+=item C<2> - - one of the input files could not be read. - --=item 3 -+=item C<3> - - an error occurred creating the PKCS#7 file or when reading the MIME - message. - --=item 4 -+=item C<4> - - an error occurred decrypting or verifying the message. - --=item 5 -+=item C<5> - - the message was verified correctly but an error occurred writing out - the signers certificates. -diff -Naur openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod ---- openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod 2013-06-06 14:35:15.874871791 +0100 -+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod 2013-06-06 14:37:13.826388940 +0100 -@@ -278,6 +278,8 @@ - an application specific error. This will never be returned unless explicitly - set by an application. - -+=back -+ - =head1 NOTES - - The above functions should be used instead of directly referencing the fields -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod openssl-1.0.1e/doc/ssl/SSL_accept.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod 2013-06-06 14:35:15.871871829 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-06-06 14:35:25.796747057 +0100 -@@ -44,12 +44,12 @@ - - =over 4 - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod openssl-1.0.1e/doc/ssl/SSL_clear.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod 2013-06-06 14:35:15.871871829 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-06-06 14:35:25.803746969 +0100 -@@ -56,12 +56,12 @@ - - =over 4 - --=item 0 -+=item C<0> - - The SSL_clear() operation could not be performed. Check the error stack to - find out the reason. - --=item 1 -+=item C<1> - - The SSL_clear() operation was successful. - -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2013-06-06 14:35:15.870871842 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-06-06 14:35:25.806746931 +0100 -@@ -53,11 +53,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation succeeded. - --=item 1 -+=item C<1> - - The operation failed. Check the error queue to find out the reason. - -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod openssl-1.0.1e/doc/ssl/SSL_connect.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod 2013-06-06 14:35:15.869871854 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-06-06 14:35:25.808746906 +0100 -@@ -41,12 +41,12 @@ - - =over 4 - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod 2013-06-06 14:35:15.871871829 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-06-06 14:35:25.816746805 +0100 -@@ -52,13 +52,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed. In case of the add operation, it was tried to add - the same (identical) session twice. In case of the remove operation, the - session was not found in the cache. - --=item 1 -+=item C<1> - - The operation succeeded. - -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-06-06 14:35:15.870871842 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-06-06 14:35:25.818746780 +0100 -@@ -100,13 +100,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed because B<CAfile> and B<CApath> are NULL or the - processing at one of the locations specified failed. Check the error - stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-06-06 14:35:15.871871829 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-06-06 14:35:25.821746742 +0100 -@@ -66,11 +66,11 @@ - - =over 4 - --=item 1 -+=item C<1> - - The operation succeeded. - --=item 0 -+=item C<0> - - A failure while manipulating the STACK_OF(X509_NAME) object occurred or - the X509_NAME could not be extracted from B<cacert>. Check the error stack -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-06-06 14:35:15.871871829 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-06-06 14:35:25.828746654 +0100 -@@ -64,13 +64,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded - the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error - is logged to the error stack. - --=item 1 -+=item C<1> - - The operation succeeded. - -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-06-06 14:35:15.871871829 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-06-06 14:35:25.831746617 +0100 -@@ -42,11 +42,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The new choice failed, check the error stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-06-06 14:35:15.870871842 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-06-06 14:36:42.456783309 +0100 -@@ -81,6 +81,8 @@ - - Return values from the server callback are interpreted as follows: - -+=over -+ - =item > 0 - - PSK identity was found and the server callback has provided the PSK -@@ -94,9 +96,11 @@ - connection will fail with decryption_error before it will be finished - completely. - --=item 0 -+=item C<0> - - PSK identity was not found. An "unknown_psk_identity" alert message - will be sent and the connection setup fails. - -+=back -+ - =cut -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod 2013-06-06 14:35:15.869871854 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-06-06 14:35:25.839746516 +0100 -@@ -45,12 +45,12 @@ - - =over 4 - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_read.pod openssl-1.0.1e/doc/ssl/SSL_read.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod 2013-06-06 14:35:15.871871829 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-06-06 14:35:25.847746415 +0100 -@@ -86,7 +86,7 @@ - The read operation was successful; the return value is the number of - bytes actually read from the TLS/SSL connection. - --=item 0 -+=item C<0> - - The read operation was not successful. The reason may either be a clean - shutdown due to a "close notify" alert sent by the peer (in which case -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod openssl-1.0.1e/doc/ssl/SSL_session_reused.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod 2013-06-06 14:35:15.871871829 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-06-06 14:35:25.849746390 +0100 -@@ -27,11 +27,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - A new session was negotiated. - --=item 1 -+=item C<1> - - A session was reused. - -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod openssl-1.0.1e/doc/ssl/SSL_set_fd.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod 2013-06-06 14:35:15.869871854 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-06-06 14:35:25.852746353 +0100 -@@ -35,11 +35,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed. Check the error stack to find out why. - --=item 1 -+=item C<1> - - The operation succeeded. - -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod openssl-1.0.1e/doc/ssl/SSL_set_session.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod 2013-06-06 14:35:15.870871842 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-06-06 14:35:25.855746315 +0100 -@@ -37,11 +37,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed; check the error stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod openssl-1.0.1e/doc/ssl/SSL_shutdown.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod 2013-06-06 14:35:15.870871842 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-06-06 14:35:25.857746290 +0100 -@@ -92,12 +92,12 @@ - - =over 4 - --=item 1 -+=item C<1> - - The shutdown was successfully completed. The "close notify" alert was sent - and the peer's "close notify" alert was received. - --=item 0 -+=item C<0> - - The shutdown is not yet finished. Call SSL_shutdown() for a second time, - if a bidirectional shutdown shall be performed. -diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_write.pod openssl-1.0.1e/doc/ssl/SSL_write.pod ---- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod 2013-06-06 14:35:15.870871842 +0100 -+++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-06-06 14:35:25.865746189 +0100 -@@ -79,7 +79,7 @@ - The write operation was successful, the return value is the number of - bytes actually written to the TLS/SSL connection. - --=item 0 -+=item C<0> - - The write operation was not successful. Probably the underlying connection - was closed. Call SSL_get_error() with the return value B<ret> to find out, Added: openssl-1.0.1f-perl-5.18.patch =================================================================== --- openssl-1.0.1f-perl-5.18.patch (rev 0) +++ openssl-1.0.1f-perl-5.18.patch 2014-01-06 20:34:00 UTC (rev 203254) @@ -0,0 +1,356 @@ +Forward-ported from openssl-1.0.1e-perl-5.18.patch +Fixes install with perl-5.18. + +https://bugs.gentoo.org/show_bug.cgi?id=497286 + +Signed-off-by: Lars Wendler <polynomia...@gentoo.org> + +--- openssl-1.0.1f/doc/apps/cms.pod ++++ openssl-1.0.1f/doc/apps/cms.pod +@@ -450,28 +450,28 @@ + + =over 4 + +-=item 0 ++=item C<0> + + the operation was completely successfully. + +-=item 1 ++=item C<1> + + an error occurred parsing the command options. + +-=item 2 ++=item C<2> + + one of the input files could not be read. + +-=item 3 ++=item C<3> + + an error occurred creating the CMS file or when reading the MIME + message. + +-=item 4 ++=item C<4> + + an error occurred decrypting or verifying the message. + +-=item 5 ++=item C<5> + + the message was verified correctly but an error occurred writing out + the signers certificates. +--- openssl-1.0.1f/doc/apps/smime.pod ++++ openssl-1.0.1f/doc/apps/smime.pod +@@ -308,28 +308,28 @@ + + =over 4 + +-=item 0 ++=item C<0> + + the operation was completely successfully. + +-=item 1 ++=item C<1> + + an error occurred parsing the command options. + +-=item 2 ++=item C<2> + + one of the input files could not be read. + +-=item 3 ++=item C<3> + + an error occurred creating the PKCS#7 file or when reading the MIME + message. + +-=item 4 ++=item C<4> + + an error occurred decrypting or verifying the message. + +-=item 5 ++=item C<5> + + the message was verified correctly but an error occurred writing out + the signers certificates. +--- openssl-1.0.1f/doc/ssl/SSL_accept.pod ++++ openssl-1.0.1f/doc/ssl/SSL_accept.pod +@@ -44,13 +44,13 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The TLS/SSL handshake was not successful but was shut down controlled and + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the + return value B<ret> to find out the reason. + +-=item 1 ++=item C<1> + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. +--- openssl-1.0.1f/doc/ssl/SSL_clear.pod ++++ openssl-1.0.1f/doc/ssl/SSL_clear.pod +@@ -56,12 +56,12 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The SSL_clear() operation could not be performed. Check the error stack to + find out the reason. + +-=item 1 ++=item C<1> + + The SSL_clear() operation was successful. + +--- openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod ++++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod +@@ -53,11 +53,11 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The operation succeeded. + +-=item 1 ++=item C<1> + + The operation failed. Check the error queue to find out the reason. + +--- openssl-1.0.1f/doc/ssl/SSL_connect.pod ++++ openssl-1.0.1f/doc/ssl/SSL_connect.pod +@@ -41,13 +41,13 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The TLS/SSL handshake was not successful but was shut down controlled and + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the + return value B<ret> to find out the reason. + +-=item 1 ++=item C<1> + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. +--- openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod +@@ -52,13 +52,13 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The operation failed. In case of the add operation, it was tried to add + the same (identical) session twice. In case of the remove operation, the + session was not found in the cache. + +-=item 1 ++=item C<1> + + The operation succeeded. + +--- openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod +@@ -100,13 +100,13 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The operation failed because B<CAfile> and B<CApath> are NULL or the + processing at one of the locations specified failed. Check the error + stack to find out the reason. + +-=item 1 ++=item C<1> + + The operation succeeded. + +--- openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod +@@ -66,13 +66,13 @@ + + =over 4 + +-=item 0 ++=item C<0> + + A failure while manipulating the STACK_OF(X509_NAME) object occurred or + the X509_NAME could not be extracted from B<cacert>. Check the error stack + to find out the reason. + +-=item 1 ++=item C<1> + + The operation succeeded. + +--- openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod +@@ -64,13 +64,13 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded + the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error + is logged to the error stack. + +-=item 1 ++=item C<1> + + The operation succeeded. + +--- openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod +@@ -42,11 +42,11 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The new choice failed, check the error stack to find out the reason. + +-=item 1 ++=item C<1> + + The operation succeeded. + +--- openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod ++++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod +@@ -96,7 +96,7 @@ + connection will fail with decryption_error before it will be finished + completely. + +-=item 0 ++=item C<0> + + PSK identity was not found. An "unknown_psk_identity" alert message + will be sent and the connection setup fails. +--- openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod ++++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod +@@ -45,13 +45,13 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The TLS/SSL handshake was not successful but was shut down controlled and + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the + return value B<ret> to find out the reason. + +-=item 1 ++=item C<1> + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. +--- openssl-1.0.1f/doc/ssl/SSL_read.pod ++++ openssl-1.0.1f/doc/ssl/SSL_read.pod +@@ -86,7 +86,7 @@ + The read operation was successful; the return value is the number of + bytes actually read from the TLS/SSL connection. + +-=item 0 ++=item C<0> + + The read operation was not successful. The reason may either be a clean + shutdown due to a "close notify" alert sent by the peer (in which case +--- openssl-1.0.1f/doc/ssl/SSL_session_reused.pod ++++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod +@@ -27,11 +27,11 @@ + + =over 4 + +-=item 0 ++=item C<0> + + A new session was negotiated. + +-=item 1 ++=item C<1> + + A session was reused. + +--- openssl-1.0.1f/doc/ssl/SSL_set_fd.pod ++++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod +@@ -35,11 +35,11 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The operation failed. Check the error stack to find out why. + +-=item 1 ++=item C<1> + + The operation succeeded. + +--- openssl-1.0.1f/doc/ssl/SSL_set_session.pod ++++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod +@@ -37,11 +37,11 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The operation failed; check the error stack to find out the reason. + +-=item 1 ++=item C<1> + + The operation succeeded. + +--- openssl-1.0.1f/doc/ssl/SSL_shutdown.pod ++++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod +@@ -92,14 +92,14 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The shutdown is not yet finished. Call SSL_shutdown() for a second time, + if a bidirectional shutdown shall be performed. + The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an + erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. + +-=item 1 ++=item C<1> + + The shutdown was successfully completed. The "close notify" alert was sent + and the peer's "close notify" alert was received. +--- openssl-1.0.1f/doc/ssl/SSL_write.pod ++++ openssl-1.0.1f/doc/ssl/SSL_write.pod +@@ -79,7 +79,7 @@ + The write operation was successful, the return value is the number of + bytes actually written to the TLS/SSL connection. + +-=item 0 ++=item C<0> + + The write operation was not successful. Probably the underlying connection + was closed. Call SSL_get_error() with the return value B<ret> to find out,