- up to 1.0.1f; fixes CVE-2013-4353, CVE-2013-6449, CVE-2013-6450

diff --git a/aesni-mac.patch b/aesni-mac.patch
deleted file mode 100644 (file)
index 7bb5345..0000000
--- a/aesni-mac.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From: Andy Polyakov <appro@openssl.org>
-Date: Mon, 18 Mar 2013 19:29:41 +0100
-Subject: e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms.
-Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=9ab3ce124616cb12bd39c6aa1e1bde0f46969b29
-Bug-Debian: http://bugs.debian.org/701868
-Bug: http://rt.openssl.org/Ticket/Display.html?id=3002&user=guest&pass=guest
-
-diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
-index 483e04b..fb2c884 100644
---- a/crypto/evp/e_aes_cbc_hmac_sha1.c
-+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
-@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- 
-                               if (res!=SHA_CBLOCK) continue;
- 
--                              mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
-+                              /* j is not incremented yet */
-+                              mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
-                               data->u[SHA_LBLOCK-1] |= bitlen&mask;
-                               sha1_block_data_order(&key->md,data,1);
--                              mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
-+                              mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
-                               pmac->u[0] |= key->md.h0 & mask;
-                               pmac->u[1] |= key->md.h1 & mask;
-                               pmac->u[2] |= key->md.h2 & mask;
-

diff --git a/dtls_version.patch b/dtls_version.patch
deleted file mode 100644 (file)
index 1537868..0000000
--- a/dtls_version.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From: David Woodhouse <dwmw2@infradead.org>
-Date: Tue, 12 Feb 2013 14:55:32 +0000
-Subject: Check DTLS_BAD_VER for version number.
-Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=9fe4603b8245425a4c46986ed000fca054231253
-Bug-Debian: http://bugs.debian.org/701826
-Bug: http://rt.openssl.org/Ticket/Display.html?id=2984&user=guest&pass=guest
-
-The version check for DTLS1_VERSION was redundant as
-DTLS1_VERSION > TLS1_1_VERSION, however we do need to
-check for DTLS1_BAD_VER for compatibility.
-
-diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
-index 02edf3f..443a31e 100644
---- a/ssl/s3_cbc.c
-+++ b/ssl/s3_cbc.c
-@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s,
-       unsigned padding_length, good, to_check, i;
-       const unsigned overhead = 1 /* padding length byte */ + mac_size;
-       /* Check if version requires explicit IV */
--      if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION)
-+      if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER)
-               {
-               /* These lengths are all public so we can test them in
-                * non-constant time.
-

diff --git a/get_certificate.patch b/get_certificate.patch
deleted file mode 100644 (file)
index 69ca7d9..0000000
--- a/get_certificate.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Mon, 11 Feb 2013 18:24:03 +0000
-Subject: Fix for SSL_get_certificate
-Origin: upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=147dbb2fe3bead7a10e2f280261b661ce7af7adc
-Bug-Debian: http://bugs.debian.org/703031
-
-
-Now we set the current certificate to the one used by a server
-there is no need to call ssl_get_server_send_cert which will
-fail if we haven't sent a certificate yet.
-
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 14d143d..ff5a85a 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -2792,9 +2792,7 @@ void ssl_clear_cipher_ctx(SSL *s)
- /* Fix this function so that it takes an optional type parameter */
- X509 *SSL_get_certificate(const SSL *s)
-       {
--      if (s->server)
--              return(ssl_get_server_send_cert(s));
--      else if (s->cert != NULL)
-+      if (s->cert != NULL)
-               return(s->cert->key->x509);
-       else
-               return(NULL);
-

diff --git a/openssl-find.patch b/openssl-find.patch
new file mode 100644 (file)
index 0000000..8ca7a55
--- /dev/null
+++ b/openssl-find.patch
@@ -0,0 +1,61 @@
+diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.0i/find.pl b/meta/recipes-connectivity/openssl/openssl-1.0.0i/find.pl
+new file mode 100644
+index 0000000..8e1b42c
+--- /dev/null
++++ openssl-1.0.0i/find.pl
+@@ -0,0 +1,54 @@
++warn "Legacy library @{[(caller(0))[6]]} will be removed from the Perl core distribution in the next major release. Please install it from the CPAN distribution Perl4::CoreLibs. It is being used at @{[(caller)[1]]}, line @{[(caller)[2]]}.\n";
++
++# This library is deprecated and unmaintained. It is included for
++# compatibility with Perl 4 scripts which may use it, but it will be
++# removed in a future version of Perl. Please use the File::Find module
++# instead.
++
++# Usage:
++#     require "find.pl";
++#
++#     &find('/foo','/bar');
++#
++#     sub wanted { ... }
++#             where wanted does whatever you want.  $dir contains the
++#             current directory name, and $_ the current filename within
++#             that directory.  $name contains "$dir/$_".  You are cd'ed
++#             to $dir when the function is called.  The function may
++#             set $prune to prune the tree.
++#
++# For example,
++#
++#   find / -name .nfs\* -mtime +7 -exec rm -f {} \; -o -fstype nfs -prune
++#
++# corresponds to this
++#
++#     sub wanted {
++#         /^\.nfs.*$/ &&
++#         (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_)) &&
++#         int(-M _) > 7 &&
++#         unlink($_)
++#         ||
++#         ($nlink || (($dev,$ino,$mode,$nlink,$uid,$gid) = lstat($_))) &&
++#         $dev < 0 &&
++#         ($prune = 1);
++#     }
++#
++# Set the variable $dont_use_nlink if you're using AFS, since AFS cheats.
++
++use File::Find ();
++
++*name         = *File::Find::name;
++*prune                = *File::Find::prune;
++*dir          = *File::Find::dir;
++*topdir               = *File::Find::topdir;
++*topdev               = *File::Find::topdev;
++*topino               = *File::Find::topino;
++*topmode      = *File::Find::topmode;
++*topnlink     = *File::Find::topnlink;
++
++sub find {
++    &File::Find::find(\&wanted, @_);
++}
++
++1;
+

diff --git a/openssl-pod.patch b/openssl-pod.patch
new file mode 100644 (file)
index 0000000..b5fe11e
--- /dev/null
+++ b/openssl-pod.patch
@@ -0,0 +1,460 @@
+diff -urN openssl-1.0.1f.org/doc/apps/cms.pod openssl-1.0.1f/doc/apps/cms.pod
+--- openssl-1.0.1f.org/doc/apps/cms.pod        2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/apps/cms.pod    2014-01-19 01:10:11.205967419 +0100
+@@ -450,28 +450,28 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ the operation was completely successfully.
+ 
+-=item 1 
++=item C<1> 
+ 
+ an error occurred parsing the command options.
+ 
+-=item 2
++=item C<2>
+ 
+ one of the input files could not be read.
+ 
+-=item 3
++=item C<3>
+ 
+ an error occurred creating the CMS file or when reading the MIME
+ message.
+ 
+-=item 4
++=item C<4>
+ 
+ an error occurred decrypting or verifying the message.
+ 
+-=item 5
++=item C<5>
+ 
+ the message was verified correctly but an error occurred writing out
+ the signers certificates.
+diff -urN openssl-1.0.1f.org/doc/apps/smime.pod openssl-1.0.1f/doc/apps/smime.pod
+--- openssl-1.0.1f.org/doc/apps/smime.pod      2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/apps/smime.pod  2014-01-19 01:10:11.229301529 +0100
+@@ -308,28 +308,28 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ the operation was completely successfully.
+ 
+-=item 1 
++=item C<1> 
+ 
+ an error occurred parsing the command options.
+ 
+-=item 2
++=item C<2>
+ 
+ one of the input files could not be read.
+ 
+-=item 3
++=item C<3>
+ 
+ an error occurred creating the PKCS#7 file or when reading the MIME
+ message.
+ 
+-=item 4
++=item C<4>
+ 
+ an error occurred decrypting or verifying the message.
+ 
+-=item 5
++=item C<5>
+ 
+ the message was verified correctly but an error occurred writing out
+ the signers certificates.
+diff -urN openssl-1.0.1f.org/doc/apps/ts.pod openssl-1.0.1f/doc/apps/ts.pod
+--- openssl-1.0.1f.org/doc/apps/ts.pod 2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/apps/ts.pod     2014-01-19 01:10:11.239301862 +0100
+@@ -58,19 +58,19 @@
+ 
+ =over 4
+ 
+-=item 1.
++=item C<1>.
+ 
+ The TSA client computes a one-way hash value for a data file and sends
+ the hash to the TSA.
+ 
+-=item 2.
++=item C<2>.
+ 
+ The TSA attaches the current date and time to the received hash value,
+ signs them and sends the time stamp token back to the client. By
+ creating this token the TSA certifies the existence of the original
+ data file at the time of response generation.
+ 
+-=item 3.
++=item C<3>.
+ 
+ The TSA client receives the time stamp token and verifies the
+ signature on it. It also checks if the token contains the same hash
+diff -urN openssl-1.0.1f.org/doc/crypto/rand.pod openssl-1.0.1f/doc/crypto/rand.pod
+--- openssl-1.0.1f.org/doc/crypto/rand.pod     2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/crypto/rand.pod 2014-01-19 01:10:11.382639970 +0100
+@@ -74,16 +74,16 @@
+ 
+ =over 4
+ 
+-=item 1
++=item C<1>
+ 
+ A good hashing algorithm to mix things up and to convert the RNG 'state'
+ to random numbers.
+ 
+-=item 2
++=item C<2>
+ 
+ An initial source of random 'state'.
+ 
+-=item 3
++=item C<3>
+ 
+ The state should be very large.  If the RNG is being used to generate
+ 4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
+@@ -93,13 +93,13 @@
+ a bad idea to keep quite a lot of RNG state.  It should be easier to
+ break a cipher than guess the RNG seed data.
+ 
+-=item 4
++=item C<4>
+ 
+ Any RNG seed data should influence all subsequent random numbers
+ generated.  This implies that any random seed data entered will have
+ an influence on all subsequent random numbers generated.
+ 
+-=item 5
++=item C<5>
+ 
+ When using data to seed the RNG state, the data used should not be
+ extractable from the RNG state.  I believe this should be a
+@@ -108,12 +108,12 @@
+ not be disclosed by either subsequent random numbers or a
+ 'core' dump left by a program crash.
+ 
+-=item 6
++=item C<6>
+ 
+ Given the same initial 'state', 2 systems should deviate in their RNG state
+ (and hence the random numbers generated) over time if at all possible.
+ 
+-=item 7
++=item C<7>
+ 
+ Given the random number output stream, it should not be possible to determine
+ the RNG state or the next random number.
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_accept.pod openssl-1.0.1f/doc/ssl/SSL_accept.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_accept.pod  2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_accept.pod      2014-01-19 01:10:11.409307524 +0100
+@@ -44,13 +44,13 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_clear.pod openssl-1.0.1f/doc/ssl/SSL_clear.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_clear.pod   2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_clear.pod       2014-01-19 01:10:11.415974413 +0100
+@@ -56,12 +56,12 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The SSL_clear() operation could not be performed. Check the error stack to
+ find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The SSL_clear() operation was successful.
+ 
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_COMP_add_compression_method.pod     2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod 2014-01-19 01:10:11.415974413 +0100
+@@ -53,11 +53,11 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The operation succeeded.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation failed. Check the error queue to find out the reason.
+ 
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_connect.pod openssl-1.0.1f/doc/ssl/SSL_connect.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_connect.pod 2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_connect.pod     2014-01-19 01:10:11.415974413 +0100
+@@ -41,13 +41,13 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_CTX_add_session.pod openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_CTX_add_session.pod 2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod     2014-01-19 01:10:11.419307858 +0100
+@@ -52,13 +52,13 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+  The operation failed. In case of the add operation, it was tried to add
+  the same (identical) session twice. In case of the remove operation, the
+  session was not found in the cache.
+ 
+-=item 1
++=item C<1>
+  
+  The operation succeeded.
+ 
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_CTX_load_verify_locations.pod openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_CTX_load_verify_locations.pod       2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod   2014-01-19 01:10:11.422641302 +0100
+@@ -100,13 +100,13 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The operation failed because B<CAfile> and B<CApath> are NULL or the
+ processing at one of the locations specified failed. Check the error
+ stack to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation succeeded.
+ 
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_CTX_set_client_CA_list.pod openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_CTX_set_client_CA_list.pod  2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod      2014-01-19 01:10:11.429308190 +0100
+@@ -66,13 +66,13 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ A failure while manipulating the STACK_OF(X509_NAME) object occurred or
+ the X509_NAME could not be extracted from B<cacert>. Check the error stack
+ to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation succeeded.
+ 
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_CTX_set_session_id_context.pod openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_CTX_set_session_id_context.pod      2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod  2014-01-19 01:10:11.439308524 +0100
+@@ -64,13 +64,13 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
+ the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
+ is logged to the error stack.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation succeeded.
+ 
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_CTX_set_ssl_version.pod openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_CTX_set_ssl_version.pod     2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-01-19 01:10:11.439308524 +0100
+@@ -42,11 +42,11 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The new choice failed, check the error stack to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation succeeded.
+ 
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_CTX_use_psk_identity_hint.pod openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_CTX_use_psk_identity_hint.pod       2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod   2014-01-19 01:10:11.445975412 +0100
+@@ -96,7 +96,7 @@
+ connection will fail with decryption_error before it will be finished
+ completely.
+ 
+-=item 0
++=item C<0>
+ 
+ PSK identity was not found. An "unknown_psk_identity" alert message
+ will be sent and the connection setup fails.
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_do_handshake.pod openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_do_handshake.pod    2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod        2014-01-19 01:10:11.445975412 +0100
+@@ -45,13 +45,13 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The TLS/SSL handshake was not successful but was shut down controlled and
+ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
+ return value B<ret> to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
+ established.
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_read.pod openssl-1.0.1f/doc/ssl/SSL_read.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_read.pod    2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_read.pod        2014-01-19 01:10:11.459309190 +0100
+@@ -86,7 +86,7 @@
+ The read operation was successful; the return value is the number of
+ bytes actually read from the TLS/SSL connection.
+ 
+-=item 0
++=item C<0>
+ 
+ The read operation was not successful. The reason may either be a clean
+ shutdown due to a "close notify" alert sent by the peer (in which case
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_session_reused.pod openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_session_reused.pod  2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod      2014-01-19 01:10:11.465976078 +0100
+@@ -27,11 +27,11 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ A new session was negotiated.
+ 
+-=item 1
++=item C<1>
+ 
+ A session was reused.
+ 
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_set_fd.pod openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_set_fd.pod  2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod      2014-01-19 01:10:11.469309522 +0100
+@@ -35,11 +35,11 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The operation failed. Check the error stack to find out why.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation succeeded.
+ 
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_set_session.pod openssl-1.0.1f/doc/ssl/SSL_set_session.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_set_session.pod     2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod 2014-01-19 01:10:11.469309522 +0100
+@@ -37,11 +37,11 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The operation failed; check the error stack to find out the reason.
+ 
+-=item 1
++=item C<1>
+ 
+ The operation succeeded.
+ 
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_set_shutdown.pod openssl-1.0.1f/doc/ssl/SSL_set_shutdown.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_set_shutdown.pod    2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_set_shutdown.pod        2014-01-19 01:10:11.469309522 +0100
+@@ -24,7 +24,7 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ No shutdown setting, yet.
+ 
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_shutdown.pod openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_shutdown.pod        2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod    2014-01-19 01:10:11.469309522 +0100
+@@ -92,14 +92,14 @@
+ 
+ =over 4
+ 
+-=item 0
++=item C<0>
+ 
+ The shutdown is not yet finished. Call SSL_shutdown() for a second time,
+ if a bidirectional shutdown shall be performed.
+ The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
+ erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
+ 
+-=item 1
++=item C<1>
+ 
+ The shutdown was successfully completed. The "close notify" alert was sent
+ and the peer's "close notify" alert was received.
+diff -urN openssl-1.0.1f.org/doc/ssl/SSL_write.pod openssl-1.0.1f/doc/ssl/SSL_write.pod
+--- openssl-1.0.1f.org/doc/ssl/SSL_write.pod   2014-01-06 14:47:42.000000000 +0100
++++ openssl-1.0.1f/doc/ssl/SSL_write.pod       2014-01-19 01:10:11.475976412 +0100
+@@ -79,7 +79,7 @@
+ The write operation was successful, the return value is the number of
+ bytes actually written to the TLS/SSL connection.
+ 
+-=item 0
++=item C<0>
+ 
+ The write operation was not successful. Probably the underlying connection
+ was closed. Call SSL_get_error() with the return value B<ret> to find out,

diff --git a/openssl.spec b/openssl.spec
index 1fe6dd4ce1db7b463acdd539f4301322a8bb8995..8ddbc348b30eec9a8f3742326ba4ff93ffbe06bd 100644 (file)
--- a/openssl.spec
+++ b/openssl.spec
@@ -16,12 +16,12 @@ Summary(pt_BR.UTF-8):       Uma biblioteca C que fornece vários algoritmos e protocol
 Summary(ru.UTF-8):     Библиотеки и утилиты для соединений через Secure Sockets Layer
 Summary(uk.UTF-8):     Бібліотеки та утиліти для з'єднань через Secure Sockets Layer
 Name:          openssl
-Version:       1.0.1e
-Release:       3
+Version:       1.0.1f
+Release:       1
 License:       Apache-like
 Group:         Libraries
 Source0:       ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
-# Source0-md5: 66bf6f10f060d561929de96f9dfe5b8c
+# Source0-md5: f26b09c028a0541cab33da697d522b25
 Source2:       %{name}.1.pl
 Source3:       %{name}-ssl-certificate.sh
 Source4:       %{name}-c_rehash.sh
@@ -33,15 +33,13 @@ Patch4:             %{name}-man-namespace.patch
 Patch5:                %{name}-asflag.patch
 Patch6:                %{name}-ca-certificates.patch
 Patch7:                %{name}-ldflags.patch
+Patch8:                %{name}-find.patch
+Patch9:                %{name}-pod.patch
 
 # from debian
-Patch10:       aesni-mac.patch
-Patch11:       cpuid.patch
-Patch12:       default_bits.patch
-Patch13:       dtls_version.patch
-Patch14:       get_certificate.patch
-Patch15:       pic.patch
-Patch16:       stddef.patch
+Patch10:       default_bits.patch
+Patch11:       pic.patch
+Patch12:       stddef.patch
 
 URL:           http://www.openssl.org/
 BuildRequires: bc
@@ -257,14 +255,12 @@ RC4, RSA и SSL. Включает статические библиотеки д
 %patch5 -p1
 %patch6 -p1
 %patch7 -p1
+%patch8 -p1
+%patch9 -p1
 
 %patch10 -p1
 %patch11 -p1
 %patch12 -p1
-%patch13 -p1
-%patch14 -p1
-%patch15 -p1
-%patch16 -p1
 
 sed -i -e 's|\$prefix/\$libdir/engines|/%{_lib}/engines|g' Configure