diff --git a/core/openssl-cryptodev/PKGBUILD b/core/openssl-cryptodev/PKGBUILD index 9540007bf..fccb5130e 100644 --- a/core/openssl-cryptodev/PKGBUILD +++ b/core/openssl-cryptodev/PKGBUILD @@ -14,16 +14,16 @@ buildarch=6 pkgname=openssl-cryptodev _pkgname=openssl -_ver=1.0.1f +_ver=1.0.1e # use a pacman compatible version scheme pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}} #pkgver=$_ver -pkgrel=1 +pkgrel=5 pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security' arch=('arm' 'armv7h') url='https://www.openssl.org' license=('custom:BSD') -depends=('zlib' 'perl') +depends=('perl') optdepends=('ca-certificates') options=('!makeflags') backup=('etc/ssl/openssl.cnf') @@ -34,66 +34,79 @@ _cryptover=1.6 source=("https://www.openssl.org/source/${_pkgname}-${_ver}.tar.gz" 'no-rpath.patch' 'ca-dir.patch' + 'openssl-1.0.1e-fix_pod_syntax-1.patch' "http://download.gna.org/cryptodev-linux/cryptodev-linux-${_cryptover}.tar.gz" - 'openssl-1.0.1f-perl-5.18.patch') -md5sums=('f26b09c028a0541cab33da697d522b25' + 'openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch' + 'openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch') + +md5sums=('66bf6f10f060d561929de96f9dfe5b8c' 'dc78d3d06baffc16217519242ce92478' - '3bf51be3a1bbd262be46dc619f92aa90' + '3bf51be3a1bbd262be46dc619f92aa90' + '88d3bef4bbdc640b0412315d8d347bdf' 'eade38998313c25fd7934719cdf8a2ea' - 'ea2a61c8bd43788d81d98f1ac36c98ac') + 'ae7848bb152b8834ceff30c8c480d422' + 'c5cc62a47cef72f4e5ad119a88e97ae4') prepare() { - cd $srcdir/${_pkgname}-$_ver + cd $srcdir/${_pkgname}-$_ver - # remove rpath: http://bugs.archlinux.org/task/14367 - patch -p0 -i $srcdir/no-rpath.patch - # set ca dir to /etc/ssl by default - patch -p0 -i $srcdir/ca-dir.patch + # remove rpath: http://bugs.archlinux.org/task/14367 + patch -p0 -i $srcdir/no-rpath.patch + # set ca dir to /etc/ssl by default + patch -p0 -i $srcdir/ca-dir.patch - patch -p1 -i $srcdir/openssl-1.0.1f-perl-5.18.patch + patch -p1 -i $srcdir/openssl-1.0.1e-fix_pod_syntax-1.patch - #Replace eng_cryptodev.c with cryptodev version - cp -u ${srcdir}/cryptodev-linux-${_cryptover}/extras/eng_cryptodev.c ${srcdir}/openssl-${_ver}/crypto/engine/ + # OpenSSL 1.0.0k, 1.0.1.d, 1.0.1e fail handshake with DTLS1_BAD_VER + # http://rt.openssl.org/Ticket/Display.html?id=2984 + patch -p1 -i $srcdir/openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch - #Copy the header file - cp -u ${srcdir}/cryptodev-linux-${_cryptover}/crypto/cryptodev.h ${srcdir}/openssl-${_ver}/crypto/ + # Communication problems with 1.0.1e + # http://rt.openssl.org/Ticket/Display.html?id=3002 + patch -p1 -i $srcdir/openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch + + #Replace eng_cryptodev.c with cryptodev version + cp -u ${srcdir}/cryptodev-linux-${_cryptover}/extras/eng_cryptodev.c ${srcdir}/openssl-${_ver}/crypto/engine/ + + #Copy the header file + cp -u ${srcdir}/cryptodev-linux-${_cryptover}/crypto/cryptodev.h ${srcdir}/openssl-${_ver}/crypto/ } build() { - cd $srcdir/${_pkgname}-$_ver + cd $srcdir/${_pkgname}-$_ver - if [ "${CARCH}" == 'x86_64' ]; then - openssltarget='linux-x86_64' - elif [ "${CARCH}" == 'i686' ]; then - openssltarget='linux-elf' - elif [ "${CARCH}" == 'arm' -o "${CARCH}" == 'armv7h' ]; then - openssltarget='linux-armv4' - fi + if [ "${CARCH}" == 'x86_64' ]; then + openssltarget='linux-x86_64' + elif [ "${CARCH}" == 'i686' ]; then + openssltarget='linux-elf' + elif [ "${CARCH}" == 'arm' -o "${CARCH}" == 'armv7h' ]; then + openssltarget='linux-armv4' + fi - # mark stack as non-executable: http://bugs.archlinux.org/task/12434 - ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \ - -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 \ - shared threads zlib \ - "${openssltarget}" \ - "-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}" + # mark stack as non-executable: http://bugs.archlinux.org/task/12434 + ./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \ + -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 \ + shared threads zlib \ + "${openssltarget}" \ + -Wa,--noexecstack "${CFLAGS}" - make depend - make + make depend + make } check() { - cd $srcdir/$_pkgname-$_ver - # the test fails due to missing write permissions in /etc/ssl - # revert this patch for make test - patch -p0 -R -i $srcdir/ca-dir.patch - #make test - patch -p0 -i $srcdir/ca-dir.patch + cd $srcdir/$_pkgname-$_ver + # the test fails due to missing write permissions in /etc/ssl + # revert this patch for make test + patch -p0 -R -i $srcdir/ca-dir.patch +# make test + patch -p0 -i $srcdir/ca-dir.patch } package() { - depends=('cryptodev_friendly') - cd $srcdir/$_pkgname-$_ver - make INSTALL_PREFIX=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install - install -D -m644 LICENSE $pkgdir/usr/share/licenses/$_pkgname/LICENSE + depends=('cryptodev_friendly') + cd $srcdir/$_pkgname-$_ver + make INSTALL_PREFIX=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install + install -D -m644 LICENSE $pkgdir/usr/share/licenses/$_pkgname/LICENSE } diff --git a/core/openssl-cryptodev/openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch b/core/openssl-cryptodev/openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch new file mode 100644 index 000000000..5a88220c3 --- /dev/null +++ b/core/openssl-cryptodev/openssl-1.0.1-Check-DTLS_BAD_VER-for-version-number.patch @@ -0,0 +1,31 @@ +From 9fe4603b8245425a4c46986ed000fca054231253 Mon Sep 17 00:00:00 2001 +From: David Woodhouse +Date: Tue, 12 Feb 2013 14:55:32 +0000 +Subject: Check DTLS_BAD_VER for version number. + +The version check for DTLS1_VERSION was redundant as +DTLS1_VERSION > TLS1_1_VERSION, however we do need to +check for DTLS1_BAD_VER for compatibility. + +PR:2984 +(cherry picked from commit d980abb22e22661e98e5cee33d760ab0c7584ecc) +--- + ssl/s3_cbc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c +index 02edf3f..443a31e 100644 +--- a/ssl/s3_cbc.c ++++ b/ssl/s3_cbc.c +@@ -148,7 +148,7 @@ int tls1_cbc_remove_padding(const SSL* s, + unsigned padding_length, good, to_check, i; + const unsigned overhead = 1 /* padding length byte */ + mac_size; + /* Check if version requires explicit IV */ +- if (s->version >= TLS1_1_VERSION || s->version == DTLS1_VERSION) ++ if (s->version >= TLS1_1_VERSION || s->version == DTLS1_BAD_VER) + { + /* These lengths are all public so we can test them in + * non-constant time. +-- +1.8.4.2 + diff --git a/core/openssl-cryptodev/openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch b/core/openssl-cryptodev/openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch new file mode 100644 index 000000000..f1a251227 --- /dev/null +++ b/core/openssl-cryptodev/openssl-1.0.1-e_aes_cbc_hmac_sha1.c-fix-rare-bad-record-mac-on-AES.patch @@ -0,0 +1,32 @@ +From 9ab3ce124616cb12bd39c6aa1e1bde0f46969b29 Mon Sep 17 00:00:00 2001 +From: Andy Polyakov +Date: Mon, 18 Mar 2013 19:29:41 +0100 +Subject: e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI plaforms. + +PR: 3002 +(cherry picked from commit 5c60046553716fcf160718f59160493194f212dc) +--- + crypto/evp/e_aes_cbc_hmac_sha1.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c +index 483e04b..fb2c884 100644 +--- a/crypto/evp/e_aes_cbc_hmac_sha1.c ++++ b/crypto/evp/e_aes_cbc_hmac_sha1.c +@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, + + if (res!=SHA_CBLOCK) continue; + +- mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1)); ++ /* j is not incremented yet */ ++ mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1)); + data->u[SHA_LBLOCK-1] |= bitlen&mask; + sha1_block_data_order(&key->md,data,1); +- mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1)); ++ mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1)); + pmac->u[0] |= key->md.h0 & mask; + pmac->u[1] |= key->md.h1 & mask; + pmac->u[2] |= key->md.h2 & mask; +-- +1.8.4.2 + diff --git a/core/openssl-cryptodev/openssl-1.0.1e-fix_pod_syntax-1.patch b/core/openssl-cryptodev/openssl-1.0.1e-fix_pod_syntax-1.patch new file mode 100644 index 000000000..ba25afec3 --- /dev/null +++ b/core/openssl-cryptodev/openssl-1.0.1e-fix_pod_syntax-1.patch @@ -0,0 +1,393 @@ +Submitted By: Martin Ward +Date: 2013-06-18 +Initial Package Version: 1.0.1e +Upstream Status: Unknown +Origin: self, based on fedora +Description: Fixes install with perl-5.18. + +diff -Naur openssl-1.0.1e.orig/doc/apps/cms.pod openssl-1.0.1e/doc/apps/cms.pod +--- openssl-1.0.1e.orig/doc/apps/cms.pod 2013-06-06 14:35:15.867871879 +0100 ++++ openssl-1.0.1e/doc/apps/cms.pod 2013-06-06 14:35:25.791747119 +0100 +@@ -450,28 +450,28 @@ + + =over 4 + +-=item 0 ++=item C<0> + + the operation was completely successfully. + +-=item 1 ++=item C<1> + + an error occurred parsing the command options. + +-=item 2 ++=item C<2> + + one of the input files could not be read. + +-=item 3 ++=item C<3> + + an error occurred creating the CMS file or when reading the MIME + message. + +-=item 4 ++=item C<4> + + an error occurred decrypting or verifying the message. + +-=item 5 ++=item C<5> + + the message was verified correctly but an error occurred writing out + the signers certificates. +diff -Naur openssl-1.0.1e.orig/doc/apps/smime.pod openssl-1.0.1e/doc/apps/smime.pod +--- openssl-1.0.1e.orig/doc/apps/smime.pod 2013-06-06 14:35:15.867871879 +0100 ++++ openssl-1.0.1e/doc/apps/smime.pod 2013-06-06 14:35:25.794747082 +0100 +@@ -308,28 +308,28 @@ + + =over 4 + +-=item 0 ++=item C<0> + + the operation was completely successfully. + +-=item 1 ++=item C<1> + + an error occurred parsing the command options. + +-=item 2 ++=item C<2> + + one of the input files could not be read. + +-=item 3 ++=item C<3> + + an error occurred creating the PKCS#7 file or when reading the MIME + message. + +-=item 4 ++=item C<4> + + an error occurred decrypting or verifying the message. + +-=item 5 ++=item C<5> + + the message was verified correctly but an error occurred writing out + the signers certificates. +diff -Naur openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod +--- openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod 2013-06-06 14:35:15.874871791 +0100 ++++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod 2013-06-06 14:37:13.826388940 +0100 +@@ -278,6 +278,8 @@ + an application specific error. This will never be returned unless explicitly + set by an application. + ++=back ++ + =head1 NOTES + + The above functions should be used instead of directly referencing the fields +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod openssl-1.0.1e/doc/ssl/SSL_accept.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod 2013-06-06 14:35:15.871871829 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_accept.pod 2013-06-06 14:35:25.796747057 +0100 +@@ -44,12 +44,12 @@ + + =over 4 + +-=item 1 ++=item C<1> + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. + +-=item 0 ++=item C<0> + + The TLS/SSL handshake was not successful but was shut down controlled and + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod openssl-1.0.1e/doc/ssl/SSL_clear.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod 2013-06-06 14:35:15.871871829 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_clear.pod 2013-06-06 14:35:25.803746969 +0100 +@@ -56,12 +56,12 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The SSL_clear() operation could not be performed. Check the error stack to + find out the reason. + +-=item 1 ++=item C<1> + + The SSL_clear() operation was successful. + +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2013-06-06 14:35:15.870871842 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod 2013-06-06 14:35:25.806746931 +0100 +@@ -53,11 +53,11 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The operation succeeded. + +-=item 1 ++=item C<1> + + The operation failed. Check the error queue to find out the reason. + +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod openssl-1.0.1e/doc/ssl/SSL_connect.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod 2013-06-06 14:35:15.869871854 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_connect.pod 2013-06-06 14:35:25.808746906 +0100 +@@ -41,12 +41,12 @@ + + =over 4 + +-=item 1 ++=item C<1> + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. + +-=item 0 ++=item C<0> + + The TLS/SSL handshake was not successful but was shut down controlled and + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod 2013-06-06 14:35:15.871871829 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod 2013-06-06 14:35:25.816746805 +0100 +@@ -52,13 +52,13 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The operation failed. In case of the add operation, it was tried to add + the same (identical) session twice. In case of the remove operation, the + session was not found in the cache. + +-=item 1 ++=item C<1> + + The operation succeeded. + +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-06-06 14:35:15.870871842 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod 2013-06-06 14:35:25.818746780 +0100 +@@ -100,13 +100,13 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The operation failed because B and B are NULL or the + processing at one of the locations specified failed. Check the error + stack to find out the reason. + +-=item 1 ++=item C<1> + + The operation succeeded. + +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-06-06 14:35:15.871871829 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod 2013-06-06 14:35:25.821746742 +0100 +@@ -66,11 +66,11 @@ + + =over 4 + +-=item 1 ++=item C<1> + + The operation succeeded. + +-=item 0 ++=item C<0> + + A failure while manipulating the STACK_OF(X509_NAME) object occurred or + the X509_NAME could not be extracted from B. Check the error stack +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-06-06 14:35:15.871871829 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod 2013-06-06 14:35:25.828746654 +0100 +@@ -64,13 +64,13 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The length B of the session id context B exceeded + the maximum allowed length of B. The error + is logged to the error stack. + +-=item 1 ++=item C<1> + + The operation succeeded. + +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-06-06 14:35:15.871871829 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod 2013-06-06 14:35:25.831746617 +0100 +@@ -42,11 +42,11 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The new choice failed, check the error stack to find out the reason. + +-=item 1 ++=item C<1> + + The operation succeeded. + +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-06-06 14:35:15.870871842 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2013-06-06 14:36:42.456783309 +0100 +@@ -81,6 +81,8 @@ + + Return values from the server callback are interpreted as follows: + ++=over ++ + =item > 0 + + PSK identity was found and the server callback has provided the PSK +@@ -94,9 +96,11 @@ + connection will fail with decryption_error before it will be finished + completely. + +-=item 0 ++=item C<0> + + PSK identity was not found. An "unknown_psk_identity" alert message + will be sent and the connection setup fails. + ++=back ++ + =cut +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod 2013-06-06 14:35:15.869871854 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod 2013-06-06 14:35:25.839746516 +0100 +@@ -45,12 +45,12 @@ + + =over 4 + +-=item 1 ++=item C<1> + + The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been + established. + +-=item 0 ++=item C<0> + + The TLS/SSL handshake was not successful but was shut down controlled and + by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_read.pod openssl-1.0.1e/doc/ssl/SSL_read.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod 2013-06-06 14:35:15.871871829 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_read.pod 2013-06-06 14:35:25.847746415 +0100 +@@ -86,7 +86,7 @@ + The read operation was successful; the return value is the number of + bytes actually read from the TLS/SSL connection. + +-=item 0 ++=item C<0> + + The read operation was not successful. The reason may either be a clean + shutdown due to a "close notify" alert sent by the peer (in which case +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod openssl-1.0.1e/doc/ssl/SSL_session_reused.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod 2013-06-06 14:35:15.871871829 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod 2013-06-06 14:35:25.849746390 +0100 +@@ -27,11 +27,11 @@ + + =over 4 + +-=item 0 ++=item C<0> + + A new session was negotiated. + +-=item 1 ++=item C<1> + + A session was reused. + +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod openssl-1.0.1e/doc/ssl/SSL_set_fd.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod 2013-06-06 14:35:15.869871854 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod 2013-06-06 14:35:25.852746353 +0100 +@@ -35,11 +35,11 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The operation failed. Check the error stack to find out why. + +-=item 1 ++=item C<1> + + The operation succeeded. + +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod openssl-1.0.1e/doc/ssl/SSL_set_session.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod 2013-06-06 14:35:15.870871842 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod 2013-06-06 14:35:25.855746315 +0100 +@@ -37,11 +37,11 @@ + + =over 4 + +-=item 0 ++=item C<0> + + The operation failed; check the error stack to find out the reason. + +-=item 1 ++=item C<1> + + The operation succeeded. + +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod openssl-1.0.1e/doc/ssl/SSL_shutdown.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod 2013-06-06 14:35:15.870871842 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod 2013-06-06 14:35:25.857746290 +0100 +@@ -92,12 +92,12 @@ + + =over 4 + +-=item 1 ++=item C<1> + + The shutdown was successfully completed. The "close notify" alert was sent + and the peer's "close notify" alert was received. + +-=item 0 ++=item C<0> + + The shutdown is not yet finished. Call SSL_shutdown() for a second time, + if a bidirectional shutdown shall be performed. +diff -Naur openssl-1.0.1e.orig/doc/ssl/SSL_write.pod openssl-1.0.1e/doc/ssl/SSL_write.pod +--- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod 2013-06-06 14:35:15.870871842 +0100 ++++ openssl-1.0.1e/doc/ssl/SSL_write.pod 2013-06-06 14:35:25.865746189 +0100 +@@ -79,7 +79,7 @@ + The write operation was successful, the return value is the number of + bytes actually written to the TLS/SSL connection. + +-=item 0 ++=item C<0> + + The write operation was not successful. Probably the underlying connection + was closed. Call SSL_get_error() with the return value B to find out, diff --git a/core/openssl-cryptodev/openssl-1.0.1f-perl-5.18.patch b/core/openssl-cryptodev/openssl-1.0.1f-perl-5.18.patch deleted file mode 100644 index c66209637..000000000 --- a/core/openssl-cryptodev/openssl-1.0.1f-perl-5.18.patch +++ /dev/null @@ -1,356 +0,0 @@ -Forward-ported from openssl-1.0.1e-perl-5.18.patch -Fixes install with perl-5.18. - -https://bugs.gentoo.org/show_bug.cgi?id=497286 - -Signed-off-by: Lars Wendler - ---- openssl-1.0.1f/doc/apps/cms.pod -+++ openssl-1.0.1f/doc/apps/cms.pod -@@ -450,28 +450,28 @@ - - =over 4 - --=item 0 -+=item C<0> - - the operation was completely successfully. - --=item 1 -+=item C<1> - - an error occurred parsing the command options. - --=item 2 -+=item C<2> - - one of the input files could not be read. - --=item 3 -+=item C<3> - - an error occurred creating the CMS file or when reading the MIME - message. - --=item 4 -+=item C<4> - - an error occurred decrypting or verifying the message. - --=item 5 -+=item C<5> - - the message was verified correctly but an error occurred writing out - the signers certificates. ---- openssl-1.0.1f/doc/apps/smime.pod -+++ openssl-1.0.1f/doc/apps/smime.pod -@@ -308,28 +308,28 @@ - - =over 4 - --=item 0 -+=item C<0> - - the operation was completely successfully. - --=item 1 -+=item C<1> - - an error occurred parsing the command options. - --=item 2 -+=item C<2> - - one of the input files could not be read. - --=item 3 -+=item C<3> - - an error occurred creating the PKCS#7 file or when reading the MIME - message. - --=item 4 -+=item C<4> - - an error occurred decrypting or verifying the message. - --=item 5 -+=item C<5> - - the message was verified correctly but an error occurred writing out - the signers certificates. ---- openssl-1.0.1f/doc/ssl/SSL_accept.pod -+++ openssl-1.0.1f/doc/ssl/SSL_accept.pod -@@ -44,13 +44,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B to find out the reason. - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. ---- openssl-1.0.1f/doc/ssl/SSL_clear.pod -+++ openssl-1.0.1f/doc/ssl/SSL_clear.pod -@@ -56,12 +56,12 @@ - - =over 4 - --=item 0 -+=item C<0> - - The SSL_clear() operation could not be performed. Check the error stack to - find out the reason. - --=item 1 -+=item C<1> - - The SSL_clear() operation was successful. - ---- openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod -+++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod -@@ -53,11 +53,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation succeeded. - --=item 1 -+=item C<1> - - The operation failed. Check the error queue to find out the reason. - ---- openssl-1.0.1f/doc/ssl/SSL_connect.pod -+++ openssl-1.0.1f/doc/ssl/SSL_connect.pod -@@ -41,13 +41,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B to find out the reason. - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. ---- openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod -@@ -52,13 +52,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed. In case of the add operation, it was tried to add - the same (identical) session twice. In case of the remove operation, the - session was not found in the cache. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod -@@ -100,13 +100,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed because B and B are NULL or the - processing at one of the locations specified failed. Check the error - stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod -@@ -66,13 +66,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - A failure while manipulating the STACK_OF(X509_NAME) object occurred or - the X509_NAME could not be extracted from B. Check the error stack - to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod -@@ -64,13 +64,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The length B of the session id context B exceeded - the maximum allowed length of B. The error - is logged to the error stack. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod -@@ -42,11 +42,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The new choice failed, check the error stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -+++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod -@@ -96,7 +96,7 @@ - connection will fail with decryption_error before it will be finished - completely. - --=item 0 -+=item C<0> - - PSK identity was not found. An "unknown_psk_identity" alert message - will be sent and the connection setup fails. ---- openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod -+++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod -@@ -45,13 +45,13 @@ - - =over 4 - --=item 0 -+=item C<0> - - The TLS/SSL handshake was not successful but was shut down controlled and - by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the - return value B to find out the reason. - --=item 1 -+=item C<1> - - The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been - established. ---- openssl-1.0.1f/doc/ssl/SSL_read.pod -+++ openssl-1.0.1f/doc/ssl/SSL_read.pod -@@ -86,7 +86,7 @@ - The read operation was successful; the return value is the number of - bytes actually read from the TLS/SSL connection. - --=item 0 -+=item C<0> - - The read operation was not successful. The reason may either be a clean - shutdown due to a "close notify" alert sent by the peer (in which case ---- openssl-1.0.1f/doc/ssl/SSL_session_reused.pod -+++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod -@@ -27,11 +27,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - A new session was negotiated. - --=item 1 -+=item C<1> - - A session was reused. - ---- openssl-1.0.1f/doc/ssl/SSL_set_fd.pod -+++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod -@@ -35,11 +35,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed. Check the error stack to find out why. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_set_session.pod -+++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod -@@ -37,11 +37,11 @@ - - =over 4 - --=item 0 -+=item C<0> - - The operation failed; check the error stack to find out the reason. - --=item 1 -+=item C<1> - - The operation succeeded. - ---- openssl-1.0.1f/doc/ssl/SSL_shutdown.pod -+++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod -@@ -92,14 +92,14 @@ - - =over 4 - --=item 0 -+=item C<0> - - The shutdown is not yet finished. Call SSL_shutdown() for a second time, - if a bidirectional shutdown shall be performed. - The output of L may be misleading, as an - erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred. - --=item 1 -+=item C<1> - - The shutdown was successfully completed. The "close notify" alert was sent - and the peer's "close notify" alert was received. ---- openssl-1.0.1f/doc/ssl/SSL_write.pod -+++ openssl-1.0.1f/doc/ssl/SSL_write.pod -@@ -79,7 +79,7 @@ - The write operation was successful, the return value is the number of - bytes actually written to the TLS/SSL connection. - --=item 0 -+=item C<0> - - The write operation was not successful. Probably the underlying connection - was closed. Call SSL_get_error() with the return value B to find out,