Accepting request 229370 from Base:System

- update to 1.0.1g: * fix for critical TLS heartbeat read overrun (CVE-2014-0160) (bnc#872299) * Fix for Recovering OpenSSL ECDSA Nonces (CVE-2014-0076) (bnc#869945) * Workaround for the "TLS hang bug" (see FAQ and PR#2771) - remove CVE-2014-0076.patch - openssl.keyring: upstream changed to: pub 4096R/FA40E9E2 2005-03-19 Dr Stephen N Henson <steve@openssl.org> uid Dr Stephen Henson <shenson@drh-consultancy.co.uk> uid Dr Stephen Henson <shenson@opensslfoundation.com> OBS-URL: https://build.opensuse.org/request/show/229370 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=110
2014-04-09 16:17:23 +00:00 · 2014-04-09 16:17:23 +00:00 · d5a92c035d
commit d5a92c035d
parent 9a6d63222e
20 changed files with 910 additions and 979 deletions
--- a/0001-libcrypto-Hide-library-private-symbols.patch
+++ b/0001-libcrypto-Hide-library-private-symbols.patch
@ -37,10 +37,10 @@ Subject: [PATCH] libcrypto: Hide library-private symbols
 crypto/x509v3/pcy_int.h          |  3 +++
 31 files changed, 85 insertions(+), 17 deletions(-)
-Index: openssl-1.0.1e/apps/Makefile
+Index: openssl-1.0.1g/apps/Makefile
 ===================================================================
--- openssl-1.0.1e.orig/apps/Makefile
+--- openssl-1.0.1g.orig/apps/Makefile
-+++ openssl-1.0.1e/apps/Makefile
+++ openssl-1.0.1g/apps/Makefile
@@ -20,7 +20,7 @@ EXE_EXT=
 SHLIB_TARGET=
@ -50,10 +50,10 @@ Index: openssl-1.0.1e/apps/Makefile
 GENERAL=Makefile makeapps.com install.com
-Index: openssl-1.0.1e/crypto/asn1/asn1_locl.h
+Index: openssl-1.0.1g/crypto/asn1/asn1_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/asn1/asn1_locl.h
+--- openssl-1.0.1g.orig/crypto/asn1/asn1_locl.h
-+++ openssl-1.0.1e/crypto/asn1/asn1_locl.h
+++ openssl-1.0.1g/crypto/asn1/asn1_locl.h
@@ -58,6 +58,8 @@
 /* Internal ASN1 structures and functions: not for application use */
@ -69,10 +69,10 @@ Index: openssl-1.0.1e/crypto/asn1/asn1_locl.h
 	};
 +
 +#pragma GCC visibility pop
-Index: openssl-1.0.1e/crypto/bn/bn_lcl.h
+Index: openssl-1.0.1g/crypto/bn/bn_lcl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/bn/bn_lcl.h
+--- openssl-1.0.1g.orig/crypto/bn/bn_lcl.h
-+++ openssl-1.0.1e/crypto/bn/bn_lcl.h
+++ openssl-1.0.1g/crypto/bn/bn_lcl.h
@@ -483,6 +483,8 @@ extern "C" {
 #undef bn_div_words
 #endif
@ -91,10 +91,10 @@ Index: openssl-1.0.1e/crypto/bn/bn_lcl.h
 #ifdef  __cplusplus
 }
 #endif
-Index: openssl-1.0.1e/crypto/camellia/cmll_locl.h
+Index: openssl-1.0.1g/crypto/camellia/cmll_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/camellia/cmll_locl.h
+--- openssl-1.0.1g.orig/crypto/camellia/cmll_locl.h
-+++ openssl-1.0.1e/crypto/camellia/cmll_locl.h
+++ openssl-1.0.1g/crypto/camellia/cmll_locl.h
@@ -68,6 +68,8 @@
 #ifndef HEADER_CAMELLIA_LOCL_H
 #define HEADER_CAMELLIA_LOCL_H
@ -110,10 +110,10 @@ Index: openssl-1.0.1e/crypto/camellia/cmll_locl.h
 			     CAMELLIA_KEY *key);
 +#pragma GCC visibility pop
 #endif /* #ifndef HEADER_CAMELLIA_LOCL_H */
-Index: openssl-1.0.1e/crypto/cast/cast_lcl.h
+Index: openssl-1.0.1g/crypto/cast/cast_lcl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/cast/cast_lcl.h
+--- openssl-1.0.1g.orig/crypto/cast/cast_lcl.h
-+++ openssl-1.0.1e/crypto/cast/cast_lcl.h
+++ openssl-1.0.1g/crypto/cast/cast_lcl.h
@@ -217,6 +217,7 @@
 	}
 #endif
@ -127,10 +127,10 @@ Index: openssl-1.0.1e/crypto/cast/cast_lcl.h
 extern const CAST_LONG CAST_S_table6[256];
 extern const CAST_LONG CAST_S_table7[256];
 +#pragma GCC visibility pop
-Index: openssl-1.0.1e/crypto/cms/cms_lcl.h
+Index: openssl-1.0.1g/crypto/cms/cms_lcl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/cms/cms_lcl.h
+--- openssl-1.0.1g.orig/crypto/cms/cms_lcl.h
-+++ openssl-1.0.1e/crypto/cms/cms_lcl.h
+++ openssl-1.0.1g/crypto/cms/cms_lcl.h
@@ -426,6 +426,8 @@ DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerA
 #define CMS_RECIPINFO_ISSUER_SERIAL	0
 #define CMS_RECIPINFO_KEYIDENTIFIER	1
@ -150,10 +150,10 @@ Index: openssl-1.0.1e/crypto/cms/cms_lcl.h
 #ifdef  __cplusplus
 }
 #endif
-Index: openssl-1.0.1e/crypto/des/des_locl.h
+Index: openssl-1.0.1g/crypto/des/des_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/des/des_locl.h
+--- openssl-1.0.1g.orig/crypto/des/des_locl.h
-+++ openssl-1.0.1e/crypto/des/des_locl.h
+++ openssl-1.0.1g/crypto/des/des_locl.h
@@ -421,10 +421,12 @@
 	PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
 	}
@ -167,20 +167,20 @@ Index: openssl-1.0.1e/crypto/des/des_locl.h
 #ifdef OPENSSL_SMALL_FOOTPRINT
 #undef DES_UNROLL
-Index: openssl-1.0.1e/crypto/dsa/dsa_locl.h
+Index: openssl-1.0.1g/crypto/dsa/dsa_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/dsa/dsa_locl.h
+--- openssl-1.0.1g.orig/crypto/dsa/dsa_locl.h
-+++ openssl-1.0.1e/crypto/dsa/dsa_locl.h
+++ openssl-1.0.1g/crypto/dsa/dsa_locl.h
@@ -57,4 +57,4 @@
 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
 	const EVP_MD *evpmd, const unsigned char *seed_in, size_t seed_len,
 	unsigned char *seed_out,
 -	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
 +	int *counter_ret, unsigned long *h_ret, BN_GENCB *cb) __attribute__ ((visibility ("hidden")));
-Index: openssl-1.0.1e/crypto/ec/ec_lcl.h
+Index: openssl-1.0.1g/crypto/ec/ec_lcl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ec_lcl.h
+--- openssl-1.0.1g.orig/crypto/ec/ec_lcl.h
-+++ openssl-1.0.1e/crypto/ec/ec_lcl.h
+++ openssl-1.0.1g/crypto/ec/ec_lcl.h
@@ -88,6 +88,8 @@
 /* Structure details are not part of the exported interface,
  * so all this may change in future versions. */
@ -196,10 +196,10 @@ Index: openssl-1.0.1e/crypto/ec/ec_lcl.h
 #endif
 +
 +#pragma GCC visibility pop
-Index: openssl-1.0.1e/crypto/ecdh/ech_locl.h
+Index: openssl-1.0.1g/crypto/ecdh/ech_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ech_locl.h
+--- openssl-1.0.1g.orig/crypto/ecdh/ech_locl.h
-+++ openssl-1.0.1e/crypto/ecdh/ech_locl.h
+++ openssl-1.0.1g/crypto/ecdh/ech_locl.h
@@ -58,6 +58,8 @@
 #include <openssl/ecdh.h>
@ -216,10 +216,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ech_locl.h
 -
 +#pragma GCC visibility pop
 #endif /* HEADER_ECH_LOCL_H */
-Index: openssl-1.0.1e/crypto/ecdsa/ecs_locl.h
+Index: openssl-1.0.1g/crypto/ecdsa/ecs_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ecdsa/ecs_locl.h
+--- openssl-1.0.1g.orig/crypto/ecdsa/ecs_locl.h
-+++ openssl-1.0.1e/crypto/ecdsa/ecs_locl.h
+++ openssl-1.0.1g/crypto/ecdsa/ecs_locl.h
@@ -61,6 +61,8 @@
 #include <openssl/ecdsa.h>
@ -236,10 +236,10 @@ Index: openssl-1.0.1e/crypto/ecdsa/ecs_locl.h
 +#pragma GCC visibility pop
 +
 #endif /* HEADER_ECS_LOCL_H */
-Index: openssl-1.0.1e/crypto/engine/eng_int.h
+Index: openssl-1.0.1g/crypto/engine/eng_int.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/engine/eng_int.h
+--- openssl-1.0.1g.orig/crypto/engine/eng_int.h
-+++ openssl-1.0.1e/crypto/engine/eng_int.h
+++ openssl-1.0.1g/crypto/engine/eng_int.h
@@ -68,6 +68,8 @@
 /* Take public definitions from engine.h */
 #include <openssl/engine.h>
@ -256,10 +256,10 @@ Index: openssl-1.0.1e/crypto/engine/eng_int.h
 -
 +#pragma GCC visibility pop
 #endif /* HEADER_ENGINE_INT_H */
-Index: openssl-1.0.1e/crypto/engine/eng_rsax.c
+Index: openssl-1.0.1g/crypto/engine/eng_rsax.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/engine/eng_rsax.c
+--- openssl-1.0.1g.orig/crypto/engine/eng_rsax.c
-+++ openssl-1.0.1e/crypto/engine/eng_rsax.c
+++ openssl-1.0.1g/crypto/engine/eng_rsax.c
@@ -262,7 +262,7 @@ static int mod_exp_pre_compute_data_512(
 void mod_exp_512(UINT64 *result, /* 512 bits, 8 qwords */
 		 UINT64 *g,      /* 512 bits, 8 qwords */
@ -269,10 +269,10 @@ Index: openssl-1.0.1e/crypto/engine/eng_rsax.c
 typedef struct st_e_rsax_mod_ctx
 {
-Index: openssl-1.0.1e/crypto/evp/e_aes.c
+Index: openssl-1.0.1g/crypto/evp/e_aes.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/evp/e_aes.c
+--- openssl-1.0.1g.orig/crypto/evp/e_aes.c
-+++ openssl-1.0.1e/crypto/evp/e_aes.c
+++ openssl-1.0.1g/crypto/evp/e_aes.c
@@ -108,6 +108,8 @@ typedef struct
 #define MAXBITCHUNK	((size_t)1<<(sizeof(size_t)*8-4))
@ -318,10 +318,10 @@ Index: openssl-1.0.1e/crypto/evp/e_aes.c
 static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 		   const unsigned char *iv, int enc)
 	{
-Index: openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c
+Index: openssl-1.0.1g/crypto/evp/e_aes_cbc_hmac_sha1.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/evp/e_aes_cbc_hmac_sha1.c
+--- openssl-1.0.1g.orig/crypto/evp/e_aes_cbc_hmac_sha1.c
-+++ openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c
+++ openssl-1.0.1g/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -97,6 +97,8 @@ typedef struct
 extern unsigned int OPENSSL_ia32cap_P[2];
 #define AESNI_CAPABLE   (1<<(57-32))
@ -340,10 +340,10 @@ Index: openssl-1.0.1e/crypto/evp/e_aes_cbc_hmac_sha1.c
 #define data(ctx) ((EVP_AES_HMAC_SHA1 *)(ctx)->cipher_data)
 static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
-Index: openssl-1.0.1e/crypto/evp/evp_locl.h
+Index: openssl-1.0.1g/crypto/evp/evp_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/evp/evp_locl.h
+--- openssl-1.0.1g.orig/crypto/evp/evp_locl.h
-+++ openssl-1.0.1e/crypto/evp/evp_locl.h
+++ openssl-1.0.1g/crypto/evp/evp_locl.h
@@ -263,6 +263,8 @@ const EVP_CIPHER *EVP_##cname##_ecb(void
 			     EVP_CIPHER_get_asn1_iv, \
 			     NULL)
@ -362,10 +362,10 @@ Index: openssl-1.0.1e/crypto/evp/evp_locl.h
 #ifdef OPENSSL_FIPS
 #ifdef OPENSSL_DOING_MAKEDEPEND
-Index: openssl-1.0.1e/crypto/md4/md4_locl.h
+Index: openssl-1.0.1g/crypto/md4/md4_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/md4/md4_locl.h
+--- openssl-1.0.1g.orig/crypto/md4/md4_locl.h
-+++ openssl-1.0.1e/crypto/md4/md4_locl.h
+++ openssl-1.0.1g/crypto/md4/md4_locl.h
@@ -65,7 +65,7 @@
 #define MD4_LONG_LOG2 2 /* default to 32 bits */
 #endif
@ -375,10 +375,10 @@ Index: openssl-1.0.1e/crypto/md4/md4_locl.h
 #define DATA_ORDER_IS_LITTLE_ENDIAN
-Index: openssl-1.0.1e/crypto/md5/md5_locl.h
+Index: openssl-1.0.1g/crypto/md5/md5_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/md5/md5_locl.h
+--- openssl-1.0.1g.orig/crypto/md5/md5_locl.h
-+++ openssl-1.0.1e/crypto/md5/md5_locl.h
+++ openssl-1.0.1g/crypto/md5/md5_locl.h
@@ -74,7 +74,7 @@
 # endif
 #endif
@ -388,11 +388,11 @@ Index: openssl-1.0.1e/crypto/md5/md5_locl.h
 #define DATA_ORDER_IS_LITTLE_ENDIAN
-Index: openssl-1.0.1e/crypto/modes/modes_lcl.h
+Index: openssl-1.0.1g/crypto/modes/modes_lcl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/modes/modes_lcl.h
+--- openssl-1.0.1g.orig/crypto/modes/modes_lcl.h
-+++ openssl-1.0.1e/crypto/modes/modes_lcl.h
+++ openssl-1.0.1g/crypto/modes/modes_lcl.h
-@@ -86,6 +86,8 @@ typedef unsigned char u8;
+@@ -83,6 +83,8 @@ typedef unsigned char u8;
 #define PUTU32(p,v)	((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
 #endif
@ -401,16 +401,16 @@ Index: openssl-1.0.1e/crypto/modes/modes_lcl.h
 /* GCM definitions */
 typedef struct { u64 hi,lo; } u128;
-@@ -128,4 +130,4 @@ struct ccm128_context {
+@@ -125,4 +127,4 @@ struct ccm128_context {
 	block128_f block;
 	void *key;
 };
 -
 +#pragma GCC visibility pop
-Index: openssl-1.0.1e/crypto/o_str.h
+Index: openssl-1.0.1g/crypto/o_str.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/o_str.h
+--- openssl-1.0.1g.orig/crypto/o_str.h
-+++ openssl-1.0.1e/crypto/o_str.h
+++ openssl-1.0.1g/crypto/o_str.h
@@ -61,8 +61,12 @@
 #include <stddef.h>		/* to get size_t */
@ -424,10 +424,10 @@ Index: openssl-1.0.1e/crypto/o_str.h
 +#pragma GCC visibility pop
 +
 #endif
-Index: openssl-1.0.1e/crypto/o_time.h
+Index: openssl-1.0.1g/crypto/o_time.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/o_time.h
+--- openssl-1.0.1g.orig/crypto/o_time.h
-+++ openssl-1.0.1e/crypto/o_time.h
+++ openssl-1.0.1g/crypto/o_time.h
@@ -61,7 +61,11 @@
 #include <time.h>
@ -440,10 +440,10 @@ Index: openssl-1.0.1e/crypto/o_time.h
 +#pragma GCC visibility pop
 +
 #endif
-Index: openssl-1.0.1e/crypto/ripemd/rmd_locl.h
+Index: openssl-1.0.1g/crypto/ripemd/rmd_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ripemd/rmd_locl.h
+--- openssl-1.0.1g.orig/crypto/ripemd/rmd_locl.h
-+++ openssl-1.0.1e/crypto/ripemd/rmd_locl.h
+++ openssl-1.0.1g/crypto/ripemd/rmd_locl.h
@@ -76,7 +76,7 @@
 # endif
 #endif
@ -453,20 +453,20 @@ Index: openssl-1.0.1e/crypto/ripemd/rmd_locl.h
 #define DATA_ORDER_IS_LITTLE_ENDIAN
-Index: openssl-1.0.1e/crypto/rsa/rsa_locl.h
+Index: openssl-1.0.1g/crypto/rsa/rsa_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/rsa/rsa_locl.h
+--- openssl-1.0.1g.orig/crypto/rsa/rsa_locl.h
-+++ openssl-1.0.1e/crypto/rsa/rsa_locl.h
+++ openssl-1.0.1g/crypto/rsa/rsa_locl.h
@@ -1,4 +1,4 @@
 extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 		unsigned char *rm, size_t *prm_len,
 		const unsigned char *sigbuf, size_t siglen,
 -		RSA *rsa);
 +		RSA *rsa) __attribute__ ((visibility ("hidden")));
-Index: openssl-1.0.1e/crypto/sha/sha256.c
+Index: openssl-1.0.1g/crypto/sha/sha256.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/sha/sha256.c
+--- openssl-1.0.1g.orig/crypto/sha/sha256.c
-+++ openssl-1.0.1e/crypto/sha/sha256.c
+++ openssl-1.0.1g/crypto/sha/sha256.c
@@ -110,7 +110,7 @@ int SHA224_Final (unsigned char *md, SHA
 #ifndef SHA256_ASM
 static
@ -476,10 +476,10 @@ Index: openssl-1.0.1e/crypto/sha/sha256.c
 #include "md32_common.h"
-Index: openssl-1.0.1e/crypto/sha/sha512.c
+Index: openssl-1.0.1g/crypto/sha/sha512.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/sha/sha512.c
+--- openssl-1.0.1g.orig/crypto/sha/sha512.c
-+++ openssl-1.0.1e/crypto/sha/sha512.c
+++ openssl-1.0.1g/crypto/sha/sha512.c
@@ -94,7 +94,7 @@ fips_md_init(SHA512)
 #ifndef SHA512_ASM
 static
@ -489,10 +489,10 @@ Index: openssl-1.0.1e/crypto/sha/sha512.c
 int SHA512_Final (unsigned char *md, SHA512_CTX *c)
 	{
-Index: openssl-1.0.1e/crypto/sha/sha_locl.h
+Index: openssl-1.0.1g/crypto/sha/sha_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/sha/sha_locl.h
+--- openssl-1.0.1g.orig/crypto/sha/sha_locl.h
-+++ openssl-1.0.1e/crypto/sha/sha_locl.h
+++ openssl-1.0.1g/crypto/sha/sha_locl.h
@@ -108,7 +108,7 @@ static void sha_block_data_order (SHA_CT
 #ifndef SHA1_ASM
 static
@ -502,10 +502,10 @@ Index: openssl-1.0.1e/crypto/sha/sha_locl.h
 #else
 # error "Either SHA_0 or SHA_1 must be defined."
-Index: openssl-1.0.1e/crypto/store/str_locl.h
+Index: openssl-1.0.1g/crypto/store/str_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/store/str_locl.h
+--- openssl-1.0.1g.orig/crypto/store/str_locl.h
-+++ openssl-1.0.1e/crypto/store/str_locl.h
+++ openssl-1.0.1g/crypto/store/str_locl.h
@@ -62,6 +62,8 @@
 #include <openssl/crypto.h>
 #include <openssl/store.h>
@ -522,10 +522,10 @@ Index: openssl-1.0.1e/crypto/store/str_locl.h
 -
 +#pragma GCC visibility pop
 #endif
-Index: openssl-1.0.1e/crypto/ui/ui_locl.h
+Index: openssl-1.0.1g/crypto/ui/ui_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ui/ui_locl.h
+--- openssl-1.0.1g.orig/crypto/ui/ui_locl.h
-+++ openssl-1.0.1e/crypto/ui/ui_locl.h
+++ openssl-1.0.1g/crypto/ui/ui_locl.h
@@ -66,6 +66,8 @@
 #undef _
 #endif
@ -542,19 +542,19 @@ Index: openssl-1.0.1e/crypto/ui/ui_locl.h
 -
 +#pragma GCC visibility pop
 #endif
-Index: openssl-1.0.1e/crypto/whrlpool/wp_locl.h
+Index: openssl-1.0.1g/crypto/whrlpool/wp_locl.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/whrlpool/wp_locl.h
+--- openssl-1.0.1g.orig/crypto/whrlpool/wp_locl.h
-+++ openssl-1.0.1e/crypto/whrlpool/wp_locl.h
+++ openssl-1.0.1g/crypto/whrlpool/wp_locl.h
@@ -1,3 +1,3 @@
 #include <openssl/whrlpool.h>
 -void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t);
 +void whirlpool_block(WHIRLPOOL_CTX *,const void *,size_t) __attribute__ ((visibility ("hidden")));
-Index: openssl-1.0.1e/crypto/x509v3/ext_dat.h
+Index: openssl-1.0.1g/crypto/x509v3/ext_dat.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/x509v3/ext_dat.h
+--- openssl-1.0.1g.orig/crypto/x509v3/ext_dat.h
-+++ openssl-1.0.1e/crypto/x509v3/ext_dat.h
+++ openssl-1.0.1g/crypto/x509v3/ext_dat.h
@@ -57,6 +57,8 @@
  */
 /* This file contains a table of "standard" extensions */
@ -572,10 +572,10 @@ Index: openssl-1.0.1e/crypto/x509v3/ext_dat.h
 /* Number of standard extensions */
 #define STANDARD_EXTENSION_COUNT (sizeof(standard_exts)/sizeof(X509V3_EXT_METHOD *))
-Index: openssl-1.0.1e/crypto/x509v3/pcy_int.h
+Index: openssl-1.0.1g/crypto/x509v3/pcy_int.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/x509v3/pcy_int.h
+--- openssl-1.0.1g.orig/crypto/x509v3/pcy_int.h
-+++ openssl-1.0.1e/crypto/x509v3/pcy_int.h
+++ openssl-1.0.1g/crypto/x509v3/pcy_int.h
@@ -56,6 +56,7 @@
  *
  */
@ -590,10 +590,10 @@ Index: openssl-1.0.1e/crypto/x509v3/pcy_int.h
 const X509_POLICY_CACHE *policy_cache_set(X509 *x);
 +
 +#pragma GCC visibility pop
-Index: openssl-1.0.1e/crypto/modes/gcm128.c
+Index: openssl-1.0.1g/crypto/modes/gcm128.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/modes/gcm128.c
+--- openssl-1.0.1g.orig/crypto/modes/gcm128.c
-+++ openssl-1.0.1e/crypto/modes/gcm128.c
+++ openssl-1.0.1g/crypto/modes/gcm128.c
@@ -651,9 +651,9 @@ static void gcm_gmult_1bit(u64 Xi[2],con
 #  define GCM_FUNCREF_4BIT
 extern unsigned int OPENSSL_ia32cap_P[2];
@ -607,10 +607,10 @@ Index: openssl-1.0.1e/crypto/modes/gcm128.c
 #  if	defined(__i386) || defined(__i386__) || defined(_M_IX86)
 #   define GHASH_ASM_X86
-Index: openssl-1.0.1e/crypto/evp/e_rc4_hmac_md5.c
+Index: openssl-1.0.1g/crypto/evp/e_rc4_hmac_md5.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/evp/e_rc4_hmac_md5.c
+--- openssl-1.0.1g.orig/crypto/evp/e_rc4_hmac_md5.c
-+++ openssl-1.0.1e/crypto/evp/e_rc4_hmac_md5.c
+++ openssl-1.0.1g/crypto/evp/e_rc4_hmac_md5.c
@@ -78,7 +78,7 @@ typedef struct
 #define NO_PAYLOAD_LENGTH	((size_t)-1)
--- a/0005-libssl-Hide-library-private-symbols.patch
+++ b/0005-libssl-Hide-library-private-symbols.patch
@ -13,10 +13,10 @@ API/ABI when GCC 4 or later is used.
 ssl/ssl_locl.h | 8 ++++++++
 2 files changed, 17 insertions(+)
-diff --git a/ssl/kssl_lcl.h b/ssl/kssl_lcl.h
+Index: openssl-1.0.1g/ssl/kssl_lcl.h
-index c039c91..69972b1 100644
+===================================================================
--- a/ssl/kssl_lcl.h
+--- openssl-1.0.1g.orig/ssl/kssl_lcl.h
-+++ b/ssl/kssl_lcl.h
+++ openssl-1.0.1g/ssl/kssl_lcl.h
@@ -61,6 +61,10 @@
 #include <openssl/kssl.h>
@ -28,7 +28,7 @@ index c039c91..69972b1 100644
 #ifndef OPENSSL_NO_KRB5
 #ifdef  __cplusplus
-@@ -84,4 +88,9 @@ int kssl_tgt_is_available(KSSL_CTX *kssl_ctx);
+@@ -84,4 +88,9 @@ int kssl_tgt_is_available(KSSL_CTX *kssl
 }
 #endif
 #endif	/* OPENSSL_NO_KRB5	*/
@ -38,10 +38,10 @@ index c039c91..69972b1 100644
 +#endif
 +
 #endif	/* KSSL_LCL_H 	*/
-diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
+Index: openssl-1.0.1g/ssl/ssl_locl.h
-index 56f9b4b..dde4e3e 100644
+===================================================================
--- a/ssl/ssl_locl.h
+--- openssl-1.0.1g.orig/ssl/ssl_locl.h
-+++ b/ssl/ssl_locl.h
+++ openssl-1.0.1g/ssl/ssl_locl.h
@@ -165,6 +165,10 @@
 #include <openssl/ssl.h>
 #include <openssl/symhacks.h>
@ -53,7 +53,7 @@ index 56f9b4b..dde4e3e 100644
 #ifdef OPENSSL_BUILD_SHLIBSSL
 # undef OPENSSL_EXTERN
 # define OPENSSL_EXTERN OPENSSL_EXPORT
-@@ -1357,4 +1361,8 @@ void tls_fips_digest_extra(
+@@ -1174,4 +1178,8 @@ void tls_fips_digest_extra(
 	const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
 	const unsigned char *data, size_t data_len, size_t orig_len);
@ -62,6 +62,3 @@ index 56f9b4b..dde4e3e 100644
 +#endif
 +
 #endif
 -- 
 1.8.3.1
--- a/CVE-2014-0076.patch
+++ b/CVE-2014-0076.patch
@ -1,150 +0,0 @@
 Index: openssl-1.0.1f/crypto/bn/bn.h
 ===================================================================
 --- openssl-1.0.1f.orig/crypto/bn/bn.h
 +++ openssl-1.0.1f/crypto/bn/bn.h
@@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret,
 BIGNUM *BN_mod_sqrt(BIGNUM *ret,
 	const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx);
 +void   BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
 +
 /* Deprecated versions */
 #ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,
@@ -774,12 +776,22 @@ int RAND_pseudo_bytes(unsigned char *buf
 #define bn_fix_top(a)		bn_check_top(a)
 +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
 +#define bn_wcheck_size(bn, words) \
 +       do { \
 +               const BIGNUM *_bnum2 = (bn); \
 +               assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \
 +       } while(0)
 +
 #else /* !BN_DEBUG */
 #define bn_pollute(a)
 #define bn_check_top(a)
 #define bn_fix_top(a)		bn_correct_top(a)
 +#define bn_check_size(bn, bits)
 +#define bn_wcheck_size(bn, words)
 +
 #endif
 #define bn_correct_top(a) \
 Index: openssl-1.0.1f/crypto/bn/bn_lib.c
 ===================================================================
 --- openssl-1.0.1f.orig/crypto/bn/bn_lib.c
 +++ openssl-1.0.1f/crypto/bn/bn_lib.c
@@ -824,3 +824,56 @@ int bn_cmp_part_words(const BN_ULONG *a,
 		}
 	return bn_cmp_words(a,b,cl);
 	}
 +
 +/* 
 + * Constant-time conditional swap of a and b.  
 + * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
 + * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
 + * and that no more than nwords are used by either a or b.
 + * a and b cannot be the same number
 + */
 +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
 +       {
 +       BN_ULONG t;
 +       int i;
 +
 +       bn_wcheck_size(a, nwords);
 +       bn_wcheck_size(b, nwords);
 +
 +       assert(a != b);
 +       assert((condition & (condition - 1)) == 0);
 +       assert(sizeof(BN_ULONG) >= sizeof(int));
 +
 +       condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
 +
 +       t = (a->top^b->top) & condition;
 +       a->top ^= t;
 +       b->top ^= t;
 +
 +#define BN_CONSTTIME_SWAP(ind) \
 +       do { \
 +               t = (a->d[ind] ^ b->d[ind]) & condition; \
 +               a->d[ind] ^= t; \
 +               b->d[ind] ^= t; \
 +       } while (0)
 +
 +
 +       switch (nwords) {
 +       default:
 +               for (i = 10; i < nwords; i++) 
 +                       BN_CONSTTIME_SWAP(i);
 +               /* Fallthrough */
 +       case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
 +       case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
 +       case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
 +       case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
 +       case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
 +       case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
 +       case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
 +       case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
 +       case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
 +       case 1: BN_CONSTTIME_SWAP(0);
 +       }
 +#undef BN_CONSTTIME_SWAP
 +}
 +
 Index: openssl-1.0.1f/crypto/ec/ec2_mult.c
 ===================================================================
 --- openssl-1.0.1f.orig/crypto/ec/ec2_mult.c
 +++ openssl-1.0.1f/crypto/ec/ec2_mult.c
@@ -210,9 +210,12 @@ static int gf2m_Mxy(const EC_GROUP *grou
 /* Computes scalar*point and stores the result in r.
  * point can not equal r.
 - * Uses algorithm 2P of
 + * Uses a modified algorithm 2P of
  *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
  *     GF(2^m) without precomputation" (CHES '99, LNCS 1717).
 + *
 + * To protect against side-channel attack the function uses constant time swap,
 + * avoiding conditional branches.
  */
 static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
 	const EC_POINT *point, BN_CTX *ctx)
@@ -246,6 +249,11 @@ static int ec_GF2m_montgomery_point_mult
 	x2 = &r->X;
 	z2 = &r->Y;
 +       bn_wexpand(x1, group->field.top);
 +       bn_wexpand(z1, group->field.top);
 +       bn_wexpand(x2, group->field.top);
 +       bn_wexpand(z2, group->field.top);
 +
 	if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
 	if (!BN_one(z1)) goto err; /* z1 = 1 */
 	if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
@@ -270,16 +278,12 @@ static int ec_GF2m_montgomery_point_mult
 		word = scalar->d[i];
 		while (mask)
 			{
 -			if (word & mask)
 -				{
 -				if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err;
 -				if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err;
 -				}
 -			else
 -				{
 -				if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
 -				if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
 -				}
 +                       BN_consttime_swap(word & mask, x1, x2, group->field.top);
 +                       BN_consttime_swap(word & mask, z1, z2, group->field.top);
 +                       if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
 +                       if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
 +                       BN_consttime_swap(word & mask, x1, x2, group->field.top);
 +                       BN_consttime_swap(word & mask, z1, z2, group->field.top);
 			mask >>= 1;
 			}
 		mask = BN_TBIT;
--- a/bug610223.patch
+++ b/bug610223.patch
@ -1,8 +1,8 @@
-Index: openssl-1.0.0/Configure
+Index: openssl-1.0.1g/Configure
 ===================================================================
--- openssl-1.0.0.orig/Configure
+--- openssl-1.0.1g.orig/Configure
-+++ openssl-1.0.0/Configure
+++ openssl-1.0.1g/Configure
-@@ -1673,7 +1673,8 @@ while (<IN>)
+@@ -1804,7 +1804,8 @@ while (<IN>)
 		}
 	elsif	(/^#define\s+ENGINESDIR/)
 		{
--- a/merge_from_0.9.8k.patch
+++ b/merge_from_0.9.8k.patch
@ -1,6 +1,8 @@
--- openssl-1.0.1c.orig/Configure
+Index: openssl-1.0.1g/Configure
-+++ openssl-1.0.1c/Configure
+===================================================================
-@@ -931,7 +931,7 @@ PROCESS_ARGS:
+--- openssl-1.0.1g.orig/Configure
 +++ openssl-1.0.1g/Configure
@@ -933,7 +933,7 @@ PROCESS_ARGS:
 			}
 		else
 			{
@ -9,7 +11,7 @@
 			$target=$_;
 			}
-@@ -1204,7 +1204,7 @@ if ($target =~ /^mingw/ && `$cc --target
+@@ -1206,7 +1206,7 @@ if ($target =~ /^mingw/ && `$cc --target
 my $no_shared_warn=0;
 my $no_user_cflags=0;
@ -18,8 +20,10 @@
 else			{ $no_user_cflags=1;       }
 # Kerberos settings.  The flavor must be provided from outside, either through
--- openssl-1.0.1c.orig/config
+Index: openssl-1.0.1g/config
-+++ openssl-1.0.1c/config
+===================================================================
 --- openssl-1.0.1g.orig/config
 +++ openssl-1.0.1g/config
@@ -573,7 +573,8 @@ case "$GUESSOS" in
 	options="$options -arch%20${MACHINE}"
 	OUT="iphoneos-cross" ;;
--- a/openssl-1.0.1c-default-paths.patch
+++ b/openssl-1.0.1c-default-paths.patch
@ -1,7 +1,8 @@
-diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_client.c
+Index: openssl-1.0.1g/apps/s_client.c
--- openssl-1.0.1c/apps/s_client.c.default-paths	2012-03-18 19:16:05.000000000 +0100
+===================================================================
-+++ openssl-1.0.1c/apps/s_client.c	2012-12-06 18:24:06.425933203 +0100
+--- openssl-1.0.1g.orig/apps/s_client.c
-@@ -1166,12 +1166,19 @@ bad:
+++ openssl-1.0.1g/apps/s_client.c
@@ -1174,12 +1174,19 @@ bad:
 	if (!set_cert_key_stuff(ctx,cert,key))
 		goto end;
@ -26,10 +27,11 @@ diff -up openssl-1.0.1c/apps/s_client.c.default-paths openssl-1.0.1c/apps/s_clie
 		}
 #ifndef OPENSSL_NO_TLSEXT
-diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_server.c
+Index: openssl-1.0.1g/apps/s_server.c
--- openssl-1.0.1c/apps/s_server.c.default-paths	2012-03-18 19:16:05.000000000 +0100
+===================================================================
-+++ openssl-1.0.1c/apps/s_server.c	2012-12-06 18:25:11.199329611 +0100
+--- openssl-1.0.1g.orig/apps/s_server.c
-@@ -1565,13 +1565,21 @@ bad:
+++ openssl-1.0.1g/apps/s_server.c
@@ -1572,13 +1572,21 @@ bad:
 		}
 #endif
@ -56,7 +58,7 @@ diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_serv
 	if (vpm)
 		SSL_CTX_set1_param(ctx, vpm);
-@@ -1622,8 +1630,11 @@ bad:
+@@ -1629,8 +1637,11 @@ bad:
 		else
 			SSL_CTX_sess_set_cache_size(ctx2,128);
@ -70,9 +72,10 @@ diff -up openssl-1.0.1c/apps/s_server.c.default-paths openssl-1.0.1c/apps/s_serv
 			{
 			ERR_print_errors(bio_err);
 			}
-diff -up openssl-1.0.1c/apps/s_time.c.default-paths openssl-1.0.1c/apps/s_time.c
+Index: openssl-1.0.1g/apps/s_time.c
--- openssl-1.0.1c/apps/s_time.c.default-paths	2006-04-17 14:22:13.000000000 +0200
+===================================================================
-+++ openssl-1.0.1c/apps/s_time.c	2012-12-06 18:27:41.694574044 +0100
+--- openssl-1.0.1g.orig/apps/s_time.c
 +++ openssl-1.0.1g/apps/s_time.c
@@ -373,12 +373,19 @@ int MAIN(int argc, char **argv)
 	SSL_load_error_strings();
--- a/openssl-1.0.1c-ipv6-apps.patch
+++ b/openssl-1.0.1c-ipv6-apps.patch
@ -1,6 +1,7 @@
-diff -up openssl-1.0.1c/apps/s_apps.h.ipv6-apps openssl-1.0.1c/apps/s_apps.h
+Index: openssl-1.0.1g/apps/s_apps.h
--- openssl-1.0.1c/apps/s_apps.h.ipv6-apps	2012-07-11 22:46:02.409221206 +0200
+===================================================================
-+++ openssl-1.0.1c/apps/s_apps.h	2012-07-11 22:46:02.451222165 +0200
+--- openssl-1.0.1g.orig/apps/s_apps.h
 +++ openssl-1.0.1g/apps/s_apps.h
@@ -148,7 +148,7 @@ typedef fd_mask fd_set;
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"
@ -23,10 +24,11 @@ diff -up openssl-1.0.1c/apps/s_apps.h.ipv6-apps openssl-1.0.1c/apps/s_apps.h
 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
 				   int argi, long argl, long ret);
-diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
+Index: openssl-1.0.1g/apps/s_client.c
--- openssl-1.0.1c/apps/s_client.c.ipv6-apps	2012-07-11 22:46:02.433221754 +0200
+===================================================================
-+++ openssl-1.0.1c/apps/s_client.c	2012-07-11 22:46:02.452222187 +0200
+--- openssl-1.0.1g.orig/apps/s_client.c
-@@ -563,7 +563,7 @@ int MAIN(int argc, char **argv)
+++ openssl-1.0.1g/apps/s_client.c
@@ -567,7 +567,7 @@ int MAIN(int argc, char **argv)
 	int cbuf_len,cbuf_off;
 	int sbuf_len,sbuf_off;
 	fd_set readfds,writefds;
@ -35,7 +37,7 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
 	int full_log=1;
 	char *host=SSL_HOST_NAME;
 	char *cert_file=NULL,*key_file=NULL;
-@@ -664,13 +664,12 @@ int MAIN(int argc, char **argv)
+@@ -668,13 +668,12 @@ int MAIN(int argc, char **argv)
 		else if	(strcmp(*argv,"-port") == 0)
 			{
 			if (--argc < 1) goto bad;
@ -51,7 +53,7 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
 				goto bad;
 			}
 		else if	(strcmp(*argv,"-verify") == 0)
-@@ -1253,7 +1252,7 @@ bad:
+@@ -1267,7 +1266,7 @@ bad:
 re_start:
@ -60,10 +62,11 @@ diff -up openssl-1.0.1c/apps/s_client.c.ipv6-apps openssl-1.0.1c/apps/s_client.c
 		{
 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
 		SHUTDOWN(s);
-diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
+Index: openssl-1.0.1g/apps/s_server.c
--- openssl-1.0.1c/apps/s_server.c.ipv6-apps	2012-07-11 22:46:02.434221777 +0200
+===================================================================
-+++ openssl-1.0.1c/apps/s_server.c	2012-07-11 22:46:02.453222210 +0200
+--- openssl-1.0.1g.orig/apps/s_server.c
-@@ -929,7 +929,7 @@ int MAIN(int argc, char *argv[])
+++ openssl-1.0.1g/apps/s_server.c
@@ -933,7 +933,7 @@ int MAIN(int argc, char *argv[])
 	{
 	X509_VERIFY_PARAM *vpm = NULL;
 	int badarg = 0;
@ -72,7 +75,7 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
 	char *CApath=NULL,*CAfile=NULL;
 	unsigned char *context = NULL;
 	char *dhfile = NULL;
-@@ -1000,8 +1000,7 @@ int MAIN(int argc, char *argv[])
+@@ -1004,8 +1004,7 @@ int MAIN(int argc, char *argv[])
 			 (strcmp(*argv,"-accept") == 0))
 			{
 			if (--argc < 1) goto bad;
@ -82,7 +85,7 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
 			}
 		else if	(strcmp(*argv,"-verify") == 0)
 			{
-@@ -1878,9 +1877,9 @@ bad:
+@@ -1892,9 +1891,9 @@ bad:
 	BIO_printf(bio_s_out,"ACCEPT\n");
 	(void)BIO_flush(bio_s_out);
 	if (www)
@ -94,9 +97,10 @@ diff -up openssl-1.0.1c/apps/s_server.c.ipv6-apps openssl-1.0.1c/apps/s_server.c
 	print_stats(bio_s_out,ctx);
 	ret=0;
 end:
-diff -up openssl-1.0.1c/apps/s_socket.c.ipv6-apps openssl-1.0.1c/apps/s_socket.c
+Index: openssl-1.0.1g/apps/s_socket.c
--- openssl-1.0.1c/apps/s_socket.c.ipv6-apps	2011-12-02 15:39:40.000000000 +0100
+===================================================================
-+++ openssl-1.0.1c/apps/s_socket.c	2012-07-11 22:49:05.411400450 +0200
+--- openssl-1.0.1g.orig/apps/s_socket.c
 +++ openssl-1.0.1g/apps/s_socket.c
@@ -102,9 +102,7 @@ static struct hostent *GetHostByName(cha
 static void ssl_sock_cleanup(void);
 #endif
--- a/openssl-1.0.1e-fips-ec.patch
+++ b/openssl-1.0.1e-fips-ec.patch
@ -1,7 +1,7 @@
-Index: openssl-1.0.1e/crypto/ecdh/ecdh.h
+Index: openssl-1.0.1g/crypto/ecdh/ecdh.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ecdh.h
+--- openssl-1.0.1g.orig/crypto/ecdh/ecdh.h
-+++ openssl-1.0.1e/crypto/ecdh/ecdh.h
+++ openssl-1.0.1g/crypto/ecdh/ecdh.h
@@ -85,6 +85,8 @@
 extern "C" {
 #endif
@ -11,10 +11,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ecdh.h
 const ECDH_METHOD *ECDH_OpenSSL(void);
 void	  ECDH_set_default_method(const ECDH_METHOD *);
-Index: openssl-1.0.1e/crypto/ecdh/ecdhtest.c
+Index: openssl-1.0.1g/crypto/ecdh/ecdhtest.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ecdhtest.c
+--- openssl-1.0.1g.orig/crypto/ecdh/ecdhtest.c
-+++ openssl-1.0.1e/crypto/ecdh/ecdhtest.c
+++ openssl-1.0.1g/crypto/ecdh/ecdhtest.c
@@ -323,11 +323,15 @@ int main(int argc, char *argv[])
 	if ((ctx=BN_CTX_new()) == NULL) goto err;
@ -31,10 +31,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ecdhtest.c
 #ifndef OPENSSL_NO_EC2M
 	/* NIST BINARY CURVES TESTS */
 	if (!test_ecdh_curve(NID_sect163k1, "NIST Binary-Curve K-163", ctx, out)) goto err;
-Index: openssl-1.0.1e/crypto/ecdh/ech_lib.c
+Index: openssl-1.0.1g/crypto/ecdh/ech_lib.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ech_lib.c
+--- openssl-1.0.1g.orig/crypto/ecdh/ech_lib.c
-+++ openssl-1.0.1e/crypto/ecdh/ech_lib.c
+++ openssl-1.0.1g/crypto/ecdh/ech_lib.c
@@ -94,14 +94,7 @@ const ECDH_METHOD *ECDH_get_default_meth
 	{
 	if(!default_ECDH_method) 
@ -50,10 +50,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ech_lib.c
 		}
 	return default_ECDH_method;
 	}
-Index: openssl-1.0.1e/crypto/ecdh/ech_ossl.c
+Index: openssl-1.0.1g/crypto/ecdh/ech_ossl.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ecdh/ech_ossl.c
+--- openssl-1.0.1g.orig/crypto/ecdh/ech_ossl.c
-+++ openssl-1.0.1e/crypto/ecdh/ech_ossl.c
+++ openssl-1.0.1g/crypto/ecdh/ech_ossl.c
@@ -79,6 +79,10 @@
 #include <openssl/obj_mac.h>
 #include <openssl/bn.h>
@ -108,10 +108,10 @@ Index: openssl-1.0.1e/crypto/ecdh/ech_ossl.c
 	if ((tmp=EC_POINT_new(group)) == NULL)
 		{
 		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-Index: openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
+Index: openssl-1.0.1g/crypto/ecdsa/ecdsatest.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ecdsa/ecdsatest.c
+--- openssl-1.0.1g.orig/crypto/ecdsa/ecdsatest.c
-+++ openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
+++ openssl-1.0.1g/crypto/ecdsa/ecdsatest.c
@@ -138,11 +138,14 @@ int restore_rand(void)
 	}
@ -147,10 +147,10 @@ Index: openssl-1.0.1e/crypto/ecdsa/ecdsatest.c
 	if (!test_builtin(out)) goto err;
 	ret = 0;
-Index: openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
+Index: openssl-1.0.1g/crypto/ecdsa/ecs_lib.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ecdsa/ecs_lib.c
+--- openssl-1.0.1g.orig/crypto/ecdsa/ecs_lib.c
-+++ openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
+++ openssl-1.0.1g/crypto/ecdsa/ecs_lib.c
@@ -81,14 +81,7 @@ const ECDSA_METHOD *ECDSA_get_default_me
 {
 	if(!default_ECDSA_method) 
@ -166,10 +166,10 @@ Index: openssl-1.0.1e/crypto/ecdsa/ecs_lib.c
 		}
 	return default_ECDSA_method;
 }
-Index: openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
+Index: openssl-1.0.1g/crypto/ecdsa/ecs_ossl.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ecdsa/ecs_ossl.c
+--- openssl-1.0.1g.orig/crypto/ecdsa/ecs_ossl.c
-+++ openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
+++ openssl-1.0.1g/crypto/ecdsa/ecs_ossl.c
@@ -60,6 +60,9 @@
 #include <openssl/err.h>
 #include <openssl/obj_mac.h>
@ -219,10 +219,10 @@ Index: openssl-1.0.1e/crypto/ecdsa/ecs_ossl.c
 	/* check input values */
 	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
 	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
-Index: openssl-1.0.1e/crypto/ec/ec_key.c
+Index: openssl-1.0.1g/crypto/ec/ec_key.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ec_key.c
+--- openssl-1.0.1g.orig/crypto/ec/ec_key.c
-+++ openssl-1.0.1e/crypto/ec/ec_key.c
+++ openssl-1.0.1g/crypto/ec/ec_key.c
@@ -64,9 +64,6 @@
 #include <string.h>
 #include "ec_lcl.h"
@ -319,10 +319,10 @@ Index: openssl-1.0.1e/crypto/ec/ec_key.c
 		{
 		ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
 			EC_R_COORDINATES_OUT_OF_RANGE);
-Index: openssl-1.0.1e/crypto/ec/ecp_mont.c
+Index: openssl-1.0.1g/crypto/ec/ecp_mont.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ecp_mont.c
+--- openssl-1.0.1g.orig/crypto/ec/ecp_mont.c
-+++ openssl-1.0.1e/crypto/ec/ecp_mont.c
+++ openssl-1.0.1g/crypto/ec/ecp_mont.c
@@ -63,18 +63,11 @@
 #include <openssl/err.h>
@ -350,10 +350,10 @@ Index: openssl-1.0.1e/crypto/ec/ecp_mont.c
 	}
-Index: openssl-1.0.1e/crypto/ec/ecp_nist.c
+Index: openssl-1.0.1g/crypto/ec/ecp_nist.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ecp_nist.c
+--- openssl-1.0.1g.orig/crypto/ec/ecp_nist.c
-+++ openssl-1.0.1e/crypto/ec/ecp_nist.c
+++ openssl-1.0.1g/crypto/ec/ecp_nist.c
@@ -67,15 +67,8 @@
 #include <openssl/obj_mac.h>
 #include "ec_lcl.h"
@ -378,10 +378,10 @@ Index: openssl-1.0.1e/crypto/ec/ecp_nist.c
 	}
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-Index: openssl-1.0.1e/crypto/ec/ecp_smpl.c
+Index: openssl-1.0.1g/crypto/ec/ecp_smpl.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/ec/ecp_smpl.c
+--- openssl-1.0.1g.orig/crypto/ec/ecp_smpl.c
-+++ openssl-1.0.1e/crypto/ec/ecp_smpl.c
+++ openssl-1.0.1g/crypto/ec/ecp_smpl.c
@@ -65,17 +65,10 @@
 #include <openssl/err.h>
 #include <openssl/symhacks.h>
@ -423,10 +423,10 @@ Index: openssl-1.0.1e/crypto/ec/ecp_smpl.c
 	if (ctx == NULL)
 		{
 		ctx = new_ctx = BN_CTX_new();
-Index: openssl-1.0.1e/crypto/evp/m_ecdsa.c
+Index: openssl-1.0.1g/crypto/evp/m_ecdsa.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/evp/m_ecdsa.c
+--- openssl-1.0.1g.orig/crypto/evp/m_ecdsa.c
-+++ openssl-1.0.1e/crypto/evp/m_ecdsa.c
+++ openssl-1.0.1g/crypto/evp/m_ecdsa.c
@@ -116,7 +116,6 @@
 #include <openssl/x509.h>
@ -449,10 +449,10 @@ Index: openssl-1.0.1e/crypto/evp/m_ecdsa.c
 	}
 #endif
 -#endif
-Index: openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
+Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdhvs.c
 ===================================================================
 --- /dev/null
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
+++ openssl-1.0.1g/crypto/fips/cavs/fips_ecdhvs.c
@@ -0,0 +1,496 @@
 +/* fips/ecdh/fips_ecdhvs.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -950,10 +950,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_ecdhvs.c
 +	}
 +
 +#endif
-Index: openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
+Index: openssl-1.0.1g/crypto/fips/cavs/fips_ecdsavs.c
 ===================================================================
 --- /dev/null
-+++ openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
+++ openssl-1.0.1g/crypto/fips/cavs/fips_ecdsavs.c
@@ -0,0 +1,533 @@
 +/* fips/ecdsa/fips_ecdsavs.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1488,10 +1488,10 @@ Index: openssl-1.0.1e/crypto/fips/cavs/fips_ecdsavs.c
 +	}
 +
 +#endif
-Index: openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
+Index: openssl-1.0.1g/crypto/fips/fips_ecdh_selftest.c
 ===================================================================
 --- /dev/null
-+++ openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
+++ openssl-1.0.1g/crypto/fips/fips_ecdh_selftest.c
@@ -0,0 +1,252 @@
 +/* fips/ecdh/fips_ecdh_selftest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1745,10 +1745,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_ecdh_selftest.c
 +	}
 +
 +#endif
-Index: openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
+Index: openssl-1.0.1g/crypto/fips/fips_ecdsa_selftest.c
 ===================================================================
 --- /dev/null
-+++ openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
+++ openssl-1.0.1g/crypto/fips/fips_ecdsa_selftest.c
@@ -0,0 +1,167 @@
 +/* fips/ecdsa/fips_ecdsa_selftest.c */
 +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
@ -1917,10 +1917,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_ecdsa_selftest.c
 +	}
 +
 +#endif
-Index: openssl-1.0.1e/crypto/fips/fips.h
+Index: openssl-1.0.1g/crypto/fips/fips.h
 ===================================================================
--- openssl-1.0.1e.orig/crypto/fips/fips.h
+--- openssl-1.0.1g.orig/crypto/fips/fips.h
-+++ openssl-1.0.1e/crypto/fips/fips.h
+++ openssl-1.0.1g/crypto/fips/fips.h
@@ -93,6 +93,8 @@ int FIPS_selftest_rsa(void);
 void FIPS_corrupt_dsa(void);
 void FIPS_corrupt_dsa_keygen(void);
@ -1930,10 +1930,10 @@ Index: openssl-1.0.1e/crypto/fips/fips.h
 void FIPS_corrupt_rng(void);
 void FIPS_rng_stick(void);
 void FIPS_x931_stick(int onoff);
-Index: openssl-1.0.1e/crypto/fips/fips_post.c
+Index: openssl-1.0.1g/crypto/fips/fips_post.c
 ===================================================================
--- openssl-1.0.1e.orig/crypto/fips/fips_post.c
+--- openssl-1.0.1g.orig/crypto/fips/fips_post.c
-+++ openssl-1.0.1e/crypto/fips/fips_post.c
+++ openssl-1.0.1g/crypto/fips/fips_post.c
@@ -95,8 +95,12 @@ int FIPS_selftest(void)
 		rv = 0;
 	if (!FIPS_selftest_rsa())
@ -1947,10 +1947,10 @@ Index: openssl-1.0.1e/crypto/fips/fips_post.c
 	return rv;
 	}
-Index: openssl-1.0.1e/crypto/fips/Makefile
+Index: openssl-1.0.1g/crypto/fips/Makefile
 ===================================================================
--- openssl-1.0.1e.orig/crypto/fips/Makefile
+--- openssl-1.0.1g.orig/crypto/fips/Makefile
-+++ openssl-1.0.1e/crypto/fips/Makefile
+++ openssl-1.0.1g/crypto/fips/Makefile
@@ -24,13 +24,13 @@ LIBSRC=fips_aes_selftest.c fips_des_self
     fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c  fips_rand.c \
     fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
--- a/openssl-1.0.1e-fips.patch
+++ b/openssl-1.0.1e-fips.patch
--- a/openssl-1.0.1e-new-fips-reqs.patch
+++ b/openssl-1.0.1e-new-fips-reqs.patch
@ -1,7 +1,7 @@
-Index: openssl-1.0.1f/crypto/bn/bn_rand.c
+Index: openssl-1.0.1g/crypto/bn/bn_rand.c
 ===================================================================
--- openssl-1.0.1f.orig/crypto/bn/bn_rand.c
+--- openssl-1.0.1g.orig/crypto/bn/bn_rand.c
-+++ openssl-1.0.1f/crypto/bn/bn_rand.c
+++ openssl-1.0.1g/crypto/bn/bn_rand.c
@@ -138,9 +138,12 @@ static int bnrand(int pseudorand, BIGNUM
 		goto err;
 		}
@ -18,10 +18,10 @@ Index: openssl-1.0.1f/crypto/bn/bn_rand.c
 	if (pseudorand)
 		{
-Index: openssl-1.0.1f/crypto/dh/dh_gen.c
+Index: openssl-1.0.1g/crypto/dh/dh_gen.c
 ===================================================================
--- openssl-1.0.1f.orig/crypto/dh/dh_gen.c
+--- openssl-1.0.1g.orig/crypto/dh/dh_gen.c
-+++ openssl-1.0.1f/crypto/dh/dh_gen.c
+++ openssl-1.0.1g/crypto/dh/dh_gen.c
@@ -125,7 +125,7 @@ static int dh_builtin_genparams(DH *ret,
 		return 0;
 		}
@ -31,10 +31,10 @@ Index: openssl-1.0.1f/crypto/dh/dh_gen.c
 		{
 		DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_KEY_SIZE_TOO_SMALL);
 		goto err;
-Index: openssl-1.0.1f/crypto/dh/dh.h
+Index: openssl-1.0.1g/crypto/dh/dh.h
 ===================================================================
--- openssl-1.0.1f.orig/crypto/dh/dh.h
+--- openssl-1.0.1g.orig/crypto/dh/dh.h
-+++ openssl-1.0.1f/crypto/dh/dh.h
+++ openssl-1.0.1g/crypto/dh/dh.h
@@ -78,6 +78,7 @@
 #endif
@ -43,10 +43,10 @@ Index: openssl-1.0.1f/crypto/dh/dh.h
 #define DH_FLAG_CACHE_MONT_P     0x01
 #define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
-Index: openssl-1.0.1f/crypto/dh/dh_check.c
+Index: openssl-1.0.1g/crypto/dh/dh_check.c
 ===================================================================
--- openssl-1.0.1f.orig/crypto/dh/dh_check.c
+--- openssl-1.0.1g.orig/crypto/dh/dh_check.c
-+++ openssl-1.0.1f/crypto/dh/dh_check.c
+++ openssl-1.0.1g/crypto/dh/dh_check.c
@@ -134,7 +134,33 @@ int DH_check_pub_key(const DH *dh, const
 	BN_sub_word(q,1);
 	if (BN_cmp(pub_key,q)>=0)
@ -81,10 +81,10 @@ Index: openssl-1.0.1f/crypto/dh/dh_check.c
 	ok = 1;
 err:
 	if (q != NULL) BN_free(q);
-Index: openssl-1.0.1f/crypto/dsa/dsa_gen.c
+Index: openssl-1.0.1g/crypto/dsa/dsa_gen.c
 ===================================================================
--- openssl-1.0.1f.orig/crypto/dsa/dsa_gen.c
+--- openssl-1.0.1g.orig/crypto/dsa/dsa_gen.c
-+++ openssl-1.0.1f/crypto/dsa/dsa_gen.c
+++ openssl-1.0.1g/crypto/dsa/dsa_gen.c
@@ -159,7 +159,6 @@ int dsa_builtin_paramgen(DSA *ret, size_
 	    }
@ -93,10 +93,10 @@ Index: openssl-1.0.1f/crypto/dsa/dsa_gen.c
 	    (bits != 2048 || qbits != 224) &&
 	    (bits != 2048 || qbits != 256) &&
 	    (bits != 3072 || qbits != 256))
-Index: openssl-1.0.1f/crypto/dsa/dsa.h
+Index: openssl-1.0.1g/crypto/dsa/dsa.h
 ===================================================================
--- openssl-1.0.1f.orig/crypto/dsa/dsa.h
+--- openssl-1.0.1g.orig/crypto/dsa/dsa.h
-+++ openssl-1.0.1f/crypto/dsa/dsa.h
+++ openssl-1.0.1g/crypto/dsa/dsa.h
@@ -89,6 +89,7 @@
 #endif
@ -118,10 +118,10 @@ Index: openssl-1.0.1f/crypto/dsa/dsa.h
 #define DSA_is_prime(n, callback, cb_arg) \
 	BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
-Index: openssl-1.0.1f/crypto/dsa/dsa_key.c
+Index: openssl-1.0.1g/crypto/dsa/dsa_key.c
 ===================================================================
--- openssl-1.0.1f.orig/crypto/dsa/dsa_key.c
+--- openssl-1.0.1g.orig/crypto/dsa/dsa_key.c
-+++ openssl-1.0.1f/crypto/dsa/dsa_key.c
+++ openssl-1.0.1g/crypto/dsa/dsa_key.c
@@ -122,7 +122,7 @@ static int dsa_builtin_keygen(DSA *dsa)
 #ifdef OPENSSL_FIPS
@ -131,10 +131,10 @@ Index: openssl-1.0.1f/crypto/dsa/dsa_key.c
 		{
 		DSAerr(DSA_F_DSA_BUILTIN_KEYGEN, DSA_R_KEY_SIZE_TOO_SMALL);
 		goto err;
-Index: openssl-1.0.1f/crypto/fips/fips_dh_selftest.c
+Index: openssl-1.0.1g/crypto/fips/fips_dh_selftest.c
 ===================================================================
 --- /dev/null
-+++ openssl-1.0.1f/crypto/fips/fips_dh_selftest.c
+++ openssl-1.0.1g/crypto/fips/fips_dh_selftest.c
@@ -0,0 +1,162 @@
 +/* ====================================================================
 + * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
@ -298,10 +298,10 @@ Index: openssl-1.0.1f/crypto/fips/fips_dh_selftest.c
 +	return ret;
 +	}
 +#endif
-Index: openssl-1.0.1f/crypto/fips/fips_drbg_rand.c
+Index: openssl-1.0.1g/crypto/fips/fips_drbg_rand.c
 ===================================================================
--- openssl-1.0.1f.orig/crypto/fips/fips_drbg_rand.c
+--- openssl-1.0.1g.orig/crypto/fips/fips_drbg_rand.c
-+++ openssl-1.0.1f/crypto/fips/fips_drbg_rand.c
+++ openssl-1.0.1g/crypto/fips/fips_drbg_rand.c
@@ -77,7 +77,8 @@ static int fips_drbg_bytes(unsigned char
 	int rv = 0;
 	unsigned char *adin = NULL;
@ -382,10 +382,10 @@ Index: openssl-1.0.1f/crypto/fips/fips_drbg_rand.c
 	}
 static const RAND_METHOD rand_drbg_meth =
-Index: openssl-1.0.1f/crypto/fips/fips.h
+Index: openssl-1.0.1g/crypto/fips/fips.h
 ===================================================================
--- openssl-1.0.1f.orig/crypto/fips/fips.h
+--- openssl-1.0.1g.orig/crypto/fips/fips.h
-+++ openssl-1.0.1f/crypto/fips/fips.h
+++ openssl-1.0.1g/crypto/fips/fips.h
@@ -96,6 +96,7 @@ void FIPS_corrupt_dsa_keygen(void);
 int FIPS_selftest_dsa(void);
 int FIPS_selftest_ecdsa(void);
@ -394,10 +394,10 @@ Index: openssl-1.0.1f/crypto/fips/fips.h
 void FIPS_corrupt_rng(void);
 void FIPS_rng_stick(void);
 void FIPS_x931_stick(int onoff);
-Index: openssl-1.0.1f/crypto/fips/fips_post.c
+Index: openssl-1.0.1g/crypto/fips/fips_post.c
 ===================================================================
--- openssl-1.0.1f.orig/crypto/fips/fips_post.c
+--- openssl-1.0.1g.orig/crypto/fips/fips_post.c
-+++ openssl-1.0.1f/crypto/fips/fips_post.c
+++ openssl-1.0.1g/crypto/fips/fips_post.c
@@ -99,6 +99,8 @@ int FIPS_selftest(void)
 		rv = 0;
 	if (!FIPS_selftest_dsa())
@ -407,10 +407,10 @@ Index: openssl-1.0.1f/crypto/fips/fips_post.c
 	if (!FIPS_selftest_ecdh())
 		rv = 0;
 	return rv;
-Index: openssl-1.0.1f/crypto/fips/fips_rsa_selftest.c
+Index: openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c
 ===================================================================
--- openssl-1.0.1f.orig/crypto/fips/fips_rsa_selftest.c
+--- openssl-1.0.1g.orig/crypto/fips/fips_rsa_selftest.c
-+++ openssl-1.0.1f/crypto/fips/fips_rsa_selftest.c
+++ openssl-1.0.1g/crypto/fips/fips_rsa_selftest.c
@@ -340,6 +340,42 @@ static const unsigned char kat_RSA_X931_
   0x60, 0x83, 0x18, 0x88, 0xA3, 0xF5, 0x59, 0xC3
 };
@ -480,10 +480,10 @@ Index: openssl-1.0.1f/crypto/fips/fips_rsa_selftest.c
 		RSA_free(key);
 	return ret;
 	}
-Index: openssl-1.0.1f/crypto/fips/Makefile
+Index: openssl-1.0.1g/crypto/fips/Makefile
 ===================================================================
--- openssl-1.0.1f.orig/crypto/fips/Makefile
+--- openssl-1.0.1g.orig/crypto/fips/Makefile
-+++ openssl-1.0.1f/crypto/fips/Makefile
+++ openssl-1.0.1g/crypto/fips/Makefile
@@ -24,13 +24,15 @@ LIBSRC=fips_aes_selftest.c fips_des_self
     fips_rsa_selftest.c fips_sha_selftest.c fips.c fips_dsa_selftest.c  fips_rand.c \
     fips_rsa_x931g.c fips_post.c fips_drbg_ctr.c fips_drbg_hash.c fips_drbg_hmac.c \
@ -502,11 +502,11 @@ Index: openssl-1.0.1f/crypto/fips/Makefile
 LIBCRYPTO=-L.. -lcrypto
-Index: openssl-1.0.1f/crypto/modes/gcm128.c
+Index: openssl-1.0.1g/crypto/modes/gcm128.c
 ===================================================================
--- openssl-1.0.1f.orig/crypto/modes/gcm128.c
+--- openssl-1.0.1g.orig/crypto/modes/gcm128.c
-+++ openssl-1.0.1f/crypto/modes/gcm128.c
+++ openssl-1.0.1g/crypto/modes/gcm128.c
-@@ -898,6 +898,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
+@@ -906,6 +906,10 @@ int CRYPTO_gcm128_encrypt(GCM128_CONTEXT
 # endif
 #endif
@ -517,7 +517,7 @@ Index: openssl-1.0.1f/crypto/modes/gcm128.c
 #if 0
 	n = (unsigned int)mlen%16; /* alternative to ctx->mres */
 #endif
-@@ -1213,6 +1217,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
+@@ -1269,6 +1273,10 @@ int CRYPTO_gcm128_encrypt_ctr32(GCM128_C
 # endif
 #endif
@ -528,10 +528,10 @@ Index: openssl-1.0.1f/crypto/modes/gcm128.c
 	mlen += len;
 	if (mlen>((U64(1)<<36)-32) || (sizeof(len)==8 && mlen<len))
 		return -1;
-Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
+Index: openssl-1.0.1g/crypto/modes/modes_lcl.h
 ===================================================================
--- openssl-1.0.1f.orig/crypto/modes/modes_lcl.h
+--- openssl-1.0.1g.orig/crypto/modes/modes_lcl.h
-+++ openssl-1.0.1f/crypto/modes/modes_lcl.h
+++ openssl-1.0.1g/crypto/modes/modes_lcl.h
@@ -114,6 +114,8 @@ struct gcm128_context {
 	unsigned int mres, ares;
 	block128_f block;
@ -541,10 +541,10 @@ Index: openssl-1.0.1f/crypto/modes/modes_lcl.h
 };
 struct xts128_context {
-Index: openssl-1.0.1f/crypto/rand/md_rand.c
+Index: openssl-1.0.1g/crypto/rand/md_rand.c
 ===================================================================
--- openssl-1.0.1f.orig/crypto/rand/md_rand.c
+--- openssl-1.0.1g.orig/crypto/rand/md_rand.c
-+++ openssl-1.0.1f/crypto/rand/md_rand.c
+++ openssl-1.0.1g/crypto/rand/md_rand.c
@@ -143,12 +143,6 @@ static long md_count[2]={0,0};
 static double entropy=0;
 static int initialized=0;
@ -565,9 +565,9 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
 -	int do_not_lock;
 +	int locked;
- 	/*
+ 	if (!num)
- 	 * (Based on the rand(3) manpage)
+ 		return;
-@@ -213,19 +207,8 @@ static void ssleay_rand_add(const void *
+@@ -216,19 +210,8 @@ static void ssleay_rand_add(const void *
          * hash function.
 	 */
@ -588,7 +588,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
 	st_idx=state_index;
 	/* use our own copies of the counters so that even
-@@ -257,7 +240,8 @@ static void ssleay_rand_add(const void *
+@@ -260,7 +243,8 @@ static void ssleay_rand_add(const void *
 	md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
@ -598,7 +598,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
 	EVP_MD_CTX_init(&m);
 	for (i=0; i<num; i+=MD_DIGEST_LENGTH)
-@@ -308,7 +292,7 @@ static void ssleay_rand_add(const void *
+@@ -311,7 +295,7 @@ static void ssleay_rand_add(const void *
 		}
 	EVP_MD_CTX_cleanup(&m);
@ -607,7 +607,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
 	/* Don't just copy back local_md into md -- this could mean that
 	 * other thread's seeding remains without effect (except for
 	 * the incremented counter).  By XORing it we keep at least as
-@@ -319,7 +303,8 @@ static void ssleay_rand_add(const void *
+@@ -322,7 +306,8 @@ static void ssleay_rand_add(const void *
 		}
 	if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
 	    entropy += add;
@ -617,7 +617,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
 #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
 	assert(md_c[1] == md_count[1]);
-@@ -344,6 +329,7 @@ static int ssleay_rand_bytes(unsigned ch
+@@ -347,6 +332,7 @@ static int ssleay_rand_bytes(unsigned ch
 	pid_t curr_pid = getpid();
 #endif
 	int do_stir_pool = 0;
@ -625,7 +625,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
 #ifdef PREDICT
 	if (rand_predictable)
-@@ -384,13 +370,8 @@ static int ssleay_rand_bytes(unsigned ch
+@@ -387,13 +373,8 @@ static int ssleay_rand_bytes(unsigned ch
 	/* NB: in FIPS mode we are already under a lock */
 	if (!FIPS_mode())
 #endif
@ -640,7 +640,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
 	/* always poll for external entropy in FIPS mode, drbg provides the 
 	 * expansion
-@@ -464,12 +445,11 @@ static int ssleay_rand_bytes(unsigned ch
+@@ -467,12 +448,11 @@ static int ssleay_rand_bytes(unsigned ch
 	md_count[0] += 1;
@ -655,7 +655,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
 	while (num > 0)
 		{
-@@ -524,13 +504,15 @@ static int ssleay_rand_bytes(unsigned ch
+@@ -527,13 +507,15 @@ static int ssleay_rand_bytes(unsigned ch
 #ifdef OPENSSL_FIPS
 	if (!FIPS_mode())
 #endif
@ -673,7 +673,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
 	EVP_MD_CTX_cleanup(&m);
 	if (ok)
-@@ -560,32 +542,10 @@ static int ssleay_rand_pseudo_bytes(unsi
+@@ -563,32 +545,10 @@ static int ssleay_rand_pseudo_bytes(unsi
 static int ssleay_rand_status(void)
 	{
@ -708,7 +708,7 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
 	if (!initialized)
 		{
-@@ -595,13 +555,8 @@ static int ssleay_rand_status(void)
+@@ -598,13 +558,8 @@ static int ssleay_rand_status(void)
 	ret = entropy >= ENTROPY_NEEDED;
@ -724,9 +724,10 @@ Index: openssl-1.0.1f/crypto/rand/md_rand.c
 	return ret;
 	}
-diff -up openssl-1.0.1e/crypto/rand/rand.h.fips-reqs openssl-1.0.1e/crypto/rand/rand.h
+Index: openssl-1.0.1g/crypto/rand/rand.h
--- openssl-1.0.1e/crypto/rand/rand.h.fips-reqs	2013-12-18 12:17:09.764636958 +0100
+===================================================================
-+++ openssl-1.0.1e/crypto/rand/rand.h	2013-12-18 12:17:09.800637730 +0100
+--- openssl-1.0.1g.orig/crypto/rand/rand.h
 +++ openssl-1.0.1g/crypto/rand/rand.h
@@ -124,6 +124,8 @@ void RAND_set_fips_drbg_type(int type, i
 int RAND_init_fips(void);
 #endif
@ -736,9 +737,10 @@ diff -up openssl-1.0.1e/crypto/rand/rand.h.fips-reqs openssl-1.0.1e/crypto/rand/
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
-diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/rand/rand_lcl.h
+Index: openssl-1.0.1g/crypto/rand/rand_lcl.h
--- openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs	2013-12-18 12:17:09.507631447 +0100
+===================================================================
-+++ openssl-1.0.1e/crypto/rand/rand_lcl.h	2013-12-18 12:17:09.800637730 +0100
+--- openssl-1.0.1g.orig/crypto/rand/rand_lcl.h
 +++ openssl-1.0.1g/crypto/rand/rand_lcl.h
@@ -112,7 +112,7 @@
 #ifndef HEADER_RAND_LCL_H
 #define HEADER_RAND_LCL_H
@ -748,9 +750,10 @@ diff -up openssl-1.0.1e/crypto/rand/rand_lcl.h.fips-reqs openssl-1.0.1e/crypto/r
 #if !defined(USE_MD5_RAND) && !defined(USE_SHA1_RAND) && !defined(USE_MDC2_RAND) && !defined(USE_MD2_RAND)
-diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/rand/rand_lib.c
+Index: openssl-1.0.1g/crypto/rand/rand_lib.c
--- openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs	2013-02-11 16:26:04.000000000 +0100
+===================================================================
-+++ openssl-1.0.1e/crypto/rand/rand_lib.c	2013-12-18 18:16:45.625850730 +0100
+--- openssl-1.0.1g.orig/crypto/rand/rand_lib.c
 +++ openssl-1.0.1g/crypto/rand/rand_lib.c
@@ -181,6 +181,41 @@ int RAND_status(void)
 	return 0;
 	}
@ -810,9 +813,10 @@ diff -up openssl-1.0.1e/crypto/rand/rand_lib.c.fips-reqs openssl-1.0.1e/crypto/r
 	return 1;
 	}
-diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1e/crypto/rsa/rsa_gen.c
+Index: openssl-1.0.1g/crypto/rsa/rsa_gen.c
--- openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs	2013-12-18 12:17:09.764636958 +0100
+===================================================================
-+++ openssl-1.0.1e/crypto/rsa/rsa_gen.c	2013-12-19 17:40:58.483154314 +0100
+--- openssl-1.0.1g.orig/crypto/rsa/rsa_gen.c
 +++ openssl-1.0.1g/crypto/rsa/rsa_gen.c
@@ -1,5 +1,6 @@
 /* crypto/rsa/rsa_gen.c */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
@ -1080,9 +1084,10 @@ diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.fips-reqs openssl-1.0.1e/crypto/rsa
 	ok=1;
 err:
 	if (ok == -1)
-diff -up openssl-1.0.1e/ssl/t1_enc.c.fips-reqs openssl-1.0.1e/ssl/t1_enc.c
+Index: openssl-1.0.1g/ssl/t1_enc.c
--- openssl-1.0.1e/ssl/t1_enc.c.fips-reqs	2013-02-11 16:26:04.000000000 +0100
+===================================================================
-+++ openssl-1.0.1e/ssl/t1_enc.c	2013-12-18 12:17:09.801637751 +0100
+--- openssl-1.0.1g.orig/ssl/t1_enc.c
 +++ openssl-1.0.1g/ssl/t1_enc.c
@@ -291,6 +291,27 @@ static int tls1_PRF(long digest_mask,
 err:
 	return ret;
--- a/openssl-1.0.1f.tar.gz
+++ b/openssl-1.0.1f.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:6cc2a80b17d64de6b7bac985745fdaba971d54ffd7d38d3556f998d7c0c9cb5a
 size 4509212
--- a/openssl-1.0.1f.tar.gz.asc
+++ b/openssl-1.0.1f.tar.gz.asc
@ -1,11 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 iQEVAwUAUsq/WqLSm3vylcdZAQI63Af8DQSLbopKVXumiTiK0dAtXU+FwGl3FSXE
 KKJgpfMdPPTSn/kdcmh4LXv4rFae5gNn0GEpEMlcLPxJSSauo8CO9xfYzA2Y1POE
 bL9qemk7B/g/i2WZi6gTVP0/38/qRBh/3WyR94iVplZm5P8e+7bXqoHDEBtNMew1
 YcalGMgd/1ajvGo9+Y6qHHSNVu2FfSLQ7vqeurTHgo9c2ZhvDEsw/rQjqn7oQ3c7
 mz2qTYbgJ1+cikue47E0T0mQFv/my9flG6Bu63vhyioNZUxR5QVluuqAoLUAuM7h
 xdJ8fVXMmqbLdr3ZQsCkdHeDQgke/FRVgyvzAdt7ensZoFSshfXcJw==
 =exdx
 -----END PGP SIGNATURE-----
--- a/openssl-1.0.1g.tar.gz
+++ b/openssl-1.0.1g.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:53cb818c3b90e507a8348f4f5eaedb05d8bfe5358aabb508b7263cc670c3e028
 size 4509047
--- a/openssl-1.0.1g.tar.gz.asc
+++ b/openssl-1.0.1g.tar.gz.asc
@ -0,0 +1,17 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.11 (GNU/Linux)
 iQIcBAABCAAGBQJTQtiaAAoJENNXdQf6QOniuAkP/2hFMcb2NEG36by4oleDQQA1
 xw/qiE5NryMU7+bwwhjvVdGsyeLnnPxN0K5fFVlsWHFIJCArZ/ERsR3xJfldSoZX
 xz/PgU4JAWT7vkhIR0zW2SInzxdX2hUsonG3dRqVY5JVX3aAMkcIanczpxrv39Cb
 ZeKwStINV5HOXH++Y7O4SWsFF3w2H4cmijyF2QQngrvyGkkS4C1Wy/PH54rAQrSH
 phfsDlULL48/4NPul9LiRK6clgf+6DtOa9eY/NF+enjmEw2B73PRt1DmCaaaabWU
 RwKHyVZUvXGhZYnPnfriz+V09FEq9SMEyyCBg2JeTljESPaPKxPP53ueI7OTo3B8
 cyXcVMq3nckgq3XI1j/Z/BJVTO6Zp/thTlkGv35O/+AgdY/lWiMictFYLLfbHC1Z
 9A9gbwuhO7pc1BrQF0vhIR+NlHAq4fVA81xHrClsIWebs8XjaH4zLRoeYBKqK0+m
 4T2vf78yh+viiSOU2KpQdi4kWOUpCMVBa4CJclyAWdX+jjhnrudWcV5JwCz1KtNK
 Pdaje0WrJ8gqAKpZC88q2vhVZF8FQt2YGhe16sGM5N9aSeg0/GMd1rAbJPUlpQ41
 /b64wg+J3/ZQsRDfNvXwIgaGa1Ur8mUv/hmtAr1ecXK+rOcn6wcoouWwDYcOCQj/
 opNSFe0Slj1X6unB62z2
 =9S5s
 -----END PGP SIGNATURE-----
--- a/openssl-fix-pod-syntax.diff
+++ b/openssl-fix-pod-syntax.diff
@ -59,10 +59,10 @@ Content-Length: 12835
 doc/ssl/SSL_write.pod                       |    2 +-
 23 files changed, 59 insertions(+), 55 deletions(-)
-Index: openssl-1.0.1f/doc/apps/cms.pod
+Index: openssl-1.0.1g/doc/apps/cms.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/apps/cms.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/apps/cms.pod
-+++ openssl-1.0.1f/doc/apps/cms.pod	2014-01-09 23:42:30.000000000 +0000
+++ openssl-1.0.1g/doc/apps/cms.pod
@@ -450,28 +450,28 @@ remains DER.
 =over 4
@ -98,10 +98,10 @@ Index: openssl-1.0.1f/doc/apps/cms.pod
 the message was verified correctly but an error occurred writing out
 the signers certificates.
-Index: openssl-1.0.1f/doc/apps/smime.pod
+Index: openssl-1.0.1g/doc/apps/smime.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/apps/smime.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/apps/smime.pod
-+++ openssl-1.0.1f/doc/apps/smime.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/apps/smime.pod
@@ -308,28 +308,28 @@ remains DER.
 =over 4
@ -137,10 +137,10 @@ Index: openssl-1.0.1f/doc/apps/smime.pod
 the message was verified correctly but an error occurred writing out
 the signers certificates.
-Index: openssl-1.0.1f/doc/apps/ts.pod
+Index: openssl-1.0.1g/doc/apps/ts.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/apps/ts.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/apps/ts.pod
-+++ openssl-1.0.1f/doc/apps/ts.pod	2014-01-09 23:45:03.000000000 +0000
+++ openssl-1.0.1g/doc/apps/ts.pod
@@ -58,19 +58,19 @@ time. Here is a brief description of the
 =over 4
@ -164,10 +164,10 @@ Index: openssl-1.0.1f/doc/apps/ts.pod
 The TSA client receives the time stamp token and verifies the
 signature on it. It also checks if the token contains the same hash
-Index: openssl-1.0.1f/doc/crypto/OPENSSL_ia32cap.pod
+Index: openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/crypto/OPENSSL_ia32cap.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/crypto/OPENSSL_ia32cap.pod
-+++ openssl-1.0.1f/doc/crypto/OPENSSL_ia32cap.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod
@@ -20,6 +20,8 @@ toolkit initialization, but can be manip
 crypto library behaviour. For the moment of this writing six bits are
 significant, namely:
@ -186,10 +186,10 @@ Index: openssl-1.0.1f/doc/crypto/OPENSSL_ia32cap.pod
 For example, clearing bit #26 at run-time disables high-performance
 SSE2 code present in the crypto library. You might have to do this if
 target OpenSSL application is executed on SSE2 capable CPU, but under
-Index: openssl-1.0.1f/doc/crypto/rand.pod
+Index: openssl-1.0.1g/doc/crypto/rand.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/crypto/rand.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/crypto/rand.pod
-+++ openssl-1.0.1f/doc/crypto/rand.pod	2014-01-09 23:43:46.000000000 +0000
+++ openssl-1.0.1g/doc/crypto/rand.pod
@@ -74,16 +74,16 @@ First up I will state the things I belie
 =over 4
@ -241,10 +241,10 @@ Index: openssl-1.0.1f/doc/crypto/rand.pod
 Given the random number output stream, it should not be possible to determine
 the RNG state or the next random number.
-Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_COMP_add_compression_method.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_COMP_add_compression_method.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may re
 =over 4
@ -259,10 +259,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
 The operation failed. Check the error queue to find out the reason.
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_add_session.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_add_session.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
@@ -52,13 +52,13 @@ The following values are returned by all
 =over 4
@ -279,10 +279,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
  The operation succeeded.
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_load_verify_locations.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_load_verify_locations.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -100,13 +100,13 @@ The following return values can occur:
 =over 4
@ -299,10 +299,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
 The operation succeeded.
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -66,13 +66,13 @@ values:
 =over 4
@ -319,10 +319,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
 The operation succeeded.
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_session_id_context.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_session_id_context.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -64,13 +64,13 @@ return the following values:
 =over 4
@ -339,10 +339,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
 The operation succeeded.
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_set_ssl_version.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_ssl_version.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
 =over 4
@ -357,10 +357,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
 The operation succeeded.
-Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod	2014-01-09 23:44:18.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -96,7 +96,7 @@ data to B<psk> and return the length of
 connection will fail with decryption_error before it will be finished
 completely.
@ -370,10 +370,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
 PSK identity was not found. An "unknown_psk_identity" alert message
 will be sent and the connection setup fails.
-Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_accept.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_accept.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_accept.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_accept.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_accept.pod
@@ -44,13 +44,13 @@ The following return values can occur:
 =over 4
@ -390,10 +390,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_accept.pod
 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
 established.
-Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_clear.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_clear.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_clear.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_clear.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_clear.pod
@@ -56,12 +56,12 @@ The following return values can occur:
 =over 4
@ -409,10 +409,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_clear.pod
 The SSL_clear() operation was successful.
-Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_connect.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_connect.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_connect.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_connect.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_connect.pod
@@ -41,13 +41,13 @@ The following return values can occur:
 =over 4
@ -429,10 +429,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_connect.pod
 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
 established.
-Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_do_handshake.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_do_handshake.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod
@@ -45,13 +45,13 @@ The following return values can occur:
 =over 4
@ -449,10 +449,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
 The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
 established.
-Index: openssl-1.0.1f/doc/ssl/SSL_read.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_read.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_read.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_read.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_read.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_read.pod
@@ -86,7 +86,7 @@ The following return values can occur:
 The read operation was successful; the return value is the number of
 bytes actually read from the TLS/SSL connection.
@ -462,10 +462,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_read.pod
 The read operation was not successful. The reason may either be a clean
 shutdown due to a "close notify" alert sent by the peer (in which case
-Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_session_reused.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_session_reused.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_session_reused.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_session_reused.pod
@@ -27,11 +27,11 @@ The following return values can occur:
 =over 4
@ -480,10 +480,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
 A session was reused.
-Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_set_fd.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_fd.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_set_fd.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_set_fd.pod
@@ -35,11 +35,11 @@ The following return values can occur:
 =over 4
@ -498,10 +498,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
 The operation succeeded.
-Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_set_session.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_session.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_set_session.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_set_session.pod
@@ -37,11 +37,11 @@ The following return values can occur:
 =over 4
@ -516,23 +516,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_set_session.pod
 The operation succeeded.
-Index: openssl-1.0.1f/doc/ssl/SSL_set_shutdown.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_shutdown.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_set_shutdown.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_shutdown.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_set_shutdown.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_shutdown.pod
@@ -24,7 +24,7 @@ The shutdown state of an ssl connection
 =over 4
 -=item 0
 +=item Z<>0
 No shutdown setting, yet.
 Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
 ===================================================================
 --- openssl-1.0.1f.orig/doc/ssl/SSL_shutdown.pod	2014-01-06 13:47:42.000000000 +0000
 +++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod	2014-01-09 23:42:31.000000000 +0000
@@ -92,19 +92,19 @@ The following return values can occur:
 =over 4
@ -556,10 +543,10 @@ Index: openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
 The shutdown was not successful because a fatal error occurred either
 at the protocol level or a connection failure occurred. It can also occur if
-Index: openssl-1.0.1f/doc/ssl/SSL_write.pod
+Index: openssl-1.0.1g/doc/ssl/SSL_write.pod
 ===================================================================
--- openssl-1.0.1f.orig/doc/ssl/SSL_write.pod	2014-01-06 13:47:42.000000000 +0000
+--- openssl-1.0.1g.orig/doc/ssl/SSL_write.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_write.pod	2014-01-09 23:42:31.000000000 +0000
+++ openssl-1.0.1g/doc/ssl/SSL_write.pod
@@ -79,7 +79,7 @@ The following return values can occur:
 The write operation was successful, the return value is the number of
 bytes actually written to the TLS/SSL connection.
--- a/openssl-ocloexec.patch
+++ b/openssl-ocloexec.patch
@ -1,3 +1,5 @@
 Index: crypto/bio/b_sock.c
 ===================================================================
 --- crypto/bio/b_sock.c.orig
 +++ crypto/bio/b_sock.c
@@ -735,7 +735,7 @@ int BIO_get_accept_socket(char *host, in
@ -18,6 +20,8 @@
 			if (cs != INVALID_SOCKET)
 				{
 				int ii;
 Index: crypto/bio/bss_conn.c
 ===================================================================
 --- crypto/bio/bss_conn.c.orig
 +++ crypto/bio/bss_conn.c
@@ -209,7 +209,7 @@ static int conn_state(BIO *b, BIO_CONNEC
@ -29,9 +33,11 @@
 			if (ret == INVALID_SOCKET)
 				{
 				SYSerr(SYS_F_SOCKET,get_last_socket_error());
 Index: crypto/bio/bss_dgram.c
 ===================================================================
 --- crypto/bio/bss_dgram.c.orig
 +++ crypto/bio/bss_dgram.c
-@@ -999,7 +999,7 @@ static int dgram_sctp_read(BIO *b, char
+@@ -1032,7 +1032,7 @@ static int dgram_sctp_read(BIO *b, char
 			msg.msg_control = cmsgbuf;
 			msg.msg_controllen = 512;
 			msg.msg_flags = 0;
@ -40,7 +46,7 @@
 			if (msg.msg_controllen > 0)
 				{
-@@ -1560,7 +1560,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
+@@ -1593,7 +1593,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
 	msg.msg_controllen = 0;
 	msg.msg_flags = 0;
@ -49,7 +55,7 @@
 	if (n <= 0)
 		{
 		if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
-@@ -1583,7 +1583,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
+@@ -1616,7 +1616,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
 		msg.msg_controllen = 0;
 		msg.msg_flags = 0;
@ -58,7 +64,7 @@
 		if (n <= 0)
 			{
 			if ((n < 0) && (get_last_socket_error() != EAGAIN) && (get_last_socket_error() != EWOULDBLOCK))
-@@ -1644,7 +1644,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
+@@ -1677,7 +1677,7 @@ int BIO_dgram_sctp_wait_for_dry(BIO *b)
 			fcntl(b->num, F_SETFL, O_NONBLOCK);
 			}
@ -67,7 +73,7 @@
 		if (is_dry)
 			{
-@@ -1688,7 +1688,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
+@@ -1721,7 +1721,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
 		sockflags = fcntl(b->num, F_GETFL, 0);
 		fcntl(b->num, F_SETFL, O_NONBLOCK);
@ -76,7 +82,7 @@
 		fcntl(b->num, F_SETFL, sockflags);
 		/* if notification, process and try again */
-@@ -1709,7 +1709,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
+@@ -1742,7 +1742,7 @@ int BIO_dgram_sctp_msg_waiting(BIO *b)
 			msg.msg_control = NULL;
 			msg.msg_controllen = 0;
 			msg.msg_flags = 0;
@ -85,6 +91,8 @@
 			if (data->handle_notifications != NULL)
 				data->handle_notifications(b, data->notification_context, (void*) &snp);
 Index: crypto/bio/bss_file.c
 ===================================================================
 --- crypto/bio/bss_file.c.orig
 +++ crypto/bio/bss_file.c
@@ -120,6 +120,10 @@ BIO *BIO_new_file(const char *filename,
@ -125,6 +133,8 @@
 		fp=fopen(ptr,p);
 		if (fp == NULL)
 			{
 Index: crypto/rand/rand_unix.c
 ===================================================================
 --- crypto/rand/rand_unix.c.orig
 +++ crypto/rand/rand_unix.c
@@ -262,7 +262,7 @@ int RAND_poll(void)
@ -136,9 +146,11 @@
 #ifdef O_NONBLOCK
 			|O_NONBLOCK
 #endif
 Index: crypto/rand/randfile.c
 ===================================================================
 --- crypto/rand/randfile.c.orig
 +++ crypto/rand/randfile.c
-@@ -134,7 +134,7 @@ int RAND_load_file(const char *file, lon
+@@ -136,7 +136,7 @@ int RAND_load_file(const char *file, lon
 #ifdef OPENSSL_SYS_VMS
 	in=vms_fopen(file,"rb",VMS_OPEN_ATTRS);
 #else
@ -147,7 +159,7 @@
 #endif
 	if (in == NULL) goto err;
 #if defined(S_IFBLK) && defined(S_IFCHR) && !defined(OPENSSL_NO_POSIX_IO)
-@@ -207,7 +207,7 @@ int RAND_write_file(const char *file)
+@@ -209,7 +209,7 @@ int RAND_write_file(const char *file)
 #endif
 	/* chmod(..., 0600) is too late to protect the file,
 	 * permissions should be restrictive from the start */
@ -156,7 +168,7 @@
 	if (fd != -1)
 		out = fdopen(fd, "wb");
 	}
-@@ -238,7 +238,7 @@ int RAND_write_file(const char *file)
+@@ -240,7 +240,7 @@ int RAND_write_file(const char *file)
 		out = vms_fopen(file,"wb",VMS_OPEN_ATTRS);
 #else
 	if (out == NULL)
--- a/openssl-pkgconfig.patch
+++ b/openssl-pkgconfig.patch
@ -1,6 +1,8 @@
--- openssl-1.0.1e.orig/Makefile.org
+Index: openssl-1.0.1g/Makefile.org
-+++ openssl-1.0.1e/Makefile.org
+===================================================================
-@@ -366,7 +366,7 @@ libcrypto.pc: Makefile
+--- openssl-1.0.1g.orig/Makefile.org
 +++ openssl-1.0.1g/Makefile.org
@@ -367,7 +367,7 @@ libcrypto.pc: Makefile
 	    echo 'Requires: '; \
 	    echo 'Libs: -L$${libdir} -lcrypto'; \
 	    echo 'Libs.private: $(EX_LIBS)'; \
@ -9,7 +11,7 @@
 libssl.pc: Makefile
 	@ ( echo 'prefix=$(INSTALLTOP)'; \
-@@ -380,7 +380,7 @@ libssl.pc: Makefile
+@@ -381,7 +381,7 @@ libssl.pc: Makefile
 	    echo 'Requires: '; \
 	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
 	    echo 'Libs.private: $(EX_LIBS)'; \
@ -18,7 +20,7 @@
 openssl.pc: Makefile
 	@ ( echo 'prefix=$(INSTALLTOP)'; \
-@@ -394,7 +394,7 @@ openssl.pc: Makefile
+@@ -395,7 +395,7 @@ openssl.pc: Makefile
 	    echo 'Requires: '; \
 	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
 	    echo 'Libs.private: $(EX_LIBS)'; \
--- a/openssl.changes
+++ b/openssl.changes
@ -1,3 +1,17 @@
 -------------------------------------------------------------------
 Tue Apr  8 08:12:38 UTC 2014 - dmueller@suse.com
 - update to 1.0.1g:
  * fix for critical TLS heartbeat read overrun (CVE-2014-0160) (bnc#872299)
  * Fix for Recovering OpenSSL ECDSA Nonces (CVE-2014-0076) (bnc#869945)
  * Workaround for the "TLS hang bug" (see FAQ and PR#2771)
 - remove CVE-2014-0076.patch
 - openssl.keyring: upstream changed to:
  pub  4096R/FA40E9E2 2005-03-19 Dr Stephen N Henson <steve@openssl.org>
  uid                            Dr Stephen Henson <shenson@drh-consultancy.co.uk>
  uid                            Dr Stephen Henson <shenson@opensslfoundation.com>
 -------------------------------------------------------------------
 Tue Mar 25 08:11:11 UTC 2014 - shchang@suse.com
--- a/openssl.keyring
+++ b/openssl.keyring
@ -1,100 +1,149 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd" >
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 <title>Public Key Server -- Get ``0xa2d29b7bf295c759 ''</title>
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <style type="text/css">
 /*<![CDATA[*/
 .uid { color: green; text-decoration: underline; }
 .warn { color: red; font-weight: bold; }
 /*]]>*/
 </style></head><body><h1>Public Key Server -- Get ``0xa2d29b7bf295c759 ''</h1>
 <pre>
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: SKS 1.1.4
+Version: GnuPG v2.0.22 (GNU/Linux)
 Comment: Hostname: pgp.mit.edu
-mQENAzZz6nwAAAEIAMo0phUn+IyEMv4v4gN7ANsdksYAwsrN+3XutOrNlJIJ1HSKVxlgzU7N
+mQILBEI8bW8BEAC4MIXcibrtBmTq6mYlLRHhgZnX9b4c5ej4ObLsFVH30Q/PDArT
-6XkYvFH+fSMaHE1+SRREyCO2MVBXWDrSAGCYETcKY+KM2gzSEB2pMxNdewZDFM5ayUHMCVjv
+jINEiqFCTJegBiuFpzbw207+WkpljmQYC5gTWln3u99lMEpHpxJJn+IWZF4avUAS
-ROanLr5KfjEcA6uibwLcq+tvKGTq16kba3COgYElM5LR1vHx7EZB3PHAonHfgggM/MmKZw30
+aoDE+kD3vjOAxDmWyNlx22gxjG6XmMi/InpMSJjlcCl2c/G01bD1corNaasx7D3T
-61PG+xfAvJZFyOojVLcGGqa510ctnoqLBhCceRQbQEaEO+1KIxJ+qf3BGyl5i1Ldz04252Wx
+nHljAwkLFSJirrc5Ojb2oMgRvQ5cTygshGGYdGbYCSo66a9ewDW5oxst61rYqJUh
-ANVlEyVhqaVLFwY7jAcaeqWK+CxOyK0HjJnQZpygIJgWMaaS2UN1/2nzB0kMotKbe/KVx1kA
+MYhWs06i7KIHHavkBzUy/Rtmw8AQgTfwYtHj3uC29/u1+AHNM81WfNbjjZUtEAPv
-BRG0MURyIFN0ZXBoZW4gSGVuc29uIDxzaGVuc29uQGRyaC1jb25zdWx0YW5jeS5jby51az6I
+BfL68DHo/8Y+sehBJSL6jiBBdJrt5lzX9TmoNSHgmr+eyGzioU0rhjqhWK3aTxCx
-RgQQEQIABgUCRFyrXAAKCRCL2C5vMLlLXKlsAKCUWipHE16bE8yRsxiLikjx0fO84wCfTGSi
+cMp3fCmdXnrrhBvxntsXAPVU/JRfOnWy5tCipzX02pDMxTPZSrtGM3qtO1kUtJkW
-DknIYZWFa5bKJ1KY4uIEqhSIRgQQEQIABgUCRsddmgAKCRAQN5GDEzHzW2w6AJ0SqqSEuEGj
+gltsJuqZOcEThKpcYu2ozSPDEI+1LMyAzb6H7Hvts6+B4eP8f86cVkfpJ+A4wE9+
-MH31xtwQQDEjVou2tACdHqASE+VZRLdzJHoZN7V0err0zP2JARUDBRNDwVDootKbe/KVx1kB
+5FCpXDXWEhH4Y/Le6bJX/PdMqsX4qG3o+vLF2SVL0dzX/udO9GscZPqcpbEjd2fV
-AUljB/9ilmpYqqMFIMFrOB3hlIQMao6ZkHPqsrMeePUvAX9oa3p7uXloDm3aQggc9SFeNIoo
+SU1uqTfLIchzchgJNHnAySMcz8EP+08iUTw+sI+n5k7gZ3is+baMjQYztVn9oB+/
-pZPCQpR+5LcP5ybbYJb3NQOR1KuCRaBwt5e/49uBYpH14B74RddOZS/UThUXPSQ5fVY4Bs9I
+o8AO/RAnkJklb/GpzcfoHBPp17OuQI8ZuvxRfbRJISEMqnatHLAFvP9T7QAGKbQn
-zNp4rMydpr3fEIXgW8CGzRussLKUj5f93o7S4pzvucTw8Z5lWhvtUmA6VqvZvK26FklkhVB0
+RHIgU3RlcGhlbiBOIEhlbnNvbiA8c3RldmVAb3BlbnNzbC5vcmc+iQEcBBABAgAG
-vPGSMHgE7y6eHPKjAZoGvgiuf7L65YOTceQcTPlW34vqel8YtJpBdIM8Ju7Zdx8hfD/HScVY
+BQJCPG3TAAoJEKLSm3vylcdZAcIIAJEpkP59JmnU8b/tzojGe3YHBR0L9YA54GZz
-r+RBzEOM6nPzKj3vFCUhFeq6ywj1yCAF3J3bkeU6voJnT9Ad15f88t5w45hMiQIcBBABAgAG
+7MdSEQgIYaZKb+8uwvZG6nxir/HrJOhtvZKHqbna7qvx6LltJ7K+cqLSHz72Iiv9
-BQJPtt+IAAoJECx8HnpWTIi8QAIQALBqDaLOJICo3x9bkULIq49Ly1zUbKKbnqXQmv11KCHT
+KvR1THLpqJaYaQfS8j0VSPNofLm1T/azKf0AVDfrBDnO1vo5dNhG514U6i96GMHX
-UsLK4Wj0ztEza8kT99Of6IaB0hLAn4qZQFx9LeiX4QruiXB9ti86LHrLypFR3XgTIvdULcBz
+YniRBzOkJqDNtNzh7cyyp+0Lc8vOzODjenYWUtqL2Lfqv9aOk2NV2V6LL/qUTmdt
-/kQmAwB6eXW5Zqw/5SJ8F90B/XvtADpBnHnZNOmFOesnJSX7Urho2002Ep3beUR1zvtdJf5l
+r/KQwgSCf1yAgqgc0i5l3NJGDI0+706TIhyA3pSc/cqN2zO1oDkzRpsnyoxXrjOC
-F+enFPZ/cOnQvJNPaDbh+WoXfWVRz5aYR4TbNsT0Fetsvi6unO/GWHv04rlWiRCwbpEDem60
+/nO6aLH2DI6TrxLfWoGQphWsjM6QLl7/90MxXCffbjJuA7ETt06JARwEEAEIAAYF
-54KiDYxXZR5Gh29ivap6KeX3Sdy8T4aeBnxb1asY66EUAge5GGF3mYJJ5+Jaqro47SYe3NzK
+AlML0wwACgkQotKbe/KVx1nbBwf/Z1RgCusMaGQpkPUOKe3gUiuuX7kJNRxKzJZs
-kbYURUKeTLOCik16tYhI2TgKBDePi69nE8dORRkzm+1S2LVZKX4D/P/zbkB3Fc/Kp0f0nneK
+sXQAIalXrxnoGMmJ0vTMOqRbCYsmm8aIWO7Cj/ZNp2JJ6Z8kZSvkvXrUpbq9E9fL
-rfn5bwWF79r71Z6xHh6E8bv51b9eb3ODAObRSGWYv5NNqSSAN+7CXeplVjXXeB8S/e1RE5J4
+OeYUBLsfQr+yR2wCl26ycZoAizZ53Rsp/4pbNEF2qivBEAgxHUQrHYaASmhq6AQd
-TScWVJ+rMSWzodktA72d4rTFkMmLscAht6HCGNG8hQQ6EB5Pgr5JbVu5vv56cwO9wczZttSD
+IKgppgl+d1Oa/4tpAbv1Zr1Tgq+1s7V+//64lAPyptG7N/sgQv86jk7VAcPWwSdJ
-ZPxCu4Ww+cf9x40s0xrsYr9sDaXsRPiC+UjUe5h3pkJgXFWUNdBqCob5G92Z7RYcQ63IfAzb
+qfsCm3nbd4WgTtS6AbZ0K5hxD9UmDMwLUeCsBzBb0NxUOA2uYrdChu5MKt+ITZMz
-Ufu+xWpDDoyO6Gb/NZzQapMn8cq+1cIftjSbBG4dN+LkErroD58Fby26ODoHFKeztDNEciBT
+IyAvufNoT+nrU5WX0dlrmBKP43geOnq2lvPzip3bnOEwXbUNfYkCNQQTAQIAHwUC
-IE4gSGVuc29uIDxzaGVuc29uQGRyaC1jb25zdWx0YW5jeS5kZW1vbi5jby51az6IRgQQEQIA
+QjxtbwIbAwcLCQgHAwIBAxUCAwMWAgECHgECF4AACgkQ01d1B/pA6eL8Gg/9HDb2
-BgUCQkCrkAAKCRAYWdAfZ3uh7BT0AJ9moE8PhFPA7kFkBO2mLRhBdTzpGACfW5yvlfyaJTnH
+ccQ8vkPPvihtrWP91yItAnHN2BqziYkH/u63L9xaW90B7KFUjo6xJSF1TqXtb4NX
-DhXTA4CeHdl+F8CIRgQQEQIABgUCQkCrswAKCRCBwvfr4hO2kkX9AJwMfPm8dq5Bmpeoq26/
+vGa79IJ94yit1dHTyeBqi1vsy2JlYuPxQXvwoQpyNiq05OsrAJFy9MTeWcP/OXpO
-8cqU/j+98gCfYC/nxPtcV2ubDUmMZPJFtL17E72IRgQQEQIABgUCQkCr4QAKCRBrcOzZXcP0
+R7HwE2F9vqtmJLdwhBmuFiKT4LzhcKutMDTovWm506ow738wKQNJaRToJpd9R+Rn
-c6kIAJ90icvg9nDJ+A+jRcY1zO3rH/n7UgCgtKTJsi75aUqGjA3gc+1CnCyNtwyIRgQQEQIA
+UWEIz8oc4y6h1Q8aFtxjIyVMWxD9Ry+SmSLg3ZPpQNxN7UnRfYu/2YaRAWOh56tQ
-BgUCQojbUgAKCRCL2C5vMLlLXEUXAJ9HkA1nXtU2nw2jSHIY0wISde0x/QCgiUz2QjlojUI7
+vy8O+1UmJuenC2mAN1m4EUN/jibKZgFDPLrQ7H5LdR3vzKx5yB/wCAtOYJBRQIrv
-niTTgV4lQNGmItCIRgQQEQIABgUCRsddqAAKCRAQN5GDEzHzW8Q1AKCknK1tOm4tnWbTX2ry
+o2hKOqhY3lk5AEJ1r+zq8jH9sXhy0MapZKEs9mbJq0iS7jaUlIohxXcl/bqSe2bl
-+HN7e28SXwCgpIDDVI1+oH3FFmeCbRDY0UO0anyIlQMFE0Grc8DurUz9SaVj2QEBSb8EAJnV
+JBfETc800Vxbg96A6dwWN7kn9zuF3UWNbxCeoVDDioILozekndpn2Mvz/tslTrC5
-6oeLEWO/d96dvLRHYHbR9F9efQZjLnTeDMLy4kIkPuMAJk1L7mvnrcIA+DcHl80rNMhQVJUP
+rU7ai+/D+S3caxYxvCY8eJ741uwy7Po5/Obn1met+qhDb107jxP9p3vYHu2Y8KFd
-zYZ5Rq77VuBf20C14Az4rLgoOgcAU7pI61C0L7eygX/P8nZQu87JeFf1A/ussXDtqA/1KWSl
+Js9idqUyBeg10uxIIITpux1Dq/caCHBZLJ4vMWGmlBh3L1diMNRyilXiTaX58A6J
-tVRwFX3dCmSgYG1LjzEa2AVxiQEVAwUQNnPqfKLSm3vylcdZAQFBuQgApiGtXIxJPtCvF3zS
+OzRjpO5s3dKwaK8j9jI7fnreqR3/nP/IJPrldEIiy3TBIxSF9u8iTDuuOF40h8ai
-ZYk1HOF1u9Qg05s4AdeGvQG6Gmx0MK4SRRUt4MYX8nvQ0VwZRQnvPIRfWixWnEBzpujC+sC9
+QAsVYQ6JlHglvrk4pZneHvMwlZaJIB/abOUjKPOJAjYEEwECACACGwMCHgECF4AF
-fqgStj7bG+Uy4YQ1JNph5y6I/75TT0/z0pRAC7Jlwet5+PWrYa9m9rKqyaZVCw5IUSrcjkTo
+AlMLv7YFCwkIBwMEFQoJCAUWAgMBAAAKCRDTV3UH+kDp4n4HD/9hNPUuNVLnA/m7
-/gjBLmrxVme+O8e6dF4Te0SIjFrvnNeA3B1TI0tDusxlHkKyJ3jEUf9Mu3Vx+fAukmiWUCTH
+ZlR/WNCCDICYNUBUj7g9o0gcVsg+5zp8Dp6wwrn5n1ZG3h/oL6zGdxgp4nQ7rPBc
-52QXZPcLP2V5Ud9X0mS+N2mTVi3rPK8wVhTiu93cXEqhTHoIEPOlLW0J/1n8x8kngGgX/TiE
+xZT7vr2mVqiNppQqD88be52jmRcCI3W06SWRAVayxHXFryslFzXMfoosmAYUtPPR
-G8Hd13SOh+YembJVaV7JlYAISdEgCj6JdPSsc4kCHAQQAQIABgUCQkCsCwAKCRCq4+bOZqFE
+hckCNwHLlbkNYXLfAU+e0pTJrAAcmCSDTU2f9KPu43JToJ2PMaIj2gRr+5pALali
-aO5vEACsZZZeb8TZBeuT4YCopBenHLl+hS1mVqDf4Qy8L5wxXnRwCAugwKf0j8T0KZQodRKI
+KMBIsW+E9pKDiN4v3l16bHP5esqC/CC7JivUjvv+q2kU/I9+Ep4yritrw0UxMk8l
-iTWI2Oe3dDBUDE5CS1wyyku7QMsi22mUPOwLL3VddITEa8c3JJmU1ec86c5rEB4xIV8Rcgqw
+hlSnOOsdIeSD2OoVZWP9nFN8jvrPIBAGBEY6Y8uj+WNWCEM3cJhbdilqOBuOmgZJ
-CCPeyam+nwyoVKRuijbFJyj0pymTbhpqmGi7oQw0IwVsFKMmgVXiSPdC6MpIOD8+wrc9Sfno
+cbpTnEzKGtPWqDNivPcrTpJ3sxRxxnUyicaFK0jOH+L/mj/gY0Zt5RD6C/zw9oPL
-CW+jgfcJLu/k/WEgw7qpj5cOwbFvBRzs7VO4RwU9jzXpZdouRRIZhrNwQYmBKRXC5Aa0o8gd
+PqYAAjEudGK+v15wRJDp5noitRJwjUs+08ttlTAW7uR+5KU/uRdykprcHvfGr11l
-aN0hWlS+KQ+S73m/XFabGtCyMPU5HX5g2EtvP61+ovqRYvHseBpKwjTTgWthw40IQxIkRU+Y
+J3cSOyUMH6FOgH7pvJ35c7lmzL0b34ZEgRLL2xbKSsFyUlzubUM6LE4FEGxLOYFn
-PxiEXM9yMcBvs2F25zDw9g3SGLleFqizhUyLAyvY3T1IJgWCU3BFCXy0XJuguQM5znFNDZZ4
+JkX8ZfReGAxvg1B5RtxdcdLjR0OFXff1ERvUmsw+phk0iayyukAzJ6albckotLr8
-TZnEAKddhf/v/3AOHg0RFzNgMsA8H7MaJey50vOiqn4mFiy+nXA+ILI8Pz+UaJKihs8KutFG
+V4JtJJpM4s1aldaxTmf7rNoBCvUKB5bJ/xDrUow3omt4oyQN6pAKWHrydeXF0LZZ
-YEuXiMPn+9vbKdAK/wYzUmilM1xei30E4/bFPt+nwOHF/4ghuKM4KyaImOCijAnkbOaPUBT+
+xsfLebHPMjxTIldbb/K9ikMx4Vh4kIkCNwQTAQgAIQUCUwvRVQIbAwULCQgHAwUV
-9qPua+AO15DfAEVoGLIDOMIx2CNqKaOsYadUq3wnFTs/erc/sz/3a1pFYATz3G1jh4kk163q
+CgkICwUWAgMBAAIeAQIXgAAKCRDTV3UH+kDp4uObD/4qOhFldhiNSezwC+EiSEwH
-zZpEfewFgAB1mynkXA4vBqKNarwApBTgZ4kR9XYXpIkCHAQQAQIABgUCT7bfiAAKCRAsfB56
+MFMSEneSjllAu9ZHikf7KNYLcgq/8vk3TiobsgzTls9vEdXJYsr7BvKJ3fLUwZoo
-VkyIvBV9EACET5QEw0RdpgU5BVVRBnz4XCWXmPUX7/YSfZUQt2sDzKKHYB+yc0h6DnbMenw6
+MVwycfyTC4zP0Buu2o4rMlYPvFZ9y5tfftmVQUwGVtTEUo/WQ0NREFyU/C0Q9Og0
-9YnIg2l8v7hKguLAIxbg21T6y/rne5CtEAzysEIDncqEnxDSMGXlFdMHzRWBKjASqzfxkD8+
+PRRkmuztpRJlhQFImhdPH6KCEU00xrAOsOflz1xJ3XpbWwccrm0R3gwJcA6KGVGa
-K2no0VMNr/nK+iScfn64FLuH/D0+NEghrx/Vx1dU7ewYGcY5OybfOmBrrSGNwOKfKnRbxTbo
+9g+1nnkR2VveTqU0j6BBrPlYvdWbgYStabrdCYHTaX1lh7JfEv4fGMtaMAaqklGP
-avBnREnBeY/6xgadwZt0gwoHLEgLotQzLkchJiSfBZcK54nZ1y+NqKfLg+8etXbBDFhgS/OP
+abVeCSFzm37EOWCz+n7Fs7BHq8IIj6E1jmj1pkJGAdbTF1c/7iLTU7E8EU/D6ii9
-dBmthi5Gt9gKj4u+t1Tjqvrcni203CdXv5HPL5zBc7ZQX+XzwODnAk2+OE28ql+DR3X5SYru
+Hu46dKyzIz+6MOlkEw+zPJNSs4Kg5xNMQF1iWjq9E3pwvPPpFWehAkUDUnfmK9Ek
-o355/fUUZgGNpi043+uL6xjZPFARiDc25vqSuY/KQUjFknMgYSm5aw7a7ZM5WiyLO4AdnvX4
+q1hAq8JuE0RRedxh+xWkJS9b8p5r84S8XpixMeTrTAPmSgY3jROUvTKi6Pa9wNJh
-UhRLcXyWqHbpGCQXJr6itJx26JKyQ7sSABrZ/Vj9MOmc3kjcoEW+wcJTKthOpZ3HfB8xreWJ
+UOM5coGL6EsBhXwQfFd/+CxyWUnCakfkp11SI4Er7oVxsHm1mvGK2oTHWZnJuxp4
-IKj+593sqjlStz9kEDMwTmA66B/QVhRx9jPZrbTkQR1DQJ4dOUcBweJ1XF7oP4+Zk++qVZsV
+u3uCTz5f44DRZufIbSiFrzk9dKTbuQGup34gC/SvvPBbHxwz81tYq8ppxYelHQfW
-ez38JptDYqd8+rdQyw3xFfy4iur32oEA92nUdtcs2eIrgGhR96Fuah9wB090hZwPDsiYB1wR
+JJUYKF3TJfPCTiOhLJvF0yf1N2zv7qkiL8v/IgCU8aMFwDmWEXLe92xxlDgT+6cs
-+7HeDl/XSdiisIWZk8V75oJuSuzoYqFhWQeWQK/2fUNx7bQ6RHIgU3RlcGhlbiBIZW5zb24g
+DoyG656zUyzOC7VsoXGhsLQxRHIgU3RlcGhlbiBIZW5zb24gPHNoZW5zb25AZHJo
-PHN0ZXBoZW4uaGVuc29uQG9wZW5uZXR3b3Jrc2VjdXJpdHkuY29tPohGBBARAgAGBQJEXKtf
+LWNvbnN1bHRhbmN5LmNvLnVrPokBHAQQAQgABgUCUwvTDAAKCRCi0pt78pXHWTny
-AAoJEIvYLm8wuUtcd9UAnjmdDad6Qxwun/i0dbZbLjXE0KTzAJ9b49qIv1RTSled84xjp8LI
+CAC4niLxJJz4dlbNAlxu0sY4jeYAKVVsYO4Mp443Z/AqdF3O2kCyoLCjbEiRN1mN
-GzaZaohGBBARAgAGBQJGx12oAAoJEBA3kYMTMfNblFkAmwTFV2BtA4bTJgwZzbqP57yt9hJS
+EedpVdd7s/GFAcd1/yXG9MnUjNjKT4sEaGk8/ZiJqQVzkpMwHY6tF9kI9XMwrGrI
-AJ9bVKWTmWRbKGltql/VwUXvTms3TYkBFQMFE0PBUKmi0pt78pXHWQEBa1YH/14MRmPhcl8r
+3pcBcBlHknrmledaQarB1e4SeCPADWMdR4dWK0zW/xDcDeHcPe0jr4Cks6lFB3P3
-6nlqhJUuPFB1FOI9Epy1sP+FaIGRmBxq63nN7pLLor6wzTQ7LEMnC4OkXQIaylYYC8uOGW7L
+8b33tI5O4vow+aqAis9klgYebvBNdIHeuAbP9eir5iYeO3zt/36BYdq+qITkiGFK
-FCFBGnqLHwVUTxWc9Y0r/fdVYGwKn7f134RVSCFfIzr210ogX/e9CHsX+jhRSNG1IrG7t62l
+v/qqlPqEjXcsZlNGM2gFYclWGrWVE4XECOxqRwvEGYAfJaHIyiWfkf1Bz6t8vdro
-uyMz2GIrz5+tDgRJJT3MraEIprW0jiB8ZMHhI41u6a1DGUcmbVFS0oRkFHpCJjeFglcG0ZFo
+PSwQ+whX/OydLxUBLTNRAeU0iQI3BBMBCAAhBQJTC8zlAhsDBQsJCAcDBRUKCQgL
-Lle6QqFgtOQ742JuB6d+ccHVRadQOGnyxv5jQf2PMGr+USEuJFEU7VUDi8ja/WYdTdJD+g8r
+BRYCAwEAAh4BAheAAAoJENNXdQf6QOniuKUQAJHU9ikZxaZrInUMKHWSEdQrwgWI
-qrkzYofsmngrU0ZfxfaDG3esnN7qqEXsf1wXE1KfCFSJAhwEEAECAAYFAk+234gACgkQLHwe
+Dpcf51eun9nBvEYSpduDJ0DbtzxnkS4+Kb/KYBf7QYCuc98Aszit1iR4i+qiRvK/
-elZMiLxCgQ/+IicQEYoNtf9VgmiGAFtoRKD+bZhQtTP4mrAplqZBXSo+Ro2EM+3Z0nUe52I1
+/ZDXn9UyHaWFbjNUTiYIjor13DB4wjshiVFV3vE84BJx43jNatMfnRwSuVpOWgVW
-Ydsd8/ofYY2jhCzOkKpD5asH7+jondeVs7G4PdaiAIsrMwQAbU1S1rgnWB9KrLB+RWvIHsDT
+qGRxJ5IAIBeWjOzTQfwumzrrWNCT+c/RL3/yEAc/C+iSZdEAjwFdSQ7yj0ACQg+S
-JNEuJQO/2+etNoYsEBp+xl7Tx0uwQdueHg1TrjCAOMImJjGAwOXDS4wD8DPnpaqJnIkwNMXa
+Z2Eqo4BMFMbBjp6N1urcO4cy+2KMdvHztj+F2siqhBwsPtqnQEkLOywvuotzpMeI
-Kaxsz0Kybqh+eYkIibvj04R3K+Zoh2i1Fr/MFPP8F7UrGWOQZkjtg30m3nSTVgsLwTWTbcZ/
+DhkI++VFX6hE/XRkvktiiq5i5byrQC3jFfuWvJ0LvoMxShBv3U/UbCJqBoqyFwMf
-bRNZu9h5lkeqktH8BDHPSjDh5VzeM1G9zP+5/gBXzH2R9NohzYHjnsM6JyXTMGKiErqhRfPw
+JVlvMqN21qxsEV1+44cvLcd1VqD8ErR3Pa2h++WGOsuKoIm6rhfWYcM2ewxk0bp6
-shiteXN9xTglw3P2GCdYzO9cp7y2YA3/BJtKweZV19qtRk5NxRdVnUP+DeYc4Fl7vICQ6wVO
+QtYrohT8/Ydw2G3TYYcR+8+mIAxRU39+kRsMnr5mt1oNzBqJ3vkXQddaQy9PJR06
-VMJ765SDkHaGx7fIKHNs9LlMNDC0PHvT+Ta1tCTv1qJl6uYao6rwlXAk+OO2dNndYkV8kIN2
+HERhwaaII0Ecrb2B1QdFxhvdYRqU15RaEH7dyWycFhiEEoUX4Vf28pNksH0xblVU
-g7o5xRUx4n2wIOGQFHk3/PQGYaoeIahy1wl2cnq2kjQdhhbex6lUc4s9alMOz8HN9zn4e4cz
+I9ZJwHV+Z1VgGXQk8dpdc6QQf9wvvFae9nKtKxkmmaolFiQMgZQodXxhNvDj+AjQ
-rDK7MEQcEUcjMVk9ATnmf3UKblgQGsod1BvrXo3lpt+CSUdtYO+IrqWaC+cUpYmfoXjxBTZH
+sc6CZCnSfRly0DKaaHOYioUcqd7LVKnTpzmXlYOQFIASN0+R74ue8M4uFte353Yh
-gm838LRUnA/P+cb+taZBysUrxDthEtKNKZNCpZ541EIFvzE=
+oWLK2Q2O+HxYtc8MiQI3BBMBCAAhBQJTC9FYAhsDBQsJCAcDBRUKCQgLBRYCAwEA
-=DUIo
+Ah4BAheAAAoJENNXdQf6QOnitssP/R9q0rQr3takz0pPAcWfn5g8fDFcEe5SBW7d
-----END PGP PUBLIC KEY BLOCK-----
+AkWCpJ9mQilDsI8L3TeCUhk3bM3mOxsxkJo6ZTaPGwS/0bR8pAZZ4DwP8CPZr8hf
-</pre>
+X5IcqB0IXVzPuIBYibSyanw1KA7EDJ8qJBZw4+FEXGpYAmlqRvq3PEs4a5cBjtAd
-</body></html>
+o4KBePY0nI+kwC8bwuApORtuLz8vbXovGydLZJndRkLxRhLIrftWg3kpn7KNafxK
 irgXciwoZKUajhfVtL/W+bKj0rS6eGoIqw52WkS9sTn0vBnrw20l4UsBHGDixCEw
 TNLU/m45kB4folUvnuoq8WVx18StPrTPLmD3hzNKbWiCAmiIlbbE0/vtmP+9iGns
 /ZsdhFE0dr6XBei58KIlaeTRlx0c3OB5Xq9zqMtK+BUE9vmZIzDw3UXLiV0X9ldx
 9ntn5I/F+uXLEclJd0bX7WvZrKo+upHsu9UfIIvm4qNSyCr3iuVsNTQ7qZjSSlpv
 nOClduFILACuCTvQ7ZTXPN7JJrdEmpm9SFtVGf8GAqYxf2W+PdD6LZ6gPGHBaSCS
 S1/1MMe+khibmyUo5ceanKe+2sKraChhE75/56Zwq6EBNXRBN8v4XZIL9BbkzTpv
 dYN8R55Qrdu9jeoWmGdKLFjPaoYhTPU8gnnP38buvBM/i56gowuebb72oC8wKIOM
 FLpsBMJvtDFEciBTdGVwaGVuIEhlbnNvbiA8c2hlbnNvbkBvcGVuc3NsZm91bmRh
 dGlvbi5jb20+iQEcBBABCAAGBQJTC9OoAAoJEKLSm3vylcdZ2AwH/jPyNrn2uZrq
 1M+UG/6C/znQQDE4dRriveHtGqVlu/adJRDga74hBAWYsym520KUu/x1bGz84Lfe
 aZHPKTbr3FuIA9s873BeMepGTVYuMJ66AAelcFC97AXvYIopSwg5Ru0dbb7AXFB+
 6Cwhdp7BNZRWsYeOrIhmiYD779LpNyef43bSuYU1cIdAKl9gnhWVLm9ykX+zcgim
 FBnOXfAXEyJknghqyfVUoIkzDIBptv1culEWWM+5SHZm1MtSGLJsyFGn6M3mnOEk
 ceMJNbLkcs4Mw7d9dDL7nqbxr4IX4uSxLO5GQ+UnN03jEYJGFH0oHrwfDdgg509F
 vcU6aJm7srGJAjcEEwEIACEFAlMLzRACGwMFCwkIBwMFFQoJCAsFFgIDAQACHgEC
 F4AACgkQ01d1B/pA6eIHwA//TSYOfBe6UVlBuZnBB4RXorMASy3US/RWJgjpIKsy
 Vn+jU8362srXlMtPglmLxfkI9qdyCOjXpDP+a0432m6PZNVY2tmsKEvGnaBZieAX
 SXH6X0Led26qN78YN4DCAskmlRwip2/WTAe7s8eZtfUtuu/fWEYxyC7ZgqdCIJLf
 QzQtxDybM/6i8tJrSKfx4G7x+bl/DT2KUHoTnAvxElVhtl1a62kIv+AYdqYv0d+h
 Aho+6uIpvzd7Niy1ZFJFg+JAUrnqy9PRb4T8FUhvyvWNx9gYuHGuovQ5e2FQNdit
 eEy6EQwP4EyUXhi1HWqCZypogMdCxytHB0VnQBzxxsZSiWCQMcAxvAFvYl+TD90J
 KWRlnU0SMKc+nGTEENHxPPbI7BJil7d6LFDj7gGfNSkyZuqB2uBraB8d2tSy6s8i
 6y/akKg9UYGVETC4IZl+eL6OXnqQcFIPSf29t8GF8J7kZMzcDNEVCkDjUu0dx+mI
 /UWaNpYotAXHUCVHmkQ1KjXvnEMtmChGRJullDGm/L9gjzei8ZKB75Stdynp18T9
 M7YPVMQRT4+FUvjq+374kI8QjSm0BZEZsz/2thkaqlG+i2Sfr1TyiRXFvLNil2aj
 nJ7Oh04xVJDmz4Ln4j3z/M1iiNVsA7PQ6Zz842nm2YD/x7ugZa9C9SmGRtl4KXnx
 rDuJAjcEEwEIACEFAlML03kCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQ
 01d1B/pA6eLXtw/9FeV38cRwnPkdTCiqVtwzKh9VaYn6AFX/1X0LoLV+3Mh6Lkzw
 8ZRHJfb21sPjA+NVAA4yo20Dm9tI0R6jy7ikxIgmHUZZH5sH3tUfBYILtqRfTHyX
 qhjFSjPPcOqU7NA3zmsAmGTc9Eu73F+4hPP/kXoF4OmiEJjiDZm+38wQ/q2sZoxy
 aPussddWpmUbIPYJwfCz0Dy3GvsVhLN3deWGjtyMTLrfYYqweKnJpWF1p1ke4ZxC
 YI7DSbDVdqYCkh1BTHWNqpYjMab3p4bRdLgwCDkOvIt1fSf8b/lFCkD0ZHcvL+TQ
 f5h9YsuaTIMJu9M0il73eLlc9z5PlZpMD4R1mbdEMMMs82d7vEbLT9cHYlJ1lZlU
 cNlaRvuIR4cCHdYqJXZ+9fCc0nElXLmrPSWEgauYlEb4XOCCgnHnP3VEMAVycSkY
 rBgucYycfMQ2CXJoz4FPVST/irGCe1vpf3Vqq0SVoiAZdz3yNQ9M8iXhaA+hdrbp
 pgoRgGIPBf2BjUA+Xgz8rB184tA3p9VOcvQ0LrK/N3y5FU1tk9OEemsHTKgEFFQ7
 b7OSIIUChvfl7ugXcOosNtZmD1pdyAuaiqDkeTBO+teD0LjUaUwWxl7uwLjOODjj
 WN5ixjNRjv7us6htnPvv/GhhWb66Fc15XQ1gJdhiMrp426dJ32YP6OG6WWy5AgsE
 Qjxx+AEQANWX4zqswKPWnq5nRhPuLm68QJxUbFiYYL6+ir4+LOV9uwKhuMtZIfZQ
 3do7S3b74QMhubOrdAnNbsvd9glqHrULQzmfSM97bJn6TJNzWOunGbu35OX6aO9J
 mIYCcwZq/6JYqawTYhkL5Pu4jrLSPa9BOJR5wNZ78geqeKhp6VFGAS77lt21PrFr
 uVVCoIXE2iYM2V9Rn8/lW/+ah3Z6Y+ZXgjQ+0npMTdQYwKh+ZdPpq7zkyXGn4LH0
 y0oALEZZaUaZUDn8wCVhcZsQYRXzH+W6KSplb+zq7VEUT5Yf3c1XC8sBzcF5UWfW
 +urodROCoWgEpz/DygM98d+Sfpj2Ui4qDrnfe3dJ6etF955/755XZ+LqLij8gu5C
 GB/dWVeRUBY34fUviqUuXAmnA50Sbl66h+6R+kuyQhMQYSLfd4o3u4l06qBNf5eG
 D1hj1RdBmfFN2tiD/XkwLSSl0t813J5fSm8TPwHu5rt1KvxXU8EFiTGhIZcALB1t
 8tROywo253tEOaD1S2VmkJSGTa4xA5dZwe61MzcBA5SN6+lRC7PRK04ov2DMIky7
 vcJ9b3qVXKDNmKyPigGrOnc8MDX1LIQ6F2JC5A0+tiWSghO5BTMptcWzNxVdcp5Z
 ClD8iFdsc0nMtqECT+WTh4MIFMMK/hHw7QkaYglQ+kLb6EwMW4ozAAYpiQIfBBgB
 AgAJBQJCPHH4AhsMAAoJENNXdQf6QOnisnIP/11tnqTaiD6giEijgMFDoXOgd3eC
 ecNw0KkMkY25VK9QGMaGOKHPJUxF8UOoJfzL3rAGs1ezvYfxQb4uYkTPZcsWndZJ
 g0QzKRRu2GSa4p8lJAHThaVMTJ+AbyWwgQIcnskyY3eMEaB7tUEReJKiKf/f2RhS
 VMKbHukqw1Tq5SabRT/o+gIFvVUlH/2m3konlvhxQlevAMPsI8hebTFCnPS5CZbu
 SVxUFlC/HLxNXmSN+TxFCu9WmCIXt1biKWmVYC524dsGu3F5ojTuVGn3ND88bQCc
 +GsZnU7wZ1HodEZMgYhdttR53BsVv/VkkwnmuFykq5g9nFEez7GfSm4a3Wg12zG3
 LVWCv997jNmfVIskzTvz6GwkvKS7VjSmOT7hIjI/PZcZ60KNTkXxVyqs8E6Y0h9S
 W4+TRmjSbGgH1j0PpufxVqndxZSH388Nprq7CJZ/tEZkWwv+UvEGeMmSqk4adECc
 J3AoXiAOsYkGin0oTWIAja5X7DKjeNQJfwfwtMjQ46aJnvGEpypWKu7Y4UnkFWGd
 H3j4ZdyzVgCRUnIuIHCzOKR8jrHw7Udxb6Ck6Y9MLJ/pcOzrUCnaALKhMREaNZmY
 G/cu/anS1ekMIWkC/QyX6xbXi7IedakaL56y7nJRBRmPuETKACSAWkGJ5ojm6BxT
 TInCFx1evwVXM3s6
 =eP1B
 -----END PGP PUBLIC KEY BLOCK-----
--- a/openssl.spec
+++ b/openssl.spec
@ -29,7 +29,7 @@ Provides:       ssl
 %ifarch ppc64
 Obsoletes:      openssl-64bit
 %endif
-Version:        1.0.1f
+Version:        1.0.1g
 Release:        0
 Summary:        Secure Sockets and Transport Layer Security
 License:        OpenSSL
@ -64,7 +64,6 @@ Patch15:        openssl-1.0.1e-fips.patch
 Patch16:        openssl-1.0.1e-fips-ec.patch
 Patch17:        openssl-1.0.1e-fips-ctor.patch
 Patch18:        openssl-1.0.1e-new-fips-reqs.patch
 Patch19:        CVE-2014-0076.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %description
@ -170,7 +169,6 @@ this package's base documentation.
 %patch16 -p1
 %patch17 -p1
 %patch18 -p1
 %patch19 -p1
 cp -p %{S:10} .
 cp -p %{S:11} .
@ -228,7 +226,7 @@ no-ec2m \
 --prefix=%{_prefix} \
 --libdir=%{_lib} \
 --openssldir=%{ssletcdir} \
-$RPM_OPT_FLAGS -std=gnu99 \
+$RPM_OPT_FLAGS -O3 -std=gnu99 \
 -Wa,--noexecstack \
 -fomit-frame-pointer \
 -DTERMIO \