SHA256
3
0
forked from pool/openssl
openssl/openssl-fix-pod-syntax.diff
Stephan Kulow d5a92c035d Accepting request 229370 from Base:System
- update to 1.0.1g:
  * fix for critical TLS heartbeat read overrun (CVE-2014-0160) (bnc#872299)
  * Fix for Recovering OpenSSL ECDSA Nonces (CVE-2014-0076) (bnc#869945)
  * Workaround for the "TLS hang bug" (see FAQ and PR#2771)
- remove CVE-2014-0076.patch
- openssl.keyring: upstream changed to:
  pub  4096R/FA40E9E2 2005-03-19 Dr Stephen N Henson <steve@openssl.org>
  uid                            Dr Stephen Henson <shenson@drh-consultancy.co.uk>
  uid                            Dr Stephen Henson <shenson@opensslfoundation.com>

OBS-URL: https://build.opensuse.org/request/show/229370
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssl?expand=0&rev=110
2014-04-09 16:17:23 +00:00

559 lines
18 KiB
Diff

From jaenicke@openssl.net Thu May 30 09:46:58 2013
CC: Jonathan Liu <net147@gmail.com>
Resent-Date: Thu, 30 May 2013 09:46:58 +0200
X-Spam-Status: No, score=-2.3 required=5.0 tests=FREEMAIL_FROM, RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_TO_NO_BRKTS_FREEMAIL autolearn=ham version=3.3.2
X-Mailer: git-send-email 1.8.3
Message-ID: <1369887573-10819-1-git-send-email-net147@gmail.com>
X-Received: by 10.68.65.134 with SMTP id x6mr5859535pbs.219.1369886755138; Wed, 29 May 2013 21:05:55 -0700 (PDT)
Resent-To: rt-i12@openssl.net
Received: by openssl.net (Postfix, from userid 29209) id 1548C1E0128; Thu, 30 May 2013 09:46:58 +0200 (CEST)
Received: by openssl.net (Postfix, from userid 65534) id 852471E12CB; Thu, 30 May 2013 06:14:07 +0200 (CEST)
Received: by openssl.net (Postfix, from userid 30009) id 6FF4D1E12CF; Thu, 30 May 2013 06:14:07 +0200 (CEST)
Received: from master.openssl.org (openssl.org [194.97.152.144]) by openssl.net (Postfix) with ESMTP id B4F491E12CB for <rt@openssl.net>; Thu, 30 May 2013 06:14:00 +0200 (CEST)
Received: by master.openssl.org (Postfix) id 53CEF1337D; Thu, 30 May 2013 06:14:00 +0200 (CEST)
Received: from mail-pd0-f180.google.com (mail-pd0-f180.google.com [209.85.192.180]) by master.openssl.org (Postfix) with ESMTP id BD43A1337C for <rt@openssl.org>; Thu, 30 May 2013 06:13:59 +0200 (CEST)
Received: by mail-pd0-f180.google.com with SMTP id 14so7525333pdc.39 for <rt@openssl.org>; Wed, 29 May 2013 21:13:58 -0700 (PDT)
Received: from 60-242-179-244.static.tpgi.com.au (60-242-179-244.static.tpgi.com.au. [60.242.179.244]) by mx.google.com with ESMTPSA id gh9sm39937623pbc.37.2013.05.29.21.05.52 for <multiple recipients> (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 29 May 2013 21:05:54 -0700 (PDT)
Delivered-To: rt-i12@openssl.net
Subject: [PATCH] Fix POD errors with pod2man from Perl 5.18.
Resent-From: Lutz Jaenicke <jaenicke@openssl.net>
Return-Path: <jaenicke@openssl.net>
X-Original-To: rt-i12@openssl.net
X-Original-To: jaenicke@localhost
X-Original-To: rt@openssl.net
Dkim-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer; bh=7+ASUI5nk0djFCejseoyvHdfe1CBnwkjfwtKd/NZiyk=; b=Z8nPd4yIaqDTqC2lMbn6p2B4+cFrVY1CLkKn7W9dJucX5NWdr9xJFx3uBZgzONU48L 24eHjFUMScQtRepL0UbNbWOeUlLsTFicuSlx9FaEyK7ZY7zVzmdESmGeedInheWRaaz1 A818XmhAGYTO09kxRTrt8lswyegygIMna7vvjV5vP7wdRPLBejxvtSj24xz+b6bEub51 CvG+wjG+5SZt3XYdGtE3Rff49BaZg4zjpcH92H64bPsKClFx0dOYP849mEMuMzDsrcAO /2ZtXsPfkOHXSJAgGvvxEo7KQTUJol5+VtHzNjY7rRnrpKmS7U0+U8sasp4yetFIuXSZ U+eg==
Date: Thu, 30 May 2013 14:19:33 +1000
X-Spam-Level:
X-Greylist: delayed 483 seconds by postgrey-1.33 at master.openssl.org; Thu, 30 May 2013 06:13:59 CEST
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on openssl
Resent-Message-ID: <20130530074658.GA13997@openssl.net>
To: rt@openssl.org
From: Jonathan Liu <net147@gmail.com>
X-RT-Original-Encoding: ascii
content-type: text/plain; charset="utf-8"
Content-Length: 12835
---
doc/apps/cms.pod | 12 ++++++------
doc/apps/smime.pod | 12 ++++++------
doc/apps/ts.pod | 6 +++---
doc/crypto/OPENSSL_ia32cap.pod | 4 ++++
doc/crypto/rand.pod | 14 +++++++-------
doc/ssl/SSL_COMP_add_compression_method.pod | 4 ++--
doc/ssl/SSL_CTX_add_session.pod | 4 ++--
doc/ssl/SSL_CTX_load_verify_locations.pod | 4 ++--
doc/ssl/SSL_CTX_set_client_CA_list.pod | 4 ++--
doc/ssl/SSL_CTX_set_session_id_context.pod | 4 ++--
doc/ssl/SSL_CTX_set_ssl_version.pod | 4 ++--
doc/ssl/SSL_CTX_use_psk_identity_hint.pod | 2 +-
doc/ssl/SSL_accept.pod | 4 ++--
doc/ssl/SSL_clear.pod | 4 ++--
doc/ssl/SSL_connect.pod | 4 ++--
doc/ssl/SSL_do_handshake.pod | 4 ++--
doc/ssl/SSL_read.pod | 2 +-
doc/ssl/SSL_session_reused.pod | 4 ++--
doc/ssl/SSL_set_fd.pod | 4 ++--
doc/ssl/SSL_set_session.pod | 4 ++--
doc/ssl/SSL_set_shutdown.pod | 2 +-
doc/ssl/SSL_shutdown.pod | 6 +++---
doc/ssl/SSL_write.pod | 2 +-
23 files changed, 59 insertions(+), 55 deletions(-)
Index: openssl-1.0.1g/doc/apps/cms.pod
===================================================================
--- openssl-1.0.1g.orig/doc/apps/cms.pod
+++ openssl-1.0.1g/doc/apps/cms.pod
@@ -450,28 +450,28 @@ remains DER.
=over 4
-=item 0
+=item Z<>0
the operation was completely successfully.
-=item 1
+=item Z<>1
an error occurred parsing the command options.
-=item 2
+=item Z<>2
one of the input files could not be read.
-=item 3
+=item Z<>3
an error occurred creating the CMS file or when reading the MIME
message.
-=item 4
+=item Z<>4
an error occurred decrypting or verifying the message.
-=item 5
+=item Z<>5
the message was verified correctly but an error occurred writing out
the signers certificates.
Index: openssl-1.0.1g/doc/apps/smime.pod
===================================================================
--- openssl-1.0.1g.orig/doc/apps/smime.pod
+++ openssl-1.0.1g/doc/apps/smime.pod
@@ -308,28 +308,28 @@ remains DER.
=over 4
-=item 0
+=item Z<>0
the operation was completely successfully.
-=item 1
+=item Z<>1
an error occurred parsing the command options.
-=item 2
+=item Z<>2
one of the input files could not be read.
-=item 3
+=item Z<>3
an error occurred creating the PKCS#7 file or when reading the MIME
message.
-=item 4
+=item Z<>4
an error occurred decrypting or verifying the message.
-=item 5
+=item Z<>5
the message was verified correctly but an error occurred writing out
the signers certificates.
Index: openssl-1.0.1g/doc/apps/ts.pod
===================================================================
--- openssl-1.0.1g.orig/doc/apps/ts.pod
+++ openssl-1.0.1g/doc/apps/ts.pod
@@ -58,19 +58,19 @@ time. Here is a brief description of the
=over 4
-=item 1.
+=item Z<>1.
The TSA client computes a one-way hash value for a data file and sends
the hash to the TSA.
-=item 2.
+=item Z<>2.
The TSA attaches the current date and time to the received hash value,
signs them and sends the time stamp token back to the client. By
creating this token the TSA certifies the existence of the original
data file at the time of response generation.
-=item 3.
+=item Z<>3.
The TSA client receives the time stamp token and verifies the
signature on it. It also checks if the token contains the same hash
Index: openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod
===================================================================
--- openssl-1.0.1g.orig/doc/crypto/OPENSSL_ia32cap.pod
+++ openssl-1.0.1g/doc/crypto/OPENSSL_ia32cap.pod
@@ -20,6 +20,8 @@ toolkit initialization, but can be manip
crypto library behaviour. For the moment of this writing six bits are
significant, namely:
+=over 4
+
1. bit #28 denoting Hyperthreading, which is used to distiguish
cores with shared cache;
2. bit #26 denoting SSE2 support;
@@ -29,6 +31,8 @@ significant, namely:
pathes;
6. bit #4 denoting presence of Time-Stamp Counter.
+=back
+
For example, clearing bit #26 at run-time disables high-performance
SSE2 code present in the crypto library. You might have to do this if
target OpenSSL application is executed on SSE2 capable CPU, but under
Index: openssl-1.0.1g/doc/crypto/rand.pod
===================================================================
--- openssl-1.0.1g.orig/doc/crypto/rand.pod
+++ openssl-1.0.1g/doc/crypto/rand.pod
@@ -74,16 +74,16 @@ First up I will state the things I belie
=over 4
-=item 1
+=item Z<>1
A good hashing algorithm to mix things up and to convert the RNG 'state'
to random numbers.
-=item 2
+=item Z<>2
An initial source of random 'state'.
-=item 3
+=item Z<>3
The state should be very large. If the RNG is being used to generate
4096 bit RSA keys, 2 2048 bit random strings are required (at a minimum).
@@ -93,13 +93,13 @@ carried away on this last point but it d
a bad idea to keep quite a lot of RNG state. It should be easier to
break a cipher than guess the RNG seed data.
-=item 4
+=item Z<>4
Any RNG seed data should influence all subsequent random numbers
generated. This implies that any random seed data entered will have
an influence on all subsequent random numbers generated.
-=item 5
+=item Z<>5
When using data to seed the RNG state, the data used should not be
extractable from the RNG state. I believe this should be a
@@ -108,12 +108,12 @@ data would be a private key or a passwor
not be disclosed by either subsequent random numbers or a
'core' dump left by a program crash.
-=item 6
+=item Z<>6
Given the same initial 'state', 2 systems should deviate in their RNG state
(and hence the random numbers generated) over time if at all possible.
-=item 7
+=item Z<>7
Given the random number output stream, it should not be possible to determine
the RNG state or the next random number.
Index: openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_COMP_add_compression_method.pod
+++ openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
@@ -53,11 +53,11 @@ SSL_COMP_add_compression_method() may re
=over 4
-=item 0
+=item Z<>0
The operation succeeded.
-=item 1
+=item Z<>1
The operation failed. Check the error queue to find out the reason.
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_add_session.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
@@ -52,13 +52,13 @@ The following values are returned by all
=over 4
-=item 0
+=item Z<>0
The operation failed. In case of the add operation, it was tried to add
the same (identical) session twice. In case of the remove operation, the
session was not found in the cache.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_load_verify_locations.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
@@ -100,13 +100,13 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The operation failed because B<CAfile> and B<CApath> are NULL or the
processing at one of the locations specified failed. Check the error
stack to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
@@ -66,13 +66,13 @@ values:
=over 4
-=item 0
+=item Z<>0
A failure while manipulating the STACK_OF(X509_NAME) object occurred or
the X509_NAME could not be extracted from B<cacert>. Check the error stack
to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_session_id_context.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
@@ -64,13 +64,13 @@ return the following values:
=over 4
-=item 0
+=item Z<>0
The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
is logged to the error stack.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_ssl_version.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod
@@ -42,11 +42,11 @@ and SSL_set_ssl_method():
=over 4
-=item 0
+=item Z<>0
The new choice failed, check the error stack to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
+++ openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
@@ -96,7 +96,7 @@ data to B<psk> and return the length of
connection will fail with decryption_error before it will be finished
completely.
-=item 0
+=item Z<>0
PSK identity was not found. An "unknown_psk_identity" alert message
will be sent and the connection setup fails.
Index: openssl-1.0.1g/doc/ssl/SSL_accept.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_accept.pod
+++ openssl-1.0.1g/doc/ssl/SSL_accept.pod
@@ -44,13 +44,13 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1g/doc/ssl/SSL_clear.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_clear.pod
+++ openssl-1.0.1g/doc/ssl/SSL_clear.pod
@@ -56,12 +56,12 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The SSL_clear() operation could not be performed. Check the error stack to
find out the reason.
-=item 1
+=item Z<>1
The SSL_clear() operation was successful.
Index: openssl-1.0.1g/doc/ssl/SSL_connect.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_connect.pod
+++ openssl-1.0.1g/doc/ssl/SSL_connect.pod
@@ -41,13 +41,13 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_do_handshake.pod
+++ openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod
@@ -45,13 +45,13 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The TLS/SSL handshake was not successful but was shut down controlled and
by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
return value B<ret> to find out the reason.
-=item 1
+=item Z<>1
The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
established.
Index: openssl-1.0.1g/doc/ssl/SSL_read.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_read.pod
+++ openssl-1.0.1g/doc/ssl/SSL_read.pod
@@ -86,7 +86,7 @@ The following return values can occur:
The read operation was successful; the return value is the number of
bytes actually read from the TLS/SSL connection.
-=item 0
+=item Z<>0
The read operation was not successful. The reason may either be a clean
shutdown due to a "close notify" alert sent by the peer (in which case
Index: openssl-1.0.1g/doc/ssl/SSL_session_reused.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_session_reused.pod
+++ openssl-1.0.1g/doc/ssl/SSL_session_reused.pod
@@ -27,11 +27,11 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
A new session was negotiated.
-=item 1
+=item Z<>1
A session was reused.
Index: openssl-1.0.1g/doc/ssl/SSL_set_fd.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_set_fd.pod
+++ openssl-1.0.1g/doc/ssl/SSL_set_fd.pod
@@ -35,11 +35,11 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The operation failed. Check the error stack to find out why.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1g/doc/ssl/SSL_set_session.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_set_session.pod
+++ openssl-1.0.1g/doc/ssl/SSL_set_session.pod
@@ -37,11 +37,11 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The operation failed; check the error stack to find out the reason.
-=item 1
+=item Z<>1
The operation succeeded.
Index: openssl-1.0.1g/doc/ssl/SSL_shutdown.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_shutdown.pod
+++ openssl-1.0.1g/doc/ssl/SSL_shutdown.pod
@@ -92,19 +92,19 @@ The following return values can occur:
=over 4
-=item 0
+=item Z<>0
The shutdown is not yet finished. Call SSL_shutdown() for a second time,
if a bidirectional shutdown shall be performed.
The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
-=item 1
+=item Z<>1
The shutdown was successfully completed. The "close notify" alert was sent
and the peer's "close notify" alert was received.
-=item -1
+=item Z<>-1
The shutdown was not successful because a fatal error occurred either
at the protocol level or a connection failure occurred. It can also occur if
Index: openssl-1.0.1g/doc/ssl/SSL_write.pod
===================================================================
--- openssl-1.0.1g.orig/doc/ssl/SSL_write.pod
+++ openssl-1.0.1g/doc/ssl/SSL_write.pod
@@ -79,7 +79,7 @@ The following return values can occur:
The write operation was successful, the return value is the number of
bytes actually written to the TLS/SSL connection.
-=item 0
+=item Z<>0
The write operation was not successful. Probably the underlying connection
was closed. Call SSL_get_error() with the return value B<ret> to find out,