[Pkg-openssl-changes] r787 - openssl/branches/jessie_stable/debian/patches
Kurt Roeckx
kroeckx at moszumanska.debian.org
Fri May 6 13:34:50 UTC 2016
Author: kroeckx
Date: 2016-05-06 13:34:50 +0000 (Fri, 06 May 2016)
New Revision: 787
Removed:
openssl/branches/jessie_stable/debian/patches/CVE-2010-5298.patch
openssl/branches/jessie_stable/debian/patches/CVE-2014-XXXX-Extension-checking-fixes.patch
openssl/branches/jessie_stable/debian/patches/fix-pod-errors.patch
openssl/branches/jessie_stable/debian/patches/libdoc-manpgs-pod-spell.patch
openssl/branches/jessie_stable/debian/patches/libssl-misspell.patch
openssl/branches/jessie_stable/debian/patches/openssl-pod-misspell.patch
openssl/branches/jessie_stable/debian/patches/pkcs12-doc.patch
openssl/branches/jessie_stable/debian/patches/pod_ec.misspell.patch
openssl/branches/jessie_stable/debian/patches/pod_pksc12.misspell.patch
openssl/branches/jessie_stable/debian/patches/pod_req_misspell2.patch
openssl/branches/jessie_stable/debian/patches/pod_s_server.misspell.patch
openssl/branches/jessie_stable/debian/patches/pod_x509setflags.misspell.patch
openssl/branches/jessie_stable/debian/patches/rehash_pod.patch
openssl/branches/jessie_stable/debian/patches/req_bits.patch
Log:
Remove applied / unused patches.
Deleted: openssl/branches/jessie_stable/debian/patches/CVE-2010-5298.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/CVE-2010-5298.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/CVE-2010-5298.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,27 +0,0 @@
-From db978be7388852059cf54e42539a363d549c5bfd Mon Sep 17 00:00:00 2001
-From: Kurt Roeckx <kurt at roeckx.be>
-Date: Sun, 13 Apr 2014 15:05:30 +0200
-Subject: [PATCH] Don't release the buffer when there still is data in it
-
-RT: 2167, 3265
----
- ssl/s3_pkt.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
-index b9e45c7..32e9207 100644
---- a/ssl/s3_pkt.c
-+++ b/ssl/s3_pkt.c
-@@ -1055,7 +1055,8 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
- {
- s->rstate=SSL_ST_READ_HEADER;
- rr->off=0;
-- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
-+ if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
-+ s->s3->rbuf.left == 0)
- ssl3_release_read_buffer(s);
- }
- }
---
-1.9.1
-
Deleted: openssl/branches/jessie_stable/debian/patches/CVE-2014-XXXX-Extension-checking-fixes.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/CVE-2014-XXXX-Extension-checking-fixes.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/CVE-2014-XXXX-Extension-checking-fixes.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,40 +0,0 @@
-From 300b9f0b704048f60776881f1d378c74d9c32fbd Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve at openssl.org>
-Date: Tue, 15 Apr 2014 18:48:54 +0100
-Subject: [PATCH] Extension checking fixes.
-
-When looking for an extension we need to set the last found
-position to -1 to properly search all extensions.
-
-PR#3309.
----
- crypto/x509v3/v3_purp.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
-index 6c40c7d..5f931db 100644
---- a/crypto/x509v3/v3_purp.c
-+++ b/crypto/x509v3/v3_purp.c
-@@ -389,8 +389,8 @@ static void x509v3_cache_extensions(X509 *x)
- /* Handle proxy certificates */
- if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
- if (x->ex_flags & EXFLAG_CA
-- || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
-- || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
-+ || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
-+ || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
- x->ex_flags |= EXFLAG_INVALID;
- }
- if (pci->pcPathLengthConstraint) {
-@@ -670,7 +670,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
- return 0;
-
- /* Extended Key Usage MUST be critical */
-- i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0);
-+ i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1);
- if (i_ext >= 0)
- {
- X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext);
---
-1.9.1
-
Deleted: openssl/branches/jessie_stable/debian/patches/fix-pod-errors.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/fix-pod-errors.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/fix-pod-errors.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,396 +0,0 @@
-Description: Fix pod errors
- The version of pod from perl 5.18 is fussier than previous versions changing
- thigs that were previously warnings into errors. This patch fixes the errors
- and makes the package build but I have not checked the correctness of the
- output.
-Author: Peter Michael Green <plugwash at raspbian.org>
-Bug-Debian: http://bugs.debian.org/723954
-Bug: http://rt.openssl.org/Ticket/Display.html?id=3146&user=guest&pass=guest
-
-Index: openssl-1.0.1g/doc/apps/smime.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/apps/smime.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/apps/smime.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -308,28 +308,28 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- the operation was completely successfully.
-
--=item 1
-+=item C<1>
-
- an error occurred parsing the command options.
-
--=item 2
-+=item C<2>
-
- one of the input files could not be read.
-
--=item 3
-+=item C<3>
-
- an error occurred creating the PKCS#7 file or when reading the MIME
- message.
-
--=item 4
-+=item C<4>
-
- an error occurred decrypting or verifying the message.
-
--=item 5
-+=item C<5>
-
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-Index: openssl-1.0.1g/doc/apps/cms.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/apps/cms.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/apps/cms.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -450,28 +450,28 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- the operation was completely successfully.
-
--=item 1
-+=item C<1>
-
- an error occurred parsing the command options.
-
--=item 2
-+=item C<2>
-
- one of the input files could not be read.
-
--=item 3
-+=item C<3>
-
- an error occurred creating the CMS file or when reading the MIME
- message.
-
--=item 4
-+=item C<4>
-
- an error occurred decrypting or verifying the message.
-
--=item 5
-+=item C<5>
-
- the message was verified correctly but an error occurred writing out
- the signers certificates.
-Index: openssl-1.0.1g/doc/ssl/SSL_clear.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_clear.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_clear.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -56,12 +56,12 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The SSL_clear() operation could not be performed. Check the error stack to
- find out the reason.
-
--=item 1
-+=item C<1>
-
- The SSL_clear() operation was successful.
-
-Index: openssl-1.0.1g/doc/ssl/SSL_session_reused.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_session_reused.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_session_reused.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -27,11 +27,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- A new session was negotiated.
-
--=item 1
-+=item C<1>
-
- A session was reused.
-
-Index: openssl-1.0.1g/doc/ssl/SSL_set_session.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_set_session.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_set_session.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -37,11 +37,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation failed; check the error stack to find out the reason.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-Index: openssl-1.0.1g/doc/ssl/SSL_connect.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_connect.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_connect.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -41,13 +41,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
-
--=item 1
-+=item C<1>
-
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-Index: openssl-1.0.1g/doc/ssl/SSL_shutdown.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_shutdown.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_shutdown.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -92,14 +92,14 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The shutdown is not yet finished. Call SSL_shutdown() for a second time,
- if a bidirectional shutdown shall be performed.
- The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
- erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
-
--=item 1
-+=item C<1>
-
- The shutdown was successfully completed. The "close notify" alert was sent
- and the peer's "close notify" alert was received.
-Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_client_CA_list.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -66,13 +66,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- A failure while manipulating the STACK_OF(X509_NAME) object occurred or
- the X509_NAME could not be extracted from B<cacert>. Check the error stack
- to find out the reason.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-Index: openssl-1.0.1g/doc/ssl/SSL_accept.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_accept.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_accept.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -44,13 +44,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
-
--=item 1
-+=item C<1>
-
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_session_id_context.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -64,13 +64,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
- the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
- is logged to the error stack.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-Index: openssl-1.0.1g/doc/ssl/SSL_write.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_write.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_write.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -79,7 +79,7 @@
- The write operation was successful, the return value is the number of
- bytes actually written to the TLS/SSL connection.
-
--=item 0
-+=item C<0>
-
- The write operation was not successful. Probably the underlying connection
- was closed. Call SSL_get_error() with the return value B<ret> to find out,
-Index: openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_CTX_load_verify_locations.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -100,13 +100,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation failed because B<CAfile> and B<CApath> are NULL or the
- processing at one of the locations specified failed. Check the error
- stack to find out the reason.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-Index: openssl-1.0.1g/doc/ssl/SSL_set_fd.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_set_fd.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_set_fd.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -35,11 +35,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation failed. Check the error stack to find out why.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-Index: openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_CTX_use_psk_identity_hint.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -96,7 +96,7 @@
- connection will fail with decryption_error before it will be finished
- completely.
-
--=item 0
-+=item C<0>
-
- PSK identity was not found. An "unknown_psk_identity" alert message
- will be sent and the connection setup fails.
-Index: openssl-1.0.1g/doc/ssl/SSL_read.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_read.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_read.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -86,7 +86,7 @@
- The read operation was successful; the return value is the number of
- bytes actually read from the TLS/SSL connection.
-
--=item 0
-+=item C<0>
-
- The read operation was not successful. The reason may either be a clean
- shutdown due to a "close notify" alert sent by the peer (in which case
-Index: openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_add_session.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_CTX_add_session.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -52,13 +52,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation failed. In case of the add operation, it was tried to add
- the same (identical) session twice. In case of the remove operation, the
- session was not found in the cache.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
-Index: openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_do_handshake.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_do_handshake.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -45,13 +45,13 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
-
--=item 1
-+=item C<1>
-
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
-Index: openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_COMP_add_compression_method.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -53,11 +53,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The operation succeeded.
-
--=item 1
-+=item C<1>
-
- The operation failed. Check the error queue to find out the reason.
-
-Index: openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod
-===================================================================
---- openssl-1.0.1g.orig/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-04-07 23:21:03.985184135 +0200
-+++ openssl-1.0.1g/doc/ssl/SSL_CTX_set_ssl_version.pod 2014-04-07 23:21:03.985184135 +0200
-@@ -42,11 +42,11 @@
-
- =over 4
-
--=item 0
-+=item C<0>
-
- The new choice failed, check the error stack to find out the reason.
-
--=item 1
-+=item C<1>
-
- The operation succeeded.
-
Deleted: openssl/branches/jessie_stable/debian/patches/libdoc-manpgs-pod-spell.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/libdoc-manpgs-pod-spell.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/libdoc-manpgs-pod-spell.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,93 +0,0 @@
-Index: openssl-1.0.1e/doc/crypto/ASN1_generate_nconf.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/crypto/ASN1_generate_nconf.pod 2013-12-22 16:16:44.695836636 +0100
-+++ openssl-1.0.1e/doc/crypto/ASN1_generate_nconf.pod 2013-12-22 16:16:44.691836721 +0100
-@@ -61,7 +61,7 @@
- =item B<INTEGER>, B<INT>
-
- Encodes an ASN1 B<INTEGER> type. The B<value> string represents
--the value of the integer, it can be preceeded by a minus sign and
-+the value of the integer, it can be preceded by a minus sign and
- is normally interpreted as a decimal value unless the prefix B<0x>
- is included.
-
-Index: openssl-1.0.1e/doc/crypto/BN_BLINDING_new.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/crypto/BN_BLINDING_new.pod 2013-12-22 16:16:44.695836636 +0100
-+++ openssl-1.0.1e/doc/crypto/BN_BLINDING_new.pod 2013-12-22 16:16:44.691836721 +0100
-@@ -48,7 +48,7 @@
-
- BN_BLINDING_convert_ex() multiplies B<n> with the blinding factor B<A>.
- If B<r> is not NULL a copy the inverse blinding factor B<Ai> will be
--returned in B<r> (this is useful if a B<RSA> object is shared amoung
-+returned in B<r> (this is useful if a B<RSA> object is shared among
- several threads). BN_BLINDING_invert_ex() multiplies B<n> with the
- inverse blinding factor B<Ai>. If B<r> is not NULL it will be used as
- the inverse blinding.
-Index: openssl-1.0.1e/doc/crypto/EVP_BytesToKey.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/crypto/EVP_BytesToKey.pod 2013-12-22 16:16:44.695836636 +0100
-+++ openssl-1.0.1e/doc/crypto/EVP_BytesToKey.pod 2013-12-22 16:16:44.691836721 +0100
-@@ -17,7 +17,7 @@
-
- EVP_BytesToKey() derives a key and IV from various parameters. B<type> is
- the cipher to derive the key and IV for. B<md> is the message digest to use.
--The B<salt> paramter is used as a salt in the derivation: it should point to
-+The B<salt> parameter is used as a salt in the derivation: it should point to
- an 8 byte buffer or NULL if no salt is used. B<data> is a buffer containing
- B<datal> bytes which is used to derive the keying data. B<count> is the
- iteration count to use. The derived key and IV will be written to B<key>
-Index: openssl-1.0.1e/doc/crypto/EVP_EncryptInit.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/crypto/EVP_EncryptInit.pod 2013-12-22 16:16:44.695836636 +0100
-+++ openssl-1.0.1e/doc/crypto/EVP_EncryptInit.pod 2013-12-22 16:16:44.691836721 +0100
-@@ -152,7 +152,7 @@
-
- EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a
- similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and
--EVP_CipherInit_ex() except the B<ctx> paramter does not need to be
-+EVP_CipherInit_ex() except the B<ctx> parameter does not need to be
- initialized and they always use the default cipher implementation.
-
- EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a
-Index: openssl-1.0.1e/doc/crypto/EVP_PKEY_cmp.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/crypto/EVP_PKEY_cmp.pod 2013-12-22 16:16:44.695836636 +0100
-+++ openssl-1.0.1e/doc/crypto/EVP_PKEY_cmp.pod 2013-12-22 16:16:44.691836721 +0100
-@@ -26,7 +26,7 @@
- The funcion EVP_PKEY_cmp_parameters() compares the parameters of keys
- B<a> and B<b>.
-
--The funcion EVP_PKEY_cmp() compares the public key components and paramters
-+The funcion EVP_PKEY_cmp() compares the public key components and parameters
- (if present) of keys B<a> and B<b>.
-
- =head1 NOTES
-Index: openssl-1.0.1e/doc/crypto/pem.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/crypto/pem.pod 2013-12-22 16:16:44.695836636 +0100
-+++ openssl-1.0.1e/doc/crypto/pem.pod 2013-12-22 16:16:44.691836721 +0100
-@@ -201,7 +201,7 @@
- PEM_write_bio_PKCS8PrivateKey() and PEM_write_PKCS8PrivateKey()
- write a private key in an EVP_PKEY structure in PKCS#8
- EncryptedPrivateKeyInfo format using PKCS#5 v2.0 password based encryption
--algorithms. The B<cipher> argument specifies the encryption algoritm to
-+algorithms. The B<cipher> argument specifies the encryption algorithm to
- use: unlike all other PEM routines the encryption is applied at the
- PKCS#8 level and not in the PEM headers. If B<cipher> is NULL then no
- encryption is used and a PKCS#8 PrivateKeyInfo structure is used instead.
-Index: openssl-1.0.1e/doc/ssl/SSL_CTX_set_verify.pod
-===================================================================
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_verify.pod 2013-12-22 16:16:44.695836636 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_verify.pod 2013-12-22 16:16:44.695836636 +0100
-@@ -169,8 +169,8 @@
- failure, if wished. The callback realizes a verification depth limit with
- more informational output.
-
--All verification errors are printed, informations about the certificate chain
--are printed on request.
-+All verification errors are printed; information about the certificate chain
-+is printed on request.
- The example is realized for a server that does allow but not require client
- certificates.
-
Deleted: openssl/branches/jessie_stable/debian/patches/libssl-misspell.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/libssl-misspell.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/libssl-misspell.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,11 +0,0 @@
---- a/crypto/asn1/asn1_err.c
-+++ b/crypto/asn1/asn1_err.c
-@@ -302,7 +302,7 @@
- {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
- {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),"unknown signature algorithm"},
- {ERR_REASON(ASN1_R_UNKNOWN_TAG) ,"unknown tag"},
--{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unkown format"},
-+{ERR_REASON(ASN1_R_UNKOWN_FORMAT) ,"unknown format"},
- {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
- {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) ,"unsupported cipher"},
- {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
Deleted: openssl/branches/jessie_stable/debian/patches/openssl-pod-misspell.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/openssl-pod-misspell.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/openssl-pod-misspell.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,122 +0,0 @@
-Index: openssl-1.0.1/apps/ca.c
-===================================================================
---- openssl-1.0.1.orig/apps/ca.c 2012-01-12 16:28:02.000000000 +0000
-+++ openssl-1.0.1/apps/ca.c 2012-03-17 09:31:48.000000000 +0000
-@@ -148,7 +148,7 @@
- static const char *ca_usage[]={
- "usage: ca args\n",
- "\n",
--" -verbose - Talk alot while doing things\n",
-+" -verbose - Talk a lot while doing things\n",
- " -config file - A config file\n",
- " -name arg - The particular CA definition to use\n",
- " -gencrl - Generate a new CRL\n",
-Index: openssl-1.0.1/apps/ecparam.c
-===================================================================
---- openssl-1.0.1.orig/apps/ecparam.c 2010-06-15 17:25:02.000000000 +0000
-+++ openssl-1.0.1/apps/ecparam.c 2012-03-17 09:31:48.000000000 +0000
-@@ -105,7 +105,7 @@
- * in the asn1 der encoding
- * possible values: named_curve (default)
- * explicit
-- * -no_seed - if 'explicit' parameters are choosen do not use the seed
-+ * -no_seed - if 'explicit' parameters are chosen do not use the seed
- * -genkey - generate ec key
- * -rand file - files to use for random number input
- * -engine e - use engine e, possibly a hardware device
-@@ -286,7 +286,7 @@
- BIO_printf(bio_err, " "
- " explicit\n");
- BIO_printf(bio_err, " -no_seed if 'explicit'"
-- " parameters are choosen do not"
-+ " parameters are chosen do not"
- " use the seed\n");
- BIO_printf(bio_err, " -genkey generate ec"
- " key\n");
-Index: openssl-1.0.1/crypto/evp/encode.c
-===================================================================
---- openssl-1.0.1.orig/crypto/evp/encode.c 2010-06-15 17:25:09.000000000 +0000
-+++ openssl-1.0.1/crypto/evp/encode.c 2012-03-17 09:31:48.000000000 +0000
-@@ -250,7 +250,7 @@
- /* We parse the input data */
- for (i=0; i<inl; i++)
- {
-- /* If the current line is > 80 characters, scream alot */
-+ /* If the current line is > 80 characters, scream a lot */
- if (ln >= 80) { rv= -1; goto end; }
-
- /* Get char and put it into the buffer */
-Index: openssl-1.0.1/doc/apps/config.pod
-===================================================================
---- openssl-1.0.1.orig/doc/apps/config.pod 2004-11-25 17:47:29.000000000 +0000
-+++ openssl-1.0.1/doc/apps/config.pod 2012-03-17 09:31:48.000000000 +0000
-@@ -119,7 +119,7 @@
- information.
-
- The section pointed to by B<engines> is a table of engine names (though see
--B<engine_id> below) and further sections containing configuration informations
-+B<engine_id> below) and further sections containing configuration information
- specific to each ENGINE.
-
- Each ENGINE specific section is used to set default algorithms, load
-Index: openssl-1.0.1/doc/apps/req.pod
-===================================================================
---- openssl-1.0.1.orig/doc/apps/req.pod 2009-04-10 16:42:28.000000000 +0000
-+++ openssl-1.0.1/doc/apps/req.pod 2012-03-17 09:31:48.000000000 +0000
-@@ -159,7 +159,7 @@
- the algorithm is determined by the parameters. B<algname:file> use algorithm
- B<algname> and parameter file B<file>: the two algorithms must match or an
- error occurs. B<algname> just uses algorithm B<algname>, and parameters,
--if neccessary should be specified via B<-pkeyopt> parameter.
-+if necessary should be specified via B<-pkeyopt> parameter.
-
- B<dsa:filename> generates a DSA key using the parameters
- in the file B<filename>. B<ec:filename> generates EC key (usable both with
-Index: openssl-1.0.1/doc/apps/ts.pod
-===================================================================
---- openssl-1.0.1.orig/doc/apps/ts.pod 2009-04-10 11:25:54.000000000 +0000
-+++ openssl-1.0.1/doc/apps/ts.pod 2012-03-17 09:31:48.000000000 +0000
-@@ -352,7 +352,7 @@
-
- This is the main section and it specifies the name of another section
- that contains all the options for the B<-reply> command. This default
--section can be overriden with the B<-section> command line switch. (Optional)
-+section can be overridden with the B<-section> command line switch. (Optional)
-
- =item B<oid_file>
-
-@@ -453,7 +453,7 @@
- =head1 ENVIRONMENT VARIABLES
-
- B<OPENSSL_CONF> contains the path of the configuration file and can be
--overriden by the B<-config> command line option.
-+overridden by the B<-config> command line option.
-
- =head1 EXAMPLES
-
-Index: openssl-1.0.1/doc/apps/tsget.pod
-===================================================================
---- openssl-1.0.1.orig/doc/apps/tsget.pod 2010-01-05 17:17:20.000000000 +0000
-+++ openssl-1.0.1/doc/apps/tsget.pod 2012-03-17 09:31:48.000000000 +0000
-@@ -124,7 +124,7 @@
- =item [request]...
-
- List of files containing B<RFC 3161> DER-encoded time stamp requests. If no
--requests are specifed only one request will be sent to the server and it will be
-+requests are specified only one request will be sent to the server and it will be
- read from the standard input. (Optional)
-
- =back
-Index: openssl-1.0.1/doc/apps/x509v3_config.pod
-===================================================================
---- openssl-1.0.1.orig/doc/apps/x509v3_config.pod 2006-11-07 13:44:03.000000000 +0000
-+++ openssl-1.0.1/doc/apps/x509v3_config.pod 2012-03-17 09:31:48.000000000 +0000
-@@ -174,7 +174,7 @@
-
- The value of B<dirName> should point to a section containing the distinguished
- name to use as a set of name value pairs. Multi values AVAs can be formed by
--preceeding the name with a B<+> character.
-+preceding the name with a B<+> character.
-
- otherName can include arbitrary data associated with an OID: the value
- should be the OID followed by a semicolon and the content in standard
Deleted: openssl/branches/jessie_stable/debian/patches/pkcs12-doc.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/pkcs12-doc.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/pkcs12-doc.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,36 +0,0 @@
-This is another documentation issue ...
-
-apps/pkcs12.c accepts -password as an argument. The document author
-almost certainly meant to write "-password, -passin".
-
-However, that is not correct, either. Actually the code treats
--password as equivalent to -passin, EXCEPT when -export is also
-specified, in which case -password as equivalent to -passout. The patch
-below makes this explicit.
-
-
-Index: openssl-1.0.0d/doc/apps/pkcs12.pod
-===================================================================
---- openssl-1.0.0d.orig/doc/apps/pkcs12.pod 2011-06-13 10:46:06.000000000 +0000
-+++ openssl-1.0.0d/doc/apps/pkcs12.pod 2011-06-13 10:47:36.000000000 +0000
-@@ -67,7 +67,7 @@
- The filename to write certificates and private keys to, standard output by
- default. They are all written in PEM format.
-
--=item B<-pass arg>, B<-passin arg>
-+=item B<-passin arg>
-
- the PKCS#12 file (i.e. input file) password source. For more information about
- the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section in
-@@ -79,6 +79,11 @@
- information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section
- in L<openssl(1)|openssl(1)>.
-
-+=item B<-password arg>
-+
-+With -export, -password is equivalent to -passout.
-+Otherwise, -password is equivalent to -passin.
-+
- =item B<-noout>
-
- this option inhibits output of the keys and certificates to the output file
Deleted: openssl/branches/jessie_stable/debian/patches/pod_ec.misspell.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/pod_ec.misspell.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/pod_ec.misspell.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,11 +0,0 @@
---- a/doc/apps/ec.pod
-+++ b/doc/apps/ec.pod
-@@ -41,7 +41,7 @@
-
- This specifies the input format. The B<DER> option with a private key uses
- an ASN.1 DER encoded SEC1 private key. When used with a public key it
--uses the SubjectPublicKeyInfo structur as specified in RFC 3280.
-+uses the SubjectPublicKeyInfo structure as specified in RFC 3280.
- The B<PEM> form is the default format: it consists of the B<DER> format base64
- encoded with additional header and footer lines. In the case of a private key
- PKCS#8 format is also accepted.
Deleted: openssl/branches/jessie_stable/debian/patches/pod_pksc12.misspell.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/pod_pksc12.misspell.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/pod_pksc12.misspell.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,11 +0,0 @@
---- a/doc/apps/pkcs12.pod
-+++ b/doc/apps/pkcs12.pod
-@@ -75,7 +75,7 @@
-
- =item B<-passout arg>
-
--pass phrase source to encrypt any outputed private keys with. For more
-+pass phrase source to encrypt any outputted private keys with. For more
- information about the format of B<arg> see the B<PASS PHRASE ARGUMENTS> section
- in L<openssl(1)|openssl(1)>.
-
Deleted: openssl/branches/jessie_stable/debian/patches/pod_req_misspell2.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/pod_req_misspell2.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/pod_req_misspell2.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,12 +0,0 @@
-diff --git a/doc/apps/req.pod b/doc/apps/req.pod
---- a/doc/apps/req.pod
-+++ b/doc/apps/req.pod
-@@ -303,7 +303,7 @@
-
- =item B<-newhdr>
-
--Adds the word B<NEW> to the PEM file header and footer lines on the outputed
-+Adds the word B<NEW> to the PEM file header and footer lines on the outputted
- request. Some software (Netscape certificate server) and some CAs need this.
-
- =item B<-batch>
Deleted: openssl/branches/jessie_stable/debian/patches/pod_s_server.misspell.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/pod_s_server.misspell.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/pod_s_server.misspell.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,11 +0,0 @@
---- a/doc/apps/s_server.pod
-+++ b/doc/apps/s_server.pod
-@@ -111,7 +111,7 @@
-
- =item B<-dcertform format>, B<-dkeyform format>, B<-dpass arg>
-
--addtional certificate and private key format and passphrase respectively.
-+additional certificate and private key format and passphrase respectively.
-
- =item B<-nocert>
-
Deleted: openssl/branches/jessie_stable/debian/patches/pod_x509setflags.misspell.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/pod_x509setflags.misspell.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/pod_x509setflags.misspell.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,11 +0,0 @@
---- a/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
-+++ b/doc/crypto/X509_VERIFY_PARAM_set_flags.pod
-@@ -113,7 +113,7 @@
- to examine the valid policy tree and perform additional checks or simply
- log it for debugging purposes.
-
--By default some addtional features such as indirect CRLs and CRLs signed by
-+By default some additional features such as indirect CRLs and CRLs signed by
- different keys are disabled. If B<X509_V_FLAG_EXTENDED_CRL_SUPPORT> is set
- they are enabled.
-
Deleted: openssl/branches/jessie_stable/debian/patches/rehash_pod.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/rehash_pod.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/rehash_pod.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,60 +0,0 @@
-Index: openssl-0.9.8k/doc/apps/c_rehash.pod
-===================================================================
---- /dev/null 1970-01-01 00:00:00.000000000 +0000
-+++ openssl-0.9.8k/doc/apps/c_rehash.pod 2009-07-19 11:36:27.000000000 +0200
-@@ -0,0 +1,55 @@
-+
-+=pod
-+
-+=head1 NAME
-+
-+c_rehash - Create symbolic links to files named by the hash values
-+
-+=head1 SYNOPSIS
-+
-+B<c_rehash>
-+[directory] ...
-+
-+=head1 DESCRIPTION
-+
-+c_rehash scans directories and takes a hash value of each .pem and .crt file in the directory. It then creates symbolic links for each of the files named by the hash value. This is useful as many programs require directories to be set up like this in order to find the certificates they require.
-+
-+If any directories are named on the command line then these directories are processed in turn. If not then and the environment variable SSL_CERT_DIR is defined then that is consulted. This variable should be a colon (:) separated list of directories, all of which will be processed. If neither of these conditions are true then /usr/lib/ssl/certs is processed.
-+
-+For each directory that is to be processed he user must have write permissions on the directory, if they do not then nothing will be printed for that directory.
-+
-+Note that this program deletes all the symbolic links that look like ones that it creates before processing a directory. Beware that if you run the program on a directory that contains symbolic links for other purposes that are named in the same format as those created by this program they will be lost.
-+
-+The hashes for certificate files are of the form <hash>.<n> where n is an integer. If the hash value already exists then n will be incremented, unless the file is a duplicate. Duplicates are detected using the fingerprint of the certificate. A warning will be printed if a duplicate is detected. The hashes for CRL files are of the form <hash>.r<n> and have the same behavior.
-+
-+The program will also warn if there are files with extension .pem which are not certificate or CRL files.
-+
-+The program uses the openssl program to compute the hashes and fingerprints. It expects the executable to be named openssl and be on the PATH, or in the /usr/lib/ssl/bin directory. If the OPENSSL environment variable is defined then this is used instead as the executable that provides the hashes and fingerprints. When called as $OPENSSL x509 -hash -fingerprint -noout -in $file it must output the hash of $file on the first line followed by the fingerprint on the second line, optionally prefixed with some text and an equals sign (=).
-+
-+=head1 OPTIONS
-+
-+None
-+
-+=head1 ENVIRONMENT
-+
-+=over 4
-+
-+=item B<OPENSSL>
-+
-+The name (and path) of an executable to use to generate hashes and fingerprints (see above).
-+
-+=item B<SSL_CERT_DIR>
-+
-+Colon separated list of directories to operate on. Ignored if directories are listed on the command line.
-+
-+=back
-+
-+=head1 SEE ALSO
-+
-+L<openssl(1)|openssl(1)>, L<x509(1)|x509(1)>
-+
-+=head1 BUGS
-+
-+No known bugs
-+
-+=cut
Deleted: openssl/branches/jessie_stable/debian/patches/req_bits.patch
===================================================================
--- openssl/branches/jessie_stable/debian/patches/req_bits.patch 2016-05-06 12:59:29 UTC (rev 786)
+++ openssl/branches/jessie_stable/debian/patches/req_bits.patch 2016-05-06 13:34:50 UTC (rev 787)
@@ -1,43 +0,0 @@
-From: Kurt Roeckx <kurt at roeckx.be>
-Date: Sun, 22 Dec 2013 19:10:21 +0100
-Subject: Use defaults bits in req when not given
-Bug: http://rt.openssl.org/Ticket/Display.html?id=2592&user=guest&pass=guest
-
-Index: openssl-1.0.1e/apps/req.c
-===================================================================
---- openssl-1.0.1e.orig/apps/req.c 2013-12-22 19:47:42.355657810 +0100
-+++ openssl-1.0.1e/apps/req.c 2013-12-22 19:57:12.287547599 +0100
-@@ -644,6 +644,11 @@
- if (inrand)
- app_RAND_load_files(inrand);
-
-+ if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
-+ {
-+ newkey=DEFAULT_KEY_LENGTH;
-+ }
-+
- if (keyalg)
- {
- genctx = set_keygen_ctx(bio_err, keyalg, &pkey_type, &newkey,
-@@ -652,12 +657,6 @@
- goto end;
- }
-
-- if (newkey <= 0)
-- {
-- if (!NCONF_get_number(req_conf,SECTION,BITS, &newkey))
-- newkey=DEFAULT_KEY_LENGTH;
-- }
--
- if (newkey < MIN_KEY_LENGTH && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA))
- {
- BIO_printf(bio_err,"private key length is too short,\n");
-@@ -1649,6 +1648,8 @@
- keylen = atol(p + 1);
- *pkeylen = keylen;
- }
-+ else
-+ keylen = *pkeylen;
- }
- else if (p)
- paramfile = p + 1;
More information about the Pkg-openssl-changes
mailing list