Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/dev-libs/openssl/files
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2010-06-03 02:28:10 +0000
committerMike Frysinger <vapier@gentoo.org>2010-06-03 02:28:10 +0000
commit4fbe57e617c57646f8347443b36bef41d06d06de (patch)
treee577887e2401c6a65df7f47e064da43247b44eeb /dev-libs/openssl/files
parentVersion bump #322055 by Xake which also fixes #301396 by Torsten Kurbad. Add... (diff)
downloadgentoo-2-4fbe57e617c57646f8347443b36bef41d06d06de.tar.gz
gentoo-2-4fbe57e617c57646f8347443b36bef41d06d06de.tar.bz2
gentoo-2-4fbe57e617c57646f8347443b36bef41d06d06de.zip
old
Diffstat (limited to 'dev-libs/openssl/files')
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8-make-engines-dir.patch12
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8-makedepend.patch15
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8e-make.patch26
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch31
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8k-toolchain.patch22
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch53
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch24
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch22
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1387.patch59
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-2409.patch71
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8l-dtls-compat.patch167
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8m-cfb.patch15
12 files changed, 0 insertions, 517 deletions
diff --git a/dev-libs/openssl/files/openssl-0.9.8-make-engines-dir.patch b/dev-libs/openssl/files/openssl-0.9.8-make-engines-dir.patch
deleted file mode 100644
index 5cba456c7e9c..000000000000
--- a/dev-libs/openssl/files/openssl-0.9.8-make-engines-dir.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2082
-
---- openssl-0.9.8/engines/Makefile
-+++ openssl-0.9.8.az/engines/Makefile
-@@ -88,6 +88,7 @@
- @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- @if [ -n "$(SHARED_LIBS)" ]; then \
- set -e; \
-+ $(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines; \
- for l in $(LIBNAMES); do \
- ( echo installing $$l; \
- if [ "$(PLATFORM)" != "Cygwin" ]; then \
diff --git a/dev-libs/openssl/files/openssl-0.9.8-makedepend.patch b/dev-libs/openssl/files/openssl-0.9.8-makedepend.patch
deleted file mode 100644
index 9abbe8ef3720..000000000000
--- a/dev-libs/openssl/files/openssl-0.9.8-makedepend.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-http://bugs.gentoo.org/149583
-
-http://rt.openssl.org/Ticket/Display.html?id=2085
-
---- util/domd
-+++ util/domd
-@@ -14,7 +14,7 @@
- cp Makefile Makefile.save
- # fake the presence of Kerberos
- touch $TOP/krb5.h
--if [ "$MAKEDEPEND" = "gcc" ]; then
-+if [ "$MAKEDEPEND" != "makedepend" ]; then
- args=""
- while [ $# -gt 0 ]; do
- if [ "$1" != "--" ]; then args="$args $1"; fi
diff --git a/dev-libs/openssl/files/openssl-0.9.8e-make.patch b/dev-libs/openssl/files/openssl-0.9.8e-make.patch
deleted file mode 100644
index 54f4302cbe79..000000000000
--- a/dev-libs/openssl/files/openssl-0.9.8e-make.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-respect $MAKE if it is set in the environment so we don't get a mix
-of the host `make` and whatever $MAKE is set to when recursing
-
-http://bugs.gentoo.org/146316
-
-http://rt.openssl.org/Ticket/Display.html?id=2080
-
---- openssl-0.9.8e/Configure
-+++ openssl-0.9.8e/Configure
-@@ -931,6 +931,7 @@
- $default_ranlib= &which("ranlib") or $default_ranlib="true";
- $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
- or $perl="perl";
-+my $make = $ENV{'MAKE'} || "make";
-
- chop $openssldir if $openssldir =~ /\/$/;
- chop $prefix if $prefix =~ /\/$/;
-@@ -1554,7 +1557,7 @@
- EOF
- close(OUT);
- } else {
-- my $make_command = "make PERL=\'$perl\'";
-+ my $make_command = "$make PERL=\'$perl\'";
- my $make_targets = "";
- $make_targets .= " links" if $symlink;
- $make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;
diff --git a/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch b/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch
deleted file mode 100644
index ef6134b02ca9..000000000000
--- a/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Fix from upstream cvs
-
-Index: ssl/t1_lib.c
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/ssl/t1_lib.c,v
-retrieving revision 1.64
-retrieving revision 1.65
-diff -u -p -r1.64 -r1.65
---- ssl/t1_lib.c 29 Dec 2008 16:15:27 -0000 1.64
-+++ ssl/t1_lib.c 28 Apr 2009 22:10:54 -0000 1.65
-@@ -267,6 +267,10 @@ unsigned char *ssl_add_clienthello_tlsex
- int extdatalen=0;
- unsigned char *ret = p;
-
-+ /* don't add extensions for SSLv3 */
-+ if (s->client_version == SSL3_VERSION)
-+ return p;
-+
- ret+=2;
-
- if (ret>=limit) return NULL; /* this really never occurs, but ... */
-@@ -448,6 +452,10 @@ unsigned char *ssl_add_serverhello_tlsex
- int extdatalen=0;
- unsigned char *ret = p;
-
-+ /* don't add extensions for SSLv3 */
-+ if (s->version == SSL3_VERSION)
-+ return p;
-+
- ret+=2;
- if (ret>=limit) return NULL; /* this really never occurs, but ... */
diff --git a/dev-libs/openssl/files/openssl-0.9.8k-toolchain.patch b/dev-libs/openssl/files/openssl-0.9.8k-toolchain.patch
deleted file mode 100644
index 78d77d0a74a4..000000000000
--- a/dev-libs/openssl/files/openssl-0.9.8k-toolchain.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2081
-
---- Configure
-+++ Configure
-@@ -979,7 +979,8 @@
- my $shared_cflag = $fields[$idx_shared_cflag];
- my $shared_ldflag = $fields[$idx_shared_ldflag];
- my $shared_extension = $fields[$idx_shared_extension];
--my $ranlib = $fields[$idx_ranlib];
-+my $ar = $ENV{'AR'} || "ar";
-+my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
- my $arflags = $fields[$idx_arflags];
-
- if ($fips)
-@@ -1487,6 +1488,7 @@
- s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
- s/^PROCESSOR=.*/PROCESSOR= $processor/;
- s/^RANLIB=.*/RANLIB= $ranlib/;
-+ s/^AR=ar /AR= $ar /;
- s/^ARFLAGS=.*/ARFLAGS= $arflags/;
- s/^PERL=.*/PERL= $perl/;
- s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch
deleted file mode 100644
index 761698e0f1d4..000000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
-
-Index: openssl/crypto/pqueue/pqueue.c
-RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v
-rcsdiff -q -kk '-r1.2.2.4' '-r1.2.2.5' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v' 2>/dev/null
---- crypto/pqueue/pqueue.c 2005/06/28 12:53:33 1.2.2.4
-+++ crypto/pqueue/pqueue.c 2009/05/16 16:18:44 1.2.2.5
-@@ -234,3 +234,17 @@
-
- return ret;
- }
-+
-+int
-+pqueue_size(pqueue_s *pq)
-+{
-+ pitem *item = pq->items;
-+ int count = 0;
-+
-+ while(item != NULL)
-+ {
-+ count++;
-+ item = item->next;
-+ }
-+ return count;
-+}
-Index: openssl/crypto/pqueue/pqueue.h
-RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v
-rcsdiff -q -kk '-r1.2.2.1' '-r1.2.2.2' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v' 2>/dev/null
---- crypto/pqueue/pqueue.h 2005/05/30 22:34:27 1.2.2.1
-+++ crypto/pqueue/pqueue.h 2009/05/16 16:18:44 1.2.2.2
-@@ -91,5 +91,6 @@
- pitem *pqueue_next(piterator *iter);
-
- void pqueue_print(pqueue pq);
-+int pqueue_size(pqueue pq);
-
- #endif /* ! HEADER_PQUEUE_H */
-Index: openssl/ssl/d1_pkt.c
-RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
-rcsdiff -q -kk '-r1.4.2.17' '-r1.4.2.18' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null
---- ssl/d1_pkt.c 2009/05/16 15:51:59 1.4.2.17
-+++ ssl/d1_pkt.c 2009/05/16 16:18:45 1.4.2.18
-@@ -167,6 +167,10 @@
- DTLS1_RECORD_DATA *rdata;
- pitem *item;
-
-+ /* Limit the size of the queue to prevent DOS attacks */
-+ if (pqueue_size(queue->q) >= 100)
-+ return 0;
-+
- rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
- item = pitem_new(priority, rdata);
- if (rdata == NULL || item == NULL)
diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch
deleted file mode 100644
index f111a4c086e8..000000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
-
-Index: ssl/d1_both.c
-===================================================================
---- ssl/d1_both.c.orig
-+++ ssl/d1_both.c
-@@ -561,7 +561,16 @@ dtls1_process_out_of_seq_message(SSL *s,
- if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
- goto err;
-
-- if (msg_hdr->seq <= s->d1->handshake_read_seq)
-+ /* Try to find item in queue, to prevent duplicate entries */
-+ pq_64bit_init(&seq64);
-+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
-+ item = pqueue_find(s->d1->buffered_messages, seq64);
-+ pq_64bit_free(&seq64);
-+
-+ /* Discard the message if sequence number was already there, is
-+ * too far in the future or the fragment is already in the queue */
-+ if (msg_hdr->seq <= s->d1->handshake_read_seq ||
-+ msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
- {
- unsigned char devnull [256];
-
diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch
deleted file mode 100644
index 706732435097..000000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Index: openssl/ssl/d1_both.c
-RCS File: /v/openssl/cvs/openssl/ssl/d1_both.c,v
-rcsdiff -q -kk '-r1.14.2.6' '-r1.14.2.7' -u '/v/openssl/cvs/openssl/ssl/d1_both.c,v' 2>/dev/null
---- d1_both.c 2009/04/22 12:17:02 1.14.2.6
-+++ d1_both.c 2009/05/13 11:51:30 1.14.2.7
-@@ -519,6 +519,7 @@
-
- if ( s->d1->handshake_read_seq == frag->msg_header.seq)
- {
-+ unsigned long frag_len = frag->msg_header.frag_len;
- pqueue_pop(s->d1->buffered_messages);
-
- al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
-@@ -536,7 +537,7 @@
- if (al==0)
- {
- *ok = 1;
-- return frag->msg_header.frag_len;
-+ return frag_len;
- }
-
- ssl3_send_alert(s,SSL3_AL_FATAL,al);
diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1387.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1387.patch
deleted file mode 100644
index a9e5ea054f5c..000000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1387.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-http://bugs.gentoo.org/270305
-
-fix from upstream
-
-Index: ssl/d1_both.c
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/ssl/d1_both.c,v
-retrieving revision 1.4.2.7
-retrieving revision 1.4.2.8
-diff -u -p -r1.4.2.7 -r1.4.2.8
---- ssl/d1_both.c 17 Oct 2007 21:17:49 -0000 1.4.2.7
-+++ ssl/d1_both.c 2 Apr 2009 22:12:13 -0000 1.4.2.8
-@@ -575,30 +575,31 @@ dtls1_process_out_of_seq_message(SSL *s,
- }
- }
-
-- frag = dtls1_hm_fragment_new(frag_len);
-- if ( frag == NULL)
-- goto err;
-+ if (frag_len)
-+ {
-+ frag = dtls1_hm_fragment_new(frag_len);
-+ if ( frag == NULL)
-+ goto err;
-
-- memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
-+ memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
-
-- if (frag_len)
-- {
-- /* read the body of the fragment (header has already been read */
-+ /* read the body of the fragment (header has already been read) */
- i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- frag->fragment,frag_len,0);
- if (i<=0 || (unsigned long)i!=frag_len)
- goto err;
-- }
-
-- pq_64bit_init(&seq64);
-- pq_64bit_assign_word(&seq64, msg_hdr->seq);
-+ pq_64bit_init(&seq64);
-+ pq_64bit_assign_word(&seq64, msg_hdr->seq);
-
-- item = pitem_new(seq64, frag);
-- pq_64bit_free(&seq64);
-- if ( item == NULL)
-- goto err;
-+ item = pitem_new(seq64, frag);
-+ pq_64bit_free(&seq64);
-+ if ( item == NULL)
-+ goto err;
-+
-+ pqueue_insert(s->d1->buffered_messages, item);
-+ }
-
-- pqueue_insert(s->d1->buffered_messages, item);
- return DTLS1_HM_FRAGMENT_RETRY;
-
- err:
diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-2409.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-2409.patch
deleted file mode 100644
index b097869f3b1e..000000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-2409.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-http://bugs.gentoo.org/280591
-
-fix from upstream
-
-http://cvs.openssl.org/chngview?cn=18260
-
-Index: openssl/crypto/x509/x509_vfy.c
-RCS File: /v/openssl/cvs/openssl/crypto/x509/x509_vfy.c,v
-rcsdiff -q -kk '-r1.77.2.8' '-r1.77.2.9' -u '/v/openssl/cvs/openssl/crypto/x509/x509_vfy.c,v' 2>/dev/null
---- crypto/x509/x509_vfy.c 2008/07/13 14:33:15 1.77.2.8
-+++ crypto/x509/x509_vfy.c 2009/06/15 14:52:38 1.77.2.9
-@@ -986,7 +986,11 @@
- while (n >= 0)
- {
- ctx->error_depth=n;
-- if (!xs->valid)
-+
-+ /* Skip signature check for self signed certificates. It
-+ * doesn't add any security and just wastes time.
-+ */
-+ if (!xs->valid && xs != xi)
- {
- if ((pkey=X509_get_pubkey(xi)) == NULL)
- {
-@@ -996,13 +1000,6 @@
- if (!ok) goto end;
- }
- else if (X509_verify(xs,pkey) <= 0)
-- /* XXX For the final trusted self-signed cert,
-- * this is a waste of time. That check should
-- * optional so that e.g. 'openssl x509' can be
-- * used to detect invalid self-signatures, but
-- * we don't verify again and again in SSL
-- * handshakes and the like once the cert has
-- * been declared trusted. */
- {
- ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
- ctx->current_cert=xs;
-
-http://cvs.openssl.org/chngview?cn=18317
-
-Index: openssl/crypto/evp/c_alld.c
-RCS File: /v/openssl/cvs/openssl/crypto/evp/c_alld.c,v
-rcsdiff -q -kk '-r1.7' '-r1.7.2.1' -u '/v/openssl/cvs/openssl/crypto/evp/c_alld.c,v' 2>/dev/null
---- crypto/evp/c_alld.c 2005/04/30 21:51:40 1.7
-+++ crypto/evp/c_alld.c 2009/07/08 08:33:26 1.7.2.1
-@@ -64,9 +64,6 @@
-
- void OpenSSL_add_all_digests(void)
- {
--#ifndef OPENSSL_NO_MD2
-- EVP_add_digest(EVP_md2());
--#endif
- #ifndef OPENSSL_NO_MD4
- EVP_add_digest(EVP_md4());
- #endif
-Index: openssl/ssl/ssl_algs.c
-RCS File: /v/openssl/cvs/openssl/ssl/ssl_algs.c,v
-rcsdiff -q -kk '-r1.12.2.3' '-r1.12.2.4' -u '/v/openssl/cvs/openssl/ssl/ssl_algs.c,v' 2>/dev/null
---- ssl/ssl_algs.c 2007/04/23 23:50:21 1.12.2.3
-+++ ssl/ssl_algs.c 2009/07/08 08:33:27 1.12.2.4
-@@ -92,9 +92,6 @@
- EVP_add_cipher(EVP_seed_cbc());
- #endif
-
--#ifndef OPENSSL_NO_MD2
-- EVP_add_digest(EVP_md2());
--#endif
- #ifndef OPENSSL_NO_MD5
- EVP_add_digest(EVP_md5());
- EVP_add_digest_alias(SN_md5,"ssl2-md5");
diff --git a/dev-libs/openssl/files/openssl-0.9.8l-dtls-compat.patch b/dev-libs/openssl/files/openssl-0.9.8l-dtls-compat.patch
deleted file mode 100644
index 4d30c9b47d6f..000000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-dtls-compat.patch
+++ /dev/null
@@ -1,167 +0,0 @@
-http://bugs.gentoo.org/280370
-
-fix from upstream
-
-Index: openssl/ssl/d1_clnt.c
-RCS File: /v/openssl/cvs/openssl/ssl/d1_clnt.c,v
-rcsdiff -q -kk '-r1.3.2.15' '-r1.3.2.16' -u '/v/openssl/cvs/openssl/ssl/d1_clnt.c,v' 2>/dev/null
---- d1_clnt.c 2009/04/14 15:20:47 1.3.2.15
-+++ d1_clnt.c 2009/04/19 18:08:11 1.3.2.16
-@@ -130,7 +130,7 @@
-
- static SSL_METHOD *dtls1_get_client_method(int ver)
- {
-- if (ver == DTLS1_VERSION)
-+ if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
- return(DTLSv1_client_method());
- else
- return(NULL);
-@@ -181,7 +181,8 @@
- s->server=0;
- if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
-
-- if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
-+ if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
-+ (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
- {
- SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
- ret = -1;
-Index: openssl/ssl/d1_lib.c
-RCS File: /v/openssl/cvs/openssl/ssl/d1_lib.c,v
-rcsdiff -q -kk '-r1.1.2.7' '-r1.1.2.8' -u '/v/openssl/cvs/openssl/ssl/d1_lib.c,v' 2>/dev/null
---- d1_lib.c 2009/04/02 22:34:59 1.1.2.7
-+++ d1_lib.c 2009/04/19 18:08:11 1.1.2.8
-@@ -198,7 +198,10 @@
- void dtls1_clear(SSL *s)
- {
- ssl3_clear(s);
-- s->version=DTLS1_VERSION;
-+ if (s->options & SSL_OP_CISCO_ANYCONNECT)
-+ s->version=DTLS1_BAD_VER;
-+ else
-+ s->version=DTLS1_VERSION;
- }
-
- /*
-Index: openssl/ssl/d1_pkt.c
-RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
-rcsdiff -q -kk '-r1.4.2.15' '-r1.4.2.16' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null
---- d1_pkt.c 2009/04/02 22:34:59 1.4.2.15
-+++ d1_pkt.c 2009/04/19 18:08:12 1.4.2.16
-@@ -1024,15 +1024,17 @@
- if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
- {
- struct ccs_header_st ccs_hdr;
-+ int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
-
- dtls1_get_ccs_header(rr->data, &ccs_hdr);
-
- /* 'Change Cipher Spec' is just a single byte, so we know
- * exactly what the record payload has to look like */
- /* XDTLS: check that epoch is consistent */
-- if ( (s->client_version == DTLS1_BAD_VER && rr->length != 3) ||
-- (s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) ||
-- (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
-+ if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
-+ ccs_hdr_len = 3;
-+
-+ if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
- {
- i=SSL_AD_ILLEGAL_PARAMETER;
- SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
-@@ -1358,7 +1360,7 @@
- #if 0
- /* 'create_empty_fragment' is true only when this function calls itself */
- if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
-- && SSL_version(s) != DTLS1_VERSION)
-+ && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
- {
- /* countermeasure against known-IV weakness in CBC ciphersuites
- * (see http://www.openssl.org/~bodo/tls-cbc.txt)
-Index: openssl/ssl/s3_clnt.c
-RCS File: /v/openssl/cvs/openssl/ssl/s3_clnt.c,v
-rcsdiff -q -kk '-r1.88.2.21' '-r1.88.2.22' -u '/v/openssl/cvs/openssl/ssl/s3_clnt.c,v' 2>/dev/null
---- s3_clnt.c 2009/02/14 21:50:14 1.88.2.21
-+++ s3_clnt.c 2009/04/19 18:08:12 1.88.2.22
-@@ -708,7 +708,7 @@
-
- if (!ok) return((int)n);
-
-- if ( SSL_version(s) == DTLS1_VERSION)
-+ if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
- {
- if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
- {
-Index: openssl/ssl/ssl.h
-RCS File: /v/openssl/cvs/openssl/ssl/ssl.h,v
-rcsdiff -q -kk '-r1.161.2.21' '-r1.161.2.22' -u '/v/openssl/cvs/openssl/ssl/ssl.h,v' 2>/dev/null
---- ssl.h 2008/08/13 19:44:44 1.161.2.21
-+++ ssl.h 2009/04/19 18:08:12 1.161.2.22
-@@ -510,6 +510,8 @@
- #define SSL_OP_COOKIE_EXCHANGE 0x00002000L
- /* Don't use RFC4507 ticket extension */
- #define SSL_OP_NO_TICKET 0x00004000L
-+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client) */
-+#define SSL_OP_CISCO_ANYCONNECT 0x00008000L
-
- /* As server, disallow session resumption on renegotiation */
- #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x00010000L
-Index: openssl/ssl/ssl_lib.c
-RCS File: /v/openssl/cvs/openssl/ssl/ssl_lib.c,v
-rcsdiff -q -kk '-r1.133.2.16' '-r1.133.2.17' -u '/v/openssl/cvs/openssl/ssl/ssl_lib.c,v' 2>/dev/null
---- ssl_lib.c 2009/02/23 16:02:47 1.133.2.16
-+++ ssl_lib.c 2009/04/19 18:08:12 1.133.2.17
-@@ -995,7 +995,8 @@
- s->max_cert_list=larg;
- return(l);
- case SSL_CTRL_SET_MTU:
-- if (SSL_version(s) == DTLS1_VERSION)
-+ if (SSL_version(s) == DTLS1_VERSION ||
-+ SSL_version(s) == DTLS1_BAD_VER)
- {
- s->d1->mtu = larg;
- return larg;
-Index: openssl/ssl/ssl_sess.c
-RCS File: /v/openssl/cvs/openssl/ssl/ssl_sess.c,v
-rcsdiff -q -kk '-r1.51.2.9' '-r1.51.2.10' -u '/v/openssl/cvs/openssl/ssl/ssl_sess.c,v' 2>/dev/null
---- ssl_sess.c 2008/06/04 18:35:27 1.51.2.9
-+++ ssl_sess.c 2009/04/19 18:08:12 1.51.2.10
-@@ -211,6 +211,11 @@
- ss->ssl_version=TLS1_VERSION;
- ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- }
-+ else if (s->version == DTLS1_BAD_VER)
-+ {
-+ ss->ssl_version=DTLS1_BAD_VER;
-+ ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-+ }
- else if (s->version == DTLS1_VERSION)
- {
- ss->ssl_version=DTLS1_VERSION;
-Index: openssl/ssl/t1_enc.c
-RCS File: /v/openssl/cvs/openssl/ssl/t1_enc.c,v
-rcsdiff -q -kk '-r1.35.2.8' '-r1.35.2.9' -u '/v/openssl/cvs/openssl/ssl/t1_enc.c,v' 2>/dev/null
---- t1_enc.c 2009/01/05 14:43:07 1.35.2.8
-+++ t1_enc.c 2009/04/19 18:08:12 1.35.2.9
-@@ -765,10 +765,10 @@
- HMAC_CTX_init(&hmac);
- HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
-
-- if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
-+ if (ssl->version == DTLS1_BAD_VER ||
-+ (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER))
- {
- unsigned char dtlsseq[8],*p=dtlsseq;
--
- s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
- memcpy (p,&seq[2],6);
-
-@@ -793,7 +793,7 @@
- {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
- #endif
-
-- if ( SSL_version(ssl) != DTLS1_VERSION)
-+ if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER)
- {
- for (i=7; i>=0; i--)
- {
diff --git a/dev-libs/openssl/files/openssl-0.9.8m-cfb.patch b/dev-libs/openssl/files/openssl-0.9.8m-cfb.patch
deleted file mode 100644
index 9835b93c314a..000000000000
--- a/dev-libs/openssl/files/openssl-0.9.8m-cfb.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- crypto/evp/evp_locl.h 2010/02/15 19:40:45 1.10.2.7
-+++ crypto/evp/evp_locl.h 2010/02/26 14:41:38 1.10.2.8
-@@ -127,9 +127,9 @@
- #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
- iv_len, cbits, flags, init_key, cleanup, \
- set_asn1, get_asn1, ctrl) \
--BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, \
-- (cbits + 7)/8, key_len, iv_len, \
-- flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
-+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
-+ key_len, iv_len, flags, init_key, cleanup, set_asn1, \
-+ get_asn1, ctrl)
-
- #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
- iv_len, cbits, flags, init_key, cleanup, \