openssl: Updated (1.0.1e -> 1.0.1f) (SECURITY UPDATE)

Changes between 1.0.1e and 1.0.1f [6 Jan 2014]

  *) Fix for TLS record tampering bug. A carefully crafted invalid
     handshake could crash OpenSSL with a NULL pointer exception.
     Thanks to Anton Johansson for reporting this issues.
     (CVE-2013-4353)

  *) Keep original DTLS digest and encryption contexts in retransmission
     structures so we can use the previous session parameters if they need
     to be resent. (CVE-2013-6450)
     [Steve Henson]

  *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
     avoids preferring ECDHE-ECDSA ciphers when the client appears to be
     Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for
     several ECDHE-ECDSA ciphers, but fails to negotiate them.  The bug
     is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
     10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
     [Rob Stradling, Adam Langley]

security/openssl/openssl-1.0.1e-SSL_get_certificate.patch

@@ -1,46 +0,0 @@
-# --- SDE-COPYRIGHT-NOTE-BEGIN ---
-# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
-#
-# Filename: package/.../openssl/openssl-1.0.1e-SSL_get_certificate.patch
-# Copyright (C) 2013 The OpenSDE Project
-#
-# More information can be found in the files COPYING and README.
-#
-# This patch file is dual-licensed. It is available under the license the
-# patched project is licensed under, as long as it is an OpenSource license
-# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
-# of the GNU General Public License as published by the Free Software
-# Foundation; either version 2 of the License, or (at your option) any later
-# version.
-# --- SDE-COPYRIGHT-NOTE-END ---
-
-From 147dbb2fe3bead7a10e2f280261b661ce7af7adc Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Mon, 11 Feb 2013 18:24:03 +0000
-Subject: [PATCH] Fix for SSL_get_certificate
-
-Now we set the current certificate to the one used by a server
-there is no need to call ssl_get_server_send_cert which will
-fail if we haven't sent a certificate yet.
----
- ssl/ssl_lib.c |    4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index 14d143d..ff5a85a 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -2792,9 +2792,7 @@ void ssl_clear_cipher_ctx(SSL *s)
- /* Fix this function so that it takes an optional type parameter */
- X509 *SSL_get_certificate(const SSL *s)
- 	{
--	if (s->server)
--		return(ssl_get_server_send_cert(s));
--	else if (s->cert != NULL)
-+	if (s->cert != NULL)
- 		return(s->cert->key->x509);
- 	else
- 		return(NULL);
--- 
-1.7.9.5
-

security/openssl/openssl.desc

@@ -2,7 +2,7 @@
 [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 [COPY]
 [COPY] Filename: package/.../openssl/openssl.desc
-[COPY] Copyright (C) 2006 - 2013 The OpenSDE Project
+[COPY] Copyright (C) 2006 - 2014 The OpenSDE Project
 [COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
 [COPY] Copyright (C) 1998 - 2003 Clifford Wolf
 [COPY]
@@ -35,7 +35,7 @@
 
 [L] OpenSource
 [S] Stable
-[V] 1.0.1e
+[V] 1.0.1f
 [P] X -?-3-5---9 104.600
 
-[D] 3167052773 openssl-1.0.1e.tar.gz http://openssl.org/source/
+[D] 1859348356 openssl-1.0.1f.tar.gz http://www.openssl.org/source/