Reviewed-by: Richard Levitte <levitte@openssl.org>

Update the CHANGES and NEWS files for the new release.

Reviewed-by: Rich Salz <rsalz@openssl.org>

Change the "reuse" behaviour in ASN1_item_d2i: if successful the old
structure is freed and a pointer to the new one used. If it is not
successful then the passed structure is untouched.

Exception made for primitive types so ssl_asn1.c still works.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>

Conflicts:
	doc/crypto/d2i_X509.pod

When parsing a combined structure pass a flag to the decode routine
so on error a pointer to the parent structure is not zeroed as
this will leak any additional components in the parent.

This can leak memory in any application parsing PKCS#7 or CMS structures.

CVE-2015-3195.

Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
libFuzzer.

PR#4131

Reviewed-by: Richard Levitte <levitte@openssl.org>

The feature_test_macros(7) manual tells us that _BSD_SOURCE is
deprecated since glibc 2.20 and that the compiler will warn about it
being used, unless _DEFAULT_SOURCE is defined as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit f9fd3524)

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 63eb10a0)

Thanks to Guido Vranken <guidovranken@gmail.com> for reporting this issue.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 158e5207)

Conflicts:
	crypto/asn1/asn1_par.c

PR#4079

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit c69ce935)

Conflicts:
	crypto/evp/e_des3.c

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit e58c4d3c)

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 6f997dc3)

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 1d4ddb4e)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit 68d53e4f)

For all release branches.  It adds travis build support. If you don't
have a config file it uses the default (because we enabled travis for the
project), which uses ruby/rake/rakefiles, and you get confusing "build
still failing" messages.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(cherry picked from commit db9defdf)

In master we have the function OPENSSL_clear_free(x,y), which immediately
returns if x == NULL. In <=1.0.2 this function does not exist so we have to
do:
OPENSSL_cleanse(x, y);
OPENSSL_free(x);

However, previously, OPENSSL_cleanse did not check that if x == NULL, so
the real equivalent check would have to be:
if (x != NULL)
    OPENSSL_cleanse(x, y);
OPENSSL_free(x);

It would be easy to get this wrong during cherry-picking to other branches
and therefore, for safety, it is best to just ensure OPENSSL_cleanse also
checks for NULL.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 020d8fc8)

PR#4035

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Stephen Henson <steve@openssl.org>
(cherry picked from commit 929f6d6f)

If the field separator isn't specified through -nameopt then use
XN_FLAG_SEP_CPLUS_SPC instead of printing nothing and returing an error.

PR#2397

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 03706afa)

Builds using no-tlsext in 1.0.0 and 0.9.8 are broken. This commit fixes the
issue. The same commit is applied to 1.0.1 and 1.0.2 branches for code
consistency. However this commit will not fix no-tlsext in those branches
which have always been broken for other reasons. The commit is not applied
to master at all, because no-tlsext has been completely removed from that
branch.

Based on a patch by Marc Branchaud <marcnarc@xiplink.com>

Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit 9a931208)

Conflicts:
	ssl/ssl_sess.c

Because we recently encourage people to have a .dir-locals.el, it's a good
idea to ignore it on a git level.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d7c02691)

Apparently, emacs sees changes to auto-fill-mode as insecure

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 6dc08048)

This file, when copied to .dir-locals.el in the OpenSSL source top,
will make sure that the CC mode style "OpenSSL-II" will be used for
all C files.

Additionally, I makes sure that tabs are never used as indentation
character, regardless of the emacs mode, and that the fill column is
78.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 0927f0d8)

This hopefully conforms closely enough to the current code style.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit d9b3554b)

Best hope of keeping current.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 4f46473a)

Reviewed-by: Richard Levitte <levitte@openssl.org>
(cherry picked from commit e36ce2d9)

From a CloudFlare patch.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 1a586b39)

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit fa4629b6)

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 932af161)

Fixes GH#330

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit eeb97bce)

Conflicts:
	apps/Makefile

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit da24e6f8)

Instead of piping through tardy, and possibly suffering from bugs in certain
versions, use --transform, --owner and --group directly with GNU tar (we
already expect that tar variant).

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 27f98436)

Conflicts:
	Makefile.org

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 2a7059c5)

Reviewed-by: Rich Salz <rsalz@openssl.org>
(cherry picked from commit 5727582c)

Conflicts:
	doc/crypto/X509_NAME_get_index_by_NID.pod

The PSK identity hint should be stored in the SSL_SESSION structure
and not in the parent context (which will overwrite values used
by other SSL structures with the same SSL_CTX).

Use BUF_strndup when copying identity as it may not be null terminated.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit 3c66a669)

PR#3923

Reviewed-by: Tim Hudson <tjh@openssl.org>
(cherry picked from commit ffbf304d)

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit b4f0d1a4)

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(cherry picked from commit 30cf9178)

Reviewed-by: Stephen Henson <steve@openssl.org>

Reviewed-by: Stephen Henson <steve@openssl.org>

Updates to CHANGES and NEWS to take account of the latest security fixes.

Reviewed-by: Rich Salz <rsalz@openssl.org>

CVE-2015-1790

Reviewed-by: Rich Salz <rsalz@openssl.org>

Also tighten X509_cmp_time to reject more than three fractional
seconds in the time; and to reject trailing garbage after the offset.

CVE-2015-1789

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>