[rpms/openssl] rebase_40beta: Merge branch 'f20' of ssh://pkgs.fedoraproject.org/openssl into f20

[Tomas Mraz <tmraz@fedoraproject.org>]

            A new commit has been pushed.

            Repo   : rpms/openssl
            Branch : rebase_40beta
            Commit : d907abae393bbbca528d050348f50b2b00040eb3
            Author : Tomas Mraz <tmraz@fedoraproject.org>
            Date   : 2013-09-13T15:33:34+02:00
            Stats  : +120/-37 in 2 file(s)
            URL    : https://src.fedoraproject.org/rpms/openssl/c/d907abae393bbbca528d050348f50b2b00040eb3?branch=rebase_40beta

            Log:
            Merge branch 'f20' of ssh://pkgs.fedoraproject.org/openssl into f20

Conflicts:
	openssl.spec

---
diff --git a/openssl-1.0.1e-manfix.patch b/openssl-1.0.1e-manfix.patch
index 05b0df7..4ba2abb 100644
--- a/openssl-1.0.1e-manfix.patch
+++ b/openssl-1.0.1e-manfix.patch
@@ -1,6 +1,6 @@
 diff -up openssl-1.0.1e/doc/apps/cms.pod.manfix openssl-1.0.1e/doc/apps/cms.pod
 --- openssl-1.0.1e/doc/apps/cms.pod.manfix	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/doc/apps/cms.pod	2013-08-16 16:02:17.542089270 +0200
++++ openssl-1.0.1e/doc/apps/cms.pod	2013-09-12 11:17:42.147092310 +0200
 @@ -450,28 +450,28 @@ remains DER.
  
  =over 4
@@ -38,7 +38,7 @@ diff -up openssl-1.0.1e/doc/apps/cms.pod.manfix openssl-1.0.1e/doc/apps/cms.pod
  the signers certificates.
 diff -up openssl-1.0.1e/doc/apps/ec.pod.manfix openssl-1.0.1e/doc/apps/ec.pod
 --- openssl-1.0.1e/doc/apps/ec.pod.manfix	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/doc/apps/ec.pod	2013-08-16 16:02:17.542089270 +0200
++++ openssl-1.0.1e/doc/apps/ec.pod	2013-09-12 11:17:42.147092310 +0200
 @@ -93,10 +93,6 @@ prints out the public, private key compo
  
  this option prevents output of the encoded version of the key.
@@ -52,7 +52,7 @@ diff -up openssl-1.0.1e/doc/apps/ec.pod.manfix openssl-1.0.1e/doc/apps/ec.pod
  by default a private key is read from the input file: with this option a
 diff -up openssl-1.0.1e/doc/apps/openssl.pod.manfix openssl-1.0.1e/doc/apps/openssl.pod
 --- openssl-1.0.1e/doc/apps/openssl.pod.manfix	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/doc/apps/openssl.pod	2013-08-16 16:02:17.542089270 +0200
++++ openssl-1.0.1e/doc/apps/openssl.pod	2013-09-12 11:17:42.148092331 +0200
 @@ -163,7 +163,7 @@ Create or examine a netscape certificate
  
  Online Certificate Status Protocol utility.
@@ -84,8 +84,8 @@ diff -up openssl-1.0.1e/doc/apps/openssl.pod.manfix openssl-1.0.1e/doc/apps/open
  L<s_server(1)|s_server(1)>, L<s_time(1)|s_time(1)>,
  L<smime(1)|smime(1)>, L<spkac(1)|spkac(1)>,
 diff -up openssl-1.0.1e/doc/apps/s_client.pod.manfix openssl-1.0.1e/doc/apps/s_client.pod
---- openssl-1.0.1e/doc/apps/s_client.pod.manfix	2013-08-16 16:02:17.434086891 +0200
-+++ openssl-1.0.1e/doc/apps/s_client.pod	2013-08-16 16:02:17.543089292 +0200
+--- openssl-1.0.1e/doc/apps/s_client.pod.manfix	2013-09-12 11:17:41.517078502 +0200
++++ openssl-1.0.1e/doc/apps/s_client.pod	2013-09-12 11:17:42.149092353 +0200
 @@ -32,9 +32,14 @@ B<openssl> B<s_client>
  [B<-ssl2>]
  [B<-ssl3>]
@@ -101,7 +101,15 @@ diff -up openssl-1.0.1e/doc/apps/s_client.pod.manfix openssl-1.0.1e/doc/apps/s_c
  [B<-bugs>]
  [B<-cipher cipherlist>]
  [B<-starttls protocol>]
-@@ -182,7 +187,7 @@ Use the PSK key B<key> when using a PSK
+@@ -44,6 +49,7 @@ B<openssl> B<s_client>
+ [B<-sess_out filename>]
+ [B<-sess_in filename>]
+ [B<-rand file(s)>]
++[B<-nextprotoneg protocols>]
+ 
+ =head1 DESCRIPTION
+ 
+@@ -182,7 +188,7 @@ Use the PSK key B<key> when using a PSK
  given as a hexadecimal number without leading 0x, for example -psk
  1a2b3c4d.
  
@@ -110,9 +118,27 @@ diff -up openssl-1.0.1e/doc/apps/s_client.pod.manfix openssl-1.0.1e/doc/apps/s_c
  
  these options disable the use of certain SSL or TLS protocols. By default
  the initial handshake uses a method which should be compatible with all
+@@ -243,6 +249,17 @@ Multiple files can be specified separate
+ The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+ all others.
+ 
++=item B<-nextprotoneg protocols>
++
++enable Next Protocol Negotiation TLS extension and provide a list of
++comma-separated protocol names that the client should advertise
++support for. The list should contain most wanted protocols first.
++Protocol names are printable ASCII strings, for example "http/1.1" or
++"spdy/3".
++Empty list of protocols is treated specially and will cause the client to
++advertise support for the TLS extension but disconnect just after
++reciving ServerHello with a list of server supported protocols.
++
+ =back
+ 
+ =head1 CONNECTED COMMANDS
 diff -up openssl-1.0.1e/doc/apps/smime.pod.manfix openssl-1.0.1e/doc/apps/smime.pod
 --- openssl-1.0.1e/doc/apps/smime.pod.manfix	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/doc/apps/smime.pod	2013-08-16 16:02:17.543089292 +0200
++++ openssl-1.0.1e/doc/apps/smime.pod	2013-09-12 11:17:42.150092375 +0200
 @@ -308,28 +308,28 @@ remains DER.
  
  =over 4
@@ -150,7 +176,7 @@ diff -up openssl-1.0.1e/doc/apps/smime.pod.manfix openssl-1.0.1e/doc/apps/smime.
  the signers certificates.
 diff -up openssl-1.0.1e/doc/apps/s_server.pod.manfix openssl-1.0.1e/doc/apps/s_server.pod
 --- openssl-1.0.1e/doc/apps/s_server.pod.manfix	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/doc/apps/s_server.pod	2013-08-16 16:03:56.711273036 +0200
++++ openssl-1.0.1e/doc/apps/s_server.pod	2013-09-12 11:17:42.150092375 +0200
 @@ -40,10 +40,16 @@ B<openssl> B<s_server>
  [B<-ssl2>]
  [B<-ssl3>]
@@ -168,7 +194,15 @@ diff -up openssl-1.0.1e/doc/apps/s_server.pod.manfix openssl-1.0.1e/doc/apps/s_s
  [B<-bugs>]
  [B<-hack>]
  [B<-www>]
-@@ -131,6 +137,10 @@ a static set of parameters hard coded in
+@@ -54,6 +60,7 @@ B<openssl> B<s_server>
+ [B<-no_ticket>]
+ [B<-id_prefix arg>]
+ [B<-rand file(s)>]
++[B<-nextprotoneg protocols>]
+ 
+ =head1 DESCRIPTION
+ 
+@@ -131,6 +138,10 @@ a static set of parameters hard coded in
  if this option is set then no DH parameters will be loaded effectively
  disabling the ephemeral DH cipher suites.
  
@@ -179,7 +213,7 @@ diff -up openssl-1.0.1e/doc/apps/s_server.pod.manfix openssl-1.0.1e/doc/apps/s_s
  =item B<-no_tmp_rsa>
  
  certain export cipher suites sometimes use a temporary RSA key, this option
-@@ -201,7 +211,7 @@ Use the PSK key B<key> when using a PSK
+@@ -201,7 +212,7 @@ Use the PSK key B<key> when using a PSK
  given as a hexadecimal number without leading 0x, for example -psk
  1a2b3c4d.
  
@@ -188,9 +222,48 @@ diff -up openssl-1.0.1e/doc/apps/s_server.pod.manfix openssl-1.0.1e/doc/apps/s_s
  
  these options disable the use of certain SSL or TLS protocols. By default
  the initial handshake uses a method which should be compatible with all
+@@ -276,6 +287,14 @@ Multiple files can be specified separate
+ The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+ all others.
+ 
++=item B<-nextprotoneg protocols>
++
++enable Next Protocol Negotiation TLS extension and provide a
++comma-separated list of supported protocol names.
++The list should contain most wanted protocols first.
++Protocol names are printable ASCII strings, for example "http/1.1" or
++"spdy/3".
++
+ =back
+ 
+ =head1 CONNECTED COMMANDS
+diff -up openssl-1.0.1e/doc/apps/verify.pod.manfix openssl-1.0.1e/doc/apps/verify.pod
+--- openssl-1.0.1e/doc/apps/verify.pod.manfix	2013-02-11 16:26:04.000000000 +0100
++++ openssl-1.0.1e/doc/apps/verify.pod	2013-09-12 11:25:13.994994992 +0200
+@@ -25,6 +25,7 @@ B<openssl> B<verify>
+ [B<-untrusted file>]
+ [B<-help>]
+ [B<-issuer_checks>]
++[B<-attime timestamp>]
+ [B<-verbose>]
+ [B<->]
+ [certificates]
+@@ -80,6 +81,12 @@ rejected. The presence of rejection mess
+ anything is wrong; during the normal verification process, several
+ rejections may take place.
+ 
++=item B<-attime timestamp>
++
++Perform validation checks using the time specified by B<timestamp> and not
++the current system time. B<timestamp> is the number of seconds since
++01.01.1970 (UNIX time).
++
+ =item B<-policy arg>
+ 
+ Enable policy processing and add B<arg> to the user-initial-policy-set (see
 diff -up openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix openssl-1.0.1e/doc/ssl/SSL_accept.pod
---- openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix	2013-08-16 16:02:17.534089094 +0200
-+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod	2013-08-16 16:02:17.544089314 +0200
+--- openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix	2013-09-12 11:17:42.129091915 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_accept.pod	2013-09-12 11:17:42.156092507 +0200
 @@ -44,13 +44,13 @@ The following return values can occur:
  
  =over 4
@@ -209,7 +282,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_accept.pod.manfix openssl-1.0.1e/doc/ssl/SSL
  established.
 diff -up openssl-1.0.1e/doc/ssl/SSL_clear.pod.manfix openssl-1.0.1e/doc/ssl/SSL_clear.pod
 --- openssl-1.0.1e/doc/ssl/SSL_clear.pod.manfix	2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod	2013-08-16 16:02:17.544089314 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_clear.pod	2013-09-12 11:17:42.158092551 +0200
 @@ -56,12 +56,12 @@ The following return values can occur:
  
  =over 4
@@ -226,8 +299,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_clear.pod.manfix openssl-1.0.1e/doc/ssl/SSL_
  The SSL_clear() operation was successful.
  
 diff -up openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
---- openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix	2013-08-16 16:02:17.486088037 +0200
-+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod	2013-08-16 16:02:17.544089314 +0200
+--- openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix	2013-09-12 11:17:42.049090162 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod	2013-09-12 11:17:42.159092573 +0200
 @@ -60,11 +60,11 @@ SSL_COMP_add_compression_method() may re
  
  =over 4
@@ -243,8 +316,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod.manfix opens
  The operation failed. Check the error queue to find out the reason.
  
 diff -up openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix openssl-1.0.1e/doc/ssl/SSL_connect.pod
---- openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix	2013-08-16 16:02:17.535089116 +0200
-+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod	2013-08-16 16:02:17.545089336 +0200
+--- openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix	2013-09-12 11:17:42.130091937 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_connect.pod	2013-09-12 11:17:42.161092616 +0200
 @@ -41,13 +41,13 @@ The following return values can occur:
  
  =over 4
@@ -263,7 +336,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_connect.pod.manfix openssl-1.0.1e/doc/ssl/SS
  established.
 diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
 --- openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod.manfix	2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod	2013-08-16 16:02:17.545089336 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod	2013-09-12 11:17:42.162092638 +0200
 @@ -52,13 +52,13 @@ The following values are returned by all
  
  =over 4
@@ -282,7 +355,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod.manfix openssl-1.0.1e/do
  
 diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
 --- openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod.manfix	2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod	2013-08-16 16:02:17.545089336 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod	2013-09-12 11:17:42.163092660 +0200
 @@ -100,13 +100,13 @@ The following return values can occur:
  
  =over 4
@@ -300,8 +373,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod.manfix openssl
  The operation succeeded.
  
 diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
---- openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix	2013-08-16 16:02:17.535089116 +0200
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod	2013-08-16 16:02:17.545089336 +0200
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix	2013-09-12 11:17:42.132091981 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod	2013-09-12 11:17:42.164092682 +0200
 @@ -66,13 +66,13 @@ values:
  
  =over 4
@@ -320,7 +393,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod.manfix openssl-1.
  
 diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
 --- openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod.manfix	2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod	2013-08-16 16:02:17.546089358 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod	2013-09-12 11:17:42.166092726 +0200
 @@ -64,13 +64,13 @@ return the following values:
  
  =over 4
@@ -339,7 +412,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod.manfix openss
  
 diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
 --- openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod.manfix	2013-02-11 16:26:04.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod	2013-08-16 16:02:17.546089358 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod	2013-09-12 11:17:42.167092748 +0200
 @@ -42,11 +42,11 @@ and SSL_set_ssl_method():
  
  =over 4
@@ -355,8 +428,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod.manfix openssl-1.0.1
  The operation succeeded.
  
 diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
---- openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix	2013-08-16 16:02:17.535089116 +0200
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod	2013-08-16 16:02:17.546089358 +0200
+--- openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix	2013-09-12 11:17:42.133092003 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod	2013-09-12 11:17:42.168092770 +0200
 @@ -96,7 +96,7 @@ data to B<psk> and return the length of
  connection will fail with decryption_error before it will be finished
  completely.
@@ -367,8 +440,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod.manfix openssl
  PSK identity was not found. An "unknown_psk_identity" alert message
  will be sent and the connection setup fails.
 diff -up openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
---- openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix	2013-08-16 16:02:17.536089138 +0200
-+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod	2013-08-16 16:02:17.546089358 +0200
+--- openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix	2013-09-12 11:17:42.135092047 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod	2013-09-12 11:17:42.170092814 +0200
 @@ -45,13 +45,13 @@ The following return values can occur:
  
  =over 4
@@ -387,7 +460,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod.manfix openssl-1.0.1e/doc/s
  established.
 diff -up openssl-1.0.1e/doc/ssl/SSL_read.pod.manfix openssl-1.0.1e/doc/ssl/SSL_read.pod
 --- openssl-1.0.1e/doc/ssl/SSL_read.pod.manfix	2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_read.pod	2013-08-16 16:02:17.547089380 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_read.pod	2013-09-12 11:17:42.171092836 +0200
 @@ -86,7 +86,7 @@ The following return values can occur:
  The read operation was successful; the return value is the number of
  bytes actually read from the TLS/SSL connection.
@@ -399,7 +472,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_read.pod.manfix openssl-1.0.1e/doc/ssl/SSL_r
  shutdown due to a "close notify" alert sent by the peer (in which case
 diff -up openssl-1.0.1e/doc/ssl/SSL_session_reused.pod.manfix openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
 --- openssl-1.0.1e/doc/ssl/SSL_session_reused.pod.manfix	2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod	2013-08-16 16:02:17.547089380 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod	2013-09-12 11:17:42.172092857 +0200
 @@ -27,11 +27,11 @@ The following return values can occur:
  
  =over 4
@@ -416,7 +489,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_session_reused.pod.manfix openssl-1.0.1e/doc
  
 diff -up openssl-1.0.1e/doc/ssl/SSL_set_fd.pod.manfix openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
 --- openssl-1.0.1e/doc/ssl/SSL_set_fd.pod.manfix	2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod	2013-08-16 16:02:17.547089380 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod	2013-09-12 11:17:42.174092901 +0200
 @@ -35,11 +35,11 @@ The following return values can occur:
  
  =over 4
@@ -433,7 +506,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_set_fd.pod.manfix openssl-1.0.1e/doc/ssl/SSL
  
 diff -up openssl-1.0.1e/doc/ssl/SSL_set_session.pod.manfix openssl-1.0.1e/doc/ssl/SSL_set_session.pod
 --- openssl-1.0.1e/doc/ssl/SSL_set_session.pod.manfix	2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod	2013-08-16 16:02:17.547089380 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod	2013-09-12 11:17:42.175092923 +0200
 @@ -37,11 +37,11 @@ The following return values can occur:
  
  =over 4
@@ -449,8 +522,8 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_set_session.pod.manfix openssl-1.0.1e/doc/ss
  The operation succeeded.
  
 diff -up openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
---- openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix	2013-08-16 16:02:17.536089138 +0200
-+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod	2013-08-16 16:02:17.548089402 +0200
+--- openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix	2013-09-12 11:17:42.137092090 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod	2013-09-12 11:17:42.177092967 +0200
 @@ -92,14 +92,14 @@ The following return values can occur:
  
  =over 4
@@ -470,7 +543,7 @@ diff -up openssl-1.0.1e/doc/ssl/SSL_shutdown.pod.manfix openssl-1.0.1e/doc/ssl/S
  and the peer's "close notify" alert was received.
 diff -up openssl-1.0.1e/doc/ssl/SSL_write.pod.manfix openssl-1.0.1e/doc/ssl/SSL_write.pod
 --- openssl-1.0.1e/doc/ssl/SSL_write.pod.manfix	2013-02-11 16:02:48.000000000 +0100
-+++ openssl-1.0.1e/doc/ssl/SSL_write.pod	2013-08-16 16:02:17.548089402 +0200
++++ openssl-1.0.1e/doc/ssl/SSL_write.pod	2013-09-12 11:17:42.177092967 +0200
 @@ -79,7 +79,7 @@ The following return values can occur:
  The write operation was successful, the return value is the number of
  bytes actually written to the TLS/SSL connection.

diff --git a/openssl.spec b/openssl.spec
index bb264ab..6f5c1a4 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -21,7 +21,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 20%{?dist}
+Release: 22%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -99,6 +99,8 @@ Group: System Environment/Libraries
 Requires: ca-certificates >= 2008-5
 # Needed obsoletes due to the base/lib subpackage split
 Obsoletes: openssl < 1:1.0.1-0.3.beta3
+# Needed for proper transaction ordering if openssl-fips is installed
+OrderWithRequires(pre): openssl-fips
 
 %description libs
 OpenSSL is a toolkit for supporting cryptography. The openssl-libs
@@ -466,14 +468,22 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 
 %postun libs -p /sbin/ldconfig
 
-%post fips
+%pre fips
+# Must use pre to avoid some possible races
 prelink -u %{_libdir}/libcrypto.so.%{version} %{_libdir}/libssl.so.%{version} 2>/dev/null || :
 
 %changelog
-* Tue Sep 10 2013 Kyle McMartin <kyle@redhat.com> 1.0.1e-20
+* Thu Sep 12 2013 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-22
+- document the nextprotoneg option in manual pages
+  original patch by Hubert Kario
+
+* Tue Sep 10 2013 Kyle McMartin <kyle@redhat.com> 1.0.1e-21
 - [arm] use elf auxv to figure out armcap.c instead of playing silly
   games with SIGILL handlers. (#1006474)
 
+* Wed Sep  4 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-20
+- try to avoid some races when updating the -fips subpackage
+
 * Mon Sep  2 2013 Tomas Mraz <tmraz@redhat.com> 1.0.1e-19
 - use version-release in .hmac suffix to avoid overwrite
   during upgrade